Verified Commit 82ee0d1f authored by Jason Hill's avatar Jason Hill

Add basic support for IPv6 lookups

This adds Net::IP as a dependency.

Closes #3
parent 0e99c9ad
......@@ -11,6 +11,7 @@ The following Perl modules are required:
- Term::ReadKey
- File::Slurp
- Time::Duration
- Net::IP
## Configuration
......
......@@ -66,13 +66,14 @@ use POSIX;
use File::Slurp;
use Data::Dumper;
use Time::Duration;
use Net::IP;
my $DEFAULT_POLICY = "RTAWUwFr";
my $DEFAULT_CACHE_TIME = 60 * 60 * 24;
my $DEFAULT_BLOCK_MESSAGE = "Connection rejected due to reputation (DNSBL).";
my $STARTTIME = time();
my $VERSION = "1.0";
my $VERSION = "1.1";
my %options;
my %clients;
......@@ -358,7 +359,7 @@ sub myresponse_event {
}
}
handle_dnsbl_response($kernel, $heap, $response->{'host'}, \@result, 0);
handle_dnsbl_response($kernel, $heap, $response->{'host'}, \@result, 0, $response->{'context'});
}
sub read_configfile {
......@@ -431,6 +432,22 @@ sub read_configfile {
return %config;
}
sub reverse_ipaddr {
my $addr = shift;
my $revip;
if ($addr =~ /^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/) {
$revip = join('.', reverse split(/\./, $addr));
return $revip;
}
my $ipc = new Net::IP($addr);
$revip = $ipc->reverse_ip();
$revip =~ s/.ip6.arpa.//;
return $revip;
}
sub handle_startup {
poe_print "G 1";
poe_print "V :darenet-iauthd version $VERSION";
......@@ -470,64 +487,59 @@ sub handle_client {
$clients{$id} = $client;
if ($ip =~ /^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/) {
my $pi = join('.', reverse(split(/\./,$ip)));
my $pi = reverse_ipaddr($ip);
foreach my $dnsbl (@{$config{'dnsbls'}}) {
my $server = $dnsbl->{'server'};
foreach my $dnsbl (@{$config{'dnsbls'}}) {
my $server = $dnsbl->{'server'};
# Mark lookup as pending.
$client->{'lookups'}->{$dnsbl->{'cfgnum'}} = 1;
debug("Looking up client $id: $pi.$server");
# Mark lookup as pending.
$client->{'lookups'}->{$dnsbl->{'cfgnum'}} = 1;
debug("Looking up client $id: $pi.$server");
my $cachetime = $config{'cachetime'};
if (exists $dnsbl->{'cachetime'}) {
$cachetime = $dnsbl->{'cachetime'};
}
my $cachetime = $config{'cachetime'};
if (exists $dnsbl->{'cachetime'}) {
$cachetime = $dnsbl->{'cachetime'};
}
# Purge from cache if it matches.
if (exists $dnsbl_cache{"$pi.$server"}
&& exists $dnsbl_cache{"$pi.$server"}->{'ts'}
&& $dnsbl_cache{"$pi.$server"}->{'ts'} < ( time() - $cachetime) ) {
debug("Deleting stale cache entry for $pi.$server");
delete $dnsbl_cache{"$pi.$server"};
}
# Purge from cache if it matches.
if (exists $dnsbl_cache{"$pi.$server"}
&& exists $dnsbl_cache{"$pi.$server"}->{'ts'}
&& $dnsbl_cache{"$pi.$server"}->{'ts'} < ( time() - $cachetime) ) {
debug("Deleting stale cache entry for $pi.$server");
delete $dnsbl_cache{"$pi.$server"};
}
# Check cache.
if (exists $dnsbl_cache{"$pi.$server"}) {
my $cache_entry = $dnsbl_cache{"$pi.$server"};
# Check cache.
if (exists $dnsbl_cache{"$pi.$server"}) {
my $cache_entry = $dnsbl_cache{"$pi.$server"};
debug("Found DNSBL cache entry for $pi.$server");
debug("Found DNSBL cache entry for $pi.$server");
if (defined $cache_entry->{'result'}) {
handle_dnsbl_response($kernel, $heap, "$pi.$server",
$cache_entry->{'result'}, 1);
}
else {
debug("Cache pending on $pi.$server");
}
if (defined $cache_entry->{'result'}) {
handle_dnsbl_response($kernel, $heap, "$pi.$server",
$cache_entry->{'result'}, 1, $server);
}
else {
debug("Adding cache entry for pending lookup $pi.$server");
debug("Cache pending on $pi.$server");
}
}
else {
debug("Adding cache entry for pending lookup $pi.$server");
$dnsbl_cache{"$pi.$server"} = { result=>undef, ts=>time()};
$dnsbl_cache{"$pi.$server"} = { result=>undef, ts=>time()};
#Begin a POE lookup on the DNSBL
my $response = $named->resolve(
event => "myresponse_event",
host => "$pi.$server",
context => { },
);
#Begin a POE lookup on the DNSBL
my $response = $named->resolve(
event => "myresponse_event",
host => "$pi.$server",
context => "$server",
);
if ($response) {
$kernel->yield(response => $response);
}
if ($response) {
$kernel->yield(response => $response);
}
}
}
else {
debug("Unknown IP format: $ip, probably ipv6; ignoring");
}
}
sub handle_webirc {
......@@ -568,18 +580,15 @@ sub handle_auth {
}
sub handle_dnsbl_response {
my ($kernel, $heap, $host, $results, $iscached) = @_;
my ($kernel, $heap, $host, $results, $iscached, $dnsbl_server) = @_;
my $lookup_string;
$dnsbl_cache{$host} = { result=>$results, ts=>time()} unless($iscached);
$host =~ /^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.(.+)$/;
my $host_ip = "$4.$3.$2.$1";
my $dnsbl_server = "$5";
$host =~ s/.($dnsbl_server)//;
debug("Got a ". ($iscached?"cache hit":"DNS reply") .
" for $host_ip from $dnsbl_server..." . @$results . " replies...");
" for $host from $dnsbl_server... " . @$results . " replies...");
foreach my $ip (@$results) {
if ($ip =~ /^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/) {
......@@ -611,8 +620,9 @@ sub handle_dnsbl_response {
# Check if this positive DNSBL hit affects them.
foreach my $client_id (keys %clients) {
my $client = $clients{$client_id};
my $client_host = reverse_ipaddr($client->{'ip'});
if ($client->{'ip'} eq $host_ip) {
if ($client_host eq $host) {
debug("client $client->{id} matches " .
"$config_dnsbl->{server} result $value");
......@@ -650,7 +660,8 @@ sub handle_dnsbl_response {
foreach my $dnsbl (@{$config{'dnsbls'}}) {
if ($dnsbl_server eq $dnsbl->{'server'}) {
foreach my $client (values %clients) {
if ($client->{'ip'} eq $host_ip) {
my $client_host = reverse_ipaddr($client->{'ip'});
if ($client_host eq $host) {
if ($client->{'lookups'}->{$dnsbl->{'cfgnum'}}) {
$client->{'lookups'}->{$dnsbl->{'cfgnum'}} = 0;
handle_client_update($client);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment