From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/5] Enable correct display of ipv6 entries in Firewall log pages of web UI
Date: Fri, 22 Jan 2016 00:59:26 +0000 [thread overview]
Message-ID: <1453424366.585.23.camel@ipfire.org> (raw)
In-Reply-To: <5692963D.7020607@eitelwein.net>
[-- Attachment #1: Type: text/plain, Size: 21080 bytes --]
Hi,
did you work out what the issue was with these emails?
Best,
-Michael
On Sun, 2016-01-10 at 18:34 +0100, Michael Eitelwein wrote:
> 3 main changes:
> - Fill $iface and $out from PHYSIN and PHYSOUT when looking at
> bridged packets, othewerwise fill from IN and OUT
> - Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr
> - Match color coding of tables to pie charts
>
> I am using the bridged ipv6 setup as proposed in the wiki. I do not
> think this breaks anything when not using ipv6. So it would be nice
> to include this even if ipv6 is not officially supported yet. It is
> quite useful when using the ipv6 setup.
>
> Signed-off-by: Michael Eitelwein <michael(a)eitelwein.net>
>
> ---
> html/cgi-bin/logs.cgi/firewalllog.dat | 14 ++--
> html/cgi-bin/logs.cgi/firewalllogcountry.dat | 43 ++++++++-----
> html/cgi-bin/logs.cgi/firewalllogip.dat | 15 ++---
> html/cgi-bin/logs.cgi/firewalllogport.dat | 12 ++--
> html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 81
> +++++++++++++++++-------
> html/cgi-bin/logs.cgi/showrequestfromip.dat | 27 ++++----
> html/cgi-bin/logs.cgi/showrequestfromport.dat | 14 ++--
> 7 files changed, 131 insertions(+), 75 deletions(-)
>
> diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi
> -bin/logs.cgi/firewalllog.dat
> index 5a584d6..42c9612 100644
> --- a/html/cgi-bin/logs.cgi/firewalllog.dat
> +++ b/html/cgi-bin/logs.cgi/firewalllog.dat
> @@ -328,7 +328,10 @@ END
> $lines = 0;
> foreach $_ (@log)
> {
> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses a bridge, PHYSIN= contains the relevant iface
> information
> + # otherwise use IN=
> + if ($_ =~ /^... (..) (..:..:..) [\w\-]+
> kernel:(.*)(PHYSIN=.*)$/) {}
> + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+
> kernel:(.*)(IN=.*)$/) {}
> my $day = $1;
> $day =~ tr / /0/;
> my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
> @@ -336,9 +339,12 @@ foreach $_ (@log)
> my $packet = $4;
>
> my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport,
> $dstport);
> - $iface=$1 if $packet =~ /IN=(\w+)/;
> - $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
> - $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
> + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif ($packet
> =~ /IN=(\w+)/) { $iface = $1}
> + # Identify whether ipv4 or ipv6. Both are mutally exclusive.
> + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
> $srcaddr=$1 }
> + if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
> -F]{0,4})){2,7})/) { $srcaddr=$1 }
> + if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
> $dstaddr=$1 }
> + if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
> -F]{0,4})){2,7})/) { $dstaddr=$1 }
> $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
> $proto=$1 if $packet =~ /PROTO=(\w+)/;
> $srcport=$1 if $packet =~ /SPT=(\d+)/;
> diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi
> -bin/logs.cgi/firewalllogcountry.dat
> index f998a62..2661ddd 100644
> --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
> +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
> @@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} !=
> 0){$pienumber=$cgiparams{'pienumber'};}
> if( $cgiparams{'otherspie'} !=
> 0){$otherspie=$cgiparams{'otherspie'};}
> if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};}
> if( $cgiparams{'sortcolumn'} !=
> 0){$sortcolumn=$cgiparams{'sortcolumn'};}
> -
> print <<END
> </select>
> </td>
> @@ -294,15 +293,24 @@ $lines = 0;
>
> foreach $_ (@log)
> {
> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN
> + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
> + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
> my $packet = $4;
> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){
> $iface="";}
> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
> + my $iface = '';
> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~
> /IN=(\w+)/) { $iface = $1 }
> + if ( $1 =~ /2./ ) { $iface=''; }
> + my $srcaddr = '';
> + # Find ipv4 and ipv6 addresses
> + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr
> = $1 }
> + elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
> -F]{0,4})){2,7})/) { $srcaddr = $1 }
>
> if($iface eq $red_interface) {
> + # Traffic from red
> if($srcaddr ne '') {
> + # srcaddr is set
> my $ccode = $gi->country_code_by_name($srcaddr);
> - if( $ccode eq '') {
> + if ($ccode eq '') {
> $ccode = 'unknown';
> }
> $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
> @@ -311,11 +319,16 @@ foreach $_ (@log)
> }
> }
> else {
> + # Traffic not from red
> if($iface ne '') {
> $tabjc{$iface} = $tabjc{$iface} + 1 ;
> if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines
> = $lines + 1; }
> $linesjc++;
> }
> + else {
> + # What to do with empty iface lines?
> + # This probably is traffic from ipfire itself (IN= OUT=XY)?
> + }
> }
> }
>
> @@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 &&
> $pienumber != 0) {
> print "<img src='/graphs/fwlog-country$imagerandom.png'>";
> print "</div>";
> }
> -
> print <<END
> <table width='100%' class='tbl'>
> <tr>
> @@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++)
> $percent = $value[$s] * 100 / $linesjc;
> $percent = sprintf("%.f", $percent);
> $total = $total + $value[$s];
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> $color++;
> print "<tr>";
> @@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++)
> print"<input type='hidden' name='country' value='$key[$s]'>";
> print"<input type='submit' value='details'></form>";
> }
> -
> - if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq
> 'orange0') {
> + elsif ($key[$s] eq 'unknown') {
> + print "unknown";
> + }
> + # Looks dangerous to use hardcoded interface names here. Probably
> needs fixing.
> + if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq
> 'orange0' ) {
> print "<td align='center' $col>$key[$s]</td>";
> }
> else {
> @@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++)
>
> if($cgiparams{'otherspie'} == 2 ){}
> else{
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> print "<tr>";
>
> diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi
> -bin/logs.cgi/firewalllogip.dat
> index 7d82d20..6fc3422 100644
> --- a/html/cgi-bin/logs.cgi/firewalllogip.dat
> +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
> @@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > $lines ||
> $sortcolumn == 2) { $pienumber =
> $lines = 0;
> foreach $_ (@log)
> {
> - if($_ =~ /SRC\=([\d\.]+)/){
> + # Extract ipv4 or ipv6 address
> + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~
> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> $tabjc{$1} = $tabjc{$1} + 1 ;
> if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines =
> $lines + 1; }
> $linesjc++;
> @@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++)
> $percent = $value[$s] * 100 / $linesjc;
> $percent = sprintf("%.f", $percent);
> $total = $total + $value[$s];
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> print "<tr>";
>
> @@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++)
>
> if($cgiparams{'otherspie'} == 2 ){}
> else{
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> print "<tr>";
>
> diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi
> -bin/logs.cgi/firewalllogport.dat
> index 5b0db62..583c1b3 100644
> --- a/html/cgi-bin/logs.cgi/firewalllogport.dat
> +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat
> @@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++)
> $percent = $value[$s] * 100 / $linesjc;
> $percent = sprintf("%.f", $percent);
> $total = $total + $value[$s];
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> print "<tr>";
>
> @@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++)
>
> if($cgiparams{'otherspie'} == 2 ){}
> else{
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> print "<tr>";
>
> diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> index 5283c42..0784ab9 100644
> --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> @@ -158,23 +158,35 @@ if (!$skip)
> {
> while (<FILE>)
> {
> - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> - my $packet = $2;
> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~
> /2./ ){ $iface="";}
> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
> + # First check whether valid log line (date, day)
> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> + # If ipv6 uses bridge, then use PHYSIN otherwise use IN
> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(PHYSIN=.*)$/) {}
> + elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {}
> + my $packet = $2;
> + my $iface = '';
> + my $srcaddr = '';
> + # If ipv6 uses bridge, use PHYSIN otherwise IN
> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
> ($packet =~ /IN=(\w+)/) { $iface = $1 }
> + # Extract ipv4 and ipv6 addresses
> + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
> -F]{0,4})){2,7})/)) {
> + $srcaddr = $1
> + };
>
> if($iface eq $country) {
> + # iface matches country code
> $log[$lines] = $_;
> $lines++;
> }
> elsif($srcaddr ne '') {
> + # or srcaddr matches country code
> my $ccode = $gi->country_code_by_name($srcaddr);
> if($ccode eq $country){
> $log[$lines] = $_;
> $lines++;
> }
> }
> - }
> + }
> }
> close (FILE);
> }
> @@ -194,16 +206,28 @@ if ($multifile) {
> }
> if (!$skip) {
> while (<FILE>) {
> - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> - if($_ =~ /SRC\=([\d\.]+)/){
> - my $srcaddr=$1;
> - my $ccode = $gi->country_code_by_name($srcaddr);
> - if($ccode eq $country){
> + # Check if valid log line (date, day)
> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> + my $iface = '';
> + # If ipv6 uses bridge, then use PHYSIN otherwise
> IN
> + if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
> ($_ =~ /IN=(\w+)/) { $iface = $1 }
> +
> + if($iface eq $country) {
> + # iface matches country code
> + $log[$lines] = $_;
> + $lines++;
> + }
> + # extract ipv4 and ipv6 address
> + elsif (($_ =~
> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA
> -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> + my $srcaddr=$1;
> + my $ccode = $gi
> ->country_code_by_name($srcaddr);
> + if($ccode eq $country){
> + # or srcaddr matches country code
> $log[$lines] = $_;
> $lines++;
> + }
> }
> - }
> - }
> + }
> }
> close (FILE);
> }
> @@ -308,32 +332,45 @@ $lines = 0;
> foreach $_ (@slice)
> {
> $a = $_;
> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses bridge, use PHYSIN otherwise use IN
> + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
> + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {};
> my $packet = $4;
> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){
> $iface="";}
> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
> + my $iface = '';
> + # If ipv6 uses bridge, use PHYSIN otherwise use IN
> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~
> /IN=(\w+)/) { $iface = $1 }
> + if ( $1 =~ /2./ ){ $iface="";}
> + my $srcaddr = '';
> + # Extract ipv4 and ipv6 addresses
> + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
> ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/))
> {
> + $srcaddr = $1
> + };
>
> if($iface eq $country || $srcaddr ne '') {
> - my $ccode;
> + my $ccode='';
> if($iface ne $country) {
> $ccode = $gi->country_code_by_name($srcaddr);
> }
> if($iface eq $country || $ccode eq $country) {
> - my $chain = '';
> + my $chain = '';
> my $in = '-'; my $out = '-';
> my $srcaddr = ''; my $dstaddr = '';
> my $protostr = '';
> my $srcport = ''; my $dstport = '';
>
> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses bridge, the use PHYSIN otherwise use IN
> + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
> my $timestamp = $1; my $chain = $2; my $packet = $3;
> $timestamp =~ /(...) (..) (..:..:..)/;
> my $month = $1; my $day = $2; my $time = $3;
>
> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
> + # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use
> IN and OUT
> + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~
> /IN=(\w+)/) { $iface = $1 }
> + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~
> /OUT=(\w+)/) { $out = $1 }
> + # Extract ipv4 and ipv6 addresses
> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr =
> $1; }
> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr =
> $1; }
> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
> my $protostrlc = lc($protostr);
> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
> diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi
> -bin/logs.cgi/showrequestfromip.dat
> index 09a60b5..94e795c 100644
> --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat
> +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat
> @@ -155,7 +155,7 @@ if (!$skip)
> while (<FILE>)
> {
> if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> - if($_ =~ /SRC\=([\d\.]+)/){
> + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> if($1 eq $ip){
> $log[$lines] = $_;
> $lines++;
> @@ -182,12 +182,12 @@ if ($multifile) {
> if (!$skip) {
> while (<FILE>) {
> if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> - if($_ =~ /SRC\=([\d\.]+)/){
> - if($1 eq $ip){
> + if (($_ =~
> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA
> -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> + if($1 eq $ip){
> $log[$lines] = $_;
> $lines++;
> - }
> - }
> + }
> + }
> }
> }
> close (FILE);
> @@ -293,7 +293,8 @@ $lines = 0;
> foreach $_ (@slice)
> {
> $a = $_;
> - if($_ =~ /SRC\=([\d\.]+)/){
> + # Check whether valid ipv4 or ipv6 address
> + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~
> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> if($1 eq $ip){
> my $chain = '';
> my $in = '-'; my $out = '-';
> @@ -301,15 +302,19 @@ foreach $_ (@slice)
> my $protostr = '';
> my $srcport = ''; my $dstport = '';
>
> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
> + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/)
> {}
> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/)
> {}
> my $timestamp = $1; my $chain = $2; my $packet = $3;
> $timestamp =~ /(...) (..) (..:..:..)/;
> my $month = $1; my $day = $2; my $time = $3;
>
> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
> + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise
> use IN and OUT
> + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~
> /IN=(\w+)/) { $iface = $1 }
> + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~
> /OUT=(\w+)/) { $out = $1 }
> + # Detect ipv4 and ipv6 addresses
> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr =
> $1; }
> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr =
> $1; }
> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
> my $protostrlc = lc($protostr);
> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
> diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi
> -bin/logs.cgi/showrequestfromport.dat
> index ad9823c..af7779a 100644
> --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat
> +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat
> @@ -307,15 +307,19 @@ foreach $_ (@slice)
> my $protostr = '';
> my $srcport = ''; my $dstport = '';
>
> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
> + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/)
> {}
> my $timestamp = $1; my $chain = $2; my $packet = $3;
> $timestamp =~ /(...) (..) (..:..:..)/;
> my $month = $1; my $day = $2; my $time = $3; my $iface;
>
> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
> + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise
> use IN and OUT
> + if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~
> /IN\=(\w+)/) { $iface = $1; }
> + if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~
> /OUT\=(\w+)/) { $out = $1; }
> + # Detect ipv4 and ipv6 addresses
> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr =
> $1; }
> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr =
> $1; }
> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
> my $protostrlc = lc($protostr);
> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-01-22 0:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-10 17:34 Michael Eitelwein
2016-01-22 0:59 ` Michael Tremer [this message]
2016-01-23 10:59 AW: " Michael Tremer
2016-01-23 11:59 ` Michael Eitelwein
2016-01-23 13:07 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1453424366.585.23.camel@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox