* [PATCH] Enable ipv6 addresses in Firewall logs
@ 2016-01-07 12:00 Michael Eitelwein
2016-01-07 18:53 ` [PATCH] Updated: " Michael Eitelwein
0 siblings, 1 reply; 4+ messages in thread
From: Michael Eitelwein @ 2016-01-07 12:00 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 19821 bytes --]
Enable correct display of ipv6 entries in Firewall log pages of web UI.
3 main changes:
- Fill $iface and $out from PHYSIN and PHYSOUT when looking at bridged packets, othwerwise fill from IN and OUT
- Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr
- Match color coding of tables to pie charts (see seperate patch sent earlier)
I am using the bridged ipv6 setup as proposed in the wiki. I do not think this breaks anything when not using ipv6. So it would be nice to include this even if ipv6 is not officially supported yet. It is quite useful when using the ipv6 setup.
Signed-off-by: Michael Eitelwein <michael(a)eitelwein.net>
---
diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat
index 5a584d6..42c9612 100644
--- a/html/cgi-bin/logs.cgi/firewalllog.dat
+++ b/html/cgi-bin/logs.cgi/firewalllog.dat
@@ -328,7 +328,10 @@ END
$lines = 0;
foreach $_ (@log)
{
- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses a bridge, PHYSIN= contains the relevant iface information
+ # otherwise use IN=
+ if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $day = $1;
$day =~ tr / /0/;
my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
@@ -336,9 +339,12 @@ foreach $_ (@log)
my $packet = $4;
my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport);
- $iface=$1 if $packet =~ /IN=(\w+)/;
- $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
- $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1}
+ # Identify whether ipv4 or ipv6. Both are mutally exclusive.
+ if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1 }
+ if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1 }
+ if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1 }
+ if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1 }
$macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
$proto=$1 if $packet =~ /PROTO=(\w+)/;
$srcport=$1 if $packet =~ /SPT=(\d+)/;
diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
index f998a62..efd2886 100644
--- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
@@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};}
if( $cgiparams{'otherspie'} != 0){$otherspie=$cgiparams{'otherspie'};}
if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};}
if( $cgiparams{'sortcolumn'} != 0){$sortcolumn=$cgiparams{'sortcolumn'};}
-
print <<END
</select>
</td>
@@ -294,15 +293,24 @@ $lines = 0;
foreach $_ (@log)
{
- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN
+ if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+ my $iface = '';
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 }
+ if ( $1 =~ /2./ ) { $iface=''; }
+ my $srcaddr = '';
+ # Find ipv4 and ipv6 addresses
+ if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = $1 }
+ elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr = $1 }
if($iface eq $red_interface) {
+ # Traffic from red
if($srcaddr ne '') {
+ # srcaddr is set
my $ccode = $gi->country_code_by_name($srcaddr);
- if( $ccode eq '') {
+ if ($ccode eq '') {
$ccode = 'unknown';
}
$tabjc{$ccode} = $tabjc{$ccode} + 1 ;
@@ -311,11 +319,16 @@ foreach $_ (@log)
}
}
else {
+ # Traffic not from red
if($iface ne '') {
$tabjc{$iface} = $tabjc{$iface} + 1 ;
if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
$linesjc++;
}
+ else {
+ # What to do with empty iface lines?
+ # This probably is traffic from ipfire itself (IN= OUT=XY)?
+ }
}
}
@@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) {
print "<img src='/graphs/fwlog-country$imagerandom.png'>";
print "</div>";
}
-
print <<END
<table width='100%' class='tbl'>
<tr>
@@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
$color++;
print "<tr>";
@@ -466,8 +476,10 @@ for($s=0;$s<$lines;$s++)
print"<input type='hidden' name='country' value='$key[$s]'>";
print"<input type='submit' value='details'></form>";
}
-
- if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0') {
+ elsif ($key[$s] eq 'unknown') {
+ print "unknown";
+ }
+ if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0' || $key[$s] eq 'brip6') {
print "<td align='center' $col>$key[$s]</td>";
}
else {
@@ -489,10 +501,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi-bin/logs.cgi/firewalllogip.dat
index 7d82d20..6fc3422 100644
--- a/html/cgi-bin/logs.cgi/firewalllogip.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
@@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber =
$lines = 0;
foreach $_ (@log)
{
- if($_ =~ /SRC\=([\d\.]+)/){
+ # Extract ipv4 or ipv6 address
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
$tabjc{$1} = $tabjc{$1} + 1 ;
if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
$linesjc++;
@@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
@@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi-bin/logs.cgi/firewalllogport.dat
index 5b0db62..583c1b3 100644
--- a/html/cgi-bin/logs.cgi/firewalllogport.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogport.dat
@@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
@@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
index 5283c42..0784ab9 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
@@ -158,23 +158,35 @@ if (!$skip)
{
while (<FILE>)
{
- if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- my $packet = $2;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+ # First check whether valid log line (date, day)
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+ # If ipv6 uses bridge, then use PHYSIN otherwise use IN
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYSIN=.*)$/) {}
+ elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {}
+ my $packet = $2;
+ my $iface = '';
+ my $srcaddr = '';
+ # If ipv6 uses bridge, use PHYSIN otherwise IN
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 }
+ # Extract ipv4 and ipv6 addresses
+ if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ $srcaddr = $1
+ };
if($iface eq $country) {
+ # iface matches country code
$log[$lines] = $_;
$lines++;
}
elsif($srcaddr ne '') {
+ # or srcaddr matches country code
my $ccode = $gi->country_code_by_name($srcaddr);
if($ccode eq $country){
$log[$lines] = $_;
$lines++;
}
}
- }
+ }
}
close (FILE);
}
@@ -194,16 +206,28 @@ if ($multifile) {
}
if (!$skip) {
while (<FILE>) {
- if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- if($_ =~ /SRC\=([\d\.]+)/){
- my $srcaddr=$1;
- my $ccode = $gi->country_code_by_name($srcaddr);
- if($ccode eq $country){
+ # Check if valid log line (date, day)
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+ my $iface = '';
+ # If ipv6 uses bridge, then use PHYSIN otherwise IN
+ if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($_ =~ /IN=(\w+)/) { $iface = $1 }
+
+ if($iface eq $country) {
+ # iface matches country code
+ $log[$lines] = $_;
+ $lines++;
+ }
+ # extract ipv4 and ipv6 address
+ elsif (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ my $srcaddr=$1;
+ my $ccode = $gi->country_code_by_name($srcaddr);
+ if($ccode eq $country){
+ # or srcaddr matches country code
$log[$lines] = $_;
$lines++;
+ }
}
- }
- }
+ }
}
close (FILE);
}
@@ -308,32 +332,45 @@ $lines = 0;
foreach $_ (@slice)
{
$a = $_;
- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, use PHYSIN otherwise use IN
+ if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {};
my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+ my $iface = '';
+ # If ipv6 uses bridge, use PHYSIN otherwise use IN
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 }
+ if ( $1 =~ /2./ ){ $iface="";}
+ my $srcaddr = '';
+ # Extract ipv4 and ipv6 addresses
+ if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ $srcaddr = $1
+ };
if($iface eq $country || $srcaddr ne '') {
- my $ccode;
+ my $ccode='';
if($iface ne $country) {
$ccode = $gi->country_code_by_name($srcaddr);
}
if($iface eq $country || $ccode eq $country) {
- my $chain = '';
+ my $chain = '';
my $in = '-'; my $out = '-';
my $srcaddr = ''; my $dstaddr = '';
my $protostr = '';
my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, the use PHYSIN otherwise use IN
+ if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3;
- if ($a =~ /IN\=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT\=(\w+)/) { $out = $1; }
- if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+ # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use IN and OUT
+ if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ /IN=(\w+)/) { $iface = $1 }
+ if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ /OUT=(\w+)/) { $out = $1 }
+ # Extract ipv4 and ipv6 addresses
+ if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
+ if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi-bin/logs.cgi/showrequestfromip.dat
index 09a60b5..94e795c 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromip.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat
@@ -155,7 +155,7 @@ if (!$skip)
while (<FILE>)
{
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- if($_ =~ /SRC\=([\d\.]+)/){
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
if($1 eq $ip){
$log[$lines] = $_;
$lines++;
@@ -182,12 +182,12 @@ if ($multifile) {
if (!$skip) {
while (<FILE>) {
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- if($_ =~ /SRC\=([\d\.]+)/){
- if($1 eq $ip){
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ if($1 eq $ip){
$log[$lines] = $_;
$lines++;
- }
- }
+ }
+ }
}
}
close (FILE);
@@ -293,7 +293,8 @@ $lines = 0;
foreach $_ (@slice)
{
$a = $_;
- if($_ =~ /SRC\=([\d\.]+)/){
+ # Check whether valid ipv4 or ipv6 address
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
if($1 eq $ip){
my $chain = '';
my $in = '-'; my $out = '-';
@@ -301,15 +302,19 @@ foreach $_ (@slice)
my $protostr = '';
my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
+ if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3;
- if ($a =~ /IN\=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT\=(\w+)/) { $out = $1; }
- if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+ # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT
+ if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ /IN=(\w+)/) { $iface = $1 }
+ if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ /OUT=(\w+)/) { $out = $1 }
+ # Detect ipv4 and ipv6 addresses
+ if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
+ if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi-bin/logs.cgi/showrequestfromport.dat
index ad9823c..af7779a 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromport.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat
@@ -307,15 +307,19 @@ foreach $_ (@slice)
my $protostr = '';
my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
+ if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3; my $iface;
- if ($a =~ /IN\=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT\=(\w+)/) { $out = $1; }
- if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+ # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT
+ if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ /IN\=(\w+)/) { $iface = $1; }
+ if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~ /OUT\=(\w+)/) { $out = $1; }
+ # Detect ipv4 and ipv6 addresses
+ if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
+ if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] Updated: Enable ipv6 addresses in Firewall logs
2016-01-07 12:00 [PATCH] Enable ipv6 addresses in Firewall logs Michael Eitelwein
@ 2016-01-07 18:53 ` Michael Eitelwein
2016-01-07 23:44 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: Michael Eitelwein @ 2016-01-07 18:53 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 20692 bytes --]
Updated: Enable correct display of ipv6 entries in Firewall log pages of web UI.
3 main changes:
- Fill $iface and $out from PHYSIN and PHYSOUT when looking at bridged packets, otherwise fill from IN and OUT
- Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr
- Match color coding of tables to pie charts (see seperate patch sent earlier)
I am using the bridged ipv6 setup as proposed in the wiki. I do not think this breaks anything when not using ipv6. So it would be nice to include this even if ipv6 is not officially supported yet. It is quite useful when using the ipv6 setup.
This is an updated version to my previous email (as a full diff to master).
Signed-off-by: Michael Eitelwein <michael(a)eitelwein.net>
---
diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat
index 5a584d6..df9b488 100644
--- a/html/cgi-bin/logs.cgi/firewalllog.dat
+++ b/html/cgi-bin/logs.cgi/firewalllog.dat
@@ -328,17 +328,23 @@ END
$lines = 0;
foreach $_ (@log)
{
- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses a bridge, PHYSIN= contains the relevant iface information
+ # otherwise use IN=
+ my $packet = '';
+ if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) { $packet = $5; }
+ elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) { $packet = $4; }
my $day = $1;
$day =~ tr / /0/;
my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
- my $comment = $3;
- my $packet = $4;
+ my $chain = $3;
my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport);
- $iface=$1 if $packet =~ /IN=(\w+)/;
- $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
- $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; }
+ # Identify whether ipv4 or ipv6. Both are mutally exclusive.
+ if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1; }
+ if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1; }
+ if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1; }
+ if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1; }
$macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
$proto=$1 if $packet =~ /PROTO=(\w+)/;
$srcport=$1 if $packet =~ /SPT=(\d+)/;
@@ -366,7 +372,7 @@ foreach $_ (@log)
print <<END
<td align='center' $col>$time</td>
- <td align='center' $col>$comment</td>
+ <td align='center' $col>$chain</td>
<td align='center' $col>$iface</td>
<td align='center' $col>$proto</td>
<td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td>
diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
index f998a62..087b844 100644
--- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
@@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};}
if( $cgiparams{'otherspie'} != 0){$otherspie=$cgiparams{'otherspie'};}
if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};}
if( $cgiparams{'sortcolumn'} != 0){$sortcolumn=$cgiparams{'sortcolumn'};}
-
print <<END
</select>
</td>
@@ -294,15 +293,24 @@ $lines = 0;
foreach $_ (@log)
{
- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN
+ if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+ my $iface = '';
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; }
+ if ( $1 =~ /2./ ) { $iface=''; }
+ my $srcaddr = '';
+ # Find ipv4 and ipv6 addresses
+ if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = $1; }
+ elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr = $1; }
if($iface eq $red_interface) {
+ # Traffic from red
if($srcaddr ne '') {
+ # srcaddr is set
my $ccode = $gi->country_code_by_name($srcaddr);
- if( $ccode eq '') {
+ if ($ccode eq '') {
$ccode = 'unknown';
}
$tabjc{$ccode} = $tabjc{$ccode} + 1 ;
@@ -311,11 +319,16 @@ foreach $_ (@log)
}
}
else {
+ # Traffic not from red
if($iface ne '') {
$tabjc{$iface} = $tabjc{$iface} + 1 ;
if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
$linesjc++;
}
+ else {
+ # What to do with empty iface lines?
+ # This probably is traffic from ipfire itself (IN= OUT=XY)?
+ }
}
}
@@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) {
print "<img src='/graphs/fwlog-country$imagerandom.png'>";
print "</div>";
}
-
print <<END
<table width='100%' class='tbl'>
<tr>
@@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
$color++;
print "<tr>";
@@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++)
print"<input type='hidden' name='country' value='$key[$s]'>";
print"<input type='submit' value='details'></form>";
}
-
- if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0') {
+ elsif ($key[$s] eq 'unknown') {
+ print "unknown";
+ }
+ # Looks dangerous to use hardcoded interface names here. Probably needs fixing.
+ if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0' ) {
print "<td align='center' $col>$key[$s]</td>";
}
else {
@@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi-bin/logs.cgi/firewalllogip.dat
index 7d82d20..6fc3422 100644
--- a/html/cgi-bin/logs.cgi/firewalllogip.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
@@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber =
$lines = 0;
foreach $_ (@log)
{
- if($_ =~ /SRC\=([\d\.]+)/){
+ # Extract ipv4 or ipv6 address
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
$tabjc{$1} = $tabjc{$1} + 1 ;
if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
$linesjc++;
@@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
@@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi-bin/logs.cgi/firewalllogport.dat
index 5b0db62..583c1b3 100644
--- a/html/cgi-bin/logs.cgi/firewalllogport.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogport.dat
@@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
@@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
index 5283c42..27e7697 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
@@ -158,23 +158,35 @@ if (!$skip)
{
while (<FILE>)
{
- if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- my $packet = $2;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+ # First check whether valid log line (date, day)
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+ # If ipv6 uses bridge, then use PHYSIN otherwise use IN
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYSIN=.*)$/) {}
+ elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {}
+ my $packet = $2;
+ my $iface = '';
+ my $srcaddr = '';
+ # If ipv6 uses bridge, use PHYSIN otherwise IN
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; }
+ # Extract ipv4 and ipv6 addresses
+ if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ $srcaddr = $1;
+ };
if($iface eq $country) {
+ # iface matches country code
$log[$lines] = $_;
$lines++;
}
elsif($srcaddr ne '') {
+ # or srcaddr matches country code
my $ccode = $gi->country_code_by_name($srcaddr);
- if($ccode eq $country){
+ if($ccode eq uc($country)){
$log[$lines] = $_;
$lines++;
}
}
- }
+ }
}
close (FILE);
}
@@ -194,16 +206,28 @@ if ($multifile) {
}
if (!$skip) {
while (<FILE>) {
- if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- if($_ =~ /SRC\=([\d\.]+)/){
- my $srcaddr=$1;
- my $ccode = $gi->country_code_by_name($srcaddr);
- if($ccode eq $country){
+ # Check if valid log line (date, day)
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+ my $iface = '';
+ # If ipv6 uses bridge, then use PHYSIN otherwise IN
+ if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($_ =~ /IN=(\w+)/) { $iface = $1; }
+
+ if($iface eq $country) {
+ # iface matches country code
+ $log[$lines] = $_;
+ $lines++;
+ }
+ # extract ipv4 and ipv6 address
+ elsif (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ my $srcaddr=$1;
+ my $ccode = $gi->country_code_by_name($srcaddr);
+ if($ccode eq uc($country)){
+ # or srcaddr matches country code
$log[$lines] = $_;
$lines++;
+ }
}
- }
- }
+ }
}
close (FILE);
}
@@ -308,32 +332,45 @@ $lines = 0;
foreach $_ (@slice)
{
$a = $_;
- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, use PHYSIN otherwise use IN
+ if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {};
my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+ my $iface = '';
+ # If ipv6 uses bridge, use PHYSIN otherwise use IN
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; }
+ if ( $1 =~ /2./ ){ $iface=""; }
+ my $srcaddr = '';
+ # Extract ipv4 and ipv6 addresses
+ if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ $srcaddr = $1;
+ };
if($iface eq $country || $srcaddr ne '') {
- my $ccode;
+ my $ccode='';
if($iface ne $country) {
$ccode = $gi->country_code_by_name($srcaddr);
}
- if($iface eq $country || $ccode eq $country) {
- my $chain = '';
+ if($iface eq $country || $ccode eq uc($country)) {
+ my $chain = '';
my $in = '-'; my $out = '-';
my $srcaddr = ''; my $dstaddr = '';
my $protostr = '';
my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, the use PHYSIN otherwise use IN
+ if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3;
- if ($a =~ /IN\=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT\=(\w+)/) { $out = $1; }
- if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+ # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use IN and OUT
+ if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~ /IN=(\w+)/) { $iface = $1; }
+ if ($a =~ /PHYSOUT=(\w+)/) { $out = $1; } elsif ($a =~ /OUT=(\w+)/) { $out = $1; }
+ # Extract ipv4 and ipv6 addresses
+ if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
+ if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi-bin/logs.cgi/showrequestfromip.dat
index 09a60b5..d7d1ace 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromip.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat
@@ -155,7 +155,7 @@ if (!$skip)
while (<FILE>)
{
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- if($_ =~ /SRC\=([\d\.]+)/){
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
if($1 eq $ip){
$log[$lines] = $_;
$lines++;
@@ -182,12 +182,12 @@ if ($multifile) {
if (!$skip) {
while (<FILE>) {
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- if($_ =~ /SRC\=([\d\.]+)/){
- if($1 eq $ip){
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ if($1 eq $ip){
$log[$lines] = $_;
$lines++;
- }
- }
+ }
+ }
}
}
close (FILE);
@@ -293,7 +293,8 @@ $lines = 0;
foreach $_ (@slice)
{
$a = $_;
- if($_ =~ /SRC\=([\d\.]+)/){
+ # Check whether valid ipv4 or ipv6 address
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
if($1 eq $ip){
my $chain = '';
my $in = '-'; my $out = '-';
@@ -301,15 +302,19 @@ foreach $_ (@slice)
my $protostr = '';
my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
+ if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3;
- if ($a =~ /IN\=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT\=(\w+)/) { $out = $1; }
- if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+ # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT
+ if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~ /IN=(\w+)/) { $iface = $1; }
+ if ($a =~ /PHYSOUT=(\w+)/) { $out = $1; } elsif ($a =~ /OUT=(\w+)/) { $out = $1; }
+ # Detect ipv4 and ipv6 addresses
+ if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
+ if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi-bin/logs.cgi/showrequestfromport.dat
index ad9823c..6f5f63b 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromport.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat
@@ -307,15 +307,19 @@ foreach $_ (@slice)
my $protostr = '';
my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
+ if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3; my $iface;
- if ($a =~ /IN\=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT\=(\w+)/) { $out = $1; }
- if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+ # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT
+ if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ /IN\=(\w+)/) { $iface = $1; }
+ if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~ /OUT\=(\w+)/) { $out = $1; }
+ # Detect ipv4 and ipv6 addresses
+ if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
+ if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Updated: Enable ipv6 addresses in Firewall logs
2016-01-07 18:53 ` [PATCH] Updated: " Michael Eitelwein
@ 2016-01-07 23:44 ` Michael Tremer
2016-01-08 21:30 ` Matthias Fischer
0 siblings, 1 reply; 4+ messages in thread
From: Michael Tremer @ 2016-01-07 23:44 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 25869 bytes --]
Hi,
this patch is much bigger than the last one which makes it a bit
difficult to review.
On Thu, 2016-01-07 at 19:53 +0100, Michael Eitelwein wrote:
> Updated: Enable correct display of ipv6 entries in Firewall log pages
> of web UI.
Generally IPFire 2 does not support IPv6, but it is enabled at some
places so that it can be used. However, there will be no full IPv6
support in IPFire 2 since there is a horrible CGI web user interface
which is hardly extensible.
Patches like these are okay though.
> 3 main changes:
> - Fill $iface and $out from PHYSIN and PHYSOUT when looking at
> bridged packets, otherwise fill from IN and OUT
This will hopefully work for IPv4 as well :)
> - Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr
> - Match color coding of tables to pie charts (see seperate patch
> sent earlier)
It looks like this is included in this one as well. It would be better
to have extra patches for both changes and reference the dependency in
the commit message.
> I am using the bridged ipv6 setup as proposed in the wiki. I do not
> think this breaks anything when not using ipv6. So it would be nice
> to include this even if ipv6 is not officially supported yet. It is
> quite useful when using the ipv6 setup.
@Matthias: Could you maybe review and test this patch in a non-IPv6
setup?
> This is an updated version to my previous email (as a full diff to
> master).
What has been updated?
>
> Signed-off-by: Michael Eitelwein <michael(a)eitelwein.net>
> ---
> diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-
> bin/logs.cgi/firewalllog.dat
> index 5a584d6..df9b488 100644
> --- a/html/cgi-bin/logs.cgi/firewalllog.dat
> +++ b/html/cgi-bin/logs.cgi/firewalllog.dat
> @@ -328,17 +328,23 @@ END
> $lines = 0;
> foreach $_ (@log)
> {
> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses a bridge, PHYSIN= contains the relevant iface
> information
> + # otherwise use IN=
> + my $packet = '';
> + if ($_ =~ /^... (..) (..:..:..) [\w\-]+
> kernel:(.*)(IN=.*)(PHYSIN=.*)$/) { $packet = $5; }
> + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+
> kernel:(.*)(IN=.*)$/) { $packet = $4; }
> my $day = $1;
> $day =~ tr / /0/;
> my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
> - my $comment = $3;
> - my $packet = $4;
> + my $chain = $3;
>
> my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport,
> $dstport);
> - $iface=$1 if $packet =~ /IN=(\w+)/;
> - $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
> - $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
> + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1; } elsif ($packet
> =~ /IN=(\w+)/) { $iface = $1; }
> + # Identify whether ipv4 or ipv6. Both are mutally exclusive.
> + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
> $srcaddr=$1; }
> + if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-
> fA-F]{0,4})){2,7})/) { $srcaddr=$1; }
> + if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
> $dstaddr=$1; }
> + if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-
> fA-F]{0,4})){2,7})/) { $dstaddr=$1; }
> $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
> $proto=$1 if $packet =~ /PROTO=(\w+)/;
> $srcport=$1 if $packet =~ /SPT=(\d+)/;
> @@ -366,7 +372,7 @@ foreach $_ (@log)
> print <<END
>
> <td align='center' $col>$time</td>
> - <td align='center' $col>$comment</td>
> + <td align='center' $col>$chain</td>
> <td align='center' $col>$iface</td>
> <td align='center' $col>$proto</td>
> <td align='center' $col><a href='/cgi-
> bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-
> bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td>
> diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-
> bin/logs.cgi/firewalllogcountry.dat
> index f998a62..087b844 100644
> --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
> +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
> @@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} !=
> 0){$pienumber=$cgiparams{'pienumber'};}
> if( $cgiparams{'otherspie'} !=
> 0){$otherspie=$cgiparams{'otherspie'};}
> if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};}
> if( $cgiparams{'sortcolumn'} !=
> 0){$sortcolumn=$cgiparams{'sortcolumn'};}
> -
> print <<END
> </select>
> </td>
> @@ -294,15 +293,24 @@ $lines = 0;
>
> foreach $_ (@log)
> {
> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN
> + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
> + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
Could this not be written like (PHYS)?IN= ?
> my $packet = $4;
> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){
> $iface="";}
> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
> + my $iface = '';
> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~
> /IN=(\w+)/) { $iface = $1; }
> + if ( $1 =~ /2./ ) { $iface=''; }
> + my $srcaddr = '';
> + # Find ipv4 and ipv6 addresses
> + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
> $srcaddr = $1; }
> + elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-
> F]{0,4})){2,7})/) { $srcaddr = $1; }
>
> if($iface eq $red_interface) {
> + # Traffic from red
> if($srcaddr ne '') {
> + # srcaddr is set
> my $ccode = $gi->country_code_by_name($srcaddr);
> - if( $ccode eq '') {
> + if ($ccode eq '') {
> $ccode = 'unknown';
> }
> $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
> @@ -311,11 +319,16 @@ foreach $_ (@log)
> }
> }
> else {
> + # Traffic not from red
> if($iface ne '') {
> $tabjc{$iface} = $tabjc{$iface} + 1 ;
> if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines
> = $lines + 1; }
> $linesjc++;
> }
> + else {
> + # What to do with empty iface lines?
> + # This probably is traffic from ipfire itself (IN= OUT=XY)?
> + }
> }
> }
>
> @@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 &&
> $pienumber != 0) {
> print "<img src='/graphs/fwlog-country$imagerandom.png'>";
> print "</div>";
> }
> -
> print <<END
> <table width='100%' class='tbl'>
> <tr>
> @@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++)
> $percent = $value[$s] * 100 / $linesjc;
> $percent = sprintf("%.f", $percent);
> $total = $total + $value[$s];
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> $color++;
> print "<tr>";
> @@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++)
> print"<input type='hidden' name='country' value='$key[$s]'>";
> print"<input type='submit' value='details'></form>";
> }
> -
> - if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq
> 'orange0') {
> + elsif ($key[$s] eq 'unknown') {
> + print "unknown";
> + }
> + # Looks dangerous to use hardcoded interface names here. Probably
> needs fixing.
> + if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq
> 'orange0' ) {
> print "<td align='center' $col>$key[$s]</td>";
> }
> else {
This unfortunately happens in many places which is one of the biggest
reasons why we will rewrite the web user interface and why extending it
is nearly impossible. At least not fun.
> @@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++)
>
> if($cgiparams{'otherspie'} == 2 ){}
> else{
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> print "<tr>";
>
> diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi-
> bin/logs.cgi/firewalllogip.dat
> index 7d82d20..6fc3422 100644
> --- a/html/cgi-bin/logs.cgi/firewalllogip.dat
> +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
> @@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > $lines ||
> $sortcolumn == 2) { $pienumber =
> $lines = 0;
> foreach $_ (@log)
> {
> - if($_ =~ /SRC\=([\d\.]+)/){
> + # Extract ipv4 or ipv6 address
> + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~
> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> $tabjc{$1} = $tabjc{$1} + 1 ;
> if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines =
> $lines + 1; }
> $linesjc++;
> @@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++)
> $percent = $value[$s] * 100 / $linesjc;
> $percent = sprintf("%.f", $percent);
> $total = $total + $value[$s];
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> print "<tr>";
>
> @@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++)
>
> if($cgiparams{'otherspie'} == 2 ){}
> else{
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> print "<tr>";
>
> diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi-
> bin/logs.cgi/firewalllogport.dat
> index 5b0db62..583c1b3 100644
> --- a/html/cgi-bin/logs.cgi/firewalllogport.dat
> +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat
> @@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++)
> $percent = $value[$s] * 100 / $linesjc;
> $percent = sprintf("%.f", $percent);
> $total = $total + $value[$s];
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> print "<tr>";
>
> @@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++)
>
> if($cgiparams{'otherspie'} == 2 ){}
> else{
> - my $colorIndex = $color % 10;
> - if($colorIndex == 0) {
> - $colorIndex = 10;
> - }
> + # colors are numbered 1 to 10
> + my $colorIndex = ($color % 10) + 1;
> $col="bgcolor='$color{\"color$colorIndex\"}'";
> print "<tr>";
>
> diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> index 5283c42..27e7697 100644
> --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
> @@ -158,23 +158,35 @@ if (!$skip)
> {
> while (<FILE>)
> {
> - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> - my $packet = $2;
> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~
> /2./ ){ $iface="";}
> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
> + # First check whether valid log line (date, day)
> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> + # If ipv6 uses bridge, then use PHYSIN otherwise use IN
> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(PHYSIN=.*)$/) {}
> + elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {}
Same as above.
> + my $packet = $2;
> + my $iface = '';
> + my $srcaddr = '';
> + # If ipv6 uses bridge, use PHYSIN otherwise IN
> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif
> ($packet =~ /IN=(\w+)/) { $iface = $1; }
> + # Extract ipv4 and ipv6 addresses
> + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-
> F]{0,4})){2,7})/)) {
> + $srcaddr = $1;
> + };
>
> if($iface eq $country) {
> + # iface matches country code
> $log[$lines] = $_;
> $lines++;
> }
> elsif($srcaddr ne '') {
> + # or srcaddr matches country code
> my $ccode = $gi->country_code_by_name($srcaddr);
> - if($ccode eq $country){
> + if($ccode eq uc($country)){
> $log[$lines] = $_;
> $lines++;
> }
> }
> - }
> + }
> }
> close (FILE);
> }
> @@ -194,16 +206,28 @@ if ($multifile) {
> }
> if (!$skip) {
> while (<FILE>) {
> - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> - if($_ =~ /SRC\=([\d\.]+)/){
> - my $srcaddr=$1;
> - my $ccode = $gi->country_code_by_name($srcaddr);
> - if($ccode eq $country){
> + # Check if valid log line (date, day)
> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> + my $iface = '';
> + # If ipv6 uses bridge, then use PHYSIN otherwise
> IN
> + if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif
> ($_ =~ /IN=(\w+)/) { $iface = $1; }
> +
> + if($iface eq $country) {
> + # iface matches country code
> + $log[$lines] = $_;
> + $lines++;
> + }
> + # extract ipv4 and ipv6 address
> + elsif (($_ =~
> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-
> F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> + my $srcaddr=$1;
> + my $ccode = $gi-
> >country_code_by_name($srcaddr);
> + if($ccode eq uc($country)){
> + # or srcaddr matches country code
> $log[$lines] = $_;
> $lines++;
> + }
> }
> - }
> - }
> + }
> }
> close (FILE);
> }
> @@ -308,32 +332,45 @@ $lines = 0;
> foreach $_ (@slice)
> {
> $a = $_;
> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses bridge, use PHYSIN otherwise use IN
> + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
> + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {};
> my $packet = $4;
> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){
> $iface="";}
> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
> + my $iface = '';
> + # If ipv6 uses bridge, use PHYSIN otherwise use IN
> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~
> /IN=(\w+)/) { $iface = $1; }
> + if ( $1 =~ /2./ ){ $iface=""; }
> + my $srcaddr = '';
> + # Extract ipv4 and ipv6 addresses
> + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
> ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/))
> {
> + $srcaddr = $1;
> + };
>
> if($iface eq $country || $srcaddr ne '') {
> - my $ccode;
> + my $ccode='';
> if($iface ne $country) {
> $ccode = $gi->country_code_by_name($srcaddr);
> }
> - if($iface eq $country || $ccode eq $country) {
> - my $chain = '';
> + if($iface eq $country || $ccode eq uc($country)) {
> + my $chain = '';
> my $in = '-'; my $out = '-';
> my $srcaddr = ''; my $dstaddr = '';
> my $protostr = '';
> my $srcport = ''; my $dstport = '';
>
> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses bridge, the use PHYSIN otherwise use IN
> + if ($_ =~ /(^.* ..:..:..) [\w\-]+
> kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {}
> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
> my $timestamp = $1; my $chain = $2; my $packet = $3;
> $timestamp =~ /(...) (..) (..:..:..)/;
> my $month = $1; my $day = $2; my $time = $3;
>
> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
> + # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use
> IN and OUT
> + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~
> /IN=(\w+)/) { $iface = $1; }
> + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1; } elsif ($a =~
> /OUT=(\w+)/) { $out = $1; }
> + # Extract ipv4 and ipv6 addresses
> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr =
> $1; }
> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr =
> $1; }
> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
> my $protostrlc = lc($protostr);
> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
> diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi-
> bin/logs.cgi/showrequestfromip.dat
> index 09a60b5..d7d1ace 100644
> --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat
> +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat
> @@ -155,7 +155,7 @@ if (!$skip)
> while (<FILE>)
> {
> if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> - if($_ =~ /SRC\=([\d\.]+)/){
> + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
> or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> if($1 eq $ip){
> $log[$lines] = $_;
> $lines++;
> @@ -182,12 +182,12 @@ if ($multifile) {
> if (!$skip) {
> while (<FILE>) {
> if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
> kernel:.*(IN=.*)$/) {
> - if($_ =~ /SRC\=([\d\.]+)/){
> - if($1 eq $ip){
> + if (($_ =~
> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-
> F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> + if($1 eq $ip){
> $log[$lines] = $_;
> $lines++;
> - }
> - }
> + }
> + }
> }
> }
> close (FILE);
> @@ -293,7 +293,8 @@ $lines = 0;
> foreach $_ (@slice)
> {
> $a = $_;
> - if($_ =~ /SRC\=([\d\.]+)/){
> + # Check whether valid ipv4 or ipv6 address
> + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~
> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
> if($1 eq $ip){
> my $chain = '';
> my $in = '-'; my $out = '-';
> @@ -301,15 +302,19 @@ foreach $_ (@slice)
> my $protostr = '';
> my $srcport = ''; my $dstport = '';
>
> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
> + if ($_ =~ /(^.* ..:..:..) [\w\-]+
> kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {}
> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/)
> {}
> my $timestamp = $1; my $chain = $2; my $packet = $3;
> $timestamp =~ /(...) (..) (..:..:..)/;
> my $month = $1; my $day = $2; my $time = $3;
>
> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
> + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise
> use IN and OUT
> + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~
> /IN=(\w+)/) { $iface = $1; }
> + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1; } elsif ($a =~
> /OUT=(\w+)/) { $out = $1; }
> + # Detect ipv4 and ipv6 addresses
> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr =
> $1; }
> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr =
> $1; }
> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
> my $protostrlc = lc($protostr);
> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
> diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat
> b/html/cgi-bin/logs.cgi/showrequestfromport.dat
> index ad9823c..6f5f63b 100644
> --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat
> +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat
> @@ -307,15 +307,19 @@ foreach $_ (@slice)
> my $protostr = '';
> my $srcport = ''; my $dstport = '';
>
> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
> + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
> + if ($_ =~ /(^.* ..:..:..) [\w\-]+
> kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {}
> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/)
> {}
> my $timestamp = $1; my $chain = $2; my $packet = $3;
> $timestamp =~ /(...) (..) (..:..:..)/;
> my $month = $1; my $day = $2; my $time = $3; my $iface;
>
> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
> + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise
> use IN and OUT
> + if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~
> /IN\=(\w+)/) { $iface = $1; }
> + if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~
> /OUT\=(\w+)/) { $out = $1; }
> + # Detect ipv4 and ipv6 addresses
> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr =
> $1; }
> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr =
> $1; }
> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
> my $protostrlc = lc($protostr);
> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
>
Best,
-Michael
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Updated: Enable ipv6 addresses in Firewall logs
2016-01-07 23:44 ` Michael Tremer
@ 2016-01-08 21:30 ` Matthias Fischer
0 siblings, 0 replies; 4+ messages in thread
From: Matthias Fischer @ 2016-01-08 21:30 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 169 bytes --]
Hi,
On 08.01.2016 00:44, Michael Tremer wrote:
> @Matthias: Could you maybe review and test this patch in a non-IPv6
> setup?
I'll take a look... ;-)
Best,
Matthias
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-01-08 21:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-07 12:00 [PATCH] Enable ipv6 addresses in Firewall logs Michael Eitelwein
2016-01-07 18:53 ` [PATCH] Updated: " Michael Eitelwein
2016-01-07 23:44 ` Michael Tremer
2016-01-08 21:30 ` Matthias Fischer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox