Mercurial > syslog2iptables
comparison src/syslogconfig.h @ 51:206448c00b55 stable-1-0-12
Allow multiple contexts with independent add/remove commands.
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Sat, 24 Jan 2009 15:52:20 -0800 |
| parents | ba0259c9e411 |
| children | b45dddebe8fc |
comparison
equal
deleted
inserted
replaced
| 50:75361069c6ef | 51:206448c00b55 |
|---|---|
| 6 | 6 |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 | 9 |
| 10 class SYSLOGCONFIG; | 10 class SYSLOGCONFIG; |
| 11 class CONTEXT; | |
| 11 class CONFIG; | 12 class CONFIG; |
| 12 | 13 |
| 13 struct IPPAIR { | 14 struct IPPAIR { |
| 14 int first; | 15 int first; |
| 15 int last; | 16 int last; |
| 23 int amount; // count to add to the ip address leaky bucket | 24 int amount; // count to add to the ip address leaky bucket |
| 24 const char * message; // for logging, owned by the string table | 25 const char * message; // for logging, owned by the string table |
| 25 public: | 26 public: |
| 26 ~PATTERN(); | 27 ~PATTERN(); |
| 27 PATTERN(TOKEN &tok, const char *pattern_, int index_, int amount_, const char *msg_); | 28 PATTERN(TOKEN &tok, const char *pattern_, int index_, int amount_, const char *msg_); |
| 28 bool process(char *buf, CONFIG &con, const char *file_name, int pattern_index); | 29 bool process(char *buf, CONTEXT &con, const char *file_name, int pattern_index); |
| 29 void dump(int level); | 30 void dump(int level); |
| 30 }; | 31 }; |
| 31 | 32 |
| 33 struct ltint | |
| 34 { | |
| 35 bool operator()(const int s1, const int s2) const | |
| 36 { | |
| 37 return (unsigned)s1 < (unsigned)s2; | |
| 38 } | |
| 39 }; | |
| 40 | |
| 41 struct bucket { | |
| 42 int count; | |
| 43 bool latch; // true iff ever count>threshold | |
| 44 }; | |
| 45 | |
| 46 typedef map<int, bucket, ltint> ip_buckets; | |
| 47 | |
| 48 class IPR { | |
| 49 int reference_count; // number of contexts using this recorder | |
| 50 ip_buckets violations; | |
| 51 public: | |
| 52 IPR(); | |
| 53 int reference(int delta) {reference_count += delta; return reference_count;}; | |
| 54 void add(int ip, int amount, CONTEXT &con, const char *file_name, int pattern_index, const char *message); | |
| 55 void leak(int amount, CONTEXT &con); | |
| 56 void free_all(CONTEXT &con); | |
| 57 void update(int ip, bool added, const char *file_name, int pattern_index, const char *message); | |
| 58 void changed(CONTEXT &con, int ip, bool added); | |
| 59 static IPR* find(const char* name); | |
| 60 static void release(const char* name); | |
| 61 }; | |
| 62 | |
| 63 | |
| 32 typedef SYSLOGCONFIG * SYSLOGCONFIGP; | 64 typedef SYSLOGCONFIG * SYSLOGCONFIGP; |
| 33 typedef PATTERN * PATTERNP; | 65 typedef PATTERN * PATTERNP; |
| 66 typedef CONTEXT * CONTEXTP; | |
| 67 typedef map<const char *, IPR*> recorder_map; | |
| 68 typedef list<CONTEXTP> context_list; | |
| 34 typedef list<SYSLOGCONFIGP> syslogconfig_list; | 69 typedef list<SYSLOGCONFIGP> syslogconfig_list; |
| 35 typedef list<IPPAIR> ippair_list; | 70 typedef list<IPPAIR> ippair_list; |
| 36 typedef list<PATTERNP> pattern_list; | 71 typedef list<PATTERNP> pattern_list; |
| 37 const int buflen = 1024; | 72 const int buflen = 1024; |
| 38 | 73 |
| 47 public: | 82 public: |
| 48 SYSLOGCONFIG(TOKEN &tok, const char *file_name_); | 83 SYSLOGCONFIG(TOKEN &tok, const char *file_name_); |
| 49 ~SYSLOGCONFIG(); | 84 ~SYSLOGCONFIG(); |
| 50 bool failed() { return (fd == -1); }; | 85 bool failed() { return (fd == -1); }; |
| 51 void open(bool msg); | 86 void open(bool msg); |
| 52 bool read(CONFIG &con); | 87 bool read(CONTEXT &con); |
| 53 void close(); | 88 void close(); |
| 54 void add_pattern(PATTERNP pat); | 89 void add_pattern(PATTERNP pat); |
| 55 void process(CONFIG &con); | 90 void process(CONTEXT &con); |
| 56 void dump(int level); | 91 void dump(int level); |
| 57 }; | 92 }; |
| 93 | |
| 94 | |
| 95 class CONTEXT { | |
| 96 public: | |
| 97 const char * name; // name of this context | |
| 98 int threshold; | |
| 99 ippair_list ignore; // owns all the ippairs | |
| 100 const char * add_command; // owned by the string table | |
| 101 const char * remove_command; // "" | |
| 102 IPR * recorder; // used to record violations | |
| 103 syslogconfig_list syslogconfigs; // owns all the syslogconfigs | |
| 104 | |
| 105 CONTEXT(const char *nam); | |
| 106 ~CONTEXT(); | |
| 107 void set_add(const char *add) { add_command = add; }; | |
| 108 void set_remove(const char *remove) { remove_command = remove; }; | |
| 109 void set_threshold(int threshold_) { threshold = threshold_; }; | |
| 110 int get_threshold() { return threshold; }; | |
| 111 void add_syslogconfig(SYSLOGCONFIGP con); | |
| 112 void add_pair(IPPAIR pair); | |
| 113 void dump(); | |
| 114 void read(CONFIG &con); | |
| 115 void free_all(); | |
| 116 void leak(int delta); | |
| 117 bool looking(int ip); | |
| 118 }; | |
| 119 | |
| 58 | 120 |
| 59 class CONFIG { | 121 class CONFIG { |
| 60 public: | 122 public: |
| 61 // the only mutable stuff once it has been loaded from the config file | 123 // the only mutable stuff once it has been loaded from the config file |
| 62 int reference_count; // protected by the global config_mutex | 124 int reference_count; // protected by the global config_mutex |
| 63 // all the rest is constant after loading from the config file | 125 // all the rest is constant after loading from the config file |
| 64 int generation; | 126 int generation; |
| 65 time_t load_time; | 127 time_t load_time; |
| 66 string_set config_files; | 128 string_set config_files; |
| 67 int threshold; | 129 context_list contexts; |
| 68 ippair_list ignore; // owns all the ippairs | |
| 69 const char * add_command; // owned by the string table | |
| 70 const char * remove_command; // "" | |
| 71 syslogconfig_list syslogconfigs; // owns all the syslogconfigs | |
| 72 | 130 |
| 73 CONFIG(); | 131 CONFIG(); |
| 74 ~CONFIG(); | 132 ~CONFIG(); |
| 75 void set_add(const char *add) { add_command = add; }; | 133 void add_context(CONTEXTP con) {contexts.push_back(con);} ; |
| 76 void set_remove(const char *remove) { remove_command = remove; }; | |
| 77 void set_threshold(int threshold_) { threshold = threshold_; }; | |
| 78 int get_threshold() { return threshold; }; | |
| 79 void add_syslogconfig(SYSLOGCONFIGP con); | |
| 80 void add_pair(IPPAIR pair); | |
| 81 void dump(); | 134 void dump(); |
| 82 void read(); | 135 void read(); |
| 83 void sleep(int duration, time_t &previous); | 136 void sleep(int duration, time_t &previous); |
| 84 void free_all(); | 137 void free_all(); |
| 85 bool looking(int ip); | |
| 86 }; | 138 }; |
| 87 | 139 |
| 88 void discard(string_set &s); | 140 void discard(string_set &s); |
| 89 const char* register_string(string_set &s, const char *name); | 141 const char* register_string(string_set &s, const char *name); |
| 90 const char* register_string(const char *name); | 142 const char* register_string(const char *name); |
| 93 bool load_conf(CONFIG &dc, const char *fn); | 145 bool load_conf(CONFIG &dc, const char *fn); |
| 94 void token_init(); | 146 void token_init(); |
| 95 | 147 |
| 96 extern const char *token_add; | 148 extern const char *token_add; |
| 97 extern const char *token_bucket; | 149 extern const char *token_bucket; |
| 150 extern const char *token_context; | |
| 98 extern const char *token_file; | 151 extern const char *token_file; |
| 99 extern const char *token_ignore; | 152 extern const char *token_ignore; |
| 100 extern const char *token_include; | 153 extern const char *token_include; |
| 101 extern const char *token_index; | 154 extern const char *token_index; |
| 102 extern const char *token_lbrace; | 155 extern const char *token_lbrace; |