IPset.pm

package IPset;
use strict;
use warnings;
use Data::Dumper;

my %CONSTANTS =    (
                        enabled    =>  "no",
                        outputfile =>  "tmp/ipset.txt",
                        threshold  =>  250,
                        excludedip =>  [],
                        eventtype  =>  [],
                        setname  =>  "BLOCK",
                        maxage     =>  "1D",
                     );

my %FORMAT   =      (   maxage     => qr/\d+[hdmHDM]/, logging  => qr/enable|disable/,);

sub run {
    my (undef, $modprefix, $cfg, $dbh, $db_engine) = @_;
   
    my $v = Constants::mergeConfigs($cfg, $modprefix, \%CONSTANTS, \%FORMAT);
    
    my $eventtype_query = DB::joinIN("type", \@{$v->{'eventtype'}});
    my $excluded_query  = DB::joinNotIN("source", \@{$v->{'excludedip'}});

    my $condition = substr($excluded_query . $eventtype_query, 0, -5);
    my @columns= ("source");
    my @params = ($condition, DB::getOldDataDB($db_engine, "NEWER", $v->{'maxage'}));
    my $query = DB::getQueryCondThreshold($db_engine, "events", \@columns, \@params, $v->{'threshold'});

    my @rows = Utils::fetchall_array_hashref($dbh, $query);

    sub header { my $v = shift; return "create $v->{'setname'}_tmp hash:ip\n"; };
    sub record { my ($r, $v) = @_; return "add $v->{'setname'}_tmp $r->{'source'}\n" if ($r->{'source'}=~/\d+\.\d+\.\d+\.\d+/); };
    sub footer { my ($v) = @_; return "swap $v->{'setname'}_tmp $v->{'setname'}\ndestroy $v->{'setname'}_tmp\nquit\n"; };

    my $ret = Utils::generateOutput($v->{'outputfile'}, \@rows, \&header, \&record, \&footer, $v);
    return $ret;
}
1;