From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/5] Enable correct display of ipv6 entries in Firewall log pages of web UI
Date: Sat, 23 Jan 2016 13:07:22 +0000 [thread overview]
Message-ID: <1453554442.585.130.camel@ipfire.org> (raw)
In-Reply-To: <0F8A6B13-9243-4AFE-A156-3DA79D85DAFF@eitelwein.net>
[-- Attachment #1: Type: text/plain, Size: 33827 bytes --]
Hi,
I created a new thread for this on the list.
http://lists.ipfire.org/pipermail/development/2016-January/001487.html
I think this is the starting point you have been asking for?!
Best,
-Michael
On Sat, 2016-01-23 at 12:59 +0100, Michael Eitelwein wrote:
> Ok, would concentrate on ipfire3 then.
>
> Only issue I have is that I am not experienced enough to develop
> something from scratch. If there is an existing
> architecture/framework, then I should be able to dig in and produce
> algorithms and code. So if there were a developer who could point me
> to the topics to be picked up and get started, this would be very
> helpful for me.
>
> Hope this makes sense.
>
> Michael
>
>
> > Am 23.01.2016 um 11:59 schrieb Michael Tremer <
> > michael.tremer(a)ipfire.org>:
> >
> > Good morning,
> >
> > On Sat, 2016-01-23 at 11:50 +0100, Michael Eitelwein wrote:
> > > Thanks a lot.
> > >
> > > Moving on to firewall configuration for IPv6 on the web GUI - who
> > > would be the right person to talk to in order to understand the
> > > architecture and structure of the code? Or do I need to reverse
> > > engineer the existing?
> >
> > Well, we have decided that this is a piece of work that is not
> > possible
> > to do with the IPFire 2 web user interface and especially not in
> > reasonable time with a result that we would want.
> >
> > > Does it make sense to add this to ipfire2 or should I focus on
> > > ipfire3?
> >
> > We have started IPFire 3 instead and that's where there is full
> > IPv6
> > support. Please install the latest image and have a look.
> >
> > Best,
> > -Michael
> >
> > >
> > > Best regards
> > >
> > > Michael
> > >
> > >
> > >
> > > Liebe Grüße,
> > >
> > > Michael
> > > > Am 23.01.2016 um 01:43 schrieb Michael Tremer <
> > > > michael.tremer(a)ipfire.org>:
> > > >
> > > > Hi,
> > > >
> > > > I merged these by pulling from your Git repository.
> > > >
> > > > Please fix this email issue.
> > > >
> > > > > On Fri, 2016-01-22 at 22:00 +0100, Matthias Fischer wrote:
> > > > > > On 22.01.2016 19:00, Michael Eitelwein wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hi
> > > > > > The patch itself is working on my machine without issues.
> > > > > > If
> > > > > > Matthias did not observe any issues as well, than I would
> > > > > > propose
> > > > > > to merge it into the next release. Please let me know if
> > > > > > there
> > > > > > is
> > > > > > anything I have to do to get them merged.
> > > > > > The problems of applying the patch were not further
> > > > > > examined,
> > > > > > as
> > > > > > Matthias was able to apply them in the end. Also they are
> > > > > > now
> > > > > > available in git.ipfire.org, so they can be applied
> > > > > > directly
> > > > > > from
> > > > > > there.
> > > > > > Michael
> > > > >
> > > > > Hi,
> > > > >
> > > > > I just clicked through all '.dat'-files: I saw no problems.
> > > > >
> > > > > Playing chicken: did anyone *else* test this? ;-)
> > > >
> > > > I guess the answer is the usual one.
> > > >
> > > > > Best,
> > > > > Matthias
> > > > >
> > > > > P.S.: ME, while replying to "ALL", there is something weird
> > > > > with
> > > > > your
> > > > > email-address: it just says "michael", not "
> > > > > michael(a)eitelwein.net
> > > > > ". I
> > > > > had to add your address manually from my addressbook. Bug or
> > > > > feature-
> > > > > mine or yours?
> > > >
> > > > Yeah that is a misconfiguration in the email client.
> > > >
> > > > >
> > > > > > -------- Ursprüngliche Nachricht --------
> > > > > > Von: Michael Tremer <michael.tremer(a)ipfire.org>
> > > > > > Datum: 22.01.2016 01:59 (GMT+01:00)
> > > > > > An: Michael Eitelwein <michael(a)eitelwein.net>, IPFire
> > > > > > Development
> > > > > > List <development(a)lists.ipfire.org>
> > > > > > Cc: Matthias Fischer <matthias.fischer(a)ipfire.org>
> > > > > > Betreff: Re: [PATCH 1/5] Enable correct display of ipv6
> > > > > > entries
> > > > > > in
> > > > > > Firewall log pages of web UI
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > did you work out what the issue was with these emails?
> > > > > >
> > > > > > Best,
> > > > > > -Michael
> > > > > >
> > > > > > > On Sun, 2016-01-10 at 18:34 +0100, Michael Eitelwein
> > > > > > > wrote:
> > > > > > > 3 main changes:
> > > > > > > - Fill $iface and $out from PHYSIN and PHYSOUT when
> > > > > > > looking
> > > > > > > at
> > > > > > > bridged packets, othewerwise fill from IN and OUT
> > > > > > > - Recognize ipv4 and ipv6 address style for $srcaddr and
> > > > > > > $dstaddr
> > > > > > > - Match color coding of tables to pie charts
> > > > > > >
> > > > > > > I am using the bridged ipv6 setup as proposed in the
> > > > > > > wiki. I
> > > > > > > do
> > > > > > > not
> > > > > > > think this breaks anything when not using ipv6. So it
> > > > > > > would
> > > > > > > be
> > > > > > > nice
> > > > > > > to include this even if ipv6 is not officially supported
> > > > > > > yet.
> > > > > > > It
> > > > > > > is
> > > > > > > quite useful when using the ipv6 setup.
> > > > > > >
> > > > > > > Signed-off-by: Michael Eitelwein <michael(a)eitelwein.net>
> > > > > > >
> > > > > > > ---
> > > > > > > html/cgi-bin/logs.cgi/firewalllog.dat | 14 ++-
> > > > > > > -
> > > > > > > html/cgi-bin/logs.cgi/firewalllogcountry.dat | 43
> > > > > > > ++++++++-
> > > > > > > ----
> > > > > > > html/cgi-bin/logs.cgi/firewalllogip.dat | 15 ++-
> > > > > > > --
> > > > > > > html/cgi-bin/logs.cgi/firewalllogport.dat | 12 ++-
> > > > > > > -
> > > > > > > html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 81
> > > > > > > +++++++++++++++++-------
> > > > > > > html/cgi-bin/logs.cgi/showrequestfromip.dat | 27
> > > > > > > ++++--
> > > > > > > --
> > > > > > > html/cgi-bin/logs.cgi/showrequestfromport.dat | 14 ++-
> > > > > > > -
> > > > > > > 7 files changed, 131 insertions(+), 75 deletions(-)
> > > > > > >
> > > > > > > diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat
> > > > > > > b/html/cgi
> > > > > > > -bin/logs.cgi/firewalllog.dat
> > > > > > > index 5a584d6..42c9612 100644
> > > > > > > --- a/html/cgi-bin/logs.cgi/firewalllog.dat
> > > > > > > +++ b/html/cgi-bin/logs.cgi/firewalllog.dat
> > > > > > > @@ -328,7 +328,10 @@ END
> > > > > > > $lines = 0;
> > > > > > > foreach $_ (@log)
> > > > > > > {
> > > > > > > - /^... (..) (..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(IN=.*)$/;
> > > > > > > + # If ipv6 uses a bridge, PHYSIN= contains the
> > > > > > > relevant
> > > > > > > iface
> > > > > > > information
> > > > > > > + # otherwise use IN=
> > > > > > > + if ($_ =~ /^... (..) (..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(PHYSIN=.*)$/) {}
> > > > > > > + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(IN=.*)$/) {}
> > > > > > > my $day = $1;
> > > > > > > $day =~ tr / /0/;
> > > > > > > my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
> > > > > > > @@ -336,9 +339,12 @@ foreach $_ (@log)
> > > > > > > my $packet = $4;
> > > > > > >
> > > > > > > my ($iface, $srcaddr, $dstaddr, $macaddr, $proto,
> > > > > > > $srcport,
> > > > > > > $dstport);
> > > > > > > - $iface=$1 if $packet =~ /IN=(\w+)/;
> > > > > > > - $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
> > > > > > > - $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
> > > > > > > + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 }
> > > > > > > elsif
> > > > > > > ($packet
> > > > > > > =~ /IN=(\w+)/) { $iface = $1}
> > > > > > > + # Identify whether ipv4 or ipv6. Both are
> > > > > > > mutally
> > > > > > > exclusive.
> > > > > > > + if ($packet =~
> > > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
> > > > > > > $srcaddr=$1 }
> > > > > > > + if ($packet =~ /SRC\=(([0-9a-fA
> > > > > > > -F]{0,4})(\:([0
> > > > > > > -9a-fA
> > > > > > > -F]{0,4})){2,7})/) { $srcaddr=$1 }
> > > > > > > + if ($packet =~
> > > > > > > /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
> > > > > > > $dstaddr=$1 }
> > > > > > > + if ($packet =~ /DST\=(([0-9a-fA
> > > > > > > -F]{0,4})(\:([0
> > > > > > > -9a-fA
> > > > > > > -F]{0,4})){2,7})/) { $dstaddr=$1 }
> > > > > > > $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
> > > > > > > $proto=$1 if $packet =~ /PROTO=(\w+)/;
> > > > > > > $srcport=$1 if $packet =~ /SPT=(\d+)/;
> > > > > > > diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
> > > > > > > b/html/cgi
> > > > > > > -bin/logs.cgi/firewalllogcountry.dat
> > > > > > > index f998a62..2661ddd 100644
> > > > > > > --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
> > > > > > > +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
> > > > > > > @@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} !=
> > > > > > > 0){$pienumber=$cgiparams{'pienumber'};}
> > > > > > > if( $cgiparams{'otherspie'} !=
> > > > > > > 0){$otherspie=$cgiparams{'otherspie'};}
> > > > > > > if( $cgiparams{'showpie'} !=
> > > > > > > 0){$showpie=$cgiparams{'showpie'};}
> > > > > > > if( $cgiparams{'sortcolumn'} !=
> > > > > > > 0){$sortcolumn=$cgiparams{'sortcolumn'};}
> > > > > > > -
> > > > > > > print <<END
> > > > > > > </select>
> > > > > > > </td>
> > > > > > > @@ -294,15 +293,24 @@ $lines = 0;
> > > > > > >
> > > > > > > foreach $_ (@log)
> > > > > > > {
> > > > > > > - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> > > > > > > + # If ipv6 uses bridge, use PHYSIN for iface, otherwise
> > > > > > > IN
> > > > > > > + if (/^... (..) (..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(PHYSIN=.*)$/) {}
> > > > > > > + elsif (/^... (..) (..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(IN=.*)$/)
> > > > > > > {}
> > > > > > > my $packet = $4;
> > > > > > > - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~
> > > > > > > /2./
> > > > > > > ){
> > > > > > > $iface="";}
> > > > > > > - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
> > > > > > > + my $iface = '';
> > > > > > > + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
> > > > > > > ($packet
> > > > > > > =~
> > > > > > > /IN=(\w+)/) { $iface = $1 }
> > > > > > > + if ( $1 =~ /2./ ) { $iface=''; }
> > > > > > > + my $srcaddr = '';
> > > > > > > + # Find ipv4 and ipv6 addresses
> > > > > > > + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> > > > > > > {
> > > > > > > $srcaddr
> > > > > > > = $1 }
> > > > > > > + elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a
> > > > > > > -fA
> > > > > > > -F]{0,4})){2,7})/) { $srcaddr = $1 }
> > > > > > >
> > > > > > > if($iface eq $red_interface) {
> > > > > > > + # Traffic from red
> > > > > > > if($srcaddr ne '') {
> > > > > > > + # srcaddr is set
> > > > > > > my $ccode = $gi->country_code_by_name($srcaddr);
> > > > > > > - if( $ccode eq '') {
> > > > > > > + if ($ccode eq '') {
> > > > > > > $ccode = 'unknown';
> > > > > > > }
> > > > > > > $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
> > > > > > > @@ -311,11 +319,16 @@ foreach $_ (@log)
> > > > > > > }
> > > > > > > }
> > > > > > > else {
> > > > > > > + # Traffic not from red
> > > > > > > if($iface ne '') {
> > > > > > > $tabjc{$iface} = $tabjc{$iface} + 1 ;
> > > > > > > if(($tabjc{$iface} == 1) && ($lines <
> > > > > > > $pienumber)) {
> > > > > > > $lines
> > > > > > > = $lines + 1; }
> > > > > > > $linesjc++;
> > > > > > > }
> > > > > > > + else {
> > > > > > > + # What to do with empty iface lines?
> > > > > > > + # This probably is traffic from ipfire itself (IN=
> > > > > > > OUT=XY)?
