# HG changeset patch # User carl # Date 1132857069 28800 # Node ID 6e88da080f08d216a70856f41873681c4204a0a4 # Parent 551433a01cab4bc10167b55a340b6838c20c5472 initial coding diff -r 551433a01cab -r 6e88da080f08 src/syslog2iptables.cpp --- a/src/syslog2iptables.cpp Wed Nov 23 19:29:14 2005 -0800 +++ b/src/syslog2iptables.cpp Thu Nov 24 10:31:09 2005 -0800 @@ -36,6 +36,9 @@ #include /* header for signal functions */ #include "includes.h" +extern "C" { + void sig_chld(int signo); +} int debug_syslog = 0; bool syslog_opened = false; bool use_syslog = true; // false to printf @@ -196,6 +199,10 @@ CONFIG *conf = new_conf(); if (conf) { conf->dump(); + for (int i=0; i<30; i++) { + conf->read(); + sleep(1); + } delete conf; return 0; } @@ -242,6 +249,16 @@ exit(1); } + // setup sigchld handler to prevent zombies + struct sigaction act; + act.sa_handler = sig_chld; // Assign sig_chld as our SIGCHLD handler + sigemptyset(&act.sa_mask); // We don't want to block any other signals in this example + act.sa_flags = SA_NOCLDSTOP; // only want children that have terminated + if (sigaction(SIGCHLD, &act, NULL) < 0) { + my_syslog("failed to setup SIGCHLD handler"); + exit(1); + } + // only create threads after the fork() in daemon pthread_t tid; if (pthread_create(&tid, 0, config_loader, 0)) diff -r 551433a01cab -r 6e88da080f08 src/syslogconfig.cpp --- a/src/syslogconfig.cpp Wed Nov 23 19:29:14 2005 -0800 +++ b/src/syslogconfig.cpp Thu Nov 24 10:31:09 2005 -0800 @@ -19,6 +19,7 @@ ***************************************************************************/ #include "includes.h" +#include static char* syslogconfig_version="$Id$"; @@ -63,13 +64,58 @@ } -SYSLOGCONFIG::SYSLOGCONFIG(char *file_name_, parser_style parser_) { +void CONFIG::read() { + for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) { + SYSLOGCONFIGP c = *i; + c->read(); + } +} + + +SYSLOGCONFIG::SYSLOGCONFIG(TOKEN &tok, char *file_name_, parser_style parser_) { file_name = file_name_; parser = parser_; + fd = open(file_name, O_RDONLY); + len = 0; + if (fd == -1) { + char buf[maxlen]; + snprintf(buf, sizeof(buf), "syslog file %s not readable", file_name); + tok.token_error(buf); + } + else { + lseek(fd, 0, SEEK_END); + } } SYSLOGCONFIG::~SYSLOGCONFIG() { + if (fd != -1) close(fd); + fd = -1; +} + + +void SYSLOGCONFIG::read() { + if (failed()) return; + int n = ::read(fd, buf, buflen-len); + if (n > 0) { + len += n; + while (true) { + char *p = (char*)memchr(buf, '\n', len); + if (!p) break; + n = p-buf; + *p = '\0'; + process(); // process null terminated string + len -= n+1; + memmove(buf, p+1, len); + } + // no in a full buffer + if (len == buflen) len = 0; + } +} + + +void SYSLOGCONFIG::process() { + my_syslog(buf); } @@ -162,7 +208,11 @@ } } if (!tsa(tok, token_semi)) return false; - SYSLOGCONFIGP con = new SYSLOGCONFIG(name, parser); + SYSLOGCONFIGP con = new SYSLOGCONFIG(tok, name, parser); + if (con->failed()) { + delete con; + return false; + } dc.add_syslogconfig(con); return true; } diff -r 551433a01cab -r 6e88da080f08 src/syslogconfig.h --- a/src/syslogconfig.h Wed Nov 23 19:29:14 2005 -0800 +++ b/src/syslogconfig.h Thu Nov 24 10:31:09 2005 -0800 @@ -30,14 +30,21 @@ typedef SYSLOGCONFIG * SYSLOGCONFIGP; typedef list syslogconfig_list; enum parser_style {cisco, ssh}; +const int buflen = 1024; class SYSLOGCONFIG { char * file_name; // name of the syslog file parser_style parser; + int fd; + int len; // bytes in the buffer + char buf[buflen]; public: - SYSLOGCONFIG(char *file_name_, parser_style parser_); + SYSLOGCONFIG(TOKEN &tok, char *file_name_, parser_style parser_); ~SYSLOGCONFIG(); void dump(int level); + bool failed() { return (fd == -1); }; + void read(); + void process(); }; struct CONFIG { @@ -53,6 +60,7 @@ ~CONFIG(); void add_syslogconfig(SYSLOGCONFIGP con); void dump(); + void read(); }; void discard(string_set &s);