On 7/6/2011 12:08 PM, Wietse Venema wrote:
> Some table types such as CIDR ignore the domain name. With table
> types such as CIDR, regexp and pcre, check_client_access does no
> prefix/suffix lookups.
>
> Given this, a pcre rule with ``/:/ DUNNO'' is sufficient to skip
> IPv6 addresses.
Thanks for the thorough explanation Wietse and the fix. I've added the
following as the first rule in the table. Testing with postmap -q
indicates it works as stated.
# ignore IPv6 addresses
/:/ DUNNO
I received a request to ignore IPv4 addresses as well in order to
improve performance. But given the extensive IF loops it seems we'd
only save something like a few picoseconds of CPU time (<30 expressions
processed). If that's actually critical I could add something like
/^([0-9]{1,3}\.){3}[0-9]{1,3}$/ DUNNO
Crude testing with postmap -q shows this matches only a naked dotted
quad, but I'd rather not unleash it without more thorough testing, or
confirmation from resident regex gurus that this will work as intended.
Many rDNS strings contain a dotted quad, so we want to return DUNNO
only for a naked dotted quad.
For now I've only added the IPv6 bypass.
--
Stan
