Changeset 5574
- Timestamp:
- 07/08/11 23:17:45 (13 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/global-functions.h
r5548 r5574 109 109 extern void remove_reader_from_active(struct s_reader *rdr); 110 110 extern void add_reader_to_active(struct s_reader *rdr); 111 extern void cs_add_violation(uint32_t ip );111 extern void cs_add_violation(uint32_t ip, int32_t port); 112 112 extern void cs_card_info(void); 113 113 extern void cs_debug_level(void); -
trunk/globals.h
r5567 r5574 474 474 int32_t v_count; 475 475 uint32_t v_ip; 476 int32_t v_port; 476 477 time_t v_time; 477 478 } V_BAN; -
trunk/module-cccam.c
r5567 r5574 2892 2892 cs_debug_mask(D_CLIENT, "cccam: failed ret: %d", ret); 2893 2893 if (ret == -2) 2894 cs_add_violation((uint)cl->ip );2894 cs_add_violation((uint)cl->ip, cfg.cc_port[0]); 2895 2895 } 2896 2896 cs_disconnect_client(cl); -
trunk/module-gbox.c
r5567 r5574 548 548 cs_log("gbox: INTRUDER ALERT (peer key)!"); 549 549 550 cs_add_violation((uint)cli->ip );550 cs_add_violation((uint)cli->ip, cfg.gbox_port); 551 551 552 552 cs_unlock(&gbox->lock); … … 556 556 cs_log("gbox: INTRUDER ALERT!"); 557 557 558 cs_add_violation((uint)cli->ip );558 cs_add_violation((uint)cli->ip, cfg.gbox_port); 559 559 560 560 cs_unlock(&gbox->lock); -
trunk/oscam-http.c
r5567 r5574 3250 3250 while ((v_ban_entry=ll_iter_next(&itr))) { 3251 3251 3252 tpl_ addVar(vars, TPLADD, "IPADDRESS", cs_inet_ntoa(v_ban_entry->v_ip));3252 tpl_printf(vars, TPLADD, "IPADDRESS", "%s : %d", cs_inet_ntoa(v_ban_entry->v_ip), v_ban_entry->v_port); 3253 3253 3254 3254 struct tm st ; -
trunk/oscam.c
r5565 r5574 58 58 char *loghistptr = NULL; 59 59 60 int32_t cs_check_v(uint32_t ip, int32_t add) {61 60 int32_t cs_check_v(uint32_t ip, int32_t port, int32_t add) { 61 int32_t result = 0; 62 62 if (cfg.failbantime) { 63 63 … … 77 77 ll_iter_remove_data(&itr); 78 78 continue; 79 } 80 81 if (ip == v_ban_entry->v_ip) { 82 result=1; 83 if (!add) { 84 if (v_ban_entry->v_count >= cfg.failbancount) { 85 cs_debug_mask(D_TRACE, "failban: banned ip %s - %ld seconds left", 86 cs_inet_ntoa(v_ban_entry->v_ip),ftime - (now - v_ban_entry->v_time)); 87 } else { 88 cs_debug_mask(D_TRACE, "failban: ip %s chance %d of %d", 89 cs_inet_ntoa(v_ban_entry->v_ip), v_ban_entry->v_count, cfg.failbancount); 90 v_ban_entry->v_count++; 91 } 92 } 93 else { 94 cs_debug_mask(D_TRACE, "failban: banned ip %s - already exist in list", cs_inet_ntoa(v_ban_entry->v_ip)); 95 } 96 79 } 80 81 if (ip == v_ban_entry->v_ip && port == v_ban_entry->v_port ) { 82 result=1; 83 if (!add) { 84 if (v_ban_entry->v_count >= cfg.failbancount) { 85 cs_debug_mask(D_TRACE, "failban: banned ip %s:%d - %ld seconds left", 86 cs_inet_ntoa(v_ban_entry->v_ip), v_ban_entry->v_port, 87 ftime - (now - v_ban_entry->v_time)); 88 } else { 89 cs_debug_mask(D_TRACE, "failban: ip %s:%d chance %d of %d", 90 cs_inet_ntoa(v_ban_entry->v_ip), v_ban_entry->v_port, 91 v_ban_entry->v_count, cfg.failbancount); 92 93 v_ban_entry->v_count++; 94 } 95 } 96 else { 97 cs_debug_mask(D_TRACE, "failban: banned ip %s:%d - already exist in list", 98 cs_inet_ntoa(v_ban_entry->v_ip), v_ban_entry->v_port); 99 } 97 100 } 98 101 } 99 102 if (add && !result) { 100 if(cs_malloc(&v_ban_entry,sizeof(V_BAN), -1)){ 101 v_ban_entry->v_time = time((time_t *)0); 102 v_ban_entry->v_ip = ip; 103 104 ll_iter_insert(&itr, v_ban_entry); 105 106 cs_debug_mask(D_TRACE, "failban: ban ip %s with timestamp %d", cs_inet_ntoa(v_ban_entry->v_ip), v_ban_entry->v_time); 107 } 108 } 103 if(cs_malloc(&v_ban_entry, sizeof(V_BAN), -1)){ 104 v_ban_entry->v_time = time((time_t *)0); 105 v_ban_entry->v_ip = ip; 106 v_ban_entry->v_port = port; 107 108 ll_iter_insert(&itr, v_ban_entry); 109 110 cs_debug_mask(D_TRACE, "failban: ban ip %s:%d with timestamp %d", 111 cs_inet_ntoa(v_ban_entry->v_ip), v_ban_entry->v_port, v_ban_entry->v_time); 112 } 113 } 109 114 } 110 115 return result; 111 116 } 112 117 113 int32_t cs_check_violation(uint32_t ip ) {114 return cs_check_v(ip, 0);115 } 116 void cs_add_violation(uint32_t ip ) {117 cs_check_v(ip, 1);118 int32_t cs_check_violation(uint32_t ip, int32_t port) { 119 return cs_check_v(ip, port, 0); 120 } 121 void cs_add_violation(uint32_t ip, int32_t port) { 122 cs_check_v(ip, port, 1); 118 123 } 119 124 … … 1376 1381 cl->thread, usr, cs_inet_ntoa(ip), buf, uniq); 1377 1382 if (cl->failban & BAN_DUPLICATE) { 1378 cs_add_violation(cl->ip );1383 cs_add_violation(cl->ip, ph[cl->ctyp].ptab->ports[cl->port_idx].s_port); 1379 1384 } 1380 1385 if (cfg.dropdups){ … … 1392 1397 pthread_self(), usr, cs_inet_ntoa(cl->ip), buf, uniq); 1393 1398 if (client->failban & BAN_DUPLICATE) { 1394 cs_add_violation(ip );1399 cs_add_violation(ip, ph[client->ctyp].ptab->ports[client->port_idx].s_port); 1395 1400 } 1396 1401 if (cfg.dropdups){ … … 1418 1423 //client->grp=0xffffffffffffff; 1419 1424 if ((intptr_t)account != 0 && (intptr_t)account != -1 && account->disabled){ 1420 cs_add_violation((uint32_t)client->ip );1425 cs_add_violation((uint32_t)client->ip, ph[client->ctyp].ptab->ports[client->port_idx].s_port); 1421 1426 cs_log("%s %s-client %s%s (%s%sdisabled account)", 1422 1427 client->crypted ? t_crypt : t_plain, … … 1433 1438 case 0: // reject access 1434 1439 rc=1; 1435 cs_add_violation((uint32_t)client->ip );1440 cs_add_violation((uint32_t)client->ip, ph[client->ctyp].ptab->ports[client->port_idx].s_port); 1436 1441 cs_log("%s %s-client %s%s (%s)", 1437 1442 client->crypted ? t_crypt : t_plain, … … 1446 1451 cs_user_resolve(account); 1447 1452 if (client->ip != account->dynip) { 1448 cs_add_violation((uint32_t)client->ip );1453 cs_add_violation((uint32_t)client->ip, ph[client->ctyp].ptab->ports[client->port_idx].s_port); 1449 1454 rc=2; 1450 1455 } … … 2457 2462 if(client->disabled != 0) { 2458 2463 if (client->failban & BAN_DISABLED){ 2459 cs_add_violation(client->ip );2464 cs_add_violation(client->ip, ph[client->ctyp].ptab->ports[client->port_idx].s_port); 2460 2465 cs_exit(SIGQUIT); // don't know whether this is best way to kill the thread 2461 2466 } … … 2481 2486 2482 2487 if (client->failban & BAN_SLEEPING) { 2483 cs_add_violation(client->ip );2488 cs_add_violation(client->ip, ph[client->ctyp].ptab->ports[client->port_idx].s_port); 2484 2489 cs_exit(SIGQUIT); // todo don't know whether this is best way to kill the thread 2485 2490 } … … 3053 3058 3054 3059 if (!cl) { 3055 if (cs_check_violation((uint32_t)cad.sin_addr.s_addr ))3060 if (cs_check_violation((uint32_t)cad.sin_addr.s_addr, ph[i].ptab->ports[j].s_port)) 3056 3061 return 0; 3057 3062 //printf("IP: %s - %d\n", inet_ntoa(*(struct in_addr *)&cad.sin_addr.s_addr), cad.sin_addr.s_addr); … … 3098 3103 if ((pfd3=accept(ph[i].ptab->ports[j].fd, (struct sockaddr *)&cad, (socklen_t *)&scad))>0) { 3099 3104 3100 if (cs_check_violation((uint32_t)cad.sin_addr.s_addr )) {3105 if (cs_check_violation((uint32_t)cad.sin_addr.s_addr, ph[i].ptab->ports[j].s_port)) { 3101 3106 close(pfd3); 3102 3107 return 0;
Note:
See TracChangeset
for help on using the changeset viewer.