diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-12-10 11:52:53 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-12-10 11:52:53 +0000 |
commit | 379a94f32504806692bcdc2d776710567ac88b2e (patch) | |
tree | 26371a0ce307daff26c8d13e7f452cd9eec896d8 /src/plugins | |
parent | 2fc11096b6fd98070459bbc58b4c228d1f11f2b7 (diff) | |
download | rspamd-379a94f32504806692bcdc2d776710567ac88b2e.tar.gz rspamd-379a94f32504806692bcdc2d776710567ac88b2e.zip |
[Feature] Reputation: Allow to specify ip masks
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/lua/reputation.lua | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/plugins/lua/reputation.lua b/src/plugins/lua/reputation.lua index 0f6bed93b..16b0fa021 100644 --- a/src/plugins/lua/reputation.lua +++ b/src/plugins/lua/reputation.lua @@ -378,6 +378,12 @@ local function ip_reputation_filter(task, rule) local cfg = rule.selector.config + if ip:get_version() == 4 and cfg.ipv4_mask then + ip = ip:apply_mask(cfg.ipv4_mask) + elseif cfg.ipv6_mask then + ip = ip:apply_mask(cfg.ipv6_mask) + end + local pool = task:get_mempool() local asn = pool:get_variable("asn") local country = pool:get_variable("country") @@ -469,11 +475,17 @@ end local function ip_reputation_idempotent(task, rule) if not rule.backend.set_token then return end -- Read only backend local ip = task:get_from_ip() + local cfg = rule.selector.config if not ip or not ip:is_valid() then return end + if lua_util.is_rspamc_or_controller(task) then return end - local cfg = rule.selector.config + if ip:get_version() == 4 and cfg.ipv4_mask then + ip = ip:apply_mask(cfg.ipv4_mask) + elseif cfg.ipv6_mask then + ip = ip:apply_mask(cfg.ipv6_mask) + end local pool = task:get_mempool() local asn = pool:get_variable("asn") @@ -519,6 +531,8 @@ local ip_selector = { score_divisor = 1, outbound = false, inbound = true, + ipv4_mask = 29, -- Mask bits for ipv4 + ipv6_mask = 64, -- Mask bits for ipv6 }, --dependencies = {"ASN"}, -- ASN is a prefilter now... init = ip_reputation_init, |