mirror of https://github.com/jrbrtsn/ban2fail
Useful improvements
This commit is contained in:
parent
36b3295df7
commit
bd5a01f5a2
27
Makefile
27
Makefile
|
@ -2,26 +2,24 @@ baseDir := ~
|
|||
libsDir := $(baseDir)/libs
|
||||
projectName := ban2fail
|
||||
versions := debug release
|
||||
cc_exe := ban2fail
|
||||
cc_exe := ban2fail fsckdns
|
||||
install_dir := /usr/local/bin
|
||||
|
||||
# Keep the makefile up to date
|
||||
Makefile : Jmakefile
|
||||
jmake makefile
|
||||
|
||||
|
||||
########################################
|
||||
# Set up sources & libraries here. #
|
||||
########################################
|
||||
|
||||
ifeq ($(exe), ban2fail)
|
||||
src := \
|
||||
addrRpt.c \
|
||||
ban2fail.c \
|
||||
cfgmap.c \
|
||||
cntry.c \
|
||||
dynstack.c \
|
||||
es.c \
|
||||
ez_es.c \
|
||||
ez_libc.c \
|
||||
ez_libdb.c \
|
||||
ez_libz.c \
|
||||
iptables.c \
|
||||
logType.c \
|
||||
|
@ -29,13 +27,24 @@ src := \
|
|||
map.c \
|
||||
maxoff.c \
|
||||
msgqueue.c \
|
||||
obsvTpl.c \
|
||||
offEntry.c \
|
||||
pdns.c \
|
||||
ptrvec.c \
|
||||
str.c \
|
||||
util.c \
|
||||
|
||||
libs := z crypto GeoIP pthread
|
||||
libs := z crypto GeoIP pthread db
|
||||
endif
|
||||
|
||||
ifeq ($(exe), fsckdns)
|
||||
src := \
|
||||
ez_libc.c \
|
||||
fsckdns.c \
|
||||
str.c \
|
||||
util.c \
|
||||
|
||||
# libs := z crypto GeoIP pthread
|
||||
endif
|
||||
|
||||
########################################
|
||||
|
@ -59,11 +68,15 @@ ifndef version
|
|||
all : debug release
|
||||
debug :
|
||||
@$(MAKE) version=debug exe=ban2fail mainType=CC --no-builtin-rules -f $(makefile) --no-print-directory
|
||||
@$(MAKE) version=debug exe=fsckdns mainType=CC --no-builtin-rules -f $(makefile) --no-print-directory
|
||||
release :
|
||||
@$(MAKE) version=release exe=ban2fail mainType=CC --no-builtin-rules -f $(makefile) --no-print-directory
|
||||
@$(MAKE) version=release exe=fsckdns mainType=CC --no-builtin-rules -f $(makefile) --no-print-directory
|
||||
install : release
|
||||
@strip release/ban2fail
|
||||
@[ $(install_dir)_foo = _foo ] || cp release/ban2fail $(install_dir)/
|
||||
@strip release/fsckdns
|
||||
@[ $(install_dir)_foo = _foo ] || cp release/fsckdns $(install_dir)/
|
||||
@[ -e install.sh ] && INSTALLDIR=$(install_dir) INSTALLTYPE=$(install_type) ./install.sh
|
||||
uninstall :
|
||||
clean :
|
||||
|
|
1
TODO.txt
1
TODO.txt
|
@ -1,2 +1 @@
|
|||
* Parallelize log file scanning
|
||||
* Reverse DNS lookup option for reports
|
||||
|
|
91
ban2fail.c
91
ban2fail.c
|
@ -84,12 +84,12 @@ static const struct bitTuple GlobalFlagBitTuples[]= {
|
|||
|
||||
struct Global G= {
|
||||
.cacheDir= CACHEDIR,
|
||||
.lockPath= LOCKPATH,
|
||||
.lockDir= LOCKDIR,
|
||||
|
||||
.version= {
|
||||
.major= 0,
|
||||
.minor= 13,
|
||||
.patch= 2
|
||||
.patch= 3
|
||||
},
|
||||
|
||||
.bitTuples.flags= GlobalFlagBitTuples
|
||||
|
@ -134,7 +134,16 @@ static struct {
|
|||
*/
|
||||
OFFENTRY **lePtrArr;
|
||||
|
||||
} S;
|
||||
/* Avoid multiple instances of filename buffers */
|
||||
char fnameBuf[PATH_MAX];
|
||||
|
||||
int cacheLock_fd,
|
||||
iptablesLock_fd;
|
||||
|
||||
} S= {
|
||||
.cacheLock_fd= -1,
|
||||
.iptablesLock_fd= -1
|
||||
};
|
||||
|
||||
/*==================================================================*/
|
||||
/*======================== main() ==================================*/
|
||||
|
@ -153,8 +162,8 @@ main(int argc, char **argv)
|
|||
* Program execution begins here.
|
||||
*/
|
||||
{
|
||||
int rtn= EXIT_FAILURE,
|
||||
lock_fd= -1;
|
||||
|
||||
int rtn= EXIT_FAILURE;
|
||||
|
||||
char *confFile= CONFIGFILE;
|
||||
|
||||
|
@ -198,7 +207,7 @@ main(int argc, char **argv)
|
|||
break;
|
||||
|
||||
case 'a':
|
||||
G.flags |= GLB_LIST_ADDR_FLG;
|
||||
G.flags |= GLB_LIST_ADDR_FLG|GLB_DONT_IPTABLE_FLG;
|
||||
if(optarg) {
|
||||
if(*optarg == '+') {
|
||||
G.flags |= GLB_DNS_LOOKUP_FLG;
|
||||
|
@ -210,7 +219,7 @@ main(int argc, char **argv)
|
|||
break;
|
||||
|
||||
case 'c':
|
||||
G.flags |= GLB_LIST_CNTRY_FLG;
|
||||
G.flags |= GLB_LIST_CNTRY_FLG|GLB_DONT_IPTABLE_FLG;
|
||||
break;
|
||||
|
||||
case 'F':
|
||||
|
@ -218,13 +227,13 @@ main(int argc, char **argv)
|
|||
break;
|
||||
|
||||
case 's':
|
||||
G.flags |= GLB_LIST_SUMMARY_FLG;
|
||||
G.flags |= GLB_LIST_SUMMARY_FLG|GLB_DONT_IPTABLE_FLG;
|
||||
break;
|
||||
|
||||
case 't':
|
||||
G.flags |= GLB_DONT_IPTABLE_FLG;
|
||||
G.cacheDir= CACHEDIR "-test";
|
||||
G.lockPath= LOCKPATH "-test";
|
||||
G.lockDir= LOCKDIR "-test";
|
||||
confFile= optarg;
|
||||
break;
|
||||
|
||||
|
@ -233,7 +242,7 @@ main(int argc, char **argv)
|
|||
break;
|
||||
|
||||
case PRINT_LOGFILE_NAMES_ENUM:
|
||||
G.flags |= GLB_PRINT_LOGFILE_NAMES_FLG;
|
||||
G.flags |= GLB_PRINT_LOGFILE_NAMES_FLG|GLB_DONT_IPTABLE_FLG;
|
||||
break;
|
||||
|
||||
case VERSION_OPT_ENUM:
|
||||
|
@ -284,6 +293,8 @@ main(int argc, char **argv)
|
|||
/* Place it in global map */
|
||||
MAP_addStrKey(&G.rpt.AddrRPT_map, addr, ar);
|
||||
|
||||
G.flags |= GLB_DONT_IPTABLE_FLG;
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
@ -310,19 +321,17 @@ main(int argc, char **argv)
|
|||
/* Obtain a file lock to protect cache files */
|
||||
/*===========================================================*/
|
||||
{
|
||||
if(-1 == ez_access(G.lockDir, F_OK))
|
||||
ez_mkdir(G.lockDir, 0750);
|
||||
|
||||
snprintf(S.fnameBuf, sizeof(S.fnameBuf), "%s/cache", G.lockDir);
|
||||
/* Make sure the file exists by open()'ing */
|
||||
lock_fd= open(G.lockPath, O_CREAT|O_WRONLY|O_CLOEXEC, 0640);
|
||||
if(-1 == lock_fd) {
|
||||
sys_eprintf("ERROR: open(\"%s\") failed");
|
||||
goto abort;
|
||||
}
|
||||
S.cacheLock_fd= ez_open(S.fnameBuf, O_CREAT|O_WRONLY|O_CLOEXEC, 0640);
|
||||
assert(-1 != S.cacheLock_fd);
|
||||
|
||||
/* Let's get a exclusive lock */
|
||||
int rc= flock(lock_fd, LOCK_EX|LOCK_NB);
|
||||
if(-1 == rc) {
|
||||
sys_eprintf("ERROR: flock(\"%s\") failed", G.lockPath);
|
||||
goto abort;
|
||||
}
|
||||
// TODO: set SIGALRM to knock us out of blocked wait?
|
||||
int rc= ez_flock(S.cacheLock_fd, LOCK_EX);
|
||||
}
|
||||
|
||||
/* Default sending listing to stdout */
|
||||
|
@ -349,7 +358,7 @@ main(int argc, char **argv)
|
|||
/* errno will be set if access() fails */
|
||||
errno= 0;
|
||||
|
||||
ez_mkdir(G.cacheDir, 0700);
|
||||
ez_mkdir(G.cacheDir, 0750);
|
||||
}
|
||||
|
||||
if(G.flags & GLB_LONG_LISTING_MASK) {
|
||||
|
@ -403,11 +412,10 @@ main(int argc, char **argv)
|
|||
continue;
|
||||
|
||||
/* Make the path with filename */
|
||||
static char pathBuf[PATH_MAX];
|
||||
snprintf(pathBuf, sizeof(pathBuf), "%s/%s", G.cacheDir, entry->d_name);
|
||||
snprintf(S.fnameBuf, sizeof(S.fnameBuf), "%s/%s", G.cacheDir, entry->d_name);
|
||||
|
||||
/* Remove unused directory & contents. */
|
||||
ez_rmdir_recursive(pathBuf);
|
||||
ez_rmdir_recursive(S.fnameBuf);
|
||||
|
||||
}
|
||||
ez_closedir(dir);
|
||||
|
@ -415,10 +423,10 @@ main(int argc, char **argv)
|
|||
|
||||
/* We're done with disk I/O, so release lock */
|
||||
/*-----------------------------------------------------------------------*/
|
||||
if(-1 != lock_fd) {
|
||||
flock(lock_fd, LOCK_UN);
|
||||
ez_close(lock_fd);
|
||||
lock_fd= -1;
|
||||
if(-1 != S.cacheLock_fd) {
|
||||
ez_flock(S.cacheLock_fd, LOCK_UN);
|
||||
ez_close(S.cacheLock_fd);
|
||||
S.cacheLock_fd= -1;
|
||||
}
|
||||
|
||||
/* Processing only for long listings */
|
||||
|
@ -590,6 +598,15 @@ main(int argc, char **argv)
|
|||
|
||||
if(!(G.flags & GLB_DONT_IPTABLE_FLG)) {
|
||||
|
||||
if(n2Block || n2Unblock) {
|
||||
snprintf(S.fnameBuf, sizeof(S.fnameBuf), "%s/iptables", G.lockDir);
|
||||
/* Make sure the file exists by open()'ing */
|
||||
S.iptablesLock_fd= ez_open(S.fnameBuf, O_CREAT|O_WRONLY|O_CLOEXEC, 0640);
|
||||
assert(-1 != S.iptablesLock_fd);
|
||||
/* Get an exclusive lock on the lockfile */
|
||||
ez_flock(S.iptablesLock_fd, LOCK_EX);
|
||||
}
|
||||
|
||||
if(n2Block) {
|
||||
|
||||
if(IPTABLES_block_addresses(&S.toBlock_vec, 10)) {
|
||||
|
@ -608,6 +625,13 @@ main(int argc, char **argv)
|
|||
ez_fprintf(G.rpt.fh, "Unblocked %u hosts\n", n2Unblock);
|
||||
}
|
||||
|
||||
/* Release the lock */
|
||||
if(-1 != S.iptablesLock_fd) {
|
||||
ez_flock(S.iptablesLock_fd, LOCK_UN);
|
||||
ez_close(S.iptablesLock_fd);
|
||||
S.iptablesLock_fd= -1;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
if(n2Block)
|
||||
|
@ -644,9 +668,14 @@ abort:
|
|||
ez_pclose(G.rpt.fh);
|
||||
|
||||
/* Make sure lock file is unlocked */
|
||||
if(-1 != lock_fd) {
|
||||
flock(lock_fd, LOCK_UN);
|
||||
ez_close(lock_fd);
|
||||
if(-1 != S.cacheLock_fd) {
|
||||
ez_flock(S.cacheLock_fd, LOCK_UN);
|
||||
ez_close(S.cacheLock_fd);
|
||||
}
|
||||
|
||||
if(-1 != S.iptablesLock_fd) {
|
||||
ez_flock(S.iptablesLock_fd, LOCK_UN);
|
||||
ez_close(S.iptablesLock_fd);
|
||||
}
|
||||
return rtn;
|
||||
}
|
||||
|
|
|
@ -53,7 +53,7 @@
|
|||
|
||||
/* Where to find stuff */
|
||||
#define CONFIGFILE "/etc/ban2fail/ban2fail.cfg"
|
||||
#define LOCKPATH "/run/lock/ban2fail"
|
||||
#define LOCKDIR "/run/lock/ban2fail"
|
||||
#define CACHEDIR "/var/cache/ban2fail"
|
||||
#define IPTABLES "/usr/sbin/iptables"
|
||||
#define IP6TABLES "/usr/sbin/ip6tables"
|
||||
|
@ -70,6 +70,7 @@ enum GlobalFlg_enum {
|
|||
GLB_DNS_LOOKUP_FLG =1<<6,
|
||||
GLB_DNS_FILTER_BAD_FLG =1<<7,
|
||||
GLB_FLUSH_CACHE_FLG =1<<8,
|
||||
GLB_CMDLINE_ADDR_FLG =1<<9,
|
||||
GLB_LONG_LISTING_MASK = GLB_LIST_CNTRY_FLG|GLB_LIST_ADDR_FLG
|
||||
};
|
||||
|
||||
|
@ -81,7 +82,7 @@ extern struct Global {
|
|||
MAP logType_map;
|
||||
|
||||
char *cacheDir,
|
||||
*lockPath;
|
||||
*lockDir;
|
||||
|
||||
struct {
|
||||
FILE *fh;
|
||||
|
|
75
ez_libc.c
75
ez_libc.c
|
@ -18,6 +18,7 @@
|
|||
***************************************************************************/
|
||||
#define _GNU_SOURCE
|
||||
#include <stdlib.h>
|
||||
#include <sys/file.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "util.h"
|
||||
|
@ -472,3 +473,77 @@ int _ez_getnameinfo(
|
|||
abort();
|
||||
}
|
||||
|
||||
/***************************************************/
|
||||
int _ez_flock (
|
||||
const char *fileName,
|
||||
int lineNo,
|
||||
const char *funcName,
|
||||
int fd,
|
||||
int operation
|
||||
)
|
||||
{
|
||||
errno= 0;
|
||||
int rtn= flock (fd, operation);
|
||||
if(0 == rtn) return 0;
|
||||
|
||||
switch(errno) {
|
||||
case EINTR:
|
||||
case EWOULDBLOCK:
|
||||
return rtn;
|
||||
break;
|
||||
}
|
||||
|
||||
_sys_eprintf((const char*(*)(int))strerror, fileName, lineNo, funcName, "flock() failed");
|
||||
abort();
|
||||
|
||||
}
|
||||
|
||||
/***************************************************/
|
||||
int _ez_open(
|
||||
const char *fileName,
|
||||
int lineNo,
|
||||
const char *funcName,
|
||||
const char *pathname,
|
||||
int flags,
|
||||
mode_t mode
|
||||
)
|
||||
{
|
||||
errno= 0;
|
||||
int rtn= open (pathname, flags, mode);
|
||||
if(0 <= rtn) return rtn;
|
||||
|
||||
switch(errno) {
|
||||
case EINTR:
|
||||
case EWOULDBLOCK:
|
||||
return rtn;
|
||||
break;
|
||||
}
|
||||
|
||||
_sys_eprintf((const char*(*)(int))strerror, fileName, lineNo, funcName, "open(\"%s\") failed", pathname);
|
||||
abort();
|
||||
|
||||
}
|
||||
|
||||
int _ez_access(
|
||||
const char *fileName,
|
||||
int lineNo,
|
||||
const char *funcName,
|
||||
const char *pathname,
|
||||
int mode
|
||||
)
|
||||
{
|
||||
errno= 0;
|
||||
int rtn= access (pathname, mode);
|
||||
if(0 == rtn) return rtn;
|
||||
|
||||
switch(errno) {
|
||||
case ENOENT:
|
||||
return rtn;
|
||||
break;
|
||||
}
|
||||
|
||||
_sys_eprintf((const char*(*)(int))strerror, fileName, lineNo, funcName, "access(\"%s\") failed", pathname);
|
||||
abort();
|
||||
|
||||
}
|
||||
|
||||
|
|
32
ez_libc.h
32
ez_libc.h
|
@ -41,6 +41,27 @@ glibc calls with boilerplate error handling.
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define ez_access(pathname, mode) \
|
||||
_ez_access(__FILE__, __LINE__, __FUNCTION__, pathname, mode)
|
||||
int _ez_access(
|
||||
const char *fileName,
|
||||
int lineNo,
|
||||
const char *funcName,
|
||||
const char *pathname,
|
||||
int mode
|
||||
);
|
||||
|
||||
#define ez_open(pathname, flags, mode) \
|
||||
_ez_open(__FILE__, __LINE__, __FUNCTION__, pathname, flags, mode)
|
||||
int _ez_open(
|
||||
const char *fileName,
|
||||
int lineNo,
|
||||
const char *funcName,
|
||||
const char *pathname,
|
||||
int flags,
|
||||
mode_t mode
|
||||
);
|
||||
|
||||
|
||||
#define ez_fputs(s, stream) \
|
||||
_ez_fputs(__FILE__, __LINE__, __FUNCTION__, s, stream)
|
||||
|
@ -310,6 +331,17 @@ int _ez_getnameinfo(
|
|||
int flags
|
||||
);
|
||||
|
||||
#define ez_flock(fd, operation) \
|
||||
_ez_flock(__FILE__, __LINE__, __FUNCTION__, fd, operation)
|
||||
int _ez_flock (
|
||||
const char *fileName,
|
||||
int lineNo,
|
||||
const char *funcName,
|
||||
int fd,
|
||||
int operation
|
||||
);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue