]>
Commit | Line | Data |
---|---|---|
1 | #!/usr/bin/perl | |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | use strict; | |
23 | ||
24 | use Getopt::Std; | |
25 | ||
26 | # enable only the following on debugging purpose | |
27 | #use warnings; | |
28 | #use CGI::Carp 'fatalsToBrowser'; | |
29 | ||
30 | require '/var/ipfire/general-functions.pl'; | |
31 | require "${General::swroot}/location-functions.pl"; | |
32 | require "${General::swroot}/lang.pl"; | |
33 | require "${General::swroot}/header.pl"; | |
34 | ||
35 | my %color = (); | |
36 | my %mainsettings = (); | |
37 | &General::readhash("${General::swroot}/main/settings", \%mainsettings); | |
38 | &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color); | |
39 | ||
40 | use POSIX(); | |
41 | ||
42 | #workaround to suppress a warning when a variable is used only once | |
43 | my @dummy = ( ${Header::table2colour} ); | |
44 | undef (@dummy); | |
45 | ||
46 | my %cgiparams=(); | |
47 | my %logsettings=(); | |
48 | my $errormessage = ''; | |
49 | ||
50 | my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', | |
51 | 'Sep', 'Oct', 'Nov', 'Dec' ); | |
52 | my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, | |
53 | $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, | |
54 | $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, | |
55 | $Lang::tr{'december'} ); | |
56 | ||
57 | my @now = localtime(); | |
58 | my $dow = $now[6]; | |
59 | my $doy = $now[7]; | |
60 | my $tdoy = $now[7]; | |
61 | my $year = $now[5]+1900; | |
62 | ||
63 | $cgiparams{'DAY'} = $now[3]; | |
64 | $cgiparams{'MONTH'} = $now[4]; | |
65 | $cgiparams{'ACTION'} = ''; | |
66 | ||
67 | &Header::getcgihash(\%cgiparams); | |
68 | $logsettings{'LOGVIEW_REVERSE'} = 'off'; | |
69 | &General::readhash("${General::swroot}/logging/settings", \%logsettings); | |
70 | ${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150; | |
71 | ||
72 | my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of firts line number to display | |
73 | ||
74 | if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) | |
75 | { | |
76 | my @temp = split(',',$ENV{'QUERY_STRING'}); | |
77 | $start = $temp[0]; | |
78 | $cgiparams{'MONTH'} = $temp[1]; | |
79 | $cgiparams{'DAY'} = $temp[2]; | |
80 | } | |
81 | ||
82 | if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || | |
83 | !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) | |
84 | { | |
85 | $cgiparams{'DAY'} = $now[3]; | |
86 | $cgiparams{'MONTH'} = $now[4]; | |
87 | } | |
88 | elsif($cgiparams{'ACTION'} eq '>>') | |
89 | { | |
90 | my @temp_then=(); | |
91 | my @temp_now = localtime(time); | |
92 | $temp_now[4] = $cgiparams{'MONTH'}; | |
93 | $temp_now[3] = $cgiparams{'DAY'}; | |
94 | if ($cgiparams{'DAY'}) { | |
95 | @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); | |
96 | ## Retrieve the same time on the next day + | |
97 | ## 86400 seconds in a day | |
98 | } else { | |
99 | $temp_now[3] = 1; | |
100 | $temp_now[4] = ($temp_now[4]+1) %12; | |
101 | @temp_then = localtime(POSIX::mktime(@temp_now) ); | |
102 | $temp_then[3] = 0; | |
103 | } | |
104 | $cgiparams{'MONTH'} = $temp_then[4]; | |
105 | $cgiparams{'DAY'} = $temp_then[3]; | |
106 | } | |
107 | elsif($cgiparams{'ACTION'} eq '<<') | |
108 | { | |
109 | my @temp_then=(); | |
110 | my @temp_now = localtime(time); | |
111 | $temp_now[4] = $cgiparams{'MONTH'}; | |
112 | $temp_now[3] = $cgiparams{'DAY'}; | |
113 | if ($cgiparams{'DAY'}) { | |
114 | @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); | |
115 | ## Retrieve the same time on the next day - | |
116 | ## 86400 seconds in a day | |
117 | } else { | |
118 | $temp_now[3] = 1; | |
119 | $temp_now[4] = ($temp_now[4]-1) %12; | |
120 | @temp_then = localtime(POSIX::mktime(@temp_now) ); | |
121 | $temp_then[3] = 0; | |
122 | } | |
123 | $cgiparams{'MONTH'} = $temp_then[4]; | |
124 | $cgiparams{'DAY'} = $temp_then[3]; | |
125 | } | |
126 | ||
127 | # Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log | |
128 | my $gzindex; | |
