Code afférent au projet Kouglof 2 de l'E2L
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。

octave.c 33 KiB

6ヶ月前
5ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
5ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
6ヶ月前
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224
  1. /*******************************************************************
  2. Copyright (C) 2011-2024 Patrick H. E. Foubet - S.E.R.I.A.N.E.
  3. This program is free software: you can redistribute it and/or modify
  4. it under the terms of the GNU General Public License as published by
  5. the Free Software Foundation, either version 3 of the License, or any
  6. later version.
  7. This program is distributed in the hope that it will be useful,
  8. but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10. See the GNU General Public License for more details.
  11. You should have received a copy of the GNU General Public License
  12. along with this program. If not, see <http://www.gnu.org/licenses/>
  13. *******************************************************************/
  14. /*
  15. ############################################################
  16. # Projet Kouglof 2 de l'Ecole du Logiciel Libre d'Ivry : #
  17. ############################################################
  18. octave.c : outil pour scanner l'interface reseau afin d'analyser les sites
  19. auxquels les applications veulent se connecter.
  20. A utiliser avec le fichier auth1.txt pour stopper les connexions non voulues
  21. Tous les details sur le site :
  22. https://e2li.org -> menu : Projet Prosecco.
  23. */
  24. #include <stdio.h>
  25. #include <stdlib.h>
  26. #include <sys/types.h>
  27. #include <unistd.h>
  28. #include <signal.h>
  29. #include <fcntl.h>
  30. #include <readline/readline.h>
  31. #include <readline/history.h>
  32. #include <sys/wait.h>
  33. #include <string.h>
  34. #include <syslog.h>
  35. #include <time.h>
  36. #include <arpa/inet.h>
  37. #include <pthread.h>
  38. #define Version "1.04"
  39. #define F_GETPIPE_SZ 1032
  40. #define F_SETPIPE_SZ 1031
  41. static int RUN=1, REQ=0, ENDT=0, REINI=0, REPR=0, JCTL=0, LogC=0, WH=1, p1[2],Trace=0;
  42. static pid_t pid;
  43. static char * NPROG, *IFACE=NULL;
  44. #define DELAYR 20 /* delai avant relance auto */
  45. void interup (int S)
  46. {
  47. switch(S) {
  48. case SIGINT:
  49. write(p1[1],"\n",1);
  50. REQ=1; return;
  51. break;
  52. case SIGCHLD:
  53. if (waitpid(pid,NULL,WNOHANG) == pid) {
  54. ENDT=1;
  55. write(p1[1],"\n",1);
  56. }
  57. break;
  58. case SIGHUP:
  59. case SIGILL:
  60. case SIGSEGV:
  61. ENDT=S+1;
  62. write(p1[1],"\n",1);
  63. break;
  64. default:
  65. fprintf(stderr,"Reçu signal %d !!??\n",S);
  66. }
  67. }
  68. /* ### les niveaux de trace */
  69. #define TMIN 0
  70. #define TMAX 3
  71. #define T1 Trace > 0
  72. #define T2 Trace > 1
  73. #define T3 Trace > 2
  74. /* #### les fonctions adresses IPv4 */
  75. int isIPv4(char *a)
  76. {
  77. struct in_addr S;
  78. int r;
  79. if ((r = inet_pton(AF_INET,a, (void *)&S)) <= 0) return 0;
  80. return 1;
  81. }
  82. int isIPv6(char *a)
  83. {
  84. struct in6_addr S;
  85. int r;
  86. if ((r = inet_pton(AF_INET6,a, (void *)&S)) <= 0) return 0;
  87. return 1;
  88. }
  89. int isCidr(char*r)
  90. {
  91. char buf[20], *sn;
  92. int n;
  93. if (strlen(r)>18) return 0;
  94. strcpy(buf,r);
  95. if ((sn=strstr(buf,"/")) == NULL) return 0;
  96. *sn = '\0';
  97. if (!isIPv4(buf)) return 0;
  98. n = atoi(sn+1);
  99. if (n>32) return 0;
  100. return n;
  101. }
  102. int isCidr6(char*r)
  103. {
  104. char buf[52], *sn;
  105. int n;
  106. if (strlen(r)>50) return 0;
  107. strcpy(buf,r);
  108. if ((sn=strstr(buf,"/")) == NULL) return 0;
  109. *sn = '\0';
  110. if (!isIPv6(buf)) return 0;
  111. n = atoi(sn+1);
  112. if (n>128) return 0;
  113. return n;
  114. }
  115. uint64_t NbAddCidrs = 0;
  116. int isSousRes(char*r, char *a)
  117. {
  118. struct in_addr Sa, Sr, Sm;
  119. int n, m1,m2,m3,m4, m;
  120. char buf[20],smasq[16],*sn;
  121. if (!isCidr(r)) return 0;
  122. if (!isIPv4(a)) return 0;
  123. strcpy(buf,r);
  124. if ((sn=strstr(buf,"/")) == NULL) return 0;
  125. *sn = '\0';
  126. n = atoi(sn+1);
  127. /* calcul du masq */
  128. m=n;
  129. if (m>7) { m1=255; m-=8;
  130. } else { m1=0;
  131. while (m>=0) m1 |= 0x80 >> --m;
  132. }
  133. if (m>7) { m2=255; m-=8;
  134. } else { m2=0;
  135. while (m>=0) m2 |= 0x80 >> --m;
  136. }
  137. if (m>7) { m3=255; m-=8;
  138. } else { m3=0;
  139. while (m>=0) m3 |= 0x80 >> --m;
  140. }
  141. if (m>7) { m4=255; m-=8;
  142. } else { m4=0;
  143. while (m>=0) m4 |= 0x80 >> --m;
  144. }
  145. sprintf(smasq,"%d.%d.%d.%d",m1,m2,m3,m4);
  146. inet_pton(AF_INET,smasq, (void *)&Sm);
  147. inet_pton(AF_INET,a, (void *)&Sa);
  148. inet_pton(AF_INET,buf, (void *)&Sr);
  149. if ((Sr.s_addr & Sm.s_addr) == (Sa.s_addr & Sm.s_addr)) return 1;
  150. return 0;
  151. }
  152. /* #### gestion dynamique des CIDR */
  153. #define NBC 100 /* nb de CIDR */
  154. char* Tcidr[NBC];
  155. int iC=0;
  156. int bloqueIP(char*);
  157. int addCidr(char * c)
  158. {
  159. int i=iC;
  160. if (i==NBC) return i;
  161. Tcidr[i] = (char*)malloc(strlen(c)+1);
  162. strcpy(Tcidr[i],c);
  163. iC++;
  164. bloqueIP(c);
  165. return i;
  166. }
  167. void delCidr(char * c)
  168. {
  169. int i;
  170. for (i=0; i<iC; i++)
  171. if (strcmp(c,Tcidr[i]) == 0) {
  172. iC--;
  173. if (iC == i) return;
  174. if (iC > 0) Tcidr[i] = Tcidr[iC];
  175. return;
  176. }
  177. }
  178. int isAddrInCidr(char * a, int M)
  179. {
  180. int i;
  181. for(i=0;i<iC;i++) {
  182. if (isSousRes(Tcidr[i],a)) {
  183. if (M) syslog(LOG_INFO,"CIDR %s contient %s !",Tcidr[i],a);
  184. return 1;
  185. }
  186. }
  187. return 0;
  188. }
  189. void validCidr(void)
  190. {
  191. int i,j;
  192. char a[20],*p, *g, *w;
  193. for(i=0;i<iC;i++)
  194. for (j=i+1;j<iC;j++) {
  195. if (isCidr(Tcidr[i]) < isCidr(Tcidr[j])) {
  196. p=Tcidr[i]; g=Tcidr[j];
  197. } else {
  198. p=Tcidr[j]; g=Tcidr[i];
  199. }
  200. strcpy(a,g);
  201. w = strstr(a,"/");
  202. *w = '\0';
  203. w++;
  204. if (isSousRes(p,a)) {
  205. if (T1) printf("T1: %s contient %s (%s)\n",p,a,w);
  206. delCidr(g);
  207. }
  208. }
  209. }
  210. void listCidr(void)
  211. {
  212. int i;
  213. printf("CIDR : %d elts representent %lld adresses.\n",iC,(long long)NbAddCidrs);
  214. for (i=0; i<iC; i++) printf("\t%s\n", Tcidr[i]);
  215. }
  216. /* ### gestion des listes */
  217. #define NBAll 500
  218. #define NBDen 300
  219. char * Allow[NBAll];
  220. char * Deny[NBDen];
  221. int iAll=0, iDen=0;
  222. int isDeny(char*u)
  223. {
  224. char *su;
  225. int i, tu, t;
  226. for (i=0;i<iDen;i++) {
  227. tu = strlen(u);
  228. t = strlen(Deny[i]);
  229. if (tu < t) continue;
  230. su = u + tu - t;;
  231. if (strcmp(su,Deny[i]) == 0) {
  232. if (su==u) return 1;
  233. if (*(su-1)=='.') return 1;
  234. }
  235. }
  236. for (i=0;i<iAll;i++) {
  237. tu = strlen(u);
  238. t = strlen(Allow[i]);
  239. if (tu < t) continue;
  240. su = u + tu - t;
  241. if (strcmp(su,Allow[i]) == 0) {
  242. if (*(Allow[i]) == '.') return 0;
  243. if (su==u) return 0;
  244. if (*(su-1)=='.') return 0;
  245. }
  246. }
  247. return 1; /* deny par defaut */
  248. }
  249. void listeAllow(void)
  250. {
  251. int i;
  252. printf("Allow : %d\n",iAll);
  253. for (i=0;i<iAll;i++) printf("\t%s\n",Allow[i]);
  254. }
  255. void listeDeny(void)
  256. {
  257. int i;
  258. printf("Deny : %d\n",iDen);
  259. for (i=0;i<iDen;i++) printf("\t%s\n",Deny[i]);
  260. }
  261. void dejaLa(char * e)
  262. {
  263. printf("%s est deja dans la liste !\n",e);
  264. }
  265. int dejaAllow(char *e)
  266. {
  267. int i;
  268. for (i=0;i<iAll;i++) {
  269. if (strlen(e) != strlen(Allow[i])) continue;
  270. if (strcmp(e,Allow[i])==0) {
  271. dejaLa(e); return 1;
  272. }
  273. }
  274. return 0;
  275. }
  276. int dejaDeny(char *e)
  277. {
  278. int i;
  279. for (i=0;i<iDen;i++) {
  280. if (strlen(e) != strlen(Deny[i])) continue;
  281. if (strcmp(e,Deny[i])==0) {
  282. dejaLa(e); return 1;
  283. }
  284. }
  285. return 0;
  286. }
  287. void recaplistes(void)
  288. {
  289. listeDeny();
  290. listeAllow();
  291. }
  292. int litligne(char * line)
  293. {
  294. char *w, **S;
  295. void * M;
  296. int t,v;
  297. if (*line == '#') return 1;
  298. if ((w=strstr(line, "\n")) != NULL) *w = '\0';
  299. w=line;
  300. if (*w == '-') w++;
  301. t=strlen(w);
  302. if (t==0) return 1;
  303. if ((v=isCidr(w)) > 0) { /* test si CIDR */
