[people/stevee/guardian.git] / modules / Events.pm

package Guardian::Events;
use strict;
use warnings;

use Exporter qw(import);

our @EXPORT_OK = qw(Init CheckAction GenerateIgnoreList Update);

# Hash which stores all supported commands from the queue.
my %commands = (
	'count' => \&Counter,
	'block' => \&CallBlock,
	'unblock' => \&CallUnblock,
	'flush' => \&CallFlush,
	'reload' => \&main::Reload,
	'reload-ignore-list' => \&main::ReloadIgnoreList,
	'logrotate' => \&main::Logrotate,
);

# Hash to store addresses and their current count.
my %counthash = ();

# Hash to store all currentyl blocked addresses and a timestamp
# when the block for this address can be released.
my %blockhash = ();

# Hash to store user-defined IP addresses and/or subnets which should be
# ignored in case any events should be repored for them. 
my %ignorehash = ();

# Array to store localhost related IP addresses.
# They are always white-listed to prevent guardian from blocking
# any local traffic.
my @localhost_addresses = ("127.0.0.1", "::1");

# This object will contain the reference to the logger object after calling Init.
my $logger;

#
## The "Init" (Block) function.
#
## This function is responsible to initialize Block as a class based object.
## It has to be called once before any blocking event can be processed.
#
## The following arguments must be passed, during initialization:
## "BlockCount" and "BlockTime" which both have to be natural numbers.
#
sub Init (%) {
	my ( $class, %args ) = @_;
	my $self = \%args;

	# Fail, if some critical arguments are missing.
	unless ((exists($self->{BlockCount})) && (exists($self->{BlockTime}))) {
		die "Could not initialize Block: Too less arguments are given.\n";
	}

	# Use bless to make "$self" to an object of class "$class".
	bless($self, $class);

	# Assign logger object.
	$logger = $self->{Logger};

	# Log used firewall engine.
	$logger->Log("debug", "Using firewall engine: $self->{FirewallEngine}");

	# Try to load the specified firewall engine or die.
	my $module_name = "Guardian::" . $self->{FirewallEngine};
	eval "use $module_name; 1" or die "Could not load a module for firewall engine: $self->{FirewallEngine}!";

	# Check if an IgnoreFile has been configured.
	if (exists($self->{IgnoreFile})) {
		# Call function to handle the ignore mechanism.
	 	&GenerateIgnoreList($self->{IgnoreFile});
	} else {
		# Whitelist local addresses.
		%ignorehash = &_whitelist_localhost();
	}

	# Return the class object.
	return $self;
}

#
## The main "CheckAction" function.
#
## This function is used to handle each recived event from the main event queue of guardian.
#
## It will check if the given command is valid and will pass it to the responsible function.
#
sub CheckAction ($$) {
	my $self = shift;
	my @event = split(/ /, $_[0], 4);
	my ($command, $address, $module, $message) = @event;

	# Check if we got an invalid command.
	unless(exists($commands{$command})) {
                $logger->Log("err", "The CheckAction function has been called with an unsupported command ($command)!");
                return;
        }

	# Check if the given event contains an address.
	if ($address) {
		# Convert and validate the given address.
		my $bin_address = &Guardian::Base::IPOrNet2Int($address);

		# Abort if the given address could not be converted because it is not valid.
		unless ($bin_address) {
			$logger->Log("err", "Invalid IP address: $address");
			return;
		}

		# Check if address should be ignored.
		if(&_IsOnIgnoreList($bin_address)) {
			# Log message.
			$logger->Log("info", "Ignoring event for $address, because it is part of the ignore list.");
			return;
		}
	}

	# Call required handler.
	my $error = $commands{$command}->($self, $address, $module, $message);

	# If we got any return code, something went wrong and should be logged.
	if ($error) {
		$logger->Log("err", "Got error: $error");
		return;
	}
}

#
## The main "Counter" function.
#
## This function is used to handle each count message + address, which has been sent by the main event
## loop of guardian.
#
## It stores the address and the current count into the counthash and increase the count each time when
## the same address should be counted again. When the current count reaches the configured BlockCount,
## the responsible function will be called to block the address.
#
sub Counter ($@) {
	my $self = shift;
	my ($address, $module, $message) = @_;

	# Log event.
	$logger->Log("debug", "$module reported $message for address: $address");

	# Increase existing count or start counting for new source addresses.
	if (exists($counthash{$address})) {
		# Skip already blocked addresses.
		if (exists($blockhash{$address})) {
			return undef;
		}

		# Increase count of the existing entry.
		$counthash{$address} = $counthash{$address} + 1;

		# Log altered count of the address.
		$logger->Log("debug", "Source $address now has count $counthash{$address}/$self->{BlockCount}...");
	} else {
		# Log that counting for the address has been started.
		$logger->Log("debug", "Start counting for $address...");

		# Set count to "1".
		$counthash{$address} = 1;
	}

	# Check if the address has reached the configured count limit.
	if ($counthash{$address} >= $self->{BlockCount}) {
		# Write out log message.
		$logger->Log("info", "Blocking $address for $self->{BlockTime} seconds...");

		# Call block subroutine to block the address.
		my $error = &CallBlock($self, $address, $module, $message);

		# Return the message if an error occurs.
		return $error;
	}

	# Everything worked well, return nothing.
	return undef;
}

#
## The RemoveBlocks function.
#
## This function periodly will be called and is responsible for releasing the block if the Blocktime
## on an address has expired.
#
## To do this, the code will loop through all entries of the blockhash and check
## if the estimiated BlockTime of each address has reached and so the block can be released.
#
sub RemoveBlocks () {
	my $self = shift;

	# Get the current time.
	my $time = time();

	# Loop through the blockhash.
	foreach my $address (keys %blockhash) {
		# Check if the blocktime for the address has expired.
		if ($blockhash{$address} <= $time) {
			# Call unblock subroutine.
			my $error = &CallUnblock($self, $address, "BlockTime", "has expired for $address");

			# Log error messages if returned.
			if ($error) {
				$logger->Log("err", "$error");
			}
		}
	}

	# Everything okay, return nothing.
	return undef;
}

#
## The CallBlock function.
#
## This function is called, if the BlockCount for an address is reached or a direct
## request for blocking an address has been recieved.
#
sub CallBlock ($@) {
	my $self = shift;
	my ($address, $module, $message) = @_;

	# Log the call for blocking an address.
	$logger->Log("info", "$module - $message");

	# Check if an entry for this address exists
	# in the blockhash. If not, the address has
	# not been blocked yet, call the responisible
	# function to do this now.
	unless (exists($blockhash{$address})) {
		# Obtain the configured FirewallAction.
		my $action = $self->{FirewallAction};

		# Block the given address.
		my $error = &DoBlock($address, $action);

		# If we got back an error message something went wrong.
		if ($error) {
			# Exit function and return the used FirewallEngine and the error message.
			return "$self->{FirewallEngine} - $error";
		} else {
			# Address has been successfully blocked, print a log message.
			$logger->Log("debug", "Address $address successfully has been blocked...");
		}
	}

	# Generate time when the block will expire.
	my $expire = time() + $self->{BlockTime};

	# Store the blocked address and the expire time
	# in the blockhash.
	$blockhash{$address} = $expire;

	# Return nothing "undef" if everything is okay.
	return undef;
}

#
## CallUnblock function.
#
## This function is responsible for unblocking and deleting a given
## address from the blockhash.
#
sub CallUnblock ($) {
	my $self = shift;
	my ($address, $module, $message) = @_;

	# Log the call for unblocking an address.
	$logger->Log("info", "$module - $message");

	# Return an error if no entry for the given address
	# is present in the blockhash.
	unless (exists($blockhash{$address})) {
		return "Address $address was not blocked!";
	}

	# Unblock the address.
	my $error = &DoUnblock($address);

	# If an error message is returned, something went wrong.
	if ($error) {
		# Exit function and return the error message.
		return $error;
	} else {
		# Address successfully has been unblocked.
		$logger->Log("debug", "Address $address successfully has been unblocked...");
	}

	# Drop address from blockhash.
	delete ($blockhash{$address});

	# Everything worked well, return nothing.
	return undef;
}

#
## CallFlush function.
#
## This function is responsible for calling the used firewall
## engine to do a flush of the used firewall chain. This will
## clean the entire firewall chain.
#
sub CallFlush ($) {
	my $self = shift;

