Fix ban and unban functions on bad ufw states, and fix response on ufw_ban

.vscode/tasks.json

@@ -9,7 +9,7 @@
                 "-g",
                 "${fileDirname}/test.cpp",
 				"${fileDirname}/../src/*.cpp",
-                "${fileDirname}/../exec/src/*.cpp",
+                "${fileDirname}/../../exec/src/*.cpp",
                 "-o",
                 "${fileDirname}/test.o"
             ],

README.md

@@ -1,3 +1,57 @@
-# ipban
 
-A library for managing IP address bans on UFW systems
+# Library for the fail-ban function
+
+IPBan is a C++ library for banning IP addresses in case of consecutive errors.
+
+## Features
+
+- Object oriented
+- Thread safe
+- Internal database of banned addresses as a protection mechanism against irreversible ban
+- Automatic unbanning
+- Manual fail and unfail methods
+- White list of IP addresses
+- It is adjustable: database file location, tracking time for errors, number of attempts before ban, ban duration.
+## Installation
+
+This library also requires my exec library to work, download the latest release:
+
+https://git.bitelex.co/marcelb/exec or https://github.com/bandicm/exec
+
+Then download the latest backend of these libraries and unzip to the same location. You can turn it on with:
+
+```
+#include "cppurl/lib/cppurl.hpp"
+using namespace marcelb;
+```
+
+## Usage
+
+```c++
+//init
+ipban myban(30); // 30 minutes
+// add white list string or vector<string>
+myban.add_white_list("10.0.8.1");
+// ban now ip
+myban.ban("10.0.8.2");
+// fail ip
+myban.fail("10.0.8.3");
+// unfail ip
+myban.unfail("10.0.8.3");
+
+```
+## License
+
+[APACHE 2.0](http://www.apache.org/licenses/LICENSE-2.0/)
+
+
+## Support & Feedback
+
+For support and any feedback, contact the address: marcelb96@yahoo.com.
+
+## Contributing
+
+Contributions are always welcome!
+
+Feel free to fork and start working with or without a later pull request. Or contact for suggest and request an option.
+

lib/ipban.hpp

@@ -23,8 +23,8 @@ namespace marcelb {
 #define BOT_SLEEP_LOOP_TIME 1 // 1 second
 
 /**
- * Banovani objekt 
+ * Banned object
- * IP adresa i vrijeme banovanja
+ * IP address and ban time
 */
 struct _ban {
     string ip;
@@ -32,7 +32,7 @@ struct _ban {
 };
 
 /**
- * Pomoćna struktura - za praćenje broja pogrešaka
+ * Auxiliary structure - to track the number of errors
 */
 struct _fail {
     time_t first_fail;
@@ -40,9 +40,9 @@ struct _fail {
 };
 
 /**
- * Biblioteka za ban IP adrese kroz UFW vatrozid na određeno vrijeme
+ * Library to ban IP addresses through the UFW firewall for a certain period of time
- * Automatski uklanja zabranu po isteku vremena
+ * Automatically removes ban after timeout
- * Posjeduje vlastiti DB mehanizam za zaštitu od nepovratnog ban-a
+ * It has its own DB mechanism for protection against irreversible ban
 */
 class ipban {
     mutex io, f_io, wl_io;
@@ -55,90 +55,89 @@ class ipban {
     vector<string> white_list;
     future<void> unban_bot;
     bool run_unban_bot = true;
-    // interface možda bude trebao za ban
     
     /**
-     * Metoda učitava banovane IP adrese iz baze
+     * The method loads banned IP addresses from the database
     */
     void load_db();
 
     /**
-     * Metoda ažurira stanja baze sa stanjima iz memorije
+     * The method updates database states with memory states
     */
     bool update_db();
 
     /**
-     * Metoda uklanja ban za proslijeđeni iterator vektora banned i ažurira bazu
+     * The method removes the ban for the passed iterator of the banned vector and updates the base
     */
     bool unban(vector<_ban>::iterator ban_itr);
 
     /**
-     * Metoda poziva exec i dodaje pravila u UFW vatrozid
+     * The method checks if the forwarding ip address is currently banned
+    */
+    bool is_banned(const string& ip);
+
+    /**
+     * Method calls exec and adds rules to UFW firewall
     */
     bool ufw_ban(const string& ip);
 
     /**
-     * Metoda poziva exec i uklanja pravilo u UFW vatrozidu
+     * The method calls exec and removes the rule in the UFW firewall
     */
     bool ufw_unban(const string& ip);
 
+    /**
+     * Checks whether the forwarded address is in the white list
+     * If it returns true, if not false
+    */
+    bool is_in_white_list(const string& ip);
+
     public:
 
     /**
-     * Konstruktor, prima zadanu vrijednost trajanja ban-a u minutama, 
+     * Constructor, receives the default value of the duration of the ban in minutes,
-     * vrijeme praćenja pogreške adrese, broj dozvoljenih pogreški
+     * address error tracking time, number of allowed errors
-     * i putanju datoteke baze podataka
+     * and the database file path
     */
     ipban(const uint& _duration, const uint& _fail_interval = 30, const uint& _fail_limit = 3, const string& db_file = "ipban.db");    // u minutama?
 
     /**
-     * Metoda koja banuje proslijeđenu IP adresu, dodaje je u vector banned, ažurira bazu
+     * The method that bans the forwarded IP address, adds it to the banned vector, updates the database
-     * Vraća status operacije
+     * Returns the status of the operation
     */
     bool ban(const string& ip);
 
     /**
-     * Inkrementalno povećaj broj grešaka za prosljeđenu adresu
+     * Incrementally increase the number of errors for the forwarded address
-     * ako se prekorači broj dozvoljenih grešaka u intervalu - adresa se banuje
+     * if the number of allowed errors in the interval is exceeded - the address is banned
     */
-
     bool fail(const string& ip);
 
     /**
-     * Uklanja greške za prosljeđenu adresu
+     * Removes errors for forwarded address
     */
-
     bool unfail(const string& ip);
 
     /**
-     * Dodaje proslijeđenu adresu u white listu
+     * Adds the forwarded address to the white list
     */
-
     void add_white_list(const string& ip);
 
     /**
-     * Dodaje proslijeđene adrese u white listu
+     * Adds forwarded addresses to the white list
     */
-
     void add_white_list(const vector<string>& ips);
 
     /**
-     * Provjerava da li je prosljeđena adresa u white listi
+     * Destructor
-     * Ako je vraća true, ako ne false
-    */
-
-    bool is_in_white_list(const string& ip);
-
-    /**
-     * Destruktor, uklanja sve zabrane.
     */
     ~ipban();
 
 };
 
 /**
- * Funkcija za mirovanje tijeka, koj miruje do isteka vremena ili logičkog stanja uvijeta
+ * Sleep function, which sleeps until timeout or logic condition condition
- * Prima vrijeme u sekundama, i logički uvijet
+ * Receives time in seconds, and logical condition
 */
 static void sleep_if(const uint& _time, const bool& _condition);
 

src/ipban.cpp

@@ -32,14 +32,6 @@ marcelb::ipban::ipban(const uint& _duration, const uint& _fail_interval, const u
 marcelb::ipban::~ipban() {
     run_unban_bot = false;
     unban_bot.get();
-
-    /**
-     * ako aplikaciju sruši napadač - želimo da ostane banovan - unbanovat će se po isteku intervala
-    */
-
-    // for (uint i=0; i<banned.size(); i++) {
-    //     unban(banned.begin() + i);
-    // }
 }
 
 void marcelb::ipban::load_db() {
@@ -74,30 +66,51 @@ bool marcelb::ipban::update_db() {
 
 bool marcelb::ipban::ban(const string& ip) {
     bool status = !is_in_white_list(ip);
-    if (status) {
+    if (!status) {
+        return status;
+    }
+    if (is_banned(ip)) {
+        return status;
+    }
+    
     status = ufw_ban(ip);
+
+    if (status) {
         io.lock();
         banned.push_back({ip, time(NULL)});
-        status = status && update_db();
+        status = update_db();
         io.unlock();
     }
+
     return status;
 }
 
 bool marcelb::ipban::unban(vector<_ban>::iterator ban_itr) {
     bool status = ufw_unban(ban_itr->ip);
+    if (status) {
         io.lock();
         banned.erase(ban_itr);
-    status = status && update_db();
+        status = update_db();
         io.unlock();
+    }
     return status;
 }
 
+bool marcelb::ipban::is_banned(const string& ip) {
+    auto it = std::find_if(banned.begin(), banned.end(), [&](const struct _ban& an_ban){
+        return an_ban.ip == ip;
+    });
+    if (it == banned.end()) {
+        return false;
+    }
+    return true;
+}
+
 bool marcelb::ipban::ufw_ban(const string& ip) {
     string ufw_cmd = "sudo ufw insert 1 deny from " + ip + " to any";
     try {
         string execute_res = exec(ufw_cmd);
-        if (execute_res == "Rule added\n") {
+        if (execute_res == "Rule added\n" || execute_res == "Rule inserted\n") {
             return true;
         }
     } catch (const string except) {

test/test.cpp

@@ -33,24 +33,23 @@ int main() {
     //     i++;
     // }
 
-    myban.add_white_list("192.168.2.74");
+    // myban.add_white_list("192.168.2.74");
 
 
     cout << myban.ban("192.168.2.74") << endl;
-    sleep(2);
+    sleep(5);
-    cout << myban.ban("192.168.2.75") << endl;
+    cout << myban.ban("192.168.2.74") << endl;
     sleep(200);
     // myban.fail("192.168.2.74");
-    // sleep(120);
+    // sleep(5);
 
-    // myban.unfail("192.168.2.74");
+    // // myban.unfail("192.168.2.74");
     // sleep(2);
     // myban.fail("192.168.2.74");
-    // sleep(120);
+    // sleep(5);
-
+    // myban.fail("192.168.2.74");
-
-
 
+    sleep(100);
 
     return 0;
 }