From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Eitelwein To: development@lists.ipfire.org Subject: [PATCH 4/5] Fixed detection of firewall chain when bridge is used for ipv6 Date: Sun, 10 Jan 2016 18:39:57 +0100 Message-ID: <5692976D.10408@eitelwein.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7905742930971937522==" List-Id: --===============7905742930971937522== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Fixing a bug in previous patches. Signed-off-by: Michael Eitelwein --- html/cgi-bin/logs.cgi/firewalllog.dat | 2 +- html/cgi-bin/logs.cgi/firewalllogcountry.dat | 8 ++++---- html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 22 +++++++++++----------- html/cgi-bin/logs.cgi/showrequestfromip.dat | 6 +++--- html/cgi-bin/logs.cgi/showrequestfromport.dat | 6 +++--- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/fi= rewalllog.dat index 7ae9be6..df9b488 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -339,7 +339,7 @@ foreach $_ (@log) my $chain =3D $3; my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstpor= t); - if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface=3D$1 } elsif ($packet = =3D~ /IN=3D(\w+)/) { $iface =3D $1; } + if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface=3D$1; } elsif ($packet = =3D~ /IN=3D(\w+)/) { $iface =3D $1; } # Identify whether ipv4 or ipv6. Both are mutally exclusive. if ($packet =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcad= dr=3D$1; } if ($packet =3D~ /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]= {0,4})){2,7})/) { $srcaddr=3D$1; } diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs= .cgi/firewalllogcountry.dat index 2661ddd..087b844 100644 --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat @@ -294,16 +294,16 @@ $lines =3D 0; foreach $_ (@log) { # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN - if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=3D.*)$/) {} + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=3D.*)$/) {} elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/) {} my $packet =3D $4; my $iface =3D ''; - if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } elsif ($packet =3D~ /= IN=3D(\w+)/) { $iface =3D $1 } + if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1; } elsif ($packet =3D~ = /IN=3D(\w+)/) { $iface =3D $1; } if ( $1 =3D~ /2./ ) { $iface=3D''; } my $srcaddr =3D ''; # Find ipv4 and ipv6 addresses - if ($packet =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr =3D = $1 } - elsif ($packet =3D~ /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7}= )/) { $srcaddr =3D $1 } + if ($packet =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = =3D $1; } + elsif ($packet =3D~ /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7}= )/) { $srcaddr =3D $1; } if($iface eq $red_interface) { # Traffic from red diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/= logs.cgi/showrequestfromcountry.dat index 07bf864..27e7697 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat @@ -161,16 +161,16 @@ if (!$skip) # First check whether valid log line (date, day) if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=3D.*)= $/) { # If ipv6 uses bridge, then use PHYSIN otherwise use IN - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYSIN= =3D.*)$/) {} + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYS= IN=3D.*)$/) {} elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN= =3D.*)$/) {} my $packet =3D $2; my $iface =3D ''; my $srcaddr =3D ''; # If ipv6 uses bridge, use PHYSIN otherwise IN - if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } elsif ($pac= ket =3D~ /IN=3D(\w+)/) { $iface =3D $1 } + if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1; } elsif ($pa= cket =3D~ /IN=3D(\w+)/) { $iface =3D $1; } # Extract ipv4 and ipv6 addresses if (($packet =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or = ($packet =3D~ /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - $srcaddr =3D $1 + $srcaddr =3D $1; }; if($iface eq $country) { @@ -210,7 +210,7 @@ if ($multifile) { if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=3D.*= )$/) { my $iface =3D ''; # If ipv6 uses bridge, then use PHYSIN otherwise IN - if ($_ =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } elsif ($= _ =3D~ /IN=3D(\w+)/) { $iface =3D $1 } + if ($_ =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1; } elsif (= $_ =3D~ /IN=3D(\w+)/) { $iface =3D $1; } if($iface eq $country) { # iface matches country code @@ -333,17 +333,17 @@ foreach $_ (@slice) { $a =3D $_; # If ipv6 uses bridge, use PHYSIN otherwise use IN - if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=3D.*)$/) {} + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=3D.*)$/) {} elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/) {}; my $packet =3D $4; my $iface =3D ''; # If ipv6 uses bridge, use PHYSIN otherwise use IN - if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } elsif ($packet =3D~ /= IN=3D(\w+)/) { $iface =3D $1 } - if ( $1 =3D~ /2./ ){ $iface=3D"";} + if ($packet =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1; } elsif ($packet =3D~ = /IN=3D(\w+)/) { $iface =3D $1; } + if ( $1 =3D~ /2./ ){ $iface=3D""; } my $srcaddr =3D ''; # Extract ipv4 and ipv6 addresses if (($packet =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet = =3D~ /SRC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - $srcaddr =3D $1 + $srcaddr =3D $1; }; if($iface eq $country || $srcaddr ne '') { @@ -359,15 +359,15 @@ foreach $_ (@slice) my $srcport =3D ''; my $dstport =3D ''; # If ipv6 uses bridge, the use PHYSIN otherwise use IN - if ($_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)(PHYSIN=3D.*)$= /) {} + if ($_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)(PHYSIN=3D.= *)$/) {} elsif ($_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/) {} my $timestamp =3D $1; my $chain =3D $2; my $packet =3D $3; $timestamp =3D~ /(...) (..) (..:..:..)/; my $month =3D $1; my $day =3D $2; my $time =3D $3; # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use IN and O= UT - if ($a =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } elsif ($a =3D~ /IN=3D(= \w+)/) { $iface =3D $1 } - if ($a =3D~ /PHYSOUT=3D(\w+)/) { $out =3D $1 } elsif ($a =3D~ /OUT=3D(= \w+)/) { $out =3D $1 } + if ($a =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1; } elsif ($a =3D~ /IN= =3D(\w+)/) { $iface =3D $1; } + if ($a =3D~ /PHYSOUT=3D(\w+)/) { $out =3D $1; } elsif ($a =3D~ /OUT= =3D(\w+)/) { $out =3D $1; } # Extract ipv4 and ipv6 addresses if (($a =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =3D~ /S= RC\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr =3D $1; } if (($a =3D~ /DST\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =3D~ /D= ST\=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr =3D $1; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi-bin/logs.= cgi/showrequestfromip.dat index 3611c19..d7d1ace 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat @@ -303,15 +303,15 @@ foreach $_ (@slice) my $srcport =3D ''; my $dstport =3D ''; # If ipv6 uses bridge, the use PHYSIN, otherwise use IN - if ($_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)(PHYSIN=3D.*= )$/) {} + if ($_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)(PHYSIN= =3D.*)$/) {} elsif ($_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/) {} my $timestamp =3D $1; my $chain =3D $2; my $packet =3D $3; $timestamp =3D~ /(...) (..) (..:..:..)/; my $month =3D $1; my $day =3D $2; my $time =3D $3; # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN= and OUT - if ($a =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1 } elsif ($a =3D~ /IN= =3D(\w+)/) { $iface =3D $1 } - if ($a =3D~ /PHYSOUT=3D(\w+)/) { $out =3D $1 } elsif ($a =3D~ /OUT= =3D(\w+)/) { $out =3D $1 } + if ($a =3D~ /PHYSIN=3D(\w+)/) { $iface =3D $1; } elsif ($a =3D~ /IN= =3D(\w+)/) { $iface =3D $1; } + if ($a =3D~ /PHYSOUT=3D(\w+)/) { $out =3D $1; } elsif ($a =3D~ /OU= T=3D(\w+)/) { $out =3D $1; } # Detect ipv4 and ipv6 addresses if (($a =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =3D~ /SRC= \=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr =3D $1; } if (($a =3D~ /DST\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =3D~ /DST= \=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr =3D $1; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi-bin/log= s.cgi/showrequestfromport.dat index d735c7b..6f5f63b 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat @@ -308,15 +308,15 @@ foreach $_ (@slice) my $srcport =3D ''; my $dstport =3D ''; # If ipv6 uses bridge, the use PHYSIN, otherwise use IN - if ($_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)(PHYSIN=3D.*)$/)= {} + if ($_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)(PHYSIN=3D.*)= $/) {} elsif ($_ =3D~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=3D.*)$/) {} my $timestamp =3D $1; my $chain =3D $2; my $packet =3D $3; $timestamp =3D~ /(...) (..) (..:..:..)/; my $month =3D $1; my $day =3D $2; my $time =3D $3; my $iface; # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN= and OUT - if ($a =3D~ /PHYSIN\=3D(\w+)/) { $iface =3D $1; } elsif ($a =3D~ /IN\=3D= (\w+)/) { $iface =3D $1; } - if ($a =3D~ /PHYSOUT\=3D(\w+)/) { $out =3D $1; } elsif ($a =3D~ /OUT= \=3D(\w+)/) { $out =3D $1; } + if ($a =3D~ /PHYSIN\=3D(\w+)/) { $iface =3D $1; } elsif ($a =3D~ /IN\= =3D(\w+)/) { $iface =3D $1; } + if ($a =3D~ /PHYSOUT\=3D(\w+)/) { $out =3D $1; } elsif ($a =3D~ /O= UT\=3D(\w+)/) { $out =3D $1; } # Detect ipv4 and ipv6 addresses if (($a =3D~ /SRC\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =3D~ /SRC= \=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr =3D $1; } if (($a =3D~ /DST\=3D(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =3D~ /DST= \=3D(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr =3D $1; } --=20 1.9.1 --===============7905742930971937522==--