X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=postlicyd%2Frbl.c;h=a84f73ef905d0ca044ba99ca68ed461b2694543b;hb=a3eac0731ffb3a31b57f9feed0256678f187f2a1;hp=748d40a1d5ae970da52a58ee3281f7803d0c54a0;hpb=52179a67b5e09f3f767789abd7857ae17d5f15c2;p=apps%2Fpfixtools.git

diff --git a/postlicyd/rbl.c b/postlicyd/rbl.c
index 748d40a..a84f73e 100644
--- a/postlicyd/rbl.c
+++ b/postlicyd/rbl.c
@@ -62,7 +62,6 @@ enum {
 
 struct rbldb_t {
     A(uint32_t) ips;
-    bool        locked;
 };
 ARRAY(rbldb_t)
 
@@ -134,8 +133,8 @@ rbldb_t *rbldb_create(const char *file, bool lock)
         --end;
     }
     if (end != map.end) {
-        syslog(LOG_WARNING, "file %s miss a final \\n, ignoring last line",
-               file);
+        warn("file %s miss a final \\n, ignoring last line",
+             file);
     }
 
     db = p_new(rbldb_t, 1);
@@ -156,8 +155,7 @@ rbldb_t *rbldb_create(const char *file, bool lock)
     /* Lookup may perform serveral I/O, so avoid swap.
      */
     array_adjust(db->ips);
-    db->locked = lock && array_lock(db->ips);
-    if (lock && !db->locked) {
+    if (lock && !array_lock(db->ips)) {
         UNIXERR("mlock");
     }
 
@@ -169,15 +167,12 @@ rbldb_t *rbldb_create(const char *file, bool lock)
 #       include "qsort.c"
     }
 
-    syslog(LOG_INFO, "rbl %s loaded, %d IPs", file, db->ips.len);
+    info("rbl %s loaded, %d IPs", file, db->ips.len);
     return db;
 }
 
 static void rbldb_wipe(rbldb_t *db)
 {
-    if (db->locked) {
-      array_unlock(db->ips);
-    }
     array_wipe(db->ips);
 }
 
@@ -221,6 +216,9 @@ bool rbldb_ipv4_lookup(const rbldb_t *db, uint32_t ip)
 typedef struct rbl_filter_t {
     PA(rbldb_t) rbls;
     A(int)      weights;
+    A(char)     hosts;
+    A(int)      host_offsets;
+    A(int)      host_weights;
 
     int32_t     hard_threshold;
     int32_t     soft_threshold;
@@ -236,6 +234,9 @@ static void rbl_filter_delete(rbl_filter_t **rbl)
     if (*rbl) {
         array_deep_wipe((*rbl)->rbls, rbldb_delete);
         array_wipe((*rbl)->weights);
+        array_wipe((*rbl)->hosts);
+        array_wipe((*rbl)->host_offsets);
+        array_wipe((*rbl)->host_weights);
         p_delete(rbl);
     }
 }
@@ -247,7 +248,7 @@ static bool rbl_filter_constructor(filter_t *filter)
 
 #define PARSE_CHECK(Expr, Str, ...)                                            \
     if (!(Expr)) {                                                             \
-        syslog(LOG_ERR, Str, ##__VA_ARGS__);                                   \
+        err(Str, ##__VA_ARGS__);                                               \
         rbl_filter_delete(&data);                                              \
         return false;                                                          \
     }
@@ -305,8 +306,43 @@ static bool rbl_filter_constructor(filter_t *filter)
                     array_add(data->weights, weight);
                     break;
                 }
-                current = p + 1;
-                p = m_strchrnul(current, ':');
+                if (i != 2) {
+                    current = p + 1;
+                    p = m_strchrnul(current, ':');
+                }
+            }
+          } break;
+
+          /* host parameter.
+           *  weight:hostname.
+           * define a RBL to use through DNS resolution.
+           */
+          case ATK_HOST: {
+            int  weight = 0;
+            const char *current = param->value;
+            const char *p = m_strchrnul(param->value, ':');
+            char *next = NULL;
+            for (int i = 0 ; i < 2 ; ++i) {
+                PARSE_CHECK(i == 1 || *p,
+                            "host parameter must contains a weight option");
+                switch (i) {
+                  case 0:
+                    weight = strtol(current, &next, 10);
+                    PARSE_CHECK(next == p && weight >= 0 && weight <= 1024,
+                                "illegal weight value %.*s",
+                                (p - current), current);
+                    break;
+
+                  case 1:
+                    array_add(data->host_offsets, array_len(data->hosts));
+                    array_append(data->hosts, current, strlen(current) + 1);
+                    array_add(data->host_weights, weight);
+                    break;
+                }
+                if (i != 1) {
+                    current = p + 1;
+                    p = m_strchrnul(current, ':');
+                }
             }
           } break;
 
@@ -351,15 +387,18 @@ static filter_result_t rbl_filter(const filter_t *filter, const query_t *query)
     const rbl_filter_t *data = filter->data;
 
     if (parse_ipv4(query->client_address, &end, &ip) != 0) {
-        syslog(LOG_WARNING, "invalid client address: %s, expected ipv4",
-               query->client_address);
+        warn("invalid client address: %s, expected ipv4",
+             query->client_address);
         return HTK_ERROR;
     }
-    for (int i = 0 ; i < data->rbls.len ; ++i) {
+    for (uint32_t i = 0 ; i < data->rbls.len ; ++i) {
         const rbldb_t *rbl = array_elt(data->rbls, i);
         int weight   = array_elt(data->weights, i);
         if (rbldb_ipv4_lookup(rbl, ip)) {
             sum += weight;
+            if (sum >= data->hard_threshold) {
+                return HTK_HARD_MATCH;
+            }
         }
     }
     if (sum >= data->hard_threshold) {
@@ -386,6 +425,7 @@ static int rbl_init(void)
     /* Parameters.
      */
     (void)filter_param_register(type, "file");
+    (void)filter_param_register(type, "host");
     (void)filter_param_register(type, "hard_threshold");
     (void)filter_param_register(type, "soft_threshold");
     return 0;