srctree

Gregory Mullen parent 75a2753a 24f4d2de
add small optimization (16%)

inline split

src/main.zig added: 68, removed: 27, total 41

@@ -335,8 +335,13 @@ const BanData = struct {

var baddies: std.StringHashMapUnmanaged(BanData) = .{};

var goodies: std.StringHashMapUnmanaged(BanData) = .{};

const Group = struct {

nginx: []const Detection,

postfix: []const Detection,

sshd: []const Detection,

};

const Detection = struct {

class: Class,

hit: []const u8,

};

@@ -352,35 +357,49 @@ const Meaningful = struct {

};

fn meaningful(line: []const u8) ?Meaningful {

const interesting: []const Detection = &[_]Detection{

.class = .postfix,

.hit = "SASL LOGIN authentication failed",

const rules: Group = .{

.nginx = &[_]Detection{

.{ .hit = "/.env HTTP/" },

.class = .nginx,

.hit = "/.env HTTP/",

.postfix = &[_]Detection{

.{ .hit = "SASL LOGIN authentication failed" },

.class = .sshd,

.hit = ": Connection closed by invalid user",

.class = .sshd,

.hit = ": Invalid user",

.sshd = &[_]Detection{

.{ .hit = ": Connection closed by invalid user" },

.{ .hit = ": Invalid user" },

};

inline for (interesting) |dect| {

if (std.mem.indexOf(u8, line, dect.hit)) |_| {

return .{

.class = dect.class,

.line = line,

};

if (parser.nginx.filter(line)) {

inline for (rules.nginx) |rule| {

if (indexOf(u8, line, rule.hit)) |_| {

return .{

.class = .nginx,

.line = line,

};

}

} else if (parser.postfix.filter(line)) {

inline for (rules.postfix) |rule| {

if (indexOf(u8, line, rule.hit)) |_| {

return .{

.class = .postfix,

.line = line,

};

}

} else if (parser.sshd.filter(line)) {

inline for (rules.sshd) |rule| {

if (indexOf(u8, line, rule.hit)) |_| {

return .{

.class = .sshd,

.line = line,

};

}

} else {

return null;

}

return null;

}

pub const Addr = union(enum) {

src/parser/nginx.zig added: 68, removed: 27, total 41

@@ -1,3 +1,17 @@

pub fn filter(line: []const u8) bool {

var dots: usize = 0;

var idx: usize = 0;

while (dots <= 3 and idx <= line.len) : (idx += 1) {

switch (line[idx]) {

'0'...'9' => continue,

'.' => dots += 1,

else => break,

}

return line[idx] == ' ' and dots == 3;

}

pub fn parseAddr(line: []const u8) !Addr {

return Addr.parse(line[0 .. indexOfScalar(u8, line, ' ') orelse return error.InvalidLogLine]);

}

src/parser/postfix.zig added: 68, removed: 27, total 41

@@ -1,3 +1,7 @@

pub fn filter(line: []const u8) bool {

return indexOf(u8, line, " mail.warn postfix/") != null;

}

pub fn parseAddr(line: []const u8) !Addr {

if (indexOf(u8, line, "]: SASL PLAIN") orelse indexOf(u8, line, "]: SASL LOGIN")) |j| {

if (lastIndexOf(u8, line[0..j], "[")) |i| {

src/parser/sshd.zig added: 68, removed: 27, total 41

@@ -1,3 +1,7 @@

pub fn filter(line: []const u8) bool {

return indexOf(u8, line, "sshd-session[") != null;

}

pub fn parseAddr(line: []const u8) !Addr {

if (indexOf(u8, line, "Connection from ")) |i| {

return try Addr.parse(line[i + 16 ..]);