From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: [PATCH] firewalllog.dat: Proper display protocol names. Date: Thu, 15 Jul 2021 10:17:43 +0200 Message-ID: In-Reply-To: <32fded7e-cb04-3277-1591-94a2f9e6fa20@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7655241458216650082==" List-Id: --===============7655241458216650082== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Bernhard, good find - thanks a lot. I'll send a second patch to the list. - Stefan > A little correction, see below. >=20 > Reviewed-by: Bernhard Bitsch >=20 > Am 13.07.2021 um 18:58 schrieb Stefan Schantl: > > In some cases iptables logs the protocol number instead of the > > name. > > When accessing the logs via the WUI, this number has been displayed > > as used > > protocol, which is very hard to read and understand. > >=20 > > This commit adds a new function to the general-functions.pl, which > > generates a hash to translate the protocol number into the protocol > > name. > >=20 > > Fixes #11282. > >=20 > > Signed-off-by: Stefan Schantl > > --- > > =C2=A0 config/cfgroot/general-functions.pl=C2=A0=C2=A0 | 36 > > +++++++++++++++++++++++++++ > > =C2=A0 html/cgi-bin/logs.cgi/firewalllog.dat |=C2=A0 8 ++++++ > > =C2=A0 2 files changed, 44 insertions(+) > >=20 > > diff --git a/config/cfgroot/general-functions.pl > > b/config/cfgroot/general-functions.pl > > index 550afcf82..529585863 100644 > > --- a/config/cfgroot/general-functions.pl > > +++ b/config/cfgroot/general-functions.pl > > @@ -1363,6 +1363,42 @@ sub formatBytes { > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0return sprintf("%.2f %s",= $bytes, $unit); > > =C2=A0 } > > =C2=A0=20 > > +# Function to collect and generate a hash for translating protocol > > numbers into > > +# their names. > > +sub generateProtoTransHash () { > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# File which contains the prot= ocol definitions. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0my $protocols_file =3D "/etc/p= rotocols"; > > + > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0my %protocols =3D (); > > + > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Open protocols file. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0open(FILE, "$protocols_file") = or die "Could not open > > $protocols_file. $!\n"; > > + > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Loop through the file. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0while (my $line =3D ) { > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Skip comments. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0next if ($line =3D~ /\#/); >=20 > This should read (all lines contain comments): > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0next if ($line =3D~ /^#/); >=20 > > + > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Skip blank=C2=A0 lines. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0next if ($line =3D~ /^\s*$/); > > + > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Remove any newlines. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0chomp($line); > > + > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Split line content. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0my ($protocol_lc, $number, $protocol_uc, $comment) > > =3D split(' ', $line); > > + > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Add proto details to the hash of protocols. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0$protocols{$number} =3D $protocol_uc; > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0} > > + > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Close file handle. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0close(FILE); > > + > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Return the hash. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0return %protocols; > > +} > > + > > =C2=A0 # Cloud Stuff > > =C2=A0=20 > > =C2=A0 sub running_in_cloud() { > > diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi- > > bin/logs.cgi/firewalllog.dat > > index e326d65c0..73596d8cd 100644 > > --- a/html/cgi-bin/logs.cgi/firewalllog.dat > > +++ b/html/cgi-bin/logs.cgi/firewalllog.dat > > @@ -325,6 +325,8 @@ print < > =C2=A0 END > > =C2=A0 ; > > =C2=A0=20 > > +# Generate hash to translate protocol numbers into protocol names. > > +my %protocols =3D &General::generateProtoTransHash(); > > =C2=A0=20 > > =C2=A0 $lines =3D 0; > > =C2=A0 foreach $_ (@log) > > @@ -354,6 +356,12 @@ foreach $_ (@log) > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Get the country code. > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0my $ccode =3D > > &Location::Functions::lookup_country_code($srcaddr); > > =C2=A0=20 > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Lookup if the grabbed protoc= ol is part of the protocols > > hash. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if (exists ($protocols{$proto}= )) { > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0# Translate protocol number into protocol name. > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0$proto =3D $protocols{$proto}; > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0} > > + > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0my $servi =3D uc(getservb= yport($srcport, lc($proto))); > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if ($servi ne '' && $srcp= ort < 1024) { > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0$srcport =3D "$srcport($servi)"; > >=20 --===============7655241458216650082==--