1 #define MODULE_LOG_PREFIX "failban"
4 #include "module-anticasc.h"
6 #include "oscam-string.h"
7 #include "oscam-time.h"
9 static int32_t cs_check_v(IN_ADDR_T ip
, int32_t port
, int32_t add
, char *info
, int32_t acosc_penalty_duration
)
13 if(!(cfg
.failbantime
|| acosc_enabled()))
17 { cfg
.v_list
= ll_create("v_list"); }
21 LL_ITER itr
= ll_iter_create(cfg
.v_list
);
23 int32_t ftime
= cfg
.failbantime
* 60 * 1000;
25 // run over all banned entries to do housekeeping:
26 while((v_ban_entry
= ll_iter_next(&itr
)))
29 int64_t gone
= comp_timeb(&now
, &v_ban_entry
->v_time
);
30 if(((gone
>= ftime
) && !v_ban_entry
->acosc_entry
) || (v_ban_entry
->acosc_entry
&& ((gone
/1000) >= v_ban_entry
->acosc_penalty_dur
))) // entry out of time->remove
32 NULLFREE(v_ban_entry
->info
);
33 ll_iter_remove_data(&itr
);
37 if(IP_EQUAL(ip
, v_ban_entry
->v_ip
) && port
== v_ban_entry
->v_port
)
41 { info
= v_ban_entry
->info
; }
42 else if(!v_ban_entry
->info
)
44 v_ban_entry
->info
= cs_strdup(info
);
49 if(v_ban_entry
->v_count
>= cfg
.failbancount
)
51 if(!v_ban_entry
->acosc_entry
)
53 cs_log_dbg(D_TRACE
, "failban: banned ip %s:%d - %"PRId64
" seconds left %s%s",
54 cs_inet_ntoa(v_ban_entry
->v_ip
), v_ban_entry
->v_port
,
55 (ftime
- gone
) / 1000, info
? ", info: " : "", info
? info
: "");
59 cs_log_dbg(D_TRACE
, "failban: banned ip %s:%d - %"PRId64
" seconds left %s%s",
60 cs_inet_ntoa(v_ban_entry
->v_ip
), v_ban_entry
->v_port
,
61 (v_ban_entry
->acosc_penalty_dur
- (gone
/ 1000)),
62 info
? ", info: " : "", info
? info
: "");
68 cs_log_dbg(D_TRACE
, "failban: ip %s:%d chance %d of %d%s%s",
69 cs_inet_ntoa(v_ban_entry
->v_ip
), v_ban_entry
->v_port
,
70 v_ban_entry
->v_count
, cfg
.failbancount
,
71 info
? ", info: " : "", info
? info
: "");
73 v_ban_entry
->v_count
++;
78 cs_log_dbg(D_TRACE
, "failban: banned ip %s:%d - already exist in list %s%s",
79 cs_inet_ntoa(v_ban_entry
->v_ip
), v_ban_entry
->v_port
,
80 info
? ", info: " : "", info
? info
: "");
87 if(cs_malloc(&v_ban_entry
, sizeof(V_BAN
)))
89 cs_ftime(&v_ban_entry
->v_time
);
90 v_ban_entry
->v_ip
= ip
;
91 v_ban_entry
->v_port
= port
;
92 v_ban_entry
->v_count
= 1;
93 v_ban_entry
->acosc_entry
= false;
94 v_ban_entry
->acosc_penalty_dur
= 0;
96 if(acosc_penalty_duration
> 0)
98 v_ban_entry
->v_count
= cfg
.failbancount
+1; // set it to a higher level
99 v_ban_entry
->acosc_entry
= true;
100 v_ban_entry
->acosc_penalty_dur
= acosc_penalty_duration
;
104 { v_ban_entry
->info
= cs_strdup(info
); }
106 ll_iter_insert(&itr
, v_ban_entry
);
107 cs_log_dbg(D_TRACE
, "failban: ban ip %s:%d with timestamp %ld%s%s",
108 cs_inet_ntoa(v_ban_entry
->v_ip
), v_ban_entry
->v_port
, v_ban_entry
->v_time
.time
,
109 info
? ", info: " : "", info
? info
: "");
116 int32_t cs_check_violation(IN_ADDR_T ip
, int32_t port
)
118 return cs_check_v(ip
, port
, 0, NULL
, 0);
121 int32_t cs_add_violation_by_ip(IN_ADDR_T ip
, int32_t port
, char *info
)
123 return cs_check_v(ip
, port
, 1, info
, 0);
126 int32_t cs_add_violation_by_ip_acosc(IN_ADDR_T ip
, int32_t port
, char *info
, int32_t acosc_penalty_duration
)
128 return cs_check_v(ip
, port
, 1, info
, acosc_penalty_duration
);
131 void cs_add_violation(struct s_client
*cl
, char *info
)
133 struct s_module
*module
= get_module(cl
);
134 cs_add_violation_by_ip(cl
->ip
, module
->ptab
.ports
[cl
->port_idx
].s_port
, info
);
137 void cs_add_violation_acosc(struct s_client
*cl
, char *info
, int32_t acosc_penalty_duration
)
139 struct s_module
*module
= get_module(cl
);
140 cs_add_violation_by_ip_acosc(cl
->ip
, module
->ptab
.ports
[cl
->port_idx
].s_port
, info
, acosc_penalty_duration
);