Working policy daemon.

Add support for the stress parameter of postfix 2.5+.
Can mlock rbl data.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>

diff --git a/main-postlicyd.c b/main-postlicyd.c
index 0431b95..a1444ec 100644 (file)
--- a/main-postlicyd.c
+++ b/main-postlicyd.c
@@ -84,7 +84,7 @@ typedef struct query_t {
     const char *size;
     const char *ccert_subject;
     const char *ccert_issuer;
-    const char *ccsert_fingerprint;
+    const char *ccert_fingerprint;
 
     /* postfix 2.3+ */
     const char *encryption_protocol;
@@ -92,6 +92,9 @@ typedef struct query_t {
     const char *encryption_keysize;
     const char *etrn_domain;
 
+    /* postfix 2.5+ */
+    const char *stress;
+
     const char *eoq;
 } query_t;
 
@@ -159,11 +162,12 @@ static int postfix_parsejob(query_t *query, char *p)
             CASE(SIZE,                size);
             CASE(CCERT_SUBJECT,       ccert_subject);
             CASE(CCERT_ISSUER,        ccert_issuer);
-            CASE(CCSERT_FINGERPRINT,  ccsert_fingerprint);
+            CASE(CCERT_FINGERPRINT,   ccert_fingerprint);
             CASE(ENCRYPTION_PROTOCOL, encryption_protocol);
             CASE(ENCRYPTION_CIPHER,   encryption_cipher);
             CASE(ENCRYPTION_KEYSIZE,  encryption_keysize);
             CASE(ETRN_DOMAIN,         etrn_domain);
+            CASE(STRESS,              stress);
 #undef CASE
 
           case PTK_REQUEST:
@@ -211,6 +215,7 @@ static void policy_answer(server_t *pcy, const char *fmt, ...)
 {
     va_list args;
     va_start(args, fmt);
+    buffer_addstr(&pcy->obuf, "action=");
     buffer_addvf(&pcy->obuf, fmt, args);
     va_end(args);
     buffer_addstr(&pcy->obuf, "\n\n");

diff --git a/rbl.c b/rbl.c
index 71f1d85..3f98ee9 100644 (file)
--- a/rbl.c
+++ b/rbl.c
@@ -60,6 +60,7 @@ enum {
 struct rbldb_t {
     uint32_t len, size;
     uint32_t *ips;
+    bool     locked;
 };
 
 static int get_o(const char *s, const char **out)
@@ -114,7 +115,7 @@ static int parse_ipv4(const char *s, const char **out, uint32_t *ip)
     return 0;
 }
 
-rbldb_t *rbldb_create(const char *file)
+rbldb_t *rbldb_create(const char *file, bool lock)
 {
     rbldb_t *db;
     const char *map, *p, *end;
@@ -169,6 +170,10 @@ rbldb_t *rbldb_create(const char *file)
     }
     munmap((void*)map, st.st_size);
 
+    /* Lookup may perform serveral I/O, so avoid swap.
+     */
+    db->locked = lock && mlock(db->ips, db->len * sizeof(*(db->ips))) == 0;
+
     if (db->len) {
 #       define QSORT_TYPE uint32_t
 #       define QSORT_BASE db->ips
@@ -184,6 +189,9 @@ rbldb_t *rbldb_create(const char *file)
 void rbldb_delete(rbldb_t **db)
 {
     if (*db) {
+        if ((*db)->locked) {
+            (void)munlock((*db)->ips, (*db)->len * sizeof(*(*db)->ips));
+        }
         p_delete(&(*db)->ips);
         p_delete(&(*db));
     }

diff --git a/rbl.h b/rbl.h
index af342e4..e87025e 100644 (file)
--- a/rbl.h
+++ b/rbl.h
@@ -38,7 +38,7 @@
 
 typedef struct rbldb_t rbldb_t;
 
-rbldb_t *rbldb_create(const char *file);
+rbldb_t *rbldb_create(const char *file, bool lock);
 void rbldb_delete(rbldb_t **);
 
 uint32_t rbldb_stats(rbldb_t *rbl);

diff --git a/tokens.sh b/tokens.sh
index 65376ea..4e1abb3 100755 (executable)
--- a/tokens.sh
+++ b/tokens.sh
@@ -143,7 +143,7 @@ exit 0
 ## size
 ## ccert_subject
 ## ccert_issuer
-## ccsert_fingerprint
+## ccert_fingerprint
 #
 # postfix 2.3+
 ## encryption_protocol
@@ -151,6 +151,9 @@ exit 0
 ## encryption_keysize
 ## etrn_domain
 #
+# postfix 2.5+
+## stress
+#
 # request value
 ## smtpd_access_policy
 #

diff --git a/tst-rbl.c b/tst-rbl.c
index c208630..3087560 100644 (file)
--- a/tst-rbl.c
+++ b/tst-rbl.c
@@ -43,7 +43,7 @@
 int main(int argc, char *argv[])
 {
     if (argc > 1) {
-        rbldb_t *db = rbldb_create(argv[1]);
+        rbldb_t *db = rbldb_create(argv[1], false);
         printf("loaded: %s, %d ips, %d o\n", argv[1], rbldb_stats(db),
                rbldb_stats(db) * 4);
         rbldb_delete(&db);