From a715c29f4c7cec19063a458953e82bd613d14a4d Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Thu, 25 Aug 2016 23:45:02 +1000 Subject: [PATCH 01/46] * rename var --- src/filters/filter.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/filters/filter.h b/src/filters/filter.h index 4504a8c..21dbd25 100644 --- a/src/filters/filter.h +++ b/src/filters/filter.h @@ -15,5 +15,5 @@ extern const char *error(cfg_t *c); extern bool config(cfg_t *c, const char *key, const char *value); extern bool append(cfg_t *c, const char *pattern); extern bool ready(cfg_t *c); -extern bool match(cfg_t *c, const char *line, char *buf, size_t buf_size); +extern bool match(cfg_t *c, const char *line, char *buf, size_t bufsize); extern void destroy(cfg_t *c); From 2626c0f145ea98d65a959e5da7737a5a76fa1a9d Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Thu, 25 Aug 2016 23:56:19 +1000 Subject: [PATCH 02/46] * define misc limits in filter.h --- src/filters/filter.h | 2 ++ src/filters/pcre.c | 2 +- src/filters/preg.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/filters/filter.h b/src/filters/filter.h index 21dbd25..9530c4a 100644 --- a/src/filters/filter.h +++ b/src/filters/filter.h @@ -6,6 +6,8 @@ */ #include +#define ID_MAX 32 +#define PATTERN_MAX 256 #define HOST_TOKEN "" typedef struct _config cfg_t; diff --git a/src/filters/pcre.c b/src/filters/pcre.c index 462faf6..a1df0e9 100644 --- a/src/filters/pcre.c +++ b/src/filters/pcre.c @@ -24,7 +24,7 @@ typedef struct f2b_regex_t { } f2b_regex_t; struct _config { - char id[32]; + char id[ID_MAX]; char error[256]; bool icase; bool study; diff --git a/src/filters/preg.c b/src/filters/preg.c index b6e083a..3cc5efd 100644 --- a/src/filters/preg.c +++ b/src/filters/preg.c @@ -24,7 +24,7 @@ typedef struct f2b_regex_t { } f2b_regex_t; struct _config { - char id[32]; + char id[ID_MAX]; char error[256]; bool icase; f2b_regex_t *regexps; From 5b75873990480f7611f629ada435539c0ffb0062 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Thu, 25 Aug 2016 23:56:49 +1000 Subject: [PATCH 03/46] * define stats() in filter api --- src/filters/filter.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/filters/filter.h b/src/filters/filter.h index 9530c4a..ccb7af4 100644 --- a/src/filters/filter.h +++ b/src/filters/filter.h @@ -17,5 +17,6 @@ extern const char *error(cfg_t *c); extern bool config(cfg_t *c, const char *key, const char *value); extern bool append(cfg_t *c, const char *pattern); extern bool ready(cfg_t *c); +extern bool stats(cfg_t *c, int *matches, char **pattern, bool reset); extern bool match(cfg_t *c, const char *line, char *buf, size_t bufsize); extern void destroy(cfg_t *c); From a5d1b0b5e571f11efe126147a6f28529c7f562c5 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Thu, 25 Aug 2016 23:59:12 +1000 Subject: [PATCH 04/46] * stats() impl for filter/preg --- src/filters/preg.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/filters/preg.c b/src/filters/preg.c index 3cc5efd..3ab2f14 100644 --- a/src/filters/preg.c +++ b/src/filters/preg.c @@ -19,6 +19,7 @@ typedef struct f2b_regex_t { struct f2b_regex_t *next; + char pattern[PATTERN_MAX]; int matches; regex_t regex; } f2b_regex_t; @@ -28,6 +29,7 @@ struct _config { char error[256]; bool icase; f2b_regex_t *regexps; + f2b_regex_t *statp; }; cfg_t * @@ -86,6 +88,7 @@ append(cfg_t *cfg, const char *pattern) { if (regcomp(®ex->regex, buf, flags) == 0) { regex->next = cfg->regexps; cfg->regexps = regex; + snprintf(regex->pattern, sizeof(regex->pattern), "%s", pattern); return true; } @@ -101,6 +104,23 @@ ready(cfg_t *cfg) { return false; } +bool +stats(cfg_t *cfg, int *matches, char **pattern, bool reset) { + assert(cfg != NULL); + + if (reset) + cfg->statp = cfg->regexps; + + if (cfg->statp) { + *matches = cfg->statp->matches; + *pattern = cfg->statp->pattern; + cfg->statp = cfg->statp->next; + return true; + } + + return false; +} + const char * error(cfg_t *cfg) { assert(cfg != NULL); From 0f8756d46d5e9a823eef0fc79e46c9e7cc71971b Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Fri, 26 Aug 2016 00:02:31 +1000 Subject: [PATCH 05/46] * stats() impl for filter/pcre --- src/filters/pcre.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/filters/pcre.c b/src/filters/pcre.c index a1df0e9..9ed4ca6 100644 --- a/src/filters/pcre.c +++ b/src/filters/pcre.c @@ -18,6 +18,7 @@ typedef struct f2b_regex_t { struct f2b_regex_t *next; + char pattern[PATTERN_MAX]; int matches; pcre *regex; pcre_extra *data; @@ -30,6 +31,7 @@ struct _config { bool study; bool usejit; f2b_regex_t *regexps; + f2b_regex_t *statp; }; cfg_t * @@ -115,6 +117,7 @@ append(cfg_t *cfg, const char *pattern) { regex->next = cfg->regexps; cfg->regexps = regex; + snprintf(regex->pattern, sizeof(regex->pattern), "%s", pattern); return true; } @@ -126,6 +129,23 @@ ready(cfg_t *cfg) { return false; } +bool +stats(cfg_t *cfg, int *matches, char **pattern, bool reset) { + assert(cfg != NULL); + + if (reset) + cfg->statp = cfg->regexps; + + if (cfg->statp) { + *matches = cfg->statp->matches; + *pattern = cfg->statp->pattern; + cfg->statp = cfg->statp->next; + return true; + } + + return false; +} + const char * error(cfg_t *cfg) { assert(cfg != NULL); From 1d5ee209d3198b7683d8c9ceab9838e02df62b68 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Fri, 26 Aug 2016 00:07:33 +1000 Subject: [PATCH 06/46] * bind stats() on filter library load --- src/filter.c | 2 ++ src/filter.h | 1 + 2 files changed, 3 insertions(+) diff --git a/src/filter.c b/src/filter.c index 91efa43..ca837e6 100644 --- a/src/filter.c +++ b/src/filter.c @@ -96,6 +96,8 @@ f2b_filter_create(f2b_config_section_t *config, const char *file) { goto cleanup; if ((*(void **) (&filter->ready) = dlsym(filter->h, "ready")) == NULL) goto cleanup; + if ((*(void **) (&filter->stats) = dlsym(filter->h, "stats")) == NULL) + goto cleanup; if ((*(void **) (&filter->match) = dlsym(filter->h, "match")) == NULL) goto cleanup; if ((*(void **) (&filter->destroy) = dlsym(filter->h, "destroy")) == NULL) diff --git a/src/filter.h b/src/filter.h index fa4ddb4..c40c955 100644 --- a/src/filter.h +++ b/src/filter.h @@ -18,6 +18,7 @@ typedef struct f2b_filter_t { bool (*append) (void *cfg, const char *pattern); char *(*error) (void *cfg); bool (*ready) (void *cfg); + bool (*stats) (void *cfg, int **matches, char **pattern, bool reset); bool (*match) (void *cfg, const char *line, char *buf, size_t buf_size); void (*destroy) (void *cfg); } f2b_filter_t; From ea3a223268bf3e72ad20355958be1b421af82a81 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 14:23:35 +1000 Subject: [PATCH 07/46] + f2b_ipaddr_status() --- src/daemon.c | 9 +-------- src/ipaddr.c | 15 +++++++++++++++ src/ipaddr.h | 1 + 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/src/daemon.c b/src/daemon.c index d7ef281..ac2dae7 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -157,14 +157,7 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { jail->incr_bantime, jail->incr_findtime, jail->bancount, jail->matchcount); } else if (msg->type == CMD_JAIL_IP_SHOW) { - fmt = "ipaddr: %s\n" - "banned: %s\n" - "bancount: %d\n" - "lastseen: %d\n" - "banned_at: %d\n" - "release_at: %d\n"; - snprintf(res, ressize, fmt, addr->text, addr->banned ? "yes" : "no", - addr->bancount, addr->lastseen, addr->banned_at, addr->release_at); + f2b_ipaddr_status(addr, res, ressize); } else if (msg->type == CMD_JAIL_IP_BAN) { f2b_jail_ban(jail, addr); strlcpy(res, "ok", ressize); diff --git a/src/ipaddr.c b/src/ipaddr.c index 5d41a30..c46231d 100644 --- a/src/ipaddr.c +++ b/src/ipaddr.c @@ -44,6 +44,21 @@ f2b_ipaddr_destroy(f2b_ipaddr_t *ipaddr) { free(ipaddr); } +void +f2b_ipaddr_status(f2b_ipaddr_t *addr, char *res, size_t ressize) { + assert(addr != NULL); + assert(res != NULL); + const char *fmt = + "ipaddr: %s\n" + "banned: %s\n" + "bancount: %d\n" + "lastseen: %d\n" + "banned_at: %d\n" + "release_at: %d\n"; + snprintf(res, ressize, fmt, addr->text, addr->banned ? "yes" : "no", + addr->bancount, addr->lastseen, addr->banned_at, addr->release_at); +} + f2b_ipaddr_t * f2b_addrlist_append(f2b_ipaddr_t *list, f2b_ipaddr_t *ipaddr) { assert(ipaddr != NULL); diff --git a/src/ipaddr.h b/src/ipaddr.h index cc654b7..54d8764 100644 --- a/src/ipaddr.h +++ b/src/ipaddr.h @@ -31,6 +31,7 @@ typedef struct f2b_ipaddr_t { f2b_ipaddr_t * f2b_ipaddr_create (const char *addr, size_t max_matches); void f2b_ipaddr_destroy(f2b_ipaddr_t *ipaddr); +void f2b_ipaddr_status (f2b_ipaddr_t *ipaddr, char *res, size_t ressize); f2b_ipaddr_t * f2b_addrlist_append(f2b_ipaddr_t *list, f2b_ipaddr_t *ipaddr); f2b_ipaddr_t * f2b_addrlist_lookup(f2b_ipaddr_t *list, const char *addr); From fd3a1d584f4ca0fcfe95f2efdb7a8d1c4d28cf2e Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 14:24:23 +1000 Subject: [PATCH 08/46] + f2b_jail_get_status() --- src/daemon.c | 19 +------------------ src/jail.c | 24 ++++++++++++++++++++++++ src/jail.h | 2 ++ 3 files changed, 27 insertions(+), 18 deletions(-) diff --git a/src/daemon.c b/src/daemon.c index ac2dae7..3007454 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -85,7 +85,6 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { void f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { const char *args[DATA_ARGS_MAX]; - const char *fmt; f2b_jail_t *jail = NULL; f2b_ipaddr_t *addr = NULL; char line[LINE_MAX]; @@ -139,23 +138,7 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { strlcat(res, line, ressize); } } else if (msg->type == CMD_JAIL_STATUS) { - fmt = "name: %s\n" - "enabled: %s\n" - "maxretry: %d\n" - "times:\n" - " bantime: %d\n" - " findtime: %d\n" - " expiretime: %d\n" - "incr:\n" - " bantime: %.1f\n" - " findtime: %.1f\n" - "stats:\n" - " banned: %d\n" - " matched: %d\n"; - snprintf(res, ressize, fmt, jail->name, jail->enabled ? "yes" : "no", jail->maxretry, - jail->bantime, jail->findtime, jail->expiretime, - jail->incr_bantime, jail->incr_findtime, - jail->bancount, jail->matchcount); + f2b_jail_get_status(jail, res, ressize); } else if (msg->type == CMD_JAIL_IP_SHOW) { f2b_ipaddr_status(addr, res, ressize); } else if (msg->type == CMD_JAIL_IP_BAN) { diff --git a/src/jail.c b/src/jail.c index 125b39f..903f7d3 100644 --- a/src/jail.c +++ b/src/jail.c @@ -412,3 +412,27 @@ f2b_jail_stop(f2b_jail_t *jail) { return errors; } + +void +f2b_jail_get_status(f2b_jail_t *jail, char *res, size_t ressize) { + assert(jail != NULL); + assert(res != NULL); + const char *fmt = + "name: %s\n" + "enabled: %s\n" + "maxretry: %d\n" + "times:\n" + " bantime: %d\n" + " findtime: %d\n" + " expiretime: %d\n" + "incr:\n" + " bantime: %.1f\n" + " findtime: %.1f\n" + "stats:\n" + " banned: %d\n" + " matched: %d\n"; + snprintf(res, ressize, fmt, jail->name, jail->enabled ? "yes" : "no", jail->maxretry, + jail->bantime, jail->findtime, jail->expiretime, + jail->incr_bantime, jail->incr_findtime, + jail->bancount, jail->matchcount); +} diff --git a/src/jail.h b/src/jail.h index e8f5339..426fbbd 100644 --- a/src/jail.h +++ b/src/jail.h @@ -52,4 +52,6 @@ bool f2b_jail_unban (f2b_jail_t *jail, f2b_ipaddr_t *addr); bool f2b_jail_init (f2b_jail_t *jail, f2b_config_t *config); size_t f2b_jail_process (f2b_jail_t *jail); bool f2b_jail_stop (f2b_jail_t *jail); + +void f2b_jail_get_status(f2b_jail_t *jail, char *res, size_t ressize); #endif /* F2B_JAIL_H_ */ From a09ffb497bfed948c327898f08e03e52a08bf754 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 14:24:49 +1000 Subject: [PATCH 09/46] * f2b_cmsg_process() : check for CMD_NONE --- src/daemon.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/daemon.c b/src/daemon.c index 3007454..43f17cd 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -93,6 +93,9 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { assert(res != NULL); assert(msg->type < CMD_MAX_NUMBER); + if (msg->type == CMD_NONE) + return; + memset(args, 0x0, sizeof(args)); f2b_cmsg_extract_args(msg, args); From e0f430eb8cbb400e956c1e1325bf7eeba41044db Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 14:50:56 +1000 Subject: [PATCH 10/46] * rename command 'jail ip show' -> 'jail ip status' --- src/cmsg.h | 2 +- src/commands.c | 8 ++++---- src/daemon.c | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/cmsg.h b/src/cmsg.h index a646376..457c2b5 100644 --- a/src/cmsg.h +++ b/src/cmsg.h @@ -18,7 +18,7 @@ enum f2b_cmsg_type { CMD_SHUTDOWN, CMD_JAIL_STATUS = 16, CMD_JAIL_SET, - CMD_JAIL_IP_SHOW, + CMD_JAIL_IP_STATUS, CMD_JAIL_IP_BAN, CMD_JAIL_IP_RELEASE, CMD_MAX_NUMBER, diff --git a/src/commands.c b/src/commands.c index 9442380..e9140e7 100644 --- a/src/commands.c +++ b/src/commands.c @@ -53,8 +53,8 @@ struct f2b_cmd_t { .tokens = { "jail", "", "set", "", "", NULL }, .help = "Set parameter of given jail", }, - [CMD_JAIL_IP_SHOW] = { - .tokens = { "jail", "", "show", "", NULL }, + [CMD_JAIL_IP_STATUS] = { + .tokens = { "jail", "", "status", "", NULL }, .help = "Show ip status in given jail", }, [CMD_JAIL_IP_BAN] = { @@ -143,10 +143,10 @@ f2b_cmd_parse(const char *src, char *buf, size_t buflen) { strlcat(buf, "\n", buflen); return CMD_JAIL_SET; } - if (tokenc == 4 && strcmp(tokens[2], "show") == 0) { + if (tokenc == 4 && strcmp(tokens[2], "status") == 0) { strlcat(buf, tokens[3], buflen); strlcat(buf, "\n", buflen); - return CMD_JAIL_IP_SHOW; + return CMD_JAIL_IP_STATUS; } if (tokenc == 4 && strcmp(tokens[2], "ban") == 0) { strlcat(buf, tokens[3], buflen); diff --git a/src/daemon.c b/src/daemon.c index 43f17cd..6c451b6 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -110,7 +110,7 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { } } - if (jail && (msg->type >= CMD_JAIL_IP_SHOW && msg->type <= CMD_JAIL_IP_RELEASE)) { + if (jail && (msg->type >= CMD_JAIL_IP_STATUS && msg->type <= CMD_JAIL_IP_RELEASE)) { if (args[1] == NULL) { strlcpy(res, "can't find ip: no args", ressize); return; @@ -142,7 +142,7 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { } } else if (msg->type == CMD_JAIL_STATUS) { f2b_jail_get_status(jail, res, ressize); - } else if (msg->type == CMD_JAIL_IP_SHOW) { + } else if (msg->type == CMD_JAIL_IP_STATUS) { f2b_ipaddr_status(addr, res, ressize); } else if (msg->type == CMD_JAIL_IP_BAN) { f2b_jail_ban(jail, addr); From eb77abed3ddca0321c2a8035de89acbb6641e359 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 15:17:43 +1000 Subject: [PATCH 11/46] * filter.h : fix stats() definition --- src/filter.