Diff

Differences From Artifact [72cafc699e]:

To Artifact [047b0a35f3]:


177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
int check_packet_dnsbl(const struct packet_info *ip, struct config_entry *list);
int parse_cidr(struct config_entry *ce);
/* int validate_blacklist(char *); */
void parse_config(void);
void parse_arguments(int argc, char **argv);
void pbl_init_sockstat(void);
static void get_ip_string(const struct packet_info *ip);
static void pbl_set_verdict(const struct PBL_HANDLE *h, PBL_ID_T id,
        unsigned int verdict);

static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
	struct nfq_data *nfa, void *data);
	
static const configoption_t options[] = {
	{"<host>", ARG_NONE, host_section_open, NULL, O_ROOT},







|







177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
int check_packet_dnsbl(const struct packet_info *ip, struct config_entry *list);
int parse_cidr(struct config_entry *ce);
/* int validate_blacklist(char *); */
void parse_config(void);
void parse_arguments(int argc, char **argv);
void pbl_init_sockstat(void);
static void get_ip_string(const struct packet_info *ip);
static void pbl_set_verdict(struct PBL_HANDLE *h, PBL_ID_T id,
        unsigned int verdict);

static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
	struct nfq_data *nfa, void *data);
	
static const configoption_t options[] = {
	{"<host>", ARG_NONE, host_section_open, NULL, O_ROOT},
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
 * NOTES:
 *   This function calls ipq_set_verdict() to the appropriate "verdict"
 *   It must be able to handle the condition where "conf.dryrun" is set
 *   causing all "verdict" values to be treated as NF_ACCEPT regardless
 *   of their actual value.
 *
 */
static void pbl_set_verdict(const struct PBL_HANDLE *h, PBL_ID_T id,
	unsigned int verdict) {

	if (conf.dryrun == 1) {
		SET_VERDICT(h, id, NF_ACCEPT, 0, NULL);
	} else {
		SET_VERDICT(h, id, verdict, 0, NULL);
	}







|







582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
 * NOTES:
 *   This function calls ipq_set_verdict() to the appropriate "verdict"
 *   It must be able to handle the condition where "conf.dryrun" is set
 *   causing all "verdict" values to be treated as NF_ACCEPT regardless
 *   of their actual value.
 *
 */
static void pbl_set_verdict(struct PBL_HANDLE *h, PBL_ID_T id,
	unsigned int verdict) {

	if (conf.dryrun == 1) {
		SET_VERDICT(h, id, NF_ACCEPT, 0, NULL);
	} else {
		SET_VERDICT(h, id, verdict, 0, NULL);
	}