commit 5836e02: [Project] Allow to hash and compare inet addresses considering port

Vsevolod Stakhov vsevolod at highsecure.ru
Mon Mar 4 18:14:04 UTC 2019


Author: Vsevolod Stakhov
Date: 2019-03-04 14:15:24 +0000
URL: https://github.com/rspamd/rspamd/commit/5836e02b95696a39fc643e9c62ebd9c507634242

[Project] Allow to hash and compare inet addresses considering port

---
 src/libmime/message.c  |   2 +-
 src/libutil/addr.c     | 115 +++++++++++++++++++++++++++++++++++++++++++------
 src/libutil/addr.h     |   7 +--
 src/libutil/upstream.c |   2 +-
 src/lua/lua_ip.c       |   2 +-
 5 files changed, 108 insertions(+), 20 deletions(-)

diff --git a/src/libmime/message.c b/src/libmime/message.c
index da065195d..cca134f81 100644
--- a/src/libmime/message.c
+++ b/src/libmime/message.c
@@ -1150,7 +1150,7 @@ rspamd_message_parse (struct rspamd_task *task)
 				need_recv_correction = TRUE;
 			}
 			else {
-				if (rspamd_inet_address_compare (raddr, task->from_addr) != 0) {
+				if (rspamd_inet_address_compare (raddr, task->from_addr, FALSE) != 0) {
 					need_recv_correction = TRUE;
 				}
 			}
diff --git a/src/libutil/addr.c b/src/libutil/addr.c
index fd4621aef..7fa634f6f 100644
--- a/src/libutil/addr.c
+++ b/src/libutil/addr.c
@@ -1636,7 +1636,7 @@ rspamd_inet_address_af_order (const rspamd_inet_addr_t *addr)
 
 gint
 rspamd_inet_address_compare (const rspamd_inet_addr_t *a1,
-		const rspamd_inet_addr_t *a2)
+		const rspamd_inet_addr_t *a2, gboolean compare_ports)
 {
 	g_assert (a1 != NULL);
 	g_assert (a2 != NULL);
@@ -1648,11 +1648,33 @@ rspamd_inet_address_compare (const rspamd_inet_addr_t *a1,
 	else {
 		switch (a1->af) {
 		case AF_INET:
-			return memcmp (&a1->u.in.addr.s4.sin_addr,
-					&a2->u.in.addr.s4.sin_addr, sizeof (struct in_addr));
+			if (!compare_ports) {
+				return memcmp (&a1->u.in.addr.s4.sin_addr,
+						&a2->u.in.addr.s4.sin_addr, sizeof (struct in_addr));
+			}
+			else {
+				if (a1->u.in.addr.s4.sin_port == a2->u.in.addr.s4.sin_port) {
+					return memcmp (&a1->u.in.addr.s4.sin_addr,
+							&a2->u.in.addr.s4.sin_addr, sizeof (struct in_addr));
+				}
+				else {
+					return a1->u.in.addr.s4.sin_port - a2->u.in.addr.s4.sin_port;
+				}
+			}
 		case AF_INET6:
-			return memcmp (&a1->u.in.addr.s6.sin6_addr,
-				&a2->u.in.addr.s6.sin6_addr, sizeof (struct in6_addr));
+			if (!compare_ports) {
+				return memcmp (&a1->u.in.addr.s6.sin6_addr,
+						&a2->u.in.addr.s6.sin6_addr, sizeof (struct in6_addr));
+			}
+			else {
+				if (a1->u.in.addr.s6.sin6_port == a2->u.in.addr.s6.sin6_port) {
+					return memcmp (&a1->u.in.addr.s6.sin6_addr,
+							&a2->u.in.addr.s6.sin6_addr, sizeof (struct in6_addr));
+				}
+				else {
+					return a1->u.in.addr.s6.sin6_port - a2->u.in.addr.s6.sin6_port;
+				}
+			}
 		case AF_UNIX:
 			return strncmp (a1->u.un->addr.sun_path,
 				a2->u.un->addr.sun_path, sizeof (a1->u.un->addr.sun_path));
@@ -1671,7 +1693,7 @@ rspamd_inet_address_compare_ptr (gconstpointer a1,
 	const rspamd_inet_addr_t **i1 = (const rspamd_inet_addr_t **)a1,
 			**i2 = (const rspamd_inet_addr_t **)a2;
 
-	return rspamd_inet_address_compare (*i1, *i2);
+	return rspamd_inet_address_compare (*i1, *i2, FALSE);
 }
 
 rspamd_inet_addr_t *
@@ -1724,28 +1746,85 @@ guint
 rspamd_inet_address_hash (gconstpointer a)
 {
 	const rspamd_inet_addr_t *addr = a;
-	rspamd_cryptobox_fast_hash_state_t st;
-
-	rspamd_cryptobox_fast_hash_init (&st, rspamd_hash_seed ());
-	rspamd_cryptobox_fast_hash_update (&st, &addr->af, sizeof (addr->af));
+	struct {
+		gchar buf[sizeof(struct in6_addr)]; /* 16 bytes */
+		int af;
+	} layout;
 
+	gint32 k;
 
 	if (addr->af == AF_UNIX && addr->u.un) {
+		rspamd_cryptobox_fast_hash_state_t st;
+
+		rspamd_cryptobox_fast_hash_init (&st, rspamd_hash_seed ());
+		rspamd_cryptobox_fast_hash_update (&st, &addr->af, sizeof (addr->af));
 		rspamd_cryptobox_fast_hash_update (&st, addr->u.un, sizeof (*addr->u.un));
+
+		return rspamd_cryptobox_fast_hash_final (&st);
 	}
 	else {
+		memset (&layout, 0, sizeof (layout));
+		layout.af = addr->af;
+
 		/* We ignore port part here */
 		if (addr->af == AF_INET) {
-			rspamd_cryptobox_fast_hash_update (&st, &addr->u.in.addr.s4.sin_addr,
+			memcpy (layout.buf, &addr->u.in.addr.s4.sin_addr,
+					sizeof (addr->u.in.addr.s4.sin_addr));
+		}
+		else {
+			memcpy (layout.buf, &addr->u.in.addr.s6.sin6_addr,
+					sizeof (addr->u.in.addr.s6.sin6_addr));
+		}
+
+		k = rspamd_cryptobox_fast_hash (&layout, sizeof (layout),
+				rspamd_hash_seed ());
+	}
+
+	return k;
+}
+
+guint
+rspamd_inet_address_port_hash (gconstpointer a)
+{
+	const rspamd_inet_addr_t *addr = a;
+	struct {
+		gchar buf[sizeof(struct in6_addr)]; /* 16 bytes */
+		int port;
+		int af;
+	} layout;
+
+	gint32 k;
+
+	if (addr->af == AF_UNIX && addr->u.un) {
+		rspamd_cryptobox_fast_hash_state_t st;
+
+		rspamd_cryptobox_fast_hash_init (&st, rspamd_hash_seed ());
+		rspamd_cryptobox_fast_hash_update (&st, &addr->af, sizeof (addr->af));
+		rspamd_cryptobox_fast_hash_update (&st, addr->u.un, sizeof (*addr->u.un));
+
+		return rspamd_cryptobox_fast_hash_final (&st);
+	}
+	else {
+		memset (&layout, 0, sizeof (layout));
+		layout.af = addr->af;
+
+		/* We consider port part here */
+		if (addr->af == AF_INET) {
+			memcpy (layout.buf, &addr->u.in.addr.s4.sin_addr,
 					sizeof (addr->u.in.addr.s4.sin_addr));
+			layout.port = addr->u.in.addr.s4.sin_port;
 		}
 		else {
-			rspamd_cryptobox_fast_hash_update (&st, &addr->u.in.addr.s6.sin6_addr,
+			memcpy (layout.buf, &addr->u.in.addr.s6.sin6_addr,
 					sizeof (addr->u.in.addr.s6.sin6_addr));
+			layout.port = addr->u.in.addr.s6.sin6_port;
 		}
+
+		k = rspamd_cryptobox_fast_hash (&layout, sizeof (layout),
+				rspamd_hash_seed ());
 	}
 
-	return rspamd_cryptobox_fast_hash_final (&st);
+	return k;
 }
 
 gboolean
@@ -1753,7 +1832,15 @@ rspamd_inet_address_equal (gconstpointer a, gconstpointer b)
 {
 	const rspamd_inet_addr_t *a1 = a, *a2 = b;
 
-	return rspamd_inet_address_compare (a1, a2) == 0;
+	return rspamd_inet_address_compare (a1, a2, FALSE) == 0;
+}
+
+gboolean
+rspamd_inet_address_port_equal (gconstpointer a, gconstpointer b)
+{
+	const rspamd_inet_addr_t *a1 = a, *a2 = b;
+
+	return rspamd_inet_address_compare (a1, a2, TRUE) == 0;
 }
 
 #ifndef IN6_IS_ADDR_LOOPBACK
diff --git a/src/libutil/addr.h b/src/libutil/addr.h
index 46b705a4b..bfe586ad1 100644
--- a/src/libutil/addr.h
+++ b/src/libutil/addr.h
@@ -263,7 +263,7 @@ void rspamd_inet_address_apply_mask (rspamd_inet_addr_t *addr, guint mask);
  * @return
  */
 gint rspamd_inet_address_compare (const rspamd_inet_addr_t *a1,
-		const rspamd_inet_addr_t *a2);
+		const rspamd_inet_addr_t *a2, gboolean compare_ports);
 
 /**
  * Utility function to compare addresses by in g_ptr_array
@@ -281,15 +281,16 @@ gint rspamd_inet_address_compare_ptr (gconstpointer a1,
 rspamd_inet_addr_t *rspamd_inet_address_copy (const rspamd_inet_addr_t *addr);
 
 /**
- * Returns hash for inet address
+ * Returns hash for inet address (ignoring port)
  */
 guint rspamd_inet_address_hash (gconstpointer a);
-
+guint rspamd_inet_address_port_hash (gconstpointer a);
 
 /**
  * Returns true if two address are equal
  */
 gboolean rspamd_inet_address_equal (gconstpointer a, gconstpointer b);
+gboolean rspamd_inet_address_port_equal (gconstpointer a, gconstpointer b);
 
 /**
  * Returns TRUE if an address belongs to some local address
diff --git a/src/libutil/upstream.c b/src/libutil/upstream.c
index 2ce294525..64d5291fa 100644
--- a/src/libutil/upstream.c
+++ b/src/libutil/upstream.c
@@ -289,7 +289,7 @@ rspamd_upstream_update_addrs (struct upstream *up)
 			rspamd_inet_address_set_port (cur->addr, port);
 
 			PTR_ARRAY_FOREACH (up->addrs.addr, i, addr_elt) {
-				if (rspamd_inet_address_compare (addr_elt->addr, cur->addr) == 0) {
+				if (rspamd_inet_address_compare (addr_elt->addr, cur->addr, FALSE) == 0) {
 					naddr = g_malloc0 (sizeof (*naddr));
 					naddr->addr = cur->addr;
 					naddr->errors = reset_errors ? 0 : addr_elt->errors;
diff --git a/src/lua/lua_ip.c b/src/lua/lua_ip.c
index 5ee4a39b4..7f24f7712 100644
--- a/src/lua/lua_ip.c
+++ b/src/lua/lua_ip.c
@@ -490,7 +490,7 @@ lua_ip_equal (lua_State *L)
 	gboolean res = FALSE;
 
 	if (ip1 && ip2 && ip1->addr && ip2->addr) {
-		res = rspamd_inet_address_compare (ip1->addr, ip2->addr);
+		res = rspamd_inet_address_compare (ip1->addr, ip2->addr, TRUE);
 	}
 
 	lua_pushboolean (L, res);


More information about the Commits mailing list