dst_blacklists: provide more script functions

* add `add_blacklist_rule` function that adds a rule to a list
* add `del_blacklist_rule` function that removes a rule from a list
* add `check_blacklist` function that checks whether a pair matches a
  rule from a list, or from all the active lists

Author: razvancrainea

blacklists.c

@@ -1174,3 +1174,105 @@ static mi_response_t *mi_del_blacklist_rule(const mi_params_t *params,
 
 	return init_mi_result_ok();
 }
+
+int w_check_blacklist(struct sip_msg *msg, struct bl_head *head,
+		struct ip_addr *ip, int *_port, unsigned short _proto, str *_pattern)
+{
+	int ret, idx;
+	unsigned short port = (_port?*_port:0);
+
+	if (head) {
+		/* we need to check against a specific list */
+		idx = head - blst_heads;
+		ret = check_against_rule_list(ip, _pattern, port, _proto, idx);
+	} else {
+		/* if we do not have a head, we check against all enabled */
+		ret = check_against_blacklist(ip, _pattern, port, _proto);
+	}
+	return ret ?1:-1;
+}
+
+int fixup_blacklist_proto(void** param)
+{
+	int proto = PROTO_NONE;
+	str *s = (str*)*param;
+	if (s && parse_proto((unsigned char *)s->s, s->len, &proto) < 0)
+		return E_BAD_PROTO;
+
+	*param = (void *)(unsigned long)proto;
+	return 0;
+}
+
+int fixup_blacklist_net(void** param)
+{
+	str *s = (str*)*param;
+	str tmp = *s;
+	struct bl_net_flags *nf = pkg_malloc(sizeof *nf);
+	if (!nf)
+		return E_OUT_OF_MEM;
+	trim(&tmp);
+	if (tmp.s[0] == '!') {
+		nf->flags = BLR_APPLY_CONTRARY;
+		tmp.s++;
+		tmp.len--;
+		trim(&tmp);
+	}
+
+	if (parse_ip_net(tmp.s, tmp.len, &nf->ipnet) < 0) {
+		pkg_free(nf);
+		return E_BAD_ADDRESS;
+	}
+	*param = nf;
+	return 0;
+}
+
+int fixup_blacklist_net_free(void** param)
+{
+	pkg_free(*param);
+	return 0;
+}
+
+int w_add_blacklist_rule(struct sip_msg *msg, struct bl_head *head,
+		struct bl_net_flags *nf, int *_port, unsigned short _proto,
+		str *_pattern, int *_exp)
+{
+	struct bl_rule *list = NULL;
+	unsigned short port = (_port?*_port:0);
+
+	if (head->flags & BL_READONLY_LIST) {
+		LM_ERR("cannot modify read-only blacklist!\n");
+		return -1;
+	}
+
+	if (_exp && *_exp && !(head->flags & BL_DO_EXPIRE)) {
+		LM_ERR("blacklist does not support expiring rules!\n");
+		return -1;
+	}
+
+	if (add_rule_to_list(&list, &list, &nf->ipnet, _pattern,
+			port, _proto, nf->flags) != 0) {
+		LM_ERR("cannot build blacklist rule!\n");
+		return -1;
+	}
+	if (add_list_to_head(head, list, list, 0, (_exp?*_exp:0)) < 0) {
+		LM_ERR("cannot add blacklist rule!\n");
+		return -1;
+	}
+	return 1;
+}
+
+int w_del_blacklist_rule(struct sip_msg *msg, struct bl_head *head,
+		struct bl_net_flags *nf, int *_port, unsigned short _proto,
+		str *_pattern)
+{
+	unsigned short port = (_port?*_port:0);
+
+	if (head->flags & BL_READONLY_LIST) {
+		LM_ERR("cannot modify read-only blacklist!\n");
+		return -1;
+	}
+	if (del_rule_from_list(head, &nf->ipnet,
+			_pattern, port, _proto, nf->flags) != 0)
+		return -1;
+	return 1;
+}

blacklists.h

@@ -99,5 +99,24 @@ static inline int check_blacklists( unsigned short proto,
 	return check_against_blacklist(&ip, &body, port, proto);
 }
 
+
+struct bl_net_flags {
+	struct net ipnet;
+	unsigned int flags;
+};
+
+int fixup_blacklist_proto(void** param);
+int fixup_blacklist_net(void** param);
+int fixup_blacklist_net_free(void** param);
+
+int w_check_blacklist(struct sip_msg *msg, struct bl_head *head,
+		struct ip_addr *ip, int *port, unsigned short _proto, str *_pattern);
+int w_add_blacklist_rule(struct sip_msg *msg, struct bl_head *head,
+		struct bl_net_flags *_nf, int *_port, unsigned short _proto,
+		str *_pattern, int *_exp);
+int w_del_blacklist_rule(struct sip_msg *msg, struct bl_head *head,
+		struct bl_net_flags *_nf, int *_port, unsigned short _proto,
+		str *_pattern);
+
 #endif /* _BLACKLST_H */
 

core_cmds.c

@@ -49,13 +49,18 @@ static int fixup_mflag(void** param);
 static int fixup_bflag(void** param);
 static int fixup_qvalue(void** param);
 static int fixup_f_send_sock(void** param);
+static int fixup_blacklist_name(void** param);
 static int fixup_blacklist(void** param);
+static int fixup_blacklist_ip(void** param);
+static int fixup_blacklist_free(void** param);
 static int fixup_check_wrvar(void** param);
 static int fixup_avp_list(void** param);
 static int fixup_check_avp(void** param);
 static int fixup_event_name(void** param);
 static int fixup_format_string(void** param);
 static int fixup_nt_string(void** param);
+static int fixup_nt_str(void** param);
+static int fixup_nt_str_free(void** param);
 
 static int w_forward(struct sip_msg *msg, struct proxy_l *dest);
 static int w_send(struct sip_msg *msg, struct proxy_l *dest, str *headers);
@@ -229,6 +234,37 @@ static cmd_export_t core_cmds[]={
 	{"unuse_blacklist", (cmd_function)w_unuse_blacklist, {
 		{CMD_PARAM_STR, fixup_blacklist, 0}, {0,0,0}},
 		ALL_ROUTES},
+	{"check_blacklist", (cmd_function)w_check_blacklist, {
+		{CMD_PARAM_STR, fixup_blacklist, 0},
+		{CMD_PARAM_STR, fixup_blacklist_ip, fixup_blacklist_free}, /* ip */
+		{CMD_PARAM_INT|CMD_PARAM_OPT, 0, 0}, /* port */
+		{CMD_PARAM_STR|CMD_PARAM_OPT|CMD_PARAM_FIX_NULL,
+			fixup_blacklist_proto, 0}, /* proto */
+		{CMD_PARAM_STR|CMD_PARAM_OPT|CMD_PARAM_FIX_NULL,
+			fixup_nt_str, fixup_nt_str_free}, /* pattern */
+		{0,0,0}},
+		ALL_ROUTES},
+	{"add_blacklist_rule", (cmd_function)w_add_blacklist_rule, {
+		{CMD_PARAM_STR, fixup_blacklist_name, 0},
+		{CMD_PARAM_STR, fixup_blacklist_net, fixup_blacklist_net_free}, /* ip */
+		{CMD_PARAM_INT|CMD_PARAM_OPT, 0, 0}, /* port */
+		{CMD_PARAM_STR|CMD_PARAM_OPT|CMD_PARAM_FIX_NULL,
+			fixup_blacklist_proto, 0}, /* proto */
+		{CMD_PARAM_STR|CMD_PARAM_OPT|CMD_PARAM_FIX_NULL,
+			fixup_nt_str, fixup_nt_str_free}, /* pattern */
+		{CMD_PARAM_INT|CMD_PARAM_OPT, 0, 0}, /* expire */
+		{0,0,0}},
+		ALL_ROUTES},
+	{"del_blacklist_rule", (cmd_function)w_del_blacklist_rule, {
+		{CMD_PARAM_STR, fixup_blacklist_name, 0},
+		{CMD_PARAM_STR, fixup_blacklist_net, fixup_blacklist_net_free}, /* ip */
+		{CMD_PARAM_INT|CMD_PARAM_OPT, 0, 0}, /* port */
+		{CMD_PARAM_STR|CMD_PARAM_OPT|CMD_PARAM_FIX_NULL,
+			fixup_blacklist_proto, 0}, /* proto */
+		{CMD_PARAM_STR|CMD_PARAM_OPT|CMD_PARAM_FIX_NULL,
+			fixup_nt_str, fixup_nt_str_free}, /* pattern */
+		{0,0,0}},
+		ALL_ROUTES},
 	{"cache_store", (cmd_function)w_cache_store, {
 		{CMD_PARAM_STR, 0, 0},
 		{CMD_PARAM_STR, 0, 0},
@@ -449,21 +485,47 @@ static int fixup_f_send_sock(void** param)
 	return E_BAD_ADDRESS;
 }
 
+static int fixup_blacklist_name(void** param)
+{
+	str *s = (str*)*param;
+	*param = get_bl_head_by_name(s);
+	if (!*param) {
+		LM_ERR("blacklist %.*s not configured\n", s->len, s->s);
+		return E_CFG;
+	}
+	return 0;
+}
+
 static int fixup_blacklist(void** param)
 {
 	str *s = (str*)*param;
 
-	if (!str_strcasecmp(s, _str("all")))
+	if (!str_strcasecmp(s, _str("all"))) {
 		*param = NULL;
-	else {
-		*param = get_bl_head_by_name(s);
-		if (!*param) {
-			LM_ERR("[UN]USE_BLACKLIST - list "
-				"%.*s not configured\n", s->len, s->s);
-			return E_CFG;
-		}
+		return 0;
+	} else {
+		return fixup_blacklist_name(param);
 	}
+}
 
+static int fixup_blacklist_free(void** param)
+{
+	pkg_free(*param);
+	return 0;
+}
+
+static int fixup_blacklist_ip(void** param)
+{
+	str *s = (str*)*param;
+	struct ip_addr *ip_pkg;
+	struct ip_addr *ip = str2ip(s);
+	if (!ip)
+		return E_BAD_ADDRESS;
+	ip_pkg = pkg_malloc(sizeof *ip_pkg);
+	if (!ip_pkg)
+		return E_OUT_OF_MEM;
+	memcpy(ip_pkg, ip, sizeof *ip_pkg);
+	*param = ip_pkg;
 	return 0;
 }
 
@@ -544,6 +606,32 @@ static int fixup_nt_string(void** param)
 	return 0;
 }
 
+static int fixup_nt_str(void** param)
+{
+	str *s = (str*)*param;
+	str *s_nt;
+
+	s_nt = pkg_malloc(sizeof *s_nt + (s?s->len:0) + 1);
+	if (!s_nt)
+		return E_OUT_OF_MEM;
+	s_nt->s = (char *)(s_nt + 1);
+	if (s) {
+		s_nt->len = s->len;
+		memcpy(s_nt->s, s->s, s->len);
+	} else {
+		s_nt->len = 0;
+	}
+	s_nt->s[s_nt->len] = '\0';
+
+	*param = s_nt;
+	return 0;
+}
+
+static int fixup_nt_str_free(void** param)
+{
+	pkg_free(((str *)*param)->s);
+	return 0;
+}
 
 static int w_forward(struct sip_msg *msg, struct proxy_l *dest)
 {