From 30dd9cafeb91bdc2f5fbfa84fca18175d4a8839d Mon Sep 17 00:00:00 2001 From: Jared Johnson Date: Fri, 21 Nov 2014 16:51:19 -0600 Subject: [PATCH 1/2] Add some p0f results to message headers --- plugins/ident/p0f | 19 +++++++++++++++++++ t/plugin_tests/ident/p0f | 25 +++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/plugins/ident/p0f b/plugins/ident/p0f index 060c018..cee8b18 100644 --- a/plugins/ident/p0f +++ b/plugins/ident/p0f @@ -154,6 +154,10 @@ sub register { foreach (keys %args) { $self->{_args}->{$_} = $args{$_}; } + my $enabled = $self->{_args}{add_headers}; + $enabled = 'true' if ! defined $enabled; + return if $enabled =~ /false/i; + $self->register_hook( data_post => 'add_headers' ); } sub hook_connect { @@ -174,6 +178,21 @@ sub hook_connect { return DECLINED; } +sub add_headers { + my ( $self, $txn ) = @_; + my $p0f = $self->connection->notes('p0f') or return DECLINED; + $self->add_p0f_header( 'X-P0F-Genre' => $p0f->{genre} ); + $self->add_p0f_header( 'X-P0F-Link-Type' => $p0f->{link_type} ); + return DECLINED; +} + +sub add_p0f_header { + my ( $self, $tag, $value ) = @_; + return if ! $value; + $self->transaction->header->delete( $tag ); + $self->transaction->header->add( $tag, $value, 0 ); +} + sub get_v2_query { my $self = shift; diff --git a/t/plugin_tests/ident/p0f b/t/plugin_tests/ident/p0f index a944770..8379140 100644 --- a/t/plugin_tests/ident/p0f +++ b/t/plugin_tests/ident/p0f @@ -8,12 +8,37 @@ use Qpsmtpd::Constants; sub register_tests { my $self = shift; + $self->register_test('test_add_headers'); $self->register_test('test_get_v2_query'); $self->register_test('test_get_v3_query'); $self->register_test('test_store_v2_results'); $self->register_test('test_store_v3_results'); } +sub test_add_headers { + my ( $self ) = @_; + $self->connection->notes( 'p0f', + { + genre => 'test genre', + link_type => 'test link_type', + } + ); + my $header = $self->transaction->header( Mail::Header->new ); + my @tags = (qw( X-P0F-Genre X-P0F-Link-Type )); + $header->add( $_ => 'DELETETHIS' ) for @tags; + $self->add_headers($self->transaction); + is( $self->all_headers('X-P0F-Genre'), 'test genre', + 'X-P0F-Genre header added' ); + is( $self->all_headers('X-P0F-Link-Type'), 'test link_type', + 'X-P0F-Link-Type header added' ); +} + +sub all_headers { + # Return all instances of a given message header + my ( $self, $tag ) = @_; + return join " | ", map { chomp $_; $_ } $self->transaction->header->get($tag); +} + sub test_query_p0f_v2 { #TODO # get path to p0f socket From 57985252dc031787c783ad469778b966b4052317 Mon Sep 17 00:00:00 2001 From: Jared Johnson Date: Fri, 21 Nov 2014 16:54:27 -0600 Subject: [PATCH 2/2] Add some POD --- plugins/ident/p0f | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/plugins/ident/p0f b/plugins/ident/p0f index cee8b18..d8d2597 100644 --- a/plugins/ident/p0f +++ b/plugins/ident/p0f @@ -107,6 +107,18 @@ Example entry: ident/p0f /tmp/.p0f_socket smite_os windows +=head2 add_headers + +Add message headers with p0f data + + ident/p0f [ add_headers (true|false) ] + +Example entry disabling header addition + + ident/p0f /tmp/.p0f_socket add_headers false + +Default: true + =head1 Environment requirements p0f v3 requires only the remote IP.