This function nicely translates the ethernet/settings "CONFIG_TYPE" into a list of available zones. Therefore it should be more accessible!
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de --- config/cfgroot/ids-functions.pl | 39 ++--------------------------- config/cfgroot/network-functions.pl | 36 ++++++++++++++++++++++++++ config/suricata/convert-snort | 3 ++- html/cgi-bin/ids.cgi | 3 ++- 4 files changed, 42 insertions(+), 39 deletions(-)
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d45e1c70a..2fdae4a7a 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -24,6 +24,7 @@ package IDS;
require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/network-functions.pl";
# Location where all config and settings files are stored. our $settingsdir = "${General::swroot}/suricata"; @@ -410,42 +411,6 @@ sub _store_error_message ($) { &set_ownership("$storederrorfile"); }
-# -## Function to get a list of all available network zones. -# -sub get_available_network_zones () { - # Get netsettings. - my %netsettings = (); - &General::readhash("${General::swroot}/ethernet/settings", %netsettings); - - # Obtain the configuration type from the netsettings hash. - my $config_type = $netsettings{'CONFIG_TYPE'}; - - # Hash which contains the conversation from the config mode - # to the existing network interface names. They are stored like - # an array. - # - # Mode "0" red is a modem and green - # Mode "1" red is a netdev and green - # Mode "2" red, green and orange - # Mode "3" red, green and blue - # Mode "4" red, green, blue, orange - my %config_type_to_interfaces = ( - "0" => [ "red", "green" ], - "1" => [ "red", "green" ], - "2" => [ "red", "green", "orange" ], - "3" => [ "red", "green", "blue" ], - "4" => [ "red", "green", "blue", "orange" ] - ); - - # Obtain and dereference the corresponding network interaces based on the read - # network config type. - my @network_zones = @{ $config_type_to_interfaces{$config_type} }; - - # Return them. - return @network_zones; -} - # ## Function to check if the IDS is running. # @@ -613,7 +578,7 @@ sub generate_home_net_file() { &General::readhash("${General::swroot}/ethernet/settings", %netsettings);
# Get available network zones. - my @network_zones = &get_available_network_zones(); + my @network_zones = &Network::get_available_network_zones();
# Temporary array to store network address and prefix of the configured # networks. diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index 3d7f04743..622731f96 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -444,6 +444,42 @@ sub get_mac_by_name($) { return $mac; }
+# +## Function to get a list of all available network zones. +# +sub get_available_network_zones () { + # Get netsettings. + my %netsettings = (); + &General::readhash("${General::swroot}/ethernet/settings", %netsettings); + + # Obtain the configuration type from the netsettings hash. + my $config_type = $netsettings{'CONFIG_TYPE'}; + + # Hash which contains the conversation from the config mode + # to the existing network interface names. They are stored like + # an array. + # + # Mode "0" red is a modem and green + # Mode "1" red is a netdev and green + # Mode "2" red, green and orange + # Mode "3" red, green and blue + # Mode "4" red, green, blue, orange + my %config_type_to_interfaces = ( + "0" => [ "red", "green" ], + "1" => [ "red", "green" ], + "2" => [ "red", "green", "orange" ], + "3" => [ "red", "green", "blue" ], + "4" => [ "red", "green", "blue", "orange" ] + ); + + # Obtain and dereference the corresponding network interaces based on the read + # network config type. + my @network_zones = @{ $config_type_to_interfaces{$config_type} }; + + # Return them. + return @network_zones; +} + 1;
# Remove the next line to enable the testsuite diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort index 3e938137e..7d75233b4 100644 --- a/config/suricata/convert-snort +++ b/config/suricata/convert-snort @@ -23,6 +23,7 @@ use strict;
require '/var/ipfire/general-functions.pl'; require "${General::swroot}/ids-functions.pl"; +require "${General::swroot}/network-functions.pl";
# Snort settings file, which contains the settings from the WUI. my $snort_settings_file = "${General::swroot}/snort/settings"; @@ -129,7 +130,7 @@ my %rulessettings = ( );
# Get all available network zones. -my @network_zones = &IDS::get_available_network_zones(); +my @network_zones = &Network::get_available_network_zones();
# Read-in snort settings file. &General::readhash("$snort_settings_file", %snortsettings); diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index bc31a341f..83d5f52ba 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -29,6 +29,7 @@ require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "${General::swroot}/ids-functions.pl"; +require "${General::swroot}/network-functions.pl";
my %color = (); my %mainsettings = (); @@ -47,7 +48,7 @@ my %ignored=();
# Get the available network zones, based on the config type of the system and store # the list of zones in an array. -my @network_zones = &IDS::get_available_network_zones(); +my @network_zones = &Network::get_available_network_zones();
# Check if openvpn is started and add it to the array of network zones. if ( -e "/var/run/openvpn.pid") {
Cache ethernet configuration in public variable "ethernet_settings", add functions to simplify working with the network configuration.
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de --- config/cfgroot/network-functions.pl | 40 +++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 5 deletions(-)
diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index 622731f96..7bd6466e0 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -27,6 +27,14 @@ require "/var/ipfire/general-functions.pl";
use Socket;
+# System ethernet configuration +our %ethernet_settings = (); +&General::readhash("${General::swroot}/ethernet/settings", %ethernet_settings); + +# List of all possible network zones that can be configured +our @known_network_zones = ("red", "green", "orange", "blue"); + +# IPv4 netmask CIDR to dotted decimal notation conversion table my %PREFIX2NETMASK = ( 32 => "255.255.255.255", 31 => "255.255.255.254", @@ -448,12 +456,8 @@ sub get_mac_by_name($) { ## Function to get a list of all available network zones. # sub get_available_network_zones () { - # Get netsettings. - my %netsettings = (); - &General::readhash("${General::swroot}/ethernet/settings", %netsettings); - # Obtain the configuration type from the netsettings hash. - my $config_type = $netsettings{'CONFIG_TYPE'}; + my $config_type = $ethernet_settings{'CONFIG_TYPE'};
# Hash which contains the conversation from the config mode # to the existing network interface names. They are stored like @@ -480,6 +484,32 @@ sub get_available_network_zones () { return @network_zones; }
+# +## Function to check if a network zone is available in the current configuration +# +sub is_zone_available() { + my $zone = lc shift; + + # Make sure the zone is valid + die("Unknown network zone '$zone'") unless ($zone ~~ @known_network_zones); + + # Get available zones and return result + my @available_zones = get_available_network_zones(); + return ($zone ~~ @available_zones); +} + +# +## Function to determine if the RED zone is in standard IP (or modem, PPP, VDSL, ...) mode +# +sub is_red_mode_ip() { + # Obtain the settings from the netsettings hash + my $config_type = $ethernet_settings{'CONFIG_TYPE'}; + my $red_type = $ethernet_settings{'RED_TYPE'}; + + # RED must be a network device (configuration 1-4) with dynamic or static IP + return (($config_type ~~ [1..4]) && ($red_type ~~ ["DHCP", "STATIC"])); +} + 1;
# Remove the next line to enable the testsuite
Hey Leo,
Thank you very much for working on this.
This is an outstanding patch showing us how messy some of the code has become.
I have merged it and I am looking forward to more to get a much cleaner code base.
Best, -Michael
On 17 Jan 2021, at 14:20, Leo-Andres Hofmann hofmann@leo-andres.de wrote:
This function nicely translates the ethernet/settings "CONFIG_TYPE" into a list of available zones. Therefore it should be more accessible!
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de
config/cfgroot/ids-functions.pl | 39 ++--------------------------- config/cfgroot/network-functions.pl | 36 ++++++++++++++++++++++++++ config/suricata/convert-snort | 3 ++- html/cgi-bin/ids.cgi | 3 ++- 4 files changed, 42 insertions(+), 39 deletions(-)
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d45e1c70a..2fdae4a7a 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -24,6 +24,7 @@ package IDS;
require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/network-functions.pl";
# Location where all config and settings files are stored. our $settingsdir = "${General::swroot}/suricata"; @@ -410,42 +411,6 @@ sub _store_error_message ($) { &set_ownership("$storederrorfile"); }
-# -## Function to get a list of all available network zones. -# -sub get_available_network_zones () {
- # Get netsettings.
- my %netsettings = ();
- &General::readhash("${General::swroot}/ethernet/settings", %netsettings);
- # Obtain the configuration type from the netsettings hash.
- my $config_type = $netsettings{'CONFIG_TYPE'};
- # Hash which contains the conversation from the config mode
- # to the existing network interface names. They are stored like
- # an array.
- #
- # Mode "0" red is a modem and green
- # Mode "1" red is a netdev and green
- # Mode "2" red, green and orange
- # Mode "3" red, green and blue
- # Mode "4" red, green, blue, orange
- my %config_type_to_interfaces = (
"0" => [ "red", "green" ],"1" => [ "red", "green" ],"2" => [ "red", "green", "orange" ],"3" => [ "red", "green", "blue" ],"4" => [ "red", "green", "blue", "orange" ]- );
- # Obtain and dereference the corresponding network interaces based on the read
- # network config type.
- my @network_zones = @{ $config_type_to_interfaces{$config_type} };
- # Return them.
- return @network_zones;
-}
# ## Function to check if the IDS is running. # @@ -613,7 +578,7 @@ sub generate_home_net_file() { &General::readhash("${General::swroot}/ethernet/settings", %netsettings);
# Get available network zones.
- my @network_zones = &get_available_network_zones();
my @network_zones = &Network::get_available_network_zones();
# Temporary array to store network address and prefix of the configured # networks.
diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index 3d7f04743..622731f96 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -444,6 +444,42 @@ sub get_mac_by_name($) { return $mac; }
+# +## Function to get a list of all available network zones. +# +sub get_available_network_zones () {
- # Get netsettings.
- my %netsettings = ();
- &General::readhash("${General::swroot}/ethernet/settings", %netsettings);
- # Obtain the configuration type from the netsettings hash.
- my $config_type = $netsettings{'CONFIG_TYPE'};
- # Hash which contains the conversation from the config mode
- # to the existing network interface names. They are stored like
- # an array.
- #
- # Mode "0" red is a modem and green
- # Mode "1" red is a netdev and green
- # Mode "2" red, green and orange
- # Mode "3" red, green and blue
- # Mode "4" red, green, blue, orange
- my %config_type_to_interfaces = (
"0" => [ "red", "green" ],"1" => [ "red", "green" ],"2" => [ "red", "green", "orange" ],"3" => [ "red", "green", "blue" ],"4" => [ "red", "green", "blue", "orange" ]- );
- # Obtain and dereference the corresponding network interaces based on the read
- # network config type.
- my @network_zones = @{ $config_type_to_interfaces{$config_type} };
- # Return them.
- return @network_zones;
+}
1;
# Remove the next line to enable the testsuite diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort index 3e938137e..7d75233b4 100644 --- a/config/suricata/convert-snort +++ b/config/suricata/convert-snort @@ -23,6 +23,7 @@ use strict;
require '/var/ipfire/general-functions.pl'; require "${General::swroot}/ids-functions.pl"; +require "${General::swroot}/network-functions.pl";
# Snort settings file, which contains the settings from the WUI. my $snort_settings_file = "${General::swroot}/snort/settings"; @@ -129,7 +130,7 @@ my %rulessettings = ( );
# Get all available network zones. -my @network_zones = &IDS::get_available_network_zones(); +my @network_zones = &Network::get_available_network_zones();
# Read-in snort settings file. &General::readhash("$snort_settings_file", %snortsettings); diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index bc31a341f..83d5f52ba 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -29,6 +29,7 @@ require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "${General::swroot}/ids-functions.pl"; +require "${General::swroot}/network-functions.pl";
my %color = (); my %mainsettings = (); @@ -47,7 +48,7 @@ my %ignored=();
# Get the available network zones, based on the config type of the system and store # the list of zones in an array. -my @network_zones = &IDS::get_available_network_zones(); +my @network_zones = &Network::get_available_network_zones();
# Check if openvpn is started and add it to the array of network zones. if ( -e "/var/run/openvpn.pid") { -- 2.27.0.windows.1
-
Leo-Andres Hofmann -
Michael Tremer