1 /******************************************************************************/
2 /* pfixtools: a collection of postfix related tools */
4 /* ________________________________________________________________________ */
6 /* Redistribution and use in source and binary forms, with or without */
7 /* modification, are permitted provided that the following conditions */
10 /* 1. Redistributions of source code must retain the above copyright */
11 /* notice, this list of conditions and the following disclaimer. */
12 /* 2. Redistributions in binary form must reproduce the above copyright */
13 /* notice, this list of conditions and the following disclaimer in the */
14 /* documentation and/or other materials provided with the distribution. */
15 /* 3. The names of its contributors may not be used to endorse or promote */
16 /* products derived from this software without specific prior written */
19 /* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND ANY EXPRESS */
20 /* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED */
21 /* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
22 /* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY */
23 /* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL */
24 /* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS */
25 /* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) */
26 /* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, */
27 /* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN */
28 /* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE */
29 /* POSSIBILITY OF SUCH DAMAGE. */
31 /* Copyright (c) 2006-2008 the Authors */
32 /* see AUTHORS and source files for details */
33 /******************************************************************************/
36 * Copyright © 2007 Pierre Habouzit
37 * Copyright © 2008 Florent Bruneau
40 #include <arpa/inet.h>
41 #include <netinet/in.h>
49 #include "resources.h"
53 #define IPv4_PREFIX(ip) ((uint32_t)(ip) >> IPv4_BITS)
54 #define IPv4_SUFFIX(ip) ((uint32_t)(ip) & ((1 << IPv4_BITS) - 1))
55 #define NODE(db, i) ((db)->tree + (i))
74 typedef struct rbldb_resource_t {
77 A(uint16_t) ips[1 << 16];
80 static void rbldb_resource_wipe(rbldb_resource_t *res)
82 for (int i = 0 ; i < 1 << 16 ; ++i) {
83 array_wipe(res->ips[i]);
88 static int get_o(const char *s, const char **out)
92 if (*s < '0' || *s > '9')
96 if (*s < '0' || *s > '9')
99 res = res * 10 + *s++ - '0';
100 if (*s < '0' || *s > '9')
103 res = res * 10 + *s++ - '0';
104 if (!(*s < '0' || *s > '9') || res < 100)
112 static int parse_ipv4(const char *s, const char **out, uint32_t *ip)
117 if ((o & ~0xff) || *s++ != '.')
122 if ((o & ~0xff) || *s++ != '.')
127 if ((o & ~0xff) || *s++ != '.')
140 rbldb_t *rbldb_create(const char *file, bool lock)
146 time_t now = time(0);
148 if (!file_map_open(&map, file, false)) {
152 rbldb_resource_t *res = resource_get("iplist", file);
154 res = p_new(rbldb_resource_t, 1);
155 resource_set("iplist", file, res, (resource_destructor_t)rbldb_resource_wipe);
158 db = p_new(rbldb_t, 1);
159 db->filename = m_strdup(file);
161 if (map.st.st_size == res->size && map.st.st_mtime == res->mtime) {
162 info("%s loaded: already up-to-date", file);
163 file_map_close(&map);
166 res->size = map.st.st_size;
167 res->mtime = map.st.st_mtime;
171 while (end > p && end[-1] != '\n') {
174 if (end != map.end) {
175 warn("%s: final \\n missing, ignoring last line", file);
181 while (*p == ' ' || *p == '\t' || *p == '\r')
184 if (parse_ipv4(p, &p, &ip) < 0) {
185 p = (char *)memchr(p, '\n', end - p) + 1;
187 array_add(res->ips[ip >> 16], ip & 0xffff);
191 file_map_close(&map);
193 /* Lookup may perform serveral I/O, so avoid swap.
