int set_sock_addr(char *host,union sock_addr *s, char **name) { struct addrinfo *addrResult; struct addrinfo hints; int err; memset(&hints, 0, sizeof(hints)); hints.ai_family = s->sa.sa_family; hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG; hints.ai_socktype = SOCK_DGRAM; hints.ai_protocol = IPPROTO_UDP; err = getaddrinfo(strip_address(host), NULL, &hints, &addrResult); if (err) return err; if (addrResult == NULL) return EAI_NONAME; memcpy(s, addrResult->ai_addr, addrResult->ai_addrlen); if (name) { if (addrResult->ai_canonname) *name = xstrdup(addrResult->ai_canonname); else *name = xstrdup(host); } freeaddrinfo(addrResult); return 0; }
void score(redisContext *context) { int i, score; redisReply *suspects; redisCommand(context, "DEL offenders"); suspects = redisCommand(context, "KEYS *:detected"); if (suspects && suspects->type == REDIS_REPLY_ARRAY) { for (i = 0; i < suspects->elements; i++) { if (no_action_required(context, strip_address(suspects->element[i]->str))) { continue; } score = total_offenses(context, strip_address(suspects->element[i]->str)); redisCommand(context, "ZINCRBY offenders %d %s", score, strip_address(suspects->element[i]->str)); } freeReplyObject(suspects); } }
void process_simple_smtp_request(struct TCPRECORD *sess, struct TCP_STREAM *to_server, struct NetFrame *frame, const unsigned char *px, unsigned length) { struct FerretEngine *eng = sess->eng; struct Ferret *ferret = eng->ferret; char command[16]; const char *parm; unsigned parm_length; unsigned i; unsigned x; /* IF CLOSING CONNECTION */ if (px == NULL) { return; } frame->layer7_protocol = LAYER7_SMTP; if (to_server->app.smtpreq.is_data) { process_simple_smtp_data(sess, to_server, frame, px, length); return; } /* Remove leading whitespace */ for (i=0; i<length && isspace(px[i]); i++) ; /* Grab command. This means parsing up to the first space * character, or the first ':' character in the case of * mailfrom: or rcptto: */ x=0; again: while (i<length && !isspace(px[i]) && px[i] != ':') { if (x < sizeof(command) -1) { command[x++] = (char)toupper(px[i]); command[x] = '\0'; } i++; } if (i<length && px[i] == ':') i++; /* skip space after command */ while (i<length && isspace(px[i])) i++; if (stricmp(command, "mail")==0 || stricmp(command, "rcpt")==0) { if (i >= length) return; goto again; } SAMPLE(ferret,"SMTP", JOT_SZ("command", command)); /* Grab parm */ parm = (const char*)px+i; x=i; while (i<length && px[i] != '\n') i++; parm_length = i-x; if (parm_length && parm[parm_length-1] == '\n') parm_length--; if (parm_length && parm[parm_length-1] == '\r') parm_length--; JOTDOWN(ferret, JOT_SZ("proto", "SMTP"), JOT_SZ("op", command), JOT_PRINT("parm", parm, parm_length), JOT_SRC("client", frame), JOT_DST("server", frame), 0); /* test parms */ if (stricmp(command, "MAILFROM")==0) { strip_address(&parm, &parm_length); if (sess) smtp_copy(to_server->app.smtpreq.from, parm, parm_length); JOTDOWN(ferret, JOT_SRC("IP", frame), JOT_PRINT("e-mail", parm, parm_length), 0); } if (stricmp(command, "RCPTTO")==0) { strip_address(&parm, &parm_length); if (sess) smtp_copy(to_server->app.smtpreq.to, parm, parm_length); JOTDOWN(ferret, JOT_SRC("IP", frame), JOT_PRINT("friend", parm, parm_length), 0); } if (stricmp(command, "DATA")==0 && sess) { to_server->app.smtpreq.is_data = 1; } if (stricmp(command, "RSET")==0 && sess) { to_server->app.smtpreq.is_data = 0; } }