Adds capture action to RBL

2025-08-13 13:26:01 +03:00 · 2018-03-09 11:38:16 -03:00 · 2018-03-09 11:38:16 -03:00 · 0f361b7065
commit 0f361b7065
parent df25c48f53
3 changed files with 20 additions and 5 deletions
--- a/2
+++ b/2
@ -1,6 +1,8 @@
 v3.0.x - YYYY-MMM-DD (To be released)
 -------------------------------------

+ - Adds capture action to rbl
+   [Issue #1698 - @zimmerle]
 - Adds capture action to verifyCC
   [Issue #1698 - @michaelgranzow-avi, @zimmerle]
 - Adds capture action to verifySSN
--- a/src/operators/rbl.cc
+++ b/src/operators/rbl.cc
@ -196,9 +196,11 @@ void Rbl::furtherInfo(struct sockaddr_in *sin, std::string ipStr,
 }


-bool Rbl::evaluate(Transaction *transaction, const std::string &ipStr) {
+bool Rbl::evaluate(Transaction *t, Rule *rule,
+        const std::string& ipStr,
+        std::shared_ptr<RuleMessage> ruleMessage) {
    struct addrinfo *info = NULL;
-    std::string host = mapIpToAddress(ipStr, transaction);
+    std::string host = mapIpToAddress(ipStr, t);
    int rc = 0;

    if (host.empty()) {
@ -211,15 +213,24 @@ bool Rbl::evaluate(Transaction *transaction, const std::string &ipStr) {
        if (info != NULL) {
            freeaddrinfo(info);
        }
-        debug(transaction, 5, "RBL lookup of " + ipStr + " failed.");
+        debug(t, 5, "RBL lookup of " + ipStr + " failed.");
        return false;
    }

    struct sockaddr *addr = info->ai_addr;
    struct sockaddr_in *sin = (struct sockaddr_in *) addr;
-    furtherInfo(sin, ipStr, transaction);
+    furtherInfo(sin, ipStr, t);

    freeaddrinfo(info);
+    if (rule && t
+        && rule->getActionsByName("capture").size() > 0) {
+        t->m_collections.m_tx_collection->storeOrUpdateFirst(
+        "0", std::string(ipStr));
+#ifndef NO_LOGS
+        t->debug(7, "Added RXL match TX.0: " + \
+            std::string(ipStr));
+#endif
+    }

    return true;
 }
--- a/src/operators/rbl.h
+++ b/src/operators/rbl.h
@ -75,7 +75,9 @@ class Rbl : public Operator {
                m_provider = RblProvider::httpbl;
            }
        }
-    bool evaluate(Transaction *transaction, const std::string  &str) override;
+    bool evaluate(Transaction *transaction, Rule *rule,
+        const std::string& input,
+        std::shared_ptr<RuleMessage> ruleMessage) override;

    std::string mapIpToAddress(std::string ipStr, Transaction *trans);