* tune filters

* src/filters/preg.c : append() refactoring
7 changed files with 53 additions and 40 deletions
--- a/filters/exim.pcre
+++ b/filters/exim.pcre
@ -1,11 +1,10 @@
+# set: defscore=10
 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from .*\[<HOST>\]
 SMTP protocol synchronization error \(next input sent too soon: pipelining was not advertised\): rejected .*\[<HOST>\]
-rejected EHLO from \[<HOST>\]: syntactically invalid argument
-rejected HELO from \[<HOST>\]: syntactically invalid argument
-Connection from \[<HOST>\] refused: too many connections from that IP address
-\[<HOST>\] .* host is listed in zen.spamhaus.org
-\[<HOST>\] .* host is listed in bl.spamcop.net
+rejected [HE][EH]HLO from \[<HOST>\]: syntactically invalid argument
+\[<HOST>\] .* host is listed in .+
 \[<HOST>\] .* relay not permitted
-\[<HOST>\] .* too many connections from that IP address
 \[<HOST>\] .* rejected after DATA: This message was detected as possible malware
+# set: defscore=5
+\[<HOST>\] .* too many connections from that IP address
 \[<HOST>\] .* temporarily rejected RCPT \<\S+\>: lowest numbered MX record points to local host
--- a/filters/ssh.preg
+++ b/filters/ssh.preg
@ -1,15 +1,17 @@
+# set: defscore=15
+User [[:print:]]+ from <HOST> not allowed because listed in DenyUsers
+User [[:print:]]+ from <HOST> not allowed because a group is listed in DenyGroups
+# set: defscore=10
+User [[:print:]]+ from <HOST> not allowed because not listed in AllowUsers
+User [[:print:]]+ from <HOST> not allowed because not in any group
+User [[:print:]]+ from <HOST> not allowed because none of user's groups are listed in AllowGroups
 [Aa]uthentication failure for .* from <HOST>( via [[:print:]]*)?
 [Aa]uthentication error for .* from <HOST>( via [[:print:]]*)?
-User not known to the underlying authentication module for .* from <HOST>
 Failed password for .* from <HOST>
+# set: defscore=5
+User not known to the underlying authentication module for .* from <HOST>
+Invalid user [[:print:]]+ from <HOST>
+# set: defscore=3
 refused connect from [[:print:]]+ \(<HOST>\)
-Received disconnect from <HOST>: [0-9]*: [[:print:]]+: Auth fail
 Did not receive identification string from <HOST>
-Invalid user [[:print:]]+ from <HOST>
 Connection closed by <HOST>( port [0-9]+)? \[preauth\]
-Postponed keyboard-interactive for invalid user [[:print:]]+ from <HOST> port [0-9]+
-User [[:print:]]+ from <HOST> not allowed because not listed in AllowUsers
-User [[:print:]]+ from <HOST> not allowed because listed in DenyUsers
-User [[:print:]]+ from <HOST> not allowed because not in any group
-User [[:print:]]+ from <HOST> not allowed because a group is listed in DenyGroups
-User [[:print:]]+ from <HOST> not allowed because none of user's groups are listed in AllowGroups
--- a/src/backend.c
+++ b/src/backend.c
@ -138,6 +138,7 @@ f2b_backend_destroy(f2b_backend_t *backend) {
    if (backend->cfg)
      backend->destroy(backend->cfg);
    dlclose(backend->h);
+    backend->h = NULL;
  }
  free(backend);
 }
--- a/src/filter-test.c
+++ b/src/filter-test.c
@ -69,12 +69,10 @@ int main(int argc, char *argv[]) {

  while (fgets(line, sizeof(line), file) != NULL) {
    read++;
+    fputs(line, stdout);
    if ((ftag = f2b_filter_match(filter, line, match, sizeof(match), &score)) > 0) {
      matched++;
-      fprintf(stdout, "+ %s (score: %d, tag: %08X)\n", match, score, ftag);
-      continue;
-    } else {
-      fprintf(stdout, "- (no-match): %s", line);
+      fprintf(stdout, "# match -- addr: %s, score: %d, tag: %08X\n", match, score, ftag);
    }
  }
  fclose(file);
--- a/src/filters/pcre.c
+++ b/src/filters/pcre.c
@ -13,23 +13,24 @@

 struct _regexp {
  rx_t *next;
-  pcre *regex;
-  pcre_extra *data;
-  int matches;
  uint32_t ftag;
+  int matches;
  short int score;
+  pcre *regex;
+  pcre_extra *data;
  char pattern[PATTERN_MAX];
 };

 struct _config {
-  void (*logcb)(enum loglevel lvl, const char *msg);
  rx_t *regexps;
-  int flags;
+  rx_t *rlast; /* pointer to last regex in list */
+  void (*logcb)(enum loglevel lvl, const char *msg);
  short int defscore;
+  int flags;
+  char id[ID_MAX];
  bool icase;
  bool study;
  bool usejit;
-  char id[ID_MAX];
 };

