︙ | | | ︙ | |
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
struct packet_info {
uint8_t b1;
uint8_t b2;
uint8_t b3;
uint8_t b4;
int s_port;
int d_port;
int flags;
};
struct cidr {
uint32_t ip;
|
|
|
|
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
struct packet_info {
uint8_t b1;
uint8_t b2;
uint8_t b3;
uint8_t b4;
unsigned int s_port;
unsigned int d_port;
int flags;
};
struct cidr {
uint32_t ip;
|
︙ | | | ︙ | |
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
int debug;
struct config_entry *blacklistbl;
struct config_entry *whitelistbl;
struct config_entry *blacklist;
struct config_entry *whitelist;
};
static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 0, 0, 0, NULL, NULL, NULL, NULL };
struct pbl_stat_info {
uint32_t cacheaccept;
uint32_t cachereject;
uint32_t whitelistblhits;
uint32_t blacklistblhits;
uint32_t whitelisthits;
|
|
|
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
int debug;
struct config_entry *blacklistbl;
struct config_entry *whitelistbl;
struct config_entry *blacklist;
struct config_entry *whitelist;
};
static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 1, 0, 0, NULL, NULL, NULL, NULL };
struct pbl_stat_info {
uint32_t cacheaccept;
uint32_t cachereject;
uint32_t whitelistblhits;
uint32_t blacklistblhits;
uint32_t whitelisthits;
|
︙ | | | ︙ | |
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
|
retval=NF_ACCEPT;
} else
if (check_packet_list(&ip, conf.blacklist) == 1) {
get_ip_string(&ip);
if (!conf.quiet) {
if (conf.debug == 0) {
syslog(LOG_INFO,
"[reject blacklist] [%s]",
msgbuf);
} else {
fprintf(stderr,
"[reject blacklist] [%s]",
msgbuf);
}
}
statistics.blacklisthits++;
retval=NF_DROP;
} else
|
|
|
|
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
|
retval=NF_ACCEPT;
} else
if (check_packet_list(&ip, conf.blacklist) == 1) {
get_ip_string(&ip);
if (!conf.quiet) {
if (conf.debug == 0) {
syslog(LOG_INFO,
"[reject blacklist] [%s]\n",
msgbuf);
} else {
fprintf(stderr,
"[reject blacklist] [%s]\n",
msgbuf);
}
}
statistics.blacklisthits++;
retval=NF_DROP;
} else
|
︙ | | | ︙ | |
840
841
842
843
844
845
846
847
848
849
850
851
852
853
|
/* there are default, so I'm not checking return values. If it fails,
* then we'll just stay with the default, whatever that might be. */
config_lookup_bool(config, "options.fallthroughaccept", &conf.default_accept);
config_lookup_bool(config, "options.allownonport25", &conf.allow_non25);
config_lookup_bool(config, "options.dryrun", &conf.dryrun);
config_lookup_bool(config, "options.allownonsyn", &conf.allow_nonsyn);
config_lookup_bool(config, "options.quiet", &conf.quiet);
#ifdef USE_CACHE
config_lookup_int(config, "cache.ttl", &packet_cache_ttl);
if (packet_cache_ttl < 0) {
packet_cache_ttl = USE_CACHE_DEF_TTL;
fprintf(stderr, "config cache TTL negative - using default");
|
>
|
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
|
/* there are default, so I'm not checking return values. If it fails,
* then we'll just stay with the default, whatever that might be. */
config_lookup_bool(config, "options.fallthroughaccept", &conf.default_accept);
config_lookup_bool(config, "options.allownonport25", &conf.allow_non25);
config_lookup_bool(config, "options.dryrun", &conf.dryrun);
config_lookup_bool(config, "options.allownonsyn", &conf.allow_nonsyn);
config_lookup_bool(config, "options.quiet", &conf.quiet);
config_lookup_int(config, "options.debug", &conf.debug);
#ifdef USE_CACHE
config_lookup_int(config, "cache.ttl", &packet_cache_ttl);
if (packet_cache_ttl < 0) {
packet_cache_ttl = USE_CACHE_DEF_TTL;
fprintf(stderr, "config cache TTL negative - using default");
|
︙ | | | ︙ | |
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
|
break;
} else {
i++;
}
}
}
config_lookup_int(config, "config.queueno", &conf.queueno);
if (conf.queueno < 0) {
conf.queueno = 1;
fprintf(stderr, "queueno negative - using default");
}
config_setting = config_lookup(config, "blacklistbl");
|
|
|
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
|
break;
} else {
i++;
}
}
}
config_lookup_int(config, "options.queueno", &conf.queueno);
if (conf.queueno < 0) {
conf.queueno = 1;
fprintf(stderr, "queueno negative - using default");
}
config_setting = config_lookup(config, "blacklistbl");
|
︙ | | | ︙ | |
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
|
int i = 0, len = 0;
char *setting;
#ifdef HAVE_FIREDNS
size_t blacklistlen = 0;
#endif
len = config_setting_length(c);
while (i++ < len) {
setting = config_setting_get_string_elem(c, i);
ce = malloc(sizeof(struct config_entry));
if (ce == NULL) {
/* shouldn't happen... */
fprintf(stderr, "Failed to allocate memory for ce struct\n");
exit(EXIT_FAILURE);
}
ce->string = (char *)strdup(setting);
ce->next = NULL;
#ifdef HAVE_FIREDNS
blacklistlen = strlen(ce->string);
if (ce->string[blacklistlen - 1] == '.') {
ce->string[blacklistlen - 1] = '\0';
}
#endif
switch (type) {
case 1:
if (conf.blacklistbl == NULL) {
conf.blacklistbl = ce;
continue;
} else {
tmp = conf.blacklistbl;
}
break;
case 2:
if (conf.whitelistbl == NULL) {
conf.whitelistbl = ce;
continue;
} else {
tmp = conf.whitelistbl;
}
case 3:
if (parse_cidr(ce) == -1) {
fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", ce->string);
free(ce->string);
free(ce);
continue;
}
if (conf.blacklist == NULL) {
|
|
>
>
>
>
>
>
|
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
|
int i = 0, len = 0;
char *setting;
#ifdef HAVE_FIREDNS
size_t blacklistlen = 0;
#endif
len = config_setting_length(c);
while (i < len) {
setting = config_setting_get_string_elem(c, i);
if (setting == NULL) {
break;
}
ce = malloc(sizeof(struct config_entry));
if (ce == NULL) {
/* shouldn't happen... */
fprintf(stderr, "Failed to allocate memory for ce struct\n");
exit(EXIT_FAILURE);
}
ce->string = (char *)strdup(setting);
ce->next = NULL;
#ifdef HAVE_FIREDNS
blacklistlen = strlen(ce->string);
if (ce->string[blacklistlen - 1] == '.') {
ce->string[blacklistlen - 1] = '\0';
}
#endif
i++;
switch (type) {
case 1:
if (conf.blacklistbl == NULL) {
conf.blacklistbl = ce;
continue;
} else {
tmp = conf.blacklistbl;
}
break;
case 2:
if (conf.whitelistbl == NULL) {
conf.whitelistbl = ce;
continue;
} else {
tmp = conf.whitelistbl;
}
case 3:
fprintf(stderr, "got %s for blacklist\n", ce->string);
if (parse_cidr(ce) == -1) {
fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", ce->string);
free(ce->string);
free(ce);
continue;
}
if (conf.blacklist == NULL) {
|
︙ | | | ︙ | |
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
|
syslog(LOG_ERR, "sprintf failed in line %d: %s",
__LINE__, strerror(errno));
exit(1);
}
return;
}
rv = snprintf(msgbuf, sizeof(msgbuf), "%hhu.%hhu.%hhu.%hhu:%d.%d",
ip->b1, ip->b2, ip->b3, ip->b4,
ip->s_port,ip->d_port);
if (rv < 0) {
syslog(LOG_ERR, "snprintf failed in line %d: %s",
__LINE__, strerror(errno));
exit(1);
}
|
|
|
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
|
syslog(LOG_ERR, "sprintf failed in line %d: %s",
__LINE__, strerror(errno));
exit(1);
}
return;
}
rv = snprintf(msgbuf, sizeof(msgbuf), "%hhu.%hhu.%hhu.%hhu:%hu.%hu",
ip->b1, ip->b2, ip->b3, ip->b4,
ip->s_port,ip->d_port);
if (rv < 0) {
syslog(LOG_ERR, "snprintf failed in line %d: %s",
__LINE__, strerror(errno));
exit(1);
}
|
︙ | | | ︙ | |