Check-in [9a13922db2]
Overview
SHA1:9a13922db2c0751727556b9aa6f59598ef963c78
Date: 2011-03-06 01:57:33
User: rmiller
Comment:it compiles and links properly. I don't guarantee ANYTHING else. This is a very major change - I have removed dotconf and am replacing with libconfig. Also did some cleanup along with it. Some parts are messy. I hope it's functional.
Timelines: family | ancestors | descendants | both | trunk
Downloads: Tarball | ZIP archive
Other Links: files | file ages | folders | manifest
Tags And Properties
Context
2011-03-06
02:10
[5396b2b79c] This fixes a few segfaults with an empty config file. It's, of course, *useless* with an empty config file, but that's for testing at a later time. (user: rmiller, tags: trunk)
01:57
[9a13922db2] it compiles and links properly. I don't guarantee ANYTHING else. This is a very major change - I have removed dotconf and am replacing with libconfig. Also did some cleanup along with it. Some parts are messy. I hope it's functional. (user: rmiller, tags: trunk)
2011-03-01
22:34
[50168f46c0] Move a bunch of includes to packetbl.h, and also fix what appears to be a small signing problem (THIS one doesn't break anything) (user: rmiller, tags: trunk)
Changes

Modified autom4te.cache/output.0 from [cd3458412f] to [c36152d6d3].

  3874   3874   _ACEOF
  3875   3875    
  3876   3876   fi
  3877   3877   
  3878   3878   done
  3879   3879   
  3880   3880   
  3881         -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pool_free in -lpool" >&5
  3882         -$as_echo_n "checking for pool_free in -lpool... " >&6; }
  3883         -if test "${ac_cv_lib_pool_pool_free+set}" = set; then :
         3881  +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for config_init in -lconfig" >&5
         3882  +$as_echo_n "checking for config_init in -lconfig... " >&6; }
         3883  +if test "${ac_cv_lib_config_config_init+set}" = set; then :
  3884   3884     $as_echo_n "(cached) " >&6
  3885   3885   else
  3886   3886     ac_check_lib_save_LIBS=$LIBS
  3887         -LIBS="-lpool  $LIBS"
         3887  +LIBS="-lconfig  $LIBS"
  3888   3888   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
  3889   3889   /* end confdefs.h.  */
  3890   3890   
  3891   3891   /* Override any GCC internal prototype to avoid an error.
  3892   3892      Use char because int might match the return type of a GCC
  3893   3893      builtin and then its argument prototype would still apply.  */
  3894   3894   #ifdef __cplusplus
  3895   3895   extern "C"
  3896   3896   #endif
  3897         -char pool_free ();
         3897  +char config_init ();
  3898   3898   int
  3899   3899   main ()
  3900   3900   {
  3901         -return pool_free ();
         3901  +return config_init ();
  3902   3902     ;
  3903   3903     return 0;
  3904   3904   }
  3905   3905   _ACEOF
  3906   3906   if ac_fn_c_try_link "$LINENO"; then :
  3907         -  ac_cv_lib_pool_pool_free=yes
         3907  +  ac_cv_lib_config_config_init=yes
  3908   3908   else
  3909         -  ac_cv_lib_pool_pool_free=no
         3909  +  ac_cv_lib_config_config_init=no
  3910   3910   fi
  3911   3911   rm -f core conftest.err conftest.$ac_objext \
  3912   3912       conftest$ac_exeext conftest.$ac_ext
  3913   3913   LIBS=$ac_check_lib_save_LIBS
  3914   3914   fi
  3915         -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pool_pool_free" >&5
  3916         -$as_echo "$ac_cv_lib_pool_pool_free" >&6; }
  3917         -if test "x$ac_cv_lib_pool_pool_free" = x""yes; then :
         3915  +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_config_config_init" >&5
         3916  +$as_echo "$ac_cv_lib_config_config_init" >&6; }
         3917  +if test "x$ac_cv_lib_config_config_init" = x""yes; then :
  3918   3918     
  3919   3919   	
  3920         -$as_echo "@%:@define HAVE_POOL /**/" >>confdefs.h
         3920  +$as_echo "@%:@define HAVE_LIBCONFIG /**/" >>confdefs.h
  3921   3921   
  3922         -	LIBS="$LIBS -lpool"
         3922  +	LIBS="$LIBS -lconfig"
  3923   3923   
  3924   3924   else
  3925   3925     
  3926   3926   	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
  3927   3927   $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
  3928         -as_fn_error $? "You must have dotconf (libpool), find it here: http://www.azzit.de/dotconf/
  3929         -See \`config.log' for more details" "$LINENO" 5; }
  3930         -
  3931         -fi
  3932         -
  3933         -
  3934         -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dotconf_create in -ldotconf" >&5
  3935         -$as_echo_n "checking for dotconf_create in -ldotconf... " >&6; }
  3936         -if test "${ac_cv_lib_dotconf_dotconf_create+set}" = set; then :
  3937         -  $as_echo_n "(cached) " >&6
  3938         -else
  3939         -  ac_check_lib_save_LIBS=$LIBS
  3940         -LIBS="-ldotconf  $LIBS"
  3941         -cat confdefs.h - <<_ACEOF >conftest.$ac_ext
  3942         -/* end confdefs.h.  */
  3943         -
  3944         -/* Override any GCC internal prototype to avoid an error.
  3945         -   Use char because int might match the return type of a GCC
  3946         -   builtin and then its argument prototype would still apply.  */
  3947         -#ifdef __cplusplus
  3948         -extern "C"
  3949         -#endif
  3950         -char dotconf_create ();
  3951         -int
  3952         -main ()
  3953         -{
  3954         -return dotconf_create ();
  3955         -  ;
  3956         -  return 0;
  3957         -}
  3958         -_ACEOF
  3959         -if ac_fn_c_try_link "$LINENO"; then :
  3960         -  ac_cv_lib_dotconf_dotconf_create=yes
  3961         -else
  3962         -  ac_cv_lib_dotconf_dotconf_create=no
  3963         -fi
  3964         -rm -f core conftest.err conftest.$ac_objext \
  3965         -    conftest$ac_exeext conftest.$ac_ext
  3966         -LIBS=$ac_check_lib_save_LIBS
  3967         -fi
  3968         -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dotconf_dotconf_create" >&5
  3969         -$as_echo "$ac_cv_lib_dotconf_dotconf_create" >&6; }
  3970         -if test "x$ac_cv_lib_dotconf_dotconf_create" = x""yes; then :
  3971         -  
  3972         -	
  3973         -$as_echo "@%:@define HAVE_DOTCONF /**/" >>confdefs.h
  3974         -
  3975         -	LIBS="$LIBS -ldotconf"
  3976         -
  3977         -else
  3978         -  
  3979         -	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
  3980         -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
  3981         -as_fn_error $? "You must have dotconf, find it here: http://www.azzit.de/dotconf/
         3928  +as_fn_error $? "You must have libconfig
  3982   3929   See \`config.log' for more details" "$LINENO" 5; }
  3983   3930   
  3984   3931   fi
  3985   3932   
  3986   3933   
  3987   3934   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nfq_set_verdict in -lnetfilter_queue" >&5
  3988   3935   $as_echo_n "checking for nfq_set_verdict in -lnetfilter_queue... " >&6; }

Modified autom4te.cache/traces.0 from [af22284bcc] to [bad0bba9bc].

   384    384   @%:@undef HAVE_STRINGS_H])
   385    385   m4trace:configure.in:47: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
   386    386   @%:@undef HAVE_INTTYPES_H])
   387    387   m4trace:configure.in:47: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
   388    388   @%:@undef HAVE_STDINT_H])
   389    389   m4trace:configure.in:47: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
   390    390   @%:@undef HAVE_UNISTD_H])
   391         -m4trace:configure.in:49: -1- AC_DEFINE_TRACE_LITERAL([HAVE_POOL])
   392         -m4trace:configure.in:49: -1- m4_pattern_allow([^HAVE_POOL$])
   393         -m4trace:configure.in:49: -1- AH_OUTPUT([HAVE_POOL], [/* Enable if you have the required pool library */
   394         -@%:@undef HAVE_POOL])
   395         -m4trace:configure.in:56: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DOTCONF])
   396         -m4trace:configure.in:56: -1- m4_pattern_allow([^HAVE_DOTCONF$])
   397         -m4trace:configure.in:56: -1- AH_OUTPUT([HAVE_DOTCONF], [/* Enable if you have the required dotconf library. */
   398         -@%:@undef HAVE_DOTCONF])
   399         -m4trace:configure.in:63: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFQUEUE])
   400         -m4trace:configure.in:63: -1- m4_pattern_allow([^HAVE_NFQUEUE$])
   401         -m4trace:configure.in:63: -1- AH_OUTPUT([HAVE_NFQUEUE], [/* Enable if you have nfqueue */
          391  +m4trace:configure.in:49: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCONFIG])
          392  +m4trace:configure.in:49: -1- m4_pattern_allow([^HAVE_LIBCONFIG$])
          393  +m4trace:configure.in:49: -1- AH_OUTPUT([HAVE_LIBCONFIG], [/* Enable if you have the required libconfig library. */
          394  +@%:@undef HAVE_LIBCONFIG])
          395  +m4trace:configure.in:56: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFQUEUE])
          396  +m4trace:configure.in:56: -1- m4_pattern_allow([^HAVE_NFQUEUE$])
          397  +m4trace:configure.in:56: -1- AH_OUTPUT([HAVE_NFQUEUE], [/* Enable if you have nfqueue */
   402    398   @%:@undef HAVE_NFQUEUE])
   403         -m4trace:configure.in:73: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFNETLINK])
   404         -m4trace:configure.in:73: -1- m4_pattern_allow([^HAVE_NFNETLINK$])
   405         -m4trace:configure.in:73: -1- AH_OUTPUT([HAVE_NFNETLINK], [/* Enable if netlink exists */
          399  +m4trace:configure.in:66: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFNETLINK])
          400  +m4trace:configure.in:66: -1- m4_pattern_allow([^HAVE_NFNETLINK$])
          401  +m4trace:configure.in:66: -1- AH_OUTPUT([HAVE_NFNETLINK], [/* Enable if netlink exists */
   406    402   @%:@undef HAVE_NFNETLINK])
   407         -m4trace:configure.in:86: -1- AC_DEFINE_TRACE_LITERAL([HAVE_FIREDNS])
   408         -m4trace:configure.in:86: -1- m4_pattern_allow([^HAVE_FIREDNS$])
   409         -m4trace:configure.in:86: -1- AH_OUTPUT([HAVE_FIREDNS], [/* Enable if you have the optional firedns library */
          403  +m4trace:configure.in:79: -1- AC_DEFINE_TRACE_LITERAL([HAVE_FIREDNS])
          404  +m4trace:configure.in:79: -1- m4_pattern_allow([^HAVE_FIREDNS$])
          405  +m4trace:configure.in:79: -1- AH_OUTPUT([HAVE_FIREDNS], [/* Enable if you have the optional firedns library */
   410    406   @%:@undef HAVE_FIREDNS])
   411         -m4trace:configure.in:99: -1- AC_DEFINE_TRACE_LITERAL([USE_CACHE])
   412         -m4trace:configure.in:99: -1- m4_pattern_allow([^USE_CACHE$])
   413         -m4trace:configure.in:99: -1- AH_OUTPUT([USE_CACHE], [/* Enable if you want to use a caching mechanism. */
          407  +m4trace:configure.in:92: -1- AC_DEFINE_TRACE_LITERAL([USE_CACHE])
          408  +m4trace:configure.in:92: -1- m4_pattern_allow([^USE_CACHE$])
          409  +m4trace:configure.in:92: -1- AH_OUTPUT([USE_CACHE], [/* Enable if you want to use a caching mechanism. */
   414    410   @%:@undef USE_CACHE])
   415         -m4trace:configure.in:104: -1- AC_CONFIG_FILES([Makefile])
   416         -m4trace:configure.in:105: -1- AC_CONFIG_HEADERS([config.h])
   417         -m4trace:configure.in:106: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
   418         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
   419         -m4trace:configure.in:106: -1- m4_pattern_allow([^LIB@&t@OBJS$])
   420         -m4trace:configure.in:106: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
   421         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([LTLIBOBJS])
   422         -m4trace:configure.in:106: -1- m4_pattern_allow([^LTLIBOBJS$])
   423         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([top_builddir])
   424         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([top_build_prefix])
   425         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([srcdir])
   426         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([abs_srcdir])
   427         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([top_srcdir])
   428         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([abs_top_srcdir])
   429         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([builddir])
   430         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([abs_builddir])
   431         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([abs_top_builddir])
   432         -m4trace:configure.in:106: -1- AC_SUBST_TRACE([INSTALL])
          411  +m4trace:configure.in:97: -1- AC_CONFIG_FILES([Makefile])
          412  +m4trace:configure.in:98: -1- AC_CONFIG_HEADERS([config.h])
          413  +m4trace:configure.in:99: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
          414  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
          415  +m4trace:configure.in:99: -1- m4_pattern_allow([^LIB@&t@OBJS$])
          416  +m4trace:configure.in:99: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
          417  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([LTLIBOBJS])
          418  +m4trace:configure.in:99: -1- m4_pattern_allow([^LTLIBOBJS$])
          419  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([top_builddir])
          420  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([top_build_prefix])
          421  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([srcdir])
          422  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_srcdir])
          423  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([top_srcdir])
          424  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_top_srcdir])
          425  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([builddir])
          426  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_builddir])
          427  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_top_builddir])
          428  +m4trace:configure.in:99: -1- AC_SUBST_TRACE([INSTALL])

Modified configure from [5a5437a7aa] to [568f3e906e].

  3874   3874   _ACEOF
  3875   3875   
  3876   3876   fi
  3877   3877   
  3878   3878   done
  3879   3879   
  3880   3880   
  3881         -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pool_free in -lpool" >&5
  3882         -$as_echo_n "checking for pool_free in -lpool... " >&6; }
  3883         -if test "${ac_cv_lib_pool_pool_free+set}" = set; then :
         3881  +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for config_init in -lconfig" >&5
         3882  +$as_echo_n "checking for config_init in -lconfig... " >&6; }
         3883  +if test "${ac_cv_lib_config_config_init+set}" = set; then :
  3884   3884     $as_echo_n "(cached) " >&6
  3885   3885   else
  3886   3886     ac_check_lib_save_LIBS=$LIBS
  3887         -LIBS="-lpool  $LIBS"
         3887  +LIBS="-lconfig  $LIBS"
  3888   3888   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
  3889   3889   /* end confdefs.h.  */
  3890   3890   
  3891   3891   /* Override any GCC internal prototype to avoid an error.
  3892   3892      Use char because int might match the return type of a GCC
  3893   3893      builtin and then its argument prototype would still apply.  */
  3894   3894   #ifdef __cplusplus
  3895   3895   extern "C"
  3896   3896   #endif
  3897         -char pool_free ();
         3897  +char config_init ();
  3898   3898   int
  3899   3899   main ()
  3900   3900   {
  3901         -return pool_free ();
         3901  +return config_init ();
  3902   3902     ;
  3903   3903     return 0;
  3904   3904   }
  3905   3905   _ACEOF
  3906   3906   if ac_fn_c_try_link "$LINENO"; then :
  3907         -  ac_cv_lib_pool_pool_free=yes
         3907  +  ac_cv_lib_config_config_init=yes
  3908   3908   else
  3909         -  ac_cv_lib_pool_pool_free=no
         3909  +  ac_cv_lib_config_config_init=no
  3910   3910   fi
  3911   3911   rm -f core conftest.err conftest.$ac_objext \
  3912   3912       conftest$ac_exeext conftest.$ac_ext
  3913   3913   LIBS=$ac_check_lib_save_LIBS
  3914   3914   fi
  3915         -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pool_pool_free" >&5
  3916         -$as_echo "$ac_cv_lib_pool_pool_free" >&6; }
  3917         -if test "x$ac_cv_lib_pool_pool_free" = x""yes; then :
         3915  +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_config_config_init" >&5
         3916  +$as_echo "$ac_cv_lib_config_config_init" >&6; }
         3917  +if test "x$ac_cv_lib_config_config_init" = x""yes; then :
  3918   3918   
  3919   3919   
  3920         -$as_echo "#define HAVE_POOL /**/" >>confdefs.h
         3920  +$as_echo "#define HAVE_LIBCONFIG /**/" >>confdefs.h
  3921   3921   
  3922         -	LIBS="$LIBS -lpool"
         3922  +	LIBS="$LIBS -lconfig"
  3923   3923   
  3924   3924   else
  3925   3925   
  3926   3926   	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
  3927   3927   $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
  3928         -as_fn_error $? "You must have dotconf (libpool), find it here: http://www.azzit.de/dotconf/
  3929         -See \`config.log' for more details" "$LINENO" 5; }
  3930         -
  3931         -fi
  3932         -
  3933         -
  3934         -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dotconf_create in -ldotconf" >&5
  3935         -$as_echo_n "checking for dotconf_create in -ldotconf... " >&6; }
  3936         -if test "${ac_cv_lib_dotconf_dotconf_create+set}" = set; then :
  3937         -  $as_echo_n "(cached) " >&6
  3938         -else
  3939         -  ac_check_lib_save_LIBS=$LIBS
  3940         -LIBS="-ldotconf  $LIBS"
  3941         -cat confdefs.h - <<_ACEOF >conftest.$ac_ext
  3942         -/* end confdefs.h.  */
  3943         -
  3944         -/* Override any GCC internal prototype to avoid an error.
  3945         -   Use char because int might match the return type of a GCC
  3946         -   builtin and then its argument prototype would still apply.  */
  3947         -#ifdef __cplusplus
  3948         -extern "C"
  3949         -#endif
  3950         -char dotconf_create ();
  3951         -int
  3952         -main ()
  3953         -{
  3954         -return dotconf_create ();
  3955         -  ;
  3956         -  return 0;
  3957         -}
  3958         -_ACEOF
  3959         -if ac_fn_c_try_link "$LINENO"; then :
  3960         -  ac_cv_lib_dotconf_dotconf_create=yes
  3961         -else
  3962         -  ac_cv_lib_dotconf_dotconf_create=no
  3963         -fi
  3964         -rm -f core conftest.err conftest.$ac_objext \
  3965         -    conftest$ac_exeext conftest.$ac_ext
  3966         -LIBS=$ac_check_lib_save_LIBS
  3967         -fi
  3968         -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dotconf_dotconf_create" >&5
  3969         -$as_echo "$ac_cv_lib_dotconf_dotconf_create" >&6; }
  3970         -if test "x$ac_cv_lib_dotconf_dotconf_create" = x""yes; then :
  3971         -
  3972         -
  3973         -$as_echo "#define HAVE_DOTCONF /**/" >>confdefs.h
  3974         -
  3975         -	LIBS="$LIBS -ldotconf"
  3976         -
  3977         -else
  3978         -
  3979         -	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
  3980         -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
  3981         -as_fn_error $? "You must have dotconf, find it here: http://www.azzit.de/dotconf/
         3928  +as_fn_error $? "You must have libconfig
  3982   3929   See \`config.log' for more details" "$LINENO" 5; }
  3983   3930   
  3984   3931   fi
  3985   3932   
  3986   3933   
  3987   3934   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nfq_set_verdict in -lnetfilter_queue" >&5
  3988   3935   $as_echo_n "checking for nfq_set_verdict in -lnetfilter_queue... " >&6; }

Modified configure.in from [063c9874e8] to [39f7f4ab4f].

    42     42   		AC_DEFINE_UNQUOTED(SOCKSTAT_PATH, ["$withval"], [Define the path of the stats socket])
    43     43   	fi
    44     44   	])
    45     45   	
    46     46   
    47     47   AC_CHECK_HEADERS(libipq.h stdlib.h stdio.h string.h netinet/in.h netinet/tcp.h resolv.h netdb.h ctype.h syslog.h sys/stat.h sys/types.h unistd.h getopt.h dotconf.h libpool.h time.h)
    48     48   
    49         -AC_CHECK_LIB(pool, pool_free, [
    50         -	AC_DEFINE(HAVE_POOL, [], [Enable if you have the required pool library])
    51         -	LIBS="$LIBS -lpool"
           49  +AC_CHECK_LIB(config, config_init, [
           50  +	AC_DEFINE(HAVE_LIBCONFIG, [], [Enable if you have the required libconfig library.])
           51  +	LIBS="$LIBS -lconfig"
    52     52   ], [
    53         -	AC_MSG_FAILURE([You must have dotconf (libpool), find it here: http://www.azzit.de/dotconf/])
    54         -])
    55         -
    56         -AC_CHECK_LIB(dotconf, dotconf_create, [
    57         -	AC_DEFINE(HAVE_DOTCONF, [], [Enable if you have the required dotconf library.])
    58         -	LIBS="$LIBS -ldotconf"
    59         -], [
    60         -	AC_MSG_FAILURE([You must have dotconf, find it here: http://www.azzit.de/dotconf/])
           53  +	AC_MSG_FAILURE([You must have libconfig])
    61     54   ])
    62     55   
    63     56   AC_CHECK_LIB(netfilter_queue, nfq_set_verdict, [
    64     57   	AC_DEFINE(HAVE_NFQUEUE, [], [Enable if you have nfqueue])
    65     58   	LIBS="$LIBS -lnetfilter_queue"
    66     59   	have_nfqueue='yes'
    67     60   ])

Modified packetbl.c from [6783fc984d] to [de1fe284bf].

    30     30   #include <sys/types.h>
    31     31   #include <string.h>
    32     32   #include <unistd.h>
    33     33   #include <getopt.h>
    34     34   #include <time.h>
    35     35   #include <errno.h>
    36     36   #include <linux/netfilter.h>
    37         -
    38         -#include <dotconf.h>
    39         -#include <libpool.h>
           37  +#include <libconfig.h>
    40     38   
    41     39   #ifdef USE_SOCKSTAT
    42     40   #include <sys/socket.h>
    43     41   #include <sys/un.h>
    44     42   #include <pthread.h>
    45     43   #endif
    46     44   
................................................................................
   104    102   	char *string;
   105    103   	struct config_entry *next;
   106    104   	struct packet_info ip;
   107    105   	struct cidr	cidr;
   108    106   
   109    107   };
   110    108   
   111         -struct config_entry *blacklistbl = NULL;
   112         -struct config_entry *whitelistbl = NULL;
   113         -struct config_entry *blacklist = NULL;
   114         -struct config_entry *whitelist = NULL;
   115         -
   116         -struct bl_context {
   117         -
   118         -	int	permissions;
   119         -	const char *current_end_token;
   120         -
   121         -	pool_t *pool;
   122         -};
   123         -
   124         -enum permissions {
   125         -	O_ROOT = 1,
   126         -	O_HOSTSECTION = 2,
   127         -	O_LAST = 4
   128         -};
   129         -
   130         -static DOTCONF_CB(host_section_open);
   131         -static DOTCONF_CB(common_section_close);
   132         -static DOTCONF_CB(common_option);
   133         -static DOTCONF_CB(toggle_option);
   134         -static DOTCONF_CB(facility_option);
   135         -
   136         -static const char *end_host = "</host>";
   137    109   char msgbuf[BUFFERSIZE];
   138    110   
   139    111   struct config {
   140    112   	int	allow_non25;
   141    113   	int	allow_nonsyn;
   142    114   	int	default_accept;
   143    115   	int	dryrun;
   144    116   	int 	log_facility;
   145    117   	int	queueno;
   146    118   	int	quiet;
   147    119   	int	debug;
          120  +	struct config_entry *blacklistbl;
          121  +	struct config_entry *whitelistbl;
          122  +	struct config_entry *blacklist;
          123  +	struct config_entry *whitelist;
   148    124   };
   149         -static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 0 };
          125  +
          126  +static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 0, 0, 0, NULL, NULL, NULL, NULL };
   150    127   
   151    128   struct pbl_stat_info {
   152    129   	uint32_t	cacheaccept;
   153    130   	uint32_t	cachereject;
   154    131   	uint32_t	whitelistblhits;
   155    132   	uint32_t	blacklistblhits;
   156    133   	uint32_t	whitelisthits;
................................................................................
   185    162   static void get_ip_string(const struct packet_info *ip);
   186    163   static void pbl_set_verdict(struct PBL_HANDLE *h, PBL_ID_T id,
   187    164           unsigned int verdict);
   188    165   
   189    166   static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
   190    167   	struct nfq_data *nfa, void *data);
   191    168   	
   192         -static const configoption_t options[] = {
   193         -	{"<host>", ARG_NONE, host_section_open, NULL, O_ROOT},
   194         -	{"</host>", ARG_NONE, common_section_close, NULL, O_ROOT},
   195         -	{"blacklistbl", ARG_STR, common_option, NULL, O_HOSTSECTION},
   196         -	{"whitelistbl", ARG_STR, common_option, NULL, O_HOSTSECTION},
   197         -	{"whitelist", ARG_STR, common_option, NULL, O_HOSTSECTION},
   198         -	{"blacklist", ARG_STR, common_option, NULL, O_HOSTSECTION},
   199         -	{"fallthroughaccept", ARG_TOGGLE, toggle_option, NULL, O_ROOT},
   200         -	{"allownonport25", ARG_TOGGLE, toggle_option, NULL, O_ROOT},
   201         -	{"allownonsyn", ARG_TOGGLE, toggle_option, NULL, O_ROOT},
   202         -	{"dryrun", ARG_TOGGLE, toggle_option, NULL, O_ROOT},
   203         -	{"quiet", ARG_TOGGLE, toggle_option, NULL, O_ROOT},
   204         -#ifdef USE_CACHE
   205         -	{"cachettl", ARG_INT, toggle_option, NULL, O_ROOT},
   206         -	{"cachesize", ARG_INT, toggle_option, NULL, O_ROOT},
   207         -#endif
   208         -	{"logfacility", ARG_STR, facility_option, NULL, O_ROOT},
   209         -#ifdef HAVE_NFQUEUE
   210         -	{"queueno", ARG_INT, common_option, NULL, O_ROOT},
   211         -#endif
   212         -	LAST_OPTION
   213         -};
   214         -
   215         -FUNC_ERRORHANDLER(error_handler) {
   216         -
   217         -	fprintf(stderr, "[error] %s\n", msg);
   218         -	return 1;
   219         -
   220         -}
          169  +typedef struct facility {
          170  +	char *string;
          171  +	int num;
          172  +} facility;
          173  +
          174  +static struct facility facenum[] = {
          175  +	{"auth", LOG_AUTH},
          176  +	{"authpriv", LOG_AUTHPRIV},
          177  +	{"cron", LOG_CRON},
          178  +	{"daemon", LOG_DAEMON},
          179  +	{"kern", LOG_KERN},
          180  +	{"lpr", LOG_LPR},
          181  +	{"mail", LOG_MAIL},
          182  +	{"news", LOG_NEWS},
          183  +	{"syslog", LOG_SYSLOG},
          184  +	{"user", LOG_USER},
          185  +	{"uucp", LOG_UUCP},
          186  +	{"local0", LOG_LOCAL0},
          187  +	{"local1", LOG_LOCAL1},
          188  +	{"local2", LOG_LOCAL2},
          189  +	{"local3", LOG_LOCAL3},
          190  +	{"local4", LOG_LOCAL4},
          191  +	{"local5", LOG_LOCAL5},
          192  +	{"local6", LOG_LOCAL6},
          193  +	{"local7", LOG_LOCAL7},
          194  +	NULL
          195  +};
   221    196   
   222    197   /*
   223    198    * SYNOPSIS:
   224    199    *   void daemonize(void);
   225    200    *
   226    201    * NOTES:
   227    202    *   This function accomplishes everything needed to become a daemon.
................................................................................
   421    396   	}
   422    397   #endif
   423    398   
   424    399   	/* the get_ip_string is set AFTER the check_packet_*
   425    400   	 * calls because of the possibility they could screw with
   426    401   	 * msgbuf.  They shouldn't, really, but better safe than
   427    402   	 * sorry, at least for now. */
   428         -	if (check_packet_list(&ip, whitelist) == 1) {
          403  +	if (check_packet_list(&ip, conf.whitelist) == 1) {
   429    404   		get_ip_string(&ip);
   430    405   		if (!conf.quiet) {
   431    406   			if (conf.debug == 0) {
   432    407   				syslog(LOG_INFO,
   433    408   					"[accept whitelist] [%s]",
   434    409   						msgbuf);
   435    410   			} else {
................................................................................
   437    412   					"[accept whitelist] [%s]",
   438    413   						msgbuf);
   439    414   			}
   440    415   		}
   441    416   		statistics.whitelisthits++;
   442    417   		retval=NF_ACCEPT;
   443    418   	} else
   444         -	if (check_packet_list(&ip, blacklist) == 1) {
          419  +	if (check_packet_list(&ip, conf.blacklist) == 1) {
   445    420   		get_ip_string(&ip);
   446    421   		if (!conf.quiet) {
   447    422   			if (conf.debug == 0) {
   448    423   				syslog(LOG_INFO,
   449    424   					"[reject blacklist] [%s]",
   450    425   						msgbuf);
   451    426   			} else {
................................................................................
   454    429   						msgbuf);
   455    430   			}
   456    431   				
   457    432   		}
   458    433   		statistics.blacklisthits++;
   459    434   		retval=NF_DROP;
   460    435   	} else
   461         -	if (check_packet_dnsbl(&ip, whitelistbl) == 1) {
          436  +	if (check_packet_dnsbl(&ip, conf.whitelistbl) == 1) {
   462    437   		get_ip_string(&ip);
   463    438   		if (!conf.quiet) {
   464    439   			if (conf.debug == 0) {
   465    440   				syslog(LOG_INFO,
   466    441   					"[accept dnsbl] [%s]",
   467    442   						msgbuf);
   468    443   			} else {
................................................................................
   470    445   					"[accept dnsbl] [%s]",
   471    446   						msgbuf);
   472    447   			}
   473    448   		}
   474    449   		statistics.whitelistblhits++;
   475    450   		retval=NF_ACCEPT;
   476    451   	} else
   477         -	if (check_packet_dnsbl(&ip, blacklistbl) == 1) {
          452  +	if (check_packet_dnsbl(&ip, conf.blacklistbl) == 1) {
   478    453   		get_ip_string(&ip);
   479    454   		if (!conf.quiet) {
   480    455   			if (conf.debug == 0) {
   481    456   				syslog(LOG_INFO,
   482    457   					"[reject dnsbl] [%s]",
   483    458   						msgbuf);
   484    459   			} else {
................................................................................
   834    809    *   global variables.  It may cause the program to abort with a failure
   835    810    *   if the configuration is unreadable or unparsable.  Due to this fact,
   836    811    *   it should only be called during start-up and not from the main loop.
   837    812    *
   838    813    */
   839    814   void parse_config(void) {
   840    815   
   841         -	configfile_t *configfile;
   842         -	struct bl_context context;
   843         -
   844         -	context.pool = pool_new(NULL);
   845         -	configfile = dotconf_create(CONFIGFILE, options, (void *)&context,
   846         -		CASE_INSENSITIVE);
   847         -	if (!configfile) {
   848         -		fprintf(stderr, "Error opening config file\n");
   849         -		exit(EXIT_FAILURE);
   850         -	}
   851         -	if (dotconf_command_loop(configfile) == 0) {
   852         -		fprintf(stderr, "Error reading configuration file\n");
          816  +	config_t *config = NULL;
          817  +	config_setting_t *config_setting = NULL;
          818  +	struct ce *config_entry = NULL;
          819  +	int result = 0;
          820  +	int i = 0;
          821  +	const char *facstr = NULL;
          822  +	
          823  +	config_init(config);
          824  +	result = config_read_file(config, "test.config");
          825  +	if (result == CONFIG_FALSE) {
          826  +		if (config_error_type(config) == CONFIG_ERR_PARSE) {
          827  +			fprintf (stderr, "Error parsing config file %s, line %d: %s\n",
          828  +				config_error_file(config),
          829  +				config_error_line(config),
          830  +				config_error_text(config));
          831  +		}
          832  +		if (config_error_type(config) == CONFIG_ERR_FILE_IO) {
          833  +			fprintf (stderr, "Error reading config file: %s\n",
          834  +				config_error_text(config));
          835  +		}
   853    836   		exit(EXIT_FAILURE);
   854    837   	}
   855    838   
   856         -	dotconf_cleanup(configfile);
   857         -	pool_free(context.pool);
   858         -
   859         -	return;
          839  +	/* there are default, so I'm not checking return values.  If it fails,
          840  +	 * then we'll just stay with the default, whatever that might be. */
          841  +	config_lookup_bool(config, "options.fallthroughaccept", &conf.default_accept);
          842  +	config_lookup_bool(config, "options.allownonport25", &conf.allow_non25);
          843  +	config_lookup_bool(config, "options.dryrun", &conf.dryrun);
          844  +	config_lookup_bool(config, "options.allownonsyn", &conf.allow_nonsyn);
          845  +	config_lookup_bool(config, "options.quiet", &conf.quiet);
          846  +
          847  +#ifdef USE_CACHE
          848  +	config_lookup_int(config, "cache.ttl", &packet_cache_ttl);
          849  +
          850  +	if (packet_cache_ttl < 0) {
          851  +		packet_cache_ttl = USE_CACHE_DEF_TTL;
          852  +		fprintf(stderr, "config cache TTL negative - using default");
          853  +	}
          854  +
          855  +	config_lookup_int(config, "cache.len", &packet_cache_len);
          856  +
          857  +	if (packet_cache_len < 0) {
          858  +		packet_cache_len = USE_CACHE_DEF_LEN;
          859  +		fprintf(stderr, "config size TTL negative - using default");
          860  +	}
          861  +#endif
          862  +
          863  +	config_lookup_string(config, "log.facility", &facstr);
          864  +	i = 0;
          865  +	while (&facenum[i] != NULL) {
          866  +		if (strcasecmp(facenum[i].string, facstr) == 0) {
          867  +			conf.log_facility = facenum[i].num;
          868  +			break;
          869  +		} else {
          870  +			i++;
          871  +		}
          872  +	}
          873  +	
          874  +	config_lookup_int(config, "config.queueno", &conf.queueno);
          875  +	
          876  +	if (conf.queueno < 0) {
          877  +		conf.queueno = 1;
          878  +		fprintf(stderr, "queueno negative - using default");
          879  +	}
          880  +
          881  +	config_setting = config_lookup(config, "blacklistbl");
          882  +	parse_config_bl_list(config_setting, 1);
          883  +	config_setting = config_lookup(config, "whitelistbl");
          884  +	parse_config_bl_list(config_setting, 2);
          885  +	config_setting = config_lookup(config, "blacklist");
          886  +	parse_config_bl_list(config_setting, 3);
          887  +	config_setting = config_lookup(config, "whitelist");
          888  +	parse_config_bl_list(config_setting, 4);
          889  +	
          890  +}
          891  +
          892  +parse_config_bl_list(config_setting_t *c, int type) {
          893  +
          894  +	struct config_entry *ce, *tmp;
          895  +	int i = 0, len = 0;
          896  +	char *setting;
          897  +#ifdef HAVE_FIREDNS
          898  +	size_t blacklistlen = 0;
          899  +#endif
          900  +
          901  +	len = config_setting_length(c);
          902  +	while (i++ < len) {
          903  +		setting = config_setting_get_string_elem(c, i);
          904  +		ce = malloc(sizeof(struct config_entry));
          905  +		if (ce == NULL) {
          906  +			/* shouldn't happen... */
          907  +			fprintf(stderr, "Failed to allocate memory for ce struct\n");
          908  +			exit(EXIT_FAILURE);
          909  +		}
          910  +
          911  +		ce->string = (char *)strdup(setting);
          912  +		ce->next = NULL;
          913  +#ifdef HAVE_FIREDNS
          914  +		blacklistlen = strlen(ce->string);
          915  +		if (ce->string[blacklistlen - 1] == '.') {
          916  +			ce->string[blacklistlen - 1] = '\0';
          917  +		}
          918  +#endif
          919  +
          920  +		switch (type) {
          921  +			case 1:
          922  +				if (conf.blacklistbl == NULL) {
          923  +					conf.blacklistbl = ce;
          924  +					continue;
          925  +				} else {
          926  +					tmp = conf.blacklistbl;
          927  +				}
          928  +				break;
          929  +			case 2:
          930  +				if (conf.whitelistbl == NULL) {
          931  +					conf.whitelistbl = ce;
          932  +					continue;
          933  +				} else {
          934  +					tmp = conf.whitelistbl;
          935  +				}
          936  +			case 3:
          937  +				if (parse_cidr(ce) == -1) {
          938  +					fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", ce->string);
          939  +					free(ce->string);
          940  +					free(ce);
          941  +					continue;
          942  +				}
          943  +				if (conf.blacklist == NULL) {
          944  +					conf.blacklist = ce;
          945  +					continue;
          946  +				} else {
          947  +					tmp = conf.blacklist;
          948  +				}
          949  +				break;
          950  +			case 4:
          951  +				if (parse_cidr(ce) == -1) {
          952  +					fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", ce->string);
          953  +					free(ce->string);
          954  +					free(ce);
          955  +					continue;
          956  +				}
          957  +				if (conf.whitelist == NULL) {
          958  +					conf.whitelist = ce;
          959  +					continue;
          960  +				} else {
          961  +					tmp = conf.whitelist;
          962  +				}
          963  +				break;
          964  +		}	
          965  +
          966  +		while (tmp->next != NULL) {
          967  +			tmp = tmp->next;
          968  +		}
          969  +
          970  +		tmp->next = ce;
          971  +
          972  +	}
   860    973   }
          974  +	
   861    975   /*
   862    976    * SYNOPSIS:
   863    977    *   void parse_arguments(
   864    978    *                        int argc,
   865    979    *                        char **argv
   866    980    *                       );
   867    981    *
................................................................................
   901   1015   			default:
   902   1016   				exit(EXIT_FAILURE);
   903   1017   				break;
   904   1018   		}
   905   1019   	}
   906   1020   
   907   1021   	return;
   908         -}
   909         -
   910         -DOTCONF_CB(common_section_close) {
   911         -
   912         -	struct bl_context *context = (struct bl_context *)ctx;
   913         -
   914         -	return context->current_end_token;
   915         -}
   916         -
   917         -DOTCONF_CB(toggle_option) {
   918         -
   919         -	if (strcasecmp(cmd->name, "fallthroughaccept") == 0) {
   920         -		conf.default_accept = cmd->data.value;
   921         -		return NULL;
   922         -	}
   923         -	if (strcasecmp(cmd->name, "allownonport25") == 0) {
   924         -		conf.allow_non25 = cmd->data.value;
   925         -		return NULL;
   926         -	}
   927         -	if (strcasecmp(cmd->name, "dryrun") == 0) {
   928         -		conf.dryrun = cmd->data.value;
   929         -		return NULL;
   930         -	}
   931         -	if (strcasecmp(cmd->name, "allownonsyn") == 0) {
   932         -		conf.allow_nonsyn = cmd->data.value;
   933         -		return NULL;
   934         -	}
   935         -	if (strcasecmp(cmd->name, "quiet") == 0) {
   936         -		conf.quiet = cmd->data.value;
   937         -		return NULL;
   938         -	}
   939         -#ifdef USE_CACHE
   940         -	if (strcasecmp(cmd->name, "cachettl") == 0) {
   941         -		if (cmd->data.value < 0) {
   942         -			fprintf(stderr, "Error parsing config: cachettl cannot be a negative value\n");
   943         -			exit(EXIT_FAILURE);
   944         -		}
   945         -		packet_cache_ttl = cmd->data.value;
   946         -		return NULL;
   947         -	}
   948         -	if (strcasecmp(cmd->name, "cachesize") == 0) {
   949         -		if (cmd->data.value < 0) {
   950         -			fprintf(stderr, "Error parsing config: cachelen cannot be a negative value\n");
   951         -			exit(EXIT_FAILURE);
   952         -		}
   953         -		packet_cache_len = cmd->data.value;
   954         -		return NULL;
   955         -	}
   956         -#endif
   957         -
   958         -	return NULL;
   959         -}
   960         -
   961         -DOTCONF_CB(facility_option) {
   962         -
   963         -	if (strcasecmp(cmd->data.str, "auth") == 0) {
   964         -		conf.log_facility = LOG_AUTH;
   965         -	} else if (strcasecmp(cmd->data.str, "authpriv") == 0) {
   966         -		conf.log_facility = LOG_AUTHPRIV;
   967         -	} else if (strcasecmp(cmd->data.str, "cron") == 0) {
   968         -		conf.log_facility = LOG_CRON;
   969         -	} else if (strcasecmp(cmd->data.str, "daemon") == 0) {
   970         -		conf.log_facility = LOG_DAEMON;
   971         -	} else if (strcasecmp(cmd->data.str, "kern") == 0) {
   972         -		conf.log_facility = LOG_KERN;
   973         -	} else if (strcasecmp(cmd->data.str, "lpr") == 0) {
   974         -		conf.log_facility = LOG_LPR;
   975         -	} else if (strcasecmp(cmd->data.str, "mail") == 0) {
   976         -		conf.log_facility = LOG_MAIL;
   977         -	} else if (strcasecmp(cmd->data.str, "news") == 0) {
   978         -		conf.log_facility = LOG_NEWS;
   979         -	} else if (strcasecmp(cmd->data.str, "syslog") == 0) {
   980         -		conf.log_facility = LOG_SYSLOG;
   981         -	} else if (strcasecmp(cmd->data.str, "user") == 0) {
   982         -		conf.log_facility = LOG_USER;
   983         -	} else if (strcasecmp(cmd->data.str, "uucp") == 0) {
   984         -		conf.log_facility = LOG_UUCP;
   985         -	} else if (strcasecmp(cmd->data.str, "local0") == 0) {
   986         -		conf.log_facility = LOG_LOCAL0;
   987         -	} else if (strcasecmp(cmd->data.str, "local1") == 0) {
   988         -		conf.log_facility = LOG_LOCAL1;
   989         -	} else if (strcasecmp(cmd->data.str, "local2") == 0) {
   990         -		conf.log_facility = LOG_LOCAL2;
   991         -	} else if (strcasecmp(cmd->data.str, "local3") == 0) {
   992         -		conf.log_facility = LOG_LOCAL3;
   993         -	} else if (strcasecmp(cmd->data.str, "local4") == 0) {
   994         -		conf.log_facility = LOG_LOCAL4;
   995         -	} else if (strcasecmp(cmd->data.str, "local5") == 0) {
   996         -		conf.log_facility = LOG_LOCAL5;
   997         -	} else if (strcasecmp(cmd->data.str, "local6") == 0) {
   998         -		conf.log_facility = LOG_LOCAL6;
   999         -	} else if (strcasecmp(cmd->data.str, "local7") == 0) {
  1000         -		conf.log_facility = LOG_LOCAL7;
  1001         -	} else {
  1002         -		fprintf(stderr, "Log facility %s is invalid\n",
  1003         -			cmd->data.str);
  1004         -		exit(EXIT_FAILURE);
  1005         -	}
  1006         -	
  1007         -	return NULL;
  1008         -}
  1009         -
  1010         -DOTCONF_CB(common_option) {
  1011         -
  1012         -	struct config_entry *ce, *tmp=NULL;
  1013         -#ifdef HAVE_FIREDNS
  1014         -	size_t blacklistlen = 0;
  1015         -#endif
  1016         -
  1017         -	if (strcasecmp(cmd->name, "queueno") == 0) {
  1018         -		conf.queueno = cmd->data.value;
  1019         -		return NULL;
  1020         -	}
  1021         -
  1022         -	ce =  malloc(sizeof(struct config_entry));
  1023         -	if (ce == NULL) {
  1024         -		return NULL;
  1025         -	}
  1026         -
  1027         -	ce->string = (char *)strdup(cmd->data.str);
  1028         -	ce->next = NULL;
  1029         -
  1030         -	if (strcasecmp(cmd->name, "blacklistbl") == 0) {
  1031         -
  1032         -#ifdef HAVE_FIREDNS
  1033         -		blacklistlen = strlen(ce->string);
  1034         -		if (ce->string[blacklistlen-1] == '.') {
  1035         -			ce->string[blacklistlen-1]='\0';
  1036         -		}
  1037         -#endif
  1038         -
  1039         -		/* resolution check completely removed.  Will put it back
  1040         -		 * during config file and architectural revamp. */
  1041         -		if (blacklistbl == NULL) {
  1042         -			blacklistbl = ce;
  1043         -			return NULL;
  1044         -		} else {
  1045         -			tmp = blacklistbl;
  1046         -		}
  1047         -	}
  1048         -
  1049         -	if (strcasecmp(cmd->name, "whitelistbl") == 0) {
  1050         -
  1051         -#ifdef HAVE_FIREDNS
  1052         -		blacklistlen = strlen(ce->string);
  1053         -		if (ce->string[blacklistlen-1] == '.') {
  1054         -			ce->string[blacklistlen-1]='\0';
  1055         -		}
  1056         -#endif
  1057         -
  1058         -		/* resolution check completely removed.  Will put it back
  1059         -		 * during config file and architectural revamp. */
  1060         -		if (whitelistbl == NULL) {
  1061         -			whitelistbl = ce;
  1062         -			return NULL;
  1063         -		} else {
  1064         -			tmp = whitelistbl;
  1065         -		}
  1066         -	}
  1067         -
  1068         -	if (strcasecmp(cmd->name, "whitelist") == 0) {
  1069         -		if (parse_cidr(ce) == -1) {
  1070         -			fprintf(stderr, "Error parsing CIDR in %s, ignoring\n",
  1071         -				ce->string);
  1072         -			free(ce->string);
  1073         -			free(ce);
  1074         -			return NULL;
  1075         -		}
  1076         -		if (whitelist == NULL) {
  1077         -			whitelist = ce;
  1078         -			return NULL;
  1079         -		} else {
  1080         -			tmp = whitelist;
  1081         -		}
  1082         -	}
  1083         -
  1084         -	if (strcasecmp(cmd->name, "blacklist") == 0) {
  1085         -		if (parse_cidr(ce) == -1) {
  1086         -			fprintf(stderr, "Error parsing CIDR in %s, ignoring\n",
  1087         -				ce->string);
  1088         -			free(ce->string);
  1089         -			free(ce);
  1090         -			return NULL;
  1091         -		}
  1092         -		if (blacklist == NULL) {
  1093         -			blacklist = ce;
  1094         -			return NULL;
  1095         -		} else {
  1096         -			tmp = blacklist;
  1097         -		}
  1098         -	}
  1099         -
  1100         -	while (tmp->next != NULL) {
  1101         -		tmp = tmp->next;
  1102         -	}
  1103         -
  1104         -	tmp->next = ce;
  1105         -
  1106         -	return NULL;
  1107         -
  1108         -}
  1109         -
  1110         -DOTCONF_CB(host_section_open) {
  1111         -	
  1112         -	struct bl_context *context = (struct bl_context *)ctx;
  1113         -	const char *old_end_token = context->current_end_token;
  1114         -	int old_override = context->permissions;
  1115         -	const char *err = NULL;
  1116         -
  1117         -	context->permissions |= O_HOSTSECTION;
  1118         -	context->current_end_token = end_host;
  1119         -
  1120         -	while (!cmd->configfile->eof) {
  1121         -		err = dotconf_command_loop_until_error(cmd->configfile);
  1122         -		if (!err) {
  1123         -			err = "</host> is missing";
  1124         -			break;
  1125         -		}
  1126         -	
  1127         -		if (err == context->current_end_token)
  1128         -			break;
  1129         -	
  1130         -		dotconf_warning(cmd->configfile, DCLOG_ERR, 0, err);
  1131         -	}
  1132         -
  1133         -	context->current_end_token = old_end_token;
  1134         -	context->permissions = old_override;
  1135         -
  1136         -	if (err != end_host)
  1137         -		return err;
  1138         -
  1139         -	return NULL;
  1140         -
  1141   1022   }
  1142   1023   
  1143   1024   /*
  1144   1025    * SYNOPSIS:
  1145   1026    *   int parse_cidr(
  1146   1027    *                  struct config_entry *ce
  1147   1028    *                 );