Added mmap support. Largefiles can be mmapped into memory by some lon…

…g-lived program, and pam_ihosts can use the shared mapping, thus saving the time cost of loading he file from disk
ColumPaget · Apr 2, 2016 · 36a3462 · 36a3462
1 parent 1221b9a
commit 36a3462
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 5 deletions.
diff --git a/pam_ihosts.8 b/pam_ihosts.8
@@ -67,17 +67,17 @@ A comma-separated list of fnmatch patterns that match region strings looked up i
 .TP
 .B
 \fIregion-files=[paths]\fP
-A comma-separated list of paths to files containing IP registrar assignments. For more details see "REGIONS" below.
+A comma-separated list of paths to files containing IP registrar assignments. Each path can be prefixed with "mmap:" in which case the program will use a shared mmap of the file (see MMAPPED FILES below). For more details see "REGIONS" below.
 
 .TP
 .B
 \fIblacklist=[paths]\fP
-A comma-separated list of paths to files containing IP addresses, MAC addresses or hostnames that are \fBblacklisted\fP (denied login). The files must contain one item (ip address) per line.
+A comma-separated list of paths to files containing IP addresses, MAC addresses or hostnames that are \fBblacklisted\fP (denied login). The files must contain one item (ip address) per line. Each path can be prefixed with "mmap:" in which case the program will use a shared mmap of the file (see MMAPPED FILES below).
 
 .TP
 .B
 \fIwhitelist=[paths]\fP
-A comma-separated list of paths to files containing IP addresses, MAC addresses or hostnames that are \fBwhitelisted\fP (allowed login). The files must contain one item (ip address) per line.
+A comma-separated list of paths to files containing IP addresses, MAC addresses or hostnames that are \fBwhitelisted\fP (allowed login). The files must contain one item (ip address) per line. Each path can be prefixed with "mmap:" in which case the program will use a shared mmap of the file (see MMAPPED FILES below).
 
 .TP
 .B
@@ -110,6 +110,11 @@ http://ftp.apnic.net/stats/apnic/delegated-apnic-latest             # Asia Pacif
 .P
 Blacklist/whitelist files contain IP addresses, hostnames, or MAC addresses that are either denied or allowed login. One item per line. All three types of item can be present in the same file. Blacklist files are checked first, and then can be overridden with whitelist files. As pam_ihosts denies login by default, so a whitelist file can be used on its own. To use only a blacklist file, one would have to specify "allow-ip\=*" and then specify a blacklist file, which would have the effect of allowing everything except those things in the blacklist file.
 
+.SH MMAPPED FILES
+
+.P
+Blacklist, whitelist and region file paths can be prefixed with "mmap:" In this case pam_ihosts uses a shared memory mapping of the file. Provided that some other program currently has the file mapped, pam_ihosts will not have to load the file from disk, as it will already be available as shared memory. This can significantly improve performance for large files, at the cost of some memory. If no other program has the file mmapped, then pam_ihosts loads it into shared memory, but has to pay the performance cost of loading it from disk. Therefore, for this system to deliver a benefit, some long-lived program has to keep the files mapped.
+
 .SH EXAMPLES
 
 .P
@@ -157,6 +162,16 @@ account    required  pam_ihosts.so user\=* region\-files=/etc/ip\-lists/delegate
 .fi
 .ad b
 
+.P
+For all users, allow login only from Asia Pacific IPs. Use mmap shared memory for the afrinic and lacnic files.
+
+.nf
+
+account    required  pam_ihosts.so user\=* region\-files=mmap:/etc/ip\-lists/delegated\-afrinic\-latest,mmap:/etc/ip\-lists/delegated\-lacnic\-latest,/etc/ip\-lists/delegated\-apnic\-latest,/etc/ip\-lists/delegated\-ripencc\-latest allow\-region=apnic:*
+.fi
+.ad b
+
+
 .SH SEE ALSO
 
 .P

diff --git a/pam_module.c b/pam_module.c
@@ -128,8 +128,11 @@ int result=FALSE;
 uint32_t IP, Mask, val;
 
 IP=StrtoIP(IPStr);
+
+
+
 Tempstr=realloc(Tempstr, 256);
-F=fopen(Path, "r");
+F=OpenFileOrMMap(Path);
 if (F)
 {
 	while (fgets(Tempstr,255,F))
@@ -165,6 +168,9 @@ if (F)
 		}
 		}
 	}
+
+printf("FCLOSE %d\n",F);
+
 	fclose(F);
 }
 else

diff --git a/utility.c b/utility.c
@@ -6,6 +6,9 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <unistd.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 
 
 void strlwr(char *Str)
@@ -343,14 +346,49 @@ return((char *) inet_ntoa(*(struct in_addr *) *hostdata->h_addr_list));
 }
 
 
+
+
+//either opens a file or, if the system supports it and the file has
+//an mmap: prefix, opens a shared mem-map
+FILE *OpenFileOrMMap(const char *Path)
+{
+char *ptr, *map=NULL;
+int fd;
+struct stat Stat;
+FILE *f=NULL;
+
+if (! StrLen(Path)) return(NULL);
+
+ptr=Path;
+if (strncmp(ptr,"mmap:",5)==0)
+{
+  ptr+=5;
+  fd=open(ptr, O_RDONLY);
+  if (fd > -1)
+  {
+  fstat(fd,&Stat);
+  map=mmap(NULL,Stat.st_size,PROT_READ,MAP_SHARED,fd,0);
+  if (map) f=fmemopen(map, Stat.st_size, "r");
+  close(fd);
+  }
+}
+
+if (! f) f=fopen(ptr, "r");
+
+return(f);
+}
+
+
+
+
 int CheckIPFile(const char *Path, const char *Rhost, const char *IP, const char *MAC, const char *Region)
 {
 FILE *f;
 char *Line=NULL;
 int result=FALSE;
 
 Line=(char *) calloc(1,256);
-f=fopen(Path,"r");
+f=OpenFileOrMMap(Path);
 if (f)
 {
 	while (fgets(Line,255,f))

diff --git a/utility.h b/utility.h
@@ -15,6 +15,10 @@
 int ItemMatches(const char *Item, const char *MatchList);
 int ItemListMatches(const char *ItemList, const char *MatchList);
 
+//either opens a file or, if the system supports it and the file has
+//an mmap: prefix, opens a shared mem-map
+FILE *OpenFileOrMMap(const char *Path);
+
 void strlwr(char *Str);
 char *VCatStr(char *Dest, const char *Str1,  va_list args);
 char *MCatStr(char *Dest, const char *Str1,  ...);