From 6cdaee3e6acf3e09f18d98a868031bf5226ea6be Mon Sep 17 00:00:00 2001 From: Rory& Date: Sat, 11 Jul 2026 08:09:59 +0200 Subject: Old changes --- main.c | 90 +++++++++++++++++++++++++++++++++-------------------------------- main.sh | 3 ++- 2 files changed, 48 insertions(+), 45 deletions(-) diff --git a/main.c b/main.c index 0feacdc..e418ba6 100644 --- a/main.c +++ b/main.c @@ -14,6 +14,8 @@ // #define ACCESS_LOG_FILE "access.log.1" #define ACCESS_LOG_FILE "/var/log/nginx/access.log" +#define MAX_IP_LENGTH 16 // 40 for ipv6 + #define print_bool_opt(x) \ if (x) { \ fprintf(stderr, #x ": true\n"); \ @@ -138,9 +140,9 @@ void read_lines_cb(const char* filename, void cb(char*, void*), void* cbData) } int count = 0; - char* buf = xmalloc(10000); + char* buf = xmalloc(1000); clock_t times[1000]; - while (fgets(buf, 10000, file) != NULL) + while (fgets(buf, 1000, file) != NULL) { if (buf[0] == '#') { @@ -148,10 +150,11 @@ void read_lines_cb(const char* filename, void cb(char*, void*), void* cbData) } count++; buf[strcspn(buf, "\n")] = 0; - char* line = strdup(buf); + cb(buf, cbData); - cb(line, cbData); - free(line); + // char* line = strdup(buf); + // cb(line, cbData); + // free(line); times[count % 1000] = clock(); if (print_progress && count % 10 == 0) @@ -185,8 +188,8 @@ char** read_lines(const char* filename) int count = 0; { - char* buf = xmalloc(10000); - while (fgets(buf, 10000, file) != NULL) + char* buf = xmalloc(1000); + while (fgets(buf, 1000, file) != NULL) { if (buf[0] == '#') { @@ -207,10 +210,10 @@ char** read_lines(const char* filename) rewind(file); char** lines = xmalloc((count + 1) * sizeof(char*)); - char* buf = xmalloc(10000); + char* buf = xmalloc(1000); for (int i = 0; i < count; i++) { - if (fgets(buf, 10000, file) == NULL) + if (fgets(buf, 1000, file) == NULL) { fprintf(stderr, "Error reading line %d from %s\n", i + 1, filename); free(buf); @@ -229,7 +232,7 @@ char** read_lines(const char* filename) double elapsed = (clock() - lastPrint) * 1000.0 / CLOCKS_PER_SEC; if (print_progress && elapsed > 50) { - fprintf(stderr, "\rRead %d lines from %s in %.3f ms\r", i + 1, filename, (clock() - ctime) * 1000.0 / CLOCKS_PER_SEC); + fprintf(stderr, ANSI_CLEAR_LINE "\rRead %d lines from %s in %.3f ms", i + 1, filename, (clock() - ctime) * 1000.0 / CLOCKS_PER_SEC); lastPrint = clock(); } } @@ -267,6 +270,24 @@ int* grow_int_array(int* array, size_t newSize) void ban_ip(char* ip) { + const __pid_t pid = fork(); + if (pid == 0) + { + if (execvp("iptables", (char*[]){"iptables", "-A", "INPUT", "-s", ip, "-j", "DROP", nullptr}) != 0) + { + fprintf(stderr, "Error executing iptables: "); + perror(""); + } + } + else if (pid < 0) + { + perror("Fork failed"); + exit(1); + } + else + { + signal(SIGCHLD, SIG_IGN); + } } void process_line(char* line, void* cbData) @@ -280,8 +301,8 @@ void process_line(char* line, void* cbData) } - char* ip = xmalloc(32); - for (int i = 0; i < 32; i++) + char* ip = xmalloc(MAX_IP_LENGTH); + for (int i = 0; i < MAX_IP_LENGTH; i++) { ip[i] = 0; } @@ -305,11 +326,11 @@ void process_line(char* line, void* cbData) if (check_already_banned_ip) for (size_t j = 0; j < rules->banned_ip_count; j++) { - if (strlen(rules->banned_ips[j]) < 2) + if (rules->banned_ips[j][0] == 