Fijxu/lua-cs-bouncer-mcaptcha
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix ipv4 range support

Browse source
This commit is contained in:
he2ss 2022-01-21 21:31:23 +01:00
parent 58f44eced5
commit 4e09cc2ad6
2 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
nginx/crowdsec.lua
View file

@ -89,18 +89,18 @@ function item_to_string(item, scope)
ip, cidr = iputils.splitRange(item, scope)
end
local ip_network_address, isIPv4 = iputils.parseIPAddress(ip)
if isIPV4 then
local ip_network_address, is_ipv4 = iputils.parseIPAddress(ip)
if is_ipv4 then
ip_version = "ipv4"
if cidr == nil then
cidr = 32
end
else
ip_version = "ipv6"
ip_network_address = ip_network_address.uint32[3]..":"..ip_network_address.uint32[2]..":"..ip_network_address.uint32[1]..":"..ip_network_address.uint32[0]
if cidr == nil then
cidr = 128
end
ip_network_address = ip_network_address.uint32[3]..":"..ip_network_address.uint32[2]..":"..ip_network_address.uint32[1]..":"..ip_network_address.uint32[0]
end
if ip_version == nil then
@ -257,7 +257,13 @@ function csmod.allowIp(ip)
local ip_network_address = key_parts[3]
local netmasks = iputils.netmasks_by_key_type[key_type]
for i, netmask in pairs(netmasks) do
local item = key_type.."_"..table.concat(netmask, ":").."_"..iputils.ipv6_band(ip_network_address, netmask)
local item
if key_type == "ipv4" then
item = key_type.."_"..netmask.."_"..iputils.ipv4_band(ip_network_address, netmask)
end
if key_type == "ipv6" then
item = key_type.."_"..table.concat(netmask, ":").."_"..iputils.ipv6_band(ip_network_address, netmask)
end
in_cache, remediation_id = runtime.cache:get(item)
if in_cache ~= nil then -- we have it in cache
ngx.log(ngx.DEBUG, "'" .. key .. "' is in cache")

6
nginx/iputils.lua
View file

@ -98,6 +98,10 @@ function _M.ipv6_band(ip, netmask)
return table.concat(res_table, ":")
end
function _M.ipv4_band(ip, netmask)
return bit.band(ip, netmask)
end
function _M.splitRange(range)
if range and type(range) == "string" then
local ip_address, cidr = range:match("^([^/]+)/(%d+)")
@ -111,7 +115,7 @@ function _M.cidrToInt(cidr, ip_version)
return nil
end
if ip_version == "ipv4" then
return tostring(ipv4_netmasks[32-(cidr+1)])
return tostring(ipv4_netmasks[32-cidr+1])
end
if ip_version == "ipv6" then
return table.concat(ipv6_netmasks[128-cidr+1], ":")