195 for (int i = 0 ; i < 1 << 16 ; ++i) {
196 array_adjust(res->ips[i]);
197 if (lock && !array_lock(res->ips[i])) {
200 if (res->ips[i].len) {
201 # define QSORT_TYPE uint16_t
202 # define QSORT_BASE res->ips[i].data
203 # define QSORT_NELT res->ips[i].len
204 # define QSORT_LT(a,b) *a < *b
209 info("%s loaded: done in %us, %u IPs", file, (uint32_t)(time(0) - now), ips);
213 static void rbldb_wipe(rbldb_t *db)
215 resource_release("iplist", db->filename);
216 p_delete(&db->filename);
220 void rbldb_delete(rbldb_t **db)
228 uint32_t rbldb_stats(const rbldb_t *rbl)
231 for (int i = 0 ; i < 1 << 16 ; ++i) {
232 ips += array_len(rbl->ips[i]);
237 bool rbldb_ipv4_lookup(const rbldb_t *db, uint32_t ip)
239 const uint16_t hip = ip >> 16;
240 const uint16_t lip = ip & 0xffff;
241 int l = 0, r = db->ips[hip].len;
246 if (array_elt(db->ips[hip], i) == lip)
249 if (lip < array_elt(db->ips[hip], i)) {
259 /* postlicyd filter declaration */
263 typedef struct iplist_filter_t {
270 int32_t hard_threshold;
271 int32_t soft_threshold;
274 typedef struct iplist_async_data_t {
275 A(rbl_result_t) results;
279 } iplist_async_data_t;
281 static filter_type_t filter_type = FTK_UNKNOWN;
283 static iplist_filter_t *iplist_filter_new(void)
285 return p_new(iplist_filter_t, 1);
288 static void iplist_filter_delete(iplist_filter_t **rbl)
291 array_deep_wipe((*rbl)->rbls, rbldb_delete);
292 array_wipe((*rbl)->weights);
293 array_wipe((*rbl)->hosts);
294 array_wipe((*rbl)->host_offsets);
295 array_wipe((*rbl)->host_weights);
301 static bool iplist_filter_constructor(filter_t *filter)
303 iplist_filter_t *data = iplist_filter_new();
305 #define PARSE_CHECK(Expr, Str, ...) \
307 err(Str, ##__VA_ARGS__); \
308 iplist_filter_delete(&data); \
312 data->hard_threshold = 1;
313 data->soft_threshold = 1;
314 foreach (filter_param_t *param, filter->params) {
315 switch (param->type) {
316 /* file parameter is:
317 * [no]lock:weight:filename
319 * - lock: memlock the database in memory.
320 * - nolock: don't memlock the database in memory [default].
321 * - \d+: a number describing the weight to give to the match
322 * the given list [mandatory]
323 * the file pointed by filename MUST be a valid ip list issued from
324 * the rsync (or equivalent) service of a (r)bl.
326 case ATK_FILE: case ATK_RBLDNS: {
330 const char *current = param->value;
331 const char *p = m_strchrnul(param->value, ':');
333 for (int i = 0 ; i < 3 ; ++i) {
334 PARSE_CHECK(i == 2 || *p,
335 "file parameter must contains a locking state "
336 "and a weight option");
339 if ((p - current) == 4 && strncmp(current, "lock", 4) == 0) {
341 } else if ((p - current) == 6
342 && strncmp(current, "nolock", 6) == 0) {
345 PARSE_CHECK(false, "illegal locking state %.*s",
346 (int)(p - current), current);
351 weight = strtol(current, &next, 10);
352 PARSE_CHECK(next == p && weight >= 0 && weight <= 1024,
353 "illegal weight value %.*s",
354 (int)(p - current), current);
358 rbl = rbldb_create(current, lock);
359 PARSE_CHECK(rbl != NULL,
360 "cannot load rbl db from %s", current);
361 array_add(data->rbls, rbl);
362 array_add(data->weights, weight);
367 p = m_strchrnul(current, ':');
374 * define a RBL to use through DNS resolution.
378 const char *current = param->value;
379 const char *p = m_strchrnul(param->value, ':');
381 for (int i = 0 ; i < 2 ; ++i) {
382 PARSE_CHECK(i == 1 || *p,
383 "host parameter must contains a weight option");
386 weight = strtol(current, &next, 10);
387 PARSE_CHECK(next == p && weight >= 0 && weight <= 1024,
388 "illegal weight value %.*s",
389 (int)(p - current), current);
393 array_add(data->host_offsets, array_len(data->hosts));
394 array_append(data->hosts, current, strlen(current) + 1);
395 array_add(data->host_weights, weight);
400 p = m_strchrnul(current, ':');
405 /* hard_threshold parameter is an integer.
406 * If the matching score is greater or equal than this threshold,
407 * the hook "hard_match" is called.
408 * hard_threshold = 1 means, that all matches are hard matches.
411 FILTER_PARAM_PARSE_INT(HARD_THRESHOLD, data->hard_threshold);
413 /* soft_threshold parameter is an integer.
414 * if the matching score is greater or equal than this threshold
415 * and smaller or equal than the hard_threshold, the hook "soft_match"
419 FILTER_PARAM_PARSE_INT(SOFT_THRESHOLD, data->soft_threshold);
425 PARSE_CHECK(data->rbls.len || data->host_offsets.len,
426 "no file parameter in the filter %s", filter->name);
431 static void iplist_filter_destructor(filter_t *filter)
433 iplist_filter_t *data = filter->data;
434 iplist_filter_delete(&data);
438 static void iplist_filter_async(rbl_result_t *result, void *arg)
440 filter_context_t *context = arg;
441 const filter_t *filter = context->current_filter;
442 const iplist_filter_t *data = filter->data;
443 iplist_async_data_t *async = context->contexts[filter_type];
446 if (*result != RBL_ERROR) {
447 async->error = false;
451 debug("got asynchronous request result for filter %s, rbl %d, still awaiting %d answers",
452 filter->name, (int)(result - array_ptr(async->results, 0)), async->awaited);
454 if (async->awaited == 0) {
455 filter_result_t res = HTK_FAIL;
459 for (uint32_t i = 0 ; i < array_len(data->host_offsets) ; ++i) {
460 int weight = array_elt(data->host_weights, i);
462 switch (array_elt(async->results, i)) {
464 crit("no more awaited answer but result is ASYNC");
467 async->sum += weight;
473 if (async->sum >= (uint32_t)data->hard_threshold) {
474 res = HTK_HARD_MATCH;
475 } else if (async->sum >= (uint32_t)data->soft_threshold) {
476 res = HTK_SOFT_MATCH;
479 debug("answering to filter %s", filter->name);
480 filter_post_async_result(context, res);
484 static filter_result_t iplist_filter(const filter_t *filter, const query_t *query,
485 filter_context_t *context)
489 const char *end = NULL;
490 const iplist_filter_t *data = filter->data;
493 if (parse_ipv4(query->client_address.str, &end, &ip) != 0) {
494 if (strchr(query->client_address.str, ':')) {
495 /* iplist only works on IPv4 */
498 warn("invalid client address: %s, expected ipv4",
499 query->client_address.str);
502 for (uint32_t i = 0 ; i < data->rbls.len ; ++i) {
503 const rbldb_t *rbl = array_elt(data->rbls, i);
504 int weight = array_elt(data->weights, i);
505 if (rbldb_ipv4_lookup(rbl, ip)) {
507 if (sum >= data->hard_threshold) {
508 return HTK_HARD_MATCH;
513 if (array_len(data->host_offsets) > 0) {
514 iplist_async_data_t* async = context->contexts[filter_type];
515 array_ensure_exact_capacity(async->results, array_len(data->host_offsets));
518 for (uint32_t i = 0 ; i < data->host_offsets.len ; ++i) {
519 const char *rbl = array_ptr(data->hosts, array_elt(data->host_offsets, i));
520 if (rbl_check(rbl, ip, array_ptr(async->results, i),
521 iplist_filter_async, context)) {
526 debug("filter %s awaiting %d asynchronous queries", filter->name, async->awaited);
527 async->error = error;
531 err("filter %s: all the rbl returned an error", filter->name);
534 if (sum >= data->hard_threshold) {
535 return HTK_HARD_MATCH;
536 } else if (sum >= data->soft_threshold) {
537 return HTK_SOFT_MATCH;
543 static void *iplist_context_constructor(void)
545 return p_new(iplist_async_data_t, 1);
548 static void iplist_context_destructor(void *data)
550 iplist_async_data_t *ctx = data;
551 array_wipe(ctx->results);
555 static int iplist_init(void)
557 filter_type = filter_register("iplist", iplist_filter_constructor,
558 iplist_filter_destructor, iplist_filter,
559 iplist_context_constructor,
560 iplist_context_destructor);
563 (void)filter_hook_register(filter_type, "abort");
564 (void)filter_hook_register(filter_type, "error");
565 (void)filter_hook_register(filter_type, "fail");
566 (void)filter_hook_register(filter_type, "hard_match");
567 (void)filter_hook_register(filter_type, "soft_match");
568 (void)filter_hook_register(filter_type, "async");
572 (void)filter_param_register(filter_type, "file");
573 (void)filter_param_register(filter_type, "rbldns");
574 (void)filter_param_register(filter_type, "dns");
575 (void)filter_param_register(filter_type, "hard_threshold");
576 (void)filter_param_register(filter_type, "soft_threshold");
579 module_init(iplist_init);
projects / apps / pfixtools.git / blob