From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 183ccaa5a5c95f4cb2b639360f3c1465567577e9 Date: Tue, 04 May 2021 15:53:16 +0000 Message-ID: <4FZPWd02xvz2xhf@people01.haj.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6647954894561095477==" List-Id: --===============6647954894561095477== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 183ccaa5a5c95f4cb2b639360f3c1465567577e9 (commit) via 86beff5f75a88cebe62f6d629cce3ae3768e231b (commit) via be56c36b00809e84c1968d1e2848ef5fd3dfcdc9 (commit) via 8b68ed1226c6dd9b352bb157a6a1c5ce7cb7ef82 (commit) from d8bf30563f08007edf8492b1fc55a9c46004014f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 183ccaa5a5c95f4cb2b639360f3c1465567577e9 Author: Peter M=C3=BCller Date: Thu Apr 22 17:47:37 2021 +0200 icmp-types file does not have to be executable =20 This file does not contain any executable code, hence we should not set its permission to be executable. =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit 86beff5f75a88cebe62f6d629cce3ae3768e231b Author: Michael Tremer Date: Tue May 4 15:48:08 2021 +0000 collectd: Use libstatgrab for reading disk stats =20 Fixes: #12576 Signed-off-by: Michael Tremer commit be56c36b00809e84c1968d1e2848ef5fd3dfcdc9 Author: Michael Tremer Date: Tue May 4 14:48:59 2021 +0000 core157: Ship getipstat and iptables.cgi and bump guardian =20 Signed-off-by: Michael Tremer commit 8b68ed1226c6dd9b352bb157a6a1c5ce7cb7ef82 Author: Robin Roevens Date: Tue Apr 27 22:07:32 2021 +0200 misc-progs: getipstat: Refactor + extend =20 * Return output of iptables directly instead of writing it to files. * Make iptables wait for 5s if xtables is locked by another iptables process. (--wait 5 argument) * Add optional parameter "-x" to have iptables report exact numbers. * Add optional parameter "-f" to display the filter table (default). * Add optional parameter "-n" to display the nat table. * Add optional parameter "-m" to display the mangle table. * Adapt iptables.cgi and guardian.cgi to catch getipstat output instead of reading temp-files. =20 Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/fwhosts/icmp-types | 0 config/rootfiles/core/157/filelists/files | 2 + html/cgi-bin/guardian.cgi | 12 +--- html/cgi-bin/iptables.cgi | 18 ++---- lfs/collectd | 1 + lfs/guardian | 2 +- src/misc-progs/getipstat.c | 67 +++++++++++++++++++-= -- src/patches/collectd-4.10-disk-plugin-fields.patch | 13 +++++ 8 files changed, 83 insertions(+), 32 deletions(-) mode change 100755 =3D> 100644 config/fwhosts/icmp-types create mode 100644 src/patches/collectd-4.10-disk-plugin-fields.patch Difference in files: diff --git a/config/fwhosts/icmp-types b/config/fwhosts/icmp-types old mode 100755 new mode 100644 diff --git a/config/rootfiles/core/157/filelists/files b/config/rootfiles/cor= e/157/filelists/files index 9afab9087..2bad4ad52 100644 --- a/config/rootfiles/core/157/filelists/files +++ b/config/rootfiles/core/157/filelists/files @@ -1,3 +1,5 @@ srv/web/ipfire/cgi-bin/getrrdimage.cgi +srv/web/ipfire/cgi-bin/iptables.cgi srv/web/ipfire/html/themes/ipfire/include/css/style.css +usr/local/bin/getipstat var/ipfire/network-functions.pl diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi index fb16be00e..552c67211 100644 --- a/html/cgi-bin/guardian.cgi +++ b/html/cgi-bin/guardian.cgi @@ -829,12 +829,9 @@ sub GetBlockedHosts() { my @hosts; =20 # Launch helper to get chains from iptables. - system('/usr/local/bin/getipstat'); + open (FILE, '/usr/local/bin/getipstat | '); =20 - # Open temporary file which contains the chains and rules. - open (FILE, '/var/tmp/iptables.txt'); - - # Loop through the entire file. + # Loop through the entire output. while () { my $line =3D $_; =20 @@ -864,11 +861,6 @@ sub GetBlockedHosts() { # Close filehandle. close(FILE); =20 - # Remove recently created temporary files of the "getipstat" binary. - system("rm -f /var/tmp/iptables.txt"); - system("rm -f /var/tmp/iptablesmangle.txt"); - system("rm -f /var/tmp/iptablesnat.txt"); - # Convert entries, sort them, write back and store the sorted entries into = new array. my @sorted =3D map { $_->[0] } sort { $a->[1] <=3D> $b->[1] } diff --git a/html/cgi-bin/iptables.cgi b/html/cgi-bin/iptables.cgi index b52d74fcf..f900562d9 100644 --- a/html/cgi-bin/iptables.cgi +++ b/html/cgi-bin/iptables.cgi @@ -44,8 +44,6 @@ my %cgiparams=3D(); =20 &Header::getcgihash(\%cgiparams); =20 -system('/usr/local/bin/getipstat'); - &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ipts'}, 1, ''); &Header::openbigbox('100%', 'LEFT'); @@ -84,11 +82,11 @@ print <){ =20 $iplines[$lines] =3D $_; @@ -206,11 +204,11 @@ print <){ =20 $ipmlines[$manlines] =3D $_; @@ -333,11 +331,11 @@ print <){ =20 $ipnatlines[$natlines] =3D $_; @@ -433,7 +431,3 @@ print "
"; &Header::closebox(); &Header::closebigbox(); &Header::closepage(); - -system("rm -f /var/tmp/iptables.txt"); -system("rm -f /var/tmp/iptablesmangle.txt"); -system("rm -f /var/tmp/iptablesnat.txt"); diff --git a/lfs/collectd b/lfs/collectd index 36b507868..5e96ddbb3 100644 --- a/lfs/collectd +++ b/lfs/collectd @@ -107,6 +107,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd-4.10.9-xfs-co= mpile-fix.patch cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd-4.10-libiptc-= build-fixes.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/collectd-4.10.9-remove= -checks-for-SENSORS_API_VERSION-upper-limit.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/collectd-4.10-disk-plu= gin-fields.patch cd $(DIR_APP) && autoupdate -v configure.in cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi diff --git a/lfs/guardian b/lfs/guardian index ecc8fd24e..1d9a2f292 100644 --- a/lfs/guardian +++ b/lfs/guardian @@ -33,7 +33,7 @@ DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) =20 PROG =3D guardian -PAK_VER =3D 22 +PAK_VER =3D 23 =20 DEPS =3D perl-inotify2 perl-Net-IP =20 diff --git a/src/misc-progs/getipstat.c b/src/misc-progs/getipstat.c index c806d54a9..99d053bbf 100644 --- a/src/misc-progs/getipstat.c +++ b/src/misc-progs/getipstat.c @@ -2,6 +2,15 @@ * * Get the list from IPTABLES -L *=20 + * Optional commandline parameters: + * -x=20 + * instruct iptables to expand numbers + * -f=20 + * display filter table=20 + * -n + * display nat table + * -m + * display mangle table */ =20 #include @@ -9,20 +18,60 @@ #include #include #include -#include #include "setuid.h" =20 - -int main(void) +int main(int argc, char** argv) { + // Set defaults + // first argument has to be "iptables" since execve executes the program po= inted to by filename + // but /sbin/iptables is actually a symlink to /sbin/xtables-legacy-multi h= ence that program is executed + // however without the notion that it was called as "iptables". So we have = to pass "iptables" as first + // argument. + char *args[10] =3D {"iptables", "--list", "--verbose", "--numeric", "--wait= ", "5", NULL, NULL, NULL, NULL}; + char *usage =3D "getipstat [-x][-f|-n|-m]"; + unsigned int pcount =3D 6; + unsigned int table_set =3D 0; + + int opt; +=09 if (!(initsetuid())) exit(1); =20 - safe_system("/sbin/iptables -L -v -n > /var/tmp/iptables.txt"); - safe_system("/sbin/iptables -L -v -n -t nat > /var/tmp/iptablesnat.txt"); - safe_system("/sbin/iptables -t mangle -L -v -n > /var/tmp/iptablesmangle.tx= t"); - safe_system("chown nobody.nobody /var/tmp/iptables.txt /var/tmp/iptablesnat= .txt /var/tmp/iptablesmangle.txt"); -=09 - return 0; + // Parse command line arguments + if (argc > 1) { + while ((opt =3D getopt(argc, argv, "xfnm")) !=3D -1) { + switch(opt) { + case 'x': + args[pcount++] =3D "--exact"; + break; + case 'f': + table_set++; + break; + case 'n': + if (table_set =3D=3D 0) { + args[pcount++] =3D "--table"; + args[pcount++] =3D "nat"; + } + table_set++; + break; + case 'm': + if (table_set =3D=3D 0) { + args[pcount++] =3D "--table"; + args[pcount++] =3D "mangle"; + } + table_set++; + break; + default: + fprintf(stderr, "\nBad argument given.\n\n%s\n", usage); + exit(1); + } + } + if (table_set > 1) { + fprintf(stderr, "\nArguments -f/-n/-m are mutualy exclusive.\n\n%s\n", us= age); + exit(1); + } + } + + return run("/sbin/iptables", args); } =20 diff --git a/src/patches/collectd-4.10-disk-plugin-fields.patch b/src/patches= /collectd-4.10-disk-plugin-fields.patch new file mode 100644 index 000000000..4663d9a99 --- /dev/null +++ b/src/patches/collectd-4.10-disk-plugin-fields.patch @@ -0,0 +1,13 @@ +diff --git a/src/disk.c b/src/disk.c +index 4a78f1bd..c6f9e4bd 100644 +--- a/src/disk.c ++++ b/src/disk.c +@@ -428,7 +428,7 @@ static int disk_read (void) + IOObjectRelease (disk_list); + /* #endif HAVE_IOKIT_IOKITLIB_H */ +=20 +-#elif KERNEL_LINUX ++#elif 0 + FILE *fh; + char buffer[1024]; + =09 hooks/post-receive -- IPFire 2.x development tree --===============6647954894561095477==--