projects
/
apps
/
pfixtools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Oops, I forgot to ship those files.
[apps/pfixtools.git]
/
postlicyd
/
rbl.c
diff --git
a/postlicyd/rbl.c
b/postlicyd/rbl.c
index
3651563
..
b3d7d45
100644
(file)
--- a/
postlicyd/rbl.c
+++ b/
postlicyd/rbl.c
@@
-62,7
+62,6
@@
enum {
struct rbldb_t {
A(uint32_t) ips;
struct rbldb_t {
A(uint32_t) ips;
- bool locked;
};
ARRAY(rbldb_t)
};
ARRAY(rbldb_t)
@@
-134,8
+133,8
@@
rbldb_t *rbldb_create(const char *file, bool lock)
--end;
}
if (end != map.end) {
--end;
}
if (end != map.end) {
-
syslog(LOG_WARNING,
"file %s miss a final \\n, ignoring last line",
-
file);
+
warn(
"file %s miss a final \\n, ignoring last line",
+ file);
}
db = p_new(rbldb_t, 1);
}
db = p_new(rbldb_t, 1);
@@
-156,8
+155,7
@@
rbldb_t *rbldb_create(const char *file, bool lock)
/* Lookup may perform serveral I/O, so avoid swap.
*/
array_adjust(db->ips);
/* Lookup may perform serveral I/O, so avoid swap.
*/
array_adjust(db->ips);
- db->locked = lock && array_lock(db->ips);
- if (lock && !db->locked) {
+ if (lock && !array_lock(db->ips)) {
UNIXERR("mlock");
}
UNIXERR("mlock");
}
@@
-169,15
+167,12
@@
rbldb_t *rbldb_create(const char *file, bool lock)
# include "qsort.c"
}
# include "qsort.c"
}
-
syslog(LOG_INFO,
"rbl %s loaded, %d IPs", file, db->ips.len);
+
info(
"rbl %s loaded, %d IPs", file, db->ips.len);
return db;
}
static void rbldb_wipe(rbldb_t *db)
{
return db;
}
static void rbldb_wipe(rbldb_t *db)
{
- if (db->locked) {
- array_unlock(db->ips);
- }
array_wipe(db->ips);
}
array_wipe(db->ips);
}
@@
-247,11
+242,13
@@
static bool rbl_filter_constructor(filter_t *filter)
#define PARSE_CHECK(Expr, Str, ...) \
if (!(Expr)) { \
#define PARSE_CHECK(Expr, Str, ...) \
if (!(Expr)) { \
-
syslog(LOG_ERR, Str, ##__VA_ARGS__);
\
+
err(Str, ##__VA_ARGS__);
\
rbl_filter_delete(&data); \
return false; \
}
rbl_filter_delete(&data); \
return false; \
}
+ data->hard_threshold = 1;
+ data->soft_threshold = 1;
foreach (filter_param_t *param, filter->params) {
switch (param->type) {
/* file parameter is:
foreach (filter_param_t *param, filter->params) {
switch (param->type) {
/* file parameter is:
@@
-303,34
+300,28
@@
static bool rbl_filter_constructor(filter_t *filter)
array_add(data->weights, weight);
break;
}
array_add(data->weights, weight);
break;
}
- current = p + 1;
- p = m_strchrnul(current, ':');
+ if (i != 2) {
+ current = p + 1;
+ p = m_strchrnul(current, ':');
+ }
}
} break;
/* hard_threshold parameter is an integer.
}
} break;
/* hard_threshold parameter is an integer.
- * If the matching score is greater than this threshold,
+ * If the matching score is greater
or equal
than this threshold,
* the hook "hard_match" is called.
* the hook "hard_match" is called.
- * hard_threshold =
0
means, that all matches are hard matches.
- * default is
0
;
+ * hard_threshold =
1
means, that all matches are hard matches.
+ * default is
1
;
*/
*/
- case ATK_HARD_THRESHOLD: {
- char *next;
- data->hard_threshold = strtol(param->value, &next, 10);
- PARSE_CHECK(*next, "invalid threshold value %s", param->value);
- } break;
+ FILTER_PARAM_PARSE_INT(HARD_THRESHOLD, data->hard_threshold);
/* soft_threshold parameter is an integer.
/* soft_threshold parameter is an integer.
- * if the matching score is greater than this threshold
+ * if the matching score is greater
or equal
than this threshold
* and smaller or equal than the hard_threshold, the hook "soft_match"
* is called.
* and smaller or equal than the hard_threshold, the hook "soft_match"
* is called.
- * default is
0
;
+ * default is
1
;
*/
*/
- case ATK_SOFT_THRESHOLD: {
- char *next;
- data->soft_threshold = strtol(param->value, &next, 10);
- PARSE_CHECK(*next, "invalid threshold value %s", param->value);
- } break;
+ FILTER_PARAM_PARSE_INT(SOFT_THRESHOLD, data->soft_threshold);
default: break;
}
default: break;
}
@@
-357,20
+348,20
@@
static filter_result_t rbl_filter(const filter_t *filter, const query_t *query)
const rbl_filter_t *data = filter->data;
if (parse_ipv4(query->client_address, &end, &ip) != 0) {
const rbl_filter_t *data = filter->data;
if (parse_ipv4(query->client_address, &end, &ip) != 0) {
-
syslog(LOG_WARNING,
"invalid client address: %s, expected ipv4",
-
query->client_address);
+
warn(
"invalid client address: %s, expected ipv4",
+ query->client_address);
return HTK_ERROR;
}
return HTK_ERROR;
}
- for (
in
t i = 0 ; i < data->rbls.len ; ++i) {
+ for (
uint32_
t i = 0 ; i < data->rbls.len ; ++i) {
const rbldb_t *rbl = array_elt(data->rbls, i);
int weight = array_elt(data->weights, i);
if (rbldb_ipv4_lookup(rbl, ip)) {
sum += weight;
}
}
const rbldb_t *rbl = array_elt(data->rbls, i);
int weight = array_elt(data->weights, i);
if (rbldb_ipv4_lookup(rbl, ip)) {
sum += weight;
}
}
- if (sum > data->hard_threshold) {
+ if (sum >
=
data->hard_threshold) {
return HTK_HARD_MATCH;
return HTK_HARD_MATCH;
- } else if (sum > data->soft_threshold) {
+ } else if (sum >
=
data->soft_threshold) {
return HTK_SOFT_MATCH;
} else {
return HTK_FAIL;
return HTK_SOFT_MATCH;
} else {
return HTK_FAIL;
@@
-379,10
+370,11
@@
static filter_result_t rbl_filter(const filter_t *filter, const query_t *query)
static int rbl_init(void)
{
static int rbl_init(void)
{
- filter_type_t type = filter_register("
rbl
", rbl_filter_constructor,
+ filter_type_t type = filter_register("
iplist
", rbl_filter_constructor,
rbl_filter_destructor, rbl_filter);
/* Hooks.
*/
rbl_filter_destructor, rbl_filter);
/* Hooks.
*/
+ (void)filter_hook_register(type, "abort");
(void)filter_hook_register(type, "error");
(void)filter_hook_register(type, "fail");
(void)filter_hook_register(type, "hard_match");
(void)filter_hook_register(type, "error");
(void)filter_hook_register(type, "fail");
(void)filter_hook_register(type, "hard_match");