From 0f361b70653c0f2a334c4e447803e530bb834c1d Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Fri, 9 Mar 2018 11:38:16 -0300 Subject: [PATCH] Adds capture action to RBL --- CHANGES | 2 ++ src/operators/rbl.cc | 19 +++++++++++++++---- src/operators/rbl.h | 4 +++- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index a1af9750..803ce72a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ v3.0.x - YYYY-MMM-DD (To be released) ------------------------------------- + - Adds capture action to rbl + [Issue #1698 - @zimmerle] - Adds capture action to verifyCC [Issue #1698 - @michaelgranzow-avi, @zimmerle] - Adds capture action to verifySSN diff --git a/src/operators/rbl.cc b/src/operators/rbl.cc index 280424e5..d5eb1da4 100644 --- a/src/operators/rbl.cc +++ b/src/operators/rbl.cc @@ -196,9 +196,11 @@ void Rbl::furtherInfo(struct sockaddr_in *sin, std::string ipStr, } -bool Rbl::evaluate(Transaction *transaction, const std::string &ipStr) { +bool Rbl::evaluate(Transaction *t, Rule *rule, + const std::string& ipStr, + std::shared_ptr ruleMessage) { struct addrinfo *info = NULL; - std::string host = mapIpToAddress(ipStr, transaction); + std::string host = mapIpToAddress(ipStr, t); int rc = 0; if (host.empty()) { @@ -211,15 +213,24 @@ bool Rbl::evaluate(Transaction *transaction, const std::string &ipStr) { if (info != NULL) { freeaddrinfo(info); } - debug(transaction, 5, "RBL lookup of " + ipStr + " failed."); + debug(t, 5, "RBL lookup of " + ipStr + " failed."); return false; } struct sockaddr *addr = info->ai_addr; struct sockaddr_in *sin = (struct sockaddr_in *) addr; - furtherInfo(sin, ipStr, transaction); + furtherInfo(sin, ipStr, t); freeaddrinfo(info); + if (rule && t + && rule->getActionsByName("capture").size() > 0) { + t->m_collections.m_tx_collection->storeOrUpdateFirst( + "0", std::string(ipStr)); +#ifndef NO_LOGS + t->debug(7, "Added RXL match TX.0: " + \ + std::string(ipStr)); +#endif + } return true; } diff --git a/src/operators/rbl.h b/src/operators/rbl.h index 0ae35c30..d7d13ad0 100644 --- a/src/operators/rbl.h +++ b/src/operators/rbl.h @@ -75,7 +75,9 @@ class Rbl : public Operator { m_provider = RblProvider::httpbl; } } - bool evaluate(Transaction *transaction, const std::string &str) override; + bool evaluate(Transaction *transaction, Rule *rule, + const std::string& input, + std::shared_ptr ruleMessage) override; std::string mapIpToAddress(std::string ipStr, Transaction *trans);