X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=mbd%2Fmbd.pl;h=44dd334a854dbb2a0a561c707b26a5925b9085fe;hb=7ae11f7618602eef12abc857b7434d26a895d346;hp=0993e436fd7819371c38f0f5a77ad7c8fc58ae9e;hpb=785ae2dbd087acc20d8eea33443aa51f381da889;p=nms diff --git a/mbd/mbd.pl b/mbd/mbd.pl index 0993e43..44dd334 100644 --- a/mbd/mbd.pl +++ b/mbd/mbd.pl @@ -16,6 +16,30 @@ sub fhbits { return $bits; } +my %cidrcache = (); +sub cache_cidrlookup { + my ($addr, $net) = @_; + my $key = $addr . " " . $net; + + if (!exists($cidrcache{$key})) { + $cidrcache{$key} = Net::CIDR::cidrlookup($addr, $net); + } + return $cidrcache{$key}; +} + +my %rangecache = (); +sub cache_cidrrange { + my ($net) = @_; + + if (!exists($rangecache{$net})) { + ($rangecache{$net}) = Net::CIDR::cidr2range($net); + } + + return $rangecache{$net}; +} + +open LOG, ">>", "mbd.log"; + my @ports = mbd::find_all_ports(); # Open a socket for each port @@ -51,27 +75,34 @@ while (1) { # Check against the ACL. my $pass = 0; for my $rule (@Config::access_list) { - if (match_ranges($dport, $rule->{'ports'}) && - match_ranges($size, $rule->{'sizes'})) { - $pass = 1; + next unless (mbd::match_ranges($dport, $rule->{'ports'})); + next unless (mbd::match_ranges($size, $rule->{'sizes'})); + + if ($rule->{'filter'}) { + next unless ($rule->{'filter'}($data)); } + + $pass = 1; + last; } + print LOG "$dport $size $pass\n"; + if (!$pass) { print "$dport, $size bytes => filtered\n"; } next unless $pass; + my $num_nets = 0; + for my $net (@Config::networks) { - next if (Net::CIDR::cidrlookup(inet_ntoa($saddr), $net)); + next if (cache_cidrlookup(inet_ntoa($saddr), $net)); - my ($range) = Net::CIDR::cidr2range($net); + my ($range) = cache_cidrrange($net); $range =~ /-(.*?)$/; my $broadcast = $1; - print inet_ntoa($saddr), ", $dport, $size bytes => $broadcast\n"; - $sendsock->set({ ip => { saddr => inet_ntoa($saddr), @@ -84,7 +115,9 @@ while (1) { } }); $sendsock->send; + ++$num_nets; } + print inet_ntoa($saddr), ", $dport, $size bytes => ($num_nets networks)\n"; } }