Mercurial > syslog2iptables
comparison src/syslogconfig.cpp @ 5:276c4edc8521
initial coding
author | carl |
---|---|
date | Fri, 02 Dec 2005 17:52:44 -0800 |
parents | 2737ab01659a |
children | c2a2e35a85ac |
comparison
equal
deleted
inserted
replaced
4:2737ab01659a | 5:276c4edc8521 |
---|---|
99 void IPR::leak(int amount, CONFIG &con) { | 99 void IPR::leak(int amount, CONFIG &con) { |
100 bool ch = false; | 100 bool ch = false; |
101 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); ) { | 101 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); ) { |
102 int ip = (*i).first; | 102 int ip = (*i).first; |
103 bucket &b = (*i).second; | 103 bucket &b = (*i).second; |
104 // in_addr ad; | |
105 // ad.s_addr = htonl(ip); | |
106 // char buf[maxlen]; | |
107 // snprintf(buf, maxlen, "leak %s with %d count", inet_ntoa(ad), n); | |
108 // my_syslog(buf); | |
109 if (b.count <= amount) { | 104 if (b.count <= amount) { |
110 ch |= b.latch; | 105 ch |= b.latch; |
111 violations.erase(i++); | 106 violations.erase(i++); |
112 } | 107 } |
113 else { | 108 else { |
120 | 115 |
121 | 116 |
122 void IPR::changed(CONFIG &con) { | 117 void IPR::changed(CONFIG &con) { |
123 char buf[maxlen]; | 118 char buf[maxlen]; |
124 snprintf(buf, maxlen, "%s -F INPUT", iptables); | 119 snprintf(buf, maxlen, "%s -F INPUT", iptables); |
125 my_syslog(" "); | 120 if (debug_syslog > 2) { |
126 my_syslog(buf); | 121 my_syslog(" "); |
122 my_syslog(buf); | |
123 } | |
124 system(buf); | |
127 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); i++) { | 125 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); i++) { |
128 int ip = (*i).first; | 126 int ip = (*i).first; |
129 bucket &b = (*i).second; | 127 bucket &b = (*i).second; |
130 if (b.count > con.get_threshold()) { | 128 if (b.count > con.get_threshold()) { |
131 in_addr ad; | 129 in_addr ad; |
132 ad.s_addr = htonl(ip); | 130 ad.s_addr = htonl(ip); |
133 snprintf(buf, maxlen, "count=%d %s -A INPUT --src %s --jump DROP", b.count, iptables, inet_ntoa(ad)); | 131 snprintf(buf, maxlen, "count=%d %s -A INPUT --src %s --jump DROP", b.count, iptables, inet_ntoa(ad)); |
134 my_syslog(buf); | 132 if (debug_syslog > 2) my_syslog(buf); |
133 system(buf); | |
135 } | 134 } |
136 } | 135 } |
137 } | 136 } |
138 | 137 |
139 | 138 |
182 const int nmatch = index+1; | 181 const int nmatch = index+1; |
183 regmatch_t match[nmatch]; | 182 regmatch_t match[nmatch]; |
184 if (0 == regexec(&re, buf, nmatch, match, 0)) { | 183 if (0 == regexec(&re, buf, nmatch, match, 0)) { |
185 int s = match[index].rm_so; | 184 int s = match[index].rm_so; |
186 int e = match[index].rm_eo; | 185 int e = match[index].rm_eo; |
187 // char bu[maxlen]; | |
188 // snprintf(bu, maxlen, "re match from %d to %d", s, e); | |
189 // my_syslog(bu); | |
190 if (s != -1) { | 186 if (s != -1) { |
187 if (debug_syslog > 3) { | |
188 my_syslog(buf); // show lines with matches | |
189 } | |
191 buf[e] = '\0'; | 190 buf[e] = '\0'; |
192 int ip = ip_address(buf+s); | 191 int ip = ip_address(buf+s); |
193 if (ip) { | 192 if (ip) { |
194 recorder.add(ip, amount, con); | 193 recorder.add(ip, amount, con); |
195 } | 194 } |
315 snprintf(buf, sizeof(buf), "syslog file %s not readable", file_name); | 314 snprintf(buf, sizeof(buf), "syslog file %s not readable", file_name); |
316 tokp->token_error(buf); | 315 tokp->token_error(buf); |
317 } | 316 } |
318 } | 317 } |
319 else { | 318 else { |
319 if (debug_syslog > 1) { | |
320 snprintf(buf, sizeof(buf), "syslog file %s opened", file_name); | |
321 my_syslog(buf); | |
322 } | |
320 lseek(fd, 0, SEEK_END); | 323 lseek(fd, 0, SEEK_END); |
321 if (fstat(fd, &openfdstat)) { | 324 if (fstat(fd, &openfdstat)) { |
322 close(); | 325 close(); |
323 char buf[maxlen]; | |
324 snprintf(buf, sizeof(buf), "syslog file %s cannot stat after open", file_name); | 326 snprintf(buf, sizeof(buf), "syslog file %s cannot stat after open", file_name); |
325 tokp->token_error(buf); | 327 tokp->token_error(buf); |
326 } | 328 } |
327 } | 329 } |
328 } | 330 } |
367 return have; | 369 return have; |
368 } | 370 } |
369 | 371 |
370 | 372 |
371 void SYSLOGCONFIG::close() { | 373 void SYSLOGCONFIG::close() { |
374 if (debug_syslog > 1) { | |
375 snprintf(buf, sizeof(buf), "syslog file %s closed", file_name); | |
376 my_syslog(buf); | |
377 } | |
372 if (fd != -1) ::close(fd); | 378 if (fd != -1) ::close(fd); |
373 fd = -1; | 379 fd = -1; |
374 } | 380 } |
375 | 381 |
376 | 382 |