Révision 481b97b0
Ajouté par jim-p il y a presque 10 ans
etc/inc/filter_log.inc | ||
---|---|---|
209 | 209 |
return ':' . $portstr; |
210 | 210 |
} |
211 | 211 |
|
212 |
function find_rule_by_number($rulenum, $type="rules") {
|
|
212 |
function find_rule_by_number($rulenum, $trackernum, $type="block") {
|
|
213 | 213 |
global $g; |
214 | 214 |
|
215 | 215 |
/* Passing arbitrary input to grep could be a Very Bad Thing(tm) */ |
216 |
if (!(is_numeric($rulenum)))
|
|
216 |
if (!is_numeric($rulenum) || !is_numeric($trackernum) || !in_array($type, array('pass', 'block', 'match', 'rdr')))
|
|
217 | 217 |
return; |
218 |
|
|
219 |
if ($trackernum == "0") |
|
220 |
$lookup_pattern = "^@{$rulenum}\([0-9]+\)[[:space:]]{$type}[[:space:]].*[[:space:]]log[[:space:]]"; |
|
221 |
else |
|
222 |
$lookup_pattern = "^@[0-9]+\({$trackernum}\)[[:space:]]{$type}[[:space:]].*[[:space:]]log[[:space:]]"; |
|
223 |
|
|
218 | 224 |
/* At the moment, miniupnpd is the only thing I know of that |
219 | 225 |
generates logging rdr rules */ |
220 | 226 |
unset($buffer); |
221 | 227 |
if ($type == "rdr") |
222 |
$_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | grep '^@'", $buffer);
|
|
228 |
$_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | grep " . escapeshellarg("^@{$rulenum}"), $buffer);
|
|
223 | 229 |
else { |
224 | 230 |
if (file_exists("{$g['tmp_path']}/rules.debug")) |
225 |
$_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep " . escapeshellarg("^@{$rulenum} {$type}"), $buffer);
|
|
231 |
$_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep " . escapeshellarg($lookup_pattern), $buffer);
|
|
226 | 232 |
else |
227 |
$_gb = exec("/sbin/pfctl -vvPsr | grep " . escapeshellarg("^@{$rulenum}"), $buffer);
|
|
233 |
$_gb = exec("/sbin/pfctl -vvPsr | grep " . escapeshellarg($lookup_pattern), $buffer);
|
|
228 | 234 |
} |
229 | 235 |
if (is_array($buffer)) |
230 | 236 |
return $buffer[0]; |
... | ... | |
248 | 254 |
} |
249 | 255 |
unset($buffer, $_gb); |
250 | 256 |
if (file_exists("{$g['tmp_path']}/rules.debug")) |
251 |
$_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep '^@[0-9]+ ' | /usr/bin/egrep -v '^@[0-9]+ (nat|rdr|binat|no|scrub)'", $buffer);
|
|
257 |
$_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep '^@[0-9]+\([0-9]+\)[[:space:]].*[[:space:]]log[[:space:]]' | /usr/bin/egrep -v '^@[0-9]+\([0-9]+\)[[:space:]](nat|rdr|binat|no|scrub)'", $buffer);
|
|
252 | 258 |
else |
253 |
$_gb = exec("/sbin/pfctl -vvPsr | grep '^@'", $buffer); |
|
259 |
$_gb = exec("/sbin/pfctl -vvPsr | /usr/bin/egrep '^@[0-9]+\([0-9]+\)[[:space:]].*[[:space:]]log[[:space:]]'", $buffer); |
|
260 |
|
|
254 | 261 |
if (is_array($buffer)) { |
255 | 262 |
foreach ($buffer as $line) { |
256 | 263 |
list($key, $value) = explode (" ", $line, 2); |
264 |
# pfctl rule number output with tracker number: @dd(dddddddddd) |
|
265 |
$matches = array(); |
|
266 |
if (preg_match('/\@(?P<rulenum>\d+)\((?<trackernum>\d+)\)/', $key, $matches) == 1) { |
|
267 |
if ($matches['trackernum'] > 0) |
|
268 |
$key = $matches['trackernum']; |
|
269 |
else |
|
270 |
$key = "@{$matches['rulenum']}"; |
|
271 |
} |
|
257 | 272 |
$buffer_rules_normal[$key] = $value; |
258 | 273 |
} |
259 | 274 |
} |
... | ... | |
265 | 280 |
unset($GLOBALS['buffer_rules_rdr']); |
266 | 281 |
} |
267 | 282 |
|
268 |
function find_rule_by_number_buffer($rulenum, $type){ |
|
283 |
function find_rule_by_number_buffer($rulenum, $trackernum, $type){
|
|
269 | 284 |
global $g, $buffer_rules_rdr, $buffer_rules_normal; |
270 |
|
|
285 |
|
|
286 |
if ($trackernum == "0") |
|
287 |
$lookup_key = "@{$rulenum}"; |
|
288 |
else |
|
289 |
$lookup_key = $trackernum; |
|
290 |
|
|
271 | 291 |
if ($type == "rdr") { |
272 |
$ruleString = $buffer_rules_rdr["@".$rulenum];
|
|
292 |
$ruleString = $buffer_rules_rdr[$lookup_key];
|
|
273 | 293 |
//TODO: get the correct 'description' part of a RDR log line. currently just first 30 characters.. |
274 | 294 |
$rulename = substr($ruleString,0,30); |
275 | 295 |
} else { |
276 |
$ruleString = $buffer_rules_normal["@".$rulenum];
|
|
296 |
$ruleString = $buffer_rules_normal[$lookup_key];
|
|
277 | 297 |
list(,$rulename,) = explode("\"",$ruleString); |
278 | 298 |
$rulename = str_replace("USER_RULE: ",'<img src="/themes/'.$g['theme'].'/images/icons/icon_frmfld_user.png" width="11" height="12" title="USER_RULE" alt="USER_RULE"/> ',$rulename); |
279 | 299 |
} |
280 |
return $rulename." (@".$rulenum.")";
|
|
300 |
return "{$rulename} ({$lookup_key})";
|
|
281 | 301 |
} |
282 | 302 |
|
283 | 303 |
function find_action_image($action) { |
Formats disponibles : Unified diff
Consider tracker IDs when looking up filter log entries, if present