protected override void ExecuteFail2banAction(EventEntry evtlog, IPAddress addr, int prefix, long expiration)
{
if (!MessageQueue.Exists(queue_name))
{
MessageQueue newMsMq = MessageQueue.Create(queue_name);
// set the label name and close the message queue
newMsMq.Label = "Fail2ban log analyzer FWDATA production message queue";
//newMsMq.AccessMode = QueueAccessMode.SendAndReceive;
//newMsMq.Authenticate = true;
//newMsMq.EncryptionRequired = EncryptionRequired.Body;
//newMsMq.MaximumJournalSize = 10 * 1024;
//newMsMq.MaximumQueueSize = ???;
newMsMq.Close();
}
else
{
// MessageQueue.Delete(queueName);
}
// create a message queue object
MessageQueue msMq = new MessageQueue(queue_name);
// create the message and set the base properties
Message msg = new Message();
//Msg.ResponseQueue = new MessageQueue(ResponseMessageQueuePath);
msg.Priority = MessagePriority.Normal;
msg.UseJournalQueue = true;
msg.Label = "F2BFW";
msg.TimeToBeReceived = TimeSpan.FromSeconds(time_to_be_received);
// we want a acknowledgement if received or not in the response queue
//Msg.AcknowledgeType = AcknowledgeTypes.FullReceive;
//Msg.AdministrationQueue = new MessageQueue(ResponseMessageQueuePath);
msg.BodyStream.WriteByte((byte)'F');
msg.BodyStream.WriteByte((byte)'2');
msg.BodyStream.WriteByte((byte)'B');
msg.BodyStream.WriteByte((byte)F2B_DATA_TYPE_ENUM.F2B_FWDATA_TYPE0);
//BinaryWriter stream = new BinaryWriter(msg.BodyStream);
//MemoryStream memStream = new MemoryStream();
//BinaryWriter dataStream = new BinaryWriter(memStream);
//dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_EXPIRATION);
//dataStream.Write(IPAddress.HostToNetworkOrder(expiration));
//if (addr.IsIPv4MappedToIPv6)
//{
// dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_IPv4_AND_PREFIX);
// dataStream.Write(addr.MapToIPv4().GetAddressBytes());
// dataStream.Write((byte)(prefix - 96));
//}
//else
//{
// dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_IPv6_AND_PREFIX);
// dataStream.Write(addr.GetAddressBytes());
// dataStream.Write((byte)prefix);
//}
//stream.Write(IPAddress.HostToNetworkOrder((int)memStream.Length));
//stream.Write(memStream.ToArray());
F2B.FwData fwData = new F2B.FwData(expiration, addr, prefix);
byte[] data = fwData.ToArray();
int dataLengthNO = IPAddress.HostToNetworkOrder(data.Length);
byte[] dataLenght = BitConverter.GetBytes(dataLengthNO);
msg.BodyStream.Write(dataLenght, 0, dataLenght.Length);
msg.BodyStream.Write(data, 0, data.Length);
msg.BodyStream.WriteByte((byte)'F');
msg.BodyStream.WriteByte((byte)'2');
msg.BodyStream.WriteByte((byte)'B');
msg.BodyStream.WriteByte((byte)F2B_DATA_TYPE_ENUM.F2B_EOF);
try
{
// send the message
msMq.Send(msg);
}
catch (MessageQueueException ee)
{
Log.Error(ee.ToString());
}
catch (Exception eee)
{
Log.Error(eee.ToString());
}
finally
{
// close the mesage queue
msMq.Close();
}
}
protected override void ExecuteFail2banAction(EventEntry evtlog, IPAddress addr, int prefix, long expiration)
{
F2B.FwData fwData = new F2B.FwData(expiration, addr, prefix);
F2B.FwManager.Instance.Add(fwData, weight, permit, persistent);
}
protected override void ExecuteFail2banAction(EventEntry evtlog, IPAddress addr, int prefix, long expiration)
{
if (!MessageQueue.Exists(queue_name))
