Software /
code /
prosody-modules
Changeset
5251:f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Tue, 14 Mar 2023 18:59:39 +0000 |
parents | 5250:d9577083c5f5 |
children | 5252:85f0c6c1c24f |
files | mod_audit/mod_audit.lua |
diffstat | 1 files changed, 22 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_audit/mod_audit.lua Tue Mar 14 17:48:44 2023 +0000 +++ b/mod_audit/mod_audit.lua Tue Mar 14 18:59:39 2023 +0000 @@ -3,7 +3,12 @@ local audit_log_limit = module:get_option_number("audit_log_limit", 10000); local cleanup_after = module:get_option_string("audit_log_expires_after", "2w"); +local attach_ips = module:get_option_boolean("audit_log_ips", true); +local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil); +local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil); + local time_now = os.time; +local ip = require "util.ip"; local st = require "util.stanza"; local moduleapi = require "core.moduleapi"; @@ -23,6 +28,17 @@ setmetatable(stores, { __index = get_store }); +local function get_ip_network(ip_addr) + local _ip = ip.new_ip(ip_addr); + local proto = _ip.proto; + local network; + if proto == "IPv4" and attach_ipv4_prefix then + network = ip.truncate(_ip, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix; + elseif proto == "IPv6" and attach_ipv6_prefix then + network = ip.truncate(_ip, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix; + end + return network; +end local function session_extra(session) local attr = { @@ -35,8 +51,12 @@ attr.type = session.type; end local stanza = st.stanza("session", attr); - if session.ip then - stanza:text_tag("remote-ip", session.ip); + if attach_ips and session.ip then + local remote_ip, network = session.ip; + if attach_ipv4_prefix or attach_ipv6_prefix then + network = get_ip_network(remote_ip); + end + stanza:text_tag("remote-ip", network or remote_ip); end if session.client_id then stanza:text_tag("client", session.client_id);