atmos
/
ban2fail
mirror of https://github.com/jrbrtsn/ban2fail
1
1
Fork 0
Code Issues Releases Wiki Activity

addresses reporting of log lines

This commit is contained in:
john 2019-12-01 22:29:32 -05:00
parent 0c136f94a4
commit ff1c83453f
16 changed files with 403 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Jmakefile
View File

@ -5,13 +5,13 @@ versions := debug release
cc_exe := ban2fail
install_dir := /usr/local/bin
########################################
# Set up sources & libraries here. #
########################################
ifeq ($(exe), ban2fail)
src := \
addrRpt.c \
ban2fail.c \
cfgmap.c \
cntry.c \

6
Makefile
View File

@ -5,6 +5,10 @@ versions := debug release
cc_exe := ban2fail
install_dir := /usr/local/bin
# Keep the makefile up to date
Makefile : Jmakefile
jmake makefile
########################################
# Set up sources & libraries here. #
@ -21,11 +25,11 @@ src := \
ez_libz.c \
iptables.c \
logType.c \
logEntry.c \
logFile.c \
map.c \
maxoff.c \
msgqueue.c \
offEntry.c \
pdns.c \
ptrvec.c \
str.c \

143
addrRpt.c Normal file
View File

@ -0,0 +1,143 @@
/***************************************************************************
* Copyright (C) 2019 by John D. Robertson *
* john@rrci.com *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 3 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
#define _GNU_SOURCE
#include <assert.h>
#include <stddef.h>
#include <string.h>
#include <stdlib.h>
#include "addrRpt.h"
#include "ban2fail.h"
#include "ez_libc.h"
#include "logFile.h"
#include "logType.h"
#include "util.h"
/*==================================================================*/
/*================= Match ==========================================*/
/*==================================================================*/
/* One of these object for each LOGFILE
* which contains matches.
*/
typedef struct _Match {
LOGFILE *lf;
char *line;
} Match;
#define Match_create(p, logfile, line) \
((p)=(Match_constructor((p)=malloc(sizeof(Match)), logfile, line) ? (p) : ( p ? realloc(Match_destructor(p),0) : 0 )))
static Match*
Match_constructor(Match *self, LOGFILE *lf, const char *line)
/********************************************************
* Prepare for use.
*/
{
memset(self, 0, sizeof(*self));
self->lf= lf;
self->line= strdup(line);
return self;
}
#define Match_destroy(s) \
{if(Match_destructor(s)) {free(s); (s)=0;}}
static void*
Match_destructor(Match *self)
/********************************************************
* Free resources.
*/
{
if(self->line)
free(self->line);
return self;
}
/*==================================================================*/
/*================= AddrRPT ========================================*/
/*==================================================================*/
AddrRPT*
AddrRPT_addr_constructor(AddrRPT *self, const char *addr)
/********************************************************
* Prepare for use from an address on the command line
*/
{
memset(self, 0, sizeof(*self));
strncpy(self->addr, addr, sizeof(self->addr)-1);
PTRVEC_constructor(&self->vec, 100);
/* Stamp with serial number so reporting at the end can be
* in the order addresses were supplied on the command
* line.
*/
static unsigned count;
self->serial= ++count;
return self;
}
void*
AddrRPT_destructor(AddrRPT *self)
/********************************************************
* Free resources.
*/
{
Match *m;
while((m= PTRVEC_remHead(&self->vec)))
Match_destroy(m);
PTRVEC_destroy(&self->vec);
return self;
}
int
AddrRPT_addLine(AddrRPT *self, LOGFILE *lf, const char *line)
/********************************************************
* Add a matching line to this object.
*/
{
Match *m;
Match_create(m, lf, line);
assert(m);
PTRVEC_addTail(&self->vec, m);
return 0;
}
int
AddrRPT_print(AddrRPT *self, FILE *fh)
/********************************************************
* Print a human readable representation of *self.
*/
{
Match *m;
unsigned i;
LOGFILE *lf= NULL;
ez_fprintf(fh, "============== Report for %s\r\n", self->addr);
PTRVEC_loopFwd(&self->vec, i, m) {
if(lf != m->lf) {
ez_fprintf(fh, "%s\r\n", LOGFILE_logFilePath(m->lf));
lf= m->lf;
}
ez_fprintf(fh, "%s\r\n", m->line);
}
return 0;
}

