changeset 48:ba0259c9e411 stable-1-0-11

Fixes to compile on Fedora 9 and for const correctness
author Carl Byington <carl@five-ten-sg.com>
date Thu, 29 May 2008 11:38:42 -0700
parents a4861687fbd1
children 546fe911f7a6
files ChangeLog Doxyfile NEWS configure.in src/includes.h src/syslog2iptables.cpp src/syslog2iptables.h src/syslogconfig.cpp src/syslogconfig.h src/tokenizer.cpp src/tokenizer.h syslog2iptables.spec.in
diffstat 12 files changed, 634 insertions(+), 898 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Sat Mar 22 11:34:56 2008 -0700
+++ b/ChangeLog	Thu May 29 11:38:42 2008 -0700
@@ -1,3 +1,6 @@
+1.11 2008-05-29
+     Fixes to compile on Fedora 9 and for const correctness.
+
 1.10 2008-03-22
     Add fixes for Solaris from sm-archive.
 
--- a/Doxyfile	Sat Mar 22 11:34:56 2008 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,266 +0,0 @@
-# Doxyfile 1.3.7-KDevelop
-
-#---------------------------------------------------------------------------
-# Project related configuration options
-#---------------------------------------------------------------------------
-PROJECT_NAME           = syslog2iptables.kdevelop
-PROJECT_NUMBER         = 0.1
-OUTPUT_DIRECTORY       = 
-CREATE_SUBDIRS         = NO
-OUTPUT_LANGUAGE        = English
-USE_WINDOWS_ENCODING   = NO
-BRIEF_MEMBER_DESC      = YES
-REPEAT_BRIEF           = YES
-ABBREVIATE_BRIEF       = "The $name class" \
-                         "The $name widget" \
-                         "The $name file" \
-                         is \
-                         provides \
-                         specifies \
-                         contains \
-                         represents \
-                         a \
-                         an \
-                         the
-ALWAYS_DETAILED_SEC    = NO
-INLINE_INHERITED_MEMB  = NO
-FULL_PATH_NAMES        = YES
-STRIP_FROM_PATH        = /
-STRIP_FROM_INC_PATH    = 
-SHORT_NAMES            = NO
-JAVADOC_AUTOBRIEF      = NO
-MULTILINE_CPP_IS_BRIEF = NO
-DETAILS_AT_TOP         = NO
-INHERIT_DOCS           = YES
-DISTRIBUTE_GROUP_DOC   = NO
-TAB_SIZE               = 8
-ALIASES                = 
-OPTIMIZE_OUTPUT_FOR_C  = NO
-OPTIMIZE_OUTPUT_JAVA   = NO
-SUBGROUPING            = YES
-#---------------------------------------------------------------------------
-# Build related configuration options
-#---------------------------------------------------------------------------
-EXTRACT_ALL            = NO
-EXTRACT_PRIVATE        = NO
-EXTRACT_STATIC         = NO
-EXTRACT_LOCAL_CLASSES  = YES
-EXTRACT_LOCAL_METHODS  = NO
-HIDE_UNDOC_MEMBERS     = NO
-HIDE_UNDOC_CLASSES     = NO
-HIDE_FRIEND_COMPOUNDS  = NO
-HIDE_IN_BODY_DOCS      = NO
-INTERNAL_DOCS          = NO
-CASE_SENSE_NAMES       = YES
-HIDE_SCOPE_NAMES       = NO
-SHOW_INCLUDE_FILES     = YES
-INLINE_INFO            = YES
-SORT_MEMBER_DOCS       = YES
-SORT_BRIEF_DOCS        = NO
-SORT_BY_SCOPE_NAME     = NO
-GENERATE_TODOLIST      = YES
-GENERATE_TESTLIST      = YES
-GENERATE_BUGLIST       = YES
-GENERATE_DEPRECATEDLIST= YES
-ENABLED_SECTIONS       = 
-MAX_INITIALIZER_LINES  = 30
-SHOW_USED_FILES        = YES
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-QUIET                  = NO
-WARNINGS               = YES
-WARN_IF_UNDOCUMENTED   = YES
-WARN_IF_DOC_ERROR      = YES
-WARN_FORMAT            = "$file:$line: $text"
-WARN_LOGFILE           = 
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-INPUT                  = /usr/usr/cvs/gpl/syslog2iptables
-FILE_PATTERNS          = *.c \
-                         *.cc \
-                         *.cxx \
-                         *.cpp \
-                         *.c++ \
-                         *.java \
-                         *.ii \
-                         *.ixx \
-                         *.ipp \
-                         *.i++ \
-                         *.inl \
-                         *.h \
-                         *.hh \
-                         *.hxx \
-                         *.hpp \
-                         *.h++ \
-                         *.idl \
-                         *.odl \
-                         *.cs \
-                         *.php \
-                         *.php3 \
-                         *.inc \
-                         *.m \
-                         *.mm \
-                         *.C \
-                         *.CC \
-                         *.C++ \
-                         *.II \
-                         *.I++ \
-                         *.H \
-                         *.HH \
-                         *.H++ \
-                         *.CS \
-                         *.PHP \
-                         *.PHP3 \
-                         *.M \
-                         *.MM \
-                         *.C \
-                         *.H \
-                         *.tlh \
