From: Michael Eitelwein <michael@eitelwein.net>
To: development@lists.ipfire.org
Subject: Re: AW: Re: [PATCH 1/5] Enable correct display of ipv6 entries in Firewall log pages of web UI
Date: Sat, 23 Jan 2016 11:50:41 +0100 [thread overview]
Message-ID: <D0814F3F-A7A5-4040-8CE1-02B746B61A0F@eitelwein.net> (raw)
In-Reply-To: <1453509785.585.68.camel@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 25590 bytes --]
Thanks a lot.
Moving on to firewall configuration for IPv6 on the web GUI - who would be the right person to talk to in order to understand the architecture and structure of the code? Or do I need to reverse engineer the existing?
Does it make sense to add this to ipfire2 or should I focus on ipfire3?
Best regards
Michael
Liebe Grüße,
Michael
> Am 23.01.2016 um 01:43 schrieb Michael Tremer <michael.tremer(a)ipfire.org>:
>
> Hi,
>
> I merged these by pulling from your Git repository.
>
> Please fix this email issue.
>
>> On Fri, 2016-01-22 at 22:00 +0100, Matthias Fischer wrote:
>>> On 22.01.2016 19:00, Michael Eitelwein wrote:
>>>
>>>
>>>
>>> Hi
>>> The patch itself is working on my machine without issues. If
>>> Matthias did not observe any issues as well, than I would propose
>>> to merge it into the next release. Please let me know if there is
>>> anything I have to do to get them merged.
>>> The problems of applying the patch were not further examined, as
>>> Matthias was able to apply them in the end. Also they are now
>>> available in git.ipfire.org, so they can be applied directly from
>>> there.
>>> Michael
>>
>> Hi,
>>
>> I just clicked through all '.dat'-files: I saw no problems.
>>
>> Playing chicken: did anyone *else* test this? ;-)
>
> I guess the answer is the usual one.
>
>> Best,
>> Matthias
>>
>> P.S.: ME, while replying to "ALL", there is something weird with your
>> email-address: it just says "michael", not "michael(a)eitelwein.net". I
>> had to add your address manually from my addressbook. Bug or feature-
>> mine or yours?
>
> Yeah that is a misconfiguration in the email client.
>
>>
>>> -------- Ursprüngliche Nachricht --------
>>> Von: Michael Tremer <michael.tremer(a)ipfire.org>
>>> Datum: 22.01.2016 01:59 (GMT+01:00)
>>> An: Michael Eitelwein <michael(a)eitelwein.net>, IPFire Development
>>> List <development(a)lists.ipfire.org>
>>> Cc: Matthias Fischer <matthias.fischer(a)ipfire.org>
>>> Betreff: Re: [PATCH 1/5] Enable correct display of ipv6 entries in
>>> Firewall log pages of web UI
>>>
>>> Hi,
>>>
>>> did you work out what the issue was with these emails?
>>>
>>> Best,
>>> -Michael
>>>
>>>> On Sun, 2016-01-10 at 18:34 +0100, Michael Eitelwein wrote:
>>>> 3 main changes:
>>>> - Fill $iface and $out from PHYSIN and PHYSOUT when looking at
>>>> bridged packets, othewerwise fill from IN and OUT
>>>> - Recognize ipv4 and ipv6 address style for $srcaddr and
>>>> $dstaddr
>>>> - Match color coding of tables to pie charts
>>>>
>>>> I am using the bridged ipv6 setup as proposed in the wiki. I do
>>>> not
>>>> think this breaks anything when not using ipv6. So it would be
>>>> nice
>>>> to include this even if ipv6 is not officially supported yet. It
>>>> is
>>>> quite useful when using the ipv6 setup.
>>>>
>>>> Signed-off-by: Michael Eitelwein <michael(a)eitelwein.net>
>>>>
>>>> ---
>>>> html/cgi-bin/logs.cgi/firewalllog.dat | 14 ++--
>>>> html/cgi-bin/logs.cgi/firewalllogcountry.dat | 43 ++++++++-
>>>> ----
>>>> html/cgi-bin/logs.cgi/firewalllogip.dat | 15 ++---
>>>> html/cgi-bin/logs.cgi/firewalllogport.dat | 12 ++--
>>>> html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 81
>>>> +++++++++++++++++-------
>>>> html/cgi-bin/logs.cgi/showrequestfromip.dat | 27 ++++----
>>>> html/cgi-bin/logs.cgi/showrequestfromport.dat | 14 ++--
>>>> 7 files changed, 131 insertions(+), 75 deletions(-)
>>>>
>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi
>>>> -bin/logs.cgi/firewalllog.dat
>>>> index 5a584d6..42c9612 100644
>>>> --- a/html/cgi-bin/logs.cgi/firewalllog.dat
>>>> +++ b/html/cgi-bin/logs.cgi/firewalllog.dat
>>>> @@ -328,7 +328,10 @@ END
>>>> $lines = 0;
>>>> foreach $_ (@log)
>>>> {
>>>> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>> + # If ipv6 uses a bridge, PHYSIN= contains the relevant iface
>>>> information
>>>> + # otherwise use IN=
>>>> + if ($_ =~ /^... (..) (..:..:..) [\w\-]+
>>>> kernel:(.*)(PHYSIN=.*)$/) {}
>>>> + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+
>>>> kernel:(.*)(IN=.*)$/) {}
>>>> my $day = $1;
>>>> $day =~ tr / /0/;
>>>> my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
>>>> @@ -336,9 +339,12 @@ foreach $_ (@log)
>>>> my $packet = $4;
>>>>
>>>> my ($iface, $srcaddr, $dstaddr, $macaddr, $proto,
>>>> $srcport,
>>>> $dstport);
>>>> - $iface=$1 if $packet =~ /IN=(\w+)/;
>>>> - $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
>>>> - $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
>>>> + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif
>>>> ($packet
>>>> =~ /IN=(\w+)/) { $iface = $1}
>>>> + # Identify whether ipv4 or ipv6. Both are mutally
>>>> exclusive.
>>>> + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
>>>> $srcaddr=$1 }
>>>> + if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0
>>>> -9a-fA
>>>> -F]{0,4})){2,7})/) { $srcaddr=$1 }
>>>> + if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
>>>> $dstaddr=$1 }
>>>> + if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0
>>>> -9a-fA
>>>> -F]{0,4})){2,7})/) { $dstaddr=$1 }
>>>> $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
>>>> $proto=$1 if $packet =~ /PROTO=(\w+)/;
>>>> $srcport=$1 if $packet =~ /SPT=(\d+)/;
>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
>>>> b/html/cgi
>>>> -bin/logs.cgi/firewalllogcountry.dat
>>>> index f998a62..2661ddd 100644
>>>> --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
>>>> +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
>>>> @@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} !=
>>>> 0){$pienumber=$cgiparams{'pienumber'};}
>>>> if( $cgiparams{'otherspie'} !=
>>>> 0){$otherspie=$cgiparams{'otherspie'};}
>>>> if( $cgiparams{'showpie'} !=
>>>> 0){$showpie=$cgiparams{'showpie'};}
>>>> if( $cgiparams{'sortcolumn'} !=
>>>> 0){$sortcolumn=$cgiparams{'sortcolumn'};}
>>>> -
>>>> print <<END
>>>> </select>
>>>> </td>
>>>> @@ -294,15 +293,24 @@ $lines = 0;
>>>>
>>>> foreach $_ (@log)
>>>> {
>>>> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>> + # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN
>>>> + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
>>>> + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
>>>> my $packet = $4;
>>>> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){
>>>> $iface="";}
>>>> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
>>>> + my $iface = '';
>>>> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet
>>>> =~
>>>> /IN=(\w+)/) { $iface = $1 }
>>>> + if ( $1 =~ /2./ ) { $iface=''; }
>>>> + my $srcaddr = '';
>>>> + # Find ipv4 and ipv6 addresses
>>>> + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
>>>> $srcaddr
>>>> = $1 }
>>>> + elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
>>>> -F]{0,4})){2,7})/) { $srcaddr = $1 }
>>>>
>>>> if($iface eq $red_interface) {
>>>> + # Traffic from red
>>>> if($srcaddr ne '') {
>>>> + # srcaddr is set
>>>> my $ccode = $gi->country_code_by_name($srcaddr);
>>>> - if( $ccode eq '') {
>>>> + if ($ccode eq '') {
>>>> $ccode = 'unknown';
>>>> }
>>>> $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
>>>> @@ -311,11 +319,16 @@ foreach $_ (@log)
>>>> }
>>>> }
>>>> else {
>>>> + # Traffic not from red
>>>> if($iface ne '') {
>>>> $tabjc{$iface} = $tabjc{$iface} + 1 ;
>>>> if(($tabjc{$iface} == 1) && ($lines < $pienumber)) {
>>>> $lines
>>>> = $lines + 1; }
>>>> $linesjc++;
>>>> }
>>>> + else {
>>>> + # What to do with empty iface lines?
>>>> + # This probably is traffic from ipfire itself (IN=
>>>> OUT=XY)?
>>>> + }
>>>> }
>>>> }
>>>>
>>>> @@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 &&
>>>> $pienumber != 0) {
>>>> print "<img src='/graphs/fwlog
>>>> -country$imagerandom.png'>";
>>>> print "</div>";
>>>> }
>>>> -
>>>> print <<END
>>>> <table width='100%' class='tbl'>
>>>> <tr>
>>>> @@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++)
>>>> $percent = $value[$s] * 100 / $linesjc;
>>>> $percent = sprintf("%.f", $percent);
>>>> $total = $total + $value[$s];
>>>> - my $colorIndex = $color % 10;
>>>> - if($colorIndex == 0) {
>>>> - $colorIndex = 10;
>>>> - }
>>>> + # colors are numbered 1 to 10
>>>> + my $colorIndex = ($color % 10) + 1;
>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>> $color++;
>>>> print "<tr>";
>>>> @@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++)
>>>> print"<input type='hidden' name='country'
>>>> value='$key[$s]'>";
>>>> print"<input type='submit' value='details'></form>";
>>>> }
>>>> -
>>>> - if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq
>>>> 'orange0') {
>>>> + elsif ($key[$s] eq 'unknown') {
>>>> + print "unknown";
>>>> + }
>>>> + # Looks dangerous to use hardcoded interface names here.
>>>> Probably
>>>> needs fixing.
>>>> + if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq
>>>> 'orange0' ) {
>>>> print "<td align='center' $col>$key[$s]</td>";
>>>> }
>>>> else {
>>>> @@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++)
>>>>
>>>> if($cgiparams{'otherspie'} == 2 ){}
>>>> else{
>>>> - my $colorIndex = $color % 10;
>>>> - if($colorIndex == 0) {
>>>> - $colorIndex = 10;
>>>> - }
>>>> + # colors are numbered 1 to 10
>>>> + my $colorIndex = ($color % 10) + 1;
>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>> print "<tr>";
>>>>
>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi
>>>> -bin/logs.cgi/firewalllogip.dat
>>>> index 7d82d20..6fc3422 100644
>>>> --- a/html/cgi-bin/logs.cgi/firewalllogip.dat
>>>> +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
>>>> @@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > $lines
>>>> ||
>>>> $sortcolumn == 2) { $pienumber =
>>>> $lines = 0;
>>>> foreach $_ (@log)
>>>> {
>>>> - if($_ =~ /SRC\=([\d\.]+)/){
>>>> + # Extract ipv4 or ipv6 address
>>>> + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~
>>>> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>> $tabjc{$1} = $tabjc{$1} + 1 ;
>>>> if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines =
>>>> $lines + 1; }
>>>> $linesjc++;
>>>> @@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++)
>>>> $percent = $value[$s] * 100 / $linesjc;
>>>> $percent = sprintf("%.f", $percent);
>>>> $total = $total + $value[$s];
>>>> - my $colorIndex = $color % 10;
>>>> - if($colorIndex == 0) {
>>>> - $colorIndex = 10;
>>>> - }
>>>> + # colors are numbered 1 to 10
>>>> + my $colorIndex = ($color % 10) + 1;
>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>> print "<tr>";
>>>>
>>>> @@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++)
>>>>
>>>> if($cgiparams{'otherspie'} == 2 ){}
>>>> else{
>>>> - my $colorIndex = $color % 10;
>>>> - if($colorIndex == 0) {
>>>> - $colorIndex = 10;
>>>> - }
>>>> + # colors are numbered 1 to 10
>>>> + my $colorIndex = ($color % 10) + 1;
>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>> print "<tr>";
>>>>
>>>> diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi
>>>> -bin/logs.cgi/firewalllogport.dat
>>>> index 5b0db62..583c1b3 100644
>>>> --- a/html/cgi-bin/logs.cgi/firewalllogport.dat
>>>> +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat
>>>> @@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++)
>>>> $percent = $value[$s] * 100 / $linesjc;
>>>> $percent = sprintf("%.f", $percent);
>>>> $total = $total + $value[$s];
>>>> - my $colorIndex = $color % 10;
>>>> - if($colorIndex == 0) {
>>>> - $colorIndex = 10;
>>>> - }
>>>> + # colors are numbered 1 to 10
>>>> + my $colorIndex = ($color % 10) + 1;
>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>> print "<tr>";
>>>>
>>>> @@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++)
>>>>
>>>> if($cgiparams{'otherspie'} == 2 ){}
>>>> else{
>>>> - my $colorIndex = $color % 10;
>>>> - if($colorIndex == 0) {
>>>> - $colorIndex = 10;
>>>> - }
>>>> + # colors are numbered 1 to 10
>>>> + my $colorIndex = ($color % 10) + 1;
>>>> $col="bgcolor='$color{\"color$colorIndex\"}'";
>>>> print "<tr>";
>>>>
>>>> diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
>>>> b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
>>>> index 5283c42..0784ab9 100644
>>>> --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
>>>> +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
>>>> @@ -158,23 +158,35 @@ if (!$skip)
>>>> {
>>>> while (<FILE>)
>>>> {
>>>> - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>> kernel:.*(IN=.*)$/) {
>>>> - my $packet = $2;
>>>> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1
>>>> =~
>>>> /2./ ){ $iface="";}
>>>> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
>>>> + # First check whether valid log line (date, day)
>>>> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>> kernel:.*(IN=.*)$/) {
>>>> + # If ipv6 uses bridge, then use PHYSIN otherwise use IN
>>>> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>> kernel:.*(PHYSIN=.*)$/) {}
>>>> + elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>> kernel:.*(IN=.*)$/) {}
>>>> + my $packet = $2;
>>>> + my $iface = '';
>>>> + my $srcaddr = '';
>>>> + # If ipv6 uses bridge, use PHYSIN otherwise IN
>>>> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
>>>> ($packet =~ /IN=(\w+)/) { $iface = $1 }
>>>> + # Extract ipv4 and ipv6 addresses
>>>> + if (($packet =~
>>>> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
>>>> or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
>>>> -F]{0,4})){2,7})/)) {
>>>> + $srcaddr = $1
>>>> + };
>>>>
>>>> if($iface eq $country) {
>>>> + # iface matches country code
>>>> $log[$lines] = $_;
>>>> $lines++;
>>>> }
>>>> elsif($srcaddr ne '') {
>>>> + # or srcaddr matches country code
>>>> my $ccode = $gi
>>>> ->country_code_by_name($srcaddr);
>>>> if($ccode eq $country){
>>>> $log[$lines] = $_;
>>>> $lines++;
>>>> }
>>>> }
>>>> - }
>>>> + }
>>>> }
>>>> close (FILE);
>>>> }
>>>> @@ -194,16 +206,28 @@ if ($multifile) {
>>>> }
>>>> if (!$skip) {
>>>> while (<FILE>) {
>>>> - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>> kernel:.*(IN=.*)$/) {
>>>> - if($_ =~ /SRC\=([\d\.]+)/){
>>>> - my $srcaddr=$1;
>>>> - my $ccode = $gi
>>>> ->country_code_by_name($srcaddr);
>>>> - if($ccode eq $country){
>>>> + # Check if valid log line (date, day)
>>>> + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>> kernel:.*(IN=.*)$/) {
>>>> + my $iface = '';
>>>> + # If ipv6 uses bridge, then use PHYSIN
>>>> otherwise
>>>> IN
>>>> + if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1 }
>>>> elsif
>>>> ($_ =~ /IN=(\w+)/) { $iface = $1 }
>>>> +
>>>> + if($iface eq $country) {
>>>> + # iface matches country code
>>>> + $log[$lines] = $_;
>>>> + $lines++;
>>>> + }
>>>> + # extract ipv4 and ipv6 address
>>>> + elsif (($_ =~
>>>> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a
>>>> -fA
>>>> -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>> + my $srcaddr=$1;
>>>> + my $ccode = $gi
>>>> ->country_code_by_name($srcaddr);
>>>> + if($ccode eq $country){
>>>> + # or srcaddr matches country code
>>>> $log[$lines] = $_;
>>>> $lines++;
>>>> + }
>>>> }
>>>> - }
>>>> - }
>>>> + }
>>>> }
>>>> close (FILE);
>>>> }
>>>> @@ -308,32 +332,45 @@ $lines = 0;
>>>> foreach $_ (@slice)
>>>> {
>>>> $a = $_;
>>>> - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>> + # If ipv6 uses bridge, use PHYSIN otherwise use IN
>>>> + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
>>>> + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {};
>>>> my $packet = $4;
>>>> - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){
>>>> $iface="";}
>>>> - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
>>>> + my $iface = '';
>>>> + # If ipv6 uses bridge, use PHYSIN otherwise use IN
>>>> + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet
>>>> =~
>>>> /IN=(\w+)/) { $iface = $1 }
>>>> + if ( $1 =~ /2./ ){ $iface="";}
>>>> + my $srcaddr = '';
>>>> + # Extract ipv4 and ipv6 addresses
>>>> + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or
>>>> ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
>>>> -F]{0,4})){2,7})/))
>>>> {
>>>> + $srcaddr = $1
>>>> + };
>>>>
>>>> if($iface eq $country || $srcaddr ne '') {
>>>> - my $ccode;
>>>> + my $ccode='';
>>>> if($iface ne $country) {
>>>> $ccode = $gi->country_code_by_name($srcaddr);
>>>> }
>>>> if($iface eq $country || $ccode eq $country) {
>>>> - my $chain = '';
>>>> + my $chain = '';
>>>> my $in = '-'; my $out = '-';
>>>> my $srcaddr = ''; my $dstaddr = '';
>>>> my $protostr = '';
>>>> my $srcport = ''; my $dstport = '';
>>>>
>>>> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>> + # If ipv6 uses bridge, the use PHYSIN otherwise use IN
>>>> + if ($_ =~ /(^.* ..:..:..) [\w\-]+
>>>> kernel:(.*)(PHYSIN=.*)$/) {}
>>>> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/)
>>>> {}
>>>> my $timestamp = $1; my $chain = $2; my $packet = $3;
>>>> $timestamp =~ /(...) (..) (..:..:..)/;
>>>> my $month = $1; my $day = $2; my $time = $3;
>>>>
>>>> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
>>>> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
>>>> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
>>>> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
>>>> + # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise
>>>> use
>>>> IN and OUT
>>>> + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~
>>>> /IN=(\w+)/) { $iface = $1 }
>>>> + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~
>>>> /OUT=(\w+)/) { $out = $1 }
>>>> + # Extract ipv4 and ipv6 addresses
>>>> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a
>>>> =~
>>>> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>> $srcaddr =
>>>> $1; }
>>>> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a
>>>> =~
>>>> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>> $dstaddr =
>>>> $1; }
>>>> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
>>>> my $protostrlc = lc($protostr);
>>>> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
>>>> diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat
>>>> b/html/cgi
>>>> -bin/logs.cgi/showrequestfromip.dat
>>>> index 09a60b5..94e795c 100644
>>>> --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat
>>>> +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat
>>>> @@ -155,7 +155,7 @@ if (!$skip)
>>>> while (<FILE>)
>>>> {
>>>> if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>> kernel:.*(IN=.*)$/) {
>>>> - if($_ =~ /SRC\=([\d\.]+)/){
>>>> + if (($_ =~
>>>> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
>>>> or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
>>>> -F]{0,4})){2,7})/)) {
>>>> if($1 eq $ip){
>>>> $log[$lines] = $_;
>>>> $lines++;
>>>> @@ -182,12 +182,12 @@ if ($multifile) {
>>>> if (!$skip) {
>>>> while (<FILE>) {
>>>> if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
>>>> kernel:.*(IN=.*)$/) {
>>>> - if($_ =~ /SRC\=([\d\.]+)/){
>>>> - if($1 eq $ip){
>>>> + if (($_ =~
>>>> /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a
>>>> -fA
>>>> -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>> + if($1 eq $ip){
>>>> $log[$lines] = $_;
>>>> $lines++;
>>>> - }
>>>> - }
>>>> + }
>>>> + }
>>>> }
>>>> }
>>>> close (FILE);
>>>> @@ -293,7 +293,8 @@ $lines = 0;
>>>> foreach $_ (@slice)
>>>> {
>>>> $a = $_;
>>>> - if($_ =~ /SRC\=([\d\.]+)/){
>>>> + # Check whether valid ipv4 or ipv6 address
>>>> + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~
>>>> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>> if($1 eq $ip){
>>>> my $chain = '';
>>>> my $in = '-'; my $out = '-';
>>>> @@ -301,15 +302,19 @@ foreach $_ (@slice)
>>>> my $protostr = '';
>>>> my $srcport = ''; my $dstport = '';
>>>>
>>>> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>> + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
>>>> + if ($_ =~ /(^.* ..:..:..) [\w\-]+
>>>> kernel:(.*)(PHYSIN=.*)$/)
>>>> {}
>>>> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+
>>>> kernel:(.*)(IN=.*)$/)
>>>> {}
>>>> my $timestamp = $1; my $chain = $2; my $packet = $3;
>>>> $timestamp =~ /(...) (..) (..:..:..)/;
>>>> my $month = $1; my $day = $2; my $time = $3;
>>>>
>>>> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
>>>> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
>>>> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
>>>> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
>>>> + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT,
>>>> otherwise
>>>> use IN and OUT
>>>> + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~
>>>> /IN=(\w+)/) { $iface = $1 }
>>>> + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~
>>>> /OUT=(\w+)/) { $out = $1 }
>>>> + # Detect ipv4 and ipv6 addresses
>>>> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
>>>> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>> $srcaddr =
>>>> $1; }
>>>> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
>>>> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>> $dstaddr =
>>>> $1; }
>>>> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
>>>> my $protostrlc = lc($protostr);
>>>> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
>>>> diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat
>>>> b/html/cgi
>>>> -bin/logs.cgi/showrequestfromport.dat
>>>> index ad9823c..af7779a 100644
>>>> --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat
>>>> +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat
>>>> @@ -307,15 +307,19 @@ foreach $_ (@slice)
>>>> my $protostr = '';
>>>> my $srcport = ''; my $dstport = '';
>>>>
>>>> - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
>>>> + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
>>>> + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/)
>>>> {}
>>>> + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+
>>>> kernel:(.*)(IN=.*)$/)
>>>> {}
>>>> my $timestamp = $1; my $chain = $2; my $packet = $3;
>>>> $timestamp =~ /(...) (..) (..:..:..)/;
>>>> my $month = $1; my $day = $2; my $time = $3; my $iface;
>>>>
>>>> - if ($a =~ /IN\=(\w+)/) { $iface = $1; }
>>>> - if ($a =~ /OUT\=(\w+)/) { $out = $1; }
>>>> - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
>>>> - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
>>>> + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT,
>>>> otherwise
>>>> use IN and OUT
>>>> + if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~
>>>> /IN\=(\w+)/) { $iface = $1; }
>>>> + if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~
>>>> /OUT\=(\w+)/) { $out = $1; }
>>>> + # Detect ipv4 and ipv6 addresses
>>>> + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
>>>> /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>> $srcaddr =
>>>> $1; }
>>>> + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
>>>> /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
>>>> $dstaddr =
>>>> $1; }
>>>> if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
>>>> my $protostrlc = lc($protostr);
>>>> if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
next prev parent reply other threads:[~2016-01-23 10:50 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0x3xhxmi44x6md2tsvl7fplt.1453449925919@email.android.com>
2016-01-22 21:00 ` Matthias Fischer
2016-01-23 0:43 ` Michael Tremer
2016-01-23 10:50 ` Michael Eitelwein [this message]
2016-01-23 10:59 ` Michael Tremer
2016-01-23 11:59 ` Michael Eitelwein
2016-01-23 13:07 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D0814F3F-A7A5-4040-8CE1-02B746B61A0F@eitelwein.net \
--to=michael@eitelwein.net \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox