Diff

Differences From Artifact [72cafc699e]:

To Artifact [047b0a35f3]:


177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
...
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
int check_packet_dnsbl(const struct packet_info *ip, struct config_entry *list);
int parse_cidr(struct config_entry *ce);
/* int validate_blacklist(char *); */
void parse_config(void);
void parse_arguments(int argc, char **argv);
void pbl_init_sockstat(void);
static void get_ip_string(const struct packet_info *ip);
static void pbl_set_verdict(const struct PBL_HANDLE *h, PBL_ID_T id,
        unsigned int verdict);

static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
	struct nfq_data *nfa, void *data);
	
static const configoption_t options[] = {
	{"<host>", ARG_NONE, host_section_open, NULL, O_ROOT},
................................................................................
 * NOTES:
 *   This function calls ipq_set_verdict() to the appropriate "verdict"
 *   It must be able to handle the condition where "conf.dryrun" is set
 *   causing all "verdict" values to be treated as NF_ACCEPT regardless
 *   of their actual value.
 *
 */
static void pbl_set_verdict(const struct PBL_HANDLE *h, PBL_ID_T id,
	unsigned int verdict) {

	if (conf.dryrun == 1) {
		SET_VERDICT(h, id, NF_ACCEPT, 0, NULL);
	} else {
		SET_VERDICT(h, id, verdict, 0, NULL);
	}







|







 







|







177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
...
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
int check_packet_dnsbl(const struct packet_info *ip, struct config_entry *list);
int parse_cidr(struct config_entry *ce);
/* int validate_blacklist(char *); */
void parse_config(void);
void parse_arguments(int argc, char **argv);
void pbl_init_sockstat(void);
static void get_ip_string(const struct packet_info *ip);
static void pbl_set_verdict(struct PBL_HANDLE *h, PBL_ID_T id,
        unsigned int verdict);

static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
	struct nfq_data *nfa, void *data);
	
static const configoption_t options[] = {
	{"<host>", ARG_NONE, host_section_open, NULL, O_ROOT},
................................................................................
 * NOTES:
 *   This function calls ipq_set_verdict() to the appropriate "verdict"
 *   It must be able to handle the condition where "conf.dryrun" is set
 *   causing all "verdict" values to be treated as NF_ACCEPT regardless
 *   of their actual value.
 *
 */
static void pbl_set_verdict(struct PBL_HANDLE *h, PBL_ID_T id,
	unsigned int verdict) {

	if (conf.dryrun == 1) {
		SET_VERDICT(h, id, NF_ACCEPT, 0, NULL);
	} else {
		SET_VERDICT(h, id, verdict, 0, NULL);
	}