forked from solene/iblock
Don't need to copy strings around and hardcode the max table len from pf
internals, just assign a pointer (eventually from argv.) while here also add a usage() function and error if more than one argument are passed.
This commit is contained in:
parent
550cfca6d1
commit
5ac1e2631b
10
Makefile
10
Makefile
|
@ -1,9 +1,9 @@
|
||||||
PREFIX?=/usr/local
|
PREFIX = /usr/local
|
||||||
|
|
||||||
CFLAGS += -pedantic -Wall -Wextra -Wmissing-prototypes \
|
CFLAGS = -pedantic -Wall -Wextra -Wmissing-prototypes \
|
||||||
-Werror -Wshadow -Wstrict-overflow -fno-strict-aliasing \
|
-Werror -Wshadow -Wstrict-overflow -fno-strict-aliasing \
|
||||||
-Wstrict-prototypes -Wwrite-strings \
|
-Wstrict-prototypes -Wwrite-strings \
|
||||||
-Os
|
-Os
|
||||||
|
|
||||||
|
|
||||||
all: iblock
|
all: iblock
|
||||||
|
|
56
main.c
56
main.c
|
@ -1,24 +1,32 @@
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <sys/wait.h>
|
||||||
|
|
||||||
|
#include <netinet/in.h>
|
||||||
|
|
||||||
#include <err.h>
|
#include <err.h>
|
||||||
|
#include <netdb.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <syslog.h>
|
#include <syslog.h>
|
||||||
#include <sys/wait.h>
|
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
#include <sys/socket.h>
|
|
||||||
|
|
||||||
#define DEFAULT_TABLE "iblocked"
|
#define DEFAULT_TABLE "iblocked"
|
||||||
#define TABLE_LEN 32 /* see PF_TABLE_NAME_SIZE in net/pfvar.h */
|
|
||||||
|
|
||||||
int main(int argc, char *argv[]){
|
static void __dead
|
||||||
|
usage(void)
|
||||||
|
{
|
||||||
|
fprintf(stderr, "usage: %s [table]\n", getprogname());
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
main(int argc, char *argv[])
|
||||||
|
{
|
||||||
struct sockaddr_storage sock = {0};
|
struct sockaddr_storage sock = {0};
|
||||||
socklen_t slen = sizeof(sock);
|
socklen_t slen = sizeof(sock);
|
||||||
char ip[INET6_ADDRSTRLEN] = {'\0'}; /* INET6_ADDRSTRLEN > INET_ADDRSTRLEN */
|
char ip[INET6_ADDRSTRLEN] = {'\0'}; /* INET6_ADDRSTRLEN > INET_ADDRSTRLEN */
|
||||||
char table[TABLE_LEN] = DEFAULT_TABLE;
|
const char *table = DEFAULT_TABLE;
|
||||||
int status = 0;
|
int ch, status = 0;
|
||||||
pid_t id;
|
pid_t id;
|
||||||
|
|
||||||
if (unveil("/usr/bin/doas", "rx") != 0)
|
if (unveil("/usr/bin/doas", "rx") != 0)
|
||||||
|
@ -26,10 +34,20 @@ int main(int argc, char *argv[]){
|
||||||
if (pledge("exec inet proc stdio", NULL) != 0)
|
if (pledge("exec inet proc stdio", NULL) != 0)
|
||||||
err(1, "pledge");
|
err(1, "pledge");
|
||||||
|
|
||||||
/* configuration */
|
while ((ch = getopt(argc, argv, "")) != -1) {
|
||||||
if (argc == 2)
|
switch (ch) {
|
||||||
if (strlcpy(table, argv[1], TABLE_LEN) >= sizeof(table))
|
default:
|
||||||
errx(1, "table name is too long");
|
usage();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
argc -= optind;
|
||||||
|
argv += optind;
|
||||||
|
|
||||||
|
if (argc > 1)
|
||||||
|
usage();
|
||||||
|
|
||||||
|
if (argc == 1)
|
||||||
|
table = *argv;
|
||||||
|
|
||||||
/* get socket structure */
|
/* get socket structure */
|
||||||
if (getpeername(STDIN_FILENO, (struct sockaddr *)&sock, &slen))
|
if (getpeername(STDIN_FILENO, (struct sockaddr *)&sock, &slen))
|
||||||
|
@ -37,10 +55,11 @@ int main(int argc, char *argv[]){
|
||||||
|
|
||||||
/* get ip */
|
/* get ip */
|
||||||
status = getnameinfo((struct sockaddr *)&sock, slen, ip, sizeof(ip),
|
status = getnameinfo((struct sockaddr *)&sock, slen, ip, sizeof(ip),
|
||||||
NULL, 0, NI_NUMERICHOST);
|
NULL, 0, NI_NUMERICHOST);
|
||||||
|
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
syslog(LOG_DAEMON, "getnameinfo error");
|
syslog(LOG_DAEMON, "getnameinfo error: %s",
|
||||||
|
gai_strerror(status));
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -56,14 +75,13 @@ int main(int argc, char *argv[]){
|
||||||
// child process
|
// child process
|
||||||
syslog(LOG_DAEMON, "blocking %s", ip);
|
syslog(LOG_DAEMON, "blocking %s", ip);
|
||||||
execl("/usr/bin/doas", "doas", "/sbin/pfctl",
|
execl("/usr/bin/doas", "doas", "/sbin/pfctl",
|
||||||
"-t", table, "-T", "add", ip, NULL);
|
"-t", table, "-T", "add", ip, NULL);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// parent process
|
// parent process
|
||||||
wait(NULL);
|
wait(NULL);
|
||||||
syslog(LOG_DAEMON, "kill states for %s", ip);
|
syslog(LOG_DAEMON, "kill states for %s", ip);
|
||||||
execl("/usr/bin/doas", "doas", "/sbin/pfctl",
|
execl("/usr/bin/doas", "doas", "/sbin/pfctl",
|
||||||
"-k", ip, NULL);
|
"-k", ip, NULL);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
Loading…
Reference in New Issue