From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: AW: Re: [PATCH 1/5] Enable correct display of ipv6 entries in Firewall log pages of web UI Date: Sat, 23 Jan 2016 10:59:22 +0000 Message-ID: <1453546762.585.96.camel@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3444987032973880574==" List-Id: --===============3444987032973880574== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Good morning, On Sat, 2016-01-23 at 11:50 +0100, Michael Eitelwein wrote: > Thanks a lot. > > Moving on to firewall configuration for IPv6 on the web GUI - who > would be the right person to talk to in order to understand the > architecture and structure of the code? Or do I need to reverse > engineer the existing? Well, we have decided that this is a piece of work that is not possible to do with the IPFire 2 web user interface and especially not in reasonable time with a result that we would want. > Does it make sense to add this to ipfire2 or should I focus on > ipfire3? We have started IPFire 3 instead and that's where there is full IPv6 support. Please install the latest image and have a look. Best, -Michael > > Best regards > > Michael > > > > Liebe Grüße, > > Michael > > Am 23.01.2016 um 01:43 schrieb Michael Tremer < > > michael.tremer(a)ipfire.org>: > > > > Hi, > > > > I merged these by pulling from your Git repository. > > > > Please fix this email issue. > > > > > On Fri, 2016-01-22 at 22:00 +0100, Matthias Fischer wrote: > > > > On 22.01.2016 19:00, Michael Eitelwein wrote: > > > > > > > > > > > > > > > > Hi > > > > The patch itself is working on my machine without issues. If > > > > Matthias did not observe any issues as well, than I would > > > > propose > > > > to merge it into the next release. Please let me know if there > > > > is > > > > anything I have to do to get them merged. > > > > The problems of applying the patch were not further examined, > > > > as > > > > Matthias was able to apply them in the end. Also they are now > > > > available in git.ipfire.org, so they can be applied directly > > > > from > > > > there. > > > > Michael > > > > > > Hi, > > > > > > I just clicked through all '.dat'-files: I saw no problems. > > > > > > Playing chicken: did anyone *else* test this? ;-) > > > > I guess the answer is the usual one. > > > > > Best, > > > Matthias > > > > > > P.S.: ME, while replying to "ALL", there is something weird with > > > your > > > email-address: it just says "michael", not "michael(a)eitelwein.net > > > ". I > > > had to add your address manually from my addressbook. Bug or > > > feature- > > > mine or yours? > > > > Yeah that is a misconfiguration in the email client. > > > > > > > > > -------- Ursprüngliche Nachricht -------- > > > > Von: Michael Tremer > > > > Datum: 22.01.2016 01:59 (GMT+01:00) > > > > An: Michael Eitelwein , IPFire > > > > Development > > > > List > > > > Cc: Matthias Fischer > > > > Betreff: Re: [PATCH 1/5] Enable correct display of ipv6 entries > > > > in > > > > Firewall log pages of web UI > > > > > > > > Hi, > > > > > > > > did you work out what the issue was with these emails? > > > > > > > > Best, > > > > -Michael > > > > > > > > > On Sun, 2016-01-10 at 18:34 +0100, Michael Eitelwein wrote: > > > > > 3 main changes: > > > > > - Fill $iface and $out from PHYSIN and PHYSOUT when looking > > > > > at > > > > > bridged packets, othewerwise fill from IN and OUT > > > > > - Recognize ipv4 and ipv6 address style for $srcaddr and > > > > > $dstaddr > > > > > - Match color coding of tables to pie charts > > > > > > > > > > I am using the bridged ipv6 setup as proposed in the wiki. I > > > > > do > > > > > not > > > > > think this breaks anything when not using ipv6. So it would > > > > > be > > > > > nice > > > > > to include this even if ipv6 is not officially supported yet. > > > > > It > > > > > is > > > > > quite useful when using the ipv6 setup. > > > > > > > > > > Signed-off-by: Michael Eitelwein > > > > > > > > > > --- > > > > > html/cgi-bin/logs.cgi/firewalllog.dat | 14 ++-- > > > > > html/cgi-bin/logs.cgi/firewalllogcountry.dat | 43 > > > > > ++++++++- > > > > > ---- > > > > > html/cgi-bin/logs.cgi/firewalllogip.dat | 15 ++--- > > > > > html/cgi-bin/logs.cgi/firewalllogport.dat | 12 ++-- > > > > > html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 81 > > > > > +++++++++++++++++------- > > > > > html/cgi-bin/logs.cgi/showrequestfromip.dat | 27 ++++-- > > > > > -- > > > > > html/cgi-bin/logs.cgi/showrequestfromport.dat | 14 ++-- > > > > > 7 files changed, 131 insertions(+), 75 deletions(-) > > > > > > > > > > diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi > > > > > -bin/logs.cgi/firewalllog.dat > > > > > index 5a584d6..42c9612 100644 > > > > > --- a/html/cgi-bin/logs.cgi/firewalllog.dat > > > > > +++ b/html/cgi-bin/logs.cgi/firewalllog.dat > > > > > @@ -328,7 +328,10 @@ END > > > > > $lines = 0; > > > > > foreach $_ (@log) > > > > > { > > > > > - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > > > > > + # If ipv6 uses a bridge, PHYSIN= contains the relevant > > > > > iface > > > > > information > > > > > + # otherwise use IN= > > > > > + if ($_ =~ /^... (..) (..:..:..) [\w\-]+ > > > > > kernel:(.*)(PHYSIN=.*)$/) {} > > > > > + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ > > > > > kernel:(.*)(IN=.*)$/) {} > > > > > my $day = $1; > > > > > $day =~ tr / /0/; > > > > > my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; > > > > > @@ -336,9 +339,12 @@ foreach $_ (@log) > > > > > my $packet = $4; > > > > > > > > > > my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, > > > > > $srcport, > > > > > $dstport); > > > > > - $iface=$1 if $packet =~ /IN=(\w+)/; > > > > > - $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/; > > > > > - $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/; > > > > > + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif > > > > > ($packet > > > > > =~ /IN=(\w+)/) { $iface = $1} > > > > > + # Identify whether ipv4 or ipv6. Both are mutally > > > > > exclusive. > > > > > + if ($packet =~ > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { > > > > > $srcaddr=$1 } > > > > > + if ($packet =~ /SRC\=(([0-9a-fA > > > > > -F]{0,4})(\:([0 > > > > > -9a-fA > > > > > -F]{0,4})){2,7})/) { $srcaddr=$1 } > > > > > + if ($packet =~ > > > > > /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { > > > > > $dstaddr=$1 } > > > > > + if ($packet =~ /DST\=(([0-9a-fA > > > > > -F]{0,4})(\:([0 > > > > > -9a-fA > > > > > -F]{0,4})){2,7})/) { $dstaddr=$1 } > > > > > $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/; > > > > > $proto=$1 if $packet =~ /PROTO=(\w+)/; > > > > > $srcport=$1 if $packet =~ /SPT=(\d+)/; > > > > > diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat > > > > > b/html/cgi > > > > > -bin/logs.cgi/firewalllogcountry.dat > > > > > index f998a62..2661ddd 100644 > > > > > --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat > > > > > +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat > > > > > @@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} != > > > > > 0){$pienumber=$cgiparams{'pienumber'};} > > > > > if( $cgiparams{'otherspie'} != > > > > > 0){$otherspie=$cgiparams{'otherspie'};} > > > > > if( $cgiparams{'showpie'} != > > > > > 0){$showpie=$cgiparams{'showpie'};} > > > > > if( $cgiparams{'sortcolumn'} != > > > > > 0){$sortcolumn=$cgiparams{'sortcolumn'};} > > > > > - > > > > > print < > > > > > > > > > > > > > > @@ -294,15 +293,24 @@ $lines = 0; > > > > > > > > > > foreach $_ (@log) > > > > > { > > > > > - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > > > > > + # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN > > > > > + if (/^... (..) (..:..:..) [\w\-]+ > > > > > kernel:(.*)(PHYSIN=.*)$/) {} > > > > > + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) > > > > > {} > > > > > my $packet = $4; > > > > > - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ > > > > > ){ > > > > > $iface="";} > > > > > - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; > > > > > + my $iface = ''; > > > > > + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif > > > > > ($packet > > > > > =~ > > > > > /IN=(\w+)/) { $iface = $1 } > > > > > + if ( $1 =~ /2./ ) { $iface=''; } > > > > > + my $srcaddr = ''; > > > > > + # Find ipv4 and ipv6 addresses > > > > > + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { > > > > > $srcaddr > > > > > = $1 } > > > > > + elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA > > > > > -F]{0,4})){2,7})/) { $srcaddr = $1 } > > > > > > > > > > if($iface eq $red_interface) { > > > > > + # Traffic from red > > > > > if($srcaddr ne '') { > > > > > + # srcaddr is set > > > > > my $ccode = $gi->country_code_by_name($srcaddr); > > > > > - if( $ccode eq '') { > > > > > + if ($ccode eq '') { > > > > > $ccode = 'unknown'; > > > > > } > > > > > $tabjc{$ccode} = $tabjc{$ccode} + 1 ; > > > > > @@ -311,11 +319,16 @@ foreach $_ (@log) > > > > > } > > > > > } > > > > > else { > > > > > + # Traffic not from red > > > > > if($iface ne '') { > > > > > $tabjc{$iface} = $tabjc{$iface} + 1 ; > > > > > if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { > > > > > $lines > > > > > = $lines + 1; } > > > > > $linesjc++; > > > > > } > > > > > + else { > > > > > + # What to do with empty iface lines? > > > > > + # This probably is traffic from ipfire itself (IN= > > > > > OUT=XY)? > > > > > + } > > > > > } > > > > > } > > > > > > > > > > @@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 && > > > > > $pienumber != 0) { > > > > > print ""; > > > > > print ""; > > > > > } > > > > > - > > > > > print < > > > > > > > > > > > > > > @@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++) > > > > > $percent = $value[$s] * 100 / $linesjc; > > > > > $percent = sprintf("%.f", $percent); > > > > > $total = $total + $value[$s]; > > > > > - my $colorIndex = $color % 10; > > > > > - if($colorIndex == 0) { > > > > > - $colorIndex = 10; > > > > > - } > > > > > + # colors are numbered 1 to 10 > > > > > + my $colorIndex = ($color % 10) + 1; > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'"; > > > > > $color++; > > > > > print ""; > > > > > @@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++) > > > > > print" > > > > value='$key[$s]'>"; > > > > > print""; > > > > > } > > > > > - > > > > > - if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] > > > > > eq > > > > > 'orange0') { > > > > > + elsif ($key[$s] eq 'unknown') { > > > > > + print "unknown"; > > > > > + } > > > > > + # Looks dangerous to use hardcoded interface names here. > > > > > Probably > > > > > needs fixing. > > > > > + if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || > > > > > $key[$s] eq > > > > > 'orange0' ) { > > > > > print ""; > > > > > } > > > > > else { > > > > > @@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++) > > > > > > > > > > if($cgiparams{'otherspie'} == 2 ){} > > > > > else{ > > > > > - my $colorIndex = $color % 10; > > > > > - if($colorIndex == 0) { > > > > > - $colorIndex = 10; > > > > > - } > > > > > + # colors are numbered 1 to 10 > > > > > + my $colorIndex = ($color % 10) + 1; > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'"; > > > > > print ""; > > > > > > > > > > diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat > > > > > b/html/cgi > > > > > -bin/logs.cgi/firewalllogip.dat > > > > > index 7d82d20..6fc3422 100644 > > > > > --- a/html/cgi-bin/logs.cgi/firewalllogip.dat > > > > > +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat > > > > > @@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > > > > > > $lines > > > > > > > > > > > > $sortcolumn == 2) { $pienumber = > > > > > $lines = 0; > > > > > foreach $_ (@log) > > > > > { > > > > > - if($_ =~ /SRC\=([\d\.]+)/){ > > > > > + # Extract ipv4 or ipv6 address > > > > > + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ > > > > > =~ > > > > > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > > > > > $tabjc{$1} = $tabjc{$1} + 1 ; > > > > > if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines > > > > > = > > > > > $lines + 1; } > > > > > $linesjc++; > > > > > @@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++) > > > > > $percent = $value[$s] * 100 / $linesjc; > > > > > $percent = sprintf("%.f", $percent); > > > > > $total = $total + $value[$s]; > > > > > - my $colorIndex = $color % 10; > > > > > - if($colorIndex == 0) { > > > > > - $colorIndex = 10; > > > > > - } > > > > > + # colors are numbered 1 to 10 > > > > > + my $colorIndex = ($color % 10) + 1; > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'"; > > > > > print ""; > > > > > > > > > > @@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++) > > > > > > > > > > if($cgiparams{'otherspie'} == 2 ){} > > > > > else{ > > > > > - my $colorIndex = $color % 10; > > > > > - if($colorIndex == 0) { > > > > > - $colorIndex = 10; > > > > > - } > > > > > + # colors are numbered 1 to 10 > > > > > + my $colorIndex = ($color % 10) + 1; > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'"; > > > > > print ""; > > > > > > > > > > diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat > > > > > b/html/cgi > > > > > -bin/logs.cgi/firewalllogport.dat > > > > > index 5b0db62..583c1b3 100644 > > > > > --- a/html/cgi-bin/logs.cgi/firewalllogport.dat > > > > > +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat > > > > > @@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++) > > > > > $percent = $value[$s] * 100 / $linesjc; > > > > > $percent = sprintf("%.f", $percent); > > > > > $total = $total + $value[$s]; > > > > > - my $colorIndex = $color % 10; > > > > > - if($colorIndex == 0) { > > > > > - $colorIndex = 10; > > > > > - } > > > > > + # colors are numbered 1 to 10 > > > > > + my $colorIndex = ($color % 10) + 1; > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'"; > > > > > print ""; > > > > > > > > > > @@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++) > > > > > > > > > > if($cgiparams{'otherspie'} == 2 ){} > > > > > else{ > > > > > - my $colorIndex = $color % 10; > > > > > - if($colorIndex == 0) { > > > > > - $colorIndex = 10; > > > > > - } > > > > > + # colors are numbered 1 to 10 > > > > > + my $colorIndex = ($color % 10) + 1; > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'"; > > > > > print ""; > > > > > > > > > > diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat > > > > > b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat > > > > > index 5283c42..0784ab9 100644 > > > > > --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat > > > > > +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat > > > > > @@ -158,23 +158,35 @@ if (!$skip) > > > > > { > > > > > while () > > > > > { > > > > > - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > > > > > kernel:.*(IN=.*)$/) { > > > > > - my $packet = $2; > > > > > - $packet =~ /IN=(\w+)/; my $iface=$1; if ( > > > > > $1 > > > > > =~ > > > > > /2./ ){ $iface="";} > > > > > - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; > > > > > + # First check whether valid log line (date, day) > > > > > + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > > > > > kernel:.*(IN=.*)$/) { > > > > > + # If ipv6 uses bridge, then use PHYSIN otherwise use > > > > > IN > > > > > + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > > > > > kernel:.*(PHYSIN=.*)$/) {} > > > > > + elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\ > > > > > -]+ > > > > > kernel:.*(IN=.*)$/) {} > > > > > + my $packet = $2; > > > > > + my $iface = ''; > > > > > + my $srcaddr = ''; > > > > > + # If ipv6 uses bridge, use PHYSIN otherwise IN > > > > > + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } > > > > > elsif > > > > > ($packet =~ /IN=(\w+)/) { $iface = $1 } > > > > > + # Extract ipv4 and ipv6 addresses > > > > > + if (($packet =~ > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) > > > > > or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA > > > > > -F]{0,4})){2,7})/)) { > > > > > + $srcaddr = $1 > > > > > + }; > > > > > > > > > > if($iface eq $country) { > > > > > + # iface matches country code > > > > > $log[$lines] = $_; > > > > > $lines++; > > > > > } > > > > > elsif($srcaddr ne '') { > > > > > + # or srcaddr matches country code > > > > > my $ccode = $gi > > > > > ->country_code_by_name($srcaddr); > > > > > if($ccode eq $country){ > > > > > $log[$lines] = $_; > > > > > $lines++; > > > > > } > > > > > } > > > > > - } > > > > > + } > > > > > } > > > > > close (FILE); > > > > > } > > > > > @@ -194,16 +206,28 @@ if ($multifile) { > > > > > } > > > > > if (!$skip) { > > > > > while () { > > > > > - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > > > > > kernel:.*(IN=.*)$/) { > > > > > - if($_ =~ /SRC\=([\d\.]+)/){ > > > > > - my $srcaddr=$1; > > > > > - my $ccode = $gi > > > > > ->country_code_by_name($srcaddr); > > > > > - if($ccode eq $country){ > > > > > + # Check if valid log line (date, day) > > > > > + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > > > > > kernel:.*(IN=.*)$/) { > > > > > + my $iface = ''; > > > > > + # If ipv6 uses bridge, then use PHYSIN > > > > > otherwise > > > > > IN > > > > > + if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1 > > > > > } > > > > > elsif > > > > > ($_ =~ /IN=(\w+)/) { $iface = $1 } > > > > > + > > > > > + if($iface eq $country) { > > > > > + # iface matches country code > > > > > + $log[$lines] = $_; > > > > > + $lines++; > > > > > + } > > > > > + # extract ipv4 and ipv6 address > > > > > + elsif (($_ =~ > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0 > > > > > -9a > > > > > -fA > > > > > -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > > > > > + my $srcaddr=$1; > > > > > + my $ccode = $gi > > > > > ->country_code_by_name($srcaddr); > > > > > + if($ccode eq $country){ > > > > > + # or srcaddr matches country code > > > > > $log[$lines] = $_; > > > > > $lines++; > > > > > + } > > > > > } > > > > > - } > > > > > - } > > > > > + } > > > > > } > > > > > close (FILE); > > > > > } > > > > > @@ -308,32 +332,45 @@ $lines = 0; > > > > > foreach $_ (@slice) > > > > > { > > > > > $a = $_; > > > > > - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > > > > > + # If ipv6 uses bridge, use PHYSIN otherwise use IN > > > > > + if (/^... (..) (..:..:..) [\w\-]+ > > > > > kernel:(.*)(PHYSIN=.*)$/) {} > > > > > + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) > > > > > {}; > > > > > my $packet = $4; > > > > > - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ > > > > > ){ > > > > > $iface="";} > > > > > - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; > > > > > + my $iface = ''; > > > > > + # If ipv6 uses bridge, use PHYSIN otherwise use IN > > > > > + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif > > > > > ($packet > > > > > =~ > > > > > /IN=(\w+)/) { $iface = $1 } > > > > > + if ( $1 =~ /2./ ){ $iface="";} > > > > > + my $srcaddr = ''; > > > > > + # Extract ipv4 and ipv6 addresses > > > > > + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or > > > > > ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA > > > > > -F]{0,4})){2,7})/)) > > > > > { > > > > > + $srcaddr = $1 > > > > > + }; > > > > > > > > > > if($iface eq $country || $srcaddr ne '') { > > > > > - my $ccode; > > > > > + my $ccode=''; > > > > > if($iface ne $country) { > > > > > $ccode = $gi->country_code_by_name($srcaddr); > > > > > } > > > > > if($iface eq $country || $ccode eq $country) { > > > > > - my $chain = ''; > > > > > + my $chain = ''; > > > > > my $in = '-'; my $out = '-'; > > > > > my $srcaddr = ''; my $dstaddr = ''; > > > > > my $protostr = ''; > > > > > my $srcport = ''; my $dstport = ''; > > > > > > > > > > - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > > > > > + # If ipv6 uses bridge, the use PHYSIN otherwise use IN > > > > > + if ($_ =~ /(^.* ..:..:..) [\w\-]+ > > > > > kernel:(.*)(PHYSIN=.*)$/) {} > > > > > + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ > > > > > kernel:(.*)(IN=.*)$/) > > > > > {} > > > > > my $timestamp = $1; my $chain = $2; my $packet = $3; > > > > > $timestamp =~ /(...) (..) (..:..:..)/; > > > > > my $month = $1; my $day = $2; my $time = $3; > > > > > > > > > > - if ($a =~ /IN\=(\w+)/) { $iface = $1; } > > > > > - if ($a =~ /OUT\=(\w+)/) { $out = $1; } > > > > > - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } > > > > > - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } > > > > > + # If ipv6 uses bridge, use PHYSIN and PHYSOUT, > > > > > otherwise > > > > > use > > > > > IN and OUT > > > > > + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ > > > > > /IN=(\w+)/) { $iface = $1 } > > > > > + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ > > > > > /OUT=(\w+)/) { $out = $1 } > > > > > + # Extract ipv4 and ipv6 addresses > > > > > + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or > > > > > ($a > > > > > =~ > > > > > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > > > > > $srcaddr = > > > > > $1; } > > > > > + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or > > > > > ($a > > > > > =~ > > > > > /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > > > > > $dstaddr = > > > > > $1; } > > > > > if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } > > > > > my $protostrlc = lc($protostr); > > > > > if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } > > > > > diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat > > > > > b/html/cgi > > > > > -bin/logs.cgi/showrequestfromip.dat > > > > > index 09a60b5..94e795c 100644 > > > > > --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat > > > > > +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat > > > > > @@ -155,7 +155,7 @@ if (!$skip) > > > > > while () > > > > > { > > > > > if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > > > > > kernel:.*(IN=.*)$/) { > > > > > - if($_ =~ /SRC\=([\d\.]+)/){ > > > > > + if (($_ =~ > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) > > > > > or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA > > > > > -F]{0,4})){2,7})/)) { > > > > > if($1 eq $ip){ > > > > > $log[$lines] = $_; > > > > > $lines++; > > > > > @@ -182,12 +182,12 @@ if ($multifile) { > > > > > if (!$skip) { > > > > > while () { > > > > > if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > > > > > kernel:.*(IN=.*)$/) { > > > > > - if($_ =~ /SRC\=([\d\.]+)/){ > > > > > - if($1 eq $ip){ > > > > > + if (($_ =~ > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0 > > > > > -9a > > > > > -fA > > > > > -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > > > > > + if($1 eq $ip){ > > > > > $log[$lines] = $_; > > > > > $lines++; > > > > > - } > > > > > - } > > > > > + } > > > > > + } > > > > > } > > > > > } > > > > > close (FILE); > > > > > @@ -293,7 +293,8 @@ $lines = 0; > > > > > foreach $_ (@slice) > > > > > { > > > > > $a = $_; > > > > > - if($_ =~ /SRC\=([\d\.]+)/){ > > > > > + # Check whether valid ipv4 or ipv6 address > > > > > + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ > > > > > =~ > > > > > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > > > > > if($1 eq $ip){ > > > > > my $chain = ''; > > > > > my $in = '-'; my $out = '-'; > > > > > @@ -301,15 +302,19 @@ foreach $_ (@slice) > > > > > my $protostr = ''; > > > > > my $srcport = ''; my $dstport = ''; > > > > > > > > > > - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > > > > > + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN > > > > > + if ($_ =~ /(^.* ..:..:..) [\w\-]+ > > > > > kernel:(.*)(PHYSIN=.*)$/) > > > > > {} > > > > > + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ > > > > > kernel:(.*)(IN=.*)$/) > > > > > {} > > > > > my $timestamp = $1; my $chain = $2; my $packet = $3; > > > > > $timestamp =~ /(...) (..) (..:..:..)/; > > > > > my $month = $1; my $day = $2; my $time = $3; > > > > > > > > > > - if ($a =~ /IN\=(\w+)/) { $iface = $1; } > > > > > - if ($a =~ /OUT\=(\w+)/) { $out = $1; } > > > > > - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } > > > > > - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } > > > > > + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, > > > > > otherwise > > > > > use IN and OUT > > > > > + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a > > > > > =~ > > > > > /IN=(\w+)/) { $iface = $1 } > > > > > + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a > > > > > =~ > > > > > /OUT=(\w+)/) { $out = $1 } > > > > > + # Detect ipv4 and ipv6 addresses > > > > > + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or > > > > > ($a =~ > > > > > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > > > > > $srcaddr = > > > > > $1; } > > > > > + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or > > > > > ($a =~ > > > > > /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > > > > > $dstaddr = > > > > > $1; } > > > > > if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } > > > > > my $protostrlc = lc($protostr); > > > > > if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } > > > > > diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat > > > > > b/html/cgi > > > > > -bin/logs.cgi/showrequestfromport.dat > > > > > index ad9823c..af7779a 100644 > > > > > --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat > > > > > +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat > > > > > @@ -307,15 +307,19 @@ foreach $_ (@slice) > > > > > my $protostr = ''; > > > > > my $srcport = ''; my $dstport = ''; > > > > > > > > > > - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > > > > > + # If ipv6 uses bridge, the use PHYSIN, otherwise use > > > > > IN > > > > > + if ($_ =~ /(^.* ..:..:..) [\w\-]+ > > > > > kernel:(.*)(PHYSIN=.*)$/) > > > > > {} > > > > > + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ > > > > > kernel:(.*)(IN=.*)$/) > > > > > {} > > > > > my $timestamp = $1; my $chain = $2; my $packet = $3; > > > > > $timestamp =~ /(...) (..) (..:..:..)/; > > > > > my $month = $1; my $day = $2; my $time = $3; my $iface; > > > > > > > > > > - if ($a =~ /IN\=(\w+)/) { $iface = $1; } > > > > > - if ($a =~ /OUT\=(\w+)/) { $out = $1; } > > > > > - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } > > > > > - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } > > > > > + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, > > > > > otherwise > > > > > use IN and OUT > > > > > + if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ > > > > > /IN\=(\w+)/) { $iface = $1; } > > > > > + if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a > > > > > =~ > > > > > /OUT\=(\w+)/) { $out = $1; } > > > > > + # Detect ipv4 and ipv6 addresses > > > > > + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or > > > > > ($a =~ > > > > > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > > > > > $srcaddr = > > > > > $1; } > > > > > + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or > > > > > ($a =~ > > > > > /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > > > > > $dstaddr = > > > > > $1; } > > > > > if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } > > > > > my $protostrlc = lc($protostr); > > > > > if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } --===============3444987032973880574== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSldvMTBLQUFvSkVJQjU4UDl2a0FrSDZzZ1FBSjcwTWpQdXhLUVkrMFRtV0tsd1E4bS8K MGEwV1dHOTRLcmRXNGhXT0NyY1lIT3JLdnJjU1FORVRQWTd1UHBaMHZUSHU3WW9ob2NzcXVzTlIx VXJicVF1SApUbzdiQ0d2czd1QTgvdXgrS1loNi82azdqRGlSOWZqUzBNdTllcWo3Umk4Z0JwY3Aw NmsycFJUWTZxMmFGWFA1CkF0YW5EbE5DZ011QU1HNjFIQU5ZdkcrVjY0R3VjcEkvUjBtbnFjV2VY SFl6NXVnc21KU2tBVmhwYk9aYmg2bTYKUDN4Wk0wVll1bThHcWNIWkJxeDhsTFMwM28wLy8vZXo3 TmJoN1ROSkVUbzJRNFRoMEY5SHQ3UnAyMWc1bTNyeApJZWVqZFdZbEl2cnVqd20rWTFDcmJQSUI1 cjJ6YVVpK0VQcUg0cUxYbEd2SDQxNnZxazIzd0pJYlNkWWJWV1RNCmNBRVZjYWNDaFlaWUtENnZh TW03ODhKVUxGd0ZPQWxYSzRIZkVFRHVwd21mbVN0RVhhR0FVZXVXRlY0aENFbG8KWXFIZWVTVXJW ajJVbGNwTFpwQWxRWHlrVitSTCsvS05lTVBYT1hKYXNjL3FERXRmVjltRUZ4Sjh4eEFFZWFYRwp6 dUszZVdWTnpvRGlIaTk2QlR4MVh0VDB4T0hPMWVGUWcyNXQvVXJLZE93ZnI0TzVTdGpJS3daUkpF NE5jc2JmCk1OTTJ2YVFQMGM5ZytwWHMzMUZURmp1NjFCWCtGNlViKzhvbXRUOWdzcE00Nkpjc01r cmFQTFM3WmNaTlVhU1IKSXVZSWE0VWdYZE4wUVNMNEdHajYxZ2VxUSsyNXRnMVVJNjNSU3ZBMTJD SUw3U0pGUXZ0MWlCVUtBUWEyQXlOQgpLY0kzdUVqQ1NxQjhTb3R6MDJ5dgo9YVl4ZQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============3444987032973880574==--
$key[$s]