protected override void ExecuteFail2banAction(EventEntry evtlog, IPAddress addr, int prefix, long expiration) { if (!MessageQueue.Exists(queue_name)) { MessageQueue newMsMq = MessageQueue.Create(queue_name); // set the label name and close the message queue newMsMq.Label = "Fail2ban log analyzer FWDATA production message queue"; //newMsMq.AccessMode = QueueAccessMode.SendAndReceive; //newMsMq.Authenticate = true; //newMsMq.EncryptionRequired = EncryptionRequired.Body; //newMsMq.MaximumJournalSize = 10 * 1024; //newMsMq.MaximumQueueSize = ???; newMsMq.Close(); } else { // MessageQueue.Delete(queueName); } // create a message queue object MessageQueue msMq = new MessageQueue(queue_name); // create the message and set the base properties Message msg = new Message(); //Msg.ResponseQueue = new MessageQueue(ResponseMessageQueuePath); msg.Priority = MessagePriority.Normal; msg.UseJournalQueue = true; msg.Label = "F2BFW"; msg.TimeToBeReceived = TimeSpan.FromSeconds(time_to_be_received); // we want a acknowledgement if received or not in the response queue //Msg.AcknowledgeType = AcknowledgeTypes.FullReceive; //Msg.AdministrationQueue = new MessageQueue(ResponseMessageQueuePath); msg.BodyStream.WriteByte((byte)'F'); msg.BodyStream.WriteByte((byte)'2'); msg.BodyStream.WriteByte((byte)'B'); msg.BodyStream.WriteByte((byte)F2B_DATA_TYPE_ENUM.F2B_FWDATA_TYPE0); //BinaryWriter stream = new BinaryWriter(msg.BodyStream); //MemoryStream memStream = new MemoryStream(); //BinaryWriter dataStream = new BinaryWriter(memStream); //dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_EXPIRATION); //dataStream.Write(IPAddress.HostToNetworkOrder(expiration)); //if (addr.IsIPv4MappedToIPv6) //{ // dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_IPv4_AND_PREFIX); // dataStream.Write(addr.MapToIPv4().GetAddressBytes()); // dataStream.Write((byte)(prefix - 96)); //} //else //{ // dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_IPv6_AND_PREFIX); // dataStream.Write(addr.GetAddressBytes()); // dataStream.Write((byte)prefix); //} //stream.Write(IPAddress.HostToNetworkOrder((int)memStream.Length)); //stream.Write(memStream.ToArray()); F2B.FwData fwData = new F2B.FwData(expiration, addr, prefix); byte[] data = fwData.ToArray(); int dataLengthNO = IPAddress.HostToNetworkOrder(data.Length); byte[] dataLenght = BitConverter.GetBytes(dataLengthNO); msg.BodyStream.Write(dataLenght, 0, dataLenght.Length); msg.BodyStream.Write(data, 0, data.Length); msg.BodyStream.WriteByte((byte)'F'); msg.BodyStream.WriteByte((byte)'2'); msg.BodyStream.WriteByte((byte)'B'); msg.BodyStream.WriteByte((byte)F2B_DATA_TYPE_ENUM.F2B_EOF); try { // send the message msMq.Send(msg); } catch (MessageQueueException ee) { Log.Error(ee.ToString()); } catch (Exception eee) { Log.Error(eee.ToString()); } finally { // close the mesage queue msMq.Close(); } }
protected override void ExecuteFail2banAction(EventEntry evtlog, IPAddress addr, int prefix, long expiration) { F2B.FwData fwData = new F2B.FwData(expiration, addr, prefix); F2B.FwManager.Instance.Add(fwData, weight, permit, persistent); }
protected override void ExecuteFail2banAction(EventEntry evtlog, IPAddress addr, int prefix, long expiration) { if (!MessageQueue.Exists(queue_name)) { MessageQueue newMsMq = MessageQueue.Create(queue_name); // set the label name and close the message queue newMsMq.Label = "Fail2ban log analyzer FWDATA production message queue"; //newMsMq.AccessMode = QueueAccessMode.SendAndReceive; //newMsMq.Authenticate = true; //newMsMq.EncryptionRequired = EncryptionRequired.Body; //newMsMq.MaximumJournalSize = 10 * 1024; //newMsMq.MaximumQueueSize = ???; newMsMq.Close(); } else { // MessageQueue.Delete(queueName); } // create a message queue object MessageQueue msMq = new MessageQueue(queue_name); // create the message and set the base properties Message msg = new Message(); //Msg.ResponseQueue = new MessageQueue(ResponseMessageQueuePath); msg.Priority = MessagePriority.Normal; msg.UseJournalQueue = true; msg.Label = "F2BFW"; msg.TimeToBeReceived = TimeSpan.FromSeconds(time_to_be_received); // we want a acknowledgement if received or not in the response queue //Msg.AcknowledgeType = AcknowledgeTypes.FullReceive; //Msg.AdministrationQueue = new MessageQueue(ResponseMessageQueuePath); msg.BodyStream.WriteByte((byte)'F'); msg.BodyStream.WriteByte((byte)'2'); msg.BodyStream.WriteByte((byte)'B'); msg.BodyStream.WriteByte((byte)F2B_DATA_TYPE_ENUM.F2B_FWDATA_TYPE0); //BinaryWriter stream = new BinaryWriter(msg.BodyStream); //MemoryStream memStream = new MemoryStream(); //BinaryWriter dataStream = new BinaryWriter(memStream); //dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_EXPIRATION); //dataStream.Write(IPAddress.HostToNetworkOrder(expiration)); //if (addr.IsIPv4MappedToIPv6) //{ // dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_IPv4_AND_PREFIX); // dataStream.Write(addr.MapToIPv4().GetAddressBytes()); // dataStream.Write((byte)(prefix - 96)); //} //else //{ // dataStream.Write((byte)F2B_FWDATA_TYPE0_ENUM.F2B_FWDATA_IPv6_AND_PREFIX); // dataStream.Write(addr.GetAddressBytes()); // dataStream.Write((byte)prefix); //} //stream.Write(IPAddress.HostToNetworkOrder((int)memStream.Length)); //stream.Write(memStream.ToArray()); F2B.FwData fwData = new F2B.FwData(expiration, addr, prefix); byte[] data = fwData.ToArray(); int dataLengthNO = IPAddress.HostToNetworkOrder(data.Length); byte[] dataLenght = BitConverter.GetBytes(dataLengthNO); msg.BodyStream.Write(dataLenght, 0, dataLenght.Length); msg.BodyStream.Write(data, 0, data.Length); msg.BodyStream.WriteByte((byte)'F'); msg.BodyStream.WriteByte((byte)'2'); msg.BodyStream.WriteByte((byte)'B'); msg.BodyStream.WriteByte((byte)F2B_DATA_TYPE_ENUM.F2B_EOF); try { // send the message msMq.Send(msg); } catch (MessageQueueException ee) { Log.Error(ee.ToString()); } catch (Exception eee) { Log.Error(eee.ToString()); } finally { // close the mesage queue msMq.Close(); } }
public void Add(long expiration, IPAddress addr, int prefix, bool permit = false) { long currtime = DateTime.UtcNow.Ticks; // Adding filter with expiration time in past // doesn't really make any sense if (currtime >= expiration) { string tmp = Convert.ToString(expiration); try { DateTime tmpExp = new DateTime(expiration, DateTimeKind.Utc); tmp = tmpExp.ToLocalTime().ToString(); } catch (Exception) { } Log.Info("Skipping expired firewall rule (expired on " + tmp + ")"); return; } F2B.FwData fwdata = new F2B.FwData(expiration, addr, prefix); byte[] hash = fwdata.Hash; lock (dataLock) { // we need unique expiration time to keep all required // data in simple key/value hashmap structure (and we // really don't care about different expiration time in ns) while (cleanup.ContainsKey(expiration)) { expiration++; } // filter out requests with expiration within 10% time // range and treat them as duplicate requests string filterName = null; long expirationOld; if (expire.TryGetValue(hash, out expirationOld)) { if (currtime > Math.Max(expirationOld, expiration)) { Log.Info("Skipping request with expiration in past"); } else if (expiration < expirationOld) { Log.Info("Skipping request with new expiration " + expiration + " < existing exipration " + expirationOld); } else if (expiration - expirationOld < (expiration - currtime) / 10) { Log.Info("Skipping request with expiration of new records within 10% of expiration of existing rule (c/o/e=" + currtime + "/" + expirationOld + "/" + expiration + ")"); } else { string filterNameOld = cleanup[expirationOld]; // maximum filter name size is 60 characters //string tmpFilterName = "Fail2ban block address " + addr + "/" + prefix // + " till " + expstr + "|" + F2B.FwData.EncodeName(expiration, hash); string tmpFilterName = F2B.FwData.EncodeName(expiration, hash); Log.Info("Replace old filter \"" + filterNameOld + "\" with increased expiration time (c/o/e=" + currtime + "/" + expirationOld + "/" + expiration + ")"); try { Log.Info("Add: Add filter rule \"" + tmpFilterName + "\""); Add(tmpFilterName, expiration, addr + "/" + prefix); filterName = tmpFilterName; Log.Info("Add: Remove expired filter rule \"" + filterNameOld + "\""); Remove(filterNameOld); } catch (Exception ex) { Log.Warn("Unable to replace filter rule \"" + filterNameOld + "\" with \"" + tmpFilterName + "\": " + ex.Message); //fail++; } if (filterName != null) // no exception during rule addition { data.Remove(filterNameOld); expire.Remove(hash); // not necessary cleanup.Remove(expirationOld); } } } else { if (MaxSize == 0 || MaxSize > data.Count) { // maximum filter name size is 60 characters //string tmpFilterName = "Fail2ban block address " + addr + "/" + prefix // + " till " + expstr + "|" + F2B.FwData.EncodeName(expiration, hash); string tmpFilterName = F2B.FwData.EncodeName(expiration, hash); try { Log.Info("Add: Add filter rule \"" + tmpFilterName + "\""); Add(tmpFilterName, expiration, addr + "/" + prefix); filterName = tmpFilterName; } catch (Exception ex) { Log.Warn("Unable to add filter \"" + tmpFilterName + "\": " + ex.Message); //fail++; } } else { Log.Warn("Reached limit for number of active F2B filter rules, skipping new additions"); } } if (filterName != null) { fcnt[filterName] = 1; // ??? data[filterName] = hash; expire[hash] = expiration; cleanup[expiration] = filterName; if (!tCleanupExpired.Enabled) { Log.Info("Enabling cleanup timer (interval " + tCleanupExpired.Interval + " ms)"); tCleanupExpired.Enabled = true; } } } // dataLock }
protected override void ExecuteFail2banAction(EventEntry evtlog, IPAddress addr, int prefix, long expiration) { F2B.FwData fwData = new F2B.FwData(expiration, addr, prefix); F2B.FwManager.Instance.Add(fwData, weight, permit, persistent); }