From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Eitelwein To: development@lists.ipfire.org Subject: Re: [PATCH 1/5] Enable correct display of ipv6 entries in Firewall log pages of web UI Date: Sat, 23 Jan 2016 12:59:22 +0100 Message-ID: <0F8A6B13-9243-4AFE-A156-3DA79D85DAFF@eitelwein.net> In-Reply-To: <1453546762.585.96.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4312223129998049059==" List-Id: --===============4312223129998049059== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Ok, would concentrate on ipfire3 then.=20 Only issue I have is that I am not experienced enough to develop something fr= om scratch. If there is an existing architecture/framework, then I should be = able to dig in and produce algorithms and code. So if there were a developer = who could point me to the topics to be picked up and get started, this would = be very helpful for me. Hope this makes sense. Michael > Am 23.01.2016 um 11:59 schrieb Michael Tremer : >=20 > Good morning, >=20 > On Sat, 2016-01-23 at 11:50 +0100, Michael Eitelwein wrote: >> Thanks a lot.=20 >>=20 >> Moving on to firewall configuration for IPv6 on the web GUI - who >> would be the right person to talk to in order to understand the >> architecture and structure of the code? Or do I need to reverse >> engineer the existing? >=20 > Well, we have decided that this is a piece of work that is not possible > to do with the IPFire 2 web user interface and especially not in > reasonable time with a result that we would want. >=20 >> Does it make sense to add this to ipfire2 or should I focus on >> ipfire3? >=20 > We have started IPFire 3 instead and that's where there is full IPv6 > support. Please install the latest image and have a look. >=20 > Best, > -Michael >=20 >>=20 >> Best regards >>=20 >> Michael >>=20 >>=20 >>=20 >> Liebe Gr=C3=BC=C3=9Fe, >>=20 >> Michael >>> Am 23.01.2016 um 01:43 schrieb Michael Tremer < >>> michael.tremer(a)ipfire.org>: >>>=20 >>> Hi, >>>=20 >>> I merged these by pulling from your Git repository. >>>=20 >>> Please fix this email issue. >>>=20 >>>> On Fri, 2016-01-22 at 22:00 +0100, Matthias Fischer wrote: >>>>> On 22.01.2016 19:00, Michael Eitelwein wrote: >>>>>=20 >>>>>=20 >>>>>=20 >>>>> Hi >>>>> The patch itself is working on my machine without issues. If >>>>> Matthias did not observe any issues as well, than I would >>>>> propose >>>>> to merge it into the next release. Please let me know if there >>>>> is >>>>> anything I have to do to get them merged. >>>>> The problems of applying the patch were not further examined, >>>>> as >>>>> Matthias was able to apply them in the end. Also they are now >>>>> available in git.ipfire.org, so they can be applied directly >>>>> from >>>>> there. >>>>> Michael >>>>=20 >>>> Hi, >>>>=20 >>>> I just clicked through all '.dat'-files: I saw no problems. >>>>=20 >>>> Playing chicken: did anyone *else* test this? ;-) >>>=20 >>> I guess the answer is the usual one. >>>=20 >>>> Best, >>>> Matthias >>>>=20 >>>> P.S.: ME, while replying to "ALL", there is something weird with >>>> your >>>> email-address: it just says "michael", not "michael(a)eitelwein.net >>>> ". I >>>> had to add your address manually from my addressbook. Bug or >>>> feature- >>>> mine or yours? >>>=20 >>> Yeah that is a misconfiguration in the email client. >>>=20 >>>>=20 >>>>> -------- Urspr=C3=BCngliche