This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via a9129668595a3e9e93ee8ea313fc63b33a455628 (commit) via 4d622b7ebe9f3e049961afb3ad5b6f65a6ef47c7 (commit) via cc41f7a09b45aa41ef2bf94a099728d2e667d46f (commit) via 9c6a0ce12d01e8b2cab28d7061e18f905ae3b38c (commit) via 62206605d7c08d831a706caa4361d9b581e99e43 (commit) via 9064bc724251908b6edb3d0d0a07268dd10cc5f4 (commit) via 4b63a0322dad81b852583f603760006cd3fa408c (commit) via 910f1e8494a0c5bc323feb100a3666ed857fa0d3 (commit) via abd8ff79e6519e6f5bf4c3f7c1abeab1d00cce1a (commit) via b62f3673173c8d970ab683740822598599887655 (commit) via cdfbef5de73400be3648b82ecf88a6fe6370e962 (commit) via be2be8f0d72f13d19d6914d84007bdf7b166cac2 (commit) via 5ae118858924b3ca909f907e9448350cc7089cc0 (commit) via 33d18031fde998ee38d3be2acf1cbe47338f2c90 (commit) via daa75b2f8774096e1c84d5ba9f35395e9e36f9fd (commit) via 4e537e29e97f1129743f73815c4179c6a2b5035a (commit) via 54d4873de09162ea8798b2f43ddff0636add2ea4 (commit) via 5ce0e24ed4d416b316c09953eb5902615cba4e30 (commit) via 2131d81637c50afc3a8a955d550490b31d3c7e3e (commit) via 6fbfe9d7714e29216a7d2fa7cad07e4537d4c035 (commit) via 5abd6d3ea2a1fee8f148f4796e5de8a39734255d (commit) via 001b9d5379c5c3aeb42fcaf605c7bce3ab6a270b (commit) from 8ea513191b0820340cab6b36bb8f6e3efe4db47d (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit a9129668595a3e9e93ee8ea313fc63b33a455628 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 6 10:15:00 2021 +0000
core156: Ship and reload sysctl.conf
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4d622b7ebe9f3e049961afb3ad5b6f65a6ef47c7 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 6 10:13:38 2021 +0000
sysctl.conf: prevent autoloading of TTY line disciplines
This reverts commit a9d90b1b3f76a76b96a169e91cf3902e4cc0835b.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cc41f7a09b45aa41ef2bf94a099728d2e667d46f Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 6 10:06:46 2021 +0000
core156: Ship even more RRD graph stuff
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9c6a0ce12d01e8b2cab28d7061e18f905ae3b38c Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Thu Apr 1 15:35:16 2021 +0200
rrdimage: Switch graphs.pl to the new graph scripts
"makegraphbox" is modified to remove the old iframe method and output a modern div container instead. Graph errors are now returned, to be displayed by getrrdimage.cgi.
entropy.cgi and netovpnsrv.cgi are modified to ensure compatibility.
Add cache control HTTP header to image output.
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 62206605d7c08d831a706caa4361d9b581e99e43 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 6 10:04:51 2021 +0000
core156: Ship more RRD graph stuff
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9064bc724251908b6edb3d0d0a07268dd10cc5f4 Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Thu Apr 1 15:35:15 2021 +0200
rrdimage: Add CSS and Javascript to ipfire theme
This patch adds styling for the new graph time range buttons and loads the Javascript in the HTML head.
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4b63a0322dad81b852583f603760006cd3fa408c Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 6 10:03:29 2021 +0000
core156: Ship RRD graph stuff
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 910f1e8494a0c5bc323feb100a3666ed857fa0d3 Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Thu Apr 1 15:35:14 2021 +0200
rrdimage: Add scripts for new graph display method
This patch adds two scripts which will later be used to display graphs:
-> getrrdimage.cgi: Generates PNG images for graphs. Until now, each CGI with embedded graphs had to be able to output images. These functions are now gathered in this new script. The additional parameter handling can be removed and the CGIs can be simplified. This makes it easier to use and output the graphs.
-> rrdimage.js: Interactive Javascript functions This allows the user to select time ranges without reloading the page. In addition, the graphs are now periodically updated, allowing users to live monitor the data.
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit abd8ff79e6519e6f5bf4c3f7c1abeab1d00cce1a Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 6 09:58:50 2021 +0000
core156: Ship nettle
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b62f3673173c8d970ab683740822598599887655 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 6 09:57:28 2021 +0000
core156: Ship ids.dat
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cdfbef5de73400be3648b82ecf88a6fe6370e962 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 15:42:48 2021 +0200
logs.cgi/ids.dat: Change url to sid documentation site.
Fixes #12596.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit be2be8f0d72f13d19d6914d84007bdf7b166cac2 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 6 09:56:59 2021 +0000
core156: Ship showrequestfromcountry.dat
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5ae118858924b3ca909f907e9448350cc7089cc0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 15:36:12 2021 +0200
logs.cgi/showrequestfromcountry.dat: Proper lookup country code.
Seems to be a code fragment has been left while switching to libloc. Now call the right function from location-functions.pl.
Fixes #12599.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 33d18031fde998ee38d3be2acf1cbe47338f2c90 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Apr 5 14:28:00 2021 +0200
Fix typo in 'de.pl'
Triggered by: https://community.ipfire.org/t/where-can-i-place-a-ticket-with-an-error-in-t...
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit daa75b2f8774096e1c84d5ba9f35395e9e36f9fd Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Apr 4 10:30:47 2021 +0200
nettle: Update to 3.7.2
For details see: https://lists.gnu.org/archive/html/info-gnu/2021-03/msg00005.html
"This is a bugfix release, fixing a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results. It also fixes a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger.
