Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/cfgroot/geoip-functions.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/cfgroot/geoip-functions.pl b/config/cfgroot/geoip-functions.pl index fc2dfdd34..623169eaf 100644 --- a/config/cfgroot/geoip-functions.pl +++ b/config/cfgroot/geoip-functions.pl @@ -63,10 +63,10 @@ sub get_flag_icon($) { # the icon for "unknown". my $ccode = "unknown";

- # Redoing all the stuff from abouve for the "unknown" icon. - my $file = join('.', $ccode,$ext); - my $flag_icon = join('/', $flagdir,$file); - my $absolute_path = join('', $webroot,$flag_icon); + # Redoing all the stuff from above for the "unknown" icon. + my $file = join('.', $ccode, $ext); + my $flag_icon = join('/', $flagdir, $file); + my $absolute_path = join('', $webroot, $flag_icon);

# Check if the icon is present. if (-e "$absolute_path") {

Instead of opening the database again for each lookup, we will read it into memory on first use and every lookup after that will be coming from cache.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@link38.eu --- config/cfgroot/geoip-functions.pl | 15 +++++++++++++++ html/cgi-bin/country.cgi | 10 +++++----- html/cgi-bin/logs.cgi/firewalllog.dat | 9 +++------ html/cgi-bin/logs.cgi/firewalllogcountry.dat | 4 +--- html/cgi-bin/logs.cgi/firewalllogip.dat | 7 ++----- html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 5 ++--- 6 files changed, 28 insertions(+), 22 deletions(-)

diff --git a/config/cfgroot/geoip-functions.pl b/config/cfgroot/geoip-functions.pl index 623169eaf..be50d5e14 100644 --- a/config/cfgroot/geoip-functions.pl +++ b/config/cfgroot/geoip-functions.pl @@ -23,8 +23,23 @@

package GeoIP;

+use Geo::IP::PurePerl; use Locale::Codes::Country;

+my $database; + +sub lookup($) { + my $address = shift; + + # Load the database into memory if not already done + if (!$database) { + $database = Geo::IP::PurePerl->new(GEOIP_MEMORY_CACHE); + } + + # Return the name of the country + return $database->country_code_by_name($address); +} + # Function to get the flag icon for a specified country code. sub get_flag_icon($) { my ($input) = @_; diff --git a/html/cgi-bin/country.cgi b/html/cgi-bin/country.cgi index f2ae81300..8df2427a9 100644 --- a/html/cgi-bin/country.cgi +++ b/html/cgi-bin/country.cgi @@ -60,7 +60,7 @@ foreach my $country (@countries) { $lines++;

# Convert country code into upper case. - my $country_uc = uc($country); + $country = uc($country);

# Get flag icon for of the country. my $flag_icon = &GeoIP::get_flag_icon($country); @@ -69,8 +69,8 @@ foreach my $country (@countries) { my $name = &GeoIP::get_full_country_name($country);

if ($lines % 2) { - print "<td $col><a id='$country'><img src='$flag_icon' alt='$country_uc' title='$country_uc'/></a></td>"; - print "<td $col>$country_uc</td>"; + print "<td $col><a id='$country'><img src='$flag_icon' alt='$country' title='$country'/></a></td>"; + print "<td $col>$country</td>"; print "<td $col>$name</td></tr>\n"; } else { $lines2++; @@ -80,8 +80,8 @@ foreach my $country (@countries) { $col="style='background-color:${Header::table1colour};'"; } print "<tr>"; - print "<td $col><a id='$country'><img src='$flag_icon' alt='$country_uc' title='$country_uc'/></a></td>"; - print "<td $col>$country_uc</td>"; + print "<td $col><a id='$country'><img src='$flag_icon' alt='$country' title='$country'/></a></td>"; + print "<td $col>$country</td>"; print "<td $col>$name</td>"; print "<td $col>&nbsp;</td>";

diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat index 5c9722b85..e67a40a9f 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -13,7 +13,6 @@ # use strict;

-use Geo::IP::PurePerl; use Getopt::Std;

# enable only the following on debugging purpose @@ -352,9 +351,7 @@ foreach $_ (@log) $srcport=$1 if $packet =~ /SPT=(\d+)/; $dstport=$1 if $packet =~ /DPT=(\d+)/;

