syslog2iptables: src/syslogconfig.cpp annotate

annotate src/syslogconfig.cpp @ 59:f133196b8591

fix c++11 compiler warnings

author	Carl Byington <carl@five-ten-sg.com>
date	Tue, 10 Jun 2014 09:03:08 -0700
parents	b45dddebe8fc
children	60f59936fabb

rev	line source
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	1 /*
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	2
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	3 Copyright (c) 2007 Carl Byington - 510 Software Group, released under
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	4 the GPL version 3 or any later version at your choice available at
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	5 http://www.gnu.org/licenses/gpl-3.0.txt
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	6
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	7 */
1 551433a01cab initial coding carl parents: diff changeset	8
551433a01cab initial coding carl parents: diff changeset	9 #include "includes.h"
2 6e88da080f08 initial coding carl parents: 1 diff changeset	10 #include <fcntl.h>
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	11 #include <sys/socket.h>
8fe310e5cd44 initial coding carl parents: 2 diff changeset	12 #include <netinet/in.h>
8fe310e5cd44 initial coding carl parents: 2 diff changeset	13 #include <arpa/inet.h>
8fe310e5cd44 initial coding carl parents: 2 diff changeset	14 #include <netdb.h>
4 2737ab01659a initial coding carl parents: 3 diff changeset	15 #include <limits.h>
1 551433a01cab initial coding carl parents: diff changeset	16
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	17 const char *token_add;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	18 const char *token_bucket;
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	19 const char *token_context;
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	20 const char *token_file;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	21 const char *token_ignore;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	22 const char *token_include;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	23 const char *token_index;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	24 const char *token_lbrace;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	25 const char *token_message;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	26 const char *token_pattern;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	27 const char *token_rbrace;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	28 const char *token_remove;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	29 const char *token_semi;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	30 const char *token_slash;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	31 const char *token_threshold;
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	32 string_set all_strings;// owns all the strings, only modified by the config loader thread
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	33 recorder_map recorders; // all the recorders are named
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	34 const int maxlen = 1000; // used for snprintf buffers
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	35 const int scale_max = 500000;
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	36
8fe310e5cd44 initial coding carl parents: 2 diff changeset	37
8fe310e5cd44 initial coding carl parents: 2 diff changeset	38 ////////////////////////////////////////////////
8fe310e5cd44 initial coding carl parents: 2 diff changeset	39 //
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	40
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	41 IPR::IPR() {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	42 reference_count = 0;
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	43 daily_timer = 86400;
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	44 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	45
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	46 IPR* IPR::find(const char* name) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	47 recorder_map::iterator m = recorders.find(name);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	48 if (m == recorders.end()) recorders[name] = new IPR;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	49 recorders[name]->reference(1);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	50 return recorders[name];
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	51 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	52
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	53
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	54 void IPR::release(const char* name) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	55 recorder_map::iterator m = recorders.find(name);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	56 IPR* i = (*m).second;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	57 int r = i->reference(-1);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	58 if (r == 0) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	59 delete i;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	60 recorders.erase(m);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	61 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	62 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	63
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	64
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	65 void IPR::add(int ip, int amount, CONTEXT &con, const char file_name, int pattern_index, const char message) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	66 if (con.looking(ip)) {
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	67 ip_buckets::iterator j = repeat_offenders.find(ip);
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	68 int scale = (j == repeat_offenders.end()) ? 1 : (*j).second.count;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	69 amount *= scale;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	70
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	71 ip_buckets::iterator i = violations.find(ip);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	72 if (i == violations.end()) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	73 bucket b;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	74 b.count = amount;
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	75 b.blocked = (con.get_threshold() <= b.count);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	76 violations[ip] = b;
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	77 if (b.blocked) {
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	78 update(ip, true, scale, file_name, pattern_index, message);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	79 changed(con, ip, true);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	80 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	81 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	82 else {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	83 bucket &b = (*i).second;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	84 if (b.count < (INT_MAX-amount)) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	85 b.count += amount;
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	86 if ((!b.blocked) && (con.get_threshold() <= b.count)) {
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	87 b.blocked = true;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	88 update(ip, true, scale, file_name, pattern_index, message);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	89 changed(con, ip, true);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	90 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	91 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	92 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	93 }
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	94 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	95
8fe310e5cd44 initial coding carl parents: 2 diff changeset	96
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	97 void IPR::leak(int amount, CONTEXT &con) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	98 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); ) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	99 int ip = (*i).first;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	100 bucket &b = (*i).second;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	101 if (b.count <= amount) {
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	102 if (b.blocked) {
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	103 update(ip, false, 0, NULL, 0, NULL);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	104 changed(con, ip, false);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	105 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	106 violations.erase(i++);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	107 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	108 else {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	109 b.count -= amount;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	110 i++;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	111 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	112 }
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	113 daily_timer -= amount;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	114 if (daily_timer < 0) {
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	115 daily_timer = 86400;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	116 for (ip_buckets::iterator j=repeat_offenders.begin(); j!=repeat_offenders.end(); ) {
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	117 int ip = (*j).first;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	118 bucket &b = (*j).second;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	119 b.count = b.count * 2 / 3;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	120 if (b.count <= 2) {
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	121 repeat_offenders.erase(j++);
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	122 char buf[maxlen];
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	123 in_addr ad;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	124 ad.s_addr = htonl(ip);
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	125 snprintf(buf, maxlen, "removing %s from repeat offenders", inet_ntoa(ad));
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	126 my_syslog(buf);
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	127 }
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	128 else {
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	129 j++;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	130 }
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	131 }
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	132 }
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	133 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	134
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	135
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	136 void IPR::free_all(CONTEXT &con) {
37 e4eb969dfc4a shutdown removes iptables entries that we added carl parents: 36 diff changeset	137 if (debug_syslog > 2) {
e4eb969dfc4a shutdown removes iptables entries that we added carl parents: 36 diff changeset	138 my_syslog("syslog2iptables shutting down");
e4eb969dfc4a shutdown removes iptables entries that we added carl parents: 36 diff changeset	139 }
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	140 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	141 int ip = (*i).first;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	142 bucket &b = (*i).second;
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	143 if (b.blocked) {
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	144 update(ip, false, 0, NULL, 0, NULL);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	145 changed(con, ip, false);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	146 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	147 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	148 violations.clear();
20 0d65c3de34fd add better logging carl parents: 12 diff changeset	149 }
0d65c3de34fd add better logging carl parents: 12 diff changeset	150
0d65c3de34fd add better logging carl parents: 12 diff changeset	151
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	152 void IPR::update(int ip, bool added, int scale, const char file_name, int pattern_index, const char message) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	153 if (debug_syslog > 2) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	154 char buf[maxlen];
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	155 in_addr ad;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	156 ad.s_addr = htonl(ip);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	157 if (added) {
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	158 if (message) snprintf(buf, maxlen, "dropping traffic from/to %s based on %s in %s, scale %d", inet_ntoa(ad), message, file_name, scale);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	159 else snprintf(buf, maxlen, "dropping traffic from/to %s based on pattern match %d in %s", inet_ntoa(ad), pattern_index, file_name);
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	160 ip_buckets::iterator j = repeat_offenders.find(ip);
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	161 if (j == repeat_offenders.end()) {
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	162 bucket b;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	163 b.count = 2;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	164 b.blocked = true; // unused
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	165 repeat_offenders[ip] = b;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	166 }
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	167 else {
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	168 bucket &b = (*j).second;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	169 if (b.count < scale_max) b.count = b.count * 3 / 2;
b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	170 }
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	171 }
58 b45dddebe8fc Add exponential increase in penalty for repeat offenders Carl Byington <carl@five-ten-sg.com> parents: 51 diff changeset	172 else snprintf(buf, maxlen, "allowing traffic from/to %s", inet_ntoa(ad));
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	173 my_syslog(buf);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	174 }
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	175 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	176
8fe310e5cd44 initial coding carl parents: 2 diff changeset	177
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	178 void IPR::changed(CONTEXT &con, int ip, bool added) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	179 int t = con.get_threshold();
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	180 char buf[maxlen];
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	181 if (added) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	182 bucket &b = violations[ip];
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	183 if (con.looking(ip) && (b.count > t)) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	184 in_addr ad;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	185 ad.s_addr = htonl(ip);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	186 snprintf(buf, maxlen, con.add_command, inet_ntoa(ad));
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	187 system(buf);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	188 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	189 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	190 else {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	191 in_addr ad;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	192 ad.s_addr = htonl(ip);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	193 snprintf(buf, maxlen, con.remove_command, inet_ntoa(ad));
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	194 system(buf);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	195 }
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	196 }
1 551433a01cab initial coding carl parents: diff changeset	197
551433a01cab initial coding carl parents: diff changeset	198
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	199 ////////////////////////////////////////////////
8fe310e5cd44 initial coding carl parents: 2 diff changeset	200 //
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	201 int ip_address(const char *have);
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	202 int ip_address(const char *have) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	203 int ipaddr = 0;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	204 in_addr ip;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	205 if (inet_aton(have, &ip)) ipaddr = ip.s_addr;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	206 else {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	207 struct hostent *host = gethostbyname(have);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	208 if (host && host->h_addrtype == AF_INET) memcpy(&ipaddr, host->h_addr, sizeof(ipaddr));
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	209 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	210 return ntohl(ipaddr);
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	211 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	212
8fe310e5cd44 initial coding carl parents: 2 diff changeset	213
8fe310e5cd44 initial coding carl parents: 2 diff changeset	214 ////////////////////////////////////////////////
8fe310e5cd44 initial coding carl parents: 2 diff changeset	215 //
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	216 PATTERN::PATTERN(TOKEN &tok, const char pattern_, int index_, int amount_, const char msg_) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	217 pattern = pattern_;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	218 index = index_;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	219 amount = amount_;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	220 message = msg_;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	221 if (pattern) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	222 int rc = regcomp(&re, pattern, REG_ICASE \| REG_EXTENDED);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	223 if (rc) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	224 char bu[maxlen];
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	225 regerror(rc, &re, bu, maxlen);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	226 char buf[maxlen];
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	227 snprintf(buf, sizeof(buf), "pattern %s not valid - %s", pattern, bu);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	228 tok.token_error(buf);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	229 pattern = NULL;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	230 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	231 }
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	232 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	233
8fe310e5cd44 initial coding carl parents: 2 diff changeset	234
8fe310e5cd44 initial coding carl parents: 2 diff changeset	235 PATTERN::~PATTERN() {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	236 regfree(&re);
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	237 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	238
8fe310e5cd44 initial coding carl parents: 2 diff changeset	239
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	240 bool PATTERN::process(char buf, CONTEXT &con, const char file_name, int pattern_index) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	241 if (pattern) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	242 const int nmatch = index+1;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	243 regmatch_t match[nmatch];
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	244 if (0 == regexec(&re, buf, nmatch, match, 0)) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	245 int s = match[index].rm_so;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	246 int e = match[index].rm_eo;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	247 if (s != -1) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	248 if (debug_syslog > 3) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	249 my_syslog(buf); // show lines with matches
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	250 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	251 buf[e] = '\0';
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	252 int ip = ip_address(buf+s);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	253 if (ip) {
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	254 con.recorder->add(ip, amount, con, file_name, pattern_index, message);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	255 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	256 return true;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	257 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	258 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	259 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	260 return false;
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	261 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	262
8fe310e5cd44 initial coding carl parents: 2 diff changeset	263
8fe310e5cd44 initial coding carl parents: 2 diff changeset	264 void PATTERN::dump(int level) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	265 char indent[maxlen];
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	266 int i = min(maxlen-1, level*4);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	267 memset(indent, ' ', i);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	268 indent[i] = '\0';
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	269 printf("%s pattern \"%s\" {; \n", indent, pattern);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	270 printf("%s index %d; \n", indent, index);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	271 printf("%s bucket %d; \n", indent, amount);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	272 if (message) printf("%s message \"%s\"; \n", indent, message);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	273 printf("%s }; \n", indent);
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	274 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	275
8fe310e5cd44 initial coding carl parents: 2 diff changeset	276
8fe310e5cd44 initial coding carl parents: 2 diff changeset	277 ////////////////////////////////////////////////
8fe310e5cd44 initial coding carl parents: 2 diff changeset	278 //
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	279 CONTEXT::CONTEXT(const char *nam) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	280 name = nam;
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	281 threshold = 500;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	282 add_command = "/sbin/iptables -I INPUT --src %s --jump DROP";
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	283 remove_command = "/sbin/iptables -D INPUT --src %s --jump DROP";
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	284 recorder = IPR::find(name);
1 551433a01cab initial coding carl parents: diff changeset	285 }
551433a01cab initial coding carl parents: diff changeset	286
551433a01cab initial coding carl parents: diff changeset	287
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	288 ////////////////////////////////////////////////
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	289 //
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	290 CONTEXT::~CONTEXT() {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	291 ignore.clear();
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	292 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	293 SYSLOGCONFIG c = i;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	294 delete c;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	295 }
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	296 IPR::release(name);
1 551433a01cab initial coding carl parents: diff changeset	297 }
551433a01cab initial coding carl parents: diff changeset	298
551433a01cab initial coding carl parents: diff changeset	299
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	300 void CONTEXT::add_syslogconfig(SYSLOGCONFIGP con) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	301 syslogconfigs.push_back(con);
1 551433a01cab initial coding carl parents: diff changeset	302 }
551433a01cab initial coding carl parents: diff changeset	303
551433a01cab initial coding carl parents: diff changeset	304
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	305 void CONTEXT::add_pair(IPPAIR pair) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	306 ignore.push_back(pair);
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	307 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	308
8fe310e5cd44 initial coding carl parents: 2 diff changeset	309
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	310 void CONTEXT::dump() {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	311 string indents(" ");
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	312 const char *indent = indents.c_str();
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	313
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	314 printf("context %s {\n", name);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	315 printf("%s threshold %d; \n\n", indent, threshold);
27 28fec0c67646 make add/remove commands configureable carl parents: 24 diff changeset	316
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	317 printf("%s add_command \"%s\"; \n", indent, add_command);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	318 printf("%s remove_command \"%s\"; \n\n", indent, remove_command);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	319
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	320 printf("%s ignore { \n", indent);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	321 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	322 IPPAIR &p = *i;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	323 in_addr ip;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	324 ip.s_addr = htonl(p.first);
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	325 printf("%s %s/%d; \n", indent, inet_ntoa(ip), p.cidr);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	326 }
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	327 printf("%s }; \n\n", indent);
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	328
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	329 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	330 SYSLOGCONFIGP c = *i;
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	331 c->dump(1);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	332 }
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	333 printf("}; \n\n");
1 551433a01cab initial coding carl parents: diff changeset	334 }
551433a01cab initial coding carl parents: diff changeset	335
551433a01cab initial coding carl parents: diff changeset	336
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	337 void CONTEXT::read(CONFIG &con) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	338 while (true) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	339 bool have = false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	340 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	341 SYSLOGCONFIGP c = *i;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	342 have \|= c->read(*this);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	343 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	344 if (!have) break;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	345 }
2 6e88da080f08 initial coding carl parents: 1 diff changeset	346 }
6e88da080f08 initial coding carl parents: 1 diff changeset	347
6e88da080f08 initial coding carl parents: 1 diff changeset	348
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	349 void CONTEXT::free_all() {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	350 recorder->free_all(*this);
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	351 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	352
8fe310e5cd44 initial coding carl parents: 2 diff changeset	353
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	354 void CONTEXT::leak(int delta) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	355 recorder->leak(delta, *this);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	356
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	357 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	358
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	359
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	360 bool CONTEXT::looking(int ip) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	361 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	362 IPPAIR &p = *i;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	363 if ((p.first <= ip) && (ip <= p.last)) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	364 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	365 return true;
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	366 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	367
8fe310e5cd44 initial coding carl parents: 2 diff changeset	368 ////////////////////////////////////////////////
8fe310e5cd44 initial coding carl parents: 2 diff changeset	369 //
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	370 CONFIG::CONFIG() {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	371 reference_count = 0;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	372 generation = 0;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	373 load_time = 0;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	374 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	375
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	376
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	377 CONFIG::~CONFIG() {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	378 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	379 CONTEXT c = i;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	380 delete c;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	381 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	382 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	383
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	384
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	385 void CONFIG::dump() {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	386 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	387 CONTEXTP c = *i;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	388 c->dump();
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	389 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	390 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	391
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	392
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	393 void CONFIG::read() {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	394 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	395 CONTEXT c = i;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	396 c->read(*this);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	397 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	398 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	399
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	400
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	401 void CONFIG::sleep(int duration, time_t &previous) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	402 ::sleep(duration);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	403 time_t now = time(NULL);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	404 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	405 CONTEXT c = i;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	406 c->leak(now-previous);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	407 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	408 previous = now;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	409 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	410
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	411
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	412 void CONFIG::free_all() {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	413 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	414 CONTEXT c = i;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	415 c->free_all();
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	416 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	417 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	418
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	419
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	420 ////////////////////////////////////////////////
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	421 //
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	422 SYSLOGCONFIG::SYSLOGCONFIG(TOKEN &tok, const char *file_name_) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	423 tokp = &tok;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	424 file_name = file_name_;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	425 open(true);
1 551433a01cab initial coding carl parents: diff changeset	426 }
551433a01cab initial coding carl parents: diff changeset	427
551433a01cab initial coding carl parents: diff changeset	428
551433a01cab initial coding carl parents: diff changeset	429 SYSLOGCONFIG::~SYSLOGCONFIG() {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	430 close();
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	431 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	432 PATTERN p = i;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	433 delete p;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	434 }
2 6e88da080f08 initial coding carl parents: 1 diff changeset	435 }
6e88da080f08 initial coding carl parents: 1 diff changeset	436
6e88da080f08 initial coding carl parents: 1 diff changeset	437
4 2737ab01659a initial coding carl parents: 3 diff changeset	438 void SYSLOGCONFIG::open(bool msg) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	439 fd = ::open(file_name, O_RDONLY);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	440 len = 0;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	441 if (fd == -1) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	442 if (msg) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	443 char buf[maxlen];
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	444 snprintf(buf, sizeof(buf), "syslog file %s not readable", file_name);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	445 tokp->token_error(buf);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	446 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	447 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	448 else {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	449 if (debug_syslog > 1) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	450 snprintf(buf, sizeof(buf), "syslog file %s opened", file_name);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	451 my_syslog(buf);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	452 }
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	453 if (msg) lseek(fd, 0, SEEK_END);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	454 if (fstat(fd, &openfdstat)) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	455 close();
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	456 snprintf(buf, sizeof(buf), "syslog file %s cannot stat after open", file_name);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	457 tokp->token_error(buf);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	458 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	459 // specify that this fd gets closed on exec, so that selinux
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	460 // won't complain about iptables trying to read log files.
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	461 int oldflags = fcntl(fd, F_GETFD, 0);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	462 if (oldflags >= 0) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	463 fcntl(fd, F_SETFD, oldflags \| FD_CLOEXEC);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	464 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	465 }
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	466 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	467
8fe310e5cd44 initial coding carl parents: 2 diff changeset	468
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	469 bool SYSLOGCONFIG::read(CONTEXT &con) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	470 if (failed()) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	471 open(false);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	472 if (failed()) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	473 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	474 int n = ::read(fd, buf+len, buflen-len);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	475 bool have = (n > 0);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	476 if (have) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	477 len += n;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	478 while (true) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	479 char p = (char)memchr(buf, '\n', len);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	480 if (!p) break;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	481 n = p-buf;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	482 *p = '\0';
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	483 process(con); // process null terminated string
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	484 len -= n+1;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	485 memmove(buf, p+1, len);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	486 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	487 // no <lf> in a full buffer
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	488 if (len == buflen) len = 0;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	489 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	490 else {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	491 // check for file close
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	492 struct stat filenamest;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	493 if (0 == stat(file_name, &filenamest)) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	494 if ((filenamest.st_dev != openfdstat.st_dev) \|\|
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	495 (filenamest.st_ino != openfdstat.st_ino)) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	496 close();
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	497 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	498 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	499 else {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	500 // filename no longer exists
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	501 close();
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	502 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	503 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	504 return have;
2 6e88da080f08 initial coding carl parents: 1 diff changeset	505 }
6e88da080f08 initial coding carl parents: 1 diff changeset	506
6e88da080f08 initial coding carl parents: 1 diff changeset	507
4 2737ab01659a initial coding carl parents: 3 diff changeset	508 void SYSLOGCONFIG::close() {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	509 if (debug_syslog > 1) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	510 snprintf(buf, sizeof(buf), "syslog file %s closed", file_name);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	511 my_syslog(buf);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	512 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	513 if (fd != -1) ::close(fd);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	514 fd = -1;
4 2737ab01659a initial coding carl parents: 3 diff changeset	515 }
2737ab01659a initial coding carl parents: 3 diff changeset	516
2737ab01659a initial coding carl parents: 3 diff changeset	517
2737ab01659a initial coding carl parents: 3 diff changeset	518 void SYSLOGCONFIG::add_pattern(PATTERNP pat) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	519 patterns.push_back(pat);
4 2737ab01659a initial coding carl parents: 3 diff changeset	520 }
2737ab01659a initial coding carl parents: 3 diff changeset	521
2737ab01659a initial coding carl parents: 3 diff changeset	522
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	523 void SYSLOGCONFIG::process(CONTEXT &con) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	524 int pi=0;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	525 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	526 PATTERN p = i;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	527 if (p->process(buf, con, file_name, pi)) break;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	528 pi++;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	529 }
1 551433a01cab initial coding carl parents: diff changeset	530 }
551433a01cab initial coding carl parents: diff changeset	531
551433a01cab initial coding carl parents: diff changeset	532
551433a01cab initial coding carl parents: diff changeset	533 void SYSLOGCONFIG::dump(int level) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	534 char indent[maxlen];
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	535 int i = min(maxlen-1, level*4);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	536 memset(indent, ' ', i);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	537 indent[i] = '\0';
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	538 printf("%s file \"%s\" {\n", indent, file_name);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	539 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	540 PATTERN p = i;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	541 p->dump(level+1);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	542 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	543 printf("%s }; \n", indent);
1 551433a01cab initial coding carl parents: diff changeset	544 }
551433a01cab initial coding carl parents: diff changeset	545
551433a01cab initial coding carl parents: diff changeset	546
551433a01cab initial coding carl parents: diff changeset	547 ////////////////////////////////////////////////
551433a01cab initial coding carl parents: diff changeset	548 // helper to discard the strings held by a string_set
551433a01cab initial coding carl parents: diff changeset	549 //
551433a01cab initial coding carl parents: diff changeset	550 void discard(string_set &s) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	551 for (string_set::iterator i=s.begin(); i!=s.end(); i++) {
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	552 free((void)i);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	553 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	554 s.clear();
1 551433a01cab initial coding carl parents: diff changeset	555 }
551433a01cab initial coding carl parents: diff changeset	556
551433a01cab initial coding carl parents: diff changeset	557
551433a01cab initial coding carl parents: diff changeset	558 ////////////////////////////////////////////////
551433a01cab initial coding carl parents: diff changeset	559 // helper to register a string in a string set
551433a01cab initial coding carl parents: diff changeset	560 //
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	561 const char* register_string(string_set &s, const char *name) {
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	562 string_set::const_iterator i = s.find(name);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	563 if (i != s.end()) return *i;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	564 char *x = strdup(name);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	565 s.insert(x);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	566 return x;
1 551433a01cab initial coding carl parents: diff changeset	567 }
551433a01cab initial coding carl parents: diff changeset	568
551433a01cab initial coding carl parents: diff changeset	569
551433a01cab initial coding carl parents: diff changeset	570 ////////////////////////////////////////////////
551433a01cab initial coding carl parents: diff changeset	571 // register a global string
551433a01cab initial coding carl parents: diff changeset	572 //
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	573 const char* register_string(const char *name) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	574 return register_string(all_strings, name);
1 551433a01cab initial coding carl parents: diff changeset	575 }
551433a01cab initial coding carl parents: diff changeset	576
551433a01cab initial coding carl parents: diff changeset	577
551433a01cab initial coding carl parents: diff changeset	578 ////////////////////////////////////////////////
38 26c29da3fbdf shutdown removes iptables entries that we added carl parents: 37 diff changeset	579 // clear all global strings, helper for valgrind checking
26c29da3fbdf shutdown removes iptables entries that we added carl parents: 37 diff changeset	580 //
26c29da3fbdf shutdown removes iptables entries that we added carl parents: 37 diff changeset	581 void clear_strings() {
26c29da3fbdf shutdown removes iptables entries that we added carl parents: 37 diff changeset	582 discard(all_strings);
26c29da3fbdf shutdown removes iptables entries that we added carl parents: 37 diff changeset	583 }
26c29da3fbdf shutdown removes iptables entries that we added carl parents: 37 diff changeset	584
26c29da3fbdf shutdown removes iptables entries that we added carl parents: 37 diff changeset	585
26c29da3fbdf shutdown removes iptables entries that we added carl parents: 37 diff changeset	586 ////////////////////////////////////////////////
1 551433a01cab initial coding carl parents: diff changeset	587 //
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	588 bool tsa(TOKEN &tok, const char *token);
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	589 bool tsa(TOKEN &tok, const char *token) {
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	590 const char *have = tok.next();
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	591 if (have == token) return true;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	592 tok.token_error(token, have);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	593 return false;
1 551433a01cab initial coding carl parents: diff changeset	594 }
551433a01cab initial coding carl parents: diff changeset	595
551433a01cab initial coding carl parents: diff changeset	596
551433a01cab initial coding carl parents: diff changeset	597 ////////////////////////////////////////////////
551433a01cab initial coding carl parents: diff changeset	598 //
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	599 bool parse_pattern(TOKEN &tok, SYSLOGCONFIG &con, CONTEXT &me);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	600 bool parse_pattern(TOKEN &tok, SYSLOGCONFIG &con, CONTEXT &me) {
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	601 const char *pat = tok.next();
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	602 int ind = 0;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	603 int buc = 0;
ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	604 const char *msg = NULL;
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	605 if (!tsa(tok, token_lbrace)) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	606 while (true) {
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	607 const char *have = tok.next();
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	608 if (!have) break;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	609 if (have == token_rbrace) break;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	610 if (have == token_index) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	611 have = tok.next();
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	612 ind = atoi(have);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	613 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	614 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	615 else if (have == token_bucket) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	616 have = tok.next();
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	617 buc = atoi(have);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	618 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	619 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	620 else if (have == token_message) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	621 msg = tok.next();
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	622 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	623 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	624 else {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	625 tok.token_error("index/bucket", have);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	626 return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	627 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	628 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	629 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	630 PATTERNP patt = new PATTERN(tok, pat, ind, buc, msg);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	631 con.add_pattern(patt);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	632 return true;
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	633 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	634
8fe310e5cd44 initial coding carl parents: 2 diff changeset	635
8fe310e5cd44 initial coding carl parents: 2 diff changeset	636 ////////////////////////////////////////////////
8fe310e5cd44 initial coding carl parents: 2 diff changeset	637 //
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	638 bool parse_ignore(TOKEN &tok, CONFIG &dc, CONTEXT &me);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	639 bool parse_ignore(TOKEN &tok, CONFIG &dc, CONTEXT &me) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	640 if (!tsa(tok, token_lbrace)) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	641 while (true) {
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	642 const char *have = tok.next();
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	643 if (!have) break;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	644 if (have == token_rbrace) break;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	645 int ipaddr = ip_address(have);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	646 if (ipaddr == 0) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	647 tok.token_error("ip address", have);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	648 return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	649 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	650 if (!tsa(tok, token_slash)) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	651 have = tok.next();
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	652 int mask = atoi(have);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	653 if ((mask < 8) \|\| (mask > 32)) {
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	654 tok.token_error("cidr 8..32 value", have);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	655 return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	656 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	657 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	658 IPPAIR pair;
59 f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	659 const unsigned int masks[33] = {0xffffffff, // 0
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	660 0x7fffffff, // 1
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	661 0x3fffffff, // 2
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	662 0x1fffffff, // 3
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	663 0x0fffffff, // 4
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	664 0x07ffffff, // 5
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	665 0x03ffffff, // 6
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	666 0x01ffffff, // 7
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	667 0x00ffffff, // 8
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	668 0x007fffff, // 9
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	669 0x003fffff, // 10
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	670 0x001fffff, // 11
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	671 0x000fffff, // 12
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	672 0x0007ffff, // 13
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	673 0x0003ffff, // 14
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	674 0x0001ffff, // 15
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	675 0x0000ffff, // 16
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	676 0x00007fff, // 17
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	677 0x00003fff, // 18
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	678 0x00001fff, // 19
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	679 0x00000fff, // 20
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	680 0x000007ff, // 21
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	681 0x000003ff, // 22
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	682 0x000001ff, // 23
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	683 0x000000ff, // 24
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	684 0x0000007f, // 25
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	685 0x0000003f, // 26
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	686 0x0000001f, // 27
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	687 0x0000000f, // 28
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	688 0x00000007, // 29
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	689 0x00000003, // 30
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	690 0x00000001, // 31
f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	691 0x00000000}; // 32
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	692 pair.first = ipaddr;
59 f133196b8591 fix c++11 compiler warnings Carl Byington <carl@five-ten-sg.com> parents: 58 diff changeset	693 pair.last = ipaddr \| (int)masks[mask];
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	694 pair.cidr = mask;
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	695 me.add_pair(pair);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	696 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	697 if (!tsa(tok, token_semi)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	698 return true;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	699 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	700
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	701
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	702 ////////////////////////////////////////////////
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	703 //
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	704 bool parse_syslogconfig(TOKEN &tok, CONFIG &dc, CONTEXT &me);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	705 bool parse_syslogconfig(TOKEN &tok, CONFIG &dc, CONTEXT &me) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	706 const char *name = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	707 if (!tsa(tok, token_lbrace)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	708 SYSLOGCONFIGP con = new SYSLOGCONFIG(tok, name);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	709 if (con->failed()) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	710 delete con;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	711 return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	712 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	713 me.add_syslogconfig(con);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	714 while (true) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	715 const char *have = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	716 if (!have) break;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	717 if (have == token_rbrace) break;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	718 if (have == token_pattern) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	719 if (!parse_pattern(tok, *con, me)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	720 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	721 else {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	722 tok.token_error("pattern", have);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	723 return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	724 }
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	725 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	726 if (!tsa(tok, token_semi)) return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	727 return true;
3 8fe310e5cd44 initial coding carl parents: 2 diff changeset	728 }
8fe310e5cd44 initial coding carl parents: 2 diff changeset	729
8fe310e5cd44 initial coding carl parents: 2 diff changeset	730
8fe310e5cd44 initial coding carl parents: 2 diff changeset	731 ////////////////////////////////////////////////
8fe310e5cd44 initial coding carl parents: 2 diff changeset	732 //
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	733 bool parse_context(TOKEN &tok, CONFIG &dc, CONTEXTP parent);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	734 bool parse_context(TOKEN &tok, CONFIG &dc, CONTEXTP parent) {
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	735 const char *name = tok.next();
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	736 if (!tsa(tok, token_lbrace)) return false;
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	737 CONTEXTP con = new CONTEXT(name);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	738
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	739 while (true) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	740 const char *have = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	741 if (!have) break;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	742 if (have == token_rbrace) break; // done
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	743 if (have == token_threshold) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	744 have = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	745 con->set_threshold(atoi(have));
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	746 if (!tsa(tok, token_semi)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	747 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	748 else if (have == token_ignore) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	749 if (!parse_ignore(tok, dc, *con)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	750 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	751 else if (have == token_add) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	752 have = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	753 con->set_add(have);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	754 if (!tsa(tok, token_semi)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	755 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	756 else if (have == token_remove) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	757 have = tok.next();
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	758 con->set_remove(have);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	759 if (!tsa(tok, token_semi)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	760 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	761 else if (have == token_file) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	762 if (!parse_syslogconfig(tok, dc, *con)) return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	763 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	764 else {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	765 tok.token_error("threshold/ignore/add_command/remove_command/file", have);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	766 return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	767 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	768 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	769 if (!tsa(tok, token_semi)) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	770 delete con;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	771 return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	772 }
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	773 dc.add_context(con);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	774 return true;
1 551433a01cab initial coding carl parents: diff changeset	775 }
551433a01cab initial coding carl parents: diff changeset	776
551433a01cab initial coding carl parents: diff changeset	777
551433a01cab initial coding carl parents: diff changeset	778 ////////////////////////////////////////////////
551433a01cab initial coding carl parents: diff changeset	779 // parse a config file
551433a01cab initial coding carl parents: diff changeset	780 //
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	781 bool load_conf(CONFIG &dc, const char *fn) {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	782 int count = 0;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	783 TOKEN tok(fn, &dc.config_files);
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	784 while (true) {
48 ba0259c9e411 Fixes to compile on Fedora 9 and for const correctness Carl Byington <carl@five-ten-sg.com> parents: 42 diff changeset	785 const char *have = tok.next();
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	786 if (!have) break;
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	787 if (have == token_context) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	788 if (!parse_context(tok, dc, NULL)) {
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	789 tok.token_error("load_conf() failed to parse context");
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	790 return false;
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	791 }
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	792 else count++;
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	793 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	794 else {
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	795 tok.token_error(token_context, have);
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	796 return false;
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	797 }
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	798 }
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	799 tok.token_error("load_conf() found %d contexts in %s", count, fn);
206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	800 return (!dc.contexts.empty());
1 551433a01cab initial coding carl parents: diff changeset	801 }
551433a01cab initial coding carl parents: diff changeset	802
551433a01cab initial coding carl parents: diff changeset	803
551433a01cab initial coding carl parents: diff changeset	804 ////////////////////////////////////////////////
551433a01cab initial coding carl parents: diff changeset	805 // init the tokens
551433a01cab initial coding carl parents: diff changeset	806 //
551433a01cab initial coding carl parents: diff changeset	807 void token_init() {
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	808 token_add = register_string("add_command");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	809 token_bucket = register_string("bucket");
51 206448c00b55 Allow multiple contexts with independent add/remove commands. Carl Byington <carl@five-ten-sg.com> parents: 48 diff changeset	810 token_context = register_string("context");
36 6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	811 token_file = register_string("file");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	812 token_ignore = register_string("ignore");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	813 token_include = register_string("include");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	814 token_index = register_string("index");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	815 token_lbrace = register_string("{");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	816 token_message = register_string("message");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	817 token_pattern = register_string("pattern");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	818 token_rbrace = register_string("}");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	819 token_remove = register_string("remove_command");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	820 token_semi = register_string(";");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	821 token_slash = register_string("/");
6a2f26976898 shutdown removes iptables entries that we added carl parents: 35 diff changeset	822 token_threshold = register_string("threshold");
1 551433a01cab initial coding carl parents: diff changeset	823 }

Mercurial > syslog2iptables

annotate src/syslogconfig.cpp @ 59:f133196b8591