#941 mod_register: Allow whitelisting networks

Reporter Michael Bunk
Owner Zash
Stars ★ (1)  
  • Status-Fixed
  • Type-Enhancement
  • Milestone-0.11
  • Patch
  • Priority-Medium
  1. Michael Bunk on

    Description of feature: Previously only concrete IP addresses could be whitelisted, now also CIDR style networks.

  2. Michael Bunk on


  3. Michael Bunk on

    I can rework the patch to also allow blacklisting networks, but would like to see some feeback first, whether the patch is acceptable at all.

  4. Zash on

    Hi. Sorry about the delay, I went and reviewed your patches but then forgot to post the feedback here. Anyways: The feature in itself is desirable. Can you explain why undozerocompression() is needed? The function in_network_list() has a loop. I believe we have some unwritten policy against that, so that should be in mod_register instead. Also please run luacheck over the changed files, there are some style issues like inconsistent whitespace.

    • tags Patch
    • owner Zash
  5. Michael Bunk on

    Thank you for reviewing my patch. No problem about the delay. I made a new version at https://www.iat.uni-leipzig.de/~bunk/prosody-whitelist-networks-v2.hg It is against current tip and has the style issues removed. undozerocompression() is required because otherwise toBits() is broken. It converts a zero compressed IPv6 address like ::1, where :: is equivalent to a variable number of zeroes into the full, uncompressed representation including all the zeroes, which is later converted to a bitstring. I don't understand the problem with the loop. Checking whether an IP address is contained in a network is a useful functionality and so belongs into util/ip.lua...

  6. Zash on

    Went with a simpler approach in https://hg.prosody.im/trunk/rev/4796fdcb7146 Thanks anyways. toBits has since been replaced, but I'm still qurious if you can show an input that produces the wrong output. It seemed to work correctly in my testing, including expansion of ::

    • tags Status-Fixed
  7. Zash on

    • tags Milestone-0.11

New comment

Not published. Used for spam prevention and optional update notifications.