atmos
/
ban2fail
mirror of https://github.com/jrbrtsn/ban2fail
1
1
Fork 0
Code Issues Releases Wiki Activity

Useful improvements

This commit is contained in:
john 2019-12-03 07:55:15 -05:00
parent 36b3295df7
commit bd5a01f5a2
6 changed files with 190 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Makefile
View File

@ -2,26 +2,24 @@ baseDir := ~
libsDir := $(baseDir)/libs
projectName := ban2fail
versions := debug release
cc_exe := ban2fail
cc_exe := ban2fail fsckdns
install_dir := /usr/local/bin
# Keep the makefile up to date
Makefile : Jmakefile
jmake makefile
########################################
# Set up sources & libraries here. #
########################################
ifeq ($(exe), ban2fail)
src := \
addrRpt.c \
ban2fail.c \
cfgmap.c \
cntry.c \
dynstack.c \
es.c \
ez_es.c \
ez_libc.c \
ez_libdb.c \
ez_libz.c \
iptables.c \
logType.c \
@ -29,13 +27,24 @@ src := \
map.c \
maxoff.c \
msgqueue.c \
obsvTpl.c \
offEntry.c \
pdns.c \
ptrvec.c \
str.c \
util.c \
libs := z crypto GeoIP pthread
libs := z crypto GeoIP pthread db
endif
ifeq ($(exe), fsckdns)
src := \
ez_libc.c \
fsckdns.c \
str.c \
util.c \
# libs := z crypto GeoIP pthread
endif
########################################
@ -59,11 +68,15 @@ ifndef version
all : debug release
debug :
@$(MAKE) version=debug exe=ban2fail mainType=CC --no-builtin-rules -f $(makefile) --no-print-directory
@$(MAKE) version=debug exe=fsckdns mainType=CC --no-builtin-rules -f $(makefile) --no-print-directory
release :
@$(MAKE) version=release exe=ban2fail mainType=CC --no-builtin-rules -f $(makefile) --no-print-directory
@$(MAKE) version=release exe=fsckdns mainType=CC --no-builtin-rules -f $(makefile) --no-print-directory
install : release
@strip release/ban2fail
@[ $(install_dir)_foo = _foo ] || cp release/ban2fail $(install_dir)/
@strip release/fsckdns
@[ $(install_dir)_foo = _foo ] || cp release/fsckdns $(install_dir)/
@[ -e install.sh ] && INSTALLDIR=$(install_dir) INSTALLTYPE=$(install_type) ./install.sh
uninstall :
clean :

1
TODO.txt
View File

@ -1,2 +1 @@
* Parallelize log file scanning
* Reverse DNS lookup option for reports

