Code afférent au projet Kouglof 2 de l'E2L
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

6 个月前
5 个月前
6 个月前
5 个月前
6 个月前
5 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
5 个月前
6 个月前
5 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
5 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
5 个月前
6 个月前
6 个月前
6 个月前
5 个月前
6 个月前
6 个月前
6 个月前
5 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
5 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
5 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
5 个月前
6 个月前
5 个月前
6 个月前
5 个月前
6 个月前
6 个月前
6 个月前
5 个月前
6 个月前
5 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
6 个月前
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221
  1. /*******************************************************************
  2. Copyright (C) 2011-2024 Patrick H. E. Foubet - S.E.R.I.A.N.E.
  3. This program is free software: you can redistribute it and/or modify
  4. it under the terms of the GNU General Public License as published by
  5. the Free Software Foundation, either version 3 of the License, or any
  6. later version.
  7. This program is distributed in the hope that it will be useful,
  8. but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10. See the GNU General Public License for more details.
  11. You should have received a copy of the GNU General Public License
  12. along with this program. If not, see <http://www.gnu.org/licenses/>
  13. *******************************************************************/
  14. /*
  15. ############################################################
  16. # Projet Kouglof 2 de l'Ecole du Logiciel Libre d'Ivry : #
  17. ############################################################
  18. octave.c : outil pour scanner l'interface reseau afin d'analyser les sites
  19. auxquels les applications veulent se connecter.
  20. A utiliser avec le fichier auth1.txt pour stopper les connexions non voulues
  21. Tous les details sur le site :
  22. https://e2li.org -> menu : Projet Prosecco.
  23. */
  24. #include <stdio.h>
  25. #include <stdlib.h>
  26. #include <sys/types.h>
  27. #include <unistd.h>
  28. #include <signal.h>
  29. #include <fcntl.h>
  30. #include <readline/readline.h>
  31. #include <readline/history.h>
  32. #include <sys/wait.h>
  33. #include <string.h>
  34. #include <syslog.h>
  35. #include <time.h>
  36. #include <arpa/inet.h>
  37. #include <pthread.h>
  38. #define Version "1.02"
  39. #define F_GETPIPE_SZ 1032
  40. #define F_SETPIPE_SZ 1031
  41. static int RUN=1, REQ=0, ENDT=0, REINI=0, REPR=0, JCTL=0, LogC=0, WH=1, p1[2],Trace=0;
  42. static pid_t pid;
  43. static char * NPROG, *IFACE=NULL;
  44. #define DELAYR 20 /* delai avant relance auto */
  45. void interup (int S)
  46. {
  47. switch(S) {
  48. case SIGINT:
  49. write(p1[1],"\n",1);
  50. REQ=1; return;
  51. break;
  52. case SIGCHLD:
  53. if (waitpid(pid,NULL,WNOHANG) == pid) {
  54. ENDT=1;
  55. write(p1[1],"\n",1);
  56. }
  57. break;
  58. case SIGHUP:
  59. case SIGILL:
  60. case SIGSEGV:
  61. ENDT=S+1;
  62. write(p1[1],"\n",1);
  63. break;
  64. default:
  65. fprintf(stderr,"Reçu signal %d !!??\n",S);
  66. }
  67. }
  68. /* ### les niveaux de trace */
  69. #define TMIN 0
  70. #define TMAX 3
  71. #define T1 Trace > 0
  72. #define T2 Trace > 1
  73. #define T3 Trace > 2
  74. /* #### les fonctions adresses IPv4 */
  75. int isIPv4(char *a)
  76. {
  77. struct in_addr S;
  78. int r;
  79. if ((r = inet_pton(AF_INET,a, (void *)&S)) <= 0) return 0;
  80. return 1;
  81. }
  82. int isIPv6(char *a)
  83. {
  84. struct in6_addr S;
  85. int r;
  86. if ((r = inet_pton(AF_INET6,a, (void *)&S)) <= 0) return 0;
  87. return 1;
  88. }
  89. int isCidr(char*r)
  90. {
  91. char buf[20], *sn;
  92. int n;
  93. if (strlen(r)>18) return 0;
  94. strcpy(buf,r);
  95. if ((sn=strstr(buf,"/")) == NULL) return 0;
  96. *sn = '\0';
  97. if (!isIPv4(buf)) return 0;
  98. n = atoi(sn+1);
  99. if (n>32) return 0;
  100. return n;
  101. }
  102. int isCidr6(char*r)
  103. {
  104. char buf[52], *sn;
  105. int n;
  106. if (strlen(r)>50) return 0;
  107. strcpy(buf,r);
  108. if ((sn=strstr(buf,"/")) == NULL) return 0;
  109. *sn = '\0';
  110. if (!isIPv6(buf)) return 0;
  111. n = atoi(sn+1);
  112. if (n>128) return 0;
  113. return n;
  114. }
  115. uint64_t NbAddCidrs = 0;
  116. int isSousRes(char*r, char *a)
  117. {
  118. struct in_addr Sa, Sr, Sm;
  119. int n, m1,m2,m3,m4, m;
  120. char buf[20],smasq[16],*sn;
  121. if (!isCidr(r)) return 0;
  122. if (!isIPv4(a)) return 0;
  123. strcpy(buf,r);
  124. if ((sn=strstr(buf,"/")) == NULL) return 0;
  125. *sn = '\0';
  126. n = atoi(sn+1);
  127. /* calcul du masq */
  128. m=n;
  129. if (m>7) { m1=255; m-=8;
  130. } else { m1=0;
  131. while (m>=0) m1 |= 0x80 >> --m;
  132. }
  133. if (m>7) { m2=255; m-=8;
  134. } else { m2=0;
  135. while (m>=0) m2 |= 0x80 >> --m;
  136. }
  137. if (m>7) { m3=255; m-=8;
  138. } else { m3=0;
  139. while (m>=0) m3 |= 0x80 >> --m;
  140. }
  141. if (m>7) { m4=255; m-=8;
  142. } else { m4=0;
  143. while (m>=0) m4 |= 0x80 >> --m;
  144. }
  145. sprintf(smasq,"%d.%d.%d.%d",m1,m2,m3,m4);
  146. inet_pton(AF_INET,smasq, (void *)&Sm);
  147. inet_pton(AF_INET,a, (void *)&Sa);
  148. inet_pton(AF_INET,buf, (void *)&Sr);
  149. if ((Sr.s_addr & Sm.s_addr) == (Sa.s_addr & Sm.s_addr)) return 1;
  150. return 0;
  151. }
  152. /* #### gestion dynamique des CIDR */
  153. #define NBC 100 /* nb de CIDR */
  154. char* Tcidr[NBC];
  155. int iC=0;
  156. int bloqueIP(char*);
  157. int addCidr(char * c)
  158. {
  159. int i=iC;
  160. if (i==NBC) return i;
  161. Tcidr[i] = (char*)malloc(strlen(c)+1);
  162. strcpy(Tcidr[i],c);
  163. iC++;
  164. bloqueIP(c);
  165. return i;
  166. }
  167. void delCidr(char * c)
  168. {
  169. int i;
  170. for (i=0; i<iC; i++)
  171. if (strcmp(c,Tcidr[i]) == 0) {
  172. iC--;
  173. if (iC == i) return;
  174. if (iC > 0) Tcidr[i] = Tcidr[iC];
  175. return;
  176. }
  177. }
  178. int isAddrInCidr(char * a, int M)
  179. {
  180. int i;
  181. for(i=0;i<iC;i++) {
  182. if (isSousRes(Tcidr[i],a)) {
  183. if (M) syslog(LOG_INFO,"CIDR %s contient %s !",Tcidr[i],a);
  184. return 1;
  185. }
  186. }
  187. return 0;
  188. }
  189. void validCidr(void)
  190. {
  191. int i,j;
  192. char a[20],*p, *g, *w;
  193. for(i=0;i<iC;i++)
  194. for (j=i+1;j<iC;j++) {
  195. if (isCidr(Tcidr[i]) < isCidr(Tcidr[j])) {
  196. p=Tcidr[i]; g=Tcidr[j];
  197. } else {
  198. p=Tcidr[j]; g=Tcidr[i];
  199. }
  200. strcpy(a,g);
  201. w = strstr(a,"/");
  202. *w = '\0';
  203. w++;
  204. if (isSousRes(p,a)) {
  205. if (T1) printf("T1: %s contient %s (%s)\n",p,a,w);
  206. delCidr(g);
  207. }
  208. }
  209. }
  210. void listCidr(void)
  211. {
  212. int i;
  213. printf("CIDR : %d elts representent %lld adresses.\n",iC,(long long)NbAddCidrs);
  214. for (i=0; i<iC; i++) printf("\t%s\n", Tcidr[i]);
  215. }
  216. /* ### gestion des listes */
  217. #define NBAll 500
  218. #define NBDen 300
  219. char * Allow[NBAll];
  220. char * Deny[NBDen];
  221. int iAll=0, iDen=0;
  222. int isDeny(char*u)
  223. {
  224. char *su;
  225. int i, tu, t;
  226. for (i=0;i<iDen;i++) {
  227. tu = strlen(u);
  228. t = strlen(Deny[i]);
  229. if (tu < t) continue;
  230. su = u + tu - t;;
  231. if (strcmp(su,Deny[i]) == 0) {
  232. if (su==u) return 1;
  233. if (*(su-1)=='.') return 1;
  234. }
  235. }
  236. for (i=0;i<iAll;i++) {
  237. tu = strlen(u);
  238. t = strlen(Allow[i]);
  239. if (tu < t) continue;
  240. su = u + tu - t;
  241. if (strcmp(su,Allow[i]) == 0) {
  242. if (*(Allow[i]) == '.') return 0;
  243. if (su==u) return 0;
  244. if (*(su-1)=='.') return 0;
  245. }
  246. }
  247. return 1; /* deny par defaut */
  248. }
  249. void listeAllow(void)
  250. {
  251. int i;
  252. printf("Allow : %d\n",iAll);
  253. for (i=0;i<iAll;i++) printf("\t%s\n",Allow[i]);
  254. }
  255. void listeDeny(void)
  256. {
  257. int i;
  258. printf("Deny : %d\n",iDen);
  259. for (i=0;i<iDen;i++) printf("\t%s\n",Deny[i]);
  260. }
  261. void dejaLa(char * e)
  262. {
  263. printf("%s est deja dans la liste !\n",e);
  264. }
  265. int dejaAllow(char *e)
  266. {
  267. int i;
  268. for (i=0;i<iAll;i++) {
  269. if (strlen(e) != strlen(Allow[i])) continue;
  270. if (strcmp(e,Allow[i])==0) {
  271. dejaLa(e); return 1;
  272. }
  273. }
  274. return 0;
  275. }
  276. int dejaDeny(char *e)
  277. {
  278. int i;
  279. for (i=0;i<iDen;i++) {
  280. if (strlen(e) != strlen(Deny[i])) continue;
  281. if (strcmp(e,Deny[i])==0) {
  282. dejaLa(e); return 1;
  283. }
  284. }
  285. return 0;
  286. }
  287. void recaplistes(void)
  288. {
  289. listeDeny();
  290. listeAllow();
  291. }
  292. int litligne(char * line)
  293. {
  294. char *w, **S;
  295. void * M;
  296. int t,v;
  297. if (*line == '#') return 1;
  298. if ((w=strstr(line, "\n")) != NULL) *w = '\0';
  299. w=line;
  300. if (*w == '-') w++;
  301. t=strlen(w);
  302. if (t==0) return 1;
  303. if ((v=isCidr(w)) > 0) { /* test si CIDR */
  304. addCidr(w);
  305. NbAddCidrs += (int)(1<<v);
  306. return 1;
  307. }
  308. if ((v=isCidr6(w)) > 0) { /* test si CIDR6 */
  309. printf("%s : CIDR IPv6 non pris en compte pour l'instant !\n",w);
  310. return 1;
  311. }
  312. if (*line == '-') {
  313. if (iDen == NBDen) return 0;
  314. if (dejaDeny(w)) return 0;
  315. S = &Deny[iDen];
  316. iDen++;
  317. } else {
  318. if (iAll == NBAll) return 0;
  319. if (dejaAllow(w)) return 0;
  320. S = &Allow[iAll];
  321. iAll++;
  322. }
  323. if ((M = malloc(t+1)) == NULL) {
  324. perror("malloc"); return 0;
  325. }
  326. *S=(char*)M;
  327. strcpy(*S,w);
  328. return 1;
  329. }
  330. void lectliste(char *f)
  331. {
  332. FILE * fd;
  333. char *line = NULL;
  334. size_t ll = 0;
  335. int n;
  336. if ((fd = fopen(f,"r")) == NULL) {
  337. perror(f); return;
  338. }
  339. while ((n = getline(&line, &ll, fd)) > 0) {
  340. if (!litligne(line)) {
  341. if (T1) printf("T1: Erreur param. = %s\n",line);
  342. }
  343. }
  344. free(line);
  345. fclose(fd);
  346. validCidr();
  347. if (T1) listCidr();
  348. }
  349. /* ### gestion dynamique des elts */
  350. #define NBT 1000 /* nb d'elts */
  351. int Tno[NBT];
  352. int Trv[NBT];
  353. char* Turl[NBT];
  354. int iT=0, NbElt=0, MaxElt=0;
  355. int addElt(int n, char * u)
  356. {
  357. int i=iT;
  358. if (i == NBT) return i;
  359. Tno[i]=n;
  360. Trv[i]=0;
  361. Turl[i] = (char*)malloc(strlen(u)+1);
  362. strcpy(Turl[i],u);
  363. iT++;
  364. NbElt++;
  365. if (NbElt > MaxElt) MaxElt=NbElt;
  366. return i;
  367. }
  368. int isElt(int n)
  369. {
  370. int i;
  371. for (i=0; i<iT; i++) if (n==Tno[i]) return i;
  372. return -1;
  373. }
  374. void delIElt(int i)
  375. {
  376. if (i>=iT) return;
  377. if (T3) printf("T3: Del %d : %s \n",Tno[i],Turl[i]);
  378. iT--;
  379. if (iT == i) return;
  380. if (iT > 0) {
  381. Tno[i] = Tno[iT];
  382. Turl[i] = Turl[iT];
  383. Trv[i] = Trv[iT];
  384. }
  385. return;
  386. }
  387. void delElt(int n)
  388. {
  389. int i;
  390. for (i=0; i<iT; i++)
  391. if (n==Tno[i]) {
  392. delIElt(i);
  393. return;
  394. }
  395. }
  396. int markElt(int i, int v)
  397. {
  398. if (Trv[i] & v) return 0;
  399. Trv[i] |= v;
  400. return 1;
  401. }
  402. void listElt(char c)
  403. {
  404. int i,n=0;
  405. switch (c) {
  406. case '-':
  407. for (i=0; i<iT; i++)
  408. if (Tno[i]<0) { printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  409. n++;
  410. }
  411. break;
  412. case '+':
  413. for (i=0; i<iT; i++)
  414. if (Tno[i]>0) { printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  415. n++;
  416. }
  417. break;
  418. default:
  419. for (i=0; i<iT; i++) {
  420. printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  421. n++;
  422. }
  423. break;
  424. }
  425. printf(" %d elements trouves.\n",n);
  426. }
  427. #define EX_NOOUT 1
  428. #define EX_NOERR 2
  429. #define EX_SILENT EX_NOOUT|EX_NOERR
  430. int comsh(char *com,int mode)
  431. {
  432. pid_t pid;
  433. int ret;
  434. if ((pid = fork()) < 0) {
  435. perror("fork2"); return 99;
  436. }
  437. if (T3) printf("$ %s\n",com);
  438. if (pid == 0) {
  439. if (mode & EX_NOOUT) close(1);
  440. if (mode & EX_NOERR) close(2);
  441. signal(SIGINT,SIG_IGN);
  442. execl("/bin/sh", "sh", "-c", com, (char *) 0);
  443. perror("execl2"); return 98;
  444. }
  445. waitpid(pid,&ret,0);
  446. return WEXITSTATUS(ret);
  447. }
  448. int exeCom(char * comm) /* on se reserve le droit de modifier */
  449. {
  450. char b[120];
  451. sprintf(b,"%s >/dev/null 2>&1",comm);
  452. return comsh(b,EX_SILENT);
  453. }
  454. /* ### fct de MAJ iptables */
  455. static char * IPT = "iptables";
  456. static char * IP6T = "ip6tables";
  457. static char * MYCH = "valide4";
  458. static char * OUTP = "OUTPUT";
  459. static char * MNO = "REJECT";
  460. static char * MOK = "ACCEPT";
  461. int initIPT(void)
  462. {
  463. int i=0;
  464. char b[90];
  465. if (REPR) return 0;
  466. sprintf(b,"%s -F",IPT);
  467. i += exeCom(b);
