编译优化
This commit is contained in:
parent
6024acd745
commit
588f5aa26d
3
Makefile
3
Makefile
@ -1,11 +1,12 @@
|
||||
CROSS_COMPILE ?=
|
||||
CC := $(CROSS_COMPILE)gcc
|
||||
CFLAGS += -g -Wall
|
||||
CFLAGS += -O2 -g -Wall
|
||||
LIB += -lcurl -lip4tc
|
||||
OBG = rhost
|
||||
|
||||
all: conf.o rhost.o libiptc.o
|
||||
$(CC) $(CFLAGS) $^ -o $(OBG) $(LIB)
|
||||
chmod +x $(OBG)
|
||||
|
||||
clean:
|
||||
rm -rf *.o
|
||||
|
||||
@ -4,7 +4,11 @@ ssh防止暴力破解,适用Debian 8、9、11 Centos 7
|
||||
支持第三方QQ邮箱告警
|
||||
支持一次运行检测、后台运行检测
|
||||
Debian系统请安装libcurl库和libiptc库
|
||||
<<<<<<< HEAD
|
||||
Centos 7系统请安装libcurl库和iptables-devel库,yum install iptables-devel libcurl-devel
|
||||
=======
|
||||
Centos 7系统请安装libcurl库和iptables-devel库,yum install iptables-devel libcurl-devel
|
||||
>>>>>>> 708af46 (优化)
|
||||
|
||||
|
||||
```
|
||||
|
||||
18
libiptc.c
18
libiptc.c
@ -29,7 +29,7 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4)
|
||||
|
||||
int show_all_rule(char *ipv4)
|
||||
{
|
||||
int r;
|
||||
int r=0;
|
||||
struct xtc_handle *handle;
|
||||
const char *chain = NULL;
|
||||
struct ipt_counters counter;
|
||||
@ -83,7 +83,7 @@ struct ipt_entry_match *get_match(const char *sports, const char *dports, unsign
|
||||
size = IPT_ALIGN(sizeof(*match)) + IPT_ALIGN(sizeof(*udpinfo));
|
||||
match = (struct ipt_entry_match *)calloc(1, size);
|
||||
match->u.match_size = size;
|
||||
strncpy(match->u.user.name, protocol, IPT_FUNCTION_MAXNAMELEN);
|
||||
memmove(match->u.user.name, protocol, IPT_FUNCTION_MAXNAMELEN);
|
||||
|
||||
udpinfo = (struct ipt_udp *)match->data;
|
||||
udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
|
||||
@ -103,10 +103,10 @@ struct ipt_entry_match *get_match(const char *sports, const char *dports, unsign
|
||||
int iptc_add_rule(const char *table, const char *chain, int protocol, const char *iniface, const char *outiface, unsigned int src,
|
||||
unsigned int dest, const char *srcports, const char *destports, const char *target, const char *dnat_to, const int append)
|
||||
{
|
||||
struct xtc_handle *handle;
|
||||
struct ipt_entry *chain_entry;
|
||||
struct xtc_handle *handle = NULL;
|
||||
struct ipt_entry *chain_entry = NULL;
|
||||
struct ipt_entry_match *entry_match = NULL;
|
||||
struct ipt_entry_target *entry_target;
|
||||
struct ipt_entry_target *entry_target = NULL;
|
||||
ipt_chainlabel labelit;
|
||||
long match_size;
|
||||
int result = 0;
|
||||
@ -123,9 +123,9 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char
|
||||
}
|
||||
|
||||
if (iniface)
|
||||
strncpy(chain_entry->ip.iniface, iniface, IFNAMSIZ);
|
||||
memmove(chain_entry->ip.iniface, iniface, IFNAMSIZ);
|
||||
if (outiface)
|
||||
strncpy(chain_entry->ip.outiface, outiface, IFNAMSIZ);
|
||||
memmove(chain_entry->ip.outiface, outiface, IFNAMSIZ);
|
||||
|
||||
chain_entry->ip.proto = protocol;
|
||||
if (IPPROTO_UDP == protocol)
|
||||
@ -138,7 +138,7 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char
|
||||
size = IPT_ALIGN(sizeof(struct ipt_entry_target)) + IPT_ALIGN(sizeof(int));
|
||||
entry_target = (struct ipt_entry_target *)calloc(1, size);
|
||||
entry_target->u.user.target_size = size;
|
||||
strncpy(entry_target->u.user.name, target, IPT_FUNCTION_MAXNAMELEN);
|
||||
memmove(entry_target->u.user.name, target, IPT_FUNCTION_MAXNAMELEN);
|
||||
}
|
||||
if (entry_match) {
|
||||
match_size = entry_match->u.match_size;
|
||||
@ -168,7 +168,7 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char
|
||||
return 1;
|
||||
}
|
||||
|
||||
strncpy(labelit, chain, sizeof(ipt_chainlabel));
|
||||
memmove(labelit, chain, sizeof(ipt_chainlabel));
|
||||
//printf("Chain name:%s\n", chain);
|
||||
result = iptc_is_chain(chain, handle);
|
||||
if (!result) {
|
||||
|
||||
30
rhost.c
30
rhost.c
@ -44,7 +44,7 @@ char *get_public_ip(char *ip)
|
||||
int strReplaceAll(char *str, char *sub, char *replace)
|
||||
{
|
||||
if (NULL == str || NULL == sub || NULL == replace) {
|
||||
printf("strReplaceAll param error\n");
|
||||
printf("strReplaceAll\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -62,19 +62,19 @@ int strReplaceAll(char *str, char *sub, char *replace)
|
||||
while ('\0' != *p) {
|
||||
t = str + str_len;
|
||||
q = strstr(str, sub);
|
||||
if (NULL == q) /* 没有子串了,那么直接返回吧 */
|
||||
if (NULL == q) // 没有子串了直接返回
|
||||
break;
|
||||
|
||||
src = q + sub_len; /* 源头, 原有sub后的一个字符 */
|
||||
dst = q + replace_len; /* 目的,放完replace后的一个字符 */
|
||||
memcpy(dst, src, t - src); /* 原有字符串后移,放出空间 */
|
||||
memcpy(q, replace, replace_len); /* 将replace字符拷贝进来 */
|
||||
src = q + sub_len; // 源头, 原有sub后的一个字符
|
||||
dst = q + replace_len; // 目的,放完replace后的一个字符
|
||||
memcpy(dst, src, t - src); // 原有字符串后移,放出空间
|
||||
memcpy(q, replace, replace_len); // 将replace字符拷贝进来
|
||||
str_len = str_len + replace_len - sub_len;
|
||||
|
||||
p = q + replace_len; /* p 下一轮replace后的一个字符 */
|
||||
p = q + replace_len; // p 下一轮replace后的一个字符
|
||||
}
|
||||
|
||||
str[str_len] = '\0'; /* 通过'\0'表示结尾 */
|
||||
str[str_len] = '\0'; // 通过'\0'表示结尾
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -84,7 +84,6 @@ int dingding_warning(char *illegal_ip, char *public_ip, conf *conf)
|
||||
{
|
||||
FILE *fp;
|
||||
if ((fp = fopen("libcurl_ding.log", "wt+")) == NULL){
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -186,7 +185,9 @@ int QQ_mail_warning(char *illegal_ip, char *public_ip, conf *conf)
|
||||
int rule(conf *conf)
|
||||
{
|
||||
FILE *fp, *fc;
|
||||
char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER], iptables[BUFFER + (sizeof(IPTABLES))], iptables_check[BUFFER + (sizeof(IPTABLES_CHECK))];
|
||||
|
||||
//char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER], iptables[BUFFER + (sizeof(IPTABLES))], iptables_check[BUFFER + (sizeof(IPTABLES_CHECK))];
|
||||
char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER];
|
||||
|
||||
time_t timep;
|
||||
struct tm *tp;
|
||||
@ -196,8 +197,8 @@ int rule(conf *conf)
|
||||
memset(command, 0, LONG_BUFFER);
|
||||
memset(buffer, 0, BUFFER);
|
||||
memset(awk, 0, BUFFER);
|
||||
memset(iptables, 0, BUFFER+(sizeof(IPTABLES)));
|
||||
memset(iptables_check, 0, BUFFER+(sizeof(IPTABLES_CHECK)));
|
||||
//memset(iptables, 0, BUFFER+(sizeof(IPTABLES)));
|
||||
//memset(iptables_check, 0, BUFFER+(sizeof(IPTABLES_CHECK)));
|
||||
fp = NULL;
|
||||
fc = NULL;
|
||||
|
||||
@ -260,8 +261,8 @@ int rule(conf *conf)
|
||||
{
|
||||
|
||||
buffer[strlen(buffer) - 1] = '\0'; // 去除回车
|
||||
sprintf(iptables, IPTABLES, buffer);
|
||||
sprintf(iptables_check, IPTABLES_CHECK, buffer);
|
||||
//sprintf(iptables, IPTABLES, buffer);
|
||||
//sprintf(iptables_check, IPTABLES_CHECK, buffer);
|
||||
|
||||
//if (0 != system(iptables_check)) // 调用iptables命令判断是否存在规则, 不存在时再添加规则
|
||||
if (0 != show_all_rule(buffer)) // libiptc库判断
|
||||
@ -292,7 +293,6 @@ int rule(conf *conf)
|
||||
}
|
||||
*/
|
||||
|
||||
|
||||
// libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
|
||||
unsigned int destIp;
|
||||
inet_pton(AF_INET, buffer, &destIp);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user