/*
*	nodos 1.0
*
*	nodos protects your service from DoS attack
*/

#include <u.h>
#include <libc.h>
#include <ctype.h>

char *logname="nodos";
static int maxconnect = 10; // max tcp connection by the IP

/*
*	ip is remote IP
*	port is local port
*/
void usage(void)
{	print("usage: nodos [-m maxconnect] remote-ip local-port\n");
	exits("usage");
}

char*
strtrim(char *s)
{
	char *t;
	while(isspace(*s))
		s++;
	t = strchr(s, 0);
	t--;
	while(isspace(*t ))
		t--;
	t++;
	*t = 0;
	return s;
}

/*
*	nconnect
*	usage:
*		int nmax;
*		n = nconnect("202.250.160.40", nmax);
*	return:
*		n: no. of connection from the ip
*		nmax: examine upto nmax
*
*/
int
nconnect(char *ip, int nmax)
{
	int fd, i, n, m, ndir;
	Dir *db;
	char buf[64];
	char *p;
	fd = open("/net/tcp", OREAD);
	if(fd == -1)
		return -1;
	ndir = dirreadall(fd,&db);
	close(fd);
	if(ndir == -1){
		free(db);
		return -1;
	}
	m = 0; // total connection by the ip
	for(i=0; i<ndir; i++){
		snprint(buf,sizeof buf,"/net/tcp/%s/status", db[i].name);
		fd = open(buf, OREAD);
		if(fd < 0)
			continue;
		n = read(fd, buf, sizeof buf);
		close(fd);
		if(n <= 0)
			continue;
		buf[n-1] = 0;
		p = strchr(buf,' ');
		if(p)
			*p = 0;
		if(strcmp(buf,"Closed") == 0)
			continue;
		snprint(buf,sizeof buf,"/net/tcp/%s/remote", db[i].name);
		fd = open(buf, OREAD);
		if(fd < 0)
			continue;
		n = read(fd, buf, sizeof buf);
		close(fd);
		if( n <= 0)
			continue;
		if(buf[0] == ':')
			continue;
		buf[n-1] = 0;
		p = strchr(buf, '!');
		if(p == nil)
			continue;
		*p = 0;
		if(strcmp(buf, ip) == 0)
			m++;
		if(m > nmax)
			break;
	}
	free(db);
	return m;
}

void main(int argc, char *argv[])
{	char *ip,*port;
	int n;

	ARGBEGIN{
	case 'm':	maxconnect=atoi(ARGF());
		break;
	default: usage();
	}ARGEND
	
	if(argc != 2 || maxconnect==0)
		usage();
	ip = argv[0];
	port = argv[1];

	n = nconnect(ip, maxconnect);
	if( n > maxconnect){
		syslog(0,logname, "%s %s", port, ip);
		exits("maxconnect");
	}
	exits(nil);
}