github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix retrieving of IPv6 address with dnsToIp on some systems (default returns AF_INET family only), fix network test-cases.

pull/1698/head
sebres 2017-02-20 11:45:03 +01:00
parent 61c8cd11b8
commit fe06ffca71
2 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
fail2ban/server/ipdns.py
View File

@ -64,16 +64,19 @@ class DNSUtils:
if ips is not None: if ips is not None:
return ips return ips
# retrieve ips # retrieve ips
try: ips = list()
ips = list() saveerr = None
for result in socket.getaddrinfo(dns, None, 0, 0, socket.IPPROTO_TCP): for fam, ipfam in ((socket.AF_INET, IPAddr.FAM_IPv4), (socket.AF_INET6, IPAddr.FAM_IPv6)):
ip = IPAddr(result[4][0]) try:
if ip.isValid: for result in socket.getaddrinfo(dns, None, fam, 0, socket.IPPROTO_TCP):
ips.append(ip) ip = IPAddr(result[4][0], ipfam)
except socket.error as e: if ip.isValid:
# todo: make configurable the expired time of cache entry: ips.append(ip)
logSys.warning("Unable to find a corresponding IP address for %s: %s", dns, e) except socket.error as e:
ips = list() saveerr = e
if not ips and saveerr:
logSys.warning("Unable to find a corresponding IP address for %s: %s", dns, saveerr)
DNSUtils.CACHE_nameToIp.set(dns, ips) DNSUtils.CACHE_nameToIp.set(dns, ips)
return ips return ips
@ -140,6 +143,8 @@ class IPAddr(object):
CIDR_RAW = -2 CIDR_RAW = -2
CIDR_UNSPEC = -1 CIDR_UNSPEC = -1
FAM_IPv4 = CIDR_RAW - socket.AF_INET
FAM_IPv6 = CIDR_RAW - socket.AF_INET6
def __new__(cls, ipstr, cidr=CIDR_UNSPEC): def __new__(cls, ipstr, cidr=CIDR_UNSPEC):
# check already cached as IPAddr # check already cached as IPAddr
@ -191,7 +196,11 @@ class IPAddr(object):
self._raw = ipstr self._raw = ipstr
# if not raw - recognize family, set addr, etc.: # if not raw - recognize family, set addr, etc.:
if cidr != IPAddr.CIDR_RAW: if cidr != IPAddr.CIDR_RAW:
for family in [socket.AF_INET, socket.AF_INET6]: if cidr is not None and cidr < IPAddr.CIDR_RAW:
family = [IPAddr.CIDR_RAW - cidr]
else:
family = [socket.AF_INET, socket.AF_INET6]
for family in family:
try: try:
binary = socket.inet_pton(family, ipstr) binary = socket.inet_pton(family, ipstr)
self._family = family self._family = family

5
fail2ban/tests/filtertestcase.py
View File

@ -337,6 +337,11 @@ class IgnoreIP(LogCaptureTestCase):
for ip in ipList: for ip in ipList:
self.filter.addIgnoreIP(ip) self.filter.addIgnoreIP(ip)
self.assertFalse(self.filter.inIgnoreIPList(ip)) self.assertFalse(self.filter.inIgnoreIPList(ip))
if not unittest.F2B.no_network: # pragma: no cover
self.assertLogged(
'Unable to find a corresponding IP address for 999.999.999.999',
'Unable to find a corresponding IP address for abcdef.abcdef',
'Unable to find a corresponding IP address for 192.168.0.', all=True)
def testIgnoreIPCIDR(self): def testIgnoreIPCIDR(self):
self.filter.addIgnoreIP('192.168.1.0/25') self.filter.addIgnoreIP('192.168.1.0/25')