不再使用固定栈内存存储非法IP地址,使用堆内存并实时扩大内存。解决非法IP过多问题
This commit is contained in:
parent
f5ac5e76a5
commit
ab042267e5
15
13.txt
Normal file
15
13.txt
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
==10390== Memcheck, a memory error detector
|
||||||
|
==10390== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
|
||||||
|
==10390== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
|
||||||
|
==10390== Command: ./rhost
|
||||||
|
==10390== Parent PID: 367
|
||||||
|
==10390==
|
||||||
|
==10390==
|
||||||
|
==10390== HEAP SUMMARY:
|
||||||
|
==10390== in use at exit: 0 bytes in 0 blocks
|
||||||
|
==10390== total heap usage: 4,295 allocs, 4,295 frees, 417,505 bytes allocated
|
||||||
|
==10390==
|
||||||
|
==10390== All heap blocks were freed -- no leaks are possible
|
||||||
|
==10390==
|
||||||
|
==10390== For lists of detected and suppressed errors, rerun with: -s
|
||||||
|
==10390== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
|
||||||
7
build.sh
7
build.sh
@ -44,7 +44,7 @@ pkg_install()
|
|||||||
yum -y install tmux
|
yum -y install tmux
|
||||||
|
|
||||||
yum -y install bzip2-devel
|
yum -y install bzip2-devel
|
||||||
yum -y install libxslt-devel libxml2-devel msgpack-devel
|
yum -y install libxslt-devel libxml2-devel
|
||||||
|
|
||||||
yum -y install clamav clamav-update clamav-lib clamav-devel json-c-devel pcre2-devel
|
yum -y install clamav clamav-update clamav-lib clamav-devel json-c-devel pcre2-devel
|
||||||
yum -y install iptables-devel libcurl-devel
|
yum -y install iptables-devel libcurl-devel
|
||||||
@ -53,7 +53,10 @@ pkg_install()
|
|||||||
yum -y install centos-release-scl
|
yum -y install centos-release-scl
|
||||||
yum -y install devtoolset-11-gcc
|
yum -y install devtoolset-11-gcc
|
||||||
#source /opt/rh/devtoolset-11/enable #临时
|
#source /opt/rh/devtoolset-11/enable #临时
|
||||||
echo "source /opt/rh/devtoolset-11/enable" >> /etc/profile #永久
|
|
||||||
|
if test "`grep "devtoolset" /etc/profile`" != ""; then
|
||||||
|
echo "source /opt/rh/devtoolset-11/enable" >> /etc/profile #永久
|
||||||
|
fi
|
||||||
source /opt/rh/devtoolset-11/enable
|
source /opt/rh/devtoolset-11/enable
|
||||||
|
|
||||||
freshclam # 更新病毒库(必要)
|
freshclam # 更新病毒库(必要)
|
||||||
|
|||||||
@ -169,4 +169,4 @@
|
|||||||
/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -Wdate-time -D_FORTIFY_SOURCE=2 -I../libclamunrar_iface -fPIC -DPIC -I/usr/include/json-c -I/usr/include/libxml2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o libclamav_internal_utils_la-str.lo `test -f 'str.c' || echo './'`str.c
|
/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -Wdate-time -D_FORTIFY_SOURCE=2 -I../libclamunrar_iface -fPIC -DPIC -I/usr/include/json-c -I/usr/include/libxml2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o libclamav_internal_utils_la-str.lo `test -f 'str.c' || echo './'`str.c
|
||||||
/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -Wdate-time -D_FORTIFY_SOURCE=2 -I../libclamunrar_iface -fPIC -DPIC -I/usr/include/json-c -I/usr/include/libxml2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o libclamav_internal_utils_la-strlcat.lo `test -f 'strlcat.c' || echo './'`strlcat.c
|
/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -Wdate-time -D_FORTIFY_SOURCE=2 -I../libclamunrar_iface -fPIC -DPIC -I/usr/include/json-c -I/usr/include/libxml2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o libclamav_internal_utils_la-strlcat.lo `test -f 'strlcat.c' || echo './'`strlcat.c
|
||||||
/bin/bash ../libtool --tag=CC --mode=link gcc -I../libclamunrar_iface -fPIC -DPIC -I/usr/include/json-c -I/usr/include/libxml2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -static -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -o libclamav_internal_utils.la libclamav_internal_utils_la-conv.lo libclamav_internal_utils_la-crypto.lo libclamav_internal_utils_la-iowrap.lo libclamav_internal_utils_la-others_common.lo libclamav_internal_utils_la-qsort.lo regex/libclamav_internal_utils_la-regcomp.lo regex/libclamav_internal_utils_la-regerror.lo regex/libclamav_internal_utils_la-regexec.lo regex/libclamav_internal_utils_la-regfree.lo regex/libclamav_internal_utils_la-strlcpy.lo libclamav_internal_utils_la-str.lo libclamav_internal_utils_la-strlcat.lo -lssl -lcrypto -lz -lpcre2-8 -lpcre2-8
|
/bin/bash ../libtool --tag=CC --mode=link gcc -I../libclamunrar_iface -fPIC -DPIC -I/usr/include/json-c -I/usr/include/libxml2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -static -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -o libclamav_internal_utils.la libclamav_internal_utils_la-conv.lo libclamav_internal_utils_la-crypto.lo libclamav_internal_utils_la-iowrap.lo libclamav_internal_utils_la-others_common.lo libclamav_internal_utils_la-qsort.lo regex/libclamav_internal_utils_la-regcomp.lo regex/libclamav_internal_utils_la-regerror.lo regex/libclamav_internal_utils_la-regexec.lo regex/libclamav_internal_utils_la-regfree.lo regex/libclamav_internal_utils_la-strlcpy.lo libclamav_internal_utils_la-str.lo libclamav_internal_utils_la-strlcat.lo -lssl -lcrypto -lz -lpcre2-8 -lpcre2-8
|
||||||
/bin/bash ../libtool --tag=CC --mode=link gcc -I../libclamunrar_iface -DHAVE_YARA -DSEARCH_LIBDIR=\"/usr/lib/x86_64-linux-gnu\" -I/usr/include/json-c -I/usr/include/libxml2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -thread-safe -lxml2 -version-info 9:5:0 -no-undefined -Wl,--version-script,../libclamav/libclamav.map -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -o libclamav.la -rpath /usr/lib/x86_64-linux-gnu libclamav_la-matcher-ac.lo libclamav_la-matcher-bm.lo libclamav_la-matcher-hash.lo libclamav_la-matcher.lo libclamav_la-others.lo libclamav_la-readdb.lo libclamav_la-cvd.lo libclamav_la-dsig.lo libclamav_la-scanners.lo libclamav_la-textdet.lo libclamav_la-filetypes.lo libclamav_la-rtf.lo libclamav_la-blob.lo libclamav_la-mbox.lo libclamav_la-message.lo libclamav_la-table.lo libclamav_la-text.lo libclamav_la-ole2_extract.lo libclamav_la-vba_extract.lo libclamav_la-xlm_extract.lo libclamav_la-msexpand.lo libclamav_la-pe.lo libclamav_la-pe_icons.lo libclamav_la-disasm.lo libclamav_la-upx.lo libclamav_la-htmlnorm.lo libclamav_la-libmspack.lo libclamav_la-rebuildpe.lo libclamav_la-petite.lo libclamav_la-wwunpack.lo libclamav_la-unsp.lo libclamav_la-aspack.lo libclamav_la-packlibs.lo libclamav_la-fsg.lo libclamav_la-mew.lo libclamav_la-upack.lo libclamav_la-line.lo libclamav_la-untar.lo libclamav_la-unzip.lo libclamav_la-ooxml.lo libclamav_la-inflate64.lo libclamav_la-special.lo libclamav_la-binhex.lo libclamav_la-is_tar.lo libclamav_la-tnef.lo libclamav_la-autoit.lo libclamav_la-unarj.lo nsis/libclamav_la-bzlib.lo nsis/libclamav_la-nulsft.lo nsis/libclamav_la-infblock.lo libclamav_la-pdf.lo libclamav_la-pdfng.lo libclamav_la-pdfdecode.lo libclamav_la-spin.lo libclamav_la-yc.lo libclamav_la-elf.lo libclamav_la-execs.lo libclamav_la-sis.lo libclamav_la-uuencode.lo libclamav_la-phishcheck.lo libclamav_la-phish_domaincheck_db.lo libclamav_la-phish_whitelist.lo libclamav_la-regex_list.lo libclamav_la-regex_suffix.lo libclamav_la-entconv.lo libclamav_la-hashtab.lo libclamav_la-dconf.lo libclamav_la-lzma_iface.lo libclamav_la-7z_iface.lo 7z/libclamav_la-7zAlloc.lo 7z/libclamav_la-7zBuf.lo 7z/libclamav_la-7zBuf2.lo 7z/libclamav_la-7zCrc.lo 7z/libclamav_la-7zDec.lo 7z/libclamav_la-7zFile.lo 7z/libclamav_la-7zIn.lo 7z/libclamav_la-7zStream.lo 7z/libclamav_la-Bcj2.lo 7z/libclamav_la-Bra.lo 7z/libclamav_la-Bra86.lo 7z/libclamav_la-Lzma2Dec.lo 7z/libclamav_la-LzmaDec.lo 7z/libclamav_la-Ppmd7.lo 7z/libclamav_la-Ppmd7Dec.lo 7z/libclamav_la-Xz.lo 7z/libclamav_la-XzCrc64.lo 7z/libclamav_la-XzDec.lo 7z/libclamav_la-XzIn.lo 7z/libclamav_la-Delta.lo 7z/libclamav_la-BraIA64.lo 7z/libclamav_la-CpuArch.lo 7z/libclamav_la-7zCrcOpt.lo libclamav_la-explode.lo libclamav_la-textnorm.lo libclamav_la-dlp.lo jsparse/libclamav_la-js-norm.lo libclamav_la-uniq.lo libclamav_la-version.lo libclamav_la-mpool.lo libclamav_la-filtering.lo libclamav_la-fmap.lo libclamav_la-perflogging.lo libclamav_la-bytecode.lo libclamav_la-bytecode_vm.lo libclamav_la-cpio.lo libclamav_la-macho.lo libclamav_la-ishield.lo libclamav_la-bytecode_api.lo libclamav_la-bytecode_api_decl.lo libclamav_la-cache.lo libclamav_la-bytecode_detect.lo libclamav_la-events.lo libclamav_la-adc.lo libclamav_la-dmg.lo libclamav_la-xar.lo libclamav_la-xdp.lo libclamav_la-mbr.lo libclamav_la-gpt.lo libclamav_la-apm.lo libclamav_la-partition_intersection.lo libclamav_la-json_api.lo libclamav_la-xz_iface.lo libclamav_la-sf_base64decode.lo libclamav_la-hfsplus.lo libclamav_la-swf.lo libclamav_la-gif.lo libclamav_la-jpeg.lo libclamav_la-png.lo libclamav_la-iso9660.lo libclamav_la-arc4.lo libclamav_la-rijndael.lo libclamav_la-crtmgr.lo libclamav_la-asn1.lo libclamav_la-fpu.lo libclamav_la-stats.lo libclamav_la-www.lo libclamav_la-stats_json.lo libclamav_la-hostid_internal.lo libclamav_la-openioc.lo libclamav_la-msdoc.lo libclamav_la-matcher-pcre.lo libclamav_la-regex_pcre.lo libclamav_la-msxml.lo libclamav_la-msxml_parser.lo libclamav_la-tiff.lo libclamav_la-hwp.lo lzw/libclamav_la-lzwdec.lo libclamav_la-matcher-byte-comp.lo libclamav_la-egg.lo libclamav_la-yara_arena.lo libclamav_la-yara_compiler.lo libclamav_la-yara_exec.lo libclamav_la-yara_hash.lo libclamav_la-yara_grammar.lo libclamav_la-yara_lexer.lo libclamav_la-yara_parser.lo -lssl -lcrypto -lz -ljson-c -lpcre2-8 -lbz2 -lz -lltdl -lxml2 -lmspack libclamav_nocxx.la libclamav_internal_utils.la -lpthread -lm -ltfm -lpcre2-8
