solene
/
iblock
2
2
Fork 1
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Don't need to copy strings around and hardcode the max table len from pf 

internals, just assign a pointer (eventually from argv.)

while here also add a usage() function and error if more than one
argument are passed.
This commit is contained in:
Omar Polo 2022-09-19 20:23:32 +02:00 committed by Solene Rapenne
parent 550cfca6d1
commit 5ac1e2631b
2 changed files with 42 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Makefile
View File

@ -1,9 +1,9 @@
PREFIX?=/usr/local PREFIX = /usr/local
CFLAGS += -pedantic -Wall -Wextra -Wmissing-prototypes \ CFLAGS = -pedantic -Wall -Wextra -Wmissing-prototypes \
-Werror -Wshadow -Wstrict-overflow -fno-strict-aliasing \ -Werror -Wshadow -Wstrict-overflow -fno-strict-aliasing \
-Wstrict-prototypes -Wwrite-strings \ -Wstrict-prototypes -Wwrite-strings \
-Os -Os
all: iblock all: iblock

56
main.c
View File

@ -1,24 +1,32 @@
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <err.h> #include <err.h>
#include <netdb.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <syslog.h> #include <syslog.h>
#include <sys/wait.h>
#include <unistd.h> #include <unistd.h>
#include <sys/socket.h>
#define DEFAULT_TABLE "iblocked" #define DEFAULT_TABLE "iblocked"
#define TABLE_LEN 32 /* see PF_TABLE_NAME_SIZE in net/pfvar.h */
int main(int argc, char *argv[]){ static void __dead
usage(void)
{
fprintf(stderr, "usage: %s [table]\n", getprogname());
exit(1);
}
int
main(int argc, char *argv[])
{
struct sockaddr_storage sock = {0}; struct sockaddr_storage sock = {0};
socklen_t slen = sizeof(sock); socklen_t slen = sizeof(sock);
char ip[INET6_ADDRSTRLEN] = {'\0'}; /* INET6_ADDRSTRLEN > INET_ADDRSTRLEN */ char ip[INET6_ADDRSTRLEN] = {'\0'}; /* INET6_ADDRSTRLEN > INET_ADDRSTRLEN */
char table[TABLE_LEN] = DEFAULT_TABLE; const char *table = DEFAULT_TABLE;
int status = 0; int ch, status = 0;
pid_t id; pid_t id;
if (unveil("/usr/bin/doas", "rx") != 0) if (unveil("/usr/bin/doas", "rx") != 0)
@ -26,10 +34,20 @@ int main(int argc, char *argv[]){
if (pledge("exec inet proc stdio", NULL) != 0) if (pledge("exec inet proc stdio", NULL) != 0)
err(1, "pledge"); err(1, "pledge");
/* configuration */ while ((ch = getopt(argc, argv, "")) != -1) {
if (argc == 2) switch (ch) {
if (strlcpy(table, argv[1], TABLE_LEN) >= sizeof(table)) default:
errx(1, "table name is too long"); usage();
}
}
argc -= optind;
argv += optind;
if (argc > 1)
usage();
if (argc == 1)
table = *argv;
/* get socket structure */ /* get socket structure */
if (getpeername(STDIN_FILENO, (struct sockaddr *)&sock, &slen)) if (getpeername(STDIN_FILENO, (struct sockaddr *)&sock, &slen))
@ -37,10 +55,11 @@ int main(int argc, char *argv[]){
/* get ip */ /* get ip */
status = getnameinfo((struct sockaddr *)&sock, slen, ip, sizeof(ip), status = getnameinfo((struct sockaddr *)&sock, slen, ip, sizeof(ip),
NULL, 0, NI_NUMERICHOST); NULL, 0, NI_NUMERICHOST);
if (status != 0) { if (status != 0) {
syslog(LOG_DAEMON, "getnameinfo error"); syslog(LOG_DAEMON, "getnameinfo error: %s",
gai_strerror(status));
exit(1); exit(1);
} }
@ -56,14 +75,13 @@ int main(int argc, char *argv[]){
// child process // child process
syslog(LOG_DAEMON, "blocking %s", ip); syslog(LOG_DAEMON, "blocking %s", ip);
execl("/usr/bin/doas", "doas", "/sbin/pfctl", execl("/usr/bin/doas", "doas", "/sbin/pfctl",
"-t", table, "-T", "add", ip, NULL); "-t", table, "-T", "add", ip, NULL);
} else { } else {
// parent process // parent process
wait(NULL); wait(NULL);
syslog(LOG_DAEMON, "kill states for %s", ip); syslog(LOG_DAEMON, "kill states for %s", ip);
execl("/usr/bin/doas", "doas", "/sbin/pfctl", execl("/usr/bin/doas", "doas", "/sbin/pfctl",
"-k", ip, NULL); "-k", ip, NULL);
} }
break; break;
default: default: