urirhssub SAFF_EXAMPLE rbl.example.com. A 127.0.0.8
urihssub expects just 8, not 127.0.0.8
Sorry for the delay in responding. Your description, while it seems
to match the current code, doesn't match the documentation:
subtest is the sub-test to run against the returned data. The sub-
test may either be an IPv4 dotted address for RHSBLs that return
multiple A records, a non-negative decimal number to specify a
bitmask for RHSBLs that return a single A record containing a
bitmask of results, or (if none of the preceding options seem to
fit) a regular expression.
The bitmask test works, but the regex test and exact-match test don't
work due to the bitwise or at Plugin/URIDNSBL.pm line 614. The code
for exact-matches and regex-matches is there:
if ($subtest eq $rdatastr) {
[ ... ]
# bitmask
elsif ($subtest =~ /^\d+$/) {
[ ... ]
# regular expression
else {
if ($rdatastr =~ /${subtest}/) {
... but that code is broken by the assumption that only a bitmask is
valid.
If it's true that only a bitmask should be valid, then perhaps the
documentation/code should be updated? On the other hand, it appears
that the test that is causing regex and exact-match to fail was a
workaround for a bug that has been resolved:
# skip any A record that isn't on 127/8 if we're not looking for
# any bits in the first octet, this is a workaround for bug 3997
if ($rr->type eq 'A' && $rr->rdatastr !~ /^127\./ &&
!($uridnsbl_subs_bits & 0xff000000))
... so perhaps this workaround can be removed? For what it's worth,
if this workaround is to remain, I might suggest wrapping the bitwise
or to make it act only on a decimal number:
- $uridnsbl_subs_bits |= $_ for keys %{$uridnsbl_subs};
+ foreach my $sub_key (keys %{$uridnsbl_subs}) {
+ $uridnsbl_subs_bits |= $sub_key if ($sub_key =~ /^\d+$/);
+ }
+
Thanks.
- Jason Parsons
