retronetworking
/
yate
12
0
Fork 2
Code Issues Pull Requests Projects Releases Wiki Activity

Changed algorithm and default ban limit to accomodate devices that register and subscribe to several resources. 

Made the debugging and ban limit modifiable at runtime.


git-svn-id: http://voip.null.ro/svn/yate@4453 acf43c95-373e-0410-b603-e72c3f656dc1
This commit is contained in:
paulc 2011-06-10 15:06:11 +00:00
parent 7105af44f9
commit 63cfdd5f22
1 changed files with 53 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
share/scripts/banbrutes.php
View File

@ -8,7 +8,7 @@
*/
// How many failures in a row cause a ban
$ban_failures = 5;
$ban_failures = 10;
// In how many seconds to clear a gray host
$clear_gray = 10;
// In how many seconds to clear a blacklisted host
@ -21,7 +21,7 @@ $cmd_unban = "iptables -D INPUT -s \$addr -j DROP";
require_once("libyate.php");
$banHelp = " banbrutes [unban address]\r\n";
$banHelp = " banbrutes [list|unban address|debug on/off|failures NN]\r\n";
$hosts = array();
@ -39,8 +39,10 @@ class Host
function success()
{
if ($this->fail > 0)
if ($this->fail > 0) {
$this->fail = 0;
$this->when = time() + 2;
}
}
function failed()
@ -48,11 +50,11 @@ class Host
global $ban_failures;
global $clear_gray;
global $clear_black;
if ($this->fail <= 0)
if ($this->fail < 0)
return false;
$this->fail++;
if ($this->fail >= $ban_failures) {
$this->fail = 0;
$this->fail = -1;
$this->when = time() + $clear_black;
return true;
}
@ -62,7 +64,7 @@ class Host
function banned()
{
return $this->fail <= 0;
return $this->fail < 0;
}
function timer($now)
@ -116,8 +118,21 @@ function onTimer()
function onCommand($l,&$retval)
{
global $hosts;
global $ban_failures;
global $cmd_unban;
if ($l == "banbrutes") {
$gray = 0;
$banned = 0;
foreach ($hosts as &$host) {
if ($host->banned())
$banned++;
else
$gray++;
}
$retval = "failures=${ban_failures},banned=${banned},gray=${gray}\r\n";
return true;
}
else if ($l == "banbrutes list") {
$retval = "";
$now = time();
foreach ($hosts as $addr => &$host) {
@ -133,7 +148,7 @@ function onCommand($l,&$retval)
$retval .= "\r\n";
return true;
}
if (strpos($l,"banbrutes unban ") === 0) {
else if (strpos($l,"banbrutes unban ") === 0) {
$addr = substr($l,16);
if (isset($hosts[$addr])) {
if ($hosts[$addr]->banned()) {
@ -152,6 +167,28 @@ function onCommand($l,&$retval)
$retval = "Not banned: $addr\r\n";
return true;
}
else if (strpos($l,"banbrutes failures ") === 0) {
$fail = 1 * substr($l,19);
if ($fail > 1 && $fail <= 1000) {
$ban_failures = $fail;
return true;
}
}
else if (strpos($l,"banbrutes debug ") === 0) {
$dbg = substr($l,16);
switch ($dbg) {
case "true":
case "yes":
case "on":
Yate::Debug(true);
return true;
case "false":
case "no":
case "off":
Yate::Debug(false);
return true;
}
}
return false;
}
@ -171,14 +208,22 @@ function onComplete(&$ev,$l,$w)
oneCompletion($ev->retval,"banbrutes",$w);
else if ($l == "help")
oneCompletion($ev->retval,"banbrutes",$w);
else if ($l == "banbrutes")
else if ($l == "banbrutes") {
oneCompletion($ev->retval,"list",$w);
oneCompletion($ev->retval,"unban",$w);
oneCompletion($ev->retval,"debug",$w);
oneCompletion($ev->retval,"failures",$w);
}
else if ($l == "banbrutes unban") {
foreach ($hosts as $addr => &$host) {
if ($host->banned())
oneCompletion($ev->retval,$addr,$w);
}
}
else if ($l == "banbrutes debug") {
oneCompletion($ev->retval,"on",$w);
oneCompletion($ev->retval,"off",$w);
}
}
function onHelp($l,&$retval)