andy [Fri, 17 Jan 2003 17:40:12 +0000 (17:40 +0000)]
A PHP/XML client for the opm.blitzed.org dnsbl for use if you wish to allow
people to check if they are in the DNSBL without them ever going outside your
website.
andy [Sat, 11 Jan 2003 06:28:45 +0000 (06:28 +0000)]
src/snprintf.[ch]:
Added Mark Martinec's (v)snprintf replacement from
http://www.ijs.si/software/snprintf/ for sstems with missing or
broken (v)snprintf.
src/compat.c:
Replace inet_aton() with bopm_inet_aton() to prevent clashes.
src/compat.h:
Systems without inet_aton() should use bopm_inet_aton() (compat.c).
Systems without (v)snprintf should use bopm_snprintf()
(snprintf.c).
Systems without inet_pton() should use bopm_inet_pton() (inet.c).
src/dnsbl.c:
src/firedns.c:
src/log.c:
src/main.c:
src/misc.c:
src/scan.c:
Needs to include compat.h if it wants to compile on Solaris.
src/inet.c:
For now made inetntoa() static as it is used nowhere but this
file. Later we need to either remove this and use bopm_inet_ntoa()
from compat.c, or else remove that one and rename this one.
Commented out inetntop() -- nothing seems to be using it currently?
Renamed inet_pton() to bopm_inet_pton() to avoid clashes.
andy [Thu, 9 Jan 2003 17:30:14 +0000 (17:30 +0000)]
Chekc for working snprintf (but do nothing about it yet). This macro came
from http://www.gnu.org/software/ac-archive/ac_func_snprintf.html and is
copyright RĂ¼diger Kuhlmann <redacted>.
dgl [Tue, 12 Nov 2002 08:40:57 +0000 (08:40 +0000)]
Serious bug fix. Due to a lack of checking some messages would be
treated as server notices when in fact they came from user input.
This can result in a user being able to scan any host or possibily
cause bopm to segfault.
dgl [Fri, 1 Nov 2002 10:26:42 +0000 (10:26 +0000)]
Removed u_char so _BSD_SOURCE doesn't have to be defined in some cases.
(Namely running bopm under dietlibc - the static file is smaller than a
dynamic file from glibc :)).
dgl [Thu, 24 Oct 2002 20:18:47 +0000 (20:18 +0000)]
scan:
- HTTP Post proxies are now scanned
- Code to not connect to a port more than once and won't try again if
it's closed (probably helps with limited connections too)
This adds a stage field into the protocol struct:
0 = scan first time
1 = scan second time only if port is open.
andy [Fri, 6 Sep 2002 09:28:56 +0000 (09:28 +0000)]
bopm.conf.sample:
Some people STILL don't get what BINDIRC and BINDSCAN do and like
to invent IP addresses to put there, then wonder why it does not
work.
andy [Fri, 23 Aug 2002 05:42:15 +0000 (05:42 +0000)]
src/negcache.[ch]:
Implementation of a patricia trie for storing IP addresses and
timestamps. This data structure will allow searches for nodes
with only log_2 N bit comparisons where N is the current number of
nodes. It also only requires as many nodes as there are IP
addresses to store.
Each node stores a key (the IP address), a timestamp, the bit
index, and left and right branches. The bit index is what makes
this different from a radix search tree, it tells us at which bit
this node's key differs from those above it in the trie.
Properties of the trie:
1) The bit index always decreases as we follow the tree from the head
to an external node.
2) Each branch of an external node points to the only node that can
contain keys that match the bit pattern. All searches terminate
at external nodes.
3) When trying to search for a bit pattern that is not present in the
tree, you will hit an external node at the place where your bit
pattern first deviates from all current nodes. You can tell this
has happened because the next node's bit index will be larger than
the current, which would be contrary to point (1).
4) Because the bit increments in each node store information about
where each node's bit pattern differs from all others in the tree,
extra nodes are not needed - unlike in a radix tree.
5) As for a radix tree, a patricia trie will always end up the
same no matter what order the nodes are inserted.
andy [Fri, 23 Aug 2002 04:41:24 +0000 (04:41 +0000)]
src/scan.c:
scans_active_for_addr() - walk the scan list and check if there are
any other scans in progress for a given IP address (as specified in
dot quad format).
When a scan fails and negative caching is enabled, check if there
are other scans in progress for the same address. If not, all
scans have failed and an entry should be added in the negcache.
Walking the list after every scan seems inefficient but I can't see
any other way to tell if there are no more scans active. So, at
the moment this is a good reason for not using negative caching.
andy [Fri, 23 Aug 2002 04:28:00 +0000 (04:28 +0000)]
src/main.c:
Periodically rebuild the negcache (if enabled) to remove entries
that are too old. Note that even though this might only happen
every 12 hours or so, old entries are ignored by nc_search()
anyway. This is just to free up some memory.
andy [Fri, 23 Aug 2002 04:17:31 +0000 (04:17 +0000)]
src/irc.c:
Upon connection to the IRC server, initialise our negative cache
(if negative caching is enabled).
When a user connection is detected, search for their IP in our
negative cache (if negative caching is enabled). If it is present,
say so in the logfile and don't bother to scan them.
Note that negative caching is only implemented for IPv4 at the
moment -- shouldn't be hard to extend it to IPv6 though.
andy [Fri, 23 Aug 2002 04:08:47 +0000 (04:08 +0000)]
bopm.conf.sample:
Documentation for new NEG_CACHE directive which determines how long
to cache negative results for (if at all). WE DO NOT RECOMMEND THE
USE OF NEGATIVE CACHING!
andy [Thu, 15 Aug 2002 17:16:16 +0000 (17:16 +0000)]
README:
Added a requirements section, specifically something about transparent
proxies. This has been mentioned on the lists before but should
probably be in the README since we have just discovered a host whose
BOPM K:lined 100% of users due to it being behind a transparent web
proxy. (!)