  468. sprintf(b,"%s -F",IP6T);
  469. i += exeCom(b);
  470. sprintf(b,"%s -L %s -n",IPT,MYCH);
  471. if (exeCom(b)) {
  472. sprintf(b,"%s -N %s",IPT,MYCH);
  473. i += exeCom(b);
  474. }
  475. sprintf(b,"%s -A %s -j %s",IPT,OUTP,MYCH);
  476. i += exeCom(b);
  477. return i;
  478. }
  479. int isPresentIP(char * comm, char * ip, char * chain)
  480. {
  481. char buf[100];
  482. sprintf(buf,"%s -L %s -n|grep %s",comm,chain,ip);
  483. if (exeCom(buf) == 0) return 1;
  484. return 0;
  485. }
  486. int retireChain(char * comm, char * ip, char * chain, char * jump)
  487. {
  488. char buf[100];
  489. sprintf(buf,"%s -D %s -d %s -j %s",comm,chain, ip, jump);
  490. return exeCom(buf);
  491. }
  492. int ajouteChain(char * comm, char * ip, char * chain, char * jump)
  493. {
  494. char buf[100];
  495. sprintf(buf,"%s -A %s -d %s -j %s",comm,chain, ip, jump);
  496. return exeCom(buf);
  497. }
  498. int bloqueIP(char* ip)
  499. {
  500. if (isAddrInCidr(ip,0)) return 0;
  501. if (isPresentIP(IPT,ip,OUTP)) return 0;
  502. return ajouteChain(IPT,ip,OUTP,MNO);
  503. }
  504. int debloqueIP(char* ip, char * url)
  505. {
  506. if (url != NULL) syslog(LOG_INFO,"%s=%s ACCEPT",url,ip);
  507. return ajouteChain(IPT,ip,MYCH,MOK);
  508. }
  509. int rebloqueIP(char* ip)
  510. {
  511. return retireChain(IPT,ip,MYCH,MOK);
  512. }
  513. void dropIP(char * l)
  514. {
  515. char *s,*d=l;
  516. while ((s=strstr(d, "A ")) != NULL) {
  517. s+=2;
  518. if ((d=strstr(s+2, ",")) == NULL) break;
  519. *d = '\0';
  520. d++;
  521. bloqueIP(s);
  522. }
  523. bloqueIP(s);
  524. }
  525. int verifIPOk(char * l, char * url)
  526. {
  527. char *s,*d=l;
  528. while ((s=strstr(d, "A ")) != NULL) {
  529. s+=2;
  530. if ((d=strstr(s+2, ",")) == NULL) break;
  531. *d = '\0';
  532. d++;
  533. if (isPresentIP(IPT,s,MYCH)) continue;
  534. if (isAddrInCidr(s,1)) debloqueIP(s,url);
  535. }
  536. if (isPresentIP(IPT,s,MYCH)) return 1;
  537. if (isAddrInCidr(s,1)) return(debloqueIP(s,url));
  538. return 1;
  539. }
  540. int dropIP6(char * l)
  541. {
  542. char *s,*d=l;
  543. while ((s=strstr(d, "A ")) != NULL) {
  544. s+=2;
  545. if ((d=strstr(s+2, ",")) == NULL) break;
  546. *d = '\0';
  547. d++;
  548. if (isPresentIP(IP6T,s,OUTP)) continue;
  549. ajouteChain(IP6T,s,OUTP,MNO);
  550. }
  551. if (isPresentIP(IP6T,s,OUTP)) return 1;
  552. ajouteChain(IP6T,s,OUTP,MNO);
  553. return 1;
  554. }
  555. /* tache de commande et periodiques */
  556. #define t0 (time_t)0
  557. time_t tim1=t0;
  558. void tachePer1(void) /* vide les elts toutes les 30 secondes */
  559. {
  560. static time_t tim0=t0, tw;
  561. int i, v;
  562. tw = time(NULL);
  563. if ((tw - tim0) < 30) {
  564. if (T3) printf ("T3: tache1 passe %s",ctime(&tw));
  565. return;
  566. }
  567. if (T3) printf ("T3: tache1 exec %s",ctime(&tw));
  568. tim1 = time(NULL);
  569. v = (tim1 - tim0) / 30;
  570. if (tim0 != t0) {
  571. for (i=iT-1; i>=0; i--) {
  572. if ((Trv[i]&0x6) == 6) delIElt(i); // IPv4 + IPV6
  573. else { Trv[i] += 8*v;
  574. if (Trv[i] > 80) delIElt(i); // On laisse 5 min.
  575. }
  576. }
  577. }
  578. tim0 = time(NULL);
  579. return;
  580. }
  581. void ajoutParam(char * ficp, char * param)
  582. {
  583. FILE * fw;
  584. fw = fopen(ficp,"a");
  585. fwrite(param,strlen(param),1,fw);
  586. fwrite("\n",1,1,fw);
  587. fclose(fw);
  588. }
  589. static int NBin=0, NBout=0;
  590. void prInOut(void)
  591. {
  592. printf(" %d messages DNS: %d requetes, %d reponses.\n",NBout+NBin,NBout,NBin);
  593. }
  594. int printQ(char * q)
  595. {
  596. char *rep=NULL;
  597. size_t lr = 0;
  598. int n;
  599. while (1) {
  600. printf("Voulez-vous %s ?\n Taper O/o pour OUI, autre touche = NON :\n",q);
  601. if ((n = getline(&rep, &lr, stdin)) != 2) continue;
  602. if (*rep == 'O') return 1;
  603. if (*rep == 'o') return 1;
  604. return 0;
  605. }
  606. }
  607. void pr_encours(void)
  608. {
  609. printf(" ...\r"); fflush(stdout);
  610. }
  611. #define SUNIC "|sort|uniq"
  612. #define JCTLSYS "journalctl --system"
  613. #define JCTLSYSG JCTLSYS"|grep "
  614. #define CHLOG "/var/log/user.log"
  615. #define CHLOGREP "/var/log/user.log|grep "
  616. #define CUT6 "|cut -d' ' -f6"
  617. #define CUTM45 "|cut -d' ' -f1-3,6-"
  618. #define CUT7S "|cut -d' ' -f7-"
  619. #define NOTF "non trouve !!??"
