*** ../../sshguard-1.7.0-01/src/sshguard.c	2016-08-06 12:21:51.000000000 -0400
--- sshguard.c	2022-04-08 10:57:56.508505642 -0400
***************
*** 38,49 ****
--- 38,54 ----
  #include "sshguard_options.h"
  #include "sshguard_procauth.h"
  #include "sshguard_whitelist.h"
+ #include "parser/attack_parser_re.h"
  
  #define MAX_LOGLINE_LEN     1000
  
  /** Keep track of the exit signal received. */
  static volatile sig_atomic_t exit_sig = 0;
  
+ /** Signal-tracking for thread-safe signal handler */
+ static volatile sig_atomic_t ts_got_signal = 0;
+ static void ts_sig_handler(int signo);
+ 
  /*      FUNDAMENTAL DATA STRUCTURES         */
  /* These lists are all lists of attacker_t structures.
   * limbo and hell maintain "temporary" entries: in limbo, entries are deleted
***************
*** 118,123 ****
--- 123,130 ----
      pthread_t tid;
      sourceid_t source_id;
      char buf[MAX_LOGLINE_LEN];
+     struct sigaction sa;	/* for thread-safe signal handler */
+ 
  
      int sshg_debugging = (getenv("SSHGUARD_DEBUG") != NULL);
      sshguard_log_init(sshg_debugging);
***************
*** 138,143 ****
--- 145,151 ----
      // Initialize procauth and whitelist before parsing arguments.
      procauth_init();
      whitelist_init();
+     attack_parser_re_init(NULL, NULL, sshg_debugging, 2, 1);
  
      if (get_options_cmdline(argc, argv) != 0) {
          exit(64);
***************
*** 163,168 ****
--- 171,183 ----
      signal(SIGINT, sigfin_handler);
      atexit(finishup);
  
+     memset(&sa, 0, sizeof(struct sigaction));
+     sa.sa_handler = &ts_sig_handler;
+     if (sigaction(SIGUSR1, &sa, NULL) == -1) {
+         perror("sigaction");
+         return EXIT_FAILURE;
+     }
+ 
      // TODO: Privilege separation goes here!
  
      /* whitelist localhost */
***************
*** 186,192 ****
      while (log_getline(buf, &source_id) == 0) {
          attack_t parsed_attack;
  
!         if (parse_line(source_id, buf, &parsed_attack) != 0) {
              // Skip lines that don't match any attack.
              continue;
          }
--- 201,217 ----
      while (log_getline(buf, &source_id) == 0) {
          attack_t parsed_attack;
  
!         if (ts_got_signal) {
! 	    /* When we want to save it for parsing, display, whatever...
! 	    int what_sig = ts_got_signal;
! 	     */
! 
!             ts_got_signal = 0;
!             sshguard_log(LOG_DEBUG, "Received signal to reload attack_parser_re signatures");
! 	    reload_attack_parser_re_conf();
!         }
! 
!         if ((parse_line(source_id, buf, &parsed_attack) != 0) && (parse_line_re(buf, &parsed_attack) != 0)) {
              // Skip lines that don't match any attack.
              continue;
          }
***************
*** 257,264 ****
      tmpent = list_seek(& hell, & attack.address);
      pthread_mutex_unlock(& list_mutex);
      if (tmpent != NULL) {
!         sshguard_log(LOG_WARNING, "%s: should already have been blocked",
!                 attack.address.value);
          return;
      }
  
--- 282,291 ----
      tmpent = list_seek(& hell, & attack.address);
      pthread_mutex_unlock(& list_mutex);
      if (tmpent != NULL) {
! 	if(tmpent->whenlast - time(NULL) > (time_t) 1) {
! 	    sshguard_log(LOG_WARNING, "%s: should already have been blocked",
! 		    attack.address.value);
! 	}
          return;
      }
  
***************
*** 422,427 ****
--- 449,455 ----
      fw_fin();
      whitelist_fin();
      procauth_fin();
+     attack_parser_re_fin(NULL);
      sshguard_log_fin();
  }
  
***************
*** 430,435 ****
--- 458,471 ----
      exit(0);
  }
  
+ /*
+  * Thread-safe signal handler
+  */
+ static void ts_sig_handler(int signo)
+ {
+     ts_got_signal = signo;
+ }
+ 
  static void block_list(list_t *list) {
      list_iterator_start(list);
      while (list_iterator_hasnext(list)) {
*** ../../sshguard-1.7.0-01/src/parser/sshg_parser.c	2016-08-06 12:21:51.000000000 -0400
--- parser/sshg_parser.c	2022-04-07 09:46:49.579615609 -0400
***************
*** 8,13 ****
--- 8,14 ----
  #include <unistd.h>
  
  #include "parser/parser.h"
+ #include "parser/attack_parser_re.h"
  
  static void print_attack(const attack_t *attack) {
      printf("%d %s %d\n", attack->service, attack->address.value,
***************
*** 39,48 ****
  
      yydebug = yy_flex_debug = debug;
  
      while (fgets(buf, sizeof(buf), stdin) != NULL) {
          attack_t attack;
!         if (parse_line(0, buf, &attack) == 0) {
              print_attack(&attack);
          }
      }
  }
--- 40,54 ----
  
      yydebug = yy_flex_debug = debug;
  
+     attack_parser_re_init(NULL, NULL, debug, 0, 0);
+ 
      while (fgets(buf, sizeof(buf), stdin) != NULL) {
          attack_t attack;
! 
!         if ((parse_line(0, buf, &attack) == 0) || (parse_line_re(buf, &attack) == 0)) {
              print_attack(&attack);
          }
      }
+ 
+     attack_parser_re_fin(NULL);
  }
*** ../../sshguard-1.7.0-01/src/Makefile	2016-09-16 08:45:30.027073188 -0400
--- Makefile	2022-04-12 20:11:53.846729180 -0400
***************
*** 108,116 ****
  am__dirstamp = $(am__leading_dot)dirstamp
  am_sshg_parser_OBJECTS = parser/attack.$(OBJEXT) \
  	parser/attack_parser.$(OBJEXT) parser/attack_scanner.$(OBJEXT) \
! 	parser/sshg_parser.$(OBJEXT)
  sshg_parser_OBJECTS = $(am_sshg_parser_OBJECTS)
  sshg_parser_LDADD = $(LDADD)
  am__sshguard_SOURCES_DIST = fnv.h fwalls/fw.h hash_32a.c \
  	parser/attack.c parser/attack_parser.y parser/attack_scanner.l \
  	simclist.c simclist.h sshguard.c sshguard.h \
--- 108,117 ----
  am__dirstamp = $(am__leading_dot)dirstamp
  am_sshg_parser_OBJECTS = parser/attack.$(OBJEXT) \
  	parser/attack_parser.$(OBJEXT) parser/attack_scanner.$(OBJEXT) \
! 	parser/sshg_parser.$(OBJEXT) parser/attack_parser_re.$(OBJEXT)
  sshg_parser_OBJECTS = $(am_sshg_parser_OBJECTS)
  sshg_parser_LDADD = $(LDADD)
+ EXTRA_sshg_parser_DEPENDENCIES = parser/attack_parser_re.h 
  am__sshguard_SOURCES_DIST = fnv.h fwalls/fw.h hash_32a.c \
  	parser/attack.c parser/attack_parser.y parser/attack_scanner.l \
  	simclist.c simclist.h sshguard.c sshguard.h \
***************
*** 126,135 ****
  	simclist.$(OBJEXT) sshguard.$(OBJEXT) \
  	sshguard_blacklist.$(OBJEXT) sshguard_log.$(OBJEXT) \
  	sshguard_logsuck.$(OBJEXT) sshguard_options.$(OBJEXT) \
! 	sshguard_procauth.$(OBJEXT) sshguard_whitelist.$(OBJEXT) \
  	$(am__objects_1) $(am__objects_2)
  sshguard_OBJECTS = $(am_sshguard_OBJECTS)
  sshguard_LDADD = $(LDADD)
  am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
  am__vpath_adj = case $$p in \
      $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
--- 127,137 ----
  	simclist.$(OBJEXT) sshguard.$(OBJEXT) \
  	sshguard_blacklist.$(OBJEXT) sshguard_log.$(OBJEXT) \
  	sshguard_logsuck.$(OBJEXT) sshguard_options.$(OBJEXT) \
! 	sshguard_procauth.$(OBJEXT) sshguard_whitelist.$(OBJEXT) parser/attack_parser_re.$(OBJEXT) \
  	$(am__objects_1) $(am__objects_2)
  sshguard_OBJECTS = $(am_sshguard_OBJECTS)
  sshguard_LDADD = $(LDADD)
+ EXTRA_sshguard_DEPENDENCIES = parser/attack_parser_re.h 
  am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
  am__vpath_adj = case $$p in \
      $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
***************
*** 258,269 ****
  INSTALL_PROGRAM = ${INSTALL}
  INSTALL_SCRIPT = ${INSTALL}
  INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
! LDFLAGS = 
  LEX = flex
  LEXLIB = -lfl
  LEX_OUTPUT_ROOT = lex.yy
  LIBOBJS = 
! LIBS = -lpthread 
  LTLIBOBJS = 
  MAKEINFO = ${SHELL} /usr/local/prj/packages/shared/src/security/sshguard-1.7.0/missing makeinfo
  MKDIR_P = /bin/mkdir -p
--- 260,278 ----
  INSTALL_PROGRAM = ${INSTALL}
  INSTALL_SCRIPT = ${INSTALL}
  INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
! LDFLAGS =
  LEX = flex
  LEXLIB = -lfl
  LEX_OUTPUT_ROOT = lex.yy
  LIBOBJS = 
! LIBS = -lpthread
! ifdef USE_PCRE
! LIBS := $(LIBS) -lpcreposix
! else
! ifdef USE_NATIVE_PCRE
! LIBS := $(LIBS) -lpcre
! endif
! endif
  LTLIBOBJS = 
  MAKEINFO = ${SHELL} /usr/local/prj/packages/shared/src/security/sshguard-1.7.0/missing makeinfo
  MKDIR_P = /bin/mkdir -p
***************
*** 328,334 ****
  top_srcdir = ..
  libexec_SCRIPTS = fwalls/sshg-fw
  EXTRA_DIST = fwalls/ipfw.sh fwalls/iptables.sh fwalls/null.sh fwalls/pf.sh
! AM_CFLAGS = -I. -DSIMCLIST_NO_DUMPRESTORE -DLIBEXECDIR=\"$(libexecdir)\"
  AM_YFLAGS = -d
  BUILT_SOURCES = parser/attack_parser.h
  sshg_parser_SOURCES = \
--- 337,350 ----
  top_srcdir = ..
  libexec_SCRIPTS = fwalls/sshg-fw
  EXTRA_DIST = fwalls/ipfw.sh fwalls/iptables.sh fwalls/null.sh fwalls/pf.sh
! AM_CFLAGS = -I. -DSIMCLIST_NO_DUMPRESTORE -DLIBEXECDIR=\"$(libexecdir)\" -DSSHG_1_7_0
! ifdef USE_PCRE
! AM_CFLAGS := $(AM_CFLAGS) -DUSE_PCRE
! else
! ifdef USE_NATIVE_PCRE
! AM_CFLAGS := $(AM_CFLAGS) -DUSE_NATIVE_PCRE
! endif
! endif
  AM_YFLAGS = -d
  BUILT_SOURCES = parser/attack_parser.h
  sshg_parser_SOURCES = \
***************
*** 338,344 ****
  	parser/attack_parser.y \
  	parser/attack_scanner.l \
  	parser/parser.h \
! 	parser/sshg_parser.c
  
  dist_libexec_SCRIPTS = sshg-logtail
  sshguard_SOURCES = fnv.h fwalls/fw.h hash_32a.c parser/attack.c \
--- 354,361 ----
  	parser/attack_parser.y \
  	parser/attack_scanner.l \
  	parser/parser.h \
! 	parser/sshg_parser.c \
! 	parser/attack_parser_re.c parser/attack_parser_re.h
  
  dist_libexec_SCRIPTS = sshg-logtail
  sshguard_SOURCES = fnv.h fwalls/fw.h hash_32a.c parser/attack.c \
***************
*** 347,354 ****
  	sshguard_blacklist.h sshguard_log.c sshguard_log.h \
  	sshguard_logsuck.c sshguard_logsuck.h sshguard_options.c \
  	sshguard_options.h sshguard_procauth.c sshguard_procauth.h \
! 	sshguard_whitelist.c sshguard_whitelist.h $(am__append_1) \
! 	$(am__append_2)
  all: $(BUILT_SOURCES) config.h
  	$(MAKE) $(AM_MAKEFLAGS) all-am
  
--- 364,373 ----
  	sshguard_blacklist.h sshguard_log.c sshguard_log.h \
  	sshguard_logsuck.c sshguard_logsuck.h sshguard_options.c \
  	sshguard_options.h sshguard_procauth.c sshguard_procauth.h \
! 	sshguard_whitelist.c sshguard_whitelist.h \
! 	parser/attack_parser_re.c parser/attack_parser_re.h \
! 	$(am__append_1) $(am__append_2)
! 
  all: $(BUILT_SOURCES) config.h
  	$(MAKE) $(AM_MAKEFLAGS) all-am
  
***************
*** 513,518 ****
--- 532,538 ----
  	fwalls/$(DEPDIR)/$(am__dirstamp)
  fwalls/fw.$(OBJEXT): fwalls/$(am__dirstamp) \
  	fwalls/$(DEPDIR)/$(am__dirstamp)
+ parser/attack_parser_re.$(OBJEXT): parser/attack_parser_re.h
  
  sshguard$(EXEEXT): $(sshguard_OBJECTS) $(sshguard_DEPENDENCIES) $(EXTRA_sshguard_DEPENDENCIES) 
  	@rm -f sshguard$(EXEEXT)
