Index: autom4te.cache/output.0 ================================================================== --- autom4te.cache/output.0 +++ autom4te.cache/output.0 @@ -3876,111 +3876,58 @@ fi done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pool_free in -lpool" >&5 -$as_echo_n "checking for pool_free in -lpool... " >&6; } -if test "${ac_cv_lib_pool_pool_free+set}" = set; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for config_init in -lconfig" >&5 +$as_echo_n "checking for config_init in -lconfig... " >&6; } +if test "${ac_cv_lib_config_config_init+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lpool $LIBS" +LIBS="-lconfig $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif -char pool_free (); -int -main () -{ -return pool_free (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_pool_pool_free=yes -else - ac_cv_lib_pool_pool_free=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pool_pool_free" >&5 -$as_echo "$ac_cv_lib_pool_pool_free" >&6; } -if test "x$ac_cv_lib_pool_pool_free" = x""yes; then : - - -$as_echo "@%:@define HAVE_POOL /**/" >>confdefs.h - - LIBS="$LIBS -lpool" - -else - - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "You must have dotconf (libpool), find it here: http://www.azzit.de/dotconf/ -See \`config.log' for more details" "$LINENO" 5; } - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dotconf_create in -ldotconf" >&5 -$as_echo_n "checking for dotconf_create in -ldotconf... " >&6; } -if test "${ac_cv_lib_dotconf_dotconf_create+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldotconf $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dotconf_create (); -int -main () -{ -return dotconf_create (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_dotconf_dotconf_create=yes -else - ac_cv_lib_dotconf_dotconf_create=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dotconf_dotconf_create" >&5 -$as_echo "$ac_cv_lib_dotconf_dotconf_create" >&6; } -if test "x$ac_cv_lib_dotconf_dotconf_create" = x""yes; then : - - -$as_echo "@%:@define HAVE_DOTCONF /**/" >>confdefs.h - - LIBS="$LIBS -ldotconf" - -else - - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "You must have dotconf, find it here: http://www.azzit.de/dotconf/ +char config_init (); +int +main () +{ +return config_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_config_config_init=yes +else + ac_cv_lib_config_config_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_config_config_init" >&5 +$as_echo "$ac_cv_lib_config_config_init" >&6; } +if test "x$ac_cv_lib_config_config_init" = x""yes; then : + + +$as_echo "@%:@define HAVE_LIBCONFIG /**/" >>confdefs.h + + LIBS="$LIBS -lconfig" + +else + + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "You must have libconfig See \`config.log' for more details" "$LINENO" 5; } fi Index: autom4te.cache/traces.0 ================================================================== --- autom4te.cache/traces.0 +++ autom4te.cache/traces.0 @@ -386,47 +386,43 @@ @%:@undef HAVE_INTTYPES_H]) m4trace:configure.in:47: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the header file. */ @%:@undef HAVE_STDINT_H]) m4trace:configure.in:47: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the header file. */ @%:@undef HAVE_UNISTD_H]) -m4trace:configure.in:49: -1- AC_DEFINE_TRACE_LITERAL([HAVE_POOL]) -m4trace:configure.in:49: -1- m4_pattern_allow([^HAVE_POOL$]) -m4trace:configure.in:49: -1- AH_OUTPUT([HAVE_POOL], [/* Enable if you have the required pool library */ -@%:@undef HAVE_POOL]) -m4trace:configure.in:56: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DOTCONF]) -m4trace:configure.in:56: -1- m4_pattern_allow([^HAVE_DOTCONF$]) -m4trace:configure.in:56: -1- AH_OUTPUT([HAVE_DOTCONF], [/* Enable if you have the required dotconf library. */ -@%:@undef HAVE_DOTCONF]) -m4trace:configure.in:63: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFQUEUE]) -m4trace:configure.in:63: -1- m4_pattern_allow([^HAVE_NFQUEUE$]) -m4trace:configure.in:63: -1- AH_OUTPUT([HAVE_NFQUEUE], [/* Enable if you have nfqueue */ +m4trace:configure.in:49: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCONFIG]) +m4trace:configure.in:49: -1- m4_pattern_allow([^HAVE_LIBCONFIG$]) +m4trace:configure.in:49: -1- AH_OUTPUT([HAVE_LIBCONFIG], [/* Enable if you have the required libconfig library. */ +@%:@undef HAVE_LIBCONFIG]) +m4trace:configure.in:56: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFQUEUE]) +m4trace:configure.in:56: -1- m4_pattern_allow([^HAVE_NFQUEUE$]) +m4trace:configure.in:56: -1- AH_OUTPUT([HAVE_NFQUEUE], [/* Enable if you have nfqueue */ @%:@undef HAVE_NFQUEUE]) -m4trace:configure.in:73: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFNETLINK]) -m4trace:configure.in:73: -1- m4_pattern_allow([^HAVE_NFNETLINK$]) -m4trace:configure.in:73: -1- AH_OUTPUT([HAVE_NFNETLINK], [/* Enable if netlink exists */ +m4trace:configure.in:66: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NFNETLINK]) +m4trace:configure.in:66: -1- m4_pattern_allow([^HAVE_NFNETLINK$]) +m4trace:configure.in:66: -1- AH_OUTPUT([HAVE_NFNETLINK], [/* Enable if netlink exists */ @%:@undef HAVE_NFNETLINK]) -m4trace:configure.in:86: -1- AC_DEFINE_TRACE_LITERAL([HAVE_FIREDNS]) -m4trace:configure.in:86: -1- m4_pattern_allow([^HAVE_FIREDNS$]) -m4trace:configure.in:86: -1- AH_OUTPUT([HAVE_FIREDNS], [/* Enable if you have the optional firedns library */ +m4trace:configure.in:79: -1- AC_DEFINE_TRACE_LITERAL([HAVE_FIREDNS]) +m4trace:configure.in:79: -1- m4_pattern_allow([^HAVE_FIREDNS$]) +m4trace:configure.in:79: -1- AH_OUTPUT([HAVE_FIREDNS], [/* Enable if you have the optional firedns library */ @%:@undef HAVE_FIREDNS]) -m4trace:configure.in:99: -1- AC_DEFINE_TRACE_LITERAL([USE_CACHE]) -m4trace:configure.in:99: -1- m4_pattern_allow([^USE_CACHE$]) -m4trace:configure.in:99: -1- AH_OUTPUT([USE_CACHE], [/* Enable if you want to use a caching mechanism. */ +m4trace:configure.in:92: -1- AC_DEFINE_TRACE_LITERAL([USE_CACHE]) +m4trace:configure.in:92: -1- m4_pattern_allow([^USE_CACHE$]) +m4trace:configure.in:92: -1- AH_OUTPUT([USE_CACHE], [/* Enable if you want to use a caching mechanism. */ @%:@undef USE_CACHE]) -m4trace:configure.in:104: -1- AC_CONFIG_FILES([Makefile]) -m4trace:configure.in:105: -1- AC_CONFIG_HEADERS([config.h]) -m4trace:configure.in:106: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([LIB@&t@OBJS]) -m4trace:configure.in:106: -1- m4_pattern_allow([^LIB@&t@OBJS$]) -m4trace:configure.in:106: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([LTLIBOBJS]) -m4trace:configure.in:106: -1- m4_pattern_allow([^LTLIBOBJS$]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([top_builddir]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([top_build_prefix]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([srcdir]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([abs_srcdir]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([top_srcdir]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([abs_top_srcdir]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([builddir]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([abs_builddir]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([abs_top_builddir]) -m4trace:configure.in:106: -1- AC_SUBST_TRACE([INSTALL]) +m4trace:configure.in:97: -1- AC_CONFIG_FILES([Makefile]) +m4trace:configure.in:98: -1- AC_CONFIG_HEADERS([config.h]) +m4trace:configure.in:99: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([LIB@&t@OBJS]) +m4trace:configure.in:99: -1- m4_pattern_allow([^LIB@&t@OBJS$]) +m4trace:configure.in:99: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([LTLIBOBJS]) +m4trace:configure.in:99: -1- m4_pattern_allow([^LTLIBOBJS$]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([top_builddir]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([top_build_prefix]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([srcdir]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_srcdir]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([top_srcdir]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_top_srcdir]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([builddir]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_builddir]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([abs_top_builddir]) +m4trace:configure.in:99: -1- AC_SUBST_TRACE([INSTALL]) Index: configure ================================================================== --- configure +++ configure @@ -3876,111 +3876,58 @@ fi done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pool_free in -lpool" >&5 -$as_echo_n "checking for pool_free in -lpool... " >&6; } -if test "${ac_cv_lib_pool_pool_free+set}" = set; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for config_init in -lconfig" >&5 +$as_echo_n "checking for config_init in -lconfig... " >&6; } +if test "${ac_cv_lib_config_config_init+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lpool $LIBS" +LIBS="-lconfig $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif -char pool_free (); -int -main () -{ -return pool_free (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_pool_pool_free=yes -else - ac_cv_lib_pool_pool_free=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pool_pool_free" >&5 -$as_echo "$ac_cv_lib_pool_pool_free" >&6; } -if test "x$ac_cv_lib_pool_pool_free" = x""yes; then : - - -$as_echo "#define HAVE_POOL /**/" >>confdefs.h - - LIBS="$LIBS -lpool" - -else - - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "You must have dotconf (libpool), find it here: http://www.azzit.de/dotconf/ -See \`config.log' for more details" "$LINENO" 5; } - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dotconf_create in -ldotconf" >&5 -$as_echo_n "checking for dotconf_create in -ldotconf... " >&6; } -if test "${ac_cv_lib_dotconf_dotconf_create+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldotconf $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dotconf_create (); -int -main () -{ -return dotconf_create (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_dotconf_dotconf_create=yes -else - ac_cv_lib_dotconf_dotconf_create=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dotconf_dotconf_create" >&5 -$as_echo "$ac_cv_lib_dotconf_dotconf_create" >&6; } -if test "x$ac_cv_lib_dotconf_dotconf_create" = x""yes; then : - - -$as_echo "#define HAVE_DOTCONF /**/" >>confdefs.h - - LIBS="$LIBS -ldotconf" - -else - - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "You must have dotconf, find it here: http://www.azzit.de/dotconf/ +char config_init (); +int +main () +{ +return config_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_config_config_init=yes +else + ac_cv_lib_config_config_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_config_config_init" >&5 +$as_echo "$ac_cv_lib_config_config_init" >&6; } +if test "x$ac_cv_lib_config_config_init" = x""yes; then : + + +$as_echo "#define HAVE_LIBCONFIG /**/" >>confdefs.h + + LIBS="$LIBS -lconfig" + +else + + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "You must have libconfig See \`config.log' for more details" "$LINENO" 5; } fi Index: configure.in ================================================================== --- configure.in +++ configure.in @@ -44,22 +44,15 @@ ]) AC_CHECK_HEADERS(libipq.h stdlib.h stdio.h string.h netinet/in.h netinet/tcp.h resolv.h netdb.h ctype.h syslog.h sys/stat.h sys/types.h unistd.h getopt.h dotconf.h libpool.h time.h) -AC_CHECK_LIB(pool, pool_free, [ - AC_DEFINE(HAVE_POOL, [], [Enable if you have the required pool library]) - LIBS="$LIBS -lpool" -], [ - AC_MSG_FAILURE([You must have dotconf (libpool), find it here: http://www.azzit.de/dotconf/]) -]) - -AC_CHECK_LIB(dotconf, dotconf_create, [ - AC_DEFINE(HAVE_DOTCONF, [], [Enable if you have the required dotconf library.]) - LIBS="$LIBS -ldotconf" -], [ - AC_MSG_FAILURE([You must have dotconf, find it here: http://www.azzit.de/dotconf/]) +AC_CHECK_LIB(config, config_init, [ + AC_DEFINE(HAVE_LIBCONFIG, [], [Enable if you have the required libconfig library.]) + LIBS="$LIBS -lconfig" +], [ + AC_MSG_FAILURE([You must have libconfig]) ]) AC_CHECK_LIB(netfilter_queue, nfq_set_verdict, [ AC_DEFINE(HAVE_NFQUEUE, [], [Enable if you have nfqueue]) LIBS="$LIBS -lnetfilter_queue" Index: packetbl.c ================================================================== --- packetbl.c +++ packetbl.c @@ -32,13 +32,11 @@ #include #include #include #include #include - -#include -#include +#include #ifdef USE_SOCKSTAT #include #include #include @@ -106,36 +104,10 @@ struct packet_info ip; struct cidr cidr; }; -struct config_entry *blacklistbl = NULL; -struct config_entry *whitelistbl = NULL; -struct config_entry *blacklist = NULL; -struct config_entry *whitelist = NULL; - -struct bl_context { - - int permissions; - const char *current_end_token; - - pool_t *pool; -}; - -enum permissions { - O_ROOT = 1, - O_HOSTSECTION = 2, - O_LAST = 4 -}; - -static DOTCONF_CB(host_section_open); -static DOTCONF_CB(common_section_close); -static DOTCONF_CB(common_option); -static DOTCONF_CB(toggle_option); -static DOTCONF_CB(facility_option); - -static const char *end_host = ""; char msgbuf[BUFFERSIZE]; struct config { int allow_non25; int allow_nonsyn; @@ -143,12 +115,17 @@ int dryrun; int log_facility; int queueno; int quiet; int debug; + struct config_entry *blacklistbl; + struct config_entry *whitelistbl; + struct config_entry *blacklist; + struct config_entry *whitelist; }; -static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 0 }; + +static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 0, 0, 0, NULL, NULL, NULL, NULL }; struct pbl_stat_info { uint32_t cacheaccept; uint32_t cachereject; uint32_t whitelistblhits; @@ -187,40 +164,38 @@ unsigned int verdict); static int pbl_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *data); -static const configoption_t options[] = { - {"", ARG_NONE, host_section_open, NULL, O_ROOT}, - {"", ARG_NONE, common_section_close, NULL, O_ROOT}, - {"blacklistbl", ARG_STR, common_option, NULL, O_HOSTSECTION}, - {"whitelistbl", ARG_STR, common_option, NULL, O_HOSTSECTION}, - {"whitelist", ARG_STR, common_option, NULL, O_HOSTSECTION}, - {"blacklist", ARG_STR, common_option, NULL, O_HOSTSECTION}, - {"fallthroughaccept", ARG_TOGGLE, toggle_option, NULL, O_ROOT}, - {"allownonport25", ARG_TOGGLE, toggle_option, NULL, O_ROOT}, - {"allownonsyn", ARG_TOGGLE, toggle_option, NULL, O_ROOT}, - {"dryrun", ARG_TOGGLE, toggle_option, NULL, O_ROOT}, - {"quiet", ARG_TOGGLE, toggle_option, NULL, O_ROOT}, -#ifdef USE_CACHE - {"cachettl", ARG_INT, toggle_option, NULL, O_ROOT}, - {"cachesize", ARG_INT, toggle_option, NULL, O_ROOT}, -#endif - {"logfacility", ARG_STR, facility_option, NULL, O_ROOT}, -#ifdef HAVE_NFQUEUE - {"queueno", ARG_INT, common_option, NULL, O_ROOT}, -#endif - LAST_OPTION +typedef struct facility { + char *string; + int num; +} facility; + +static struct facility facenum[] = { + {"auth", LOG_AUTH}, + {"authpriv", LOG_AUTHPRIV}, + {"cron", LOG_CRON}, + {"daemon", LOG_DAEMON}, + {"kern", LOG_KERN}, + {"lpr", LOG_LPR}, + {"mail", LOG_MAIL}, + {"news", LOG_NEWS}, + {"syslog", LOG_SYSLOG}, + {"user", LOG_USER}, + {"uucp", LOG_UUCP}, + {"local0", LOG_LOCAL0}, + {"local1", LOG_LOCAL1}, + {"local2", LOG_LOCAL2}, + {"local3", LOG_LOCAL3}, + {"local4", LOG_LOCAL4}, + {"local5", LOG_LOCAL5}, + {"local6", LOG_LOCAL6}, + {"local7", LOG_LOCAL7}, + NULL }; -FUNC_ERRORHANDLER(error_handler) { - - fprintf(stderr, "[error] %s\n", msg); - return 1; - -} - /* * SYNOPSIS: * void daemonize(void); * * NOTES: @@ -423,11 +398,11 @@ /* the get_ip_string is set AFTER the check_packet_* * calls because of the possibility they could screw with * msgbuf. They shouldn't, really, but better safe than * sorry, at least for now. */ - if (check_packet_list(&ip, whitelist) == 1) { + if (check_packet_list(&ip, conf.whitelist) == 1) { get_ip_string(&ip); if (!conf.quiet) { if (conf.debug == 0) { syslog(LOG_INFO, "[accept whitelist] [%s]", @@ -439,11 +414,11 @@ } } statistics.whitelisthits++; retval=NF_ACCEPT; } else - if (check_packet_list(&ip, blacklist) == 1) { + if (check_packet_list(&ip, conf.blacklist) == 1) { get_ip_string(&ip); if (!conf.quiet) { if (conf.debug == 0) { syslog(LOG_INFO, "[reject blacklist] [%s]", @@ -456,11 +431,11 @@ } statistics.blacklisthits++; retval=NF_DROP; } else - if (check_packet_dnsbl(&ip, whitelistbl) == 1) { + if (check_packet_dnsbl(&ip, conf.whitelistbl) == 1) { get_ip_string(&ip); if (!conf.quiet) { if (conf.debug == 0) { syslog(LOG_INFO, "[accept dnsbl] [%s]", @@ -472,11 +447,11 @@ } } statistics.whitelistblhits++; retval=NF_ACCEPT; } else - if (check_packet_dnsbl(&ip, blacklistbl) == 1) { + if (check_packet_dnsbl(&ip, conf.blacklistbl) == 1) { get_ip_string(&ip); if (!conf.quiet) { if (conf.debug == 0) { syslog(LOG_INFO, "[reject dnsbl] [%s]", @@ -836,30 +811,169 @@ * it should only be called during start-up and not from the main loop. * */ void parse_config(void) { - configfile_t *configfile; - struct bl_context context; - - context.pool = pool_new(NULL); - configfile = dotconf_create(CONFIGFILE, options, (void *)&context, - CASE_INSENSITIVE); - if (!configfile) { - fprintf(stderr, "Error opening config file\n"); - exit(EXIT_FAILURE); - } - if (dotconf_command_loop(configfile) == 0) { - fprintf(stderr, "Error reading configuration file\n"); + config_t *config = NULL; + config_setting_t *config_setting = NULL; + struct ce *config_entry = NULL; + int result = 0; + int i = 0; + const char *facstr = NULL; + + config_init(config); + result = config_read_file(config, "test.config"); + if (result == CONFIG_FALSE) { + if (config_error_type(config) == CONFIG_ERR_PARSE) { + fprintf (stderr, "Error parsing config file %s, line %d: %s\n", + config_error_file(config), + config_error_line(config), + config_error_text(config)); + } + if (config_error_type(config) == CONFIG_ERR_FILE_IO) { + fprintf (stderr, "Error reading config file: %s\n", + config_error_text(config)); + } exit(EXIT_FAILURE); } - dotconf_cleanup(configfile); - pool_free(context.pool); + /* there are default, so I'm not checking return values. If it fails, + * then we'll just stay with the default, whatever that might be. */ + config_lookup_bool(config, "options.fallthroughaccept", &conf.default_accept); + config_lookup_bool(config, "options.allownonport25", &conf.allow_non25); + config_lookup_bool(config, "options.dryrun", &conf.dryrun); + config_lookup_bool(config, "options.allownonsyn", &conf.allow_nonsyn); + config_lookup_bool(config, "options.quiet", &conf.quiet); + +#ifdef USE_CACHE + config_lookup_int(config, "cache.ttl", &packet_cache_ttl); + + if (packet_cache_ttl < 0) { + packet_cache_ttl = USE_CACHE_DEF_TTL; + fprintf(stderr, "config cache TTL negative - using default"); + } + + config_lookup_int(config, "cache.len", &packet_cache_len); + + if (packet_cache_len < 0) { + packet_cache_len = USE_CACHE_DEF_LEN; + fprintf(stderr, "config size TTL negative - using default"); + } +#endif + + config_lookup_string(config, "log.facility", &facstr); + i = 0; + while (&facenum[i] != NULL) { + if (strcasecmp(facenum[i].string, facstr) == 0) { + conf.log_facility = facenum[i].num; + break; + } else { + i++; + } + } + + config_lookup_int(config, "config.queueno", &conf.queueno); + + if (conf.queueno < 0) { + conf.queueno = 1; + fprintf(stderr, "queueno negative - using default"); + } + + config_setting = config_lookup(config, "blacklistbl"); + parse_config_bl_list(config_setting, 1); + config_setting = config_lookup(config, "whitelistbl"); + parse_config_bl_list(config_setting, 2); + config_setting = config_lookup(config, "blacklist"); + parse_config_bl_list(config_setting, 3); + config_setting = config_lookup(config, "whitelist"); + parse_config_bl_list(config_setting, 4); + +} + +parse_config_bl_list(config_setting_t *c, int type) { + + struct config_entry *ce, *tmp; + int i = 0, len = 0; + char *setting; +#ifdef HAVE_FIREDNS + size_t blacklistlen = 0; +#endif + + len = config_setting_length(c); + while (i++ < len) { + setting = config_setting_get_string_elem(c, i); + ce = malloc(sizeof(struct config_entry)); + if (ce == NULL) { + /* shouldn't happen... */ + fprintf(stderr, "Failed to allocate memory for ce struct\n"); + exit(EXIT_FAILURE); + } + + ce->string = (char *)strdup(setting); + ce->next = NULL; +#ifdef HAVE_FIREDNS + blacklistlen = strlen(ce->string); + if (ce->string[blacklistlen - 1] == '.') { + ce->string[blacklistlen - 1] = '\0'; + } +#endif + + switch (type) { + case 1: + if (conf.blacklistbl == NULL) { + conf.blacklistbl = ce; + continue; + } else { + tmp = conf.blacklistbl; + } + break; + case 2: + if (conf.whitelistbl == NULL) { + conf.whitelistbl = ce; + continue; + } else { + tmp = conf.whitelistbl; + } + case 3: + if (parse_cidr(ce) == -1) { + fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", ce->string); + free(ce->string); + free(ce); + continue; + } + if (conf.blacklist == NULL) { + conf.blacklist = ce; + continue; + } else { + tmp = conf.blacklist; + } + break; + case 4: + if (parse_cidr(ce) == -1) { + fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", ce->string); + free(ce->string); + free(ce); + continue; + } + if (conf.whitelist == NULL) { + conf.whitelist = ce; + continue; + } else { + tmp = conf.whitelist; + } + break; + } + + while (tmp->next != NULL) { + tmp = tmp->next; + } + + tmp->next = ce; - return; + } } + /* * SYNOPSIS: * void parse_arguments( * int argc, * char **argv @@ -903,243 +1017,10 @@ break; } } return; -} - -DOTCONF_CB(common_section_close) { - - struct bl_context *context = (struct bl_context *)ctx; - - return context->current_end_token; -} - -DOTCONF_CB(toggle_option) { - - if (strcasecmp(cmd->name, "fallthroughaccept") == 0) { - conf.default_accept = cmd->data.value; - return NULL; - } - if (strcasecmp(cmd->name, "allownonport25") == 0) { - conf.allow_non25 = cmd->data.value; - return NULL; - } - if (strcasecmp(cmd->name, "dryrun") == 0) { - conf.dryrun = cmd->data.value; - return NULL; - } - if (strcasecmp(cmd->name, "allownonsyn") == 0) { - conf.allow_nonsyn = cmd->data.value; - return NULL; - } - if (strcasecmp(cmd->name, "quiet") == 0) { - conf.quiet = cmd->data.value; - return NULL; - } -#ifdef USE_CACHE - if (strcasecmp(cmd->name, "cachettl") == 0) { - if (cmd->data.value < 0) { - fprintf(stderr, "Error parsing config: cachettl cannot be a negative value\n"); - exit(EXIT_FAILURE); - } - packet_cache_ttl = cmd->data.value; - return NULL; - } - if (strcasecmp(cmd->name, "cachesize") == 0) { - if (cmd->data.value < 0) { - fprintf(stderr, "Error parsing config: cachelen cannot be a negative value\n"); - exit(EXIT_FAILURE); - } - packet_cache_len = cmd->data.value; - return NULL; - } -#endif - - return NULL; -} - -DOTCONF_CB(facility_option) { - - if (strcasecmp(cmd->data.str, "auth") == 0) { - conf.log_facility = LOG_AUTH; - } else if (strcasecmp(cmd->data.str, "authpriv") == 0) { - conf.log_facility = LOG_AUTHPRIV; - } else if (strcasecmp(cmd->data.str, "cron") == 0) { - conf.log_facility = LOG_CRON; - } else if (strcasecmp(cmd->data.str, "daemon") == 0) { - conf.log_facility = LOG_DAEMON; - } else if (strcasecmp(cmd->data.str, "kern") == 0) { - conf.log_facility = LOG_KERN; - } else if (strcasecmp(cmd->data.str, "lpr") == 0) { - conf.log_facility = LOG_LPR; - } else if (strcasecmp(cmd->data.str, "mail") == 0) { - conf.log_facility = LOG_MAIL; - } else if (strcasecmp(cmd->data.str, "news") == 0) { - conf.log_facility = LOG_NEWS; - } else if (strcasecmp(cmd->data.str, "syslog") == 0) { - conf.log_facility = LOG_SYSLOG; - } else if (strcasecmp(cmd->data.str, "user") == 0) { - conf.log_facility = LOG_USER; - } else if (strcasecmp(cmd->data.str, "uucp") == 0) { - conf.log_facility = LOG_UUCP; - } else if (strcasecmp(cmd->data.str, "local0") == 0) { - conf.log_facility = LOG_LOCAL0; - } else if (strcasecmp(cmd->data.str, "local1") == 0) { - conf.log_facility = LOG_LOCAL1; - } else if (strcasecmp(cmd->data.str, "local2") == 0) { - conf.log_facility = LOG_LOCAL2; - } else if (strcasecmp(cmd->data.str, "local3") == 0) { - conf.log_facility = LOG_LOCAL3; - } else if (strcasecmp(cmd->data.str, "local4") == 0) { - conf.log_facility = LOG_LOCAL4; - } else if (strcasecmp(cmd->data.str, "local5") == 0) { - conf.log_facility = LOG_LOCAL5; - } else if (strcasecmp(cmd->data.str, "local6") == 0) { - conf.log_facility = LOG_LOCAL6; - } else if (strcasecmp(cmd->data.str, "local7") == 0) { - conf.log_facility = LOG_LOCAL7; - } else { - fprintf(stderr, "Log facility %s is invalid\n", - cmd->data.str); - exit(EXIT_FAILURE); - } - - return NULL; -} - -DOTCONF_CB(common_option) { - - struct config_entry *ce, *tmp=NULL; -#ifdef HAVE_FIREDNS - size_t blacklistlen = 0; -#endif - - if (strcasecmp(cmd->name, "queueno") == 0) { - conf.queueno = cmd->data.value; - return NULL; - } - - ce = malloc(sizeof(struct config_entry)); - if (ce == NULL) { - return NULL; - } - - ce->string = (char *)strdup(cmd->data.str); - ce->next = NULL; - - if (strcasecmp(cmd->name, "blacklistbl") == 0) { - -#ifdef HAVE_FIREDNS - blacklistlen = strlen(ce->string); - if (ce->string[blacklistlen-1] == '.') { - ce->string[blacklistlen-1]='\0'; - } -#endif - - /* resolution check completely removed. Will put it back - * during config file and architectural revamp. */ - if (blacklistbl == NULL) { - blacklistbl = ce; - return NULL; - } else { - tmp = blacklistbl; - } - } - - if (strcasecmp(cmd->name, "whitelistbl") == 0) { - -#ifdef HAVE_FIREDNS - blacklistlen = strlen(ce->string); - if (ce->string[blacklistlen-1] == '.') { - ce->string[blacklistlen-1]='\0'; - } -#endif - - /* resolution check completely removed. Will put it back - * during config file and architectural revamp. */ - if (whitelistbl == NULL) { - whitelistbl = ce; - return NULL; - } else { - tmp = whitelistbl; - } - } - - if (strcasecmp(cmd->name, "whitelist") == 0) { - if (parse_cidr(ce) == -1) { - fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", - ce->string); - free(ce->string); - free(ce); - return NULL; - } - if (whitelist == NULL) { - whitelist = ce; - return NULL; - } else { - tmp = whitelist; - } - } - - if (strcasecmp(cmd->name, "blacklist") == 0) { - if (parse_cidr(ce) == -1) { - fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", - ce->string); - free(ce->string); - free(ce); - return NULL; - } - if (blacklist == NULL) { - blacklist = ce; - return NULL; - } else { - tmp = blacklist; - } - } - - while (tmp->next != NULL) { - tmp = tmp->next; - } - - tmp->next = ce; - - return NULL; - -} - -DOTCONF_CB(host_section_open) { - - struct bl_context *context = (struct bl_context *)ctx; - const char *old_end_token = context->current_end_token; - int old_override = context->permissions; - const char *err = NULL; - - context->permissions |= O_HOSTSECTION; - context->current_end_token = end_host; - - while (!cmd->configfile->eof) { - err = dotconf_command_loop_until_error(cmd->configfile); - if (!err) { - err = " is missing"; - break; - } - - if (err == context->current_end_token) - break; - - dotconf_warning(cmd->configfile, DCLOG_ERR, 0, err); - } - - context->current_end_token = old_end_token; - context->permissions = old_override; - - if (err != end_host) - return err; - - return NULL; - } /* * SYNOPSIS: * int parse_cidr(