Révision 481b97b0
Ajouté par jim-p il y a presque 10 ans
| etc/inc/filter_log.inc | ||
|---|---|---|
| 209 | 209 |
return ':' . $portstr; |
| 210 | 210 |
} |
| 211 | 211 |
|
| 212 |
function find_rule_by_number($rulenum, $type="rules") {
|
|
| 212 |
function find_rule_by_number($rulenum, $trackernum, $type="block") {
|
|
| 213 | 213 |
global $g; |
| 214 | 214 |
|
| 215 | 215 |
/* Passing arbitrary input to grep could be a Very Bad Thing(tm) */ |
| 216 |
if (!(is_numeric($rulenum)))
|
|
| 216 |
if (!is_numeric($rulenum) || !is_numeric($trackernum) || !in_array($type, array('pass', 'block', 'match', 'rdr')))
|
|
| 217 | 217 |
return; |
| 218 |
|
|
| 219 |
if ($trackernum == "0") |
|
| 220 |
$lookup_pattern = "^@{$rulenum}\([0-9]+\)[[:space:]]{$type}[[:space:]].*[[:space:]]log[[:space:]]";
|
|
| 221 |
else |
|
| 222 |
$lookup_pattern = "^@[0-9]+\({$trackernum}\)[[:space:]]{$type}[[:space:]].*[[:space:]]log[[:space:]]";
|
|
| 223 |
|
|
| 218 | 224 |
/* At the moment, miniupnpd is the only thing I know of that |
| 219 | 225 |
generates logging rdr rules */ |
| 220 | 226 |
unset($buffer); |
| 221 | 227 |
if ($type == "rdr") |
| 222 |
$_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | grep '^@'", $buffer);
|
|
| 228 |
$_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | grep " . escapeshellarg("^@{$rulenum}"), $buffer);
|
|
| 223 | 229 |
else {
|
| 224 | 230 |
if (file_exists("{$g['tmp_path']}/rules.debug"))
|
| 225 |
$_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep " . escapeshellarg("^@{$rulenum} {$type}"), $buffer);
|
|
| 231 |
$_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep " . escapeshellarg($lookup_pattern), $buffer);
|
|
| 226 | 232 |
else |
| 227 |
$_gb = exec("/sbin/pfctl -vvPsr | grep " . escapeshellarg("^@{$rulenum}"), $buffer);
|
|
| 233 |
$_gb = exec("/sbin/pfctl -vvPsr | grep " . escapeshellarg($lookup_pattern), $buffer);
|
|
| 228 | 234 |
} |
| 229 | 235 |
if (is_array($buffer)) |
| 230 | 236 |
return $buffer[0]; |
| ... | ... | |
| 248 | 254 |
} |
| 249 | 255 |
unset($buffer, $_gb); |
| 250 | 256 |
if (file_exists("{$g['tmp_path']}/rules.debug"))
|
| 251 |
$_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep '^@[0-9]+ ' | /usr/bin/egrep -v '^@[0-9]+ (nat|rdr|binat|no|scrub)'", $buffer);
|
|
| 257 |
$_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep '^@[0-9]+\([0-9]+\)[[:space:]].*[[:space:]]log[[:space:]]' | /usr/bin/egrep -v '^@[0-9]+\([0-9]+\)[[:space:]](nat|rdr|binat|no|scrub)'", $buffer);
|
|
| 252 | 258 |
else |
| 253 |
$_gb = exec("/sbin/pfctl -vvPsr | grep '^@'", $buffer);
|
|
| 259 |
$_gb = exec("/sbin/pfctl -vvPsr | /usr/bin/egrep '^@[0-9]+\([0-9]+\)[[:space:]].*[[:space:]]log[[:space:]]'", $buffer);
|
|
| 260 |
|
|
| 254 | 261 |
if (is_array($buffer)) {
|
| 255 | 262 |
foreach ($buffer as $line) {
|
| 256 | 263 |
list($key, $value) = explode (" ", $line, 2);
|
| 264 |
# pfctl rule number output with tracker number: @dd(dddddddddd) |
|
| 265 |
$matches = array(); |
|
| 266 |
if (preg_match('/\@(?P<rulenum>\d+)\((?<trackernum>\d+)\)/', $key, $matches) == 1) {
|
|
| 267 |
if ($matches['trackernum'] > 0) |
|
| 268 |
$key = $matches['trackernum']; |
|
| 269 |
else |
|
| 270 |
$key = "@{$matches['rulenum']}";
|
|
| 271 |
} |
|
| 257 | 272 |
$buffer_rules_normal[$key] = $value; |
| 258 | 273 |
} |
| 259 | 274 |
} |
| ... | ... | |
| 265 | 280 |
unset($GLOBALS['buffer_rules_rdr']); |
| 266 | 281 |
} |
| 267 | 282 |
|
| 268 |
function find_rule_by_number_buffer($rulenum, $type){
|
|
| 283 |
function find_rule_by_number_buffer($rulenum, $trackernum, $type){
|
|
| 269 | 284 |
global $g, $buffer_rules_rdr, $buffer_rules_normal; |
| 270 |
|
|
| 285 |
|
|
| 286 |
if ($trackernum == "0") |
|
| 287 |
$lookup_key = "@{$rulenum}";
|
|
| 288 |
else |
|
| 289 |
$lookup_key = $trackernum; |
|
| 290 |
|
|
| 271 | 291 |
if ($type == "rdr") {
|
| 272 |
$ruleString = $buffer_rules_rdr["@".$rulenum];
|
|
| 292 |
$ruleString = $buffer_rules_rdr[$lookup_key];
|
|
| 273 | 293 |
//TODO: get the correct 'description' part of a RDR log line. currently just first 30 characters.. |
| 274 | 294 |
$rulename = substr($ruleString,0,30); |
| 275 | 295 |
} else {
|
| 276 |
$ruleString = $buffer_rules_normal["@".$rulenum];
|
|
| 296 |
$ruleString = $buffer_rules_normal[$lookup_key];
|
|
| 277 | 297 |
list(,$rulename,) = explode("\"",$ruleString);
|
| 278 | 298 |
$rulename = str_replace("USER_RULE: ",'<img src="/themes/'.$g['theme'].'/images/icons/icon_frmfld_user.png" width="11" height="12" title="USER_RULE" alt="USER_RULE"/> ',$rulename);
|
| 279 | 299 |
} |
| 280 |
return $rulename." (@".$rulenum.")";
|
|
| 300 |
return "{$rulename} ({$lookup_key})";
|
|
| 281 | 301 |
} |
| 282 | 302 |
|
| 283 | 303 |
function find_action_image($action) {
|
Formats disponibles : Unified diff
Consider tracker IDs when looking up filter log entries, if present