diff --git a/main.c b/main.c
index 0feacdc..e418ba6 100644
--- a/main.c
+++ b/main.c
@@ -14,6 +14,8 @@
// #define ACCESS_LOG_FILE "access.log.1"
#define ACCESS_LOG_FILE "/var/log/nginx/access.log"
+#define MAX_IP_LENGTH 16 // 40 for ipv6
+
#define print_bool_opt(x) \
if (x) { \
fprintf(stderr, #x ": true\n"); \
@@ -138,9 +140,9 @@ void read_lines_cb(const char* filename, void cb(char*, void*), void* cbData)
}
int count = 0;
- char* buf = xmalloc(10000);
+ char* buf = xmalloc(1000);
clock_t times[1000];
- while (fgets(buf, 10000, file) != NULL)
+ while (fgets(buf, 1000, file) != NULL)
{
if (buf[0] == '#')
{
@@ -148,10 +150,11 @@ void read_lines_cb(const char* filename, void cb(char*, void*), void* cbData)
}
count++;
buf[strcspn(buf, "\n")] = 0;
- char* line = strdup(buf);
+ cb(buf, cbData);
- cb(line, cbData);
- free(line);
+ // char* line = strdup(buf);
+ // cb(line, cbData);
+ // free(line);
times[count % 1000] = clock();
if (print_progress && count % 10 == 0)
@@ -185,8 +188,8 @@ char** read_lines(const char* filename)
int count = 0;
{
- char* buf = xmalloc(10000);
- while (fgets(buf, 10000, file) != NULL)
+ char* buf = xmalloc(1000);
+ while (fgets(buf, 1000, file) != NULL)
{
if (buf[0] == '#')
{
@@ -207,10 +210,10 @@ char** read_lines(const char* filename)
rewind(file);
char** lines = xmalloc((count + 1) * sizeof(char*));
- char* buf = xmalloc(10000);
+ char* buf = xmalloc(1000);
for (int i = 0; i < count; i++)
{
- if (fgets(buf, 10000, file) == NULL)
+ if (fgets(buf, 1000, file) == NULL)
{
fprintf(stderr, "Error reading line %d from %s\n", i + 1, filename);
free(buf);
@@ -229,7 +232,7 @@ char** read_lines(const char* filename)
double elapsed = (clock() - lastPrint) * 1000.0 / CLOCKS_PER_SEC;
if (print_progress && elapsed > 50)
{
- fprintf(stderr, "\rRead %d lines from %s in %.3f ms\r", i + 1, filename, (clock() - ctime) * 1000.0 / CLOCKS_PER_SEC);
+ fprintf(stderr, ANSI_CLEAR_LINE "\rRead %d lines from %s in %.3f ms", i + 1, filename, (clock() - ctime) * 1000.0 / CLOCKS_PER_SEC);
lastPrint = clock();
}
}
@@ -267,6 +270,24 @@ int* grow_int_array(int* array, size_t newSize)
void ban_ip(char* ip)
{
+ const __pid_t pid = fork();
+ if (pid == 0)
+ {
+ if (execvp("iptables", (char*[]){"iptables", "-A", "INPUT", "-s", ip, "-j", "DROP", nullptr}) != 0)
+ {
+ fprintf(stderr, "Error executing iptables: ");
+ perror("");
+ }
+ }
+ else if (pid < 0)
+ {
+ perror("Fork failed");
+ exit(1);
+ }
+ else
+ {
+ signal(SIGCHLD, SIG_IGN);
+ }
}
void process_line(char* line, void* cbData)
@@ -280,8 +301,8 @@ void process_line(char* line, void* cbData)
}
- char* ip = xmalloc(32);
- for (int i = 0; i < 32; i++)
+ char* ip = xmalloc(MAX_IP_LENGTH);
+ for (int i = 0; i < MAX_IP_LENGTH; i++)
{
ip[i] = 0;
}
@@ -305,11 +326,11 @@ void process_line(char* line, void* cbData)
if (check_already_banned_ip)
for (size_t j = 0; j < rules->banned_ip_count; j++)
{
- if (strlen(rules->banned_ips[j]) < 2)
+ if (rules->banned_ips[j][0] == 0 || rules->banned_ips[j][0] == 0) // strlen < 2
{
for (size_t k = 0; k < rules->banned_ip_count; k++)
{
- printf("rules->banned_ips[%lu] = \"%s\" (#%s) x %d\n", k, rules->banned_ips[k], str_to_hex(rules->banned_ips[k]), rules->banned_ip_hits[k * sizeof(int)]);
+ printf("rules->banned_ips[%lu] = \"%s\" (#%s) x %d\n", k, rules->banned_ips[k], str_to_hex(rules->banned_ips[k]), rules->banned_ip_hits[k]);
}
printf("ASSERT: Broken rule #%lu: \"%s\" (#%s)\n", j, rules->banned_ips[j], str_to_hex(rules->banned_ips[j]));
abort();
@@ -320,16 +341,14 @@ void process_line(char* line, void* cbData)
if (print_already_banned_ip)
printf("Banned IP: \"%s\" (rule %lu: %s): %s\n", ip, j, rules->banned_ips[j], line);
- if (strlen(ip) != strlen(rules->banned_ips[j]) || strcmp(ip, rules->banned_ips[j]) != 0)
- {
- fprintf(stderr, "ASSERT: IP address length did not match! #%lu: \"%s\" (#%s) != \"%s\" (#%s)\n", j, rules->banned_ips[j], str_to_hex(rules->banned_ips[j]), ip,
- str_to_hex(ip));
- abort();
- }
-
- rules->banned_ip_hits[j * sizeof(int)]++;
- fprintf(stderr, "DBG CHK: %s -> %d hits\n", rules->banned_ips[j], rules->banned_ip_hits[j * sizeof(int)]);
+ // if (strlen(ip) != strlen(rules->banned_ips[j]) || strcmp(ip, rules->banned_ips[j]) != 0)
+ // {
+ // fprintf(stderr, "ASSERT: IP address length did not match! #%lu: \"%s\" (#%s) != \"%s\" (#%s)\n", j, rules->banned_ips[j], str_to_hex(rules->banned_ips[j]), ip,
+ // str_to_hex(ip));
+ // abort();
+ // }
+ rules->banned_ip_hits[j]++;
free(ip);
return;
}
@@ -358,8 +377,8 @@ void process_line(char* line, void* cbData)
}
rules->banned_ips[rules->banned_ip_count] = ip;
- rules->banned_ip_hits[rules->banned_ip_count * sizeof(int)] = 1;
- fprintf(stderr, "DBG PTN: %s -> %d hits\n", rules->banned_ips[rules->banned_ip_count], rules->banned_ip_hits[rules->banned_ip_count * sizeof(int)]);
+ rules->banned_ip_hits[rules->banned_ip_count] = 1;
+ // fprintf(stderr, "DBG PTN: %s -> %d hits\n", rules->banned_ips[rules->banned_ip_count], rules->banned_ip_hits[rules->banned_ip_count]);
rules->banned_ip_count++;
if (print_bans)
@@ -367,24 +386,7 @@ void process_line(char* line, void* cbData)
if (print_only) return;
- __pid_t pid = fork();
- if (pid == 0)
- {
- if (execvp("iptables", (char*[]){"iptables", "-A", "INPUT", "-s", ip, "-j", "DROP", nullptr}) != 0)
- {
- fprintf(stderr, "Error executing iptables: ");
- perror("");
- }
- }
- else if (pid < 0)
- {
- perror("Fork failed");
- exit(1);
- }
- else
- {
- signal(SIGCHLD, SIG_IGN);
- }
+ ban_ip(ip);
return;
}
@@ -532,7 +534,7 @@ int main(int argc, char* argv[])
for (int i = 0; i < rules.banned_ip_count; i++)
{
- printf("[BAN %4d] %s: %d hits\n", i, rules.banned_ips[i], rules.banned_ip_hits[i * sizeof(int)]);
+ printf("[BAN %4d] %s: %d hits\n", i, rules.banned_ips[i], rules.banned_ip_hits[i]);
}
for (int i = 0; rules.patterns[i] != NULL; i++)
|