Development January 2016

development@lists.ipfire.org

17 participants
55 discussions

OpenSSH client bug CVE-2016-0777
by Michael Tremer 15 Jan '16

15 Jan '16

Hello Matthias, hello list, could you please update OpenSSH to the latest version to fix the latest security bugs: http://www.undeadly.org/cgi?action=article&sid=20160114142733 It should not be anything difficult, but should be patched in IPFire today if we can. Best, -Michael

2 2

[PATCH] openssh: Update to 7.1p2
by Matthias Fischer 15 Jan '16

15 Jan '16

Fixes CVE-2016-0777 Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/openssh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/openssh b/lfs/openssh index 0bba1ec..546bc7e 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@ include Config -VER = 7.1p1 +VER = 7.1p2 THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 8709736bc8a8c253bc4eeb4829888ca5 +$(DL_FILE)_MD5 = 4d8547670e2a220d5ef805ad9e47acf2 install : $(TARGET) -- 2.7.0

1 0

RE: Sending in patches
by Blago Culjak 15 Jan '16

15 Jan '16

Hello, I have also tried to do couple "first bugs" and failed to send them in using Larsen cheat sheet. He tried to help me twice, but no luck. It just takes longer to send in patches then it is to deal with a bug. Unleast for us on Windows. I do it in my own time, as do you, so I dont have too much time to waste. I would recomend a youtube tutorial to get started, I think its easiest to select an easy bug and record sending proccess. Windows setup would be great, but I can manage in Linux as virtual machine. Poslano s mog Windows Phonea ________________________________ Šalje: Larsen<mailto:larsen007@web.de> Poslano: ‎11.‎1.‎2016. 21:40 Prima: development(a)lists.ipfire.org<mailto:development@lists.ipfire.org> Predmet: Re: Sending in patches On Sun, 10 Jan 2016 22:54:26 +0100, Michael Tremer <michael.tremer(a)ipfire.org> wrote: > I find this process with "git send-email" very easy and I am > not sure where the problems could be. I am using TortoiseGit with Windows 7. I don't know if this tool supports "git send-email" and I wouldn't want to use command line git (it is annoying to use more than one tool for the same job, IMHO). Therefore, I create a patch file using TortoiseGit (I need a workflow reminder for this to get it right), then send the contents with Thunderbird where I have to remember to disable line wrap (also using a workflow reminder text). In other projects (using Github), IMHO it is much easier to push to one's own repository and create a merge request to the upstream repository. Discussion can take place with that merge request. In case you are open to using other tools in place of Patchwork, what about Gitlab? Lars

3 3

Re: dnsmasq 2.75, including latest patches from 2016-01-08
by Matthias Fischer 14 Jan '16

14 Jan '16

Hi, (I added the development(a)lists.ipfire.org, perhaps others like to participate) On 14.01.2016 07:47, R. W. Rodolico wrote: > FYI, almost a week and no issues. Sounds good... > I also changed my upstream DNS servers > to the ones recommended. Do you think I should change them back for a > real test? Simple question - simple answer: yes, *I* would do that. Best, Matthias P.S.: BTW, next version including new patches (045-048) is online: Download: http://people.ipfire.org/~mfischer/dnsmasq_275_2016_01_14 MD5: a47e090fe132c155f2d041ab4272c52b For new patches included, see: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=0e5e221f… This is the compiled binary, nothing more is needed. - Copy to '/usr/sbin' - Stop 'dnsmasq' (/etc/init.d/dnsmasq stop) - Rename (don't forget backing up the *old* version!) - Start 'dnsmasq' (/etc/init.d/dnsmasq start).

3 2

[PATCH] dnsmasq 2.75: latest patches from upstream
by Matthias Fischer 14 Jan '16

14 Jan '16

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/dnsmasq | 4 + ...orwarding_to_private_servers_for_a_domain.patch | 41 ++++ ...ors_and_check_we_have_a_root-trust_anchor.patch | 70 +++++++ ...ze_calculation_when_hosts-file_read_fails.patch | 41 ++++ ...main_servers_unless_trust-anchor_provided.patch | 217 +++++++++++++++++++++ 5 files changed, 373 insertions(+) create mode 100644 src/patches/dnsmasq/045-Inhibit_DNSSEC_validation_when_forwarding_to_private_servers_for_a_domain.patch create mode 100644 src/patches/dnsmasq/046-DNSSEC_Handle_non-root_trust_anchors_and_check_we_have_a_root-trust_anchor.patch create mode 100644 src/patches/dnsmasq/047-Fix_bad_cache-size_calculation_when_hosts-file_read_fails.patch create mode 100644 src/patches/dnsmasq/048-Disable_DNSSEC_for_server_domain_servers_unless_trust-anchor_provided.patch diff --git a/lfs/dnsmasq b/lfs/dnsmasq index e145a39..0affcf5 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -117,6 +117,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/042-Handle_building_with_script_support_enabled_and_DHCP_disabled.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/043-Update_copyright_notices_Happy_new_year.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/044-Fix_FTBFS_when_scripts_excluded_at_compilation_time.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/045-Inhibit_DNSSEC_validation_when_forwarding_to_private_servers_for_a_domain.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/046-DNSSEC_Handle_non-root_trust_anchors_and_check_we_have_a_root-trust_anchor.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/047-Fix_bad_cache-size_calculation_when_hosts-file_read_fails.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/048-Disable_DNSSEC_for_server_domain_servers_unless_trust-anchor_provided.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch cd $(DIR_APP) && sed -i src/config.h \ diff --git a/src/patches/dnsmasq/045-Inhibit_DNSSEC_validation_when_forwarding_to_private_servers_for_a_domain.patch b/src/patches/dnsmasq/045-Inhibit_DNSSEC_validation_when_forwarding_to_private_servers_for_a_domain.patch new file mode 100644 index 0000000..11cf20a --- /dev/null +++ b/src/patches/dnsmasq/045-Inhibit_DNSSEC_validation_when_forwarding_to_private_servers_for_a_domain.patch @@ -0,0 +1,41 @@ +From 5757371d43891e830abe19aacae5378a79c7851c Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Mon, 11 Jan 2016 22:50:00 +0000 +Subject: [PATCH] Inhibit DNSSEC validation when forwarding to private servers + for a domain. + +server=/example.com/<ip-of-server> + +The rationale is that the chain-of-trust will not be complete to +private servers. If it was, it would not be necessary to access the +server direct. +--- + src/forward.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/forward.c b/src/forward.c +index 47c6ded..1458578 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -406,7 +406,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + } + + #ifdef HAVE_DNSSEC +- if (option_bool(OPT_DNSSEC_VALID)) ++ if (option_bool(OPT_DNSSEC_VALID) && !(type & SERV_HAS_DOMAIN)) + { + size_t new = add_do_bit(header, plen, ((unsigned char *) header) + PACKETSZ); + +@@ -858,7 +858,8 @@ void reply_query(int fd, int family, time_t now) + no_cache_dnssec = 1; + + #ifdef HAVE_DNSSEC +- if (server && option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED)) ++ if (server && !(server->flags & SERV_HAS_DOMAIN) && ++ option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED)) + { + int status = 0; + +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/046-DNSSEC_Handle_non-root_trust_anchors_and_check_we_have_a_root-trust_anchor.patch b/src/patches/dnsmasq/046-DNSSEC_Handle_non-root_trust_anchors_and_check_we_have_a_root-trust_anchor.patch new file mode 100644 index 0000000..b58b6d2 --- /dev/null +++ b/src/patches/dnsmasq/046-DNSSEC_Handle_non-root_trust_anchors_and_check_we_have_a_root-trust_anchor.patch @@ -0,0 +1,70 @@ +From a63b8b89e66a097fca7cba3efc7923636574ec2c Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Tue, 12 Jan 2016 11:28:58 +0000 +Subject: [PATCH] DNSSEC: Handle non-root trust anchors, and check we have a + root trust anchor. + +--- + src/dnsmasq.c | 12 ++++++++++-- + src/dnssec.c | 19 ++++++++++++++++++- + 2 files changed, 28 insertions(+), 3 deletions(-) + +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index 8032fc7..e993629 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -169,8 +169,16 @@ int main (int argc, char **argv) + if (option_bool(OPT_DNSSEC_VALID)) + { + #ifdef HAVE_DNSSEC +- if (!daemon->ds) +- die(_("no trust anchors provided for DNSSEC"), NULL, EC_BADCONF); ++ struct ds_config *ds; ++ ++ /* Must have at least a root trust anchor, or the DNSSEC code ++ can loop forever. */ ++ for (ds = daemon->ds; ds; ds = ds->next) ++ if (ds->name[0] == 0) ++ break; ++ ++ if (!ds) ++ die(_("no root trust anchor provided for DNSSEC"), NULL, EC_BADCONF); + + if (daemon->cachesize < CACHESIZ) + die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF); +diff --git a/src/dnssec.c b/src/dnssec.c +index a432ebf..18efa59 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -1873,10 +1873,27 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key + */ + static int zone_status(char *name, int class, char *keyname, time_t now) + { +- int name_start = strlen(name); ++ int name_start = strlen(name); /* for when TA is root */ + struct crec *crecp; + char *p; ++ ++ /* First, work towards the root, looking for a trust anchor. ++ This can either be one configured, or one previously cached. ++ We can assume, if we don't find one first, that there is ++ a trust anchor at the root. */ ++ for (p = name; p; p = strchr(p, '.')) ++ { ++ if (*p == '.') ++ p++; ++ ++ if (cache_find_by_name(NULL, p, now, F_DS)) ++ { ++ name_start = p - name; ++ break; ++ } ++ } + ++ /* Now work away from the trust anchor */ + while (1) + { + strcpy(keyname, &name[name_start]); +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/047-Fix_bad_cache-size_calculation_when_hosts-file_read_fails.patch b/src/patches/dnsmasq/047-Fix_bad_cache-size_calculation_when_hosts-file_read_fails.patch new file mode 100644 index 0000000..71db7e7 --- /dev/null +++ b/src/patches/dnsmasq/047-Fix_bad_cache-size_calculation_when_hosts-file_read_fails.patch @@ -0,0 +1,41 @@ +From eddf3652845b30236a99187db19d13bc6d1f282d Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Andr=C3=A9=20Gl=C3=BCpker?= <andre.gluepker(a)st.ovgu.de> +Date: Tue, 12 Jan 2016 12:54:17 +0000 +Subject: [PATCH] Fix bad cache-size calculation when hosts-file read fails. + +--- + CHANGELOG | 4 ++++ + src/cache.c | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 93c73d0..dcaa699 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -18,6 +18,10 @@ version 2.76 + that the same name is empty. Thanks to Edwin TÃ¶rÃ¶k for + the patch. + ++ Fix failure to correctly calculate cache-size when ++ reading a hosts-file fails. Thanks to AndrÃ© GlÃ¼pker ++ for the patch. ++ + + version 2.75 + Fix reversion on 2.74 which caused 100% CPU use when a +diff --git a/src/cache.c b/src/cache.c +index d4b71a5..a9eaa65 100644 +--- a/src/cache.c ++++ b/src/cache.c +@@ -919,7 +919,7 @@ int read_hostsfile(char *filename, unsigned int index, int cache_size, struct cr + if (!f) + { + my_syslog(LOG_ERR, _("failed to load names from %s: %s"), filename, strerror(errno)); +- return 0; ++ return cache_size; + } + + eatspace(f); +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/048-Disable_DNSSEC_for_server_domain_servers_unless_trust-anchor_provided.patch b/src/patches/dnsmasq/048-Disable_DNSSEC_for_server_domain_servers_unless_trust-anchor_provided.patch new file mode 100644 index 0000000..62d4f8d --- /dev/null +++ b/src/patches/dnsmasq/048-Disable_DNSSEC_for_server_domain_servers_unless_trust-anchor_provided.patch @@ -0,0 +1,217 @@ +From 367341f7456c33c66142d66b0e76c56d53bca4f2 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Tue, 12 Jan 2016 15:58:23 +0000 +Subject: [PATCH] Disable DNSSEC for server=/domain/.. servers unless + trust-anchor provided. + +--- + src/dnsmasq.h | 1 + + src/dnssec.c | 2 +- + src/forward.c | 30 ++++++++++++++++++++++-------- + src/network.c | 38 ++++++++++++++++++++++++++++++++++---- + 4 files changed, 58 insertions(+), 13 deletions(-) + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index b2d1c5e..543481c 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -477,6 +477,7 @@ union mysockaddr { + #define SERV_NO_REBIND 2048 /* inhibit dns-rebind protection */ + #define SERV_FROM_FILE 4096 /* read from --servers-file */ + #define SERV_LOOP 8192 /* server causes forwarding loop */ ++#define SERV_DO_DNSSEC 16384 /* Validate DNSSEC when using this server */ + + struct serverfd { + int fd; +diff --git a/src/dnssec.c b/src/dnssec.c +index 18efa59..ebb9c93 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -1892,7 +1892,7 @@ static int zone_status(char *name, int class, char *keyname, time_t now) + break; + } + } +- ++ + /* Now work away from the trust anchor */ + while (1) + { +diff --git a/src/forward.c b/src/forward.c +index 1458578..11c0d45 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -106,8 +106,8 @@ int send_from(int fd, int nowild, char *packet, size_t len, + return 1; + } + +-static unsigned int search_servers(time_t now, struct all_addr **addrpp, +- unsigned int qtype, char *qdomain, int *type, char **domain, int *norebind) ++static unsigned int search_servers(time_t now, struct all_addr **addrpp, unsigned int qtype, ++ char *qdomain, int *type, char **domain, int *norebind) + + { + /* If the query ends in the domain in one of our servers, set +@@ -175,7 +175,7 @@ static unsigned int search_servers(time_t now, struct all_addr **addrpp, + + if (domainlen >= matchlen) + { +- *type = serv->flags & (SERV_HAS_DOMAIN | SERV_USE_RESOLV | SERV_NO_REBIND); ++ *type = serv->flags & (SERV_HAS_DOMAIN | SERV_USE_RESOLV | SERV_NO_REBIND | SERV_DO_DNSSEC); + *domain = serv->domain; + matchlen = domainlen; + if (serv->flags & SERV_NO_ADDR) +@@ -233,12 +233,13 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + struct frec *forward, int ad_reqd, int do_bit) + { + char *domain = NULL; +- int type = 0, norebind = 0; ++ int type = SERV_DO_DNSSEC, norebind = 0; + struct all_addr *addrp = NULL; + unsigned int flags = 0; + struct server *start = NULL; + #ifdef HAVE_DNSSEC + void *hash = hash_questions(header, plen, daemon->namebuff); ++ int do_dnssec = 0; + #else + unsigned int crc = questions_crc(header, plen, daemon->namebuff); + void *hash = &crc; +@@ -315,6 +316,10 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + daemon->last_server = NULL; + } + type = forward->sentto->flags & SERV_TYPE; ++#ifdef HAVE_DNSSEC ++ do_dnssec = forward->sentto->flags & SERV_DO_DNSSEC; ++#endif ++ + if (!(start = forward->sentto->next)) + start = daemon->servers; /* at end of list, recycle */ + header->id = htons(forward->new_id); +@@ -324,6 +329,11 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + if (gotname) + flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain, &norebind); + ++#ifdef HAVE_DNSSEC ++ do_dnssec = type & SERV_DO_DNSSEC; ++ type &= ~SERV_DO_DNSSEC; ++#endif ++ + if (!flags && !(forward = get_new_frec(now, NULL, 0))) + /* table full - server failure. */ + flags = F_NEG; +@@ -406,7 +416,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, + } + + #ifdef HAVE_DNSSEC +- if (option_bool(OPT_DNSSEC_VALID) && !(type & SERV_HAS_DOMAIN)) ++ if (option_bool(OPT_DNSSEC_VALID) && do_dnssec) + { + size_t new = add_do_bit(header, plen, ((unsigned char *) header) + PACKETSZ); + +@@ -858,7 +868,7 @@ void reply_query(int fd, int family, time_t now) + no_cache_dnssec = 1; + + #ifdef HAVE_DNSSEC +- if (server && !(server->flags & SERV_HAS_DOMAIN) && ++ if (server && (server->flags & SERV_DO_DNSSEC) && + option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED)) + { + int status = 0; +@@ -1640,6 +1650,10 @@ unsigned char *tcp_request(int confd, time_t now, + if (gotname) + flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain, &norebind); + ++#ifdef HAVE_DNSSEC ++ type &= ~SERV_DO_DNSSEC; ++#endif ++ + if (type != 0 || option_bool(OPT_ORDER) || !daemon->last_server) + last_server = daemon->servers; + else +@@ -1711,7 +1725,7 @@ unsigned char *tcp_request(int confd, time_t now, + } + + #ifdef HAVE_DNSSEC +- if (option_bool(OPT_DNSSEC_VALID)) ++ if (option_bool(OPT_DNSSEC_VALID) && (last_server->flags & SERV_DO_DNSSEC)) + { + new_size = add_do_bit(header, size, ((unsigned char *) header) + 65536); + +@@ -1757,7 +1771,7 @@ unsigned char *tcp_request(int confd, time_t now, + #endif + + #ifdef HAVE_DNSSEC +- if (option_bool(OPT_DNSSEC_VALID) && !checking_disabled) ++ if (option_bool(OPT_DNSSEC_VALID) && !checking_disabled && (last_server->flags & SERV_DO_DNSSEC)) + { + int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */ + int status = tcp_key_recurse(now, STAT_OK, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount); +diff --git a/src/network.c b/src/network.c +index 66b91ad..303ae50 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -1430,12 +1430,38 @@ void check_servers(void) + if (!option_bool(OPT_NOWILD)) + enumerate_interfaces(0); + ++#ifdef HAVE_DNSSEC ++ /* Disable DNSSEC validation when using server=/domain/.... servers ++ unless there's a configured trust anchor. */ ++ for (serv = daemon->servers; serv; serv = serv->next) ++ serv->flags |= SERV_DO_DNSSEC; ++#endif ++ + for (serv = daemon->servers; serv; serv = serv->next) + { +- if (!(serv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND))) ++ if (!(serv->flags & (SERV_LITERAL_ADDRESS | SERV_NO_ADDR | SERV_USE_RESOLV | SERV_NO_REBIND))) + { +- port = prettyprint_addr(&serv->addr, daemon->namebuff); ++#ifdef HAVE_DNSSEC ++ if (option_bool(OPT_DNSSEC_VALID) && (serv->flags & SERV_HAS_DOMAIN)) ++ { ++ struct ds_config *ds; ++ char *domain = serv->domain; ++ ++ /* .example.com is valid */ ++ while (*domain == '.') ++ domain++; ++ ++ for (ds = daemon->ds; ds; ds = ds->next) ++ if (ds->name[0] != 0 && hostname_isequal(domain, ds->name)) ++ break; + ++ if (!ds) ++ serv->flags &= ~SERV_DO_DNSSEC; ++ } ++#endif ++ ++ port = prettyprint_addr(&serv->addr, daemon->namebuff); ++ + /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */ + if (serv->addr.sa.sa_family == AF_INET && + serv->addr.in.sin_addr.s_addr == 0) +@@ -1471,7 +1497,11 @@ void check_servers(void) + { + if (serv->flags & (SERV_HAS_DOMAIN | SERV_FOR_NODOTS | SERV_USE_RESOLV)) + { +- char *s1, *s2; ++ char *s1, *s2, *s3 = ""; ++#ifdef HAVE_DNSSEC ++ if (option_bool(OPT_DNSSEC_VALID) && !(serv->flags & SERV_DO_DNSSEC)) ++ s3 = _("(no DNSSEC)"); ++#endif + if (!(serv->flags & SERV_HAS_DOMAIN)) + s1 = _("unqualified"), s2 = _("names"); + else if (strlen(serv->domain) == 0) +@@ -1484,7 +1514,7 @@ void check_servers(void) + else if (serv->flags & SERV_USE_RESOLV) + my_syslog(LOG_INFO, _("using standard nameservers for %s %s"), s1, s2); + else +- my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s"), daemon->namebuff, port, s1, s2); ++ my_syslog(LOG_INFO, _("using nameserver %s#%d for %s %s %s"), daemon->namebuff, port, s1, s2, s3); + } + #ifdef HAVE_LOOP + else if (serv->flags & SERV_LOOP) +-- +1.7.10.4 + -- 2.7.0

1 0

[PATCH] nano: Update to 2.5.1
by Matthias Fischer 12 Jan '16

12 Jan '16

Excerpt form 'NEWS': "It includes fixes for a syntax-highlighting bug and a positionlog bug, it disables a time-eating multiline regex in the C syntax, and it adds an escape hatch to the WriteOut menu when --tempfile is used: the discardbuffer command, ^Q. It also has translation updates for fifteen languages, and a small fix in the softwrap code." Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- config/rootfiles/packages/nano | 2 ++ lfs/nano | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/packages/nano b/config/rootfiles/packages/nano index d31753c..3582f36 100644 --- a/config/rootfiles/packages/nano +++ b/config/rootfiles/packages/nano @@ -14,6 +14,7 @@ usr/bin/rnano #usr/share/man/man5/nanorc.5 #usr/share/nano usr/share/nano/asm.nanorc +usr/share/nano/autoconf.nanorc usr/share/nano/awk.nanorc usr/share/nano/c.nanorc #usr/share/nano/changelog.nanorc @@ -37,6 +38,7 @@ usr/share/nano/man.nanorc usr/share/nano/mgp.nanorc usr/share/nano/mutt.nanorc usr/share/nano/nanorc.nanorc +usr/share/nano/nftables.nanorc usr/share/nano/objc.nanorc usr/share/nano/ocaml.nanorc usr/share/nano/patch.nanorc diff --git a/lfs/nano b/lfs/nano index c08ec88..0d92c6b 100644 --- a/lfs/nano +++ b/lfs/nano @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2016 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.5.0 +VER = 2.5.1 THISAPP = nano-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nano -PAK_VER = 7 +PAK_VER = 8 DEPS = "" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 751ed96457017572bab15be18cb873ba +$(DL_FILE)_MD5 = f25c7da9813ae5f1df7e5dd1072de4ce install : $(TARGET) -- 2.7.0

1 0

[PATCH] Disallow OpenVPN DH params less than 1024 bits
by IT Superhack 10 Jan '16

10 Jan '16

The OpenVPN CGI offers to create a DH param. The patch below disables the generation of 1024 bit params and marks 2048 bit params as weak/insecure. It is recommended to use DH params with at least 3072 bits, shorter ones are considered as insecure. The patch does not affect systems where already DH params were created. Sorry for the crappy line breaks by my mail agent, but it cannot switch this off and git send-email does not work on my system (starttls issues). Signed-off-by: Timmothy Wilson <itsuperhack(a)web.de> --- html/cgi-bin/ovpnmain.cgi | 3 +-- langs/de/cgi-bin/de.pl | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 62af54e..4813128 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1313,8 +1313,7 @@ END <form method='post'><input type='hidden' name='AREUSURE' value='yes' /> <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' /> <select name='DHLENGHT'> - <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option> - <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option> + <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'} ($Lang::tr{'insecure'})</option> <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option> <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option> </select> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 2bca854..bfed92b 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1291,6 +1291,7 @@ 'incorrect password' => 'Fehlerhaftes Passwort', 'info' => 'Info', 'init string' => 'Initialisierung:', +'insecure' => 'unsicher', 'insert floppy' => 'Legen Sie eine formatierte Diskette in das Floppy-Laufwerk in IPFire und klicken auf <i>Datensicherung auf Diskette</i>, um die Systemeinstellungen zu sichern. Überprüfen Sie das Ergebnis sorgfältig, um sicher zu sein, dass die Datensicherung vollständig und erfolgreich abgeschlossen wurde.', 'install' => 'Installieren', 'install new update' => 'Installiere neues Update:', -- 1.8.4.5

4 23

[PATCH 5/5] No code changes, fixed formatting by replacing spaces with tabs
by Michael Eitelwein 10 Jan '16