	# Log the call for flushing.
	$logger->Log("info", "Flush has been called...");

	# Call flush.
	my $error = &DoFlush();

	# If an error message is returned, something went wrong.
	if ($error) {
		# Exit function and return the error message.
		return $error;
	} else {
		# Flush successfully has been performed.
		$logger->Log("debug", "Flush successfully has been performed...");
	}

	# Flush blockhash.
	%blockhash = ();

	# Everything worked well, return nothing.
	return undef;
}

#
## GenerateIgnoreList function.
#
## This function is responsible for generating/updating the
## IgnoreHash which contains all ignored IP addresses and
## networks.
#
sub GenerateIgnoreList($) {
	my $file = shift;
	my @include_files;

	# Reset current ignore hash and add
	# localhost related IP addresses.
	%ignorehash = &_whitelist_localhost();

	# Check if the given IgnoreFile could be opened.
	unless(-e $file) {
		$logger->Log("err", "The configured IgnoreFile \($file\) could not be opened. Skipped!");
		return;
	}

	# Open the given IgnoreFile.
	open (IGNORE, $file);

	# Read-in the file line by line.
	while (<IGNORE>) {
		# Skip comments.
		next if (/\#/);

		# Skip blank lines.
		next if (/^\s*$/);

		# Remove any newlines.
		chomp;

		# Check for an include instruction.
		if ($_ =~ /^Include_File = (.*)/) {
			my $include_file = $1;

			# Check if the parsed include file exists and is read-able.
			if (-e $include_file) {
				# Add file to the array of files wich will be included.
				push(@include_files, $include_file);

				# Write out log message.
				$logger->Log("debug", "Addresses from $include_file will be included...");
			} else {
				# Log missing file.
				$logger->Log("err", "$include_file will not be included. File does not exist!");
			}
		} else {
			# Check if the line contains a valid single address or network and
			# convert it into binary format. Store the result/start and
			# end values in a temporary array.
			my @values = &Guardian::Base::IPOrNet2Int($_);

			# If the function returned any values, the line contained a valid
			# single address or network which successfully has been converted into
			# binary format.
			if (@values) {
				# Assign the array as value to the ignorehash.
				$ignorehash{$_} = [@values];
			} else {
				# Log invalid entry.
				$logger->Log("err", "IgnoreFile contains an invalid address/network: $_");

				# Skip line.
				next;
			}
		}
	}

	# Close filehandle for the IgnoreFile.
	close (IGNORE);

	# Check if any files should be included.
	if (@include_files) {
		# Loop through the array of files which should be included.
		foreach my $file (@include_files) {
			# Open the file.
			open(INCLUDE, $file);

			# Read-in file line by line.
			while(<INCLUDE>) {
				# Skip any comments.
				next if (/\#/);

				# Skip any blank lines.
				next if (/^\s*$/);

				# Chomp any newlines.
				chomp;

				# Check if the line contains a valid single address or network and
				# convert it into binary format. Store the result/start and
				# end values in a temporary array.
				my @values = &Guardian::Base::IPOrNet2Int($_);

				# If the function returned any values, the line contained a valid
				# single address or network which successfully has been converted into
				# binary format.
				if (@values) {
					# Assign the array as value to the ignorehash.
					$ignorehash{$_} = [@values];
				} else {
					# Log invalid entry.
					$logger->Log("err", "$file contains an invalid address/network: $_");

					# Skip line.
					next;
				}
			}

			# Close filehandle.
			close(INCLUDE);
		}
	}

	# Get amount of current elements in hash.
	my $amount = scalar(keys(%ignorehash));

	# Write out log message.
	$logger->Log("debug", "Ignore list currently contains $amount entries.");
}

#
## Private function to check if an address is part of the Ignore Hash.
#
## This function checks if a passed IP address in binary format (!),
## directly or as part of an ignored network is stored in the ignore hash.
#
sub _IsOnIgnoreList ($) {
	my $bin_address = shift;

	# Loop through the ignore hash and grab the stored values.
	foreach my $key ( keys %ignorehash ) {
		# Dereference values array.
		my @values = @{$ignorehash{$key}};

		# Obtain amount of items for the current value array.
		my $items = scalar @values;

		# Whether the amount equals one, the given binary address just
		# needs to be compared against a single address.
		if ($items eq "1") {
			my ($ignored_address) = @values;

			# Simple check if the stored and the given binary address
			# are the same.
			if ($bin_address eq $ignored_address) {
				# The given address is part of the ignore list.
				$logger->Log("debug", "Address $key found on the ignore list.");

				# Return "1" (True).
				return 1;
			}
		}

		# If the amount equals two, for passed binary address needs to
		# be checked if it is part of the ignored network range.
		elsif ($items eq "2") {
			my ($first_address, $last_address) = @values;

			# Check if the passed binary address is bigger than
			# the first address and smaler than the last address
			# (between) the stored network range.
			if (($bin_address >= $first_address) && ($bin_address <= $last_address)) {
				# The address is part of an ignored network.
				$logger->Log("debug", "Address is found inside the ignored network $key.");

				# Return "1" (True).
				return 1;
			}

		# If the amount is not eighter one or two, the current entry of the ignorehash seems
		# to be corrupted. Skip and log it.
		} else {
			# Write log message about this corruped item in the ignore hash.
			$logger->Log("err", "Invalid item in the Ignore Hash: $key - @values");

			# Skip this element of the ignore hash.
			next;
		}
	}

	# If we got here, the given address is not part of the ignore hash.
	# Return nothing (False).
	return;
}

#
## The _whitelist_localhost function.
#
## This tiny private function simple generates and returns a hash which contains
## the clear and binary converted addresses for all array-stored
## (@localhost_addresses) in an ignorelist compatible format.
#
sub _whitelist_localhost () {
	my %temphash;

	# Loop through the array of localhost related addresses.
	foreach my $address (@localhost_addresses) {
		# Validate and convert the addresss into binary format.
		my @values = &Guardian::Base::IPOrNet2Int($address);

		# Check if any values are returned.
		if (@values) {
			# Store the converted binary values in the temporary hash.
			$temphash{$address} = [@values];
		}
	}

	# Return the temporary hash.
	return %temphash;
}

1;
Commit	Line	Data
df6ec59f SS	1	package Guardian::Events;
	2	use strict;
	3	use warnings;
	4
	5	use Exporter qw(import);
	6
7c8f0696	7	our @EXPORT_OK = qw(Init CheckAction GenerateIgnoreList Update);
df6ec59f SS	8
	9	# Hash which stores all supported commands from the queue.
	10	my %commands = (
	11	'count' => \&Counter,
	12	'block' => \&CallBlock,
	13	'unblock' => \&CallUnblock,
	14	'flush' => \&CallFlush,
7121d8cd	15	'reload' => \&main::Reload,
ab7c10eb	16	'reload-ignore-list' => \&main::ReloadIgnoreList,
648ca493	17	'logrotate' => \&main::Logrotate,
df6ec59f SS	18	);
	19
	20	# Hash to store addresses and their current count.
	21	my %counthash = ();
	22
	23	# Hash to store all currentyl blocked addresses and a timestamp
	24	# when the block for this address can be released.
	25	my %blockhash = ();
	26
66e1ad0a	27	# Hash to store user-defined IP addresses and/or subnets which should be
0d218038	28	# ignored in case any events should be repored for them.
66e1ad0a SS	29	my %ignorehash = ();
66e1ad0a SS	30
0d218038 SS	31	# Array to store localhost related IP addresses.
	32	# They are always white-listed to prevent guardian from blocking
	33	# any local traffic.
	34	my @localhost_addresses = ("127.0.0.1", "::1");
	35
df6ec59f SS	36	# This object will contain the reference to the logger object after calling Init.
	37	my $logger;
	38
	39	#
	40	## The "Init" (Block) function.
	41	#
	42	## This function is responsible to initialize Block as a class based object.
	43	## It has to be called once before any blocking event can be processed.
	44	#
	45	## The following arguments must be passed, during initialization:
	46	## "BlockCount" and "BlockTime" which both have to be natural numbers.
	47	#
	48	sub Init (%) {
	49	my ( $class, %args ) = @_;
	50	my $self = \%args;
	51
	52	# Fail, if some critical arguments are missing.
	53	unless ((exists($self->{BlockCount})) && (exists($self->{BlockTime}))) {
	54	die "Could not initialize Block: Too less arguments are given.\n";
	55	}
	56
	57	# Use bless to make "$self" to an object of class "$class".
	58	bless($self, $class);
	59
	60	# Assign logger object.
	61	$logger = $self->{Logger};
	62
	63	# Log used firewall engine.
	64	$logger->Log("debug", "Using firewall engine: $self->{FirewallEngine}");
	65
	66	# Try to load the specified firewall engine or die.
	67	my $module_name = "Guardian::" . $self->{FirewallEngine};
	68	eval "use $module_name; 1" or die "Could not load a module for firewall engine: $self->{FirewallEngine}!";
	69
66e1ad0a SS	70	# Check if an IgnoreFile has been configured.
	71	if (exists($self->{IgnoreFile})) {
	72	# Call function to handle the ignore mechanism.
	73	&GenerateIgnoreList($self->{IgnoreFile});
0d218038 SS	74	} else {
	75	# Whitelist local addresses.
	76	%ignorehash = &_whitelist_localhost();
66e1ad0a SS	77	}
66e1ad0a SS	78
df6ec59f SS	79	# Return the class object.
	80	return $self;
	81	}
	82
	83	#
	84	## The main "CheckAction" function.
	85	#
	86	## This function is used to handle each recived event from the main event queue of guardian.
	87	#
	88	## It will check if the given command is valid and will pass it to the responsible function.
	89	#
	90	sub CheckAction ($$) {
	91	my $self = shift;
	92	my @event = split(/ /, $_[0], 4);
	93	my ($command, $address, $module, $message) = @event;
	94
	95	# Check if we got an invalid command.
	96	unless(exists($commands{$command})) {
	97	$logger->Log("err", "The CheckAction function has been called with an unsupported command ($command)!");
	98	return;
	99	}
	100
e1ff25ce SS	101	# Check if the given event contains an address.
	102	if ($address) {
	103	# Convert and validate the given address.
	104	my $bin_address = &Guardian::Base::IPOrNet2Int($address);
	105
	106	# Abort if the given address could not be converted because it is not valid.
	107	unless ($bin_address) {
	108	$logger->Log("err", "Invalid IP address: $address");
	109	return;
	110	}
	111
	112	# Check if address should be ignored.
	113	if(&_IsOnIgnoreList($bin_address)) {
	114	# Log message.
	115	$logger->Log("info", "Ignoring event for $address, because it is part of the ignore list.");
	116	return;
	117	}
66e1ad0a SS	118	}
66e1ad0a SS	119
df6ec59f SS	120	# Call required handler.
	121	my $error = $commands{$command}->($self, $address, $module, $message);
	122
	123	# If we got any return code, something went wrong and should be logged.
	124	if ($error) {
	125	$logger->Log("err", "Got error: $error");
	126	return;
	127	}
	128	}
	129
	130	#
	131	## The main "Counter" function.
	132	#
	133	## This function is used to handle each count message + address, which has been sent by the main event
	134	## loop of guardian.
	135	#
	136	## It stores the address and the current count into the counthash and increase the count each time when
	137	## the same address should be counted again. When the current count reaches the configured BlockCount,
	138	## the responsible function will be called to block the address.
	139	#
	140	sub Counter ($@) {
	141	my $self = shift;
	142	my ($address, $module, $message) = @_;
	143
	144	# Log event.
	145	$logger->Log("debug", "$module reported $message for address: $address");
	146
	147	# Increase existing count or start counting for new source addresses.
	148	if (exists($counthash{$address})) {
	149	# Skip already blocked addresses.
	150	if (exists($blockhash{$address})) {
	151	return undef;
	152	}
	153
	154	# Increase count of the existing entry.
	155	$counthash{$address} = $counthash{$address} + 1;
	156
	157	# Log altered count of the address.
	158	$logger->Log("debug", "Source $address now has count $counthash{$address}/$self->{BlockCount}...");
	159	} else {
	160	# Log that counting for the address has been started.
	161	$logger->Log("debug", "Start counting for $address...");
	162
	163	# Set count to "1".
	164	$counthash{$address} = 1;
	165	}
	166
	167	# Check if the address has reached the configured count limit.
	168	if ($counthash{$address} >= $self->{BlockCount}) {
	169	# Write out log message.
	170	$logger->Log("info", "Blocking $address for $self->{BlockTime} seconds...");
	171
	172	# Call block subroutine to block the address.
	173	my $error = &CallBlock($self, $address, $module, $message);
	174
	175	# Return the message if an error occurs.
	176	return $error;
	177	}
	178
	179	# Everything worked well, return nothing.
	180	return undef;
	181	}
	182
	183	#
184	## The RemoveBlocks function.
185	#
186	## This function periodly will be called and is responsible for releasing the block if the Blocktime
187	## on an address has expired.
188	#
189	## To do this, the code will loop through all entries of the blockhash and check
190	## if the estimiated BlockTime of each address has reached and so the block can be released.
191	#
192	sub RemoveBlocks () {
193	my $self = shift;
194
195	# Get the current time.
196	my $time = time();
197
198	# Loop through the blockhash.
199	foreach my $address (keys %blockhash) {
200	# Check if the blocktime for the address has expired.
201	if ($blockhash{$address} <= $time) {
202	# Call unblock subroutine.
203	my $error = &CallUnblock($self, $address, "BlockTime", "has expired for $address");
204
205	# Log error messages if returned.
206	if ($error) {
207	$logger->Log("err", "$error");
208	}
209	}
210	}
211
212	# Everything okay, return nothing.
213	return undef;
214	}
215
216	#
217	## The CallBlock function.
218	#
219	## This function is called, if the BlockCount for an address is reached or a direct
220	## request for blocking an address has been recieved.
221	#
222	sub CallBlock ($@) {
223	my $self = shift;
224	my ($address, $module, $message) = @_;
225
226	# Log the call for blocking an address.
227	$logger->Log("info", "$module - $message");
228
229	# Check if an entry for this address exists
230	# in the blockhash. If not, the address has
231	# not been blocked yet, call the responisible
232	# function to do this now.
233	unless (exists($blockhash{$address})) {
e9c558fe SS	234	# Obtain the configured FirewallAction.
e9c558fe SS	235	my $action = $self->{FirewallAction};
df6ec59f SS	236
	237	# Block the given address.
	238	my $error = &DoBlock($address, $action);
	239
	240	# If we got back an error message something went wrong.
	241	if ($error) {
f842727a SS	242	# Exit function and return the used FirewallEngine and the error message.
f842727a SS	243	return "$self->{FirewallEngine} - $error";
df6ec59f SS	244	} else {
	245	# Address has been successfully blocked, print a log message.
	246	$logger->Log("debug", "Address $address successfully has been blocked...");
	247	}
	248	}
	249
	250	# Generate time when the block will expire.
	251	my $expire = time() + $self->{BlockTime};
	252
	253	# Store the blocked address and the expire time
	254	# in the blockhash.
	255	$blockhash{$address} = $expire;
	256
	257	# Return nothing "undef" if everything is okay.
	258	return undef;
	259	}
	260
	261	#
	262	## CallUnblock function.
	263	#
	264	## This function is responsible for unblocking and deleting a given
	265	## address from the blockhash.
	266	#
	267	sub CallUnblock ($) {
	268	my $self = shift;
	269	my ($address, $module, $message) = @_;
	270
	271	# Log the call for unblocking an address.
	272	$logger->Log("info", "$module - $message");
	273
	274	# Return an error if no entry for the given address
	275	# is present in the blockhash.
	276	unless (exists($blockhash{$address})) {
	277	return "Address $address was not blocked!";
	278	}
	279
	280	# Unblock the address.
	281	my $error = &DoUnblock($address);
	282
	283	# If an error message is returned, something went wrong.
	284	if ($error) {
	285	# Exit function and return the error message.
	286	return $error;
	287	} else {
	288	# Address successfully has been unblocked.
	289	$logger->Log("debug", "Address $address successfully has been unblocked...");
	290	}
	291
	292	# Drop address from blockhash.
	293	delete ($blockhash{$address});
	294
	295	# Everything worked well, return nothing.
	296	return undef;
	297	}
	298
7c96d150 SS	299	#
	300	## CallFlush function.
	301	#
	302	## This function is responsible for calling the used firewall
	303	## engine to do a flush of the used firewall chain. This will
	304	## clean the entire firewall chain.
	305	#
	306	sub CallFlush ($) {
	307	my $self = shift;
	308
	309	# Log the call for flushing.
	310	$logger->Log("info", "Flush has been called...");
	311
	312	# Call flush.
	313	my $error = &DoFlush();
	314
	315	# If an error message is returned, something went wrong.
	316	if ($error) {
	317	# Exit function and return the error message.
	318	return $error;
	319	} else {
	320	# Flush successfully has been performed.
	321	$logger->Log("debug", "Flush successfully has been performed...");
	322	}
	323
	324	# Flush blockhash.
	325	%blockhash = ();
	326
	327	# Everything worked well, return nothing.
	328	return undef;
	329	}
	330
66e1ad0a SS	331	#
	332	## GenerateIgnoreList function.
	333	#
	334	## This function is responsible for generating/updating the
	335	## IgnoreHash which contains all ignored IP addresses and
	336	## networks.
	337	#
	338	sub GenerateIgnoreList($) {
	339	my $file = shift;
900cad7f SS	340	my @include_files;
	341
	342	# Reset current ignore hash and add
	343	# localhost related IP addresses.
	344	%ignorehash = &_whitelist_localhost();
66e1ad0a SS	345
	346	# Check if the given IgnoreFile could be opened.
	347	unless(-e $file) {
	348	$logger->Log("err", "The configured IgnoreFile \($file\) could not be opened. Skipped!");
	349	return;
	350	}
	351
900cad7f	352	# Open the given IgnoreFile.
66e1ad0a SS	353	open (IGNORE, $file);
	354
	355	# Read-in the file line by line.
	356	while (<IGNORE>) {
	357	# Skip comments.
	358	next if (/\#/);
	359
	360	# Skip blank lines.
	361	next if (/^\s*$/);
	362
	363	# Remove any newlines.
	364	chomp;
	365
900cad7f SS	366	# Check for an include instruction.
	367	if ($_ =~ /^Include_File = (.*)/) {
	368	my $include_file = $1;
66e1ad0a	369
900cad7f SS	370	# Check if the parsed include file exists and is read-able.
	371	if (-e $include_file) {
	372	# Add file to the array of files wich will be included.
	373	push(@include_files, $include_file);
	374
	375	# Write out log message.
	376	$logger->Log("debug", "Addresses from $include_file will be included...");
	377	} else {
	378	# Log missing file.
	379	$logger->Log("err", "$include_file will not be included. File does not exist!");
	380	}
	381	} else {
	382	# Check if the line contains a valid single address or network and
	383	# convert it into binary format. Store the result/start and
	384	# end values in a temporary array.
	385	my @values = &Guardian::Base::IPOrNet2Int($_);
	386
	387	# If the function returned any values, the line contained a valid
	388	# single address or network which successfully has been converted into
	389	# binary format.
	390	if (@values) {
	391	# Assign the array as value to the ignorehash.
	392	$ignorehash{$_} = [@values];
	393	} else {
	394	# Log invalid entry.
	395	$logger->Log("err", "IgnoreFile contains an invalid address/network: $_");
	396
	397	# Skip line.
	398	next;
	399	}
66e1ad0a SS	400	}
	401	}
	402
	403	# Close filehandle for the IgnoreFile.
	404	close (IGNORE);
5cd378cd	405
900cad7f SS	406	# Check if any files should be included.
	407	if (@include_files) {
	408	# Loop through the array of files which should be included.
	409	foreach my $file (@include_files) {
	410	# Open the file.
	411	open(INCLUDE, $file);
	412
	413	# Read-in file line by line.
	414	while(<INCLUDE>) {
	415	# Skip any comments.
	416	next if (/\#/);
	417
	418	# Skip any blank lines.
	419	next if (/^\s*$/);
	420
	421	# Chomp any newlines.
	422	chomp;
	423
	424	# Check if the line contains a valid single address or network and
	425	# convert it into binary format. Store the result/start and
	426	# end values in a temporary array.
	427	my @values = &Guardian::Base::IPOrNet2Int($_);
	428
	429	# If the function returned any values, the line contained a valid
	430	# single address or network which successfully has been converted into
	431	# binary format.
	432	if (@values) {
	433	# Assign the array as value to the ignorehash.
	434	$ignorehash{$_} = [@values];
	435	} else {
	436	# Log invalid entry.
	437	$logger->Log("err", "$file contains an invalid address/network: $_");
	438
	439	# Skip line.
	440	next;
	441	}
	442	}
	443
	444	# Close filehandle.
	445	close(INCLUDE);
	446	}
	447	}
	448
5cd378cd SS	449	# Get amount of current elements in hash.
	450	my $amount = scalar(keys(%ignorehash));
	451
	452	# Write out log message.
	453	$logger->Log("debug", "Ignore list currently contains $amount entries.");
66e1ad0a SS	454	}
	455
	456	#
	457	## Private function to check if an address is part of the Ignore Hash.
	458	#
7c8f0696 SS	459	## This function checks if a passed IP address in binary format (!),
7c8f0696 SS	460	## directly or as part of an ignored network is stored in the ignore hash.
66e1ad0a SS	461	#
	462	sub _IsOnIgnoreList ($) {
	463	my $bin_address = shift;
	464
	465	# Loop through the ignore hash and grab the stored values.
	466	foreach my $key ( keys %ignorehash ) {
	467	# Dereference values array.
	468	my @values = @{$ignorehash{$key}};
	469
	470	# Obtain amount of items for the current value array.
	471	my $items = scalar @values;
	472
	473	# Whether the amount equals one, the given binary address just
	474	# needs to be compared against a single address.
	475	if ($items eq "1") {
	476	my ($ignored_address) = @values;
	477
	478	# Simple check if the stored and the given binary address
	479	# are the same.
	480	if ($bin_address eq $ignored_address) {
	481	# The given address is part of the ignore list.
	482	$logger->Log("debug", "Address $key found on the ignore list.");
	483
	484	# Return "1" (True).
	485	return 1;
	486	}
	487	}
	488
	489	# If the amount equals two, for passed binary address needs to
	490	# be checked if it is part of the ignored network range.
	491	elsif ($items eq "2") {
	492	my ($first_address, $last_address) = @values;
	493
	494	# Check if the passed binary address is bigger than
	495	# the first address and smaler than the last address
	496	# (between) the stored network range.
	497	if (($bin_address >= $first_address) && ($bin_address <= $last_address)) {
	498	# The address is part of an ignored network.
	499	$logger->Log("debug", "Address is found inside the ignored network $key.");
	500
	501	# Return "1" (True).
	502	return 1;
	503	}
	504
	505	# If the amount is not eighter one or two, the current entry of the ignorehash seems
	506	# to be corrupted. Skip and log it.
	507	} else {
	508	# Write log message about this corruped item in the ignore hash.
	509	$logger->Log("err", "Invalid item in the Ignore Hash: $key - @values");
	510
	511	# Skip this element of the ignore hash.
	512	next;
	513	}
	514	}
	515
	516	# If we got here, the given address is not part of the ignore hash.
	517	# Return nothing (False).
	518	return;
	519	}
	520
0d218038 SS	521	#
	522	## The _whitelist_localhost function.
	523	#
	524	## This tiny private function simple generates and returns a hash which contains
	525	## the clear and binary converted addresses for all array-stored
	526	## (@localhost_addresses) in an ignorelist compatible format.
	527	#
	528	sub _whitelist_localhost () {
	529	my %temphash;
	530
	531	# Loop through the array of localhost related addresses.
	532	foreach my $address (@localhost_addresses) {
	533	# Validate and convert the addresss into binary format.
	534	my @values = &Guardian::Base::IPOrNet2Int($address);
	535
	536	# Check if any values are returned.
	537	if (@values) {
	538	# Store the converted binary values in the temporary hash.
	539	$temphash{$address} = [@values];
	540	}
	541	}
	542
	543	# Return the temporary hash.
	544	return %temphash;
	545	}
	546
df6ec59f	547	1;