> > > > > > > + }
> > > > > > > }
> > > > > > > }
> > > > > > >
> > > > > > > @@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50
> > > > > > > &&
> > > > > > > $pienumber != 0) {
> > > > > > > print "<img src='/graphs/fwlog
> > > > > > > -country$imagerandom.png'>";
> > > > > > > print "</div>";
> > > > > > > }
> > > > > > > -
> > > > > > > print <<END
> > > > > > > <table width='100%' class='tbl'>
> > > > > > > <tr>
> > > > > > > @@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++)
> > > > > > > $percent = $value[$s] * 100 / $linesjc;
> > > > > > > $percent = sprintf("%.f", $percent);
> > > > > > > $total = $total + $value[$s];
> > > > > > > - my $colorIndex = $color % 10;
> > > > > > > - if($colorIndex == 0) {
> > > > > > > - $colorIndex = 10;
> > > > > > > - }
> > > > > > > + # colors are numbered 1 to 10
> > > > > > > + my $colorIndex = ($color % 10) + 1;
> > > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'";
> > > > > > > $color++;
> > > > > > > print "<tr>";
> > > > > > > @@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++)
> > > > > > > print"<input type='hidden' name='country'
> > > > > > > value='$key[$s]'>";
> > > > > > > print"<input type='submit' value='details'></form>";
> > > > > > > }
> > > > > > > -
> > > > > > > - if($key[$s] eq 'blue0' || $key[$s] eq 'green0' ||
> > > > > > > $key[$s]
> > > > > > > eq
> > > > > > > 'orange0') {
> > > > > > > + elsif ($key[$s] eq 'unknown') {
> > > > > > > + print "unknown";
> > > > > > > + }
> > > > > > > + # Looks dangerous to use hardcoded interface names
> > > > > > > here.
> > > > > > > Probably
> > > > > > > needs fixing.
> > > > > > > + if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' ||
> > > > > > > $key[$s] eq
> > > > > > > 'orange0' ) {
> > > > > > > print "<td align='center' $col>$key[$s]</td>";
> > > > > > > }
> > > > > > > else {
> > > > > > > @@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++)
> > > > > > >
> > > > > > > if($cgiparams{'otherspie'} == 2 ){}
> > > > > > > else{
> > > > > > > - my $colorIndex = $color % 10;
> > > > > > > - if($colorIndex == 0) {
> > > > > > > - $colorIndex = 10;
> > > > > > > - }
> > > > > > > + # colors are numbered 1 to 10
> > > > > > > + my $colorIndex = ($color % 10) + 1;
> > > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'";
> > > > > > > print "<tr>";
> > > > > > >
> > > > > > > diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat
> > > > > > > b/html/cgi
> > > > > > > -bin/logs.cgi/firewalllogip.dat
> > > > > > > index 7d82d20..6fc3422 100644
> > > > > > > --- a/html/cgi-bin/logs.cgi/firewalllogip.dat
> > > > > > > +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
> > > > > > > @@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber >
> > > > > > > $lines
> > > > > > > > >
> > > > > > > $sortcolumn == 2) { $pienumber =
> > > > > > > $lines = 0;
> > > > > > > foreach $_ (@log)
> > > > > > > {
> > > > > > > - if($_ =~ /SRC\=([\d\.]+)/){
> > > > > > > + # Extract ipv4 or ipv6 address
> > > > > > > + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
> > > > > > > ($_
> > > > > > > =~
> > > > > > > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/))
> > > > > > > {
> > > > > > > $tabjc{$1} = $tabjc{$1} + 1 ;
> > > > > > > if(($tabjc{$1} == 1) && ($lines < $pienumber)) {
> > > > > > > $lines
> > > > > > > =
> > > > > > > $lines + 1; }
> > > > > > > $linesjc++;
> > > > > > > @@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++)
> > > > > > > $percent = $value[$s] * 100 / $linesjc;
> > > > > > > $percent = sprintf("%.f", $percent);
> > > > > > > $total = $total + $value[$s];
> > > > > > > - my $colorIndex = $color % 10;
> > > > > > > - if($colorIndex == 0) {
> > > > > > > - $colorIndex = 10;
> > > > > > > - }
> > > > > > > + # colors are numbered 1 to 10
> > > > > > > + my $colorIndex = ($color % 10) + 1;
> > > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'";
> > > > > > > print "<tr>";
> > > > > > >
> > > > > > > @@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++)
> > > > > > >
> > > > > > > if($cgiparams{'otherspie'} == 2 ){}
> > > > > > > else{
> > > > > > > - my $colorIndex = $color % 10;
> > > > > > > - if($colorIndex == 0) {
> > > > > > > - $colorIndex = 10;
> > > > > > > - }
> > > > > > > + # colors are numbered 1 to 10
