From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 183ccaa5a5c95f4cb2b639360f3c1465567577e9
Date: Tue, 04 May 2021 15:53:16 +0000 [thread overview]
Message-ID: <4FZPWd02xvz2xhf@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 11224 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 183ccaa5a5c95f4cb2b639360f3c1465567577e9 (commit)
via 86beff5f75a88cebe62f6d629cce3ae3768e231b (commit)
via be56c36b00809e84c1968d1e2848ef5fd3dfcdc9 (commit)
via 8b68ed1226c6dd9b352bb157a6a1c5ce7cb7ef82 (commit)
from d8bf30563f08007edf8492b1fc55a9c46004014f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 183ccaa5a5c95f4cb2b639360f3c1465567577e9
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Apr 22 17:47:37 2021 +0200
icmp-types file does not have to be executable
This file does not contain any executable code, hence we should not set
its permission to be executable.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 86beff5f75a88cebe62f6d629cce3ae3768e231b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 4 15:48:08 2021 +0000
collectd: Use libstatgrab for reading disk stats
Fixes: #12576
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit be56c36b00809e84c1968d1e2848ef5fd3dfcdc9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 4 14:48:59 2021 +0000
core157: Ship getipstat and iptables.cgi and bump guardian
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8b68ed1226c6dd9b352bb157a6a1c5ce7cb7ef82
Author: Robin Roevens <robin.roevens(a)disroot.org>
Date: Tue Apr 27 22:07:32 2021 +0200
misc-progs: getipstat: Refactor + extend
* Return output of iptables directly instead of writing it to files.
* Make iptables wait for 5s if xtables is locked by another iptables
process. (--wait 5 argument)
* Add optional parameter "-x" to have iptables report exact numbers.
* Add optional parameter "-f" to display the filter table (default).
* Add optional parameter "-n" to display the nat table.
* Add optional parameter "-m" to display the mangle table.
* Adapt iptables.cgi and guardian.cgi to catch getipstat output
instead of reading temp-files.
Signed-off-by: Robin Roevens <robin.roevens(a)disroot.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/fwhosts/icmp-types | 0
config/rootfiles/core/157/filelists/files | 2 +
html/cgi-bin/guardian.cgi | 12 +---
html/cgi-bin/iptables.cgi | 18 ++----
lfs/collectd | 1 +
lfs/guardian | 2 +-
src/misc-progs/getipstat.c | 67 +++++++++++++++++++---
src/patches/collectd-4.10-disk-plugin-fields.patch | 13 +++++
8 files changed, 83 insertions(+), 32 deletions(-)
mode change 100755 => 100644 config/fwhosts/icmp-types
create mode 100644 src/patches/collectd-4.10-disk-plugin-fields.patch
Difference in files:
diff --git a/config/fwhosts/icmp-types b/config/fwhosts/icmp-types
old mode 100755
new mode 100644
diff --git a/config/rootfiles/core/157/filelists/files b/config/rootfiles/core/157/filelists/files
index 9afab9087..2bad4ad52 100644
--- a/config/rootfiles/core/157/filelists/files
+++ b/config/rootfiles/core/157/filelists/files
@@ -1,3 +1,5 @@
srv/web/ipfire/cgi-bin/getrrdimage.cgi
+srv/web/ipfire/cgi-bin/iptables.cgi
srv/web/ipfire/html/themes/ipfire/include/css/style.css
+usr/local/bin/getipstat
var/ipfire/network-functions.pl
diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi
index fb16be00e..552c67211 100644
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -829,12 +829,9 @@ sub GetBlockedHosts() {
my @hosts;
# Launch helper to get chains from iptables.
- system('/usr/local/bin/getipstat');
+ open (FILE, '/usr/local/bin/getipstat | ');
- # Open temporary file which contains the chains and rules.
- open (FILE, '/var/tmp/iptables.txt');
-
- # Loop through the entire file.
+ # Loop through the entire output.
while (<FILE>) {
my $line = $_;
@@ -864,11 +861,6 @@ sub GetBlockedHosts() {
# Close filehandle.
close(FILE);
- # Remove recently created temporary files of the "getipstat" binary.
- system("rm -f /var/tmp/iptables.txt");
- system("rm -f /var/tmp/iptablesmangle.txt");
- system("rm -f /var/tmp/iptablesnat.txt");
