Mercurial > syslog2iptables
view src/syslogconfig.h @ 61:d80641be405b stable-1-0-15
add script to build syslog2iptables.conf
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Sat, 04 Oct 2014 10:01:32 -0700 |
parents | b45dddebe8fc |
children | 60f59936fabb |
line wrap: on
line source
/* Copyright (c) 2007 Carl Byington - 510 Software Group, released under the GPL version 3 or any later version at your choice available at http://www.gnu.org/licenses/gpl-3.0.txt */ class SYSLOGCONFIG; class CONTEXT; class CONFIG; struct IPPAIR { int first; int last; int cidr; }; class PATTERN { const char * pattern; // owned by the string table regex_t re; int index; // zero based substring of the regex match that contains the ip address or hostname int amount; // count to add to the ip address leaky bucket const char * message; // for logging, owned by the string table public: ~PATTERN(); PATTERN(TOKEN &tok, const char *pattern_, int index_, int amount_, const char *msg_); bool process(char *buf, CONTEXT &con, const char *file_name, int pattern_index); void dump(int level); }; struct ltint { bool operator()(const int s1, const int s2) const { return (unsigned)s1 < (unsigned)s2; } }; struct bucket { int count; bool blocked; // true iff ever count>threshold }; typedef map<int, bucket, ltint> ip_buckets; class IPR { int reference_count; // number of contexts using this recorder int daily_timer; // track daily cycle to reduce repeat offenders penalties ip_buckets violations; ip_buckets repeat_offenders; public: IPR(); int reference(int delta) {reference_count += delta; return reference_count;}; void add(int ip, int amount, CONTEXT &con, const char *file_name, int pattern_index, const char *message); void leak(int amount, CONTEXT &con); void free_all(CONTEXT &con); void update(int ip, bool added, int scale, const char *file_name, int pattern_index, const char *message); void changed(CONTEXT &con, int ip, bool added); static IPR* find(const char* name); static void release(const char* name); }; typedef SYSLOGCONFIG * SYSLOGCONFIGP; typedef PATTERN * PATTERNP; typedef CONTEXT * CONTEXTP; typedef map<const char *, IPR*> recorder_map; typedef list<CONTEXTP> context_list; typedef list<SYSLOGCONFIGP> syslogconfig_list; typedef list<IPPAIR> ippair_list; typedef list<PATTERNP> pattern_list; const int buflen = 1024; class SYSLOGCONFIG { TOKEN * tokp; const char * file_name; // name of the syslog file pattern_list patterns; // owns the patterns int fd; struct stat openfdstat; int len; // bytes in the buffer char buf[buflen]; public: SYSLOGCONFIG(TOKEN &tok, const char *file_name_); ~SYSLOGCONFIG(); bool failed() { return (fd == -1); }; void open(bool msg); bool read(CONTEXT &con); void close(); void add_pattern(PATTERNP pat); void process(CONTEXT &con); void dump(int level); }; class CONTEXT { public: const char * name; // name of this context int threshold; ippair_list ignore; // owns all the ippairs const char * add_command; // owned by the string table const char * remove_command; // "" IPR * recorder; // used to record violations syslogconfig_list syslogconfigs; // owns all the syslogconfigs CONTEXT(const char *nam); ~CONTEXT(); void set_add(const char *add) { add_command = add; }; void set_remove(const char *remove) { remove_command = remove; }; void set_threshold(int threshold_) { threshold = threshold_; }; int get_threshold() { return threshold; }; void add_syslogconfig(SYSLOGCONFIGP con); void add_pair(IPPAIR pair); void dump(); void read(CONFIG &con); void free_all(); void leak(int delta); bool looking(int ip); }; class CONFIG { public: // the only mutable stuff once it has been loaded from the config file int reference_count; // protected by the global config_mutex // all the rest is constant after loading from the config file int generation; time_t load_time; string_set config_files; context_list contexts; CONFIG(); ~CONFIG(); void add_context(CONTEXTP con) {contexts.push_back(con);} ; void dump(); void read(); void sleep(int duration, time_t &previous); void free_all(); }; void discard(string_set &s); const char* register_string(string_set &s, const char *name); const char* register_string(const char *name); void clear_strings(); int ip_address(const char *have); bool load_conf(CONFIG &dc, const char *fn); void token_init(); extern const char *token_add; extern const char *token_bucket; extern const char *token_context; extern const char *token_file; extern const char *token_ignore; extern const char *token_include; extern const char *token_index; extern const char *token_lbrace; extern const char *token_pattern; extern const char *token_rbrace; extern const char *token_remove; extern const char *token_semi; extern const char *token_slash; extern const char *token_threshold;