| Message ID | 20171107204242.15257272.peter.mueller@link38.eu |
|---|---|
| State | Superseded |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id 4B7F360D81 for <patchwork@ipfire.org>; Tue, 7 Nov 2017 20:52:57 +0100 (CET) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id BB3153532; Tue, 7 Nov 2017 20:52:56 +0100 (CET) Received: from mx.link38.eu (mx.link38.eu [188.68.43.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.link38.eu", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 74DE33547 for <development@lists.ipfire.org>; Tue, 7 Nov 2017 20:42:49 +0100 (CET) X-Virus-Scanned: ClamAV at mx.link38.eu Received: from mx-fra.brokers.link38.eu (mx-fra.brokers.link38.eu [10.141.75.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.link38.eu (Postfix) with ESMTPS id B722E4039F for <development@lists.ipfire.org>; Tue, 7 Nov 2017 20:42:43 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx-fra.brokers.link38.eu (Postfix) with ESMTPSA id F192E9F200 for <development@lists.ipfire.org>; Tue, 7 Nov 2017 20:42:42 +0100 (CET) Date: Tue, 7 Nov 2017 20:42:42 +0100 From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu> To: "development@lists.ipfire.org" <development@lists.ipfire.org> Subject: [PATCH] display GeoIP information on active network connections in WebUI Message-ID: <20171107204242.15257272.peter.mueller@link38.eu> Organization: Link38 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
display GeoIP information on active network connections in WebUI
|
|
Commit Message
Peter Müller
Nov. 8, 2017, 6:42 a.m. UTC
Display the GeoIP flag for source and destination IP address
on the connection tracking table in WebUI.
This could possibly make network or firewall rule debugging easier.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
html/cgi-bin/connections.cgi | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
Comments
Basically this patch looks simple and good to me. But since we are using the perl module quite a bit, could we not put those few lines into a function so that if we need to change anything we do that everywhere at once? And secondly, I have some systems that have thousands of open connections very often to the same IP addresses. Could we not add a caching layer so that this isn't being looked up multiple times for the same IP address if that is an expensive operation? -Michael On Tue, 2017-11-07 at 20:42 +0100, Peter Müller wrote: > Display the GeoIP flag for source and destination IP address > on the connection tracking table in WebUI. > > This could possibly make network or firewall rule debugging easier. > > Signed-off-by: Peter Müller <peter.mueller@link38.eu> > --- > html/cgi-bin/connections.cgi | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+) > > diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi > index 96f09012b..06dc74877 100644 > --- a/html/cgi-bin/connections.cgi > +++ b/html/cgi-bin/connections.cgi > @@ -23,6 +23,7 @@ use strict; > > use Net::IPv4Addr qw( :all ); > use Switch; > +use Geo::IP::PurePerl; > > # enable only the following on debugging purpose > #use warnings; > @@ -31,6 +32,7 @@ use Switch; > require '/var/ipfire/general-functions.pl'; > require "${General::swroot}/lang.pl"; > require "${General::swroot}/header.pl"; > +require "${General::swroot}/geoip-functions.pl"; > > my $colour_multicast = "#A0A0A0"; > > @@ -372,6 +374,7 @@ print <<END; > <a href="?sort_field=5&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > <a href="?sort_field=5&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > </th> > + <th> </th> > <th style='text-align:center' colspan='2'> > <a href="?sort_field=1&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > <a href="?sort_field=1&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > @@ -386,6 +389,7 @@ print <<END; > <a href="?sort_field=4&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > <a href="?sort_field=4&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > </th> > + <th> </th> > <th style='text-align:center'> > <a href="?sort_field=8&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > <a href="?sort_field=8&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > @@ -409,10 +413,16 @@ print <<END; > <th style='text-align:center' colspan='2'> > $Lang::tr{'source ip and port'} > </th> > + <th style='text-align:center'> > + $Lang::tr{'country'} > + </th> > <th style='text-align:center' colspan='2'> > $Lang::tr{'dest ip and port'} > </th> > <th style='text-align:center'> > + $Lang::tr{'country'} > + </th> > + <th style='text-align:center'> > $Lang::tr{'download'} / > <br>$Lang::tr{'upload'} > </th> > @@ -540,6 +550,16 @@ foreach my $line (@conntrack) { > my $bytes_in = format_bytes($bytes[0]); > my $bytes_out = format_bytes($bytes[1]); > > + my $gi1 = Geo::IP::PurePerl->new(); > + my $ccode1 = $gi1->country_code_by_name($sip_ret); > + my $fcode1 = lc($ccode1); > + my $flag_icon1 = &GeoIP::get_flag_icon($fcode1); > + > + my $gi2 = Geo::IP::PurePerl->new(); > + my $ccode2 = $gi2->country_code_by_name($dip_ret); > + my $fcode2 = lc($ccode2); > + my $flag_icon2 = &GeoIP::get_flag_icon($fcode2); > + > # Format TTL > $ttl = format_time($ttl); > > @@ -601,6 +621,9 @@ foreach my $line (@conntrack) { > </a> > $sport_extra > </td> > + <td style='text-align:center; background-color:$sip_colour;'> > + <a href='country.cgi#$fcode1'><img src='$flag_icon1' border='0' align='absmiddle' title='$ccode1'></a> > + </td> > <td style='text-align:center; background-color:$dip_colour;'> > <a href='/cgi-bin/ipinfo.cgi?ip=$dip'> > <span style='color:#FFFFFF;'>$dip</span> > @@ -613,6 +636,9 @@ foreach my $line (@conntrack) { > </a> > $dport_extra > </td> > + <td style='text-align:center; background-color:$dip_colour;'> > + <a href='country.cgi#$fcode2'><img src='$flag_icon2' border='0' align='absmiddle' title='$ccode2'></a> > + </td> > <td style='text-align:center'> > $bytes_in / $bytes_out > </td>
Hello Michael, > Basically this patch looks simple and good to me. Thanks, finally. :-) > > But since we are using the perl module quite a bit, could we not put > those few lines into a function so that if we need to change anything > we do that everywhere at once? > > And secondly, I have some systems that have thousands of open > connections very often to the same IP addresses. Could we not add a > caching layer so that this isn't being looked up multiple times for the > same IP address if that is an expensive operation? Could you (or somebody else) do this, please? I am afraid this is one step to far for me at the moment. Thanks and best regards, Peter Müller > > -Michael > > On Tue, 2017-11-07 at 20:42 +0100, Peter Müller wrote: > > Display the GeoIP flag for source and destination IP address > > on the connection tracking table in WebUI. > > > > This could possibly make network or firewall rule debugging easier. > > > > Signed-off-by: Peter Müller <peter.mueller@link38.eu> > > --- > > html/cgi-bin/connections.cgi | 26 ++++++++++++++++++++++++++ > > 1 file changed, 26 insertions(+) > > > > diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi > > index 96f09012b..06dc74877 100644 > > --- a/html/cgi-bin/connections.cgi > > +++ b/html/cgi-bin/connections.cgi > > @@ -23,6 +23,7 @@ use strict; > > > > use Net::IPv4Addr qw( :all ); > > use Switch; > > +use Geo::IP::PurePerl; > > > > # enable only the following on debugging purpose > > #use warnings; > > @@ -31,6 +32,7 @@ use Switch; > > require '/var/ipfire/general-functions.pl'; > > require "${General::swroot}/lang.pl"; > > require "${General::swroot}/header.pl"; > > +require "${General::swroot}/geoip-functions.pl"; > > > > my $colour_multicast = "#A0A0A0"; > > > > @@ -372,6 +374,7 @@ print <<END; > > <a href="?sort_field=5&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > <a href="?sort_field=5&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > </th> > > + <th> </th> > > <th style='text-align:center' colspan='2'> > > <a href="?sort_field=1&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > <a href="?sort_field=1&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > @@ -386,6 +389,7 @@ print <<END; > > <a href="?sort_field=4&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > <a href="?sort_field=4&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > </th> > > + <th> </th> > > <th style='text-align:center'> > > <a href="?sort_field=8&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > <a href="?sort_field=8&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > @@ -409,10 +413,16 @@ print <<END; > > <th style='text-align:center' colspan='2'> > > $Lang::tr{'source ip and port'} > > </th> > > + <th style='text-align:center'> > > + $Lang::tr{'country'} > > + </th> > > <th style='text-align:center' colspan='2'> > > $Lang::tr{'dest ip and port'} > > </th> > > <th style='text-align:center'> > > + $Lang::tr{'country'} > > + </th> > > + <th style='text-align:center'> > > $Lang::tr{'download'} / > > <br>$Lang::tr{'upload'} > > </th> > > @@ -540,6 +550,16 @@ foreach my $line (@conntrack) { > > my $bytes_in = format_bytes($bytes[0]); > > my $bytes_out = format_bytes($bytes[1]); > > > > + my $gi1 = Geo::IP::PurePerl->new(); > > + my $ccode1 = $gi1->country_code_by_name($sip_ret); > > + my $fcode1 = lc($ccode1); > > + my $flag_icon1 = &GeoIP::get_flag_icon($fcode1); > > + > > + my $gi2 = Geo::IP::PurePerl->new(); > > + my $ccode2 = $gi2->country_code_by_name($dip_ret); > > + my $fcode2 = lc($ccode2); > > + my $flag_icon2 = &GeoIP::get_flag_icon($fcode2); > > + > > # Format TTL > > $ttl = format_time($ttl); > > > > @@ -601,6 +621,9 @@ foreach my $line (@conntrack) { > > </a> > > $sport_extra > > </td> > > + <td style='text-align:center; background-color:$sip_colour;'> > > + <a href='country.cgi#$fcode1'><img src='$flag_icon1' border='0' align='absmiddle' title='$ccode1'></a> > > + </td> > > <td style='text-align:center; background-color:$dip_colour;'> > > <a href='/cgi-bin/ipinfo.cgi?ip=$dip'> > > <span style='color:#FFFFFF;'>$dip</span> > > @@ -613,6 +636,9 @@ foreach my $line (@conntrack) { > > </a> > > $dport_extra > > </td> > > + <td style='text-align:center; background-color:$dip_colour;'> > > + <a href='country.cgi#$fcode2'><img src='$flag_icon2' border='0' align='absmiddle' title='$ccode2'></a> > > + </td> > > <td style='text-align:center'> > > $bytes_in / $bytes_out > > </td>
Hi, I just posted a patch that does this. Please have a look at it. Best, -Michael On Wed, 2017-11-08 at 22:52 +0100, Peter Müller wrote: > Hello Michael, > > > Basically this patch looks simple and good to me. > > Thanks, finally. :-) > > > > But since we are using the perl module quite a bit, could we not put > > those few lines into a function so that if we need to change anything > > we do that everywhere at once? > > > > And secondly, I have some systems that have thousands of open > > connections very often to the same IP addresses. Could we not add a > > caching layer so that this isn't being looked up multiple times for the > > same IP address if that is an expensive operation? > > Could you (or somebody else) do this, please? I am afraid this is > one step to far for me at the moment. > > Thanks and best regards, > Peter Müller > > > > -Michael > > > > On Tue, 2017-11-07 at 20:42 +0100, Peter Müller wrote: > > > Display the GeoIP flag for source and destination IP address > > > on the connection tracking table in WebUI. > > > > > > This could possibly make network or firewall rule debugging easier. > > > > > > Signed-off-by: Peter Müller <peter.mueller@link38.eu> > > > --- > > > html/cgi-bin/connections.cgi | 26 ++++++++++++++++++++++++++ > > > 1 file changed, 26 insertions(+) > > > > > > diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi > > > index 96f09012b..06dc74877 100644 > > > --- a/html/cgi-bin/connections.cgi > > > +++ b/html/cgi-bin/connections.cgi > > > @@ -23,6 +23,7 @@ use strict; > > > > > > use Net::IPv4Addr qw( :all ); > > > use Switch; > > > +use Geo::IP::PurePerl; > > > > > > # enable only the following on debugging purpose > > > #use warnings; > > > @@ -31,6 +32,7 @@ use Switch; > > > require '/var/ipfire/general-functions.pl'; > > > require "${General::swroot}/lang.pl"; > > > require "${General::swroot}/header.pl"; > > > +require "${General::swroot}/geoip-functions.pl"; > > > > > > my $colour_multicast = "#A0A0A0"; > > > > > > @@ -372,6 +374,7 @@ print <<END; > > > <a href="?sort_field=5&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > <a href="?sort_field=5&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > </th> > > > + <th> </th> > > > <th style='text-align:center' colspan='2'> > > > <a href="?sort_field=1&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > <a href="?sort_field=1&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > @@ -386,6 +389,7 @@ print <<END; > > > <a href="?sort_field=4&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > <a href="?sort_field=4&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > </th> > > > + <th> </th> > > > <th style='text-align:center'> > > > <a href="?sort_field=8&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > <a href="?sort_field=8&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > @@ -409,10 +413,16 @@ print <<END; > > > <th style='text-align:center' colspan='2'> > > > $Lang::tr{'source ip and port'} > > > </th> > > > + <th style='text-align:center'> > > > + $Lang::tr{'country'} > > > + </th> > > > <th style='text-align:center' colspan='2'> > > > $Lang::tr{'dest ip and port'} > > > </th> > > > <th style='text-align:center'> > > > + $Lang::tr{'country'} > > > + </th> > > > + <th style='text-align:center'> > > > $Lang::tr{'download'} / > > > <br>$Lang::tr{'upload'} > > > </th> > > > @@ -540,6 +550,16 @@ foreach my $line (@conntrack) { > > > my $bytes_in = format_bytes($bytes[0]); > > > my $bytes_out = format_bytes($bytes[1]); > > > > > > + my $gi1 = Geo::IP::PurePerl->new(); > > > + my $ccode1 = $gi1->country_code_by_name($sip_ret); > > > + my $fcode1 = lc($ccode1); > > > + my $flag_icon1 = &GeoIP::get_flag_icon($fcode1); > > > + > > > + my $gi2 = Geo::IP::PurePerl->new(); > > > + my $ccode2 = $gi2->country_code_by_name($dip_ret); > > > + my $fcode2 = lc($ccode2); > > > + my $flag_icon2 = &GeoIP::get_flag_icon($fcode2); > > > + > > > # Format TTL > > > $ttl = format_time($ttl); > > > > > > @@ -601,6 +621,9 @@ foreach my $line (@conntrack) { > > > </a> > > > $sport_extra > > > </td> > > > + <td style='text-align:center; background-color:$sip_colour;'> > > > + <a href='country.cgi#$fcode1'><img src='$flag_icon1' border='0' align='absmiddle' title='$ccode1'></a> > > > + </td> > > > <td style='text-align:center; background-color:$dip_colour;'> > > > <a href='/cgi-bin/ipinfo.cgi?ip=$dip'> > > > <span style='color:#FFFFFF;'>$dip</span> > > > @@ -613,6 +636,9 @@ foreach my $line (@conntrack) { > > > </a> > > > $dport_extra > > > </td> > > > + <td style='text-align:center; background-color:$dip_colour;'> > > > + <a href='country.cgi#$fcode2'><img src='$flag_icon2' border='0' align='absmiddle' title='$ccode2'></a> > > > + </td> > > > <td style='text-align:center'> > > > $bytes_in / $bytes_out > > > </td> > >
Hello Michael, the patches look good. Thanks for working on this. However, I think for simple sites such as the DNS server list or ipinfo.cgi, where we have only 1 or 2 queries, we do not need to load the complete database to RAM. Best regards, Peter Müller > Hi, > > I just posted a patch that does this. > > Please have a look at it. > > Best, > -Michael > > On Wed, 2017-11-08 at 22:52 +0100, Peter Müller wrote: > > Hello Michael, > > > > > Basically this patch looks simple and good to me. > > > > Thanks, finally. :-) > > > > > > But since we are using the perl module quite a bit, could we not put > > > those few lines into a function so that if we need to change anything > > > we do that everywhere at once? > > > > > > And secondly, I have some systems that have thousands of open > > > connections very often to the same IP addresses. Could we not add a > > > caching layer so that this isn't being looked up multiple times for the > > > same IP address if that is an expensive operation? > > > > Could you (or somebody else) do this, please? I am afraid this is > > one step to far for me at the moment. > > > > Thanks and best regards, > > Peter Müller > > > > > > -Michael > > > > > > On Tue, 2017-11-07 at 20:42 +0100, Peter Müller wrote: > > > > Display the GeoIP flag for source and destination IP address > > > > on the connection tracking table in WebUI. > > > > > > > > This could possibly make network or firewall rule debugging easier. > > > > > > > > Signed-off-by: Peter Müller <peter.mueller@link38.eu> > > > > --- > > > > html/cgi-bin/connections.cgi | 26 ++++++++++++++++++++++++++ > > > > 1 file changed, 26 insertions(+) > > > > > > > > diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi > > > > index 96f09012b..06dc74877 100644 > > > > --- a/html/cgi-bin/connections.cgi > > > > +++ b/html/cgi-bin/connections.cgi > > > > @@ -23,6 +23,7 @@ use strict; > > > > > > > > use Net::IPv4Addr qw( :all ); > > > > use Switch; > > > > +use Geo::IP::PurePerl; > > > > > > > > # enable only the following on debugging purpose > > > > #use warnings; > > > > @@ -31,6 +32,7 @@ use Switch; > > > > require '/var/ipfire/general-functions.pl'; > > > > require "${General::swroot}/lang.pl"; > > > > require "${General::swroot}/header.pl"; > > > > +require "${General::swroot}/geoip-functions.pl"; > > > > > > > > my $colour_multicast = "#A0A0A0"; > > > > > > > > @@ -372,6 +374,7 @@ print <<END; > > > > <a href="?sort_field=5&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > > <a href="?sort_field=5&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > > </th> > > > > + <th> </th> > > > > <th style='text-align:center' colspan='2'> > > > > <a href="?sort_field=1&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > > <a href="?sort_field=1&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > > @@ -386,6 +389,7 @@ print <<END; > > > > <a href="?sort_field=4&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > > <a href="?sort_field=4&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > > </th> > > > > + <th> </th> > > > > <th style='text-align:center'> > > > > <a href="?sort_field=8&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > > <a href="?sort_field=8&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > > @@ -409,10 +413,16 @@ print <<END; > > > > <th style='text-align:center' colspan='2'> > > > > $Lang::tr{'source ip and port'} > > > > </th> > > > > + <th style='text-align:center'> > > > > + $Lang::tr{'country'} > > > > + </th> > > > > <th style='text-align:center' colspan='2'> > > > > $Lang::tr{'dest ip and port'} > > > > </th> > > > > <th style='text-align:center'> > > > > + $Lang::tr{'country'} > > > > + </th> > > > > + <th style='text-align:center'> > > > > $Lang::tr{'download'} / > > > > <br>$Lang::tr{'upload'} > > > > </th> > > > > @@ -540,6 +550,16 @@ foreach my $line (@conntrack) { > > > > my $bytes_in = format_bytes($bytes[0]); > > > > my $bytes_out = format_bytes($bytes[1]); > > > > > > > > + my $gi1 = Geo::IP::PurePerl->new(); > > > > + my $ccode1 = $gi1->country_code_by_name($sip_ret); > > > > + my $fcode1 = lc($ccode1); > > > > + my $flag_icon1 = &GeoIP::get_flag_icon($fcode1); > > > > + > > > > + my $gi2 = Geo::IP::PurePerl->new(); > > > > + my $ccode2 = $gi2->country_code_by_name($dip_ret); > > > > + my $fcode2 = lc($ccode2); > > > > + my $flag_icon2 = &GeoIP::get_flag_icon($fcode2); > > > > + > > > > # Format TTL > > > > $ttl = format_time($ttl); > > > > > > > > @@ -601,6 +621,9 @@ foreach my $line (@conntrack) { > > > > </a> > > > > $sport_extra > > > > </td> > > > > + <td style='text-align:center; background-color:$sip_colour;'> > > > > + <a href='country.cgi#$fcode1'><img src='$flag_icon1' border='0' align='absmiddle' title='$ccode1'></a> > > > > + </td> > > > > <td style='text-align:center; background-color:$dip_colour;'> > > > > <a href='/cgi-bin/ipinfo.cgi?ip=$dip'> > > > > <span style='color:#FFFFFF;'>$dip</span> > > > > @@ -613,6 +636,9 @@ foreach my $line (@conntrack) { > > > > </a> > > > > $dport_extra > > > > </td> > > > > + <td style='text-align:center; background-color:$dip_colour;'> > > > > + <a href='country.cgi#$fcode2'><img src='$flag_icon2' border='0' align='absmiddle' title='$ccode2'></a> > > > > + </td> > > > > <td style='text-align:center'> > > > > $bytes_in / $bytes_out > > > > </td> > > > >
Hi, I think that still makes sense since we have very short-running scripts here and the database uses 1.1 MB of space on disk. So lets assume we have a lot of overhead when we load it into memory, it might be up to 2MB which is totally fine with me. Can you send an email with a Reviewed-by or Tested-by tag? Which ever is suitable for what you did. -Michael On Sat, 2017-11-11 at 21:30 +0100, Peter Müller wrote: > Hello Michael, > > the patches look good. > > Thanks for working on this. > > However, I think for simple sites such as the DNS server list > or ipinfo.cgi, where we have only 1 or 2 queries, we do not need > to load the complete database to RAM. > > Best regards, > Peter Müller > > > Hi, > > > > I just posted a patch that does this. > > > > Please have a look at it. > > > > Best, > > -Michael > > > > On Wed, 2017-11-08 at 22:52 +0100, Peter Müller wrote: > > > Hello Michael, > > > > > > > Basically this patch looks simple and good to me. > > > > > > Thanks, finally. :-) > > > > > > > > But since we are using the perl module quite a bit, could we not put > > > > those few lines into a function so that if we need to change anything > > > > we do that everywhere at once? > > > > > > > > And secondly, I have some systems that have thousands of open > > > > connections very often to the same IP addresses. Could we not add a > > > > caching layer so that this isn't being looked up multiple times for the > > > > same IP address if that is an expensive operation? > > > > > > Could you (or somebody else) do this, please? I am afraid this is > > > one step to far for me at the moment. > > > > > > Thanks and best regards, > > > Peter Müller > > > > > > > > -Michael > > > > > > > > On Tue, 2017-11-07 at 20:42 +0100, Peter Müller wrote: > > > > > Display the GeoIP flag for source and destination IP address > > > > > on the connection tracking table in WebUI. > > > > > > > > > > This could possibly make network or firewall rule debugging easier. > > > > > > > > > > Signed-off-by: Peter Müller <peter.mueller@link38.eu> > > > > > --- > > > > > html/cgi-bin/connections.cgi | 26 ++++++++++++++++++++++++++ > > > > > 1 file changed, 26 insertions(+) > > > > > > > > > > diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi > > > > > index 96f09012b..06dc74877 100644 > > > > > --- a/html/cgi-bin/connections.cgi > > > > > +++ b/html/cgi-bin/connections.cgi > > > > > @@ -23,6 +23,7 @@ use strict; > > > > > > > > > > use Net::IPv4Addr qw( :all ); > > > > > use Switch; > > > > > +use Geo::IP::PurePerl; > > > > > > > > > > # enable only the following on debugging purpose > > > > > #use warnings; > > > > > @@ -31,6 +32,7 @@ use Switch; > > > > > require '/var/ipfire/general-functions.pl'; > > > > > require "${General::swroot}/lang.pl"; > > > > > require "${General::swroot}/header.pl"; > > > > > +require "${General::swroot}/geoip-functions.pl"; > > > > > > > > > > my $colour_multicast = "#A0A0A0"; > > > > > > > > > > @@ -372,6 +374,7 @@ print <<END; > > > > > <a href="?sort_field=5&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > > > <a href="?sort_field=5&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > > > </th> > > > > > + <th> </th> > > > > > <th style='text-align:center' colspan='2'> > > > > > <a href="?sort_field=1&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > > > <a href="?sort_field=1&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > > > @@ -386,6 +389,7 @@ print <<END; > > > > > <a href="?sort_field=4&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > > > <a href="?sort_field=4&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > > > </th> > > > > > + <th> </th> > > > > > <th style='text-align:center'> > > > > > <a href="?sort_field=8&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> > > > > > <a href="?sort_field=8&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> > > > > > @@ -409,10 +413,16 @@ print <<END; > > > > > <th style='text-align:center' colspan='2'> > > > > > $Lang::tr{'source ip and port'} > > > > > </th> > > > > > + <th style='text-align:center'> > > > > > + $Lang::tr{'country'} > > > > > + </th> > > > > > <th style='text-align:center' colspan='2'> > > > > > $Lang::tr{'dest ip and port'} > > > > > </th> > > > > > <th style='text-align:center'> > > > > > + $Lang::tr{'country'} > > > > > + </th> > > > > > + <th style='text-align:center'> > > > > > $Lang::tr{'download'} / > > > > > <br>$Lang::tr{'upload'} > > > > > </th> > > > > > @@ -540,6 +550,16 @@ foreach my $line (@conntrack) { > > > > > my $bytes_in = format_bytes($bytes[0]); > > > > > my $bytes_out = format_bytes($bytes[1]); > > > > > > > > > > + my $gi1 = Geo::IP::PurePerl->new(); > > > > > + my $ccode1 = $gi1->country_code_by_name($sip_ret); > > > > > + my $fcode1 = lc($ccode1); > > > > > + my $flag_icon1 = &GeoIP::get_flag_icon($fcode1); > > > > > + > > > > > + my $gi2 = Geo::IP::PurePerl->new(); > > > > > + my $ccode2 = $gi2->country_code_by_name($dip_ret); > > > > > + my $fcode2 = lc($ccode2); > > > > > + my $flag_icon2 = &GeoIP::get_flag_icon($fcode2); > > > > > + > > > > > # Format TTL > > > > > $ttl = format_time($ttl); > > > > > > > > > > @@ -601,6 +621,9 @@ foreach my $line (@conntrack) { > > > > > </a> > > > > > $sport_extra > > > > > </td> > > > > > + <td style='text-align:center; background-color:$sip_colour;'> > > > > > + <a href='country.cgi#$fcode1'><img src='$flag_icon1' border='0' align='absmiddle' title='$ccode1'></a> > > > > > + </td> > > > > > <td style='text-align:center; background-color:$dip_colour;'> > > > > > <a href='/cgi-bin/ipinfo.cgi?ip=$dip'> > > > > > <span style='color:#FFFFFF;'>$dip</span> > > > > > @@ -613,6 +636,9 @@ foreach my $line (@conntrack) { > > > > > </a> > > > > > $dport_extra > > > > > </td> > > > > > + <td style='text-align:center; background-color:$dip_colour;'> > > > > > + <a href='country.cgi#$fcode2'><img src='$flag_icon2' border='0' align='absmiddle' title='$ccode2'></a> > > > > > + </td> > > > > > <td style='text-align:center'> > > > > > $bytes_in / $bytes_out > > > > > </td> > > > > > > > >
diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index 96f09012b..06dc74877 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -23,6 +23,7 @@ use strict; use Net::IPv4Addr qw( :all ); use Switch; +use Geo::IP::PurePerl; # enable only the following on debugging purpose #use warnings; @@ -31,6 +32,7 @@ use Switch; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +require "${General::swroot}/geoip-functions.pl"; my $colour_multicast = "#A0A0A0"; @@ -372,6 +374,7 @@ print <<END; <a href="?sort_field=5&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> <a href="?sort_field=5&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> </th> + <th> </th> <th style='text-align:center' colspan='2'> <a href="?sort_field=1&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> <a href="?sort_field=1&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> @@ -386,6 +389,7 @@ print <<END; <a href="?sort_field=4&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> <a href="?sort_field=4&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> </th> + <th> </th> <th style='text-align:center'> <a href="?sort_field=8&sort_order=d"><img style="width:10px" src="/images/up.gif" alt=""></a> <a href="?sort_field=8&sort_order=a"><img style="width:10px" src="/images/down.gif" alt=""></a> @@ -409,10 +413,16 @@ print <<END; <th style='text-align:center' colspan='2'> $Lang::tr{'source ip and port'} </th> + <th style='text-align:center'> + $Lang::tr{'country'} + </th> <th style='text-align:center' colspan='2'> $Lang::tr{'dest ip and port'} </th> <th style='text-align:center'> + $Lang::tr{'country'} + </th> + <th style='text-align:center'> $Lang::tr{'download'} / <br>$Lang::tr{'upload'} </th> @@ -540,6 +550,16 @@ foreach my $line (@conntrack) { my $bytes_in = format_bytes($bytes[0]); my $bytes_out = format_bytes($bytes[1]); + my $gi1 = Geo::IP::PurePerl->new(); + my $ccode1 = $gi1->country_code_by_name($sip_ret); + my $fcode1 = lc($ccode1); + my $flag_icon1 = &GeoIP::get_flag_icon($fcode1); + + my $gi2 = Geo::IP::PurePerl->new(); + my $ccode2 = $gi2->country_code_by_name($dip_ret); + my $fcode2 = lc($ccode2); + my $flag_icon2 = &GeoIP::get_flag_icon($fcode2); + # Format TTL $ttl = format_time($ttl); @@ -601,6 +621,9 @@ foreach my $line (@conntrack) { </a> $sport_extra </td> + <td style='text-align:center; background-color:$sip_colour;'> + <a href='country.cgi#$fcode1'><img src='$flag_icon1' border='0' align='absmiddle' title='$ccode1'></a> + </td> <td style='text-align:center; background-color:$dip_colour;'> <a href='/cgi-bin/ipinfo.cgi?ip=$dip'> <span style='color:#FFFFFF;'>$dip</span> @@ -613,6 +636,9 @@ foreach my $line (@conntrack) { </a> $dport_extra </td> + <td style='text-align:center; background-color:$dip_colour;'> + <a href='country.cgi#$fcode2'><img src='$flag_icon2' border='0' align='absmiddle' title='$ccode2'></a> + </td> <td style='text-align:center'> $bytes_in / $bytes_out </td>