78
addrRpt.h Normal file
View File

@ -0,0 +1,78 @@
/***************************************************************************
* Copyright (C) 2019 by John D. Robertson *
* john@rrci.com *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 3 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
#ifndef AddrRPT_H
#define AddrRPT_H
#define _GNU_SOURCE
#include <stdio.h>
#include "logFile.h"
#include "ptrvec.h"
/* One of these for each offense found in a log file */
typedef struct _AddrRPT {
unsigned serial;
char addr[46];
/* Store match records here */
PTRVEC vec;
} AddrRPT;
#ifdef __cplusplus
extern "C" {
#endif
#define AddrRPT_addr_create(p, addr) \
((p)=(AddrRPT_addr_constructor((p)=malloc(sizeof(AddrRPT)), addr) ? (p) : ( p ? realloc(AddrRPT_destructor(p),0) : 0 )))
AddrRPT*
AddrRPT_addr_constructor(AddrRPT *self, const char *addr);
/********************************************************
* Prepare for use from an address on the command line
*/
#define AddrRPT_destroy(s) \
{if(AddrRPT_destructor(s)) {free(s); (s)=0;}}
void*
AddrRPT_destructor(AddrRPT *self);
/********************************************************
* Free resources.
*/
int
AddrRPT_addLine(AddrRPT *self, LOGFILE *lf, const char *line);
/********************************************************
* Add a matching line to this object.
*/
int
AddrRPT_print(AddrRPT *self, FILE *fh);
/********************************************************
* Print a human readable representation of *self.
*/
#ifdef __cplusplus
}
#endif
#endif

96
ban2fail.c
View File

@ -23,6 +23,7 @@
#include <sys/file.h>
#include <unistd.h>
#include "addrRpt.h"
#include "ban2fail.h"
#include "cntry.h"
#include "ez_libanl.h"
@ -62,10 +63,11 @@ struct initInfo {
/*================= Forward declarations ===========================*/
/*==================================================================*/
static int addrRpt_serial_qsort(const void *p1, const void *p2);
static int cntryStat_count_qsort(const void *p1, const void *p2);
static int configure(CFGMAP *h_cfgmap, const char *pfix);
static int logentry_count_qsort(const void *p1, const void *p2);
static int map_byCountries(LOGENTRY *e, MAP *h_map);
static int map_byCountries(OFFENTRY *e, MAP *h_map);
static int stub_init(CFGMAP *map, char *symStr);
@ -115,7 +117,7 @@ static struct {
PAGER_RUNNING_FLG= 1<<31
} flags;
/* LOGENTRY object indexed by ip address */
/* OFFENTRY object indexed by ip address */
MAP addr2logEntry_map;
/* CFGMAP containing our configuration information */
@ -127,10 +129,10 @@ static struct {
PTRVEC toBlock_vec,
toUnblock_vec;
/* Used to place LOGENTRY address objects into linear
/* Used to place OFFENTRY address objects into linear
* access container.
*/
LOGENTRY **lePtrArr;
OFFENTRY **lePtrArr;
} S;
@ -159,7 +161,7 @@ main(int argc, char **argv)
/* Prepare static data */
// global
MAP_constructor(&G.logType_map, 10, 10);
PTRVEC_constructor(&G.rpt.addr_vec, 100);
MAP_constructor(&G.rpt.AddrRPT_map, 10, 10);
// local
MAP_constructor(&S.addr2logEntry_map, N_ADDRESSES_HINT/BUCKET_DEPTH_HINT, BUCKET_DEPTH_HINT);
@ -263,8 +265,23 @@ main(int argc, char **argv)
/* Pick up addresses on command line */
for(; optind < argc; ++optind) {
// TODO: instantiate address report objects
eprintf("arg %d= \"%s\"", optind, argv[optind]);
AddrRPT *ar;
const char *addr= argv[optind];
/* Skip duplicates */
if(MAP_findStrItem(&G.rpt.AddrRPT_map, addr)) continue;
/* Create a new address report object */
AddrRPT_addr_create(ar, addr);
assert(ar);
/* Place it in global map */
MAP_addStrKey(&G.rpt.AddrRPT_map, addr, ar);
/* Don't touch the cache */
G.flags |= GLB_NO_CACHE_FLG;
}
@ -289,7 +306,8 @@ main(int argc, char **argv)
}
/* Obtain a file lock to protect cache files */
{ /*===========================================================*/
/*===========================================================*/
if(!(G.flags & GLB_NO_CACHE_FLG)) {
/* Make sure the file exists by open()'ing */
lock_fd= open(G.lockPath, O_CREAT|O_WRONLY|O_CLOEXEC, 0640);
if(-1 == lock_fd) {
@ -311,7 +329,7 @@ main(int argc, char **argv)
/* if stdout is a tty, and listing is likely
* to be long, then use $PAGER.
*/
if(G.flags & GLB_LONG_LISTING_FLG && isatty(fileno(G.rpt.fh))) {
if(G.flags & GLB_LONG_LISTING_MASK && isatty(fileno(G.rpt.fh))) {
S.flags |= PAGER_RUNNING_FLG;
G.rpt.fh= pager_open();
}
@ -329,7 +347,7 @@ main(int argc, char **argv)
ez_mkdir(G.cacheDir, 0700);
}
if(G.flags & GLB_LONG_LISTING_FLG) {
if(G.flags & GLB_LONG_LISTING_MASK) {
ez_fprintf(G.rpt.fh, "=============== ban2fail v%d.%d.%d =============\n"
, G.version.major
, G.version.minor
@ -392,13 +410,15 @@ main(int argc, char **argv)
/* We're done with disk I/O, so release lock */
/*-----------------------------------------------------------------------*/
flock(lock_fd, LOCK_UN);
ez_close(lock_fd);
lock_fd= -1;
if(-1 != lock_fd) {
flock(lock_fd, LOCK_UN);
ez_close(lock_fd);
lock_fd= -1;
}
/* Processing only for long listings */
/*-----------------------------------------------------------------------*/
if(G.flags & GLB_LONG_LISTING_FLG) {
if(G.flags & GLB_LONG_LISTING_MASK) {
MAP map;
MAP_constructor(&map, N_ADDRESSES_HINT/BUCKET_DEPTH_HINT, BUCKET_DEPTH_HINT);
@ -419,17 +439,17 @@ main(int argc, char **argv)
fflush(G.rpt.fh);
/* Clean up map used for counting */
MAP_clearAndDestroy(&map, (void*(*)(void*))LOGENTRY_destructor);
MAP_clearAndDestroy(&map, (void*(*)(void*))OFFENTRY_destructor);
MAP_destructor(&map);
}
} /* End of cache and logfile-specific LOGENTRY objects */
} /* End of cache and logfile-specific OFFENTRY objects */
/* Now get a map of LOGENTRY objects that have combined counts.
/* Now get a map of OFFENTRY objects that have combined counts.
* Perform all remaining processing and reporting.
*/
{ /*=======================================================================*/
/* List by address. Make a addr_map of LOGENTRY objects with composite counts */
/* List by address. Make a addr_map of OFFENTRY objects with composite counts */
MAP_visitAllEntries(&G.logType_map, (int(*)(void*,void*))LOGTYPE_map_addr, &S.addr2logEntry_map);
/* Pick up remaining blocked addresses */
@ -442,7 +462,7 @@ main(int argc, char **argv)
assert(S.lePtrArr);
MAP_fetchAllItems(&S.addr2logEntry_map, (void**)S.lePtrArr);
qsort(S.lePtrArr, nItems, sizeof(LOGENTRY*), logentry_count_qsort);
qsort(S.lePtrArr, nItems, sizeof(OFFENTRY*), logentry_count_qsort);
/* Special processing for DNS lookups */
if(G.flags & GLB_DNS_LOOKUP_FLG) {
@ -457,11 +477,11 @@ main(int argc, char **argv)
ez_fprintf(G.rpt.fh, "\t==> Completed %d of %u lookups in %.1f seconds\n", rc, nItems, (double)ms/1000.);
}
/* Process each LOGENTRY item */
/* Process each OFFENTRY item */
for(unsigned i= 0; i < nItems; ++i) {
int flags=0;
LOGENTRY *e= S.lePtrArr[i];
OFFENTRY *e= S.lePtrArr[i];
if(IPTABLES_is_currently_blocked(e->addr))
flags |= BLOCKED_FLG;
@ -515,7 +535,7 @@ main(int argc, char **argv)
);
}
} /*--- End of LOGENTRY processing ---*/
} /*--- End of OFFENTRY processing ---*/
unsigned currBlocked= MAP_numItems(&S.addr2logEntry_map);
@ -597,6 +617,18 @@ main(int argc, char **argv)
}
/* Print out address reports */
{ /*==========================================================*/
unsigned nItems= MAP_numItems(&G.rpt.AddrRPT_map);
AddrRPT *arArr[nItems];
MAP_fetchAllItems(&G.rpt.AddrRPT_map, (void**)arArr);
qsort(arArr, nItems, sizeof(AddrRPT*), addrRpt_serial_qsort);
for(unsigned i= 0; i < nItems; ++i) {
AddrRPT_print(arArr[i], G.rpt.fh);
}
}
fflush(G.rpt.fh);
/* Wait for pager to finish, if it is running */
@ -625,8 +657,8 @@ logentry_count_qsort(const void *p1, const void *p2)
* qsort functor puts large counts on top.
*/
{
const LOGENTRY *le1= *(const LOGENTRY *const*)p1,
*le2= *(const LOGENTRY *const*)p2;
const OFFENTRY *le1= *(const OFFENTRY *const*)p1,
*le2= *(const OFFENTRY *const*)p2;
if(le1->count > le2->count) return -1;
if(le1->count < le2->count) return 1;
@ -648,6 +680,20 @@ cntryStat_count_qsort(const void *p1, const void *p2)
return 0;
}
static int
addrRpt_serial_qsort(const void *p1, const void *p2)
/***************************************************************
* qsort functor sorts by serial number, low to high
*/
{
const AddrRPT *ar1= *(const AddrRPT *const*)p1,
*ar2= *(const AddrRPT *const*)p2;
if(ar1->serial < ar2->serial) return -1;
if(ar1->serial > ar2->serial) return 1;
return 0;
}
static int
configure(CFGMAP *h_cfgmap, const char *pfix)
/*****************************************************************
@ -699,7 +745,7 @@ stub_init(CFGMAP *map, char *symStr)
#endif
static int
map_byCountries(LOGENTRY *e, MAP *h_map)
map_byCountries(OFFENTRY *e, MAP *h_map)
/**************************************************************
* Generate a "by country" map of cntryStat objects.
*/

6
ban2fail.h
View File

@ -23,6 +23,7 @@
#ifndef BAN2FAIL_H
#define BAN2FAIL_H
#define _GNU_SOURCE
#include <regex.h>
#include <stdint.h>
@ -66,7 +67,8 @@ enum GlobalFlg_enum {
GLB_PRINT_LOGFILE_NAMES_FLG=1<<5,
GLB_DNS_LOOKUP_FLG =1<<6,
GLB_DNS_FILTER_BAD_FLG =1<<7,
GLB_LONG_LISTING_FLG = GLB_LIST_CNTRY_FLG|GLB_LIST_ADDR_FLG
GLB_NO_CACHE_FLG =1<<8,
GLB_LONG_LISTING_MASK = GLB_LIST_CNTRY_FLG|GLB_LIST_ADDR_FLG
};
/* Singleton static object with global visibility */
@ -81,7 +83,7 @@ extern struct Global {
struct {
FILE *fh;
PTRVEC addr_vec;
MAP AddrRPT_map;
} rpt;
struct {

4
iptables.c
View File

@ -271,8 +271,8 @@ fill_in_missing(char *blocked_addr, MAP *h_rtn_map)
if( MAP_findStrItem(h_rtn_map, blocked_addr)) return 0;
/* Create a new faux logentry object */
LOGENTRY *e;
LOGENTRY_addr_create(e, blocked_addr);
OFFENTRY *e;
OFFENTRY_addr_create(e, blocked_addr);
assert(e);
/* Place in the return map */

40
logFile.c
View File

@ -26,6 +26,7 @@
#include <stdlib.h>
#include <string.h>
#include "addrRpt.h"
#include "cntry.h"
#include "offEntry.h"
#include "logFile.h"
@ -48,7 +49,7 @@ common_constructor(LOGFILE *self)
*/
{
memset(self, 0, sizeof(*self));
MAP_constructor(&self->addr2logEntry_map, N_ADDRESSES_HINT/BUCKET_DEPTH_HINT, BUCKET_DEPTH_HINT);
MAP_constructor(&self->addr2offEntry_map, N_ADDRESSES_HINT/BUCKET_DEPTH_HINT, BUCKET_DEPTH_HINT);
}
LOGFILE*
@ -65,10 +66,10 @@ LOGFILE_cache_constructor(LOGFILE *self, const char *fname)
static char buf[256];
while(ez_fgets(buf, sizeof(buf), fh)) {
LOGENTRY *e;
LOGENTRY_cache_create(e, buf);
OFFENTRY *e;
OFFENTRY_cache_create(e, buf);
if(!e) goto abort;
MAP_addStrKey(&self->addr2logEntry_map, e->addr, e);
MAP_addStrKey(&self->addr2offEntry_map, e->addr, e);
}
rtn= self;
@ -114,15 +115,20 @@ LOGFILE_log_constructor(LOGFILE *self, const struct logProtoType *h_protoType, c
strncpy(addr, lbuf+matchArr[1].rm_so, sizeof(addr)-1);
addr[MIN(len, sizeof(addr)-1)]= '\0';
LOGENTRY *e= MAP_findStrItem(&self->addr2logEntry_map, addr);
OFFENTRY *e= MAP_findStrItem(&self->addr2offEntry_map, addr);
if(!e) {
LOGENTRY_addr_create(e, addr);
OFFENTRY_addr_create(e, addr);
if(!e) goto abort;
/* Add to the addr2logEntry_map */
MAP_addStrKey(&self->addr2logEntry_map, e->addr, e);
/* Add to the addr2offEntry_map */
MAP_addStrKey(&self->addr2offEntry_map, e->addr, e);
}
LOGENTRY_register(e);
OFFENTRY_register(e);
/* Take care of reporting, if necessary */
AddrRPT *ar= MAP_findStrItem(&G.rpt.AddrRPT_map, e->addr);
if(ar)
AddrRPT_addLine(ar, self, lbuf);
}
}
@ -142,8 +148,8 @@ LOGFILE_destructor(LOGFILE *self)
if(self->logFilePath)
free(self->logFilePath);
MAP_clearAndDestroy(&self->addr2logEntry_map, (void*(*)(void*))LOGENTRY_destructor);
MAP_destructor(&self->addr2logEntry_map);
MAP_clearAndDestroy(&self->addr2offEntry_map, (void*(*)(void*))OFFENTRY_destructor);
MAP_destructor(&self->addr2offEntry_map);
return self;
}
@ -169,7 +175,7 @@ LOGFILE_writeCache(LOGFILE *self, const char *fname)
int rc, rtn= -1;
FILE *fh= ez_fopen(fname, "w");
rc= MAP_visitAllEntries(&self->addr2logEntry_map, (int(*)(void*,void*))LOGENTRY_cacheWrite, fh);
rc= MAP_visitAllEntries(&self->addr2offEntry_map, (int(*)(void*,void*))OFFENTRY_cacheWrite, fh);
if(rc) goto abort;
rtn= 0;
@ -185,7 +191,7 @@ LOGFILE_print(LOGFILE *self, FILE *fh)
*/
{
ez_fprintf(fh, "LOGFILE %p \"%s\" {\n", self, self->logFilePath);
MAP_visitAllEntries(&self->addr2logEntry_map, (int(*)(void*,void*))LOGENTRY_print, fh);
MAP_visitAllEntries(&self->addr2offEntry_map, (int(*)(void*,void*))OFFENTRY_print, fh);
ez_fprintf(fh, "}\n");
return 0;
@ -194,11 +200,11 @@ LOGFILE_print(LOGFILE *self, FILE *fh)
int
LOGFILE_map_addr(LOGFILE *self, MAP *h_rtnMap)
/********************************************************
* Create a addr2logEntry_map of LOGENTRY objects with composite
* Create a addr2offEntry_map of OFFENTRY objects with composite
* counts by address.
*/
{
MAP_visitAllEntries(&self->addr2logEntry_map, (int(*)(void*,void*))LOGENTRY_map_addr, h_rtnMap);
MAP_visitAllEntries(&self->addr2offEntry_map, (int(*)(void*,void*))OFFENTRY_map_addr, h_rtnMap);
return 0;
}
@ -209,7 +215,7 @@ LOGFILE_offenseCount(LOGFILE *self, unsigned *h_sum)
*/
{
if(!(self->flags & NOFFENSES_CACHED_FLG)) {
MAP_visitAllEntries(&self->addr2logEntry_map, (int(*)(void*,void*))LOGENTRY_offenseCount, &self->nOffenses);
MAP_visitAllEntries(&self->addr2offEntry_map, (int(*)(void*,void*))OFFENTRY_offenseCount, &self->nOffenses);
self->flags |= NOFFENSES_CACHED_FLG;
}
@ -224,7 +230,7 @@ LOGFILE_addressCount(LOGFILE *self, unsigned *h_sum)
* Get a count of all unique addresses for this file.
*/
{
*h_sum += MAP_numItems(&self->addr2logEntry_map);
*h_sum += MAP_numItems(&self->addr2offEntry_map);
return 0;
}

7
logFile.h
View File

@ -28,10 +28,13 @@
typedef struct _LOGFILE {
int flags;
char *logFilePath;
MAP addr2logEntry_map;
MAP addr2offEntry_map;
unsigned nOffenses;
} LOGFILE;
#define LOGFILE_logFilePath(self) \
(const char*)(self)->logFilePath
#ifdef __cplusplus
extern "C" {
#endif
@ -83,7 +86,7 @@ LOGFILE_print(LOGFILE *self, FILE *fh);
int
LOGFILE_map_addr(LOGFILE *self, MAP *h_rtnMap);
/********************************************************
* Create a map of LOGENTRY objects with composite
* Create a map of OFFENTRY objects with composite
* counts by address.
*/

31
logType.c
View File

@ -162,9 +162,10 @@ LOGTYPE_proto_constructor(LOGTYPE *self, const struct logProtoType *proto)
ez_closedir(dir);
}
/* Sort file names to a "natural" order */
PTRVEC_sort(&fname_vec, cmp_pvsort);
/* Now scan files in lexigraphical order */
/* Now scan files in fname_vec */
char *log_fname;
while((log_fname= PTRVEC_remHead(&fname_vec))) {
@ -190,7 +191,7 @@ LOGTYPE_proto_constructor(LOGTYPE *self, const struct logProtoType *proto)
ez_fclose(fh);
}
if(G.flags & GLB_LONG_LISTING_FLG) {
if(G.flags & GLB_LONG_LISTING_MASK) {
ez_fprintf(G.rpt.fh, "Scanning \"%s\"... ", log_fname);
fflush(G.rpt.fh);
}
@ -204,13 +205,17 @@ LOGTYPE_proto_constructor(LOGTYPE *self, const struct logProtoType *proto)
}
LOGFILE *f;
if(!access(CacheFname, F_OK)) {
/* Use the cache, if available */
if(!(G.flags & GLB_NO_CACHE_FLG) &&
!access(CacheFname, F_OK))
{
/* Construct object from cache file */
LOGFILE_cache_create(f, CacheFname);
assert(f);
LOGFILE_set_logFilePath(f, log_fname);
} else {
} else { /* Scan the log file, write to new cache */
if(access(CacheDname, F_OK)) {
ez_mkdir(CacheDname, 0770);
@ -220,8 +225,12 @@ LOGTYPE_proto_constructor(LOGTYPE *self, const struct logProtoType *proto)
LOGFILE_log_create(f, proto, log_fname);
assert(f);
LOGFILE_set_logFilePath(f, log_fname);
if(LOGFILE_writeCache(f, CacheFname))
assert(0);
if(!(G.flags & GLB_NO_CACHE_FLG) &&
LOGFILE_writeCache(f, CacheFname))
{
eprintf("FATAL: write to cache failed.");
exit(EXIT_FAILURE);
}
}
assert(f);
@ -231,7 +240,7 @@ LOGTYPE_proto_constructor(LOGTYPE *self, const struct logProtoType *proto)
LOGFILE_offenseCount(f, &nOffFound);
LOGFILE_addressCount(f, &nAddrFound);
if(G.flags & GLB_LONG_LISTING_FLG) {
if(G.flags & GLB_LONG_LISTING_MASK) {
ez_fprintf(G.rpt.fh, "found %u offenses (%u addresses)\n", nOffFound, nAddrFound);
fflush(G.rpt.fh);
}
@ -273,7 +282,7 @@ LOGTYPE_proto_constructor(LOGTYPE *self, const struct logProtoType *proto)
LOGTYPE_offenseCount(self, &nOffFound);
nAddrFound= LOGTYPE_addressCount(self);
if(G.flags & GLB_LONG_LISTING_FLG) {
if(G.flags & GLB_LONG_LISTING_MASK) {
ez_fprintf(G.rpt.fh, ">>>> Found %u offenses (%u addresses) for %s/%s*\n"
, nOffFound
, nAddrFound
@ -283,6 +292,8 @@ LOGTYPE_proto_constructor(LOGTYPE *self, const struct logProtoType *proto)
fflush(G.rpt.fh);
}
// TODO: AddrRPT
rtn= self;
abort:
return rtn;
@ -446,7 +457,7 @@ LOGTYPE_print(LOGTYPE *self, FILE *fh)
int
LOGTYPE_map_addr(LOGTYPE *self, MAP *h_rtnMap)
/********************************************************
* Create a map of LOGENTRY objects with composite
* Create a map of OFFENTRY objects with composite
* counts by address.
*/
{
@ -483,6 +494,6 @@ LOGTYPE_addressCount(LOGTYPE *self)
unsigned nFound= MAP_numItems(&smap);
/* Cleanup for next time */
MAP_clearAndDestroy(&smap, (void*(*)(void*))LOGENTRY_destructor);
MAP_clearAndDestroy(&smap, (void*(*)(void*))OFFENTRY_destructor);
return nFound;
}

2
logType.h
View File

@ -95,7 +95,7 @@ LOGTYPE_print(LOGTYPE *self, FILE *fh);
int
LOGTYPE_map_addr(LOGTYPE *self, MAP *h_rtnMap);
/********************************************************
* Create a map of LOGENTRY objects with composite
* Create a map of OFFENTRY objects with composite
* counts by address.
*/

