From 8d0467ff8bb1a7ce0c23638c529e75c76fa2fffd Mon Sep 17 00:00:00 2001
From: Thomas Ries <tries@gmx.net>
Date: Tue, 14 Mar 2017 19:42:03 +0000
Subject: [PATCH] added plugin_blacklist

---
 ChangeLog                |  5 ++++-
 doc/siproxd.conf.example | 30 ++++++++++++++++++++++++++++++
 src/plugin_blacklist.c   | 11 ++++-------
 3 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 4b79190..e4d28ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,9 @@
 0.8.3dev
 ========
-<<<<<<< .mine
+  14-Mar-2017:  - plugin_blacklist: new plugin to block UACs that cause
+                  excessive failures durign REGISTER attempts.
+  27-Feb-2017:  - improved memory behavior of some plugins during shutdown
+                - fixed 2 minor memory leaks
   02-Aug-2016:  - rtpproxy_relay: more robustness when closing sockets.
   31-Aug-2016:  - plugin_stats: write some statistics about currently active calls
   30-Aug-2016:  - rtpproxy.h: rtp_proxytable_t.opposite_entry has been
diff --git a/doc/siproxd.conf.example b/doc/siproxd.conf.example
index 03728b6..42ce004 100644
--- a/doc/siproxd.conf.example
+++ b/doc/siproxd.conf.example
@@ -314,6 +314,10 @@ debug_port = 0
 #outbound_domain_name = freenet.de
 #outbound_domain_host = proxy.for.domain.freende.de
 #outbound_domain_port = 5060
+#
+outbound_domain_name = easybell.de
+outbound_domain_host = sip.easybell.de
+outbound_domain_port = 5060
 
 
 ######################################################################
@@ -519,3 +523,29 @@ plugin_fix_fbox_anoncall_networks = 192.168.0.0/16,10.0.0.0/8,172.16.0.0/20
 #plugin_stats_to_syslog = 300
 #plugin_stats_to_file = 300
 #plugin_stats_filename = /var/lib/siproxd/siproxd_stats
+
+######################################################################
+# Plugin_blacklist
+#
+# This plugin maintains count of failed REGISTER attempts of
+# individual local UACs (clients) and does block outgoing requests
+# from such a UAC once a limit /hitcount) has been reached. The 
+# duration of the block is configurable. It is required that a blocked
+# UAC does *not* send any packets that are going to be blocked
+# during the duration to recover (the UAC must remain silent during 
+# this period)
+#
+# ..._dbpath:        path where to locate the database
+# ..._mode:          0: no block, 1: IP based, 2: IP and SIP-user based
+# ..._simulate:      0: block UACs once the failure count limit has been reached
+#                    1: simulate, only log but don't block
+# ..._duration:      block duration in seconds, 0: forever
+# ..._hitcount:      required failed REGISTER attempts until blocked.
+#
+plugin_blacklist_dbpath = /var/lib/siproxd/blacklist.sqlite
+//plugin_blacklist_mode = 0
+plugin_blacklist_simulate = 0
+plugin_blacklist_duration = 3600
+plugin_blacklist_hitcount = 10
+
+
diff --git a/src/plugin_blacklist.c b/src/plugin_blacklist.c
index 661e6d7..b85bb6e 100644
--- a/src/plugin_blacklist.c
+++ b/src/plugin_blacklist.c
@@ -53,7 +53,7 @@ extern struct siproxd_config configuration;
 /* plugin configuration storage */
 static struct plugin_config {
    char *dbpath;	/* path to sqlite DB file (/var/lib/siproxd/bl.db */
-   int  block_mode;	/* 0: no, 1: IP based, 2: IP & SIP-user */ 
+//   int  block_mode;	/* 0: no, 1: IP based, 2: IP & SIP-user */ 
    int  simulate;	/* 0: no, 1: don't block, just log */ 
    int  duration;	/* in seconds, 0: forever, dont' expire */ 
    int  hitcount;	/* required attempts until blocked */ 
@@ -62,7 +62,7 @@ static struct plugin_config {
 /* Instructions for config parser */
 static cfgopts_t plugin_cfg_opts[] = {
    { "plugin_blacklist_dbpath",		TYP_STRING, &plugin_cfg.dbpath,	{0, "/var/lib/siproxd/blacklist.sqlite"} },
-   { "plugin_blacklist_mode",		TYP_INT4,   &plugin_cfg.block_mode,	{2, NULL} },
+//   { "plugin_blacklist_mode",		TYP_INT4,   &plugin_cfg.block_mode,	{2, NULL} },
    { "plugin_blacklist_simulate",	TYP_INT4,   &plugin_cfg.simulate,	{0, NULL} },
    { "plugin_blacklist_duration",	TYP_INT4,   &plugin_cfg.duration,	{3600, NULL} },
    { "plugin_blacklist_hitcount",	TYP_INT4,   &plugin_cfg.hitcount,	{10, NULL} },
@@ -81,12 +81,12 @@ typedef struct {
 
 static sql_statement_t sql_statement[] = {
    /* blacklist_check() */
-   {  0, NULL, "SELECT count(id) from blacklist WHERE ip=?001 and sipuri=?002 AND (type =1 or failcount>?003);" },
+   {  0, NULL, "SELECT count(*) from blacklist WHERE ip=?001 and sipuri=?002 AND (type=1 or failcount>?003);" },
    {  1, NULL, "UPDATE OR IGNORE blacklist SET lastseen=?003 WHERE ip=?001 and sipuri=?002;" },
    {  2, NULL, "INSERT OR REPLACE INTO requests (timestamp, ip, sipuri, callid) VALUES (?001, ?002, ?003, ?004);" },
    /* blacklist_update() */
    {  3, NULL, "DELETE FROM requests WHERE timestamp<?001;" },
-   {  4, NULL, "SELECT count(id) from requests WHERE ip=?001 and sipuri=?002 AND callid=?003;" },
+   {  4, NULL, "SELECT count(*) from requests WHERE ip=?001 and sipuri=?002 AND callid=?003;" },
    {  5, NULL, "INSERT OR IGNORE INTO blacklist (ip, sipuri) VALUES (?001, ?002);" },
    {  6, NULL, "UPDATE OR IGNORE blacklist SET failcount=failcount+1, lastseen=?003, lastfail=?003 WHERE type=0 and ip=?001 and sipuri=?002;" },
    {  7, NULL, "UPDATE OR IGNORE blacklist SET lastseen=?003 WHERE ip=?001 and sipuri=?002;" },
@@ -120,7 +120,6 @@ static sql_statement_t sql_statement[] = {
 	    ");" \
 	"CREATE TABLE IF NOT EXISTS "\
 	    "blacklist ( "\
-		"id INTEGER PRIMARY KEY AUTOINCREMENT, "\
 		"type INTEGER DEFAULT 0, "\
 		"ip VARCHAR(" xstr(IPSTRING_SIZE) "), "\
 		"sipuri VARCHAR(" xstr(USERNAME_SIZE) "), "\
@@ -131,7 +130,6 @@ static sql_statement_t sql_statement[] = {
 	    ");" \
 	"CREATE TABLE IF NOT EXISTS "\
 	    "requests ( "\
-		"id INTEGER PRIMARY KEY AUTOINCREMENT, "\
 		"timestamp INTEGER DEFAULT 0, "\
 		"ip VARCHAR(" xstr(IPSTRING_SIZE) "), "\
 		"sipuri VARCHAR(" xstr(USERNAME_SIZE) "), "\
@@ -142,7 +140,6 @@ static sql_statement_t sql_statement[] = {
 /* tables
 control
 blacklist
-    - id
     - type	0: automatic entry, 1: manual entry (manually added to DB, will not expire)
     - ip	IP address of source (xxx.xxx.xxx.xxx)
     - sipuri	SIP authentication username