{
MessageQueue newMsMq = MessageQueue.Create(queue_name);
// set the label name and close the message queue
newMsMq.Label = "Fail2ban log analyzer FWDATA production message queue";
//newMsMq.AccessMode = QueueAccessMode.SendAndReceive;
//newMsMq.Authenticate = true;
//newMsMq.EncryptionRequired = EncryptionRequired.Body;
//newMsMq.MaximumJournalSize = 10 * 1024;
//newMsMq.MaximumQueueSize = ???;
newMsMq.Close();
}
else
{
// MessageQueue.Delete(queueName);
}
// create a message queue object
MessageQueue msMq = new MessageQueue(queue_name);
// create the message and set the base properties
Message msg = new Message();
//Msg.ResponseQueue = new MessageQueue(ResponseMessageQueuePath);
msg.Priority = MessagePriority.Normal;
msg.UseJournalQueue = true;
msg.Label = "F2BFW";
msg.TimeToBeReceived = TimeSpan.FromSeconds(time_to_be_received);
// we want a acknowledgement if received or not in the response queue
//Msg.AcknowledgeType = AcknowledgeTypes.FullReceive;
//Msg.AdministrationQueue = new MessageQueue(ResponseMessageQueuePath);
msg.BodyStream.WriteByte((byte)'F');
msg.BodyStream.WriteByte((byte)'2');
msg.BodyStream.WriteByte((byte)'B');
msg.BodyStream.WriteByte((byte)F2B_DATA_TYPE_ENUM.F2B_FWDATA_TYPE0);
//BinaryWriter stream = new BinaryWriter(msg.BodyStream);
//MemoryStream memStream = new MemoryStream();
//BinaryWriter dataStream = new BinaryWriter(memStream);
//dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_EXPIRATION);
//dataStream.Write(IPAddress.HostToNetworkOrder(expiration));
//if (addr.IsIPv4MappedToIPv6)
//{
// dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_IPv4_AND_PREFIX);
// dataStream.Write(addr.MapToIPv4().GetAddressBytes());
// dataStream.Write((byte)(prefix - 96));
//}
//else
//{
// dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_IPv6_AND_PREFIX);
// dataStream.Write(addr.GetAddressBytes());
// dataStream.Write((byte)prefix);
//}
//stream.Write(IPAddress.HostToNetworkOrder((int)memStream.Length));
//stream.Write(memStream.ToArray());
F2B.FwData fwData = new F2B.FwData(expiration, addr, prefix);
byte[] data = fwData.ToArray();
int dataLengthNO = IPAddress.HostToNetworkOrder(data.Length);
byte[] dataLenght = BitConverter.GetBytes(dataLengthNO);
msg.BodyStream.Write(dataLenght, 0, dataLenght.Length);
msg.BodyStream.Write(data, 0, data.Length);
msg.BodyStream.WriteByte((byte)'F');
msg.BodyStream.WriteByte((byte)'2');
msg.BodyStream.WriteByte((byte)'B');
msg.BodyStream.WriteByte((byte)F2B_DATA_TYPE_ENUM.F2B_EOF);
try
{
// send the message
msMq.Send(msg);
}
catch (MessageQueueException ee)
{
Log.Error(ee.ToString());
}
catch (Exception eee)
{
Log.Error(eee.ToString());
}
finally
{
// close the mesage queue
msMq.Close();
}
}
public void Add(long expiration, IPAddress addr, int prefix, bool permit = false)
{
long currtime = DateTime.UtcNow.Ticks;
// Adding filter with expiration time in past
// doesn't really make any sense
if (currtime >= expiration)
{
string tmp = Convert.ToString(expiration);
try
{
DateTime tmpExp = new DateTime(expiration, DateTimeKind.Utc);
tmp = tmpExp.ToLocalTime().ToString();
}
catch (Exception)
{
}
Log.Info("Skipping expired firewall rule (expired on " + tmp + ")");
return;
}
F2B.FwData fwdata = new F2B.FwData(expiration, addr, prefix);