> > > > > > > + my $colorIndex = ($color % 10) + 1;
> > > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'";
> > > > > > > print "<tr>";
> > > > > > >
> > > > > > > diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat
> > > > > > > b/html/cgi
> > > > > > > -bin/logs.cgi/firewalllogport.dat
> > > > > > > index 5b0db62..583c1b3 100644
> > > > > > > --- a/html/cgi-bin/logs.cgi/firewalllogport.dat
> > > > > > > +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat
> > > > > > > @@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++)
> > > > > > > $percent = $value[$s] * 100 / $linesjc;
> > > > > > > $percent = sprintf("%.f", $percent);
> > > > > > > $total = $total + $value[$s];
> > > > > > > - my $colorIndex = $color % 10;
> > > > > > > - if($colorIndex == 0) {
> > > > > > > - $colorIndex = 10;
> > > > > > > - }
> > > > > > > + # colors are numbered 1 to 10
> > > > > > > + my $colorIndex = ($color % 10) + 1;
> > > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'";
> > > > > > > print "<tr>";
> > > > > > >
> > > > > > > @@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++)
> > > > > > >
> > > > > > > if($cgiparams{'otherspie'} == 2 ){}
> > > > > > > else{
> > > > > > > - my $colorIndex = $color % 10;
> > > > > > > - if($colorIndex == 0) {
> > > > > > > - $colorIndex = 10;
> > > > > > > - }
> > > > > > > + # colors are numbered 1 to 10
> > > > > > > + my $colorIndex = ($color % 10) + 1;
> > > > > > > $col="bgcolor='$color{\"color$colorIndex\"}'";
> > > > > > > print "<tr>";
> > > > > > >
> > > > > > > diff --git a/html/cgi
> > > > > > > -bin/logs.cgi/showrequestfromcountry.dat
> > > > > > > b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> > > > > > > index 5283c42..0784ab9 100644
> > > > > > > --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> > > > > > > +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> > > > > > > @@ -158,23 +158,35 @@ if (!$skip)
> > > > > > > {
> > > > > > > while (<FILE>)
> > > > > > > {
> > > > > > > - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> > > > > > > kernel:.*(IN=.*)$/) {
> > > > > > > - my $packet = $2;
> > > > > > > - $packet =~ /IN=(\w+)/; my $iface=$1;
> > > > > > > if (
> > > > > > > $1
> > > > > > > =~
> > > > > > > /2./ ){ $iface="";}
> > > > > > > - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
> > > > > > > + # First check whether valid log line (date, day)
> > > > > > > + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> > > > > > > kernel:.*(IN=.*)$/) {
> > > > > > > + # If ipv6 uses bridge, then use PHYSIN otherwise
> > > > > > > use
> > > > > > > IN
> > > > > > > + if (/(^${monthstr} ${daystr} ..:..:..) [\w\
> > > > > > > -]+
> > > > > > > kernel:.*(PHYSIN=.*)$/) {}
> > > > > > > + elsif (/(^${monthstr} ${daystr} ..:..:..)
> > > > > > > [\w\
> > > > > > > -]+
> > > > > > > kernel:.*(IN=.*)$/) {}
> > > > > > > + my $packet = $2;
> > > > > > > + my $iface = '';
> > > > > > > + my $srcaddr = '';
> > > > > > > + # If ipv6 uses bridge, use PHYSIN otherwise
> > > > > > > IN
> > > > > > > + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1
> > > > > > > }
> > > > > > > elsif
> > > > > > > ($packet =~ /IN=(\w+)/) { $iface = $1 }
> > > > > > > + # Extract ipv4 and ipv6 addresses
> > > > > > > + if (($packet =~
> > > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> > > > > > > or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
> > > > > > > -F]{0,4})){2,7})/)) {
> > > > > > > + $srcaddr = $1
> > > > > > > + };
> > > > > > >
> > > > > > > if($iface eq $country) {
> > > > > > > + # iface matches country code
> > > > > > > $log[$lines] = $_;
> > > > > > > $lines++;
> > > > > > > }
> > > > > > > elsif($srcaddr ne '') {
> > > > > > > + # or srcaddr matches country code
> > > > > > > my $ccode = $gi
> > > > > > > ->country_code_by_name($srcaddr);
> > > > > > > if($ccode eq $country){
> > > > > > > $log[$lines] = $_;
> > > > > > > $lines++;
> > > > > > > }
> > > > > > > }
> > > > > > > - }
> > > > > > > + }
> > > > > > > }
> > > > > > > close (FILE);
> > > > > > > }
> > > > > > > @@ -194,16 +206,28 @@ if ($multifile) {
> > > > > > > }
> > > > > > > if (!$skip) {
> > > > > > > while (<FILE>) {
> > > > > > > - if (/(^${monthstr} ${daystr} ..:..:..) [\w\
> > > > > > > -]+
> > > > > > > kernel:.*(IN=.*)$/) {
> > > > > > > - if($_ =~ /SRC\=([\d\.]+)/){
> > > > > > > - my $srcaddr=$1;
> > > > > > > - my $ccode = $gi
> > > > > > > ->country_code_by_name($srcaddr);
> > > > > > > - if($ccode eq $country){
> > > > > > > + # Check if valid log line (date, day)
> > > > > > > + if (/(^${monthstr} ${daystr} ..:..:..) [\w\
> > > > > > > -]+
> > > > > > > kernel:.*(IN=.*)$/) {
> > > > > > > + my $iface = '';
> > > > > > > + # If ipv6 uses bridge, then use
> > > > > > > PHYSIN
> > > > > > > otherwise
> > > > > > > IN
> > > > > > > + if ($_ =~ /PHYSIN=(\w+)/) { $iface =
> > > > > > > $1
> > > > > > > }
> > > > > > > elsif
> > > > > > > ($_ =~ /IN=(\w+)/) { $iface = $1 }
> > > > > > > +
> > > > > > > + if($iface eq $country) {
> > > > > > > + # iface matches country code
> > > > > > > + $log[$lines] = $_;
> > > > > > > + $lines++;
> > > > > > > + }
> > > > > > > + # extract ipv4 and ipv6 address
> > > > > > > + elsif (($_ =~
> > > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~
> > > > > > > /SRC\=(([0
> > > > > > > -9a
> > > > > > > -fA
> > > > > > > -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> > > > > > > + my $srcaddr=$1;
> > > > > > > + my $ccode = $gi
> > > > > > > ->country_code_by_name($srcaddr);
> > > > > > > + if($ccode eq $country){
> > > > > > > + # or srcaddr matches country
> > > > > > > code
> > > > > > > $log[$lines] = $_;
> > > > > > > $lines++;
> > > > > > > + }
> > > > > > > }
> > > > > > > - }
> > > > > > > - }
> > > > > > > + }
> > > > > > > }
> > > > > > > close (FILE);
> > > > > > > }
> > > > > > > @@ -308,32 +332,45 @@ $lines = 0;
> > > > > > > foreach $_ (@slice)
> > > > > > > {
> > > > > > > $a = $_;
> > > > > > > - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> > > > > > > + # If ipv6 uses bridge, use PHYSIN otherwise use IN
> > > > > > > + if (/^... (..) (..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(PHYSIN=.*)$/) {}
> > > > > > > + elsif (/^... (..) (..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(IN=.*)$/)
> > > > > > > {};
> > > > > > > my $packet = $4;
> > > > > > > - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~
> > > > > > > /2./
> > > > > > > ){
> > > > > > > $iface="";}
> > > > > > > - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
> > > > > > > + my $iface = '';
> > > > > > > + # If ipv6 uses bridge, use PHYSIN otherwise use IN
> > > > > > > + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
> > > > > > > ($packet
> > > > > > > =~
> > > > > > > /IN=(\w+)/) { $iface = $1 }
> > > > > > > + if ( $1 =~ /2./ ){ $iface="";}
> > > > > > > + my $srcaddr = '';
> > > > > > > + # Extract ipv4 and ipv6 addresses
> > > > > > > + if (($packet =~
> > > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
> > > > > > > ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
> > > > > > > -F]{0,4})){2,7})/))
> > > > > > > {
> > > > > > > + $srcaddr = $1
> > > > > > > + };
> > > > > > >
> > > > > > > if($iface eq $country || $srcaddr ne '') {
> > > > > > > - my $ccode;
> > > > > > > + my $ccode='';
> > > > > > > if($iface ne $country) {
> > > > > > > $ccode = $gi->country_code_by_name($srcaddr);
> > > > > > > }
> > > > > > > if($iface eq $country || $ccode eq $country) {
> > > > > > > - my $chain = '';
> > > > > > > + my $chain = '';
> > > > > > > my $in = '-'; my $out = '-';
> > > > > > > my $srcaddr = ''; my $dstaddr = '';
> > > > > > > my $protostr = '';
> > > > > > > my $srcport = ''; my $dstport = '';
> > > > > > >
> > > > > > > - $_ =~ /(^.* ..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(IN=.*)$/;
> > > > > > > + # If ipv6 uses bridge, the use PHYSIN otherwise
> > > > > > > use IN
> > > > > > > + if ($_ =~ /(^.* ..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(PHYSIN=.*)$/) {}
> > > > > > > + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(IN=.*)$/)
> > > > > > > {}
> > > > > > > my $timestamp = $1; my $chain = $2; my $packet =
> > > > > > > $3;
> > > > > > > $timestamp =~ /(...) (..) (..:..:..)/;
> > > > > > > my $month = $1; my $day = $2; my $time = $3;
> > > > > > >
> > > > > > > - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
> > > > > > > - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
> > > > > > > - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
> > > > > > > - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
> > > > > > > + # If ipv6 uses bridge, use PHYSIN and PHYSOUT,
> > > > > > > otherwise
> > > > > > > use
> > > > > > > IN and OUT
> > > > > > > + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
> > > > > > > ($a =~
> > > > > > > /IN=(\w+)/) { $iface = $1 }
> > > > > > > + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a
> > > > > > > =~
> > > > > > > /OUT=(\w+)/) { $out = $1 }
> > > > > > > + # Extract ipv4 and ipv6 addresses
> > > > > > > + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> > > > > > > or
> > > > > > > ($a
> > > > > > > =~
> > > > > > > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/))
> > > > > > > {
> > > > > > > $srcaddr =
> > > > > > > $1; }
> > > > > > > + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> > > > > > > or
> > > > > > > ($a
> > > > > > > =~
> > > > > > > /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/))
> > > > > > > {
> > > > > > > $dstaddr =
> > > > > > > $1; }
> > > > > > > if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
> > > > > > > my $protostrlc = lc($protostr);
> > > > > > > if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
> > > > > > > diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat
> > > > > > > b/html/cgi
> > > > > > > -bin/logs.cgi/showrequestfromip.dat
> > > > > > > index 09a60b5..94e795c 100644
> > > > > > > --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat
> > > > > > > +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat
> > > > > > > @@ -155,7 +155,7 @@ if (!$skip)
> > > > > > > while (<FILE>)
> > > > > > > {
> > > > > > > if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> > > > > > > kernel:.*(IN=.*)$/) {
> > > > > > > - if($_ =~ /SRC\=([\d\.]+)/){
> > > > > > > + if (($_ =~
> > > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> > > > > > > or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
> > > > > > > -F]{0,4})){2,7})/)) {
> > > > > > > if($1 eq $ip){
> > > > > > > $log[$lines] = $_;
> > > > > > > $lines++;
> > > > > > > @@ -182,12 +182,12 @@ if ($multifile) {
> > > > > > > if (!$skip) {
> > > > > > > while (<FILE>) {
> > > > > > > if (/(^${monthstr} ${daystr} ..:..:..) [\w\
> > > > > > > -]+
> > > > > > > kernel:.*(IN=.*)$/) {
> > > > > > > - if($_ =~ /SRC\=([\d\.]+)/){
> > > > > > > - if($1 eq $ip){
> > > > > > > + if (($_ =~
> > > > > > > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~
> > > > > > > /SRC\=(([0
> > > > > > > -9a
> > > > > > > -fA
> > > > > > > -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> > > > > > > + if($1 eq $ip){
> > > > > > > $log[$lines] = $_;
> > > > > > > $lines++;
> > > > > > > - }
> > > > > > > - }
> > > > > > > + }
> > > > > > > + }
> > > > > > > }
> > > > > > > }
> > > > > > > close (FILE);
> > > > > > > @@ -293,7 +293,8 @@ $lines = 0;
> > > > > > > foreach $_ (@slice)
> > > > > > > {
> > > > > > > $a = $_;
> > > > > > > - if($_ =~ /SRC\=([\d\.]+)/){
> > > > > > > + # Check whether valid ipv4 or ipv6 address
> > > > > > > + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
> > > > > > > ($_
> > > > > > > =~
> > > > > > > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/))
> > > > > > > {
> > > > > > > if($1 eq $ip){
> > > > > > > my $chain = '';
> > > > > > > my $in = '-'; my $out = '-';
> > > > > > > @@ -301,15 +302,19 @@ foreach $_ (@slice)
> > > > > > > my $protostr = '';
> > > > > > > my $srcport = ''; my $dstport = '';
> > > > > > >
> > > > > > > - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> > > > > > > + # If ipv6 uses bridge, the use PHYSIN, otherwise use
> > > > > > > IN
> > > > > > > + if ($_ =~ /(^.* ..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(PHYSIN=.*)$/)
> > > > > > > {}
> > > > > > > + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(IN=.*)$/)
> > > > > > > {}
> > > > > > > my $timestamp = $1; my $chain = $2; my $packet = $3;
> > > > > > > $timestamp =~ /(...) (..) (..:..:..)/;
> > > > > > > my $month = $1; my $day = $2; my $time = $3;
> > > > > > >
> > > > > > > - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
> > > > > > > - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
> > > > > > > - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
> > > > > > > - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
> > > > > > > + # If ipv6 uses bridge, the use PHYSIN and
> > > > > > > PHYSOUT,
> > > > > > > otherwise
> > > > > > > use IN and OUT
> > > > > > > + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
> > > > > > > ($a
> > > > > > > =~
> > > > > > > /IN=(\w+)/) { $iface = $1 }
> > > > > > > + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif
> > > > > > > ($a
> > > > > > > =~
> > > > > > > /OUT=(\w+)/) { $out = $1 }
> > > > > > > + # Detect ipv4 and ipv6 addresses
> > > > > > > + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> > > > > > > or
> > > > > > > ($a =~
> > > > > > > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/))
> > > > > > > {
> > > > > > > $srcaddr =
> > > > > > > $1; }
> > > > > > > + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> > > > > > > or
> > > > > > > ($a =~
> > > > > > > /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/))
> > > > > > > {
> > > > > > > $dstaddr =
> > > > > > > $1; }
> > > > > > > if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
> > > > > > > my $protostrlc = lc($protostr);
> > > > > > > if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
> > > > > > > diff --git a/html/cgi
> > > > > > > -bin/logs.cgi/showrequestfromport.dat
> > > > > > > b/html/cgi
> > > > > > > -bin/logs.cgi/showrequestfromport.dat
> > > > > > > index ad9823c..af7779a 100644
> > > > > > > --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat
> > > > > > > +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat
> > > > > > > @@ -307,15 +307,19 @@ foreach $_ (@slice)
> > > > > > > my $protostr = '';
> > > > > > > my $srcport = ''; my $dstport = '';
> > > > > > >
> > > > > > > - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> > > > > > > + # If ipv6 uses bridge, the use PHYSIN, otherwise
> > > > > > > use
> > > > > > > IN
> > > > > > > + if ($_ =~ /(^.* ..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(PHYSIN=.*)$/)
> > > > > > > {}
> > > > > > > + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+
> > > > > > > kernel:(.*)(IN=.*)$/)
> > > > > > > {}
> > > > > > > my $timestamp = $1; my $chain = $2; my $packet = $3;
> > > > > > > $timestamp =~ /(...) (..) (..:..:..)/;
> > > > > > > my $month = $1; my $day = $2; my $time = $3; my
> > > > > > > $iface;
> > > > > > >
> > > > > > > - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
> > > > > > > - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
> > > > > > > - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
> > > > > > > - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
> > > > > > > + # If ipv6 uses bridge, the use PHYSIN and
> > > > > > > PHYSOUT,
> > > > > > > otherwise
> > > > > > > use IN and OUT
> > > > > > > + if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif
> > > > > > > ($a =~
> > > > > > > /IN\=(\w+)/) { $iface = $1; }
> > > > > > > + if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif
> > > > > > > ($a
> > > > > > > =~
> > > > > > > /OUT\=(\w+)/) { $out = $1; }
> > > > > > > + # Detect ipv4 and ipv6 addresses
> > > > > > > + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> > > > > > > or
> > > > > > > ($a =~
> > > > > > > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/))
> > > > > > > {
> > > > > > > $srcaddr =
> > > > > > > $1; }
> > > > > > > + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> > > > > > > or
> > > > > > > ($a =~
> > > > > > > /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/))
> > > > > > > {
> > > > > > > $dstaddr =
> > > > > > > $1; }
> > > > > > > if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
> > > > > > > my $protostrlc = lc($protostr);
> > > > > > > if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-01-23 13:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0x3xhxmi44x6md2tsvl7fplt.1453449925919@email.android.com>
2016-01-22 21:00 ` AW: " Matthias Fischer
2016-01-23 0:43 ` Michael Tremer
2016-01-23 10:50 ` Michael Eitelwein
2016-01-23 10:59 ` Michael Tremer
2016-01-23 11:59 ` Michael Eitelwein
2016-01-23 13:07 ` Michael Tremer [this message]
2016-01-10 17:34 Michael Eitelwein
2016-01-22 0:59 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1453554442.585.130.camel@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox