mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124
							--[[
Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>
Copyright (c) 2019, Denis Paavilainen <denpa@denpa.pro>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
]]--

-- Detect remote OS via passive fingerprinting

local lua_util = require "lua_util"
local lua_redis = require "lua_redis"
local rspamd_logger = require "rspamd_logger"
local p0f = require("lua_scanners").filter('p0f').p0f

local N = 'p0f'

if confighelp then
  rspamd_config:add_example(nil, N,
    'Detect remote OS via passive fingerprinting',
    [[
p0f {
  # Enable module
  enabled = true

  # Path to the unix socket that p0f listens on
  socket = '/var/run/p0f.sock';

  # Connection timeout
  timeout = 5s;

  # If defined, insert symbol with lookup results
  symbol = 'P0F';

  # Patterns to match against results returned by p0f
  # Symbol will be yielded on OS string, link type or distance matches
  patterns = {
    WINDOWS = '^Windows.*';
    #DSL = '^DSL$';
    #DISTANCE10 = '^distance:10$';
  }

  # Cache lifetime in seconds (default - 2 hours)
  expire = 7200;

  # Cache key prefix
  prefix = 'p0f';
}
]])
  return
end

local rule

local function check_p0f(task)
  local ip = task:get_from_ip()

  if not (ip and ip:is_valid()) or ip:is_local() then
    return
  end

  p0f.check(task, ip, rule)
end

local opts = rspamd_config:get_all_opt(N)

rule = p0f.configure(opts)

if rule then
  rule.redis_params = lua_redis.parse_redis_server(N)

  lua_redis.register_prefix(rule.prefix .. '*', N,
      'P0f check cache', {
        type = 'string',
      })

  local id = rspamd_config:register_symbol({
    name = 'P0F_CHECK',
    type = 'prefilter',
    callback = check_p0f,
    priority = lua_util.symbols_priorities.medium,
    flags = 'empty,nostat',
    group = N,
    augmentations = {string.format("timeout=%f", rule.timeout or 0.0)},

  })

  if rule.symbol then
    rspamd_config:register_symbol({
      name = rule.symbol,
      parent = id,
      type = 'virtual',
      flags = 'empty',
      group = N
    })
  end

  for sym in pairs(rule.patterns) do
    rspamd_logger.debugm(N, rspamd_config, 'registering: %1', {
      type = 'virtual',
      name = sym,
      parent = id,
      group = N
    })
    rspamd_config:register_symbol({
      type = 'virtual',
      name = sym,
      parent = id,
      group = N
    })
  end
else
  lua_util.disable_module(N, 'config')
  rspamd_logger.infox('p0f module not configured');
end