Browse Source

* make source optional in jail

master
Alex 'AdUser' Z 4 years ago
parent
commit
b2e1de7524
  1. 1
      configs/f2b.conf.in
  2. 31
      src/jail.c
  3. 1
      src/jail.h

1
configs/f2b.conf.in

@ -20,7 +20,6 @@ expiretime = 14400
bantime_extend = 0.2 bantime_extend = 0.2
findtime_extend = 0.07 findtime_extend = 0.07
banscore = 50 banscore = 50
source = files:/var/log/messages
backend = exec-ipset:banned backend = exec-ipset:banned
[csocket] [csocket]

31
src/jail.c

@ -146,6 +146,7 @@ f2b_jail_apply_config(f2b_jail_t *jail, f2b_config_section_t *section) {
if (strcmp(param->name, "source") == 0) { if (strcmp(param->name, "source") == 0) {
f2b_jail_parse_compound_value(param->value, name, init); f2b_jail_parse_compound_value(param->value, name, init);
jail->source = f2b_source_create(name, init); jail->source = f2b_source_create(name, init);
jail->flags |= JAIL_HAS_SOURCE;
continue; continue;
} }
if (strcmp(param->name, "filter") == 0) { if (strcmp(param->name, "filter") == 0) {
@ -306,7 +307,9 @@ f2b_jail_process(f2b_jail_t *jail) {
f2b_backend_ping(jail->backend); f2b_backend_ping(jail->backend);
while ((stag = f2b_source_next(jail->source, line, sizeof(line), reset)) > 0) { while (jail->flags & JAIL_HAS_SOURCE) {
if ((stag = f2b_source_next(jail->source, line, sizeof(line), reset)) <= 0)
break; /* no more data */
reset = false; reset = false;
if (jail->flags & JAIL_HAS_FILTER) { if (jail->flags & JAIL_HAS_FILTER) {
if ((ftag = f2b_filter_match(jail->filter, line, matchbuf, sizeof(matchbuf), &score)) == 0) if ((ftag = f2b_filter_match(jail->filter, line, matchbuf, sizeof(matchbuf), &score)) == 0)
@ -409,17 +412,15 @@ f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config) {
assert(jail != NULL); assert(jail != NULL);
assert(config != NULL); assert(config != NULL);
if (!jail->source) { if (jail->flags & JAIL_HAS_SOURCE) {
f2b_log_msg(log_error, "jail '%s': missing 'source' option", jail->name); if ((section = f2b_config_section_find(config->sources, jail->source->name)) == NULL) {
goto cleanup1; f2b_log_msg(log_error, "jail '%s': no source with name '%s'", jail->name, jail->source->name);
} goto cleanup1;
if ((section = f2b_config_section_find(config->sources, jail->source->name)) == NULL) { }
f2b_log_msg(log_error, "jail '%s': no source with name '%s'", jail->name, jail->source->name); if (!f2b_source_init(jail->source, section)) {
goto cleanup1; f2b_log_msg(log_error, "jail '%s': can't init source '%s' with %s", jail->name, jail->source->name, jail->source->init);
} goto cleanup1;
if (!f2b_source_init(jail->source, section)) { }
f2b_log_msg(log_error, "jail '%s': can't init source '%s' with %s", jail->name, jail->source->name, jail->source->init);
goto cleanup1;
} }
if (jail->flags & JAIL_HAS_FILTER) { if (jail->flags & JAIL_HAS_FILTER) {
@ -431,7 +432,7 @@ f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config) {
f2b_log_msg(log_error, "jail '%s': no regexps loaded from '%s'", jail->name, jail->filter->init); f2b_log_msg(log_error, "jail '%s': no regexps loaded from '%s'", jail->name, jail->filter->init);
goto cleanup2; goto cleanup2;
} }
} else if (jail->source->flags & MOD_NEED_FILTER) { } else if (jail->source && jail->source->flags & MOD_NEED_FILTER) {
f2b_log_msg(log_error, "jail '%s': source '%s' needs filter, but jail has no one", jail->name, jail->source->name); f2b_log_msg(log_error, "jail '%s': source '%s' needs filter, but jail has no one", jail->name, jail->source->name);
goto cleanup1; goto cleanup1;
} }
@ -451,7 +452,7 @@ f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config) {
} }
/* start all */ /* start all */
if (!f2b_source_start(jail->source)) { if (jail->source && !f2b_source_start(jail->source)) {
f2b_log_msg(log_warn, "jail '%s': source action 'start' failed", jail->name); f2b_log_msg(log_warn, "jail '%s': source action 'start' failed", jail->name);
goto cleanup3; goto cleanup3;
} }
@ -567,6 +568,7 @@ f2b_jail_cmd_status(char *res, size_t ressize, f2b_jail_t *jail) {
"flags:\n" "flags:\n"
" enabled: %s\n" " enabled: %s\n"
" state: %s\n" " state: %s\n"
" source: %s\n"
" filter: %s\n"; " filter: %s\n";
const char *fmt2 = const char *fmt2 =
"times:\n" "times:\n"
@ -586,6 +588,7 @@ f2b_jail_cmd_status(char *res, size_t ressize, f2b_jail_t *jail) {
jail->name, jail->banscore, jail->name, jail->banscore,
jail->flags & JAIL_ENABLED ? "yes" : "no", jail->flags & JAIL_ENABLED ? "yes" : "no",
jail->flags & JAIL_HAS_STATE ? "yes" : "no", jail->flags & JAIL_HAS_STATE ? "yes" : "no",
jail->flags & JAIL_HAS_SOURCE ? "yes" : "no",
jail->flags & JAIL_HAS_FILTER ? "yes" : "no" jail->flags & JAIL_HAS_FILTER ? "yes" : "no"
); );
snprintf(buf, sizeof(buf), fmt2, snprintf(buf, sizeof(buf), fmt2,

1
src/jail.h

@ -16,6 +16,7 @@
#define JAIL_ENABLED 0x01 #define JAIL_ENABLED 0x01
#define JAIL_HAS_STATE 0x02 #define JAIL_HAS_STATE 0x02
#define JAIL_HAS_FILTER 0x04 #define JAIL_HAS_FILTER 0x04
#define JAIL_HAS_SOURCE 0x08
/** jail metadata struct */ /** jail metadata struct */
typedef struct f2b_jail_t { typedef struct f2b_jail_t {

Loading…
Cancel
Save