0 || rules->banned_ips[j][0] == 0) // strlen < 2 { for (size_t k = 0; k < rules->banned_ip_count; k++) { - printf("rules->banned_ips[%lu] = \"%s\" (#%s) x %d\n", k, rules->banned_ips[k], str_to_hex(rules->banned_ips[k]), rules->banned_ip_hits[k * sizeof(int)]); + printf("rules->banned_ips[%lu] = \"%s\" (#%s) x %d\n", k, rules->banned_ips[k], str_to_hex(rules->banned_ips[k]), rules->banned_ip_hits[k]); } printf("ASSERT: Broken rule #%lu: \"%s\" (#%s)\n", j, rules->banned_ips[j], str_to_hex(rules->banned_ips[j])); abort(); @@ -320,16 +341,14 @@ void process_line(char* line, void* cbData) if (print_already_banned_ip) printf("Banned IP: \"%s\" (rule %lu: %s): %s\n", ip, j, rules->banned_ips[j], line); - if (strlen(ip) != strlen(rules->banned_ips[j]) || strcmp(ip, rules->banned_ips[j]) != 0) - { - fprintf(stderr, "ASSERT: IP address length did not match! #%lu: \"%s\" (#%s) != \"%s\" (#%s)\n", j, rules->banned_ips[j], str_to_hex(rules->banned_ips[j]), ip, - str_to_hex(ip)); - abort(); - } - - rules->banned_ip_hits[j * sizeof(int)]++; - fprintf(stderr, "DBG CHK: %s -> %d hits\n", rules->banned_ips[j], rules->banned_ip_hits[j * sizeof(int)]); + // if (strlen(ip) != strlen(rules->banned_ips[j]) || strcmp(ip, rules->banned_ips[j]) != 0) + // { + // fprintf(stderr, "ASSERT: IP address length did not match! #%lu: \"%s\" (#%s) != \"%s\" (#%s)\n", j, rules->banned_ips[j], str_to_hex(rules->banned_ips[j]), ip, + // str_to_hex(ip)); + // abort(); + // } + rules->banned_ip_hits[j]++; free(ip); return; } @@ -358,8 +377,8 @@ void process_line(char* line, void* cbData) } rules->banned_ips[rules->banned_ip_count] = ip; - rules->banned_ip_hits[rules->banned_ip_count * sizeof(int)] = 1; - fprintf(stderr, "DBG PTN: %s -> %d hits\n", rules->banned_ips[rules->banned_ip_count], rules->banned_ip_hits[rules->banned_ip_count * sizeof(int)]); + rules->banned_ip_hits[rules->banned_ip_count] = 1; + // fprintf(stderr, "DBG PTN: %s -> %d hits\n", rules->banned_ips[rules->banned_ip_count], rules->banned_ip_hits[rules->banned_ip_count]); rules->banned_ip_count++; if (print_bans) @@ -367,24 +386,7 @@ void process_line(char* line, void* cbData) if (print_only) return; - __pid_t pid = fork(); - if (pid == 0) - { - if (execvp("iptables", (char*[]){"iptables", "-A", "INPUT", "-s", ip, "-j", "DROP", nullptr}) != 0) - { - fprintf(stderr, "Error executing iptables: "); - perror(""); - } - } - else if (pid < 0) - { - perror("Fork failed"); - exit(1); - } - else - { - signal(SIGCHLD, SIG_IGN); - } + ban_ip(ip); return; } @@ -532,7 +534,7 @@ int main(int argc, char* argv[]) for (int i = 0; i < rules.banned_ip_count; i++) { - printf("[BAN %4d] %s: %d hits\n", i, rules.banned_ips[i], rules.banned_ip_hits[i * sizeof(int)]); + printf("[BAN %4d] %s: %d hits\n", i, rules.banned_ips[i], rules.banned_ip_hits[i]); } for (int i = 0; rules.patterns[i] != NULL; i++) diff --git a/main.sh b/main.sh index 61853c6..38a7123 100755 --- a/main.sh +++ b/main.sh @@ -1,6 +1,7 @@ #! /usr/bin/env sh ./build_patterns.sh -gcc -O0 -ggdb -std=c23 -pie -fPIE main.c || exit 1 +#gcc -O0 -ggdb -std=c23 -pie -fPIE main.c || exit 1 +gcc -O3 -ggdb -std=c23 main.c || exit 1 #sudo valgrind --leak-check=full -s ./a.out rsync -raPz *.c *.txt a.out rory.gay: -- cgit 1.5.1