 #include "filter.c"
@ -133,9 +134,14 @@ append(cfg_t *cfg, const char *pattern) {

  regex->score = cfg->defscore;
  regex->ftag = fnv_32a_str(pattern, FNV1_32A_INIT);
-  regex->next = cfg->regexps;
-  cfg->regexps = regex;
  strlcpy(regex->pattern, pattern, sizeof(regex->pattern));
+  /* update regex list */
+  if (cfg->rlast) {
+    cfg->rlast->next = regex;
+  } else {
+    cfg->regexps = regex;
+  }
+  cfg->rlast = regex;
  cfg->flags |= MOD_IS_READY;
  return true;
 }
@ -193,6 +199,7 @@ flush(cfg_t *cfg) {
    free(r);
  }
  cfg->regexps = NULL;
+  cfg->rlast   = NULL;
  cfg->defscore = MATCH_DEFSCORE;
 }

--- a/src/filters/preg.c
+++ b/src/filters/preg.c
@ -24,6 +24,7 @@ struct _regexp {

 struct _config {
  rx_t *regexps;
+  rx_t *rlast; /* pointer to last regex in list */
  void (*logcb)(enum loglevel lvl, const char *msg);
  short int defscore;
  int flags;
@ -94,22 +95,26 @@ append(cfg_t *cfg, const char *pattern) {
  if ((regex = calloc(1, sizeof(rx_t))) == NULL)
    return false;

-  if ((ret = regcomp(&regex->regex, buf, flags)) == 0) {
-    regex->score = cfg->defscore;
-    regex->ftag = fnv_32a_str(pattern, FNV1_32A_INIT);
-    regex->next = cfg->regexps;
-    cfg->regexps = regex;
-    strlcpy(regex->pattern, pattern, sizeof(regex->pattern));
-    cfg->flags |= MOD_IS_READY;
-    return true;
-  } else {
+  if ((ret = regcomp(&regex->regex, buf, flags)) != 0) {
    char buf[256] = "";
    regerror(ret, &regex->regex, buf, sizeof(buf));
    log_msg(cfg, error, "regex compile error: %s", buf);
+    free(regex);
+    return false;
  }

-  free(regex);
-  return false;
+  regex->score = cfg->defscore;
+  regex->ftag = fnv_32a_str(pattern, FNV1_32A_INIT);
+  strlcpy(regex->pattern, pattern, sizeof(regex->pattern));
+  /* update regex list */
+  if (cfg->rlast) {
+    cfg->rlast->next = regex;
+  } else {
+    cfg->regexps = regex;
+  }
+  cfg->rlast = regex;
+  cfg->flags |= MOD_IS_READY;
+  return true;
 }

 uint32_t
@ -131,7 +136,7 @@ match(cfg_t *cfg, const char *line, char *buf, size_t buf_size, short int *score
    memcpy(buf, &line[match[1].rm_so], match_len);
    buf[match_len] = '\0';
    buf[buf_size - 1]  = '\0';
-    *score = cfg->defscore;
+    *score = r->score;
    return r->ftag;
  }

@ -150,6 +155,7 @@ flush(cfg_t *cfg) {
    free(r);
  }
  cfg->regexps = NULL;
+  cfg->rlast   = NULL;
  cfg->defscore = MATCH_DEFSCORE;
 }

--- a/src/statefile.c
+++ b/src/statefile.c
@ -56,7 +56,7 @@ f2b_statefile_load(f2b_statefile_t *sf) {
  const int fields = 3;
  const char *format = "%48s %u %u"; /* 48 == IPADDR_MAX == sizeof(addr) */
  f2b_ipaddr_t *addrlist = NULL, *ipaddr = NULL;
-  char buf[256], addr[IPADDR_MAX], *p;
+  char buf[256], addr[IPADDR_MAX + 1], *p;
  unsigned int banned_at, release_at;
  FILE *f = NULL;
Author	SHA1	Message	Date
Alex 'AdUser' Z	6a7291faea	* tune filters	3 years ago
Alex 'AdUser' Z	aac82d53f7	* tune filters	3 years ago
Alex 'AdUser' Z	e8e50b4b4b	* src/filters/preg.c : append() refactoring	3 years ago
Alex 'AdUser' Z	6e40a8faed	* reorder fields in filters' rx_t struct	3 years ago
Alex 'AdUser' Z	e8179ea8ad	* save order for patterns in filters on load	3 years ago
Alex 'AdUser' Z	02f742e436	* f2b-filter-stats : tune output	3 years ago
Alex 'AdUser' Z	4baaae4b36	* misc fixes	3 years ago
Alex 'AdUser' Z	4388ba50d2	* tune filters	3 years ago
Alex 'AdUser' Z	2214e95394	* fix score calc in 'preg' filter	3 years ago