prx
/
iblock
forked from solene/iblock
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

factorize #3:ban + simpler runcmd

This commit is contained in:
prx 2023-09-03 15:33:28 +02:00
parent b452300021
commit 3642040f5c
1 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
main.c
View File

@ -22,13 +22,32 @@
#define MAXSOCK 2 /* ipv4 + ipv6 */ #define MAXSOCK 2 /* ipv4 + ipv6 */
#define BACKLOG 10 #define BACKLOG 10
static void ban(const char *, const char *);
static void *get_in_addr(struct sockaddr *); static void *get_in_addr(struct sockaddr *);
static void runcmd(const char*, const char**); static void runcmd(const char**);
static int setup_server(const char*, int *); static int setup_server(const char*, int *);
static void usage(void); static void usage(void);
static void watch_event(const int, const int *, const char *); static void watch_event(const int, const int *, const char *);
static void
ban(const char *ip, const char *table)
{
const char *bancmd[] = { "/usr/bin/doas", "-n",
"/sbin/pfctl", "-t", table,
"-T", "add", ip,
NULL };
const char *killstatecmd[] = { "/usr/bin/doas", "-n",
"/sbin/pfctl",
"-k", ip,
NULL };
syslog(LOG_DAEMON, "block and kill states for %s", ip);
runcmd(bancmd);
runcmd(killstatecmd);
}
/* return printable ip from sockaddr */ /* return printable ip from sockaddr */
static void static void
*get_in_addr(struct sockaddr *sa) *get_in_addr(struct sockaddr *sa)
@ -41,14 +60,14 @@ static void
/* run cmd in execv() after fork() */ /* run cmd in execv() after fork() */
static void static void
runcmd(const char* cmd, const char** arg_list) runcmd(const char **cmd_arg_list)
{ {
pid_t pid = fork(); pid_t pid = fork();
if (pid == -1) { if (pid == -1) {
syslog(LOG_DAEMON, "fork error"); syslog(LOG_DAEMON, "fork error");
err(1,"fork"); err(1,"fork");
} else if (pid == 0) { /* child */ } else if (pid == 0) { /* child */
execv(cmd, (char **)arg_list); execv(cmd_arg_list[0], (char **)cmd_arg_list);
/* if this is reached, then exec failed */ /* if this is reached, then exec failed */
syslog(LOG_DAEMON, "execv error"); syslog(LOG_DAEMON, "execv error");
err(1,"execv"); err(1,"execv");
@ -141,14 +160,6 @@ watch_event(const int nsock, const int s[], const char *table)
char ip[INET6_ADDRSTRLEN] = {'\0'}; char ip[INET6_ADDRSTRLEN] = {'\0'};
struct kevent ev[MAXSOCK] = {0}; struct kevent ev[MAXSOCK] = {0};
socklen_t sin_size = 0; socklen_t sin_size = 0;
const char *bancmd[] = { "/usr/bin/doas", "-n",
"/sbin/pfctl", "-t", table,
"-T", "add", ip,
NULL };
const char *killstatecmd[] = { "/usr/bin/doas", "-n",
"/sbin/pfctl",
"-k", ip,
NULL };
struct sockaddr_storage client_addr; struct sockaddr_storage client_addr;
@ -191,10 +202,7 @@ watch_event(const int nsock, const int s[], const char *table)
close(new_fd); /* no longer required */ close(new_fd); /* no longer required */
/* ban this ip */ ban(ip, table); /* ban this ip */
syslog(LOG_DAEMON, "block and kill states for %s", ip);
runcmd(bancmd[0], bancmd);
runcmd(killstatecmd[0], killstatecmd);
} }
if (ev[i].filter & EVFILT_SIGNAL) { if (ev[i].filter & EVFILT_SIGNAL) {
break; break;