On 11/26/11 4:25 PM, Wietse Venema wrote:
> Philip Prindeville:
>>>> Thanks... Can you point me at any particular commits I could look
>>>> at that added such a milter attribute?
>>>
>>> Here is a good example of what it takes to add, document and test
>>> a "daemon port":
>>>
>>> $ find proto src -type f print | xargs grep -i client_port
>>>
>>> This produces 151 lines of output with postfix-2.9-20111125 (of
>>> which 6 lines are in files with test data).
>>>
>>> Adding the server port would largely involve duplicating those
>>> client_port lines, and maybe borrow some client port code that the
>>> grep command did not reveal.
>>>
>>> Wietse
>>
>> Well, if I'm going to do all that, I might as well add:
>>
>> daemon_port
>> if_addr
>> if_name
>>
>> Assuming that there might be further milter values added to the
>> milter spec in the future, or that some of the existing milter
>> values might need to be added to Postfix in the foreseeable future,
>> would it make sense to add infrastructure code to simplify adding
>> such variables in the future?
>
> Considering that these changes are scattered over some 40+ files,
> and that there are already a half-dozen similar attributes, I would
> expect that I have already exploited many opportunities for reuse,
> but I am willing to be surprised.
>
>> I can use getifaddrs() to populate both of these latter two.
>
> For {if_addr} you may have more luck with getsockname() which has
> the same result on all supported platforms.
Right. Don't know why I wrote "these latter two"... meant just the last one.
The fix is to do a getsockname() and then search the list for getifaddrs() for
the corresponding match for {if_name}.
> According to util/inet_addr_local.c, not all systems support
> getifaddrs() in the same way.
>
> And unless you turn off IP forwarding in the TCP/IP stack, the value
> of {if_addr} and {if_name} says nothing about the path that packets
> have taken. It just says something about the destination IP address.
>
> Wietse
Yes. The point is that one might want to apply Milter policies based on the
names of the interfaces, not their actual addresses, such as:
wan0
lan0
tun0
vpn5
etc. So I'm not interested so much what interface the packets came in on, as
what address (by name associated with the interface) they were destined for.
In a richly connected network with a multihomed host, packets might arrive on
more than one interface during the course of a connection anyway, possibly even
simultaneously.
-Philip
