atmos
/
ban2fail
mirror of https://github.com/jrbrtsn/ban2fail
1
1
Fork 0
Code Issues Releases Wiki Activity

Fixed but introduced in iptables.c

This commit is contained in:
john 2020-09-18 10:35:35 -04:00
parent 2a75e09272
commit 7826601e01
2 changed files with 58 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ban2fail.c
View File

@ -92,7 +92,7 @@ struct Global G= {
.version= { .version= {
.major= 0, .major= 0,
.minor= 14, .minor= 14,
.patch= 2 .patch= 3
}, },
.bitTuples.flags= GlobalFlagBitTuples .bitTuples.flags= GlobalFlagBitTuples

178
iptables.c
View File

@ -146,7 +146,6 @@ addrCmp_pvsort(const void *const* pp1, const void *const* pp2)
return 0; return 0;
} }
#if 0
static int static int
run_command(const char *argv[]) run_command(const char *argv[])
/************************************************************** /**************************************************************
@ -154,90 +153,23 @@ run_command(const char *argv[])
* for command to finish. * for command to finish.
*/ */
{ {
int out[2]; #ifdef DEBUG
{ // Print argv[] to stderr
ez_fprintf(stderr, "argv[]= {\n");
const char **ppstr;
for(ppstr= argv; *ppstr; ++ppstr)
ez_fprintf(stderr, "\t%s\n", *ppstr);
/* Create a connected pipe for output from command */ ez_fputs("}\n", stderr);
ez_pipe(out); ez_fflush(stderr);
// Parent will read from out[0];
// Create child process
pid_t child_pid= ez_fork();
if(!child_pid) { // Child process
// Close useless end of pipe
ez_close(out[0]);
// Attach standard outputs to our pipe
ez_dup2(out[1], STDOUT_FILENO);
ez_dup2(out[1], STDERR_FILENO);
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wincompatible-pointer-types"
// Execute command
ez_execve(argv[0], argv, environ);
// We will never get to here
#pragma GCC diagnostic pop
} }
#define BUF_SZ 1024
// Read buffer
static char buf[BUF_SZ];
// Loop reading data from child's output
ssize_t nRead;
while(0 < (nRead= read(out[0], buf, BUF_SZ-1))) {
// read() error
if(-1 == nRead) {
sys_eprintf("ERROR: read()");
break;
}
// pipe closed
if(!nRead)
break;
// Relay to our stderr
ez_write(STDERR_FILENO, buf, nRead);
}
#undef BUF_SZ
if(-1 == nRead)
sys_eprintf("ERROR: read()");
/* Wait indefinitely for child to finish */
int wstatus;
pid_t rc= waitpid(child_pid, &wstatus, 0);
// Proper exit
if(WIFEXITED(wstatus))
return WEXITSTATUS(wstatus);
// Killed with signal
if(WIFSIGNALED(wstatus)) {
eprintf("ERROR: %s killed by signal: %s", argv[0], strsignal(WTERMSIG(wstatus)));
return -1;
}
// Shouldn't ever get here
assert(0);
}
#endif #endif
static int int out_pipe[2];
run_command(const char *argv[])
/**************************************************************
* Run a command given argv using fork() and execve(). Wait
* for command to finish.
*/
{
int out[2];
/* Create a connected pipe for output from command */ /* Create a connected pipe for output from command */
ez_pipe(out); ez_pipe(out_pipe);
// Parent will read from out[0]; // Parent will read from out_pipe[0];
// Create child process // Create child process
pid_t child_pid= ez_fork(); pid_t child_pid= ez_fork();
@ -245,11 +177,11 @@ run_command(const char *argv[])
if(!child_pid) { // Child process if(!child_pid) { // Child process
// Close useless end of pipe // Close useless end of pipe
ez_close(out[0]); ez_close(out_pipe[0]);
// Attach standard outputs to our pipe // Attach standard outputs to our pipe
ez_dup2(out[1], STDOUT_FILENO); ez_dup2(out_pipe[1], STDOUT_FILENO);
ez_dup2(out[1], STDERR_FILENO); ez_dup2(out_pipe[1], STDERR_FILENO);
#pragma GCC diagnostic push #pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wincompatible-pointer-types" #pragma GCC diagnostic ignored "-Wincompatible-pointer-types"
@ -260,7 +192,7 @@ run_command(const char *argv[])
} }
// Close useless end of pipe // Close useless end of pipe
ez_close(out[1]); ez_close(out_pipe[1]);
#define BUF_SZ 1024 #define BUF_SZ 1024
// Read buffer // Read buffer
@ -268,11 +200,10 @@ run_command(const char *argv[])
// Loop reading data from child's output // Loop reading data from child's output
ssize_t nRead; ssize_t nRead;
while(0 < (nRead= read(out[0], buf, BUF_SZ-1))) { while(0 < (nRead= read(out_pipe[0], buf, BUF_SZ-1)))
// Relay to our stderr // Relay to our stderr
ez_write(STDERR_FILENO, buf, nRead); ez_write(STDERR_FILENO, buf, nRead);
}
#undef BUF_SZ #undef BUF_SZ
if(-1 == nRead) if(-1 == nRead)
@ -330,57 +261,62 @@ _control_addresses(const char *cmdFlag, PTRVEC *h_vec)
/* Move any ipv6 addresses to the end */ /* Move any ipv6 addresses to the end */
PTRVEC_sort(h_vec, addrCmp_pvsort); PTRVEC_sort(h_vec, addrCmp_pvsort);
/* Place comma separated address list into single string buffer */ { /* Place comma separated address list into single string buffer */
for(unsigned i= 0; unsigned i;
(addr= PTRVEC_remHead(h_vec)) && !strchr(addr, ':'); for(i= 0;
++i) (addr= PTRVEC_remHead(h_vec)) && !strchr(addr, ':');
{ ++i)
/* Need comma after 1st address */ {
if(i) /* Need comma after 1st address */
STR_append(&addr_sb, ",", 1); if(i)
STR_append(&addr_sb, ",", 1);
/* Put address in place */ /* Put address in place */
STR_append(&addr_sb, addr, -1); STR_append(&addr_sb, addr, -1);
} }
// Place string buffer in argv // Place string buffer in argv
argv[4]= STR_str(&addr_sb); argv[4]= STR_str(&addr_sb);
argv[5]= "-j"; argv[5]= "-j";
argv[6]= "DROP"; argv[6]= "DROP";
// Run iptables // Run iptables
if(run_command(argv)) { if(i && run_command(argv)) {
eprintf("ERROR: run_command() failed."); eprintf("ERROR: run_command() failed.");
goto abort; goto abort;
}
} }
/**************************************************************************/ /**************************************************************************/
/**************** ip6 addresses *******************************************/ /**************** ip6 addresses *******************************************/
/**************************************************************************/ /**************************************************************************/
argv[0]= IP6TABLES; { // ipv6 addresses
// Load up ipv6 addresses in string buffer argv[0]= IP6TABLES;
STR_reset(&addr_sb); // Load up ipv6 addresses in string buffer
STR_reset(&addr_sb);
/* Work through ipv6 addresses in the vector */ /* Work through ipv6 addresses in the vector */
for(unsigned i= 0 ; addr; (addr= PTRVEC_remHead(h_vec)), ++i) { unsigned i;
for(i= 0 ; addr; (addr= PTRVEC_remHead(h_vec)), ++i) {
/* Need comma after 1st address */ /* Need comma after 1st address */
if(i) if(i)
STR_append(&addr_sb, ",", 1); STR_append(&addr_sb, ",", 1);
/* Put address in place */ /* Put address in place */
STR_append(&addr_sb, addr, -1); STR_append(&addr_sb, addr, -1);
} }
// Address list is the only thing that changed // Address list is the only thing that changed
argv[4]= STR_str(&addr_sb); argv[4]= STR_str(&addr_sb);
// Run iptables // Run iptables
if(run_command(argv)) { if(i && run_command(argv)) {
eprintf("ERROR: run_command() failed."); eprintf("ERROR: run_command() failed.");
goto abort; goto abort;
}
} }
rtn= 0; rtn= 0;