10 Jan '16

Signed-off-by: Michael Eitelwein <michael(a)eitelwein.net> --- html/cgi-bin/logs.cgi/firewalllog.dat | 494 ++++++++++----------- html/cgi-bin/logs.cgi/firewalllogcountry.dat | 531 +++++++++++------------ html/cgi-bin/logs.cgi/firewalllogip.dat | 432 +++++++++--------- html/cgi-bin/logs.cgi/firewalllogport.dat | 401 +++++++++-------- html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 419 +++++++++--------- html/cgi-bin/logs.cgi/showrequestfromip.dat | 305 ++++++------- html/cgi-bin/logs.cgi/showrequestfromport.dat | 306 ++++++------- 7 files changed, 1459 insertions(+), 1429 deletions(-) diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat index df9b488..5c9722b 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -41,11 +41,11 @@ my %logsettings=(); my $errormessage = ''; my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); + 'Sep', 'Oct', 'Nov', 'Dec' ); my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); + $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, + $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, + $Lang::tr{'december'} ); my @now = localtime(); my $dow = $now[6]; @@ -66,55 +66,55 @@ my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index o if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) { - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; + my @temp = split(',',$ENV{'QUERY_STRING'}); + $start = $temp[0]; + $cgiparams{'MONTH'} = $temp[1]; + $cgiparams{'DAY'} = $temp[2]; } if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) + !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) { - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; + $cgiparams{'DAY'} = $now[3]; + $cgiparams{'MONTH'} = $now[4]; } elsif($cgiparams{'ACTION'} eq '>>') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day + - ## 86400 seconds in a day - } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]+1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - $temp_then[3] = 0; - } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + if ($cgiparams{'DAY'}) { + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day + + ## 86400 seconds in a day + } else { + $temp_now[3] = 1; + $temp_now[4] = ($temp_now[4]+1) %12; + @temp_then = localtime(POSIX::mktime(@temp_now) ); + $temp_then[3] = 0; + } + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } elsif($cgiparams{'ACTION'} eq '<<') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]-1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - $temp_then[3] = 0; - } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + if ($cgiparams{'DAY'}) { + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + } else { + $temp_now[3] = 1; + $temp_now[4] = ($temp_now[4]-1) %12; + @temp_then = localtime(POSIX::mktime(@temp_now) ); + $temp_then[3] = 0; + } + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } # Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log @@ -122,104 +122,104 @@ my $gzindex; my $date = $cgiparams{'DAY'} == 0 ? '' : $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; { - my $xday; - - # Calculate time. If future date, calculate for past year !!! - if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); - $date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1); - } else { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); - $date = "$longmonths[$cgiparams{'MONTH'}] $date, $year"; - } - - # calculate end of active week (saturday 23H59) - my @then = (); - @then = localtime(time()); - my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); - $sunday += (6-$then[6]) * 86400; - - # Convert delta in second to full weeks - $gzindex = int (($sunday-$xday)/604800 ); + my $xday; + + # Calculate time. If future date, calculate for past year !!! + if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); + $date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1); + } else { + $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); + $date = "$longmonths[$cgiparams{'MONTH'}] $date, $year"; + } + + # calculate end of active week (saturday 23H59) + my @then = (); + @then = localtime(time()); + my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); + $sunday += (6-$then[6]) * 86400; + + # Convert delta in second to full weeks + $gzindex = int (($sunday-$xday)/604800 ); } - + my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; my $daystr = $cgiparams{'DAY'} == 0 ? '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; - + my $lines = 0; my @log=(); my $loop = 1; my $filestr = 0; -my $lastdatetime; # for debug +my $lastdatetime; # for debug my $search_for_end = 0; - + while ($gzindex >=0 && $loop) { - # calculate file name - if ($gzindex == 0) { - $filestr = "/var/log/messages"; - } else { - $filestr = "/var/log/messages.$gzindex"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - # now read file if existing - if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) { - #&General::log("reading $filestr"); - READ:while (<FILE>) { - my $line = $_; - if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) { - # when standart viewing, just keep in memory the correct slice - # it starts a '$start' and size is $viewport - # If export, then keep all lines... - if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ - $log[$lines++] = "$line"; - } else { - if ($lines++ < ($start + $Header::viewsize)) { - push(@log,"$line"); - if (@log > $Header::viewsize) { - shift (@log); - } - #} else { dont do this optimisation, need to count lines ! - # $datetime = $maxtime; # we have read viewsize lines, stop main loop - # last READ; # exit read file - } - } - $search_for_end = 1; # we find the start of slice, can look for end now - } else { - if ($search_for_end == 1) { - #finish read files when date is over (test month equality only) - $line =~ /^(...) (..) ..:..:..*$/; - $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) ); - } - } - } - close (FILE); - } - $gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped - # for a long time + # calculate file name + if ($gzindex == 0) { + $filestr = "/var/log/messages"; + } else { + $filestr = "/var/log/messages.$gzindex"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + # now read file if existing + if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) { + #&General::log("reading $filestr"); + READ:while (<FILE>) { + my $line = $_; + if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) { + # when standart viewing, just keep in memory the correct slice + # it starts a '$start' and size is $viewport + # If export, then keep all lines... + if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ + $log[$lines++] = "$line"; + } else { + if ($lines++ < ($start + $Header::viewsize)) { + push(@log,"$line"); + if (@log > $Header::viewsize) { + shift (@log); + } + #} else { dont do this optimisation, need to count lines ! + # $datetime = $maxtime; # we have read viewsize lines, stop main loop + # last READ; # exit read file + } + } + $search_for_end = 1; # we find the start of slice, can look for end now + } else { + if ($search_for_end == 1) { + #finish read files when date is over (test month equality only) + $line =~ /^(...) (..) ..:..:..*$/; + $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) ); + } + } + } + close (FILE); + } + $gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped + # for a long time }# while # $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) { - print "Content-type: text/plain\n\n"; - print "IPFire firewall log\r\n"; - print "$Lang::{'date'}: $date\r\n\r\n"; - - if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } - - foreach $_ (@log) - { - /^... (..) (..:..:..) [\w\-]+ kernel:.*(IN=.*)$/; - my $day = $1; - $day =~ tr / /0/; - my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; - print "$time $3\r\n"; - - } - exit 0; + print "Content-type: text/plain\n\n"; + print "IPFire firewall log\r\n"; + print "$Lang::{'date'}: $date\r\n\r\n"; + + if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } + + foreach $_ (@log) + { + /^... (..) (..:..:..) [\w\-]+ kernel:.*(IN=.*)$/; + my $day = $1; + $day =~ tr / /0/; + my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; + print "$time $3\r\n"; + + } + exit 0; } &Header::showhttpheaders(); @@ -229,9 +229,9 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) &Header::openbigbox('100%', 'left', '', $errormessage); if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "<font class='base'>$errormessage </font>\n"; - &Header::closebox(); + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<font class='base'>$errormessage </font>\n"; + &Header::closebox(); } &Header::openbox('100%', 'left', "$Lang::tr{'settings'}"); @@ -240,33 +240,35 @@ print <<END <form method='post' action='$ENV{'SCRIPT_NAME'}'> <table width='100%'> <tr> - <td width='10%' class='base'>$Lang::tr{'month'}: </td> - <td width='10%'> - <select name='MONTH'> + <td width='10%' class='base'>$Lang::tr{'month'}: </td> + <td width='10%'> + <select name='MONTH'> END ; for (my $month = 0; $month < 12; $month++) { - print "\t<option "; - if ($month == $cgiparams{'MONTH'}) { - print "selected='selected' "; } - print "value='$month'>$longmonths[$month]</option>\n"; + print "\t<option "; + if ($month == $cgiparams{'MONTH'}) { + print "selected='selected' "; + } + print "value='$month'>$longmonths[$month]</option>\n"; } print <<END - </select> - </td> - <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> - <td width='40%'> - <select name='DAY'> + </select> + </td> + <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> + <td width='40%'> + <select name='DAY'> END ; print "<option value='0'>$Lang::tr{'all'}</option>\n"; for (my $day = 1; $day <= 31; $day++) { - print "\t<option "; - if ($day == $cgiparams{'DAY'}) { - print "selected='selected' "; } - print "value='$day'>$day</option>\n"; + print "\t<option "; + if ($day == $cgiparams{'DAY'}) { + print "selected='selected' "; + } + print "value='$day'>$day</option>\n"; } print <<END </select> @@ -291,20 +293,20 @@ $start = $lastPageIndex if ($start >= $lastPageIndex); $start = 0 if ($start < 0); my $prev; - if ($start == 0) { - $prev = -1; - } else { - $prev = $start - ${Header::viewsize}; - $prev = 0 if ( $prev < 0); - } - +if ($start == 0) { + $prev = -1; +} else { + $prev = $start - ${Header::viewsize}; + $prev = 0 if ( $prev < 0); +} + my $next; - if ($start == $lastPageIndex) { - $next = -1; - } else { - $next = $start + ${Header::viewsize}; - $next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize}); - } +if ($start == $lastPageIndex) { + $next = -1; +} else { + $next = $start + ${Header::viewsize}; + $next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize}); +} if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } if ($lines != 0) { &oldernewer(); } @@ -312,14 +314,14 @@ if ($lines != 0) { &oldernewer(); } print <<END <table width='100%' class='tbl'> <tr> - <th align='center' class='boldbase'><b>$Lang::tr{'time'}</b></th> - <th align='center' class='boldbase'><b>$Lang::tr{'chain'}</b></th> - <th align='center' class='boldbase'><b>$Lang::tr{'iface'}</b></th> - <th align='center' class='boldbase'><b>$Lang::tr{'proto'}</b></th> - <th align='center' class='boldbase'><b>$Lang::tr{'source'}<br/>$Lang::tr{'destination'}</b></th> - <th align='center' class='boldbase'><b>$Lang::tr{'src port'}<br />$Lang::tr{'dst port'}</b></th> - <th align='center' class='boldbase'><b>$Lang::tr{'country'}</b></th> - <th align='center' class='boldbase'><b>$Lang::tr{'mac address'}</b></th> + <th align='center' class='boldbase'><b>$Lang::tr{'time'}</b></th> + <th align='center' class='boldbase'><b>$Lang::tr{'chain'}</b></th> + <th align='center' class='boldbase'><b>$Lang::tr{'iface'}</b></th> + <th align='center' class='boldbase'><b>$Lang::tr{'proto'}</b></th> + <th align='center' class='boldbase'><b>$Lang::tr{'source'}<br/>$Lang::tr{'destination'}</b></th> + <th align='center' class='boldbase'><b>$Lang::tr{'src port'}<br />$Lang::tr{'dst port'}</b></th> + <th align='center' class='boldbase'><b>$Lang::tr{'country'}</b></th> + <th align='center' class='boldbase'><b>$Lang::tr{'mac address'}</b></th> </tr> END ; @@ -330,70 +332,74 @@ foreach $_ (@log) { # If ipv6 uses a bridge, PHYSIN= contains the relevant iface information # otherwise use IN= - my $packet = ''; - if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) { $packet = $5; } - elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) { $packet = $4; } - my $day = $1; - $day =~ tr / /0/; - my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; - my $chain = $3; - - my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport); - if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } - # Identify whether ipv4 or ipv6. Both are mutally exclusive. - if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1; } - if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1; } - if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1; } - if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1; } - $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/; - $proto=$1 if $packet =~ /PROTO=(\w+)/; - $srcport=$1 if $packet =~ /SPT=(\d+)/; - $dstport=$1 if $packet =~ /DPT=(\d+)/; - - my $gi = Geo::IP::PurePerl->new(); - my $ccode = $gi->country_code_by_name($srcaddr); - my $fcode = lc($ccode); - - my $servi = uc(getservbyport($srcport, lc($proto))); - if ($servi ne '' && $srcport < 1024) { - $srcport = "$srcport($servi)"; } - $servi = uc(getservbyport($dstport, lc($proto))); - if ($servi ne '' && $dstport < 1024) { - $dstport = "$dstport($servi)";} - my @mactemp = split(/:/,$macaddr); - $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]"; - my $col=""; - if ($lines % 2) { - print "<tr>"; - $col="bgcolor='$color{'color20'}'"; } - else { - print "<tr>"; - $col="bgcolor='$color{'color22'}'"; } - print <<END - - <td align='center' $col>$time</td> - <td align='center' $col>$chain</td> - <td align='center' $col>$iface</td> - <td align='center' $col>$proto</td> - <td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> - <td align='center' $col>$srcport<br/>$dstport</td> + my $packet = ''; + if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) { $packet = $5; } + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) { $packet = $4; } + my $day = $1; + $day =~ tr / /0/; + my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; + my $chain = $3; + + my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport); + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } + # Identify whether ipv4 or ipv6. Both are mutally exclusive. + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1; } + if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1; } + if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1; } + if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1; } + $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/; + $proto=$1 if $packet =~ /PROTO=(\w+)/; + $srcport=$1 if $packet =~ /SPT=(\d+)/; + $dstport=$1 if $packet =~ /DPT=(\d+)/; + + my $gi = Geo::IP::PurePerl->new(); + my $ccode = $gi->country_code_by_name($srcaddr); + my $fcode = lc($ccode); + + my $servi = uc(getservbyport($srcport, lc($proto))); + if ($servi ne '' && $srcport < 1024) { + $srcport = "$srcport($servi)"; + } + $servi = uc(getservbyport($dstport, lc($proto))); + if ($servi ne '' && $dstport < 1024) { + $dstport = "$dstport($servi)"; + } + my @mactemp = split(/:/,$macaddr); + $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]"; + my $col=""; + if ($lines % 2) { + print "<tr>"; + $col="bgcolor='$color{'color20'}'"; + } + else { + print "<tr>"; + $col="bgcolor='$color{'color22'}'"; + } + print <<END + + <td align='center' $col>$time</td> + <td align='center' $col>$chain</td> + <td align='center' $col>$iface</td> + <td align='center' $col>$proto</td> + <td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> + <td align='center' $col>$srcport<br/>$dstport</td> END -; + ; # Get flag icon for of the country. my $flag_icon = &GeoIP::get_flag_icon($fcode); - if ( $flag_icon) { + if ( $flag_icon) { print "<td align='center' $col><a href='../country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode'></a></td>"; } else { print "<td align='center' $col></td>"; } - print <<END - <td align='center' $col>$macaddr</td> -</tr> + print <<END + <td align='center' $col>$macaddr</td> + </tr> END - ; - $lines++; + ; + $lines++; } print "</table>"; @@ -408,32 +414,36 @@ print "</table>"; sub oldernewer { -print <<END -<table width='100%'> -<tr> + print <<END + <table width='100%'> + <tr> END -; + ; -print "<td align='center' width='50%'>"; -if ($prev != -1) { - print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?0,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'first'}</a> "; - print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>"; } -else { - print "$Lang::tr{'first'} $Lang::tr{'older'}"; } -print "</td>\n"; - -print "<td align='center' width='50%'>"; -if ($next >= 0) { - print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a> "; - print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$lastPageIndex,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'last'}</a>"; } -else { - print "$Lang::tr{'newer'} $Lang::tr{'last'} "; } -print "</td>\n"; + print "<td align='center' width='50%'>"; + if ($prev != -1) { + print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?0,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'first'}</a> "; + print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>"; + } + else { + print "$Lang::tr{'first'} $Lang::tr{'older'}"; + } + print "</td>\n"; -print <<END -</tr> -</table> + print "<td align='center' width='50%'>"; + if ($next >= 0) { + print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a> "; + print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$lastPageIndex,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'last'}</a>"; + } + else { + print "$Lang::tr{'newer'} $Lang::tr{'last'} "; + } + print "</td>\n"; + + print <<END + </tr> + </table> END -; + ; } diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat index 087b844..26920b5 100644 --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat @@ -8,7 +8,7 @@ # page inspired from the initial firewalllog.dat # # Modified for IPFire by Christian Schmidt -# and Michael Tremer (www.ipfire.org) +# and Michael Tremer (www.ipfire.org) use strict; use Geo::IP::PurePerl; @@ -39,11 +39,11 @@ $cgiparams{'showpie'} = 1; $cgiparams{'sortcolumn'} = 1; my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); + 'Sep', 'Oct', 'Nov', 'Dec' ); my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); + $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, + $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, + $Lang::tr{'december'} ); my @now = localtime(); my $dow = $now[6]; @@ -69,81 +69,81 @@ if ($cgiparams{'sortcolumn'} != 0) { $settings{'sortcolumn'} = $cgiparams{'sortc if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { - &General::writehash("${General::swroot}/fwlogs/ipsettings", \%settings); + &General::writehash("${General::swroot}/fwlogs/ipsettings", \%settings); } my $start = -1; if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) { - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; + my @temp = split(',',$ENV{'QUERY_STRING'}); + $start = $temp[0]; + $cgiparams{'MONTH'} = $temp[1]; + $cgiparams{'DAY'} = $temp[2]; } if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) { - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; + $cgiparams{'DAY'} = $now[3]; + $cgiparams{'MONTH'} = $now[4]; } elsif($cgiparams{'ACTION'} eq '>>') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } elsif($cgiparams{'ACTION'} eq '<<') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the previous day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) { - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } + my @then = (); + if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); + } else { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); + } + $tdoy = $then[7]; + my $lastleap=($year-1)%4; + if ($tdoy>$doy) { + if ($lastleap == 0 && $tdoy < 60) { + $doy=$tdoy+366; + } else { + $doy=$doy+365; + } + } } my $datediff=0; my $dowd=0; my $multifile=0; if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } + $datediff=int(($doy-$tdoy)/7); + $dowd=($doy-$tdoy)%7; + if (($dow-$dowd)<1) { + $datediff=$datediff+1; + } + if (($dow-$dowd)==0) { + $multifile=1; + } } my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; @@ -151,62 +151,63 @@ my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; my $day = $cgiparams{'DAY'}; my $daystr=''; if ($day <= 9) { - $daystr = " $day"; } + $daystr = " $day"; +} else { - $daystr = $day; + $daystr = $day; } my $skip=0; my $filestr=''; if ($datediff==0) { - $filestr="/var/log/messages"; + $filestr="/var/log/messages"; } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; } if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date + $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + # Note: This is in case the log does not exist for that date } my $lines = 0; my @log=(); if (!$skip) { - while (<FILE>) - { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - $log[$lines] = $_; - $lines++; - } - } - close (FILE); + while (<FILE>) + { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + $log[$lines] = $_; + $lines++; + } + } + close (FILE); } $skip=0; if ($multifile) { - $datediff=$datediff-1; - if ($datediff==0) { - $filestr="/var/log/messages"; - } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - } - if (!$skip) { - while (<FILE>) { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - $log[$lines] = $_; - $lines++; - } - } - close (FILE); - } + $datediff=$datediff-1; + if ($datediff==0) { + $filestr="/var/log/messages"; + } else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + } + if (!$skip) { + while (<FILE>) { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + $log[$lines] = $_; + $lines++; + } + } + close (FILE); + } } my $MODNAME="fwlogs"; @@ -217,9 +218,9 @@ my $MODNAME="fwlogs"; if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "<font class='base'>$errormessage </font>\n"; - &Header::closebox(); + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<font class='base'>$errormessage </font>\n"; + &Header::closebox(); } &Header::openbox('100%', 'left', "$Lang::tr{'settings'}"); @@ -228,33 +229,33 @@ print <<END <form method='post' action='$ENV{'SCRIPT_NAME'}'> <table width='100%'> <tr> - <td width='10%' class='base'>$Lang::tr{'month'}: </td> - <td width='10%'> - <select name='MONTH'> + <td width='10%' class='base'>$Lang::tr{'month'}: </td> + <td width='10%'> + <select name='MONTH'> END ; my $month; for ($month = 0; $month < 12; $month++) { - print "\t<option "; - if ($month == $cgiparams{'MONTH'}) { - print "selected='selected' "; } - print "value='$month'>$longmonths[$month]</option>\n"; + print "\t<option "; + if ($month == $cgiparams{'MONTH'}) { + print "selected='selected' "; } + print "value='$month'>$longmonths[$month]</option>\n"; } print <<END - </select> - </td> - <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> - <td width='40%'> - <select name='DAY'> + </select> + </td> + <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> + <td width='40%'> + <select name='DAY'> END ; for ($day = 1; $day <= 31; $day++) { - print "\t<option "; - if ($day == $cgiparams{'DAY'}) { - print "selected='selected' "; } - print "value='$day'>$day</option>\n"; + print "\t<option "; + if ($day == $cgiparams{'DAY'}) { + print "selected='selected' "; } + print "value='$day'>$day</option>\n"; } if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};} @@ -293,43 +294,43 @@ $lines = 0; foreach $_ (@log) { - # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN - if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} - elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} - my $packet = $4; - my $iface = ''; - if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } - if ( $1 =~ /2./ ) { $iface=''; } - my $srcaddr = ''; - # Find ipv4 and ipv6 addresses - if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = $1; } - elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr = $1; } - - if($iface eq $red_interface) { - # Traffic from red - if($srcaddr ne '') { - # srcaddr is set - my $ccode = $gi->country_code_by_name($srcaddr); - if ($ccode eq '') { - $ccode = 'unknown'; - } - $tabjc{$ccode} = $tabjc{$ccode} + 1 ; - if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } - $linesjc++; - } - } - else { - # Traffic not from red - if($iface ne '') { - $tabjc{$iface} = $tabjc{$iface} + 1 ; - if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } - $linesjc++; - } - else { - # What to do with empty iface lines? - # This probably is traffic from ipfire itself (IN= OUT=XY)? - } - } + # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} + my $packet = $4; + my $iface = ''; + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } + if ( $1 =~ /2./ ) { $iface=''; } + my $srcaddr = ''; + # Find ipv4 and ipv6 addresses + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = $1; } + elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr = $1; } + + if($iface eq $red_interface) { + # Traffic from red + if($srcaddr ne '') { + # srcaddr is set + my $ccode = $gi->country_code_by_name($srcaddr); + if ($ccode eq '') { + $ccode = 'unknown'; + } + $tabjc{$ccode} = $tabjc{$ccode} + 1; + if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } + $linesjc++; + } + } + else { + # Traffic not from red + if($iface ne '') { + $tabjc{$iface} = $tabjc{$iface} + 1 ; + if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } + $linesjc++; + } + else { + # What to do with empty iface lines? + # This probably is traffic from ipfire itself (IN= OUT=XY)? + } + } } $pienumber = $lines; @@ -349,13 +350,11 @@ my @value; my $indice=0; my @tabjc2; -if ($sortcolumn == 1) -{ - @tabjc2 = sort { $b <=> $a } values (%tabjc); +if ($sortcolumn == 1) { + @tabjc2 = sort { $b <=> $a } values (%tabjc); } -else -{ - @tabjc2 = sort { $a <=> $b } keys (%tabjc); +else { + @tabjc2 = sort { $a <=> $b } keys (%tabjc); } my $colour=1; @@ -367,19 +366,17 @@ use GD::Graph::colour; #ips sort by hits number my $v; -if ($sortcolumn == 1) -{ - for ($v=0;$v<$pienumber;$v++){ - findkey($tabjc2[$v]); - } +if ($sortcolumn == 1) { + for ($v=0;$v<$pienumber;$v++){ + findkey($tabjc2[$v]); + } } -else -{ - foreach $v (@tabjc2) { - $key[$indice] = $v; - $value[$indice] = $tabjc{$v}; - $indice++; - } +else { + foreach $v (@tabjc2) { + $key[$indice] = $v; + $value[$indice] = $tabjc{$v}; + $indice++; + } } my @ips; @@ -392,15 +389,15 @@ my $o; if($cgiparams{'otherspie'} == 2 ){} else{ - my $numothers; - for($o=0;$o<$pienumber;$o++){ - $numothers = $numothers + $numb[$o]; - } - $numothers = $linesjc - $numothers; - if ($numothers > 0) { - $ips[$pienumber]="$Lang::tr{'otherip'}"; - $numb[$pienumber] = $numothers; - } + my $numothers; + for($o=0;$o<$pienumber;$o++){ + $numothers = $numothers + $numb[$o]; + } + $numothers = $linesjc - $numothers; + if ($numothers > 0) { + $ips[$pienumber]="$Lang::tr{'otherip'}"; + $numb[$pienumber] = $numothers; + } } my @data = (\@ips,\@numb); @@ -413,28 +410,28 @@ my %mainsettings = (); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) { - my $mygraph = GD::Graph::pie->new(500, 350); - $mygraph->set( - 'title' => '', - 'pie_height' => 50, - 'start_angle' => 89 - ) or warn $mygraph->error; - - $mygraph->set_value_font(GD::gdMediumBoldFont); - $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] ); - my $myimage = $mygraph->plot(\@data) or die $mygraph->error; - - my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-country*.png"); - unlink(@filenames); - my $imagerandom = rand(1000000); - my $imagename = "/srv/web/ipfire/html/graphs/fwlog-country$imagerandom.png"; - open(FILE,">$imagename"); - print FILE $myimage->png; - close(FILE); - ##################################################### - print "<div style='text-align:center;'>"; - print "<img src='/graphs/fwlog-country$imagerandom.png'>"; - print "</div>"; + my $mygraph = GD::Graph::pie->new(500, 350); + $mygraph->set( + 'title' => '', + 'pie_height' => 50, + 'start_angle' => 89 + ) or warn $mygraph->error; + + $mygraph->set_value_font(GD::gdMediumBoldFont); + $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] ); + my $myimage = $mygraph->plot(\@data) or die $mygraph->error; + + my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-country*.png"); + unlink(@filenames); + my $imagerandom = rand(1000000); + my $imagename = "/srv/web/ipfire/html/graphs/fwlog-country$imagerandom.png"; + open(FILE,">$imagename"); + print FILE $myimage->png; + close(FILE); + ##################################################### + print "<div style='text-align:center;'>"; + print "<img src='/graphs/fwlog-country$imagerandom.png'>"; + print "</div>"; } print <<END <table width='100%' class='tbl'> @@ -456,72 +453,72 @@ my $col=""; for($s=0;$s<$lines;$s++) { - $show++; - $percent = $value[$s] * 100 / $linesjc; - $percent = sprintf("%.f", $percent); - $total = $total + $value[$s]; - # colors are numbered 1 to 10 - my $colorIndex = ($color % 10) + 1; - $col="bgcolor='$color{\"color$colorIndex\"}'"; - $color++; - print "<tr>"; - - print "<td align='center' $col>"; - - # Dont show details button for "unknown" location. - if ($key[$s] ne 'unknown') { - print"<form method='post' action='showrequestfromcountry.dat'>"; - print"<input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'>"; - print"<input type='hidden' name='DAY' value='$cgiparams{'DAY'}'>"; - print"<input type='hidden' name='country' value='$key[$s]'>"; - print"<input type='submit' value='details'></form>"; - } - elsif ($key[$s] eq 'unknown') { - print "unknown"; - } - # Looks dangerous to use hardcoded interface names here. Probably needs fixing. - if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0' ) { - print "<td align='center' $col>$key[$s]</td>"; - } - else { - my $fcode = lc($key[$s]); - - # Get flag icon for of the country. - my $flag_icon = &GeoIP::get_flag_icon($fcode); - - if($flag_icon) { - print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$key[$s]' title='$key[$s]'></a></td>"; - } else { + $show++; + $percent = $value[$s] * 100 / $linesjc; + $percent = sprintf("%.f", $percent); + $total = $total + $value[$s]; + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; + $col="bgcolor='$color{\"color$colorIndex\"}'"; + $color++; + print "<tr>"; + + print "<td align='center' $col>"; + + # Dont show details button for "unknown" location. + if ($key[$s] ne 'unknown') { + print"<form method='post' action='showrequestfromcountry.dat'>"; + print"<input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'>"; + print"<input type='hidden' name='DAY' value='$cgiparams{'DAY'}'>"; + print"<input type='hidden' name='country' value='$key[$s]'>"; + print"<input type='submit' value='details'></form>"; + } + elsif ($key[$s] eq 'unknown') { + print "unknown"; + } + # Looks dangerous to use hardcoded interface names here. Probably needs fixing. + if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0' ) { print "<td align='center' $col>$key[$s]</td>"; - } - } - print "<td align='center' $col>$value[$s]</td>"; - print "<td align='center' $col>$percent</td>"; - print "</tr>"; + } + else { + my $fcode = lc($key[$s]); + + # Get flag icon for of the country. + my $flag_icon = &GeoIP::get_flag_icon($fcode); + + if($flag_icon) { + print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$key[$s]' title='$key[$s]'></a></td>"; + } else { + print "<td align='center' $col>$key[$s]</td>"; + } + } + print "<td align='center' $col>$value[$s]</td>"; + print "<td align='center' $col>$percent</td>"; + print "</tr>"; } if($cgiparams{'otherspie'} == 2 ){} else{ - # colors are numbered 1 to 10 - my $colorIndex = ($color % 10) + 1; - $col="bgcolor='$color{\"color$colorIndex\"}'"; - print "<tr>"; - -if ( $linesjc ne "0") -{ -my $dif; -$dif = $linesjc - $total; -$percent = $dif * 100 / $linesjc; -$percent = sprintf("%.f", $percent); -print <<END -<td align='center' $col></TD> -<td align='center' $col>$Lang::tr{'other countries'}</td> -<td align='center' $col>$dif</TD> -<td align='center' $col>$percent</TD> -</tr> + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; + $col="bgcolor='$color{\"color$colorIndex\"}'"; + print "<tr>"; + + if ( $linesjc ne "0") + { + my $dif; + $dif = $linesjc - $total; + $percent = $dif * 100 / $linesjc; + $percent = sprintf("%.f", $percent); + print <<END + <td align='center' $col></TD> + <td align='center' $col>$Lang::tr{'other countries'}</td> + <td align='center' $col>$dif</TD> + <td align='center' $col>$percent</TD> + </tr> END -; -} + ; + } } print <<END </TABLE> @@ -533,19 +530,19 @@ END &Header::closepage(); sub findkey { - my $v; - foreach $v (@keytabjc) { - if ($tabjc{$v} eq $_[0]) { - delete $tabjc{$v}; - $key[$indice] = "$v"; - $value[$indice] = $_[0]; - $indice++; - last; - } - } + my $v; + foreach $v (@keytabjc) { + if ($tabjc{$v} eq $_[0]) { + delete $tabjc{$v}; + $key[$indice] = "$v"; + $value[$indice] = $_[0]; + $indice++; + last; + } + } } sub checkversion { - #Automatic Updates is disabled - return "0","0"; + #Automatic Updates is disabled + return "0","0"; } diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi-bin/logs.cgi/firewalllogip.dat index 6fc3422..08ef1c4 100644 --- a/html/cgi-bin/logs.cgi/firewalllogip.dat +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat @@ -8,7 +8,7 @@ # page inspired from the initial firewalllog.dat # # Modified for IPFire by Christian Schmidt -# and Michael Tremer (www.ipfire.org) +# and Michael Tremer (www.ipfire.org) use strict; use Geo::IP::PurePerl; @@ -39,11 +39,11 @@ $cgiparams{'showpie'} = 1; $cgiparams{'sortcolumn'} = 1; my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); + 'Sep', 'Oct', 'Nov', 'Dec' ); my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); + $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, + $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, + $Lang::tr{'december'} ); my @now = localtime(); my $dow = $now[6]; @@ -69,81 +69,81 @@ if ($cgiparams{'sortcolumn'} != 0) { $settings{'sortcolumn'} = $cgiparams{'sortc if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { - &General::writehash("${General::swroot}/fwlogs/ipsettings", \%settings); + &General::writehash("${General::swroot}/fwlogs/ipsettings", \%settings); } my $start = -1; if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) { - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; + my @temp = split(',',$ENV{'QUERY_STRING'}); + $start = $temp[0]; + $cgiparams{'MONTH'} = $temp[1]; + $cgiparams{'DAY'} = $temp[2]; } if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) { - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; + $cgiparams{'DAY'} = $now[3]; + $cgiparams{'MONTH'} = $now[4]; } elsif($cgiparams{'ACTION'} eq '>>') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } elsif($cgiparams{'ACTION'} eq '<<') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the previous day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) { - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } + my @then = (); + if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); + } else { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); + } + $tdoy = $then[7]; + my $lastleap=($year-1)%4; + if ($tdoy>$doy) { + if ($lastleap == 0 && $tdoy < 60) { + $doy=$tdoy+366; + } else { + $doy=$doy+365; + } + } } my $datediff=0; my $dowd=0; my $multifile=0; if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } + $datediff=int(($doy-$tdoy)/7); + $dowd=($doy-$tdoy)%7; + if (($dow-$dowd)<1) { + $datediff=$datediff+1; + } + if (($dow-$dowd)==0) { + $multifile=1; + } } my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; @@ -151,62 +151,62 @@ my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; my $day = $cgiparams{'DAY'}; my $daystr=''; if ($day <= 9) { - $daystr = " $day"; } + $daystr = " $day"; } else { - $daystr = $day; + $daystr = $day; } my $skip=0; my $filestr=''; if ($datediff==0) { - $filestr="/var/log/messages"; + $filestr="/var/log/messages"; } else { $filestr="/var/log/messages.$datediff"; $filestr = "$filestr.gz" if -f "$filestr.gz"; } if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date + $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + # Note: This is in case the log does not exist for that date } my $lines = 0; my @log=(); if (!$skip) { - while (<FILE>) - { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - $log[$lines] = $_; - $lines++; - } - } - close (FILE); + while (<FILE>) + { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + $log[$lines] = $_; + $lines++; + } + } + close (FILE); } $skip=0; if ($multifile) { - $datediff=$datediff-1; - if ($datediff==0) { - $filestr="/var/log/messages"; - } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - } - if (!$skip) { - while (<FILE>) { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - $log[$lines] = $_; - $lines++; - } - } - close (FILE); - } + $datediff=$datediff-1; + if ($datediff==0) { + $filestr="/var/log/messages"; + } else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + } + if (!$skip) { + while (<FILE>) { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + $log[$lines] = $_; + $lines++; + } + } + close (FILE); + } } my $MODNAME="fwlogs"; @@ -217,9 +217,9 @@ my $MODNAME="fwlogs"; if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "<font class='base'>$errormessage </font>\n"; - &Header::closebox(); + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<font class='base'>$errormessage </font>\n"; + &Header::closebox(); } &Header::openbox('100%', 'left', "$Lang::tr{'settings'}"); @@ -228,33 +228,35 @@ print <<END <form method='post' action='$ENV{'SCRIPT_NAME'}'> <table width='100%'> <tr> - <td width='10%' class='base'>$Lang::tr{'month'}: </td> - <td width='10%'> - <select name='MONTH'> + <td width='10%' class='base'>$Lang::tr{'month'}: </td> + <td width='10%'> + <select name='MONTH'> END ; my $month; for ($month = 0; $month < 12; $month++) { - print "\t<option "; - if ($month == $cgiparams{'MONTH'}) { - print "selected='selected' "; } - print "value='$month'>$longmonths[$month]</option>\n"; + print "\t<option "; + if ($month == $cgiparams{'MONTH'}) { + print "selected='selected' "; + } + print "value='$month'>$longmonths[$month]</option>\n"; } print <<END - </select> - </td> - <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> - <td width='40%'> - <select name='DAY'> + </select> + </td> + <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> + <td width='40%'> + <select name='DAY'> END ; for ($day = 1; $day <= 31; $day++) { - print "\t<option "; - if ($day == $cgiparams{'DAY'}) { - print "selected='selected' "; } - print "value='$day'>$day</option>\n"; + print "\t<option "; + if ($day == $cgiparams{'DAY'}) { + print "selected='selected' "; + } + print "value='$day'>$day</option>\n"; } if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};} @@ -291,12 +293,12 @@ if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines = 0; foreach $_ (@log) { - # Extract ipv4 or ipv6 address - if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - $tabjc{$1} = $tabjc{$1} + 1 ; - if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } - $linesjc++; - } + # Extract ipv4 or ipv6 address + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + $tabjc{$1} = $tabjc{$1} + 1 ; + if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } + $linesjc++; + } } $pienumber = $lines; @@ -318,11 +320,11 @@ my @tabjc2; if ($sortcolumn == 1) { - @tabjc2 = sort { $b <=> $a } values (%tabjc); + @tabjc2 = sort { $b <=> $a } values (%tabjc); } else { - @tabjc2 = sort { $a <=> $b } keys (%tabjc); + @tabjc2 = sort { $a <=> $b } keys (%tabjc); } my $colour=1; @@ -336,17 +338,17 @@ my $v; if ($sortcolumn == 1) { - for ($v=0;$v<$pienumber;$v++){ - findkey($tabjc2[$v]); - } + for ($v=0;$v<$pienumber;$v++){ + findkey($tabjc2[$v]); + } } else { - foreach $v (@tabjc2) { - $key[$indice] = $v; - $value[$indice] = $tabjc{$v}; - $indice++; - } + foreach $v (@tabjc2) { + $key[$indice] = $v; + $value[$indice] = $tabjc{$v}; + $indice++; + } } my @ips; @@ -359,15 +361,15 @@ my $o; if($cgiparams{'otherspie'} == 2 ){} else{ - my $numothers; - for($o=0;$o<$pienumber;$o++){ - $numothers = $numothers + $numb[$o]; - } - $numothers = $linesjc - $numothers; - if ($numothers > 0) { - $ips[$pienumber]="$Lang::tr{'otherip'}"; - $numb[$pienumber] = $numothers; - } + my $numothers; + for($o=0;$o<$pienumber;$o++){ + $numothers = $numothers + $numb[$o]; + } + $numothers = $linesjc - $numothers; + if ($numothers > 0) { + $ips[$pienumber]="$Lang::tr{'otherip'}"; + $numb[$pienumber] = $numothers; + } } my @data = (\@ips,\@numb); @@ -380,28 +382,28 @@ my %mainsettings = (); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) { - my $mygraph = GD::Graph::pie->new(500, 350); - $mygraph->set( - 'title' => '', - 'pie_height' => 50, - 'start_angle' => 89 - ) or warn $mygraph->error; - - $mygraph->set_value_font(GD::gdMediumBoldFont); - $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] ); - my $myimage = $mygraph->plot(\@data) or die $mygraph->error; - - my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-ip*.png"); - unlink(@filenames); - my $imagerandom = rand(1000000); - my $imagename = "/srv/web/ipfire/html/graphs/fwlog-ip$imagerandom.png"; - open(FILE,">$imagename"); - print FILE $myimage->png; - close(FILE); - ##################################################### - print "<div style='text-align:center'>"; - print "<img src='/graphs/fwlog-ip$imagerandom.png'>"; - print "</div>"; + my $mygraph = GD::Graph::pie->new(500, 350); + $mygraph->set( + 'title' => '', + 'pie_height' => 50, + 'start_angle' => 89 + ) or warn $mygraph->error; + + $mygraph->set_value_font(GD::gdMediumBoldFont); + $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] ); + my $myimage = $mygraph->plot(\@data) or die $mygraph->error; + + my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-ip*.png"); + unlink(@filenames); + my $imagerandom = rand(1000000); + my $imagename = "/srv/web/ipfire/html/graphs/fwlog-ip$imagerandom.png"; + open(FILE,">$imagename"); + print FILE $myimage->png; + close(FILE); + ##################################################### + print "<div style='text-align:center'>"; + print "<img src='/graphs/fwlog-ip$imagerandom.png'>"; + print "</div>"; } print <<END @@ -425,60 +427,60 @@ my $col=""; for($s=0;$s<$lines;$s++) { - $show++; - $percent = $value[$s] * 100 / $linesjc; - $percent = sprintf("%.f", $percent); - $total = $total + $value[$s]; - # colors are numbered 1 to 10 - my $colorIndex = ($color % 10) + 1; - $col="bgcolor='$color{\"color$colorIndex\"}'"; - print "<tr>"; + $show++; + $percent = $value[$s] * 100 / $linesjc; + $percent = sprintf("%.f", $percent); + $total = $total + $value[$s]; + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; + $col="bgcolor='$color{\"color$colorIndex\"}'"; + print "<tr>"; + + my $gi = Geo::IP::PurePerl->new(); + my $ccode = $gi->country_code_by_name($key[$s]); + my $fcode = lc($ccode); - my $gi = Geo::IP::PurePerl->new(); - my $ccode = $gi->country_code_by_name($key[$s]); - my $fcode = lc($ccode); - - $color++; - print "<td align='center' $col><form method='post' action='showrequestfromip.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='ip' value='$key[$s]'> <input type='submit' value='$Lang::tr{'details'}'></form></td>"; - print "<td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$key[$s]'>$key[$s]</a></td>"; - - # Get flag icon for of the country. - my $flag_icon = &GeoIP::get_flag_icon($ccode); - - if ( $flag_icon ) { - print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode'></a></td>"; - } else { - print "<td align='center' $col></td>"; - } - - print "<td align='center' $col>$value[$s]</td>"; - print "<td align='center' $col>$percent</td>"; - print "</tr>"; - } + $color++; + print "<td align='center' $col><form method='post' action='showrequestfromip.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='ip' value='$key[$s]'> <input type='submit' value='$Lang::tr{'details'}'></form></td>"; + print "<td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$key[$s]'>$key[$s]</a></td>"; + + # Get flag icon for of the country. + my $flag_icon = &GeoIP::get_flag_icon($ccode); + + if ( $flag_icon ) { + print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode'></a></td>"; + } else { + print "<td align='center' $col></td>"; + } + + print "<td align='center' $col>$value[$s]</td>"; + print "<td align='center' $col>$percent</td>"; + print "</tr>"; +} if($cgiparams{'otherspie'} == 2 ){} else{ - # colors are numbered 1 to 10 - my $colorIndex = ($color % 10) + 1; - $col="bgcolor='$color{\"color$colorIndex\"}'"; - print "<tr>"; - -if ( $linesjc ne "0") -{ -my $dif; -$dif = $linesjc - $total; -$percent = $dif * 100 / $linesjc; -$percent = sprintf("%.f", $percent); -print <<END -<td align='center' $col></td> -<td align='center' $col>$Lang::tr{'otherip'}</td> -<td align='center' $col></td> -<td align='center' $col>$dif</td> -<td align='center' $col>$percent</td> -</tr> + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; + $col="bgcolor='$color{\"color$colorIndex\"}'"; + print "<tr>"; + + if ( $linesjc ne "0") + { + my $dif; + $dif = $linesjc - $total; + $percent = $dif * 100 / $linesjc; + $percent = sprintf("%.f", $percent); + print <<END + <td align='center' $col></td> + <td align='center' $col>$Lang::tr{'otherip'}</td> + <td align='center' $col></td> + <td align='center' $col>$dif</td> + <td align='center' $col>$percent</td> + </tr> END -; -} + ; + } } print <<END </table> @@ -490,20 +492,20 @@ END &Header::closepage(); sub findkey { - my $v; - foreach $v (@keytabjc) { - if ($tabjc{$v} eq $_[0]) { - delete $tabjc{$v}; - $key[$indice] = "$v"; - $value[$indice] = $_[0]; - $indice++; - last; - } - } + my $v; + foreach $v (@keytabjc) { + if ($tabjc{$v} eq $_[0]) { + delete $tabjc{$v}; + $key[$indice] = "$v"; + $value[$indice] = $_[0]; + $indice++; + last; + } + } } sub checkversion { - #Automatic Updates is disabled - return "0","0"; + #Automatic Updates is disabled + return "0","0"; } diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi-bin/logs.cgi/firewalllogport.dat index 583c1b3..fbc92e4 100644 --- a/html/cgi-bin/logs.cgi/firewalllogport.dat +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat @@ -8,7 +8,7 @@ # page inspired from the initial firewalllog.dat # # Modified for IPFire by Christian Schmidt -# and Michael Tremer (www.ipfire.org) +# and Michael Tremer (www.ipfire.org) use strict; @@ -40,11 +40,11 @@ $cgiparams{'showpie'} = 1; $cgiparams{'sortcolumn'} = 1; my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); + 'Sep', 'Oct', 'Nov', 'Dec' ); my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); + $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, + $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, + $Lang::tr{'december'} ); my @now = localtime(); my $dow = $now[6]; @@ -70,81 +70,81 @@ if ($cgiparams{'sortcolumn'} != 0) { $settings{'sortcolumn'} = $cgiparams{'sortc if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { - &General::writehash("${General::swroot}/fwlogs/portsettings", \%settings); + &General::writehash("${General::swroot}/fwlogs/portsettings", \%settings); } my $start = -1; if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) { - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; + my @temp = split(',',$ENV{'QUERY_STRING'}); + $start = $temp[0]; + $cgiparams{'MONTH'} = $temp[1]; + $cgiparams{'DAY'} = $temp[2]; } if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) { - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; + $cgiparams{'DAY'} = $now[3]; + $cgiparams{'MONTH'} = $now[4]; } elsif($cgiparams{'ACTION'} eq '>>') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } elsif($cgiparams{'ACTION'} eq '<<') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the previous day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) { - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } + my @then = (); + if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); + } else { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); + } + $tdoy = $then[7]; + my $lastleap=($year-1)%4; + if ($tdoy>$doy) { + if ($lastleap == 0 && $tdoy < 60) { + $doy=$tdoy+366; + } else { + $doy=$doy+365; + } + } } my $datediff=0; my $dowd=0; my $multifile=0; if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } + $datediff=int(($doy-$tdoy)/7); + $dowd=($doy-$tdoy)%7; + if (($dow-$dowd)<1) { + $datediff=$datediff+1; + } + if (($dow-$dowd)==0) { + $multifile=1; + } } my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; @@ -152,62 +152,62 @@ my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; my $day = $cgiparams{'DAY'}; my $daystr=''; if ($day <= 9) { - $daystr = " $day"; } + $daystr = " $day"; } else { - $daystr = $day; + $daystr = $day; } my $skip=0; my $filestr=''; if ($datediff==0) { - $filestr="/var/log/messages"; + $filestr="/var/log/messages"; } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; } if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date + $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + # Note: This is in case the log does not exist for that date } my $lines = 0; my @log=(); if (!$skip) { - while (<FILE>) - { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - $log[$lines] = $_; - $lines++; - } - } - close (FILE); + while (<FILE>) + { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + $log[$lines] = $_; + $lines++; + } + } + close (FILE); } $skip=0; if ($multifile) { - $datediff=$datediff-1; - if ($datediff==0) { - $filestr="/var/log/messages"; - } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - } - if (!$skip) { - while (<FILE>) { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - $log[$lines] = $_; - $lines++; - } - } - close (FILE); - } + $datediff=$datediff-1; + if ($datediff==0) { + $filestr="/var/log/messages"; + } else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + } + if (!$skip) { + while (<FILE>) { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + $log[$lines] = $_; + $lines++; + } + } + close (FILE); + } } my $MODNAME="fwlogs"; @@ -217,9 +217,9 @@ my $MODNAME="fwlogs"; &Header::openbigbox('100%', 'left', '', $errormessage); if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "<font class='base'>$errormessage </font>\n"; - &Header::closebox(); + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<font class='base'>$errormessage </font>\n"; + &Header::closebox(); } &Header::openbox('100%', 'left', "$Lang::tr{'settings'}"); @@ -228,33 +228,33 @@ print <<END <form method='post' action='$ENV{'SCRIPT_NAME'}'> <table width='100%'> <tr> - <td width='10%' class='base'>$Lang::tr{'month'}: </td> - <td width='10%'> - <select name='MONTH'> + <td width='10%' class='base'>$Lang::tr{'month'}: </td> + <td width='10%'> + <select name='MONTH'> END ; my $month; for ($month = 0; $month < 12; $month++) { - print "\t<option "; - if ($month == $cgiparams{'MONTH'}) { - print "selected='selected' "; } - print "value='$month'>$longmonths[$month]</option>\n"; + print "\t<option "; + if ($month == $cgiparams{'MONTH'}) { + print "selected='selected' "; } + print "value='$month'>$longmonths[$month]</option>\n"; } print <<END - </select> - </td> - <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> - <td width='40%'> - <select name='DAY'> + </select> + </td> + <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> + <td width='40%'> + <select name='DAY'> END ; for ($day = 1; $day <= 31; $day++) { - print "\t<option "; - if ($day == $cgiparams{'DAY'}) { - print "selected='selected' "; } - print "value='$day'>$day</option>\n"; + print "\t<option "; + if ($day == $cgiparams{'DAY'}) { + print "selected='selected' "; } + print "value='$day'>$day</option>\n"; } if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};} @@ -291,11 +291,11 @@ if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines = 0; foreach $_ (@log) { - if($_ =~ /DPT\=([\d\.]+)/){ - $tabjc{$1} = $tabjc{$1} + 1 ; - if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } - $linesjc++; - } + if($_ =~ /DPT\=([\d\.]+)/){ + $tabjc{$1} = $tabjc{$1} + 1 ; + if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } + $linesjc++; + } } $pienumber = $lines; @@ -317,11 +317,11 @@ my @tabjc2; if ($sortcolumn == 1) { - @tabjc2 = sort { $b <=> $a } values (%tabjc); + @tabjc2 = sort { $b <=> $a } values (%tabjc); } else { - @tabjc2 = sort { $a <=> $b } keys (%tabjc); + @tabjc2 = sort { $a <=> $b } keys (%tabjc); } my $color=10; @@ -338,17 +338,17 @@ my $v; if ($sortcolumn == 1) { - for ($v=0;$v<$pienumber;$v++){ - findkey($tabjc2[$v]); - } + for ($v=0;$v<$pienumber;$v++){ + findkey($tabjc2[$v]); + } } else { - foreach $v (@tabjc2) { - $key[$indice] = $v; - $value[$indice] = $tabjc{$v}; - $indice++; - } + foreach $v (@tabjc2) { + $key[$indice] = $v; + $value[$indice] = $tabjc{$v}; + $indice++; + } } my @ports; @@ -361,15 +361,15 @@ my $o; if($cgiparams{'otherspie'} == 2 ){} else{ - my $numothers; - for($o=0;$o<$pienumber;$o++){ - $numothers = $numothers + $numb[$o]; - } - $numothers = $linesjc - $numothers; - if ($numothers > 0) { - $ports[$pienumber]="$Lang::tr{'otherport'}"; - $numb[$pienumber] = $numothers; - } + my $numothers; + for($o=0;$o<$pienumber;$o++){ + $numothers = $numothers + $numb[$o]; + } + $numothers = $linesjc - $numothers; + if ($numothers > 0) { + $ports[$pienumber]="$Lang::tr{'otherport'}"; + $numb[$pienumber] = $numothers; + } } my @data = (\@ports,\@numb); @@ -381,28 +381,28 @@ my %mainsettings = (); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) { - my $mygraph = GD::Graph::pie->new(500, 350); - $mygraph->set( - 'title' => '', - 'pie_height' => 50, - 'start_angle' => 89 - ) or warn $mygraph->error; - - $mygraph->set_value_font(GD::gdMediumBoldFont); - $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] ); - my $myimage = $mygraph->plot(\@data) or die $mygraph->error; - - my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-port*.png"); - unlink(@filenames); - my $imagerandom = rand(1000000); - my $imagename = "/srv/web/ipfire/html/graphs/fwlog-port$imagerandom.png"; - open(FILE,">$imagename"); - print FILE $myimage->png; - close(FILE); - ##################################################### - print "<div style='text-align:center'>"; - print "<img src='/graphs/fwlog-port$imagerandom.png'>"; - print "</div>"; + my $mygraph = GD::Graph::pie->new(500, 350); + $mygraph->set( + 'title' => '', + 'pie_height' => 50, + 'start_angle' => 89 + ) or warn $mygraph->error; + + $mygraph->set_value_font(GD::gdMediumBoldFont); + $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] ); + my $myimage = $mygraph->plot(\@data) or die $mygraph->error; + + my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-port*.png"); + unlink(@filenames); + my $imagerandom = rand(1000000); + my $imagename = "/srv/web/ipfire/html/graphs/fwlog-port$imagerandom.png"; + open(FILE,">$imagename"); + print FILE $myimage->png; + close(FILE); + ##################################################### + print "<div style='text-align:center'>"; + print "<img src='/graphs/fwlog-port$imagerandom.png'>"; + print "</div>"; } print <<END @@ -425,45 +425,44 @@ my $col=""; for($s=0;$s<$lines;$s++) { - $show++; - $percent = $value[$s] * 100 / $linesjc; - $percent = sprintf("%.f", $percent); - $total = $total + $value[$s]; - # colors are numbered 1 to 10 - my $colorIndex = ($color % 10) + 1; - $col="bgcolor='$color{\"color$colorIndex\"}'"; - print "<tr>"; - - $color++; - print "<td align='center' $col><form method='post' action='showrequestfromport.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='port' value='$key[$s]'> <input type='submit' value='$Lang::tr{'details'}'></form></td>"; - print "<td align='center' $col>$key[$s]</td>"; - print "<td align='center' $col>$value[$s]</td>"; - print "<td align='center' $col>$percent</td>"; - print "</tr>"; + $show++; + $percent = $value[$s] * 100 / $linesjc; + $percent = sprintf("%.f", $percent); + $total = $total + $value[$s]; + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; + $col="bgcolor='$color{\"color$colorIndex\"}'"; + print "<tr>"; + + $color++; + print "<td align='center' $col><form method='post' action='showrequestfromport.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='port' value='$key[$s]'> <input type='submit' value='$Lang::tr{'details'}'></form></td>"; + print "<td align='center' $col>$key[$s]</td>"; + print "<td align='center' $col>$value[$s]</td>"; + print "<td align='center' $col>$percent</td>"; + print "</tr>"; } if($cgiparams{'otherspie'} == 2 ){} else{ - # colors are numbered 1 to 10 - my $colorIndex = ($color % 10) + 1; - $col="bgcolor='$color{\"color$colorIndex\"}'"; - print "<tr>"; - -if ( $linesjc ne "0") -{ -my $dif; -$dif = $linesjc - $total; -$percent = $dif * 100 / $linesjc; -$percent = sprintf("%.f", $percent); -print <<END -<td align='center' $col></td> -<td align='center' $col>$Lang::tr{'otherport'}</td> -<td align='center' $col>$dif</td> -<td align='center' $col>$percent</td> -</tr> + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; + $col="bgcolor='$color{\"color$colorIndex\"}'"; + print "<tr>"; + + if ( $linesjc ne "0") { + my $dif; + $dif = $linesjc - $total; + $percent = $dif * 100 / $linesjc; + $percent = sprintf("%.f", $percent); + print <<END + <td align='center' $col></td> + <td align='center' $col>$Lang::tr{'otherport'}</td> + <td align='center' $col>$dif</td> + <td align='center' $col>$percent</td> + </tr> END -; -} + ; + } } print <<END </table> @@ -475,20 +474,20 @@ END &Header::closepage(); sub findkey { - my $v; - foreach $v (@keytabjc) { - if ($tabjc{$v} eq $_[0]) { - delete $tabjc{$v}; - $key[$indice] = "$v"; - $value[$indice] = $_[0]; - $indice++; - last; - } - } + my $v; + foreach $v (@keytabjc) { + if ($tabjc{$v} eq $_[0]) { + delete $tabjc{$v}; + $key[$indice] = "$v"; + $value[$indice] = $_[0]; + $indice++; + last; + } + } } sub checkversion { - #Automatic Updates is disabled - return "0","0"; + #Automatic Updates is disabled + return "0","0"; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat index 27e7697..cd97f87 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat @@ -69,60 +69,60 @@ if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || } elsif($cgiparams{'ACTION'} eq '>>') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } elsif($cgiparams{'ACTION'} eq '<<') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the previous day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) { - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } + my @then = (); + if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); + } else { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); + } + $tdoy = $then[7]; + my $lastleap=($year-1)%4; + if ($tdoy>$doy) { + if ($lastleap == 0 && $tdoy < 60) { + $doy=$tdoy+366; + } else { + $doy=$doy+365; + } + } } my $datediff=0; my $dowd=0; my $multifile=0; if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } + $datediff=int(($doy-$tdoy)/7); + $dowd=($doy-$tdoy)%7; + if (($dow-$dowd)<1) { + $datediff=$datediff+1; + } + if (($dow-$dowd)==0) { + $multifile=1; + } } my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; @@ -138,16 +138,16 @@ else { my $skip=0; my $filestr=''; if ($datediff==0) { - $filestr="/var/log/messages"; + $filestr="/var/log/messages"; } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; } if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date + $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + # Note: This is in case the log does not exist for that date } my $lines = 0; my @log=(); @@ -156,78 +156,77 @@ my $gi = Geo::IP::PurePerl->new(); if (!$skip) { - while (<FILE>) - { - # First check whether valid log line (date, day) - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - # If ipv6 uses bridge, then use PHYSIN otherwise use IN - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYSIN=.*)$/) {} - elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {} - my $packet = $2; - my $iface = ''; - my $srcaddr = ''; - # If ipv6 uses bridge, use PHYSIN otherwise IN - if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } - # Extract ipv4 and ipv6 addresses - if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - $srcaddr = $1; - }; - - if($iface eq $country) { - # iface matches country code - $log[$lines] = $_; - $lines++; - } - elsif($srcaddr ne '') { - # or srcaddr matches country code - my $ccode = $gi->country_code_by_name($srcaddr); - if($ccode eq uc($country)){ - $log[$lines] = $_; - $lines++; - } - } - } + while (<FILE>) { + # First check whether valid log line (date, day) + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + # If ipv6 uses bridge, then use PHYSIN otherwise use IN + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYSIN=.*)$/) {} + elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {} + my $packet = $2; + my $iface = ''; + my $srcaddr = ''; + # If ipv6 uses bridge, use PHYSIN otherwise IN + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } + # Extract ipv4 and ipv6 addresses + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + $srcaddr = $1; + } + + if($iface eq $country) { + # iface matches country code + $log[$lines] = $_; + $lines++; + } + elsif($srcaddr ne '') { + # or srcaddr matches country code + my $ccode = $gi->country_code_by_name($srcaddr); + if($ccode eq uc($country)){ + $log[$lines] = $_; + $lines++; + } + } + } } close (FILE); } $skip=0; if ($multifile) { - $datediff=$datediff-1; - if ($datediff==0) { - $filestr="/var/log/messages"; - } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - } - if (!$skip) { + $datediff=$datediff-1; + if ($datediff==0) { + $filestr="/var/log/messages"; + } else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + } + if (!$skip) { while (<FILE>) { - # Check if valid log line (date, day) - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - my $iface = ''; - # If ipv6 uses bridge, then use PHYSIN otherwise IN - if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($_ =~ /IN=(\w+)/) { $iface = $1; } - - if($iface eq $country) { - # iface matches country code - $log[$lines] = $_; - $lines++; - } - # extract ipv4 and ipv6 address - elsif (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - my $srcaddr=$1; - my $ccode = $gi->country_code_by_name($srcaddr); - if($ccode eq uc($country)){ - # or srcaddr matches country code - $log[$lines] = $_; - $lines++; - } - } - } + # Check if valid log line (date, day) + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + my $iface = ''; + # If ipv6 uses bridge, then use PHYSIN otherwise IN + if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($_ =~ /IN=(\w+)/) { $iface = $1; } + + if($iface eq $country) { + # iface matches country code + $log[$lines] = $_; + $lines++; + } + # extract ipv4 and ipv6 address + elsif (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + my $srcaddr=$1; + my $ccode = $gi->country_code_by_name($srcaddr); + if($ccode eq uc($country)){ + # or srcaddr matches country code + $log[$lines] = $_; + $lines++; + } + } + } } close (FILE); } @@ -259,7 +258,8 @@ for ($month = 0; $month < 12; $month++) { print "\t<option "; if ($month == $cgiparams{'MONTH'}) { - print "selected='selected' "; } + print "selected='selected' "; + } print "value='$month'>$longmonths[$month]</option>\n"; } print <<END @@ -296,7 +296,8 @@ END print "<p><b>$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines</b></p>"; if ($start == -1) { - $start = $lines - ${Header::viewsize}; } + $start = $lines - ${Header::viewsize}; +} if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; }; if ($start < 0) { $start = 0; } @@ -331,78 +332,80 @@ if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } $lines = 0; foreach $_ (@slice) { - $a = $_; - # If ipv6 uses bridge, use PHYSIN otherwise use IN - if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} - elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}; - my $packet = $4; - my $iface = ''; - # If ipv6 uses bridge, use PHYSIN otherwise use IN - if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } - if ( $1 =~ /2./ ){ $iface=""; } - my $srcaddr = ''; - # Extract ipv4 and ipv6 addresses - if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - $srcaddr = $1; - }; - - if($iface eq $country || $srcaddr ne '') { - my $ccode=''; - if($iface ne $country) { - $ccode = $gi->country_code_by_name($srcaddr); - } - if($iface eq $country || $ccode eq uc($country)) { - my $chain = ''; - my $in = '-'; my $out = '-'; - my $srcaddr = ''; my $dstaddr = ''; - my $protostr = ''; - my $srcport = ''; my $dstport = ''; - - # If ipv6 uses bridge, the use PHYSIN otherwise use IN - if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} - elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} - my $timestamp = $1; my $chain = $2; my $packet = $3; - $timestamp =~ /(...) (..) (..:..:..)/; - my $month = $1; my $day = $2; my $time = $3; - - # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use IN and OUT - if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~ /IN=(\w+)/) { $iface = $1; } - if ($a =~ /PHYSOUT=(\w+)/) { $out = $1; } elsif ($a =~ /OUT=(\w+)/) { $out = $1; } - # Extract ipv4 and ipv6 addresses - if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } - if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } - if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } - my $protostrlc = lc($protostr); - if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } - if ($a =~ /DPT\=([\d\.]+)/){ $dstport = $1; } - - if ($lines % 2) { - print "<tr bgcolor='${Header::table1colour}'>\n"; } - else { - print "<tr bgcolor='${Header::table2colour}'>\n"; } - print <<END - <td align='center'>$time</td> - <td align='center'>$chain</td> - <td align='center'>$iface</td> - <td align='center'>$protostr</td> - <td align='center'> - <table width='100%' cellpadding='0' cellspacing='0'><tr> - <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a></td> - </tr></table> - </td> - <td align='center'>$srcport</td> - <td align='center'> - <table width='100%' cellpadding='0' cellspacing='0'><tr> - <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> - </tr></table> - </td> - <td align='center'>$dstport</td> - </tr> + $a = $_; + # If ipv6 uses bridge, use PHYSIN otherwise use IN + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}; + my $packet = $4; + my $iface = ''; + # If ipv6 uses bridge, use PHYSIN otherwise use IN + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } + if ( $1 =~ /2./ ){ $iface=""; } + my $srcaddr = ''; + # Extract ipv4 and ipv6 addresses + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + $srcaddr = $1; + }; + + if($iface eq $country || $srcaddr ne '') { + my $ccode=''; + if($iface ne $country) { + $ccode = $gi->country_code_by_name($srcaddr); + } + if($iface eq $country || $ccode eq uc($country)) { + my $chain = ''; + my $in = '-'; my $out = '-'; + my $srcaddr = ''; my $dstaddr = ''; + my $protostr = ''; + my $srcport = ''; my $dstport = ''; + + # If ipv6 uses bridge, the use PHYSIN otherwise use IN + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} + my $timestamp = $1; my $chain = $2; my $packet = $3; + $timestamp =~ /(...) (..) (..:..:..)/; + my $month = $1; my $day = $2; my $time = $3; + + # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use IN and OUT + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~ /IN=(\w+)/) { $iface = $1; } + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1; } elsif ($a =~ /OUT=(\w+)/) { $out = $1; } + # Extract ipv4 and ipv6 addresses + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } + if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } + my $protostrlc = lc($protostr); + if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } + if ($a =~ /DPT\=([\d\.]+)/){ $dstport = $1; } + + if ($lines % 2) { + print "<tr bgcolor='${Header::table1colour}'>\n"; + } + else { + print "<tr bgcolor='${Header::table2colour}'>\n"; + } + print <<END + <td align='center'>$time</td> + <td align='center'>$chain</td> + <td align='center'>$iface</td> + <td align='center'>$protostr</td> + <td align='center'> + <table width='100%' cellpadding='0' cellspacing='0'><tr> + <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a></td> + </tr></table> + </td> + <td align='center'>$srcport</td> + <td align='center'> + <table width='100%' cellpadding='0' cellspacing='0'><tr> + <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> + </tr></table> + </td> + <td align='center'>$dstport</td> + </tr> END - ; - $lines++; - } - } + ; + $lines++; + } + } } print <<END @@ -420,30 +423,34 @@ END sub oldernewer { - print <<END - <table width='100%'> - <tr> + print <<END + <table width='100%'> + <tr> END -; + ; - print "<td align='center' width='50%'>"; - if ($prev != -1) { - print "<a href='/cgi-bin/logs.cgi/showrequestfromcountry.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{country}'>$Lang::tr{'older'}</a>"; } - else { - print "$Lang::tr{'older'}"; } - print "</td>\n"; + print "<td align='center' width='50%'>"; + if ($prev != -1) { + print "<a href='/cgi-bin/logs.cgi/showrequestfromcountry.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{country}'>$Lang::tr{'older'}</a>"; + } + else { + print "$Lang::tr{'older'}"; + } + print "</td>\n"; - print "<td align='center' width='50%'>"; - if ($next != -1) { - print "<a href='/cgi-bin/logs.cgi/showrequestfromcountry.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{country}'>$Lang::tr{'newer'}</a>"; } - else { - print "$Lang::tr{'newer'}"; } - print "</td>\n"; + print "<td align='center' width='50%'>"; + if ($next != -1) { + print "<a href='/cgi-bin/logs.cgi/showrequestfromcountry.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{country}'>$Lang::tr{'newer'}</a>"; + } + else { + print "$Lang::tr{'newer'}"; + } -print <<END - </tr> - </table> + print "</td>\n"; + print <<END + </tr> + </table> END -; + ; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi-bin/logs.cgi/showrequestfromip.dat index d7d1ace..154fa40 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat @@ -66,60 +66,60 @@ if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || } elsif($cgiparams{'ACTION'} eq '>>') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } elsif($cgiparams{'ACTION'} eq '<<') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the previous day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) { - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } + my @then = (); + if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); + } else { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); + } + $tdoy = $then[7]; + my $lastleap=($year-1)%4; + if ($tdoy>$doy) { + if ($lastleap == 0 && $tdoy < 60) { + $doy=$tdoy+366; + } else { + $doy=$doy+365; + } + } } my $datediff=0; my $dowd=0; my $multifile=0; if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } + $datediff=int(($doy-$tdoy)/7); + $dowd=($doy-$tdoy)%7; + if (($dow-$dowd)<1) { + $datediff=$datediff+1; + } + if (($dow-$dowd)==0) { + $multifile=1; + } } my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; @@ -135,16 +135,16 @@ else { my $skip=0; my $filestr=''; if ($datediff==0) { - $filestr="/var/log/messages"; + $filestr="/var/log/messages"; } else { $filestr="/var/log/messages.$datediff"; $filestr = "$filestr.gz" if -f "$filestr.gz"; } if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date + $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + # Note: This is in case the log does not exist for that date } my $lines = 0; my @log=(); @@ -152,15 +152,14 @@ my $ip = $cgiparams{ip}; if (!$skip) { - while (<FILE>) - { + while (<FILE>) { if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - if($1 eq $ip){ - $log[$lines] = $_; - $lines++; - } - } + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + if($1 eq $ip){ + $log[$lines] = $_; + $lines++; + } + } } } close (FILE); @@ -168,26 +167,26 @@ if (!$skip) $skip=0; if ($multifile) { - $datediff=$datediff-1; - if ($datediff==0) { - $filestr="/var/log/messages"; - } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - } - if (!$skip) { + $datediff=$datediff-1; + if ($datediff==0) { + $filestr="/var/log/messages"; + } else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + } + if (!$skip) { while (<FILE>) { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - if($1 eq $ip){ - $log[$lines] = $_; - $lines++; - } - } + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + if($1 eq $ip){ + $log[$lines] = $_; + $lines++; + } + } } } close (FILE); @@ -257,7 +256,8 @@ END print "<p><b>$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines</b></p>"; if ($start == -1) { - $start = $lines - ${Header::viewsize}; } + $start = $lines - ${Header::viewsize}; +} if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; }; if ($start < 0) { $start = 0; } @@ -290,63 +290,64 @@ my @slice = splice(@log, $start, ${Header::viewsize}); if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } $lines = 0; -foreach $_ (@slice) -{ - $a = $_; - # Check whether valid ipv4 or ipv6 address - if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - if($1 eq $ip){ - my $chain = ''; - my $in = '-'; my $out = '-'; - my $srcaddr = ''; my $dstaddr = ''; - my $protostr = ''; - my $srcport = ''; my $dstport = ''; - - # If ipv6 uses bridge, the use PHYSIN, otherwise use IN - if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} - elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} - my $timestamp = $1; my $chain = $2; my $packet = $3; - $timestamp =~ /(...) (..) (..:..:..)/; - my $month = $1; my $day = $2; my $time = $3; - - # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT - if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~ /IN=(\w+)/) { $iface = $1; } - if ($a =~ /PHYSOUT=(\w+)/) { $out = $1; } elsif ($a =~ /OUT=(\w+)/) { $out = $1; } - # Detect ipv4 and ipv6 addresses - if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } - if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } - if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } - my $protostrlc = lc($protostr); - if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } - if ($a =~ /DPT\=([\d\.]+)/){ $dstport = $1; } - - if ($lines % 2) { - print "<tr bgcolor='${Header::table1colour}'>\n"; } - else { - print "<tr bgcolor='${Header::table2colour}'>\n"; } - print <<END - <td align='center'>$time</td> - <td align='center'>$chain</td> - <td align='center'>$iface</td> - <td align='center'>$protostr</td> - <td align='center'> - <table width='100%' cellpadding='0' cellspacing='0'><tr> - <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a></td> - </tr></table> - </td> - <td align='center'>$srcport</td> - <td align='center'> - <table width='100%' cellpadding='0' cellspacing='0'><tr> - <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> - </tr></table> - </td> - <td align='center'>$dstport</td> -</tr> +foreach $_ (@slice) { + $a = $_; + # Check whether valid ipv4 or ipv6 address + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + if($1 eq $ip) { + my $chain = ''; + my $in = '-'; my $out = '-'; + my $srcaddr = ''; my $dstaddr = ''; + my $protostr = ''; + my $srcport = ''; my $dstport = ''; + + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} + my $timestamp = $1; my $chain = $2; my $packet = $3; + $timestamp =~ /(...) (..) (..:..:..)/; + my $month = $1; my $day = $2; my $time = $3; + + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~ /IN=(\w+)/) { $iface = $1; } + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1; } elsif ($a =~ /OUT=(\w+)/) { $out = $1; } + # Detect ipv4 and ipv6 addresses + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } + if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } + my $protostrlc = lc($protostr); + if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } + if ($a =~ /DPT\=([\d\.]+)/){ $dstport = $1; } + + if ($lines % 2) { + print "<tr bgcolor='${Header::table1colour}'>\n"; + } + else { + print "<tr bgcolor='${Header::table2colour}'>\n"; + } + print <<END + <td align='center'>$time</td> + <td align='center'>$chain</td> + <td align='center'>$iface</td> + <td align='center'>$protostr</td> + <td align='center'> + <table width='100%' cellpadding='0' cellspacing='0'><tr> + <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a></td> + </tr></table> + </td> + <td align='center'>$srcport</td> + <td align='center'> + <table width='100%' cellpadding='0' cellspacing='0'><tr> + <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> + </tr></table> + </td> + <td align='center'>$dstport</td> + </tr> END - ; - $lines++; - } - } + ; + $lines++; + } + } } print <<END @@ -364,29 +365,33 @@ END sub oldernewer { -print <<END -<table width='100%'> -<tr> + print <<END + <table width='100%'> + <tr> END -; + ; -print "<td align='center' width='50%'>"; -if ($prev != -1) { - print "<a href='/cgi-bin/logs.cgi/showrequestfromip.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{ip}'>$Lang::tr{'older'}</a>"; } -else { - print "$Lang::tr{'older'}"; } -print "</td>\n"; + print "<td align='center' width='50%'>"; + if ($prev != -1) { + print "<a href='/cgi-bin/logs.cgi/showrequestfromip.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{ip}'>$Lang::tr{'older'}</a>"; + } + else { + print "$Lang::tr{'older'}"; + } + print "</td>\n"; -print "<td align='center' width='50%'>"; -if ($next != -1) { - print "<a href='/cgi-bin/logs.cgi/showrequestfromip.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{ip}'>$Lang::tr{'newer'}</a>"; } -else { - print "$Lang::tr{'newer'}"; } -print "</td>\n"; + print "<td align='center' width='50%'>"; + if ($next != -1) { + print "<a href='/cgi-bin/logs.cgi/showrequestfromip.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{ip}'>$Lang::tr{'newer'}</a>"; + } + else { + print "$Lang::tr{'newer'}"; + } + print "</td>\n"; -print <<END -</tr> -</table> + print <<END + </tr> + </table> END -; + ; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi-bin/logs.cgi/showrequestfromport.dat index 6f5f63b..e1f00ae 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat @@ -73,60 +73,60 @@ if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || } elsif($cgiparams{'ACTION'} eq '>>') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } elsif($cgiparams{'ACTION'} eq '<<') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the previous day - - ## 86400 seconds in a day - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the previous day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) { - my @then = (); - if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); - } else { - @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); - } - $tdoy = $then[7]; - my $lastleap=($year-1)%4; - if ($tdoy>$doy) { - if ($lastleap == 0 && $tdoy < 60) { - $doy=$tdoy+366; - } else { - $doy=$doy+365; - } - } + my @then = (); + if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); + } else { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); + } + $tdoy = $then[7]; + my $lastleap=($year-1)%4; + if ($tdoy>$doy) { + if ($lastleap == 0 && $tdoy < 60) { + $doy=$tdoy+366; + } else { + $doy=$doy+365; + } + } } my $datediff=0; my $dowd=0; my $multifile=0; if ($tdoy ne $doy) { - $datediff=int(($doy-$tdoy)/7); - $dowd=($doy-$tdoy)%7; - if (($dow-$dowd)<1) { - $datediff=$datediff+1; - } - if (($dow-$dowd)==0) { - $multifile=1; - } + $datediff=int(($doy-$tdoy)/7); + $dowd=($doy-$tdoy)%7; + if (($dow-$dowd)<1) { + $datediff=$datediff+1; + } + if (($dow-$dowd)==0) { + $multifile=1; + } } my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; @@ -142,16 +142,16 @@ else { my $skip=0; my $filestr=''; if ($datediff==0) { - $filestr="/var/log/messages"; + $filestr="/var/log/messages"; } else { $filestr="/var/log/messages.$datediff"; $filestr = "$filestr.gz" if -f "$filestr.gz"; } if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - # Note: This is in case the log does not exist for that date + $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + # Note: This is in case the log does not exist for that date } my $lines = 0; my @log=(); @@ -159,15 +159,15 @@ my $port = $cgiparams{port}; if (!$skip) { - while (<FILE>) - { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if($_ =~ /DPT\=([\d\.]+)/){ - if($1 eq $port){ - $log[$lines] = $_; - $lines++; - } - } + while (<FILE>) + { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + if($_ =~ /DPT\=([\d\.]+)/){ + if($1 eq $port){ + $log[$lines] = $_; + $lines++; + } + } } } close (FILE); @@ -175,26 +175,26 @@ if (!$skip) $skip=0; if ($multifile) { - $datediff=$datediff-1; - if ($datediff==0) { - $filestr="/var/log/messages"; - } else { - $filestr="/var/log/messages.$datediff"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { - $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; - $skip=1; - } - if (!$skip) { + $datediff=$datediff-1; + if ($datediff==0) { + $filestr="/var/log/messages"; + } else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + } + if (!$skip) { while (<FILE>) { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if($_ =~ /DPT\=([\d\.]+)/){ - if($1 eq $port){ - $log[$lines] = $_; - $lines++; - } - } + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + if($_ =~ /DPT\=([\d\.]+)/){ + if($1 eq $port){ + $log[$lines] = $_; + $lines++; + } + } } } close (FILE); @@ -264,7 +264,8 @@ END print "<p><b>$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines</b></p>"; if ($start == -1) { - $start = $lines - ${Header::viewsize}; } + $start = $lines - ${Header::viewsize}; +} if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; }; if ($start < 0) { $start = 0; } @@ -298,60 +299,65 @@ if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } $lines = 0; foreach $_ (@slice) { - $a = $_; - if($_ =~ /DPT\=([\d\.]+)/){ - if($1 eq $port){ - my $chain = ''; - my $in = '-'; my $out = '-'; - my $srcaddr = ''; my $dstaddr = ''; - my $protostr = ''; - my $srcport = ''; my $dstport = ''; - - # If ipv6 uses bridge, the use PHYSIN, otherwise use IN - if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} - elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} - my $timestamp = $1; my $chain = $2; my $packet = $3; - $timestamp =~ /(...) (..) (..:..:..)/; - my $month = $1; my $day = $2; my $time = $3; my $iface; - - # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT - if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ /IN\=(\w+)/) { $iface = $1; } - if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~ /OUT\=(\w+)/) { $out = $1; } - # Detect ipv4 and ipv6 addresses - if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } - if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } - if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } - my $protostrlc = lc($protostr); - if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } - if ($a =~ /DPT\=([\d\.]+)/){ $dstport = $1; } - - if ($lines % 2) { - print "<tr bgcolor='${Header::table1colour}'>\n"; } - else { - print "<tr bgcolor='${Header::table2colour}'>\n"; } - print <<END - <td align='center'>$time</td> - <td align='center'>$chain</td> - <td align='center'>$iface</td> - <td align='center'>$protostr</td> - <td align='center'> - <table width='100%' cellpadding='0' cellspacing='0'><tr> - <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a></td> - </tr></table> - </td> - <td align='center'>$srcport</td> - <td align='center'> - <table width='100%' cellpadding='0' cellspacing='0'><tr> - <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> - </tr></table> - </td> - <td align='center'>$dstport</td> -</tr> + $a = $_; + if($_ =~ /DPT\=([\d\.]+)/){ + if($1 eq $port){ + my $chain = ''; + my $in = '-'; + my $out = '-'; + my $srcaddr = ''; + my $dstaddr = ''; + my $protostr = ''; + my $srcport = ''; + my $dstport = ''; + + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} + my $timestamp = $1; my $chain = $2; my $packet = $3; + $timestamp =~ /(...) (..) (..:..:..)/; + my $month = $1; my $day = $2; my $time = $3; my $iface; + + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT + if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ /IN\=(\w+)/) { $iface = $1; } + if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~ /OUT\=(\w+)/) { $out = $1; } + # Detect ipv4 and ipv6 addresses + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } + if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } + my $protostrlc = lc($protostr); + if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } + if ($a =~ /DPT\=([\d\.]+)/){ $dstport = $1; } + + if ($lines % 2) { + print "<tr bgcolor='${Header::table1colour}'>\n"; + } + else { + print "<tr bgcolor='${Header::table2colour}'>\n"; + } + print <<END + <td align='center'>$time</td> + <td align='center'>$chain</td> + <td align='center'>$iface</td> + <td align='center'>$protostr</td> + <td align='center'> + <table width='100%' cellpadding='0' cellspacing='0'><tr> + <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a></td> + </tr></table> + </td> + <td align='center'>$srcport</td> + <td align='center'> + <table width='100%' cellpadding='0' cellspacing='0'><tr> + <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> + </tr></table> + </td> + <td align='center'>$dstport</td> + </tr> END - ; - $lines++; - } - } + ; + $lines++; + } + } } print <<END @@ -369,30 +375,34 @@ END sub oldernewer { -print <<END -<table width='100%'> -<tr> + print <<END + <table width='100%'> + <tr> END -; + ; -print "<td align='center' width='50%'>"; -if ($prev != -1) { - print "<a href='/cgi-bin/logs.cgi/showrequestfromport.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{port}'>$Lang::tr{'older'}</a>"; } -else { - print "$Lang::tr{'older'}"; } -print "</td>\n"; + print "<td align='center' width='50%'>"; + if ($prev != -1) { + print "<a href='/cgi-bin/logs.cgi/showrequestfromport.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{port}'>$Lang::tr{'older'}</a>"; + } + else { + print "$Lang::tr{'older'}"; + } + print "</td>\n"; -print "<td align='center' width='50%'>"; -if ($next != -1) { - print "<a href='/cgi-bin/logs.cgi/showrequestfromport.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{port}'>$Lang::tr{'newer'}</a>"; } -else { - print "$Lang::tr{'newer'}"; } -print "</td>\n"; + print "<td align='center' width='50%'>"; + if ($next != -1) { + print "<a href='/cgi-bin/logs.cgi/showrequestfromport.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{port}'>$Lang::tr{'newer'}</a>"; + } + else { + print "$Lang::tr{'newer'}"; + } + print "</td>\n"; -print <<END -</tr> -</table> + print <<END + </tr> + </table> END -; + ; } -- 1.9.1

1 0

[PATCH 4/5] Fixed detection of firewall chain when bridge is used for ipv6
by Michael Eitelwein 10 Jan '16

10 Jan '16

Fixing a bug in previous patches. Signed-off-by: Michael Eitelwein <michael(a)eitelwein.net> --- html/cgi-bin/logs.cgi/firewalllog.dat | 2 +- html/cgi-bin/logs.cgi/firewalllogcountry.dat | 8 ++++---- html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 22 +++++++++++----------- html/cgi-bin/logs.cgi/showrequestfromip.dat | 6 +++--- html/cgi-bin/logs.cgi/showrequestfromport.dat | 6 +++--- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat index 7ae9be6..df9b488 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -339,7 +339,7 @@ foreach $_ (@log) my $chain = $3; my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport); - if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } # Identify whether ipv4 or ipv6. Both are mutally exclusive. if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1; } if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1; } diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat index 2661ddd..087b844 100644 --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat @@ -294,16 +294,16 @@ $lines = 0; foreach $_ (@log) { # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN - if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} my $packet = $4; my $iface = ''; - if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 } + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } if ( $1 =~ /2./ ) { $iface=''; } my $srcaddr = ''; # Find ipv4 and ipv6 addresses - if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = $1 } - elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr = $1 } + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = $1; } + elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr = $1; } if($iface eq $red_interface) { # Traffic from red diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat index 07bf864..27e7697 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat @@ -161,16 +161,16 @@ if (!$skip) # First check whether valid log line (date, day) if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { # If ipv6 uses bridge, then use PHYSIN otherwise use IN - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYSIN=.*)$/) {} + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYSIN=.*)$/) {} elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {} my $packet = $2; my $iface = ''; my $srcaddr = ''; # If ipv6 uses bridge, use PHYSIN otherwise IN - if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 } + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } # Extract ipv4 and ipv6 addresses if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - $srcaddr = $1 + $srcaddr = $1; }; if($iface eq $country) { @@ -210,7 +210,7 @@ if ($multifile) { if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { my $iface = ''; # If ipv6 uses bridge, then use PHYSIN otherwise IN - if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($_ =~ /IN=(\w+)/) { $iface = $1 } + if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($_ =~ /IN=(\w+)/) { $iface = $1; } if($iface eq $country) { # iface matches country code @@ -333,17 +333,17 @@ foreach $_ (@slice) { $a = $_; # If ipv6 uses bridge, use PHYSIN otherwise use IN - if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}; my $packet = $4; my $iface = ''; # If ipv6 uses bridge, use PHYSIN otherwise use IN - if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 } - if ( $1 =~ /2./ ){ $iface="";} + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } + if ( $1 =~ /2./ ){ $iface=""; } my $srcaddr = ''; # Extract ipv4 and ipv6 addresses if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { - $srcaddr = $1 + $srcaddr = $1; }; if($iface eq $country || $srcaddr ne '') { @@ -359,15 +359,15 @@ foreach $_ (@slice) my $srcport = ''; my $dstport = ''; # If ipv6 uses bridge, the use PHYSIN otherwise use IN - if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} my $timestamp = $1; my $chain = $2; my $packet = $3; $timestamp =~ /(...) (..) (..:..:..)/; my $month = $1; my $day = $2; my $time = $3; # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use IN and OUT - if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ /IN=(\w+)/) { $iface = $1 } - if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ /OUT=(\w+)/) { $out = $1 } + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~ /IN=(\w+)/) { $iface = $1; } + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1; } elsif ($a =~ /OUT=(\w+)/) { $out = $1; } # Extract ipv4 and ipv6 addresses if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi-bin/logs.cgi/showrequestfromip.dat index 3611c19..d7d1ace 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat @@ -303,15 +303,15 @@ foreach $_ (@slice) my $srcport = ''; my $dstport = ''; # If ipv6 uses bridge, the use PHYSIN, otherwise use IN - if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} my $timestamp = $1; my $chain = $2; my $packet = $3; $timestamp =~ /(...) (..) (..:..:..)/; my $month = $1; my $day = $2; my $time = $3; # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT - if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ /IN=(\w+)/) { $iface = $1 } - if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ /OUT=(\w+)/) { $out = $1 } + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~ /IN=(\w+)/) { $iface = $1; } + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1; } elsif ($a =~ /OUT=(\w+)/) { $out = $1; } # Detect ipv4 and ipv6 addresses if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi-bin/logs.cgi/showrequestfromport.dat index d735c7b..6f5f63b 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat @@ -308,15 +308,15 @@ foreach $_ (@slice) my $srcport = ''; my $dstport = ''; # If ipv6 uses bridge, the use PHYSIN, otherwise use IN - if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) {} elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} my $timestamp = $1; my $chain = $2; my $packet = $3; $timestamp =~ /(...) (..) (..:..:..)/; my $month = $1; my $day = $2; my $time = $3; my $iface; # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT - if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ /IN\=(\w+)/) { $iface = $1; } - if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~ /OUT\=(\w+)/) { $out = $1; } + if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ /IN\=(\w+)/) { $iface = $1; } + if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~ /OUT\=(\w+)/) { $out = $1; } # Detect ipv4 and ipv6 addresses if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } -- 1.9.1

1 0

PATCH 3/5] Firewall chain was not extracted correctly when ipv6 uses bridge
by Michael Eitelwein 10 Jan '16

10 Jan '16

Fixing a bug in previous patch. Signed-off-by: Michael Eitelwein <michael(a)eitelwein.net> --- html/cgi-bin/logs.cgi/firewalllog.dat | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat index 42c9612..7ae9be6 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -330,21 +330,21 @@ foreach $_ (@log) { # If ipv6 uses a bridge, PHYSIN= contains the relevant iface information # otherwise use IN= - if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} - elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} + my $packet = ''; + if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) { $packet = $5; } + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) { $packet = $4; } my $day = $1; $day =~ tr / /0/; my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; - my $comment = $3; - my $packet = $4; + my $chain = $3; my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport); - if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1} + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } # Identify whether ipv4 or ipv6. Both are mutally exclusive. - if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1 } - if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1 } - if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1 } - if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1 } + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1; } + if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1; } + if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1; } + if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1; } $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/; $proto=$1 if $packet =~ /PROTO=(\w+)/; $srcport=$1 if $packet =~ /SPT=(\d+)/; @@ -372,7 +372,7 @@ foreach $_ (@log) print <<END <td align='center' $col>$time</td> - <td align='center' $col>$comment</td> + <td align='center' $col>$chain</td> <td align='center' $col>$iface</td> <td align='center' $col>$proto</td> <td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> -- 1.9.1

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development January 2016