|
|
|
/* Copyright 2017 Alex 'AdUser' Z (ad_user@runbox.com)
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <assert.h>
|
|
|
|
#include <stdbool.h>
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
#include <libipset/session.h>
|
|
|
|
#include <libipset/types.h>
|
|
|
|
#include <libipset/ui.h>
|
|
|
|
|
|
|
|
#include "../strlcpy.h"
|
|
|
|
|
|
|
|
#include "backend.h"
|
|
|
|
#define MODNAME "ipset"
|
|
|
|
|
|
|
|
struct _config {
|
|
|
|
char name[ID_MAX + 1];
|
|
|
|
void (*logcb)(enum loglevel lvl, const char *msg);
|
|
|
|
struct ipset_session *sess;
|
|
|
|
int flags;
|
|
|
|
bool shared;
|
|
|
|
};
|
|
|
|
|
|
|
|
#include "backend.c"
|
|
|
|
|
|
|
|
inline static bool
|
|
|
|
my_ipset_error(cfg_t *cfg, const char *func) {
|
|
|
|
struct ipset_data *data = NULL;
|
|
|
|
if (ipset_session_error(cfg->sess)) {
|
|
|
|
log_msg(cfg, error, "%s: %s", func, ipset_session_error(cfg->sess));
|
|
|
|
} else /* IPSET_WARNING */ {
|
|
|
|
log_msg(cfg, warn, "%s: %s", func, ipset_session_warning(cfg->sess));
|
|
|
|
}
|
|
|
|
|
|
|
|
ipset_session_report_reset(cfg->sess);
|
|
|
|
|
|
|
|
if ((data = ipset_session_data(cfg->sess)) != NULL)
|
|
|
|
ipset_data_reset(data);
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool
|
|
|
|
my_ipset_cmd(cfg_t *cfg, enum ipset_cmd cmd, const char *ip) {
|
|
|
|
const struct ipset_type *type = NULL;
|
|
|
|
|
|
|
|
if (ipset_parse_setname(cfg->sess, IPSET_SETNAME, cfg->name) < 0)
|
|
|
|
return my_ipset_error(cfg, "ipset_parse_setname())");
|
|
|
|
|
|
|
|
if ((type = ipset_type_get(cfg->sess, cmd)) == NULL)
|
|
|
|
return my_ipset_error(cfg, "ipset_type_get()");
|
|
|
|
|
|
|
|
if (ipset_parse_elem(cfg->sess, type->last_elem_optional, ip) < 0)
|
|
|
|
return my_ipset_error(cfg, "ipset_parse_elem()");
|
|
|
|
|
|
|
|
if (ipset_cmd(cfg->sess, cmd, 0) < 0) {
|
|
|
|
if (cmd == IPSET_CMD_TEST && ipset_session_error(cfg->sess) == NULL)
|
|
|
|
return false; /* "ip is NOT in list" */
|
|
|
|
return my_ipset_error(cfg, "ipset_cmd()");
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
cfg_t *
|
|
|
|
create(const char *id) {
|
|
|
|
cfg_t *cfg = NULL;
|
|
|
|
|
|
|
|
assert(id != NULL);
|
|
|
|
|
|
|
|
if ((cfg = calloc(1, sizeof(cfg_t))) == NULL)
|
|
|
|
return NULL;
|
|
|
|
strlcpy(cfg->name, id, sizeof(cfg->name));
|
|
|
|
cfg->logcb = &logcb_stub;
|
|
|
|
cfg->flags |= MOD_IS_READY;
|
|
|
|
cfg->flags |= MOD_TYPE_BACKEND;
|
|
|
|
return cfg;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
config(cfg_t *cfg, const char *key, const char *value) {
|
|
|
|
assert(cfg != NULL);
|
|
|
|
assert(key != NULL);
|
|
|
|
assert(value != NULL);
|
|
|
|
|
|
|
|
(void)(cfg);
|
|
|
|
(void)(key);
|
|
|
|
(void)(value);
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
start(cfg_t *cfg) {
|
|
|
|
assert(cfg != NULL);
|
|
|
|
|
|
|
|
if (cfg->shared && usage_inc(cfg->name) > 1)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
ipset_load_types();
|
|
|
|
|
|
|
|
if ((cfg->sess = ipset_session_init(NULL)) == NULL) {
|
|
|
|
log_msg(cfg, error, "can't init ipset session");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ipset_session_output(cfg->sess, IPSET_LIST_NONE) < 0)
|
|
|
|
return my_ipset_error(cfg, "ipset_session_output()");
|
|
|
|
|
|
|
|
if (ipset_envopt_parse(cfg->sess, IPSET_ENV_EXIST, NULL) < 0)
|
|
|
|
return my_ipset_error(cfg, "ipset_envopt_parse()");
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
stop(cfg_t *cfg) {
|
|
|
|
assert(cfg != NULL);
|
|
|
|
|
|
|
|
if (cfg->shared && usage_dec(cfg->name) > 0)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
if (cfg->sess) {
|
|
|
|
ipset_session_fini(cfg->sess);
|
|
|
|
cfg->sess = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
ban(cfg_t *cfg, const char *ip) {
|
|
|
|
assert(cfg != NULL);
|
|
|
|
|
|
|
|
return my_ipset_cmd(cfg, IPSET_CMD_ADD, ip);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
unban(cfg_t *cfg, const char *ip) {
|
|
|
|
assert(cfg != NULL);
|
|
|
|
|
|
|
|
return my_ipset_cmd(cfg, IPSET_CMD_DEL, ip);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
check(cfg_t *cfg, const char *ip) {
|
|
|
|
assert(cfg != NULL);
|
|
|
|
|
|
|
|
return my_ipset_cmd(cfg, IPSET_CMD_TEST, ip);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
ping(cfg_t *cfg) {
|
|
|
|
assert(cfg != NULL);
|
|
|
|
|
|
|
|
(void)(cfg); /* silence warning about unused variable */
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
destroy(cfg_t *cfg) {
|
|
|
|
assert(cfg != NULL);
|
|
|
|
|
|
|
|
free(cfg);
|
|
|
|
}
|