Mercurial > syslog2iptables
comparison src/syslogconfig.cpp @ 5:276c4edc8521
initial coding
| author | carl |
|---|---|
| date | Fri, 02 Dec 2005 17:52:44 -0800 |
| parents | 2737ab01659a |
| children | c2a2e35a85ac |
comparison
equal
deleted
inserted
replaced
| 4:2737ab01659a | 5:276c4edc8521 |
|---|---|
| 99 void IPR::leak(int amount, CONFIG &con) { | 99 void IPR::leak(int amount, CONFIG &con) { |
| 100 bool ch = false; | 100 bool ch = false; |
| 101 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); ) { | 101 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); ) { |
| 102 int ip = (*i).first; | 102 int ip = (*i).first; |
| 103 bucket &b = (*i).second; | 103 bucket &b = (*i).second; |
| 104 // in_addr ad; | |
| 105 // ad.s_addr = htonl(ip); | |
| 106 // char buf[maxlen]; | |
| 107 // snprintf(buf, maxlen, "leak %s with %d count", inet_ntoa(ad), n); | |
| 108 // my_syslog(buf); | |
| 109 if (b.count <= amount) { | 104 if (b.count <= amount) { |
| 110 ch |= b.latch; | 105 ch |= b.latch; |
| 111 violations.erase(i++); | 106 violations.erase(i++); |
| 112 } | 107 } |
| 113 else { | 108 else { |
| 120 | 115 |
| 121 | 116 |
| 122 void IPR::changed(CONFIG &con) { | 117 void IPR::changed(CONFIG &con) { |
| 123 char buf[maxlen]; | 118 char buf[maxlen]; |
| 124 snprintf(buf, maxlen, "%s -F INPUT", iptables); | 119 snprintf(buf, maxlen, "%s -F INPUT", iptables); |
| 125 my_syslog(" "); | 120 if (debug_syslog > 2) { |
| 126 my_syslog(buf); | 121 my_syslog(" "); |
| 122 my_syslog(buf); | |
| 123 } | |
| 124 system(buf); | |
| 127 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); i++) { | 125 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); i++) { |
| 128 int ip = (*i).first; | 126 int ip = (*i).first; |
| 129 bucket &b = (*i).second; | 127 bucket &b = (*i).second; |
| 130 if (b.count > con.get_threshold()) { | 128 if (b.count > con.get_threshold()) { |
| 131 in_addr ad; | 129 in_addr ad; |
| 132 ad.s_addr = htonl(ip); | 130 ad.s_addr = htonl(ip); |
| 133 snprintf(buf, maxlen, "count=%d %s -A INPUT --src %s --jump DROP", b.count, iptables, inet_ntoa(ad)); | 131 snprintf(buf, maxlen, "count=%d %s -A INPUT --src %s --jump DROP", b.count, iptables, inet_ntoa(ad)); |
| 134 my_syslog(buf); | 132 if (debug_syslog > 2) my_syslog(buf); |
| 133 system(buf); | |
| 135 } | 134 } |
| 136 } | 135 } |
| 137 } | 136 } |
| 138 | 137 |
| 139 | 138 |
| 182 const int nmatch = index+1; | 181 const int nmatch = index+1; |
| 183 regmatch_t match[nmatch]; | 182 regmatch_t match[nmatch]; |
| 184 if (0 == regexec(&re, buf, nmatch, match, 0)) { | 183 if (0 == regexec(&re, buf, nmatch, match, 0)) { |
| 185 int s = match[index].rm_so; | 184 int s = match[index].rm_so; |
| 186 int e = match[index].rm_eo; | 185 int e = match[index].rm_eo; |
| 187 // char bu[maxlen]; | |
| 188 // snprintf(bu, maxlen, "re match from %d to %d", s, e); | |
| 189 // my_syslog(bu); | |
| 190 if (s != -1) { | 186 if (s != -1) { |
| 187 if (debug_syslog > 3) { | |
| 188 my_syslog(buf); // show lines with matches | |
| 189 } | |
| 191 buf[e] = '\0'; | 190 buf[e] = '\0'; |
| 192 int ip = ip_address(buf+s); | 191 int ip = ip_address(buf+s); |
| 193 if (ip) { | 192 if (ip) { |
| 194 recorder.add(ip, amount, con); | 193 recorder.add(ip, amount, con); |
| 195 } | 194 } |
| 315 snprintf(buf, sizeof(buf), "syslog file %s not readable", file_name); | 314 snprintf(buf, sizeof(buf), "syslog file %s not readable", file_name); |
| 316 tokp->token_error(buf); | 315 tokp->token_error(buf); |
| 317 } | 316 } |
| 318 } | 317 } |
| 319 else { | 318 else { |
| 319 if (debug_syslog > 1) { | |
| 320 snprintf(buf, sizeof(buf), "syslog file %s opened", file_name); | |
| 321 my_syslog(buf); | |
| 322 } | |
| 320 lseek(fd, 0, SEEK_END); | 323 lseek(fd, 0, SEEK_END); |
| 321 if (fstat(fd, &openfdstat)) { | 324 if (fstat(fd, &openfdstat)) { |
| 322 close(); | 325 close(); |
| 323 char buf[maxlen]; | |
| 324 snprintf(buf, sizeof(buf), "syslog file %s cannot stat after open", file_name); | 326 snprintf(buf, sizeof(buf), "syslog file %s cannot stat after open", file_name); |
| 325 tokp->token_error(buf); | 327 tokp->token_error(buf); |
| 326 } | 328 } |
| 327 } | 329 } |
| 328 } | 330 } |
| 367 return have; | 369 return have; |
| 368 } | 370 } |
| 369 | 371 |
| 370 | 372 |
| 371 void SYSLOGCONFIG::close() { | 373 void SYSLOGCONFIG::close() { |
| 374 if (debug_syslog > 1) { | |
| 375 snprintf(buf, sizeof(buf), "syslog file %s closed", file_name); | |
| 376 my_syslog(buf); | |
| 377 } | |
| 372 if (fd != -1) ::close(fd); | 378 if (fd != -1) ::close(fd); |
| 373 fd = -1; | 379 fd = -1; |
| 374 } | 380 } |
| 375 | 381 |
| 376 | 382 |