ad_user
/
f2b
2
2
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
717 Commits
1 Branch
7 Tags
37 MiB
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
f2b/src/jail.h

144 lines
4.9 KiB
Raw Permalink Blame History

/* Copyright 2016 Alex 'AdUser' Z (ad_user@runbox.com)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#ifndef F2B_JAIL_H_
#define F2B_JAIL_H_
/**
* @file
* This header describes jail definition and related routines
*/
/* jail flags */
#define JAIL_CONFIGURED 1 /* loaded all modules */
#define JAIL_ENABLED 2 /* poll for new events? */
/* reserved : 4 */
#define JAIL_HAS_STATE 8
#define JAIL_HAS_SOURCE 16
#define JAIL_HAS_FILTER 32
#define JAIL_HAS_BACKEND 64
/** jail metadata struct */
typedef struct f2b_jail_t {
struct f2b_jail_t *next; /**< pointer to next jail */
char name[CONFIG_KEY_MAX]; /**< name of the jail */
unsigned int flags; /**< jail flags, see above */
short int banscore; /**< option: minimum amount of score to ban host */
/* duration of misc time periods */
time_t findtime; /**< option: length of time period for estimating recent host activity (in seconds) */
time_t bantime; /**< option: host ban time on excess activity (seconds) */
time_t expiretime; /**< option: forget about host after this time with no activity (seconds, for banned hosts - after it's release, for not banned - after latest match) */
/** time period length modifiers for already banned hosts */
float findtime_extend; /**< (float, 0.0 - 1.0) */
float bantime_extend; /**< (float, 0.0 - 1.0) */
float expiretime_extend; /**< (float, 0.0 - 1.0) */
/* jail stats */
struct {
unsigned int hosts; /**< number of tracked hosts */
unsigned int bans; /**< number of ban events */
unsigned int matches; /**< number of match events */
} stats;
char source_name[CONFIG_KEY_MAX];
char source_init[CONFIG_VAL_MAX];
char filter_name[CONFIG_KEY_MAX];
char filter_init[CONFIG_VAL_MAX];
char backend_name[CONFIG_KEY_MAX];
char backend_init[CONFIG_VAL_MAX];
f2b_source_t *source; /**< pointer to source */
f2b_filter_t *filter; /**< pointer to filter */
f2b_backend_t *backend; /**< pointer to backend */
f2b_statefile_t *sfile; /**< pointer to state file description */
f2b_ipaddr_t *ipaddrs; /**< list of known ip addresses */
} f2b_jail_t;
/**
* @var jails
* Global list of Defined jails
*/
extern f2b_jail_t *jails;
/**
* @brief Apply defaults to jail template (affects later f2b_jail_create())
* @param section 'defaults' section from config
*/
void f2b_jail_set_defaults(f2b_config_section_t *section);
/**
* @brief Create jail struct and init it's metadata
* @param section Jail config section
* @return Pointer to allocated jail or NULL on error
*/
f2b_jail_t *f2b_jail_create (f2b_config_section_t *section);
/**
* @brief Find jail in jail list by name
* @param list Jails list
* @param name Jail name
* @returns Pointer to wanted jail or NULL if not found
*/
f2b_jail_t *f2b_jail_find (f2b_jail_t *list, const char *name);
/**
* @brief Set tunable parameter of jail
* @param jail Jail pointer
* @param param Parameter name
* @param value Parameter value
* @return true if parameter set, false if not found
*/
bool f2b_jail_set_param(f2b_jail_t *jail, const char *param, const char *value);
/**
* @brief Setup source, filter and backend in jail
* @param jail Jail pointer
* @param config Pointer to f2b config
* @return true on success, false on error
*/
bool f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config);
/**
* @brief Load state file and restore bans
* @param jail Jail pointer
* @returns true on success, false on error
*/
bool f2b_jail_start(f2b_jail_t *jail);
/**
* @brief Jail main maintenance routine
* Polls source for data, match against filter (if set), manage matches,
* ban ips, that exceeded their limit, unban ips after bantime expire
* @param jail Jail for processing
*/
void f2b_jail_process (f2b_jail_t *jail);
/**
* @brief Correctly shutdown given jail
* @param jail Jail pointer
* @note Jail structure not deallocated
*/
bool f2b_jail_stop (f2b_jail_t *jail);
/* handlers for csocket commands processing */
/**
* @brief Get jail status
* @param res Response buffer
* @param ressize Size of buffer above
* @param jail Jail pointer
*/
void f2b_jail_cmd_status (char *res, size_t ressize, f2b_jail_t *jail);
/**
* @brief Get jail status
* @param res Response buffer
* @param ressize Size of buffer above
* @param jail Jail pointer
* @param param Parameter name
* @param value Parameter value
*/
void f2b_jail_cmd_set (char *res, size_t ressize, f2b_jail_t *jail, const char *param, const char *value);
/**
* @brief ipaddr manage routine in given jail
* @param res Response buffer
* @param ressize Size of buffer above
* @param jail Jail pointer
* @param op Operation for ipaddr >0 - ban, 0 - check, <0 - unban
* @param ip Ip address
*/
void f2b_jail_cmd_ip_xxx (char *res, size_t ressize, f2b_jail_t *jail, int op, const char *ip);
#endif /* F2B_JAIL_H_ */