Mercurial > syslog2iptables
annotate src/syslogconfig.cpp @ 75:ae5e6bcc5017
sendmail auth failure detection for both login and plain methods
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Mon, 24 Dec 2018 08:31:27 -0800 |
parents | 0e736950a117 |
children | c6c8a2102a3e |
rev | line source |
---|---|
36 | 1 /* |
2 | |
3 Copyright (c) 2007 Carl Byington - 510 Software Group, released under | |
4 the GPL version 3 or any later version at your choice available at | |
5 http://www.gnu.org/licenses/gpl-3.0.txt | |
6 | |
7 */ | |
1 | 8 |
9 #include "includes.h" | |
2 | 10 #include <fcntl.h> |
3 | 11 #include <sys/socket.h> |
12 #include <netinet/in.h> | |
13 #include <arpa/inet.h> | |
14 #include <netdb.h> | |
4 | 15 #include <limits.h> |
1 | 16 |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
17 const char *token_add; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
18 const char *token_bucket; |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
19 const char *token_context; |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
20 const char *token_file; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
21 const char *token_ignore; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
22 const char *token_include; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
23 const char *token_index; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
24 const char *token_lbrace; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
25 const char *token_message; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
26 const char *token_pattern; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
27 const char *token_rbrace; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
28 const char *token_remove; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
29 const char *token_semi; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
30 const char *token_slash; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
31 const char *token_threshold; |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
32 string_set all_strings;// owns all the strings, only modified by the config loader thread |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
33 recorder_map recorders; // all the recorders are named |
36 | 34 const int maxlen = 1000; // used for snprintf buffers |
58
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
35 const int scale_max = 500000; |
3 | 36 |
37 | |
38 //////////////////////////////////////////////// | |
39 // | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
40 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
41 IPR::IPR() { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
42 reference_count = 0; |
58
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
43 daily_timer = 86400; |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
44 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
45 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
46 IPR* IPR::find(const char* name) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
47 recorder_map::iterator m = recorders.find(name); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
48 if (m == recorders.end()) recorders[name] = new IPR; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
49 recorders[name]->reference(1); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
50 return recorders[name]; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
51 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
52 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
53 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
54 void IPR::release(const char* name) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
55 recorder_map::iterator m = recorders.find(name); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
56 IPR* i = (*m).second; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
57 int r = i->reference(-1); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
58 if (r == 0) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
59 delete i; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
60 recorders.erase(m); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
61 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
62 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
63 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
64 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
65 void IPR::add(int ip, int amount, CONTEXT &con, const char *file_name, int pattern_index, const char *message) { |
36 | 66 if (con.looking(ip)) { |
63
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
67 if (amount > 0) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
68 ip_buckets::iterator j = repeat_offenders.find(ip); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
69 int scale = (j == repeat_offenders.end()) ? 1 : (*j).second.count; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
70 amount *= scale; |
58
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
71 |
63
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
72 ip_buckets::iterator i = violations.find(ip); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
73 if (i == violations.end()) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
74 bucket b; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
75 b.count = amount; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
76 b.blocked = (con.get_threshold() <= b.count); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
77 violations[ip] = b; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
78 if (b.blocked) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
79 update(ip, true, scale, file_name, pattern_index, message); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
80 changed(con, ip, true); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
81 } |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
82 } |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
83 else { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
84 bucket &b = (*i).second; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
85 if ((b.count >= 0) && (b.count < 2600000)) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
86 // good authentication (count<0) prevents blocking |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
87 // not much point in blocking for more than a month |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
88 b.count += amount; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
89 if ((!b.blocked) && (con.get_threshold() <= b.count)) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
90 b.blocked = true; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
91 update(ip, true, scale, file_name, pattern_index, message); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
92 changed(con, ip, true); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
93 } |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
94 } |
36 | 95 } |
96 } | |
63
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
97 |
69
0e736950a117
fix post uninstall script; allow config bucket count zero to disable a pattern
Carl Byington <carl@five-ten-sg.com>
parents:
63
diff
changeset
|
98 else if (amount < 0) { |
63
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
99 char buf[maxlen]; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
100 in_addr ad; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
101 ad.s_addr = htonl(ip); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
102 snprintf(buf, maxlen, "%s for %s", message, inet_ntoa(ad)); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
103 my_syslog(buf); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
104 |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
105 ip_buckets::iterator j = repeat_offenders.find(ip); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
106 if (j != repeat_offenders.end()) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
107 repeat_offenders.erase(j++); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
108 snprintf(buf, maxlen, "removing %s from repeat offenders", inet_ntoa(ad)); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
109 my_syslog(buf); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
110 } |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
111 ip_buckets::iterator i = violations.find(ip); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
112 if (i == violations.end()) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
113 bucket b; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
114 b.count = amount; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
115 b.blocked = false; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
116 violations[ip] = b; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
117 } |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
118 else { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
119 bucket &b = (*i).second; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
120 b.count = amount; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
121 if (b.blocked) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
122 update(ip, false, 0, NULL, 0, NULL); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
123 changed(con, ip, false); |
36 | 124 } |
125 } | |
126 } | |
127 } | |
3 | 128 } |
129 | |
130 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
131 void IPR::leak(int amount, CONTEXT &con) { |
36 | 132 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); ) { |
133 int ip = (*i).first; | |
134 bucket &b = (*i).second; | |
63
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
135 if (b.count < 0) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
136 if (b.count >= -amount) violations.erase(i++); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
137 else { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
138 b.count += amount; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
139 i++; |
36 | 140 } |
141 } | |
142 else { | |
63
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
143 if (b.count <= amount) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
144 if (b.blocked) { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
145 update(ip, false, 0, NULL, 0, NULL); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
146 changed(con, ip, false); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
147 } |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
148 violations.erase(i++); |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
149 } |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
150 else { |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
151 b.count -= amount; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
152 i++; |
60f59936fabb
good authentication prevents ip blocking for awhile
Carl Byington <carl@five-ten-sg.com>
parents:
59
diff
changeset
|
153 } |
36 | 154 } |
155 } | |
58
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
156 daily_timer -= amount; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
157 if (daily_timer < 0) { |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
158 daily_timer = 86400; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
159 for (ip_buckets::iterator j=repeat_offenders.begin(); j!=repeat_offenders.end(); ) { |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
160 int ip = (*j).first; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
161 bucket &b = (*j).second; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
162 b.count = b.count * 2 / 3; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
163 if (b.count <= 2) { |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
164 repeat_offenders.erase(j++); |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
165 char buf[maxlen]; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
166 in_addr ad; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
167 ad.s_addr = htonl(ip); |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
168 snprintf(buf, maxlen, "removing %s from repeat offenders", inet_ntoa(ad)); |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
169 my_syslog(buf); |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
170 } |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
171 else { |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
172 j++; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
173 } |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
174 } |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
175 } |
36 | 176 } |
177 | |
178 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
179 void IPR::free_all(CONTEXT &con) { |
37 | 180 if (debug_syslog > 2) { |
181 my_syslog("syslog2iptables shutting down"); | |
182 } | |
36 | 183 for (ip_buckets::iterator i=violations.begin(); i!=violations.end(); i++) { |
184 int ip = (*i).first; | |
185 bucket &b = (*i).second; | |
58
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
186 if (b.blocked) { |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
187 update(ip, false, 0, NULL, 0, NULL); |
36 | 188 changed(con, ip, false); |
189 } | |
190 } | |
191 violations.clear(); | |
20 | 192 } |
193 | |
194 | |
58
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
195 void IPR::update(int ip, bool added, int scale, const char *file_name, int pattern_index, const char *message) { |
36 | 196 if (debug_syslog > 2) { |
197 char buf[maxlen]; | |
198 in_addr ad; | |
199 ad.s_addr = htonl(ip); | |
200 if (added) { | |
58
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
201 if (message) snprintf(buf, maxlen, "dropping traffic from/to %s based on %s in %s, scale %d", inet_ntoa(ad), message, file_name, scale); |
36 | 202 else snprintf(buf, maxlen, "dropping traffic from/to %s based on pattern match %d in %s", inet_ntoa(ad), pattern_index, file_name); |
58
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
203 ip_buckets::iterator j = repeat_offenders.find(ip); |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
204 if (j == repeat_offenders.end()) { |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
205 bucket b; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
206 b.count = 2; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
207 b.blocked = true; // unused |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
208 repeat_offenders[ip] = b; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
209 } |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
210 else { |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
211 bucket &b = (*j).second; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
212 if (b.count < scale_max) b.count = b.count * 3 / 2; |
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
213 } |
36 | 214 } |
58
b45dddebe8fc
Add exponential increase in penalty for repeat offenders
Carl Byington <carl@five-ten-sg.com>
parents:
51
diff
changeset
|
215 else snprintf(buf, maxlen, "allowing traffic from/to %s", inet_ntoa(ad)); |
36 | 216 my_syslog(buf); |
217 } | |
3 | 218 } |
219 | |
220 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
221 void IPR::changed(CONTEXT &con, int ip, bool added) { |
36 | 222 int t = con.get_threshold(); |
223 char buf[maxlen]; | |
224 if (added) { | |
225 bucket &b = violations[ip]; | |
226 if (con.looking(ip) && (b.count > t)) { | |
227 in_addr ad; | |
228 ad.s_addr = htonl(ip); | |
229 snprintf(buf, maxlen, con.add_command, inet_ntoa(ad)); | |
230 system(buf); | |
231 } | |
232 } | |
233 else { | |
234 in_addr ad; | |
235 ad.s_addr = htonl(ip); | |
236 snprintf(buf, maxlen, con.remove_command, inet_ntoa(ad)); | |
237 system(buf); | |
238 } | |
3 | 239 } |
1 | 240 |
241 | |
3 | 242 //////////////////////////////////////////////// |
243 // | |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
244 int ip_address(const char *have); |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
245 int ip_address(const char *have) { |
36 | 246 int ipaddr = 0; |
247 in_addr ip; | |
248 if (inet_aton(have, &ip)) ipaddr = ip.s_addr; | |
249 else { | |
250 struct hostent *host = gethostbyname(have); | |
251 if (host && host->h_addrtype == AF_INET) memcpy(&ipaddr, host->h_addr, sizeof(ipaddr)); | |
252 } | |
253 return ntohl(ipaddr); | |
3 | 254 } |
255 | |
256 | |
257 //////////////////////////////////////////////// | |
258 // | |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
259 PATTERN::PATTERN(TOKEN &tok, const char *pattern_, int index_, int amount_, const char *msg_) { |
36 | 260 pattern = pattern_; |
261 index = index_; | |
262 amount = amount_; | |
263 message = msg_; | |
264 if (pattern) { | |
265 int rc = regcomp(&re, pattern, REG_ICASE | REG_EXTENDED); | |
266 if (rc) { | |
267 char bu[maxlen]; | |
268 regerror(rc, &re, bu, maxlen); | |
269 char buf[maxlen]; | |
270 snprintf(buf, sizeof(buf), "pattern %s not valid - %s", pattern, bu); | |
271 tok.token_error(buf); | |
272 pattern = NULL; | |
273 } | |
274 } | |
3 | 275 } |
276 | |
277 | |
278 PATTERN::~PATTERN() { | |
36 | 279 regfree(&re); |
3 | 280 } |
281 | |
282 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
283 bool PATTERN::process(char *buf, CONTEXT &con, const char *file_name, int pattern_index) { |
36 | 284 if (pattern) { |
285 const int nmatch = index+1; | |
286 regmatch_t match[nmatch]; | |
287 if (0 == regexec(&re, buf, nmatch, match, 0)) { | |
288 int s = match[index].rm_so; | |
289 int e = match[index].rm_eo; | |
290 if (s != -1) { | |
291 if (debug_syslog > 3) { | |
292 my_syslog(buf); // show lines with matches | |
293 } | |
294 buf[e] = '\0'; | |
295 int ip = ip_address(buf+s); | |
296 if (ip) { | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
297 con.recorder->add(ip, amount, con, file_name, pattern_index, message); |
36 | 298 } |
299 return true; | |
300 } | |
301 } | |
302 } | |
303 return false; | |
3 | 304 } |
305 | |
306 | |
307 void PATTERN::dump(int level) { | |
36 | 308 char indent[maxlen]; |
309 int i = min(maxlen-1, level*4); | |
310 memset(indent, ' ', i); | |
311 indent[i] = '\0'; | |
312 printf("%s pattern \"%s\" {; \n", indent, pattern); | |
313 printf("%s index %d; \n", indent, index); | |
314 printf("%s bucket %d; \n", indent, amount); | |
315 if (message) printf("%s message \"%s\"; \n", indent, message); | |
316 printf("%s }; \n", indent); | |
3 | 317 } |
318 | |
319 | |
320 //////////////////////////////////////////////// | |
321 // | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
322 CONTEXT::CONTEXT(const char *nam) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
323 name = nam; |
36 | 324 threshold = 500; |
325 add_command = "/sbin/iptables -I INPUT --src %s --jump DROP"; | |
326 remove_command = "/sbin/iptables -D INPUT --src %s --jump DROP"; | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
327 recorder = IPR::find(name); |
1 | 328 } |
329 | |
330 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
331 //////////////////////////////////////////////// |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
332 // |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
333 CONTEXT::~CONTEXT() { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
334 ignore.clear(); |
36 | 335 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) { |
336 SYSLOGCONFIG *c = *i; | |
337 delete c; | |
338 } | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
339 IPR::release(name); |
1 | 340 } |
341 | |
342 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
343 void CONTEXT::add_syslogconfig(SYSLOGCONFIGP con) { |
36 | 344 syslogconfigs.push_back(con); |
1 | 345 } |
346 | |
347 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
348 void CONTEXT::add_pair(IPPAIR pair) { |
36 | 349 ignore.push_back(pair); |
3 | 350 } |
351 | |
352 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
353 void CONTEXT::dump() { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
354 string indents(" "); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
355 const char *indent = indents.c_str(); |
3 | 356 |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
357 printf("context %s {\n", name); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
358 printf("%s threshold %d; \n\n", indent, threshold); |
27 | 359 |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
360 printf("%s add_command \"%s\"; \n", indent, add_command); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
361 printf("%s remove_command \"%s\"; \n\n", indent, remove_command); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
362 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
363 printf("%s ignore { \n", indent); |
36 | 364 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) { |
365 IPPAIR &p = *i; | |
366 in_addr ip; | |
367 ip.s_addr = htonl(p.first); | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
368 printf("%s %s/%d; \n", indent, inet_ntoa(ip), p.cidr); |
36 | 369 } |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
370 printf("%s }; \n\n", indent); |
3 | 371 |
36 | 372 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) { |
373 SYSLOGCONFIGP c = *i; | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
374 c->dump(1); |
36 | 375 } |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
376 printf("}; \n\n"); |
1 | 377 } |
378 | |
379 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
380 void CONTEXT::read(CONFIG &con) { |
36 | 381 while (true) { |
382 bool have = false; | |
383 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) { | |
384 SYSLOGCONFIGP c = *i; | |
385 have |= c->read(*this); | |
386 } | |
387 if (!have) break; | |
388 } | |
2 | 389 } |
390 | |
391 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
392 void CONTEXT::free_all() { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
393 recorder->free_all(*this); |
3 | 394 } |
395 | |
396 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
397 void CONTEXT::leak(int delta) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
398 recorder->leak(delta, *this); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
399 |
36 | 400 } |
401 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
402 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
403 bool CONTEXT::looking(int ip) { |
36 | 404 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) { |
405 IPPAIR &p = *i; | |
406 if ((p.first <= ip) && (ip <= p.last)) return false; | |
407 } | |
408 return true; | |
3 | 409 } |
410 | |
411 //////////////////////////////////////////////// | |
412 // | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
413 CONFIG::CONFIG() { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
414 reference_count = 0; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
415 generation = 0; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
416 load_time = 0; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
417 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
418 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
419 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
420 CONFIG::~CONFIG() { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
421 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
422 CONTEXT *c = *i; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
423 delete c; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
424 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
425 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
426 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
427 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
428 void CONFIG::dump() { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
429 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
430 CONTEXTP c = *i; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
431 c->dump(); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
432 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
433 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
434 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
435 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
436 void CONFIG::read() { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
437 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
438 CONTEXT *c = *i; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
439 c->read(*this); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
440 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
441 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
442 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
443 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
444 void CONFIG::sleep(int duration, time_t &previous) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
445 ::sleep(duration); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
446 time_t now = time(NULL); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
447 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
448 CONTEXT *c = *i; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
449 c->leak(now-previous); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
450 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
451 previous = now; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
452 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
453 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
454 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
455 void CONFIG::free_all() { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
456 for (context_list::iterator i=contexts.begin(); i!=contexts.end(); i++) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
457 CONTEXT *c = *i; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
458 c->free_all(); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
459 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
460 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
461 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
462 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
463 //////////////////////////////////////////////// |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
464 // |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
465 SYSLOGCONFIG::SYSLOGCONFIG(TOKEN &tok, const char *file_name_) { |
36 | 466 tokp = &tok; |
467 file_name = file_name_; | |
468 open(true); | |
1 | 469 } |
470 | |
471 | |
472 SYSLOGCONFIG::~SYSLOGCONFIG() { | |
36 | 473 close(); |
474 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) { | |
475 PATTERN *p = *i; | |
476 delete p; | |
477 } | |
2 | 478 } |
479 | |
480 | |
4 | 481 void SYSLOGCONFIG::open(bool msg) { |
36 | 482 fd = ::open(file_name, O_RDONLY); |
483 len = 0; | |
484 if (fd == -1) { | |
485 if (msg) { | |
486 char buf[maxlen]; | |
487 snprintf(buf, sizeof(buf), "syslog file %s not readable", file_name); | |
488 tokp->token_error(buf); | |
489 } | |
490 } | |
491 else { | |
492 if (debug_syslog > 1) { | |
493 snprintf(buf, sizeof(buf), "syslog file %s opened", file_name); | |
494 my_syslog(buf); | |
495 } | |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
496 if (msg) lseek(fd, 0, SEEK_END); |
36 | 497 if (fstat(fd, &openfdstat)) { |
498 close(); | |
499 snprintf(buf, sizeof(buf), "syslog file %s cannot stat after open", file_name); | |
500 tokp->token_error(buf); | |
501 } | |
502 // specify that this fd gets closed on exec, so that selinux | |
503 // won't complain about iptables trying to read log files. | |
504 int oldflags = fcntl(fd, F_GETFD, 0); | |
505 if (oldflags >= 0) { | |
506 fcntl(fd, F_SETFD, oldflags | FD_CLOEXEC); | |
507 } | |
508 } | |
3 | 509 } |
510 | |
511 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
512 bool SYSLOGCONFIG::read(CONTEXT &con) { |
36 | 513 if (failed()) { |
514 open(false); | |
515 if (failed()) return false; | |
516 } | |
517 int n = ::read(fd, buf+len, buflen-len); | |
518 bool have = (n > 0); | |
519 if (have) { | |
520 len += n; | |
521 while (true) { | |
522 char *p = (char*)memchr(buf, '\n', len); | |
523 if (!p) break; | |
524 n = p-buf; | |
525 *p = '\0'; | |
526 process(con); // process null terminated string | |
527 len -= n+1; | |
528 memmove(buf, p+1, len); | |
529 } | |
530 // no <lf> in a full buffer | |
531 if (len == buflen) len = 0; | |
532 } | |
533 else { | |
534 // check for file close | |
535 struct stat filenamest; | |
536 if (0 == stat(file_name, &filenamest)) { | |
537 if ((filenamest.st_dev != openfdstat.st_dev) || | |
538 (filenamest.st_ino != openfdstat.st_ino)) { | |
539 close(); | |
540 } | |
541 } | |
542 else { | |
543 // filename no longer exists | |
544 close(); | |
545 } | |
546 } | |
547 return have; | |
2 | 548 } |
549 | |
550 | |
4 | 551 void SYSLOGCONFIG::close() { |
36 | 552 if (debug_syslog > 1) { |
553 snprintf(buf, sizeof(buf), "syslog file %s closed", file_name); | |
554 my_syslog(buf); | |
555 } | |
556 if (fd != -1) ::close(fd); | |
557 fd = -1; | |
4 | 558 } |
559 | |
560 | |
561 void SYSLOGCONFIG::add_pattern(PATTERNP pat) { | |
36 | 562 patterns.push_back(pat); |
4 | 563 } |
564 | |
565 | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
566 void SYSLOGCONFIG::process(CONTEXT &con) { |
36 | 567 int pi=0; |
568 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) { | |
569 PATTERN *p = *i; | |
570 if (p->process(buf, con, file_name, pi)) break; | |
571 pi++; | |
572 } | |
1 | 573 } |
574 | |
575 | |
576 void SYSLOGCONFIG::dump(int level) { | |
36 | 577 char indent[maxlen]; |
578 int i = min(maxlen-1, level*4); | |
579 memset(indent, ' ', i); | |
580 indent[i] = '\0'; | |
581 printf("%s file \"%s\" {\n", indent, file_name); | |
582 for (pattern_list::iterator i=patterns.begin(); i!=patterns.end(); i++) { | |
583 PATTERN *p = *i; | |
584 p->dump(level+1); | |
585 } | |
586 printf("%s }; \n", indent); | |
1 | 587 } |
588 | |
589 | |
590 //////////////////////////////////////////////// | |
591 // helper to discard the strings held by a string_set | |
592 // | |
593 void discard(string_set &s) { | |
36 | 594 for (string_set::iterator i=s.begin(); i!=s.end(); i++) { |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
595 free((void*)*i); |
36 | 596 } |
597 s.clear(); | |
1 | 598 } |
599 | |
600 | |
601 //////////////////////////////////////////////// | |
602 // helper to register a string in a string set | |
603 // | |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
604 const char* register_string(string_set &s, const char *name) { |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
605 string_set::const_iterator i = s.find(name); |
36 | 606 if (i != s.end()) return *i; |
607 char *x = strdup(name); | |
608 s.insert(x); | |
609 return x; | |
1 | 610 } |
611 | |
612 | |
613 //////////////////////////////////////////////// | |
614 // register a global string | |
615 // | |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
616 const char* register_string(const char *name) { |
36 | 617 return register_string(all_strings, name); |
1 | 618 } |
619 | |
620 | |
621 //////////////////////////////////////////////// | |
38 | 622 // clear all global strings, helper for valgrind checking |
623 // | |
624 void clear_strings() { | |
625 discard(all_strings); | |
626 } | |
627 | |
628 | |
629 //////////////////////////////////////////////// | |
1 | 630 // |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
631 bool tsa(TOKEN &tok, const char *token); |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
632 bool tsa(TOKEN &tok, const char *token) { |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
633 const char *have = tok.next(); |
36 | 634 if (have == token) return true; |
635 tok.token_error(token, have); | |
636 return false; | |
1 | 637 } |
638 | |
639 | |
640 //////////////////////////////////////////////// | |
641 // | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
642 bool parse_pattern(TOKEN &tok, SYSLOGCONFIG &con, CONTEXT &me); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
643 bool parse_pattern(TOKEN &tok, SYSLOGCONFIG &con, CONTEXT &me) { |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
644 const char *pat = tok.next(); |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
645 int ind = 0; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
646 int buc = 0; |
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
647 const char *msg = NULL; |
36 | 648 if (!tsa(tok, token_lbrace)) return false; |
649 while (true) { | |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
650 const char *have = tok.next(); |
36 | 651 if (!have) break; |
652 if (have == token_rbrace) break; | |
653 if (have == token_index) { | |
654 have = tok.next(); | |
655 ind = atoi(have); | |
656 if (!tsa(tok, token_semi)) return false; | |
657 } | |
658 else if (have == token_bucket) { | |
659 have = tok.next(); | |
660 buc = atoi(have); | |
661 if (!tsa(tok, token_semi)) return false; | |
662 } | |
663 else if (have == token_message) { | |
664 msg = tok.next(); | |
665 if (!tsa(tok, token_semi)) return false; | |
666 } | |
667 else { | |
668 tok.token_error("index/bucket", have); | |
669 return false; | |
670 } | |
671 } | |
672 if (!tsa(tok, token_semi)) return false; | |
673 PATTERNP patt = new PATTERN(tok, pat, ind, buc, msg); | |
674 con.add_pattern(patt); | |
675 return true; | |
3 | 676 } |
677 | |
678 | |
679 //////////////////////////////////////////////// | |
680 // | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
681 bool parse_ignore(TOKEN &tok, CONFIG &dc, CONTEXT &me); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
682 bool parse_ignore(TOKEN &tok, CONFIG &dc, CONTEXT &me) { |
36 | 683 if (!tsa(tok, token_lbrace)) return false; |
684 while (true) { | |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
685 const char *have = tok.next(); |
36 | 686 if (!have) break; |
687 if (have == token_rbrace) break; | |
688 int ipaddr = ip_address(have); | |
689 if (ipaddr == 0) { | |
690 tok.token_error("ip address", have); | |
691 return false; | |
692 } | |
693 if (!tsa(tok, token_slash)) return false; | |
694 have = tok.next(); | |
695 int mask = atoi(have); | |
696 if ((mask < 8) || (mask > 32)) { | |
697 tok.token_error("cidr 8..32 value", have); | |
698 return false; | |
699 } | |
700 if (!tsa(tok, token_semi)) return false; | |
701 IPPAIR pair; | |
59
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
702 const unsigned int masks[33] = {0xffffffff, // 0 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
703 0x7fffffff, // 1 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
704 0x3fffffff, // 2 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
705 0x1fffffff, // 3 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
706 0x0fffffff, // 4 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
707 0x07ffffff, // 5 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
708 0x03ffffff, // 6 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
709 0x01ffffff, // 7 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
710 0x00ffffff, // 8 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
711 0x007fffff, // 9 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
712 0x003fffff, // 10 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
713 0x001fffff, // 11 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
714 0x000fffff, // 12 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
715 0x0007ffff, // 13 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
716 0x0003ffff, // 14 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
717 0x0001ffff, // 15 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
718 0x0000ffff, // 16 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
719 0x00007fff, // 17 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
720 0x00003fff, // 18 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
721 0x00001fff, // 19 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
722 0x00000fff, // 20 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
723 0x000007ff, // 21 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
724 0x000003ff, // 22 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
725 0x000001ff, // 23 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
726 0x000000ff, // 24 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
727 0x0000007f, // 25 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
728 0x0000003f, // 26 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
729 0x0000001f, // 27 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
730 0x0000000f, // 28 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
731 0x00000007, // 29 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
732 0x00000003, // 30 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
733 0x00000001, // 31 |
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
734 0x00000000}; // 32 |
36 | 735 pair.first = ipaddr; |
59
f133196b8591
fix c++11 compiler warnings
Carl Byington <carl@five-ten-sg.com>
parents:
58
diff
changeset
|
736 pair.last = ipaddr | (int)masks[mask]; |
36 | 737 pair.cidr = mask; |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
738 me.add_pair(pair); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
739 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
740 if (!tsa(tok, token_semi)) return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
741 return true; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
742 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
743 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
744 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
745 //////////////////////////////////////////////// |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
746 // |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
747 bool parse_syslogconfig(TOKEN &tok, CONFIG &dc, CONTEXT &me); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
748 bool parse_syslogconfig(TOKEN &tok, CONFIG &dc, CONTEXT &me) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
749 const char *name = tok.next(); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
750 if (!tsa(tok, token_lbrace)) return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
751 SYSLOGCONFIGP con = new SYSLOGCONFIG(tok, name); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
752 if (con->failed()) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
753 delete con; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
754 return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
755 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
756 me.add_syslogconfig(con); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
757 while (true) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
758 const char *have = tok.next(); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
759 if (!have) break; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
760 if (have == token_rbrace) break; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
761 if (have == token_pattern) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
762 if (!parse_pattern(tok, *con, me)) return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
763 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
764 else { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
765 tok.token_error("pattern", have); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
766 return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
767 } |
36 | 768 } |
769 if (!tsa(tok, token_semi)) return false; | |
770 return true; | |
3 | 771 } |
772 | |
773 | |
774 //////////////////////////////////////////////// | |
775 // | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
776 bool parse_context(TOKEN &tok, CONFIG &dc, CONTEXTP parent); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
777 bool parse_context(TOKEN &tok, CONFIG &dc, CONTEXTP parent) { |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
778 const char *name = tok.next(); |
36 | 779 if (!tsa(tok, token_lbrace)) return false; |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
780 CONTEXTP con = new CONTEXT(name); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
781 |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
782 while (true) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
783 const char *have = tok.next(); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
784 if (!have) break; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
785 if (have == token_rbrace) break; // done |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
786 if (have == token_threshold) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
787 have = tok.next(); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
788 con->set_threshold(atoi(have)); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
789 if (!tsa(tok, token_semi)) return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
790 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
791 else if (have == token_ignore) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
792 if (!parse_ignore(tok, dc, *con)) return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
793 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
794 else if (have == token_add) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
795 have = tok.next(); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
796 con->set_add(have); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
797 if (!tsa(tok, token_semi)) return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
798 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
799 else if (have == token_remove) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
800 have = tok.next(); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
801 con->set_remove(have); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
802 if (!tsa(tok, token_semi)) return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
803 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
804 else if (have == token_file) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
805 if (!parse_syslogconfig(tok, dc, *con)) return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
806 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
807 else { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
808 tok.token_error("threshold/ignore/add_command/remove_command/file", have); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
809 return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
810 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
811 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
812 if (!tsa(tok, token_semi)) { |
36 | 813 delete con; |
814 return false; | |
815 } | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
816 dc.add_context(con); |
36 | 817 return true; |
1 | 818 } |
819 | |
820 | |
821 //////////////////////////////////////////////// | |
822 // parse a config file | |
823 // | |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
824 bool load_conf(CONFIG &dc, const char *fn) { |
36 | 825 int count = 0; |
826 TOKEN tok(fn, &dc.config_files); | |
827 while (true) { | |
48
ba0259c9e411
Fixes to compile on Fedora 9 and for const correctness
Carl Byington <carl@five-ten-sg.com>
parents:
42
diff
changeset
|
828 const char *have = tok.next(); |
36 | 829 if (!have) break; |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
830 if (have == token_context) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
831 if (!parse_context(tok, dc, NULL)) { |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
832 tok.token_error("load_conf() failed to parse context"); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
833 return false; |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
834 } |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
835 else count++; |
36 | 836 } |
837 else { | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
838 tok.token_error(token_context, have); |
36 | 839 return false; |
840 } | |
841 } | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
842 tok.token_error("load_conf() found %d contexts in %s", count, fn); |
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
843 return (!dc.contexts.empty()); |
1 | 844 } |
845 | |
846 | |
847 //////////////////////////////////////////////// | |
848 // init the tokens | |
849 // | |
850 void token_init() { | |
36 | 851 token_add = register_string("add_command"); |
852 token_bucket = register_string("bucket"); | |
51
206448c00b55
Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents:
48
diff
changeset
|
853 token_context = register_string("context"); |
36 | 854 token_file = register_string("file"); |
855 token_ignore = register_string("ignore"); | |
856 token_include = register_string("include"); | |
857 token_index = register_string("index"); | |
858 token_lbrace = register_string("{"); | |
859 token_message = register_string("message"); | |
860 token_pattern = register_string("pattern"); | |
861 token_rbrace = register_string("}"); | |
862 token_remove = register_string("remove_command"); | |
863 token_semi = register_string(";"); | |
864 token_slash = register_string("/"); | |
865 token_threshold = register_string("threshold"); | |
1 | 866 } |