Compare commits
2 commits
9c9fa59e12
...
45ce884264
| Author | SHA1 | Date | |
|---|---|---|---|
| 45ce884264 | |||
| 34d88d8ec5 |
3 changed files with 46 additions and 11 deletions
44
src/autofw.c
44
src/autofw.c
|
|
@ -21,6 +21,7 @@ fclose_ptr(FILE** p)
|
|||
|
||||
typedef struct {
|
||||
bool obsolete;
|
||||
bool is_new;
|
||||
uint32_t ip;
|
||||
uint8_t width;
|
||||
} iprange_t;
|
||||
|
|
@ -111,7 +112,7 @@ iprange_cmp(const void* a, const void* b)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
static bool
|
||||
iprange_join(iprange_t* prev, iprange_t* curr)
|
||||
{
|
||||
uint32_t const prev_mask = ~0U << (32 - prev->width);
|
||||
|
|
@ -122,7 +123,7 @@ iprange_join(iprange_t* prev, iprange_t* curr)
|
|||
#endif
|
||||
if ((prev->ip & prev_mask) == (curr->ip & prev_mask)) {
|
||||
curr->obsolete = true;
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
int min_width = prev->width < curr->width ? prev->width : curr->width;
|
||||
if (min_width < 8)
|
||||
|
|
@ -131,14 +132,14 @@ iprange_join(iprange_t* prev, iprange_t* curr)
|
|||
// printf("widths: min %d max %d\n", min_width, max_width);
|
||||
if (max_width - min_width > 8) {
|
||||
// printf("width difference %d, too much\n", max_width - min_width);
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
int new_width = max_width;
|
||||
uint32_t new_mask = 0;
|
||||
for (;;) {
|
||||
if ((new_width <= 8) || (max_width - new_width > 8)) {
|
||||
// printf("nothing in common with at least 8 bits\n");
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
new_width = new_width - 1;
|
||||
new_mask = ~0U << (32 - new_width);
|
||||
|
|
@ -152,14 +153,24 @@ iprange_join(iprange_t* prev, iprange_t* curr)
|
|||
break;
|
||||
if (!(new_width & 7)) {
|
||||
// printf("too far apart, giving up\n");
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
uint32_t const new_ip = prev->ip & new_mask;
|
||||
#if 0
|
||||
printf("adding new range %d.%d.%d.%d/%d\n",
|
||||
new_ip >> 24,
|
||||
(new_ip >> 16) & 0xff,
|
||||
(new_ip >> 8) & 0xff,
|
||||
(new_ip >> 0) & 0xff,
|
||||
new_width);
|
||||
#endif
|
||||
iprange_t* const range = iprange_create(new_ip, new_width);
|
||||
range->is_new = true;
|
||||
pbuf_append(&new_ranges, range);
|
||||
prev->obsolete = true;
|
||||
curr->obsolete = true;
|
||||
return true;
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
@ -167,6 +178,8 @@ ipranges_merge(void)
|
|||
{
|
||||
iprange_t* prev = NULL;
|
||||
iprange_t* curr;
|
||||
bool added_something = false;
|
||||
pbuf_sort(&black_ranges, iprange_cmp);
|
||||
PBUF_FOREACH(curr, &black_ranges)
|
||||
if (!prev) {
|
||||
prev = curr;
|
||||
|
|
@ -185,10 +198,16 @@ ipranges_merge(void)
|
|||
(curr->ip >> 0) & 0xff,
|
||||
curr->width);
|
||||
#endif
|
||||
iprange_join(prev, curr);
|
||||
if (iprange_join(prev, curr))
|
||||
added_something = true;
|
||||
if (!curr->obsolete)
|
||||
prev = curr;
|
||||
PBUF_FOREACH_END
|
||||
if (!added_something)
|
||||
return;
|
||||
pbuf_appendall(&black_ranges, &new_ranges);
|
||||
pbuf_clear(&new_ranges);
|
||||
ipranges_merge();
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
@ -271,7 +290,7 @@ main(int argc, const char* argv[])
|
|||
{
|
||||
pbuf_init(&black_ranges, 4, 0, NULL);
|
||||
pbuf_init(&white_ranges, 4, 0, NULL);
|
||||
pbuf_init(&new_ranges, 4, 0, NULL);
|
||||
pbuf_init(&new_ranges, 4, 0, PBUF_NONE);
|
||||
pbuf_init(&new_b_ranges, 4, 0, NULL);
|
||||
|
||||
iprange_load("autofw.whitelist", true);
|
||||
|
|
@ -280,7 +299,6 @@ main(int argc, const char* argv[])
|
|||
(void) argc;
|
||||
(void) argv;
|
||||
|
||||
pbuf_sort(&black_ranges, iprange_cmp);
|
||||
ipranges_merge();
|
||||
ipranges_find_b_blocks();
|
||||
|
||||
|
|
@ -288,7 +306,7 @@ main(int argc, const char* argv[])
|
|||
iprange_t* range;
|
||||
|
||||
PBUF_FOREACH(range, &black_ranges)
|
||||
if (!range->obsolete)
|
||||
if (!range->obsolete || range->is_new)
|
||||
continue;
|
||||
printf("yes | ufw delete deny from %d.%d.%d.%d/%d\n",
|
||||
range->ip >> 24,
|
||||
|
|
@ -298,7 +316,11 @@ main(int argc, const char* argv[])
|
|||
range->width);
|
||||
PBUF_FOREACH_END
|
||||
|
||||
PBUF_FOREACH(range, &new_ranges)
|
||||
bool something_new = false;
|
||||
PBUF_FOREACH(range, &black_ranges)
|
||||
if (range->obsolete || !range->is_new)
|
||||
continue;
|
||||
something_new = true;
|
||||
printf("ufw insert 1 deny from %d.%d.%d.%d/%d\n",
|
||||
range->ip >> 24,
|
||||
(range->ip >> 16) & 0xff,
|
||||
|
|
@ -316,7 +338,7 @@ main(int argc, const char* argv[])
|
|||
range->width);
|
||||
PBUF_FOREACH_END
|
||||
|
||||
if (pbuf_size(&new_ranges) > 0) {
|
||||
if (something_new) {
|
||||
PBUF_FOREACH(range, &white_ranges)
|
||||
printf("yes | ufw delete allow from %d.%d.%d.%d/%d\n",
|
||||
range->ip >> 24,
|
||||
|
|
|
|||
10
src/pbuf.c
10
src/pbuf.c
|
|
@ -91,6 +91,16 @@ pbuf_append(pbuf_t* pbuf, void* ptr)
|
|||
pbuf->ptr[pbuf->used++] = ptr;
|
||||
}
|
||||
|
||||
void
|
||||
pbuf_appendall(pbuf_t* pbuf, const pbuf_t* tail)
|
||||
{
|
||||
if (!pbuf || !tail || (tail->used == 0))
|
||||
return;
|
||||
pbuf_ensure(pbuf, tail->used);
|
||||
memcpy(pbuf->ptr + pbuf->used, tail->ptr, tail->used * sizeof(void*));
|
||||
pbuf->used += tail->used;
|
||||
}
|
||||
|
||||
void
|
||||
pbuf_sort(pbuf_t* pbuf, pbuf_func_sort_t func)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -25,6 +25,9 @@ pbuf_clear(pbuf_t* pbuf);
|
|||
void
|
||||
pbuf_append(pbuf_t* pbuf, void* ptr);
|
||||
|
||||
void
|
||||
pbuf_appendall(pbuf_t* pbuf, const pbuf_t* tail);
|
||||
|
||||
void
|
||||
pbuf_putat(pbuf_t* pbuf, int ix, void* obj);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue