This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 183ccaa5a5c95f4cb2b639360f3c1465567577e9 (commit) via 86beff5f75a88cebe62f6d629cce3ae3768e231b (commit) via be56c36b00809e84c1968d1e2848ef5fd3dfcdc9 (commit) via 8b68ed1226c6dd9b352bb157a6a1c5ce7cb7ef82 (commit) from d8bf30563f08007edf8492b1fc55a9c46004014f (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 183ccaa5a5c95f4cb2b639360f3c1465567577e9 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Apr 22 17:47:37 2021 +0200
icmp-types file does not have to be executable
This file does not contain any executable code, hence we should not set its permission to be executable.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 86beff5f75a88cebe62f6d629cce3ae3768e231b Author: Michael Tremer michael.tremer@ipfire.org Date: Tue May 4 15:48:08 2021 +0000
collectd: Use libstatgrab for reading disk stats
Fixes: #12576 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit be56c36b00809e84c1968d1e2848ef5fd3dfcdc9 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue May 4 14:48:59 2021 +0000
core157: Ship getipstat and iptables.cgi and bump guardian
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8b68ed1226c6dd9b352bb157a6a1c5ce7cb7ef82 Author: Robin Roevens robin.roevens@disroot.org Date: Tue Apr 27 22:07:32 2021 +0200
misc-progs: getipstat: Refactor + extend
* Return output of iptables directly instead of writing it to files. * Make iptables wait for 5s if xtables is locked by another iptables process. (--wait 5 argument) * Add optional parameter "-x" to have iptables report exact numbers. * Add optional parameter "-f" to display the filter table (default). * Add optional parameter "-n" to display the nat table. * Add optional parameter "-m" to display the mangle table. * Adapt iptables.cgi and guardian.cgi to catch getipstat output instead of reading temp-files.
Signed-off-by: Robin Roevens robin.roevens@disroot.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/fwhosts/icmp-types | 0 config/rootfiles/core/157/filelists/files | 2 + html/cgi-bin/guardian.cgi | 12 +--- html/cgi-bin/iptables.cgi | 18 ++---- lfs/collectd | 1 + lfs/guardian | 2 +- src/misc-progs/getipstat.c | 67 +++++++++++++++++++--- src/patches/collectd-4.10-disk-plugin-fields.patch | 13 +++++ 8 files changed, 83 insertions(+), 32 deletions(-) mode change 100755 => 100644 config/fwhosts/icmp-types create mode 100644 src/patches/collectd-4.10-disk-plugin-fields.patch
Difference in files: diff --git a/config/fwhosts/icmp-types b/config/fwhosts/icmp-types old mode 100755 new mode 100644 diff --git a/config/rootfiles/core/157/filelists/files b/config/rootfiles/core/157/filelists/files index 9afab9087..2bad4ad52 100644 --- a/config/rootfiles/core/157/filelists/files +++ b/config/rootfiles/core/157/filelists/files @@ -1,3 +1,5 @@ srv/web/ipfire/cgi-bin/getrrdimage.cgi +srv/web/ipfire/cgi-bin/iptables.cgi srv/web/ipfire/html/themes/ipfire/include/css/style.css +usr/local/bin/getipstat var/ipfire/network-functions.pl diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi index fb16be00e..552c67211 100644 --- a/html/cgi-bin/guardian.cgi +++ b/html/cgi-bin/guardian.cgi @@ -829,12 +829,9 @@ sub GetBlockedHosts() { my @hosts;
# Launch helper to get chains from iptables. - system('/usr/local/bin/getipstat'); + open (FILE, '/usr/local/bin/getipstat | ');
- # Open temporary file which contains the chains and rules. - open (FILE, '/var/tmp/iptables.txt'); - - # Loop through the entire file. + # Loop through the entire output. while (<FILE>) { my $line = $_;
@@ -864,11 +861,6 @@ sub GetBlockedHosts() { # Close filehandle. close(FILE);
- # Remove recently created temporary files of the "getipstat" binary. - system("rm -f /var/tmp/iptables.txt"); - system("rm -f /var/tmp/iptablesmangle.txt"); - system("rm -f /var/tmp/iptablesnat.txt"); - # Convert entries, sort them, write back and store the sorted entries into new array. my @sorted = map { $_->[0] } sort { $a->[1] <=> $b->[1] } diff --git a/html/cgi-bin/iptables.cgi b/html/cgi-bin/iptables.cgi index b52d74fcf..f900562d9 100644 --- a/html/cgi-bin/iptables.cgi +++ b/html/cgi-bin/iptables.cgi @@ -44,8 +44,6 @@ my %cgiparams=();
&Header::getcgihash(%cgiparams);
-system('/usr/local/bin/getipstat'); - &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ipts'}, 1, ''); &Header::openbigbox('100%', 'LEFT'); @@ -84,11 +82,11 @@ print <<END END ;
-# We´ll open the txt files and extract each line, if the line +# We´ll get iptables output and examine each line, if the line # start with an Chain the the name, start- and endline of the # chain is extracted into a hash
- open (FILE, '/var/tmp/iptables.txt'); + open (FILE, '/usr/local/bin/getipstat | '); while (<FILE>){
$iplines[$lines] = $_; @@ -206,11 +204,11 @@ print <<END END ;
-# We´ll open the txt files and extract each line, if the line +# We´ll get iptables output and examine each line, if the line # start with an Chain the the name, start- and endline of the # chain is extracted into a hash
- open (FILE, '/var/tmp/iptablesmangle.txt'); + open (FILE, '/usr/local/bin/getipstat -m | '); while (<FILE>){
$ipmlines[$manlines] = $_; @@ -333,11 +331,11 @@ print <<END END ;
-# We´ll open the txt files and extract each line, if the line +# We´ll get iptables output and examine each line, if the line # start with an Chain the the name, start- and endline of the # chain is extracted into a hash
- open (FILE, '/var/tmp/iptablesnat.txt'); + open (FILE, '/usr/local/bin/getipstat -n | '); while (<FILE>){
$ipnatlines[$natlines] = $_; @@ -433,7 +431,3 @@ print "</table></div><br />"; &Header::closebox(); &Header::closebigbox(); &Header::closepage(); - -system("rm -f /var/tmp/iptables.txt"); -system("rm -f /var/tmp/iptablesmangle.txt"); -system("rm -f /var/tmp/iptablesnat.txt"); diff --git a/lfs/collectd b/lfs/collectd index 36b507868..5e96ddbb3 100644 --- a/lfs/collectd +++ b/lfs/collectd @@ -107,6 +107,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd-4.10.9-xfs-compile-fix.patch cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd-4.10-libiptc-build-fixes.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/collectd-4.10.9-remove-checks-for-SENSORS_API_VERSION-upper-limit.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/collectd-4.10-disk-plugin-fields.patch cd $(DIR_APP) && autoupdate -v configure.in cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi diff --git a/lfs/guardian b/lfs/guardian index ecc8fd24e..1d9a2f292 100644 --- a/lfs/guardian +++ b/lfs/guardian @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP)
PROG = guardian -PAK_VER = 22 +PAK_VER = 23
DEPS = perl-inotify2 perl-Net-IP
diff --git a/src/misc-progs/getipstat.c b/src/misc-progs/getipstat.c index c806d54a9..99d053bbf 100644 --- a/src/misc-progs/getipstat.c +++ b/src/misc-progs/getipstat.c @@ -2,6 +2,15 @@ * * Get the list from IPTABLES -L * + * Optional commandline parameters: + * -x + * instruct iptables to expand numbers + * -f + * display filter table + * -n + * display nat table + * -m + * display mangle table */
#include <stdio.h> @@ -9,20 +18,60 @@ #include <unistd.h> #include <stdlib.h> #include <sys/types.h> -#include <fcntl.h> #include "setuid.h"
- -int main(void) +int main(int argc, char** argv) { + // Set defaults + // first argument has to be "iptables" since execve executes the program pointed to by filename + // but /sbin/iptables is actually a symlink to /sbin/xtables-legacy-multi hence that program is executed + // however without the notion that it was called as "iptables". So we have to pass "iptables" as first + // argument. + char *args[10] = {"iptables", "--list", "--verbose", "--numeric", "--wait", "5", NULL, NULL, NULL, NULL}; + char *usage = "getipstat [-x][-f|-n|-m]"; + unsigned int pcount = 6; + unsigned int table_set = 0; + + int opt; + if (!(initsetuid())) exit(1);
- safe_system("/sbin/iptables -L -v -n > /var/tmp/iptables.txt"); - safe_system("/sbin/iptables -L -v -n -t nat > /var/tmp/iptablesnat.txt"); - safe_system("/sbin/iptables -t mangle -L -v -n > /var/tmp/iptablesmangle.txt"); - safe_system("chown nobody.nobody /var/tmp/iptables.txt /var/tmp/iptablesnat.txt /var/tmp/iptablesmangle.txt"); - - return 0; + // Parse command line arguments + if (argc > 1) { + while ((opt = getopt(argc, argv, "xfnm")) != -1) { + switch(opt) { + case 'x': + args[pcount++] = "--exact"; + break; + case 'f': + table_set++; + break; + case 'n': + if (table_set == 0) { + args[pcount++] = "--table"; + args[pcount++] = "nat"; + } + table_set++; + break; + case 'm': + if (table_set == 0) { + args[pcount++] = "--table"; + args[pcount++] = "mangle"; + } + table_set++; + break; + default: + fprintf(stderr, "\nBad argument given.\n\n%s\n", usage); + exit(1); + } + } + if (table_set > 1) { + fprintf(stderr, "\nArguments -f/-n/-m are mutualy exclusive.\n\n%s\n", usage); + exit(1); + } + } + + return run("/sbin/iptables", args); }
diff --git a/src/patches/collectd-4.10-disk-plugin-fields.patch b/src/patches/collectd-4.10-disk-plugin-fields.patch new file mode 100644 index 000000000..4663d9a99 --- /dev/null +++ b/src/patches/collectd-4.10-disk-plugin-fields.patch @@ -0,0 +1,13 @@ +diff --git a/src/disk.c b/src/disk.c +index 4a78f1bd..c6f9e4bd 100644 +--- a/src/disk.c ++++ b/src/disk.c +@@ -428,7 +428,7 @@ static int disk_read (void) + IOObjectRelease (disk_list); + /* #endif HAVE_IOKIT_IOKITLIB_H */ + +-#elif KERNEL_LINUX ++#elif 0 + FILE *fh; + char buffer[1024]; +
hooks/post-receive -- IPFire 2.x development tree