34
offEntry.c
View File

@ -30,11 +30,11 @@
#include "util.h"
/********************************************************/
/**************** LOGENTRY ******************************/
/**************** OFFENTRY ******************************/
/********************************************************/
static void
common_constructor(LOGENTRY *self)
common_constructor(OFFENTRY *self)
/******************************************************************
* common portion for all constructors.
*/
@ -42,13 +42,13 @@ common_constructor(LOGENTRY *self)
memset(self, 0, sizeof(*self));
}
LOGENTRY*
LOGENTRY_addr_constructor(LOGENTRY *self, const char *addr)
OFFENTRY*
OFFENTRY_addr_constructor(OFFENTRY *self, const char *addr)
/********************************************************
* Prepare for use.
*/
{
LOGENTRY *rtn= NULL;
OFFENTRY *rtn= NULL;
common_constructor(self);
@ -63,13 +63,13 @@ abort:
return rtn;
}
LOGENTRY*
LOGENTRY_cache_constructor(LOGENTRY *self, const char *cacheFileEntry)
OFFENTRY*
OFFENTRY_cache_constructor(OFFENTRY *self, const char *cacheFileEntry)
/********************************************************
* Prepare for use.
*/
{
LOGENTRY *rtn= NULL;
OFFENTRY *rtn= NULL;
common_constructor(self);
@ -89,7 +89,7 @@ abort:
}
void*
LOGENTRY_destructor(LOGENTRY *self)
OFFENTRY_destructor(OFFENTRY *self)
/********************************************************
* Free resources.
*/
@ -101,7 +101,7 @@ LOGENTRY_destructor(LOGENTRY *self)
}
void
LOGENTRY_register(LOGENTRY *self)
OFFENTRY_register(OFFENTRY *self)
/********************************************************
* Register the current failure try.
*/
@ -112,7 +112,7 @@ LOGENTRY_register(LOGENTRY *self)
int
LOGENTRY_cacheWrite(LOGENTRY *self, FILE *fh)
OFFENTRY_cacheWrite(OFFENTRY *self, FILE *fh)
/********************************************************
* Write to the cache file in a form we can read later.
*/
@ -126,7 +126,7 @@ LOGENTRY_cacheWrite(LOGENTRY *self, FILE *fh)
}
int
LOGENTRY_print(LOGENTRY *self, FILE *fh)
OFFENTRY_print(OFFENTRY *self, FILE *fh)
/********************************************************
* Print a human readable representation of *self.
*/
@ -142,16 +142,16 @@ LOGENTRY_print(LOGENTRY *self, FILE *fh)
}
int
LOGENTRY_map_addr(LOGENTRY *self, MAP *h_rtnMap)
OFFENTRY_map_addr(OFFENTRY *self, MAP *h_rtnMap)
/********************************************************
* Create a map of LOGENTRY objects with composite
* Create a map of OFFENTRY objects with composite
* counts by address.
*/
{
LOGENTRY *e= MAP_findStrItem(h_rtnMap, self->addr);
OFFENTRY *e= MAP_findStrItem(h_rtnMap, self->addr);
if(!e) {
LOGENTRY_addr_create(e, self->addr);
OFFENTRY_addr_create(e, self->addr);
assert(e);
MAP_addStrKey(h_rtnMap, e->addr, e);
}
@ -161,7 +161,7 @@ LOGENTRY_map_addr(LOGENTRY *self, MAP *h_rtnMap)
}
int
LOGENTRY_offenseCount(LOGENTRY *self, unsigned *h_sum)
OFFENTRY_offenseCount(OFFENTRY *self, unsigned *h_sum)
/********************************************************
* Get a count of all offenses for this entry.
*/

44
offEntry.h
View File

@ -16,8 +16,8 @@
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
#ifndef LOGENTRY_H
#define LOGENTRY_H
#ifndef OFFENTRY_H
#define OFFENTRY_H
#include <stdio.h>
#include <time.h>
@ -26,7 +26,7 @@
#include "pdns.h"
/* One of these for each offense found in a log file */
typedef struct _LOGENTRY {
typedef struct _OFFENTRY {
unsigned logfile_ndx;
char addr[46],
cntry[3];
@ -38,71 +38,71 @@ typedef struct _LOGENTRY {
char *name;
} dns;
} LOGENTRY;
} OFFENTRY;
#ifdef __cplusplus
extern "C" {
#endif
#define LOGENTRY_addr_create(p, addr) \
((p)=(LOGENTRY_addr_constructor((p)=malloc(sizeof(LOGENTRY)), addr) ? (p) : ( p ? realloc(LOGENTRY_destructor(p),0) : 0 )))
LOGENTRY*
LOGENTRY_addr_constructor(LOGENTRY *self, const char *addr);
#define OFFENTRY_addr_create(p, addr) \
((p)=(OFFENTRY_addr_constructor((p)=malloc(sizeof(OFFENTRY)), addr) ? (p) : ( p ? realloc(OFFENTRY_destructor(p),0) : 0 )))
OFFENTRY*
OFFENTRY_addr_constructor(OFFENTRY *self, const char *addr);
/********************************************************
* Prepare for use from an address found in a log entry.
*/
#define LOGENTRY_cache_create(p, cacheFileEntry) \
((p)=(LOGENTRY_cache_constructor((p)=malloc(sizeof(LOGENTRY)), cacheFileEntry) ? (p) : ( p ? realloc(LOGENTRY_destructor(p),0) : 0 )))
LOGENTRY*
LOGENTRY_cache_constructor(LOGENTRY *self, const char *cacheFileEntry);
#define OFFENTRY_cache_create(p, cacheFileEntry) \
((p)=(OFFENTRY_cache_constructor((p)=malloc(sizeof(OFFENTRY)), cacheFileEntry) ? (p) : ( p ? realloc(OFFENTRY_destructor(p),0) : 0 )))
OFFENTRY*
OFFENTRY_cache_constructor(OFFENTRY *self, const char *cacheFileEntry);
/********************************************************
* Prepare for use with entry from cache file.
*/
#define LOGENTRY_destroy(s) \
{if(LOGENTRY_destructor(s)) {free(s); (s)=0;}}
#define OFFENTRY_destroy(s) \
{if(OFFENTRY_destructor(s)) {free(s); (s)=0;}}
void*
LOGENTRY_destructor(LOGENTRY *self);
OFFENTRY_destructor(OFFENTRY *self);
/********************************************************
* Free resources.
*/
void
LOGENTRY_register(LOGENTRY *self);
OFFENTRY_register(OFFENTRY *self);
/********************************************************
* Register the current failure try.
*/
#if 0
int
LOGENTRY_is_blocked_country(const LOGENTRY *self);
OFFENTRY_is_blocked_country(const OFFENTRY *self);
/********************************************************
* Return 1 if the country is blocked, or 0.
*/
#endif
int
LOGENTRY_cacheWrite(LOGENTRY *self, FILE *fh);
OFFENTRY_cacheWrite(OFFENTRY *self, FILE *fh);
/********************************************************
* Write to the cache file in a form we can read later.
*/
int
LOGENTRY_print(LOGENTRY *self, FILE *fh);
OFFENTRY_print(OFFENTRY *self, FILE *fh);
/********************************************************
* Print a human readable representation of *self.
*/
int
LOGENTRY_map_addr(LOGENTRY *self, MAP *h_rtnMap);
OFFENTRY_map_addr(OFFENTRY *self, MAP *h_rtnMap);
/********************************************************
* Create a map of LOGENTRY objects with composite
* Create a map of OFFENTRY objects with composite
* counts by address.
*/
int
LOGENTRY_offenseCount(LOGENTRY *self, unsigned *h_sum);
OFFENTRY_offenseCount(OFFENTRY *self, unsigned *h_sum);
/********************************************************
* Get a count of all offenses for this entry.
*/

10
pdns.c
View File

@ -42,13 +42,13 @@ enum lookupType {
/* Messages in the mgr inbox look like this */
struct mgrMsg {
LOGENTRY *e;
OFFENTRY *e;
unsigned worker_ndx;
};
/* Messages in the worker inbox look like this */
struct workerMsg {
LOGENTRY *e;
OFFENTRY *e;
};
@ -84,7 +84,7 @@ static struct {
pthread_t tid;
MSGQUEUE inbox;
LOGENTRY **lePtrArr;
OFFENTRY **lePtrArr;
unsigned processedNdx,
nThreads,
nItems;
@ -112,9 +112,9 @@ static struct {
/*=========== PDNS ===========================================*/
/*============================================================*/
int
PDNS_lookup(LOGENTRY *lePtrArr[], unsigned nItems, unsigned timeout_ms)
PDNS_lookup(OFFENTRY *lePtrArr[], unsigned nItems, unsigned timeout_ms)
/**************************************************************
* Perform parallel DNS reverse lookups on all LOGENTRY objects
* Perform parallel DNS reverse lookups on all OFFENTRY objects
* referenced in lePtrArr.
*/
{

8
pdns.h
View File

@ -62,15 +62,15 @@ extern "C" {
#endif
/* Fix recursive #include dependency */
struct _LOGENTRY;
struct _OFFENTRY;
int
PDNS_lookup(struct _LOGENTRY *lePtrArr[], unsigned nItems, unsigned timeout_ms);
PDNS_lookup(struct _OFFENTRY *lePtrArr[], unsigned nItems, unsigned timeout_ms);
/**************************************************************
* Perform parallel DNS reverse lookups on all LOGENTRY objects
* Perform parallel DNS reverse lookups on all OFFENTRY objects
* referenced in lePtrArr until finished, or timeout_ms has lapsed.
*
* lePtrArr: array of pointers to LOGENTRY objects
* lePtrArr: array of pointers to OFFENTRY objects
* nItems: length of array
* timeout_ms: maximum amount of time to spend performing lookups.
*

2
ptrvec.h
View File

@ -65,7 +65,7 @@ void *PTRVEC_destructor (PTRVEC * self);
*/
#define PTRVEC_destroy(self) \
{if(PTRVEC_destructor(s)) {free(s);}}
{if(PTRVEC_destructor(self)) {free(self);}}
void *PTRVEC_addHead (PTRVEC * self, void *ptr);
/***********************************************