From patchwork Sat Mar 22 14:57:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 8547 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZKjN94ms0z3xNC for ; Sat, 22 Mar 2025 15:07:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZKjN73TRNz8vT for ; Sat, 22 Mar 2025 15:07:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZKjN72mb6z333T for ; Sat, 22 Mar 2025 15:07:19 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZKjN42Q3rz32vy for ; Sat, 22 Mar 2025 15:07:16 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZKjN337mWz5Qt; Sat, 22 Mar 2025 15:07:15 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1742656035; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Ikug6UMDdahpgV/aZNLaS+KsNuVL+zd7oicfJfyS6zs=; b=0Wk3O5xMql+W1lTdkfnghbja8AAmGBhoOr+NE7qfINx5xT8U5zcjuhfs8R31WCymvFWZUf 43wPSZEGk6rKJKAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1742656035; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Ikug6UMDdahpgV/aZNLaS+KsNuVL+zd7oicfJfyS6zs=; b=XnKNYSZuwbALuWvntbOwGiGwuu18N7EJykrDbLu1RHUKEPI6MNW2lpK01ag+CB1+K3jKmy S7m5xiZaLCDpKdEWQxeGidjb0XwE29XBGjZCE4Z1A4VrdqDm4Sf5YqH3QYeNiO/WZLKVSL c+DBLpQKcpx16+KfbxwvMp8DiJkA64pDhBxQS70nLkGT/0+Ngw81DU7Mr5UtK4WNIHnY4M AQTqQ/+PiWTrVkhGaopixnuBQkHuqczYhkXEncsd3mqWJuY9zUriqukfxYimN66gXejKl+ suxg6sN6Xt6g2l89gH5cYmaoEp+//vbJ1Zbq7i92fNHZctgXPVip15fD05t7Xw== From: Stefan Schantl To: development@lists.ipfire.org Cc: Stefan Schantl Subject: [PATCH 1/3] general-functions.pl: Add LWP-based flexible downloader function. Date: Sat, 22 Mar 2025 15:57:22 +0100 Message-ID: <20250322145724.4593-1-stefan.schantl@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 This function can be used to grab content and/or store it into files. Signed-off-by: Stefan Schantl --- config/cfgroot/general-functions.pl | 262 ++++++++++++++++++++++++++++ 1 file changed, 262 insertions(+) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 8ba6e3f79..cb8df69c6 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -20,6 +20,23 @@ use IO::Socket; use Net::SSLeay; use Net::IPv4Addr qw(:all); +# Load module to move files. +use File::Copy; + +# Load module to get file stats. +use File::stat; + +# Load module to deal with temporary files. +use File::Temp; + +# Load module to deal with the date formats used by the HTTP protocol. +use HTTP::Date; + +# Load the libwwwperl User Agent module. +use LWP::UserAgent; + +$|=1; # line buffering + $General::version = 'VERSION'; $General::swroot = 'CONFIG_ROOT'; $General::noipprefix = 'noipg-'; @@ -1346,6 +1363,251 @@ sub generateProtoTransHash () { return %protocols; } +# Function to grab a given URL content or to download and store it on disk. +# +# The function requires a configuration hash to be passed. +# +# The following options (hash keys) are supported: +# +# URL -> The URL to the content or file. REQUIRED! +# FILE -> The filename as fullpath where the content/file should be stored on disk. +# ETAGSFILE -> A filename again as fullpath where Etags should be stored and read. +# ETAGPREFIX -> In case a custom etag name should be used, otherwise it defaults to the given URL. +# MAXSIZE -> In bytes until the downloader will abort downloading. (example: 10_485_760 for 10MB) +# +# If a file is given an If-Modified-Since header will be generated from the last modified timestamp +# of an already stored file. In case an Etag file is specified an If-None-Match header will be added to +# the request - Both can be used at the same time. +# +# In case no FILE option has been passed to the function, the content of the requested URL will be returned. +# +# Return codes (if FILE is used): +# +# nothing - On success +# no url - If no URL has been specified. +# not_modified - In case the servers responds with "Not modified" (304) +# dl_error - If the requested URL cannot be accessed. +# incomplete download - In case the size of the local file does not match the remote content_lenght. +# +sub downloader (%) { + my (%args) = @_; + + # Remap args hash and convert all keys into upper case format. + %args = map { uc $_ => $args{$_} } keys %args; + + # The amount of download attempts before giving up and + # logging an error. + my $max_dl_attempts = 3; + + # Temporary directory to download the files. + my $tmp_dl_directory = "/var/tmp"; + + # Assign hash values. + my $url = $args{"URL"} if (exists($args{"URL"})); + my $file = $args{"FILE"} if (exists($args{"FILE"})); + my $etags_file = $args{"ETAGSFILE"} if (exists($args{"ETAGSFILE"})); + my $etagprefix = $url; + $etagprefix = $args{"ETAGPREFIX"} if (exists($args{"ETAGPREFIX"})); + my $max_size = $args{"MAXSIZE"} if (exists($args{"MAXSIZE"})); + + # Abort with error "no url", if no URL has been given. + return "no url" unless ($url); + + my %etags = (); + my $tmpfile; + + # Read-in proxysettings. + my %proxysettings=(); + &readhash("${General::swroot}/proxy/settings", \%proxysettings); + + # Create a user agent instance. + # + # Request SSL hostname verification and specify path + # to the CA file. + my $ua = LWP::UserAgent->new( + ssl_opts => { + SSL_ca_file => '/etc/ssl/cert.pem', + verify_hostname => 1, + }, + ); + + # Set timeout to 10 seconds. + $ua->timeout(10); + + # Assign maximum download size if set. + $ua->max_size($max_size) if ($max_size); + + # Generate UserAgent. + my $agent = &MakeUserAgent(); + + # Set the generated UserAgent. + $ua->agent($agent); + + # Check if an upstream proxy is configured. + if ($proxysettings{'UPSTREAM_PROXY'}) { + my $proxy_url; + + $proxy_url = "http://"; + + # Check if the proxy requires authentication. + if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) { + $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@"; + } + + # Add proxy server address and port. + $proxy_url .= $proxysettings{'UPSTREAM_PROXY'}; + + # Append proxy settings. + $ua->proxy(['http', 'https'], $proxy_url); + } + + # Create a HTTP request element and pass the given URL to it. + my $request = HTTP::Request->new(GET => $url); + + # Check if a file to store the output has been provided. + if ($file) { + # Check if the given file already exits, because it has been downloaded in the past. + # + # In this case we are requesting the server if the remote file has been changed or not. + # This will be done by sending the modification time in a special HTTP header. + if (-f $file) { + # Call stat on the file. + my $stat = stat($file); + + # Omit the mtime of the existing file. + my $mtime = $stat->mtime; + + # Convert the timestamp into right format. + my $http_date = time2str($mtime); + + # Add the If-Modified-Since header to the request to ask the server if the + # file has been modified. + $request->header( 'If-Modified-Since' => "$http_date" ); + } + + # Generate temporary file name, located in the tempoary download directory and with a suffix of ".tmp". + # The downloaded file will be stored there until some sanity checks are performed. + my $tmp = File::Temp->new( SUFFIX => ".tmp", DIR => "$tmp_dl_directory/", UNLINK => 0 ); + $tmpfile = $tmp->filename(); + } + + # Check if an file for etags has been given. + if ($etags_file) { + # Read-in Etags file for known Etags if the file is present. + &readhash("$etags_file", \%etags) if (-f $etags_file); + + # Check if an Etag for the current provider is stored. + if ($etags{$etagprefix}) { + # Grab the stored tag. + my $etag = $etags{$etagprefix}; + + # Add an "If-None-Match header to the request to ask the server if the + # file has been modified. + $request->header( 'If-None-Match' => $etag ); + } + } + + my $dl_attempt = 1; + my $response; + + # Download and retry on failure. + while ($dl_attempt <= $max_dl_attempts) { + # Perform the request and save the output into the tmpfile if requested. + $response = $ua->request($request, $tmpfile); + + # Check if the download was successfull. + if($response->is_success) { + # Break loop. + last; + + # Check if the server responds with 304 (Not Modified). + } elsif ($response->code == 304) { + # Remove temporary file, if one exists. + unlink("$tmpfile") if (-e "$tmpfile"); + + # Return "not modified". + return "not modified"; + + # Check if we ran out of download re-tries. + } elsif ($dl_attempt eq $max_dl_attempts) { + # Obtain error. + my $error = $response->content; + + # Remove temporary file, if one exists. + unlink("$tmpfile") if (-e "$tmpfile"); + + # Return the error message from response.. + return "$error"; + } + + # Remove temporary file, if one exists. + unlink("$tmpfile") if (-e "$tmpfile"); + + # Increase download attempt counter. + $dl_attempt++; + } + + # Obtain the connection headers. + my $headers = $response->headers; + + # Check if an Etag file has been provided. + if ($etags_file) { + # Grab the Etag from the response if the server provides one. + if ($response->header('Etag')) { + # Add the provided Etag to the hash of tags. + $etags{$etagprefix} = $response->header('Etag'); + + # Write the etags file. + &writehash($etags_file, \%etags); + } + } + + # Check if the response should be stored on disk. + if ($file) { + # Get the remote size of the content. + my $remote_size = $response->header('Content-Length'); + + # Perform a stat on the temporary file. + my $stat = stat($tmpfile); + + # Grab the size of the stored temporary file. + my $local_size = $stat->size; + + # Check if both sizes are equal. + if(($remote_size) && ($remote_size ne $local_size)) { + # Delete the temporary file. + unlink("$tmpfile"); + + # Abort and return "incomplete download" as error. + return "incomplete download"; + } + + # Move the temporaray file to the desired file by overwriting a may + # existing one. + move("$tmpfile", "$file"); + + # Omit the timestamp from response header, when the file has been modified the + # last time. + my $last_modified = $headers->last_modified; + + # Check if we got a last-modified value from the server. + if ($last_modified) { + # Assign the last-modified timestamp as mtime to the + # stored file. + utime(time(), "$last_modified", "$file"); + } + + # Delete temporary file. + unlink("$tmpfile"); + + # If we got here, everything worked fine. Return nothing. + return; + } else { + # Decode the response content and return it. + return $response->decoded_content; + } +} + # Cloud Stuff sub running_in_cloud() { From patchwork Sat Mar 22 14:57:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 8546 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZKjN94MFSz3wx3 for ; Sat, 22 Mar 2025 15:07:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZKjN769Yyz8x7 for ; Sat, 22 Mar 2025 15:07:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZKjN75Rwbz333w for ; Sat, 22 Mar 2025 15:07:19 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZKjN45K3Zz333d for ; Sat, 22 Mar 2025 15:07:16 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZKjN41CH8z8v1; Sat, 22 Mar 2025 15:07:16 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1742656036; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IisB0D8FTf25dezAOvb68ggL0CzMBIT5H1U2eTJm9pY=; b=cm/o8cv5mQeI1JE2kdw5wGSPG04WunsmWwuCcYIqMMtyMo69XxhcJpRabB1kVqARIc+GTU 8OWvZo+zbLlhlGCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1742656036; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IisB0D8FTf25dezAOvb68ggL0CzMBIT5H1U2eTJm9pY=; b=M5A8Gvvm+GIWCr2ENF+x/DWEdmRgeJ0GR75L/W01hDkTnzg3e4IkgvnJzOHrNWSmwIY4Un xui9PYusri0kDWqJsVirKRtiaWmOZhBkX+d35NppQOj+9DDbGdDZsxQCbWtKOBZZjKEapm hg9f/6QcoXyo540+F8BfG2SUrF1dFWpfJSrgE7ldj7SefeT8wzUkTyFqrz+3htZ7HcZUHs kZ0WA2ygm+UF53O51t5mlRsp34+ORC9kyCyWQ9GOPqLEND0nTmTHVsFPXpcqKs0U7PLaTW VQJtam2zR4EcBLlCrNRrN6YinLvr6MO+Lx6j6fn8gsdbbVCfz+YuLHKWw6OfNg== From: Stefan Schantl To: development@lists.ipfire.org Cc: Stefan Schantl Subject: [PATCH 2/3] general-functions.pl: Use new downloader for FetchPublicIp function. Date: Sat, 22 Mar 2025 15:57:23 +0100 Message-ID: <20250322145724.4593-2-stefan.schantl@ipfire.org> In-Reply-To: <20250322145724.4593-1-stefan.schantl@ipfire.org> References: <20250322145724.4593-1-stefan.schantl@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 This helps to drop the Net::SSLeay module and to remove a lot of legacy code. Signed-off-by: Stefan Schantl --- config/cfgroot/general-functions.pl | 32 +++++++++++++---------------- 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index cb8df69c6..a132cf315 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -17,7 +17,6 @@ package General; use strict; use Socket; use IO::Socket; -use Net::SSLeay; use Net::IPv4Addr qw(:all); # Load module to move files. @@ -979,23 +978,20 @@ sub findhasharraykey { } sub FetchPublicIp { - my %proxysettings; - &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); - if ($_=$proxysettings{'UPSTREAM_PROXY'}) { - my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); - Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} ); - } - my $user_agent = &MakeUserAgent(); - my ($out, $response) = Net::SSLeay::get_http( 'checkip4.dns.lightningwirelabs.com', - 80, - "/", - Net::SSLeay::make_headers('User-Agent' => $user_agent ) - ); - if ($response =~ m%HTTP/1\.. 200 OK%) { - $out =~ /Your IP address is: (\d+.\d+.\d+.\d+)/; - return $1; - } - return ''; + # URL to grab the public IP. + my $url = "https://checkip4.dns.lightningwirelabs.com"; + + # Call downloader to fetch the public IP. + my $response = &downloader("URL" => $url); + + # Omit the address from the resonse message. + if ($response =~ /Your IP address is: (\d+.\d+.\d+.\d+)/) { + # Return the address. + return $1; + } + + # Unable to grab the address - Return nothing. + return; } # From patchwork Sat Mar 22 14:57:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 8548 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZKjNB4V3Wz3wx3 for ; Sat, 22 Mar 2025 15:07:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZKjN92pL5z8vk for ; Sat, 22 Mar 2025 15:07:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZKjN922R1z3325 for ; Sat, 22 Mar 2025 15:07:21 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZKjN61Hy8z333c for ; Sat, 22 Mar 2025 15:07:18 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZKjN46HDrz8v4; Sat, 22 Mar 2025 15:07:16 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1742656037; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2mSyPNBDFft0vFXamzkEx1xtFGf1qkNVQp+Ty18AARs=; b=+QCzOgMeT8RPhx+nH6bpcDEXrOQXn1+Oy2OMbIHkQ9rDFokGz2qlgna9BjJ7QdqzeBR3Zy n10Lbv05lIGYV8CQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1742656037; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2mSyPNBDFft0vFXamzkEx1xtFGf1qkNVQp+Ty18AARs=; b=l7lFwd/sEqahX38bofe0AyCNWDlQZ3SefBpayN+5qMh9hQiNnAtHltpafBKmnr8j7/x4eC J70foT1+E7xQ/Lfvr6sG8HrKnApYh5IaKcHWglX68yGYPv0ey3EtcomZjU4BnMmtg8COod vACkyVaTulA7O6D3haLmHMA7K5zwcS9oOd8g131UGHbsDtm6SgGwy+6f2P8pWt8YTv4j+0 OKwCmPyMrOKnEd2HYwDu5iFhKBrnmV3xNQxBrMKwSls4iEgfKBArqaItXmvReN2B0Y0tHg GAG9wifpl95HG6vG8r3b8cm9McWqsKVKesvePiZu4rVkCNDER6fH+8IAiZxRaQ== From: Stefan Schantl To: development@lists.ipfire.org Cc: Stefan Schantl Subject: [PATCH 3/3] ids-functions.pl: Use new general downloader function. Date: Sat, 22 Mar 2025 15:57:24 +0100 Message-ID: <20250322145724.4593-3-stefan.schantl@ipfire.org> In-Reply-To: <20250322145724.4593-1-stefan.schantl@ipfire.org> References: <20250322145724.4593-1-stefan.schantl@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Signed-off-by: Stefan Schantl --- config/cfgroot/ids-functions.pl | 196 +++----------------------------- 1 file changed, 17 insertions(+), 179 deletions(-) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 399f5cbf8..9f548e2e7 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -130,9 +130,6 @@ my $suricatactrl = "/usr/local/bin/suricatactrl"; # Prefix for each downloaded ruleset. my $dl_rulesfile_prefix = "idsrules"; -# Temporary directory to download the rules files. -my $tmp_dl_directory = "/var/tmp"; - # Temporary directory where the rulesets will be extracted. my $tmp_directory = "/tmp/ids_tmp"; @@ -299,61 +296,13 @@ sub checkdiskspace () { # ## This function is responsible for downloading the ruleset for a given provider. ## -## * At first it initialize the downloader and sets an upstream proxy if configured. -## * The next step will be to generate the final download url, by obtaining the URL for the desired -## ruleset and add the settings for the upstream proxy. -## * Finally the function will grab the rule file or tarball from the server. -## It tries to reduce the amount of download by using the "If-Modified-Since" HTTP header. -# -## Return codes: -## -## * "no url" - If no download URL could be gathered for the provider. -## * "not modified" - In case the already stored rules file is up to date. -## * "incomplete download" - When the remote file size differs from the downloaded file size. -## * "$error" - The error message generated from the LWP::User Agent module. +## It uses the LWP-based downloader function from the general-functions.pl to +## download the ruleset for a requested provider. # sub downloadruleset ($) { my ($provider) = @_; - # The amount of download attempts before giving up and - # logging an error. - my $max_dl_attempts = 3; - - # Read proxysettings. - my %proxysettings=(); - &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); - - # Init the download module. - # - # Request SSL hostname verification and specify path - # to the CA file. - my $downloader = LWP::UserAgent->new( - ssl_opts => { - SSL_ca_file => '/etc/ssl/cert.pem', - verify_hostname => 1, - } - ); - - # Set timeout to 10 seconds. - $downloader->timeout(10); - - # Check if an upstream proxy is configured. - if ($proxysettings{'UPSTREAM_PROXY'}) { - my $proxy_url; - - $proxy_url = "http://"; - - # Check if the proxy requires authentication. - if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) { - $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@"; - } - - # Add proxy server address and port. - $proxy_url .= $proxysettings{'UPSTREAM_PROXY'}; - - # Setup proxy settings. - $downloader->proxy(['http', 'https'], $proxy_url); - } + my %settings = (); # Grab the download url for the provider. my $url = $IDS::Ruleset::Providers{$provider}{'dl_url'}; @@ -371,141 +320,30 @@ sub downloadruleset ($) { # Abort and return "no url", if no url could be determined for the provider. return "no url" unless ($url); - # Pass the requested URL to the downloader. - my $request = HTTP::Request->new(GET => $url); - - # Generate temporary file name, located in the tempoary download directory and with a suffix of ".tmp". - # The downloaded file will be stored there until some sanity checks are performed. - my $tmp = File::Temp->new( SUFFIX => ".tmp", DIR => "$tmp_dl_directory/", UNLINK => 0 ); - my $tmpfile = $tmp->filename(); + # Pass the requested URL to the settings hash. + $settings{'URL'} = $url; # Call function to get the final path and filename for the downloaded file. my $dl_rulesfile = &_get_dl_rulesfile($provider); - # Check if the rulesfile already exits, because it has been downloaded in the past. - # - # In this case we are requesting the server if the remote file has been changed or not. - # This will be done by sending the modification time in a special HTTP header. - if (-f $dl_rulesfile) { - # Call stat on the file. - my $stat = stat($dl_rulesfile); - - # Omit the mtime of the existing file. - my $mtime = $stat->mtime; - - # Convert the timestamp into right format. - my $http_date = time2str($mtime); + # Add the file information to the settings hash. + $settings{'FILE'} = $dl_rulesfile; - # Add the If-Modified-Since header to the request to ask the server if the - # file has been modified. - $request->header( 'If-Modified-Since' => "$http_date" ); - } - - # Read-in Etags file for known Etags if the file is present. - my %etags = (); - &General::readhash("$etags_file", \%etags) if (-f $etags_file); + # Add Etag details to the settings hash. + $settings{'ETAGSFILE'} = $etags_file; + $settings{'ETAGPREFIX'} = $provider; - # Check if an Etag for the current provider is stored. - if ($etags{$provider}) { - # Grab the stored tag. - my $etag = $etags{$provider}; + # Call the downloader and pass the settings hash. + my $response = &General::downloader(%settings); - # Add an "If-None-Match header to the request to ask the server if the - # file has been modified. - $request->header( 'If-None-Match' => $etag ); + # Return the response message if the downloader provided one. + if ($response) { + return $response; } - my $dl_attempt = 1; - my $response; - - # Download and retry on failure. - while ($dl_attempt <= $max_dl_attempts) { - # Perform the request and save the output into the tmpfile. - $response = $downloader->request($request, $tmpfile); - - # Check if the download was successfull. - if($response->is_success) { - # Break loop. - last; - - # Check if the server responds with 304 (Not Modified). - } elsif ($response->code == 304) { - # Remove temporary file, if one exists. - unlink("$tmpfile") if (-e "$tmpfile"); - - # Return "not modified". - return "not modified"; - - # Check if we ran out of download re-tries. - } elsif ($dl_attempt eq $max_dl_attempts) { - # Obtain error. - my $error = $response->content; - - # Remove temporary file, if one exists. - unlink("$tmpfile") if (-e "$tmpfile"); - - # Return the error message from response.. - return "$error"; - } - - # Remove temporary file, if one exists. - unlink("$tmpfile") if (-e "$tmpfile"); - - # Increase download attempt counter. - $dl_attempt++; - } - - # Obtain the connection headers. - my $headers = $response->headers; - - # Get the timestamp from header, when the file has been modified the - # last time. - my $last_modified = $headers->last_modified; - - # Get the remote size of the downloaded file. - my $remote_filesize = $headers->content_length; - - # Grab the Etag from response it the server provides one. - if ($response->header('Etag')) { - # Add the Etag to the etags hash. - $etags{$provider} = $response->header('Etag'); - - # Write the etags file. - &General::writehash($etags_file, \%etags); - } - - # Perform stat on the tmpfile. - my $stat = stat($tmpfile); - - # Grab the local filesize of the downloaded tarball. - my $local_filesize = $stat->size; - - # Check if both file sizes match. - if (($remote_filesize) && ($remote_filesize ne $local_filesize)) { - # Delete temporary file. - unlink("$tmpfile"); - - # Return "1" - false. - return "incomplete download"; - } - - # Overwrite the may existing rulefile or tarball with the downloaded one. - move("$tmpfile", "$dl_rulesfile"); - - # Check if we got a last-modified value from the server. - if ($last_modified) { - # Assign the last-modified timestamp as mtime to the - # rules file. - utime(time(), "$last_modified", "$dl_rulesfile"); - } - - # Delete temporary file. - unlink("$tmpfile"); - - # Set correct ownership for the tarball. - set_ownership("$dl_rulesfile"); + # Set correct ownership for the downloaded rules file. + &set_ownership("$dl_rulesfile"); - # If we got here, everything worked fine. Return nothing. return; }