diff options
| author |   martijn <martijn@openbsd.org> | 2019-09-06 08:23:56 +0000 |
|---|---|---|
| committer | martijn <martijn@openbsd.org> | 2019-09-06 08:23:56 +0000 |
| commit | 41ba60566dbaf3d082f23cb75933d8e5629cba6e (patch) | |
| tree | fccfe3587b1784b88c89bd5b2d59e7ca26080e5f | |
| parent | key conversion should fail for !openssl builds, not fall through to (diff) | |
| download | wireguard-openbsd-41ba60566dbaf3d082f23cb75933d8e5629cba6e.tar.xz wireguard-openbsd-41ba60566dbaf3d082f23cb75933d8e5629cba6e.zip | |
Add support for filter-reports. These allow filters to send freetext
reports to other filters/report handlers.
Builtin filters work via the new "report" keyword.
Proc filters can send reports via:
"report|<seconds.<microseconds>|smtp-in|<reqid>|<message>"
Subscribing to these reports can be done via the the "filter-report"
keyword.
The reports themselves contain the usual elements followed by:
<type>|<name>|<message>
Type can be builtin or proc.
Name is the process name for type proc and the filter name for type builtin.
OK gilles@
| -rw-r--r-- | usr.sbin/smtpd/lka_filter.c | 18 | ||||
| -rw-r--r-- | usr.sbin/smtpd/lka_proc.c | 4 | ||||
| -rw-r--r-- | usr.sbin/smtpd/lka_report.c | 56 | ||||
| -rw-r--r-- | usr.sbin/smtpd/parse.y | 16 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtpd.conf.5 | 15 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtpd.h | 6 |
6 files changed, 95 insertions, 20 deletions
diff --git a/usr.sbin/smtpd/lka_filter.c b/usr.sbin/smtpd/lka_filter.c index 6cde9f734a0..bf7c721a501 100644 --- a/usr.sbin/smtpd/lka_filter.c +++ b/usr.sbin/smtpd/lka_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_filter.c,v 1.47 2019/09/04 08:30:36 gilles Exp $ */ +/* $OpenBSD: lka_filter.c,v 1.48 2019/09/06 08:23:56 martijn Exp $ */ /* * Copyright (c) 2018 Gilles Chehade <gilles@poolp.org> @@ -35,7 +35,7 @@ #include "smtpd.h" #include "log.h" -#define PROTOCOL_VERSION "0.3" +#define PROTOCOL_VERSION "0.4" struct filter; struct filter_session; @@ -514,6 +514,7 @@ filter_protocol_internal(struct filter_session *fs, uint64_t *token, uint64_t re struct filter_chain *filter_chain; struct filter_entry *filter_entry; struct filter *filter; + struct timeval tv; const char *phase_name = filter_execs[phase].phase_name; int resume = 1; @@ -590,8 +591,17 @@ filter_protocol_internal(struct filter_session *fs, uint64_t *token, uint64_t re param); filter_result_junk(reqid); return; - } - else { + } else if (filter->config->report) { + log_trace(TRACE_FILTERS, "%016"PRIx64" filters protocol phase=%s, " + "resume=%s, action=report, filter=%s, query=%s response=%s", + fs->id, phase_name, resume ? "y" : "n", + filter->name, + param, filter->config->report); + + gettimeofday(&tv, NULL); + lka_report_filter_report(fs->id, filter->name, 1, + "smtp-in", &tv, filter->config->report); + } else { log_trace(TRACE_FILTERS, "%016"PRIx64" filters protocol phase=%s, " "resume=%s, action=reject, filter=%s, query=%s, response=%s", fs->id, phase_name, resume ? "y" : "n", diff --git a/usr.sbin/smtpd/lka_proc.c b/usr.sbin/smtpd/lka_proc.c index e840653018f..1cee13aaca7 100644 --- a/usr.sbin/smtpd/lka_proc.c +++ b/usr.sbin/smtpd/lka_proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_proc.c,v 1.10 2019/08/29 09:24:30 gilles Exp $ */ +/* $OpenBSD: lka_proc.c,v 1.11 2019/09/06 08:23:56 martijn Exp $ */ /* * Copyright (c) 2018 Gilles Chehade <gilles@poolp.org> @@ -164,6 +164,8 @@ processor_io(struct io *io, int evt, void *arg) else if (strncmp(line, "filter-result|", 14) == 0 || strncmp(line, "filter-dataline|", 16) == 0) lka_filter_process_response(name, line); + else if (strncmp(line, "report|", 7) == 0) + lka_report_proc(name, line); else fatalx("Invalid filter message type: %s", line); } diff --git a/usr.sbin/smtpd/lka_report.c b/usr.sbin/smtpd/lka_report.c index 3a9638258e2..847c1ae937e 100644 --- a/usr.sbin/smtpd/lka_report.c +++ b/usr.sbin/smtpd/lka_report.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_report.c,v 1.29 2019/09/04 08:30:36 gilles Exp $ */ +/* $OpenBSD: lka_report.c,v 1.30 2019/09/06 08:23:56 martijn Exp $ */ /* * Copyright (c) 2018 Gilles Chehade <gilles@poolp.org> @@ -35,7 +35,7 @@ #include "smtpd.h" #include "log.h" -#define PROTOCOL_VERSION "0.3" +#define PROTOCOL_VERSION "0.4" struct reporter_proc { TAILQ_ENTRY(reporter_proc) entries; @@ -68,6 +68,7 @@ static struct smtp_events { { "protocol-client" }, { "protocol-server" }, + { "filter-report" }, { "filter-response" }, { "timeout" }, @@ -456,3 +457,54 @@ lka_report_smtp_timeout(const char *direction, struct timeval *tv, uint64_t reqi "%016"PRIx64"\n", reqid); } + +void +lka_report_filter_report(uint64_t reqid, const char *name, int builtin, + const char *direction, struct timeval *tv, const char *message) +{ + report_smtp_broadcast(reqid, direction, tv, "filter-report", + "%016"PRIx64"|%s|%s|%s\n", reqid, builtin ? "builtin" : "proc", + name, message); +} + +void +lka_report_proc(const char *name, const char *line) +{ + char buffer[LINE_MAX]; + struct timeval tv; + char *ep, *sp, *direction; + uint64_t reqid; + + if (strlcpy(buffer, line + 7, sizeof(buffer)) >= sizeof(buffer)) + fatalx("Invalid report: line too long: %s", line); + + errno = 0; + tv.tv_sec = strtoll(buffer, &ep, 10); + if (ep[0] != '.' || errno != 0) + fatalx("Invalid report: invalid time: %s", line); + sp = ep + 1; + tv.tv_usec = strtol(sp, &ep, 10); + if (ep[0] != '|' || errno != 0) + fatalx("Invalid report: invalid time: %s", line); + if (ep - sp != 6) + fatalx("Invalid report: invalid time: %s", line); + + direction = ep + 1; + if (strncmp(direction, "smtp-in|", 8) == 0) { + direction[7] = '\0'; + direction += 7; +#if 0 + } else if (strncmp(direction, "smtp-out|", 9) == 0) { + direction[8] = '\0'; + direction += 8; +#endif + } else + fatalx("Invalid report: invalid direction: %s", line); + + reqid = strtoull(sp, &ep, 16); + if (ep[0] != '|' || errno != 0) + fatalx("Invalid report: invalid reqid: %s", line); + sp = ep + 1; + + lka_report_filter_report(reqid, name, 0, direction, &tv, sp); +} diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y index ebb8b364f35..e52077aa6cd 100644 --- a/usr.sbin/smtpd/parse.y +++ b/usr.sbin/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.260 2019/09/04 07:28:27 gilles Exp $ */ +/* $OpenBSD: parse.y,v 1.261 2019/09/06 08:23:56 martijn Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1288,15 +1288,7 @@ MATCH { ; filter_action_builtin: -REJECT STRING { - filter_config->reject = $2; -} -| DISCONNECT STRING { - filter_config->disconnect = $2; -} -| REWRITE STRING { - filter_config->rewrite = $2; -} +filter_action_builtin_nojunk | JUNK { filter_config->junk = 1; } @@ -1312,6 +1304,9 @@ REJECT STRING { | REWRITE STRING { filter_config->rewrite = $2; } +| REPORT STRING { + filter_config->report = $2; +} ; filter_phase_check_fcrdns: @@ -2371,6 +2366,7 @@ lookup(char *s) { "regex", REGEX }, { "reject", REJECT }, { "relay", RELAY }, + { "report", REPORT }, { "rewrite", REWRITE }, { "rset", RSET }, { "scheduler", SCHEDULER }, diff --git a/usr.sbin/smtpd/smtpd.conf.5 b/usr.sbin/smtpd/smtpd.conf.5 index 55f626102f7..4de04c95018 100644 --- a/usr.sbin/smtpd/smtpd.conf.5 +++ b/usr.sbin/smtpd/smtpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd.conf.5,v 1.223 2019/09/04 07:28:27 gilles Exp $ +.\" $OpenBSD: smtpd.conf.5,v 1.224 2019/09/06 08:23:56 martijn Exp $ .\" .\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org> .\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" -.Dd $Mdocdate: September 4 2019 $ +.Dd $Mdocdate: September 6 2019 $ .Dt SMTPD.CONF 5 .Os .Sh NAME @@ -367,6 +367,17 @@ to reject session with Phase and matching conditions are documented in a specific section, see .Sx BUILTIN FILTERING . +.It Ic filter Ar filter-name Ic phase Ar phase-name Ic match Ar conditions Ic report Ar message +Register builtin filter +.Ar filter-name +matching +.Ar conditions +to report on session with +.Ar message +and proceed with the transaction. +Phase and matching conditions are documented in a specific section, +see +.Sx BUILTIN FILTERING . .It Ic filter Ar filter-name Ic phase Ar phase-name Ic match Ar conditions Ic rewrite Ar value Register builtin filter .Ar filter-name diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h index 3eeda504c92..b90a9bd1c75 100644 --- a/usr.sbin/smtpd/smtpd.h +++ b/usr.sbin/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.634 2019/09/04 07:28:27 gilles Exp $ */ +/* $OpenBSD: smtpd.h,v 1.635 2019/09/06 08:23:56 martijn Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1046,6 +1046,7 @@ struct filter_config { char *reject; char *disconnect; char *rewrite; + char *report; uint8_t junk; char *proc; @@ -1353,6 +1354,9 @@ void lka_report_smtp_protocol_server(const char *, struct timeval *, uint64_t, c void lka_report_smtp_filter_response(const char *, struct timeval *, uint64_t, int, int, const char *); void lka_report_smtp_timeout(const char *, struct timeval *, uint64_t); +void lka_report_filter_report(uint64_t, const char *, int, const char *, + struct timeval *, const char *); +void lka_report_proc(const char *, const char *); /* lka_filter.c */ |