From: Michael Eitelwein <michael@eitelwein.net>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/5] Enable correct display of ipv6 entries in Firewall log pages of web UI
Date: Sat, 23 Jan 2016 12:59:22 +0100 [thread overview]
Message-ID: <0F8A6B13-9243-4AFE-A156-3DA79D85DAFF@eitelwein.net> (raw)
In-Reply-To: <1453546762.585.96.camel@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 28186 bytes --]
Ok, would concentrate on ipfire3 then.
Only issue I have is that I am not experienced enough to develop something from scratch. If there is an existing architecture/framework, then I should be able to dig in and produce algorithms and code. So if there were a developer who could point me to the topics to be picked up and get started, this would be very helpful for me.
Hope this makes sense.
Michael
> Am 23.01.2016 um 11:59 schrieb Michael Tremer <michael.tremer(a)ipfire.org>:
>
> Good morning,
>
> On Sat, 2016-01-23 at 11:50 +0100, Michael Eitelwein wrote:
>> Thanks a lot.
>>
>> Moving on to firewall configuration for IPv6 on the web GUI - who
>> would be the right person to talk to in order to understand the
>> architecture and structure of the code? Or do I need to reverse
>> engineer the existing?
>
> Well, we have decided that this is a piece of work that is not possible
> to do with the IPFire 2 web user interface and especially not in
> reasonable time with a result that we would want.
>
>> Does it make sense to add this to ipfire2 or should I focus on
>> ipfire3?
>
> We have started IPFire 3 instead and that's where there is full IPv6
> support. Please install the latest image and have a look.
>
> Best,
> -Michael
>
>>
>> Best regards
>>
>> Michael
>>
>>
>>
>> Liebe Grüße,
>>
>> Michael
>>> Am 23.01.2016 um 01:43 schrieb Michael Tremer <
>>> michael.tremer(a)ipfire.org>:
>>>
>>> Hi,
>>>
>>> I merged these by pulling from your Git repository.
>>>
>>> Please fix this email issue.
>>>
>>>> On Fri, 2016-01-22 at 22:00 +0100, Matthias Fischer wrote:
>>>>> On 22.01.2016 19:00, Michael Eitelwein wrote:
>>>>>
>>>>>
>>>>>
>>>>> Hi
>>>>> The patch itself is working on my machine without issues. If
>>>>> Matthias did not observe any issues as well, than I would
>>>>> propose
>>>>> to merge it into the next release. Please let me know if there
>>>>> is
>>>>> anything I have to do to get them merged.
>>>>> The problems of applying the patch were not further examined,
>>>>> as
>>>>> Matthias was able to apply them in the end. Also they are now
>>>>> available in git.ipfire.org, so they can be applied directly
>>>>> from
>>>>> there.
>>>>> Michael
>>>>
>>>> Hi,
>>>>
>>>> I just clicked through all '.dat'-files: I saw no problems.
>>>>
>>>> Playing chicken: did anyone *else* test this? ;-)
>>>
>>> I guess the answer is the usual one.
>>>
>>>> Best,
>>>> Matthias
>>>>
>>>> P.S.: ME, while replying to "ALL", there is something weird with
>>>> your
>>>> email-address: it just says "michael", not "michael(a)eitelwein.net
>>>> ". I
>>>> had to add your address manually from my addressbook. Bug or
>>>> feature-
>>>> mine or yours?
>>>
>>> Yeah that is a misconfiguration in the email client.
>>>
>>>>
>>>>> -------- Ursprüngliche Nachricht --------
>>>>> Von: Michael Tremer <michael.tremer(a)ipfire.org>
>>>>> Datum: 22.01.2016 01:59 (GMT+01:00)
>>>>> An: Michael Eitelwein <michael(a)eitelwein.net>, IPFire
>>>>> Development
>>>>> List <development(a)lists.ipfire.org>
>>>>> Cc: Matthias Fischer <matthias.fischer(a)ipfire.org>
>>>>> Betreff: Re: [PATCH 1/5] Enable correct display of ipv6 entries
>>>>> in
>>>>> Firewall log pages of web UI
>>>>>
>>>>> Hi,
>>>>>
>>>>> did you work out what the issue was with these emails?