  304. addCidr(w);
  305. NbAddCidrs += (int)(1<<v);
  306. return 1;
  307. }
  308. if ((v=isCidr6(w)) > 0) { /* test si CIDR6 */
  309. printf("%s : CIDR IPv6 non pris en compte pour l'instant !\n",w);
  310. return 1;
  311. }
  312. if (*line == '-') {
  313. if (iDen == NBDen) return 0;
  314. if (dejaDeny(w)) return 0;
  315. S = &Deny[iDen];
  316. iDen++;
  317. } else {
  318. if (iAll == NBAll) return 0;
  319. if (dejaAllow(w)) return 0;
  320. S = &Allow[iAll];
  321. iAll++;
  322. }
  323. if ((M = malloc(t+1)) == NULL) {
  324. perror("malloc"); return 0;
  325. }
  326. *S=(char*)M;
  327. strcpy(*S,w);
  328. return 1;
  329. }
  330. void lectliste(char *f)
  331. {
  332. FILE * fd;
  333. char *line = NULL;
  334. size_t ll = 0;
  335. int n;
  336. if ((fd = fopen(f,"r")) == NULL) {
  337. perror(f); return;
  338. }
  339. while ((n = getline(&line, &ll, fd)) > 0) {
  340. if (!litligne(line)) {
  341. if (T1) printf("T1: Erreur param. = %s\n",line);
  342. }
  343. }
  344. free(line);
  345. fclose(fd);
  346. validCidr();
  347. if (T1) listCidr();
  348. }
  349. /* ### gestion dynamique des elts */
  350. #define NBT 1000 /* nb d'elts */
  351. int Tno[NBT];
  352. int Trv[NBT];
  353. char* Turl[NBT];
  354. int iT=0, NbElt=0, MaxElt=0;
  355. int addElt(int n, char * u)
  356. {
  357. int i=iT;
  358. if (i == NBT) return i;
  359. Tno[i]=n;
  360. Trv[i]=0;
  361. Turl[i] = (char*)malloc(strlen(u)+1);
  362. strcpy(Turl[i],u);
  363. iT++;
  364. NbElt++;
  365. if (NbElt > MaxElt) MaxElt=NbElt;
  366. return i;
  367. }
  368. int isElt(int n)
  369. {
  370. int i;
  371. for (i=0; i<iT; i++) if (n==Tno[i]) return i;
  372. return -1;
  373. }
  374. void delIElt(int i)
  375. {
  376. if (i>=iT) return;
  377. if (T3) printf("T3: Del %d : %s \n",Tno[i],Turl[i]);
  378. iT--;
  379. if (iT == i) return;
  380. if (iT > 0) {
  381. Tno[i] = Tno[iT];
  382. Turl[i] = Turl[iT];
  383. Trv[i] = Trv[iT];
  384. }
  385. return;
  386. }
  387. void delElt(int n)
  388. {
  389. int i;
  390. for (i=0; i<iT; i++)
  391. if (n==Tno[i]) {
  392. delIElt(i);
  393. return;
  394. }
  395. }
  396. int markElt(int i, int v)
  397. {
  398. if (Trv[i] & v) return 0;
  399. Trv[i] |= v;
  400. return 1;
  401. }
  402. void listElt(char c)
  403. {
  404. int i,n=0;
  405. switch (c) {
  406. case '-':
  407. for (i=0; i<iT; i++)
  408. if (Tno[i]<0) { printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  409. n++;
  410. }
  411. break;
  412. case '+':
  413. for (i=0; i<iT; i++)
  414. if (Tno[i]>0) { printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  415. n++;
  416. }
  417. break;
  418. default:
  419. for (i=0; i<iT; i++) {
  420. printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  421. n++;
  422. }
  423. break;
  424. }
  425. printf(" %d elements trouves.\n",n);
  426. }
  427. #define EX_NOOUT 1
  428. #define EX_NOERR 2
  429. #define EX_DUREE 4
  430. #define EX_SILENT EX_NOOUT|EX_NOERR
  431. int comsh(char *com,int mode)
  432. {
  433. pid_t pid;
  434. int ret,i=0;
  435. char *c="|/-\\";
  436. if (mode & EX_DUREE) { printf(" ...\r"); fflush(stdout); }
  437. if ((pid = fork()) < 0) {
  438. perror("fork2"); return 99;
  439. }
  440. if (T3) printf("$ %s\n",com);
  441. if (pid == 0) {
  442. if (mode & EX_NOOUT) close(1);
  443. if (mode & EX_NOERR) close(2);
  444. signal(SIGINT,SIG_IGN);
  445. execl("/bin/sh", "sh", "-c", com, (char *) 0);
  446. perror("execl2"); return 98;
  447. }
  448. if (mode & EX_DUREE) {
  449. while (waitpid(pid,&ret,WNOHANG) != pid) {
  450. sleep(1);
  451. printf("%c\r",c[i++]);
  452. fflush(stdout);
  453. if (i==4) i=0;
  454. }
  455. } else waitpid(pid,&ret,0);
  456. return WEXITSTATUS(ret);
  457. }
  458. int exeCom(char * comm) /* on se reserve le droit de modifier */
  459. {
  460. char b[120];
  461. sprintf(b,"%s >/dev/null 2>&1",comm);
  462. return comsh(b,EX_SILENT);
  463. }
  464. /* ### fct de MAJ iptables */
  465. static char * IPT = "iptables";
  466. static char * IP6T = "ip6tables";
  467. static char * MYCH = "valide4";
  468. static char * OUTP = "OUTPUT";
  469. static char * MNO = "REJECT";
  470. static char * MOK = "ACCEPT";
  471. int initIPT(void)
  472. {
  473. int i=0;
  474. char b[90];
  475. if (REPR) return 0;
  476. sprintf(b,"%s -F",IPT);
  477. i += exeCom(b);
  478. sprintf(b,"%s -F",IP6T);
  479. i += exeCom(b);
  480. sprintf(b,"%s -L %s -n",IPT,MYCH);
  481. if (exeCom(b)) {
  482. sprintf(b,"%s -N %s",IPT,MYCH);
  483. i += exeCom(b);
  484. }
  485. sprintf(b,"%s -A %s -j %s",IPT,OUTP,MYCH);
  486. i += exeCom(b);
  487. return i;
  488. }
  489. int isPresentIP(char * comm, char * ip, char * chain)
  490. {
  491. char buf[100];
  492. sprintf(buf,"%s -L %s -n|grep %s",comm,chain,ip);
  493. if (exeCom(buf) == 0) return 1;
  494. return 0;
  495. }
  496. int retireChain(char * comm, char * ip, char * chain, char * jump)
  497. {
  498. char buf[100];
  499. sprintf(buf,"%s -D %s -d %s -j %s",comm,chain, ip, jump);
  500. return exeCom(buf);
  501. }
  502. int ajouteChain(char * comm, char * ip, char * chain, char * jump)
  503. {
  504. char buf[100];
  505. sprintf(buf,"%s -A %s -d %s -j %s",comm,chain, ip, jump);
  506. return exeCom(buf);
  507. }
  508. int bloqueIP(char* ip)
  509. {
  510. if (isAddrInCidr(ip,0)) return 0;
  511. if (isPresentIP(IPT,ip,OUTP)) return 0;
  512. return ajouteChain(IPT,ip,OUTP,MNO);
  513. }
  514. int debloqueIP(char* ip, char * url)
  515. {
  516. if (url != NULL) syslog(LOG_INFO,"%s=%s ACCEPT",url,ip);
  517. return ajouteChain(IPT,ip,MYCH,MOK);
  518. }
  519. int rebloqueIP(char* ip)
  520. {
  521. return retireChain(IPT,ip,MYCH,MOK);
  522. }
  523. void dropIP(char * l)
  524. {
  525. char *s,*d=l;
  526. while ((s=strstr(d, "A ")) != NULL) {
  527. s+=2;
  528. if ((d=strstr(s+2, ",")) == NULL) break;
  529. *d = '\0';
  530. d++;
  531. bloqueIP(s);
  532. }
  533. bloqueIP(s);
  534. }
  535. int verifIPOk(char * l, char * url)
  536. {
  537. char *s,*d=l;
  538. while ((s=strstr(d, "A ")) != NULL) {
  539. s+=2;
  540. if ((d=strstr(s+2, ",")) == NULL) break;
  541. *d = '\0';
  542. d++;
  543. if (isPresentIP(IPT,s,MYCH)) continue;
  544. if (isAddrInCidr(s,1)) debloqueIP(s,url);
  545. }
  546. if (isPresentIP(IPT,s,MYCH)) return 1;
  547. if (isAddrInCidr(s,1)) return(debloqueIP(s,url));
  548. return 1;
  549. }
  550. int dropIP6(char * l)
  551. {
  552. char *s,*d=l;
  553. while ((s=strstr(d, "A ")) != NULL) {
  554. s+=2;
  555. if ((d=strstr(s+2, ",")) == NULL) break;
  556. *d = '\0';
  557. d++;
  558. if (isPresentIP(IP6T,s,OUTP)) continue;
  559. ajouteChain(IP6T,s,OUTP,MNO);
  560. }
  561. if (isPresentIP(IP6T,s,OUTP)) return 1;
  562. ajouteChain(IP6T,s,OUTP,MNO);
  563. return 1;
  564. }
  565. /* tache de commande et periodiques */
  566. #define t0 (time_t)0
  567. time_t tim1=t0;
  568. void tachePer1(void) /* vide les elts toutes les 30 secondes */
  569. {
  570. static time_t tim0=t0, tw;
  571. int i, v;
  572. tw = time(NULL);
  573. if ((tw - tim0) < 30) {
  574. if (T3) printf ("T3: tache1 passe %s",ctime(&tw));
  575. return;
  576. }
  577. if (T3) printf ("T3: tache1 exec %s",ctime(&tw));
  578. tim1 = time(NULL);
  579. v = (tim1 - tim0) / 30;
  580. if (tim0 != t0) {
  581. for (i=iT-1; i>=0; i--) {
  582. if ((Trv[i]&0x6) == 6) delIElt(i); // IPv4 + IPV6
  583. else { Trv[i] += 8*v;
  584. if (Trv[i] > 80) delIElt(i); // On laisse 5 min.
  585. }
  586. }
  587. }
  588. tim0 = time(NULL);
  589. return;
  590. }
  591. void ajoutParam(char * ficp, char * param)
  592. {
  593. FILE * fw;
  594. fw = fopen(ficp,"a");
  595. fwrite(param,strlen(param),1,fw);
  596. fwrite("\n",1,1,fw);
  597. fclose(fw);
  598. }
  599. static int NBin=0, NBout=0;
  600. void prInOut(void)
  601. {
  602. printf(" %d messages DNS: %d requetes, %d reponses.\n",NBout+NBin,NBout,NBin);
  603. }
  604. int printQ(char * q)
  605. {
  606. char *rep=NULL;
  607. size_t lr = 0;
  608. int n;
  609. while (1) {
  610. printf("Voulez-vous %s ?\n Taper O/o pour OUI, autre touche = NON :\n",q);
  611. if ((n = getline(&rep, &lr, stdin)) != 2) continue;
  612. if (*rep == 'O') return 1;
  613. if (*rep == 'o') return 1;
  614. return 0;
  615. }
  616. }
  617. #define SUNIC "|sort|uniq"
  618. #define JCTLSYS "journalctl --system"
  619. #define JCTLSYSG JCTLSYS"|grep "
  620. #define CHLOG "/var/log/user.log"
  621. #define CHLOGREP "/var/log/user.log|grep "
  622. #define CUT6 "|cut -d' ' -f6"
  623. #define CUTM45 "|cut -d' ' -f1-3,6-"
  624. #define CUT7S "|cut -d' ' -f7-"
  625. #define NOTF "non trouve !!??"
  626. #define ENOVAL "Element non valable !"
  627. #define FHISTO ".octave_history"
  628. #define AWK5 "|awk '{ print $5}'"
  629. #define AWK4 "|awk '{ print $4}'"
  630. #define DREJ "^REJECT "
  631. #define DACC "^ACCEPT "
  632. void * fct_com(void * p)
  633. {
  634. int REQ=1;
  635. char *cmd = NULL, *fauth, pr[30], com[200];
  636. int n2;
  637. pid_t pid;
  638. fauth = (char*)p;
  639. pid = getpid();
  640. read_history(FHISTO);
  641. while (REQ) {
  642. if (kill(pid,SIGUSR1) < 0) { /* verif processus acquisition */
  643. ENDT=1;
  644. write(p1[1],"\n",1);
  645. break;
  646. }
  647. free(cmd);
  648. sprintf(pr,"\e[01;34m%s-> \e[00m",NPROG);
  649. cmd = readline(pr);
  650. if ((n2 = strlen(cmd)) > 0) {
  651. write(p1[1],"\n",1);
  652. add_history(cmd);
  653. switch (*cmd) {
  654. case '+' :
  655. if (*(cmd+1) != '\0') {
  656. if (litligne(cmd+1)) { /* ajout au fichier fauth */
  657. if (debloqueIP(cmd+1,NULL)) printf("%s\n",ENOVAL);
  658. else {
  659. if (printQ("ajouter au fichier parametres"))
  660. ajoutParam(fauth,cmd+1);
  661. listeAllow();
  662. }
  663. } else printf("Erreur ajout param. !\n");
  664. } else listeAllow();
  665. break;
  666. case '-' :
  667. if (*(cmd+1) != '\0') {
  668. if (litligne(cmd)) { /* ajout au fichier fauth */
  669. if (rebloqueIP(cmd+1)) printf("%s\n",ENOVAL);
  670. else {
  671. if (printQ("ajouter au fichier parametres"))
  672. ajoutParam(fauth,cmd);
  673. listeDeny();
  674. }
  675. } else printf("Erreur ajout param. !\n");
  676. } else listeDeny();
  677. break;
  678. case 'l' :
  679. listElt(cmd[1]);
  680. printf(" %s Utilise %d elts/%d : %.2f%% (Max. %d)!\n",ctime(&tim1),iT,
  681. NBT, (float)(iT*100)/(float)NBT, MaxElt);
  682. prInOut();
  683. break;
  684. case 't' :
  685. if (*(cmd+1) != '\0') {
  686. if ((cmd[1] == '+') || (cmd[1] == '-')) {
  687. if ((cmd[1] == '+') && (Trace < TMAX)) Trace++;
  688. else {
  689. if ((cmd[1] == '-') && (Trace > TMIN)) Trace--;
  690. else printf("Erreur: niveau dans [%d, %d].\n",TMIN,TMAX);
  691. }
  692. } else printf("Erreur: Utiliser t+ ou t- !\n");
  693. }
  694. printf(" Trace niveau %d\n",Trace);
  695. break;
  696. case 'a' :
  697. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  698. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
  699. ".* ok", CUT6,SUNIC);
  700. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
  701. ".* ok", CHLOG,CUT6,SUNIC);
  702. comsh(com,0);
  703. break;
  704. case 'i' :
  705. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  706. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
  707. ".* DENY", CUT6,SUNIC);
  708. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
  709. ".* DENY", CHLOG,CUT6,SUNIC);
  710. comsh(com,0);
  711. break;
  712. case 'e' :
  713. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  714. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
  715. ".* ACCEPT", CUT6,SUNIC);
  716. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
  717. ".* ACCEPT", CHLOG,CUT6,SUNIC);
  718. comsh(com,0);
  719. break;
  720. case 'E' :
  721. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  722. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s",JCTLSYSG,NPROG,pid,
  723. ".*ERR: ", CUTM45);
  724. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s",NPROG,pid,
  725. ".*ERR: ", CHLOG,CUTM45);
  726. comsh(com,0);
  727. break;
  728. case 'L' :
  729. if (*(cmd+1) == '\0') {
  730. if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG,
  731. pid, "-v 'Re[pq]. '",CUTM45);
  732. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
  733. CHLOGREP,"-v 'Re[pq]. '",CUTM45);
  734. } else {
  735. if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s|grep '%s'",JCTLSYSG
  736. ,NPROG,pid,"-v 'Re[pq]. '",CUTM45,cmd+1);
  737. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s|grep '%s'",NPROG,pid,
  738. CHLOGREP,"-v 'Re[pq]. '",CUTM45,cmd+1);
  739. }
  740. comsh(com,0);
  741. break;
  742. case 'T' :
  743. if (*(cmd+1) != '\0') { /* avec parametre */
  744. if ((*(cmd+1) == '+') && (*(cmd+2) != '\0')) { /* script + param */
  745. sprintf(com,"./t1.sh %d %s >.Trav%d",pid,cmd+2,pid);
  746. comsh(com,0);
  747. sprintf(com,"cat .Trav%d",pid);
  748. } else {
  749. if (JCTL)
  750. sprintf(com,"%s'%s\\[%d\\].*%s'|grep%s%s",JCTLSYSG,NPROG,pid,
  751. cmd+1," 'Re[pq]. '",CUTM45);
  752. else
  753. sprintf(com,"grep '%s\\[%d\\].*%s' %s%s%s",NPROG,pid,cmd+1,
  754. CHLOGREP," 'Re[pq]. '",CUTM45);
  755. }
  756. } else {
  757. if (JCTL)sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG,pid,
  758. " 'Re[pq]. '",CUTM45);
  759. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
  760. CHLOGREP," 'Re[pq]. '",CUTM45);
  761. }
  762. comsh(com,0);
  763. prInOut();
  764. break;
  765. case '>' :
  766. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  767. if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid,
  768. " Req. '",CUT7S,SUNIC);
  769. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
  770. CHLOGREP," 'Req. '",CUT7S,SUNIC);
  771. comsh(com,0);
  772. prInOut();
  773. break;
  774. case '<' :
  775. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  776. if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid,
  777. " Rep. '",CUT7S,SUNIC);
  778. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
  779. CHLOGREP," 'Rep. '",CUT7S,SUNIC);
  780. comsh(com,0);
  781. prInOut();
  782. break;
  783. case 'r' :
  784. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  785. sprintf(com,"%s -L %s|grep %s%s%s",IPT,OUTP,DREJ,AWK5,SUNIC);
  786. comsh(com,EX_NOERR|EX_DUREE);
  787. break;
  788. case 'R' :
  789. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  790. sprintf(com,"%s -L|grep %s%s%s",IP6T,DREJ,AWK4,SUNIC);
  791. comsh(com,EX_NOERR|EX_DUREE);
  792. break;
  793. case 'N' :
  794. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  795. if (printQ("Re-initialiser")) {
  796. RUN = 0;
  797. REINI = 1;
  798. write(p1[1],"\n",1);
  799. }
  800. break;
  801. case 'S' :
  802. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  803. RUN = 0;
  804. REQ = 0;
  805. write(p1[1],"\n",1);
  806. break;
  807. case 'v' :
  808. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  809. sprintf(com,"%s -L %s|grep %s%s%s",IPT,MYCH,DACC,AWK5,SUNIC);
  810. comsh(com,EX_NOERR|EX_DUREE);
  811. break;
  812. case ' ' :
  813. if (*(cmd+1) != '\0') comsh(cmd+1,0);
  814. break;
  815. case '?' :
  816. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  817. printf("Version %s\n",Version);
  818. prInOut();
  819. default :
  820. printf("?\t\t: Version et menu.\n");
  821. printf("+url\t\t: Allow (autoriser une Url)\n");
  822. printf("-url\t\t: Deny (interdire une Url)\n");
  823. printf("a\t\t: Autorisations suivant analyse\n");
  824. printf("i\t\t: Interdictions suivant analyse\n");
  825. printf("e\t\t: Exceptions suivant analyse\n");
  826. printf("E\t\t: Liste des erreurs\n");
  827. printf("l[+|-]\t\t: Liste des elements dynamiques\n");
  828. printf("L[filtre]\t: Logs du systeme avec filtre de type regex\n");
  829. printf("r\t\t: Rejets actifs IPv4 (dure plusieurs sec.)\n");
  830. printf("R\t\t: Rejets actifs IPv6 (dure plusieurs sec.)\n");
  831. printf("v\t\t: Validations actives IPv4 (dure plusieurs sec.)\n");
  832. printf("t+|-\t\t: Niveau de trace : 0 (off) => 3\n");
  833. if (LogC) {
  834. printf("T[+][mot]\t: Traces des demandes/reponses contenant mot.\n\t\t Avec + fait les liaisons entre requetes et reponses.\n");
  835. printf(">\t\t: Traces des demandes triees\n");
  836. printf("<\t\t: Traces des reponses triees\n");
  837. }
  838. printf("N\t\t: Nouvelle initialisation\n");
  839. printf("S\t\t: Stopper\n");
  840. break;
  841. }
  842. }
  843. }
  844. WH=write_history(FHISTO);
  845. free(cmd);
  846. sprintf(com,"rm -f .Trav%d",pid);
  847. comsh(com,0);
  848. /* fin dialogue */
  849. pthread_exit(NULL);
  850. }
  851. void getIface(void)
  852. {
  853. FILE * fd;
  854. char *line = NULL, *s, *w;
  855. size_t ll = 0;
  856. int n;
  857. if ((fd = fopen("/proc/net/route","r")) == NULL) {
  858. perror("route"); return;
  859. }
  860. while ((n = getline(&line, &ll, fd)) > 0) {
  861. if ((s=strstr(line,"00000000"))==NULL) continue;
  862. w=line;
  863. while ((*w != ' ') && (*w != '\t')) w++;
  864. *w = '\0';
  865. w++;
  866. while ((*w == ' ') || (*w == '\t')) w++;
  867. if (s==w) { /* ok */
  868. IFACE = (char*)malloc(strlen(line)+1);
  869. strcpy(IFACE,line);
  870. break;
  871. }
  872. }
  873. free(line);
  874. fclose(fd);
