return $bits;
}
+my %cidrcache = ();
+sub cache_cidrlookup {
+ my ($addr, $net) = @_;
+ my $key = $addr . " " . $net;
+
+ if (!exists($cidrcache{$key})) {
+ $cidrcache{$key} = Net::CIDR::cidrlookup($addr, $net);
+ }
+ return $cidrcache{$key};
+}
+
+my %rangecache = ();
+sub cache_cidrrange {
+ my ($net) = @_;
+
+ if (!exists($rangecache{$net})) {
+ ($rangecache{$net}) = Net::CIDR::cidr2range($net);
+ }
+
+ return $rangecache{$net};
+}
+
+open LOG, ">>", "mbd.log";
+
my @ports = mbd::find_all_ports();
# Open a socket for each port
# Check against the ACL.
my $pass = 0;
for my $rule (@Config::access_list) {
- if (mbd::match_ranges($dport, $rule->{'ports'}) &&
- mbd::match_ranges($size, $rule->{'sizes'})) {
- $pass = 1;
+ next unless (mbd::match_ranges($dport, $rule->{'ports'}));
+ next unless (mbd::match_ranges($size, $rule->{'sizes'}));
+
+ if ($rule->{'filter'}) {
+ next unless ($rule->{'filter'}($data));
}
+
+ $pass = 1;
+ last;
}
+ print LOG "$dport $size $pass\n";
+
if (!$pass) {
print "$dport, $size bytes => filtered\n";
}
next unless $pass;
for my $net (@Config::networks) {
- next if (Net::CIDR::cidrlookup(inet_ntoa($saddr), $net));
+ next if (cache_cidrlookup(inet_ntoa($saddr), $net));
- my ($range) = Net::CIDR::cidr2range($net);
+ my ($range) = cache_cidrrange($net);
$range =~ /-(.*?)$/;
my $broadcast = $1;