Browse code

core: MATCH op fix for ip comparisons with RVEs

Commit e085834 broke regular expression support in ip comparisons
with rval expressions (e.g. $re="127\..*"; if (src_ip=~$re) ...).

Andrei Pelinescu-Onciul authored on 18/06/2010 21:04:24
Showing 1 changed files
... ...
@@ -1272,6 +1272,8 @@ inline static int comp_str(int op, str* left, int rtype,
1272 1272
 				case SELECT_ST:
1273 1273
 				case RVE_ST:
1274 1274
 				case PVAR_ST:
1275
+				case STRING_ST:
1276
+				case STR_ST:
1275 1277
 					/* we need to compile the RE on the fly */
1276 1278
 					re=(regex_t*)pkg_malloc(sizeof(regex_t));
1277 1279
 					if (re==0){
... ...
@@ -1293,7 +1295,6 @@ inline static int comp_str(int op, str* left, int rtype,
1293 1293
 				case RE_ST:
1294 1294
 					ret=(regexec(r->re, left->s, 0, 0, 0)==0);
1295 1295
 					break;
1296
-				case STRING_ST:
1297 1296
 				default:
1298 1297
 					LOG(L_CRIT, "BUG: comp_str: Bad operator type %d, "
1299 1298
 								"for ~= \n", rtype);
... ...
@@ -1630,17 +1631,46 @@ inline static int comp_ip(int op, struct ip_addr* ip, int rtype,
1630 1630
 	r_expop.str=*right;
1631 1631
 	switch(op){
1632 1632
 		case EQUAL_OP:
1633
-		case MATCH_OP:
1634 1633
 			/* 0: try if ip or network (ip/mask) */
1635 1634
 			if (mk_net_str(&net, right) == 0) {
1636 1635
 				ret=(matchnet(ip, &net)==1);
1637 1636
 				break;
1638 1637
 			}
1639
-			/* 1: compare with ip2str*/
1640
-			/*
1641
-			 ret=comp_string(op, ip_addr2a(ip), STR_ST, &r_expop, msg, ctx);
1642
-			 if (likely(ret==1)) break;
1643
-			*/
1638
+			/* 2: resolve (name) & compare w/ all the ips */
1639
+			he=resolvehost(right->s);
1640
+			if (he==0){
1641
+				DBG("comp_ip: could not resolve %s\n", r->str.s);
1642
+			}else if (he->h_addrtype==ip->af){
1643
+				for(h=he->h_addr_list;(ret!=1)&& (*h); h++){
1644
+					ret=(memcmp(ip->u.addr, *h, ip->len)==0);
1645
+				}
1646
+				if (ret==1) break;
1647
+			}
1648
+			/* 3: (slow) rev dns the address
1649
+			 * and compare with all the aliases
1650
+			 * !!??!! review: remove this? */
1651
+			if (unlikely((received_dns & DO_REV_DNS) &&
1652
+							((he=rev_resolvehost(ip))!=0) )){
1653
+				/*  compare with primary host name */
1654
+				ret=comp_string(op, he->h_name, STR_ST, &r_expop, msg, ctx);
1655
+				/* compare with all the aliases */
1656
+				for(h=he->h_aliases; (ret!=1) && (*h); h++){
1657
+					ret=comp_string(op, *h, STR_ST, &r_expop, msg, ctx);
1658
+				}
1659
+			}else{
1660
+				ret=0;
1661
+			}
1662
+			break;
1663
+		case MATCH_OP:
1664
+			/* 0: try if ip or network (ip/mask)
1665
+			  (one should not use MATCH for that, but try to be nice)*/
1666
+			if (mk_net_str(&net, right) == 0) {
1667
+				ret=(matchnet(ip, &net)==1);
1668
+				break;
1669
+			}
1670
+			/* 1: compare with ip2str (but only for =~)*/
1671
+			ret=comp_string(op, ip_addr2a(ip), STR_ST, &r_expop, msg, ctx);
1672
+			if (likely(ret==1)) break;
1644 1673
 			/* 2: resolve (name) & compare w/ all the ips */
1645 1674
 			he=resolvehost(right->s);
1646 1675
 			if (he==0){