The ssh honeypot now provides local IP addresses. Use them in the
export.

Don't include the addresses excluded from analysis into the export.
Also, reuse some code from the builders of address lists.

• Simplify the rules for inclusion in the blacklist. Count score for
  each client, leave out the low-score clients (hardcoded for 100 now,
  adjusting the scores for events to match that) and sum them together
  across each attacker IP. These are compared to limits.
• Split the computation of this into several views, to improve
  readability and understandability (this way it looks more procedural,
  as the views can be understood to be done one by one).
• Include the ssh honeypot as one of the sources.

Ensure the inet→text conversion in build_fwup_sets.pl doesn't produce
/32 at the end, as ucollect master doesn't handle that.

Use sanity instead of assert in the fake plugin

Use a class variable where appropriate instead of overriding it in each
object.

Keep the attackers that drop out of the fake logs still blocked if they
get caught on the firewall. Do so by scanning the firewall logs for
addresses we would like to delete from the filter.

Sanity reports an error to logs, which may help us debug some of the
problems and crashes.

Also, fix result check at getsockname.

So we generate logout before the new login.

Recover from broken DB connection even if it happens in the
__connection.cursor()

Newer uci mandates flags are before commands. Older one doesn't mind
either way.

In case ipset terminates with error, wait with closing the output until
EOF comes. Closing it right away may cause losing error messages.

When the set size needs to be updated, warn about it, as the firewall
definitions need to be updated.

The firewall rules use names ending with _X, the plain ones are the
temporary sets.

These are filled with bare IP addresses for now. We need them for the
same purpose we had net:ip ones, but there needs to be interoperability
with firewall scripts and these use hash:net.

And try to make the chance of reaching the ipset max name length limit
(31 chars) smaller. We actually hit the limit in practice.

Make the timeout for reload of the sets longer. In case there's some
serious problem (like kmod-ipset not loaded), it wouldn't clutter logs
this way, but if it is recoverable, it'd recover after relatively short
time anyway.

Don't set rights on the router_loggedpacket.archived, since the column
is no longer there.

They are related, so put them together. Its just nicer this way, no real
change.

Don't mention the client ID before the ID is known. No functional
change, just logging cleanup.

Update the state field of sets when updates come. While not updating it
was mostly harmless, this optimises out some downloading of data and
some passing of data to kernel. And it was the original intention.

When the set size is being changed, it is not needed to remove the set
from kernel and create it again. And it wouldn't even work in case the
ipset is already linked into the firewall.

Simply reloading the content by swapping with a newly created set is OK.

Grant the script permissions to update the sets' data in database.

Generate the firewall sets' content. Handle growing of sizes.

Keeping of still active but blocked IPs is still planned.

Take some functionality that'll be reused in other scripts and put it to
separate library. The purpose is more code sharing than some
general-purpose library.