commit 1485bf2: [Rework] Move local IPs check
Vsevolod Stakhov
vsevolod at highsecure.ru
Wed Feb 12 15:07:08 UTC 2020
Author: Vsevolod Stakhov
Date: 2020-02-12 15:02:41 +0000
URL: https://github.com/rspamd/rspamd/commit/1485bf2c42c3104696ec3a6c5e61ebe627a71c21 (HEAD -> master)
[Rework] Move local IPs check
---
src/client/rspamc.c | 12 +-----------
src/libserver/cfg_file.h | 6 ++++++
src/libserver/cfg_utils.c | 25 ++++++++++++++++++++++++-
src/libutil/addr.c | 23 +++++++++--------------
src/libutil/addr.h | 20 ++++++++++++++------
src/lua/lua_ip.c | 21 +++++++++++++++++++--
src/plugins/dkim_check.c | 2 +-
src/rspamd.h | 4 +---
src/rspamd_proxy.c | 5 ++---
src/worker.c | 2 +-
10 files changed, 78 insertions(+), 42 deletions(-)
diff --git a/src/client/rspamc.c b/src/client/rspamc.c
index f759ec610..6947d5604 100644
--- a/src/client/rspamc.c
+++ b/src/client/rspamc.c
@@ -17,6 +17,7 @@
#include "libutil/util.h"
#include "libserver/http/http_connection.h"
#include "libserver/http/http_private.h"
+#include "libserver/cfg_file.h"
#include "rspamdclient.h"
#include "utlist.h"
#include "unix-std.h"
@@ -168,17 +169,6 @@ static GOptionEntry entries[] =
{ NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL, NULL }
};
-/* Copy to avoid linking with librspamdserver */
-enum rspamd_action_type {
- METRIC_ACTION_REJECT = 0,
- METRIC_ACTION_SOFT_REJECT,
- METRIC_ACTION_REWRITE_SUBJECT,
- METRIC_ACTION_ADD_HEADER,
- METRIC_ACTION_GREYLIST,
- METRIC_ACTION_NOACTION,
- METRIC_ACTION_MAX
-};
-
static void rspamc_symbols_output (FILE *out, ucl_object_t *obj);
static void rspamc_uptime_output (FILE *out, ucl_object_t *obj);
static void rspamc_counters_output (FILE *out, ucl_object_t *obj);
diff --git a/src/libserver/cfg_file.h b/src/libserver/cfg_file.h
index 4a8ab5bfc..1d782dd8b 100644
--- a/src/libserver/cfg_file.h
+++ b/src/libserver/cfg_file.h
@@ -845,6 +845,12 @@ gboolean rspamd_libs_reset_compression (struct rspamd_external_libs_ctx *ctx);
*/
void rspamd_deinit_libs (struct rspamd_external_libs_ctx *ctx);
+/**
+ * Returns TRUE if an address belongs to some local address
+ */
+gboolean rspamd_ip_is_local_cfg (struct rspamd_config *cfg,
+ const rspamd_inet_addr_t *addr);
+
/**
* Configure libraries
*/
diff --git a/src/libserver/cfg_utils.c b/src/libserver/cfg_utils.c
index 204e9bd55..d8237b88e 100644
--- a/src/libserver/cfg_utils.c
+++ b/src/libserver/cfg_utils.c
@@ -2998,4 +2998,27 @@ rspamd_deinit_libs (struct rspamd_external_libs_ctx *ctx)
g_free (ctx);
}
-}
\ No newline at end of file
+}
+
+gboolean
+rspamd_ip_is_local_cfg (struct rspamd_config *cfg,
+ const rspamd_inet_addr_t *addr)
+{
+ struct rspamd_radix_map_helper *local_addrs = NULL;
+
+ if (cfg && cfg->libs_ctx) {
+ local_addrs = *(struct rspamd_radix_map_helper**)cfg->libs_ctx->local_addrs;
+ }
+
+ if (rspamd_inet_address_is_local (addr)) {
+ return TRUE;
+ }
+
+ if (local_addrs) {
+ if (rspamd_match_radix_map_addr (local_addrs, addr) != NULL) {
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
diff --git a/src/libutil/addr.c b/src/libutil/addr.c
index c0cb2d19d..4a540fefc 100644
--- a/src/libutil/addr.c
+++ b/src/libutil/addr.c
@@ -16,10 +16,6 @@
#include "config.h"
#include "addr.h"
#include "util.h"
-/*
- * TODO: fix this cross dependency!
- */
-#include "libserver/maps/map_helpers.h"
#include "logger.h"
#include "cryptobox.h"
#include "unix-std.h"
@@ -32,7 +28,7 @@
#include <grp.h>
#endif
-static struct rspamd_radix_map_helper *local_addrs;
+static void *local_addrs;
enum {
RSPAMD_IPV6_UNDEFINED = 0,
@@ -1879,8 +1875,7 @@ rspamd_inet_address_port_equal (gconstpointer a, gconstpointer b)
#endif
gboolean
-rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr,
- gboolean check_laddrs)
+rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr)
{
if (addr == NULL) {
return FALSE;
@@ -1904,23 +1899,23 @@ rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr,
return TRUE;
}
}
-
- if (check_laddrs && local_addrs) {
- if (rspamd_match_radix_map_addr (local_addrs, addr) != NULL) {
- return TRUE;
- }
- }
}
return FALSE;
}
-struct rspamd_radix_map_helper **
+void **
rspamd_inet_library_init (void)
{
return &local_addrs;
}
+void *
+rspamd_inet_library_get_lib_ctx (void)
+{
+ return local_addrs;
+}
+
void
rspamd_inet_library_destroy (void)
{
diff --git a/src/libutil/addr.h b/src/libutil/addr.h
index 6a33ad7ec..c0910ad03 100644
--- a/src/libutil/addr.h
+++ b/src/libutil/addr.h
@@ -44,10 +44,19 @@ extern "C" {
*/
typedef struct rspamd_inet_addr_s rspamd_inet_addr_t;
-struct rspamd_radix_map_helper;
-
-struct rspamd_radix_map_helper **rspamd_inet_library_init (void);
-
+/**
+ * Returns pointer storage for global singleton (map for local addresses)
+ * @return
+ */
+void **rspamd_inet_library_init (void);
+/**
+ * Returns local addresses singleton
+ * @return
+ */
+void *rspamd_inet_library_get_lib_ctx (void);
+/**
+ * Cleanup library (currently it does nothing)
+ */
void rspamd_inet_library_destroy (void);
/**
@@ -323,8 +332,7 @@ gboolean rspamd_inet_address_port_equal (gconstpointer a, gconstpointer b);
/**
* Returns TRUE if an address belongs to some local address
*/
-gboolean rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr,
- gboolean check_laddrs);
+gboolean rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr);
/**
* Returns size of storage required to store a complete IP address
diff --git a/src/lua/lua_ip.c b/src/lua/lua_ip.c
index fb6845519..2604aa100 100644
--- a/src/lua/lua_ip.c
+++ b/src/lua/lua_ip.c
@@ -14,6 +14,7 @@
* limitations under the License.
*/
#include "lua_common.h"
+#include "libserver/maps/map_helpers.h"
/***
* @module rspamd_ip
@@ -530,8 +531,24 @@ lua_ip_is_local (lua_State *L)
check_laddrs = lua_toboolean (L, 2);
}
- lua_pushboolean (L, rspamd_inet_address_is_local (ip->addr,
- check_laddrs));
+ if ( rspamd_inet_address_is_local (ip->addr)) {
+ lua_pushboolean (L, true);
+
+ return 1;
+ }
+ else if (check_laddrs) {
+ struct rspamd_radix_map_helper *local_addrs =
+ rspamd_inet_library_get_lib_ctx ();
+ if (local_addrs) {
+ if (rspamd_match_radix_map_addr (local_addrs, ip->addr) != NULL) {
+ lua_pushboolean (L, true);
+
+ return 1;
+ }
+ }
+ }
+
+ lua_pushboolean (L, false);
}
else {
lua_pushnil (L);
diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index 9313b643f..da7e092f7 100644
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -1144,7 +1144,7 @@ dkim_symbol_callback (struct rspamd_task *task,
/* First check if plugin should be enabled */
if ((!dkim_module_ctx->check_authed && task->user != NULL)
|| (!dkim_module_ctx->check_local &&
- rspamd_inet_address_is_local (task->from_addr, TRUE))) {
+ rspamd_ip_is_local_cfg (task->cfg, task->from_addr))) {
msg_info_task ("skip DKIM checks for local networks and authorized users");
rspamd_symcache_finalize_item (task, item);
diff --git a/src/rspamd.h b/src/rspamd.h
index be96f0755..8885480c2 100644
--- a/src/rspamd.h
+++ b/src/rspamd.h
@@ -354,10 +354,8 @@ struct zstd_dictionary {
guint id;
};
-struct rspamd_radix_map_helper;
-
struct rspamd_external_libs_ctx {
- struct rspamd_radix_map_helper **local_addrs;
+ void **local_addrs;
struct rspamd_cryptobox_library_ctx *crypto_ctx;
struct ottery_config *ottery_cfg;
SSL_CTX *ssl_ctx;
diff --git a/src/rspamd_proxy.c b/src/rspamd_proxy.c
index f1a557133..e9ce9ef5e 100644
--- a/src/rspamd_proxy.c
+++ b/src/rspamd_proxy.c
@@ -1415,8 +1415,7 @@ proxy_open_mirror_connections (struct rspamd_proxy_session *session)
}
if (m->local ||
- rspamd_inet_address_is_local (
- rspamd_upstream_addr_cur (bk_conn->up), FALSE)) {
+ rspamd_inet_address_is_local (rspamd_upstream_addr_cur (bk_conn->up))) {
if (session->fname) {
rspamd_http_message_add_header (msg, "File", session->fname);
@@ -1951,7 +1950,7 @@ retry:
if (backend->local ||
rspamd_inet_address_is_local (
rspamd_upstream_addr_cur (
- session->master_conn->up), FALSE)) {
+ session->master_conn->up))) {
if (session->fname) {
rspamd_http_message_add_header (msg, "File", session->fname);
diff --git a/src/worker.c b/src/worker.c
index 4cfe27771..ad7f12674 100644
--- a/src/worker.c
+++ b/src/worker.c
@@ -371,7 +371,7 @@ accept_socket (EV_P_ ev_io *w, int revents)
session->ctx = ctx;
session->worker = worker;
- if (ctx->encrypted_only && !rspamd_inet_address_is_local (addr, FALSE)) {
+ if (ctx->encrypted_only && !rspamd_inet_address_is_local (addr)) {
http_opts = RSPAMD_HTTP_REQUIRE_ENCRYPTION;
}
More information about the Commits
mailing list