byte[] hash = fwdata.Hash;
lock (dataLock)
{
// we need unique expiration time to keep all required
// data in simple key/value hashmap structure (and we
// really don't care about different expiration time in ns)
while (cleanup.ContainsKey(expiration))
{
expiration++;
}
// filter out requests with expiration within 10% time
// range and treat them as duplicate requests
string filterName = null;
long expirationOld;
if (expire.TryGetValue(hash, out expirationOld))
{
if (currtime > Math.Max(expirationOld, expiration))
{
Log.Info("Skipping request with expiration in past");
}
else if (expiration < expirationOld)
{
Log.Info("Skipping request with new expiration " + expiration + " < existing exipration " + expirationOld);
}
else if (expiration - expirationOld < (expiration - currtime) / 10)
{
Log.Info("Skipping request with expiration of new records within 10% of expiration of existing rule (c/o/e=" + currtime + "/" + expirationOld + "/" + expiration + ")");
}
else
{
string filterNameOld = cleanup[expirationOld];
// maximum filter name size is 60 characters
//string tmpFilterName = "Fail2ban block address " + addr + "/" + prefix
// + " till " + expstr + "|" + F2B.FwData.EncodeName(expiration, hash);
string tmpFilterName = F2B.FwData.EncodeName(expiration, hash);
Log.Info("Replace old filter \"" + filterNameOld + "\" with increased expiration time (c/o/e=" + currtime + "/" + expirationOld + "/" + expiration + ")");
try
{
Log.Info("Add: Add filter rule \"" + tmpFilterName + "\"");
Add(tmpFilterName, expiration, addr + "/" + prefix);
filterName = tmpFilterName;
Log.Info("Add: Remove expired filter rule \"" + filterNameOld + "\"");
Remove(filterNameOld);
}
catch (Exception ex)
{
Log.Warn("Unable to replace filter rule \"" + filterNameOld + "\" with \"" + tmpFilterName + "\": " + ex.Message);
//fail++;
}
if (filterName != null) // no exception during rule addition
{
data.Remove(filterNameOld);
expire.Remove(hash); // not necessary
cleanup.Remove(expirationOld);
}
}
}
else
{
if (MaxSize == 0 || MaxSize > data.Count)
{
// maximum filter name size is 60 characters
//string tmpFilterName = "Fail2ban block address " + addr + "/" + prefix
// + " till " + expstr + "|" + F2B.FwData.EncodeName(expiration, hash);
string tmpFilterName = F2B.FwData.EncodeName(expiration, hash);
try
{
Log.Info("Add: Add filter rule \"" + tmpFilterName + "\"");
Add(tmpFilterName, expiration, addr + "/" + prefix);
filterName = tmpFilterName;
}
catch (Exception ex)
{
Log.Warn("Unable to add filter \"" + tmpFilterName + "\": " + ex.Message);
//fail++;
}
}
else
{
Log.Warn("Reached limit for number of active F2B filter rules, skipping new additions");
}
}
if (filterName != null)
{
fcnt[filterName] = 1; // ???
data[filterName] = hash;
expire[hash] = expiration;
cleanup[expiration] = filterName;
if (!tCleanupExpired.Enabled)
{
Log.Info("Enabling cleanup timer (interval " + tCleanupExpired.Interval + " ms)");
tCleanupExpired.Enabled = true;
}
}
} // dataLock
}
protected override void ExecuteFail2banAction(EventEntry evtlog, IPAddress addr, int prefix, long expiration)
{
F2B.FwData fwData = new F2B.FwData(expiration, addr, prefix);
F2B.FwManager.Instance.Add(fwData, weight, permit, persistent);
}