-
# Convert entries, sort them, write back and store the sorted entries into new array.
my @sorted = map { $_->[0] }
sort { $a->[1] <=> $b->[1] }
diff --git a/html/cgi-bin/iptables.cgi b/html/cgi-bin/iptables.cgi
index b52d74fcf..f900562d9 100644
--- a/html/cgi-bin/iptables.cgi
+++ b/html/cgi-bin/iptables.cgi
@@ -44,8 +44,6 @@ my %cgiparams=();
&Header::getcgihash(\%cgiparams);
-system('/usr/local/bin/getipstat');
-
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'ipts'}, 1, '');
&Header::openbigbox('100%', 'LEFT');
@@ -84,11 +82,11 @@ print <<END
END
;
-# We´ll open the txt files and extract each line, if the line
+# We´ll get iptables output and examine each line, if the line
# start with an Chain the the name, start- and endline of the
# chain is extracted into a hash
- open (FILE, '/var/tmp/iptables.txt');
+ open (FILE, '/usr/local/bin/getipstat | ');
while (<FILE>){
$iplines[$lines] = $_;
@@ -206,11 +204,11 @@ print <<END
END
;
-# We´ll open the txt files and extract each line, if the line
+# We´ll get iptables output and examine each line, if the line
# start with an Chain the the name, start- and endline of the
# chain is extracted into a hash
- open (FILE, '/var/tmp/iptablesmangle.txt');
+ open (FILE, '/usr/local/bin/getipstat -m | ');
while (<FILE>){
$ipmlines[$manlines] = $_;
@@ -333,11 +331,11 @@ print <<END
END
;
-# We´ll open the txt files and extract each line, if the line
+# We´ll get iptables output and examine each line, if the line
# start with an Chain the the name, start- and endline of the
# chain is extracted into a hash
- open (FILE, '/var/tmp/iptablesnat.txt');
+ open (FILE, '/usr/local/bin/getipstat -n | ');
while (<FILE>){
$ipnatlines[$natlines] = $_;
@@ -433,7 +431,3 @@ print "</table></div><br />";
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
-
-system("rm -f /var/tmp/iptables.txt");
-system("rm -f /var/tmp/iptablesmangle.txt");
-system("rm -f /var/tmp/iptablesnat.txt");
diff --git a/lfs/collectd b/lfs/collectd
index 36b507868..5e96ddbb3 100644
--- a/lfs/collectd
+++ b/lfs/collectd
@@ -107,6 +107,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd-4.10.9-xfs-compile-fix.patch
cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd-4.10-libiptc-build-fixes.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/collectd-4.10.9-remove-checks-for-SENSORS_API_VERSION-upper-limit.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/collectd-4.10-disk-plugin-fields.patch
cd $(DIR_APP) && autoupdate -v configure.in
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi
diff --git a/lfs/guardian b/lfs/guardian
index ecc8fd24e..1d9a2f292 100644
--- a/lfs/guardian
+++ b/lfs/guardian
@@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = guardian
-PAK_VER = 22
+PAK_VER = 23
DEPS = perl-inotify2 perl-Net-IP
diff --git a/src/misc-progs/getipstat.c b/src/misc-progs/getipstat.c
index c806d54a9..99d053bbf 100644
--- a/src/misc-progs/getipstat.c
+++ b/src/misc-progs/getipstat.c
@@ -2,6 +2,15 @@
*
* Get the list from IPTABLES -L
*
+ * Optional commandline parameters:
+ * -x
+ * instruct iptables to expand numbers
+ * -f
+ * display filter table
+ * -n
+ * display nat table
+ * -m
+ * display mangle table
*/
#include <stdio.h>
@@ -9,20 +18,60 @@
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
-#include <fcntl.h>
#include "setuid.h"
-
-int main(void)
+int main(int argc, char** argv)
{
+ // Set defaults
+ // first argument has to be "iptables" since execve executes the program pointed to by filename
+ // but /sbin/iptables is actually a symlink to /sbin/xtables-legacy-multi hence that program is executed
+ // however without the notion that it was called as "iptables". So we have to pass "iptables" as first
+ // argument.
+ char *args[10] = {"iptables", "--list", "--verbose", "--numeric", "--wait", "5", NULL, NULL, NULL, NULL};
+ char *usage = "getipstat [-x][-f|-n|-m]";
+ unsigned int pcount = 6;
+ unsigned int table_set = 0;
+
+ int opt;
+
if (!(initsetuid()))
exit(1);
- safe_system("/sbin/iptables -L -v -n > /var/tmp/iptables.txt");
- safe_system("/sbin/iptables -L -v -n -t nat > /var/tmp/iptablesnat.txt");
- safe_system("/sbin/iptables -t mangle -L -v -n > /var/tmp/iptablesmangle.txt");
- safe_system("chown nobody.nobody /var/tmp/iptables.txt /var/tmp/iptablesnat.txt /var/tmp/iptablesmangle.txt");
-
- return 0;
+ // Parse command line arguments
+ if (argc > 1) {
+ while ((opt = getopt(argc, argv, "xfnm")) != -1) {
+ switch(opt) {
+ case 'x':
+ args[pcount++] = "--exact";
+ break;
+ case 'f':
+ table_set++;
+ break;
+ case 'n':
+ if (table_set == 0) {
+ args[pcount++] = "--table";
+ args[pcount++] = "nat";
+ }
+ table_set++;
+ break;
+ case 'm':
+ if (table_set == 0) {
+ args[pcount++] = "--table";
+ args[pcount++] = "mangle";
+ }
+ table_set++;
+ break;
+ default:
+ fprintf(stderr, "\nBad argument given.\n\n%s\n", usage);
+ exit(1);
+ }
+ }
+ if (table_set > 1) {
+ fprintf(stderr, "\nArguments -f/-n/-m are mutualy exclusive.\n\n%s\n", usage);
+ exit(1);
+ }
+ }
+
+ return run("/sbin/iptables", args);
}
diff --git a/src/patches/collectd-4.10-disk-plugin-fields.patch b/src/patches/collectd-4.10-disk-plugin-fields.patch
new file mode 100644
index 000000000..4663d9a99
--- /dev/null
+++ b/src/patches/collectd-4.10-disk-plugin-fields.patch
@@ -0,0 +1,13 @@
+diff --git a/src/disk.c b/src/disk.c
+index 4a78f1bd..c6f9e4bd 100644
+--- a/src/disk.c
++++ b/src/disk.c
+@@ -428,7 +428,7 @@ static int disk_read (void)
+ IOObjectRelease (disk_list);
+ /* #endif HAVE_IOKIT_IOKITLIB_H */
+
+-#elif KERNEL_LINUX
++#elif 0
+ FILE *fh;
+ char buffer[1024];
+
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2021-05-04 15:53 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FZPWd02xvz2xhf@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox