Mercurial > syslog2iptables

annotate src/syslogconfig.cpp @ 57:c95acc20f7ed

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added tag stable-1-0-13-2 for changeset 73dd2daeaf8e
author Carl Byington <carl@five-ten-sg.com>
date Wed, 17 Aug 2011 10:16:17 -0700
parents 206448c00b55
children b45dddebe8fc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
1 /*
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
2
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
3 Copyright (c) 2007 Carl Byington - 510 Software Group, released under
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
4 the GPL version 3 or any later version at your choice available at
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
5 http://www.gnu.org/licenses/gpl-3.0.txt
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
6
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
7 */
1
551433a01cab initial coding
carl
parents:
diff changeset
8
551433a01cab initial coding
carl
parents:
diff changeset
9 #include "includes.h"
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
10 #include <fcntl.h>
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
11 #include <sys/socket.h>
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
12 #include <netinet/in.h>
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
13 #include <arpa/inet.h>
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
14 #include <netdb.h>
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
15 #include <limits.h>
1
551433a01cab initial coding
carl
parents:
diff changeset
16
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
17 const char *token_add;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
18 const char *token_bucket;
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
19 const char *token_context;
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
20 const char *token_file;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
21 const char *token_ignore;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
22 const char *token_include;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
23 const char *token_index;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
24 const char *token_lbrace;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
25 const char *token_message;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
26 const char *token_pattern;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
27 const char *token_rbrace;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
28 const char *token_remove;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
29 const char *token_semi;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
30 const char *token_slash;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
31 const char *token_threshold;
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
32 string_set all_strings;// owns all the strings, only modified by the config loader thread
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
33 recorder_map recorders; // all the recorders are named
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
34 const int maxlen = 1000; // used for snprintf buffers
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
35
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
36
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
37 ////////////////////////////////////////////////
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
38 //
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
39
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
40 IPR::IPR() {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
41 reference_count = 0;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
42 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
43
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
44 IPR* IPR::find(const char* name) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
45 recorder_map::iterator m = recorders.find(name);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
46 if (m == recorders.end()) recorders[name] = new IPR;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
47 recorders[name]->reference(1);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
48 return recorders[name];
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
49 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
50
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
52 void IPR::release(const char* name) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
53 recorder_map::iterator m = recorders.find(name);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
54 IPR* i = (*m).second;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
55 int r = i->reference(-1);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
56 if (r == 0) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
57 delete i;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
58 recorders.erase(m);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
59 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
60 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
61
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
62
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
63 void IPR::add(int ip, int amount, CONTEXT &con, const char *file_name, int pattern_index, const char *message) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
64 if (con.looking(ip)) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
65 ip_buckets::iterator i = violations.find(ip);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
66 if (i == violations.end()) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
67 bucket b;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
68 b.count = amount;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
69 b.latch = (con.get_threshold() <= b.count);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
70 violations[ip] = b;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
71 if (b.latch) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
72 update(ip, true, file_name, pattern_index, message);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
73 changed(con, ip, true);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
74 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
75 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
76 else {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
77 bucket &b = (*i).second;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
78 if (b.count < (INT_MAX-amount)) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
79 int t = con.get_threshold();
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
80 int c = b.count;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
81 b.count += amount;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
82 if ((!b.latch) && (c < t) && (t <= b.count)) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
83 b.latch = true;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
84 update(ip, true, file_name, pattern_index, message);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
85 changed(con, ip, true);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
86 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
87 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
88 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
89 }
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
90 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
91
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
92
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
93 void IPR::leak(int amount, CONTEXT &con) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
94 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); ) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
95 int ip = (*i).first;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
96 bucket &b = (*i).second;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
97 if (b.count <= amount) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
98 if (b.latch) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
99 update(ip, false, NULL, 0, NULL);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
100 changed(con, ip, false);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
101 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
102 violations.erase(i++);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
103 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
104 else {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
105 b.count -= amount;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
106 i++;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
107 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
108 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
109 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
110
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
111
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
112 void IPR::free_all(CONTEXT &con) {
37
e4eb969dfc4a shutdown removes iptables entries that we added
carl
parents: 36
diff changeset
113 if (debug_syslog > 2) {
e4eb969dfc4a shutdown removes iptables entries that we added
carl
parents: 36
diff changeset
114 my_syslog("syslog2iptables shutting down");
e4eb969dfc4a shutdown removes iptables entries that we added
carl
parents: 36
diff changeset
115 }
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
116 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
117 int ip = (*i).first;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
118 bucket &b = (*i).second;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
119 if (b.latch) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
120 update(ip, false, NULL, 0, NULL);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
121 changed(con, ip, false);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
122 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
123 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
124 violations.clear();
20
0d65c3de34fd add better logging
carl
parents: 12
diff changeset
125 }
0d65c3de34fd add better logging
carl
parents: 12
diff changeset
126
0d65c3de34fd add better logging
carl
parents: 12
diff changeset
127
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
128 void IPR::update(int ip, bool added, const char *file_name, int pattern_index, const char *message) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
129 if (debug_syslog > 2) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
130 char buf[maxlen];
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
131 in_addr ad;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
132 ad.s_addr = htonl(ip);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
133 if (added) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
134 if (message) snprintf(buf, maxlen, "dropping traffic from/to %s based on %s in %s", inet_ntoa(ad), message, file_name);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
135 else snprintf(buf, maxlen, "dropping traffic from/to %s based on pattern match %d in %s", inet_ntoa(ad), pattern_index, file_name);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
136 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
137 else snprintf(buf, maxlen, "allowing traffic from/to %s", inet_ntoa(ad));
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
138 my_syslog(buf);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
139 }
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
140 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
141
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
142
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
143 void IPR::changed(CONTEXT &con, int ip, bool added) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
144 int t = con.get_threshold();
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
145 char buf[maxlen];
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
146 if (added) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
147 bucket &b = violations[ip];
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
148 if (con.looking(ip) && (b.count > t)) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
149 in_addr ad;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
150 ad.s_addr = htonl(ip);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
151 snprintf(buf, maxlen, con.add_command, inet_ntoa(ad));
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
152 system(buf);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
153 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
154 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
155 else {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
156 in_addr ad;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
157 ad.s_addr = htonl(ip);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
158 snprintf(buf, maxlen, con.remove_command, inet_ntoa(ad));
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
159 system(buf);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
160 }
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
161 }
1
551433a01cab initial coding
carl
parents:
diff changeset
162
551433a01cab initial coding
carl
parents:
diff changeset
163
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
164 ////////////////////////////////////////////////
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
165 //
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
166 int ip_address(const char *have);
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
167 int ip_address(const char *have) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
168 int ipaddr = 0;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
169 in_addr ip;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
170 if (inet_aton(have, &ip)) ipaddr = ip.s_addr;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
171 else {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
172 struct hostent *host = gethostbyname(have);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
173 if (host && host->h_addrtype == AF_INET) memcpy(&ipaddr, host->h_addr, sizeof(ipaddr));
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
174 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
175 return ntohl(ipaddr);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
176 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
177
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
178
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
179 ////////////////////////////////////////////////
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
180 //
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
181 PATTERN::PATTERN(TOKEN &tok, const char *pattern_, int index_, int amount_, const char *msg_) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
182 pattern = pattern_;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
183 index = index_;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
184 amount = amount_;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
185 message = msg_;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
186 if (pattern) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
187 int rc = regcomp(&re, pattern, REG_ICASE | REG_EXTENDED);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
188 if (rc) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
189 char bu[maxlen];
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
190 regerror(rc, &re, bu, maxlen);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
191 char buf[maxlen];
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
192 snprintf(buf, sizeof(buf), "pattern %s not valid - %s", pattern, bu);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
193 tok.token_error(buf);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
194 pattern = NULL;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
195 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
196 }
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
197 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
198
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
199
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
200 PATTERN::~PATTERN() {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
201 regfree(&re);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
202 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
203
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
204
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
205 bool PATTERN::process(char *buf, CONTEXT &con, const char *file_name, int pattern_index) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
206 if (pattern) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
207 const int nmatch = index+1;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
208 regmatch_t match[nmatch];
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
209 if (0 == regexec(&re, buf, nmatch, match, 0)) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
210 int s = match[index].rm_so;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
211 int e = match[index].rm_eo;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
212 if (s != -1) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
213 if (debug_syslog > 3) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
214 my_syslog(buf); // show lines with matches
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
215 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
216 buf[e] = '\0';
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
217 int ip = ip_address(buf+s);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
218 if (ip) {
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
219 con.recorder->add(ip, amount, con, file_name, pattern_index, message);
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
220 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
221 return true;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
222 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
223 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
224 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
225 return false;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
226 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
227
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
228
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
229 void PATTERN::dump(int level) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
230 char indent[maxlen];
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
231 int i = min(maxlen-1, level*4);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
232 memset(indent, ' ', i);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
233 indent[i] = '\0';
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
234 printf("%s pattern \"%s\" {; \n", indent, pattern);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
235 printf("%s index %d; \n", indent, index);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
236 printf("%s bucket %d; \n", indent, amount);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
237 if (message) printf("%s message \"%s\"; \n", indent, message);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
238 printf("%s }; \n", indent);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
239 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
240
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
241
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
242 ////////////////////////////////////////////////
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
243 //
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
244 CONTEXT::CONTEXT(const char *nam) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
245 name = nam;
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
246 threshold = 500;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
247 add_command = "/sbin/iptables -I INPUT --src %s --jump DROP";
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
248 remove_command = "/sbin/iptables -D INPUT --src %s --jump DROP";
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
249 recorder = IPR::find(name);
1
551433a01cab initial coding
carl
parents:
diff changeset
250 }
551433a01cab initial coding
carl
parents:
diff changeset
251
551433a01cab initial coding
carl
parents:
diff changeset
252
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
253 ////////////////////////////////////////////////
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
254 //
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
255 CONTEXT::~CONTEXT() {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
256 ignore.clear();
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
257 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
258 SYSLOGCONFIG *c = *i;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
259 delete c;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
260 }
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
261 IPR::release(name);
1
551433a01cab initial coding
carl
parents:
diff changeset
262 }
551433a01cab initial coding
carl
parents:
diff changeset
263
551433a01cab initial coding
carl
parents:
diff changeset
264
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
265 void CONTEXT::add_syslogconfig(SYSLOGCONFIGP con) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
266 syslogconfigs.push_back(con);
1
551433a01cab initial coding
carl
parents:
diff changeset
267 }
551433a01cab initial coding
carl
parents:
diff changeset
268
551433a01cab initial coding
carl
parents:
diff changeset
269
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
270 void CONTEXT::add_pair(IPPAIR pair) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
271 ignore.push_back(pair);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
272 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
273
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
274
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
275 void CONTEXT::dump() {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
276 string indents(" ");
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
277 const char *indent = indents.c_str();
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
278
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
279 printf("context %s {\n", name);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
280 printf("%s threshold %d; \n\n", indent, threshold);
27
28fec0c67646 make add/remove commands configureable
carl
parents: 24
diff changeset
281
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
282 printf("%s add_command \"%s\"; \n", indent, add_command);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
283 printf("%s remove_command \"%s\"; \n\n", indent, remove_command);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
284
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
285 printf("%s ignore { \n", indent);
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
286 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
287 IPPAIR &p = *i;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
288 in_addr ip;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
289 ip.s_addr = htonl(p.first);
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
290 printf("%s %s/%d; \n", indent, inet_ntoa(ip), p.cidr);
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
291 }
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
292 printf("%s }; \n\n", indent);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
293
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
294 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
295 SYSLOGCONFIGP c = *i;
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
296 c->dump(1);
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
297 }
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
298 printf("}; \n\n");
1
551433a01cab initial coding
carl
parents:
diff changeset
299 }
551433a01cab initial coding
carl
parents:
diff changeset
300
551433a01cab initial coding
carl
parents:
diff changeset
301
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
302 void CONTEXT::read(CONFIG &con) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
303 while (true) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
304 bool have = false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
305 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
306 SYSLOGCONFIGP c = *i;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
307 have |= c->read(*this);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
308 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
309 if (!have) break;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
310 }
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
311 }
6e88da080f08 initial coding
carl
parents: 1
diff changeset
312
6e88da080f08 initial coding
carl
parents: 1
diff changeset
313
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
314 void CONTEXT::free_all() {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
315 recorder->free_all(*this);
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
316 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
317
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
318
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
319 void CONTEXT::leak(int delta) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
320 recorder->leak(delta, *this);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
321
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
322 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
323
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
324
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
325 bool CONTEXT::looking(int ip) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
326 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
327 IPPAIR &p = *i;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
328 if ((p.first <= ip) && (ip <= p.last)) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
329 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
330 return true;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
331 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
332
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
333 ////////////////////////////////////////////////
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
334 //
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
335 CONFIG::CONFIG() {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
336 reference_count = 0;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
337 generation = 0;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
338 load_time = 0;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
339 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
340
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
341
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
342 CONFIG::~CONFIG() {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
343 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
344 CONTEXT *c = *i;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
345 delete c;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
346 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
347 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
348
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
349
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
350 void CONFIG::dump() {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
351 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
352 CONTEXTP c = *i;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
353 c->dump();
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
354 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
355 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
356
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
357
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
358 void CONFIG::read() {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
359 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
360 CONTEXT *c = *i;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
361 c->read(*this);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
362 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
363 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
364
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
365
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
366 void CONFIG::sleep(int duration, time_t &previous) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
367 ::sleep(duration);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
368 time_t now = time(NULL);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
369 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
370 CONTEXT *c = *i;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
371 c->leak(now-previous);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
372 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
373 previous = now;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
374 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
375
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
376
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
377 void CONFIG::free_all() {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
378 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
379 CONTEXT *c = *i;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
380 c->free_all();
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
381 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
382 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
383
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
384
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
385 ////////////////////////////////////////////////
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
386 //
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
387 SYSLOGCONFIG::SYSLOGCONFIG(TOKEN &tok, const char *file_name_) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
388 tokp = &tok;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
389 file_name = file_name_;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
390 open(true);
1
551433a01cab initial coding
carl
parents:
diff changeset
391 }
551433a01cab initial coding
carl
parents:
diff changeset
392
551433a01cab initial coding
carl
parents:
diff changeset
393
551433a01cab initial coding
carl
parents:
diff changeset
394 SYSLOGCONFIG::~SYSLOGCONFIG() {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
395 close();
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
396 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
397 PATTERN *p = *i;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
398 delete p;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
399 }
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
400 }
6e88da080f08 initial coding
carl
parents: 1
diff changeset
401
6e88da080f08 initial coding
carl
parents: 1
diff changeset
402
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
403 void SYSLOGCONFIG::open(bool msg) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
404 fd = ::open(file_name, O_RDONLY);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
405 len = 0;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
406 if (fd == -1) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
407 if (msg) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
408 char buf[maxlen];
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
409 snprintf(buf, sizeof(buf), "syslog file %s not readable", file_name);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
410 tokp->token_error(buf);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
411 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
412 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
413 else {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
414 if (debug_syslog > 1) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
415 snprintf(buf, sizeof(buf), "syslog file %s opened", file_name);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
416 my_syslog(buf);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
417 }
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
418 if (msg) lseek(fd, 0, SEEK_END);
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
419 if (fstat(fd, &openfdstat)) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
420 close();
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
421 snprintf(buf, sizeof(buf), "syslog file %s cannot stat after open", file_name);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
422 tokp->token_error(buf);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
423 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
424 // specify that this fd gets closed on exec, so that selinux
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
425 // won't complain about iptables trying to read log files.
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
426 int oldflags = fcntl(fd, F_GETFD, 0);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
427 if (oldflags >= 0) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
428 fcntl(fd, F_SETFD, oldflags | FD_CLOEXEC);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
429 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
430 }
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
431 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
432
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
433
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
434 bool SYSLOGCONFIG::read(CONTEXT &con) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
435 if (failed()) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
436 open(false);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
437 if (failed()) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
438 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
439 int n = ::read(fd, buf+len, buflen-len);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
440 bool have = (n > 0);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
441 if (have) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
442 len += n;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
443 while (true) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
444 char *p = (char*)memchr(buf, '\n', len);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
445 if (!p) break;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
446 n = p-buf;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
447 *p = '\0';
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
448 process(con); // process null terminated string
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
449 len -= n+1;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
450 memmove(buf, p+1, len);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
451 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
452 // no <lf> in a full buffer
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
453 if (len == buflen) len = 0;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
454 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
455 else {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
456 // check for file close
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
457 struct stat filenamest;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
458 if (0 == stat(file_name, &filenamest)) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
459 if ((filenamest.st_dev != openfdstat.st_dev) ||
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
460 (filenamest.st_ino != openfdstat.st_ino)) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
461 close();
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
462 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
463 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
464 else {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
465 // filename no longer exists
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
466 close();
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
467 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
468 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
469 return have;
2
6e88da080f08 initial coding
carl
parents: 1
diff changeset
470 }
6e88da080f08 initial coding
carl
parents: 1
diff changeset
471
6e88da080f08 initial coding
carl
parents: 1
diff changeset
472
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
473 void SYSLOGCONFIG::close() {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
474 if (debug_syslog > 1) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
475 snprintf(buf, sizeof(buf), "syslog file %s closed", file_name);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
476 my_syslog(buf);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
477 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
478 if (fd != -1) ::close(fd);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
479 fd = -1;
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
480 }
2737ab01659a initial coding
carl
parents: 3
diff changeset
481
2737ab01659a initial coding
carl
parents: 3
diff changeset
482
2737ab01659a initial coding
carl
parents: 3
diff changeset
483 void SYSLOGCONFIG::add_pattern(PATTERNP pat) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
484 patterns.push_back(pat);
4
2737ab01659a initial coding
carl
parents: 3
diff changeset
485 }
2737ab01659a initial coding
carl
parents: 3
diff changeset
486
2737ab01659a initial coding
carl
parents: 3
diff changeset
487
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
488 void SYSLOGCONFIG::process(CONTEXT &con) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
489 int pi=0;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
490 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
491 PATTERN *p = *i;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
492 if (p->process(buf, con, file_name, pi)) break;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
493 pi++;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
494 }
1
551433a01cab initial coding
carl
parents:
diff changeset
495 }
551433a01cab initial coding
carl
parents:
diff changeset
496
551433a01cab initial coding
carl
parents:
diff changeset
497
551433a01cab initial coding
carl
parents:
diff changeset
498 void SYSLOGCONFIG::dump(int level) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
499 char indent[maxlen];
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
500 int i = min(maxlen-1, level*4);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
501 memset(indent, ' ', i);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
502 indent[i] = '\0';
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
503 printf("%s file \"%s\" {\n", indent, file_name);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
504 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
505 PATTERN *p = *i;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
506 p->dump(level+1);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
507 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
508 printf("%s }; \n", indent);
1
551433a01cab initial coding
carl
parents:
diff changeset
509 }
551433a01cab initial coding
carl
parents:
diff changeset
510
551433a01cab initial coding
carl
parents:
diff changeset
511
551433a01cab initial coding
carl
parents:
diff changeset
512 ////////////////////////////////////////////////
551433a01cab initial coding
carl
parents:
diff changeset
513 // helper to discard the strings held by a string_set
551433a01cab initial coding
carl
parents:
diff changeset
514 //
551433a01cab initial coding
carl
parents:
diff changeset
515 void discard(string_set &s) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
516 for (string_set::iterator i=s.begin(); i!=s.end(); i++) {
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
517 free((void*)*i);
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
518 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
519 s.clear();
1
551433a01cab initial coding
carl
parents:
diff changeset
520 }
551433a01cab initial coding
carl
parents:
diff changeset
521
551433a01cab initial coding
carl
parents:
diff changeset
522
551433a01cab initial coding
carl
parents:
diff changeset
523 ////////////////////////////////////////////////
551433a01cab initial coding
carl
parents:
diff changeset
524 // helper to register a string in a string set
551433a01cab initial coding
carl
parents:
diff changeset
525 //
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
526 const char* register_string(string_set &s, const char *name) {
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
527 string_set::const_iterator i = s.find(name);
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
528 if (i != s.end()) return *i;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
529 char *x = strdup(name);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
530 s.insert(x);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
531 return x;
1
551433a01cab initial coding
carl
parents:
diff changeset
532 }
551433a01cab initial coding
carl
parents:
diff changeset
533
551433a01cab initial coding
carl
parents:
diff changeset
534
551433a01cab initial coding
carl
parents:
diff changeset
535 ////////////////////////////////////////////////
551433a01cab initial coding
carl
parents:
diff changeset
536 // register a global string
551433a01cab initial coding
carl
parents:
diff changeset
537 //
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
538 const char* register_string(const char *name) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
539 return register_string(all_strings, name);
1
551433a01cab initial coding
carl
parents:
diff changeset
540 }
551433a01cab initial coding
carl
parents:
diff changeset
541
551433a01cab initial coding
carl
parents:
diff changeset
542
551433a01cab initial coding
carl
parents:
diff changeset
543 ////////////////////////////////////////////////
38
26c29da3fbdf shutdown removes iptables entries that we added
carl
parents: 37
diff changeset
544 // clear all global strings, helper for valgrind checking
26c29da3fbdf shutdown removes iptables entries that we added
carl
parents: 37
diff changeset
545 //
26c29da3fbdf shutdown removes iptables entries that we added
carl
parents: 37
diff changeset
546 void clear_strings() {
26c29da3fbdf shutdown removes iptables entries that we added
carl
parents: 37
diff changeset
547 discard(all_strings);
26c29da3fbdf shutdown removes iptables entries that we added
carl
parents: 37
diff changeset
548 }
26c29da3fbdf shutdown removes iptables entries that we added
carl
parents: 37
diff changeset
549
26c29da3fbdf shutdown removes iptables entries that we added
carl
parents: 37
diff changeset
550
26c29da3fbdf shutdown removes iptables entries that we added
carl
parents: 37
diff changeset
551 ////////////////////////////////////////////////
1
551433a01cab initial coding
carl
parents:
diff changeset
552 //
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
553 bool tsa(TOKEN &tok, const char *token);
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
554 bool tsa(TOKEN &tok, const char *token) {
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
555 const char *have = tok.next();
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
556 if (have == token) return true;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
557 tok.token_error(token, have);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
558 return false;
1
551433a01cab initial coding
carl
parents:
diff changeset
559 }
551433a01cab initial coding
carl
parents:
diff changeset
560
551433a01cab initial coding
carl
parents:
diff changeset
561
551433a01cab initial coding
carl
parents:
diff changeset
562 ////////////////////////////////////////////////
551433a01cab initial coding
carl
parents:
diff changeset
563 //
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
564 bool parse_pattern(TOKEN &tok, SYSLOGCONFIG &con, CONTEXT &me);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
565 bool parse_pattern(TOKEN &tok, SYSLOGCONFIG &con, CONTEXT &me) {
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
566 const char *pat = tok.next();
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
567 int ind = 0;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
568 int buc = 0;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
569 const char *msg = NULL;
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
570 if (!tsa(tok, token_lbrace)) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
571 while (true) {
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
572 const char *have = tok.next();
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
573 if (!have) break;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
574 if (have == token_rbrace) break;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
575 if (have == token_index) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
576 have = tok.next();
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
577 ind = atoi(have);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
578 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
579 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
580 else if (have == token_bucket) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
581 have = tok.next();
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
582 buc = atoi(have);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
583 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
584 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
585 else if (have == token_message) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
586 msg = tok.next();
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
587 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
588 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
589 else {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
590 tok.token_error("index/bucket", have);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
591 return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
592 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
593 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
594 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
595 PATTERNP patt = new PATTERN(tok, pat, ind, buc, msg);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
596 con.add_pattern(patt);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
597 return true;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
598 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
599
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
600
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
601 ////////////////////////////////////////////////
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
602 //
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
603 bool parse_ignore(TOKEN &tok, CONFIG &dc, CONTEXT &me);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
604 bool parse_ignore(TOKEN &tok, CONFIG &dc, CONTEXT &me) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
605 if (!tsa(tok, token_lbrace)) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
606 while (true) {
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
607 const char *have = tok.next();
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
608 if (!have) break;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
609 if (have == token_rbrace) break;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
610 int ipaddr = ip_address(have);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
611 if (ipaddr == 0) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
612 tok.token_error("ip address", have);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
613 return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
614 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
615 if (!tsa(tok, token_slash)) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
616 have = tok.next();
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
617 int mask = atoi(have);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
618 if ((mask < 8) || (mask > 32)) {
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
619 tok.token_error("cidr 8..32 value", have);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
620 return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
621 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
622 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
623 IPPAIR pair;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
624 const int masks[33] = {0xffffffff, // 0
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
625 0x7fffffff, // 1
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
626 0x3fffffff, // 2
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
627 0x1fffffff, // 3
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
628 0x0fffffff, // 4
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
629 0x07ffffff, // 5
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
630 0x03ffffff, // 6
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
631 0x01ffffff, // 7
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
632 0x00ffffff, // 8
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
633 0x007fffff, // 9
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
634 0x003fffff, // 10
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
635 0x001fffff, // 11
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
636 0x000fffff, // 12
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
637 0x0007ffff, // 13
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
638 0x0003ffff, // 14
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
639 0x0001ffff, // 15
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
640 0x0000ffff, // 16
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
641 0x00007fff, // 17
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
642 0x00003fff, // 18
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
643 0x00001fff, // 19
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
644 0x00000fff, // 20
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
645 0x000007ff, // 21
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
646 0x000003ff, // 22
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
647 0x000001ff, // 23
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
648 0x000000ff, // 24
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
649 0x0000007f, // 25
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
650 0x0000003f, // 26
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
651 0x0000001f, // 27
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
652 0x0000000f, // 28
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
653 0x00000007, // 29
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
654 0x00000003, // 30
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
655 0x00000001, // 31
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
656 0x00000000}; // 32
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
657 pair.first = ipaddr;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
658 pair.last = ipaddr | masks[mask];
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
659 pair.cidr = mask;
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
660 me.add_pair(pair);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
661 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
662 if (!tsa(tok, token_semi)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
663 return true;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
664 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
665
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
666
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
667 ////////////////////////////////////////////////
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
668 //
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
669 bool parse_syslogconfig(TOKEN &tok, CONFIG &dc, CONTEXT &me);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
670 bool parse_syslogconfig(TOKEN &tok, CONFIG &dc, CONTEXT &me) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
671 const char *name = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
672 if (!tsa(tok, token_lbrace)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
673 SYSLOGCONFIGP con = new SYSLOGCONFIG(tok, name);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
674 if (con->failed()) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
675 delete con;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
676 return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
677 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
678 me.add_syslogconfig(con);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
679 while (true) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
680 const char *have = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
681 if (!have) break;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
682 if (have == token_rbrace) break;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
683 if (have == token_pattern) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
684 if (!parse_pattern(tok, *con, me)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
685 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
686 else {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
687 tok.token_error("pattern", have);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
688 return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
689 }
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
690 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
691 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
692 return true;
3
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
693 }
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
694
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
695
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
696 ////////////////////////////////////////////////
8fe310e5cd44 initial coding
carl
parents: 2
diff changeset
697 //
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
698 bool parse_context(TOKEN &tok, CONFIG &dc, CONTEXTP parent);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
699 bool parse_context(TOKEN &tok, CONFIG &dc, CONTEXTP parent) {
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
700 const char *name = tok.next();
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
701 if (!tsa(tok, token_lbrace)) return false;
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
702 CONTEXTP con = new CONTEXT(name);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
703
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
704 while (true) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
705 const char *have = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
706 if (!have) break;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
707 if (have == token_rbrace) break; // done
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
708 if (have == token_threshold) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
709 have = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
710 con->set_threshold(atoi(have));
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
711 if (!tsa(tok, token_semi)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
712 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
713 else if (have == token_ignore) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
714 if (!parse_ignore(tok, dc, *con)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
715 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
716 else if (have == token_add) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
717 have = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
718 con->set_add(have);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
719 if (!tsa(tok, token_semi)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
720 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
721 else if (have == token_remove) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
722 have = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
723 con->set_remove(have);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
724 if (!tsa(tok, token_semi)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
725 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
726 else if (have == token_file) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
727 if (!parse_syslogconfig(tok, dc, *con)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
728 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
729 else {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
730 tok.token_error("threshold/ignore/add_command/remove_command/file", have);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
731 return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
732 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
733 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
734 if (!tsa(tok, token_semi)) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
735 delete con;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
736 return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
737 }
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
738 dc.add_context(con);
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
739 return true;
1
551433a01cab initial coding
carl
parents:
diff changeset
740 }
551433a01cab initial coding
carl
parents:
diff changeset
741
551433a01cab initial coding
carl
parents:
diff changeset
742
551433a01cab initial coding
carl
parents:
diff changeset
743 ////////////////////////////////////////////////
551433a01cab initial coding
carl
parents:
diff changeset
744 // parse a config file
551433a01cab initial coding
carl
parents:
diff changeset
745 //
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
746 bool load_conf(CONFIG &dc, const char *fn) {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
747 int count = 0;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
748 TOKEN tok(fn, &dc.config_files);
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
749 while (true) {
48
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
750 const char *have = tok.next();
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
751 if (!have) break;
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
752 if (have == token_context) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
753 if (!parse_context(tok, dc, NULL)) {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
754 tok.token_error("load_conf() failed to parse context");
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
755 return false;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
756 }
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
757 else count++;
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
758 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
759 else {
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
760 tok.token_error(token_context, have);
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
761 return false;
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
762 }
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
763 }
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
764 tok.token_error("load_conf() found %d contexts in %s", count, fn);
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
765 return (!dc.contexts.empty());
1
551433a01cab initial coding
carl
parents:
diff changeset
766 }
551433a01cab initial coding
carl
parents:
diff changeset
767
551433a01cab initial coding
carl
parents:
diff changeset
768
551433a01cab initial coding
carl
parents:
diff changeset
769 ////////////////////////////////////////////////
551433a01cab initial coding
carl
parents:
diff changeset
770 // init the tokens
551433a01cab initial coding
carl
parents:
diff changeset
771 //
551433a01cab initial coding
carl
parents:
diff changeset
772 void token_init() {
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
773 token_add = register_string("add_command");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
774 token_bucket = register_string("bucket");
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 48
diff changeset
775 token_context = register_string("context");
36
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
776 token_file = register_string("file");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
777 token_ignore = register_string("ignore");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
778 token_include = register_string("include");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
779 token_index = register_string("index");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
780 token_lbrace = register_string("{");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
781 token_message = register_string("message");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
782 token_pattern = register_string("pattern");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
783 token_rbrace = register_string("}");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
784 token_remove = register_string("remove_command");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
785 token_semi = register_string(";");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
786 token_slash = register_string("/");
6a2f26976898 shutdown removes iptables entries that we added
carl
parents: 35
diff changeset
787 token_threshold = register_string("threshold");
1
551433a01cab initial coding
carl
parents:
diff changeset
788 }