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/filter.h b/src/filter.h index c40c955..0c19959 100644 --- a/src/filter.h +++ b/src/filter.h @@ -18,7 +18,7 @@ typedef struct f2b_filter_t { bool (*append) (void *cfg, const char *pattern); char *(*error) (void *cfg); bool (*ready) (void *cfg); - bool (*stats) (void *cfg, int **matches, char **pattern, bool reset); + bool (*stats) (void *cfg, int *matches, char **pattern, bool reset); bool (*match) (void *cfg, const char *line, char *buf, size_t buf_size); void (*destroy) (void *cfg); } f2b_filter_t; From 64ca6cb323d3114d44edb35b3ce763af62e05ea4 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 15:18:23 +1000 Subject: [PATCH 12/46] + f2b_filter_append() --- src/filter.c | 8 ++++++++ src/filter.h | 1 + 2 files changed, 9 insertions(+) diff --git a/src/filter.c b/src/filter.c index ca837e6..7594cde 100644 --- a/src/filter.c +++ b/src/filter.c @@ -149,6 +149,14 @@ f2b_filter_destroy(f2b_filter_t *filter) { free(filter); } +bool +f2b_filter_append(f2b_filter_t *filter, const char *pattern) { + assert(filter != NULL); + assert(pattern != NULL); + + return filter->append(filter->cfg, pattern); +} + bool f2b_filter_match(f2b_filter_t *filter, const char *line, char *buf, size_t buf_size) { assert(filter != NULL); diff --git a/src/filter.h b/src/filter.h index 0c19959..01db0c5 100644 --- a/src/filter.h +++ b/src/filter.h @@ -26,6 +26,7 @@ typedef struct f2b_filter_t { f2b_filter_t * f2b_filter_create (f2b_config_section_t *config, const char *id); void f2b_filter_destroy(f2b_filter_t *b); +bool f2b_filter_append(f2b_filter_t *b, const char *pattern); bool f2b_filter_match(f2b_filter_t *b, const char *line, char *buf, size_t buf_size); const char * f2b_filter_error(f2b_filter_t *b); From ce86ddd4c05ed121d00644d6a250b04d4ad2c69a Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 15:18:39 +1000 Subject: [PATCH 13/46] + f2b_filter_stats() --- src/filter.c | 18 ++++++++++++++++++ src/filter.h | 1 + 2 files changed, 19 insertions(+) diff --git a/src/filter.c b/src/filter.c index 7594cde..8ecbc64 100644 --- a/src/filter.c +++ b/src/filter.c @@ -171,3 +171,21 @@ f2b_filter_error(f2b_filter_t *filter) { assert(filter != NULL); return filter->error(filter->cfg); } + +void +f2b_filter_stats(f2b_filter_t *filter, char *res, size_t ressize) { + assert(filter != NULL); + assert(res != NULL); + bool reset = true; + char *pattern; + int matches; + char buf[256]; + const char *fmt = + "- pattern: %s\n" + " matches: %d\n"; + while (filter->stats(filter->cfg, &matches, &pattern, reset)) { + snprintf(buf, sizeof(buf), fmt, pattern, matches); + strlcat(res, buf, ressize); + reset = false; + } +} diff --git a/src/filter.h b/src/filter.h index 01db0c5..5fa0671 100644 --- a/src/filter.h +++ b/src/filter.h @@ -29,5 +29,6 @@ void f2b_filter_destroy(f2b_filter_t *b); bool f2b_filter_append(f2b_filter_t *b, const char *pattern); bool f2b_filter_match(f2b_filter_t *b, const char *line, char *buf, size_t buf_size); const char * f2b_filter_error(f2b_filter_t *b); +void f2b_filter_stats (f2b_filter_t *b, char *res, size_t ressize); #endif /* F2B_FILTER_H_ */ From 53935abd779384ed8f191a478155d43217a02cfe Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 16:04:17 +1000 Subject: [PATCH 14/46] * add 'jail regex stats' & 'jail regex add' commands --- src/cmsg.h | 2 ++ src/commands.c | 16 ++++++++++++++++ src/daemon.c | 14 +++++++++++++- 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/src/cmsg.h b/src/cmsg.h index 457c2b5..f51cbb2 100644 --- a/src/cmsg.h +++ b/src/cmsg.h @@ -21,6 +21,8 @@ enum f2b_cmsg_type { CMD_JAIL_IP_STATUS, CMD_JAIL_IP_BAN, CMD_JAIL_IP_RELEASE, + CMD_JAIL_REGEX_STATS, + CMD_JAIL_REGEX_ADD, CMD_MAX_NUMBER, }; diff --git a/src/commands.c b/src/commands.c index e9140e7..1d262a0 100644 --- a/src/commands.c +++ b/src/commands.c @@ -65,6 +65,14 @@ struct f2b_cmd_t { .tokens = { "jail", "", "release", "", NULL }, .help = "Forcefully release some ip in given jail", }, + [CMD_JAIL_REGEX_STATS] = { + .tokens = { "jail", "", "regex", "stats", NULL }, + .help = "Show matches stats for jail regexps", + }, + [CMD_JAIL_REGEX_ADD] = { + .tokens = { "jail", "", "regex", "add", "", NULL }, + .help = "Add new regexp to jail", + }, }; void @@ -158,6 +166,14 @@ f2b_cmd_parse(const char *src, char *buf, size_t buflen) { strlcat(buf, "\n", buflen); return CMD_JAIL_IP_RELEASE; } + if (tokenc == 4 && strcmp(tokens[2], "regex") == 0 && strcmp(tokens[3], "stats") == 0) { + return CMD_JAIL_REGEX_STATS; + } + if (tokenc == 5 && strcmp(tokens[2], "regex") == 0 && strcmp(tokens[3], "add") == 0) { + strlcat(buf, tokens[4], buflen); + strlcat(buf, "\n", buflen); + return CMD_JAIL_REGEX_ADD; + } } return CMD_NONE; diff --git a/src/daemon.c b/src/daemon.c index 6c451b6..5b702ad 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -99,7 +99,7 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { memset(args, 0x0, sizeof(args)); f2b_cmsg_extract_args(msg, args); - if (msg->type >= CMD_JAIL_STATUS && msg->type <= CMD_JAIL_IP_RELEASE) { + if (msg->type >= CMD_JAIL_STATUS && msg->type <= CMD_MAX_NUMBER) { if (args[0] == NULL) { strlcpy(res, "can't find jail: no args\n", ressize); return; @@ -150,6 +150,18 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { } else if (msg->type == CMD_JAIL_IP_RELEASE) { f2b_jail_unban(jail, addr); strlcpy(res, "ok", ressize); + } else if (msg->type == CMD_JAIL_REGEX_STATS) { + f2b_filter_stats(jail->filter, res, ressize); + } else if (msg->type == CMD_JAIL_REGEX_ADD) { + if (args[1] == NULL) { + strlcpy(res, "can't find regex: no args", ressize); + return; + } + if (f2b_filter_append(jail->filter, args[1])) { + strlcpy(res, "ok", ressize); + } else { + strlcpy(res, f2b_filter_error(jail->filter), ressize); + } } else { strlcpy(res, "error: unsupported command type", ressize); } From a342e00e703715cfd922392c823f0141f2efa232 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 16:31:33 +1000 Subject: [PATCH 15/46] Revert "* rename command 'jail ip show' -> 'jail ip status'" ambiguous command --- src/cmsg.h | 2 +- src/commands.c | 8 ++++---- src/daemon.c | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/cmsg.h b/src/cmsg.h index f51cbb2..2f3e193 100644 --- a/src/cmsg.h +++ b/src/cmsg.h @@ -18,7 +18,7 @@ enum f2b_cmsg_type { CMD_SHUTDOWN, CMD_JAIL_STATUS = 16, CMD_JAIL_SET, - CMD_JAIL_IP_STATUS, + CMD_JAIL_IP_SHOW, CMD_JAIL_IP_BAN, CMD_JAIL_IP_RELEASE, CMD_JAIL_REGEX_STATS, diff --git a/src/commands.c b/src/commands.c index 1d262a0..08ebc7b 100644 --- a/src/commands.c +++ b/src/commands.c @@ -53,8 +53,8 @@ struct f2b_cmd_t { .tokens = { "jail", "", "set", "", "", NULL }, .help = "Set parameter of given jail", }, - [CMD_JAIL_IP_STATUS] = { - .tokens = { "jail", "", "status", "", NULL }, + [CMD_JAIL_IP_SHOW] = { + .tokens = { "jail", "", "show", "", NULL }, .help = "Show ip status in given jail", }, [CMD_JAIL_IP_BAN] = { @@ -151,10 +151,10 @@ f2b_cmd_parse(const char *src, char *buf, size_t buflen) { strlcat(buf, "\n", buflen); return CMD_JAIL_SET; } - if (tokenc == 4 && strcmp(tokens[2], "status") == 0) { + if (tokenc == 4 && strcmp(tokens[2], "show") == 0) { strlcat(buf, tokens[3], buflen); strlcat(buf, "\n", buflen); - return CMD_JAIL_IP_STATUS; + return CMD_JAIL_IP_SHOW; } if (tokenc == 4 && strcmp(tokens[2], "ban") == 0) { strlcat(buf, tokens[3], buflen); diff --git a/src/daemon.c b/src/daemon.c index 5b702ad..7590073 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -110,7 +110,7 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { } } - if (jail && (msg->type >= CMD_JAIL_IP_STATUS && msg->type <= CMD_JAIL_IP_RELEASE)) { + if (jail && (msg->type >= CMD_JAIL_IP_SHOW && msg->type <= CMD_JAIL_IP_RELEASE)) { if (args[1] == NULL) { strlcpy(res, "can't find ip: no args", ressize); return; @@ -142,7 +142,7 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { } } else if (msg->type == CMD_JAIL_STATUS) { f2b_jail_get_status(jail, res, ressize); - } else if (msg->type == CMD_JAIL_IP_STATUS) { + } else if (msg->type == CMD_JAIL_IP_SHOW) { f2b_ipaddr_status(addr, res, ressize); } else if (msg->type == CMD_JAIL_IP_BAN) { f2b_jail_ban(jail, addr); From 31b7b9f9f7a707b9c9a4303c3002490eb4756048 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 20:19:29 +1000 Subject: [PATCH 16/46] * f2b_logfile_close() : safer version --- src/logfile.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/logfile.c b/src/logfile.c index 350ad99..69fc4f7 100644 --- a/src/logfile.c +++ b/src/logfile.c @@ -41,8 +41,12 @@ f2b_logfile_open(f2b_logfile_t *file, const char *path) { void f2b_logfile_close(f2b_logfile_t *file) { assert(file != NULL); - fclose(file->fd); + + if (file->fd) + fclose(file->fd); + file->opened = false; + file->fd = NULL; } bool From a28c95579f8fa7ec0cb1452700dedf6cd1a7f1d9 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 20:19:46 +1000 Subject: [PATCH 17/46] * f2b_logfile_rotated() : check 'opened' flag --- src/logfile.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/logfile.c b/src/logfile.c index 69fc4f7..b61308b 100644 --- a/src/logfile.c +++ b/src/logfile.c @@ -55,6 +55,9 @@ f2b_logfile_rotated(const f2b_logfile_t *file) { assert(file != NULL); + if (!file->opened) + return true; + if (stat(file->path, &st) != 0) return true; From e792f8ba448582e72717a35f62613a95f9a7f791 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 20:36:11 +1000 Subject: [PATCH 18/46] * f2b_cmsg_process() : chg processing of CMD_JAIL_IP_* --- src/daemon.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/src/daemon.c b/src/daemon.c index 7590073..9b81421 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -115,10 +115,6 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { strlcpy(res, "can't find ip: no args", ressize); return; } - if ((addr = f2b_addrlist_lookup(jail->ipaddrs, args[1])) == NULL) { - snprintf(res, ressize, "can't find ip '%s' in jail '%s'\n", args[1], args[0]); - return; - } } if (msg->type == CMD_PING) { @@ -143,12 +139,32 @@ f2b_cmsg_process(const f2b_cmsg_t *msg, char *res, size_t ressize) { } else if (msg->type == CMD_JAIL_STATUS) { f2b_jail_get_status(jail, res, ressize); } else if (msg->type == CMD_JAIL_IP_SHOW) { - f2b_ipaddr_status(addr, res, ressize); + if ((addr = f2b_addrlist_lookup(jail->ipaddrs, args[1])) != NULL) { + f2b_ipaddr_status(addr, res, ressize); + } else { + snprintf(res, ressize, "can't find ip '%s' in jail '%s'\n", args[1], args[0]); + } } else if (msg->type == CMD_JAIL_IP_BAN) { + if ((addr = f2b_addrlist_lookup(jail->ipaddrs, args[1])) == NULL) { + /* TODO: this is copy-paste from f2b_jail_process */ + time_t now = time(NULL); + addr = f2b_ipaddr_create(args[1], jail->maxretry); + if (!addr) { + snprintf(res, ressize, "cat't parse ip address: %s", args[1]); + return; + } + addr->lastseen = now; + f2b_matches_append(&addr->matches, now); + jail->ipaddrs = f2b_addrlist_append(jail->ipaddrs, addr); + } f2b_jail_ban(jail, addr); strlcpy(res, "ok", ressize); } else if (msg->type == CMD_JAIL_IP_RELEASE) { - f2b_jail_unban(jail, addr); + if ((addr = f2b_addrlist_lookup(jail->ipaddrs, args[1])) != NULL) { + f2b_jail_unban(jail, addr); + } else { + snprintf(res, ressize, "can't find ip '%s' in jail '%s'\n", args[1], args[0]); + } strlcpy(res, "ok", ressize); } else if (msg->type == CMD_JAIL_REGEX_STATS) { f2b_filter_stats(jail->filter, res, ressize); From 22842c5e602332e215918327c76551fca6301d6a Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 22:12:43 +1000 Subject: [PATCH 19/46] * chg cmsg DATA_LEN_MAX --- src/cmsg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cmsg.h b/src/cmsg.h index 2f3e193..aa8812a 100644 --- a/src/cmsg.h +++ b/src/cmsg.h @@ -3,7 +3,7 @@ #include -#define DATA_LEN_MAX 496 /* 512 - 16 bytes of header */ +#define DATA_LEN_MAX 1476 /* 1500 - (16 bytes of cmsg header + 8 bytes of udp) */ #define DATA_ARGS_MAX 6 /* number of args in data */ #define F2B_PROTO_VER 1 From 1ba53306f485a952ef89279e9de29b72042c1b5d Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 22:21:49 +1000 Subject: [PATCH 20/46] * suppress warning --- src/backends/exec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/backends/exec.c b/src/backends/exec.c index 1f221ef..b16a97a 100644 --- a/src/backends/exec.c +++ b/src/backends/exec.c @@ -268,6 +268,7 @@ check(cfg_t *cfg, const char *ip) { bool ping(cfg_t *cfg) { assert(cfg != NULL); + (void)(cfg); /* suppress warning about unused variable */ return true; } From 0644fbe90bef1c64d14f23ab7ae383d2e4bae3d0 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Sun, 28 Aug 2016 22:22:13 +1000 Subject: [PATCH 21/46] * f2b_filter_stats() : reset buffer before use --- src/filter.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/filter.c b/src/filter.c index 8ecbc64..a8b836b 100644 --- a/src/filter.c +++ b/src/filter.c @@ -183,6 +183,7 @@ f2b_filter_stats(f2b_filter_t *filter, char *res, size_t ressize) { const char *fmt = "- pattern: %s\n" " matches: %d\n"; + res[0] = '\0'; while (filter->stats(filter->cfg, &matches, &pattern, reset)) { snprintf(buf, sizeof(buf), fmt, pattern, matches); strlcat(res, buf, ressize); From 9b3de998c31ab2d52f52414057911f1419fa16fa Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Mon, 29 Aug 2016 14:20:11 +1000 Subject: [PATCH 22/46] * reorganize headers in filters --- src/filters/filter.h | 7 +++++++ src/filters/pcre.c | 6 ------ src/filters/preg.c | 6 ------ 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/src/filters/filter.h b/src/filters/filter.h index ccb7af4..6c619e7 100644 --- a/src/filters/filter.h +++ b/src/filters/filter.h @@ -4,7 +4,14 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ +#if defined(__linux__) +#include +#endif +#include #include +#include +#include +#include #define ID_MAX 32 #define PATTERN_MAX 256 diff --git a/src/filters/pcre.c b/src/filters/pcre.c index 9ed4ca6..b7b371c 100644 --- a/src/filters/pcre.c +++ b/src/filters/pcre.c @@ -4,12 +4,6 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ -#include -#include -#include -#include -#include - #include "filter.h" #include diff --git a/src/filters/preg.c b/src/filters/preg.c index 3ab2f14..3790fc0 100644 --- a/src/filters/preg.c +++ b/src/filters/preg.c @@ -4,12 +4,6 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ -#include -#include -#include -#include -#include - #include "filter.h" #include From 35eed0b1a416d8d83706f0487527c02fbfa39069 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Mon, 29 Aug 2016 14:24:34 +1000 Subject: [PATCH 23/46] * cmake : fixes for bsd build --- CMakeLists.txt | 7 ++++++- src/CMakeLists.txt | 9 ++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index e185287..eef3b7f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -22,7 +22,12 @@ endif () include(GNUInstallDirs) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -pedantic -std=c99") -add_definitions("-D_XOPEN_SOURCE=600") +if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") + add_definitions("-D_XOPEN_SOURCE=600") +else () + include_directories(AFTER SYSTEM "/usr/local/include") + link_directories("/usr/local/lib") +endif () if (WITH_HARDENING) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat -Wformat-security -Werror=format-security" ) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 2c00c86..6ceda77 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -8,7 +8,6 @@ if (WITH_CSOCKET) endif () add_executable("f2b" ${SOURCES}) -target_link_libraries(f2b "dl") install(TARGETS "f2b" RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}) @@ -20,11 +19,15 @@ endif () set(SOURCES "strlcpy.c" "backend-test.c" "log.c" "config.c" "backend.c") add_executable("backend-test" ${SOURCES}) -target_link_libraries("backend-test" "dl") set(SOURCES "strlcpy.c" "filter-test.c" "log.c" "config.c" "filter.c") add_executable("filter-test" ${SOURCES}) -target_link_libraries("filter-test" "dl") + +if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") + target_link_libraries(f2b "dl") + target_link_libraries("backend-test" "dl") + target_link_libraries("filter-test" "dl") +endif () add_subdirectory("backends") add_subdirectory("filters") From d92645a41e9378a243e14bb92ac90124aba64b94 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Mon, 29 Aug 2016 14:25:03 +1000 Subject: [PATCH 24/46] * fix includes on bsd --- src/common.h | 2 +- src/ipaddr.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/common.h b/src/common.h index 1ca8eff..7a3edfc 100644 --- a/src/common.h +++ b/src/common.h @@ -7,11 +7,11 @@ #ifndef F2B_COMMON_H_ #define F2B_COMMON_H_ -#include #include #include #include #include +#include #include #include #include diff --git a/src/ipaddr.h b/src/ipaddr.h index 54d8764..7712ba9 100644 --- a/src/ipaddr.h +++ b/src/ipaddr.h @@ -7,6 +7,8 @@ #ifndef F2B_IPADDR_H_ #define F2B_IPADDR_H_ +#include +#include #include #include "matches.h" From 133ef989e824dab4c1468681794cbe8d366864e8 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Tue, 30 Aug 2016 12:26:50 +1000 Subject: [PATCH 25/46] * disable buffering for logfile --- src/log.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/log.c b/src/log.c index 13bbfe3..c5ea11a 100644 --- a/src/log.c +++ b/src/log.c @@ -83,6 +83,7 @@ void f2b_log_to_file(const char *path) { if (path == NULL || *path == '\0') return; if ((new = fopen(path, "a")) != NULL) { + setvbuf(new, NULL , _IONBF, 0); if (logfile && logfile != stderr) fclose(logfile); dest = log_file; From c57d442aeeeaf638665e915501a6ab2f1c87bb78 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Tue, 30 Aug 2016 12:27:24 +1000 Subject: [PATCH 26/46] * print date/time in log --- src/log.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/log.c b/src/log.c index c5ea11a..7e7411a 100644 --- a/src/log.c +++ b/src/log.c @@ -39,6 +39,8 @@ get_facility(log_msgtype_t l) { void f2b_log_msg(log_msgtype_t l, const char *fmt, ...) { va_list args; char msg[LOGLINE_MAX] = ""; + char when[64] = ""; + time_t now = time(NULL); if (l < minlevel) return; @@ -55,7 +57,8 @@ void f2b_log_msg(log_msgtype_t l, const char *fmt, ...) { case log_stderr: logfile = stderr; case log_file: - fprintf(logfile, "[%s] %s\n", loglevels[l], msg); + strftime(when, sizeof(when), "%F %H:%M:%S", localtime(&now)); + fprintf(logfile, "%s [%s] %s\n", when, loglevels[l], msg); break; } From 4b76a42d2cd48ca23cb9fe937749ed8310f3d6cf Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Tue, 30 Aug 2016 12:49:43 +1000 Subject: [PATCH 27/46] * zeroing config before reload --- src/daemon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/daemon.c b/src/daemon.c index 9b81421..ddd3827 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -387,6 +387,7 @@ int main(int argc, char *argv[]) { } if (state == reconfig) { state = run; + memset(&config, 0x0, sizeof(config)); if (f2b_config_load(&config, opts.config_path, true)) { jails_stop(jails); if (config.defaults) From eb8e5f2842618cecba0565d8a86d921b2a770497 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Tue, 30 Aug 2016 12:57:44 +1000 Subject: [PATCH 28/46] * fix cppcheck warnings --- src/commands.c | 2 +- src/jail.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/commands.c b/src/commands.c index 08ebc7b..2d62454 100644 --- a/src/commands.c +++ b/src/commands.c @@ -12,7 +12,7 @@ struct f2b_cmd_t { const char *help; const char *tokens[CMD_TOKENS_MAX]; char *data; -} commands[] = { +} commands[CMD_MAX_NUMBER] = { [CMD_NONE] = { .tokens = { NULL }, .help = "Unspecified command" diff --git a/src/jail.c b/src/jail.c index 903f7d3..5f0b841 100644 --- a/src/jail.c +++ b/src/jail.c @@ -77,7 +77,7 @@ f2b_jail_apply_config(f2b_jail_t *jail, f2b_config_section_t *section) { } if (strcmp(param->name, "maxretry") == 0) { jail->maxretry = atoi(param->value); - if (jail->maxretry <= 0) + if (jail->maxretry == 0) jail->maxretry = DEFAULT_MAXRETRY; continue; } From 38ce77a020a47734938900c01a7fc98119abcff4 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Tue, 30 Aug 2016 14:26:43 +1000 Subject: [PATCH 29/46] * jails_stop() : also free jails --- src/daemon.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/daemon.c b/src/daemon.c index ddd3827..c512a46 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -271,9 +271,14 @@ jails_start(f2b_config_t *config) { void jails_stop(f2b_jail_t *jails) { - for (f2b_jail_t *jail = jails; jail != NULL; jail = jail->next) + f2b_jail_t *jail = jails; + f2b_jail_t *next = NULL; + for (; jail != NULL; ) { + next = jail->next; f2b_jail_stop(jail); - jails = NULL; + free(jail); + jail = next; + } } int main(int argc, char *argv[]) { @@ -390,6 +395,7 @@ int main(int argc, char *argv[]) { memset(&config, 0x0, sizeof(config)); if (f2b_config_load(&config, opts.config_path, true)) { jails_stop(jails); + jails = NULL; if (config.defaults) f2b_jail_set_defaults(config.defaults); jails_start(&config); @@ -403,6 +409,7 @@ int main(int argc, char *argv[]) { f2b_csocket_destroy(opts.csock, opts.csocket_path); jails_stop(jails); + jails = NULL; return EXIT_SUCCESS; } From 605798dc342d10d45c88b933c2b70bfac4c43f52 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Tue, 30 Aug 2016 14:50:46 +1000 Subject: [PATCH 30/46] * 'shared = yes' for backends by default --- configs/conf-available/10-backend-exec-ipset.conf | 2 +- configs/conf-available/10-backend-redis.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configs/conf-available/10-backend-exec-ipset.conf b/configs/conf-available/10-backend-exec-ipset.conf index 992353e..a9d57f1 100644 --- a/configs/conf-available/10-backend-exec-ipset.conf +++ b/configs/conf-available/10-backend-exec-ipset.conf @@ -8,4 +8,4 @@ ban = /sbin/ipset -! add check = /sbin/ipset -! test unban = /sbin/ipset -! del timeout = 2 -shared = no +shared = yes diff --git a/configs/conf-available/10-backend-redis.conf b/configs/conf-available/10-backend-redis.conf index 10ad869..6e21c9b 100644 --- a/configs/conf-available/10-backend-redis.conf +++ b/configs/conf-available/10-backend-redis.conf @@ -1,6 +1,6 @@ [backend:redis] load = libf2b_backend_redis.so -shared = no +shared = yes timeout = 2 host = 127.0.0.1 port = 6379 From 14e2aef17572000d8bebf017fe6e0dc50aa3b4ed Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Tue, 30 Aug 2016 14:50:58 +1000 Subject: [PATCH 31/46] + configs/conf-available/10-backend-exec-ipfw.conf --- configs/conf-available/10-backend-exec-ipfw.conf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 configs/conf-available/10-backend-exec-ipfw.conf diff --git a/configs/conf-available/10-backend-exec-ipfw.conf b/configs/conf-available/10-backend-exec-ipfw.conf new file mode 100644 index 0000000..6efe0a5 --- /dev/null +++ b/configs/conf-available/10-backend-exec-ipfw.conf @@ -0,0 +1,6 @@ +[backend:exec-ipfw] +load = libf2b_backend_exec.so +ban = /sbin/ipfw table add +unban = /sbin/ipfw table delete +timeout = 2 +shared = yes From 0655fe84a18de8d457120470710b99669694ee21 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Thu, 1 Sep 2016 21:29:41 +1000 Subject: [PATCH 32/46] * rename tests utils --- src/CMakeLists.txt | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 6ceda77..56bc59d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -18,16 +18,18 @@ if (WITH_CLIENT) endif () set(SOURCES "strlcpy.c" "backend-test.c" "log.c" "config.c" "backend.c") -add_executable("backend-test" ${SOURCES}) +add_executable("f2b-backend-test" ${SOURCES}) set(SOURCES "strlcpy.c" "filter-test.c" "log.c" "config.c" "filter.c") -add_executable("filter-test" ${SOURCES}) +add_executable("f2b-filter-test" ${SOURCES}) if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") target_link_libraries(f2b "dl") - target_link_libraries("backend-test" "dl") - target_link_libraries("filter-test" "dl") + target_link_libraries("f2b-backend-test" "dl") + target_link_libraries("f2b-filter-test" "dl") endif () +install(TARGETS "f2b-filter-test" "f2b-backend-test" RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + add_subdirectory("backends") add_subdirectory("filters") From a9c75e9cd1c6668bb11cc367dc7e08bb192b49ec Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Thu, 1 Sep 2016 22:46:44 +1000 Subject: [PATCH 33/46] * use strl*() instead snprintf() in filters --- src/filters/CMakeLists.txt | 4 ++-- src/filters/filter.h | 2 ++ src/filters/pcre.c | 8 ++++---- src/filters/preg.c | 8 ++++---- t/CMakeLists.txt | 4 ++-- 5 files changed, 14 insertions(+), 12 deletions(-) diff --git a/src/filters/CMakeLists.txt b/src/filters/CMakeLists.txt index 6401f11..6e66da8 100644 --- a/src/filters/CMakeLists.txt +++ b/src/filters/CMakeLists.txt @@ -1,12 +1,12 @@ set(CMAKE_INCLUDE_CURRENT_DIR ON) set(FILTERS "") -add_library("f2b_filter_preg" MODULE "preg.c") +add_library("f2b_filter_preg" MODULE "preg.c" "../strlcpy.c") list(APPEND FILTERS "f2b_filter_preg") find_library(PCRE_FOUND "pcre") if (WITH_PCRE AND PCRE_FOUND) - add_library("f2b_filter_pcre" MODULE "pcre.c") + add_library("f2b_filter_pcre" MODULE "pcre.c" "../strlcpy.c") target_link_libraries("f2b_filter_pcre" "pcre") list(APPEND FILTERS "f2b_filter_pcre") endif () diff --git a/src/filters/filter.h b/src/filters/filter.h index 6c619e7..6fe16c7 100644 --- a/src/filters/filter.h +++ b/src/filters/filter.h @@ -13,6 +13,8 @@ #include #include +#include "../strlcpy.h" + #define ID_MAX 32 #define PATTERN_MAX 256 #define HOST_TOKEN "" diff --git a/src/filters/pcre.c b/src/filters/pcre.c index b7b371c..4239e5e 100644 --- a/src/filters/pcre.c +++ b/src/filters/pcre.c @@ -34,7 +34,7 @@ create(const char *id) { if ((cfg = calloc(1, sizeof(cfg_t))) == NULL) return NULL; - snprintf(cfg->id, sizeof(cfg->id), "%s", id); + strlcpy(cfg->id, id, sizeof(cfg->id)); return cfg; } @@ -85,8 +85,8 @@ append(cfg_t *cfg, const char *pattern) { memset(buf, 0x0, bufsize); memcpy(buf, pattern, token - pattern); - strcat(buf, HOST_REGEX); - strcat(buf, token + strlen(HOST_TOKEN)); + strlcat(buf, HOST_REGEX, bufsize); + strlcat(buf, token + strlen(HOST_TOKEN), bufsize); if ((regex = calloc(1, sizeof(f2b_regex_t))) == NULL) return false; @@ -111,7 +111,7 @@ append(cfg_t *cfg, const char *pattern) { regex->next = cfg->regexps; cfg->regexps = regex; - snprintf(regex->pattern, sizeof(regex->pattern), "%s", pattern); + strlcpy(regex->pattern, pattern, sizeof(regex->pattern)); return true; } diff --git a/src/filters/preg.c b/src/filters/preg.c index 3790fc0..68dc01e 100644 --- a/src/filters/preg.c +++ b/src/filters/preg.c @@ -32,7 +32,7 @@ create(const char *id) { if ((cfg = calloc(1, sizeof(cfg_t))) == NULL) return NULL; - snprintf(cfg->id, sizeof(cfg->id), "%s", id); + strlcpy(cfg->id, id, sizeof(cfg->id)); return cfg; } @@ -73,8 +73,8 @@ append(cfg_t *cfg, const char *pattern) { memset(buf, 0x0, bufsize); memcpy(buf, pattern, token - pattern); - strcat(buf, HOST_REGEX); - strcat(buf, token + strlen(HOST_TOKEN)); + strlcat(buf, HOST_REGEX, bufsize); + strlcat(buf, token + strlen(HOST_TOKEN), bufsize); if ((regex = calloc(1, sizeof(f2b_regex_t))) == NULL) return false; @@ -82,7 +82,7 @@ append(cfg_t *cfg, const char *pattern) { if (regcomp(®ex->regex, buf, flags) == 0) { regex->next = cfg->regexps; cfg->regexps = regex; - snprintf(regex->pattern, sizeof(regex->pattern), "%s", pattern); + strlcpy(regex->pattern, pattern, sizeof(regex->pattern)); return true; } diff --git a/t/CMakeLists.txt b/t/CMakeLists.txt index bc257e0..6fdee34 100644 --- a/t/CMakeLists.txt +++ b/t/CMakeLists.txt @@ -14,11 +14,11 @@ add_test("tests/f2b_matches_*" "t_matches") add_test("tests/f2b_ipaddr_*" "t_ipaddr") add_test("tests/f2b_config_param*" "t_config_param") -add_executable("t_filter_preg" "t_filters.c" "${SRC_DIR}/filters/preg.c") +add_executable("t_filter_preg" "t_filters.c" "${SRC_DIR}/filters/preg.c" "${SRC_DIR}/strlcpy.c") add_test("tests/filter/preg" "t_filter_preg") if (WITH_PCRE) add_test("tests/filter/pcre" "t_filter_pcre") -add_executable("t_filter_pcre" "t_filters.c" "${SRC_DIR}/filters/pcre.c") +add_executable("t_filter_pcre" "t_filters.c" "${SRC_DIR}/filters/pcre.c" "${SRC_DIR}/strlcpy.c") target_link_libraries("t_filter_pcre" "pcre") endif () From 3dbf0eac70a06df8b3cf9a6aa2e99b3f6b4950f0 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Thu, 1 Sep 2016 22:48:16 +1000 Subject: [PATCH 34/46] * fix segfault in preg filter --- src/filters/preg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/filters/preg.c b/src/filters/preg.c index 68dc01e..d3f3d0a 100644 --- a/src/filters/preg.c +++ b/src/filters/preg.c @@ -141,7 +141,7 @@ match(cfg_t *cfg, const char *line, char *buf, size_t buf_size) { assert(buf_size > match_len); memcpy(buf, &line[match[1].rm_so], match_len); buf[match_len] = '\0'; - buf[buf_size] = '\0'; + buf[buf_size - 1] = '\0'; return true; } From fa1d35549c2c995b4d3177acda9f435555f5f925 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Thu, 1 Sep 2016 22:57:18 +1000 Subject: [PATCH 35/46] * use strl*() instead snprintf() in backends --- src/backends/CMakeLists.txt | 4 ++-- src/backends/exec.c | 4 +++- src/backends/redis.c | 13 ++++++++----- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/src/backends/CMakeLists.txt b/src/backends/CMakeLists.txt index 87597d2..89ee271 100644 --- a/src/backends/CMakeLists.txt +++ b/src/backends/CMakeLists.txt @@ -1,12 +1,12 @@ set(CMAKE_INCLUDE_CURRENT_DIR ON) set(BACKENDS "") -add_library("f2b_backend_exec" MODULE "exec.c") +add_library("f2b_backend_exec" MODULE "exec.c" "../strlcpy.c") list(APPEND BACKENDS "f2b_backend_exec") find_library(REDIS_FOUND "pcre") if (WITH_REDIS AND REDIS_FOUND) - add_library("f2b_backend_redis" MODULE "redis.c") + add_library("f2b_backend_redis" MODULE "redis.c" "../strlcpy.c") target_link_libraries("f2b_backend_redis" "hiredis") list(APPEND BACKENDS "f2b_backend_redis") endif () diff --git a/src/backends/exec.c b/src/backends/exec.c index b16a97a..a0dbf3e 100644 --- a/src/backends/exec.c +++ b/src/backends/exec.c @@ -13,6 +13,8 @@ #include #include +#include "../strlcpy.h" + #include "backend.h" #include "shared.c" @@ -157,7 +159,7 @@ create(const char *id) { if ((cfg = calloc(1, sizeof(cfg_t))) == NULL) return NULL; - snprintf(cfg->name, sizeof(cfg->name), "%s", id); + strlcpy(cfg->name, id, sizeof(cfg->name)); return cfg; } diff --git a/src/backends/redis.c b/src/backends/redis.c index ee79a27..0bc06bd 100644 --- a/src/backends/redis.c +++ b/src/backends/redis.c @@ -17,6 +17,8 @@ #include +#include "../strlcpy.h" + #include "backend.h" #include "shared.c" @@ -98,8 +100,9 @@ create(const char *id) { if ((cfg = calloc(1, sizeof(cfg_t))) == NULL) return NULL; - snprintf(cfg->name, sizeof(cfg->name), "%s", id); - snprintf(cfg->hash, sizeof(cfg->hash), "f2b-banned-%s", id); + strlcpy(cfg->name, id, sizeof(cfg->name)); + strlcpy(cfg->hash, "f2b-banned-", sizeof(cfg->hash)); + strlcat(cfg->hash, id, sizeof(cfg->hash)); return cfg; } @@ -119,7 +122,7 @@ config(cfg_t *cfg, const char *key, const char *value) { return true; } if (strcmp(key, "host") == 0) { - snprintf(cfg->host, sizeof(cfg->host), "%s", value); + strlcpy(cfg->host, value, sizeof(cfg->host)); return true; } if (strcmp(key, "port") == 0) { @@ -131,7 +134,7 @@ config(cfg_t *cfg, const char *key, const char *value) { return true; } if (strcmp(key, "password") == 0) { - snprintf(cfg->password, sizeof(cfg->password), "%s", value); + strlcpy(cfg->password, value, sizeof(cfg->password)); return true; } @@ -239,7 +242,7 @@ ping(cfg_t *cfg) { if (reply) { bool result = true; if (reply->type == REDIS_REPLY_ERROR) { - snprintf(cfg->error, sizeof(cfg->error), "%s", reply->str); + strlcpy(cfg->error, reply->str, sizeof(cfg->error)); result = false; } freeReplyObject(reply); From eea99527616429fe31e2ffad0098e893d1b393e9 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Thu, 1 Sep 2016 23:02:21 +1000 Subject: [PATCH 36/46] * filters/ssh.preg --- filters/ssh.preg | 1 + 1 file changed, 1 insertion(+) diff --git a/filters/ssh.preg b/filters/ssh.preg index 4f2bbc2..d1c63a1 100644 --- a/filters/ssh.preg +++ b/filters/ssh.preg @@ -6,6 +6,7 @@ Received disconnect from : [0-9]*: [[:print:]]+: Auth fail Did not receive identification string from Invalid user [[:print:]]+ from Connection closed by \[preauth\] +Postponed keyboard-interactive for invalid user [[:print:]]+ from port [0-9]+ User [[:print:]]+ from not allowed because not listed in AllowUsers User [[:print:]]+ from not allowed because listed in DenyUsers User [[:print:]]+ from not allowed because not in any group From 2b27e05028e316d96b01bff37e1be53a175c40d5 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Fri, 9 Sep 2016 18:04:26 +1000 Subject: [PATCH 37/46] * f2b_logfile_getline() : fix --- src/logfile.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/logfile.c b/src/logfile.c index b61308b..bd2fd2f 100644 --- a/src/logfile.c +++ b/src/logfile.c @@ -71,6 +71,12 @@ f2b_logfile_rotated(const f2b_logfile_t *file) { bool f2b_logfile_getline(const f2b_logfile_t *file, char *buf, size_t bufsize) { + assert(file != NULL); + assert(buf != NULL); + + if (feof(file->fd)) + clearerr(file->fd); + /* fread()+EOF set is implementation defined */ if (fgets(buf, bufsize, file->fd) != NULL) return true; From 0e8bd9ee0b6c7758ebc537192b5c0306e4dd7699 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Fri, 9 Sep 2016 18:08:47 +1000 Subject: [PATCH 38/46] * fix ssh filter --- filters/ssh.preg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filters/ssh.preg b/filters/ssh.preg index d1c63a1..940dafb 100644 --- a/filters/ssh.preg +++ b/filters/ssh.preg @@ -5,7 +5,7 @@ refused connect from [[:print:]]+ \(\) Received disconnect from : [0-9]*: [[:print:]]+: Auth fail Did not receive identification string from Invalid user [[:print:]]+ from -Connection closed by \[preauth\] +Connection closed by ( port [0-9]+)? \[preauth\] Postponed keyboard-interactive for invalid user [[:print:]]+ from port [0-9]+ User [[:print:]]+ from not allowed because not listed in AllowUsers User [[:print:]]+ from not allowed because listed in DenyUsers From 589e5d7a7bf34c419336ab6483d9b580557ea21e Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Fri, 9 Sep 2016 22:16:48 +1000 Subject: [PATCH 39/46] * apply CMAKE_INSTALL_PREFIX to configs --- CMakeLists.txt | 11 +++++++++-- configs/{f2b.conf.sample => f2b.conf.in} | 5 ++--- 2 files changed, 11 insertions(+), 5 deletions(-) rename configs/{f2b.conf.sample => f2b.conf.in} (73%) diff --git a/CMakeLists.txt b/CMakeLists.txt index eef3b7f..1217727 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -57,8 +57,15 @@ add_subdirectory(t) set_property(DIRECTORY "t" PROPERTY COMPILE_FLAGS "-g;-ggdb;-Wall;-Wextra;-pedantic;-O0") install(DIRECTORY "filters" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/f2b") -install(DIRECTORY "configs/" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/f2b") -install(FILES "configs/f2b.conf.sample" DESTINATION "${CMAKE_INSTALL_SYSCONFDIR}/f2b/" RENAME "f2b.conf") +file(GLOB_RECURSE CONFIGS "*.conf.in") +foreach(CONFIG ${CONFIGS}) + string(REPLACE ".conf.in" ".conf" GENERATED ${CONFIG}) + configure_file(${CONFIG} ${GENERATED}) +endforeach() +install(DIRECTORY "configs/" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/f2b" + FILES_MATCHING PATTERN "*.conf") +install(FILES "configs/f2b.conf" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/f2b" + RENAME "f2b.conf.sample") add_custom_target("dist" COMMAND "git" "archive" "--format=tar.gz" diff --git a/configs/f2b.conf.sample b/configs/f2b.conf.in similarity index 73% rename from configs/f2b.conf.sample rename to configs/f2b.conf.in index 8f9df04..8047afe 100644 --- a/configs/f2b.conf.sample +++ b/configs/f2b.conf.in @@ -1,5 +1,5 @@ [main] -includes = /etc/f2b/conf-enabled +includes = ${CMAKE_INSTALL_FULL_SYSCONFDIR}/f2b/conf-enabled pidfile = /var/run/f2b.pid logdest = syslog loglevel = info @@ -17,9 +17,8 @@ incr_bantime = 0.0 incr_findtime = 0.0 maxretry = 5 source = files:/var/log/messages -; filter = preg:/etc/f2b/filters/$someservice.preg backend = exec-ipset:banned [jail:ssh] source = files:/var/log/auth.log -filter = preg:/etc/f2b/filters/ssh.preg +filter = preg:${CMAKE_INSTALL_FULL_DATAROOTDIR}/f2b/filters/ssh.preg From f043036197f3081cca6f980775768affbd3720b2 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Fri, 9 Sep 2016 22:44:28 +1000 Subject: [PATCH 40/46] * make directory for custom configs --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1217727..350ba0f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -66,6 +66,7 @@ install(DIRECTORY "configs/" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/f2b" FILES_MATCHING PATTERN "*.conf") install(FILES "configs/f2b.conf" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/f2b" RENAME "f2b.conf.sample") +file(MAKE_DIRECTORY "${CMAKE_INSTALL_SYSCONFDIR}/f2b/conf-enabled") add_custom_target("dist" COMMAND "git" "archive" "--format=tar.gz" From 552515ba0dc9d5a4a4bbaa0b36f1cb60969c0d1e Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Fri, 9 Sep 2016 22:44:39 +1000 Subject: [PATCH 41/46] * tune default build options --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 350ba0f..5ba31b2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -8,9 +8,9 @@ include(CTest) option(WITH_CLIENT "Simple client for configuring daemon" ON) option(WITH_CSOCKET "Unix control socket support for daemon" ON) -option(WITH_HARDENING "Enable hardening options" OFF) +option(WITH_HARDENING "Enable hardening options" ON) option(WITH_PCRE "Build pcre-compatible filter" ON) -option(WITH_REDIS "Build redis backend" ON) +option(WITH_REDIS "Build redis backend" OFF) if (NOT DEFINED CMAKE_INSTALL_PREFIX) set(CMAKE_INSTALL_PREFIX "/usr") From aeb55d037e5f9ef346c764646c754e36a835e78d Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Fri, 9 Sep 2016 23:00:33 +1000 Subject: [PATCH 42/46] * tune configs location --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5ba31b2..ad94241 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -62,9 +62,9 @@ foreach(CONFIG ${CONFIGS}) string(REPLACE ".conf.in" ".conf" GENERATED ${CONFIG}) configure_file(${CONFIG} ${GENERATED}) endforeach() -install(DIRECTORY "configs/" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/f2b" +install(DIRECTORY "configs/" DESTINATION "${CMAKE_INSTALL_SYSCONFDIR}/f2b" FILES_MATCHING PATTERN "*.conf") -install(FILES "configs/f2b.conf" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/f2b" +install(FILES "configs/f2b.conf" DESTINATION "${CMAKE_INSTALL_SYSCONFDIR}/f2b" RENAME "f2b.conf.sample") file(MAKE_DIRECTORY "${CMAKE_INSTALL_SYSCONFDIR}/f2b/conf-enabled") From 40a7004490d781ec00b6a183bacdb9f09fb830bd Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Mon, 12 Sep 2016 10:25:27 +1000 Subject: [PATCH 43/46] * enable 'icase' for filters by default --- configs/conf-available/15-filter-pcre.conf | 2 +- configs/conf-available/15-filter-preg.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configs/conf-available/15-filter-pcre.conf b/configs/conf-available/15-filter-pcre.conf index d090d69..ad702e5 100644 --- a/configs/conf-available/15-filter-pcre.conf +++ b/configs/conf-available/15-filter-pcre.conf @@ -1,5 +1,5 @@ [filter:pcre] load = libf2b_filter_pcre.so -icase = no +icase = yes study = yes usejit = no diff --git a/configs/conf-available/15-filter-preg.conf b/configs/conf-available/15-filter-preg.conf index a764326..03d878d 100644 --- a/configs/conf-available/15-filter-preg.conf +++ b/configs/conf-available/15-filter-preg.conf @@ -1,3 +1,3 @@ [filter:preg] load = libf2b_filter_preg.so -icase = no +icase = yes From 05b1f8423daae61cd344e810bf101124c19d2589 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Mon, 12 Sep 2016 13:47:46 +1000 Subject: [PATCH 44/46] * try to fix parsing of 'jail regex add ' --- src/commands.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/commands.c b/src/commands.c index 2d62454..bb4ac5c 100644 --- a/src/commands.c +++ b/src/commands.c @@ -169,8 +169,17 @@ f2b_cmd_parse(const char *src, char *buf, size_t buflen) { if (tokenc == 4 && strcmp(tokens[2], "regex") == 0 && strcmp(tokens[3], "stats") == 0) { return CMD_JAIL_REGEX_STATS; } - if (tokenc == 5 && strcmp(tokens[2], "regex") == 0 && strcmp(tokens[3], "add") == 0) { - strlcat(buf, tokens[4], buflen); + if (tokenc >= 5 && strcmp(tokens[2], "regex") == 0 && strcmp(tokens[3], "add") == 0) { + /* TODO: rewrite, this version is very error-prone */ + char *regex = strstr(src, "add"); + regex += strlen("add"); + while (isblank(*regex)) + regex++; + if (*regex == '\0') { + /* empty regex */ + return CMD_NONE; + } + strlcat(buf, regex, buflen); strlcat(buf, "\n", buflen); return CMD_JAIL_REGEX_ADD; } From fe903b6c893273cb9409f6b8a517d2f44f19cd4e Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Tue, 13 Sep 2016 17:14:18 +1000 Subject: [PATCH 45/46] + add changelog --- ChangeLog | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 ChangeLog diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..f135277 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,42 @@ +# Change Log +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/) +and this project adheres to [Semantic Versioning](http://semver.org/). + +## Unreleased + +## [0.3] - 2016-09-12 +### Added + + * "jail regex stats" command + * "jail regex add" command + * apply CMAKE_INSTALL_PREFIX to configs + * added config for exec backend for ipfw + * redis backend (experimental) + * added config reload + * log file rotation + +### Changed + + * enable 'icase' for filters by default + * enable 'sharing' for backends by default + * tune configs location + * enable hardening in build opts by default + * fix ssh filter patterns + * use strl*() instead snprintf()/strncpy() in backends + * rename tests utils + * print date/time in log file + * disable buffering for logfile + * add stats() funtion to filter's api + +### Fixed + + * fix segfault in preg filter + * fix cppcheck warnings + * fix bsd build + * fix termination of daemon + +## [0.2] - 2016-08-21 + + * Initial public release From 4d3ea70afd76ae27d638146b29b0591a1f72e7eb Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Tue, 13 Sep 2016 17:14:29 +1000 Subject: [PATCH 46/46] * bump version --- CMakeLists.txt | 2 +- debian/changelog | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ad94241..a80be2f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,5 @@ set(CNAME "f2b") -set(VERSION 0.2) +set(VERSION 0.3) project(${CNAME} C) cmake_minimum_required(VERSION 2.6) diff --git a/debian/changelog b/debian/changelog index 3babdeb..ee645e1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +f2b (0.3-1) unstable; urgency=medium + + * new version + + -- Alex 'AdUser' Z Tue, 13 Sep 2016 16:55:43 +1000 + f2b (0.2-1) unstable; urgency=low * Initial release