changeset 79:9095db0fad8f

v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory usage improvements.
author Matti Hamalainen <ccr@tnsp.org>
date Sat, 29 Aug 2009 05:24:31 +0300
parents dfd1a49d1042
children 4e3f87470426
files README maltfilter
diffstat 2 files changed, 17 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/README	Thu Aug 27 21:44:51 2009 +0300
+++ b/README	Sat Aug 29 05:24:31 2009 +0300
@@ -1,4 +1,4 @@
-Malicious Attack Livid Termination Filter daemon (maltfilter) v0.17.2
+Malicious Attack Livid Termination Filter daemon (maltfilter) v0.18.0
 =====================================================================
 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org>
 (C) Copyright 2009 Tecnic Software productions (TNSP)
--- a/maltfilter	Thu Aug 27 21:44:51 2009 +0300
+++ b/maltfilter	Sat Aug 29 05:24:31 2009 +0300
@@ -11,8 +11,9 @@
 use Net::IP;
 use Net::DNS;
 use LWP::UserAgent;
+use IO::Seekable;
 
-my $progversion = "0.17.2";
+my $progversion = "0.18.0";
 my $progbanner =
 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n".
 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n".
@@ -780,9 +781,8 @@
 ### entry types we manage, e.g. filterlist
 sub update_filterlist($)
 {
+  my $first = $_[0];
   return unless ($settings{"FILTER"} > 0);
-  my $first = $_[0];
-  mlog(0, "Updating initial filterlist from netfilter.\n") unless ($first > 0);
 
   $ENV{"PATH"} = "";
   open(STATUS, $settings{"IPTABLES"}." -v -n -L INPUT |") or
@@ -793,12 +793,11 @@
     chomp;
     if (/^\s*(\d+)\s+\d+\s+$settings{"FILTER_TARGET"}\s+all\s+--\s+\*\s+\*\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s*$/) {
       my $mip = $2;
-      my $mdate = time();
       if (!defined($filterlist{$mip})) {
         mlog(2, "* $mip appeared in iptables.\n") unless ($first < 0);
-        $filterlist{$2} = $mdate;
+        $filterlist{$2} = time();
       }
-      $newlist{$2} = $mdate;
+      $newlist{$2} = 1;
       update_entry(\%statlist, $mip, -1, "IPTABLES", "", 0);
     }
   }
@@ -848,12 +847,14 @@
   # Weed blocked entries.
   my @mips = keys %filterlist;
   foreach my $mip (@mips) {
-    if (defined($filterlist{$mip})) {
-      if ($filterlist{$mip} >= 0) {
-        weed_do($mip) unless check_time1($filterlist{$mip});
+    if (defined($statlist{$mip})) {
+      if ($statlist{$mip}{"date2"} >= 0) {
+        weed_do($mip) unless check_time1($statlist{$mip}{"date2"});
       } else {
         weed_do($mip);
       }
+    } elsif (defined($filterlist{$mip})) {
+      weed_do($mip);
     }
   }
   
@@ -1093,21 +1094,21 @@
     my %filepos = ();
     foreach my $filename (keys %filehandles) {
       for ($filepos{$filename} = tell($filehandles{$filename});
-        $_ = <$filehandles{$filename}>;
+        $_ = readline($filehandles{$filename});
         $filepos{$filename} = tell($filehandles{$filename})) {
-        chomp;
+        chomp($_);
         check_log_line($_);
       }
     }
+    sleep(1);
+    foreach my $filename (keys %filehandles) {
+      seek($filehandles{$filename}, $filepos{$filename}, 0);
+    }
     if ($counter < 0 || $counter++ >= 30) {
       # Every once in a while, execute maintenance functions
       $counter = 0;
       malt_maintenance();
     }
-    sleep(1);
-    foreach my $filename (keys %filehandles) {
-      seek($filehandles{$filename}, $filepos{$filename}, 0);
-    }
   }
 }