From e8521eead94d97a775ec5b55c0835b7f74fbc934 Mon Sep 17 00:00:00 2001
From: Jon Foster <jon@jfpossibilities.com>
Date: Tue, 19 Mar 2024 12:30:15 -0700
Subject: [PATCH] Add "ignores" to badtrafficrpt

 * Simplified Makefile.
 * Rebased trafficmon's app class config on iptraffic's config so all
   the trafficmon bits have access to the same data+MySQL login.
 * Added ignore logic to badtrafficrpt
 * Changed trafficctrl's Makefile to force C++11, since C++CMS needs it.
 * Version bump in DPAK
---
 Makefile                     | 53 ++++++++++++++------------------------------
 TODO                         |  8 +++++++
 controlpanel/Makefile        |  8 ++-----
 poorman-ids.dpak             |  8 +++++++
 trafficmon/appbase.h         |  4 ++--
 trafficmon/badtrafficrpt.cpp | 37 +++++++++++++++++++++++++------
 trafficmon/trafficmon.cpp    | 21 +++---------------
 7 files changed, 70 insertions(+), 69 deletions(-)

diff --git a/Makefile b/Makefile
index 2a7a544..9397c15 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,6 @@
 # cm-20220225 testing controlpanel messages with symbols left in
-#O=-s
+CXXFLAGS=-s
+LDFLAGS=-lcppdb
 
 
 ### Program Targets ###
@@ -10,50 +11,28 @@ all: iptraffic trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/dombl
 controlpanel/trafficctrl:
 	cd controlpanel && make trafficctrl
 
-iptraffic: iptraffic.cpp strutil.o data.o config.o cli.o miniini.o
-	g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o
-
-trafficmon/badtrafficrpt: trafficmon/badtrafficrpt.cpp cli.o miniini.o strutil.o trafficmon/appbase.o
-	g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb
-
-trafficmon/dnsblacklist: trafficmon/dnsblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o
-	g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb
-
-trafficmon/domblacklist: trafficmon/domblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o
-	g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb
-
-trafficmon/impblack: trafficmon/impblack.cpp strutil.o cli.o miniini.o trafficmon/appbase.o
-	g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb
-
-trafficmon/trafficmon: trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o
-	g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o -lcppdb
+iptraffic:		iptraffic.cpp strutil.o data.o config.o cli.o miniini.o
+trafficmon/badtrafficrpt: trafficmon/badtrafficrpt.cpp config.o cli.o data.o miniini.o strutil.o trafficmon/appbase.o
+trafficmon/dnsblacklist: trafficmon/dnsblacklist.cpp config.o cli.o data.o miniini.o strutil.o trafficmon/appbase.o
+trafficmon/domblacklist: trafficmon/domblacklist.cpp config.o cli.o data.o miniini.o strutil.o trafficmon/appbase.o
+trafficmon/impblack:	trafficmon/impblack.cpp strutil.o config.o cli.o data.o miniini.o trafficmon/appbase.o
+trafficmon/trafficmon:	trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o
 
 
 ### Libs ###
 
-cli.o: cli.cpp cli.h
-	g++ $O -c -o $@ cli.cpp
-
-config.o: config.cpp config.h strutil.o data.o miniini.o
-	g++ $O -c -o $@ config.cpp
-
-data.o: data.cpp data.h strutil.o
-	g++ $O -c -o $@ data.cpp
-
-miniini.o: miniini.cpp miniini.h strutil.o
-	g++ $O -c -o $@ miniini.cpp
-
-strutil.o: strutil.cpp strutil.h
-	g++ $O -c -o $@ strutil.cpp
-
-trafficmon/appbase.o: trafficmon/appbase.cpp trafficmon/appbase.h cli.o miniini.o
-	g++ $O -c -o $@ trafficmon/appbase.cpp
+cli.o:			cli.cpp cli.h
+config.o:		config.cpp config.h strutil.h data.h miniini.h
+data.o:			data.cpp data.h strutil.h
+miniini.o:		miniini.cpp miniini.h strutil.h
+strutil.o:		strutil.cpp strutil.h
+trafficmon/appbase.o: 	trafficmon/appbase.cpp trafficmon/appbase.h config.h cli.h data.h miniini.h strutil.h
 
 
 
 ### Source Maintenance ###
 
-.PHONY: clean distclean
+.PHONY: clean distclean docs
 clean:
 	rm *.o */*.o || true
 distclean: clean
@@ -61,3 +40,5 @@ distclean: clean
 	rm trafficmon/dnsblacklist trafficmon/domblacklist trafficmon/impblack || true
 	rm *.deb || true
 	cd controlpanel && make distclean
+docs:
+	doxygen Doxyfile
diff --git a/TODO b/TODO
index 0643d91..1ac8fd8 100644
--- a/TODO
+++ b/TODO
@@ -1,3 +1,11 @@
+TODO
+====
+
+ - trafficctl: wild-card whitelisting. Either just remember "accepts" or use the "*" notation.
+ - trafficctl: "whole domain" should only change those entries in the group being reported. What about "*".
+ - should probably convert to use static-linked MySQL client. C++DB has trouble with longterm connections.
+ - trafficctl: comment field?
+
 BUGS
 ====
 
diff --git a/controlpanel/Makefile b/controlpanel/Makefile
index eefbb9e..1efc63d 100644
--- a/controlpanel/Makefile
+++ b/controlpanel/Makefile
@@ -1,12 +1,8 @@
-# Optional compiler flags
-#O=-std=c++11
+# Optional compiler flags - C++CMS templates need C++11
+O=-std=c++11
 
 trafficctrl: trafficctrl.cpp data.h ../strutil.o mainskin.o
 	g++ $O -o $@ $@.cpp mainskin.o ../strutil.o -lcppcms -lcppdb -lbooster
-
-../strutil.o: ../strutil.cpp ../strutil.h
-	cd .. && make strutil.o
-
 mainskin.cxx: mainskin.tmpl
 	cppcms_tmpl_cc -o $@ mainskin.tmpl
 mainskin.o: mainskin.cxx data.h
diff --git a/poorman-ids.dpak b/poorman-ids.dpak
index d2e340f..07f14d4 100644
--- a/poorman-ids.dpak
+++ b/poorman-ids.dpak
@@ -13,6 +13,14 @@ Copyright: .
 Origin: JFP
 Packaged-For: JF Possibilities, Inc.
 changelog:
+ (0.8-1j) unstable; urgency=low
+ .
+   ** This is an alpha release **
+ .
+   * Add [ignores] handling to badtrafficfrpt
+ .
+  -- Jon Foster <jon@jfpossibilities.com>  Tue, 19 Mar 2024 12:34:33 -0700
+ .
  (0.7-1j) unstable; urgency=low
  .
    ** This is an alpha release **
diff --git a/trafficmon/appbase.h b/trafficmon/appbase.h
index 71aa23c..eed13d8 100644
--- a/trafficmon/appbase.h
+++ b/trafficmon/appbase.h
@@ -12,7 +12,7 @@
 #define __IDS_MONITOR_BASE_APP_H__
 #include  <cppdb/frontend.h>
 #include  "../cli.h"
-#include  "../miniini.h"
+#include  "../config.h"
 
 
 
@@ -23,7 +23,7 @@
 // ignore the parts they aren't interested in.
 //////////////////////////////////////////////////////////////////////
 
-struct MonitorBaseConf: public MiniINI {
+struct MonitorBaseConf: public Config {
   MiniINIvars  traffic_mon; // This app's config variables
 
   MonitorBaseConf() { groups["Traffic Mon"] = &traffic_mon; }
diff --git a/trafficmon/badtrafficrpt.cpp b/trafficmon/badtrafficrpt.cpp
index 3831477..1f7a157 100644
--- a/trafficmon/badtrafficrpt.cpp
+++ b/trafficmon/badtrafficrpt.cpp
@@ -14,6 +14,15 @@
 //   1. domain name or address if a domain is not known.
 //   2. list of ports that were connected to.
 //   3. count of total connections
+//
+// 20240319 <jon@jfpossibilities.com>
+//   Implemented "ignores" in the report. These use the ignore section
+//   used by trafficrpt. But there are some oddities (so far). All
+//   report entries are considered to be TCP connections originating
+//   from 0.0.0.0 and outbound. This is a cheat to prevent
+//   complication in the query process. Its tempting to implement this
+//   in trafficmon... but that is a permanent loss of data... still
+//   debating.
 //////////////////////////////////////////////////////////////////////
 #include  <string>
 #include  <map>
@@ -119,14 +128,9 @@ struct ReportData: map<string,ReportLine> {
 inline ostream &operator<<(ostream &out, const ReportData &r){
   return out << r.ascii();
 }
+// NOTE: implementation at bottom.
 namespace cppdb {
-  result &operator>>(result &qry, ::ReportData &rpt) {
-    string name, addr, port;
-    int ct;
-    qry >> name >> addr >> port >> ct;
-    if(name=="") name=addr;
-    rpt.add(name, port, ct);
-  }
+  result &operator>>(result &qry, ::ReportData &rpt);
 }
 
 
@@ -207,3 +211,22 @@ struct appConnectionReport: TrafficMonBaseApp {
 //////////////////////////////////////////////////////////////////////
 
 MAIN(appConnectionReport)
+
+// NOTE: This needs to be down here so it knows of "app", defined by MAIN.
+
+namespace cppdb {
+  result &operator>>(result &qry, ::ReportData &rpt) {
+    Conn rec;
+    int ct;
+    rec.us="0.0.0.0";
+    rec.protocol="TCP";
+    rec.in=0;
+    qry >> rec.name >> rec.them >> rec.them_port >> ct;
+    // NOTE: ignores can only work from remote addresses.
+    if(app.config->ignores.vals.find(rec)<0) {
+      if(rec.name=="") rec.name=rec.them;
+      rpt.add(rec.name, str(rec.them_port), ct);
+    }
+      else cerr << "ignored" << endl;
+  }
+}
diff --git a/trafficmon/trafficmon.cpp b/trafficmon/trafficmon.cpp
index 9f7afa3..884a05b 100644
--- a/trafficmon/trafficmon.cpp
+++ b/trafficmon/trafficmon.cpp
@@ -23,27 +23,12 @@
 #include <vector>
 #include <map>
 
-#include "../cli.h"
-#include "../data.h"
-#include "../config.h"
 #include "appbase.h"
 using namespace std;
 
 
 
 //////////////////////////////////////////////////////////////////////
-// Monitor Config
-//////////////////////////////////////////////////////////////////////
-
-struct MonitorConf: public MonitorBaseConf {
-  INIusList    us;
-
-  MonitorConf() { groups["us"] = &us; }
-};
-
-
-
-//////////////////////////////////////////////////////////////////////
 // Application class to store data passed in through a pipe or
 // file(s).
 //////////////////////////////////////////////////////////////////////
@@ -72,8 +57,8 @@ struct TrafficMon: public TrafficMonBaseApp {
     running(      false),
     line_no(          0)
   {
-    config = new MonitorConf;
-    analyze.us = &(((MonitorConf *)config)->us.vals);
+    config = new MonitorBaseConf;
+    analyze.us = &config->us.vals;
   }
 
 
@@ -265,7 +250,7 @@ restart:
     int x;
     try {
       if(x=TrafficMonBaseApp::main()) return x;
-      if(!((MonitorConf*)config)->us.vals.size()) throw CLIerror(
+      if(!config->us.vals.size()) throw CLIerror(
         "The configuration files MUST contain an [us] section with "
         "appropriate values"
       );