|
/bin/bash ../libtool --tag=CC --mode=link gcc -I../libclamunrar_iface -DHAVE_YARA -DSEARCH_LIBDIR=\"/usr/lib/\" -I/usr/include/json-c -I/usr/include/libxml2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -thread-safe -lxml2 -version-info 9:5:0 -no-undefined -Wl,--version-script,../libclamav/libclamav.map -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -o libclamav.la -rpath /usr/lib/ libclamav_la-matcher-ac.lo libclamav_la-matcher-bm.lo libclamav_la-matcher-hash.lo libclamav_la-matcher.lo libclamav_la-others.lo libclamav_la-readdb.lo libclamav_la-cvd.lo libclamav_la-dsig.lo libclamav_la-scanners.lo libclamav_la-textdet.lo libclamav_la-filetypes.lo libclamav_la-rtf.lo libclamav_la-blob.lo libclamav_la-mbox.lo libclamav_la-message.lo libclamav_la-table.lo libclamav_la-text.lo libclamav_la-ole2_extract.lo libclamav_la-vba_extract.lo libclamav_la-xlm_extract.lo libclamav_la-msexpand.lo libclamav_la-pe.lo libclamav_la-pe_icons.lo libclamav_la-disasm.lo libclamav_la-upx.lo libclamav_la-htmlnorm.lo libclamav_la-libmspack.lo libclamav_la-rebuildpe.lo libclamav_la-petite.lo libclamav_la-wwunpack.lo libclamav_la-unsp.lo libclamav_la-aspack.lo libclamav_la-packlibs.lo libclamav_la-fsg.lo libclamav_la-mew.lo libclamav_la-upack.lo libclamav_la-line.lo libclamav_la-untar.lo libclamav_la-unzip.lo libclamav_la-ooxml.lo libclamav_la-inflate64.lo libclamav_la-special.lo libclamav_la-binhex.lo libclamav_la-is_tar.lo libclamav_la-tnef.lo libclamav_la-autoit.lo libclamav_la-unarj.lo nsis/libclamav_la-bzlib.lo nsis/libclamav_la-nulsft.lo nsis/libclamav_la-infblock.lo libclamav_la-pdf.lo libclamav_la-pdfng.lo libclamav_la-pdfdecode.lo libclamav_la-spin.lo libclamav_la-yc.lo libclamav_la-elf.lo libclamav_la-execs.lo libclamav_la-sis.lo libclamav_la-uuencode.lo libclamav_la-phishcheck.lo libclamav_la-phish_domaincheck_db.lo libclamav_la-phish_whitelist.lo libclamav_la-regex_list.lo libclamav_la-regex_suffix.lo libclamav_la-entconv.lo libclamav_la-hashtab.lo libclamav_la-dconf.lo libclamav_la-lzma_iface.lo libclamav_la-7z_iface.lo 7z/libclamav_la-7zAlloc.lo 7z/libclamav_la-7zBuf.lo 7z/libclamav_la-7zBuf2.lo 7z/libclamav_la-7zCrc.lo 7z/libclamav_la-7zDec.lo 7z/libclamav_la-7zFile.lo 7z/libclamav_la-7zIn.lo 7z/libclamav_la-7zStream.lo 7z/libclamav_la-Bcj2.lo 7z/libclamav_la-Bra.lo 7z/libclamav_la-Bra86.lo 7z/libclamav_la-Lzma2Dec.lo 7z/libclamav_la-LzmaDec.lo 7z/libclamav_la-Ppmd7.lo 7z/libclamav_la-Ppmd7Dec.lo 7z/libclamav_la-Xz.lo 7z/libclamav_la-XzCrc64.lo 7z/libclamav_la-XzDec.lo 7z/libclamav_la-XzIn.lo 7z/libclamav_la-Delta.lo 7z/libclamav_la-BraIA64.lo 7z/libclamav_la-CpuArch.lo 7z/libclamav_la-7zCrcOpt.lo libclamav_la-explode.lo libclamav_la-textnorm.lo libclamav_la-dlp.lo jsparse/libclamav_la-js-norm.lo libclamav_la-uniq.lo libclamav_la-version.lo libclamav_la-mpool.lo libclamav_la-filtering.lo libclamav_la-fmap.lo libclamav_la-perflogging.lo libclamav_la-bytecode.lo libclamav_la-bytecode_vm.lo libclamav_la-cpio.lo libclamav_la-macho.lo libclamav_la-ishield.lo libclamav_la-bytecode_api.lo libclamav_la-bytecode_api_decl.lo libclamav_la-cache.lo libclamav_la-bytecode_detect.lo libclamav_la-events.lo libclamav_la-adc.lo libclamav_la-dmg.lo libclamav_la-xar.lo libclamav_la-xdp.lo libclamav_la-mbr.lo libclamav_la-gpt.lo libclamav_la-apm.lo libclamav_la-partition_intersection.lo libclamav_la-json_api.lo libclamav_la-xz_iface.lo libclamav_la-sf_base64decode.lo libclamav_la-hfsplus.lo libclamav_la-swf.lo libclamav_la-gif.lo libclamav_la-jpeg.lo libclamav_la-png.lo libclamav_la-iso9660.lo libclamav_la-arc4.lo libclamav_la-rijndael.lo libclamav_la-crtmgr.lo libclamav_la-asn1.lo libclamav_la-fpu.lo libclamav_la-stats.lo libclamav_la-www.lo libclamav_la-stats_json.lo libclamav_la-hostid_internal.lo libclamav_la-openioc.lo libclamav_la-msdoc.lo libclamav_la-matcher-pcre.lo libclamav_la-regex_pcre.lo libclamav_la-msxml.lo libclamav_la-msxml_parser.lo libclamav_la-tiff.lo libclamav_la-hwp.lo lzw/libclamav_la-lzwdec.lo libclamav_la-matcher-byte-comp.lo libclamav_la-egg.lo libclamav_la-yara_arena.lo libclamav_la-yara_compiler.lo libclamav_la-yara_exec.lo libclamav_la-yara_hash.lo libclamav_la-yara_grammar.lo libclamav_la-yara_lexer.lo libclamav_la-yara_parser.lo -lssl -lcrypto -lz -ljson-c -lpcre2-8 -lbz2 -lz -lltdl -lxml2 -lmspack libclamav_nocxx.la libclamav_internal_utils.la -lpthread -lm -ltfm -lpcre2-8
|
||||||
|
|||||||
83
rhost.c
83
rhost.c
@ -287,20 +287,21 @@ int rule(conf * conf)
|
|||||||
char whitelist_ip[WHITELIST_IP_NUM][WHITELIST_IP_NUM] = { { 0 }, { 0 } };
|
char whitelist_ip[WHITELIST_IP_NUM][WHITELIST_IP_NUM] = { { 0 }, { 0 } };
|
||||||
char region_list[WHITELIST_IP_NUM][WHITELIST_IP_NUM] = { { 0 }, { 0 } };
|
char region_list[WHITELIST_IP_NUM][WHITELIST_IP_NUM] = { { 0 }, { 0 } };
|
||||||
|
|
||||||
char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER];
|
char p_two[2], *command, *splice_command, *temp, buffer[BUFFER], awk[BUFFER];
|
||||||
FILE *fp, *fc;
|
FILE *fp, *fc;
|
||||||
time_t timep;
|
time_t timep;
|
||||||
struct tm *tp;
|
struct tm *tp;
|
||||||
|
long int ip_length = 1;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
fp = NULL;
|
fp = NULL;
|
||||||
fc = NULL;
|
fc = NULL;
|
||||||
timep = time(NULL);
|
timep = time(NULL);
|
||||||
tp = localtime(&timep);
|
tp = localtime(&timep);
|
||||||
memset(splice_command, 0, LONG_BUFFER);
|
|
||||||
memset(command, 0, LONG_BUFFER);
|
|
||||||
memset(buffer, 0, BUFFER);
|
memset(buffer, 0, BUFFER);
|
||||||
memset(awk, 0, BUFFER);
|
memset(awk, 0, BUFFER);
|
||||||
|
memset(p_two, 0, 2);
|
||||||
|
|
||||||
|
|
||||||
if (DEBISN_SYSTEM == check_system()) // Debian 系统规则
|
if (DEBISN_SYSTEM == check_system()) // Debian 系统规则
|
||||||
@ -310,7 +311,7 @@ int rule(conf * conf)
|
|||||||
if ((fp = popen(GE_10, "r")) == NULL)
|
if ((fp = popen(GE_10, "r")) == NULL)
|
||||||
{
|
{
|
||||||
perror("GE_10");
|
perror("GE_10");
|
||||||
return 1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -318,7 +319,7 @@ int rule(conf * conf)
|
|||||||
if ((fp = popen(LE_10, "r")) == NULL)
|
if ((fp = popen(LE_10, "r")) == NULL)
|
||||||
{
|
{
|
||||||
perror("LE_10");
|
perror("LE_10");
|
||||||
return 1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -329,7 +330,7 @@ int rule(conf * conf)
|
|||||||
if ((fp = popen(CENTOS_GE_10, "r")) == NULL)
|
if ((fp = popen(CENTOS_GE_10, "r")) == NULL)
|
||||||
{
|
{
|
||||||
perror("CENTOS_GE_10");
|
perror("CENTOS_GE_10");
|
||||||
return 1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -337,30 +338,58 @@ int rule(conf * conf)
|
|||||||
if ((fp = popen(CENTOS_LE_10, "r")) == NULL)
|
if ((fp = popen(CENTOS_LE_10, "r")) == NULL)
|
||||||
{
|
{
|
||||||
perror("CENTOS_LE_10");
|
perror("CENTOS_LE_10");
|
||||||
return 1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
||||||
return UNKNOWN_SYSTEM;
|
return UNKNOWN_SYSTEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
splice_command = (char *)malloc(ip_length);
|
||||||
|
if (splice_command == NULL) {
|
||||||
|
free(splice_command);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
memset(splice_command, 0, ip_length);
|
||||||
|
|
||||||
|
|
||||||
while (fgets(buffer, BUFFER, fp) != NULL)
|
while (fgets(buffer, BUFFER, fp) != NULL)
|
||||||
{
|
{
|
||||||
|
char *new_splice_command;
|
||||||
|
|
||||||
temp = strstr(buffer, "rhost");
|
temp = strstr(buffer, "rhost");
|
||||||
sscanf(temp, "rhost=%s", temp);
|
sscanf(temp, "rhost=%s", temp);
|
||||||
if (atoi(strncpy(p, temp, 1)) > 0)
|
if (atoi(strncpy(p_two, temp, 1)) > 0)
|
||||||
{
|
{
|
||||||
|
ip_length += strlen(temp)+1;
|
||||||
|
|
||||||
|
new_splice_command = (char *)realloc(splice_command, ip_length + 32);
|
||||||
|
if (new_splice_command == NULL) {
|
||||||
|
free(splice_command);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
splice_command = new_splice_command;
|
||||||
|
|
||||||
strcat(splice_command, temp);
|
strcat(splice_command, temp);
|
||||||
strcat(splice_command, "\n");
|
strcat(splice_command, "\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
printf("%s", splice_command); // 打印所有非法IP
|
printf("%s", splice_command); // 打印所有非法IP
|
||||||
|
//printf("%ld\n", ip_length);
|
||||||
|
|
||||||
|
command = (char *)malloc(ip_length + BUFFER);
|
||||||
|
if (command == NULL) {
|
||||||
|
free(command);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(command, 0, ip_length + BUFFER);
|
||||||
|
|
||||||
|
|
||||||
sprintf(awk, AWK, conf->REFUSE_NUMBER); // 拼接命令
|
sprintf(awk, AWK, conf->REFUSE_NUMBER); // 拼接命令
|
||||||
strcpy(command, "echo \"");
|
strcpy(command, "echo \"");
|
||||||
@ -368,11 +397,20 @@ int rule(conf * conf)
|
|||||||
strcat(command, "\"");
|
strcat(command, "\"");
|
||||||
strcat(command, awk);
|
strcat(command, awk);
|
||||||
|
|
||||||
|
|
||||||
if ((fc = popen(command, "r")) == NULL) // 执行命令
|
if ((fc = popen(command, "r")) == NULL) // 执行命令
|
||||||
{
|
{
|
||||||
perror("popen command");
|
perror("popen command");
|
||||||
return 1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (splice_command != NULL) {
|
||||||
|
free(splice_command);
|
||||||
|
}
|
||||||
|
if (command != NULL) {
|
||||||
|
free(command);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
while (fgets(buffer, BUFFER, fc) != NULL) // 执行命令后, 为空时就不会
|
while (fgets(buffer, BUFFER, fc) != NULL) // 执行命令后, 为空时就不会
|
||||||
{
|
{
|
||||||
@ -407,6 +445,7 @@ int rule(conf * conf)
|
|||||||
//printf("%s\n", URL);
|
//printf("%s\n", URL);
|
||||||
|
|
||||||
location_json = GET_PUBLIC_IP(URL);
|
location_json = GET_PUBLIC_IP(URL);
|
||||||
|
|
||||||
if (NULL == location_json)
|
if (NULL == location_json)
|
||||||
{
|
{
|
||||||
printf("获取IP位置错误!\n");
|
printf("获取IP位置错误!\n");
|
||||||
@ -415,12 +454,20 @@ int rule(conf * conf)
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
p = strstr(location_json, "\"location\"");
|
p = strstr(location_json, "\"location\"");
|
||||||
|
if (p == NULL) {
|
||||||
|
printf("解析IP位置错误!\n");
|
||||||
|
goto BLOCKED;
|
||||||
|
}
|
||||||
|
|
||||||
p1 = strstr(p, "\",");
|
p1 = strstr(p, "\",");
|
||||||
|
if (p1 == NULL) {
|
||||||
|
printf("解析IP位置错误!\n");
|
||||||
|
goto BLOCKED;
|
||||||
|
}
|
||||||
|
|
||||||
memset(temp, 0, BUFFER);
|
memset(temp, 0, BUFFER);
|
||||||
memcpy(temp, p + 12, p1 - p - 12);
|
memcpy(temp, p + 12, p1 - p - 12);
|
||||||
location = remove_space(temp);
|
location = remove_space(temp);
|
||||||
printf("%s\n", location );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(iplocation, 0, BUFFER);
|
memset(iplocation, 0, BUFFER);
|
||||||
@ -431,11 +478,6 @@ int rule(conf * conf)
|
|||||||
|
|
||||||
printf("%s\n", iplocation );
|
printf("%s\n", iplocation );
|
||||||
|
|
||||||
if (location != NULL)
|
|
||||||
free(location);
|
|
||||||
if (location_json != NULL)
|
|
||||||
free(location_json);
|
|
||||||
|
|
||||||
// 地域白名单
|
// 地域白名单
|
||||||
if (conf->REGION == 1)
|
if (conf->REGION == 1)
|
||||||
{
|
{
|
||||||
@ -475,7 +517,12 @@ BLOCKED:
|
|||||||
inet_pton(AF_INET, buffer, &srcIp);
|
inet_pton(AF_INET, buffer, &srcIp);
|
||||||
iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1);
|
iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if (location != NULL)
|
||||||
|
free(location);
|
||||||
|
if (location_json != NULL)
|
||||||
|
free(location_json);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -615,7 +662,7 @@ int main(int argc, char *argv[], char **env)
|
|||||||
signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号
|
signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号
|
||||||
|
|
||||||
// 更新病毒库
|
// 更新病毒库
|
||||||
update_freshclam(argc, argv);
|
//update_freshclam(argc, argv);
|
||||||
|
|
||||||
|
|
||||||
int pid;
|
int pid;
|
||||||
|
|||||||
2
rhost.h
2
rhost.h
@ -91,7 +91,7 @@ void cron_free(void* p)
|
|||||||
#define UNKNOWN_SYSTEM 3
|
#define UNKNOWN_SYSTEM 3
|
||||||
|
|
||||||
#define BUFFER 1024
|
#define BUFFER 1024
|
||||||
#define LONG_BUFFER 1024*100
|
#define LONG_BUFFER 1024*1000
|
||||||
#define ARGS_NUM 20
|
#define ARGS_NUM 20
|
||||||
#define WHITELIST_IP_NUM 1024
|
#define WHITELIST_IP_NUM 1024
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user