91
ban2fail.c
View File

@ -84,12 +84,12 @@ static const struct bitTuple GlobalFlagBitTuples[]= {
struct Global G= {
.cacheDir= CACHEDIR,
.lockPath= LOCKPATH,
.lockDir= LOCKDIR,
.version= {
.major= 0,
.minor= 13,
.patch= 2
.patch= 3
},
.bitTuples.flags= GlobalFlagBitTuples
@ -134,7 +134,16 @@ static struct {
*/
OFFENTRY **lePtrArr;
} S;
/* Avoid multiple instances of filename buffers */
char fnameBuf[PATH_MAX];
int cacheLock_fd,
iptablesLock_fd;
} S= {
.cacheLock_fd= -1,
.iptablesLock_fd= -1
};
/*==================================================================*/
/*======================== main() ==================================*/
@ -153,8 +162,8 @@ main(int argc, char **argv)
* Program execution begins here.
*/
{
int rtn= EXIT_FAILURE,
lock_fd= -1;
int rtn= EXIT_FAILURE;
char *confFile= CONFIGFILE;
@ -198,7 +207,7 @@ main(int argc, char **argv)
break;
case 'a':
G.flags |= GLB_LIST_ADDR_FLG;
G.flags |= GLB_LIST_ADDR_FLG|GLB_DONT_IPTABLE_FLG;
if(optarg) {
if(*optarg == '+') {
G.flags |= GLB_DNS_LOOKUP_FLG;
@ -210,7 +219,7 @@ main(int argc, char **argv)
break;
case 'c':
G.flags |= GLB_LIST_CNTRY_FLG;
G.flags |= GLB_LIST_CNTRY_FLG|GLB_DONT_IPTABLE_FLG;
break;
case 'F':
@ -218,13 +227,13 @@ main(int argc, char **argv)
break;
case 's':
G.flags |= GLB_LIST_SUMMARY_FLG;
G.flags |= GLB_LIST_SUMMARY_FLG|GLB_DONT_IPTABLE_FLG;
break;
case 't':
G.flags |= GLB_DONT_IPTABLE_FLG;
G.cacheDir= CACHEDIR "-test";
G.lockPath= LOCKPATH "-test";
G.lockDir= LOCKDIR "-test";
confFile= optarg;
break;
@ -233,7 +242,7 @@ main(int argc, char **argv)
break;
case PRINT_LOGFILE_NAMES_ENUM:
G.flags |= GLB_PRINT_LOGFILE_NAMES_FLG;
G.flags |= GLB_PRINT_LOGFILE_NAMES_FLG|GLB_DONT_IPTABLE_FLG;
break;
case VERSION_OPT_ENUM:
@ -284,6 +293,8 @@ main(int argc, char **argv)
/* Place it in global map */
MAP_addStrKey(&G.rpt.AddrRPT_map, addr, ar);
G.flags |= GLB_DONT_IPTABLE_FLG;
}
@ -310,19 +321,17 @@ main(int argc, char **argv)
/* Obtain a file lock to protect cache files */
/*===========================================================*/
{
if(-1 == ez_access(G.lockDir, F_OK))
ez_mkdir(G.lockDir, 0750);
snprintf(S.fnameBuf, sizeof(S.fnameBuf), "%s/cache", G.lockDir);
/* Make sure the file exists by open()'ing */
lock_fd= open(G.lockPath, O_CREAT|O_WRONLY|O_CLOEXEC, 0640);
if(-1 == lock_fd) {
sys_eprintf("ERROR: open(\"%s\") failed");
goto abort;
}
S.cacheLock_fd= ez_open(S.fnameBuf, O_CREAT|O_WRONLY|O_CLOEXEC, 0640);
assert(-1 != S.cacheLock_fd);
/* Let's get a exclusive lock */
int rc= flock(lock_fd, LOCK_EX|LOCK_NB);
if(-1 == rc) {
sys_eprintf("ERROR: flock(\"%s\") failed", G.lockPath);
goto abort;
}
// TODO: set SIGALRM to knock us out of blocked wait?
int rc= ez_flock(S.cacheLock_fd, LOCK_EX);
}
/* Default sending listing to stdout */
@ -349,7 +358,7 @@ main(int argc, char **argv)
/* errno will be set if access() fails */
errno= 0;
ez_mkdir(G.cacheDir, 0700);
ez_mkdir(G.cacheDir, 0750);
}
if(G.flags & GLB_LONG_LISTING_MASK) {
@ -403,11 +412,10 @@ main(int argc, char **argv)
continue;
/* Make the path with filename */
static char pathBuf[PATH_MAX];
snprintf(pathBuf, sizeof(pathBuf), "%s/%s", G.cacheDir, entry->d_name);
snprintf(S.fnameBuf, sizeof(S.fnameBuf), "%s/%s", G.cacheDir, entry->d_name);
/* Remove unused directory & contents. */
ez_rmdir_recursive(pathBuf);
ez_rmdir_recursive(S.fnameBuf);
}
ez_closedir(dir);
@ -415,10 +423,10 @@ main(int argc, char **argv)
/* We're done with disk I/O, so release lock */
/*-----------------------------------------------------------------------*/
if(-1 != lock_fd) {
flock(lock_fd, LOCK_UN);
ez_close(lock_fd);
lock_fd= -1;
if(-1 != S.cacheLock_fd) {
ez_flock(S.cacheLock_fd, LOCK_UN);
ez_close(S.cacheLock_fd);
S.cacheLock_fd= -1;
}
/* Processing only for long listings */
@ -590,6 +598,15 @@ main(int argc, char **argv)
if(!(G.flags & GLB_DONT_IPTABLE_FLG)) {
if(n2Block || n2Unblock) {
snprintf(S.fnameBuf, sizeof(S.fnameBuf), "%s/iptables", G.lockDir);
/* Make sure the file exists by open()'ing */
S.iptablesLock_fd= ez_open(S.fnameBuf, O_CREAT|O_WRONLY|O_CLOEXEC, 0640);
assert(-1 != S.iptablesLock_fd);
/* Get an exclusive lock on the lockfile */
ez_flock(S.iptablesLock_fd, LOCK_EX);
}
if(n2Block) {
if(IPTABLES_block_addresses(&S.toBlock_vec, 10)) {
@ -608,6 +625,13 @@ main(int argc, char **argv)
ez_fprintf(G.rpt.fh, "Unblocked %u hosts\n", n2Unblock);
}
/* Release the lock */
if(-1 != S.iptablesLock_fd) {
ez_flock(S.iptablesLock_fd, LOCK_UN);
ez_close(S.iptablesLock_fd);
S.iptablesLock_fd= -1;
}
} else {
if(n2Block)
@ -644,9 +668,14 @@ abort:
ez_pclose(G.rpt.fh);
/* Make sure lock file is unlocked */
if(-1 != lock_fd) {
flock(lock_fd, LOCK_UN);
ez_close(lock_fd);
if(-1 != S.cacheLock_fd) {
ez_flock(S.cacheLock_fd, LOCK_UN);
ez_close(S.cacheLock_fd);
}
if(-1 != S.iptablesLock_fd) {
ez_flock(S.iptablesLock_fd, LOCK_UN);
ez_close(S.iptablesLock_fd);
}
return rtn;
}

5
ban2fail.h
View File

@ -53,7 +53,7 @@
/* Where to find stuff */
#define CONFIGFILE "/etc/ban2fail/ban2fail.cfg"
#define LOCKPATH "/run/lock/ban2fail"
#define LOCKDIR "/run/lock/ban2fail"
#define CACHEDIR "/var/cache/ban2fail"
#define IPTABLES "/usr/sbin/iptables"
#define IP6TABLES "/usr/sbin/ip6tables"
@ -70,6 +70,7 @@ enum GlobalFlg_enum {
GLB_DNS_LOOKUP_FLG =1<<6,
GLB_DNS_FILTER_BAD_FLG =1<<7,
GLB_FLUSH_CACHE_FLG =1<<8,
GLB_CMDLINE_ADDR_FLG =1<<9,
GLB_LONG_LISTING_MASK = GLB_LIST_CNTRY_FLG|GLB_LIST_ADDR_FLG
};
@ -81,7 +82,7 @@ extern struct Global {
MAP logType_map;
char *cacheDir,
*lockPath;
*lockDir;
struct {
FILE *fh;

75
ez_libc.c
View File

@ -18,6 +18,7 @@
***************************************************************************/
#define _GNU_SOURCE
#include <stdlib.h>
#include <sys/file.h>
#include <unistd.h>
#include "util.h"
@ -472,3 +473,77 @@ int _ez_getnameinfo(
abort();
}
/***************************************************/
int _ez_flock (
const char *fileName,
int lineNo,
const char *funcName,
int fd,
int operation
)
{
errno= 0;
int rtn= flock (fd, operation);
if(0 == rtn) return 0;
switch(errno) {
case EINTR:
case EWOULDBLOCK:
return rtn;
break;
}
_sys_eprintf((const char*(*)(int))strerror, fileName, lineNo, funcName, "flock() failed");
abort();
}
/***************************************************/
int _ez_open(
const char *fileName,
int lineNo,
const char *funcName,
const char *pathname,
int flags,
mode_t mode
)
{
errno= 0;
int rtn= open (pathname, flags, mode);
if(0 <= rtn) return rtn;
switch(errno) {
case EINTR:
case EWOULDBLOCK:
return rtn;
break;
}
_sys_eprintf((const char*(*)(int))strerror, fileName, lineNo, funcName, "open(\"%s\") failed", pathname);
abort();
}
int _ez_access(
const char *fileName,
int lineNo,
const char *funcName,
const char *pathname,
int mode
)
{
errno= 0;
int rtn= access (pathname, mode);
if(0 == rtn) return rtn;
switch(errno) {
case ENOENT:
return rtn;
break;
}
_sys_eprintf((const char*(*)(int))strerror, fileName, lineNo, funcName, "access(\"%s\") failed", pathname);
abort();
}

32
ez_libc.h
View File

@ -41,6 +41,27 @@ glibc calls with boilerplate error handling.
extern "C" {
#endif
#define ez_access(pathname, mode) \
_ez_access(__FILE__, __LINE__, __FUNCTION__, pathname, mode)
int _ez_access(
const char *fileName,
int lineNo,
const char *funcName,
const char *pathname,
int mode
);
#define ez_open(pathname, flags, mode) \
_ez_open(__FILE__, __LINE__, __FUNCTION__, pathname, flags, mode)
int _ez_open(
const char *fileName,
int lineNo,
const char *funcName,
const char *pathname,
int flags,
mode_t mode
);
#define ez_fputs(s, stream) \
_ez_fputs(__FILE__, __LINE__, __FUNCTION__, s, stream)
@ -310,6 +331,17 @@ int _ez_getnameinfo(
int flags
);
#define ez_flock(fd, operation) \
_ez_flock(__FILE__, __LINE__, __FUNCTION__, fd, operation)
int _ez_flock (
const char *fileName,
int lineNo,
const char *funcName,
int fd,
int operation
);
#ifdef __cplusplus
}
#endif