Mercurial > hg > maltfilter
comparison maltfilter @ 53:dc072a56f343
Don't add hits when updating entries from netfilter.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sun, 16 Aug 2009 05:03:19 +0300 |
| parents | 8cfb71b296da |
| children | 19dace24ad46 |
comparison
equal
deleted
inserted
replaced
| 52:8cfb71b296da | 53:dc072a56f343 |
|---|---|
| 551 if (!defined($blocklist{$mip})) { | 551 if (!defined($blocklist{$mip})) { |
| 552 mlog(2, "* $mip appeared in iptables.\n"); | 552 mlog(2, "* $mip appeared in iptables.\n"); |
| 553 $blocklist{$2} = $mdate; | 553 $blocklist{$2} = $mdate; |
| 554 } | 554 } |
| 555 $newlist{$2} = $mdate; | 555 $newlist{$2} = $mdate; |
| 556 update_entry(\%statlist, $mip, -1, "IPTABLES", ""); | 556 update_entry(\%statlist, $mip, -1, "IPTABLES", "", 0); |
| 557 } | 557 } |
| 558 } | 558 } |
| 559 close(STATUS); | 559 close(STATUS); |
| 560 | 560 |
| 561 foreach my $mip (keys %blocklist) { | 561 foreach my $mip (keys %blocklist) { |
| 627 } | 627 } |
| 628 } | 628 } |
| 629 } | 629 } |
| 630 | 630 |
| 631 ### Update one entry of | 631 ### Update one entry of |
| 632 sub update_entry($$$$$) | 632 sub update_entry($$$$$$) |
| 633 { | 633 { |
| 634 my ($struct, $mip, $mdate, $mclass, $mreason) = @_; | 634 my ($struct, $mip, $mdate, $mclass, $mreason, $addhits) = @_; |
| 635 | 635 |
| 636 my $cnt = $struct->{$mip}{"hits"}++; | 636 if ($addhits) { |
| 637 $struct->{$mip}{"reason"}{$mclass}{"hits"}++; | 637 $struct->{$mip}{"hits"}++; |
| 638 $struct->{$mip}{"reason"}{$mclass}{"hits"}++; | |
| 639 } else { | |
| 640 $struct->{$mip}{"hits"} = 1 unless defined($struct->{$mip}{"hits"}); | |
| 641 $struct->{$mip}{"reason"}{$mclass}{"hits"} = 1 unless defined($struct->{$mip}{"reason"}{$mclass}{"hits"}); | |
| 642 } | |
| 638 | 643 |
| 639 if ($reportmode) { | 644 if ($reportmode) { |
| 640 push(@{$struct->{$mip}{"reason"}{$mclass}{"msg"}}, $mreason); | 645 push(@{$struct->{$mip}{"reason"}{$mclass}{"msg"}}, $mreason); |
| 641 } else { | 646 } else { |
| 642 $struct->{$mip}{"reason"}{$mclass}{"msg"} = $mreason; | 647 $struct->{$mip}{"reason"}{$mclass}{"msg"} = $mreason; |
| 654 } | 659 } |
| 655 if (!defined($struct->{$mip}{"reason"}{$mclass}{"date2"}) || $mdate > $struct->{$mip}{"reason"}{$mclass}{"date2"}) { | 660 if (!defined($struct->{$mip}{"reason"}{$mclass}{"date2"}) || $mdate > $struct->{$mip}{"reason"}{$mclass}{"date2"}) { |
| 656 $struct->{$mip}{"reason"}{$mclass}{"date2"} = $mdate; | 661 $struct->{$mip}{"reason"}{$mclass}{"date2"} = $mdate; |
| 657 } | 662 } |
| 658 | 663 |
| 659 return $cnt; | 664 return $struct->{$mip}{"hits"}; |
| 660 } | 665 } |
| 661 | 666 |
| 662 ### Check if given "try count" exceeds treshold and if entry | 667 ### Check if given "try count" exceeds treshold and if entry |
| 663 ### is NOT in Netfilter already, then add it if so. | 668 ### is NOT in Netfilter already, then add it if so. |
| 664 sub check_add_hit($$$$$) | 669 sub check_add_hit($$$$$) |
| 675 return; | 680 return; |
| 676 } | 681 } |
| 677 | 682 |
| 678 # If condition is true, we add to regular statlist | 683 # If condition is true, we add to regular statlist |
| 679 if ($mcond) { | 684 if ($mcond) { |
| 680 $cnt = update_entry(\%statlist, $mip, $mdate, $mclass, $mreason); | 685 $cnt = update_entry(\%statlist, $mip, $mdate, $mclass, $mreason, 1); |
| 681 } else { | 686 } else { |
| 682 # This is an ignored hit (for disabled test), add to ignorelist | 687 # This is an ignored hit (for disabled test), add to ignorelist |
| 683 update_entry(\%ignorelist, $mip, $mdate, $mclass, $mreason); | 688 update_entry(\%ignorelist, $mip, $mdate, $mclass, $mreason, 1); |
| 684 return; | 689 return; |
| 685 } | 690 } |
| 686 | 691 |
| 687 # Check if we have exceeded treshold etc. | 692 # Check if we have exceeded treshold etc. |
| 688 if ($cnt >= $settings{"TRESHOLD"} && check_time1($mdate)) { | 693 if ($cnt >= $settings{"TRESHOLD"} && check_time1($mdate)) { |