ze-filter  (ze-filter-0.8.0-develop-180218)
ze-history.c
Go to the documentation of this file.
1 
2 /*
3  *
4  * ze-filter - Mail Server Filter for sendmail
5  *
6  * Copyright (c) 2001-2018 - Jose-Marcio Martins da Cruz
7  *
8  * Auteur : Jose Marcio Martins da Cruz
9  * jose.marcio.mc@gmail.org
10  *
11  * Historique :
12  * Creation : janvier 2002
13  *
14  * This program is free software, but with restricted license :
15  *
16  *
17  * This program is distributed in the hope that it will be useful,
18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20  *
21  * More details about ze-filter license can be found at ze-filter
22  * web site : http://foss.jose-marcio.org
23  */
24 
25 #include <ze-sys.h>
26 
27 #include "libmilter/mfapi.h"
28 
29 #include "ze-filter.h"
30 
31 #include "ze-filter-data.h"
32 
33 
34 /* ****************************************************************************
35  * *
36  * *
37  **************************************************************************** */
38 
39 
40 static long HISTORY_ENTRIES = 0x8000L;
41 
42 struct HistRaw_T {
44  time_t conn_id;
45  char ip[SZ_IP];
46 
47 #if HAVE_HRTIME_T
48  hrtime_t t_open;
49  hrtime_t t_close;
50 #else
53 #endif
55 
56  short result;
57  short ip_class;
58  short conn_rate;
59  short dummy_1;
60  short resolve_res;
61  short dummy_2;
62 
63  short nb_rcpt;
64  short nb_files;
65  short nb_xfiles;
66  short nb_virus;
67  short nb_policy;
68  short nb_msgs;
69 
71 
72  short rej_regex;
74  short rej_resolve;
75  short rej_rcpt;
76  short rej_luser;
77 
78  short serv_rate;
79 
81 
82  short rej_open;
83  short rej_empty;
84 
85  short nb_badrcpt;
86  short rej_badrcpt;
87 
89 
90  short rej_oracle;
91  short nb_spamtrap;
92  short rej_badmx;
93  short rej_spamtrap;
94 
95  short rej_greyrcpt;
96  short rej_greymsgs;
97 
99 
100  /*
101  * not yet...
102  */
104  short score_urlbl;
105  short score_regex;
106 
112 
113  short nb_bspam;
114  short nb_bham;
115  short dummy[5];
116 };
117 
118 
119 struct HistRes_T {
120  char ip[SZ_IP];
121 #if 0
122  in_addr_t addr;
123 #endif
124  time_t ti;
125  time_t tf;
126 
127  int32_t nb_conn;
128  int32_t nb_msgs;
129 #if HAVE_UINT64_T
130  int64_t nb_bytes;
131 #else
133 #endif
134  int32_t nb_rcpt;
135  int32_t nb_badrcpt;
136  int32_t nb_spamtrap;
137  int32_t nb_files;
138  int32_t nb_xfiles;
139  int32_t nb_virus;
140  int32_t nb_policy;
141  int32_t nb_reject;
142  int32_t nb_empty;
143 
144  int32_t nb_bspam;
145  int32_t nb_bham;
146 
147  int32_t resolve_res;
148 
149  int32_t throttle_max;
150  int32_t serv_rate_max;
151  int32_t ip_class;
152 
153  int32_t dbrcpt_reject;
154  int32_t dbrcpt_access;
156  int32_t dbrcpt_unknown;
158 
159  int32_t rej_resolve;
162  int32_t rej_conn_rate;
163  int32_t rej_open;
164  int32_t rej_empty;
165  int32_t rej_badrcpt;
166  int32_t rej_rcpt;
167  int32_t rej_regex;
168  int32_t rej_luser;
169  int32_t rej_oracle;
170  int32_t rej_badmx;
171  int32_t rej_spamtrap;
172 
173  int32_t rej_greyrcpt;
174  int32_t rej_greymsgs;
175 
179 
183 };
184 
185 
186 static void ctx2histraw(HistRaw_T *, CTXPRIV_T *);
187 static void histraw2histres(HistRes_T *, HistRaw_T *);
188 
189 struct History_T {
190  size_t nb;
193 };
194 
195 #define HISTORY_T_INIT {0, JBT_INITIALIZER}
196 
197 static History_T history = HISTORY_T_INIT;
198 
200 
202 
203 /* ****************************************************************************
204  * *
205  * *
206  **************************************************************************** */
207 
208 
209 struct RawData_T {
210  int fd;
211  long ptr;
212  pthread_mutex_t st_mutex;
213 };
214 
215 typedef struct RawData_T RawData_T;
216 
217 static RawData_T hfile = { -1, 0, PTHREAD_MUTEX_INITIALIZER };
218 
219 #define HISTORY_LOCK() MUTEX_LOCK(&hfile.st_mutex)
220 #define HISTORY_UNLOCK() MUTEX_UNLOCK(&hfile.st_mutex)
221 
222 /* ****************************************************************************
223  * *
224  * *
225  **************************************************************************** */
226 bool
228  bool ronly;
229 {
230  char *work_dir = cf_get_str(CF_WORKDIR);
231  char fname[256];
232  int32_t history_entries = cf_get_int(CF_HISTORY_ENTRIES);
233 
234  ZE_MessageInfo(15, "sizeof RawHist_T : %d", sizeof (HistRaw_T));
235 
236  ZE_MessageInfo(15, "HISTORY_ENTRIES = %6ld; cf = %6ld\n", HISTORY_ENTRIES,
237  (long) history_entries);
238 
239  if (history_entries > 0)
240  HISTORY_ENTRIES = history_entries * 1024;
241 
242  ZE_MessageInfo(15, "HISTORY_ENTRIES = %6ld; cf = %6ld\n", HISTORY_ENTRIES,
243  (long) history_entries);
244 
245  if (work_dir == NULL)
246  work_dir = ZE_WORKDIR;
247  snprintf(fname, sizeof (fname), "%s/%s", work_dir, "ze-history");
248 
249  HISTORY_LOCK();
250  if (hfile.fd < 0) {
251  HistRaw_T h;
252  size_t ind;
253  time_t idmax;
254  ssize_t r;
255 
256  mode_t mode;
257  int oflag;
258 
259  mode = (S_IRUSR | S_IRGRP | S_IROTH);
260  if (ronly) {
261  oflag = O_RDONLY;
262  } else {
263  mode |= S_IWUSR;
264  oflag = (O_RDWR | O_CREAT);
265  }
266 
267  hfile.fd = open(fname, oflag, mode);
268  if (hfile.fd < 0) {
269  ZE_LogSysError("error opening history file");
