You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 lines
4.9 KiB
143 lines
4.9 KiB
/* Copyright 2016 Alex 'AdUser' Z (ad_user@runbox.com) |
|
* |
|
* This program is free software; you can redistribute it and/or modify |
|
* it under the terms of the GNU General Public License version 2 as |
|
* published by the Free Software Foundation. |
|
*/ |
|
#ifndef F2B_JAIL_H_ |
|
#define F2B_JAIL_H_ |
|
|
|
#include "log.h" |
|
#include "ipaddr.h" |
|
#include "config.h" |
|
#include "appconfig.h" |
|
#include "statefile.h" |
|
#include "source.h" |
|
#include "filter.h" |
|
#include "backend.h" |
|
|
|
/** |
|
* @file |
|
* This header describes jail definition and related routines |
|
*/ |
|
|
|
/* jail flags */ |
|
#define JAIL_ENABLED 0x01 |
|
#define JAIL_HAS_STATE 0x02 |
|
#define JAIL_HAS_FILTER 0x04 |
|
|
|
/** jail metadata struct */ |
|
typedef struct f2b_jail_t { |
|
struct f2b_jail_t *next; /**< pointer to next jail */ |
|
char name[CONFIG_KEY_MAX]; /**< name of the jail */ |
|
int flags; /**< jail flags, see above */ |
|
size_t maxretry; /**< option: maximum count of matches before ban */ |
|
/* duration of misc time periods */ |
|
time_t findtime; /**< option: length of time period for estimating recent host activity (in seconds) */ |
|
time_t bantime; /**< option: host ban time on excess activity (seconds) */ |
|
time_t expiretime; /**< option: forget about host after this time with no activity (seconds, for banned hosts - after it's release, for not banned - after latest match) */ |
|
/** time period length modifiers for already banned hosts */ |
|
float findtime_extend; /**< findtime modifier for already banned hosts in past (float) */ |
|
float bantime_extend; /**< bantime modifier for already banned hosts in past (float) */ |
|
float expiretime_extend; /**< expiretime modifier for already banned hosts in past (float) */ |
|
/* jail stats */ |
|
struct { |
|
unsigned int hosts; /**< number of tracked hosts */ |
|
unsigned int bans; /**< number of ban events */ |
|
unsigned int matches; /**< number of match events */ |
|
} stats; |
|
f2b_source_t *source; /**< pointer to source */ |
|
f2b_filter_t *filter; /**< pointer to filter */ |
|
f2b_backend_t *backend; /**< pointer to backend */ |
|
f2b_statefile_t *sfile; /**< pointer to state file description */ |
|
f2b_ipaddr_t *ipaddrs; /**< list of known ip addresses */ |
|
} f2b_jail_t; |
|
|
|
/** |
|
* @var jails |
|
* Global list of Defined jails |
|
*/ |
|
extern f2b_jail_t *jails; |
|
|
|
/** |
|
* @brief Apply defaults to jail template (affects later f2b_jail_create()) |
|
* @param section 'defaults' section from config |
|
*/ |
|
void f2b_jail_set_defaults(f2b_config_section_t *section); |
|
/** |
|
* @brief Create jail struct and init it's metadata |
|
* @param section Jail config section |
|
* @return Pointer to allocated jail or NULL on error |
|
*/ |
|
f2b_jail_t *f2b_jail_create (f2b_config_section_t *section); |
|
/** |
|
* @brief Find jail in jail list by name |
|
* @param list Jails list |
|
* @param name Jail name |
|
* @returns Pointer to wanted jail or NULL if not found |
|
*/ |
|
f2b_jail_t *f2b_jail_find (f2b_jail_t *list, const char *name); |
|
/** |
|
* @brief Set tunable parameter of jail |
|
* @param jail Jail pointer |
|
* @param param Parameter name |
|
* @param value Parameter value |
|
* @return true if parameter set, false if not found |
|
*/ |
|
bool f2b_jail_set_param(f2b_jail_t *jail, const char *param, const char *value); |
|
/** |
|
* @brief Setup source, filter and backend in jail |
|
* @param jail Jail pointer |
|
* @param config Pointer to f2b config |
|
* @return true on success, false on error |
|
*/ |
|
bool f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config); |
|
/** |
|
* @brief Load state file and restore bans |
|
* @param jail Jail pointer |
|
* @returns true on success, false on error |
|
*/ |
|
bool f2b_jail_start(f2b_jail_t *jail); |
|
/** |
|
* @brief Jail main maintenance routine |
|
* Polls source for data, match against filter (if set), manage matches, |
|
* ban ips, that exceeded their limit, unban ips after bantime expire |
|
* @param jail Jail for processing |
|
*/ |
|
void f2b_jail_process (f2b_jail_t *jail); |
|
/** |
|
* @brief Correctly shutdown given jail |
|
* @param jail Jail pointer |
|
* @note Jail structure not deallocated |
|
*/ |
|
bool f2b_jail_stop (f2b_jail_t *jail); |
|
|
|
/* handlers for csocket commands processing */ |
|
|
|
/** |
|
* @brief Get jail status |
|
* @param res Response buffer |
|
* @param ressize Size of buffer above |
|
* @param jail Jail pointer |
|
*/ |
|
void f2b_jail_cmd_status (char *res, size_t ressize, f2b_jail_t *jail); |
|
/** |
|
* @brief Get jail status |
|
* @param res Response buffer |
|
* @param ressize Size of buffer above |
|
* @param jail Jail pointer |
|
* @param param Parameter name |
|
* @param value Parameter value |
|
*/ |
|
void f2b_jail_cmd_set (char *res, size_t ressize, f2b_jail_t *jail, const char *param, const char *value); |
|
/** |
|
* @brief ipaddr manage routine in given jail |
|
* @param res Response buffer |
|
* @param ressize Size of buffer above |
|
* @param jail Jail pointer |
|
* @param op Operation for ipaddr >0 - ban, 0 - check, <0 - unban |
|
* @param ip Ip address |
|
*/ |
|
void f2b_jail_cmd_ip_xxx (char *res, size_t ressize, f2b_jail_t *jail, int op, const char *ip); |
|
|
|
#endif /* F2B_JAIL_H_ */
|
|
|