From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bernhard Bitsch To: development@lists.ipfire.org Subject: Re: [PATCH] firewalllog.dat: Proper display protocol names. Date: Thu, 15 Jul 2021 18:42:37 +0200 Message-ID: <72eb3e92-60c2-5727-72df-34e9b94c5018@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7828954747783154944==" List-Id: --===============7828954747783154944== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Stefan, nevermind, that's the purpose of code review. ;) - Bernhard Am 15.07.2021 um 10:17 schrieb Stefan Schantl: > Hello Bernhard, >=20 > good find - thanks a lot. >=20 > I'll send a second patch to the list. >=20 > - Stefan >> A little correction, see below. >> >> Reviewed-by: Bernhard Bitsch >> >> Am 13.07.2021 um 18:58 schrieb Stefan Schantl: >>> In some cases iptables logs the protocol number instead of the >>> name. >>> When accessing the logs via the WUI, this number has been displayed >>> as used >>> protocol, which is very hard to read and understand. >>> >>> This commit adds a new function to the general-functions.pl, which >>> generates a hash to translate the protocol number into the protocol >>> name. >>> >>> Fixes #11282. >>> >>> Signed-off-by: Stefan Schantl >>> --- >>> =C2=A0 config/cfgroot/general-functions.pl=C2=A0=C2=A0 | 36 >>> +++++++++++++++++++++++++++ >>> =C2=A0 html/cgi-bin/logs.cgi/firewalllog.dat |=C2=A0 8 ++++++ >>> =C2=A0 2 files changed, 44 insertions(+) >>> >>> diff --git a/config/cfgroot/general-functions.pl >>> b/config/cfgroot/general-functions.pl >>> index 550afcf82..529585863 100644 >>> --- a/config/cfgroot/general-functions.pl >>> +++ b/config/cfgroot/general-functions.pl >>> @@ -1363,6 +1363,42 @@ sub formatBytes { >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0return sprintf("%.2f %s"= , $bytes, $unit); >>> =C2=A0 } >>> =20 >>> +# Function to collect and generate a hash for translating protocol >>> numbers into >>> +# their names. >>> +sub generateProtoTransHash () { >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# File which contains the prot= ocol definitions. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0my $protocols_file =3D "/etc/p= rotocols"; >>> + >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0my %protocols =3D (); >>> + >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Open protocols file. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0open(FILE, "$protocols_file") = or die "Could not open >>> $protocols_file. $!\n"; >>> + >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Loop through the file. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0while (my $line =3D ) { >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Skip comments. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0next if ($line =3D~ /\#/); >> >> This should read (all lines contain comments): >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0next if ($line =3D~ /^#/); >> >>> + >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Skip blank=C2=A0 lines. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0next if ($line =3D~ /^\s*$/); >>> + >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Remove any newlines. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0chomp($line); >>> + >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Split line content. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0my ($protocol_lc, $number, $protocol_uc, $comment) >>> =3D split(' ', $line); >>> + >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Add proto details to the hash of protocols. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0$protocols{$number} =3D $protocol_uc; >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0} >>> + >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Close file handle. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0close(FILE); >>> + >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Return the hash. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0return %protocols; >>> +} >>> + >>> =C2=A0 # Cloud Stuff >>> =20 >>> =C2=A0 sub running_in_cloud() { >>> diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi- >>> bin/logs.cgi/firewalllog.dat >>> index e326d65c0..73596d8cd 100644 >>> --- a/html/cgi-bin/logs.cgi/firewalllog.dat >>> +++ b/html/cgi-bin/logs.cgi/firewalllog.dat >>> @@ -325,6 +325,8 @@ print <>> =C2=A0 END >>> =C2=A0 ; >>> =20 >>> +# Generate hash to translate protocol numbers into protocol names. >>> +my %protocols =3D &General::generateProtoTransHash(); >>> =20 >>> =C2=A0 $lines =3D 0; >>> =C2=A0 foreach $_ (@log) >>> @@ -354,6 +356,12 @@ foreach $_ (@log) >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Get the country code. >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0my $ccode =3D >>> &Location::Functions::lookup_country_code($srcaddr); >>> =20 >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Lookup if the grabbed protoc= ol is part of the protocols >>> hash. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if (exists ($protocols{$proto}= )) { >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Translate protocol number into protocol name. >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0$proto =3D $protocols{$proto}; >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0} >>> + >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0my $servi =3D uc(getserv= byport($srcport, lc($proto))); >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if ($servi ne '' && $src= port < 1024) { >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0$srcport =3D "$srcport($servi)"; >>> >=20 --===============7828954747783154944==--