>>>>>
>>>>> Best,
>>>>> -Michael
>>>>>
>>>>>> On Sun, 2016-01-10 at 18:34 +0100, Michael Eitelwein wrote:
>>>>>> 3 main changes:
>>>>>> - Fill $iface and $out from PHYSIN and PHYSOUT when looking
>>>>>> at
>>>>>> bridged packets, othewerwise fill from IN and OUT
>>>>>> - Recognize ipv4 and ipv6 address style for $srcaddr and
>>>>>> $dstaddr
>>>>>> - Match color coding of tables to pie charts
>>>>>>
>>>>>> I am using the bridged ipv6 setup as proposed in the wiki. I
>>>>>> do
>>>>>> not
>>>>>> think this breaks anything when not using ipv6. So it would
>>>>>> be
>>>>>> nice
>>>>>> to include this even if ipv6 is not officially supported yet.
>>>>>> It
>>>>>> is
>>>>>> quite useful when using the ipv6 setup.
>>>>>>
>>>>>> Signed-off-by: Michael Eitelwein <michael(a)eitelwein.net>
>>>>>>
>>>>>> ---
>>>>>> html/cgi-bin/logs.cgi/firewalllog.dat | 14 ++--
>>>>>> html/cgi-bin/logs.cgi/firewalllogcountry.dat | 43
>>>>>> ++++++++-
>>>>>> ----
>>>>>> html/cgi-bin/logs.cgi/firewalllogip.dat | 15 ++---
>>>>>> html/cgi-bin/logs.cgi/firewalllogport.dat | 12 ++--
>>>>>> html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 81
>>>>>> +++++++++++++++++-------
>>>>>> html/cgi-bin/logs.cgi/showrequestfromip.dat | 27 ++++--
>>>>>> --
>>>>>> html/cgi-bin/logs.cgi/showrequestfromport.dat | 14 ++--
>>>>>> 7 files changed, 131 insertions(+), 75 deletions(-)
>>>>>>
>>>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi
>>>>>> -bin/logs.cgi/firewalllog.dat
>>>>>> index 5a584d6..42c9612 100644
>>>>>> --- a/html/cgi-bin/logs.cgi/firewalllog.dat
>>>>>> +++ b/html/cgi-bin/logs.cgi/firewalllog.dat
>>>>>> @@ -328,7 +328,10 @@ END
>>>>>> $lines = 0;
>>>>>> foreach $_ (@log)
>>>>>> {
>>>>>> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>>>> + # If ipv6 uses a bridge, PHYSIN= contains the relevant
>>>>>> iface
>>>>>> information
>>>>>> + # otherwise use IN=
>>>>>> + if ($_ =~ /^... (..) (..:..:..) [\w\-]+
>>>>>> kernel:(.*)(PHYSIN=.*)$/) {}
>>>>>> + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+
>>>>>> kernel:(.*)(IN=.*)$/) {}
>>>>>> my $day = $1;
>>>>>> $day =~ tr / /0/;
>>>>>> my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
>>>>>> @@ -336,9 +339,12 @@ foreach $_ (@log)
>>>>>> my $packet = $4;
>>>>>>
>>>>>> my ($iface, $srcaddr, $dstaddr, $macaddr, $proto,
>>>>>> $srcport,
>>>>>> $dstport);
>>>>>> - $iface=$1 if $packet =~ /IN=(\w+)/;
>>>>>> - $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
>>>>>> - $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
>>>>>> + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif
>>>>>> ($packet
>>>>>> =~ /IN=(\w+)/) { $iface = $1}
>>>>>> + # Identify whether ipv4 or ipv6. Both are mutally
>>>>>> exclusive.
>>>>>> + if ($packet =~
>>>>>> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
>>>>>> $srcaddr=$1 }
>>>>>> + if ($packet =~ /SRC\=(([0-9a-fA
>>>>>> -F]{0,4})(\:([0
>>>>>> -9a-fA
>>>>>> -F]{0,4})){2,7})/) { $srcaddr=$1 }
>>>>>> + if ($packet =~
>>>>>> /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
>>>>>> $dstaddr=$1 }
>>>>>> + if ($packet =~ /DST\=(([0-9a-fA
>>>>>> -F]{0,4})(\:([0
>>>>>> -9a-fA
>>>>>> -F]{0,4})){2,7})/) { $dstaddr=$1 }
>>>>>> $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
>>>>>> $proto=$1 if $packet =~ /PROTO=(\w+)/;
>>>>>> $srcport=$1 if $packet =~ /SPT=(\d+)/;
>>>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
>>>>>> b/html/cgi
>>>>>> -bin/logs.cgi/firewalllogcountry.dat
>>>>>> index f998a62..2661ddd 100644
>>>>>> --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
>>>>>> +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
>>>>>> @@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} !=
>>>>>> 0){$pienumber=$cgiparams{'pienumber'};}
>>>>>> if( $cgiparams{'otherspie'} !=
>>>>>> 0){$otherspie=$cgiparams{'otherspie'};}
>>>>>> if( $cgiparams{'showpie'} !=
>>>>>> 0){$showpie=$cgiparams{'showpie'};}
>>>>>> if( $cgiparams{'sortcolumn'} !=
>>>>>> 0){$sortcolumn=$cgiparams{'sortcolumn'};}
>>>>>> -
>>>>>> print <<END
>>>>>> </select>
>>>>>> </td>
>>>>>> @@ -294,15 +293,24 @@ $lines = 0;
>>>>>>
>>>>>> foreach $_ (@log)
>>>>>> {
>>>>>> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>>>> + # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN
>>>>>> + if (/^... (..) (..:..:..) [\w\-]+
>>>>>> kernel:(.*)(PHYSIN=.*)$/) {}
>>>>>> + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/)
>>>>>> {}
>>>>>> my $packet = $4;
>>>>>> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./
>>>>>> ){
>>>>>> $iface="";}
>>>>>> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
>>>>>> + my $iface = '';
>>>>>> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
>>>>>> ($packet
>>>>>> =~
>>>>>> /IN=(\w+)/) { $iface = $1 }
>>>>>> + if ( $1 =~ /2./ ) { $iface=''; }
>>>>>> + my $srcaddr = '';
>>>>>> + # Find ipv4 and ipv6 addresses
>>>>>> + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
>>>>>> $srcaddr
>>>>>> = $1 }
>>>>>> + elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
>>>>>> -F]{0,4})){2,7})/) { $srcaddr = $1 }
>>>>>>
>>>>>> if($iface eq $red_interface) {
>>>>>> + # Traffic from red
>>>>>> if($srcaddr ne '') {
>>>>>> + # srcaddr is set
>>>>>> my $ccode = $gi->country_code_by_name($srcaddr);
>>>>>> - if( $ccode eq '') {
>>>>>> + if ($ccode eq '') {
>>>>>> $ccode = 'unknown';
>>>>>> }
>>>>>> $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
>>>>>> @@ -311,11 +319,16 @@ foreach $_ (@log)
>>>>>> }
>>>>>> }
>>>>>> else {
>>>>>> + # Traffic not from red
>>>>>> if($iface ne '') {
>>>>>> $tabjc{$iface} = $tabjc{$iface} + 1 ;
>>>>>> if(($tabjc{$iface} == 1) && ($lines < $pienumber)) {
>>>>>> $lines
>>>>>> = $lines + 1; }
>>>>>> $linesjc++;
>>>>>> }
>>>>>> + else {
>>>>>> + # What to do with empty iface lines?
>>>>>> + # This probably is traffic from ipfire itself (IN=
>>>>>> OUT=XY)?
>>>>>> + }
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> @@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 &&
>>>>>> $pienumber != 0) {
>>>>>> print "<img src='/graphs/fwlog
>>>>>> -country$imagerandom.png'>";
>>>>>> print "</div>";
>>>>>> }
>>>>>> -
>>>>>> print <<END
>>>>>> <table width='100%' class='tbl'>
>>>>>> <tr>
>>>>>> @@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++)
>>>>>> $percent = $value[$s] * 100 / $linesjc;
>>>>>> $percent = sprintf("%.f", $percent);
>>>>>> $total = $total + $value[$s];
>>>>>> - my $colorIndex = $color % 10;
>>>>>> - if($colorIndex == 0) {
>>>>>> - $colorIndex = 10;
>>>>>> - }
>>>>>> + # colors are numbered 1 to 10
>>>>>> + my $colorIndex = ($color % 10) + 1;
>>>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>>>> $color++;
>>>>>> print "<tr>";
>>>>>> @@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++)
>>>>>> print"<input type='hidden' name='country'
>>>>>> value='$key[$s]'>";
>>>>>> print"<input type='submit' value='details'></form>";
>>>>>> }
>>>>>> -
>>>>>> - if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s]
>>>>>> eq
>>>>>> 'orange0') {
>>>>>> + elsif ($key[$s] eq 'unknown') {
>>>>>> + print "unknown";
>>>>>> + }
>>>>>> + # Looks dangerous to use hardcoded interface names here.
>>>>>> Probably
>>>>>> needs fixing.
>>>>>> + if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' ||
>>>>>> $key[$s] eq
>>>>>> 'orange0' ) {
>>>>>> print "<td align='center' $col>$key[$s]</td>";
>>>>>> }
>>>>>> else {
>>>>>> @@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++)
>>>>>>
>>>>>> if($cgiparams{'otherspie'} == 2 ){}
>>>>>> else{
>>>>>> - my $colorIndex = $color % 10;
>>>>>> - if($colorIndex == 0) {
>>>>>> - $colorIndex = 10;
>>>>>> - }
>>>>>> + # colors are numbered 1 to 10
>>>>>> + my $colorIndex = ($color % 10) + 1;
>>>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>>>> print "<tr>";
>>>>>>
>>>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat
>>>>>> b/html/cgi
>>>>>> -bin/logs.cgi/firewalllogip.dat
>>>>>> index 7d82d20..6fc3422 100644
>>>>>> --- a/html/cgi-bin/logs.cgi/firewalllogip.dat
>>>>>> +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
>>>>>> @@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber >
>>>>>> $lines
>>>>>>>>
>>>>>> $sortcolumn == 2) { $pienumber =
>>>>>> $lines = 0;
>>>>>> foreach $_ (@log)
>>>>>> {
>>>>>> - if($_ =~ /SRC\=([\d\.]+)/){
>>>>>> + # Extract ipv4 or ipv6 address
>>>>>> + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_
>>>>>> =~
>>>>>> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>>>> $tabjc{$1} = $tabjc{$1} + 1 ;
>>>>>> if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines
>>>>>> =
>>>>>> $lines + 1; }
>>>>>> $linesjc++;
>>>>>> @@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++)
>>>>>> $percent = $value[$s] * 100 / $linesjc;
>>>>>> $percent = sprintf("%.f", $percent);
>>>>>> $total = $total + $value[$s];
>>>>>> - my $colorIndex = $color % 10;
>>>>>> - if($colorIndex == 0) {
>>>>>> - $colorIndex = 10;
>>>>>> - }
>>>>>> + # colors are numbered 1 to 10
>>>>>> + my $colorIndex = ($color % 10) + 1;
>>>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>>>> print "<tr>";
>>>>>>
>>>>>> @@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++)
>>>>>>
>>>>>> if($cgiparams{'otherspie'} == 2 ){}
>>>>>> else{
>>>>>> - my $colorIndex = $color % 10;
>>>>>> - if($colorIndex == 0) {
>>>>>> - $colorIndex = 10;
>>>>>> - }
>>>>>> + # colors are numbered 1 to 10
>>>>>> + my $colorIndex = ($color % 10) + 1;
>>>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>>>> print "<tr>";
>>>>>>
>>>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat
>>>>>> b/html/cgi
>>>>>> -bin/logs.cgi/firewalllogport.dat
>>>>>> index 5b0db62..583c1b3 100644
>>>>>> --- a/html/cgi-bin/logs.cgi/firewalllogport.dat
>>>>>> +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat
>>>>>> @@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++)
>>>>>> $percent = $value[$s] * 100 / $linesjc;
>>>>>> $percent = sprintf("%.f", $percent);
>>>>>> $total = $total + $value[$s];
>>>>>> - my $colorIndex = $color % 10;
>>>>>> - if($colorIndex == 0) {
>>>>>> - $colorIndex = 10;
>>>>>> - }
>>>>>> + # colors are numbered 1 to 10
>>>>>> + my $colorIndex = ($color % 10) + 1;
>>>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>>>> print "<tr>";
>>>>>>
>>>>>> @@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++)
>>>>>>
>>>>>> if($cgiparams{'otherspie'} == 2 ){}
>>>>>> else{
>>>>>> - my $colorIndex = $color % 10;
>>>>>> - if($colorIndex == 0) {
>>>>>> - $colorIndex = 10;
>>>>>> - }
>>>>>> + # colors are numbered 1 to 10
>>>>>> + my $colorIndex = ($color % 10) + 1;
>>>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>>>> print "<tr>";
>>>>>>
>>>>>> diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
>>>>>> b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
>>>>>> index 5283c42..0784ab9 100644
>>>>>> --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
>>>>>> +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
>>>>>> @@ -158,23 +158,35 @@ if (!$skip)
>>>>>> {
>>>>>> while (<FILE>)
>>>>>> {
>>>>>> - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>>>> kernel:.*(IN=.*)$/) {
>>>>>> - my $packet = $2;
>>>>>> - $packet =~ /IN=(\w+)/; my $iface=$1; if (
>>>>>> $1
>>>>>> =~
>>>>>> /2./ ){ $iface="";}
>>>>>> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
>>>>>> + # First check whether valid log line (date, day)
>>>>>> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>>>> kernel:.*(IN=.*)$/) {
>>>>>> + # If ipv6 uses bridge, then use PHYSIN otherwise use
>>>>>> IN
>>>>>> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>>>> kernel:.*(PHYSIN=.*)$/) {}
>>>>>> + elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\
>>>>>> -]+
>>>>>> kernel:.*(IN=.*)$/) {}
>>>>>> + my $packet = $2;
>>>>>> + my $iface = '';
>>>>>> + my $srcaddr = '';
>>>>>> + # If ipv6 uses bridge, use PHYSIN otherwise IN
>>>>>> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 }
>>>>>> elsif
>>>>>> ($packet =~ /IN=(\w+)/) { $iface = $1 }
>>>>>> + # Extract ipv4 and ipv6 addresses
>>>>>> + if (($packet =~
>>>>>> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
>>>>>> or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
>>>>>> -F]{0,4})){2,7})/)) {
>>>>>> + $srcaddr = $1
>>>>>> + };
>>>>>>
>>>>>> if($iface eq $country) {
>>>>>> + # iface matches country code
>>>>>> $log[$lines] = $_;
>>>>>> $lines++;
>>>>>> }
>>>>>> elsif($srcaddr ne '') {
>>>>>> + # or srcaddr matches country code
>>>>>> my $ccode = $gi
>>>>>> ->country_code_by_name($srcaddr);
>>>>>> if($ccode eq $country){
>>>>>> $log[$lines] = $_;
>>>>>> $lines++;
>>>>>> }
>>>>>> }
>>>>>> - }
>>>>>> + }
>>>>>> }
>>>>>> close (FILE);
>>>>>> }
>>>>>> @@ -194,16 +206,28 @@ if ($multifile) {
>>>>>> }
>>>>>> if (!$skip) {
>>>>>> while (<FILE>) {
>>>>>> - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>>>> kernel:.*(IN=.*)$/) {
>>>>>> - if($_ =~ /SRC\=([\d\.]+)/){
>>>>>> - my $srcaddr=$1;
>>>>>> - my $ccode = $gi
>>>>>> ->country_code_by_name($srcaddr);
>>>>>> - if($ccode eq $country){
>>>>>> + # Check if valid log line (date, day)
>>>>>> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>>>> kernel:.*(IN=.*)$/) {
>>>>>> + my $iface = '';
>>>>>> + # If ipv6 uses bridge, then use PHYSIN
>>>>>> otherwise
>>>>>> IN
>>>>>> + if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1
>>>>>> }
>>>>>> elsif
>>>>>> ($_ =~ /IN=(\w+)/) { $iface = $1 }
>>>>>> +
>>>>>> + if($iface eq $country) {
>>>>>> + # iface matches country code
>>>>>> + $log[$lines] = $_;
>>>>>> + $lines++;
>>>>>> + }
>>>>>> + # extract ipv4 and ipv6 address
>>>>>> + elsif (($_ =~
>>>>>> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0
>>>>>> -9a
>>>>>> -fA
>>>>>> -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>>>> + my $srcaddr=$1;
>>>>>> + my $ccode = $gi
>>>>>> ->country_code_by_name($srcaddr);
>>>>>> + if($ccode eq $country){
>>>>>> + # or srcaddr matches country code
>>>>>> $log[$lines] = $_;
>>>>>> $lines++;
>>>>>> + }
>>>>>> }
>>>>>> - }
>>>>>> - }
>>>>>> + }
>>>>>> }
>>>>>> close (FILE);
>>>>>> }
>>>>>> @@ -308,32 +332,45 @@ $lines = 0;
>>>>>> foreach $_ (@slice)
>>>>>> {
>>>>>> $a = $_;
>>>>>> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>>>> + # If ipv6 uses bridge, use PHYSIN otherwise use IN
>>>>>> + if (/^... (..) (..:..:..) [\w\-]+
>>>>>> kernel:(.*)(PHYSIN=.*)$/) {}
>>>>>> + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/)
>>>>>> {};
>>>>>> my $packet = $4;
>>>>>> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./
>>>>>> ){
>>>>>> $iface="";}
>>>>>> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
>>>>>> + my $iface = '';
>>>>>> + # If ipv6 uses bridge, use PHYSIN otherwise use IN
>>>>>> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
>>>>>> ($packet
>>>>>> =~
>>>>>> /IN=(\w+)/) { $iface = $1 }
>>>>>> + if ( $1 =~ /2./ ){ $iface="";}
>>>>>> + my $srcaddr = '';
>>>>>> + # Extract ipv4 and ipv6 addresses
>>>>>> + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
>>>>>> ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
>>>>>> -F]{0,4})){2,7})/))
>>>>>> {
>>>>>> + $srcaddr = $1
>>>>>> + };
>>>>>>
>>>>>> if($iface eq $country || $srcaddr ne '') {
>>>>>> - my $ccode;
>>>>>> + my $ccode='';
>>>>>> if($iface ne $country) {
>>>>>> $ccode = $gi->country_code_by_name($srcaddr);
>>>>>> }
>>>>>> if($iface eq $country || $ccode eq $country) {
>>>>>> - my $chain = '';
>>>>>> + my $chain = '';
>>>>>> my $in = '-'; my $out = '-';
>>>>>> my $srcaddr = ''; my $dstaddr = '';
>>>>>> my $protostr = '';
>>>>>> my $srcport = ''; my $dstport = '';
>>>>>>
>>>>>> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>>>> + # If ipv6 uses bridge, the use PHYSIN otherwise use IN
>>>>>> + if ($_ =~ /(^.* ..:..:..) [\w\-]+
>>>>>> kernel:(.*)(PHYSIN=.*)$/) {}
>>>>>> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+
>>>>>> kernel:(.*)(IN=.*)$/)
>>>>>> {}
>>>>>> my $timestamp = $1; my $chain = $2; my $packet = $3;
>>>>>> $timestamp =~ /(...) (..) (..:..:..)/;
>>>>>> my $month = $1; my $day = $2; my $time = $3;
>>>>>>
>>>>>> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
>>>>>> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
>>>>>> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
>>>>>> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
>>>>>> + # If ipv6 uses bridge, use PHYSIN and PHYSOUT,
>>>>>> otherwise
>>>>>> use
>>>>>> IN and OUT
>>>>>> + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~
>>>>>> /IN=(\w+)/) { $iface = $1 }
>>>>>> + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~
>>>>>> /OUT=(\w+)/) { $out = $1 }
>>>>>> + # Extract ipv4 and ipv6 addresses
>>>>>> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
>>>>>> ($a
>>>>>> =~
>>>>>> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>>>> $srcaddr =
>>>>>> $1; }
>>>>>> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
>>>>>> ($a
>>>>>> =~
>>>>>> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>>>> $dstaddr =
>>>>>> $1; }
>>>>>> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
>>>>>> my $protostrlc = lc($protostr);
>>>>>> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
>>>>>> diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat
>>>>>> b/html/cgi
>>>>>> -bin/logs.cgi/showrequestfromip.dat
>>>>>> index 09a60b5..94e795c 100644
>>>>>> --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat
>>>>>> +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat
>>>>>> @@ -155,7 +155,7 @@ if (!$skip)
>>>>>> while (<FILE>)
>>>>>> {
>>>>>> if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>>>> kernel:.*(IN=.*)$/) {
>>>>>> - if($_ =~ /SRC\=([\d\.]+)/){
>>>>>> + if (($_ =~
>>>>>> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
>>>>>> or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
>>>>>> -F]{0,4})){2,7})/)) {
>>>>>> if($1 eq $ip){
>>>>>> $log[$lines] = $_;
>>>>>> $lines++;
>>>>>> @@ -182,12 +182,12 @@ if ($multifile) {
>>>>>> if (!$skip) {
>>>>>> while (<FILE>) {
>>>>>> if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>>>> kernel:.*(IN=.*)$/) {
>>>>>> - if($_ =~ /SRC\=([\d\.]+)/){
>>>>>> - if($1 eq $ip){
>>>>>> + if (($_ =~
>>>>>> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0
>>>>>> -9a
>>>>>> -fA
>>>>>> -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>>>> + if($1 eq $ip){
>>>>>> $log[$lines] = $_;
>>>>>> $lines++;
>>>>>> - }
>>>>>> - }
>>>>>> + }
>>>>>> + }
>>>>>> }
>>>>>> }
>>>>>> close (FILE);
>>>>>> @@ -293,7 +293,8 @@ $lines = 0;
>>>>>> foreach $_ (@slice)
>>>>>> {
>>>>>> $a = $_;
>>>>>> - if($_ =~ /SRC\=([\d\.]+)/){
>>>>>> + # Check whether valid ipv4 or ipv6 address
>>>>>> + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_
>>>>>> =~
>>>>>> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>>>> if($1 eq $ip){
>>>>>> my $chain = '';
>>>>>> my $in = '-'; my $out = '-';
>>>>>> @@ -301,15 +302,19 @@ foreach $_ (@slice)
>>>>>> my $protostr = '';
>>>>>> my $srcport = ''; my $dstport = '';
>>>>>>
>>>>>> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>>>> + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
>>>>>> + if ($_ =~ /(^.* ..:..:..) [\w\-]+
>>>>>> kernel:(.*)(PHYSIN=.*)$/)
>>>>>> {}
>>>>>> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+
>>>>>> kernel:(.*)(IN=.*)$/)
>>>>>> {}
>>>>>> my $timestamp = $1; my $chain = $2; my $packet = $3;
>>>>>> $timestamp =~ /(...) (..) (..:..:..)/;
>>>>>> my $month = $1; my $day = $2; my $time = $3;
>>>>>>
>>>>>> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
>>>>>> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
>>>>>> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
>>>>>> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
>>>>>> + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT,
>>>>>> otherwise
>>>>>> use IN and OUT
>>>>>> + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a
>>>>>> =~
>>>>>> /IN=(\w+)/) { $iface = $1 }
>>>>>> + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a
>>>>>> =~
>>>>>> /OUT=(\w+)/) { $out = $1 }
>>>>>> + # Detect ipv4 and ipv6 addresses
>>>>>> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
>>>>>> ($a =~
>>>>>> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>>>> $srcaddr =
>>>>>> $1; }
>>>>>> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
>>>>>> ($a =~
>>>>>> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>>>> $dstaddr =
>>>>>> $1; }
>>>>>> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
>>>>>> my $protostrlc = lc($protostr);
>>>>>> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
>>>>>> diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat
>>>>>> b/html/cgi
>>>>>> -bin/logs.cgi/showrequestfromport.dat
>>>>>> index ad9823c..af7779a 100644
>>>>>> --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat
>>>>>> +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat
>>>>>> @@ -307,15 +307,19 @@ foreach $_ (@slice)
>>>>>> my $protostr = '';
>>>>>> my $srcport = ''; my $dstport = '';
>>>>>>
>>>>>> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>>>> + # If ipv6 uses bridge, the use PHYSIN, otherwise use
>>>>>> IN
>>>>>> + if ($_ =~ /(^.* ..:..:..) [\w\-]+
>>>>>> kernel:(.*)(PHYSIN=.*)$/)
>>>>>> {}
>>>>>> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+
>>>>>> kernel:(.*)(IN=.*)$/)
>>>>>> {}
>>>>>> my $timestamp = $1; my $chain = $2; my $packet = $3;
>>>>>> $timestamp =~ /(...) (..) (..:..:..)/;
>>>>>> my $month = $1; my $day = $2; my $time = $3; my $iface;
>>>>>>
>>>>>> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
>>>>>> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
>>>>>> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
>>>>>> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
>>>>>> + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT,
>>>>>> otherwise
>>>>>> use IN and OUT
>>>>>> + if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~
>>>>>> /IN\=(\w+)/) { $iface = $1; }
>>>>>> + if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a
>>>>>> =~
>>>>>> /OUT\=(\w+)/) { $out = $1; }
>>>>>> + # Detect ipv4 and ipv6 addresses
>>>>>> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
>>>>>> ($a =~
>>>>>> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>>>> $srcaddr =
>>>>>> $1; }
>>>>>> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
>>>>>> ($a =~
>>>>>> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>>>> $dstaddr =
>>>>>> $1; }
>>>>>> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
>>>>>> my $protostrlc = lc($protostr);
>>>>>> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
next prev parent reply other threads:[~2016-01-23 11:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0x3xhxmi44x6md2tsvl7fplt.1453449925919@email.android.com>
2016-01-22 21:00 ` AW: " Matthias Fischer
2016-01-23 0:43 ` Michael Tremer
2016-01-23 10:50 ` Michael Eitelwein
2016-01-23 10:59 ` Michael Tremer
2016-01-23 11:59 ` Michael Eitelwein [this message]
2016-01-23 13:07 ` Michael Tremer
2016-01-10 17:34 Michael Eitelwein
2016-01-22 0:59 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0F8A6B13-9243-4AFE-A156-3DA79D85DAFF@eitelwein.net \
--to=michael@eitelwein.net \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox