Browse Source

* add f2b_jail_start()

master
Alex 'AdUser' Z 8 years ago
parent
commit
644a0e2a8b
  1. 3
      src/daemon.c
  2. 41
      src/jail.c
  3. 9
      src/jail.h

3
src/daemon.c

@ -151,6 +151,9 @@ jails_start(f2b_config_t *config) {
free(jail); free(jail);
continue; continue;
} }
f2b_jail_start(jail);
jail->next = jails; jail->next = jails;
jails = jail; jails = jail;
} }

41
src/jail.c

@ -395,6 +395,47 @@ f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config) {
return false; return false;
} }
bool
f2b_jail_start(f2b_jail_t *jail) {
time_t now = time(NULL);
time_t remains;
assert(jail != NULL);
if (jail->flags & JAIL_HAS_STATE) {
jail->sfile = f2b_statefile_create(jail->name, appconfig.statedir_path);
if (jail->sfile == NULL) {
/* error occured, must be already logged, just drop flag */
jail->flags &= ~JAIL_HAS_STATE;
} else {
jail->ipaddrs = f2b_statefile_load(jail->sfile, jail->maxretry);
}
}
for (f2b_ipaddr_t *addr = jail->ipaddrs; addr != NULL; addr = addr->next) {
if (!addr->banned)
continue; /* if list NOW contains such addresses, it may be bug */
if (f2b_backend_check(jail->backend, addr->text))
continue; /* already banned or backend don't support check() */
if (now >= addr->release_at) {
addr->banned = false;
continue; /* ban time already expired */
}
if (f2b_backend_ban(jail->backend, addr->text)) {
remains = addr->release_at - now;
f2b_log_msg(log_note, "jail '%s': restored ban of ip %s (%.1fhrs remain)",
jail->name, addr->text, (float) remains / 3600);
} else {
f2b_log_msg(log_error, "jail '%s': can't ban ip %s -- %s",
jail->name, addr->text, f2b_backend_error(jail->backend));
}
}
f2b_log_msg(log_info, "jail '%s' started", jail->name);
return true;
}
bool bool
f2b_jail_stop(f2b_jail_t *jail) { f2b_jail_stop(f2b_jail_t *jail) {
bool errors = false; bool errors = false;

9
src/jail.h

@ -10,6 +10,8 @@
#include "log.h" #include "log.h"
#include "ipaddr.h" #include "ipaddr.h"
#include "config.h" #include "config.h"
#include "appconfig.h"
#include "statefile.h"
#include "source.h" #include "source.h"
#include "filter.h" #include "filter.h"
#include "backend.h" #include "backend.h"
@ -42,6 +44,7 @@ typedef struct f2b_jail_t {
char filter_init[CONFIG_VAL_MAX]; /**< filter init string (eg `filter = NAME:$INIT_STRING` line from jail section) */ char filter_init[CONFIG_VAL_MAX]; /**< filter init string (eg `filter = NAME:$INIT_STRING` line from jail section) */
char source_name[CONFIG_KEY_MAX]; /**< source name from config (eg [source:$NAME] section) */ char source_name[CONFIG_KEY_MAX]; /**< source name from config (eg [source:$NAME] section) */
char source_init[CONFIG_VAL_MAX]; /**< source init string (eg `source = NAME:$INIT_STRING` line from jail section) */ char source_init[CONFIG_VAL_MAX]; /**< source init string (eg `source = NAME:$INIT_STRING` line from jail section) */
f2b_statefile_t *sfile; /**< pointer to state file description */
f2b_source_t *source; /**< pointer to source */ f2b_source_t *source; /**< pointer to source */
f2b_filter_t *filter; /**< pointer to filter */ f2b_filter_t *filter; /**< pointer to filter */
f2b_backend_t *backend; /**< pointer to backend */ f2b_backend_t *backend; /**< pointer to backend */
@ -87,6 +90,12 @@ bool f2b_jail_set_param(f2b_jail_t *jail, const char *param, const char *value
* @return true on success, false on error * @return true on success, false on error
*/ */
bool f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config); bool f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config);
/**
* @brief Load state file and restore bans
* @param jail Jail pointer
* @returns true on success, false on error
*/
bool f2b_jail_start(f2b_jail_t *jail);
/** /**
* @brief Jail maintenance routine * @brief Jail maintenance routine
* Polls source for data, match against filter, manage matches, * Polls source for data, match against filter, manage matches,

Loading…
Cancel
Save