[1/5] Enable correct display of ipv6 entries in Firewall log pages of web UI
Message ID | 5692963D.7020607@eitelwein.net |
---|---|
State | Dropped |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.tremer.info [172.28.1.200]) by septima.ipfire.org (Postfix) with ESMTP id 5923C612C4 for <patchwork@ipfire.org>; Sun, 10 Jan 2016 18:35:04 +0100 (CET) Received: from hedwig.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 0A0C6ABB; Sun, 10 Jan 2016 18:35:04 +0100 (CET) Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=82.98.82.95; helo=outgoing.selfhost.de; envelope-from=michael@eitelwein.net; receiver=development@lists.ipfire.org Received: from outgoing.selfhost.de (out.selfhost.de [82.98.82.95]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPS id 9DFBCA05 for <development@lists.ipfire.org>; Sun, 10 Jan 2016 18:34:57 +0100 (CET) Received: (qmail 11033 invoked from network); 10 Jan 2016 17:34:56 -0000 Received: from unknown (HELO mail.eitelwein.net) (postmaster@bncmfdox.mail.selfhost.de@91.16.28.51) by mailout.selfhost.de with ESMTPA; 10 Jan 2016 17:34:56 -0000 Received: from localhost (smtp.eitelwein.net [IPv6:2001:4dd0:ff00:89e5::208]) by mail.eitelwein.net (Postfix) with ESMTP id 994AE21F; Sun, 10 Jan 2016 18:34:53 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at eitelwein.net Received: from mail.eitelwein.net ([192.168.123.208]) by localhost (vscan.eitelwein.net [192.168.123.208]) (amavisd-new, port 10024) with ESMTP id EkOL8eCwf-xQ; Sun, 10 Jan 2016 18:34:53 +0100 (CET) Received: from [IPv6:2001:4dd0:ff00:89e5:58bd:f3ea:398b:4cbd] (unknown [IPv6:2001:4dd0:ff00:89e5:58bd:f3ea:398b:4cbd]) by mail.eitelwein.net (Postfix) with ESMTPSA id 38CF17E; Sun, 10 Jan 2016 18:34:53 +0100 (CET) To: IPFire Development List <development@lists.ipfire.org> From: Michael Eitelwein <michael@eitelwein.net> Subject: [PATCH 1/5] Enable correct display of ipv6 entries in Firewall log pages of web UI Message-ID: <5692963D.7020607@eitelwein.net> Date: Sun, 10 Jan 2016 18:34:53 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Message
Michael Eitelwein
Jan. 11, 2016, 4:34 a.m. UTC
3 main changes:
- Fill $iface and $out from PHYSIN and PHYSOUT when looking at bridged packets, othewerwise fill from IN and OUT
- Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr
- Match color coding of tables to pie charts
I am using the bridged ipv6 setup as proposed in the wiki. I do not think this breaks anything when not using ipv6. So it would be nice to include this even if ipv6 is not officially supported yet. It is quite useful when using the ipv6 setup.
Signed-off-by: Michael Eitelwein <michael@eitelwein.net>
---
html/cgi-bin/logs.cgi/firewalllog.dat | 14 ++--
html/cgi-bin/logs.cgi/firewalllogcountry.dat | 43 ++++++++-----
html/cgi-bin/logs.cgi/firewalllogip.dat | 15 ++---
html/cgi-bin/logs.cgi/firewalllogport.dat | 12 ++--
html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 81 +++++++++++++++++-------
html/cgi-bin/logs.cgi/showrequestfromip.dat | 27 ++++----
html/cgi-bin/logs.cgi/showrequestfromport.dat | 14 ++--
7 files changed, 131 insertions(+), 75 deletions(-)
Comments
Hi, did you work out what the issue was with these emails? Best, -Michael On Sun, 2016-01-10 at 18:34 +0100, Michael Eitelwein wrote: > 3 main changes: > - Fill $iface and $out from PHYSIN and PHYSOUT when looking at > bridged packets, othewerwise fill from IN and OUT > - Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr > - Match color coding of tables to pie charts > > I am using the bridged ipv6 setup as proposed in the wiki. I do not > think this breaks anything when not using ipv6. So it would be nice > to include this even if ipv6 is not officially supported yet. It is > quite useful when using the ipv6 setup. > > Signed-off-by: Michael Eitelwein <michael@eitelwein.net> > > --- > html/cgi-bin/logs.cgi/firewalllog.dat | 14 ++-- > html/cgi-bin/logs.cgi/firewalllogcountry.dat | 43 ++++++++----- > html/cgi-bin/logs.cgi/firewalllogip.dat | 15 ++--- > html/cgi-bin/logs.cgi/firewalllogport.dat | 12 ++-- > html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 81 > +++++++++++++++++------- > html/cgi-bin/logs.cgi/showrequestfromip.dat | 27 ++++---- > html/cgi-bin/logs.cgi/showrequestfromport.dat | 14 ++-- > 7 files changed, 131 insertions(+), 75 deletions(-) > > diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi > -bin/logs.cgi/firewalllog.dat > index 5a584d6..42c9612 100644 > --- a/html/cgi-bin/logs.cgi/firewalllog.dat > +++ b/html/cgi-bin/logs.cgi/firewalllog.dat > @@ -328,7 +328,10 @@ END > $lines = 0; > foreach $_ (@log) > { > - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > + # If ipv6 uses a bridge, PHYSIN= contains the relevant iface > information > + # otherwise use IN= > + if ($_ =~ /^... (..) (..:..:..) [\w\-]+ > kernel:(.*)(PHYSIN=.*)$/) {} > + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ > kernel:(.*)(IN=.*)$/) {} > my $day = $1; > $day =~ tr / /0/; > my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; > @@ -336,9 +339,12 @@ foreach $_ (@log) > my $packet = $4; > > my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, > $dstport); > - $iface=$1 if $packet =~ /IN=(\w+)/; > - $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/; > - $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/; > + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif ($packet > =~ /IN=(\w+)/) { $iface = $1} > + # Identify whether ipv4 or ipv6. Both are mutally exclusive. > + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { > $srcaddr=$1 } > + if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA > -F]{0,4})){2,7})/) { $srcaddr=$1 } > + if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { > $dstaddr=$1 } > + if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA > -F]{0,4})){2,7})/) { $dstaddr=$1 } > $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/; > $proto=$1 if $packet =~ /PROTO=(\w+)/; > $srcport=$1 if $packet =~ /SPT=(\d+)/; > diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi > -bin/logs.cgi/firewalllogcountry.dat > index f998a62..2661ddd 100644 > --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat > +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat > @@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} != > 0){$pienumber=$cgiparams{'pienumber'};} > if( $cgiparams{'otherspie'} != > 0){$otherspie=$cgiparams{'otherspie'};} > if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};} > if( $cgiparams{'sortcolumn'} != > 0){$sortcolumn=$cgiparams{'sortcolumn'};} > - > print <<END > </select> > </td> > @@ -294,15 +293,24 @@ $lines = 0; > > foreach $_ (@log) > { > - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > + # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN > + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} > + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} > my $packet = $4; > - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ > $iface="";} > - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; > + my $iface = ''; > + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ > /IN=(\w+)/) { $iface = $1 } > + if ( $1 =~ /2./ ) { $iface=''; } > + my $srcaddr = ''; > + # Find ipv4 and ipv6 addresses > + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr > = $1 } > + elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA > -F]{0,4})){2,7})/) { $srcaddr = $1 } > > if($iface eq $red_interface) { > + # Traffic from red > if($srcaddr ne '') { > + # srcaddr is set > my $ccode = $gi->country_code_by_name($srcaddr); > - if( $ccode eq '') { > + if ($ccode eq '') { > $ccode = 'unknown'; > } > $tabjc{$ccode} = $tabjc{$ccode} + 1 ; > @@ -311,11 +319,16 @@ foreach $_ (@log) > } > } > else { > + # Traffic not from red > if($iface ne '') { > $tabjc{$iface} = $tabjc{$iface} + 1 ; > if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines > = $lines + 1; } > $linesjc++; > } > + else { > + # What to do with empty iface lines? > + # This probably is traffic from ipfire itself (IN= OUT=XY)? > + } > } > } > > @@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 && > $pienumber != 0) { > print "<img src='/graphs/fwlog-country$imagerandom.png'>"; > print "</div>"; > } > - > print <<END > <table width='100%' class='tbl'> > <tr> > @@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++) > $percent = $value[$s] * 100 / $linesjc; > $percent = sprintf("%.f", $percent); > $total = $total + $value[$s]; > - my $colorIndex = $color % 10; > - if($colorIndex == 0) { > - $colorIndex = 10; > - } > + # colors are numbered 1 to 10 > + my $colorIndex = ($color % 10) + 1; > $col="bgcolor='$color{\"color$colorIndex\"}'"; > $color++; > print "<tr>"; > @@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++) > print"<input type='hidden' name='country' value='$key[$s]'>"; > print"<input type='submit' value='details'></form>"; > } > - > - if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq > 'orange0') { > + elsif ($key[$s] eq 'unknown') { > + print "unknown"; > + } > + # Looks dangerous to use hardcoded interface names here. Probably > needs fixing. > + if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq > 'orange0' ) { > print "<td align='center' $col>$key[$s]</td>"; > } > else { > @@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++) > > if($cgiparams{'otherspie'} == 2 ){} > else{ > - my $colorIndex = $color % 10; > - if($colorIndex == 0) { > - $colorIndex = 10; > - } > + # colors are numbered 1 to 10 > + my $colorIndex = ($color % 10) + 1; > $col="bgcolor='$color{\"color$colorIndex\"}'"; > print "<tr>"; > > diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi > -bin/logs.cgi/firewalllogip.dat > index 7d82d20..6fc3422 100644 > --- a/html/cgi-bin/logs.cgi/firewalllogip.dat > +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat > @@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > $lines || > $sortcolumn == 2) { $pienumber = > $lines = 0; > foreach $_ (@log) > { > - if($_ =~ /SRC\=([\d\.]+)/){ > + # Extract ipv4 or ipv6 address > + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > $tabjc{$1} = $tabjc{$1} + 1 ; > if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = > $lines + 1; } > $linesjc++; > @@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++) > $percent = $value[$s] * 100 / $linesjc; > $percent = sprintf("%.f", $percent); > $total = $total + $value[$s]; > - my $colorIndex = $color % 10; > - if($colorIndex == 0) { > - $colorIndex = 10; > - } > + # colors are numbered 1 to 10 > + my $colorIndex = ($color % 10) + 1; > $col="bgcolor='$color{\"color$colorIndex\"}'"; > print "<tr>"; > > @@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++) > > if($cgiparams{'otherspie'} == 2 ){} > else{ > - my $colorIndex = $color % 10; > - if($colorIndex == 0) { > - $colorIndex = 10; > - } > + # colors are numbered 1 to 10 > + my $colorIndex = ($color % 10) + 1; > $col="bgcolor='$color{\"color$colorIndex\"}'"; > print "<tr>"; > > diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi > -bin/logs.cgi/firewalllogport.dat > index 5b0db62..583c1b3 100644 > --- a/html/cgi-bin/logs.cgi/firewalllogport.dat > +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat > @@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++) > $percent = $value[$s] * 100 / $linesjc; > $percent = sprintf("%.f", $percent); > $total = $total + $value[$s]; > - my $colorIndex = $color % 10; > - if($colorIndex == 0) { > - $colorIndex = 10; > - } > + # colors are numbered 1 to 10 > + my $colorIndex = ($color % 10) + 1; > $col="bgcolor='$color{\"color$colorIndex\"}'"; > print "<tr>"; > > @@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++) > > if($cgiparams{'otherspie'} == 2 ){} > else{ > - my $colorIndex = $color % 10; > - if($colorIndex == 0) { > - $colorIndex = 10; > - } > + # colors are numbered 1 to 10 > + my $colorIndex = ($color % 10) + 1; > $col="bgcolor='$color{\"color$colorIndex\"}'"; > print "<tr>"; > > diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat > b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat > index 5283c42..0784ab9 100644 > --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat > +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat > @@ -158,23 +158,35 @@ if (!$skip) > { > while (<FILE>) > { > - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > kernel:.*(IN=.*)$/) { > - my $packet = $2; > - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ > /2./ ){ $iface="";} > - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; > + # First check whether valid log line (date, day) > + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > kernel:.*(IN=.*)$/) { > + # If ipv6 uses bridge, then use PHYSIN otherwise use IN > + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > kernel:.*(PHYSIN=.*)$/) {} > + elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > kernel:.*(IN=.*)$/) {} > + my $packet = $2; > + my $iface = ''; > + my $srcaddr = ''; > + # If ipv6 uses bridge, use PHYSIN otherwise IN > + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif > ($packet =~ /IN=(\w+)/) { $iface = $1 } > + # Extract ipv4 and ipv6 addresses > + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) > or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA > -F]{0,4})){2,7})/)) { > + $srcaddr = $1 > + }; > > if($iface eq $country) { > + # iface matches country code > $log[$lines] = $_; > $lines++; > } > elsif($srcaddr ne '') { > + # or srcaddr matches country code > my $ccode = $gi->country_code_by_name($srcaddr); > if($ccode eq $country){ > $log[$lines] = $_; > $lines++; > } > } > - } > + } > } > close (FILE); > } > @@ -194,16 +206,28 @@ if ($multifile) { > } > if (!$skip) { > while (<FILE>) { > - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > kernel:.*(IN=.*)$/) { > - if($_ =~ /SRC\=([\d\.]+)/){ > - my $srcaddr=$1; > - my $ccode = $gi->country_code_by_name($srcaddr); > - if($ccode eq $country){ > + # Check if valid log line (date, day) > + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > kernel:.*(IN=.*)$/) { > + my $iface = ''; > + # If ipv6 uses bridge, then use PHYSIN otherwise > IN > + if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif > ($_ =~ /IN=(\w+)/) { $iface = $1 } > + > + if($iface eq $country) { > + # iface matches country code > + $log[$lines] = $_; > + $lines++; > + } > + # extract ipv4 and ipv6 address > + elsif (($_ =~ > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA > -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > + my $srcaddr=$1; > + my $ccode = $gi > ->country_code_by_name($srcaddr); > + if($ccode eq $country){ > + # or srcaddr matches country code > $log[$lines] = $_; > $lines++; > + } > } > - } > - } > + } > } > close (FILE); > } > @@ -308,32 +332,45 @@ $lines = 0; > foreach $_ (@slice) > { > $a = $_; > - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > + # If ipv6 uses bridge, use PHYSIN otherwise use IN > + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} > + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}; > my $packet = $4; > - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ > $iface="";} > - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; > + my $iface = ''; > + # If ipv6 uses bridge, use PHYSIN otherwise use IN > + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ > /IN=(\w+)/) { $iface = $1 } > + if ( $1 =~ /2./ ){ $iface="";} > + my $srcaddr = ''; > + # Extract ipv4 and ipv6 addresses > + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or > ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) > { > + $srcaddr = $1 > + }; > > if($iface eq $country || $srcaddr ne '') { > - my $ccode; > + my $ccode=''; > if($iface ne $country) { > $ccode = $gi->country_code_by_name($srcaddr); > } > if($iface eq $country || $ccode eq $country) { > - my $chain = ''; > + my $chain = ''; > my $in = '-'; my $out = '-'; > my $srcaddr = ''; my $dstaddr = ''; > my $protostr = ''; > my $srcport = ''; my $dstport = ''; > > - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > + # If ipv6 uses bridge, the use PHYSIN otherwise use IN > + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} > + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} > my $timestamp = $1; my $chain = $2; my $packet = $3; > $timestamp =~ /(...) (..) (..:..:..)/; > my $month = $1; my $day = $2; my $time = $3; > > - if ($a =~ /IN\=(\w+)/) { $iface = $1; } > - if ($a =~ /OUT\=(\w+)/) { $out = $1; } > - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } > - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } > + # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use > IN and OUT > + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ > /IN=(\w+)/) { $iface = $1 } > + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ > /OUT=(\w+)/) { $out = $1 } > + # Extract ipv4 and ipv6 addresses > + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = > $1; } > + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ > /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = > $1; } > if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } > my $protostrlc = lc($protostr); > if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } > diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi > -bin/logs.cgi/showrequestfromip.dat > index 09a60b5..94e795c 100644 > --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat > +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat > @@ -155,7 +155,7 @@ if (!$skip) > while (<FILE>) > { > if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > kernel:.*(IN=.*)$/) { > - if($_ =~ /SRC\=([\d\.]+)/){ > + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) > or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > if($1 eq $ip){ > $log[$lines] = $_; > $lines++; > @@ -182,12 +182,12 @@ if ($multifile) { > if (!$skip) { > while (<FILE>) { > if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ > kernel:.*(IN=.*)$/) { > - if($_ =~ /SRC\=([\d\.]+)/){ > - if($1 eq $ip){ > + if (($_ =~ > /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA > -F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > + if($1 eq $ip){ > $log[$lines] = $_; > $lines++; > - } > - } > + } > + } > } > } > close (FILE); > @@ -293,7 +293,8 @@ $lines = 0; > foreach $_ (@slice) > { > $a = $_; > - if($_ =~ /SRC\=([\d\.]+)/){ > + # Check whether valid ipv4 or ipv6 address > + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { > if($1 eq $ip){ > my $chain = ''; > my $in = '-'; my $out = '-'; > @@ -301,15 +302,19 @@ foreach $_ (@slice) > my $protostr = ''; > my $srcport = ''; my $dstport = ''; > > - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN > + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) > {} > + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) > {} > my $timestamp = $1; my $chain = $2; my $packet = $3; > $timestamp =~ /(...) (..) (..:..:..)/; > my $month = $1; my $day = $2; my $time = $3; > > - if ($a =~ /IN\=(\w+)/) { $iface = $1; } > - if ($a =~ /OUT\=(\w+)/) { $out = $1; } > - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } > - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } > + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise > use IN and OUT > + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ > /IN=(\w+)/) { $iface = $1 } > + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ > /OUT=(\w+)/) { $out = $1 } > + # Detect ipv4 and ipv6 addresses > + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = > $1; } > + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ > /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = > $1; } > if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } > my $protostrlc = lc($protostr); > if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } > diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi > -bin/logs.cgi/showrequestfromport.dat > index ad9823c..af7779a 100644 > --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat > +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat > @@ -307,15 +307,19 @@ foreach $_ (@slice) > my $protostr = ''; > my $srcport = ''; my $dstport = ''; > > - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; > + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN > + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} > + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) > {} > my $timestamp = $1; my $chain = $2; my $packet = $3; > $timestamp =~ /(...) (..) (..:..:..)/; > my $month = $1; my $day = $2; my $time = $3; my $iface; > > - if ($a =~ /IN\=(\w+)/) { $iface = $1; } > - if ($a =~ /OUT\=(\w+)/) { $out = $1; } > - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } > - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } > + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise > use IN and OUT > + if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ > /IN\=(\w+)/) { $iface = $1; } > + if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~ > /OUT\=(\w+)/) { $out = $1; } > + # Detect ipv4 and ipv6 addresses > + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ > /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = > $1; } > + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ > /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = > $1; } > if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } > my $protostrlc = lc($protostr); > if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }