Mercurial > syslog2iptables

annotate src/syslogconfig.h @ 27:28fec0c67646

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
make add/remove commands configureable
author carl
date Sun, 12 Feb 2006 10:54:03 -0800
parents 0d65c3de34fd
children d2ceebcf6595
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1
551433a01cab initial coding
carl
parents:
diff changeset
1 /***************************************************************************
551433a01cab initial coding
carl
parents:
diff changeset
2 * Copyright (C) 2005 by 510 Software Group *
551433a01cab initial coding
carl
parents:
diff changeset
3 * *
551433a01cab initial coding
carl
parents:
diff changeset
4 * *
551433a01cab initial coding
carl
parents:
diff changeset
5 * This program is free software; you can redistribute it and/or modify *
551433a01cab initial coding
carl
parents:
diff changeset
6 * it under the terms of the GNU General Public License as published by *
551433a01cab initial coding
carl
parents:
diff changeset
7 * the Free Software Foundation; either version 2 of the License, or *
551433a01cab initial coding
carl
parents:
diff changeset
8 * (at your option) any later version. *
551433a01cab initial coding
carl
parents:
diff changeset
9 * *
551433a01cab initial coding
carl
parents:
diff changeset
10 * This program is distributed in the hope that it will be useful, *
551433a01cab initial coding
carl
parents:
diff changeset
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
551433a01cab initial coding
carl
parents:
diff changeset
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
551433a01cab initial coding
carl
parents:
diff changeset
13 * GNU General Public License for more details. *
551433a01cab initial coding
carl
parents:
diff changeset
14 * *
551433a01cab initial coding
carl
parents:
diff changeset
15 * You should have received a copy of the GNU General Public License *
551433a01cab initial coding
carl
parents:
diff changeset
16 * along with this program; if not, write to the *
551433a01cab initial coding
carl
parents:
diff changeset
17 * Free Software Foundation, Inc., *
551433a01cab initial coding
carl
parents:
diff changeset
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
551433a01cab initial coding
carl
parents:
diff changeset
19 ***************************************************************************/
551433a01cab initial coding
carl
parents:
diff changeset
20
551433a01cab initial coding
carl
parents:
diff changeset
21
551433a01cab initial coding
carl
parents:
diff changeset
22 class SYSLOGCONFIG;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
23 class CONFIG;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
24
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
25 struct IPPAIR {
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
26 int first;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
27 int last;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
28 int cidr;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
29 };
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
30
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
31 class PATTERN {
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
32 char * pattern; // owned by the string table
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
33 regex_t re;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
34 int index; // zero based substring of the regex match that contains the ip address or hostname
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
35 int amount; // count to add to the ip address leaky bucket
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
36 public:
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
37 ~PATTERN();
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
38 PATTERN(TOKEN &tok, char *pattern_, int index_, int amount_);
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
39 bool process(char *buf, CONFIG &con, char *file_name, int pattern_index);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
40 void dump(int level);
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
41 };
1
551433a01cab initial coding
carl
parents:
diff changeset
42
551433a01cab initial coding
carl
parents:
diff changeset
43 typedef SYSLOGCONFIG * SYSLOGCONFIGP;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
44 typedef PATTERN * PATTERNP;
1
551433a01cab initial coding
carl
parents:
diff changeset
45 typedef list<SYSLOGCONFIGP> syslogconfig_list;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
46 typedef list<IPPAIR> ippair_list;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
47 typedef list<PATTERNP> pattern_list;
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
48 const int buflen = 1024;
1
551433a01cab initial coding
carl
parents:
diff changeset
49
551433a01cab initial coding
carl
parents:
diff changeset
50 class SYSLOGCONFIG {
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
51 TOKEN * tokp;
1
551433a01cab initial coding
carl
parents:
diff changeset
52 char * file_name; // name of the syslog file
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
53 pattern_list patterns; // owns the patterns
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
54 int fd;
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
55 struct stat openfdstat;
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
56 int len; // bytes in the buffer
6e88da080f08 initial coding
carl
parents: 1
diff changeset
57 char buf[buflen];
1
551433a01cab initial coding
carl
parents:
diff changeset
58 public:
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
59 SYSLOGCONFIG(TOKEN &tok, char *file_name_);
1
551433a01cab initial coding
carl
parents:
diff changeset
60 ~SYSLOGCONFIG();
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
61 bool failed() { return (fd == -1); };
2737ab01659a initial coding
carl
parents: 3
diff changeset
62 void open(bool msg);
2737ab01659a initial coding
carl
parents: 3
diff changeset
63 bool read(CONFIG &con);
2737ab01659a initial coding
carl
parents: 3
diff changeset
64 void close();
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
65 void add_pattern(PATTERNP pat);
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
66 void process(CONFIG &con);
1
551433a01cab initial coding
carl
parents:
diff changeset
67 void dump(int level);
551433a01cab initial coding
carl
parents:
diff changeset
68 };
551433a01cab initial coding
carl
parents:
diff changeset
69
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
70 class CONFIG {
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
71 public:
1
551433a01cab initial coding
carl
parents:
diff changeset
72 // the only mutable stuff once it has been loaded from the config file
551433a01cab initial coding
carl
parents:
diff changeset
73 int reference_count; // protected by the global config_mutex
551433a01cab initial coding
carl
parents:
diff changeset
74 // all the rest is constant after loading from the config file
551433a01cab initial coding
carl
parents:
diff changeset
75 int generation;
551433a01cab initial coding
carl
parents:
diff changeset
76 time_t load_time;
551433a01cab initial coding
carl
parents:
diff changeset
77 string_set config_files;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
78 int threshold;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
79 ippair_list ignore; // owns all the ippairs
27
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
80 char * add_command; // owned by the string table
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
81 char * remove_command; // ""
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
82 syslogconfig_list syslogconfigs; // owns all the syslogconfigs
1
551433a01cab initial coding
carl
parents:
diff changeset
83
551433a01cab initial coding
carl
parents:
diff changeset
84 CONFIG();
551433a01cab initial coding
carl
parents:
diff changeset
85 ~CONFIG();
27
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
86 void set_add(char *add) { add_command = add; };
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
87 void set_remove(char *remove) { remove_command = remove; };
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
88 void set_threshold(int threshold_) { threshold = threshold_; };
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
89 int get_threshold() { return threshold; };
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
90 void add_syslogconfig(SYSLOGCONFIGP con);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
91 void add_pair(IPPAIR pair);
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
92 void dump();
6e88da080f08 initial coding
carl
parents: 1
diff changeset
93 void read();
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
94 void sleep(int duration, time_t &previous);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
95 bool looking(int ip);
1
551433a01cab initial coding
carl
parents:
diff changeset
96 };
551433a01cab initial coding
carl
parents:
diff changeset
97
551433a01cab initial coding
carl
parents:
diff changeset
98 void discard(string_set &s);
551433a01cab initial coding
carl
parents:
diff changeset
99 char* register_string(string_set &s, char *name);
551433a01cab initial coding
carl
parents:
diff changeset
100 char* register_string(char *name);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
101 int ip_address(char *have);
1
551433a01cab initial coding
carl
parents:
diff changeset
102 bool load_conf(CONFIG &dc, char *fn);
551433a01cab initial coding
carl
parents:
diff changeset
103 void token_init();
551433a01cab initial coding
carl
parents:
diff changeset
104
27
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
105 extern char *token_add;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
106 extern char *token_bucket;
1
551433a01cab initial coding
carl
parents:
diff changeset
107 extern char *token_file;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
108 extern char *token_ignore;
1
551433a01cab initial coding
carl
parents:
diff changeset
109 extern char *token_include;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
110 extern char *token_index;
1
551433a01cab initial coding
carl
parents:
diff changeset
111 extern char *token_lbrace;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
112 extern char *token_pattern;
1
551433a01cab initial coding
carl
parents:
diff changeset
113 extern char *token_rbrace;
27
28fec0c67646 make add/remove commands configureable
carl
parents: 20
diff changeset
114 extern char *token_remove;
1
551433a01cab initial coding
carl
parents:
diff changeset
115 extern char *token_semi;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
116 extern char *token_slash;
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
117 extern char *token_threshold;
1
551433a01cab initial coding
carl
parents:
diff changeset
118