This tiny function is used, to delete the stored rulesfile in case a
provider will be deleted.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
As the name of the function already says, it is responsible to
delete all temporary files after ruleset generation.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Rework the function to work with the latest changes and multiple
providers.
The function now does the following:
* Extract the stored rules tarballs for all enabled providers.
* Copy rules files for enabled providers which provide plain files.
* Still calls oinkmaster to set up the rules and modify them.
* Calls the merge functions for classification and sid to msg files.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to merge the individual classification files
provided by the providers.
The result will be written to the classification.config which will be
used by the IDS.
Fixes#11884.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to extract the required config and rules files
from the stored rules tarball for a given ruleset provider.
* The files will be extracted to a temporary directory layout in
"/tmp/ids_tmp".
* Names of config files will be adjusted in case multiple providers
offers the same config files, which is very common.
* The name of the single rulefiles will be adjusted to start with
the vendors name to allow assigning them very easily to a single
ruleset provider.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
multiple ruleset providers.
When calling the function now a single ruleset provider handle
can be specified to only download this ruleset or by adding "all" or
leaving the handle blank a download of all configured rulesets can be
triggered.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function can be used to generate/get the absolute file and path
for a given ruleset provider.
The files will be stored in the usual "/var/tmp" folder with a new
file format based on the dl_file type and the provider.
Examples could be:
* /var/ipfire/idsrules-emerging.tar.gz
* /var/ipfire/idsrules-registered.tar.gz
* /var/ipfire/idsrules-somprovider.rules
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This patch fixes two wrong translations now used by the new
user manual links feature and removes an abandoned constant.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
This patch adds a little "help" icon to the page header.
If a manual entry exists for a configuration page, the icon
appears and offers a quick way to access the wiki.
Wiki pages can be configured in the "manualpages" file.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This enables creating firewall rules using the special country code "XD"
for hostile networks safe to drop and ipinfo.cgi to display a meaningful
text for IP addresses having this flag set.
At the moment, the "LOC_NETWORK_FLAG_DROP" is not yet populated, but
will be in the future (as soon as libloc 0.9.9 is released and running
in production).
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
this functions was removed from speed.cgi by reading kernel netowrk
statistics instead of parsing ip -s show ...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
include general-functions.pl load and initialize many subfunctions that are not
needed by speed.cgi which was executed very often.
So this reduce the system load significant if webif was open in browser
and ajax-speed display enabled.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
An error message is still shown although there is no option to disable
DNSSEC at the moment. The old marker file could still be present on
older machines.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
iwconfig doesn't return values for "Link Quality" if the interface
is disconnected, causing a division by zero error. If there are odd
values, the resulting percentage may contain many decimal places.
This patch makes wifi_get_link_quality return zero instead of failing
and rounds the percentage to a more meaningful integer.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
In some cases iptables logs the protocol number instead of the name.
When accessing the logs via the WUI, this number has been displayed as used
protocol, which is very hard to read and understand.
This commit adds a new function to the general-functions.pl, which
generates a hash to translate the protocol number into the protocol
name.
Fixes#11282.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Perl seems to just "guess" that someone no longer wants to use the
builtin "system" command when there is a function with the same name.
I have no idea what kind of liquid they are drinking, but because of the
side effects of that stuff, we explicitely call our system() function.
Not that that would be necessary, but why not waste a couple more CPU
cycles?
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
With wireless device as members in bridges, we cannot predict the name
very well. So we will use the MAC address and find the correct device
name when we launch hostapd.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This disables the theme support and makes it impossible to use any other
themes than the ipfire default theme.
The only intention of this patch is to hardcode the theme to ipfire.
To change any cgi we have is an ugly way, but the only way to do this
fast. The colour handling needs certainly to be improved as well, but
this will and should be done in other patches.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
"makegraphbox" is modified to remove the old iframe method and output
a modern div container instead.
Graph errors are now returned, to be displayed by getrrdimage.cgi.
entropy.cgi and netovpnsrv.cgi are modified to ensure compatibility.
Add cache control HTTP header to image output.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds two scripts which will later be used to display graphs:
-> getrrdimage.cgi: Generates PNG images for graphs.
Until now, each CGI with embedded graphs had to be able to output
images. These functions are now gathered in this new script.
The additional parameter handling can be removed and the CGIs can
be simplified. This makes it easier to use and output the graphs.
-> rrdimage.js: Interactive Javascript functions
This allows the user to select time ranges without reloading the page.
In addition, the graphs are now periodically updated, allowing users
to live monitor the data.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Use the traffic class description field to identify similar classes.
This ensures that a class used in both the up- and down-link is
printed with matching colors in both graphs.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
perl complains about the use of experimental smartmatch feature
if it is not declared.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Cache ethernet configuration in public variable "ethernet_settings",
add functions to simplify working with the network configuration.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function nicely translates the ethernet/settings "CONFIG_TYPE"
into a list of available zones. Therefore it should be more accessible!
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function is deprecated. The commonly used and maintained "IpInSubnet" function can be found in general-functions.pl.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