-                         *.diff \
-                         *.patch \
-                         *.moc \
-                         *.xpm \
-                         *.dox
-RECURSIVE              = YES
-EXCLUDE                = 
-EXCLUDE_SYMLINKS       = NO
-EXCLUDE_PATTERNS       = 
-EXAMPLE_PATH           = 
-EXAMPLE_PATTERNS       = *
-EXAMPLE_RECURSIVE      = NO
-IMAGE_PATH             = 
-INPUT_FILTER           = 
-FILTER_SOURCE_FILES    = NO
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-SOURCE_BROWSER         = NO
-INLINE_SOURCES         = NO
-STRIP_CODE_COMMENTS    = YES
-REFERENCED_BY_RELATION = YES
-REFERENCES_RELATION    = YES
-VERBATIM_HEADERS       = YES
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-ALPHABETICAL_INDEX     = NO
-COLS_IN_ALPHA_INDEX    = 5
-IGNORE_PREFIX          = 
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-GENERATE_HTML          = YES
-HTML_OUTPUT            = html
-HTML_FILE_EXTENSION    = .html
-HTML_HEADER            = 
-HTML_FOOTER            = 
-HTML_STYLESHEET        = 
-HTML_ALIGN_MEMBERS     = YES
-GENERATE_HTMLHELP      = NO
-CHM_FILE               = 
-HHC_LOCATION           = 
-GENERATE_CHI           = NO
-BINARY_TOC             = NO
-TOC_EXPAND             = NO
-DISABLE_INDEX          = NO
-ENUM_VALUES_PER_LINE   = 4
-GENERATE_TREEVIEW      = NO
-TREEVIEW_WIDTH         = 250
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-GENERATE_LATEX         = YES
-LATEX_OUTPUT           = latex
-LATEX_CMD_NAME         = latex
-MAKEINDEX_CMD_NAME     = makeindex
-COMPACT_LATEX          = NO
-PAPER_TYPE             = a4wide
-EXTRA_PACKAGES         = 
-LATEX_HEADER           = 
-PDF_HYPERLINKS         = NO
-USE_PDFLATEX           = NO
-LATEX_BATCHMODE        = NO
-LATEX_HIDE_INDICES     = NO
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-GENERATE_RTF           = NO
-RTF_OUTPUT             = rtf
-COMPACT_RTF            = NO
-RTF_HYPERLINKS         = NO
-RTF_STYLESHEET_FILE    = 
-RTF_EXTENSIONS_FILE    = 
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-GENERATE_MAN           = YES
-MAN_OUTPUT             = man
-MAN_EXTENSION          = .3
-MAN_LINKS              = YES
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-GENERATE_XML           = YES
-XML_OUTPUT             = xml
-XML_SCHEMA             = 
-XML_DTD                = 
-XML_PROGRAMLISTING     = YES
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-GENERATE_AUTOGEN_DEF   = NO
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-GENERATE_PERLMOD       = NO
-PERLMOD_LATEX          = NO
-PERLMOD_PRETTY         = YES
-PERLMOD_MAKEVAR_PREFIX = 
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor   
-#---------------------------------------------------------------------------
-ENABLE_PREPROCESSING   = YES
-MACRO_EXPANSION        = NO
-EXPAND_ONLY_PREDEF     = NO
-SEARCH_INCLUDES        = YES
-INCLUDE_PATH           = 
-INCLUDE_FILE_PATTERNS  = 
-PREDEFINED             = 
-EXPAND_AS_DEFINED      = 
-SKIP_FUNCTION_MACROS   = YES
-#---------------------------------------------------------------------------
-# Configuration::additions related to external references   
-#---------------------------------------------------------------------------
-TAGFILES               = 
-GENERATE_TAGFILE       = syslog2iptables.tag
-ALLEXTERNALS           = NO
-EXTERNAL_GROUPS        = YES
-PERL_PATH              = /usr/bin/perl
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool   
-#---------------------------------------------------------------------------
-CLASS_DIAGRAMS         = YES
-HIDE_UNDOC_RELATIONS   = YES
-HAVE_DOT               = NO
-CLASS_GRAPH            = YES
-COLLABORATION_GRAPH    = YES
-UML_LOOK               = NO
-TEMPLATE_RELATIONS     = NO
-INCLUDE_GRAPH          = YES
-INCLUDED_BY_GRAPH      = YES
-CALL_GRAPH             = NO
-GRAPHICAL_HIERARCHY    = YES
-DOT_IMAGE_FORMAT       = png
-DOT_PATH               = 
-DOTFILE_DIRS           = 
-MAX_DOT_GRAPH_WIDTH    = 1024
-MAX_DOT_GRAPH_HEIGHT   = 1024
-MAX_DOT_GRAPH_DEPTH    = 1000
-GENERATE_LEGEND        = YES
-DOT_CLEANUP            = YES
-#---------------------------------------------------------------------------
-# Configuration::additions related to the search engine   
-#---------------------------------------------------------------------------
-SEARCHENGINE           = NO
--- a/NEWS	Sat Mar 22 11:34:56 2008 -0700
+++ b/NEWS	Thu May 29 11:38:42 2008 -0700
@@ -1,3 +1,4 @@
+1.11 2008-05-29 Fixes to compile on Fedora 9 and for const correctness.
 1.10 2008-03-22 Add fixes for Solaris from sm-archive.
 1.9 2008-03-21 Add default config for bounce floods; fedora packaging
 1.8 2007-11-08 Allow shutdown to remove the iptables entries that we added.
--- a/configure.in	Sat Mar 22 11:34:56 2008 -0700
+++ b/configure.in	Thu May 29 11:38:42 2008 -0700
@@ -1,6 +1,6 @@
 
 AC_PREREQ(2.59)
-AC_INIT(syslog2iptables,1.10,carl@five-ten-sg.com)
+AC_INIT(syslog2iptables,1.11,carl@five-ten-sg.com)
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADER([config.h])
 
--- a/src/includes.h	Sat Mar 22 11:34:56 2008 -0700
+++ b/src/includes.h	Thu May 29 11:38:42 2008 -0700
@@ -1,22 +1,10 @@
-/***************************************************************************
- *	 Copyright (C) 2005 by 510 Software Group							   *
- *																		   *
- *																		   *
- *	 This program is free software; you can redistribute it and/or modify  *
- *	 it under the terms of the GNU General Public License as published by  *
- *	 the Free Software Foundation; either version 2 of the License, or	   *
- *	 (at your option) any later version.								   *
- *																		   *
- *	 This program is distributed in the hope that it will be useful,	   *
- *	 but WITHOUT ANY WARRANTY; without even the implied warranty of 	   *
- *	 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the		   *
- *	 GNU General Public License for more details.						   *
- *																		   *
- *	 You should have received a copy of the GNU General Public License	   *
- *	 along with this program; if not, write to the						   *
- *	 Free Software Foundation, Inc.,									   *
- *	 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.			   *
- ***************************************************************************/
+/*
+
+Copyright (c) 2007 Carl Byington - 510 Software Group, released under
+the GPL version 3 or any later version at your choice available at
+http://www.gnu.org/licenses/gpl-3.0.txt
+
+*/
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -32,6 +20,8 @@
 #include <list>
 #include <set>
 #include <ctype.h>
+#include <string.h>
+#include <stdlib.h>
 
 #include "tokenizer.h"
 #include "syslogconfig.h"
--- a/src/syslog2iptables.cpp	Sat Mar 22 11:34:56 2008 -0700
+++ b/src/syslog2iptables.cpp	Thu May 29 11:38:42 2008 -0700
@@ -47,7 +47,7 @@
 ////////////////////////////////////////////////
 // syslog a message
 //
-void my_syslog(char *text) {
+void my_syslog(const char *text) {
     if (use_syslog) {
         pthread_mutex_lock(&syslog_mutex);
             if (!syslog_opened) {
@@ -99,8 +99,8 @@
         time_t then = dc.load_time;
         struct stat st;
         bool reload = false;
-        for (string_set::iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
-            char *fn = *i;
+        for (string_set::const_iterator i=dc.config_files.begin(); i!=dc.config_files.end(); i++) {
+            const char *fn = *i;
             if (stat(fn, &st))           reload = true; // file disappeared
             else if (st.st_mtime > then) reload = true; // file modified
             if (reload) break;
--- a/src/syslog2iptables.h	Sat Mar 22 11:34:56 2008 -0700
+++ b/src/syslog2iptables.h	Thu May 29 11:38:42 2008 -0700
@@ -6,5 +6,5 @@
 
 */
 
-void my_syslog(char *text);
+void my_syslog(const char *text);
 extern int debug_syslog;
--- a/src/syslogconfig.cpp	Sat Mar 22 11:34:56 2008 -0700
+++ b/src/syslogconfig.cpp	Thu May 29 11:38:42 2008 -0700
@@ -14,20 +14,20 @@
 #include <netdb.h>
 #include <limits.h>
 
-char *token_add;
-char *token_bucket;
-char *token_file;
-char *token_ignore;
-char *token_include;
-char *token_index;
-char *token_lbrace;
-char *token_message;
-char *token_pattern;
-char *token_rbrace;
-char *token_remove;
-char *token_semi;
-char *token_slash;
-char *token_threshold;
+const char *token_add;
+const char *token_bucket;
+const char *token_file;
+const char *token_ignore;
+const char *token_include;
+const char *token_index;
+const char *token_lbrace;
+const char *token_message;
+const char *token_pattern;
+const char *token_rbrace;
+const char *token_remove;
+const char *token_semi;
+const char *token_slash;
+const char *token_threshold;
 
 struct ltint
 {
@@ -49,10 +49,10 @@
 class IPR {
     ip_buckets  violations;
 public:
-    void add(int ip, int amount, CONFIG &con, char *file_name, int pattern_index, char *message);
+    void add(int ip, int amount, CONFIG &con, const char *file_name, int pattern_index, const char *message);
     void leak(int amount, CONFIG &con);
     void free_all(CONFIG &con);
-    void update(int ip, bool added, char *file_name, int pattern_index, char *message);
+    void update(int ip, bool added, const char *file_name, int pattern_index, const char *message);
     void changed(CONFIG &con, int ip, bool added);
 };
 
@@ -61,7 +61,7 @@
 
 ////////////////////////////////////////////////
 //
-void IPR::add(int ip, int amount, CONFIG &con, char *file_name, int pattern_index, char *message) {
+void IPR::add(int ip, int amount, CONFIG &con, const char *file_name, int pattern_index, const char *message) {
     if (con.looking(ip)) {
         ip_buckets::iterator i = violations.find(ip);
         if (i == violations.end()) {
@@ -126,7 +126,7 @@
 }
 
 
-void IPR::update(int ip, bool added, char *file_name, int pattern_index, char *message) {
+void IPR::update(int ip, bool added, const char *file_name, int pattern_index, const char *message) {
     if (debug_syslog > 2) {
         char buf[maxlen];
         in_addr ad;
@@ -164,8 +164,8 @@
 
 ////////////////////////////////////////////////
 //
-int ip_address(char *have);
-int ip_address(char *have) {
+int ip_address(const char *have);
+int ip_address(const char *have) {
     int ipaddr = 0;
     in_addr ip;
     if (inet_aton(have, &ip)) ipaddr = ip.s_addr;
@@ -179,7 +179,7 @@
 
 ////////////////////////////////////////////////
 //
-PATTERN::PATTERN(TOKEN &tok, char *pattern_, int index_, int amount_, char *msg_) {
+PATTERN::PATTERN(TOKEN &tok, const char *pattern_, int index_, int amount_, const char *msg_) {
     pattern = pattern_;
     index   = index_;
     amount  = amount_;
@@ -203,7 +203,7 @@
 }
 
 
-bool PATTERN::process(char *buf, CONFIG &con, char *file_name, int pattern_index) {
+bool PATTERN::process(char *buf, CONFIG &con, const char *file_name, int pattern_index) {
     if (pattern) {
         const int nmatch = index+1;
         regmatch_t match[nmatch];
@@ -327,7 +327,7 @@
 
 ////////////////////////////////////////////////
 //
-SYSLOGCONFIG::SYSLOGCONFIG(TOKEN &tok, char *file_name_) {
+SYSLOGCONFIG::SYSLOGCONFIG(TOKEN &tok, const char *file_name_) {
     tokp      = &tok;
     file_name = file_name_;
     open(true);
@@ -358,7 +358,7 @@
             snprintf(buf, sizeof(buf), "syslog file %s opened", file_name);
             my_syslog(buf);
         }
-        lseek(fd, 0, SEEK_END);
+        if (msg) lseek(fd, 0, SEEK_END);
         if (fstat(fd, &openfdstat)) {
             close();
             snprintf(buf, sizeof(buf), "syslog file %s cannot stat after open", file_name);
@@ -443,7 +443,6 @@
     int i = min(maxlen-1, level*4);
     memset(indent, ' ', i);
     indent[i] = '\0';
-    char buf[maxlen];
     printf("%s file \"%s\" {\n", indent, file_name);
     for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) {
         PATTERN *p = *i;
@@ -458,7 +457,7 @@
 //
 void discard(string_set &s) {
     for (string_set::iterator i=s.begin(); i!=s.end(); i++) {
-        free(*i);
+        free((void*)*i);
     }
     s.clear();
 }
@@ -467,8 +466,8 @@
 ////////////////////////////////////////////////
 // helper to register a string in a string set
 //
-char* register_string(string_set &s, char *name) {
-    string_set::iterator i = s.find(name);
+const char* register_string(string_set &s, const char *name) {
+    string_set::const_iterator i = s.find(name);
     if (i != s.end()) return *i;
     char *x = strdup(name);
     s.insert(x);
@@ -479,7 +478,7 @@
 ////////////////////////////////////////////////
 // register a global string
 //
-char* register_string(char *name) {
+const char* register_string(const char *name) {
     return register_string(all_strings, name);
 }
 
@@ -494,9 +493,9 @@
 
 ////////////////////////////////////////////////
 //
-bool tsa(TOKEN &tok, char *token);
-bool tsa(TOKEN &tok, char *token) {
-    char *have = tok.next();
+bool tsa(TOKEN &tok, const char *token);
+bool tsa(TOKEN &tok, const char *token) {
+    const char *have = tok.next();
     if (have == token) return true;
     tok.token_error(token, have);
     return false;
@@ -507,12 +506,13 @@
 //
 bool parse_pattern(TOKEN &tok, SYSLOGCONFIG &con);
 bool parse_pattern(TOKEN &tok, SYSLOGCONFIG &con) {
-    char *pat = tok.next();
-    int  ind, buc;
-    char *msg = NULL;
+    const char *pat = tok.next();
+    int  ind = 0;
+    int  buc = 0;
+    const char *msg = NULL;
     if (!tsa(tok, token_lbrace)) return false;
     while (true) {
-        char *have = tok.next();
+        const char *have = tok.next();
         if (!have) break;
         if (have == token_rbrace) break;
         if (have == token_index) {
@@ -547,7 +547,7 @@
 bool parse_ignore(TOKEN &tok, CONFIG &dc) {
     if (!tsa(tok, token_lbrace)) return false;
     while (true) {
-        char *have = tok.next();
+        const char *have = tok.next();
         if (!have) break;
         if (have == token_rbrace) break;
         int ipaddr = ip_address(have);
@@ -611,7 +611,7 @@
 //
 bool parse_syslogconfig(TOKEN &tok, CONFIG &dc);
 bool parse_syslogconfig(TOKEN &tok, CONFIG &dc) {
-    char *name = tok.next();
+    const char *name = tok.next();
     if (!tsa(tok, token_lbrace)) return false;
     SYSLOGCONFIGP con = new SYSLOGCONFIG(tok, name);
     if (con->failed()) {
@@ -620,7 +620,7 @@
     }
     dc.add_syslogconfig(con);
     while (true) {
-        char *have = tok.next();
+        const char *have = tok.next();
         if (!have) break;
         if (have == token_rbrace) break;
         if (have == token_pattern) {
@@ -639,11 +639,11 @@
 ////////////////////////////////////////////////
 // parse a config file
 //
-bool load_conf(CONFIG &dc, char *fn) {
+bool load_conf(CONFIG &dc, const char *fn) {
     int count = 0;
     TOKEN tok(fn, &dc.config_files);
     while (true) {
-        char *have = tok.next();
+        const char *have = tok.next();
         if (!have) break;
         if (have == token_threshold) {
             have = tok.next();
--- a/src/syslogconfig.h	Sat Mar 22 11:34:56 2008 -0700
+++ b/src/syslogconfig.h	Thu May 29 11:38:42 2008 -0700
@@ -17,15 +17,15 @@
 };
 
 class PATTERN {
-	char *			pattern;	// owned by the string table
+    const char *    pattern;    // owned by the string table
 	regex_t 		re;
 	int 			index;		// zero based substring of the regex match that contains the ip address or hostname
 	int 			amount; 	// count to add to the ip address leaky bucket
-	char *			message;	// for logging, owned by the string table
+    const char *    message;    // for logging, owned by the string table
 public:
 	~PATTERN();
-	PATTERN(TOKEN &tok, char *pattern_, int index_, int amount_, char *msg_);
-	bool	process(char *buf, CONFIG &con, char *file_name, int pattern_index);
+    PATTERN(TOKEN &tok, const char *pattern_, int index_, int amount_, const char *msg_);
+    bool    process(char *buf, CONFIG &con, const char *file_name, int pattern_index);
 	void	dump(int level);
 };
 
@@ -38,14 +38,14 @@
 
 class SYSLOGCONFIG {
 	TOKEN * 		tokp;
-	char *			file_name;	// name of the syslog file
+    const char *    file_name;  // name of the syslog file
 	pattern_list	patterns;	// owns the patterns
 	int 			fd;
 	struct stat 	openfdstat;
 	int 			len;		// bytes in the buffer
 	char			buf[buflen];
 public:
-	SYSLOGCONFIG(TOKEN &tok, char *file_name_);
+    SYSLOGCONFIG(TOKEN &tok, const char *file_name_);
 	~SYSLOGCONFIG();
 	bool	failed()	{ return (fd == -1); };
 	void	open(bool msg);
@@ -66,14 +66,14 @@
 	string_set			config_files;
 	int 				threshold;
 	ippair_list 		ignore; 			// owns all the ippairs
-	char *				add_command;		// owned by the string table
-	char *				remove_command; 	// ""
+    const char *        add_command;        // owned by the string table
+    const char *        remove_command;     // ""
 	syslogconfig_list	syslogconfigs;		// owns all the syslogconfigs
 
 	CONFIG();
 	~CONFIG();
-	void	set_add(char *add)				{ add_command	 = add; 	   };
-	void	set_remove(char *remove)		{ remove_command = remove;	   };
+    void    set_add(const char *add)        { add_command    = add;        };
+    void    set_remove(const char *remove)  { remove_command = remove;     };
 	void	set_threshold(int threshold_)	{ threshold 	 = threshold_; };
 	int 	get_threshold() 				{ return threshold; 		   };
 	void	add_syslogconfig(SYSLOGCONFIGP con);
@@ -86,24 +86,24 @@
 };
 
 void discard(string_set &s);
-char* register_string(string_set &s, char *name);
-char* register_string(char *name);
+const char* register_string(string_set &s, const char *name);
+const char* register_string(const char *name);
 void  clear_strings();
-int   ip_address(char *have);
-bool  load_conf(CONFIG &dc, char *fn);
+int         ip_address(const char *have);
+bool        load_conf(CONFIG &dc, const char *fn);
 void  token_init();
 
-extern char *token_add;
-extern char *token_bucket;
-extern char *token_file;
-extern char *token_ignore;
-extern char *token_include;
-extern char *token_index;
-extern char *token_lbrace;
-extern char *token_pattern;
-extern char *token_rbrace;
-extern char *token_remove;
-extern char *token_semi;
-extern char *token_slash;
-extern char *token_threshold;
+extern const char *token_add;
+extern const char *token_bucket;
+extern const char *token_file;
+extern const char *token_ignore;
+extern const char *token_include;
+extern const char *token_index;
+extern const char *token_lbrace;
+extern const char *token_pattern;
+extern const char *token_rbrace;
+extern const char *token_remove;
+extern const char *token_semi;
+extern const char *token_slash;
+extern const char *token_threshold;
 
--- a/src/tokenizer.cpp	Sat Mar 22 11:34:56 2008 -0700
+++ b/src/tokenizer.cpp	Thu May 29 11:38:42 2008 -0700
@@ -6,6 +6,11 @@
 
 */
 
+// This version of the tokenizer does not force the config to lower
+// case, to avoid lowercasing the iptables commands, which need some
+// uppercase arguments. It also considers / to be a separate token
+// since that is needed for the cidr style ignore statement.
+
 #include "includes.h"
 
 const int maxlen = 1000;	// used for snprintf buffers
@@ -287,7 +292,7 @@
 };
 
 
-TOKEN::TOKEN(char *fn, string_set *includes) {
+TOKEN::TOKEN(const char *fn, string_set *includes) {
 	pushed = false;
 	include_files = includes;
 	include(fn);
@@ -301,7 +306,7 @@
 
 void TOKEN::pop() {
 	ifstream *is = streams.front();
-	char *fn = filenames.front();
+    const char *fn = filenames.front();
 	streams.pop_front();
 	filenamess.erase(fn);
 	if (filenames.size() > 1)	filenames.pop_front();
@@ -319,7 +324,6 @@
 
 bool TOKEN::next_char(u_char &uc) {
 	if (pushed) {
-		//uc = (u_char)tolower((char)pushed_char);
 		uc = pushed_char;
 		pushed = false;
 		return true;
@@ -335,12 +339,11 @@
 		int &line = linenumbers.front();
 		line++;
 	}
-	//uc = (u_char)tolower((char)uc);
 	return true;
 }
 
 
-bool TOKEN::include(char *fn) {
+bool TOKEN::include(const char *fn) {
 	string_set::iterator i = filenamess.find(fn);
 	if (i != filenamess.end()) {
 		token_error("redundant or recursive include file detected");
@@ -364,15 +367,15 @@
 }
 
 
-char *TOKEN::next() {
+const char *TOKEN::next() {
 	if (!pending_tokens.empty()) {
-		char *t = pending_tokens.front();
+        const char *t = pending_tokens.front();
 		pending_tokens.pop_front();
 		return t;
 	}
 	if (streams.empty()) return NULL;
 	const int PENDING_LIMIT = 1000;
-	static u_char buffer[PENDING_LIMIT];
+    u_char buffer[PENDING_LIMIT];
 	int count = 0;
 	state st = s_init;
 	while (true) {
@@ -438,7 +441,7 @@
 
 			default: {
 				token_error();
-				token_error("unknown state %d %s \n", st, " ");
+                token_error("unknown state %d %s", st, " ");
 			} break;
 		}
 		if (st == s_init) break;
@@ -446,10 +449,10 @@
 
 	buffer[count] = '\0';
 	if (count == 0) return NULL;
-	char *t = register_string((char*)buffer);
+    const char *t = register_string((char*)buffer);
 	if (t == token_include) {
-		char *f = next();	// should be file name
-		char *s = next();	// should be semicolon
+        const char *f = next();   // should be file name
+        const char *s = next();   // should be semicolon
 		if (s == token_semi) {
 			include(f);
 			return next();
@@ -465,7 +468,7 @@
 
 
 int TOKEN::nextint() {
-	char *t = next();
+    const char *t = next();
 	char *e;
 	long i = strtol(t, &e, 10);
 	if (*e != '\0') {
@@ -517,10 +520,10 @@
 void TOKEN::token_error() {
 	token_error("syntax error at line %d in file %s -- ", cur_line(), cur_fn());
 	line_list::iterator   j = linenumbers.begin();
-	string_list::iterator i = filenames.begin();
+    string_list::const_iterator i = filenames.begin();
 	for (; i!=filenames.end(); i++,j++) {
 		if (i != filenames.begin()) {
-			char *fn = (*i);
+            const char *fn = (*i);
 			int   li = (*j);
 			token_error("    included from line %d in file %s -- ", li, fn);
 		}
--- a/src/tokenizer.h	Sat Mar 22 11:34:56 2008 -0700
+++ b/src/tokenizer.h	Thu May 29 11:38:42 2008 -0700
@@ -10,14 +10,14 @@
 using namespace std;
 
 struct ltstr {
-	bool operator()(char* s1, char* s2) const {
+    bool operator()(const char* s1, const char* s2) const {
 		return strcmp(s1, s2) < 0;
 	}
 };
 
 typedef list<ifstream *>	stream_list;
-typedef list<char *>		string_list;
-typedef set<char *, ltstr>	string_set;
+typedef list<const char *>          string_list;
+typedef set<const char *, ltstr>    string_set;
 typedef list<int>			line_list;
 
 class TOKEN {
@@ -35,13 +35,13 @@
 	void push_char(u_char c);
 
 public:
-	TOKEN(char *fn, string_set *includes);
+    TOKEN(const char *fn, string_set *includes);
 	~TOKEN();
-	bool		include(char *fn);
-	char		*next();			// return next token
+    bool        include(const char *fn);
+    const char  *next();            // return next token
 	int 		nextint();
 	void		skipeol();			// skip to eol
-	void		push(char *token)			{pending_tokens.push_front(token);};
+    void        push(const char *token) {pending_tokens.push_front(token);};
 	const char	*cur_fn()					{return filenames.empty()	? "" : filenames.front();};
 	int 		cur_line()					{return linenumbers.empty() ? 0  : linenumbers.front();};
 	void		token_error(const char *err);
--- a/syslog2iptables.spec.in	Sat Mar 22 11:34:56 2008 -0700
+++ b/syslog2iptables.spec.in	Thu May 29 11:38:42 2008 -0700
@@ -69,6 +69,12 @@
 
 
 %changelog
+* Thu May 29 2008 Carl Byington <carl@five-ten-sg.com> - 1.11-1
+- Fix to compile on Fedora 9 and for const correctness.
+
+* Sat Mar 22 2008 Carl Byington <carl@five-ten-sg.com> - 1.10
+- Fix to compile on Solaris.
+
 * Fri Mar 21 2008 Carl Byington <carl@five-ten-sg.com> - 1.9
 - changes for Fedora packaging guidelines