129 | my $date = $cgiparams{'DAY'} == 0 ? '' : $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; | |
130 | ||
131 | { | |
132 | my $xday; | |
133 | ||
134 | # Calculate time. If future date, calculate for past year !!! | |
135 | if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || | |
136 | ( $cgiparams{'MONTH'} > $now[4] ) ) { | |
137 | $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); | |
138 | $date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1); | |
139 | } else { | |
140 | $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); | |
141 | $date = "$longmonths[$cgiparams{'MONTH'}] $date, $year"; | |
142 | } | |
143 | ||
144 | # calculate end of active week (saturday 23H59) | |
145 | my @then = (); | |
146 | @then = localtime(time()); | |
147 | my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); | |
148 | $sunday += (6-$then[6]) * 86400; | |
149 | ||
150 | # Convert delta in second to full weeks | |
151 | $gzindex = int (($sunday-$xday)/604800 ); | |
152 | } | |
153 | ||
154 | my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; | |
155 | my $daystr = $cgiparams{'DAY'} == 0 ? '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; | |
156 | ||
157 | my $lines = 0; | |
158 | my @log=(); | |
159 | ||
160 | my $loop = 1; | |
161 | my $filestr = 0; | |
162 | my $lastdatetime; # for debug | |
163 | my $search_for_end = 0; | |
164 | ||
165 | while ($gzindex >=0 && $loop) { | |
166 | # calculate file name | |
167 | if ($gzindex == 0) { | |
168 | $filestr = "/var/log/messages"; | |
169 | } else { | |
170 | $filestr = "/var/log/messages.$gzindex"; | |
171 | $filestr = "$filestr.gz" if -f "$filestr.gz"; | |
172 | } | |
173 | # now read file if existing | |
174 | if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) { | |
175 | #&General::log("reading $filestr"); | |
176 | READ:while (<FILE>) { | |
177 | my $line = $_; | |
178 | if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) { | |
179 | # when standart viewing, just keep in memory the correct slice | |
180 | # it starts a '$start' and size is $viewport | |
181 | # If export, then keep all lines... | |
182 | if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ | |
183 | $log[$lines++] = "$line"; | |
184 | } else { | |
185 | if ($lines++ < ($start + $Header::viewsize)) { | |
186 | push(@log,"$line"); | |
187 | if (@log > $Header::viewsize) { | |
188 | shift (@log); | |
189 | } | |
190 | #} else { dont do this optimisation, need to count lines ! | |
191 | # $datetime = $maxtime; # we have read viewsize lines, stop main loop | |
192 | # last READ; # exit read file | |
193 | } | |
194 | } | |
195 | $search_for_end = 1; # we find the start of slice, can look for end now | |
196 | } else { | |
197 | if ($search_for_end == 1) { | |
198 | #finish read files when date is over (test month equality only) | |
199 | $line =~ /^(...) (..) ..:..:..*$/; | |
200 | $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) ); | |
201 | } | |
202 | } | |
203 | } | |
204 | close (FILE); | |
205 | } | |
206 | $gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped | |
207 | # for a long time | |
208 | }# while | |
209 | ||
210 | # $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; | |
211 | ||
212 | if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) | |
213 | { | |
214 | print "Content-type: text/plain\n\n"; | |
215 | print "IPFire firewall log\r\n"; | |
216 | print "$Lang::{'date'}: $date\r\n\r\n"; | |
217 | ||
218 | if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } | |
219 | ||
220 | foreach $_ (@log) | |
221 | { | |
222 | /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; | |
223 | my $day = $1; | |
224 | $day =~ tr / /0/; | |
225 | my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; | |
226 | my $chain = $3; | |
227 | print "$time $chain $4\r\n"; | |
228 | ||
229 | } | |
230 | exit 0; | |
231 | } | |
232 | ||
233 | &Header::showhttpheaders(); | |
234 | ||
235 | &Header::openpage($Lang::tr{'firewall log'}, 1, ''); | |
236 | ||
237 | &Header::openbigbox('100%', 'left', '', $errormessage); | |
238 | ||
239 | if ($errormessage) { | |
240 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); | |
241 | print "<font class='base'>$errormessage </font>\n"; | |
242 | &Header::closebox(); | |
243 | } | |
244 | ||
245 | &Header::openbox('100%', 'left', "$Lang::tr{'settings'}"); | |
246 | ||
247 | print <<END | |
248 | <form method='post' action='$ENV{'SCRIPT_NAME'}'> | |
249 | <table width='100%'> | |
250 | <tr> | |
251 | <td width='10%' class='base'>$Lang::tr{'month'}: </td> | |
252 | <td width='10%'> | |
253 | <select name='MONTH'> | |
254 | END | |
255 | ; | |
256 | for (my $month = 0; $month < 12; $month++) | |
257 | { | |
258 | print "\t<option "; | |
259 | if ($month == $cgiparams{'MONTH'}) { | |
260 | print "selected='selected' "; | |
261 | } | |
262 | print "value='$month'>$longmonths[$month]</option>\n"; | |
263 | } | |
264 | print <<END | |
265 | </select> | |
266 | </td> | |
267 | <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> | |
268 | <td width='40%'> | |
269 | <select name='DAY'> | |
270 | END | |
271 | ; | |
272 | print "<option value='0'>$Lang::tr{'all'}</option>\n"; | |
273 | for (my $day = 1; $day <= 31; $day++) | |
274 | { | |
275 | print "\t<option "; | |
276 | if ($day == $cgiparams{'DAY'}) { | |
277 | print "selected='selected' "; | |
278 | } | |
279 | print "value='$day'>$day</option>\n"; | |
280 | } | |
281 | print <<END | |
282 | </select> | |
283 | </td> | |
284 | <td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='<<' /></td> | |
285 | <td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='>>' /></td> | |
286 | <td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td> | |
287 | <td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'export'}' /></td> | |
288 | </tr> | |
289 | </table> | |
290 | </form> | |
291 | END | |
292 | ; | |
293 | ||
294 | &Header::closebox(); | |
295 | ||
296 | &Header::openbox('100%', 'left', $Lang::tr{'log'}); | |
297 | print "<p><b>$Lang::tr{'firewall hits'} $date: $lines</b></p>"; | |
298 | ||
299 | my $lastPageIndex = $lines - ${Header::viewsize}; | |
300 | $start = $lastPageIndex if ($start >= $lastPageIndex); | |
301 | $start = 0 if ($start < 0); | |
302 | ||
303 | my $prev; | |
304 | if ($start == 0) { | |
305 | $prev = -1; | |
306 | } else { | |
307 | $prev = $start - ${Header::viewsize}; | |
308 | $prev = 0 if ( $prev < 0); | |
309 | } | |
310 | ||
311 | my $next; | |
312 | if ($start == $lastPageIndex) { | |
313 | $next = -1; | |
314 | } else { | |
315 | $next = $start + ${Header::viewsize}; | |
316 | $next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize}); | |
317 | } | |
318 | ||
319 | if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } | |
320 | if ($lines != 0) { &oldernewer(); } | |
321 | ||
322 | print <<END | |
323 | <table width='100%' class='tbl'> | |
324 | <tr> | |
325 | <th align='center' class='boldbase'><b>$Lang::tr{'time'}</b></th> | |
326 | <th align='center' class='boldbase'><b>$Lang::tr{'chain'}</b></th> | |
327 | <th align='center' class='boldbase'><b>$Lang::tr{'iface'}</b></th> | |
328 | <th align='center' class='boldbase'><b>$Lang::tr{'proto'}</b></th> | |
329 | <th align='center' class='boldbase'><b>$Lang::tr{'source'}<br/>$Lang::tr{'destination'}</b></th> | |
330 | <th align='center' class='boldbase'><b>$Lang::tr{'src port'}<br />$Lang::tr{'dst port'}</b></th> | |
331 | <th align='center' class='boldbase'><b>$Lang::tr{'country'}</b></th> | |
332 | <th align='center' class='boldbase'><b>$Lang::tr{'mac address'}</b></th> | |
333 | </tr> | |
334 | END | |
335 | ; | |
336 | ||
337 | # Generate hash to translate protocol numbers into protocol names. | |
338 | my %protocols = &General::generateProtoTransHash(); | |
339 | ||
340 | $lines = 0; | |
341 | foreach $_ (@log) | |
342 | { | |
343 | # If ipv6 uses a bridge, PHYSIN= contains the relevant iface information | |
344 | # otherwise use IN= | |
345 | my $packet = ''; | |
346 | if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) { $packet = $5; } | |
347 | elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) { $packet = $4; } | |
348 | my $day = $1; | |
349 | $day =~ tr / /0/; | |
350 | my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; | |
351 | my $chain = $3; | |
352 | ||
353 | my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport); | |
354 | if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } | |
355 | # Identify whether ipv4 or ipv6. Both are mutally exclusive. | |
356 | if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1; } | |
357 | if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1; } | |
358 | if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1; } | |
359 | if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1; } | |
360 | $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/; | |
361 | $proto=$1 if $packet =~ /PROTO=(\w+)/; | |
362 | $srcport=$1 if $packet =~ /SPT=(\d+)/; | |
363 | $dstport=$1 if $packet =~ /DPT=(\d+)/; | |
364 | ||
365 | # Get the country code. | |
366 | my $ccode = &Location::Functions::lookup_country_code($srcaddr); | |
367 | ||
368 | # Lookup if the grabbed protocol is part of the protocols hash. | |
369 | if (exists ($protocols{$proto})) { | |
370 | # Translate protocol number into protocol name. | |
371 | $proto = $protocols{$proto}; | |
372 | } | |
373 | ||
374 | my $servi = uc(getservbyport($srcport, lc($proto))); | |
375 | if ($servi ne '' && $srcport < 1024) { | |
376 | $srcport = "$srcport($servi)"; | |
377 | } | |
378 | $servi = uc(getservbyport($dstport, lc($proto))); | |
379 | if ($servi ne '' && $dstport < 1024) { | |
380 | $dstport = "$dstport($servi)"; | |
381 | } | |
382 | my @mactemp = split(/:/,$macaddr); | |
383 | $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]"; | |
384 | my $col=""; | |
385 | if ($lines % 2) { | |
386 | print "<tr>"; | |
387 | $col="bgcolor='$color{'color20'}'"; | |
388 | } | |
389 | else { | |
390 | print "<tr>"; | |
391 | $col="bgcolor='$color{'color22'}'"; | |
392 | } | |
393 | print <<END | |
394 | ||
395 | <td align='center' $col>$time</td> | |
396 | <td align='center' $col>$chain</td> | |
397 | <td align='center' $col>$iface</td> | |
398 | <td align='center' $col>$proto</td> | |
399 | <td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> | |
400 | <td align='center' $col>$srcport<br/>$dstport</td> | |
401 | END | |
402 | ; | |
403 | # Get flag icon for of the country. | |
404 | my $flag_icon = &Location::Functions::get_flag_icon($ccode); | |
405 | ||
406 | if ( $flag_icon) { | |
407 | print "<td align='center' $col><a href='../country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode'></a></td>"; | |
408 | } else { | |
409 | print "<td align='center' $col></td>"; | |
410 | } | |
411 | ||
412 | print <<END | |
413 | <td align='center' $col>$macaddr</td> | |
414 | </tr> | |
415 | END | |
416 | ; | |
417 | $lines++; | |
418 | } | |
419 | ||
420 | print "</table>"; | |
421 | ||
422 | &oldernewer(); | |
423 | ||
424 | &Header::closebox(); | |
425 | ||
426 | &Header::closebigbox(); | |
427 | ||
428 | &Header::closepage(); | |
429 | ||
430 | sub oldernewer | |
431 | { | |
432 | print <<END | |
433 | <table width='100%'> | |
434 | <tr> | |
435 | END | |
436 | ; | |
437 | ||
438 | print "<td align='center' width='50%'>"; | |
439 | if ($prev != -1) { | |
440 | print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?0,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'first'}</a> "; | |
441 | print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>"; | |
442 | } | |
443 | else { | |
444 | print "$Lang::tr{'first'} $Lang::tr{'older'}"; | |
445 | } | |
446 | print "</td>\n"; | |
447 | ||
448 | print "<td align='center' width='50%'>"; | |
449 | if ($next >= 0) { | |
450 | print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a> "; | |
451 | print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$lastPageIndex,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'last'}</a>"; | |
452 | } | |
453 | else { | |
454 | print "$Lang::tr{'newer'} $Lang::tr{'last'} "; | |
455 | } | |
456 | print "</td>\n"; | |
457 | ||
458 | print <<END | |
459 | </tr> | |
460 | </table> | |
461 | END | |
462 | ; | |
463 | } | |
464 |