webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 21:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Enable correct display of ipv6 entries in Firewall log pages of web UI.

Browse Source 
3 main changes:
 - Fill $iface and $out from PHYSIN and PHYSOUT when looking at bridged packets, othwerwise fill from IN and OUT
 - Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr
 - Match color coding of tables to pie charts (see seperate patch sent earlier)

I am using the bridged ipv6 setup as proposed in the wiki. I do not think this breaks anything when not using ipv6. So it would be nice to include this even if ipv6 is not officially supported yet. It is quite useful when using the ipv6 setup.

Signed-off-by: Michael Eitelwein <michael@eitelwein.net>
---
This commit is contained in:
Michael Eitelwein
2016-01-07 14:00:01 +01:00
parent c26171b4b4
commit 9877d28d9e
7 changed files with 131 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
html/cgi-bin/logs.cgi/firewalllog.dat
View File

@@ -328,7 +328,10 @@ END
$lines = 0;
foreach $_ (@log)
{
/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
# If ipv6 uses a bridge, PHYSIN= contains the relevant iface information
# otherwise use IN=
if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $day = $1;
$day =~ tr / /0/;
my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
@@ -336,9 +339,12 @@ foreach $_ (@log)
my $packet = $4;
my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport);
$iface=$1 if $packet =~ /IN=(\w+)/;
$srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
$dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1}
# Identify whether ipv4 or ipv6. Both are mutally exclusive.
if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1 }
if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1 }
if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1 }
if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1 }
$macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
$proto=$1 if $packet =~ /PROTO=(\w+)/;
$srcport=$1 if $packet =~ /SPT=(\d+)/;

43
html/cgi-bin/logs.cgi/firewalllogcountry.dat
View File

@@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};}
if( $cgiparams{'otherspie'} != 0){$otherspie=$cgiparams{'otherspie'};}
if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};}
if( $cgiparams{'sortcolumn'} != 0){$sortcolumn=$cgiparams{'sortcolumn'};}
print <<END
</select>
</td>
@@ -294,15 +293,24 @@ $lines = 0;
foreach $_ (@log)
{
/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
# If ipv6 uses bridge, use PHYSIN for iface, otherwise IN
if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $packet = $4;
$packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
$packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
my $iface = '';
if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 }
if ( $1 =~ /2./ ) { $iface=''; }
my $srcaddr = '';
# Find ipv4 and ipv6 addresses
if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = $1 }
elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr = $1 }
if($iface eq $red_interface) {
# Traffic from red
if($srcaddr ne '') {
# srcaddr is set
my $ccode = $gi->country_code_by_name($srcaddr);
if( $ccode eq '') {
if ($ccode eq '') {
$ccode = 'unknown';
}
$tabjc{$ccode} = $tabjc{$ccode} + 1 ;
@@ -311,11 +319,16 @@ foreach $_ (@log)
}
}
else {
# Traffic not from red
if($iface ne '') {
$tabjc{$iface} = $tabjc{$iface} + 1 ;
if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
$linesjc++;
}
else {
# What to do with empty iface lines?
# This probably is traffic from ipfire itself (IN= OUT=XY)?
}
}
}
@@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) {
print "<img src='/graphs/fwlog-country$imagerandom.png'>";
print "</div>";
}
print <<END
<table width='100%' class='tbl'>
<tr>
@@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
my $colorIndex = $color % 10;
if($colorIndex == 0) {
$colorIndex = 10;
}
# colors are numbered 1 to 10
my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
$color++;
print "<tr>";
@@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++)
print"<input type='hidden' name='country' value='$key[$s]'>";
print"<input type='submit' value='details'></form>";
}
if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0') {
elsif ($key[$s] eq 'unknown') {
print "unknown";
}
# Looks dangerous to use hardcoded interface names here. Probably needs fixing.
if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0' ) {
print "<td align='center' $col>$key[$s]</td>";
}
else {
@@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
my $colorIndex = $color % 10;
if($colorIndex == 0) {
$colorIndex = 10;
}
# colors are numbered 1 to 10
my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";

15
html/cgi-bin/logs.cgi/firewalllogip.dat
View File

@@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber =
$lines = 0;
foreach $_ (@log)
{
if($_ =~ /SRC\=([\d\.]+)/){
# Extract ipv4 or ipv6 address
if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
$tabjc{$1} = $tabjc{$1} + 1 ;
if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
$linesjc++;
@@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
my $colorIndex = $color % 10;
if($colorIndex == 0) {
$colorIndex = 10;
}
# colors are numbered 1 to 10
my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
@@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
my $colorIndex = $color % 10;
if($colorIndex == 0) {
$colorIndex = 10;
}
# colors are numbered 1 to 10
my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";

12
html/cgi-bin/logs.cgi/firewalllogport.dat
View File

@@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
my $colorIndex = $color % 10;
if($colorIndex == 0) {
$colorIndex = 10;
}
# colors are numbered 1 to 10
my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
@@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
my $colorIndex = $color % 10;
if($colorIndex == 0) {
$colorIndex = 10;
}
# colors are numbered 1 to 10
my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";

81
html/cgi-bin/logs.cgi/showrequestfromcountry.dat
View File

@@ -158,23 +158,35 @@ if (!$skip)
{
while (<FILE>)
{
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
my $packet = $2;
$packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
$packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
# First check whether valid log line (date, day)
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
# If ipv6 uses bridge, then use PHYSIN otherwise use IN
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYSIN=.*)$/) {}
elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {}
my $packet = $2;
my $iface = '';
my $srcaddr = '';
# If ipv6 uses bridge, use PHYSIN otherwise IN
if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 }
# Extract ipv4 and ipv6 addresses
if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
$srcaddr = $1
};
if($iface eq $country) {
# iface matches country code
$log[$lines] = $_;
$lines++;
}
elsif($srcaddr ne '') {
# or srcaddr matches country code
my $ccode = $gi->country_code_by_name($srcaddr);
if($ccode eq $country){
$log[$lines] = $_;
$lines++;
}
}
}
}
}
close (FILE);
}
@@ -194,16 +206,28 @@ if ($multifile) {
}
if (!$skip) {
while (<FILE>) {
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
if($_ =~ /SRC\=([\d\.]+)/){
my $srcaddr=$1;
my $ccode = $gi->country_code_by_name($srcaddr);
if($ccode eq $country){
# Check if valid log line (date, day)
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
my $iface = '';
# If ipv6 uses bridge, then use PHYSIN otherwise IN
if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($_ =~ /IN=(\w+)/) { $iface = $1 }
if($iface eq $country) {
# iface matches country code
$log[$lines] = $_;
$lines++;
}
# extract ipv4 and ipv6 address
elsif (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
my $srcaddr=$1;
my $ccode = $gi->country_code_by_name($srcaddr);
if($ccode eq $country){
# or srcaddr matches country code
$log[$lines] = $_;
$lines++;
}
}
}
}
}
}
close (FILE);
}
@@ -308,32 +332,45 @@ $lines = 0;
foreach $_ (@slice)
{
$a = $_;
/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
# If ipv6 uses bridge, use PHYSIN otherwise use IN
if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {};
my $packet = $4;
$packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
$packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
my $iface = '';
# If ipv6 uses bridge, use PHYSIN otherwise use IN
if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 }
if ( $1 =~ /2./ ){ $iface="";}
my $srcaddr = '';
# Extract ipv4 and ipv6 addresses
if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
$srcaddr = $1
};
if($iface eq $country || $srcaddr ne '') {
my $ccode;
my $ccode='';
if($iface ne $country) {
$ccode = $gi->country_code_by_name($srcaddr);
}
if($iface eq $country || $ccode eq $country) {
my $chain = '';
my $chain = '';
my $in = '-'; my $out = '-';
my $srcaddr = ''; my $dstaddr = '';
my $protostr = '';
my $srcport = ''; my $dstport = '';
$_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
# If ipv6 uses bridge, the use PHYSIN otherwise use IN
if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3;
if ($a =~ /IN\=(\w+)/) { $iface = $1; }
if ($a =~ /OUT\=(\w+)/) { $out = $1; }
if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
# If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use IN and OUT
if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ /IN=(\w+)/) { $iface = $1 }
if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ /OUT=(\w+)/) { $out = $1 }
# Extract ipv4 and ipv6 addresses
if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }

27
html/cgi-bin/logs.cgi/showrequestfromip.dat
View File

@@ -155,7 +155,7 @@ if (!$skip)
while (<FILE>)
{
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
if($_ =~ /SRC\=([\d\.]+)/){
if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
if($1 eq $ip){
$log[$lines] = $_;
$lines++;
@@ -182,12 +182,12 @@ if ($multifile) {
if (!$skip) {
while (<FILE>) {
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
if($_ =~ /SRC\=([\d\.]+)/){
if($1 eq $ip){
if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
if($1 eq $ip){
$log[$lines] = $_;
$lines++;
}
}
}
}
}
}
close (FILE);
@@ -293,7 +293,8 @@ $lines = 0;
foreach $_ (@slice)
{
$a = $_;
if($_ =~ /SRC\=([\d\.]+)/){
# Check whether valid ipv4 or ipv6 address
if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
if($1 eq $ip){
my $chain = '';
my $in = '-'; my $out = '-';
@@ -301,15 +302,19 @@ foreach $_ (@slice)
my $protostr = '';
my $srcport = ''; my $dstport = '';
$_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
# If ipv6 uses bridge, the use PHYSIN, otherwise use IN
if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3;
if ($a =~ /IN\=(\w+)/) { $iface = $1; }
if ($a =~ /OUT\=(\w+)/) { $out = $1; }
if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
# If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT
if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ /IN=(\w+)/) { $iface = $1 }
if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ /OUT=(\w+)/) { $out = $1 }
# Detect ipv4 and ipv6 addresses
if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }

14
html/cgi-bin/logs.cgi/showrequestfromport.dat
View File

@@ -307,15 +307,19 @@ foreach $_ (@slice)
my $protostr = '';
my $srcport = ''; my $dstport = '';
$_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
# If ipv6 uses bridge, the use PHYSIN, otherwise use IN
if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3; my $iface;
if ($a =~ /IN\=(\w+)/) { $iface = $1; }
if ($a =~ /OUT\=(\w+)/) { $out = $1; }
if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
# If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT
if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ /IN\=(\w+)/) { $iface = $1; }
if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~ /OUT\=(\w+)/) { $out = $1; }
# Detect ipv4 and ipv6 addresses
if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }