From bf244d01e4bfd0aac0fc4a2260aeac631b75322d Mon Sep 17 00:00:00 2001 From: mischa Date: Mon, 8 May 2023 07:49:51 +0000 Subject: [PATCH] add protect function, and check if IP is in the protected pf table --- ptrd.pl | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ptrd.pl b/ptrd.pl index b6e64ac..516d006 100755 --- a/ptrd.pl +++ b/ptrd.pl @@ -126,10 +126,11 @@ sub http_child { my ($first, $token, $hostname) = split(/\//, $r->uri->as_string); my $tld = (defined($hostname) ? substr($hostname, rindex($hostname, '.')+1) : ''); $hostname = (!defined($hostname) ? $token : lc($hostname)); + my $protected = system("pfctl -qt protected -T test $client_ip 2> /dev/null"); if ($ip->overlaps($ipv4_range) or $ip->overlaps($ipv6_range)) { - if ($token eq 'token') { + if ($token eq 'token' and $protected) { my $token = sha1_hex(int(rand(32))); open my $fh_token, '>', "${workdir}/tokens/${token}"; print $fh_token "$client_ip\n"; @@ -138,7 +139,14 @@ sub http_child { _log("$client_ip $token"); _http_response($c, {content_type => 'text/plain'}, "$token"); - } elsif (-e "${workdir}/tokens/$token" and grep(/^${tld}$/i, @tlds) and ($hostname =~ /(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?&1); + chomp $protect; + + _log("$client_ip $token $protect"); + _http_response($c, {content_type => 'text/plain'}, "Received [$client_ip -> protect] $protect"); + + } elsif (-e "${workdir}/tokens/$token" and grep(/^${tld}$/i, @tlds) and ($hostname =~ /(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?', "${workdir}/records/${client_ip}"; if ($ip->overlaps($ipv4_range)) { @@ -170,7 +178,7 @@ sub http_child { _http_error($c, RC_REQUEST_TIMEOUT); } else { - _log("$client_ip RC_BAD_REQUEST $hostname"); + _log("$client_ip RC_BAD_REQUEST $hostname ($protected)"); _http_error($c, RC_BAD_REQUEST); }