perl complains about the use of experimental smartmatch feature
if it is not declared.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Cache ethernet configuration in public variable "ethernet_settings",
add functions to simplify working with the network configuration.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function nicely translates the ethernet/settings "CONFIG_TYPE"
into a list of available zones. Therefore it should be more accessible!
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function is deprecated. The commonly used and maintained "IpInSubnet" function can be found in general-functions.pl.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Patch of general-functions.pl for implementation of fix provided
by Bernhard Bitsch in bug #12428.
Had to be modified as that fix gave a failure for single character hostnames.
Updated version prevents spaces being put into hostnames and works for single
character hostnames
- Updated subroutine validfqdn to apply consistent rules for hostname & domain name
portions of fqdn
- Minor updates for consistency across validhostname, validdomainname & validfqdn
- Patch implemented into testbed system and confirmed working for hostnames, domain names
and FQDN's.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The get_full_country_name() function had an accidenlty and not longer
required call of the DB init function.
This is a waste of memory and a known problem, especially on systems
with less than 1GB of RAM, where the application which uses libloc in
such a redundant way crashes.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The second version of this patch only unifies the licence banner, but
leaves GPLv2 untouched. In addition, functions have been changed to use
a script-wide location database handle, as introduced in commit
b62d7e0cc7.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When adding "no_special_locations" to the function call as argument
the special locations liks "A1, A2, A3 etc" will not be added to the
returned array as available locations.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Create and use a single script-wide database handle for libloc to
prevent from creating multiple ones.
This helps saving memory, especially on small systems.
Reference #12515.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function can be used to check if a given address has
one of the known flags like "Anonymous Proxy".
If this is true, the mapped special country code will be returned.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is based on an orphaned patch provided by Tim FitzGeorge and
_finally_ fixes incorrect network membership calculations. Those were
are usability pain in the ass deluxe, as they rendered some combinations
of configuring OpenVPN and IPsec services unusable.
Fixes: #11235Fixes: #12263
Cc: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
There is not enough stuff that it is justified to have an own file.
This patch therefore merges everything into general-functions.pl.
There are no functional changes.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
o1 (Other country) and yu (Yugoslavia) have been used in the past
and are not part of libloc and therefore cannot be used anymore.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This simply makes more sense in most languages, as INPUT, OUTPUT and
FORWARD are special cases of firewall hits in general.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This merely is a cosmetic change, but since we are dealing with network
packets here, the SYN flag must be capitalised.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This function can be used to convert an amount of bytes to a
humand-readable format.
For example "3221225472" will become "3MB".
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
With this commit suricata reads the HTTP port declarations from a newly
introduced external file
(/var/ipfire/suricata/suricata-http-ports.yaml).
This file dynamically will be generated. HTTP ports always are the
default port "80" and "81" for update Accelerator and HTTP access to the
WUI. In case the Web-proxy is used, the configured proxy port and/or Transparent
Proxy port also will be declared as a HTTP port and written to that file.
In case one of the proxy ports will be changed, the HTTP port file will
be re-generated and suricate restarted if launched. Also if an old
backup with snort will be restored the convert script handles the
generation of the HTTP ports file.
Finally the suricata-generate-http-ports-file as a tiny script which
simply generates the http ports file and needs to be launched during the
installation of a core update. (The script will no be required
anymore, so it could be deleted afterwards.)
Fixes#12308.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
When no DNS servers are configured (aka recursor mode), the
DNS servers that unbound will try to contact can be anywhere.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The configuration file has an invalid syntax which causes
suricata to fail to start.
There was no comma inserted between DNS servers when there
was more than two of them. This is now fixed in this patch..
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
