Mercurial > syslog2iptables

diff src/syslogconfig.h @ 3:8fe310e5cd44

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
initial coding
author carl
date Sun, 27 Nov 2005 21:12:01 -0800
parents 6e88da080f08
children 2737ab01659a
line wrap: on
line diff
--- a/src/syslogconfig.h	Thu Nov 24 10:31:09 2005 -0800
+++ b/src/syslogconfig.h	Sun Nov 27 21:12:01 2005 -0800
@@ -23,60 +23,94 @@
 
 #include "tokenizer.h"
 #include <map>
+#include <regex.h>
 
 
 class SYSLOGCONFIG;
+class CONFIG;
+
+struct IPPAIR {
+	int first;
+	int last;
+	int cidr;
+};
+
+class PATTERN {
+	char *			pattern;	// owned by the string table
+	regex_t 		re;
+	int 			index;		// zero based substring of the regex match that contains the ip address or hostname
+	int 			bucket; 	// count to add to the ip address leaky bucket
+public:
+	~PATTERN();
+	PATTERN(TOKEN &tok, char *pattern_, int index_, int bucket_);
+	bool	process(char *buf, CONFIG &con);
+	void	dump(int level);
+};
 
 typedef SYSLOGCONFIG *			SYSLOGCONFIGP;
+typedef PATTERN *				PATTERNP;
 typedef list<SYSLOGCONFIGP> 	syslogconfig_list;
-enum parser_style {cisco, ssh};
+typedef list<IPPAIR>			ippair_list;
+typedef list<PATTERNP>			pattern_list;
 const int buflen = 1024;
 
 class SYSLOGCONFIG {
 	char *			file_name;	// name of the syslog file
-	parser_style	parser;
+	pattern_list	patterns;	// owns the patterns
 	int 			fd;
 	int 			len;		// bytes in the buffer
 	char			buf[buflen];
 public:
-	SYSLOGCONFIG(TOKEN &tok, char *file_name_, parser_style parser_);
+	SYSLOGCONFIG(TOKEN &tok, char *file_name_);
 	~SYSLOGCONFIG();
+	void	add_pattern(PATTERNP pat);
+	bool	failed()	{ return (fd == -1); };
+	bool	read(CONFIG &con);
+	void	process(CONFIG &con);
 	void	dump(int level);
-	bool	failed()	{ return (fd == -1); };
-	void	read();
-	void	process();
 };
 
-struct CONFIG {
+class CONFIG {
+public:
 	// the only mutable stuff once it has been loaded from the config file
 	int 				reference_count;	// protected by the global config_mutex
 	// all the rest is constant after loading from the config file
 	int 				generation;
 	time_t				load_time;
 	string_set			config_files;
-	syslogconfig_list	syslogconfigs;		 // owns all the syslogconfigs, not just top level syslogconfigs
+	int 				threshold;
+	ippair_list 		ignore; 			// owns all the ippairs
+	syslogconfig_list	syslogconfigs;		// owns all the syslogconfigs
 
 	CONFIG();
 	~CONFIG();
+	void	set_threshold(int threshold_)	{ threshold = threshold_; };
+	int 	get_threshold() 				{ return threshold; 	  };
 	void	add_syslogconfig(SYSLOGCONFIGP con);
+	void	add_pair(IPPAIR pair);
 	void	dump();
 	void	read();
+	void	sleep(int duration);
+	bool	looking(int ip);
 };
 
 void discard(string_set &s);
 char* register_string(string_set &s, char *name);
 char* register_string(char *name);
-CONFIG *parse_config(char *fn);
+int   ip_address(char *have);
 bool  load_conf(CONFIG &dc, char *fn);
 void  token_init();
 
-extern char *token_cisco;
+extern char *token_bucket;
 extern char *token_file;
+extern char *token_ignore;
 extern char *token_include;
+extern char *token_index;
 extern char *token_lbrace;
-extern char *token_parser;
+extern char *token_pattern;
 extern char *token_rbrace;
 extern char *token_semi;
-extern char *token_ssh;
+extern char *token_slash;
+extern char *token_threshold;
 
 #endif