Check-in [2dad03cf84]
Overview
SHA1:2dad03cf8488ad13a37c62d9d3f77d4cd22e31ed
Date: 2011-03-06 17:33:29
User: rmiller
Comment:move include stuff to the include file. add new include file for packetbl_getstat
Timelines: family | ancestors | descendants | both | trunk
Downloads: Tarball | ZIP archive
Other Links: files | file ages | folders | manifest
Tags And Properties
Context
2011-03-06
17:45
[6d6dfd2faa] change version, documentation fixes to avoid misleading. (user: rmiller, tags: trunk)
17:33
[2dad03cf84] move include stuff to the include file. add new include file for packetbl_getstat (user: rmiller, tags: trunk)
17:18
[697a450bd4] This has been verified to work, at least on a quick test. Need to test more thoroughly. Good for a beta release, anyway. (user: rmiller, tags: trunk)
Changes

Modified autom4te.cache/output.0 from [c36152d6d3] to [0675b2e82e].

  3969   3969   $as_echo "$ac_cv_lib_netfilter_queue_nfq_set_verdict" >&6; }
  3970   3970   if test "x$ac_cv_lib_netfilter_queue_nfq_set_verdict" = x""yes; then :
  3971   3971     
  3972   3972   	
  3973   3973   $as_echo "@%:@define HAVE_NFQUEUE /**/" >>confdefs.h
  3974   3974   
  3975   3975   	LIBS="$LIBS -lnetfilter_queue"
         3976  +	INCLUDES="$INCLUDES -I/usr/include/libnetfilter_queue"
  3976   3977   	have_nfqueue='yes'
  3977   3978   
  3978   3979   fi
  3979   3980   
  3980   3981   
  3981   3982   if test "$have_nfqueue" != 'yes'; then
  3982   3983   	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5

Modified autom4te.cache/requests from [7956dc4e38] to [837bb9279c].

    11     11                         ],
    12     12                         [
    13     13                           '/usr/share/autoconf/autoconf/autoconf.m4f',
    14     14                           'aclocal.m4',
    15     15                           'configure.in'
    16     16                         ],
    17     17                         {
    18         -                        'AM_PROG_F77_C_O' => 1,
    19     18                           '_LT_AC_TAGCONFIG' => 1,
    20         -                        'm4_pattern_forbid' => 1,
           19  +                        'AM_PROG_F77_C_O' => 1,
    21     20                           'AC_INIT' => 1,
    22         -                        '_AM_COND_IF' => 1,
           21  +                        'm4_pattern_forbid' => 1,
    23     22                           'AC_CANONICAL_TARGET' => 1,
    24         -                        'AC_CONFIG_LIBOBJ_DIR' => 1,
           23  +                        '_AM_COND_IF' => 1,
    25     24                           'AC_SUBST' => 1,
    26         -                        'AC_CANONICAL_HOST' => 1,
           25  +                        'AC_CONFIG_LIBOBJ_DIR' => 1,
    27     26                           'AC_FC_SRCEXT' => 1,
           27  +                        'AC_CANONICAL_HOST' => 1,
    28     28                           'AC_PROG_LIBTOOL' => 1,
    29     29                           'AM_INIT_AUTOMAKE' => 1,
    30     30                           'AC_CONFIG_SUBDIRS' => 1,
    31     31                           'AM_AUTOMAKE_VERSION' => 1,
    32     32                           'LT_CONFIG_LTDL_DIR' => 1,
    33         -                        'AC_REQUIRE_AUX_FILE' => 1,
    34     33                           'AC_CONFIG_LINKS' => 1,
    35         -                        'LT_SUPPORTED_TAG' => 1,
           34  +                        'AC_REQUIRE_AUX_FILE' => 1,
    36     35                           'm4_sinclude' => 1,
           36  +                        'LT_SUPPORTED_TAG' => 1,
    37     37                           'AM_MAINTAINER_MODE' => 1,
    38     38                           'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
    39     39                           '_m4_warn' => 1,
    40     40                           'AM_PROG_CXX_C_O' => 1,
    41     41                           '_AM_COND_ENDIF' => 1,
    42     42                           'AM_ENABLE_MULTILIB' => 1,
    43     43                           'AM_SILENT_RULES' => 1,
    44     44                           'AC_CONFIG_FILES' => 1,
    45     45                           'include' => 1,
    46     46                           'LT_INIT' => 1,
    47     47                           'AM_GNU_GETTEXT' => 1,
    48     48                           'AC_LIBSOURCE' => 1,
    49         -                        'AM_PROG_FC_C_O' => 1,
    50     49                           'AC_CANONICAL_BUILD' => 1,
           50  +                        'AM_PROG_FC_C_O' => 1,
    51     51                           'AC_FC_FREEFORM' => 1,
    52     52                           'AH_OUTPUT' => 1,
    53         -                        '_AM_SUBST_NOTMAKE' => 1,
    54     53                           'AC_CONFIG_AUX_DIR' => 1,
    55         -                        'AM_PROG_CC_C_O' => 1,
           54  +                        '_AM_SUBST_NOTMAKE' => 1,
           55  +                        'sinclude' => 1,
    56     56                           'm4_pattern_allow' => 1,
    57         -                        'sinclude' => 1,
    58         -                        'AM_CONDITIONAL' => 1,
           57  +                        'AM_PROG_CC_C_O' => 1,
    59     58                           'AC_CANONICAL_SYSTEM' => 1,
           59  +                        'AM_CONDITIONAL' => 1,
    60     60                           'AC_CONFIG_HEADERS' => 1,
    61     61                           'AC_DEFINE_TRACE_LITERAL' => 1,
    62     62                           'm4_include' => 1,
    63     63                           '_AM_COND_ELSE' => 1,
    64     64                           'AC_SUBST_TRACE' => 1
    65     65                         }
    66     66                       ], 'Autom4te::Request' )
    67     67              );
    68     68   

Modified autom4te.cache/traces.0 from [bad0bba9bc] to [a60c0f7b2c].

   392    392   m4trace:configure.in:49: -1- m4_pattern_allow([^HAVE_LIBCONFIG$])
   393    393   m4trace:configure.in:49: -1- AH_OUTPUT([HAVE_LIBCONFIG], [/* Enable if you have the required libconfig library. */
   394    394   @%:@undef HAVE_LIBCONFIG])
   395    395   m4trace:configure.in:56: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFQUEUE])
   396    396   m4trace:configure.in:56: -1- m4_pattern_allow([^HAVE_NFQUEUE$])
   397    397   m4trace:configure.in:56: -1- AH_OUTPUT([HAVE_NFQUEUE], [/* Enable if you have nfqueue */
   398    398   @%:@undef HAVE_NFQUEUE])
   399         -m4trace:configure.in:66: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFNETLINK])
   400         -m4trace:configure.in:66: -1- m4_pattern_allow([^HAVE_NFNETLINK$])
   401         -m4trace:configure.in:66: -1- AH_OUTPUT([HAVE_NFNETLINK], [/* Enable if netlink exists */
          399  +m4trace:configure.in:67: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFNETLINK])
          400  +m4trace:configure.in:67: -1- m4_pattern_allow([^HAVE_NFNETLINK$])
          401  +m4trace:configure.in:67: -1- AH_OUTPUT([HAVE_NFNETLINK], [/* Enable if netlink exists */
   402    402   @%:@undef HAVE_NFNETLINK])
   403         -m4trace:configure.in:79: -1- AC_DEFINE_TRACE_LITERAL([HAVE_FIREDNS])
   404         -m4trace:configure.in:79: -1- m4_pattern_allow([^HAVE_FIREDNS$])
   405         -m4trace:configure.in:79: -1- AH_OUTPUT([HAVE_FIREDNS], [/* Enable if you have the optional firedns library */
          403  +m4trace:configure.in:80: -1- AC_DEFINE_TRACE_LITERAL([HAVE_FIREDNS])
          404  +m4trace:configure.in:80: -1- m4_pattern_allow([^HAVE_FIREDNS$])
          405  +m4trace:configure.in:80: -1- AH_OUTPUT([HAVE_FIREDNS], [/* Enable if you have the optional firedns library */
   406    406   @%:@undef HAVE_FIREDNS])
   407         -m4trace:configure.in:92: -1- AC_DEFINE_TRACE_LITERAL([USE_CACHE])
   408         -m4trace:configure.in:92: -1- m4_pattern_allow([^USE_CACHE$])
   409         -m4trace:configure.in:92: -1- AH_OUTPUT([USE_CACHE], [/* Enable if you want to use a caching mechanism. */
          407  +m4trace:configure.in:93: -1- AC_DEFINE_TRACE_LITERAL([USE_CACHE])
          408  +m4trace:configure.in:93: -1- m4_pattern_allow([^USE_CACHE$])
          409  +m4trace:configure.in:93: -1- AH_OUTPUT([USE_CACHE], [/* Enable if you want to use a caching mechanism. */
   410    410   @%:@undef USE_CACHE])
   411         -m4trace:configure.in:97: -1- AC_CONFIG_FILES([Makefile])
   412         -m4trace:configure.in:98: -1- AC_CONFIG_HEADERS([config.h])
   413         -m4trace:configure.in:99: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
   414         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
   415         -m4trace:configure.in:99: -1- m4_pattern_allow([^LIB@&t@OBJS$])
   416         -m4trace:configure.in:99: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
   417         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([LTLIBOBJS])
   418         -m4trace:configure.in:99: -1- m4_pattern_allow([^LTLIBOBJS$])
   419         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([top_builddir])
   420         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([top_build_prefix])
   421         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([srcdir])
   422         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_srcdir])
   423         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([top_srcdir])
   424         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_top_srcdir])
   425         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([builddir])
   426         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_builddir])
   427         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_top_builddir])
   428         -m4trace:configure.in:99: -1- AC_SUBST_TRACE([INSTALL])
          411  +m4trace:configure.in:98: -1- AC_CONFIG_FILES([Makefile])
          412  +m4trace:configure.in:99: -1- AC_CONFIG_HEADERS([config.h])
          413  +m4trace:configure.in:100: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
          414  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
          415  +m4trace:configure.in:100: -1- m4_pattern_allow([^LIB@&t@OBJS$])
          416  +m4trace:configure.in:100: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
          417  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([LTLIBOBJS])
          418  +m4trace:configure.in:100: -1- m4_pattern_allow([^LTLIBOBJS$])
          419  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([top_builddir])
          420  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([top_build_prefix])
          421  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([srcdir])
          422  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([abs_srcdir])
          423  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([top_srcdir])
          424  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([abs_top_srcdir])
          425  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([builddir])
          426  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([abs_builddir])
          427  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([abs_top_builddir])
          428  +m4trace:configure.in:100: -1- AC_SUBST_TRACE([INSTALL])

Modified configure from [568f3e906e] to [e5605732f1].

  3969   3969   $as_echo "$ac_cv_lib_netfilter_queue_nfq_set_verdict" >&6; }
  3970   3970   if test "x$ac_cv_lib_netfilter_queue_nfq_set_verdict" = x""yes; then :
  3971   3971   
  3972   3972   
  3973   3973   $as_echo "#define HAVE_NFQUEUE /**/" >>confdefs.h
  3974   3974   
  3975   3975   	LIBS="$LIBS -lnetfilter_queue"
         3976  +	INCLUDES="$INCLUDES -I/usr/include/libnetfilter_queue"
  3976   3977   	have_nfqueue='yes'
  3977   3978   
  3978   3979   fi
  3979   3980   
  3980   3981   
  3981   3982   if test "$have_nfqueue" != 'yes'; then
  3982   3983   	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5

Modified configure.in from [39f7f4ab4f] to [9fdd4c91b3].

    52     52   ], [
    53     53   	AC_MSG_FAILURE([You must have libconfig])
    54     54   ])
    55     55   
    56     56   AC_CHECK_LIB(netfilter_queue, nfq_set_verdict, [
    57     57   	AC_DEFINE(HAVE_NFQUEUE, [], [Enable if you have nfqueue])
    58     58   	LIBS="$LIBS -lnetfilter_queue"
           59  +	INCLUDES="$INCLUDES -I/usr/include/libnetfilter_queue"
    59     60   	have_nfqueue='yes'
    60     61   ])
    61     62   
    62     63   if test "$have_nfqueue" != 'yes'; then
    63     64   	AC_MSG_FAILURE([nfqueue was not found.])
    64     65   fi
    65     66   

Modified packetbl.c from [939b1038a8] to [e9253f6863].

    12     12   
    13     13       You should have received a copy of the GNU General Public License
    14     14       along with this program; if not, write to the Free Software
    15     15       Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    16     16   */
    17     17   
    18     18   #include "packetbl.h"
    19         -#include <stdlib.h>
    20         -#include <stdio.h>
    21         -#include <stdint.h>
    22         -#include <string.h>
    23         -#include <netinet/in.h>
    24         -#include <netinet/tcp.h>
    25         -#include <resolv.h>
    26         -#include <netdb.h>
    27         -#include <ctype.h>
    28         -#include <syslog.h>
    29         -#include <sys/stat.h>
    30         -#include <sys/types.h>
    31         -#include <string.h>
    32         -#include <unistd.h>
    33         -#include <getopt.h>
    34         -#include <time.h>
    35         -#include <errno.h>
    36         -#include <linux/netfilter.h>
    37         -#include <libconfig.h>
    38         -
    39         -#ifdef USE_SOCKSTAT
    40         -#include <sys/socket.h>
    41         -#include <sys/un.h>
    42         -#include <pthread.h>
    43         -#endif
    44         -
    45         -#ifdef HAVE_FIREDNS
    46         -#include <firedns.h>
    47         -#endif
    48         -
    49         -#ifndef BUFFERSIZE
    50         -#define BUFFERSIZE 65536
    51         -#endif
    52         -#ifdef USE_CACHE
    53         -#  ifndef USE_CACHE_DEF_LEN
    54         -#    define USE_CACHE_DEF_LEN 8192
    55         -#  endif
    56         -#  ifndef USE_CACHE_DEF_TTL
    57         -#    define USE_CACHE_DEF_TTL 3600
    58         -#  endif
    59         -#endif
    60         -
    61         -#  define TH_FIN        0x01
    62         -#  define TH_SYN        0x02
    63         -#  define TH_RST        0x04
    64         -#  define TH_PUSH       0x08
    65         -#  define TH_ACK        0x10
    66         -#  define TH_URG        0x20
    67         -
    68         -# include <libnetfilter_queue.h>
    69         -# define SET_VERDICT nfq_set_verdict
    70         -# define PBL_HANDLE nfq_q_handle
    71         -# define PBL_SET_MODE nfq_set_mode
    72         -# define PBL_COPY_PACKET NFQNL_COPY_PACKET
    73         -# define PBL_ID_T u_int32_t
    74         -# define PBL_ERRSTR ""
    75         -
    76         -#define DEBUG(x, y) if (conf.debug >= x) { printf(y "\n"); }
    77         -#define INVALID_OCTET(x) x < 0 || x > 255
    78         -
    79         -struct packet_info {
    80         -
    81         -	uint8_t b1;
    82         -	uint8_t b2;
    83         -	uint8_t b3;
    84         -	uint8_t b4;
    85         -
    86         -	unsigned int s_port;
    87         -	unsigned int d_port;
    88         -
    89         -	int flags;
    90         -};
    91         -
    92         -struct cidr {
    93         -
    94         -	uint32_t ip;
    95         -	uint32_t network;
    96         -	uint32_t processed;		/* network, but as a bitmask */
    97         -
    98         -};
    99         -
   100         -struct config_entry {
   101         -
   102         -	char *string;
   103         -	struct config_entry *next;
   104         -	struct packet_info ip;
   105         -	struct cidr	cidr;
   106         -
   107         -};
   108         -
   109         -char msgbuf[BUFFERSIZE];
   110         -
   111         -struct config {
   112         -	int	allow_non25;
   113         -	int	allow_nonsyn;
   114         -	int	default_accept;
   115         -	int	dryrun;
   116         -	int 	log_facility;
   117         -	int	queueno;
   118         -	int	quiet;
   119         -	int	debug;
   120         -	struct config_entry *blacklistbl;
   121         -	struct config_entry *whitelistbl;
   122         -	struct config_entry *blacklist;
   123         -	struct config_entry *whitelist;
   124         -};
   125         -
   126         -static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 1, 0, 0, NULL, NULL, NULL, NULL };
   127         -
   128         -struct pbl_stat_info {
   129         -	uint32_t	cacheaccept;
   130         -	uint32_t	cachereject;
   131         -	uint32_t	whitelistblhits;
   132         -	uint32_t	blacklistblhits;
   133         -	uint32_t	whitelisthits;
   134         -	uint32_t	blacklisthits;
   135         -	uint32_t	fallthroughhits;
   136         -	uint32_t	totalpackets;
   137         -};
   138         -static struct pbl_stat_info statistics = { 0, 0, 0, 0, 0, 0, 0 };
   139         -
   140         -#ifdef USE_CACHE
   141         -struct packet_cache_t {
   142         -	uint32_t ipaddr;
   143         -	time_t	expires;
   144         -	int	action;
   145         -};
   146         -struct packet_cache_t *packet_cache = NULL;
   147         -uint32_t packet_cache_len = USE_CACHE_DEF_LEN;
   148         -uint16_t packet_cache_ttl = USE_CACHE_DEF_TTL;
   149         -#endif
   150         -
   151         -struct config_entry *hostlistcache = NULL;
   152         -
   153         -int get_packet_info(char *payload, struct packet_info *ip);
   154         -
   155         -int check_packet_list(const struct packet_info *ip, struct config_entry *list);
   156         -int check_packet_dnsbl(const struct packet_info *ip, struct config_entry *list);
   157         -int parse_cidr(struct config_entry *ce);
   158         -/* int validate_blacklist(char *); */
   159         -void parse_config(void);
   160         -void parse_arguments(int argc, char **argv);
   161         -void pbl_init_sockstat(void);
   162         -static void get_ip_string(const struct packet_info *ip);
   163         -static void pbl_set_verdict(struct PBL_HANDLE *h, PBL_ID_T id,
   164         -        unsigned int verdict);
   165         -
   166         -static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
   167         -	struct nfq_data *nfa, void *data);
   168         -	
   169         -typedef struct facility {
   170         -	char *string;
   171         -	int num;
   172         -} facility;
   173         -
   174         -static struct facility facenum[] = {
   175         -	{"auth", LOG_AUTH},
   176         -	{"authpriv", LOG_AUTHPRIV},
   177         -	{"cron", LOG_CRON},
   178         -	{"daemon", LOG_DAEMON},
   179         -	{"kern", LOG_KERN},
   180         -	{"lpr", LOG_LPR},
   181         -	{"mail", LOG_MAIL},
   182         -	{"news", LOG_NEWS},
   183         -	{"syslog", LOG_SYSLOG},
   184         -	{"user", LOG_USER},
   185         -	{"uucp", LOG_UUCP},
   186         -	{"local0", LOG_LOCAL0},
   187         -	{"local1", LOG_LOCAL1},
   188         -	{"local2", LOG_LOCAL2},
   189         -	{"local3", LOG_LOCAL3},
   190         -	{"local4", LOG_LOCAL4},
   191         -	{"local5", LOG_LOCAL5},
   192         -	{"local6", LOG_LOCAL6},
   193         -	{"local7", LOG_LOCAL7},
   194         -	NULL
   195         -};
   196     19   
   197     20   /*
   198     21    * SYNOPSIS:
   199     22    *   void daemonize(void);
   200     23    *
   201     24    * NOTES:
   202     25    *   This function accomplishes everything needed to become a daemon.

Modified packetbl.h from [e61fbc9557] to [04dd1a732b].

     1      1   #ifndef LOCAL_PACKETBL_H
     2      2   #  define LOCAL_PACKETBL_H
     3      3   
            4  +#include <stdlib.h>
            5  +#include <stdio.h>
            6  +#include <stdint.h>
            7  +#include <string.h>
            8  +#include <netinet/in.h>
            9  +#include <netinet/tcp.h>
           10  +#include <resolv.h>
           11  +#include <netdb.h>
           12  +#include <ctype.h>
           13  +#include <syslog.h>
           14  +#include <sys/stat.h>
           15  +#include <sys/types.h>
           16  +#include <string.h>
           17  +#include <unistd.h>
           18  +#include <getopt.h>
           19  +#include <time.h>
           20  +#include <errno.h>
           21  +#include <linux/netfilter.h>
           22  +#include <libconfig.h>
           23  +#include <libnetfilter_queue.h>
           24  +
     4     25   #  ifdef HAVE_CONFIG_H
     5     26   #    include "config.h"
     6     27   #  endif
     7     28   
     8     29   #  ifdef USE_SOCKSTAT
     9     30   #    ifndef SOCKSTAT_PATH
    10     31   #      define SOCKSTAT_PATH "/tmp/.packetbl.sock"
    11     32   #    endif
    12     33   #  endif
    13     34   
           35  +
           36  +#ifdef USE_SOCKSTAT
           37  +#include <sys/socket.h>
           38  +#include <sys/un.h>
           39  +#include <pthread.h>
           40  +#endif
           41  +
           42  +#ifdef HAVE_FIREDNS
           43  +#include <firedns.h>
           44  +#endif
           45  +
           46  +#ifndef BUFFERSIZE
           47  +#define BUFFERSIZE 65536
           48  +#endif
           49  +#ifdef USE_CACHE
           50  +#  ifndef USE_CACHE_DEF_LEN
           51  +#    define USE_CACHE_DEF_LEN 8192
           52  +#  endif
           53  +#  ifndef USE_CACHE_DEF_TTL
           54  +#    define USE_CACHE_DEF_TTL 3600
           55  +#  endif
           56  +#endif
           57  +
           58  +#  define TH_FIN        0x01
           59  +#  define TH_SYN        0x02
           60  +#  define TH_RST        0x04
           61  +#  define TH_PUSH       0x08
           62  +#  define TH_ACK        0x10
           63  +#  define TH_URG        0x20
           64  +
           65  +# define SET_VERDICT nfq_set_verdict
           66  +# define PBL_HANDLE nfq_q_handle
           67  +# define PBL_SET_MODE nfq_set_mode
           68  +# define PBL_COPY_PACKET NFQNL_COPY_PACKET
           69  +# define PBL_ID_T u_int32_t
           70  +# define PBL_ERRSTR ""
           71  +
           72  +#define DEBUG(x, y) if (conf.debug >= x) { printf(y "\n"); }
           73  +#define INVALID_OCTET(x) x < 0 || x > 255
           74  +
           75  +struct packet_info {
           76  +
           77  +	uint8_t b1;
           78  +	uint8_t b2;
           79  +	uint8_t b3;
           80  +	uint8_t b4;
           81  +
           82  +	unsigned int s_port;
           83  +	unsigned int d_port;
           84  +
           85  +	int flags;
           86  +};
           87  +
           88  +struct cidr {
           89  +
           90  +	uint32_t ip;
           91  +	uint32_t network;
           92  +	uint32_t processed;		/* network, but as a bitmask */
           93  +
           94  +};
           95  +
           96  +struct config_entry {
           97  +
           98  +	char *string;
           99  +	struct config_entry *next;
          100  +	struct packet_info ip;
          101  +	struct cidr	cidr;
          102  +
          103  +};
          104  +
          105  +char msgbuf[BUFFERSIZE];
          106  +
          107  +struct config {
          108  +	int	allow_non25;
          109  +	int	allow_nonsyn;
          110  +	int	default_accept;
          111  +	int	dryrun;
          112  +	int 	log_facility;
          113  +	int	queueno;
          114  +	int	quiet;
          115  +	int	debug;
          116  +	struct config_entry *blacklistbl;
          117  +	struct config_entry *whitelistbl;
          118  +	struct config_entry *blacklist;
          119  +	struct config_entry *whitelist;
          120  +};
          121  +
          122  +static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 1, 0, 0, NULL, NULL, NULL, NULL };
          123  +
          124  +struct pbl_stat_info {
          125  +	uint32_t	cacheaccept;
          126  +	uint32_t	cachereject;
          127  +	uint32_t	whitelistblhits;
          128  +	uint32_t	blacklistblhits;
          129  +	uint32_t	whitelisthits;
          130  +	uint32_t	blacklisthits;
          131  +	uint32_t	fallthroughhits;
          132  +	uint32_t	totalpackets;
          133  +};
          134  +static struct pbl_stat_info statistics = { 0, 0, 0, 0, 0, 0, 0 };
          135  +
          136  +#ifdef USE_CACHE
          137  +struct packet_cache_t {
          138  +	uint32_t ipaddr;
          139  +	time_t	expires;
          140  +	int	action;
          141  +};
          142  +struct packet_cache_t *packet_cache = NULL;
          143  +uint32_t packet_cache_len = USE_CACHE_DEF_LEN;
          144  +uint16_t packet_cache_ttl = USE_CACHE_DEF_TTL;
          145  +#endif
          146  +
          147  +struct config_entry *hostlistcache = NULL;
          148  +
          149  +int get_packet_info(char *payload, struct packet_info *ip);
          150  +
          151  +int check_packet_list(const struct packet_info *ip, struct config_entry *list);
          152  +int check_packet_dnsbl(const struct packet_info *ip, struct config_entry *list);
          153  +int parse_cidr(struct config_entry *ce);
          154  +/* int validate_blacklist(char *); */
          155  +void parse_config(void);
          156  +void parse_arguments(int argc, char **argv);
          157  +void pbl_init_sockstat(void);
          158  +static void get_ip_string(const struct packet_info *ip);
          159  +static void pbl_set_verdict(struct PBL_HANDLE *h, PBL_ID_T id,
          160  +        unsigned int verdict);
          161  +
          162  +static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
          163  +	struct nfq_data *nfa, void *data);
          164  +	
          165  +typedef struct facility {
          166  +	char *string;
          167  +	int num;
          168  +} facility;
          169  +
          170  +static struct facility facenum[] = {
          171  +	{"auth", LOG_AUTH},
          172  +	{"authpriv", LOG_AUTHPRIV},
          173  +	{"cron", LOG_CRON},
          174  +	{"daemon", LOG_DAEMON},
          175  +	{"kern", LOG_KERN},
          176  +	{"lpr", LOG_LPR},
          177  +	{"mail", LOG_MAIL},
          178  +	{"news", LOG_NEWS},
          179  +	{"syslog", LOG_SYSLOG},
          180  +	{"user", LOG_USER},
          181  +	{"uucp", LOG_UUCP},
          182  +	{"local0", LOG_LOCAL0},
          183  +	{"local1", LOG_LOCAL1},
          184  +	{"local2", LOG_LOCAL2},
          185  +	{"local3", LOG_LOCAL3},
          186  +	{"local4", LOG_LOCAL4},
          187  +	{"local5", LOG_LOCAL5},
          188  +	{"local6", LOG_LOCAL6},
          189  +	{"local7", LOG_LOCAL7},
          190  +	NULL
          191  +};
          192  +
    14    193   #endif

Modified packetbl_getstat.c from [336a514000] to [59a5b1db0b].

     1         -#include "packetbl.h"
            1  +#include "packetbl_getstat.h"
     2      2   #include <sys/types.h>
     3      3   #include <sys/socket.h>
     4      4   #include <sys/un.h>
     5      5   #include <stdio.h>
     6      6   #include <stdlib.h>
     7      7   #include <unistd.h>
     8      8   #include <string.h>

Added packetbl_getstat.h version [45e910ff68].

            1  +#ifndef PACKETBL_GETSTAT_H
            2  +#define PACKETBL_GETSTAT_H
            3  +#  ifdef HAVE_CONFIG_H
            4  +#    include "config.h"
            5  +#  endif
            6  +
            7  +#  ifdef USE_SOCKSTAT
            8  +#    ifndef SOCKSTAT_PATH
            9  +#      define SOCKSTAT_PATH "/tmp/.packetbl.sock"
           10  +#    endif
           11  +#  endif
           12  +#endif