Nachricht -------- >>>>> Von: Michael Tremer =20 >>>>> Datum: 22.01.2016 01:59 (GMT+01:00)=20 >>>>> An: Michael Eitelwein , IPFire >>>>> Development >>>>> List =20 >>>>> Cc: Matthias Fischer =20 >>>>> Betreff: Re: [PATCH 1/5] Enable correct display of ipv6 entries >>>>> in >>>>> Firewall log pages of web UI=20 >>>>>=20 >>>>> Hi, >>>>>=20 >>>>> did you work out what the issue was with these emails? >>>>>=20 >>>>> Best, >>>>> -Michael >>>>>=20 >>>>>> On Sun, 2016-01-10 at 18:34 +0100, Michael Eitelwein wrote: >>>>>> 3 main changes: >>>>>> - Fill $iface and $out from PHYSIN and PHYSOUT when looking >>>>>> at >>>>>> bridged packets, othewerwise fill from IN and OUT >>>>>> - Recognize ipv4 and ipv6 address style for $srcaddr and >>>>>> $dstaddr >>>>>> - Match color coding of tables to pie charts >>>>>>=20 >>>>>> I am using the bridged ipv6 setup as proposed in the wiki. I >>>>>> do >>>>>> not >>>>>> think this breaks anything when not using ipv6. So it would >>>>>> be >>>>>> nice >>>>>> to include this even if ipv6 is not officially supported yet. >>>>>> It >>>>>> is >>>>>> quite useful when using the ipv6 setup. >>>>>>=20 >>>>>> Signed-off-by: Michael Eitelwein >>>>>>=20 >>>>>> --- >>>>>> html/cgi-bin/logs.cgi/firewalllog.dat | 14 ++-- >>>>>> html/cgi-bin/logs.cgi/firewalllogcountry.dat | 43 >>>>>> ++++++++- >>>>>> ---- >>>>>> html/cgi-bin/logs.cgi/firewalllogip.dat | 15 ++--- >>>>>> html/cgi-bin/logs.cgi/firewalllogport.dat | 12 ++-- >>>>>> html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 81 >>>>>> +++++++++++++++++------- >>>>>> html/cgi-bin/logs.cgi/showrequestfromip.dat | 27 ++++-- >>>>>> -- >>>>>> html/cgi-bin/logs.cgi/showrequestfromport.dat | 14 ++-- >>>>>> 7 files changed, 131 insertions(+), 75 deletions(-) >>>>>>=20 >>>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi >>>>>> -bin/logs.cgi/firewalllog.dat >>>>>> index 5a584d6..42c9612 100644 >>>>>> --- a/html/cgi-bin/logs.cgi/firewalllog.dat >>>>>> +++ b/html/cgi-bin/logs.cgi/firewalllog.dat >>>>>> @@ -328,7 +328,10 @@ END >>>>>> $lines =3D 0; >>>>>> foreach $_ (@log) >>>>>> { >>>>>> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/; >>>>>> + # If ipv6 uses a bridge, PHYSIN=3D contains the relevant >>>>>> iface >>>>>> information >>>>>> + # otherwise use IN=3D >>>>>> + if ($_ =3D~ /^... (..) (..:..:..) [\w\-]+ >>>>>> kernel:(.*)(PHYSIN=3D.*)$/) {} >>>>>> + elsif ($_ =3D~ /^... (..) (..:..:..) [\w\-]+ >>>>>> kernel:(.*)(IN=3D.*)$/) {} >>>>>> my $day =3D $1; >>>>>> $day =3D~ tr / /0/; >>>>>> my $time =3D $cgiparams{'DAY'} ? "$2" : "$day/$2" ; >>>>>> @@ -336,9 +339,12 @@ foreach $_ (@log) >>>>>> my $packet =3D $4; >>>>>>=20 >>>>>> my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, >>>>>> $srcport, >>>>>> $dstport); >>>>>> - $iface=3D$1 if $packet =3D~ /IN=3D(\w+)/; >>>>>> - $srcaddr=3D$1 if $packet =3D~ /SRC=3D([\d\.]+)/; >>>>>> - $dstaddr=3D$1 if $packet =3D~ /DST=3D([\d\.]+)/; >>>>>> + if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface=3D$1 } elsif >>>>>> ($packet >>>>>> =3D~ /IN=3D(\w+)/) { $iface =3D $1} >>>>>> + # Identify whether ipv4 or ipv6. Both are mutally >>>>>> exclusive. >>>>>> + if ($packet =3D~ >>>>>> /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) { >>>>>> $srcaddr=3D$1 } >>>>>> + if ($packet =3D~ /SRC\=3D(([0-9a-fA >>>>>> -F]{0,4})(\:([0 >>>>>> -9a-fA >>>>>> -F]{0,4})){2,7})/) { $srcaddr=3D$1 } >>>>>> + if ($packet =3D~ >>>>>> /DST\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) { >>>>>> $dstaddr=3D$1 } >>>>>> + if ($packet =3D~ /DST\=3D(([0-9a-fA >>>>>> -F]{0,4})(\:([0 >>>>>> -9a-fA >>>>>> -F]{0,4})){2,7})/) { $dstaddr=3D$1 } >>>>>> $macaddr=3D$1 if $packet =3D~ /MAC=3D([\w+\:]+)/; >>>>>> $proto=3D$1 if $packet =3D~ /PROTO=3D(\w+)/; >>>>>> $srcport=3D$1 if $packet =3D~ /SPT=3D(\d+)/; >>>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat >>>>>> b/html/cgi >>>>>> -bin/logs.cgi/firewalllogcountry.dat >>>>>> index f998a62..2661ddd 100644 >>>>>> --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat >>>>>> +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat >>>>>> @@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} !=3D >>>>>> 0){$pienumber=3D$cgiparams{'pienumber'};} >>>>>> if( $cgiparams{'otherspie'} !=3D >>>>>> 0){$otherspie=3D$cgiparams{'otherspie'};} >>>>>> if( $cgiparams{'showpie'} !=3D >>>>>> 0){$showpie=3D$cgiparams{'showpie'};} >>>>>> if( $cgiparams{'sortcolumn'} !=3D >>>>>> 0){$sortcolumn=3D$cgiparams{'sortcolumn'};} >>>>>> - >>>>>> print <>>>>> >>>>>> >>>>>> @@ -294,15 +293,24 @@ $lines =3D 0; >>>>>>=20 >>>>>> foreach $_ (@log) >>>>>> { >>>>>> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/; >>>>>> + # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN >>>>>> + if (/^... (..) (..:..:..) [\w\-]+ >>>>>> kernel:(.*)(PHYSIN=3D.*)$/) {} >>>>>> + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/) >>>>>> {} >>>>>> my $packet =3D $4; >>>>>> - $packet =3D~ /IN=3D(\w+)/; my $iface=3D$1; if ( $1 =3D~ /2./ >>>>>> ){ >>>>>> $iface=3D"";} >>>>>> - $packet =3D~ /SRC=3D([\d\.]+)/; my $srcaddr=3D$1; >>>>>> + my $iface =3D ''; >>>>>> + if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } elsif >>>>>> ($packet >>>>>> =3D~ >>>>>> /IN=3D(\w+)/) { $iface =3D $1 } >>>>>> + if ( $1 =3D~ /2./ ) { $iface=3D''; } >>>>>> + my $srcaddr =3D ''; >>>>>> + # Find ipv4 and ipv6 addresses >>>>>> + if ($packet =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) { >>>>>> $srcaddr >>>>>> =3D $1 } >>>>>> + elsif ($packet =3D~ /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA >>>>>> -F]{0,4})){2,7})/) { $srcaddr =3D $1 } >>>>>>=20 >>>>>> if($iface eq $red_interface) { >>>>>> + # Traffic from red >>>>>> if($srcaddr ne '') { >>>>>> + # srcaddr is set >>>>>> my $ccode =3D $gi->country_code_by_name($srcaddr); >>>>>> - if( $ccode eq '') { >>>>>> + if ($ccode eq '') { >>>>>> $ccode =3D 'unknown'; >>>>>> } >>>>>> $tabjc{$ccode} =3D $tabjc{$ccode} + 1 ; >>>>>> @@ -311,11 +319,16 @@ foreach $_ (@log) >>>>>> } >>>>>> } >>>>>> else { >>>>>> + # Traffic not from red >>>>>> if($iface ne '') { >>>>>> $tabjc{$iface} =3D $tabjc{$iface} + 1 ; >>>>>> if(($tabjc{$iface} =3D=3D 1) && ($lines < $pienumber)) { >>>>>> $lines >>>>>> =3D $lines + 1; } >>>>>> $linesjc++; >>>>>> } >>>>>> + else { >>>>>> + # What to do with empty iface lines? >>>>>> + # This probably is traffic from ipfire itself (IN=3D >>>>>> OUT=3DXY)? >>>>>> + } >>>>>> } >>>>>> } >>>>>>=20 >>>>>> @@ -423,7 +436,6 @@ if ($showpie !=3D 2 && $pienumber <=3D 50 && >>>>>> $pienumber !=3D 0) { >>>>>> print ">>>>> -country$imagerandom.png'>"; >>>>>> print ""; >>>>>> } >>>>>> - >>>>>> print <>>>>> >>>>>> >>>>>> @@ -448,10 +460,8 @@ for($s=3D0;$s<$lines;$s++) >>>>>> $percent =3D $value[$s] * 100 / $linesjc; >>>>>> $percent =3D sprintf("%.f", $percent); >>>>>> $total =3D $total + $value[$s]; >>>>>> - my $colorIndex =3D $color % 10; >>>>>> - if($colorIndex =3D=3D 0) { >>>>>> - $colorIndex =3D 10; >>>>>> - } >>>>>> + # colors are numbered 1 to 10 >>>>>> + my $colorIndex =3D ($color % 10) + 1; >>>>>> $col=3D"bgcolor=3D'$color{\"color$colorIndex\"}'"; >>>>>> $color++; >>>>>> print ""; >>>>>> @@ -466,8 +476,11 @@ for($s=3D0;$s<$lines;$s++) >>>>>> print">>>>> value=3D'$key[$s]'>"; >>>>>> print""; >>>>>> } >>>>>> - >>>>>> - if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] >>>>>> eq >>>>>> 'orange0') { >>>>>> + elsif ($key[$s] eq 'unknown') { >>>>>> + print "unknown"; >>>>>> + } >>>>>> + # Looks dangerous to use hardcoded interface names here. >>>>>> Probably >>>>>> needs fixing. >>>>>> + if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || >>>>>> $key[$s] eq >>>>>> 'orange0' ) { >>>>>> print ""; >>>>>> } >>>>>> else { >>>>>> @@ -489,10 +502,8 @@ for($s=3D0;$s<$lines;$s++) >>>>>>=20 >>>>>> if($cgiparams{'otherspie'} =3D=3D 2 ){} >>>>>> else{ >>>>>> - my $colorIndex =3D $color % 10; >>>>>> - if($colorIndex =3D=3D 0) { >>>>>> - $colorIndex =3D 10; >>>>>> - } >>>>>> + # colors are numbered 1 to 10 >>>>>> + my $colorIndex =3D ($color % 10) + 1; >>>>>> $col=3D"bgcolor=3D'$color{\"color$colorIndex\"}'"; >>>>>> print ""; >>>>>>=20 >>>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat >>>>>> b/html/cgi >>>>>> -bin/logs.cgi/firewalllogip.dat >>>>>> index 7d82d20..6fc3422 100644 >>>>>> --- a/html/cgi-bin/logs.cgi/firewalllogip.dat >>>>>> +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat >>>>>> @@ -291,7 +291,8 @@ if ($pienumber =3D=3D -1 || $pienumber > >>>>>> $lines >>>>>>>>=20 >>>>>> $sortcolumn =3D=3D 2) { $pienumber =3D >>>>>> $lines =3D 0; >>>>>> foreach $_ (@log) >>>>>> { >>>>>> - if($_ =3D~ /SRC\=3D([\d\.]+)/){ >>>>>> + # Extract ipv4 or ipv6 address >>>>>> + if (($_ =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ >>>>>> =3D~ >>>>>> /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { >>>>>> $tabjc{$1} =3D $tabjc{$1} + 1 ; >>>>>> if(($tabjc{$1} =3D=3D 1) && ($lines < $pienumber)) { $lines >>>>>> =3D >>>>>> $lines + 1; } >>>>>> $linesjc++; >>>>>> @@ -428,10 +429,8 @@ for($s=3D0;$s<$lines;$s++) >>>>>> $percent =3D $value[$s] * 100 / $linesjc; >>>>>> $percent =3D sprintf("%.f", $percent); >>>>>> $total =3D $total + $value[$s]; >>>>>> - my $colorIndex =3D $color % 10; >>>>>> - if($colorIndex =3D=3D 0) { >>>>>> - $colorIndex =3D 10; >>>>>> - } >>>>>> + # colors are numbered 1 to 10 >>>>>> + my $colorIndex =3D ($color % 10) + 1; >>>>>> $col=3D"bgcolor=3D'$color{\"color$colorIndex\"}'"; >>>>>> print ""; >>>>>>=20 >>>>>> @@ -459,10 +458,8 @@ for($s=3D0;$s<$lines;$s++) >>>>>>=20 >>>>>> if($cgiparams{'otherspie'} =3D=3D 2 ){} >>>>>> else{ >>>>>> - my $colorIndex =3D $color % 10; >>>>>> - if($colorIndex =3D=3D 0) { >>>>>> - $colorIndex =3D 10; >>>>>> - } >>>>>> + # colors are numbered 1 to 10 >>>>>> + my $colorIndex =3D ($color % 10) + 1; >>>>>> $col=3D"bgcolor=3D'$color{\"color$colorIndex\"}'"; >>>>>> print ""; >>>>>>=20 >>>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat >>>>>> b/html/cgi >>>>>> -bin/logs.cgi/firewalllogport.dat >>>>>> index 5b0db62..583c1b3 100644 >>>>>> --- a/html/cgi-bin/logs.cgi/firewalllogport.dat >>>>>> +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat >>>>>> @@ -429,10 +429,8 @@ for($s=3D0;$s<$lines;$s++) >>>>>> $percent =3D $value[$s] * 100 / $linesjc; >>>>>> $percent =3D sprintf("%.f", $percent); >>>>>> $total =3D $total + $value[$s]; >>>>>> - my $colorIndex =3D $color % 10; >>>>>> - if($colorIndex =3D=3D 0) { >>>>>> - $colorIndex =3D 10; >>>>>> - } >>>>>> + # colors are numbered 1 to 10 >>>>>> + my $colorIndex =3D ($color % 10) + 1; >>>>>> $col=3D"bgcolor=3D'$color{\"color$colorIndex\"}'"; >>>>>> print ""; >>>>>>=20 >>>>>> @@ -446,10 +444,8 @@ for($s=3D0;$s<$lines;$s++) >>>>>>=20 >>>>>> if($cgiparams{'otherspie'} =3D=3D 2 ){} >>>>>> else{ >>>>>> - my $colorIndex =3D $color % 10; >>>>>> - if($colorIndex =3D=3D 0) { >>>>>> - $colorIndex =3D 10; >>>>>> - } >>>>>> + # colors are numbered 1 to 10 >>>>>> + my $colorIndex =3D ($color % 10) + 1; >>>>>> $col=3D"bgcolor=3D'$color{\"color$colorIndex\"}'"; >>>>>> print ""; >>>>>>=20 >>>>>> diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat >>>>>> b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat >>>>>> index 5283c42..0784ab9 100644 >>>>>> --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat >>>>>> +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat >>>>>> @@ -158,23 +158,35 @@ if (!$skip) >>>>>> { >>>>>> while () >>>>>> { >>>>>> - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ >>>>>> kernel:.*(IN=3D.*)$/) { >>>>>> - my $packet =3D $2; >>>>>> - $packet =3D~ /IN=3D(\w+)/; my $iface=3D$1; if ( >>>>>> $1 >>>>>> =3D~ >>>>>> /2./ ){ $iface=3D"";} >>>>>> - $packet =3D~ /SRC=3D([\d\.]+)/; my $srcaddr=3D$1; >>>>>> + # First check whether valid log line (date, day) >>>>>> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ >>>>>> kernel:.*(IN=3D.*)$/) { >>>>>> + # If ipv6 uses bridge, then use PHYSIN otherwise use >>>>>> IN >>>>>> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ >>>>>> kernel:.*(PHYSIN=3D.*)$/) {} >>>>>> + elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\ >>>>>> -]+ >>>>>> kernel:.*(IN=3D.*)$/) {} >>>>>> + my $packet =3D $2; >>>>>> + my $iface =3D ''; >>>>>> + my $srcaddr =3D ''; >>>>>> + # If ipv6 uses bridge, use PHYSIN otherwise IN >>>>>> + if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } >>>>>> elsif >>>>>> ($packet =3D~ /IN=3D(\w+)/) { $iface =3D $1 } >>>>>> + # Extract ipv4 and ipv6 addresses >>>>>> + if (($packet =3D~ >>>>>> /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) >>>>>> or ($packet =3D~ /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA >>>>>> -F]{0,4})){2,7})/)) { >>>>>> + $srcaddr =3D $1 >>>>>> + }; >>>>>>=20 >>>>>> if($iface eq $country) { >>>>>> + # iface matches country code >>>>>> $log[$lines] =3D $_; >>>>>> $lines++; >>>>>> } >>>>>> elsif($srcaddr ne '') { >>>>>> + # or srcaddr matches country code >>>>>> my $ccode =3D $gi >>>>>> ->country_code_by_name($srcaddr); >>>>>> if($ccode eq $country){ >>>>>> $log[$lines] =3D $_; >>>>>> $lines++; >>>>>> } >>>>>> } >>>>>> - } >>>>>> + } >>>>>> } >>>>>> close (FILE); >>>>>> } >>>>>> @@ -194,16 +206,28 @@ if ($multifile) { >>>>>> } >>>>>> if (!$skip) { >>>>>> while () { >>>>>> - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ >>>>>> kernel:.*(IN=3D.*)$/) { >>>>>> - if($_ =3D~ /SRC\=3D([\d\.]+)/){ >>>>>> - my $srcaddr=3D$1; >>>>>> - my $ccode =3D $gi >>>>>> ->country_code_by_name($srcaddr); >>>>>> - if($ccode eq $country){ >>>>>> + # Check if valid log line (date, day) >>>>>> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ >>>>>> kernel:.*(IN=3D.*)$/) { >>>>>> + my $iface =3D ''; >>>>>> + # If ipv6 uses bridge, then use PHYSIN >>>>>> otherwise >>>>>> IN >>>>>> + if ($_ =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 >>>>>> } >>>>>> elsif >>>>>> ($_ =3D~ /IN=3D(\w+)/) { $iface =3D $1 } >>>>>> + >>>>>> + if($iface eq $country) { >>>>>> + # iface matches country code >>>>>> + $log[$lines] =3D $_; >>>>>> + $lines++; >>>>>> + } >>>>>> + # extract ipv4 and ipv6 address >>>>>> + elsif (($_ =3D~ >>>>>> /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =3D~ /SRC\=3D(([0 >>>>>> -9a >>>>>> -fA >>>>>> -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { >>>>>> + my $srcaddr=3D$1; >>>>>> + my $ccode =3D $gi >>>>>> ->country_code_by_name($srcaddr); >>>>>> + if($ccode eq $country){ >>>>>> + # or srcaddr matches country code >>>>>> $log[$lines] =3D $_; >>>>>> $lines++; >>>>>> + } >>>>>> } >>>>>> - } >>>>>> - } >>>>>> + } >>>>>> } >>>>>> close (FILE); >>>>>> } >>>>>> @@ -308,32 +332,45 @@ $lines =3D 0; >>>>>> foreach $_ (@slice) >>>>>> { >>>>>> $a =3D $_; >>>>>> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/; >>>>>> + # If ipv6 uses bridge, use PHYSIN otherwise use IN >>>>>> + if (/^... (..) (..:..:..) [\w\-]+ >>>>>> kernel:(.*)(PHYSIN=3D.*)$/) {} >>>>>> + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/) >>>>>> {}; >>>>>> my $packet =3D $4; >>>>>> - $packet =3D~ /IN=3D(\w+)/; my $iface=3D$1; if ( $1 =3D~ /2./ >>>>>> ){ >>>>>> $iface=3D"";} >>>>>> - $packet =3D~ /SRC=3D([\d\.]+)/; my $srcaddr=3D$1; >>>>>> + my $iface =3D ''; >>>>>> + # If ipv6 uses bridge, use PHYSIN otherwise use IN >>>>>> + if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } elsif >>>>>> ($packet >>>>>> =3D~ >>>>>> /IN=3D(\w+)/) { $iface =3D $1 } >>>>>> + if ( $1 =3D~ /2./ ){ $iface=3D"";} >>>>>> + my $srcaddr =3D ''; >>>>>> + # Extract ipv4 and ipv6 addresses >>>>>> + if (($packet =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or >>>>>> ($packet =3D~ /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA >>>>>> -F]{0,4})){2,7})/)) >>>>>> { >>>>>> + $srcaddr =3D $1 >>>>>> + }; >>>>>>=20 >>>>>> if($iface eq $country || $srcaddr ne '') { >>>>>> - my $ccode; >>>>>> + my $ccode=3D''; >>>>>> if($iface ne $country) { >>>>>> $ccode =3D $gi->country_code_by_name($srcaddr); >>>>>> } >>>>>> if($iface eq $country || $ccode eq $country) { >>>>>> - my $chain =3D ''; >>>>>> + my $chain =3D ''; >>>>>> my $in =3D '-'; my $out =3D '-'; >>>>>> my $srcaddr =3D ''; my $dstaddr =3D ''; >>>>>> my $protostr =3D ''; >>>>>> my $srcport =3D ''; my $dstport =3D ''; >>>>>>=20 >>>>>> - $_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/; >>>>>> + # If ipv6 uses bridge, the use PHYSIN otherwise use IN >>>>>> + if ($_ =3D~ /(^.* ..:..:..) [\w\-]+ >>>>>> kernel:(.*)(PHYSIN=3D.*)$/) {} >>>>>> + elsif ($_ =3D~ /(^.* ..:..:..) [\w\-]+ >>>>>> kernel:(.*)(IN=3D.*)$/) >>>>>> {} >>>>>> my $timestamp =3D $1; my $chain =3D $2; my $packet =3D $3; >>>>>> $timestamp =3D~ /(...) (..) (..:..:..)/; >>>>>> my $month =3D $1; my $day =3D $2; my $time =3D $3; >>>>>>=20 >>>>>> - if ($a =3D~ /IN\=3D(\w+)/) { $iface =3D $1; } >>>>>> - if ($a =3D~ /OUT\=3D(\w+)/) { $out =3D $1; } >>>>>> - if ($a =3D~ /SRC\=3D([\d\.]+)/) { $srcaddr =3D $1; } >>>>>> - if ($a =3D~ /DST\=3D([\d\.]+)/) { $dstaddr =3D $1; } >>>>>> + # If ipv6 uses bridge, use PHYSIN and PHYSOUT, >>>>>> otherwise >>>>>> use >>>>>> IN and OUT >>>>>> + if ($a =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } elsif ($a =3D~ >>>>>> /IN=3D(\w+)/) { $iface =3D $1 } >>>>>> + if ($a =3D~ /PHYSOUT=3D(\w+)/) { $out =3D $1 } elsif ($a =3D~ >>>>>> /OUT=3D(\w+)/) { $out =3D $1 } >>>>>> + # Extract ipv4 and ipv6 addresses >>>>>> + if (($a =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or >>>>>> ($a >>>>>> =3D~ >>>>>> /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { >>>>>> $srcaddr =3D >>>>>> $1; } >>>>>> + if (($a =3D~ /DST\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or >>>>>> ($a >>>>>> =3D~ >>>>>> /DST\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { >>>>>> $dstaddr =3D >>>>>> $1; } >>>>>> if ($a =3D~ /PROTO\=3D(\w+)/) { $protostr =3D $1; } >>>>>> my $protostrlc =3D lc($protostr); >>>>>> if ($a =3D~ /SPT\=3D([\d\.]+)/){ $srcport =3D $1; } >>>>>> diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat >>>>>> b/html/cgi >>>>>> -bin/logs.cgi/showrequestfromip.dat >>>>>> index 09a60b5..94e795c 100644 >>>>>> --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat >>>>>> +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat >>>>>> @@ -155,7 +155,7 @@ if (!$skip) >>>>>> while () >>>>>> { >>>>>> if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ >>>>>> kernel:.*(IN=3D.*)$/) { >>>>>> - if($_ =3D~ /SRC\=3D([\d\.]+)/){ >>>>>> + if (($_ =3D~ >>>>>> /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) >>>>>> or ($_ =3D~ /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA >>>>>> -F]{0,4})){2,7})/)) { >>>>>> if($1 eq $ip){ >>>>>> $log[$lines] =3D $_; >>>>>> $lines++; >>>>>> @@ -182,12 +182,12 @@ if ($multifile) { >>>>>> if (!$skip) { >>>>>> while () { >>>>>> if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ >>>>>> kernel:.*(IN=3D.*)$/) { >>>>>> - if($_ =3D~ /SRC\=3D([\d\.]+)/){ >>>>>> - if($1 eq $ip){ >>>>>> + if (($_ =3D~ >>>>>> /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =3D~ /SRC\=3D(([0 >>>>>> -9a >>>>>> -fA >>>>>> -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { >>>>>> + if($1 eq $ip){ >>>>>> $log[$lines] =3D $_; >>>>>> $lines++; >>>>>> - } >>>>>> - } >>>>>> + } >>>>>> + } >>>>>> } >>>>>> } >>>>>> close (FILE); >>>>>> @@ -293,7 +293,8 @@ $lines =3D 0; >>>>>> foreach $_ (@slice) >>>>>> { >>>>>> $a =3D $_; >>>>>> - if($_ =3D~ /SRC\=3D([\d\.]+)/){ >>>>>> + # Check whether valid ipv4 or ipv6 address >>>>>> + if (($_ =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ >>>>>> =3D~ >>>>>> /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { >>>>>> if($1 eq $ip){ >>>>>> my $chain =3D ''; >>>>>> my $in =3D '-'; my $out =3D '-'; >>>>>> @@ -301,15 +302,19 @@ foreach $_ (@slice) >>>>>> my $protostr =3D ''; >>>>>> my $srcport =3D ''; my $dstport =3D ''; >>>>>>=20 >>>>>> - $_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/; >>>>>> + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN >>>>>> + if ($_ =3D~ /(^.* ..:..:..) [\w\-]+ >>>>>> kernel:(.*)(PHYSIN=3D.*)$/) >>>>>> {} >>>>>> + elsif ($_ =3D~ /(^.* ..:..:..) [\w\-]+ >>>>>> kernel:(.*)(IN=3D.*)$/) >>>>>> {} >>>>>> my $timestamp =3D $1; my $chain =3D $2; my $packet =3D $3; >>>>>> $timestamp =3D~ /(...) (..) (..:..:..)/; >>>>>> my $month =3D $1; my $day =3D $2; my $time =3D $3; >>>>>>=20 >>>>>> - if ($a =3D~ /IN\=3D(\w+)/) { $iface =3D $1; } >>>>>> - if ($a =3D~ /OUT\=3D(\w+)/) { $out =3D $1; } >>>>>> - if ($a =3D~ /SRC\=3D([\d\.]+)/) { $srcaddr =3D $1; } >>>>>> - if ($a =3D~ /DST\=3D([\d\.]+)/) { $dstaddr =3D $1; } >>>>>> + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, >>>>>> otherwise >>>>>> use IN and OUT >>>>>> + if ($a =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } elsif ($a >>>>>> =3D~ >>>>>> /IN=3D(\w+)/) { $iface =3D $1 } >>>>>> + if ($a =3D~ /PHYSOUT=3D(\w+)/) { $out =3D $1 } elsif ($a >>>>>> =3D~ >>>>>> /OUT=3D(\w+)/) { $out =3D $1 } >>>>>> + # Detect ipv4 and ipv6 addresses >>>>>> + if (($a =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or >>>>>> ($a =3D~ >>>>>> /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { >>>>>> $srcaddr =3D >>>>>> $1; } >>>>>> + if (($a =3D~ /DST\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or >>>>>> ($a =3D~ >>>>>> /DST\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { >>>>>> $dstaddr =3D >>>>>> $1; } >>>>>> if ($a =3D~ /PROTO\=3D(\w+)/) { $protostr =3D $1; } >>>>>> my $protostrlc =3D lc($protostr); >>>>>> if ($a =3D~ /SPT\=3D([\d\.]+)/){ $srcport =3D $1; } >>>>>> diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat >>>>>> b/html/cgi >>>>>> -bin/logs.cgi/showrequestfromport.dat >>>>>> index ad9823c..af7779a 100644 >>>>>> --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat >>>>>> +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat >>>>>> @@ -307,15 +307,19 @@ foreach $_ (@slice) >>>>>> my $protostr =3D ''; >>>>>> my $srcport =3D ''; my $dstport =3D ''; >>>>>>=20 >>>>>> - $_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/; >>>>>> + # If ipv6 uses bridge, the use PHYSIN, otherwise use >>>>>> IN >>>>>> + if ($_ =3D~ /(^.* ..:..:..) [\w\-]+ >>>>>> kernel:(.*)(PHYSIN=3D.*)$/) >>>>>> {} >>>>>> + elsif ($_ =3D~ /(^.* ..:..:..) [\w\-]+ >>>>>> kernel:(.*)(IN=3D.*)$/) >>>>>> {} >>>>>> my $timestamp =3D $1; my $chain =3D $2; my $packet =3D $3; >>>>>> $timestamp =3D~ /(...) (..) (..:..:..)/; >>>>>> my $month =3D $1; my $day =3D $2; my $time =3D $3; my $iface; >>>>>>=20 >>>>>> - if ($a =3D~ /IN\=3D(\w+)/) { $iface =3D $1; } >>>>>> - if ($a =3D~ /OUT\=3D(\w+)/) { $out =3D $1; } >>>>>> - if ($a =3D~ /SRC\=3D([\d\.]+)/) { $srcaddr =3D $1; } >>>>>> - if ($a =3D~ /DST\=3D([\d\.]+)/) { $dstaddr =3D $1; } >>>>>> + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, >>>>>> otherwise >>>>>> use IN and OUT >>>>>> + if ($a =3D~ /PHYSIN\=3D(\w+)/) { $iface =3D $1; } elsif ($a =3D~ >>>>>> /IN\=3D(\w+)/) { $iface =3D $1; } >>>>>> + if ($a =3D~ /PHYSOUT\=3D(\w+)/) { $out =3D $1; } elsif ($a >>>>>> =3D~ >>>>>> /OUT\=3D(\w+)/) { $out =3D $1; } >>>>>> + # Detect ipv4 and ipv6 addresses >>>>>> + if (($a =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or >>>>>> ($a =3D~ >>>>>> /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { >>>>>> $srcaddr =3D >>>>>> $1; } >>>>>> + if (($a =3D~ /DST\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or >>>>>> ($a =3D~ >>>>>> /DST\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { >>>>>> $dstaddr =3D >>>>>> $1; } >>>>>> if ($a =3D~ /PROTO\=3D(\w+)/) { $protostr =3D $1; } >>>>>> my $protostrlc =3D lc($protostr); >>>>>> if ($a =3D~ /SPT\=3D([\d\.]+)/){ $srcport =3D $1; } --===============4312223129998049059==--
$key[$s]