Tune down badness for attempts a small bit.

We're still blocking really agressively. Tune it down a notch
and make timeouts a bit less for human-error like conditions
(forgotten key, ^C etc).

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.64])
-AC_INIT([tallow], [9], [auke-jan.h.kok@intel.com])
+AC_INIT([tallow], [12], [auke-jan.h.kok@intel.com])
 AM_INIT_AUTOMAKE([foreign])
 AC_CONFIG_FILES([Makefile])
 

tallow.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "TALLOW" "1" "January 2018" "" ""
+.TH "TALLOW" "1" "March 2018" "" ""
 .
 .SH "NAME"
 \fBtallow\fR
@@ -28,7 +28,7 @@ Care should be taken to assure that legitimate users are not blocked inadvertent
 The \fBtallow\fR daemon itself has no runtime configuration\. All configuration is done through the tallow\.conf(5) config file\.
 .
 .SH "SIGNALS"
-The \fBUSR1\fR signal causes \fBtallow\fR to print out it\'s internal tracking table of IP addresses\.
+The \fBUSR1\fR signal causes \fBtallow\fR to print out it\'s internal tracking table of IP addresses\. This requires that tallow is compiled with the \fB\-DDEBUG=1\fR symbol passed to the compiler\.
 .
 .SH "SEE ALSO"
 systemd\-journald(1), iptables(1), ipset(1), tallow\.conf(5)

tallow.1.md

@@ -43,7 +43,8 @@ configuration is done through the tallow.conf(5) config file.
 ## SIGNALS
 
 The `USR1` signal causes `tallow` to print out it's internal tracking
-table of IP addresses.
+table of IP addresses. This requires that tallow is compiled with
+the `-DDEBUG=1` symbol passed to the compiler.
 
 ## SEE ALSO
 

tallow.c

@@ -58,14 +58,14 @@ struct pattern_struct {
 
 #define PATTERN_COUNT 10
 static struct pattern_struct patterns[PATTERN_COUNT] = {
-	{ 0, 0.3, "MESSAGE=Failed .* for .* from ([0-9a-z:.]+) port \\d+ ssh2", NULL},
-	{ 0, 0.3, "MESSAGE=error: PAM: Authentication failure for .* from ([0-9a-z:.]+)", NULL},
-	{15, 0.3, "MESSAGE=Invalid user .* from ([0-9a-z:.]+) port \\d+", NULL},
-	{15, 0.3, "MESSAGE=Did not receive identification string from ([0-9a-z:.]+) port \\d+", NULL},
+	{ 0, 0.2, "MESSAGE=Failed .* for .* from ([0-9a-z:.]+) port \\d+ ssh2", NULL},
+	{ 0, 0.2, "MESSAGE=error: PAM: Authentication failure for .* from ([0-9a-z:.]+)", NULL},
+	{10, 0.2, "MESSAGE=Invalid user .* from ([0-9a-z:.]+) port \\d+", NULL},
+	{10, 0.3, "MESSAGE=Did not receive identification string from ([0-9a-z:.]+) port \\d+", NULL},
 	{15, 0.4, "MESSAGE=Bad protocol version identification .* from ([0-9a-z:.]+)", NULL},
 	{15, 0.4, "MESSAGE=Connection closed by authenticating user .* ([0-9a-z:.]+) port \\d+", NULL},
-	{15, 0.4, "MESSAGE=Received disconnect from ([0-9a-z:.]+) port .*\\[preauth\\]", NULL},
-	{15, 0.4, "MESSAGE=Connection closed by ([0-9a-z:.]+) port .*\\[preauth\\]", NULL},
+	{10, 0.3, "MESSAGE=Received disconnect from ([0-9a-z:.]+) port .*\\[preauth\\]", NULL},
+	{10, 0.3, "MESSAGE=Connection closed by ([0-9a-z:.]+) port .*\\[preauth\\]", NULL},
 	{30, 0.5, "MESSAGE=Failed .* for root from ([0-9a-z:.]+) port \\d+ ssh2", NULL},
 	{60, 0.6, "MESSAGE=Unable to negotiate with ([0-9a-z:.]+) port \\d+: no matching key exchange method found.", NULL}
 };
@@ -284,23 +284,7 @@ static void find(const char *ip, float weight, int instant_block)
 	return;
 }
 
-static void sig(int u __attribute__ ((unused)))
-{
-	fprintf(stderr, "Exiting on request.\n");
-	sd_journal_close(j);
-
-	struct tallow_struct *s = head;
-	while (s) {
-		struct tallow_struct *n = NULL;
-
-		free(s->ip);
-		n = s;
-		s = s->next;
-		free(n);
-	}
-	exit(EXIT_SUCCESS);
-}
-
+#ifdef DEBUG
 static void sigusr1(int u __attribute__ ((unused)))
 {
 	fprintf(stderr, "Dumping score list on request:\n");
@@ -310,6 +294,7 @@ static void sigusr1(int u __attribute__ ((unused)))
 		s = s->next;
 	}
 }
+#endif
 
 static void prune(void)
 {
@@ -354,20 +339,17 @@ int main(void)
 {
 	int r;
 	FILE *f;
-	struct sigaction s;
 	int timeout = 60;
 
 	strcpy(ipt_path, "/usr/sbin");
 
-	memset(&s, 0, sizeof(struct sigaction));
-	s.sa_handler = sig;
-	sigaction(SIGHUP, &s, NULL);
-	sigaction(SIGTERM, &s, NULL);
-	sigaction(SIGINT, &s, NULL);
+#ifdef DEBUG
+	struct sigaction s;
 
 	memset(&s, 0, sizeof(struct sigaction));
 	s.sa_handler = sigusr1;
 	sigaction(SIGUSR1, &s, NULL);
+#endif
 
 	if (access("/proc/sys/net/ipv6", R_OK | X_OK) == 0)
 		has_ipv6 = 1;
@@ -452,6 +434,9 @@ int main(void)
 		if (r == SD_JOURNAL_INVALIDATE) {
 			fprintf(stderr, "Journal was rotated, resetting\n");
 			sd_journal_seek_tail(j);
+		} else if (r == SD_JOURNAL_NOP) {
+			dbg("Timeout reached, waiting again\n");
+			continue;
 		}
 
 		while (sd_journal_next(j) != 0) {
@@ -459,7 +444,7 @@ int main(void)
 
 			if (sd_journal_get_data(j, "MESSAGE", &d, &l) < 0) {
 				fprintf(stderr, "Failed to read message field: %s\n", strerror(-r));
-				continue;
+				break;
 			}
 
 			m = strndup(d, l+1);