编译优化
This commit is contained in:
parent
6024acd745
commit
588f5aa26d
3
Makefile
3
Makefile
@ -1,11 +1,12 @@
|
|||||||
CROSS_COMPILE ?=
|
CROSS_COMPILE ?=
|
||||||
CC := $(CROSS_COMPILE)gcc
|
CC := $(CROSS_COMPILE)gcc
|
||||||
CFLAGS += -g -Wall
|
CFLAGS += -O2 -g -Wall
|
||||||
LIB += -lcurl -lip4tc
|
LIB += -lcurl -lip4tc
|
||||||
OBG = rhost
|
OBG = rhost
|
||||||
|
|
||||||
all: conf.o rhost.o libiptc.o
|
all: conf.o rhost.o libiptc.o
|
||||||
$(CC) $(CFLAGS) $^ -o $(OBG) $(LIB)
|
$(CC) $(CFLAGS) $^ -o $(OBG) $(LIB)
|
||||||
|
chmod +x $(OBG)
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -rf *.o
|
rm -rf *.o
|
||||||
|
|||||||
@ -4,7 +4,11 @@ ssh防止暴力破解,适用Debian 8、9、11 Centos 7
|
|||||||
支持第三方QQ邮箱告警
|
支持第三方QQ邮箱告警
|
||||||
支持一次运行检测、后台运行检测
|
支持一次运行检测、后台运行检测
|
||||||
Debian系统请安装libcurl库和libiptc库
|
Debian系统请安装libcurl库和libiptc库
|
||||||
|
<<<<<<< HEAD
|
||||||
Centos 7系统请安装libcurl库和iptables-devel库,yum install iptables-devel libcurl-devel
|
Centos 7系统请安装libcurl库和iptables-devel库,yum install iptables-devel libcurl-devel
|
||||||
|
=======
|
||||||
|
Centos 7系统请安装libcurl库和iptables-devel库,yum install iptables-devel libcurl-devel
|
||||||
|
>>>>>>> 708af46 (优化)
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|||||||
18
libiptc.c
18
libiptc.c
@ -29,7 +29,7 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4)
|
|||||||
|
|
||||||
int show_all_rule(char *ipv4)
|
int show_all_rule(char *ipv4)
|
||||||
{
|
{
|
||||||
int r;
|
int r=0;
|
||||||
struct xtc_handle *handle;
|
struct xtc_handle *handle;
|
||||||
const char *chain = NULL;
|
const char *chain = NULL;
|
||||||
struct ipt_counters counter;
|
struct ipt_counters counter;
|
||||||
@ -83,7 +83,7 @@ struct ipt_entry_match *get_match(const char *sports, const char *dports, unsign
|
|||||||
size = IPT_ALIGN(sizeof(*match)) + IPT_ALIGN(sizeof(*udpinfo));
|
size = IPT_ALIGN(sizeof(*match)) + IPT_ALIGN(sizeof(*udpinfo));
|
||||||
match = (struct ipt_entry_match *)calloc(1, size);
|
match = (struct ipt_entry_match *)calloc(1, size);
|
||||||
match->u.match_size = size;
|
match->u.match_size = size;
|
||||||
strncpy(match->u.user.name, protocol, IPT_FUNCTION_MAXNAMELEN);
|
memmove(match->u.user.name, protocol, IPT_FUNCTION_MAXNAMELEN);
|
||||||
|
|
||||||
udpinfo = (struct ipt_udp *)match->data;
|
udpinfo = (struct ipt_udp *)match->data;
|
||||||
udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
|
udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
|
||||||
@ -103,10 +103,10 @@ struct ipt_entry_match *get_match(const char *sports, const char *dports, unsign
|
|||||||
int iptc_add_rule(const char *table, const char *chain, int protocol, const char *iniface, const char *outiface, unsigned int src,
|
int iptc_add_rule(const char *table, const char *chain, int protocol, const char *iniface, const char *outiface, unsigned int src,
|
||||||
unsigned int dest, const char *srcports, const char *destports, const char *target, const char *dnat_to, const int append)
|
unsigned int dest, const char *srcports, const char *destports, const char *target, const char *dnat_to, const int append)
|
||||||
{
|
{
|
||||||
struct xtc_handle *handle;
|
struct xtc_handle *handle = NULL;
|
||||||
struct ipt_entry *chain_entry;
|
struct ipt_entry *chain_entry = NULL;
|
||||||
struct ipt_entry_match *entry_match = NULL;
|
struct ipt_entry_match *entry_match = NULL;
|
||||||
struct ipt_entry_target *entry_target;
|
struct ipt_entry_target *entry_target = NULL;
|
||||||
ipt_chainlabel labelit;
|
ipt_chainlabel labelit;
|
||||||
long match_size;
|
long match_size;
|
||||||
int result = 0;
|
int result = 0;
|
||||||
@ -123,9 +123,9 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (iniface)
|
if (iniface)
|
||||||
strncpy(chain_entry->ip.iniface, iniface, IFNAMSIZ);
|
memmove(chain_entry->ip.iniface, iniface, IFNAMSIZ);
|
||||||
if (outiface)
|
if (outiface)
|
||||||
strncpy(chain_entry->ip.outiface, outiface, IFNAMSIZ);
|
memmove(chain_entry->ip.outiface, outiface, IFNAMSIZ);
|
||||||
|
|
||||||
chain_entry->ip.proto = protocol;
|
chain_entry->ip.proto = protocol;
|
||||||
if (IPPROTO_UDP == protocol)
|
if (IPPROTO_UDP == protocol)
|
||||||
@ -138,7 +138,7 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char
|
|||||||
size = IPT_ALIGN(sizeof(struct ipt_entry_target)) + IPT_ALIGN(sizeof(int));
|
size = IPT_ALIGN(sizeof(struct ipt_entry_target)) + IPT_ALIGN(sizeof(int));
|
||||||
entry_target = (struct ipt_entry_target *)calloc(1, size);
|
entry_target = (struct ipt_entry_target *)calloc(1, size);
|
||||||
entry_target->u.user.target_size = size;
|
entry_target->u.user.target_size = size;
|
||||||
strncpy(entry_target->u.user.name, target, IPT_FUNCTION_MAXNAMELEN);
|
memmove(entry_target->u.user.name, target, IPT_FUNCTION_MAXNAMELEN);
|
||||||
}
|
}
|
||||||
if (entry_match) {
|
if (entry_match) {
|
||||||
match_size = entry_match->u.match_size;
|
match_size = entry_match->u.match_size;
|
||||||
@ -168,7 +168,7 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
strncpy(labelit, chain, sizeof(ipt_chainlabel));
|
memmove(labelit, chain, sizeof(ipt_chainlabel));
|
||||||
//printf("Chain name:%s\n", chain);
|
//printf("Chain name:%s\n", chain);
|
||||||
result = iptc_is_chain(chain, handle);
|
result = iptc_is_chain(chain, handle);
|
||||||
if (!result) {
|
if (!result) {
|
||||||
|
|||||||
30
rhost.c
30
rhost.c
@ -44,7 +44,7 @@ char *get_public_ip(char *ip)
|
|||||||
int strReplaceAll(char *str, char *sub, char *replace)
|
int strReplaceAll(char *str, char *sub, char *replace)
|
||||||
{
|
{
|
||||||
if (NULL == str || NULL == sub || NULL == replace) {
|
if (NULL == str || NULL == sub || NULL == replace) {
|
||||||
printf("strReplaceAll param error\n");
|
printf("strReplaceAll\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -62,19 +62,19 @@ int strReplaceAll(char *str, char *sub, char *replace)
|
|||||||
while ('\0' != *p) {
|
while ('\0' != *p) {
|
||||||
t = str + str_len;
|
t = str + str_len;
|
||||||
q = strstr(str, sub);
|
q = strstr(str, sub);
|
||||||
if (NULL == q) /* 没有子串了,那么直接返回吧 */
|
if (NULL == q) // 没有子串了直接返回
|
||||||
break;
|
break;
|
||||||
|
|
||||||
src = q + sub_len; /* 源头, 原有sub后的一个字符 */
|
src = q + sub_len; // 源头, 原有sub后的一个字符
|
||||||
dst = q + replace_len; /* 目的,放完replace后的一个字符 */
|
dst = q + replace_len; // 目的,放完replace后的一个字符
|
||||||
memcpy(dst, src, t - src); /* 原有字符串后移,放出空间 */
|
memcpy(dst, src, t - src); // 原有字符串后移,放出空间
|
||||||
memcpy(q, replace, replace_len); /* 将replace字符拷贝进来 */
|
memcpy(q, replace, replace_len); // 将replace字符拷贝进来
|
||||||
str_len = str_len + replace_len - sub_len;
|
str_len = str_len + replace_len - sub_len;
|
||||||
|
|
||||||
p = q + replace_len; /* p 下一轮replace后的一个字符 */
|
p = q + replace_len; // p 下一轮replace后的一个字符
|
||||||
}
|
}
|
||||||
|
|
||||||
str[str_len] = '\0'; /* 通过'\0'表示结尾 */
|
str[str_len] = '\0'; // 通过'\0'表示结尾
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -84,7 +84,6 @@ int dingding_warning(char *illegal_ip, char *public_ip, conf *conf)
|
|||||||
{
|
{
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
if ((fp = fopen("libcurl_ding.log", "wt+")) == NULL){
|
if ((fp = fopen("libcurl_ding.log", "wt+")) == NULL){
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -186,7 +185,9 @@ int QQ_mail_warning(char *illegal_ip, char *public_ip, conf *conf)
|
|||||||
int rule(conf *conf)
|
int rule(conf *conf)
|
||||||
{
|
{
|
||||||
FILE *fp, *fc;
|
FILE *fp, *fc;
|
||||||
char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER], iptables[BUFFER + (sizeof(IPTABLES))], iptables_check[BUFFER + (sizeof(IPTABLES_CHECK))];
|
|
||||||
|
//char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER], iptables[BUFFER + (sizeof(IPTABLES))], iptables_check[BUFFER + (sizeof(IPTABLES_CHECK))];
|
||||||
|
char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER];
|
||||||
|
|
||||||
time_t timep;
|
time_t timep;
|
||||||
struct tm *tp;
|
struct tm *tp;
|
||||||
@ -196,8 +197,8 @@ int rule(conf *conf)
|
|||||||
memset(command, 0, LONG_BUFFER);
|
memset(command, 0, LONG_BUFFER);
|
||||||
memset(buffer, 0, BUFFER);
|
memset(buffer, 0, BUFFER);
|
||||||
memset(awk, 0, BUFFER);
|
memset(awk, 0, BUFFER);
|
||||||
memset(iptables, 0, BUFFER+(sizeof(IPTABLES)));
|
//memset(iptables, 0, BUFFER+(sizeof(IPTABLES)));
|
||||||
memset(iptables_check, 0, BUFFER+(sizeof(IPTABLES_CHECK)));
|
//memset(iptables_check, 0, BUFFER+(sizeof(IPTABLES_CHECK)));
|
||||||
fp = NULL;
|
fp = NULL;
|
||||||
fc = NULL;
|
fc = NULL;
|
||||||
|
|
||||||
@ -260,8 +261,8 @@ int rule(conf *conf)
|
|||||||
{
|
{
|
||||||
|
|
||||||
buffer[strlen(buffer) - 1] = '\0'; // 去除回车
|
buffer[strlen(buffer) - 1] = '\0'; // 去除回车
|
||||||
sprintf(iptables, IPTABLES, buffer);
|
//sprintf(iptables, IPTABLES, buffer);
|
||||||
sprintf(iptables_check, IPTABLES_CHECK, buffer);
|
//sprintf(iptables_check, IPTABLES_CHECK, buffer);
|
||||||
|
|
||||||
//if (0 != system(iptables_check)) // 调用iptables命令判断是否存在规则, 不存在时再添加规则
|
//if (0 != system(iptables_check)) // 调用iptables命令判断是否存在规则, 不存在时再添加规则
|
||||||
if (0 != show_all_rule(buffer)) // libiptc库判断
|
if (0 != show_all_rule(buffer)) // libiptc库判断
|
||||||
@ -292,7 +293,6 @@ int rule(conf *conf)
|
|||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
// libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
|
// libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
|
||||||
unsigned int destIp;
|
unsigned int destIp;
|
||||||
inet_pton(AF_INET, buffer, &destIp);
|
inet_pton(AF_INET, buffer, &destIp);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user