Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/blacklist/bin add rule name in the config file, ...
details: https://anonhg.NetBSD.org/src/rev/0b5495adcab8
branches: trunk
changeset: 335692:0b5495adcab8
user: christos <christos%NetBSD.org@localhost>
date: Wed Jan 21 19:24:03 2015 +0000
description:
add rule name in the config file, binding address
diffstat:
external/bsd/blacklist/bin/blacklistd.c | 79 ++++++------------
external/bsd/blacklist/bin/conf.c | 138 +++++++++++++++++++++++++------
external/bsd/blacklist/bin/conf.h | 6 +-
external/bsd/blacklist/bin/run.c | 31 +++---
external/bsd/blacklist/bin/run.h | 10 +-
5 files changed, 165 insertions(+), 99 deletions(-)
diffs (truncated from 609 to 300 lines):
diff -r e48384abaf76 -r 0b5495adcab8 external/bsd/blacklist/bin/blacklistd.c
--- a/external/bsd/blacklist/bin/blacklistd.c Wed Jan 21 19:23:42 2015 +0000
+++ b/external/bsd/blacklist/bin/blacklistd.c Wed Jan 21 19:24:03 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.6 2015/01/21 16:16:00 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.7 2015/01/21 19:24:03 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklistd.c,v 1.6 2015/01/21 16:16:00 christos Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.7 2015/01/21 19:24:03 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -60,6 +60,7 @@
#include "conf.h"
#include "run.h"
#include "state.h"
+#include "util.h"
static const char *configfile = _PATH_BLCONF;
@@ -71,12 +72,24 @@
static DB *state;
static const char *dbfile = _PATH_BLSTATE;
-static sig_atomic_t rconf = 1;
+static sig_atomic_t rconf;
static sig_atomic_t done;
void (*lfun)(int, const char *, ...) = syslog;
static void
+sigusr1(int n)
+{
+ debug = 1;
+}
+
+static void
+sigusr2(int n)
+{
+ debug = 0;
+}
+
+static void
sighup(int n)
{
rconf++;
@@ -97,50 +110,6 @@
exit(EXIT_FAILURE);
}
-static const char *
-expandm(char *buf, size_t len, const char *fmt)
-{
- char *p;
- size_t r;
-
- if ((p = strstr(fmt, "%m")) == NULL)
- return fmt;
-
- r = (size_t)(p - fmt);
- if (r >= len)
- return fmt;
-
- strlcpy(buf, fmt, r + 1);
- strlcat(buf, strerror(errno), len);
- strlcat(buf, fmt + r + 2, len);
-
- return buf;
-}
-
-static void
-dlog(int level, const char *fmt, ...)
-{
- char buf[BUFSIZ];
- va_list ap;
-
- fprintf(stderr, "%s: ", getprogname());
- va_start(ap, fmt);
- vfprintf(stderr, expandm(buf, sizeof(buf), fmt), ap);
- va_end(ap);
- fprintf(stderr, "\n");
-}
-
-static const char *
-fmttime(char *b, size_t l, time_t t)
-{
- struct tm tm;
- if (localtime_r(&t, &tm) == NULL)
- snprintf(b, l, "*%jd*", (intmax_t)t);
- else
- strftime(b, l, "%Y/%m/%d %H:%M:%S", &tm);
- return b;
-}
-
static void
process(bl_t bl)
{
@@ -198,14 +167,14 @@
goto out;
}
if (dbi.count >= c.c_nfail) {
- int res = run_add(c.c_proto, (in_port_t)c.c_port, &rss,
- dbi.id, sizeof(dbi.id));
+ int res = run_add(&c, &rss, dbi.id, sizeof(dbi.id));
if (res == -1)
goto out;
sockaddr_snprintf(rbuf, sizeof(rbuf), "%a",
(void *)&rss);
- syslog(LOG_INFO, "Blocked %s at port %d for %d seconds",
- rbuf, c.c_port, c.c_duration);
+ syslog(LOG_INFO,
+ "Blocked %s at port %d for %d seconds",
+ rbuf, c.c_port, c.c_duration);
}
break;
@@ -254,7 +223,7 @@
if (c.c_duration == -1 || when >= ts.tv_sec)
continue;
if (dbi.id[0]) {
- run_rem(dbi.id);
+ run_rem(&c, dbi.id);
sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&ss);
syslog(LOG_INFO,
"Released %s at port %d after %d seconds",
@@ -312,6 +281,8 @@
signal(SIGINT, sigdone);
signal(SIGQUIT, sigdone);
signal(SIGTERM, sigdone);
+ signal(SIGUSR1, sigusr1);
+ signal(SIGUSR2, sigusr2);
if (debug) {
lfun = dlog;
@@ -323,9 +294,11 @@
tout = 15000;
}
+ conf_parse(configfile);
if (reset) {
+ for (size_t i = 0; i < nconf; i++)
+ run_flush(&conf[i]);
flags |= O_TRUNC;
- run_flush();
}
bl = bl_create(true, spath, lfun);
diff -r e48384abaf76 -r 0b5495adcab8 external/bsd/blacklist/bin/conf.c
--- a/external/bsd/blacklist/bin/conf.c Wed Jan 21 19:23:42 2015 +0000
+++ b/external/bsd/blacklist/bin/conf.c Wed Jan 21 19:24:03 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.3 2015/01/21 16:16:00 christos Exp $ */
+/* $NetBSD: conf.c,v 1.4 2015/01/21 19:24:03 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: conf.c,v 1.3 2015/01/21 16:16:00 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.4 2015/01/21 19:24:03 christos Exp $");
#include <stdio.h>
#include <string.h>
@@ -42,6 +42,7 @@
#include <util.h>
#include <stdlib.h>
#include <limits.h>
+#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/socket.h>
@@ -62,14 +63,14 @@
static int
-getnum(const char *f, size_t l, int *r, const char *p)
+getnum(const char *f, size_t l, void *r, const char *p)
{
int e;
intmax_t im;
im = strtoi(p, NULL, 0, 0, INT_MAX, &e);
if (e == 0) {
- *r = (int)im;
+ *(int *)r = (int)im;
return 0;
}
@@ -81,7 +82,7 @@
}
static int
-getsecs(const char *f, size_t l, int *r, const char *p)
+getsecs(const char *f, size_t l, void *r, const char *p)
{
int e;
char *ep;
@@ -115,7 +116,7 @@
tot = im;
if (e == 0) {
- *r = (int)tot;
+ *(int *)r = (int)tot;
return 0;
}
@@ -126,18 +127,19 @@
}
+
static int
-getport(const char *f, size_t l, int *r, const char *p)
+getport(const char *f, size_t l, void *r, const char *p)
{
struct servent *sv;
// XXX: Pass in the proto instead
if ((sv = getservbyname(p, "tcp")) != NULL) {
- *r = ntohs(sv->s_port);
+ *(int *)r = ntohs(sv->s_port);
return 0;
}
if ((sv = getservbyname(p, "udp")) != NULL) {
- *r = ntohs(sv->s_port);
+ *(int *)r = ntohs(sv->s_port);
return 0;
}
@@ -149,14 +151,58 @@
}
static int
-getproto(const char *f, size_t l, int *r, const char *p)
+gethostport(const char *f, size_t l, void *v, const char *p)
+{
+ char *d; // XXX: Ok to write to string.
+ in_port_t *port = NULL;
+ struct conf *c = v;
+
+ if ((d = strstr(p, "]:")) != NULL) {
+ struct sockaddr_in6 *s6 = (void *)&c->c_ss;
+ *d++ = '\0';
+ if (strcmp(++p, "*") == 0) {
+ if (inet_pton(AF_INET6, p, &s6->sin6_addr) == -1)
+ goto out;
+ s6->sin6_family = AF_INET6;
+ s6->sin6_len = sizeof(*s6);
+ port = &s6->sin6_port;
+ }
+ p = ++d;
+ } else if ((d = strrchr(p, ':')) != NULL) {
+ struct sockaddr_in *s = (void *)&c->c_ss;
+ *d++ = '\0';
+ if (strcmp(p, "*") == 0) {
+ if (inet_pton(AF_INET, p, &s->sin_addr) == -1)
+ goto out;
+ s->sin_family = AF_INET;
+ s->sin_len = sizeof(*s);
+ port = &s->sin_port;
+ }
+ p = d;
+ }
+
+ if (strcmp(p, "*") == 0)
+ c->c_port = -1;
+ else if (getport(f, l, &c->c_port, p) == -1)
+ return -1;
+
+ if (port && c->c_port != -1)
+ *port = (in_port_t)c->c_port;
+ return 0;
+out:
+ (*lfun)(LOG_ERR, "%s: %s, %zu: Bad address [%s]", __func__, f, l, p);
+ return -1;
+}
+
+static int
+getproto(const char *f, size_t l, void *r, const char *p)
{
if (strcmp(p, "stream") == 0) {
- *r = IPPROTO_TCP;
+ *(int *)r = IPPROTO_TCP;
return 0;
}
if (strcmp(p, "dgram") == 0) {
- *r = IPPROTO_UDP;
+ *(int *)r = IPPROTO_UDP;
return 0;
}
if (getnum(NULL, 0, r, p) == 0)
@@ -167,10 +213,10 @@
Home |
Main Index |
Thread Index |
Old Index