177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
int check_packet_dnsbl(const struct packet_info *ip, struct config_entry *list);
int parse_cidr(struct config_entry *ce);
/* int validate_blacklist(char *); */
void parse_config(void);
void parse_arguments(int argc, char **argv);
void pbl_init_sockstat(void);
static void get_ip_string(const struct packet_info *ip);
static void pbl_set_verdict(const struct PBL_HANDLE *h, PBL_ID_T id,
unsigned int verdict);
static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
struct nfq_data *nfa, void *data);
static const configoption_t options[] = {
{"<host>", ARG_NONE, host_section_open, NULL, O_ROOT},
|
|
|
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
int check_packet_dnsbl(const struct packet_info *ip, struct config_entry *list);
int parse_cidr(struct config_entry *ce);
/* int validate_blacklist(char *); */
void parse_config(void);
void parse_arguments(int argc, char **argv);
void pbl_init_sockstat(void);
static void get_ip_string(const struct packet_info *ip);
static void pbl_set_verdict(struct PBL_HANDLE *h, PBL_ID_T id,
unsigned int verdict);
static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
struct nfq_data *nfa, void *data);
static const configoption_t options[] = {
{"<host>", ARG_NONE, host_section_open, NULL, O_ROOT},
|
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
|
* NOTES:
* This function calls ipq_set_verdict() to the appropriate "verdict"
* It must be able to handle the condition where "conf.dryrun" is set
* causing all "verdict" values to be treated as NF_ACCEPT regardless
* of their actual value.
*
*/
static void pbl_set_verdict(const struct PBL_HANDLE *h, PBL_ID_T id,
unsigned int verdict) {
if (conf.dryrun == 1) {
SET_VERDICT(h, id, NF_ACCEPT, 0, NULL);
} else {
SET_VERDICT(h, id, verdict, 0, NULL);
}
|
|
|
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
|
* NOTES:
* This function calls ipq_set_verdict() to the appropriate "verdict"
* It must be able to handle the condition where "conf.dryrun" is set
* causing all "verdict" values to be treated as NF_ACCEPT regardless
* of their actual value.
*
*/
static void pbl_set_verdict(struct PBL_HANDLE *h, PBL_ID_T id,
unsigned int verdict) {
if (conf.dryrun == 1) {
SET_VERDICT(h, id, NF_ACCEPT, 0, NULL);
} else {
SET_VERDICT(h, id, verdict, 0, NULL);
}
|