Upgrading to the new version is strongly recommended."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4e537e29e97f1129743f73815c4179c6a2b5035a Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Apr 3 18:27:13 2021 +0200
tcpdump: Update to 4.99.0
For details see: https://www.tcpdump.org/tcpdump-changes.txt
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 54d4873de09162ea8798b2f43ddff0636add2ea4 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 6 09:55:21 2021 +0000
core156: Ship libpcap
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5ce0e24ed4d416b316c09953eb5902615cba4e30 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Apr 3 18:25:50 2021 +0200
libpcap: Update to 1.10.0
For details see: https://www.tcpdump.org/libpcap-changes.txt
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2131d81637c50afc3a8a955d550490b31d3c7e3e Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 6 09:54:29 2021 +0000
core156: Ship libcap
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6fbfe9d7714e29216a7d2fa7cad07e4537d4c035 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Apr 3 18:23:24 2021 +0200
libcap: Update to 2.49
For details see: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5abd6d3ea2a1fee8f148f4796e5de8a39734255d Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Apr 3 18:21:41 2021 +0200
poppler 0.89.0: Update for lfs
'cmake 3.20' complained about an "unknown option".
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 001b9d5379c5c3aeb42fcaf605c7bce3ab6a270b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Apr 3 18:18:38 2021 +0200
cmake: Update to 3.20
For details see: https://cmake.org/cmake/help/v3.20/release/3.20.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/graphs.pl | 96 ++++---- config/etc/sysctl.conf | 4 + config/rootfiles/common/libcap | 42 +++- config/rootfiles/common/libpcap | 3 +- config/rootfiles/common/nettle | 4 +- config/rootfiles/common/web-user-interface | 2 + config/rootfiles/core/156/filelists/files | 9 + .../{oldcore/104 => core/156}/filelists/libcap | 0 .../{oldcore/109 => core/156}/filelists/libpcap | 0 .../{oldcore/101 => core/156}/filelists/nettle | 0 config/rootfiles/core/156/update.sh | 3 + html/cgi-bin/entropy.cgi | 2 +- html/cgi-bin/getrrdimage.cgi | 245 +++++++++++++++++++++ html/cgi-bin/logs.cgi/ids.dat | 2 +- html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 2 +- html/cgi-bin/netovpnsrv.cgi | 2 +- html/html/include/rrdimage.js | 122 ++++++++++ html/html/themes/ipfire/include/css/style.css | 37 +++- html/html/themes/ipfire/include/functions.pl | 1 + langs/de/cgi-bin/de.pl | 2 +- lfs/cmake | 6 +- lfs/libcap | 6 +- lfs/libpcap | 6 +- lfs/nettle | 4 +- lfs/poppler | 2 +- lfs/tcpdump | 9 +- 26 files changed, 542 insertions(+), 69 deletions(-) copy config/rootfiles/{oldcore/104 => core/156}/filelists/libcap (100%) copy config/rootfiles/{oldcore/109 => core/156}/filelists/libpcap (100%) copy config/rootfiles/{oldcore/101 => core/156}/filelists/nettle (100%) create mode 100644 html/cgi-bin/getrrdimage.cgi create mode 100644 html/html/include/rrdimage.js
Difference in files: diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index e4c3613fb..cf4a30de3 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -24,11 +24,18 @@ package Graphs;
use strict; use RRDs; +use experimental 'smartmatch';
require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl";
+# Graph image size in pixel +our %image_size = ('width' => 910, 'height' => 300); + +# List of all available time ranges +our @time_ranges = ("hour", "day", "week", "month", "year"); + my $ERROR;
my @GRAPH_ARGS = ( @@ -48,8 +55,8 @@ my @GRAPH_ARGS = ( "-W www.ipfire.org",
# Default size - "-w 910", - "-h 300", + "-w $image_size{'width'}", + "-h $image_size{'height'}",
# Use alternative grid "--alt-y-grid", @@ -93,26 +100,35 @@ foreach (@sensorsdir){ &General::readhash("${General::swroot}/sensors/settings", %sensorsettings);
# Generate a nice box for selection of time range in graphs -# this will generate a nice iframe for the cgi every klick for -# the graph will be handled inside the iframe +# this will generate a nice div box for the cgi every klick for +# the graph will be handled by javascript # 0 is the cgi refering to # 1 is the graph name -# 2 is the time range for the graph -# 3 if given is the height of the iframe default if nothing is given +# 2 is the time range for the graph (optional)
sub makegraphbox { - print "<center>"; - print "<a href='".$_[0]."?".$_[1]."?hour' target='".$_[1]."box'><b>".$Lang::tr{'hour'}."</b></a>"; - print " - "; - print "<a href='".$_[0]."?".$_[1]."?day' target='".$_[1]."box'><b>".$Lang::tr{'day'}."</b></a>"; - print " - "; - print "<a href='".$_[0]."?".$_[1]."?week' target='".$_[1]."box'><b>".$Lang::tr{'week'}."</b></a>"; - print " - "; - print "<a href='".$_[0]."?".$_[1]."?month' target='".$_[1]."box'><b>".$Lang::tr{'month'}."</b></a>"; - print " - "; - print "<a href='".$_[0]."?".$_[1]."?year' target='".$_[1]."box'><b>".$Lang::tr{'year'}."</b></a>"; - print "<br></center>"; - print "<iframe class='graph' src='".$_[0]."?".$_[1]."?".$_[2]."' scrolling='no' frameborder='no' marginheight='0' name='".$_[1]."box'></iframe>"; + my ($origin, $name, $default_range) = @_; + + # Optional time range: Default to "day" unless otherwise specified + $default_range = "day" unless ($default_range ~~ @time_ranges); + + print <<END; +<div class="rrdimage" id="rrdimg-$name" data-origin="$origin" data-graph="$name" data-default-range="$default_range"> + <ul> +END + + # Print range select buttons + foreach my $range (@time_ranges) { + print <<END; + <li><button data-range="$range" onclick="rrdimage_selectRange(this)">$Lang::tr{$range}</button></li> +END + } + + print <<END; + </ul> + <img src="/cgi-bin/getrrdimage.cgi?origin=${origin}&graph=${name}&range=${default_range}" alt="$Lang::tr{'graph'} ($name)"> +</div> +END }
