Pantyhose-X/tinyproxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

conf.c: simplify the huge IPV6 regex

Browse Source 
even though the existing IPV6 regex caught (almost?) all invalid
ipv6 addresses, it did so with a huge performance penalty.
parsing a file with 32K allow or deny statement took 30 secs in
a test setup, after this change less than 3.

the new regex is sufficient to recognize all valid ipv6 addresses,
and hands down the responsibility to detect corner cases to the
system's inet_pton() function, which is e.g. called from insert_acl(),
which now causes a warning to be printed in the log if a seemingly
valid address is in fact invalid.

the new regex has been tested with 486 testcases from
http://download.dartware.com/thirdparty/test-ipv6-regex.pl
and accepts all valid ones and rejects most of the invalid ones.

note that the IPV4 regex already did a similar thing and checked only
whether the ip looks like [0-9]+.[0-9]+.[0-9]+.[0-9]+ without pedantry.
This commit is contained in:
rofl0r 2020-09-16 20:39:34 +01:00
parent 0ad8904b40
commit caeab31fca
1 changed files with 2 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/conf.c
View File

@ -57,24 +57,8 @@
#define IP "((([0-9]{1,3})\\.){3}[0-9]{1,3})"
#define IPMASK "(" IP "(/[[:digit:]]+)?)"
#define IPV6 "(" \
"(([0-9a-f]{1,4}:){1,1}(:[0-9a-f]{1,4}){1,6})|" \
"(([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5})|" \
"(([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4})|" \
"(([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3})|" \
"(([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2})|" \
"(([0-9a-f]{1,4}:){1,6}(:[0-9a-f]{1,4}){1,1})|" \
"((([0-9a-f]{1,4}:){1,7}|:):)|" \
"(:(:[0-9a-f]{1,4}){1,7})|" \
"([0-9a-f]{1,4}(:[0-9a-f]{1,4}){1,7})|" \
"(((([0-9a-f]{1,4}:){6})(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}))|" \
"((([0-9a-f]{1,4}:){5}[0-9a-f]{1,4}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}))|" \
"(([0-9a-f]{1,4}:){5}:[0-9a-f]{1,4}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \
"(([0-9a-f]{1,4}:){1,1}(:[0-9a-f]{1,4}){1,4}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \
"(([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,3}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \
"(([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,2}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \
"(([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,1}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \
"((([0-9a-f]{1,4}:){1,5}|:):(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \
"(:(:[0-9a-f]{1,4}){1,5}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})" \
"(([0-9a-f:]{2,39}))|" \
"(([0-9a-f:]{0,29}:" IP "))" \
")"
#define IPV6MASK "(" IPV6 "(/[[:digit:]]+)?)"