Yeah, I've used the patch on my servers for quite some time (I wrote it) without problems. AFAIK it has more users, including users of the FreeBSD spamass-milter port <http://www.freebsd.org/cgi/query-pr.cgi?pr=155979>, I just kept losing it on upgrades.
I just did another rebuild so it's on my main mailserver again. I hope we can have it upstream now. :-) Just went through the whole diff once more, found no issues. I'm attaching the newest version that should apply cleanly on 0.3.1-10. Cheers, Wilmer van der Gaast. -- +-------- .''`. - -- ---+ + - -- --- ---- ----- ------+ | wilmer : :' : gaast.net | | OSS Programmer www.bitlbee.org | | lintux `. `~' debian.org | | Full-time geek wilmer.gaast.net | +--- -- - ` ---------------+ +------ ----- ---- --- -- - +
diff -uNr spamass-milter-0.3.1/spamass-milter.cpp spamass-milter-0.3.1.ipv6/spamass-milter.cpp
--- spamass-milter-0.3.1/spamass-milter.cpp 2011-05-29 13:49:04.000000000 +0100
+++ spamass-milter-0.3.1.ipv6/spamass-milter.cpp 2011-05-29 12:26:18.000000000 +0100
@@ -88,6 +88,7 @@
#include "subst_poll.h"
#endif
#include <errno.h>
+#include <netdb.h>
// C++ includes
#include <cstdio>
@@ -678,6 +679,8 @@
{
struct context *sctx;
int rv;
+ struct sockaddr_in localhost;
+
debug(D_FUNC, "mlfi_connect: enter");
@@ -687,10 +690,15 @@
{
/* not a socket; probably a local user calling sendmail directly */
/* set to 127.0.0.1 */
- sctx->connect_ip.s_addr = htonl(INADDR_LOOPBACK);
+ strcpy(sctx->connect_ip, "127.0.0.1");
+ localhost.sin_family = AF_INET;
+ localhost.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ hostaddr = (struct sockaddr*) &localhost;
} else
{
- sctx->connect_ip = ((struct sockaddr_in *) hostaddr)->sin_addr;
+ getnameinfo(hostaddr, sizeof(struct sockaddr_in6),
+ sctx->connect_ip, 63, NULL, 0, NI_NUMERICHOST);
+ debug(D_FUNC, "Remote address: %s", sctx->connect_ip);
}
sctx->assassin = NULL;
sctx->helo = NULL;
@@ -704,10 +712,10 @@
}
/* debug(D_ALWAYS, "ZZZ set private context to %p", sctx); */
- if (ip_in_networklist(sctx->connect_ip, &ignorenets))
+ if (ip_in_networklist(hostaddr, &ignorenets))
{
debug(D_NET, "%s is in our ignore list - accepting message",
- inet_ntoa(sctx->connect_ip));
+ sctx->connect_ip);
debug(D_FUNC, "mlfi_connect: exit ignore");
return SMFIS_ACCEPT;
}
@@ -779,7 +787,7 @@
return SMFIS_TEMPFAIL;
};
- assassin->set_connectip(string(inet_ntoa(sctx->connect_ip)));
+ assassin->set_connectip(string(sctx->connect_ip));
// Store a pointer to the assassin object in our context struct
sctx->assassin = assassin;
@@ -2037,69 +2045,119 @@
{
char *tnet = strsep(&token, "/");
char *tmask = token;
- struct in_addr net, mask;
+ struct in_addr net;
+ struct in6_addr net6;
if (list->num_nets % 10 == 0)
- list->nets = (struct net*)realloc(list->nets, sizeof(*list->nets) * (list->num_nets + 10));
+ list->nets = (union net*)realloc(list->nets, sizeof(*list->nets) * (list->num_nets + 10));
- if (!inet_aton(tnet, &net))
+ if (inet_pton(AF_INET, tnet, &net))
{
- fprintf(stderr, "Could not parse \"%s\" as a network\n", tnet);
- exit(1);
- }
+ struct in_addr mask;
+
+ if (tmask)
+ {
+ if (strchr(tmask, '.') == NULL)
+ {
+ /* CIDR */
+ unsigned int bits;
+ int ret;
+ ret = sscanf(tmask, "%u", &bits);
+ if (ret != 1 || bits > 32)
+ {
+ fprintf(stderr,"%s: bad CIDR value", tmask);
+ exit(1);
+ }
+ mask.s_addr = htonl(~((1L << (32 - bits)) - 1) & 0xffffffff);
+ } else if (!inet_pton(AF_INET6, tmask, &mask))
+ {
+ fprintf(stderr, "Could not parse \"%s\" as a netmask\n", tmask);
+ exit(1);
+ }
+ } else
+ mask.s_addr = 0xffffffff;
- if (tmask)
+ {
+ char *snet = strdup(inet_ntoa(net));
+ debug(D_MISC, "Adding %s/%s to network list", snet, inet_ntoa(mask));
+ free(snet);
+ }
+
+ net.s_addr = net.s_addr & mask.s_addr;
+ list->nets[list->num_nets].net4.af = AF_INET;
+ list->nets[list->num_nets].net4.network = net;
+ list->nets[list->num_nets].net4.netmask = mask;
+ list->num_nets++;
+ } else if (inet_pton(AF_INET6, tnet, &net6))
{
- if (strchr(tmask, '.') == NULL)
+ int mask;
+
+ if (tmask)
{
- /* CIDR */
- unsigned int bits;
- int ret;
- ret = sscanf(tmask, "%u", &bits);
- if (ret != 1 || bits > 32)
+ if (sscanf(tmask, "%d", &mask) != 1 || mask > 128)
{
fprintf(stderr,"%s: bad CIDR value", tmask);
exit(1);
}
- mask.s_addr = htonl(~((1L << (32 - bits)) - 1) & 0xffffffff);
- } else if (!inet_aton(tmask, &mask))
- {
- fprintf(stderr, "Could not parse \"%s\" as a netmask\n", tmask);
- exit(1);
- }
+ } else
+ mask = 128;
+
+ list->nets[list->num_nets].net6.af = AF_INET6;
+ list->nets[list->num_nets].net6.network = net6;
+ list->nets[list->num_nets].net6.netmask = mask;
+ list->num_nets++;
} else
- mask.s_addr = 0xffffffff;
-
{
- char *snet = strdup(inet_ntoa(net));
- debug(D_MISC, "Adding %s/%s to network list", snet, inet_ntoa(mask));
- free(snet);
+ fprintf(stderr, "Could not parse \"%s\" as a network\n", tnet);
+ exit(1);
}
- net.s_addr = net.s_addr & mask.s_addr;
- list->nets[list->num_nets].network = net;
- list->nets[list->num_nets].netmask = mask;
- list->num_nets++;
}
free(string);
}
-int ip_in_networklist(struct in_addr ip, struct networklist *list)
+int ip_in_networklist(struct sockaddr *addr, struct networklist *list)
{
int i;
if (list->num_nets == 0)
return 0;
-
- debug(D_NET, "Checking %s against:", inet_ntoa(ip));
+
+ //debug(D_NET, "Checking %s against:", inet_ntoa(ip));
for (i = 0; i < list->num_nets; i++)
{
- debug(D_NET, "%s", inet_ntoa(list->nets[i].network));
- debug(D_NET, "/%s", inet_ntoa(list->nets[i].netmask));
- if ((ip.s_addr & list->nets[i].netmask.s_addr) == list->nets[i].network.s_addr)
- {
- debug(D_NET, "Hit!");
- return 1;
+ if (list->nets[i].net.af == AF_INET && addr->sa_family == AF_INET)
+ {
+ struct in_addr ip = ((struct sockaddr_in *)addr)->sin_addr;
+
+ debug(D_NET, "%s", inet_ntoa(list->nets[i].net4.network));
+ debug(D_NET, "/%s", inet_ntoa(list->nets[i].net4.netmask));
+ if ((ip.s_addr & list->nets[i].net4.netmask.s_addr) == list->nets[i].net4.network.s_addr)
+ {
+ debug(D_NET, "Hit!");
+ return 1;
+ }
+ } else if (list->nets[i].net.af == AF_INET6 && addr->sa_family == AF_INET6)
+ {
+ u_int8_t *ip = ((struct sockaddr_in6 *)addr)->sin6_addr.s6_addr;
+ int mask, j;
+
+ mask = list->nets[i].net6.netmask;
+ for (j = 0; j < 16 && mask > 0; j++, mask -= 8)
+ {
+ unsigned char bytemask;
+
+ bytemask = (mask < 8) ? ~((1L << (8 - mask)) - 1) : 0xff;
+
+ if ((ip[j] & bytemask) != (list->nets[i].net6.network.s6_addr[j] & bytemask))
+ break;
+ }
+
+ if (mask <= 0)
+ {
+ debug(D_NET, "Hit!");
+ return 1;
+ }
}
}
diff -uNr spamass-milter-0.3.1/spamass-milter.h spamass-milter-0.3.1.ipv6/spamass-milter.h
--- spamass-milter-0.3.1/spamass-milter.h 2011-05-29 13:49:04.000000000 +0100
+++ spamass-milter-0.3.1.ipv6/spamass-milter.h 2011-05-29 11:55:43.000000000 +0100
@@ -56,16 +56,30 @@
extern struct smfiDesc smfilter;
/* struct describing a single network */
-struct net
+union net
{
- struct in_addr network;
- struct in_addr netmask;
+ struct
+ {
+ uint8_t af;
+ } net;
+ struct
+ {
+ uint8_t af;
+ struct in_addr network;
+ struct in_addr netmask;
+ } net4;
+ struct
+ {
+ uint8_t af;
+ struct in6_addr network;
+ int netmask; /* Just the number of bits for IPv6 */
+ } net6;
};
/* an array of networks */
struct networklist
{
- struct net *nets;
+ union net *nets;
int num_nets;
};
@@ -165,7 +179,7 @@
/* Private data structure to carry per-client data between calls */
struct context
{
- struct in_addr connect_ip; // remote IP address
+ char connect_ip[64]; // remote IP address
char *helo;
SpamAssassin *assassin; // pointer to the SA object if we're processing a message
};
@@ -182,7 +196,7 @@
int cmp_nocase_partial(const string&, const string&);
void closeall(int fd);
void parse_networklist(char *string, struct networklist *list);
-int ip_in_networklist(struct in_addr ip, struct networklist *list);
+int ip_in_networklist(struct sockaddr *addr, struct networklist *list);
void parse_debuglevel(char* string);
char *strlwr(char *str);
void warnmacro(char *macro, char *scope);
signature.asc
Description: OpenPGP digital signature