270  HISTORY_UNLOCK();
271  return FALSE;
272  }
273 
274  ind = 0;
275  idmax = 0;
276  while ((r = read(hfile.fd, &h, sizeof (h))) == sizeof (h)) {
277  if (h.conn_id > idmax) {
278  idmax = h.conn_id;
279  hfile.ptr = ind;
280  }
281  ind++;
282  }
283  if (r < 0)
284  ZE_LogSysError("read error on history file");
285  }
286  HISTORY_UNLOCK();
287 
288  return TRUE;
289 }
290 
291 /* ****************************************************************************
292  * *
293  * *
294  **************************************************************************** */
295 void
297 {
298  HISTORY_LOCK();
299  if (hfile.fd >= 0)
300  close(hfile.fd);
301  HISTORY_UNLOCK();
302 }
303 
304 /* ****************************************************************************
305  * *
306  * *
307  **************************************************************************** */
308 bool
310  SMFICTX *ctx;
311 {
312  CTXPRIV_T *priv = MLFIPRIV(ctx);
313  HistRaw_T history;
314 
315  if (priv == NULL)
316  return TRUE;
317 
318  if (priv->peer_addr == NULL || strlen(priv->peer_addr) == 0)
319  return TRUE;
320  if (STRCASEEQUAL(priv->peer_addr, "unknown"))
321  return TRUE;
322 
323  if (hfile.fd < 0)
324  (void) raw_history_open(FALSE);
325 
326  HISTORY_LOCK();
327  if (hfile.fd >= 0) {
328  ctx2histraw(&history, priv);
329 
330  if (lseek(hfile.fd, hfile.ptr * sizeof (history), SEEK_SET) == (off_t) - 1)
331  ZE_LogSysError("%08lX : lseek error on history file %d",
332  (long) priv->conn_id, hfile.fd);
333 
334  if (write(hfile.fd, &history, sizeof (history)) < 0)
335  ZE_LogSysError("%08lX : write error on history file %d",
336  (long) priv->conn_id, hfile.fd);
337 
338  hfile.ptr++;
339  hfile.ptr = (hfile.ptr % HISTORY_ENTRIES);
340  }
341  HISTORY_UNLOCK();
342 
343  return TRUE;
344 }
345 
346 
347 
348 /* ****************************************************************************
349  * *
350  * *
351  **************************************************************************** */
352 static void
353 ctx2histraw(dst, src)
354  HistRaw_T *dst;
355  CTXPRIV_T *src;
356 {
357  if ((dst == NULL) || (src == NULL))
358  return;
359 
360  memset(dst, 0, sizeof (*dst));
361 
362  dst->signature = SIGNATURE;
363 
364  dst->conn_id = src->conn_id;
365  strlcpy(dst->ip, src->peer_addr, sizeof (dst->ip));
366 
367 #if HAVE_GETHRTIME
368  dst->t_length = (long) ((src->t_close - src->t_open) / 1000000);
369 #else
370  dst->t_length = (long) (src->t_close - src->t_open);
371 #endif
372  dst->t_open = src->t_open;
373  dst->t_close = src->t_close;
374  dst->t_work = src->t_callback;
375 
376  dst->conn_rate = src->conn_rate;
377  dst->serv_rate = src->serv_rate;
378  dst->rej_conn_rate = src->rej_conn_rate;
379  dst->rej_resolve = src->rej_resolve;
380  dst->rej_open = src->rej_open;
381  dst->rej_empty = src->rej_empty;
382  dst->rej_badrcpt = src->rej_badrcpt;
383  dst->rej_rcpt = src->rej_rcpt;
384 
385  dst->rej_greyrcpt = src->rej_greyreply;
386  dst->rej_greymsgs = src->rej_greymsgs;
387  if (src->rej_greyrcpt > 0) {
388  static int n = 0;
389 
390  if (n++ < 10)
391  ZE_MessageInfo(10, " %-20s GREY : %d", dst->ip, src->rej_greymsgs);
392  }
393 
394  dst->reject_connect = src->reject_connect;
395 
396  dst->resolve_res = src->resolve_res;
397  dst->rej_oracle = src->nb_oracle;
398  dst->rej_regex = src->rej_regex;
399  dst->nb_bytes = src->nb_bytes;
400  dst->nb_bspam = src->nb_bspam;
401  dst->nb_bham = src->nb_bham;
402 
403  dst->t_open = src->t_open;
404  dst->t_close = src->t_close;
405 
406  dst->result = src->result;
407  dst->ip_class = src->netclass.class;
408  dst->nb_rcpt = src->nb_rcpt;
409  dst->nb_badrcpt = src->nb_cbadrcpt;
410 #if 0
411  dst->nb_spamtrap = src->nb_spamtrap;
412 #endif
413  dst->nb_files = src->nb_files;
414  dst->nb_xfiles = src->nb_xfiles;
415  dst->nb_virus = src->nb_virus;
416  dst->nb_policy = src->nb_policy;
417 
418  dst->dbrcpt_reject = src->dbrcpt_reject;
419  dst->dbrcpt_access = src->dbrcpt_access;
420  dst->dbrcpt_bad_network = src->dbrcpt_bad_network;
421  dst->dbrcpt_unknown = src->dbrcpt_conn_unknown;
422  dst->dbrcpt_spamtrap = src->dbrcpt_conn_spamtrap;
423 
424  dst->nb_msgs = src->nb_msgs;
425  dst->rej_luser = src->rej_luser;
426  dst->rej_badmx = src->rej_badmx;
427  dst->rej_spamtrap = src->rej_spamtrap;
428 }
429 
430 /* ****************************************************************************
431  * *
432  * *
433  **************************************************************************** */
434 static void
435 histraw2histres(dst, src)
436  HistRes_T *dst;
437  HistRaw_T *src;
438 {
439 
440  if ((dst == NULL) || (src == NULL))
441  return;
442 
443  if (strlen(dst->ip) == 0) {
444  in_addr_t addr;
445 
446  strlcpy(dst->ip, src->ip, sizeof (dst->ip));
447 #if 0
448  if (jinet_pton(src->ip, &addr) != 0)
449  dst->addr = addr;
450 #endif
451  }
452  if ((dst->ti == 0) || (src->conn_id < dst->ti))
453  dst->ti = src->conn_id;
454  if ((dst->tf == 0) || (src->conn_id > dst->tf))
455  dst->tf = src->conn_id;
456  if ((dst->throttle_max == 0) || (src->conn_rate > dst->throttle_max))
457  dst->throttle_max = src->conn_rate;
458  if ((dst->serv_rate_max == 0) || (src->serv_rate > dst->serv_rate_max))
459  dst->serv_rate_max = src->serv_rate;
460 
461  dst->nb_conn++;
462  dst->nb_msgs += src->nb_msgs;
463  dst->nb_bytes += src->nb_bytes;
464  dst->nb_rcpt += src->nb_rcpt;
465 
466 #if 1
467  if ((src->nb_rcpt > 0) && (src->nb_msgs == 0))
468 #else /* 1st if */
469 #if 1
470  if ((src->nb_rcpt == 0) &&
471  !src->rej_resolve && !src->rej_conn_rate &&
472  !src->rej_empty && !src->rej_open && !src->rej_badrcpt)
473 #else /* 2nd if */
474  if ((src->nb_msgs == 0) && !src->reject_connect)
475 #endif /* 2nd if */
476 #endif /* 1st if */
477  dst->nb_empty++;
478 
479  dst->nb_badrcpt += src->nb_badrcpt;
480  dst->nb_files += src->nb_files;
481  dst->nb_xfiles += src->nb_xfiles;
482  dst->nb_virus += src->nb_virus;
483  dst->nb_policy += src->nb_policy;
484  dst->nb_spamtrap += src->nb_spamtrap;
485 
486  dst->dbrcpt_reject += src->dbrcpt_reject;
487  dst->dbrcpt_access += src->dbrcpt_access;
488  dst->dbrcpt_bad_network += src->dbrcpt_bad_network;
489  dst->dbrcpt_unknown += src->dbrcpt_unknown;
490  dst->dbrcpt_spamtrap += src->dbrcpt_spamtrap;
491 
492  if (dst->resolve_res != RESOLVE_OK) {
493  if (dst->resolve_res != src->resolve_res)
494  dst->resolve_res = RESOLVE_NULL;
495  } else
496  dst->resolve_res = src->resolve_res;
497 
498  dst->ip_class = src->ip_class;
499 
500  dst->rej_resolve += src->rej_resolve;
501  if (src->rej_resolve) {
502  switch (src->resolve_res) {
503  case RESOLVE_FAIL:
504  dst->rej_resolve_failed++;
505  break;
506  case RESOLVE_FORGED:
507  dst->rej_resolve_forged++;
508  break;
509  }
510  }
511  dst->rej_conn_rate += src->rej_conn_rate;
512  if (src->rej_open)
513  dst->rej_open++;
514  if (src->rej_empty)
515  dst->rej_empty++;
516  if (src->rej_badrcpt)
517  dst->rej_badrcpt++;
518  dst->rej_regex += src->rej_regex;
519  dst->rej_oracle += src->rej_oracle;
520  dst->nb_bspam += src->nb_bspam;
521  dst->nb_bham += src->nb_bham;
522 
523  dst->rej_rcpt += src->rej_rcpt;
524  dst->rej_luser += src->rej_luser;
525 
526  dst->rej_greyrcpt += src->rej_greyrcpt;
527  dst->rej_greymsgs += src->rej_greymsgs;
528  /*
529  * printf( " %-20s GREY : %d\n", dst->ip, src->rej_greyrcpt);
530  */
531 
532  dst->rej_badmx += src->rej_badmx;
533  dst->rej_spamtrap += src->rej_spamtrap;
534 
535 #if 1
536  if (src->rej_regex || src->rej_conn_rate || src->rej_resolve ||
537  src->rej_rcpt || src->rej_luser || src->rej_open ||
538  src->rej_empty || src->rej_badrcpt) {
539  dst->nb_reject++;
540  }
541 #else
542  if (src->result != SMFIS_CONTINUE)
543  dst->nb_reject++;
544 #endif
545 
546  zeKStatsUpdate(&dst->st_length, (double) src->t_length);
547  if ((dst->t_length_min == 0) || (src->t_length < dst->t_length_min))
548  dst->t_length_min = src->t_length;
549  if ((dst->t_length_max == 0) || (src->t_length > dst->t_length_max))
550  dst->t_length_max = src->t_length;
551 
552  zeKStatsUpdate(&dst->st_work, (double) src->t_work);
553  if ((dst->t_work_min == 0) || (src->t_work < dst->t_work_min))
554  dst->t_work_min = src->t_work;
555  if ((dst->t_work_max == 0) || (src->t_work > dst->t_work_max))
556  dst->t_work_max = src->t_work;
557 }
558 
559 
560 /* ****************************************************************************
561  * *
562  * *
563  **************************************************************************** */
564 void
566  History_T *c;
567 {
568  if (c == NULL)
569  return;
570  c->nb = 0;
571  memset(&c->glob, 0, sizeof (c->glob));
572 }
573 
574 
575 /* ****************************************************************************
576  * *
577  * *
578  **************************************************************************** */
579 
580 static void
581 res_history_add_noeud(c, h, verbose)
582  History_T *c;
583  HistRaw_T *h;
584  bool verbose;
585 {
586  HistRes_T *ptr = NULL, buf;
587 
588  memset(&buf, 0, sizeof (buf));
589  strlcpy(buf.ip, h->ip, sizeof (buf.ip));
590 
591  ptr = zeBTree_Get(&c->jdbh, &buf);
592 
593  if (ptr != NULL) {
594  histraw2histres(ptr, h);
595  } else {
596  HistRes_T buf;
597 
598  memset(&buf, 0, sizeof (buf));
599  histraw2histres(&buf, h);
600  c->nb++;
601 
602  if (!zeBTree_Add(&c->jdbh, &buf)) {
603  ZE_LogMsgWarning(0, "Can't add record to tree...");
604  }
605  }
606 
607  histraw2histres(&c->glob, h);
608 }
609 
610 
611 /* ****************************************************************************
612  * *
613  * *
614  **************************************************************************** */
615 static int
616 histrescmp(va, vb)
617  void *va;
618  void *vb;
619 {
620  HistRes_T *a = (HistRes_T *) va;
621  HistRes_T *b = (HistRes_T *) vb;
622 
623  return ip_strcmp(a->ip, b->ip);
624 }
625 
626 /* ****************************************************************************
627  * *
628  * *
629  **************************************************************************** */
630 bool
631 res_history_update(hst, ip, tf, dt, verbose)
632  History_T *hst;
633  char *ip;
634  time_t tf;
635  time_t dt;
636  bool verbose;
637 {
638  int fd;
639  time_t ti = 0;
640  HistRaw_T buf;
641  long p = 0;
642  off_t ptr;
643 
644  if (hst == NULL)
645  hst = &history;
646 
647  zeBTree_Init(&hst->jdbh, sizeof (HistRes_T), histrescmp);
648  zeBTree_Set_BTree_Size(&hst->jdbh, FALSE, -1);
649 
650  verbose = verbose || (ip != NULL);
651 
652  if (hfile.fd < 0)
653  (void) raw_history_open(FALSE);
654 
655  fd = hfile.fd;
656 
657  if (tf <= (time_t) 0)
658  tf = time(NULL);
659  ti = tf - dt;
660  ZE_LogMsgDebug(15, " ti tf dt : %ld %ld %ld\n", (long) ti, (long) tf,
661  (long) dt);
662 
663  HISTORY_LOCK();
664 
665  for (p = 0;; p++) {
666  ptr = p * sizeof (buf);
667 
668 #if HAVE_PREAD
669  if (pread(fd, &buf, sizeof (buf), ptr) != sizeof (buf))
670  break;
671 #else
672  if (lseek(fd, ptr, SEEK_SET) == (off_t) - 1) {
673  ZE_LogSysError("lseek error");
674  return FALSE;
675  }
676  if (read(fd, &buf, sizeof (buf)) != sizeof (buf))
677  break;
678 #endif
679  if (buf.signature != SIGNATURE)
680  continue;
681 
682  if ((buf.conn_id < ti) || (buf.conn_id > tf))
683  continue;
684 
685  if ((ip != NULL) && (strcmp(ip, buf.ip) != 0))
686  continue;
687 
688  if (strlen(buf.ip) == 0 || strstr(buf.ip, "unknown") != NULL)
689  continue;
690 
691  res_history_add_noeud(hst, &buf, verbose);
692  }
693 
694  HISTORY_UNLOCK();
695 
696  ZE_LogMsgInfo(12, "Search ended : %ld noeuds", (long int ) hst->nb);
697 
698  return TRUE;
699 }
700 
701 /* ****************************************************************************
702  * *
703  * *
704  **************************************************************************** */
705 typedef struct log_history_T {
706  bool hostnames;
707  int type;
708  int nbrecs;
709  int count;
710 } log_history_T;
711 
712 static bool log_hostnames = FALSE;
713 static int log_type = H_SUMMARY;
714 static int log_count = 0;
715 
716 static int
717 print_noeud_summary(void *rec, void *arg)
718 {
719  char sout[256], *s = "", nodename[128];
720  HistRes_T *p = (HistRes_T *) rec;
721 
722 #if 0
723  log_history_T *log = (log_history_T *) arg;
724 #endif
725 
726  if (log_hostnames) {
727  s = nodename;
728  *s = '\0';
729  CACHE_GETHOSTNAMEBYADDR(p->ip, nodename, sizeof (nodename), FALSE);
730  } else
731  s = "";
732 
733  printf("*** %-20s : %s\n", p->ip, s);
734  printf(" Net Class : %s\n", NET_CLASS_LABEL(p->ip_class));
735 
736  printf(" DNS resolve : %s\n", RESOLVE_VAL(p->resolve_res));
737  strlcpy(sout, ctime(&p->ti), sizeof (sout));
738  if ((s = strchr(sout, '\n')) != NULL)
739  *s = '\0';
740  printf(" First Connection : %s \n", sout);
741 
742  strlcpy(sout, ctime(&p->tf), sizeof (sout));
743  if ((s = strchr(sout, '\n')) != NULL)
744  *s = '\0';
745  printf(" Last Connection : %s \n", sout);
746  printf(" Connections : %7d\n", p->nb_conn);
747  printf(" Throttle Max : %7d / 10 min\n", p->throttle_max);
748  printf
749  (" Duration (sec) : %7.3f %7.3f %8.3f %7.3f (min mean max std-dev)\n",
750  ((double) p->t_length_min) / 1000, zeKMean(&p->st_length) / 1000,
751  ((double) p->t_length_max) / 1000, zeKStdDev(&p->st_length) / 1000);
752  printf
753  (" Work (sec) : %7.3f %7.3f %8.3f %7.3f (min mean max std-dev)\n",
754  ((double) p->t_work_min) / 1000, zeKMean(&p->st_work) / 1000,
755  ((double) p->t_work_max) / 1000, zeKStdDev(&p->st_work) / 1000);
756  if ((p->nb_conn > 0) && (zeKMean(&p->st_length) > 0))
757  printf(" Mean Throuput : %7.3f KBytes/sec\n",
758  (1000. * p->nb_bytes) / (1024 * p->nb_conn * zeKMean(&p->st_length)));
759 
760  printf("Counts\n");
761  printf(" Messages : %7d\n", p->nb_msgs);
762  printf(" Empty Connections : %7d\n", p->nb_empty);
763  printf(" Reject : %7d\n", p->nb_reject);
764  printf(" Volume : %7lu KBytes\n",
765  ((unsigned long) p->nb_bytes) / 1024);
766  printf(" Mean Volume : %7.2f KBytes/msg\n",
767  (p->nb_msgs > 0 ? (double) p->nb_bytes / (1024 * p->nb_msgs) : 0.));
768  printf(" Recipients : %7d\n", p->nb_rcpt);
769 
770  printf(" Rcpt Rejected : %7d\n", p->dbrcpt_reject);
771  printf(" Rcpt Access Denied : %7d\n", p->dbrcpt_access);
772  printf(" Rcpt Bad Network : %7d\n", p->dbrcpt_bad_network);
773  printf(" Rcpt Spamtraps : %7d\n", p->dbrcpt_spamtrap);
774  printf(" Rcpt User Unknown : %7d\n", p->dbrcpt_unknown);
775 
776  printf(" Yield : %7.2f rcpt/connection\n",
777  ((double) p->nb_rcpt) / ((double) p->nb_conn));
778  printf(" Files : %7d\n", p->nb_files);
779  printf(" X-Files : %7d\n", p->nb_xfiles);
780  printf(" Virus : %7d\n", p->nb_virus);
781  printf(" User Filter : %7d\n", p->nb_policy);
782 
783  printf("Reject\n");
784  printf(" DNS resolve : %7d\n", p->rej_resolve);
785  printf(" Connection Rate : %7d\n", p->rej_conn_rate);
786  printf(" Open Connections : %7d\n", p->rej_open);
787  printf(" Empty Connections : %7d\n", p->rej_empty);
788  printf(" Sender has bad MX : %7d\n", p->rej_badmx);
789  printf(" Bad Recipients : %7d\n", p->rej_badrcpt);
790  printf(" Spamtraps : %7d\n", p->rej_spamtrap);
791  printf(" Greylisting RCPT : %7d\n", p->rej_greyrcpt);
792  printf(" Greylisting MSGS : %7d\n", p->rej_greymsgs);
793  printf(" Content reject : %7d\n", p->rej_regex);
794  printf(" Oracle reject : %7d\n", p->rej_oracle);
795  printf(" Rcpt reject : %7d\n", p->rej_rcpt);
796  printf(" Intranet User : %7d\n", p->rej_luser);
797  printf("\n");
798 
799  return 1;
800 }
801 
802 static bool
803 print_global_summary(data, arg)
804  void *data;
805  void *arg;
806 {
807  History_T *hst = (History_T *) data;
808  char sout[256], *s;
809  HistRes_T *p;
810 
811 #if 0
812  log_history_T *log = (log_history_T *) arg;
813 #endif
814 
815  if (hst == NULL)
816  return FALSE;
817 
818  p = &hst->glob;
819  printf("*** TOTAL\n");
820 
821  strlcpy(sout, ctime(&p->ti), sizeof (sout));
822  if ((s = strchr(sout, '\n')) != NULL)
823  *s = '\0';
824  printf(" First Connection : %s \n", sout);
825 
826  strlcpy(sout, ctime(&p->tf), sizeof (sout));
827  if ((s = strchr(sout, '\n')) != NULL)
828  *s = '\0';
829  printf(" Last Connection : %s \n", sout);
830  printf(" Connections : %7d\n", p->nb_conn);
831  printf(" Gateways : %7ld\n", (long int ) hst->nb);
832  printf(" Throttle Max : %7d / 10 min (for the server)\n",
833  p->serv_rate_max);
834  printf(" Throttle Max : %7d / 10 min (for a single gateway)\n",
835  p->throttle_max);
836  printf
837  (" Duration (sec) : %7.3f %7.3f %8.3f %7.3f (min mean max std-dev)\n",
838  ((double) p->t_length_min) / 1000, zeKMean(&p->st_length) / 1000,
839  ((double) p->t_length_max) / 1000, zeKStdDev(&p->st_length) / 1000);
840  printf
841  (" Work (sec) : %7.3f %7.3f %8.3f %7.3f (min mean max std-dev)\n",
842  ((double) p->t_work_min) / 1000, zeKMean(&p->st_work) / 1000,
843  ((double) p->t_work_max) / 1000, zeKStdDev(&p->st_work) / 1000);
844  if ((p->nb_conn > 0) && (zeKMean(&p->st_length) > 0))
845  printf(" Mean Throuput : %7.3f KBytes/sec\n",
846  (1000. * p->nb_bytes) / (1024 * p->nb_conn * zeKMean(&p->st_length)));
847 
848  printf("Counts\n");
849  printf(" Messages : %7d\n", p->nb_msgs);
850  printf(" Empty Connections : %7d\n", p->nb_empty);
851  printf(" Reject : %7d\n", p->nb_reject);
852  printf(" Volume : %7lu KBytes\n",
853  ((unsigned long) p->nb_bytes) / 1000);
854  printf(" Mean Volume : %7.2f KBytes/msg\n",
855  (p->nb_msgs > 0 ? (double) p->nb_bytes / (1024 * p->nb_msgs) : 0.));
856  printf(" Recipients : %7d\n", p->nb_rcpt);
857 
858  printf(" Rcpt Rejected : %7d\n", p->dbrcpt_reject);
859  printf(" Rcpt Access Denied : %7d\n", p->dbrcpt_access);
860  printf(" Rcpt Bad Network : %7d\n", p->dbrcpt_bad_network);
861  printf(" Rcpt Spamtraps : %7d\n", p->dbrcpt_spamtrap);
862  printf(" Rcpt User Unknown : %7d\n", p->dbrcpt_unknown);
863 
864  printf(" Yield : %7.2f msgs/connection\n",
865  ((double) p->nb_msgs) / ((double) p->nb_conn));
866  printf(" Yield : %7.2f rcpt/connection\n",
867  ((double) p->nb_rcpt) / ((double) p->nb_conn));
868  printf(" Files : %7d\n", p->nb_files);
869  printf(" X-Files : %7d\n", p->nb_xfiles);
870  printf(" Virus : %7d\n", p->nb_virus);
871  printf(" User Filter : %7d\n", p->nb_policy);
872 
873  printf("Reject\n");
874  printf(" DNS resolve : %7d\n", p->rej_resolve);
875  printf(" FAIL : %7d\n", p->rej_resolve_failed);
876  printf(" FORGED : %7d\n", p->rej_resolve_forged);
877  printf(" Connection Rate : %7d\n", p->rej_conn_rate);
878  printf(" Open Connections : %7d\n", p->rej_open);
879  printf(" Empty Connections : %7d\n", p->rej_empty);
880  printf(" Sender has bad MX : %7d\n", p->rej_badmx);
881  printf(" Bad Recipients : %7d\n", p->rej_badrcpt);
882  printf(" Spamtraps : %7d\n", p->rej_spamtrap);
883  printf(" Greylisting RCPT : %7d\n", p->rej_greyrcpt);
884  printf(" Greylisting MSGS : %7d\n", p->rej_greymsgs);
885  printf(" Content : %7d\n", p->rej_regex);
886  printf(" Oracle : %7d\n", p->rej_oracle);
887  printf(" Rcpt reject : %7d\n", p->rej_rcpt);
888  printf(" Intranet User : %7d\n", p->rej_luser);
889  printf("\n");
890 
891  return TRUE;
892 }
893 
894 static int
895 print_noeud_data(void *rec, void *arg)
896 {
897  char *s = "", nodename[128];
898  HistRes_T *p = (HistRes_T *) rec;
899  int res = 0;
900  log_history_T *log = (log_history_T *) arg;
901 
902  if (p == NULL)
903  return 0;
904 
905  switch (log_type) {
906  case H_EMPTY:
907  if (p->nb_empty == 0)
908  return 0;
909  break;
910  case H_REJ_EMPTY:
911  if (p->rej_empty == 0)
912  return 0;
913  break;
914  case H_BADRCPT:
915  if (p->nb_badrcpt == 0 && p->rej_badrcpt == 0)
916  return 0;
917  break;
918  case H_REJ_BADRCPT:
919  if (p->rej_badrcpt == 0)
920  return 0;
921  break;
922  case H_REJ_OPEN:
923  if (p->rej_open == 0)
924  return 0;
925  break;
926  case H_REJ_THROTTLE:
927  if (p->rej_conn_rate == 0)
928  return 0;
929  break;
930  case H_REJ_REGEX:
931  if ((p->rej_regex == 0) && (p->rej_oracle == 0) && (p->nb_bspam == 0))
932  return 0;
933  break;
934  case H_RESOLVE:
936  return 0;
937  break;
938  case H_REJ_RESOLVE:
939  if (p->rej_resolve == 0)
940  return 0;
941  break;
942  case H_XFILES:
943  if ((p->nb_xfiles == 0) && (p->nb_virus == 0))
944  return 0;
945  break;
946  case H_SPAMTRAP:
947  if (p->nb_spamtrap == 0)
948  return 0;
949  break;
950  case H_REJ_BADMX:
951  if (p->rej_badmx == 0)
952  return 0;
953  break;
954  case H_REJ_GREY:
955  if (p->rej_greymsgs == 0)
956  return 0;
957  break;
958  default:
959  return 0;
960  break;
961  }
962 
963  if (log != NULL && log->nbrecs > 0 && log->count >= log->nbrecs)
964  return 1;
965  if (log != NULL)
966  log->count++;
967 
968  if (log_hostnames) {
969  s = nodename;
970  *s = '\0';
971  CACHE_GETHOSTNAMEBYADDR(p->ip, nodename, sizeof (nodename), FALSE);
972  } else
973  s = "";
974 
975  switch (log_type) {
976  case H_EMPTY:
977  case H_REJ_EMPTY:
978  case H_BADRCPT:
979  case H_REJ_BADRCPT:
980  case H_REJ_OPEN:
981  printf(". %-20s | ", p->ip);
982  printf("%7d | %7d %7d | ", p->nb_conn, p->nb_empty, p->nb_badrcpt);
983  printf(" %7d %7d %7d | ", p->rej_empty, p->rej_badrcpt, p->rej_open);
984  printf("%s\n", s);
985  res = 1;
986  break;
987  case H_THROTTLE:
988  break;
989  case H_REJ_THROTTLE:
990  printf(". %-20s : %7d %7d %7d : %s\n",
991  p->ip, p->nb_conn, p->throttle_max, p->rej_conn_rate, s);
992  res = 1;
993  break;
994  case H_RESOLVE:
995  printf(". %-20s : %7d %7d %7d %7d : %s\n",
996  p->ip, p->nb_conn, p->nb_msgs, p->rej_resolve_failed,
997  p->rej_resolve_forged, s);
998  res = 1;
999  break;
1000  case H_REJ_RESOLVE:
1001  printf(". %-20s : %7d %7d %7d %7d : %s\n",
1002  p->ip, p->nb_conn, p->nb_msgs, p->rej_resolve_failed,
1003  p->rej_resolve_forged, s);
1004  res = 1;
1005  break;
1006  case H_REJ_REGEX:
1007  printf(". %-20s : %7d %7d %7d %7d %7d %7d : %s\n", p->ip, p->nb_conn,
1008  p->nb_msgs, p->rej_regex, p->rej_oracle, p->nb_bspam, p->nb_bham,
1009  s);
1010  res = 1;
1011  break;
1012  case H_XFILES:
1013  printf(". %-20s : %7d %7d %7d : %s\n", p->ip, p->nb_conn,
1014  p->nb_xfiles, p->nb_virus, s);
1015  res = 1;
1016  break;
1017  case H_SPAMTRAP:
1018  printf(". %-20s : %7d %7d : %s\n", p->ip, p->nb_conn, p->nb_spamtrap, s);
1019  res = 1;
1020  break;
1021  case H_REJ_BADMX:
1022  printf(". %-20s : %7d %7d %7d : %s\n", p->ip, p->nb_conn, p->nb_msgs,
1023  p->rej_badmx, s);
1024  res = 1;
1025  break;
1026  case H_REJ_GREY:
1027  printf(". %-20s : %7d %7d %7d %7d : %s\n", p->ip, p->nb_conn, p->nb_msgs,
1028  p->rej_greymsgs, p->rej_greyrcpt, s);
1029  res = 1;
1030  break;
1031  default:
1032  return 0;
1033  break;
1034  }
1035 
1036  return res;
1037 }
1038 
1039 /* ****************************************************************************
1040  * *
1041  * *
1042  **************************************************************************** */
1043 void
1044 res_history_summary(hst, ip, tf, dt, verbose, hostnames, type, nbrecs)
1045  History_T *hst;
1046  char *ip;
1047  time_t tf;
1048  time_t dt;
1049  bool verbose;
1050  bool hostnames;
1051  int type;
1052  int nbrecs;
1053 {
1054  int nb = 0;
1055  char *name;
1056  log_history_T log;
1057 
1058  if (hst == NULL)
1059  hst = &history;
1060 
1061  verbose = verbose || (ip != NULL);
1062 
1063  log_hostnames = hostnames || (ip != NULL) || verbose;
1064 
1065  log_type = type;
1066  log_count = nbrecs;
1067 
1068  memset(&log, 0, sizeof (log));
1069  log.hostnames = hostnames || (ip != NULL) || verbose;
1070  log.type = type;
1071  log.nbrecs = nbrecs;
1072  log.count = 0;
1073 
1074  printf("\n");
1075 
1076  name = (ip != NULL ? ip : "HOSTNAME");
1077 
1078  switch (log_type) {
1079  case H_SUMMARY:
1080  printf("*** Summary\n\n");
1081  break;
1082  case H_EMPTY:
1083  printf("*** Clients doing empty connections\n\n");
1084  printf
1085  (". IP ADDRESS | CONNECT | EMPTY BADRCPT | EMPTY BADRCPT OPEN | %s\n",
1086  name);
1087  break;
1088  case H_REJ_EMPTY:
1089  printf("*** Rejected connections (clients doing empty connections)\n\n");
1090  printf
1091  (". IP ADDRESS | CONNECT | EMPTY BADRCPT | EMPTY BADRCPT OPEN | %s\n",
1092  name);
1093  break;
1094  case H_BADRCPT:
1095  printf("*** Rejected connections (clients harvesting addresses)\n\n");
1096  printf
1097  (". IP ADDRESS | CONNECT | EMPTY BADRCPT | EMPTY BADRCPT OPEN | %s\n",
1098  name);
1099  break;
1100  case H_REJ_BADRCPT:
1101  printf("*** Rejected connections (clients harvesting addresses)\n\n");
1102  printf
1103  (". IP ADDRESS | CONNECT | EMPTY BADRCPT | EMPTY BADRCPT OPEN | %s\n",
1104  name);
1105  break;
1106  case H_REJ_OPEN:
1107  printf("*** Clients doing too many open connections\n\n");
1108  printf
1109  (". IP ADDRESS | CONNECT | EMPTY BADRCPT | EMPTY BADRCPT OPEN | %s\n",
1110  name);
1111  break;
1112  case H_THROTTLE:
1113  printf("*** Connection rate\n\n");
1114  break;
1115  case H_REJ_THROTTLE:
1116  printf("*** Rejected connections (throttle too high)\n\n");
1117  printf(". IP ADDRESS : CONNECT THROTTLE REJECT : %s\n", name);
1118  break;
1119  case H_RESOLVE:
1120  printf("*** Clients with bad DNS resolution\n\n");
1121  printf(". IP ADDRESS : CONNECT MSGS FAIL FORGED : %s\n",
1122  name);
1123  break;
1124  case H_REJ_RESOLVE:
1125  printf("*** Clients being rejected (bad DNS resolution)\n\n");
1126  printf(". IP ADDRESS : CONNECT MSGS FAIL FORGED : %s\n",
1127  name);
1128  break;
1129  case H_REJ_REGEX:
1130  printf("*** Connections marked by content checking\n\n");
1131  printf
1132  (". IP ADDRESS : CONNECT MSGS CONTENT ORACLE SPAMS HAMS : %s\n",
1133  name);
1134  break;
1135  case H_XFILES:
1136  printf("*** Gateways sending X-Files or Virus\n");
1137  printf(". IP ADDRESS : CONNECT XFILES VIRUS : %s\n",
1138  name);
1139  break;
1140  case H_SPAMTRAP:
1141  printf("*** Gateways sending messages to Spam traps\n\n");
1142  printf(". IP ADDRESS : CONNECT SPAMTRAP : %s\n", name);
1143  break;
1144  case H_REJ_BADMX:
1145  printf("*** Sender MX is doubious\n\n");
1146  printf(". IP ADDRESS : CONNECT MSGS BADMX : %s\n", name);
1147  break;
1148  case H_REJ_GREY:
1149  printf("*** Greylisted\n\n");
1150  printf(". IP ADDRESS : CONNECT ...MSGS R-MSGS R-RCPTS : %s\n",
1151  name);
1152  break;
1153  }
1154 
1155  switch (log_type) {
1156  case H_SUMMARY:
1157  if (verbose || (ip != NULL))
1158  nb = zeBTree_Browse(&hst->jdbh, print_noeud_summary, &log);
1159 
1160  if (ip == NULL)
1161  print_global_summary(hst, &log);
1162  break;
1163 
1164  default:
1165  log_hostnames = TRUE;
1166  nb = zeBTree_Browse(&hst->jdbh, print_noeud_data, &log);
1167  break;
1168 
1169  }
1170 
1171  printf("\n*** Records found : %d\n\n", nb);
1172 
1173 #if 0
1174  zeBTree_Clear(&hst->jdbh);
1175 #endif
1176 }
1177 
1178 
1179 /* ****************************************************************************
1180  * *
1181  * *
1182  **************************************************************************** */
1183 bool
1184 load_live_history(hst, tf, dt)
1185  History_T *hst;
1186  time_t tf;
1187  time_t dt;
1188 {
1189  int fd;
1190  time_t ti = 0, tr = 0;
1191  HistRaw_T buf;
1192  long p = 0;
1193  off_t ptr;
1194 
1195  ZE_MessageInfo(10, "Loading connection live history...");
1196 
1197  if (hst == NULL)
1198  hst = &history;
1199 
1200  if (hfile.fd < 0) {
1201  (void) raw_history_open(FALSE);
1202  }
1203 
1204  fd = hfile.fd;
1205 
1206  if (tf <= (time_t) 0)
1207  tf = time(NULL);
1208  if (dt <= 0)
1209  dt = 3600;
1210 
1211  ti = tf - dt;
1212 
1213  ZE_LogMsgDebug(15, " ti tf dt : %ld %ld %ld\n", (long) ti, (long) tf,
1214  (long) dt);
1215 
1216  HISTORY_LOCK();
1217 
1218  for (p = 0;; p++) {
1219  ptr = p * sizeof (buf);
1220 
1221 #if HAVE_PREAD
1222  if (pread(fd, &buf, sizeof (buf), ptr) != sizeof (buf))
1223  break;
1224 #else
1225  if (lseek(fd, ptr, SEEK_SET) == (off_t) - 1) {
1226  ZE_LogSysError("lseek error");
1227  return FALSE;
1228  }
1229  if (read(fd, &buf, sizeof (buf)) != sizeof (buf))
1230  break;
1231 #endif
1232  if (buf.signature != SIGNATURE)
1233  continue;
1234 
1235  tr = buf.conn_id + buf.t_length / 1000;
1236 
1237  if ((tr < ti) || (tr > tf))
1238  continue;
1239 
1240  if (strlen(buf.ip) == 0 || strstr(buf.ip, "unknown") != NULL)
1241  continue;
1242 
1243  if (buf.nb_badrcpt > 0)
1244  (void) livehistory_add_entry(buf.ip, tr, buf.nb_badrcpt, LH_BADRCPT);
1245 
1246  if (buf.nb_spamtrap > 0)
1247  (void) livehistory_add_entry(buf.ip, tr, buf.nb_spamtrap, LH_SPAMTRAP);
1248 
1249  if (buf.rej_badmx)
1250  (void) livehistory_add_entry(buf.ip, tr, 1, LH_BADMX);
1251 
1252  if (buf.rej_resolve)
1253  (void) livehistory_add_entry(buf.ip, tr, 1, LH_BAD_RESOLVE);
1254  }
1255 
1256  HISTORY_UNLOCK();
1257 
1258  ZE_LogMsgInfo(12, "Search ended : %ld noeuds", (long int ) hst->nb);
1259 
1260  return TRUE;
1261 }
#define H_REJ_GREY
Definition: ze-history.h:45
#define H_EMPTY
Definition: ze-history.h:32
bool zeBTree_Set_BTree_Size(ZEBT_T *, bool, int)
Definition: zeBTree.c:170
char ip[SZ_IP]
Definition: ze-history.c:120
short score_urlbl
Definition: ze-history.c:104
bool rej_conn_rate
#define H_XFILES
Definition: ze-history.h:42
int32_t rej_resolve
Definition: ze-history.c:159
short dummy_1
Definition: ze-history.c:59
int32_t resolve_res
Definition: ze-history.c:147
int jinet_pton(int, char *, void *)
int32_t nb_xfiles
Definition: ze-history.c:138
#define H_REJ_BADMX
Definition: ze-history.h:44
size_t nb
Definition: ze-history.c:190
short rej_resolve
Definition: ze-history.c:74
short rej_open
Definition: ze-history.c:82
short conn_rate
Definition: ze-history.c:58
short rej_conn_rate
Definition: ze-history.c:73
int32_t nb_bham
Definition: ze-history.c:145
int dbrcpt_conn_unknown
short nb_xfiles
Definition: ze-history.c:65
#define CACHE_GETHOSTNAMEBYADDR(ip, name, size, query)
Definition: ze-filter.h:186
void * zeBTree_Get(ZEBT_T *, void *)
Definition: zeBTree.c:281
int32_t dbrcpt_unknown
Definition: ze-history.c:156
short rej_rcpt
Definition: ze-history.c:75
int32_t nb_msgs
Definition: ze-history.c:128
int32_t rej_open
Definition: ze-history.c:163
uint32_t t_work_min
Definition: ze-history.c:182
pthread_mutex_t st_mutex
Definition: ze-history.c:212
#define H_REJ_REGEX
Definition: ze-history.h:41
time_t ti
Definition: ze-history.c:124
short dummy_2
Definition: ze-history.c:61
#define ZE_WORKDIR
Definition: defs.h:33
#define H_RESOLVE
Definition: ze-history.h:39
int32_t serv_rate_max
Definition: ze-history.c:150
bool zeBTree_Init(ZEBT_T *, size_t, ZEBT_CMP_F)
Definition: zeBTree.c:96
int32_t dbrcpt_spamtrap
Definition: ze-history.c:157
int32_t nb_empty
Definition: ze-history.c:142
#define H_THROTTLE
Definition: ze-history.h:37
short dbrcpt_spamtrap
Definition: ze-history.c:111
uint32_t t_open
Definition: ze-history.c:51
#define HISTORY_LOCK()
Definition: ze-history.c:219
int32_t nb_rcpt
Definition: ze-history.c:134
short nb_policy
Definition: ze-history.c:67
int32_t nb_files
Definition: ze-history.c:137
HistRes_T * res_history_lookup(History_T *, char *)
char * peer_addr
#define LH_BADMX
short rej_regex
Definition: ze-history.c:72
int32_t nb_spamtrap
Definition: ze-history.c:136
#define ZE_LogMsgInfo(level,...)
Definition: zeSyslog.h:110
time_t conn_id
bool zeBTree_Add(ZEBT_T *, void *)
Definition: zeBTree.c:309
short nb_msgs
Definition: ze-history.c:68
short ip_class
Definition: ze-history.c:57
char ip[SZ_IP]
Definition: ze-history.c:45
#define H_SUMMARY
Definition: ze-history.h:31
int dbrcpt_bad_network
#define FALSE
Definition: macros.h:160
time_t t_callback
#define SMFIS_CONTINUE
uint32_t t_work_max
Definition: ze-history.c:181
#define strlcpy
Definition: zeString.h:32
short score_regex
Definition: ze-history.c:105
ZEBT_T jdbh
Definition: ze-history.c:191
#define LH_SPAMTRAP
int ip_strcmp(char *, char *)
Definition: ze-inet.c:141
#define RESOLVE_FORGED
Definition: ze-filter.h:173
bool reject_connect
#define H_SPAMTRAP
Definition: ze-history.h:43
int32_t throttle_max
Definition: ze-history.c:149
short rej_badmx
Definition: ze-history.c:92
short dbrcpt_unknown
Definition: ze-history.c:110
time_t tf
Definition: ze-history.c:125
#define RESOLVE_VAL(i)
Definition: ze-filter.h:178
int32_t rej_greyrcpt
Definition: ze-history.c:173
int32_t rej_badmx
Definition: ze-history.c:170
int cf_get_int(int id)
Definition: ze-cf.c:803
#define SZ_IP
Definition: ze-libjc.h:77
#define MLFIPRIV(ctx)
short rej_greymsgs
Definition: ze-history.c:96
uint32_t t_close
Definition: ze-history.c:52
#define H_REJ_BADRCPT
Definition: ze-history.h:35
short nb_files
Definition: ze-history.c:64
bool rej_resolve
int32_t rej_resolve_forged
Definition: ze-history.c:161
#define strchr
Definition: ze-sys.h:218
short dbrcpt_bad_network
Definition: ze-history.c:109
short result
Definition: ze-history.c:56
#define H_REJ_OPEN
Definition: ze-history.h:36
#define LH_BADRCPT
short resolve_res
Definition: ze-history.c:60
int32_t nb_badrcpt
Definition: ze-history.c:135
long ptr
Definition: ze-history.c:211
int32_t rej_rcpt
Definition: ze-history.c:166
int32_t rej_resolve_failed
Definition: ze-history.c:160
bool raw_history_open(bool ronly)
Definition: ze-history.c:227
#define H_BADRCPT
Definition: ze-history.h:34
int32_t nb_reject
Definition: ze-history.c:141
short nb_bspam
Definition: ze-history.c:113
short rej_oracle
Definition: ze-history.c:90
#define ZE_LogMsgDebug(level,...)
Definition: zeSyslog.h:109
#define RESOLVE_OK
Definition: ze-filter.h:171
void zeKStatsUpdate(kstats_T *, double)
Definition: zeKStats.c:101
#define HISTORY_T_INIT
Definition: ze-history.c:195
int32_t rej_spamtrap
Definition: ze-history.c:171
short reject_connect
Definition: ze-history.c:88
short dbrcpt_reject
Definition: ze-history.c:107
bool zeBTree_Clear(ZEBT_T *)
Definition: zeBTree.c:222
void res_history_summary(History_T *hst, char *ip, time_t tf, time_t dt, bool verbose, bool hostnames, int type, int nbrecs)
Definition: ze-history.c:1044
uint32_t t_work
Definition: ze-history.c:80
uint32_t connect_flags
Definition: ze-history.c:98
bool res_history_update(History_T *hst, char *ip, time_t tf, time_t dt, bool verbose)
Definition: ze-history.c:631
time_t t_open
#define ZE_MessageInfo(level,...)
Definition: zeSyslog.h:90
uint32_t nb_bytes
Definition: ze-history.c:70
int nb
Definition: ze-connopen.c:61
#define H_REJ_EMPTY
Definition: ze-history.h:33
short nb_spamtrap
Definition: ze-history.c:91
int32_t nb_virus
Definition: ze-history.c:139
int dbrcpt_conn_spamtrap
kstats_T st_work
Definition: ze-history.c:180
short serv_rate
Definition: ze-history.c:78
#define TRUE
Definition: macros.h:157
short nb_bham
Definition: ze-history.c:114
int32_t rej_empty
Definition: ze-history.c:164
bool load_live_history(History_T *hst, time_t tf, time_t dt)
Definition: ze-history.c:1184
int32_t rej_regex
Definition: ze-history.c:167
short score_oracle
Definition: ze-history.c:103
unsigned long nb_bytes
int32_t rej_oracle
Definition: ze-history.c:169
unsigned long off_t
Definition: ze-sys.h:515
short rej_empty
Definition: ze-history.c:83
#define ZE_LogSysError(...)
Definition: zeSyslog.h:129
int32_t dbrcpt_bad_network
Definition: ze-history.c:155
short rej_spamtrap
Definition: ze-history.c:93
int32_t rej_luser
Definition: ze-history.c:168
char * cf_get_str(int id)
Definition: ze-cf.c:854
kstats_T st_length
Definition: ze-history.c:176
int32_t ip_class
Definition: ze-history.c:151
#define ZE_LogMsgWarning(level,...)
Definition: zeSyslog.h:112
#define HISTORY_UNLOCK()
Definition: ze-history.c:220
short rej_badrcpt
Definition: ze-history.c:86
HistRes_T glob
Definition: ze-history.c:192
int32_t rej_badrcpt
Definition: ze-history.c:165
short rej_luser
Definition: ze-history.c:76
short nb_rcpt
Definition: ze-history.c:63
short rej_greyrcpt
Definition: ze-history.c:95
#define H_REJ_RESOLVE
Definition: ze-history.h:40
int32_t nb_bspam
Definition: ze-history.c:144
uint32_t nb_bytes
Definition: ze-history.c:132
uint32_t signature
Definition: ze-history.c:43
#define STRCASEEQUAL(a, b)
Definition: macros.h:72
bool rej_badrcpt
double zeKMean(kstats_T *s)
Definition: zeKStats.c:43
time_t conn_id
Definition: ze-history.c:44
netclass_T netclass
int32_t nb_conn
Definition: ze-history.c:127
int livehistory_add_entry(char *, time_t, int, int)
double zeKStdDev(kstats_T *s)
Definition: zeKStats.c:53
void raw_history_close()
Definition: ze-history.c:296
int32_t dbrcpt_reject
Definition: ze-history.c:153
int32_t rej_conn_rate
Definition: ze-history.c:162
#define NET_CLASS_LABEL(class)
Definition: ze-netclass.h:57
#define SIGNATURE
Definition: ze-libjc.h:75
struct log_history_T log_history_T
#define CF_HISTORY_ENTRIES
Definition: cfh-defs.h:65
uint32_t t_length
Definition: ze-history.c:54
short dummy[5]
Definition: ze-history.c:115
#define CF_WORKDIR
Definition: cfh-defs.h:67
short nb_badrcpt
Definition: ze-history.c:85
#define LH_BAD_RESOLVE
long ssize_t
Definition: ze-sys.h:523
unsigned int mode_t
Definition: ze-sys.h:519
long uint32_t
Definition: ze-sys.h:489
int32_t dbrcpt_access
Definition: ze-history.c:154
#define RESOLVE_NULL
Definition: ze-filter.h:170
short dbrcpt_access
Definition: ze-history.c:108
uint32_t in_addr_t
Definition: ze-sys.h:541
short nb_virus
Definition: ze-history.c:66
int32_t nb_policy
Definition: ze-history.c:140
int zeBTree_Browse(ZEBT_T *, ZEBT_BROWSE_F, void *)
Definition: zeBTree.c:262
bool raw_history_add_entry(SMFICTX *ctx)
Definition: ze-history.c:309
int32_t rej_greymsgs
Definition: ze-history.c:174
uint32_t t_length_max
Definition: ze-history.c:177
void res_history_clear(History_T *)
Definition: ze-history.c:565
Definition: zeBTree.h:73
#define H_REJ_THROTTLE
Definition: ze-history.h:38
#define RESOLVE_FAIL
Definition: ze-filter.h:172
time_t t_close
uint32_t t_length_min
Definition: ze-history.c:178