- my $gi = Geo::IP::PurePerl->new(); - my $ccode = $gi->country_code_by_name($srcaddr); - my $fcode = lc($ccode); + my $ccode = &GeoIP::lookup($srcaddr);

my $servi = uc(getservbyport($srcport, lc($proto))); if ($servi ne '' && $srcport < 1024) { @@ -386,10 +383,10 @@ foreach $_ (@log) END ; # Get flag icon for of the country. - my $flag_icon = &GeoIP::get_flag_icon($fcode); + my $flag_icon = &GeoIP::get_flag_icon($ccode);

if ( $flag_icon) { - print "<td align='center' $col><a href='../country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode'></a></td>"; + print "<td align='center' $col><a href='../country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode'></a></td>"; } else { print "<td align='center' $col></td>"; } diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat index f2b6048f7..949f2599d 100644 --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat @@ -11,7 +11,6 @@ # and Michael Tremer (www.ipfire.org)

use strict; -use Geo::IP::PurePerl; use Getopt::Std;

# enable only the following on debugging purpose @@ -287,7 +286,6 @@ print "<p><b>$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines</b></p>"; my $red_interface = &General::get_red_interface(); my $linesjc = 0; my %tabjc; -my $gi = Geo::IP::PurePerl->new();

if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines; }; $lines = 0; @@ -310,7 +308,7 @@ foreach $_ (@log) # Traffic from red if($srcaddr ne '') { # srcaddr is set - my $ccode = $gi->country_code_by_name($srcaddr); + my $ccode = &GeoIP::lookup($srcaddr); if ($ccode eq '') { $ccode = 'unknown'; } diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi-bin/logs.cgi/firewalllogip.dat index 9e366745d..c73d24fd6 100644 --- a/html/cgi-bin/logs.cgi/firewalllogip.dat +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat @@ -11,7 +11,6 @@ # and Michael Tremer (www.ipfire.org)

use strict; -use Geo::IP::PurePerl; use Getopt::Std;

# enable only the following on debugging purpose @@ -436,9 +435,7 @@ for($s=0;$s<$lines;$s++) $col="bgcolor='$color{"color$colorIndex"}'"; print "<tr>";

- my $gi = Geo::IP::PurePerl->new(); - my $ccode = $gi->country_code_by_name($key[$s]); - my $fcode = lc($ccode); + my $ccode = &GeoIP::lookup($key[$s]);

$color++; print "<td align='center' $col><form method='post' action='showrequestfromip.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='ip' value='$key[$s]'> <input type='submit' value='$Lang::tr{'details'}'></form></td>"; @@ -448,7 +445,7 @@ for($s=0;$s<$lines;$s++) my $flag_icon = &GeoIP::get_flag_icon($ccode);

if ( $flag_icon ) { - print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode'></a></td>"; + print "<td align='center' $col><a href='/cgi-bin/country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode'></a></td>"; } else { print "<td align='center' $col></td>"; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat index b6383ed59..605873ac0 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat @@ -13,9 +13,9 @@ #use CGI::Carp 'fatalsToBrowser';

#use strict; -use Geo::IP::PurePerl;

require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/geoip-functions.pl"; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl";

@@ -152,7 +152,6 @@ if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { my $lines = 0; my @log=(); my $country = $cgiparams{country}; -my $gi = Geo::IP::PurePerl->new();

if (!$skip) { @@ -179,7 +178,7 @@ if (!$skip) } elsif($srcaddr ne '') { # or srcaddr matches country code - my $ccode = $gi->country_code_by_name($srcaddr); + my $ccode = &GeoIP::lookup($srcaddr); if($ccode eq uc($country)){ $log[$lines] = $_; $lines++;

Hi,

I just posted a patch that does this.

Please have a look at it.

Best, -Michael

On Wed, 2017-11-08 at 22:52 +0100, Peter Müller wrote:

Hello Michael,

...

Basically this patch looks simple and good to me.

Thanks, finally. :-)

...

But since we are using the perl module quite a bit, could we not put those few lines into a function so that if we need to change anything we do that everywhere at once?

And secondly, I have some systems that have thousands of open connections very often to the same IP addresses. Could we not add a caching layer so that this isn't being looked up multiple times for the same IP address if that is an expensive operation?

Could you (or somebody else) do this, please? I am afraid this is one step to far for me at the moment.

Thanks and best regards, Peter Müller

...

-Michael

On Tue, 2017-11-07 at 20:42 +0100, Peter Müller wrote:

...

Display the GeoIP flag for source and destination IP address on the connection tracking table in WebUI.

This could possibly make network or firewall rule debugging easier.

Signed-off-by: Peter Müller peter.mueller@link38.eu

html/cgi-bin/connections.cgi | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)

diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index 96f09012b..06dc74877 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -23,6 +23,7 @@ use strict;

use Net::IPv4Addr qw( :all ); use Switch; +use Geo::IP::PurePerl;

# enable only the following on debugging purpose #use warnings; @@ -31,6 +32,7 @@ use Switch; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +require "${General::swroot}/geoip-functions.pl";

my $colour_multicast = "#A0A0A0";

@@ -372,6 +374,7 @@ print <<END; <a href="?sort_field=5&amp;sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> <a href="?sort_field=5&amp;sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> </th>

• 	<th>&nbsp;</th>
  <th style='text-align:center' colspan='2'>
  	<a href="?sort_field=1&amp;sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a>
  	<a href="?sort_field=1&amp;sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a>
  

@@ -386,6 +389,7 @@ print <<END; <a href="?sort_field=4&amp;sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> <a href="?sort_field=4&amp;sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> </th>

• 	<th>&nbsp;</th>
  <th style='text-align:center'>
  	<a href="?sort_field=8&amp;sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a>
  	<a href="?sort_field=8&amp;sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a>
  

@@ -409,10 +413,16 @@ print <<END; <th style='text-align:center' colspan='2'> $Lang::tr{'source ip and port'} </th>

• 	<th style='text-align:center'>
  

• 		$Lang::tr{'country'}
  

• 	</th>
  <th style='text-align:center' colspan='2'>
  	$Lang::tr{'dest ip and port'}
  </th>
  <th style='text-align:center'>
  

• 		$Lang::tr{'country'}
  

• 	</th>
  

• 	<th style='text-align:center'>
  	$Lang::tr{'download'} /
  	<br>$Lang::tr{'upload'}
  </th>
  

@@ -540,6 +550,16 @@ foreach my $line (@conntrack) { my $bytes_in = format_bytes($bytes[0]); my $bytes_out = format_bytes($bytes[1]);

• my $gi1 = Geo::IP::PurePerl->new();
• my $ccode1 = $gi1->country_code_by_name($sip_ret);
• my $fcode1 = lc($ccode1);
• my $flag_icon1 = &GeoIP::get_flag_icon($fcode1);
• my $gi2 = Geo::IP::PurePerl->new();
• my $ccode2 = $gi2->country_code_by_name($dip_ret);
• my $fcode2 = lc($ccode2);
• my $flag_icon2 = &GeoIP::get_flag_icon($fcode2);
• # Format TTL $ttl = format_time($ttl);

@@ -601,6 +621,9 @@ foreach my $line (@conntrack) { </a> $sport_extra </td>

• <td style='text-align:center; background-color:$sip_colour;'>
  

• 	<a href='country.cgi#$fcode1'><img src='$flag_icon1' border='0' align='absmiddle' title='$ccode1'></a>
  

• </td>
  

  <td style='text-align:center; background-color:$dip_colour;'> <a href='/cgi-bin/ipinfo.cgi?ip=$dip'> <span style='color:#FFFFFF;'>$dip</span>

@@ -613,6 +636,9 @@ foreach my $line (@conntrack) { </a> $dport_extra </td>

• <td style='text-align:center; background-color:$dip_colour;'>
  

• 	<a href='country.cgi#$fcode2'><img src='$flag_icon2' border='0' align='absmiddle' title='$ccode2'></a>
  

• </td>
  

  <td style='text-align:center'> $bytes_in / $bytes_out </td>

Hi,

I think that still makes sense since we have very short-running scripts here and the database uses 1.1 MB of space on disk. So lets assume we have a lot of overhead when we load it into memory, it might be up to 2MB which is totally fine with me.

Can you send an email with a Reviewed-by or Tested-by tag? Which ever is suitable for what you did.

-Michael

On Sat, 2017-11-11 at 21:30 +0100, Peter Müller wrote:

Hello Michael,

the patches look good.

Thanks for working on this.

However, I think for simple sites such as the DNS server list or ipinfo.cgi, where we have only 1 or 2 queries, we do not need to load the complete database to RAM.

Best regards, Peter Müller

...

Hi,

I just posted a patch that does this.

Please have a look at it.

Best, -Michael

On Wed, 2017-11-08 at 22:52 +0100, Peter Müller wrote:

...

Hello Michael,

...

Basically this patch looks simple and good to me.

Thanks, finally. :-)

...

But since we are using the perl module quite a bit, could we not put those few lines into a function so that if we need to change anything we do that everywhere at once?

And secondly, I have some systems that have thousands of open connections very often to the same IP addresses. Could we not add a caching layer so that this isn't being looked up multiple times for the same IP address if that is an expensive operation?

Could you (or somebody else) do this, please? I am afraid this is one step to far for me at the moment.

Thanks and best regards, Peter Müller

...

-Michael

On Tue, 2017-11-07 at 20:42 +0100, Peter Müller wrote:

...

Display the GeoIP flag for source and destination IP address on the connection tracking table in WebUI.

This could possibly make network or firewall rule debugging easier.

Signed-off-by: Peter Müller peter.mueller@link38.eu

html/cgi-bin/connections.cgi | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)

diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index 96f09012b..06dc74877 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -23,6 +23,7 @@ use strict;

use Net::IPv4Addr qw( :all ); use Switch; +use Geo::IP::PurePerl;

# enable only the following on debugging purpose #use warnings; @@ -31,6 +32,7 @@ use Switch; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +require "${General::swroot}/geoip-functions.pl";

my $colour_multicast = "#A0A0A0";

@@ -372,6 +374,7 @@ print <<END; <a href="?sort_field=5&amp;sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> <a href="?sort_field=5&amp;sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> </th>

• 	<th>&nbsp;</th>
  <th style='text-align:center' colspan='2'>
  	<a href="?sort_field=1&amp;sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a>
  	<a href="?sort_field=1&amp;sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a>
  

@@ -386,6 +389,7 @@ print <<END; <a href="?sort_field=4&amp;sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> <a href="?sort_field=4&amp;sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> </th>

• 	<th>&nbsp;</th>
  <th style='text-align:center'>
  	<a href="?sort_field=8&amp;sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a>
  	<a href="?sort_field=8&amp;sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a>
  

@@ -409,10 +413,16 @@ print <<END; <th style='text-align:center' colspan='2'> $Lang::tr{'source ip and port'} </th>

• 	<th style='text-align:center'>
  

• 		$Lang::tr{'country'}
  

• 	</th>
  <th style='text-align:center' colspan='2'>
  	$Lang::tr{'dest ip and port'}
  </th>
  <th style='text-align:center'>
  

• 		$Lang::tr{'country'}
  

• 	</th>
  

• 	<th style='text-align:center'>
  	$Lang::tr{'download'} /
  	<br>$Lang::tr{'upload'}
  </th>
  

@@ -540,6 +550,16 @@ foreach my $line (@conntrack) { my $bytes_in = format_bytes($bytes[0]); my $bytes_out = format_bytes($bytes[1]);

• my $gi1 = Geo::IP::PurePerl->new();
• my $ccode1 = $gi1->country_code_by_name($sip_ret);
• my $fcode1 = lc($ccode1);
• my $flag_icon1 = &GeoIP::get_flag_icon($fcode1);
• my $gi2 = Geo::IP::PurePerl->new();
• my $ccode2 = $gi2->country_code_by_name($dip_ret);
• my $fcode2 = lc($ccode2);
• my $flag_icon2 = &GeoIP::get_flag_icon($fcode2);
• # Format TTL $ttl = format_time($ttl);

@@ -601,6 +621,9 @@ foreach my $line (@conntrack) { </a> $sport_extra </td>

• <td style='text-align:center; background-color:$sip_colour;'>
  

• 	<a href='country.cgi#$fcode1'><img src='$flag_icon1' border='0' align='absmiddle' title='$ccode1'></a>
  

• </td>
  

  <td style='text-align:center; background-color:$dip_colour;'> <a href='/cgi-bin/ipinfo.cgi?ip=$dip'> <span style='color:#FFFFFF;'>$dip</span>

@@ -613,6 +636,9 @@ foreach my $line (@conntrack) { </a> $dport_extra </td>

• <td style='text-align:center; background-color:$dip_colour;'>
  

• 	<a href='country.cgi#$fcode2'><img src='$flag_icon2' border='0' align='absmiddle' title='$ccode2'></a>
  

• </td>
  

  <td style='text-align:center'> $bytes_in / $bytes_out </td>