You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by he...@apache.org on 2022/05/07 13:16:03 UTC
svn commit: r1900651 - in /spamassassin/trunk: UPGRADE lib/Mail/SpamAssassin/Conf.pm lib/Mail/SpamAssassin/NetSet.pm lib/Mail/SpamAssassin/Util/DependencyInfo.pm t/cidrs.t
Author: hege
Date: Sat May 7 13:16:03 2022
New Revision: 1900651
URL: http://svn.apache.org/viewvc?rev=1900651&view=rev
Log:
Installing Net::CIDR::Lite allows to use dash separated IP range format (e.g. 192.168.1.1-192.168.255.255) for NetSet tables (internal_networks, trusted_networks, msa_networks, uri_local_cidr)
Modified:
spamassassin/trunk/UPGRADE
spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm
spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
spamassassin/trunk/t/cidrs.t
Modified: spamassassin/trunk/UPGRADE
URL: http://svn.apache.org/viewvc/spamassassin/trunk/UPGRADE?rev=1900651&r1=1900650&r2=1900651&view=diff
==============================================================================
--- spamassassin/trunk/UPGRADE (original)
+++ spamassassin/trunk/UPGRADE Sat May 7 13:16:03 2022
@@ -76,10 +76,6 @@ Note for Users Upgrading to SpamAssassin
- URILocalBL: uri_block_cc/uri_block_cont support negation (Bug 7528)
-- URILocalBL: uri_block_cidr "10.1.1.0-10.1.1.225" range format not
- supported anymore (Net::CIDR::Lite -> Mail::SpamAssassin::NetSet)
- (maybe fixable in NetSet before 4.0.0 released)
-
- URILocalBL: IPv6 lookups for hosts, if supported by used database
- DNS (or other async) lookups are now only launched when priority -100 is
@@ -200,6 +196,10 @@ Note for Users Upgrading to SpamAssassin
directly compatible with rules from the old third party plugin. See
documentation for configuration and rule format.
+- Installing module Net::CIDR::Lite allows to use dash separated IP range
+ format (e.g. 192.168.1.1-192.168.255.255) for NetSet tables
+ (internal_networks, trusted_networks, msa_networks, uri_local_cidr).
+
Note for Users Upgrading to SpamAssassin 3.4.5
----------------------------------------------
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm?rev=1900651&r1=1900650&r2=1900651&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm Sat May 7 13:16:03 2022
@@ -1353,6 +1353,9 @@ If masklen is not specified, and there i
IP address specified is used, as if the masklen were C</32> with an IPv4
address, or C</128> in case of an IPv6 address.
+If module Net::CIDR::Lite is installed, it's also possible to use dash
+separated IP range format (e.g. 192.168.1.1-192.168.255.255).
+
If a network or host address is prefaced by a C<!> the matching network or
host will be excluded from the list even if a less specific (shorter netmask
length) subnet is later specified in the list. This allows a subset of
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm?rev=1900651&r1=1900650&r2=1900651&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm Sat May 7 13:16:03 2022
@@ -77,7 +77,45 @@ sub add_cidr {
my $numadded = 0;
delete $self->{cache}; # invalidate cache (in case of late additions)
+ # Pre-parse x.x.x.x-x.x.x.x range notation into CIDR blocks
+ # requires Net::CIDR::Lite
+ my @nets2;
foreach my $cidr_orig (@nets) {
+ next if index($cidr_orig, '-') == -1; # Triage
+ my $cidr = $cidr_orig;
+ my $exclude = ($cidr =~ s/^!\s*//) ? 1 : 0;
+ local($1);
+ $cidr =~ s/\b0+(\d+)/$1/; # Strip leading zeroes
+ eval { require Net::CIDR::Lite; }; # Only try to load now when it's necessary
+ if ($@) {
+ warn "netset: IP range notation '$cidr_orig' requires Net::CIDR::Lite module, ignoring\n";
+ $cidr_orig = undef;
+ next;
+ }
+ my $cidrs = Net::CIDR::Lite->new;
+ eval { $cidrs->add_range($cidr); };
+ if ($@) {
+ my $err = $@; $err =~ s/ at .*//s;
+ warn "netset: illegal IP range '$cidr_orig': $err\n";
+ $cidr_orig = undef;
+ next;
+ }
+ my @arr = $cidrs->list;
+ if (!@arr) {
+ my $err = $@; $err =~ s/ at .*//s;
+ warn "netset: failed to parse IP range '$cidr_orig': $err\n";
+ $cidr_orig = undef;
+ next;
+ }
+ # Save exclude flag
+ if ($exclude) { $_ = "!$_" foreach (@arr); }
+ # Rewrite this @nets value directly, add any rest to @nets2
+ $cidr_orig = shift @arr;
+ push @nets2, @arr if @arr;
+ }
+
+ foreach my $cidr_orig (@nets, @nets2) {
+ next unless defined $cidr_orig;
my $cidr = $cidr_orig; # leave original unchanged, useful for logging
# recognizes syntax:
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Util/DependencyInfo.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Util/DependencyInfo.pm?rev=1900651&r1=1900650&r2=1900651&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Util/DependencyInfo.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Util/DependencyInfo.pm Sat May 7 13:16:03 2022
@@ -250,15 +250,22 @@ our @OPTIONAL_MODULES = (
{
module => 'Net::Patricia',
version => 1.16,
- desc => 'If this module is available, it will be used for IP address lookups
- in tables internal_networks, trusted_networks, and msa_networks. Recommended
- when a number of entries in these tables is large, i.e. in hundreds
- or thousands. However, in case of overlapping (or conflicting) networks
- in these tables, lookup results may differ as Net::Patricia finds a
- tightest-matching entry, while a sequential NetAddr::IP search finds
- a first-matching entry. So when overlapping network ranges are given,
- specifying more specific subnets (longest netmask) first, followed by
- wider subnets ensures predictable results.',
+ desc => 'If this module is available, it will be used for IP address
+ lookups in tables internal_networks, trusted_networks, msa_networks and
+ uri_local_cidr. Recommended when a number of entries in these tables is
+ large, i.e. in hundreds or thousands. However, in case of overlapping
+ (or conflicting) networks in these tables, lookup results may differ as
+ Net::Patricia finds a tightest-matching entry, while a sequential
+ NetAddr::IP search finds a first-matching entry. So when overlapping
+ network ranges are given, specifying more specific subnets (longest
+ netmask) first, followed by wider subnets ensures predictable results.',
+},
+{
+ module => 'Net::CIDR::Lite',
+ version => 0,
+ desc => 'If this module is available, then dash separated IP range format
+ "192.168.1.1-192.168.255.255" can be used for internal_networks,
+ trusted_networks, msa_networks and uri_local_cidr.';
},
{
module => 'Net::DNS::Nameserver',
Modified: spamassassin/trunk/t/cidrs.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/cidrs.t?rev=1900651&r1=1900650&r2=1900651&view=diff
==============================================================================
--- spamassassin/trunk/t/cidrs.t (original)
+++ spamassassin/trunk/t/cidrs.t Sat May 7 13:16:03 2022
@@ -4,8 +4,13 @@ use lib '.'; use lib 't';
use SATest; sa_t_init("cidrs");
use strict;
+use Test::More;
-use Test::More tests => 51;
+use constant HAS_NET_CIDR => eval { require Net::CIDR::Lite; };
+
+my $tests = 53;
+$tests += 4 if (HAS_NET_CIDR);
+plan tests => $tests;
use Mail::SpamAssassin;
use Mail::SpamAssassin::NetSet;
@@ -108,3 +113,13 @@ ok trynet "DEAD:BEEF:0000:0102:0304:0506
ok !trynet "DEAD:BEEF:0000:0102:0304:0506:1:1/90",
"DEAD:BEEF:0000:0102:0304:0506:0:0/96";
+# NetSet does not parse leading zeroes as octal number, it strips them
+ok tryone "010.010.10.10", "10.10.10.10";
+ok !tryone "8.8.10.10", "010.010.10.10";
+
+if (HAS_NET_CIDR) {
+ ok tryone "127.0.0.1", "127.0.0.0-127.0.0.255";
+ ok trynet "127.0.0.16/30", "127.0.0.0-127.0.000.255";
+ ok !tryone "127.0.0.1", "127.0.0.8-127.0.0.20";
+ ok tryone "010.50.60.1", "0.0.0.0-010.255.255.255";
+}