  875. }
  876. #define Vie (ie >= 0)
  877. int main(int N, char * P[])
  878. {
  879. pthread_t thid;
  880. FILE * fp;
  881. char *analyse="tcpdump", *line = NULL, *cmd = NULL, *s1, *s2, *refU;
  882. char *fauth = "auth1.txt", *strR = "-R", *Pars, strPID[8], **NP;
  883. size_t ll = 0, lc = 0;
  884. ssize_t n,n2;
  885. int Inter=0, i, ie, np=0, opt;
  886. if ((NPROG = strrchr(P[0],(int)'/')) == NULL) NPROG=P[0];
  887. else NPROG++;
  888. sprintf(strPID,"%d",getpid());
  889. /* verif. options */
  890. while ((opt = getopt(N, P, "ilp:R:t")) != -1) {
  891. switch (opt) {
  892. case 'i':
  893. Inter = 1;
  894. break;
  895. case 'l':
  896. LogC = 1;
  897. break;
  898. case 't':
  899. Trace = TMIN+1;
  900. break;
  901. case 'p':
  902. fauth = optarg;
  903. break;
  904. case 'R':
  905. REPR=1;
  906. np = atoi(optarg);
  907. break;
  908. default: /* '?' */
  909. fprintf(stderr, "Utilisation: %s [options]\nAvec les options :\n", NPROG);
  910. fprintf(stderr, "\t-i : mode interactif,\n");
  911. fprintf(stderr, "\t-l : log des requetes,\n");
  912. fprintf(stderr, "\t-p fichier : nom du fichier parametres (%s par defaut),\n",fauth);
  913. fprintf(stderr, "\t-t : avec trace.\n");
  914. return 1;
  915. }
  916. }
  917. if ((REPR) && (np != getpid())) {
  918. fprintf(stderr,"Erreur reprise %d\n", np);
  919. return 1;
  920. }
  921. if (optind < N) {
  922. fprintf(stderr,"Parametre inconnu : %s\n", P[optind]);
  923. return 1;
  924. }
  925. getIface();
  926. if (REPR) {
  927. while (IFACE==NULL) { sleep(1); getIface(); }
  928. } else {
  929. if (IFACE == NULL) {
  930. fprintf(stderr,"Interface reseau absente !\n");
  931. return 9;
  932. }
  933. }
  934. printf("%s %s sur %s\n", NPROG, Version, IFACE);
  935. /* verif privilege root */
  936. if ((getuid() > 0) && (geteuid() > 0)) {
  937. fprintf(stderr,"A executer sous root !\n");
  938. return 2;
  939. }
  940. if (comsh(JCTLSYS,EX_SILENT) == 0) JCTL=1;
  941. if (T1) printf("T1: Fichier parametres = %s\n",fauth);
  942. signal(SIGUSR1,SIG_IGN);
  943. if (pipe(p1) < 0) {
  944. perror("pipe"); return 3;
  945. }
  946. openlog(NULL,LOG_PID,0);
  947. /* on lance le fils : */
  948. if ((pid = fork()) < 0) {
  949. perror("fork"); return 4;
  950. }
  951. if (pid == 0) {
  952. signal(SIGINT,SIG_IGN);
  953. close(0);
  954. close(p1[0]);
  955. dup2(p1[1],1); /* stdout dans p1 */
  956. dup2(p1[1],2); /* idem stderr */
  957. setsid();
  958. execlp(analyse,analyse,"-tnl","-i",IFACE,"port","53",NULL);
  959. perror("execl");
  960. return 5;
  961. }
  962. if (Inter) signal(SIGINT,SIG_IGN);
  963. else signal(SIGINT,interup);
  964. if ((np=initIPT())!=0) {
  965. if (T1) printf("Erreur initIPT %d !!??\n",np);
  966. syslog(LOG_WARNING, "ERR: Erreur initIPT %d !!??\n",np);
  967. }
  968. /* lecture des listes */
  969. lectliste(fauth);
  970. if (T1) recaplistes();
  971. sleep(1); /* attend le fils en place */
  972. if (kill(pid,SIGUSR1) < 0) return 6;
  973. signal(SIGCHLD,interup);
  974. signal(SIGHUP,interup);
  975. signal(SIGILL,interup);
  976. signal(SIGSEGV,interup);
  977. /*
  978. fcntl(p1[0], F_SETFL, O_NONBLOCK);
  979. flag0 = fcntl(0, F_GETFL, O_NONBLOCK);
  980. fcntl(0, F_SETFL, O_NONBLOCK);
  981. */
  982. /* on analyse la sortie de p1 */
  983. if ((fp = fdopen(p1[0],"r")) == NULL) {
  984. perror("fdopen"); return 7;
  985. }
  986. fcntl(p1[0], F_SETPIPE_SZ,1048576);
  987. if (T1) printf("Depart %s %s PIDF:%d !\n",NPROG, strPID,pid);
  988. if (T1) printf("Capacite pipe : %ld bytes\n", (long)fcntl(p1[0], F_GETPIPE_SZ));
  989. np=0;
  990. /* lancement du thread */
  991. if (Inter) {
  992. if (pthread_create(&thid,NULL,fct_com,(void*)fauth) != 0) {
  993. fprintf(stderr,"Erreur pthread_create !\n"); return 9;
  994. }
  995. }
  996. while (RUN) {
  997. tachePer1();
  998. if ((n = getline(&line, &ll, fp)) > 0) {
  999. if (ENDT) {
  1000. if (ENDT==1) printf("Erreur : plus de tache d'analyse !\n");
  1001. break;
  1002. }
  1003. if (RUN == 0) break;
  1004. if ((n==1) && (*line=='\n')) continue;
  1005. if (np==0) { np++;
  1006. if (REPR) syslog(LOG_INFO,"Reprise de l'analyse !");
  1007. else syslog(LOG_INFO,"Debut de l'analyse !");
  1008. }
  1009. /* analyse */
  1010. if ((s1=strstr(line, " > ")) == NULL) continue;
  1011. if (strstr(line, " PTR") != NULL) continue; /* ignore PTR */
  1012. if (strncmp(s1-3,".53",3) == 0) { /* REPONSE */
  1013. if ((s2=strstr(s1+3, ":")) == NULL) continue;
  1014. NBin++;
  1015. *s2 = '\0';
  1016. s1 = s2 -1;
  1017. while (*s1 != '.') s1--;
  1018. np = atoi(s1+1);
  1019. if ((ie = isElt(np)) == -1) { /* Elt OK ou ABSENT ! */
  1020. ie = isElt(-np);
  1021. s1 = s2+1;
  1022. if ((s2=strstr(s1, " A ")) != NULL) { /* IPv4 */
  1023. s2++;
  1024. s1 = strrchr(s2,(int)' ');
  1025. *s1 = '\0';
  1026. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1027. if Vie {
  1028. markElt(ie,4); refU = Turl[ie];
  1029. } else {
  1030. if (T1) printf("Elt %d %s\n",np,NOTF);
  1031. syslog(LOG_WARNING,"ERR: Elt %d %s\n",np,NOTF);
  1032. continue;
  1033. }
  1034. if (!verifIPOk(s2, refU))
  1035. if Vie syslog(LOG_INFO,"Deblocage IP4 %s",refU);
  1036. } else {
  1037. if ((s2=strstr(s1, " AAAA ")) != NULL) { /* IPv6 */
  1038. s2++;
  1039. s1 = strrchr(s2,(int)' ');
  1040. *s1 = '\0';
  1041. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1042. if Vie markElt(ie,2);
  1043. dropIP6(s2);
  1044. } else {
  1045. if Vie markElt(ie,1);
  1046. }
  1047. }
  1048. continue;
  1049. }
  1050. s1 = s2+1;
  1051. if ((s2=strstr(s1, " A ")) == NULL) {
  1052. if ((s2=strstr(s1, " AAAA ")) == NULL) {
  1053. markElt(ie,1);
  1054. } else { /* traitement IPv6 */
  1055. s2++;
  1056. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1057. s1 = strrchr(s2,(int)' ');
  1058. *s1 = '\0';
  1059. if (markElt(ie,2)) dropIP6(s2);
  1060. }
  1061. continue;
  1062. }
  1063. /* IPv4 REJECT */
  1064. s2++;
  1065. s1 = strrchr(s2,(int)' ');
  1066. *s1 = '\0';
  1067. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1068. syslog(LOG_INFO,"%s DENY",Turl[ie]);
  1069. if (markElt(ie,4)) dropIP(s2);
  1070. } else { /* DEMANDE */
  1071. NBout++;
  1072. *s1 = '\0';
  1073. s2 = s1 +1;
  1074. while (*s1 != '.') s1--;
  1075. np = atoi(s1+1);
  1076. if ((s1=strstr(s2, " A? ")) == NULL) continue;
  1077. s1 += 4;
  1078. s2 = s1 +1;
  1079. while (*s2 != ' ') s2++;
  1080. *(s2-1) = '\0'; /* on supprime le '.' */
  1081. if (LogC) syslog(LOG_INFO,"Req. %d %s",np,s1);
  1082. if (strstr(s1, ".") == NULL) { /* il doit en rester 1 */
  1083. if (T1) printf("Ignore : %d %s !\n",np,s1);
  1084. syslog(LOG_WARNING,"ERR: Ignore %d %s !\n",np,s1);
  1085. continue;
  1086. }
  1087. if (!isDeny(s1)) { // V2 ! On enregistre le OK en NEGATIF
  1088. if (isElt(-np) < 0) {
  1089. addElt(-np,s1);
  1090. syslog(LOG_INFO,"%s ok",s1);
  1091. }
  1092. continue;
  1093. }
  1094. if (isElt(np) < 0) {
  1095. i=addElt(np,s1);
  1096. if (T3) printf("T3: addElt %d %d/%d\n",NbElt,i,NBT);
  1097. }
  1098. }
  1099. }
  1100. if (REQ) {
  1101. printf("Taper votre commande : H pour help !\n");
  1102. if ((n2 = getline(&cmd, &lc, stdin)) > 0) {
  1103. switch (*cmd) {
  1104. case 'C' :
  1105. REQ = 0;
  1106. break;
  1107. case 'L' :
  1108. listElt(cmd[1]);
  1109. printf(" %s Utilise %d elts/%d : %.2f%% (Max. %d)!\n",
  1110. ctime(&tim1),iT,NBT,(float)(iT*100)/(float)NBT,MaxElt);
  1111. break;
  1112. case 'S' :
  1113. RUN = 0;
  1114. REQ = 0;
  1115. break;
  1116. default :
  1117. printf("C\t: continuer\n");
  1118. printf("L\t: liste des elts\n");
  1119. printf("S\t: stopper\n");
  1120. break;
  1121. }
  1122. }
  1123. }
  1124. }
  1125. if (REINI==0) {
  1126. if (ENDT==1) syslog(LOG_INFO,"Fin de l'analyse !");
  1127. else syslog(LOG_WARNING,"Reçu signal %d !",ENDT-1);
  1128. }
  1129. free(line);
  1130. free(cmd);
  1131. kill(pid,SIGTERM);
  1132. close(p1[0]);
  1133. close(p1[1]);
  1134. closelog();
  1135. if (ENDT|REINI) { /* relance auto */
  1136. if (T1) printf("Relance auto %s dans %d sec. ...\n",strPID, DELAYR);
  1137. sleep(DELAYR); /* attend N s */
  1138. NP = (char**)malloc((sizeof(Pars))*(N+3));
  1139. ie=0;
  1140. for (i=0;i<N;i++) { NP[i] = P[i]; if (strcmp(P[i],strR) == 0) ie=1; }
  1141. if (ie == 0) {
  1142. NP[i++]=strR;
  1143. NP[i++]=strPID;
  1144. }
  1145. NP[i]=NULL;
  1146. if (WH) write_history(FHISTO);
  1147. comsh("reset",0);
  1148. execv(P[0],NP);
  1149. perror("execv");
  1150. }
  1151. printf("Fin du programme!\n");
  1152. return 0;
  1153. }