/* Copyright 2016 Alex 'AdUser' Z (ad_user@runbox.com)
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation .
*/
# ifndef F2B_JAIL_H_
# define F2B_JAIL_H_
/**
* @ file
* This header describes jail definition and related routines
*/
/* jail flags */
# define JAIL_ENABLED 0x01
# define JAIL_HAS_STATE 0x02
# define JAIL_HAS_FILTER 0x04
/** jail metadata struct */
typedef struct f2b_jail_t {
struct f2b_jail_t * next ; /**< pointer to next jail */
char name [ CONFIG_KEY_MAX ] ; /**< name of the jail */
int flags ; /**< jail flags, see above */
size_t maxretry ; /**< option: maximum count of matches before ban */
/* duration of misc time periods */
time_t findtime ; /**< option: length of time period for estimating recent host activity (in seconds) */
time_t bantime ; /**< option: host ban time on excess activity (seconds) */
time_t expiretime ; /**< option: forget about host after this time with no activity (seconds, for banned hosts - after it's release, for not banned - after latest match) */
/** time period length modifiers for already banned hosts */
float findtime_extend ; /**< findtime modifier for already banned hosts in past (float) */
float bantime_extend ; /**< bantime modifier for already banned hosts in past (float) */
float expiretime_extend ; /**< expiretime modifier for already banned hosts in past (float) */
/* jail stats */
struct {
unsigned int hosts ; /**< number of tracked hosts */
unsigned int bans ; /**< number of ban events */
unsigned int matches ; /**< number of match events */
} stats ;
f2b_source_t * source ; /**< pointer to source */
f2b_filter_t * filter ; /**< pointer to filter */
f2b_backend_t * backend ; /**< pointer to backend */
f2b_statefile_t * sfile ; /**< pointer to state file description */
f2b_ipaddr_t * ipaddrs ; /**< list of known ip addresses */
} f2b_jail_t ;
/**
* @ var jails
* Global list of Defined jails
*/
extern f2b_jail_t * jails ;
/**
* @ brief Apply defaults to jail template ( affects later f2b_jail_create ( ) )
* @ param section ' defaults ' section from config
*/
void f2b_jail_set_defaults ( f2b_config_section_t * section ) ;
/**
* @ brief Create jail struct and init it ' s metadata
* @ param section Jail config section
* @ return Pointer to allocated jail or NULL on error
*/
f2b_jail_t * f2b_jail_create ( f2b_config_section_t * section ) ;
/**
* @ brief Find jail in jail list by name
* @ param list Jails list
* @ param name Jail name
* @ returns Pointer to wanted jail or NULL if not found
*/
f2b_jail_t * f2b_jail_find ( f2b_jail_t * list , const char * name ) ;
/**
* @ brief Set tunable parameter of jail
* @ param jail Jail pointer
* @ param param Parameter name
* @ param value Parameter value
* @ return true if parameter set , false if not found
*/
bool f2b_jail_set_param ( f2b_jail_t * jail , const char * param , const char * value ) ;
/**
* @ brief Setup source , filter and backend in jail
* @ param jail Jail pointer
* @ param config Pointer to f2b config
* @ return true on success , false on error
*/
bool f2b_jail_init ( f2b_jail_t * jail , f2b_config_t * config ) ;
/**
* @ brief Load state file and restore bans
* @ param jail Jail pointer
* @ returns true on success , false on error
*/
bool f2b_jail_start ( f2b_jail_t * jail ) ;
/**
* @ brief Jail main maintenance routine
* Polls source for data , match against filter ( if set ) , manage matches ,
* ban ips , that exceeded their limit , unban ips after bantime expire
* @ param jail Jail for processing
*/
void f2b_jail_process ( f2b_jail_t * jail ) ;
/**
* @ brief Correctly shutdown given jail
* @ param jail Jail pointer
* @ note Jail structure not deallocated
*/
bool f2b_jail_stop ( f2b_jail_t * jail ) ;
/* handlers for csocket commands processing */
/**
* @ brief Get jail status
* @ param res Response buffer
* @ param ressize Size of buffer above
* @ param jail Jail pointer
*/
void f2b_jail_cmd_status ( char * res , size_t ressize , f2b_jail_t * jail ) ;
/**
* @ brief Get jail status
* @ param res Response buffer
* @ param ressize Size of buffer above
* @ param jail Jail pointer
* @ param param Parameter name
* @ param value Parameter value
*/
void f2b_jail_cmd_set ( char * res , size_t ressize , f2b_jail_t * jail , const char * param , const char * value ) ;
/**
* @ brief ipaddr manage routine in given jail
* @ param res Response buffer
* @ param ressize Size of buffer above
* @ param jail Jail pointer
* @ param op Operation for ipaddr > 0 - ban , 0 - check , < 0 - unban
* @ param ip Ip address
*/
void f2b_jail_cmd_ip_xxx ( char * res , size_t ressize , f2b_jail_t * jail , int op , const char * ip ) ;
# endif /* F2B_JAIL_H_ */