  620. #define ENOVAL "Element non valable !"
  621. #define FHISTO ".octave_history"
  622. #define AWK5 "|awk '{ print $5}'"
  623. #define AWK4 "|awk '{ print $4}'"
  624. #define DREJ "^REJECT "
  625. #define DACC "^ACCEPT "
  626. void * fct_com(void * p)
  627. {
  628. int REQ=1;
  629. char *cmd = NULL, *fauth, pr[30], com[200];
  630. int n2;
  631. pid_t pid;
  632. fauth = (char*)p;
  633. pid = getpid();
  634. read_history(FHISTO);
  635. while (REQ) {
  636. if (kill(pid,SIGUSR1) < 0) { /* verif processus acquisition */
  637. ENDT=1;
  638. write(p1[1],"\n",1);
  639. break;
  640. }
  641. free(cmd);
  642. sprintf(pr,"\e[01;34m%s-> \e[00m",NPROG);
  643. cmd = readline(pr);
  644. if ((n2 = strlen(cmd)) > 0) {
  645. write(p1[1],"\n",1);
  646. add_history(cmd);
  647. switch (*cmd) {
  648. case '+' :
  649. if (*(cmd+1) != '\0') {
  650. if (litligne(cmd+1)) { /* ajout au fichier fauth */
  651. if (debloqueIP(cmd+1,NULL)) printf("%s\n",ENOVAL);
  652. else {
  653. if (printQ("ajouter au fichier parametres"))
  654. ajoutParam(fauth,cmd+1);
  655. listeAllow();
  656. }
  657. } else printf("Erreur ajout param. !\n");
  658. } else listeAllow();
  659. break;
  660. case '-' :
  661. if (*(cmd+1) != '\0') {
  662. if (litligne(cmd)) { /* ajout au fichier fauth */
  663. if (rebloqueIP(cmd+1)) printf("%s\n",ENOVAL);
  664. else {
  665. if (printQ("ajouter au fichier parametres"))
  666. ajoutParam(fauth,cmd);
  667. listeDeny();
  668. }
  669. } else printf("Erreur ajout param. !\n");
  670. } else listeDeny();
  671. break;
  672. case 'l' :
  673. listElt(cmd[1]);
  674. printf(" %s Utilise %d elts/%d : %.2f%% (Max. %d)!\n",ctime(&tim1),iT,
  675. NBT, (float)(iT*100)/(float)NBT, MaxElt);
  676. prInOut();
  677. break;
  678. case 't' :
  679. if (*(cmd+1) != '\0') {
  680. if ((cmd[1] == '+') || (cmd[1] == '-')) {
  681. if ((cmd[1] == '+') && (Trace < TMAX)) Trace++;
  682. else {
  683. if ((cmd[1] == '-') && (Trace > TMIN)) Trace--;
  684. else printf("Erreur: niveau dans [%d, %d].\n",TMIN,TMAX);
  685. }
  686. } else printf("Erreur: Utiliser t+ ou t- !\n");
  687. }
  688. printf(" Trace niveau %d\n",Trace);
  689. break;
  690. case 'a' :
  691. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  692. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
  693. ".* ok", CUT6,SUNIC);
  694. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
  695. ".* ok", CHLOG,CUT6,SUNIC);
  696. comsh(com,0);
  697. break;
  698. case 'i' :
  699. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  700. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
  701. ".* DENY", CUT6,SUNIC);
  702. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
  703. ".* DENY", CHLOG,CUT6,SUNIC);
  704. comsh(com,0);
  705. break;
  706. case 'e' :
  707. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  708. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
  709. ".* ACCEPT", CUT6,SUNIC);
  710. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
  711. ".* ACCEPT", CHLOG,CUT6,SUNIC);
  712. comsh(com,0);
  713. break;
  714. case 'E' :
  715. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  716. if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s",JCTLSYSG,NPROG,pid,
  717. ".*ERR: ", CUTM45);
  718. else sprintf(com,"grep '%s\\[%d\\]%s' %s%s",NPROG,pid,
  719. ".*ERR: ", CHLOG,CUTM45);
  720. comsh(com,0);
  721. break;
  722. case 'L' :
  723. if (*(cmd+1) == '\0') {
  724. if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG,
  725. pid, "-v 'Re[pq]. '",CUTM45);
  726. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
  727. CHLOGREP,"-v 'Re[pq]. '",CUTM45);
  728. } else {
  729. if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s|grep '%s'",JCTLSYSG
  730. ,NPROG,pid,"-v 'Re[pq]. '",CUTM45,cmd+1);
  731. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s|grep '%s'",NPROG,pid,
  732. CHLOGREP,"-v 'Re[pq]. '",CUTM45,cmd+1);
  733. }
  734. comsh(com,0);
  735. break;
  736. case 'T' :
  737. if (*(cmd+1) != '\0') { /* avec parametre */
  738. if ((*(cmd+1) == '+') && (*(cmd+2) != '\0')) { /* script + param */
  739. sprintf(com,"./t1.sh %d %s >.Trav%d",pid,cmd+2,pid);
  740. comsh(com,0);
  741. sprintf(com,"cat .Trav%d",pid);
  742. } else {
  743. if (JCTL)
