Code afférent au projet Kouglof 2 de l'E2L
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

octave.c 32 KiB

6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
6 miesięcy temu
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195
  1. /*******************************************************************
  2. Copyright (C) 2011-2024 Patrick H. E. Foubet - S.E.R.I.A.N.E.
  3. This program is free software: you can redistribute it and/or modify
  4. it under the terms of the GNU General Public License as published by
  5. the Free Software Foundation, either version 3 of the License, or any
  6. later version.
  7. This program is distributed in the hope that it will be useful,
  8. but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10. See the GNU General Public License for more details.
  11. You should have received a copy of the GNU General Public License
  12. along with this program. If not, see <http://www.gnu.org/licenses/>
  13. *******************************************************************/
  14. /*
  15. ############################################################
  16. # Projet Kouglof 2 de l'Ecole du Logiciel Libre d'Ivry : #
  17. ############################################################
  18. octave.c : outil pour scanner l'interface reseau afin d'analyser les sites
  19. auxquels les applications veulent se connecter.
  20. A utiliser avec le fichier auth1.txt pour stopper les connexions non voulues
  21. Tous les details sur le site :
  22. https://e2li.org -> menu : Projet Prosecco.
  23. */
  24. #include <stdio.h>
  25. #include <stdlib.h>
  26. #include <sys/types.h>
  27. #include <unistd.h>
  28. #include <signal.h>
  29. #include <fcntl.h>
  30. #include <readline/readline.h>
  31. #include <readline/history.h>
  32. #include <sys/wait.h>
  33. #include <string.h>
  34. #include <syslog.h>
  35. #include <time.h>
  36. #include <arpa/inet.h>
  37. #include <pthread.h>
  38. #define Version "1.01"
  39. #define F_GETPIPE_SZ 1032
  40. #define F_SETPIPE_SZ 1031
  41. static int RUN=1, REQ=0, ENDT=0, REPR=0, JCTL=0, LogC=0, WH=1, p1[2],Trace=0;
  42. static pid_t pid;
  43. static char * NPROG, *IFACE=NULL;
  44. #define DELAYR 20 /* delai avant relance auto */
  45. void interup (int S)
  46. {
  47. if (S==SIGINT) {
  48. write(p1[1],"\n",1);
  49. REQ=1; return;
  50. }
  51. if (S==SIGCHLD) {
  52. if (waitpid(pid,NULL,WNOHANG) == pid) {
  53. ENDT=1;
  54. write(p1[1],"\n",1);
  55. }
  56. return;
  57. }
  58. fprintf(stderr,"Reçu signal %d !!??\n",S);
  59. }
  60. /* ### les niveaux de trace */
  61. #define TMIN 0
  62. #define TMAX 3
  63. #define T1 Trace > 0
  64. #define T2 Trace > 1
  65. #define T3 Trace > 2
  66. /* #### les fonctions adresses IPv4 */
  67. int isIPv4(char *a)
  68. {
  69. struct in_addr S;
  70. int r;
  71. if ((r = inet_pton(AF_INET,a, (void *)&S)) <= 0) return 0;
  72. return 1;
  73. }
  74. int isIPv6(char *a)
  75. {
  76. struct in6_addr S;
  77. int r;
  78. if ((r = inet_pton(AF_INET6,a, (void *)&S)) <= 0) return 0;
  79. return 1;
  80. }
  81. int isCidr(char*r)
  82. {
  83. char buf[20], *sn;
  84. int n;
  85. if (strlen(r)>18) return 0;
  86. strcpy(buf,r);
  87. if ((sn=strstr(buf,"/")) == NULL) return 0;
  88. *sn = '\0';
  89. if (!isIPv4(buf)) return 0;
  90. n = atoi(sn+1);
  91. if (n>32) return 0;
  92. return n;
  93. }
  94. int isCidr6(char*r)
  95. {
  96. char buf[52], *sn;
  97. int n;
  98. if (strlen(r)>50) return 0;
  99. strcpy(buf,r);
  100. if ((sn=strstr(buf,"/")) == NULL) return 0;
  101. *sn = '\0';
  102. if (!isIPv6(buf)) return 0;
  103. n = atoi(sn+1);
  104. if (n>128) return 0;
  105. return n;
  106. }
  107. uint64_t NbAddCidrs = 0;
  108. int isSousRes(char*r, char *a)
  109. {
  110. struct in_addr Sa, Sr, Sm;
  111. int n, m1,m2,m3,m4, m;
  112. char buf[20],smasq[16],*sn;
  113. if (!isCidr(r)) return 0;
  114. if (!isIPv4(a)) return 0;
  115. strcpy(buf,r);
  116. if ((sn=strstr(buf,"/")) == NULL) return 0;
  117. *sn = '\0';
  118. n = atoi(sn+1);
  119. /* calcul du masq */
  120. m=n;
  121. if (m>7) { m1=255; m-=8;
  122. } else { m1=0;
  123. while (m>=0) m1 |= 0x80 >> --m;
  124. }
  125. if (m>7) { m2=255; m-=8;
  126. } else { m2=0;
  127. while (m>=0) m2 |= 0x80 >> --m;
  128. }
  129. if (m>7) { m3=255; m-=8;
  130. } else { m3=0;
  131. while (m>=0) m3 |= 0x80 >> --m;
  132. }
  133. if (m>7) { m4=255; m-=8;
  134. } else { m4=0;
  135. while (m>=0) m4 |= 0x80 >> --m;
  136. }
  137. sprintf(smasq,"%d.%d.%d.%d",m1,m2,m3,m4);
  138. inet_pton(AF_INET,smasq, (void *)&Sm);
  139. inet_pton(AF_INET,a, (void *)&Sa);
  140. inet_pton(AF_INET,buf, (void *)&Sr);
  141. if ((Sr.s_addr & Sm.s_addr) == (Sa.s_addr & Sm.s_addr)) return 1;
  142. return 0;
  143. }
  144. /* #### gestion dynamique des CIDR */
  145. #define NBC 100 /* nb de CIDR */
  146. char* Tcidr[NBC];
  147. int iC=0;
  148. int bloqueIP(char*);
  149. int addCidr(char * c)
  150. {
  151. int i=iC;
  152. if (i==NBC) return i;
  153. Tcidr[i] = (char*)malloc(strlen(c)+1);
  154. strcpy(Tcidr[i],c);
  155. iC++;
  156. bloqueIP(c);
  157. return i;
  158. }
  159. void delCidr(char * c)
  160. {
  161. int i;
  162. for (i=0; i<iC; i++)
  163. if (strcmp(c,Tcidr[i]) == 0) {
  164. iC--;
  165. if (iC == i) return;
  166. if (iC > 0) Tcidr[i] = Tcidr[iC];
  167. return;
  168. }
  169. }
  170. int isAddrInCidr(char * a, int M)
  171. {
  172. int i;
  173. for(i=0;i<iC;i++) {
  174. if (isSousRes(Tcidr[i],a)) {
  175. if (M) syslog(LOG_INFO,"CIDR %s contient %s !",Tcidr[i],a);
  176. return 1;
  177. }
  178. }
  179. return 0;
  180. }
  181. void validCidr(void)
  182. {
  183. int i,j;
  184. char a[20],*p, *g, *w;
  185. for(i=0;i<iC;i++)
  186. for (j=i+1;j<iC;j++) {
  187. if (isCidr(Tcidr[i]) < isCidr(Tcidr[j])) {
  188. p=Tcidr[i]; g=Tcidr[j];
  189. } else {
  190. p=Tcidr[j]; g=Tcidr[i];
  191. }
  192. strcpy(a,g);
  193. w = strstr(a,"/");
  194. *w = '\0';
  195. w++;
  196. if (isSousRes(p,a)) {
  197. if (T1) printf("T1: %s contient %s (%s)\n",p,a,w);
  198. delCidr(g);
  199. }
  200. }
  201. }
  202. void listCidr(void)
  203. {
  204. int i;
  205. printf("CIDR : %d elts representent %lld adresses.\n",iC,(long long)NbAddCidrs);
  206. for (i=0; i<iC; i++) printf("\t%s\n", Tcidr[i]);
  207. }
  208. /* ### gestion des listes */
  209. #define NBAll 500
  210. #define NBDen 300
  211. char * Allow[NBAll];
  212. char * Deny[NBDen];
  213. int iAll=0, iDen=0;
  214. int isDeny(char*u)
  215. {
  216. char *su;
  217. int i, tu, t;
  218. for (i=0;i<iDen;i++) {
  219. tu = strlen(u);
  220. t = strlen(Deny[i]);
  221. if (tu < t) continue;
  222. su = u + tu - t;;
  223. if (strcmp(su,Deny[i]) == 0) {
  224. if (su==u) return 1;
  225. if (*(su-1)=='.') return 1;
  226. }
  227. }
  228. for (i=0;i<iAll;i++) {
  229. tu = strlen(u);
  230. t = strlen(Allow[i]);
  231. if (tu < t) continue;
  232. su = u + tu - t;
  233. if (strcmp(su,Allow[i]) == 0) {
  234. if (*(Allow[i]) == '.') return 0;
  235. if (su==u) return 0;
  236. if (*(su-1)=='.') return 0;
  237. }
  238. }
  239. return 1; /* deny par defaut */
  240. }
  241. void listeAllow(void)
  242. {
  243. int i;
  244. printf("Allow : %d\n",iAll);
  245. for (i=0;i<iAll;i++) printf("\t%s\n",Allow[i]);
  246. }
  247. void listeDeny(void)
  248. {
  249. int i;
  250. printf("Deny : %d\n",iDen);
  251. for (i=0;i<iDen;i++) printf("\t%s\n",Deny[i]);
  252. }
  253. void dejaLa(char * e)
  254. {
  255. printf("%s est deja dans la liste !\n",e);
  256. }
  257. int dejaAllow(char *e)
  258. {
  259. int i;
  260. for (i=0;i<iAll;i++) {
  261. if (strlen(e) != strlen(Allow[i])) continue;
  262. if (strcmp(e,Allow[i])==0) {
  263. dejaLa(e); return 1;
  264. }
  265. }
  266. return 0;
  267. }
  268. int dejaDeny(char *e)
  269. {
  270. int i;
  271. for (i=0;i<iDen;i++) {
  272. if (strlen(e) != strlen(Deny[i])) continue;
  273. if (strcmp(e,Deny[i])==0) {
  274. dejaLa(e); return 1;
  275. }
  276. }
  277. return 0;
  278. }
  279. void recaplistes(void)
  280. {
  281. listeDeny();
  282. listeAllow();
  283. }
  284. int litligne(char * line)
  285. {
  286. char *w, **S;
  287. void * M;
  288. int t,v;
  289. if (*line == '#') return 1;
  290. if ((w=strstr(line, "\n")) != NULL) *w = '\0';
  291. w=line;
  292. if (*w == '-') w++;
  293. t=strlen(w);
  294. if (t==0) return 1;
  295. if ((v=isCidr(w)) > 0) { /* test si CIDR */
  296. addCidr(w);
  297. NbAddCidrs += (int)(1<<v);
  298. return 1;
  299. }
  300. if ((v=isCidr6(w)) > 0) { /* test si CIDR6 */
  301. printf("%s : CIDR IPv6 non pris en compte pour l'instant !\n",w);
  302. return 1;
  303. }
  304. if (*line == '-') {
  305. if (iDen == NBDen) return 0;
  306. if (dejaDeny(w)) return 0;
  307. S = &Deny[iDen];
  308. iDen++;
  309. } else {
  310. if (iAll == NBAll) return 0;
  311. if (dejaAllow(w)) return 0;
  312. S = &Allow[iAll];
  313. iAll++;
  314. }
  315. if ((M = malloc(t+1)) == NULL) {
  316. perror("malloc"); return 0;
  317. }
  318. *S=(char*)M;
  319. strcpy(*S,w);
  320. return 1;
  321. }
  322. void lectliste(char *f)
  323. {
  324. FILE * fd;
  325. char *line = NULL;
  326. size_t ll = 0;
  327. int n;
  328. if ((fd = fopen(f,"r")) == NULL) {
  329. perror(f); return;
  330. }
  331. while ((n = getline(&line, &ll, fd)) > 0) {
  332. if (!litligne(line)) {
  333. if (T1) printf("T1: Erreur param. = %s\n",line);
  334. }
  335. }
  336. free(line);
  337. fclose(fd);
  338. validCidr();
  339. if (T1) listCidr();
  340. }
  341. /* ### gestion dynamique des elts */
  342. #define NBT 1000 /* nb d'elts */
  343. int Tno[NBT];
  344. int Trv[NBT];
  345. char* Turl[NBT];
  346. int iT=0, NbElt=0, MaxElt=0;
  347. int addElt(int n, char * u)
  348. {
  349. int i=iT;
  350. if (i == NBT) return i;
  351. Tno[i]=n;
  352. Trv[i]=0;
  353. Turl[i] = (char*)malloc(strlen(u)+1);
  354. strcpy(Turl[i],u);
  355. iT++;
  356. NbElt++;
  357. if (NbElt > MaxElt) MaxElt=NbElt;
  358. return i;
  359. }
  360. int isElt(int n)
  361. {
  362. int i;
  363. for (i=0; i<iT; i++) if (n==Tno[i]) return i;
  364. return -1;
  365. }
  366. void delIElt(int i)
  367. {
  368. if (i>=iT) return;
  369. if (T3) printf("T3: Del %d : %s \n",Tno[i],Turl[i]);
  370. iT--;
  371. if (iT == i) return;
  372. if (iT > 0) {
  373. Tno[i] = Tno[iT];
  374. Turl[i] = Turl[iT];
  375. Trv[i] = Trv[iT];
  376. }
  377. return;
  378. }
  379. void delElt(int n)
  380. {
  381. int i;
  382. for (i=0; i<iT; i++)
  383. if (n==Tno[i]) {
  384. delIElt(i);
  385. return;
  386. }
  387. }
  388. int markElt(int i, int v)
  389. {
  390. if (Trv[i] & v) return 0;
  391. Trv[i] |= v;
  392. return 1;
  393. }
  394. void listElt(char c)
  395. {
  396. int i,n=0;
  397. switch (c) {
  398. case '-':
  399. for (i=0; i<iT; i++)
  400. if (Tno[i]<0) { printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  401. n++;
  402. }
  403. break;
  404. case '+':
  405. for (i=0; i<iT; i++)
  406. if (Tno[i]>0) { printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  407. n++;
  408. }
  409. break;
  410. default:
  411. for (i=0; i<iT; i++) {
  412. printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  413. n++;
  414. }
  415. break;
  416. }
  417. printf(" %d elements trouves.\n",n);
  418. }
  419. #define EX_NOOUT 1
  420. #define EX_NOERR 2
  421. #define EX_SILENT EX_NOOUT|EX_NOERR
  422. int comsh(char *com,int mode)
  423. {
  424. pid_t pid;
  425. int ret;
  426. if ((pid = fork()) < 0) {
  427. perror("fork2"); return 99;
  428. }
  429. if (T3) printf("$ %s\n",com);
  430. if (pid == 0) {
  431. if (mode & EX_NOOUT) close(1);
  432. if (mode & EX_NOERR) close(2);
  433. signal(SIGINT,SIG_IGN);
  434. execl("/bin/sh", "sh", "-c", com, (char *) 0);
  435. perror("execl2"); return 98;
  436. }
  437. waitpid(pid,&ret,0);
  438. return WEXITSTATUS(ret);
  439. }
  440. int exeCom(char * comm) /* on se reserve le droit de modifier */
  441. {
  442. char b[120];
  443. sprintf(b,"%s >/dev/null 2>&1",comm);
  444. return comsh(b,EX_SILENT);
  445. }
  446. /* ### fct de MAJ iptables */
  447. static char * IPT = "iptables";
  448. static char * IP6T = "ip6tables";
  449. static char * MYCH = "valide4";
  450. static char * OUTP = "OUTPUT";
  451. static char * MNO = "REJECT";
  452. static char * MOK = "ACCEPT";
  453. int initIPT(void)
  454. {
  455. int i=0;
  456. char b[90];
  457. if (REPR) return 0;
  458. sprintf(b,"%s -F",IPT);
  459. i += exeCom(b);
  460. sprintf(b,"%s -F",IP6T);
  461. i += exeCom(b);
  462. sprintf(b,"%s -L %s -n",IPT,MYCH);
  463. if (exeCom(b)) {
  464. sprintf(b,"%s -N %s",IPT,MYCH);
  465. i += exeCom(b);
  466. }
  467. sprintf(b,"%s -A %s -j %s",IPT,OUTP,MYCH);
  468. i += exeCom(b);
  469. return i;
  470. }
  471. int isPresentIP(char * comm, char * ip, char * chain)
  472. {
  473. char buf[100];
  474. sprintf(buf,"%s -L %s -n|grep %s",comm,chain,ip);
  475. if (exeCom(buf) == 0) return 1;
  476. return 0;
  477. }
  478. int retireChain(char * comm, char * ip, char * chain, char * jump)
  479. {
  480. char buf[100];
  481. sprintf(buf,"%s -D %s -d %s -j %s",comm,chain, ip, jump);
  482. return exeCom(buf);
  483. }
  484. int ajouteChain(char * comm, char * ip, char * chain, char * jump)
  485. {
  486. char buf[100];
  487. sprintf(buf,"%s -A %s -d %s -j %s",comm,chain, ip, jump);
  488. return exeCom(buf);
  489. }
  490. int bloqueIP(char* ip)
  491. {
  492. if (isAddrInCidr(ip,0)) return 0;
  493. if (isPresentIP(IPT,ip,OUTP)) return 0;
  494. return ajouteChain(IPT,ip,OUTP,MNO);
  495. }
  496. int debloqueIP(char* ip, char * url)
  497. {
  498. if (url != NULL) syslog(LOG_INFO,"%s=%s ACCEPT",url,ip);
  499. return ajouteChain(IPT,ip,MYCH,MOK);
  500. }
  501. int rebloqueIP(char* ip)
  502. {
  503. return retireChain(IPT,ip,MYCH,MOK);
  504. }
  505. void dropIP(char * l)
  506. {
  507. char *s,*d=l;
  508. while ((s=strstr(d, "A ")) != NULL) {
  509. s+=2;
  510. if ((d=strstr(s+2, ",")) == NULL) break;
  511. *d = '\0';
  512. d++;
  513. bloqueIP(s);
  514. }
  515. bloqueIP(s);
  516. }
  517. int verifIPOk(char * l, char * url)
  518. {
  519. char *s,*d=l;
  520. while ((s=strstr(d, "A ")) != NULL) {
  521. s+=2;
  522. if ((d=strstr(s+2, ",")) == NULL) break;
  523. *d = '\0';
  524. d++;
  525. if (isPresentIP(IPT,s,MYCH)) continue;
  526. if (isAddrInCidr(s,1)) debloqueIP(s,url);
  527. }
  528. if (isPresentIP(IPT,s,MYCH)) return 1;
  529. if (isAddrInCidr(s,1)) return(debloqueIP(s,url));
  530. return 1;
  531. }
  532. int dropIP6(char * l)
  533. {
  534. char *s,*d=l;
  535. while ((s=strstr(d, "A ")) != NULL) {
  536. s+=2;
  537. if ((d=strstr(s+2, ",")) == NULL) break;
  538. *d = '\0';
  539. d++;
  540. if (isPresentIP(IP6T,s,OUTP)) continue;
  541. ajouteChain(IP6T,s,OUTP,MNO);
  542. }
  543. if (isPresentIP(IP6T,s,OUTP)) return 1;
  544. ajouteChain(IP6T,s,OUTP,MNO);
  545. return 1;
  546. }
  547. /* tache de commande et periodiques */
  548. #define t0 (time_t)0
  549. time_t tim1=t0;
  550. void tachePer1(void) /* vide les elts toutes les 30 secondes */
  551. {
  552. static time_t tim0=t0, tw;
  553. int i, v;
  554. tw = time(NULL);
  555. if ((tw - tim0) < 30) {
  556. if (T3) printf ("T3: tache1 passe %s",ctime(&tw));
  557. return;
  558. }
  559. if (T3) printf ("T3: tache1 exec %s",ctime(&tw));
  560. tim1 = time(NULL);
  561. v = (tim1 - tim0) / 30;
  562. if (tim0 != t0) {
  563. for (i=iT-1; i>=0; i--) {
  564. if ((Trv[i]&0x6) == 6) delIElt(i); // IPv4 + IPV6
  565. else { Trv[i] += 8*v;
  566. if (Trv[i] > 80) delIElt(i); // On laisse 5 min.
  567. }
  568. }
  569. }
  570. tim0 = time(NULL);
  571. return;
  572. }
  573. void ajoutParam(char * ficp, char * param)
  574. {
  575. FILE * fw;
  576. fw = fopen(ficp,"a");
  577. fwrite(param,strlen(param),1,fw);
  578. fwrite("\n",1,1,fw);
  579. fclose(fw);
  580. }
  581. static int NBin=0, NBout=0;
  582. void prInOut(void)
  583. {
  584. printf(" %d messages DNS: %d requetes, %d reponses.\n",NBout+NBin,NBout,NBin);
  585. }
  586. int printQ(char * q)
  587. {
  588. char *rep=NULL;
  589. size_t lr = 0;
  590. int n;
  591. while (1) {
  592. printf("Voulez-vous %s ?\n Taper O (OUI) ou N (NON) :\n",q);
  593. if ((n = getline(&rep, &lr, stdin)) != 2) continue;
  594. if (*rep == 'O') return 1;
  595. if (*rep == 'N') return 0;
  596. }
  597. }
  598. void pr_encours(void)
  599. {
  600. printf(" ...\r"); fflush(stdout);
  601. }
  602. #define SUNIC "|sort|uniq"
  603. #define JCTLSYS "journalctl --system"
  604. #define JCTLSYSG JCTLSYS"|grep "
  605. #define CHLOG "/var/log/user.log"
  606. #define CHLOGREP "/var/log/user.log|grep "
  607. #define CUT6 "|cut -d' ' -f6"
  608. #define CUTM45 "|cut -d' ' -f1-3,6-"
  609. #define CUT7S "|cut -d' ' -f7-"
  610. #define NOTF "non trouve !!??"
  611. #define ENOVAL "Element non valable !"
  612. #define FHISTO ".octave_history"
  613. #define AWK5 "|awk '{ print $5}'"
  614. #define AWK4 "|awk '{ print $4}'"
  615. #define DREJ "^REJECT "
  616. #define DACC "^ACCEPT "
  617. void * fct_com(void * p)
  618. {
  619. int REQ=1;
  620. char *cmd = NULL, *fauth, pr[30], com[200];
  621. int n2;
  622. pid_t pid;
  623. fauth = (char*)p;
  624. pid = getpid();
  625. read_history(FHISTO);
  626. while (REQ) {
  627. if (kill(pid,SIGUSR1) < 0) { /* verif processus acquisition */
  628. ENDT=1;
  629. write(p1[1],"\n",1);
  630. }
  631. free(cmd);
  632. sprintf(pr,"\e[01;34m%s-> \e[00m",NPROG);
  633. cmd = readline(pr);
  634. if ((n2 = strlen(cmd)) > 0) {
  635. write(p1[1],"\n",1);
  636. add_history(cmd);
  637. switch (*cmd) {
  638. case '+' :
  639. if (*(cmd+1) != '\0') {
  640. if (litligne(cmd+1)) { /* ajout au fichier fauth */
  641. if (debloqueIP(cmd+1,NULL)) printf("%s\n",ENOVAL);
  642. else {
  643. if (printQ("ajouter au fichier parametres"))
  644. ajoutParam(fauth,cmd+1);
  645. listeAllow();
  646. }
  647. } else printf("Erreur ajout param. !\n");
  648. } else listeAllow();
  649. break;
  650. case '-' :
  651. if (*(cmd+1) != '\0') {
  652. if (litligne(cmd)) { /* ajout au fichier fauth */
  653. if (rebloqueIP(cmd+1)) printf("%s\n",ENOVAL);
  654. else {
  655. if (printQ("ajouter au fichier parametres"))
  656. ajoutParam(fauth,cmd);
  657. listeDeny();
  658. }
  659. } else printf("Erreur ajout param. !\n");
  660. } else listeDeny();
  661. break;
  662. case 'l' :
  663. listElt(cmd[1]);
  664. printf(" %s Utilise %d elts/%d : %.2f%% (Max. %d)!\n",ctime(&tim1),iT,
  665. NBT, (float)(iT*100)/(float)NBT, MaxElt);
  666. prInOut();
  667. break;
  668. case 't' :
  669. if (*(cmd+1) != '\0') {
  670. if ((cmd[1] == '+') || (cmd[1] == '-')) {
  671. if ((cmd[1] == '+') && (Trace < TMAX)) Trace++;
  672. else {
  673. if ((cmd[1] == '-') && (Trace > TMIN)) Trace--;
  674. else printf("Erreur: niveau dans [%d, %d].\n",TMIN,TMAX);
  675. }
  676. } else printf("Erreur: Utiliser t+ ou t- !\n");
  677. }
  678. printf(" Trace niveau %d\n",Trace);
  679. break;
  680. case 'a' :
  681. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  682. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
  683. ".* ok", CUT6,SUNIC);
  684. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
  685. ".* ok", CHLOG,CUT6,SUNIC);
  686. comsh(com,0);
  687. break;
  688. case 'i' :
  689. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  690. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
  691. ".* DENY", CUT6,SUNIC);
  692. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
  693. ".* DENY", CHLOG,CUT6,SUNIC);
  694. comsh(com,0);
  695. break;
  696. case 'e' :
  697. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  698. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
  699. ".* ACCEPT", CUT6,SUNIC);
  700. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
  701. ".* ACCEPT", CHLOG,CUT6,SUNIC);
  702. comsh(com,0);
  703. break;
  704. case 'E' :
  705. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  706. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s",JCTLSYSG,NPROG,pid,
  707. ".*ERR: ", CUTM45);
  708. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s",NPROG,pid,
  709. ".*ERR: ", CHLOG,CUTM45);
  710. comsh(com,0);
  711. break;
  712. case 'L' :
  713. if (*(cmd+1) == '\0') {
  714. if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG,
  715. pid, "-v 'Re[pq]. '",CUTM45);
  716. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
  717. CHLOGREP,"-v 'Re[pq]. '",CUTM45);
  718. } else {
  719. if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s|grep '%s'",JCTLSYSG
  720. ,NPROG,pid,"-v 'Re[pq]. '",CUTM45,cmd+1);
  721. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s|grep '%s'",NPROG,pid,
  722. CHLOGREP,"-v 'Re[pq]. '",CUTM45,cmd+1);
  723. }
  724. comsh(com,0);
  725. break;
  726. case 'T' :
  727. if (*(cmd+1) != '\0') { /* avec parametre */
  728. if ((*(cmd+1) == '+') && (*(cmd+2) != '\0')) { /* script + param */
  729. sprintf(com,"./t1.sh %d %s >.Trav%d",pid,cmd+2,pid);
  730. comsh(com,0);
  731. sprintf(com,"cat .Trav%d",pid);
  732. } else {
  733. if (JCTL)
  734. sprintf(com,"%s'%s\\[%d\\].*%s'|grep%s%s",JCTLSYSG,NPROG,pid,
  735. cmd+1," 'Re[pq]. '",CUTM45);
  736. else
  737. sprintf(com,"grep '%s\\[%d\\].*%s' %s%s%s",NPROG,pid,cmd+1,
  738. CHLOGREP," 'Re[pq]. '",CUTM45);
  739. }
  740. } else {
  741. if (JCTL)sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG,pid,
  742. " 'Re[pq]. '",CUTM45);
  743. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
  744. CHLOGREP," 'Re[pq]. '",CUTM45);
  745. }
  746. comsh(com,0);
  747. prInOut();
  748. break;
  749. case '>' :
  750. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  751. if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid,
  752. " Req. '",CUT7S,SUNIC);
  753. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
  754. CHLOGREP," 'Req. '",CUT7S,SUNIC);
  755. comsh(com,0);
  756. prInOut();
  757. break;
  758. case '<' :
  759. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  760. if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid,
  761. " Rep. '",CUT7S,SUNIC);
  762. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
  763. CHLOGREP," 'Rep. '",CUT7S,SUNIC);
  764. comsh(com,0);
  765. prInOut();
  766. break;
  767. case 'r' :
  768. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  769. sprintf(com,"%s -L %s|grep %s%s%s",IPT,OUTP,DREJ,AWK5,SUNIC);
  770. pr_encours();
  771. comsh(com,EX_NOERR);
  772. break;
  773. case 'R' :
  774. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  775. sprintf(com,"%s -L|grep %s%s%s",IP6T,DREJ,AWK4,SUNIC);
  776. pr_encours();
  777. comsh(com,EX_NOERR);
  778. break;
  779. case 'S' :
  780. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  781. RUN = 0;
  782. REQ = 0;
  783. write(p1[1],"\n",1);
  784. break;
  785. case 'v' :
  786. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  787. sprintf(com,"%s -L %s|grep %s%s%s",IPT,MYCH,DACC,AWK5,SUNIC);
  788. pr_encours();
  789. comsh(com,EX_NOERR);
  790. break;
  791. case ' ' :
  792. if (*(cmd+1) != '\0') comsh(cmd+1,0);
  793. break;
  794. case '?' :
  795. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  796. printf("Version %s\n",Version);
  797. prInOut();
  798. default :
  799. printf("?\t\t: Version et menu.\n");
  800. printf("+url\t\t: Allow (autoriser une Url)\n");
  801. printf("-url\t\t: Deny (interdire une Url)\n");
  802. printf("a\t\t: Autorisations suivant analyse\n");
  803. printf("i\t\t: Interdictions suivant analyse\n");
  804. printf("e\t\t: Exceptions suivant analyse\n");
  805. printf("E\t\t: Liste des erreurs\n");
  806. printf("l[+|-]\t\t: Liste des elements dynamiques\n");
  807. printf("L[filtre]\t: Logs du systeme avec filtre de type regex\n");
  808. printf("r\t\t: Rejets actifs IPv4 (dure plusieurs sec.)\n");
  809. printf("R\t\t: Rejets actifs IPv6 (dure plusieurs sec.)\n");
  810. printf("v\t\t: Validations actives IPv4 (dure plusieurs sec.)\n");
  811. printf("t+|-\t\t: Niveau de trace : 0 (off) => 3\n");
  812. if (LogC) {
  813. printf("T[+][mot]\t: Traces des demandes/reponses contenant mot.\n\t\t Avec + fait les liaisons entre requetes et reponses.\n");
  814. printf(">\t\t: Traces des demandes triees\n");
  815. printf("<\t\t: Traces des reponses triees\n");
  816. }
  817. printf("S\t\t: Stopper\n");
  818. break;
  819. }
  820. }
  821. }
  822. WH=write_history(FHISTO);
  823. free(cmd);
  824. sprintf(com,"rm -f .Trav%d",pid);
  825. comsh(com,0);
  826. /* fin dialogue */
  827. pthread_exit(NULL);
  828. }
  829. void getIface(void)
  830. {
  831. FILE * fd;
  832. char *line = NULL, *s, *w;
  833. size_t ll = 0;
  834. int n;
  835. if ((fd = fopen("/proc/net/route","r")) == NULL) {
  836. perror("route"); return;
  837. }
  838. while ((n = getline(&line, &ll, fd)) > 0) {
  839. if ((s=strstr(line,"00000000"))==NULL) continue;
  840. w=line;
  841. while ((*w != ' ') && (*w != '\t')) w++;
  842. *w = '\0';
  843. w++;
  844. while ((*w == ' ') || (*w == '\t')) w++;
  845. if (s==w) { /* ok */
  846. IFACE = (char*)malloc(strlen(line)+1);
  847. strcpy(IFACE,line);
  848. break;
  849. }
  850. }
  851. free(line);
  852. fclose(fd);
  853. }
  854. #define Vie (ie >= 0)
  855. int main(int N, char * P[])
  856. {
  857. pthread_t thid;
  858. FILE * fp;
  859. char *analyse="tcpdump", *line = NULL, *cmd = NULL, *s1, *s2, *refU;
  860. char *fauth = "auth1.txt", *strR = "-R", *Pars, strPID[8], **NP;
  861. size_t ll = 0, lc = 0;
  862. ssize_t n,n2;
  863. int Inter=0, i, ie, np=0, opt;
  864. if ((NPROG = strrchr(P[0],(int)'/')) == NULL) NPROG=P[0];
  865. else NPROG++;
  866. sprintf(strPID,"%d",getpid());
  867. /* verif. options */
  868. while ((opt = getopt(N, P, "ilp:R:t")) != -1) {
  869. switch (opt) {
  870. case 'i':
  871. Inter = 1;
  872. break;
  873. case 'l':
  874. LogC = 1;
  875. break;
  876. case 't':
  877. Trace = TMIN+1;
  878. break;
  879. case 'p':
  880. fauth = optarg;
  881. break;
  882. case 'R':
  883. REPR=1;
  884. np = atoi(optarg);
  885. break;
  886. default: /* '?' */
  887. fprintf(stderr, "Utilisation: %s [options]\nAvec les options :\n", NPROG);
  888. fprintf(stderr, "\t-i : mode interactif,\n");
  889. fprintf(stderr, "\t-l : log des requetes,\n");
  890. fprintf(stderr, "\t-p fichier : nom du fichier parametres (%s par defaut),\n",fauth);
  891. fprintf(stderr, "\t-t : avec trace.\n");
  892. return 1;
  893. }
  894. }
  895. if ((REPR) && (np != getpid())) {
  896. fprintf(stderr,"Erreur reprise %d\n", np);
  897. return 1;
  898. }
  899. if (optind < N) {
  900. fprintf(stderr,"Parametre inconnu : %s\n", P[optind]);
  901. return 1;
  902. }
  903. getIface();
  904. if (REPR) {
  905. while (IFACE==NULL) { sleep(1); getIface(); }
  906. } else {
  907. if (IFACE == NULL) {
  908. fprintf(stderr,"Interface reseau absente !\n");
  909. return 9;
  910. }
  911. }
  912. printf("%s %s sur %s\n", NPROG, Version, IFACE);
  913. /* verif privilege root */
  914. if ((getuid() > 0) && (geteuid() > 0)) {
  915. fprintf(stderr,"A executer sous root !\n");
  916. return 2;
  917. }
  918. if (comsh(JCTLSYS,EX_SILENT) == 0) JCTL=1;
  919. if (T1) printf("T1: Fichier parametres = %s\n",fauth);
  920. signal(SIGUSR1,SIG_IGN);
  921. if (pipe(p1) < 0) {
  922. perror("pipe"); return 3;
  923. }
  924. openlog(NULL,LOG_PID,0);
  925. /* on lance le fils : */
  926. if ((pid = fork()) < 0) {
  927. perror("fork"); return 4;
  928. }
  929. if (pid == 0) {
  930. signal(SIGINT,SIG_IGN);
  931. close(0);
  932. close(p1[0]);
  933. dup2(p1[1],1); /* stdout dans p1 */
  934. dup2(p1[1],2); /* idem stderr */
  935. setsid();
  936. execlp(analyse,analyse,"-tn","-i",IFACE,"port","53",NULL);
  937. perror("execl");
  938. return 5;
  939. }
  940. if (Inter) signal(SIGINT,SIG_IGN);
  941. else signal(SIGINT,interup);
  942. if ((np=initIPT())!=0) {
  943. if (T1) printf("Erreur initIPT %d !!??\n",np);
  944. syslog(LOG_WARNING, "ERR: Erreur initIPT %d !!??\n",np);
  945. }
  946. /* lecture des listes */
  947. lectliste(fauth);
  948. if (T1) recaplistes();
  949. sleep(1); /* attend le fils en place */
  950. if (kill(pid,SIGUSR1) < 0) return 6;
  951. signal(SIGCHLD,interup);
  952. /*
  953. fcntl(p1[0], F_SETFL, O_NONBLOCK);
  954. flag0 = fcntl(0, F_GETFL, O_NONBLOCK);
  955. fcntl(0, F_SETFL, O_NONBLOCK);
  956. */
  957. /* on analyse la sortie de p1 */
  958. if ((fp = fdopen(p1[0],"r")) == NULL) {
  959. perror("fdopen"); return 7;
  960. }
  961. fcntl(p1[0], F_SETPIPE_SZ,1048576);
  962. if (T1) printf("Depart %s %s PIDF:%d !\n",NPROG, strPID,pid);
  963. if (T1) printf("Capacite pipe : %ld bytes\n", (long)fcntl(p1[0], F_GETPIPE_SZ));
  964. np=0;
  965. /* lancement du thread */
  966. if (Inter) {
  967. if (pthread_create(&thid,NULL,fct_com,(void*)fauth) != 0) {
  968. fprintf(stderr,"Erreur pthread_create !\n"); return 9;
  969. }
  970. }
  971. while (RUN) {
  972. tachePer1();
  973. if ((n = getline(&line, &ll, fp)) > 0) {
  974. if (ENDT) {
  975. printf("Erreur : plus de tache d'analyse !\n"); break;
  976. }
  977. if (RUN == 0) break;
  978. if ((n==1) && (*line=='\n')) continue;
  979. if (np==0) { np++;
  980. if (REPR) syslog(LOG_INFO,"Reprise de l'analyse !");
  981. else syslog(LOG_INFO,"Debut de l'analyse !");
  982. }
  983. /* analyse */
  984. if ((s1=strstr(line, " > ")) == NULL) continue;
  985. if (strncmp(s1-3,".53",3) == 0) { /* REPONSE */
  986. if ((s2=strstr(s1+3, ":")) == NULL) continue;
  987. NBin++;
  988. *s2 = '\0';
  989. s1 = s2 -1;
  990. while (*s1 != '.') s1--;
  991. np = atoi(s1+1);
  992. if ((ie = isElt(np)) == -1) { /* Elt OK ou ABSENT ! */
  993. ie = isElt(-np);
  994. s1 = s2+1;
  995. if ((s2=strstr(s1, " A ")) != NULL) { /* IPv4 */
  996. s2++;
  997. s1 = strrchr(s2,(int)' ');
  998. *s1 = '\0';
  999. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1000. if Vie {
  1001. markElt(ie,4); refU = Turl[ie];
  1002. } else {
  1003. if (T1) printf("Elt %d %s\n",np,NOTF);
  1004. syslog(LOG_WARNING,"ERR: Elt %d %s\n",np,NOTF);
  1005. continue;
  1006. }
  1007. if (!verifIPOk(s2, refU))
  1008. if Vie syslog(LOG_INFO,"Deblocage IP4 %s",refU);
  1009. } else {
  1010. if ((s2=strstr(s1, " AAAA ")) != NULL) { /* IPv6 */
  1011. s2++;
  1012. s1 = strrchr(s2,(int)' ');
  1013. *s1 = '\0';
  1014. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1015. if Vie markElt(ie,2);
  1016. dropIP6(s2);
  1017. } else {
  1018. if Vie markElt(ie,1);
  1019. }
  1020. }
  1021. continue;
  1022. }
  1023. s1 = s2+1;
  1024. if ((s2=strstr(s1, " A ")) == NULL) {
  1025. if ((s2=strstr(s1, " AAAA ")) == NULL) {
  1026. markElt(ie,1);
  1027. } else { /* traitement IPv6 */
  1028. s2++;
  1029. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1030. s1 = strrchr(s2,(int)' ');
  1031. *s1 = '\0';
  1032. if (markElt(ie,2)) dropIP6(s2);
  1033. }
  1034. continue;
  1035. }
  1036. /* IPv4 REJECT */
  1037. s2++;
  1038. s1 = strrchr(s2,(int)' ');
  1039. *s1 = '\0';
  1040. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1041. syslog(LOG_INFO,"%s DENY",Turl[ie]);
  1042. if (markElt(ie,4)) dropIP(s2);
  1043. } else { /* DEMANDE */
  1044. NBout++;
  1045. *s1 = '\0';
  1046. s2 = s1 +1;
  1047. while (*s1 != '.') s1--;
  1048. np = atoi(s1+1);
  1049. if ((s1=strstr(s2, " A? ")) == NULL) continue;
  1050. s1 += 4;
  1051. s2 = s1 +1;
  1052. while (*s2 != ' ') s2++;
  1053. *(s2-1) = '\0'; /* on supprime le '.' */
  1054. if (LogC) syslog(LOG_INFO,"Req. %d %s",np,s1);
  1055. if (strstr(s1, ".") == NULL) { /* il doit en rester 1 */
  1056. if (T1) printf("Ignore : %d %s !\n",np,s1);
  1057. syslog(LOG_WARNING,"ERR: Ignore %d %s !\n",np,s1);
  1058. continue;
  1059. }
  1060. if (!isDeny(s1)) { // V2 ! On enregistre le OK en NEGATIF
  1061. if (isElt(-np) < 0) {
  1062. addElt(-np,s1);
  1063. syslog(LOG_INFO,"%s ok",s1);
  1064. }
  1065. continue;
  1066. }
  1067. if (isElt(np) < 0) {
  1068. i=addElt(np,s1);
  1069. if (T3) printf("T3: addElt %d %d/%d\n",NbElt,i,NBT);
  1070. }
  1071. }
  1072. }
  1073. if (REQ) {
  1074. printf("Taper votre commande : H pour help !\n");
  1075. if ((n2 = getline(&cmd, &lc, stdin)) > 0) {
  1076. switch (*cmd) {
  1077. case 'C' :
  1078. REQ = 0;
  1079. break;
  1080. case 'L' :
  1081. listElt(cmd[1]);
  1082. printf(" %s Utilise %d elts/%d : %.2f%% (Max. %d)!\n",
  1083. ctime(&tim1),iT,NBT,(float)(iT*100)/(float)NBT,MaxElt);
  1084. break;
  1085. case 'S' :
  1086. RUN = 0;
  1087. REQ = 0;
  1088. break;
  1089. default :
  1090. printf("C\t: continuer\n");
  1091. printf("L\t: liste des elts\n");
  1092. printf("S\t: stopper\n");
  1093. break;
  1094. }
  1095. }
  1096. }
  1097. }
  1098. syslog(LOG_INFO,"Fin de l'analyse !");
  1099. free(line);
  1100. free(cmd);
  1101. kill(pid,SIGTERM);
  1102. close(p1[0]);
  1103. close(p1[1]);
  1104. closelog();
  1105. if (ENDT) { /* relance auto */
  1106. if (T1) printf("Relance auto %s dans %d sec. ...\n",strPID, DELAYR);
  1107. sleep(DELAYR); /* attend N s */
  1108. NP = (char**)malloc((sizeof(Pars))*(N+3));
  1109. ie=0;
  1110. for (i=0;i<N;i++) { NP[i] = P[i]; if (strcmp(P[i],strR) == 0) ie=1; }
  1111. if (ie == 0) {
  1112. NP[i++]=strR;
  1113. NP[i++]=strPID;
  1114. }
  1115. NP[i]=NULL;
  1116. if (WH) write_history(FHISTO);
  1117. comsh("reset",0);
  1118. execv(P[0],NP);
  1119. perror("execv");
  1120. }
  1121. printf("Fin du programme!\n");
  1122. return 0;
  1123. }