From 644a0e2a8be833987930818eb8274112a1141209 Mon Sep 17 00:00:00 2001
From: Alex 'AdUser' Z <ad_user@runbox.com>
Date: Sat, 3 Dec 2016 11:35:32 +1000
Subject: [PATCH] * add f2b_jail_start()

---
 src/daemon.c |  3 +++
 src/jail.c   | 41 +++++++++++++++++++++++++++++++++++++++++
 src/jail.h   |  9 +++++++++
 3 files changed, 53 insertions(+)

diff --git a/src/daemon.c b/src/daemon.c
index 739387f..21ab317 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -151,6 +151,9 @@ jails_start(f2b_config_t *config) {
       free(jail);
       continue;
     }
+
+    f2b_jail_start(jail);
+
     jail->next = jails;
     jails = jail;
   }
diff --git a/src/jail.c b/src/jail.c
index cdd2127..7a56bda 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -395,6 +395,47 @@ f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config) {
   return false;
 }
 
+bool
+f2b_jail_start(f2b_jail_t *jail) {
+  time_t now = time(NULL);
+  time_t remains;
+
+  assert(jail != NULL);
+
+  if (jail->flags & JAIL_HAS_STATE) {
+    jail->sfile = f2b_statefile_create(jail->name, appconfig.statedir_path);
+    if (jail->sfile == NULL) {
+      /* error occured, must be already logged, just drop flag */
+      jail->flags &= ~JAIL_HAS_STATE;
+    } else {
+      jail->ipaddrs = f2b_statefile_load(jail->sfile, jail->maxretry);
+    }
+  }
+
+  for (f2b_ipaddr_t *addr = jail->ipaddrs; addr != NULL; addr = addr->next) {
+    if (!addr->banned)
+      continue; /* if list NOW contains such addresses, it may be bug */
+    if (f2b_backend_check(jail->backend, addr->text))
+      continue; /* already banned or backend don't support check() */
+    if (now >= addr->release_at) {
+      addr->banned = false;
+      continue; /* ban time already expired */
+    }
+    if (f2b_backend_ban(jail->backend, addr->text)) {
+      remains = addr->release_at - now;
+      f2b_log_msg(log_note, "jail '%s': restored ban of ip %s (%.1fhrs remain)",
+        jail->name, addr->text, (float) remains / 3600);
+    } else {
+      f2b_log_msg(log_error, "jail '%s': can't ban ip %s -- %s",
+        jail->name, addr->text, f2b_backend_error(jail->backend));
+    }
+  }
+
+  f2b_log_msg(log_info, "jail '%s' started", jail->name);
+
+  return true;
+}
+
 bool
 f2b_jail_stop(f2b_jail_t *jail) {
   bool errors = false;
diff --git a/src/jail.h b/src/jail.h
index fafa80d..13ad2bc 100644
--- a/src/jail.h
+++ b/src/jail.h
@@ -10,6 +10,8 @@
 #include "log.h"
 #include "ipaddr.h"
 #include "config.h"
+#include "appconfig.h"
+#include "statefile.h"
 #include "source.h"
 #include "filter.h"
 #include "backend.h"
@@ -42,6 +44,7 @@ typedef struct f2b_jail_t {
   char filter_init[CONFIG_VAL_MAX];  /**< filter init string (eg `filter = NAME:$INIT_STRING` line from jail section) */
   char source_name[CONFIG_KEY_MAX];  /**< source name from config (eg [source:$NAME] section) */
   char source_init[CONFIG_VAL_MAX];  /**< source init string (eg `source = NAME:$INIT_STRING` line from jail section) */
+  f2b_statefile_t *sfile; /**< pointer to state file description */
   f2b_source_t  *source;  /**< pointer to source */
   f2b_filter_t  *filter;  /**< pointer to filter */
   f2b_backend_t *backend; /**< pointer to backend */
@@ -87,6 +90,12 @@ bool   f2b_jail_set_param(f2b_jail_t *jail, const char *param, const char *value
  * @return true on success, false on error
  */
 bool   f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config);
+/**
+ * @brief Load state file and restore bans
+ * @param jail Jail pointer
+ * @returns true on success, false on error
+ */
+bool   f2b_jail_start(f2b_jail_t *jail);
 /**
  * @brief Jail maintenance routine
  * Polls source for data, match against filter, manage matches,