v3

Attempt to build against old systemd versions as well.
In case libsystemd isn't found, try libsystemd-journal as well.
2026-06-16 01:15:48 +00:00 · 2017-05-08 08:49:15 -07:00 · 2017-05-07 21:09:58 -07:00 · 2017-05-07 20:36:32 -07:00 · 2017-05-07 20:23:37 -07:00 · 2017-05-07 20:23:31 -07:00
3 changed files with 50 additions and 4 deletions
@@ -1,12 +1,12 @@

-AM_CFLAGS = -g $(LIBSYSTEMD_CFLAGS) -Wall -Wno-uninitialized -W -D_FORTIFY_SOURCE=2
+AM_CFLAGS = -g $(LIBSYSTEMD_CFLAGS) $(LIBSYSTEMD_JOURNAL_CFLAGS) -Wall -Wno-uninitialized -W -D_FORTIFY_SOURCE=2

 systemdsystemunitdir = @SYSTEMD_SYSTEMUNITDIR@
 systemdsystemunit_DATA = tallow.service

 sbin_PROGRAMS = tallow
 tallow_SOURCES = tallow.c
-tallow_LDADD = $(LIBSYSTEMD_LIBS)
+tallow_LDADD = $(LIBSYSTEMD_LIBS) $(LIBSYSTEMD_JOURNAL_LIBS)

 EXTRA_DIST = AUTHORS COPYING INSTALL tallow.service.in tallow.1.md

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.

 AC_PREREQ([2.64])
-AC_INIT([tallow], [2], [auke-jan.h.kok@intel.com])
+AC_INIT([tallow], [3], [auke-jan.h.kok@intel.com])
 AM_INIT_AUTOMAKE([])
 AC_CONFIG_FILES([Makefile])

@@ -10,9 +10,11 @@ AC_CONFIG_FILES([Makefile])
 AC_PROG_CC
 AC_PROG_INSTALL

-PKG_CHECK_MODULES([LIBSYSTEMD], [libsystemd])
+PKG_CHECK_MODULES(LIBSYSTEMD, libsystemd,, [PKG_CHECK_MODULES(LIBSYSTEMD_JOURNAL, libsystemd-journal)])
 AC_SUBST(LIBSYSTEMD_CFLAGS)
 AC_SUBST(LIBSYSTEMD_LIBS)
+AC_SUBST(LIBSYSTEMD_JOURNAL_CFLAGS)
+AC_SUBST(LIBSYSTEMD_JOURNAL_LIBS)

 AC_ARG_WITH([systemdsystemunitdir], AC_HELP_STRING([--with-systemdsystemunitdir=DIR],
 	[path to systemd system service directory]), [path_systemdsystemunit=${withval}],
@@ -125,6 +125,9 @@ static void find(char *ip)
 	struct tallow_struct *n;
 	struct tallow_struct *w = whitelist;

+	if (!ip)
+		return;
+
 	/*
 	 * not validating the IP address format here, just
 	 * making sure we're not passing special characters
@@ -210,6 +213,37 @@ static void sig(int s)
 	}
 }

+static void prune(void)
+{
+	struct tallow_struct *s = head;
+	struct tallow_struct *p;
+	struct timeval tv;
+
+	(void) gettimeofday(&tv, NULL);
+	p = NULL;
+
+	while (s) {
+		if ((tv.tv_sec - s->time.tv_sec) > expires) {
+			if (p) {
+				p->next = s->next;
+				free(s->ip);
+				free(s);
+				s = p->next;
+				continue;
+			} else {
+				head = s->next;
+				free(s->ip);
+				free(s);
+				s = head;
+				p = NULL;
+				continue;
+			}
+		}
+		p = s;
+		s = s->next;
+	}
+}
+
 int main(void)
 {
 	int r;
@@ -353,8 +387,18 @@ int main(void)
 				find(t);
 			}

+
+			if (strstr(m, "MESSAGE=Received disconnect from ")) {
+				t = strtok(m, " ");
+				for (i = 0; i < 4; i++)
+					t = strtok(NULL, " ");
+				find(t);
+			}
+
 			free(m);
 		}
+
+		prune();
 	}

 	sd_journal_close(j);
Author	SHA1	Message	Date
Auke Kok	ea958fd2b5	v3	2017-05-08 08:49:15 -07:00
Auke Kok	4547892d56	Attempt to build against old systemd versions as well. In case libsystemd isn't found, try libsystemd-journal as well.	2017-05-07 21:09:58 -07:00
Auke Kok	c661a20e33	Revert removal of `prune()`. We can't just delete an entry only when it is blocked, this would forever leave all entries lingering in the list until they hit the limit, and it would likely consume lots of memory. Instead, we'll prune only based on timestamp values. This removes old entries automatically regularly, but leaves new hits that haven't hit the expiry time. If IPs get blocked, they're not removed, but the expiry time will remove them. This will assure that hosts that try in large intervals actually get blocked again right away.	2017-05-07 20:36:32 -07:00
Arjan van de Ven	9f37520c72	ip can be NULL (output of strtok)	2017-05-07 20:23:37 -07:00
Arjan van de Ven	dc8f37e41f	also catch port probers that try ssl level evils	2017-05-07 20:23:31 -07:00