  744. sprintf(com,"%s'%s\\[%d\\].*%s'|grep%s%s",JCTLSYSG,NPROG,pid,
  745. cmd+1," 'Re[pq]. '",CUTM45);
  746. else
  747. sprintf(com,"grep '%s\\[%d\\].*%s' %s%s%s",NPROG,pid,cmd+1,
  748. CHLOGREP," 'Re[pq]. '",CUTM45);
  749. }
  750. } else {
  751. if (JCTL)sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG,pid,
  752. " 'Re[pq]. '",CUTM45);
  753. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
  754. CHLOGREP," 'Re[pq]. '",CUTM45);
  755. }
  756. comsh(com,0);
  757. prInOut();
  758. break;
  759. case '>' :
  760. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  761. if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid,
  762. " Req. '",CUT7S,SUNIC);
  763. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
  764. CHLOGREP," 'Req. '",CUT7S,SUNIC);
  765. comsh(com,0);
  766. prInOut();
  767. break;
  768. case '<' :
  769. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  770. if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid,
  771. " Rep. '",CUT7S,SUNIC);
  772. else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
  773. CHLOGREP," 'Rep. '",CUT7S,SUNIC);
  774. comsh(com,0);
  775. prInOut();
  776. break;
  777. case 'r' :
  778. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  779. sprintf(com,"%s -L %s|grep %s%s%s",IPT,OUTP,DREJ,AWK5,SUNIC);
  780. pr_encours();
  781. comsh(com,EX_NOERR);
  782. break;
  783. case 'R' :
  784. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  785. sprintf(com,"%s -L|grep %s%s%s",IP6T,DREJ,AWK4,SUNIC);
  786. pr_encours();
  787. comsh(com,EX_NOERR);
  788. break;
  789. case 'N' :
  790. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  791. if (printQ("Re-initialiser")) {
  792. RUN = 0;
  793. REINI = 1;
  794. write(p1[1],"\n",1);
  795. }
  796. break;
  797. case 'S' :
  798. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  799. RUN = 0;
  800. REQ = 0;
  801. write(p1[1],"\n",1);
  802. break;
  803. case 'v' :
  804. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  805. sprintf(com,"%s -L %s|grep %s%s%s",IPT,MYCH,DACC,AWK5,SUNIC);
  806. pr_encours();
  807. comsh(com,EX_NOERR);
  808. break;
  809. case ' ' :
  810. if (*(cmd+1) != '\0') comsh(cmd+1,0);
  811. break;
  812. case '?' :
  813. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  814. printf("Version %s\n",Version);
  815. prInOut();
  816. default :
  817. printf("?\t\t: Version et menu.\n");
  818. printf("+url\t\t: Allow (autoriser une Url)\n");
  819. printf("-url\t\t: Deny (interdire une Url)\n");
  820. printf("a\t\t: Autorisations suivant analyse\n");
  821. printf("i\t\t: Interdictions suivant analyse\n");
  822. printf("e\t\t: Exceptions suivant analyse\n");
  823. printf("E\t\t: Liste des erreurs\n");
  824. printf("l[+|-]\t\t: Liste des elements dynamiques\n");
  825. printf("L[filtre]\t: Logs du systeme avec filtre de type regex\n");
  826. printf("r\t\t: Rejets actifs IPv4 (dure plusieurs sec.)\n");
  827. printf("R\t\t: Rejets actifs IPv6 (dure plusieurs sec.)\n");
  828. printf("v\t\t: Validations actives IPv4 (dure plusieurs sec.)\n");
  829. printf("t+|-\t\t: Niveau de trace : 0 (off) => 3\n");
  830. if (LogC) {
  831. printf("T[+][mot]\t: Traces des demandes/reponses contenant mot.\n\t\t Avec + fait les liaisons entre requetes et reponses.\n");
  832. printf(">\t\t: Traces des demandes triees\n");
  833. printf("<\t\t: Traces des reponses triees\n");
  834. }
  835. printf("N\t\t: Nouvelle initialisation\n");
  836. printf("S\t\t: Stopper\n");
  837. break;
  838. }
  839. }
  840. }
  841. WH=write_history(FHISTO);
  842. free(cmd);
  843. sprintf(com,"rm -f .Trav%d",pid);
  844. comsh(com,0);
  845. /* fin dialogue */
  846. pthread_exit(NULL);
  847. }
  848. void getIface(void)
  849. {
  850. FILE * fd;
  851. char *line = NULL, *s, *w;
  852. size_t ll = 0;
  853. int n;
  854. if ((fd = fopen("/proc/net/route","r")) == NULL) {
  855. perror("route"); return;
  856. }
  857. while ((n = getline(&line, &ll, fd)) > 0) {
  858. if ((s=strstr(line,"00000000"))==NULL) continue;
  859. w=line;
  860. while ((*w != ' ') && (*w != '\t')) w++;
  861. *w = '\0';
  862. w++;
  863. while ((*w == ' ') || (*w == '\t')) w++;
  864. if (s==w) { /* ok */
  865. IFACE = (char*)malloc(strlen(line)+1);
  866. strcpy(IFACE,line);
  867. break;
  868. }
  869. }
  870. free(line);
  871. fclose(fd);
  872. }
  873. #define Vie (ie >= 0)
  874. int main(int N, char * P[])
  875. {
  876. pthread_t thid;
  877. FILE * fp;
  878. char *analyse="tcpdump", *line = NULL, *cmd = NULL, *s1, *s2, *refU;
  879. char *fauth = "auth1.txt", *strR = "-R", *Pars, strPID[8], **NP;
  880. size_t ll = 0, lc = 0;
  881. ssize_t n,n2;
  882. int Inter=0, i, ie, np=0, opt;
  883. if ((NPROG = strrchr(P[0],(int)'/')) == NULL) NPROG=P[0];
  884. else NPROG++;
  885. sprintf(strPID,"%d",getpid());
  886. /* verif. options */
  887. while ((opt = getopt(N, P, "ilp:R:t")) != -1) {
  888. switch (opt) {
  889. case 'i':
  890. Inter = 1;
  891. break;
  892. case 'l':
  893. LogC = 1;
  894. break;
  895. case 't':
  896. Trace = TMIN+1;
  897. break;
  898. case 'p':
  899. fauth = optarg;
  900. break;
  901. case 'R':
  902. REPR=1;
  903. np = atoi(optarg);
  904. break;
  905. default: /* '?' */
  906. fprintf(stderr, "Utilisation: %s [options]\nAvec les options :\n", NPROG);
  907. fprintf(stderr, "\t-i : mode interactif,\n");
  908. fprintf(stderr, "\t-l : log des requetes,\n");
  909. fprintf(stderr, "\t-p fichier : nom du fichier parametres (%s par defaut),\n",fauth);
  910. fprintf(stderr, "\t-t : avec trace.\n");
  911. return 1;
  912. }
  913. }
  914. if ((REPR) && (np != getpid())) {
  915. fprintf(stderr,"Erreur reprise %d\n", np);
  916. return 1;
  917. }
  918. if (optind < N) {
  919. fprintf(stderr,"Parametre inconnu : %s\n", P[optind]);
  920. return 1;
  921. }
  922. getIface();
  923. if (REPR) {
  924. while (IFACE==NULL) { sleep(1); getIface(); }
  925. } else {
  926. if (IFACE == NULL) {
  927. fprintf(stderr,"Interface reseau absente !\n");
  928. return 9;
  929. }
  930. }
  931. printf("%s %s sur %s\n", NPROG, Version, IFACE);
  932. /* verif privilege root */
  933. if ((getuid() > 0) && (geteuid() > 0)) {
  934. fprintf(stderr,"A executer sous root !\n");
  935. return 2;
  936. }
  937. if (comsh(JCTLSYS,EX_SILENT) == 0) JCTL=1;
  938. if (T1) printf("T1: Fichier parametres = %s\n",fauth);
  939. signal(SIGUSR1,SIG_IGN);
  940. if (pipe(p1) < 0) {
  941. perror("pipe"); return 3;
  942. }
  943. openlog(NULL,LOG_PID,0);
  944. /* on lance le fils : */
  945. if ((pid = fork()) < 0) {
  946. perror("fork"); return 4;
  947. }
  948. if (pid == 0) {
  949. signal(SIGINT,SIG_IGN);
  950. close(0);
  951. close(p1[0]);
  952. dup2(p1[1],1); /* stdout dans p1 */
  953. dup2(p1[1],2); /* idem stderr */
  954. setsid();
  955. execlp(analyse,analyse,"-tn","-i",IFACE,"port","53",NULL);
  956. perror("execl");
  957. return 5;
  958. }
  959. if (Inter) signal(SIGINT,SIG_IGN);
  960. else signal(SIGINT,interup);
  961. if ((np=initIPT())!=0) {
  962. if (T1) printf("Erreur initIPT %d !!??\n",np);
  963. syslog(LOG_WARNING, "ERR: Erreur initIPT %d !!??\n",np);
  964. }
  965. /* lecture des listes */
  966. lectliste(fauth);
  967. if (T1) recaplistes();
  968. sleep(1); /* attend le fils en place */
  969. if (kill(pid,SIGUSR1) < 0) return 6;
  970. signal(SIGCHLD,interup);
  971. signal(SIGHUP,interup);
  972. signal(SIGILL,interup);
  973. signal(SIGSEGV,interup);
  974. /*
  975. fcntl(p1[0], F_SETFL, O_NONBLOCK);
  976. flag0 = fcntl(0, F_GETFL, O_NONBLOCK);
  977. fcntl(0, F_SETFL, O_NONBLOCK);
  978. */
  979. /* on analyse la sortie de p1 */
  980. if ((fp = fdopen(p1[0],"r")) == NULL) {
  981. perror("fdopen"); return 7;
  982. }
  983. fcntl(p1[0], F_SETPIPE_SZ,1048576);
  984. if (T1) printf("Depart %s %s PIDF:%d !\n",NPROG, strPID,pid);
  985. if (T1) printf("Capacite pipe : %ld bytes\n", (long)fcntl(p1[0], F_GETPIPE_SZ));
  986. np=0;
  987. /* lancement du thread */
  988. if (Inter) {
  989. if (pthread_create(&thid,NULL,fct_com,(void*)fauth) != 0) {
  990. fprintf(stderr,"Erreur pthread_create !\n"); return 9;
  991. }
  992. }
  993. while (RUN) {
  994. tachePer1();
  995. if ((n = getline(&line, &ll, fp)) > 0) {
  996. if (ENDT) {
  997. if (ENDT==1) printf("Erreur : plus de tache d'analyse !\n");
  998. break;
  999. }
  1000. if (RUN == 0) break;
  1001. if ((n==1) && (*line=='\n')) continue;
  1002. if (np==0) { np++;
  1003. if (REPR) syslog(LOG_INFO,"Reprise de l'analyse !");
  1004. else syslog(LOG_INFO,"Debut de l'analyse !");
  1005. }
  1006. /* analyse */
  1007. if ((s1=strstr(line, " > ")) == NULL) continue;
  1008. if (strncmp(s1-3,".53",3) == 0) { /* REPONSE */
  1009. if ((s2=strstr(s1+3, ":")) == NULL) continue;
  1010. NBin++;
  1011. *s2 = '\0';
  1012. s1 = s2 -1;
  1013. while (*s1 != '.') s1--;
  1014. np = atoi(s1+1);
  1015. if ((ie = isElt(np)) == -1) { /* Elt OK ou ABSENT ! */
  1016. ie = isElt(-np);
  1017. s1 = s2+1;
  1018. if ((s2=strstr(s1, " A ")) != NULL) { /* IPv4 */
  1019. s2++;
  1020. s1 = strrchr(s2,(int)' ');
  1021. *s1 = '\0';
  1022. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1023. if Vie {
  1024. markElt(ie,4); refU = Turl[ie];
  1025. } else {
  1026. if (T1) printf("Elt %d %s\n",np,NOTF);
  1027. syslog(LOG_WARNING,"ERR: Elt %d %s\n",np,NOTF);
  1028. continue;
  1029. }
  1030. if (!verifIPOk(s2, refU))
  1031. if Vie syslog(LOG_INFO,"Deblocage IP4 %s",refU);
  1032. } else {
  1033. if ((s2=strstr(s1, " AAAA ")) != NULL) { /* IPv6 */
  1034. s2++;
  1035. s1 = strrchr(s2,(int)' ');
  1036. *s1 = '\0';
  1037. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1038. if Vie markElt(ie,2);
  1039. dropIP6(s2);
  1040. } else {
  1041. if Vie markElt(ie,1);
  1042. }
  1043. }
  1044. continue;
  1045. }
  1046. s1 = s2+1;
  1047. if ((s2=strstr(s1, " A ")) == NULL) {
  1048. if ((s2=strstr(s1, " AAAA ")) == NULL) {
  1049. markElt(ie,1);
  1050. } else { /* traitement IPv6 */
  1051. s2++;
  1052. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1053. s1 = strrchr(s2,(int)' ');
  1054. *s1 = '\0';
  1055. if (markElt(ie,2)) dropIP6(s2);
  1056. }
  1057. continue;
  1058. }
  1059. /* IPv4 REJECT */
  1060. s2++;
  1061. s1 = strrchr(s2,(int)' ');
  1062. *s1 = '\0';
  1063. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  1064. syslog(LOG_INFO,"%s DENY",Turl[ie]);
  1065. if (markElt(ie,4)) dropIP(s2);
  1066. } else { /* DEMANDE */
  1067. NBout++;
  1068. *s1 = '\0';
  1069. s2 = s1 +1;
  1070. while (*s1 != '.') s1--;
  1071. np = atoi(s1+1);
  1072. if ((s1=strstr(s2, " A? ")) == NULL) continue;
  1073. s1 += 4;
  1074. s2 = s1 +1;
  1075. while (*s2 != ' ') s2++;
  1076. *(s2-1) = '\0'; /* on supprime le '.' */
  1077. if (LogC) syslog(LOG_INFO,"Req. %d %s",np,s1);
  1078. if (strstr(s1, ".") == NULL) { /* il doit en rester 1 */
  1079. if (T1) printf("Ignore : %d %s !\n",np,s1);
  1080. syslog(LOG_WARNING,"ERR: Ignore %d %s !\n",np,s1);
  1081. continue;
  1082. }
  1083. if (!isDeny(s1)) { // V2 ! On enregistre le OK en NEGATIF
  1084. if (isElt(-np) < 0) {
  1085. addElt(-np,s1);
  1086. syslog(LOG_INFO,"%s ok",s1);
  1087. }
  1088. continue;
  1089. }
  1090. if (isElt(np) < 0) {
  1091. i=addElt(np,s1);
  1092. if (T3) printf("T3: addElt %d %d/%d\n",NbElt,i,NBT);
  1093. }
  1094. }
  1095. }
  1096. if (REQ) {
  1097. printf("Taper votre commande : H pour help !\n");
  1098. if ((n2 = getline(&cmd, &lc, stdin)) > 0) {
  1099. switch (*cmd) {
  1100. case 'C' :
  1101. REQ = 0;
  1102. break;
  1103. case 'L' :
  1104. listElt(cmd[1]);
  1105. printf(" %s Utilise %d elts/%d : %.2f%% (Max. %d)!\n",
  1106. ctime(&tim1),iT,NBT,(float)(iT*100)/(float)NBT,MaxElt);
  1107. break;
  1108. case 'S' :
  1109. RUN = 0;
  1110. REQ = 0;
  1111. break;
  1112. default :
  1113. printf("C\t: continuer\n");
  1114. printf("L\t: liste des elts\n");
  1115. printf("S\t: stopper\n");
  1116. break;
  1117. }
  1118. }
  1119. }
  1120. }
  1121. if (REINI==0) {
  1122. if (ENDT==1) syslog(LOG_INFO,"Fin de l'analyse !");
  1123. else syslog(LOG_WARNING,"Reçu signal %d !",ENDT-1);
  1124. }
  1125. free(line);
  1126. free(cmd);
  1127. kill(pid,SIGTERM);
  1128. close(p1[0]);
  1129. close(p1[1]);
  1130. closelog();
  1131. if (ENDT|REINI) { /* relance auto */
  1132. if (T1) printf("Relance auto %s dans %d sec. ...\n",strPID, DELAYR);
  1133. sleep(DELAYR); /* attend N s */
  1134. NP = (char**)malloc((sizeof(Pars))*(N+3));
  1135. ie=0;
  1136. for (i=0;i<N;i++) { NP[i] = P[i]; if (strcmp(P[i],strR) == 0) ie=1; }
  1137. if (ie == 0) {
  1138. NP[i++]=strR;
  1139. NP[i++]=strPID;
  1140. }
  1141. NP[i]=NULL;
  1142. if (WH) write_history(FHISTO);
  1143. comsh("reset",0);
  1144. execv(P[0],NP);
  1145. perror("execv");
  1146. }
  1147. printf("Fin du programme!\n");
  1148. return 0;
  1149. }