Diff

Differences From Artifact [9a2b349279]:

To Artifact [939b1038a8]:


79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
struct packet_info {

	uint8_t b1;
	uint8_t b2;
	uint8_t b3;
	uint8_t b4;

	int s_port;
	int d_port;

	int flags;
};

struct cidr {

	uint32_t ip;







|
|







79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
struct packet_info {

	uint8_t b1;
	uint8_t b2;
	uint8_t b3;
	uint8_t b4;

	unsigned int s_port;
	unsigned int d_port;

	int flags;
};

struct cidr {

	uint32_t ip;
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
	int	debug;
	struct config_entry *blacklistbl;
	struct config_entry *whitelistbl;
	struct config_entry *blacklist;
	struct config_entry *whitelist;
};

static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 0, 0, 0, NULL, NULL, NULL, NULL };

struct pbl_stat_info {
	uint32_t	cacheaccept;
	uint32_t	cachereject;
	uint32_t	whitelistblhits;
	uint32_t	blacklistblhits;
	uint32_t	whitelisthits;







|







119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
	int	debug;
	struct config_entry *blacklistbl;
	struct config_entry *whitelistbl;
	struct config_entry *blacklist;
	struct config_entry *whitelist;
};

static struct config conf = { 0, 0, 1, 0, LOG_DAEMON, 1, 0, 0, NULL, NULL, NULL, NULL };

struct pbl_stat_info {
	uint32_t	cacheaccept;
	uint32_t	cachereject;
	uint32_t	whitelistblhits;
	uint32_t	blacklistblhits;
	uint32_t	whitelisthits;
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
		retval=NF_ACCEPT;
	} else
	if (check_packet_list(&ip, conf.blacklist) == 1) {
		get_ip_string(&ip);
		if (!conf.quiet) {
			if (conf.debug == 0) {
				syslog(LOG_INFO,
					"[reject blacklist] [%s]",
						msgbuf);
			} else {
				fprintf(stderr,
					"[reject blacklist] [%s]",
						msgbuf);
			}
				
		}
		statistics.blacklisthits++;
		retval=NF_DROP;
	} else







|



|







417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
		retval=NF_ACCEPT;
	} else
	if (check_packet_list(&ip, conf.blacklist) == 1) {
		get_ip_string(&ip);
		if (!conf.quiet) {
			if (conf.debug == 0) {
				syslog(LOG_INFO,
					"[reject blacklist] [%s]\n",
						msgbuf);
			} else {
				fprintf(stderr,
					"[reject blacklist] [%s]\n",
						msgbuf);
			}
				
		}
		statistics.blacklisthits++;
		retval=NF_DROP;
	} else
840
841
842
843
844
845
846

847
848
849
850
851
852
853
	/* there are default, so I'm not checking return values.  If it fails,
	 * then we'll just stay with the default, whatever that might be. */
	config_lookup_bool(config, "options.fallthroughaccept", &conf.default_accept);
	config_lookup_bool(config, "options.allownonport25", &conf.allow_non25);
	config_lookup_bool(config, "options.dryrun", &conf.dryrun);
	config_lookup_bool(config, "options.allownonsyn", &conf.allow_nonsyn);
	config_lookup_bool(config, "options.quiet", &conf.quiet);


#ifdef USE_CACHE
	config_lookup_int(config, "cache.ttl", &packet_cache_ttl);

	if (packet_cache_ttl < 0) {
		packet_cache_ttl = USE_CACHE_DEF_TTL;
		fprintf(stderr, "config cache TTL negative - using default");







>







840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
	/* there are default, so I'm not checking return values.  If it fails,
	 * then we'll just stay with the default, whatever that might be. */
	config_lookup_bool(config, "options.fallthroughaccept", &conf.default_accept);
	config_lookup_bool(config, "options.allownonport25", &conf.allow_non25);
	config_lookup_bool(config, "options.dryrun", &conf.dryrun);
	config_lookup_bool(config, "options.allownonsyn", &conf.allow_nonsyn);
	config_lookup_bool(config, "options.quiet", &conf.quiet);
	config_lookup_int(config, "options.debug", &conf.debug);

#ifdef USE_CACHE
	config_lookup_int(config, "cache.ttl", &packet_cache_ttl);

	if (packet_cache_ttl < 0) {
		packet_cache_ttl = USE_CACHE_DEF_TTL;
		fprintf(stderr, "config cache TTL negative - using default");
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
				break;
			} else {
				i++;
			}
		}
	}
	
	config_lookup_int(config, "config.queueno", &conf.queueno);
	
	if (conf.queueno < 0) {
		conf.queueno = 1;
		fprintf(stderr, "queueno negative - using default");
	}

	config_setting = config_lookup(config, "blacklistbl");







|







871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
				break;
			} else {
				i++;
			}
		}
	}
	
	config_lookup_int(config, "options.queueno", &conf.queueno);
	
	if (conf.queueno < 0) {
		conf.queueno = 1;
		fprintf(stderr, "queueno negative - using default");
	}

	config_setting = config_lookup(config, "blacklistbl");
905
906
907
908
909
910
911
912
913



914
915
916
917
918
919
920
921
922
923
924
925
926
927
928


929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946

947
948
949
950
951
952
953
	int i = 0, len = 0;
	char *setting;
#ifdef HAVE_FIREDNS
	size_t blacklistlen = 0;
#endif

	len = config_setting_length(c);
	while (i++ < len) {
		setting = config_setting_get_string_elem(c, i);



		ce = malloc(sizeof(struct config_entry));
		if (ce == NULL) {
			/* shouldn't happen... */
			fprintf(stderr, "Failed to allocate memory for ce struct\n");
			exit(EXIT_FAILURE);
		}

		ce->string = (char *)strdup(setting);
		ce->next = NULL;
#ifdef HAVE_FIREDNS
		blacklistlen = strlen(ce->string);
		if (ce->string[blacklistlen - 1] == '.') {
			ce->string[blacklistlen - 1] = '\0';
		}
#endif



		switch (type) {
			case 1:
				if (conf.blacklistbl == NULL) {
					conf.blacklistbl = ce;
					continue;
				} else {
					tmp = conf.blacklistbl;
				}
				break;
			case 2:
				if (conf.whitelistbl == NULL) {
					conf.whitelistbl = ce;
					continue;
				} else {
					tmp = conf.whitelistbl;
				}
			case 3:

				if (parse_cidr(ce) == -1) {
					fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", ce->string);
					free(ce->string);
					free(ce);
					continue;
				}
				if (conf.blacklist == NULL) {







|

>
>
>















>
>


















>







906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
	int i = 0, len = 0;
	char *setting;
#ifdef HAVE_FIREDNS
	size_t blacklistlen = 0;
#endif

	len = config_setting_length(c);
	while (i < len) {
		setting = config_setting_get_string_elem(c, i);
		if (setting == NULL) {
			break;
		}
		ce = malloc(sizeof(struct config_entry));
		if (ce == NULL) {
			/* shouldn't happen... */
			fprintf(stderr, "Failed to allocate memory for ce struct\n");
			exit(EXIT_FAILURE);
		}

		ce->string = (char *)strdup(setting);
		ce->next = NULL;
#ifdef HAVE_FIREDNS
		blacklistlen = strlen(ce->string);
		if (ce->string[blacklistlen - 1] == '.') {
			ce->string[blacklistlen - 1] = '\0';
		}
#endif

		i++;

		switch (type) {
			case 1:
				if (conf.blacklistbl == NULL) {
					conf.blacklistbl = ce;
					continue;
				} else {
					tmp = conf.blacklistbl;
				}
				break;
			case 2:
				if (conf.whitelistbl == NULL) {
					conf.whitelistbl = ce;
					continue;
				} else {
					tmp = conf.whitelistbl;
				}
			case 3:
				fprintf(stderr, "got %s for blacklist\n", ce->string);
				if (parse_cidr(ce) == -1) {
					fprintf(stderr, "Error parsing CIDR in %s, ignoring\n", ce->string);
					free(ce->string);
					free(ce);
					continue;
				}
				if (conf.blacklist == NULL) {
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
			syslog(LOG_ERR, "sprintf failed in line %d: %s",
				__LINE__, strerror(errno));
			exit(1);
		}
		return;
	}

	rv = snprintf(msgbuf, sizeof(msgbuf), "%hhu.%hhu.%hhu.%hhu:%d.%d", 
			ip->b1, ip->b2, ip->b3, ip->b4,
			ip->s_port,ip->d_port);
		if (rv < 0) {
			syslog(LOG_ERR, "snprintf failed in line %d: %s",
				__LINE__, strerror(errno));
			exit(1);
		}







|







1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
			syslog(LOG_ERR, "sprintf failed in line %d: %s",
				__LINE__, strerror(errno));
			exit(1);
		}
		return;
	}

	rv = snprintf(msgbuf, sizeof(msgbuf), "%hhu.%hhu.%hhu.%hhu:%hu.%hu", 
			ip->b1, ip->b2, ip->b3, ip->b4,
			ip->s_port,ip->d_port);
		if (rv < 0) {
			syslog(LOG_ERR, "snprintf failed in line %d: %s",
				__LINE__, strerror(errno));
			exit(1);
		}