From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] display GeoIP information on active network connections in WebUI Date: Sun, 12 Nov 2017 12:23:23 +0000 Message-ID: <1510489403.3441.6.camel@ipfire.org> In-Reply-To: <20171111213018.29d3cae8.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8586580978303736324==" List-Id: --===============8586580978303736324== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, I think that still makes sense since we have very short-running scripts here and the database uses 1.1 MB of space on disk. So lets assume we have a lot of overhead when we load it into memory, it might be up to 2MB which is totally fine with me. Can you send an email with a Reviewed-by or Tested-by tag? Which ever is suitable for what you did. -Michael On Sat, 2017-11-11 at 21:30 +0100, Peter M=C3=BCller wrote: > Hello Michael, >=20 > the patches look good. >=20 > Thanks for working on this. >=20 > However, I think for simple sites such as the DNS server list > or ipinfo.cgi, where we have only 1 or 2 queries, we do not need > to load the complete database to RAM. >=20 > Best regards, > Peter M=C3=BCller >=20 > > Hi, > >=20 > > I just posted a patch that does this. > >=20 > > Please have a look at it. > >=20 > > Best, > > -Michael > >=20 > > On Wed, 2017-11-08 at 22:52 +0100, Peter M=C3=BCller wrote: > > > Hello Michael, > > > =20 > > > > Basically this patch looks simple and good to me. =20 > > >=20 > > > Thanks, finally. :-) =20 > > > >=20 > > > > But since we are using the perl module quite a bit, could we not put > > > > those few lines into a function so that if we need to change anything > > > > we do that everywhere at once? > > > >=20 > > > > And secondly, I have some systems that have thousands of open > > > > connections very often to the same IP addresses. Could we not add a > > > > caching layer so that this isn't being looked up multiple times for t= he > > > > same IP address if that is an expensive operation? =20 > > >=20 > > > Could you (or somebody else) do this, please? I am afraid this is > > > one step to far for me at the moment. > > >=20 > > > Thanks and best regards, > > > Peter M=C3=BCller =20 > > > >=20 > > > > -Michael > > > >=20 > > > > On Tue, 2017-11-07 at 20:42 +0100, Peter M=C3=BCller wrote: =20 > > > > > Display the GeoIP flag for source and destination IP address > > > > > on the connection tracking table in WebUI. > > > > >=20 > > > > > This could possibly make network or firewall rule debugging easier. > > > > >=20 > > > > > Signed-off-by: Peter M=C3=BCller > > > > > --- > > > > > html/cgi-bin/connections.cgi | 26 ++++++++++++++++++++++++++ > > > > > 1 file changed, 26 insertions(+) > > > > >=20 > > > > > diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connection= s.cgi > > > > > index 96f09012b..06dc74877 100644 > > > > > --- a/html/cgi-bin/connections.cgi > > > > > +++ b/html/cgi-bin/connections.cgi > > > > > @@ -23,6 +23,7 @@ use strict; > > > > > =20 > > > > > use Net::IPv4Addr qw( :all ); > > > > > use Switch; > > > > > +use Geo::IP::PurePerl; > > > > > =20 > > > > > # enable only the following on debugging purpose > > > > > #use warnings; > > > > > @@ -31,6 +32,7 @@ use Switch; > > > > > require '/var/ipfire/general-functions.pl'; > > > > > require "${General::swroot}/lang.pl"; > > > > > require "${General::swroot}/header.pl"; > > > > > +require "${General::swroot}/geoip-functions.pl"; > > > > > =20 > > > > > my $colour_multicast =3D "#A0A0A0"; > > > > > =20 > > > > > @@ -372,6 +374,7 @@ print < > > > > 3D"" > > > > > 3D"" > > > > > > > > > > +   > > > > > > > > > > 3D"" > > > > > 3D"" > > > > > @@ -386,6 +389,7 @@ print < > > > > 3D"" > > > > > 3D"" > > > > > > > > > > +   > > > > > > > > > > 3D"" > > > > > 3D"" > > > > > @@ -409,10 +413,16 @@ print < > > > > > > > > > $Lang::tr{'source ip and port'} > > > > > > > > > > + > > > > > + $Lang::tr{'country'} > > > > > + > > > > > > > > > > $Lang::tr{'dest ip and port'} > > > > > > > > > > > > > > > + $Lang::tr{'country'} > > > > > + > > > > > + > > > > > $Lang::tr{'download'} / > > > > >
$Lang::tr{'upload'} > > > > > > > > > > @@ -540,6 +550,16 @@ foreach my $line (@conntrack) { > > > > > my $bytes_in =3D format_bytes($bytes[0]); > > > > > my $bytes_out =3D format_bytes($bytes[1]); > > > > > =20 > > > > > + my $gi1 =3D Geo::IP::PurePerl->new(); > > > > > + my $ccode1 =3D $gi1->country_code_by_name($sip_ret); > > > > > + my $fcode1 =3D lc($ccode1); > > > > > + my $flag_icon1 =3D &GeoIP::get_flag_icon($fcode1); > > > > > + > > > > > + my $gi2 =3D Geo::IP::PurePerl->new(); > > > > > + my $ccode2 =3D $gi2->country_code_by_name($dip_ret); > > > > > + my $fcode2 =3D lc($ccode2); > > > > > + my $flag_icon2 =3D &GeoIP::get_flag_icon($fcode2); > > > > > +=09 > > > > > # Format TTL > > > > > $ttl =3D format_time($ttl); > > > > > =20 > > > > > @@ -601,6 +621,9 @@ foreach my $line (@conntrack) { > > > > > > > > > > $sport_extra > > > > > > > > > > + > > > > > + > > > > > + > > > > > > > > > > > > > > > $dip > > > > > @@ -613,6 +636,9 @@ foreach my $line (@conntrack) { > > > > > > > > > > $dport_extra > > > > > > > > > > + > > > > > + > > > > > + > > > > > > > > > > $bytes_in / $bytes_out > > > > > =20 > > >=20 > > > =20 >=20 >=20 --===============8586580978303736324== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUU1L3JXNWwzR0dl Mnlwa3R4Z0hudy8yK1FDUWNGQWxvSVBUc0FDZ2tRZ0hudy8yK1EKQ1FmNG54QUFsUzgwMmlvUmlB UUpvUm81UXU2R0xNbzQ5WndnR0Z3SzZRcHFpS3NNN2lsK0JFaWlNVlV4UVV2QgpZZWF4VU1GVUhj bDdGRHpQQWJoSE1WekV6UmtnZzlmYkd3VEMrdzQza2d6K3h0aFUrZkxoYWlqcTJncEl6QzkrClNU OW9ZTFdZTjRodFA4RmhSeTlSL0dUM3JEdWljTmJaSllWbTNwZUtpQTRlc2Q4WVBrczBDUTgyUzNM bnlIMEUKMTI4c2k0eDl4MDBuaTZPdXpVRzh2a2NwNGhLUjE1dXlvaWRaWEZTeWIxbE04YkpaN1kv ZG1pZERLbURVaXh4Mgp5ZmMxV1hHK3F6MEJMZ1pGRjRuVEJyWjZPaFA1RVZBSTY2N0JZZHZiZVM1 bjE1Z1pZS3pGdjFEcXZYYU02bWdnCmFZdHRDRElMUTJKNEhLcUlLc3U3WVNKbkRxRUxvS2RLaVNz ekFMMElscFBJdmVaOVM5cGVZMWFERG9pM0lRdm8KYTk4NUkrSjdRUHVXNm9UNmQzbWhSRXoxNHU4 ZHJnTlhaclFYeFpMNzFwcGN3ek9jam82SkoyNktvNUVmVllJYQpwRkRqQ28yUTlJV1F1bFkxRmZr ZjRXWVVaSFVJc1ZxNXAvLzQyZ0tHc0F3UWtLNWlJZmJ6OTdoYUp0R1hsK1BhCnhtZFA0cm5oNXY4 UnRZQjR3a00yUzMyN2hLRGx5Y0l6RnB1SThoaHdyN2RTWEdDc0luRHRZdnpRRG4weDFFNGYKNWdI OWVLbDVzZWF0OXZjdnF3SSs2Ky8ybUtTV0xuM2hNcllsdW1GbE1uT2p5VFpGU3J3Q0pHdDBJYXpZ OE1yRgp5S1VPVC9HV2RDRXdaNHBKayswZjBXMGJVelJmdlIzMnNmZEt3YVMwQkVBNFViaGt1YXc9 Cj11VmV2Ci0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============8586580978303736324==--