dovecot-2.0: auth: Track penalty for IPv6 addresses with their /...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Feb 20 09:04:28 EET 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/77d990bee666
changeset: 10774:77d990bee666
user: Timo Sirainen <tss at iki.fi>
date: Sat Feb 20 09:04:25 2010 +0200
description:
auth: Track penalty for IPv6 addresses with their /48 mask.
diffstat:
src/auth/auth-penalty.c | 24 ++++++++++++++++++++++--
1 files changed, 22 insertions(+), 2 deletions(-)
diffs (55 lines):
diff -r 4cdb58bb0360 -r 77d990bee666 src/auth/auth-penalty.c
--- a/src/auth/auth-penalty.c Sat Feb 20 08:48:54 2010 +0200
+++ b/src/auth/auth-penalty.c Sat Feb 20 09:04:25 2010 +0200
@@ -10,6 +10,10 @@
#include <stdio.h>
+/* We don't want IPv6 hosts being able to flood our penalty
+ tracking with tons of different IPs. */
+#define PENALTY_IPV6_MASK_BITS 48
+
struct auth_penalty_request {
struct auth_request *auth_request;
auth_penalty_callback_t *callback;
@@ -86,6 +90,22 @@
request->callback(penalty, request->auth_request);
}
+static const char *
+auth_penalty_get_ident(struct auth_request *auth_request)
+{
+ struct ip_addr ip;
+
+ ip = auth_request->remote_ip;
+#ifdef HAVE_IPV6
+ if (IPADDR_IS_V6(&ip)) {
+ memset(ip.u.ip6.s6_addr + PENALTY_IPV6_MASK_BITS/CHAR_BIT, 0,
+ sizeof(ip.u.ip6.s6_addr) -
+ PENALTY_IPV6_MASK_BITS/CHAR_BIT);
+ }
+#endif
+ return net_ip2addr(&ip);
+}
+
void auth_penalty_lookup(struct auth_penalty *penalty,
struct auth_request *auth_request,
auth_penalty_callback_t *callback)
@@ -93,7 +113,7 @@
struct auth_penalty_request *request;
const char *ident;
- ident = net_ip2addr(&auth_request->remote_ip);
+ ident = auth_penalty_get_ident(auth_request);
if (penalty->disabled || ident == NULL) {
callback(0, auth_request);
return;
@@ -123,7 +143,7 @@
{
const char *ident;
- ident = net_ip2addr(&auth_request->remote_ip);
+ ident = auth_penalty_get_ident(auth_request);
if (penalty->disabled || ident == NULL)
return;
More information about the dovecot-cvs
mailing list