From 1bf1cdc1909ebf52d2014dd2559ba0d83950b9f8 Mon Sep 17 00:00:00 2001 From: Vincent Li Date: Sun, 13 Oct 2024 02:10:50 +0000 Subject: [PATCH] xdp-geoip UI: location block ipset to XDP change location-block UI from calling ipset to calling xdp_geoip to update geoip_map bpf map. see https://github.com/vincentmli/BPFire/issues/53 Signed-off-by: Vincent Li --- html/cgi-bin/location-block.cgi | 87 +++++++++++++++++++++++++++------ langs/en/cgi-bin/en.pl | 6 +-- langs/zh/cgi-bin/zh.pl | 2 +- 3 files changed, 75 insertions(+), 20 deletions(-) diff --git a/html/cgi-bin/location-block.cgi b/html/cgi-bin/location-block.cgi index 98965db88..4480e5f5b 100644 --- a/html/cgi-bin/location-block.cgi +++ b/html/cgi-bin/location-block.cgi @@ -37,6 +37,7 @@ my %color = (); my %mainsettings = (); my %settings = (); my %cgiparams = (); +my $errormessage=''; # Read configuration file. &General::readhash("$settingsfile", \%settings); @@ -63,30 +64,37 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { # Loop through our locations array to prevent from # non existing countries or code. foreach my $cn (@locations) { - # Check if blocking for this country should be enabled/disabled. - if (exists $cgiparams{$cn}) { - $settings{$cn} = "on"; - } else { - $settings{$cn} = "off"; + # Get the current setting for the country (on/off) + my $current_status = $settings{$cn}; + + # Determine if the country should be blocked based on CGI input + my $new_status = exists $cgiparams{$cn} ? "on" : "off"; + + # Update settings based on the user input + $settings{$cn} = $new_status; + + # If the new status is "on" and the current status was "off", add the country's IPs + if ($new_status eq "on" && $current_status eq "off") { + # Call function to add IPs for this country to the eBPF map + &add_country_ips($cn); + } # If the new status is "off" and the current status was "on", remove the country's IPs + elsif ($new_status eq "off" && $current_status eq "on") { + # Call function to remove IPs for this country from the eBPF map + &remove_country_ips($cn); } } &General::writehash("$settingsfile", \%settings); - - # Mark the firewall config as changed. - &General::firewall_config_changed(); - - # Assign reload notice. - $notice = $Lang::tr{'fw rules reload notice'}; } &Header::openpage($Lang::tr{'locationblock configuration'}, 1, ''); -# Print notice that a firewall reload is required. -if ($notice) { - &Header::openbox('100%', 'left', $Lang::tr{'notice'}); - print "$notice"; - &Header::closebox(); +&Header::openbigbox('100%', 'left', '', $errormessage); + +if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage \n"; + &Header::closebox(); } # Checkbox pre-selection. @@ -269,3 +277,50 @@ print"\n"; &Header::closebigbox(); &Header::closepage(); + +sub add_country_ips { + + my ($set) = @_; + + # Libloc adds the IP type (v4 or v6) as part of the set and file name. + my $loc_set = "$set" . "v4"; + + # The bare filename equals the set name. + my $filename = $loc_set; + + # Libloc uses "ipset" as file extension. + my $file_extension = "ipset"; + + # Generate full path and filename for the ipset db file. + my $db_file = "$Location::Functions::ipset_db_directory/$filename.$file_extension"; + + my @options; + my $command = 'xdp_geoip'; + push(@options, "add", $db_file, $set); + &General::system_output($command, @options); + #my @output = &General::system_output($command, @options); + #$errormessage = join('', @output); +} + +sub remove_country_ips { + my ($set) = @_; + + # Libloc adds the IP type (v4 or v6) as part of the set and file name. + my $loc_set = "$set" . "v4"; + + # The bare filename equals the set name. + my $filename = $loc_set; + + # Libloc uses "ipset" as file extension. + my $file_extension = "ipset"; + + # Generate full path and filename for the ipset db file. + my $db_file = "$Location::Functions::ipset_db_directory/$filename.$file_extension"; + + my @options; + my $command = 'xdp_geoip'; + push(@options, "delete", $db_file, $set); + &General::system_output($command, @options); + #my @output = &General::system_output($command, @save_options); + #$errormessage = join('', @output); +} diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 5cfd7acdd..2beeb14b8 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1704,13 +1704,13 @@ 'localkeyfile' => 'Localkeyfile', 'location' => 'Location', 'locationblock' => 'Location Block', -'locationblock block countries' => 'Block countries', -'locationblock configuration' => 'Location Configuration', +'locationblock block countries' => 'Block countries/regions', +'locationblock configuration' => 'XDP Location Configuration', 'locationblock country code' => 'Country Code', 'locationblock country is allowed' => 'Incoming traffic from this country is allowed', 'locationblock country is blocked' => 'Incoming traffic from this country will be blocked', 'locationblock country name' => 'Country Name', -'locationblock enable feature' => 'Enable Location based blocking:', +'locationblock enable feature' => 'Enable XDP Location based blocking:', 'locationblock flag' => 'Flag', 'log' => 'Log', 'log drop hostile in' => 'Log dropped packets FROM hostile networks', diff --git a/langs/zh/cgi-bin/zh.pl b/langs/zh/cgi-bin/zh.pl index 1c5ae5b9e..e2009dba4 100644 --- a/langs/zh/cgi-bin/zh.pl +++ b/langs/zh/cgi-bin/zh.pl @@ -1681,7 +1681,7 @@ 'locationblock country is allowed' => '允许来自该国家/地区的入站流量', 'locationblock country is blocked' => '阻止该国家/地区的入站流量', 'locationblock country name' => '国家名称', -'locationblock enable feature' => '启用基于位置的阻止::', +'locationblock enable feature' => '启用基于XDP加速器位置的阻止::', 'locationblock flag' => 'Flag', 'log' => '日志', 'log dropped conntrack invalids' => '记录被连接跟踪分类为无效的丢弃数据包',