# Generate the CPU Graph for the current period of time for values given by @@ -242,7 +258,7 @@ sub updatecpugraph {
RRDs::graph (@command); $ERROR = RRDs::error; - print "Error in RRD::graph for cpu: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for cpu: ".$ERROR."\n" if $ERROR; }
# Generate the Load Graph for the current period of time for values given by collecd @@ -274,7 +290,7 @@ sub updateloadgraph { "LINE1:load1".$color{"color18"}, ); $ERROR = RRDs::error; - print "Error in RRD::graph for load: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for load: ".$ERROR."\n" if $ERROR; }
# Generate the Memory Graph for the current period of time for values given by collecd @@ -330,7 +346,7 @@ sub updatememorygraph { "GPRINT:freepct:LAST:%3.2lf%%\j", ); $ERROR = RRDs::error; - print "Error in RRD::graph for memory: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for memory: ".$ERROR."\n" if $ERROR; }
# Generate the Swap Graph for the current period of time for values given by collecd @@ -379,7 +395,7 @@ sub updateswapgraph { "GPRINT:freepct:LAST:%3.2lf%%\j", ); $ERROR = RRDs::error; - print "Error in RRD::graph for memory: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for memory: ".$ERROR."\n" if $ERROR; }
# Generate the Process Cpu Graph for the current period of time for values given by collecd @@ -426,7 +442,7 @@ sub updateprocessescpugraph {
RRDs::graph (@command); $ERROR = RRDs::error; - print "Error in RRD::graph for processes: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for processes: ".$ERROR."\n" if $ERROR; }
# Generate the Process Memory Graph for the current period of time for values given by collecd @@ -472,7 +488,7 @@ sub updateprocessesmemorygraph {
RRDs::graph (@command); $ERROR = RRDs::error; - print "Error in RRD::graph for processesmemory: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for processesmemory: ".$ERROR."\n" if $ERROR; }
# Generate the Disk Graph for the current period of time for values given by collecd @@ -516,7 +532,7 @@ sub updatediskgraph { "GPRINT:write:LAST:%8.1lf %sBps\j", ); $ERROR = RRDs::error; - print "Error in RRD::graph for ".$disk.": ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for ".$disk.": ".$ERROR."\n" if $ERROR; }
# Generate the Interface Graph for the current period of time for values given by collecd @@ -555,7 +571,7 @@ sub updateifgraph { "GPRINT:outgoing:LAST:%8.1lf %sBps\j", ); $ERROR = RRDs::error; - print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR; }
sub updatevpngraph { @@ -592,7 +608,7 @@ sub updatevpngraph { "GPRINT:outgoing:LAST:%8.1lf %sBps\j", ); $ERROR = RRDs::error; - print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR; }
sub updatevpnn2ngraph { @@ -655,7 +671,7 @@ sub updatevpnn2ngraph { "GPRINT:compression_out:LAST:%8.1lf %sBps\j", ); $ERROR = RRDs::error; - print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR; }
# Generate the Firewall Graph for the current period of time for values given by collecd @@ -710,7 +726,7 @@ sub updatefwhitsgraph { "GPRINT:portscan:LAST:%8.1lf %sBps\j", ); $ERROR = RRDs::error; - print "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; }
# Generate the Line Quality Graph for the current period of time for values given by collecd @@ -752,7 +768,7 @@ sub updatepinggraph { "GPRINT:roundtrip:LAST:%3.2lf ms\j", ); $ERROR = RRDs::error; - print "Error in RRD::graph for link quality: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for link quality: ".$ERROR."\n" if $ERROR; }
sub updatewirelessgraph { @@ -787,7 +803,7 @@ sub updatewirelessgraph { "GPRINT:power:LAST:%5.1lf %sdBm\j", ); $ERROR = RRDs::error; - print "Error in RRD::graph for wireless: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for wireless: ".$ERROR."\n" if $ERROR; }
# Generate the HDD Temp Graph for the current period of time for values given by collecd and lm_sensors @@ -821,7 +837,7 @@ sub updatehddgraph { "GPRINT:temperature:LAST:%3.0lf °C\j", ); $ERROR = RRDs::error; - print "Error in RRD::graph for hdd-".$disk.": ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for hdd-".$disk.": ".$ERROR."\n" if $ERROR; }
# Generate the Temp Graph for the current period of time for values given by collecd and lm_sensors @@ -869,7 +885,7 @@ sub updatehwtempgraph {
RRDs::graph (@command); $ERROR = RRDs::error; - print "Error in RRD::graph for HDD Temp: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for HDD Temp: ".$ERROR."\n" if $ERROR; }
# Generate the Fan Graph for the current period of time for values given by collecd and lm_sensors @@ -916,7 +932,7 @@ sub updatehwfangraph {
RRDs::graph (@command); $ERROR = RRDs::error; - print "Error in RRD::graph for Fan Speed: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for Fan Speed: ".$ERROR."\n" if $ERROR; }
# Generate the Voltage Graph for the current period of time for values given by collecd and lm_sensors @@ -963,7 +979,7 @@ sub updatehwvoltgraph {
RRDs::graph (@command); $ERROR = RRDs::error; - print "Error in RRD::graph for Voltage: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for Voltage: ".$ERROR."\n" if $ERROR; }
@@ -1045,7 +1061,7 @@ sub updateqosgraph { } RRDs::graph (@command); $ERROR = RRDs::error; - print "Error in RRD::graph for qos device ".$qossettings{'DEV'}.": ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for qos device ".$qossettings{'DEV'}.": ".$ERROR."\n" if $ERROR; }
# Generate the CPU Frequency Graph for the current period of time for values given by collectd an lm_sensors @@ -1084,7 +1100,7 @@ sub updatecpufreqgraph {
RRDs::graph (@command); $ERROR = RRDs::error; - print "Error in RRD::graph for cpu freq: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for cpu freq: ".$ERROR."\n" if $ERROR; }
# Generate the Thermal Zone Temp CPU Graph @@ -1123,7 +1139,7 @@ sub updatethermaltempgraph {
RRDs::graph (@command); $ERROR = RRDs::error; - print "Error in RRD::graph for thermal temp: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for thermal temp: ".$ERROR."\n" if $ERROR; }
@@ -1168,7 +1184,7 @@ sub updateentropygraph { RRDs::graph (@command); $ERROR = RRDs::error;
- print "Error in RRD::graph for entropy: ".$ERROR."\n" if $ERROR; + return "Error in RRD::graph for entropy: ".$ERROR."\n" if $ERROR; }
sub updateconntrackgraph { @@ -1196,5 +1212,5 @@ sub updateconntrackgraph { RRDs::graph(@command); $ERROR = RRDs::error;
- print STDERR "Error in RRD::Graph for conntrack: " . $ERROR . "\n" if $ERROR; + return "Error in RRD::Graph for conntrack: " . $ERROR . "\n" if $ERROR; } diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index c9b4c092a..832ad3d1c 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -39,6 +39,10 @@ net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0
+# Restrict loading TTY line disciplines to CAP_SYS_MODULE to prevent unprivileged attackers +# from loading vulnerable line disciplines with the TIOCSETD ioctl. +dev.tty.ldisc_autoload = 0 + # Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc). kernel.kptr_restrict = 2
diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap index 294eca6d1..be9dc580e 100644 --- a/config/rootfiles/common/libcap +++ b/config/rootfiles/common/libcap @@ -1,15 +1,22 @@ +#lib/libcap.a lib/libcap.so lib/libcap.so.1 lib/libcap.so.2 -lib/libcap.so.2.25 +lib/libcap.so.2.49 +#lib/libpsx.a +#lib/libpsx.so +#lib/libpsx.so.2 +#lib/libpsx.so.2.49 +#lib/pkgconfig/libcap.pc +#lib/pkgconfig/libpsx.pc lib/security/pam_cap.so sbin/capsh sbin/getcap sbin/getpcaps sbin/setcap #usr/include/sys/capability.h +#usr/include/sys/psx_syscall.h usr/lib/libcap.so -#usr/lib/pkgconfig/libcap.pc #usr/share/man/man1/capsh.1 #usr/share/man/man3/cap_clear.3 #usr/share/man/man3/cap_clear_flag.3 @@ -21,22 +28,53 @@ usr/lib/libcap.so #usr/share/man/man3/cap_free.3 #usr/share/man/man3/cap_from_name.3 #usr/share/man/man3/cap_from_text.3 +#usr/share/man/man3/cap_func_launcher.3 #usr/share/man/man3/cap_get_bound.3 #usr/share/man/man3/cap_get_fd.3 #usr/share/man/man3/cap_get_file.3 #usr/share/man/man3/cap_get_flag.3 +#usr/share/man/man3/cap_get_mode.3 #usr/share/man/man3/cap_get_pid.3 #usr/share/man/man3/cap_get_proc.3 +#usr/share/man/man3/cap_get_secbits.3 +#usr/share/man/man3/cap_iab.3 +#usr/share/man/man3/cap_iab_fill.3 +#usr/share/man/man3/cap_iab_from_text.3 +#usr/share/man/man3/cap_iab_get_proc.3 +#usr/share/man/man3/cap_iab_get_vector.3 +#usr/share/man/man3/cap_iab_init.3 +#usr/share/man/man3/cap_iab_set_proc.3 +#usr/share/man/man3/cap_iab_set_vector.3 +#usr/share/man/man3/cap_iab_to_text.3 #usr/share/man/man3/cap_init.3 +#usr/share/man/man3/cap_launch.3 +#usr/share/man/man3/cap_launcher_callback.3 +#usr/share/man/man3/cap_launcher_set_chroot.3 +#usr/share/man/man3/cap_launcher_set_iab.3 +#usr/share/man/man3/cap_launcher_set_mode.3 +#usr/share/man/man3/cap_launcher_setgroups.3 +#usr/share/man/man3/cap_launcher_setuid.3 +#usr/share/man/man3/cap_mode.3 +#usr/share/man/man3/cap_mode_name.3 +#usr/share/man/man3/cap_new_launcher.3 #usr/share/man/man3/cap_set_fd.3 #usr/share/man/man3/cap_set_file.3 #usr/share/man/man3/cap_set_flag.3 +#usr/share/man/man3/cap_set_mode.3 #usr/share/man/man3/cap_set_proc.3 +#usr/share/man/man3/cap_set_secbits.3 +#usr/share/man/man3/cap_setgroups.3 +#usr/share/man/man3/cap_setuid.3 #usr/share/man/man3/cap_size.3 #usr/share/man/man3/cap_to_name.3 #usr/share/man/man3/cap_to_text.3 #usr/share/man/man3/capgetp.3 #usr/share/man/man3/capsetp.3 #usr/share/man/man3/libcap.3 +#usr/share/man/man3/libpsx.3 +#usr/share/man/man3/psx_syscall.3 +#usr/share/man/man3/psx_syscall3.3 +#usr/share/man/man3/psx_syscall6.3 #usr/share/man/man8/getcap.8 +#usr/share/man/man8/getpcaps.8 #usr/share/man/man8/setcap.8 diff --git a/config/rootfiles/common/libpcap b/config/rootfiles/common/libpcap index 868f870fa..c97b9e8c0 100644 --- a/config/rootfiles/common/libpcap +++ b/config/rootfiles/common/libpcap @@ -21,7 +21,7 @@ #usr/lib/libpcap.a usr/lib/libpcap.so usr/lib/libpcap.so.1 -usr/lib/libpcap.so.1.9.1 +usr/lib/libpcap.so.1.10.0 #usr/lib/pkgconfig/libpcap.pc #usr/share/man/man1/pcap-config.1 #usr/share/man/man3/pcap.3pcap @@ -58,6 +58,7 @@ usr/lib/libpcap.so.1.9.1 #usr/share/man/man3/pcap_get_tstamp_precision.3pcap #usr/share/man/man3/pcap_geterr.3pcap #usr/share/man/man3/pcap_getnonblock.3pcap +#usr/share/man/man3/pcap_init.3pcap #usr/share/man/man3/pcap_inject.3pcap #usr/share/man/man3/pcap_is_swapped.3pcap #usr/share/man/man3/pcap_lib_version.3pcap diff --git a/config/rootfiles/common/nettle b/config/rootfiles/common/nettle index bf43e8ad5..591e860c2 100644 --- a/config/rootfiles/common/nettle +++ b/config/rootfiles/common/nettle @@ -72,9 +72,9 @@ #usr/include/nettle/yarrow.h usr/lib/libhogweed.so usr/lib/libhogweed.so.6 -usr/lib/libhogweed.so.6.2 +usr/lib/libhogweed.so.6.3 #usr/lib/libnettle.so usr/lib/libnettle.so.8 -usr/lib/libnettle.so.8.2 +usr/lib/libnettle.so.8.3 #usr/lib/pkgconfig/hogweed.pc #usr/lib/pkgconfig/nettle.pc diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index 540bf1e4b..23e9f3e5e 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -20,6 +20,7 @@ srv/web/ipfire/cgi-bin/extrahd.cgi srv/web/ipfire/cgi-bin/fireinfo.cgi srv/web/ipfire/cgi-bin/firewall.cgi srv/web/ipfire/cgi-bin/fwhosts.cgi +srv/web/ipfire/cgi-bin/getrrdimage.cgi srv/web/ipfire/cgi-bin/gpl.cgi #srv/web/ipfire/cgi-bin/guardian.cgi srv/web/ipfire/cgi-bin/gui.cgi @@ -300,6 +301,7 @@ srv/web/ipfire/html/images/view-refresh.png srv/web/ipfire/html/images/wakeup.gif srv/web/ipfire/html/images/window-new.png srv/web/ipfire/html/include +srv/web/ipfire/html/include/rrdimage.js srv/web/ipfire/html/include/zoneconf.js srv/web/ipfire/html/index.cgi srv/web/ipfire/html/redirect-templates diff --git a/config/rootfiles/core/156/filelists/files b/config/rootfiles/core/156/filelists/files index 0e4082291..085848127 100644 --- a/config/rootfiles/core/156/filelists/files +++ b/config/rootfiles/core/156/filelists/files @@ -1,5 +1,14 @@ etc/rc.d/init.d/suricata +etc/sysctl.conf +srv/web/ipfire/cgi-bin/entropy.cgi srv/web/ipfire/cgi-bin/firewall.cgi +srv/web/ipfire/cgi-bin/getrrdimage.cgi +srv/web/ipfire/cgi-bin/logs.cgi/ids.dat +srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromcountry.dat +srv/web/ipfire/cgi-bin/netovpnsrv.cgi srv/web/ipfire/cgi-bin/zoneconf.cgi +srv/web/ipfire/html/include/rrdimage.js +srv/web/ipfire/html/themes/ipfire/include/style.css +var/ipfire/graphs.pl var/ipfire/header.pl var/ipfire/network-functions.pl diff --git a/config/rootfiles/core/156/filelists/libcap b/config/rootfiles/core/156/filelists/libcap new file mode 120000 index 000000000..ed67d950a --- /dev/null +++ b/config/rootfiles/core/156/filelists/libcap @@ -0,0 +1 @@ +../../../common/libcap \ No newline at end of file diff --git a/config/rootfiles/core/156/filelists/libpcap b/config/rootfiles/core/156/filelists/libpcap new file mode 120000 index 000000000..c7f9f52a8 --- /dev/null +++ b/config/rootfiles/core/156/filelists/libpcap @@ -0,0 +1 @@ +../../../common/libpcap \ No newline at end of file diff --git a/config/rootfiles/core/156/filelists/nettle b/config/rootfiles/core/156/filelists/nettle new file mode 120000 index 000000000..f0dba7ac8 --- /dev/null +++ b/config/rootfiles/core/156/filelists/nettle @@ -0,0 +1 @@ +../../../common/nettle \ No newline at end of file diff --git a/config/rootfiles/core/156/update.sh b/config/rootfiles/core/156/update.sh index 12b1d9ccc..ff84a0703 100644 --- a/config/rootfiles/core/156/update.sh +++ b/config/rootfiles/core/156/update.sh @@ -54,6 +54,9 @@ rm -rfv /usr/lib/perl5/5.30.0 # Filesytem cleanup /usr/local/bin/filesystem-cleanup
+# Reload sysctl.conf +sysctl -p + # Start services telinit u /etc/init.d/suricata restart diff --git a/html/cgi-bin/entropy.cgi b/html/cgi-bin/entropy.cgi index d7a9ca5d8..f8045db5a 100644 --- a/html/cgi-bin/entropy.cgi +++ b/html/cgi-bin/entropy.cgi @@ -45,7 +45,7 @@ if ( $querry[0] ne~ "") { &Header::openbigbox('100%', 'left');
&Header::openbox('100%', 'center', $Lang::tr{'entropy'}); - &Graphs::makegraphbox("entropy.cgi", "day"); + &Graphs::makegraphbox("entropy.cgi", "entropy", "day"); &Header::closebox();
# Check for hardware support. diff --git a/html/cgi-bin/getrrdimage.cgi b/html/cgi-bin/getrrdimage.cgi new file mode 100644 index 000000000..0caefe0ac --- /dev/null +++ b/html/cgi-bin/getrrdimage.cgi @@ -0,0 +1,245 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2005-2021 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +use strict; +use URI; +use GD; +use GD::Text::Wrap; +use experimental 'smartmatch'; + +# debugging +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; +require "${General::swroot}/graphs.pl"; + +# List of graph origins that getrrdimage.cgi can process directly +# (unknown origins are forwarded to ensure compatibility) +my @supported_origins = ("entropy.cgi", "hardwaregraphs.cgi", "media.cgi", + "memory.cgi","netexternal.cgi", "netinternal.cgi", "netother.cgi", + "netovpnrw.cgi", "netovpnsrv.cgi", "qos.cgi", "system.cgi"); + +### Process GET parameters ### +# URL format: /?origin=[graph origin cgi]&graph=[graph name]&range=[time range] +my $uri = URI->new($ENV{'REQUEST_URI'}); +my %query = $uri->query_form; + +my $origin = lc $query{'origin'}; # lower case +my $graph = $query{'graph'}; +my $range = lc $query{'range'}; # lower case + +# Check parameters +unless(($origin =~ /^\w+?.cgi$/) && ($graph =~ /^[\w-]+?$/) && ($range ~~ @Graphs::time_ranges)) { + # Send HTTP headers + _start_png_output(); + + _print_error("URL parameters missing or malformed."); + exit; +} + +# Unsupported graph origin: Redirect request to the CGI specified in the "origin" parameter +# This enables backwards compatibility with addons that use Graphs::makegraphbox to ouput their own graphs +unless($origin ~~ @supported_origins) { + # Rewrite to old URL format: /[graph origin cgi]?[graph name]?[time range] + my $location = "https://$ENV%7B%27SERVER_NAME%27%7D:$ENV%7B%27SERVER_PORT%27%7D/cgi-bin/$%7B..."; + + # Send HTTP redirect + print "Status: 302 Found\n"; + print "Location: $location\n"; + print "Content-type: text/html; charset=UTF-8\n"; + print "\n"; # End of HTTP headers + + print "Unsupported origin, request redirected to '$location'"; + exit; +} + +### Create graphs ### +# Send HTTP headers +_start_png_output(); + +# Graphs are first grouped by their origin. +# This is because some graph categories require special parameter handling. +my $graphstatus = ''; +if($origin eq "entropy.cgi") { ## entropy.cgi + $graphstatus = Graphs::updateentropygraph($range); +# ------ + +} elsif($origin eq "hardwaregraphs.cgi") { ## hardwaregraphs.cgi + if($graph eq "hwtemp") { + $graphstatus = Graphs::updatehwtempgraph($range); + } elsif($graph eq "hwfan") { + $graphstatus = Graphs::updatehwfangraph($range); + } elsif($graph eq "hwvolt") { + $graphstatus = Graphs::updatehwvoltgraph($range); + } elsif($graph eq "thermaltemp") { + $graphstatus = Graphs::updatethermaltempgraph($range); + } elsif($graph =~ "sd?") { + $graphstatus = Graphs::updatehddgraph($graph, $range); + } elsif($graph =~ "nvme?") { + $graphstatus = Graphs::updatehddgraph($graph, $range); + } else { + $graphstatus = "Unknown graph name."; + } +# ------ + +} elsif($origin eq "media.cgi") { ## media.cgi + if ($graph =~ "sd?" || $graph =~ "mmcblk?" || $graph =~ "nvme?n?" || $graph =~ "xvd??" || $graph =~ "vd?" || $graph =~ "md*" ) { + $graphstatus = Graphs::updatediskgraph($graph, $range); + } else { + $graphstatus = "Unknown graph name."; + } +# ------ + +} elsif($origin eq "memory.cgi") { ## memory.cgi + if($graph eq "memory") { + $graphstatus = Graphs::updatememorygraph($range); + } elsif($graph eq "swap") { + $graphstatus = Graphs::updateswapgraph($range); + } else { + $graphstatus = "Unknown graph name."; + } +# ------ + +} elsif($origin eq "netexternal.cgi") { ## netexternal.cgi + $graphstatus = Graphs::updateifgraph($graph, $range); +# ------ + +} elsif($origin eq "netinternal.cgi") { ## netinternal.cgi + if ($graph =~ /wireless/){ + $graph =~ s/wireless//g; + $graphstatus = Graphs::updatewirelessgraph($graph, $range); + } else { + $graphstatus = Graphs::updateifgraph($graph, $range); + } +# ------ + +} elsif($origin eq "netother.cgi") { ## netother.cgi + if($graph eq "conntrack") { + $graphstatus = Graphs::updateconntrackgraph($range); + } elsif($graph eq "fwhits") { + $graphstatus = Graphs::updatefwhitsgraph($range); + } else { + $graphstatus = Graphs::updatepinggraph($graph, $range); + } +# ------ + +} elsif($origin eq "netovpnrw.cgi") { ## netovpnrw.cgi + if($graph ne "UNDEF") { + $graphstatus = Graphs::updatevpngraph($graph, $range); + } else { + $graphstatus = "Unknown graph name."; + } +# ------ + +} elsif($origin eq "netovpnsrv.cgi") { ## netovpnsrv.cgi + if ($graph =~ /ipsec-/){ + $graph =~ s/ipsec-//g; + $graphstatus = Graphs::updateifgraph($graph, $range); + } else { + $graphstatus = Graphs::updatevpnn2ngraph($graph, $range); + } +# ------ + +} elsif($origin eq "qos.cgi") { ## qos.cgi + $graphstatus = Graphs::updateqosgraph($graph, $range); +# ------ + +} elsif($origin eq "services.cgi") { ## services.cgi + if($graph eq "processescpu") { + $graphstatus = Graphs::updateprocessescpugraph($range); + } elsif($graph eq "processesmemory") { + $graphstatus = Graphs::updateprocessesmemorygraph($range); + } else { + $graphstatus = "Unknown graph name."; + } +# ------ + +} elsif($origin eq "system.cgi") { ## system.cgi + if($graph eq "cpu") { + $graphstatus = Graphs::updatecpugraph($range); + } elsif($graph eq "cpufreq") { + $graphstatus = Graphs::updatecpufreqgraph($range); + } elsif($graph eq "load") { + $graphstatus = Graphs::updateloadgraph($range); + } else { + $graphstatus = "Unknown graph name."; + } +# ------ + +} else { + $graphstatus = "Unknown graph origin."; +} + +### Print error message ### +# Add request parameters for debugging +if($graphstatus) { + $graphstatus = "$graphstatus\n($origin, $graph, $range)"; + _print_error($graphstatus); +} + +###--- Internal functions ---### + +# Send HTTP headers and switch to binary output +# (don't print any non-image data to STDOUT afterwards) +sub _start_png_output { + print "Cache-Control: no-cache, no-store\n"; + print "Content-Type: image/png\n"; + print "\n"; # End of HTTP headers + binmode(STDOUT); +} + +# Print error message to PNG output +sub _print_error { + my ($message) = @_; + $message = "- Error -\n \n$message"; + + # Create new image with the same size as a graph + my $img = GD::Image->new($Graphs::image_size{'width'}, $Graphs::image_size{'height'}); + $img->interlaced('true'); + + # Basic colors + my $color_background = $img->colorAllocate(255, 255, 255); + my $color_border = $img->colorAllocate(255, 0, 0); + my $color_text = $img->colorAllocate(0, 0, 0); + + # Background and border + $img->setThickness(2); + $img->filledRectangle(0, 0, $img->width, $img->height, $color_background); + $img->rectangle(10, 10, $img->width - 10, $img->height - 10, $color_border); + + # Draw message with line-wrap + my $textbox = GD::Text::Wrap->new($img, + text => $message, + width => ($img->width - 50), + color => $color_text, + align => 'center', + line_space => 5, + preserve_nl => 1 + ); + $textbox->set_font(gdLargeFont); + $textbox->draw(25, 25); + + # Get PNG output + print $img->png; +} diff --git a/html/cgi-bin/logs.cgi/ids.dat b/html/cgi-bin/logs.cgi/ids.dat index 8918bc6da..74cad6267 100644 --- a/html/cgi-bin/logs.cgi/ids.dat +++ b/html/cgi-bin/logs.cgi/ids.dat @@ -351,7 +351,7 @@ END print "target='_blank'>$sid</a></td>\n"; } elsif ($sid >= 2000000 and $sid < 3000000) { # Link to emergingthreats if the rule sid is between 2000000 and 3000000. - print "<a href='http://doc.emergingthreats.net/$sid' "; + print "<a href='https://threatintel.proofpoint.com/sid/$sid' "; print "target='_blank'>$sid</a></td>\n"; } else { # No external link for user defined rules diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat index 2a246ec60..f81994f87 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat @@ -218,7 +218,7 @@ if ($multifile) { # extract ipv4 and ipv6 address elsif (($_ =~ /SRC=(([\d]{1,3})(.([\d]{1,3})){3})/) or ($_ =~ /SRC=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) { my $srcaddr=$1; - my $ccode = $gi->country_code_by_name($srcaddr); + my $ccode = &Location::Functions::lookup_country_code($srcaddr); if($ccode eq uc($country)){ # or srcaddr matches country code $log[$lines] = $_; diff --git a/html/cgi-bin/netovpnsrv.cgi b/html/cgi-bin/netovpnsrv.cgi index 77c69cddb..ab3548713 100755 --- a/html/cgi-bin/netovpnsrv.cgi +++ b/html/cgi-bin/netovpnsrv.cgi @@ -75,7 +75,7 @@ if ( $querry[0] ne ""){ if (@vpns || %ipsecgraphs) { foreach my $name (sort keys %ipsecgraphs) { &Header::openbox('100%', 'center', "$Lang::tr{'ipsec connection'}: $name"); - &Graphs::makegraphbox("netovpnsrv.cgi", $ipsecgraphs{$name}, "day"); + &Graphs::makegraphbox("netovpnsrv.cgi", "ipsec-$ipsecgraphs{$name}", "day"); &Header::closebox(); }
diff --git a/html/html/include/rrdimage.js b/html/html/include/rrdimage.js new file mode 100644 index 000000000..e7ee4c769 --- /dev/null +++ b/html/html/include/rrdimage.js @@ -0,0 +1,122 @@ +/*############################################################################# +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +#############################################################################*/ + +// "onclick" event handler for graph time range select button +// buttonObj: reference to the button +function rrdimage_selectRange(buttonObj) { + if(! (buttonObj && ('range' in buttonObj.dataset))) { + return; //required parameters are missing + } + + // Get selected time range from button + const range = buttonObj.dataset.range; + + // Get surrounding div box and select new range + let graphBox = $(buttonObj).closest('div'); + _rrdimg_setRange(graphBox, range); +} + +// Document loaded: Process all graphs, start reload timers +$(function() { + $('div.rrdimage').each(function() { + let graphBox = $(this); + _rrdimg_setRange(graphBox, graphBox.data('defaultRange'), true); + }); +}); + +//--- Internal functions --- + +// Set or update graph time range, start automatic reloading +// graphBox: jQuery object, reference to graph div box +// range: time range (day, hour, ...) +// initMode: don't immediately reload graph, but force timers and attributes update +function _rrdimg_setRange(graphBox, range, initMode = false) { + if(! ((graphBox instanceof jQuery) && (graphBox.length === 1))) { + return; //graphBox element missing + } + + // Check range parameter, default to "day" on error + if(! ["hour", "day", "week", "month", "year"].includes(range)) { + range = "day"; + } + + // Check if the time range is changed + if((graphBox.data('range') !== range) || initMode) { + graphBox.data('range', range); //Store new range + + // Update button highlighting + graphBox.find('button').removeClass('selected'); + graphBox.find(`button[data-range="${range}"]`).addClass('selected'); + } + + // Clear pending reload timer to prevent multiple image reloads + let timerId = graphBox.data('reloadTimer'); + if(timerId !== undefined) { + window.clearInterval(timerId); + graphBox.removeData('reloadTimer'); + } + + // Determine auto reload interval (in seconds), + // interval = 0 disables auto reloading by default + let interval = 0; + switch(range) { + case 'hour': + interval = 60; + break; + + case 'day': + case 'week': + interval = 300; + break; + } + + // Start reload timer and store reference + if(interval > 0) { + timerId = window.setInterval(function(graphRef) { + _rrdimg_reload(graphRef); + }, interval * 1000, graphBox); + graphBox.data('reloadTimer', timerId); + } + + // Always reload image unless disabled by init mode + if(! initMode) { + _rrdimg_reload(graphBox); + } +} + +// Reload graph image, add timestamp to prevent caching +// graphBox: jQuery object (graph element must be valid) +function _rrdimg_reload(graphBox) { + const origin = graphBox.data('origin'); + const graph = graphBox.data('graph'); + const timestamp = Date.now(); + + // Get user selected range or fall back to default + let range = graphBox.data('range'); + if(! range) { + range = graphBox.data('defaultRange'); + } + + // Generate new image URL with timestamp + const imageUrl = `/cgi-bin/getrrdimage.cgi?origin=${origin}&graph=${graph}&range=${range}×tamp=${timestamp}`; + + // Get graph image and set new URL + graphBox.children('img').first().attr('src', imageUrl); +} diff --git a/html/html/themes/ipfire/include/css/style.css b/html/html/themes/ipfire/include/css/style.css index 9421fc111..10644a9f8 100644 --- a/html/html/themes/ipfire/include/css/style.css +++ b/html/html/themes/ipfire/include/css/style.css @@ -328,7 +328,38 @@ table.fw-nat tbody tr td { height: 2.25em; }
-iframe.graph { - width: 100%; - min-height: 300px; +/* RRD graph images */ + +div.rrdimage > ul { + list-style-type: none; + margin: 0; + display: flex; + justify-content: center; +} +.rrdimage li:not(:first-child)::before { + content: "-"; + padding: 0 0.3em; +} + +.rrdimage button { + padding: 0.3em; + font-weight: 700; + color: #d90000; /* link color */ + border: none; + background: none; + cursor: pointer; + text-decoration: underline; +} +.rrdimage button:focus { + outline: none; + box-shadow: none; +} +.rrdimage button.selected { + background-color: rgba(135, 203, 0, 0.2); +} + +div.rrdimage > img { + box-sizing: border-box; + max-width: 100%; + min-height: 290px; } diff --git a/html/html/themes/ipfire/include/functions.pl b/html/html/themes/ipfire/include/functions.pl index 9aec77497..c76af336d 100644 --- a/html/html/themes/ipfire/include/functions.pl +++ b/html/html/themes/ipfire/include/functions.pl @@ -128,6 +128,7 @@ print <<END; <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <link rel="shortcut icon" href="/favicon.ico" /> <script type="text/javascript" src="/include/jquery.js"></script> + <script src="/include/rrdimage.js"></script>
<script type="text/javascript"> function swapVisibility(id) { diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 191c778d2..737ddf01d 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2436,7 +2436,7 @@ 'tor traffic read written' => 'Gesamter Traffic (empfangen/gesendet)', 'tor use exit nodes' => 'Nur diese Exitknoten benutzen (ein Fingerabdruck pro Zeile)', 'tor use guard nodes' => 'Nur diese Guardknoten benutzen (ein Fingerabdruck pro Zeile)', -'total connection time' => 'Gesammte Verbindungszeit', +'total connection time' => 'Gesamte Verbindungszeit', 'total hits for log section' => 'Gesamte Treffer für Protokollsektion', 'traffic back' => 'Zurück', 'traffic calc time' => 'Berechnungszeitpunkt', diff --git a/lfs/cmake b/lfs/cmake index 76ac3e6fa..e9cbd7678 100644 --- a/lfs/cmake +++ b/lfs/cmake @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.18.3 +VER = 3.20.0
THISAPP = cmake-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d87c668d17cda91dbf41c52e0ffc821f +$(DL_FILE)_MD5 = 9079201b76ca8d5b8b5337443369ae59
install : $(TARGET)
diff --git a/lfs/libcap b/lfs/libcap index 51dd7f436..55110138a 100644 --- a/lfs/libcap +++ b/lfs/libcap @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.25 +VER = 2.49
THISAPP = libcap-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6666b839e5d46c2ad33fc8aa2ceb5f77 +$(DL_FILE)_MD5 = b43ae3690fe4d2cb32e4d25c0983ecd3
install : $(TARGET)
diff --git a/lfs/libpcap b/lfs/libpcap index ccf78a449..14ce62676 100644 --- a/lfs/libpcap +++ b/lfs/libpcap @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.9.1 +VER = 1.10.0
THISAPP = libpcap-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 21af603d9a591c7d96a6457021d84e6c +$(DL_FILE)_MD5 = 8c12dc19dd7e0d02d2bb6596eb5a71c7
install : $(TARGET)
diff --git a/lfs/nettle b/lfs/nettle index e2d5df88d..dfc3fdda5 100644 --- a/lfs/nettle +++ b/lfs/nettle @@ -24,7 +24,7 @@
include Config
-VER = 3.7.1 +VER = 3.7.2
THISAPP = nettle-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4d23a99df650ee88511653fb9acea3f0 +$(DL_FILE)_MD5 = 22849db27ed563ebbc829273f0c97e35
install : $(TARGET)
diff --git a/lfs/poppler b/lfs/poppler index b03702146..632d6f8ef 100644 --- a/lfs/poppler +++ b/lfs/poppler @@ -76,7 +76,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -DCMAKE_INSTALL_PREFIX=/usr \ -DTESTDATADIR=$PWD/testfiles \ -DENABLE_UNSTABLE_API_ABI_HEADERS=ON \ - -ENABLE_QT5=OFF \ + -DENABLE_QT5=OFF \ ..
cd $(DIR_APP)/build && make $(MAKETUNING) diff --git a/lfs/tcpdump b/lfs/tcpdump index b4e6b0e2a..86c54738d 100644 --- a/lfs/tcpdump +++ b/lfs/tcpdump @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 4.9.3 +VER = 4.99.0
THISAPP = tcpdump-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tcpdump -PAK_VER = 11 +PAK_VER = 12
DEPS =
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a4ead41d371f91aa0a2287f589958bae +$(DL_FILE)_MD5 = b10aa2f497def7283bc060f626879ce5
install : $(TARGET)
@@ -80,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && \ ./configure \ --prefix=/usr \ + --bindir=/usr/sbin \ --with-crypto \ --without-smi
hooks/post-receive -- IPFire 2.x development tree