aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2012-07-03 00:38:07 -0700
committerrobiscool <robrob2626@yahoo.com>2012-07-03 00:38:07 -0700
commitf80fcb63882ab695496141dcc92131c20486dfab (patch)
tree348c8e2e1438a20ee6720aaf226b497230f04ad9
parentda8fcdbc50c6e0b4def6a7eee0320190492f3d03 (diff)
downloadpfsense-packages-f80fcb63882ab695496141dcc92131c20486dfab.tar.gz
pfsense-packages-f80fcb63882ab695496141dcc92131c20486dfab.tar.bz2
pfsense-packages-f80fcb63882ab695496141dcc92131c20486dfab.zip
snort-dev, add ipv6 support to whitelist build func, remove use of old javascript, php closure adds for namespace
-rw-r--r--config/snort-dev/snort.inc423
-rw-r--r--config/snort-dev/snort_interfaces_edit.php6
-rw-r--r--config/snort-dev/snort_interfaces_whitelist_edit.php286
3 files changed, 463 insertions, 252 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index 32519cf1..7a9b234c 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -100,141 +100,275 @@ function find_suppress_key($find_slist_number) {
}
}
-/* func builds custom whitelests */
-function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) {
- global $config, $g, $snort_pfsense_basever;
-
- /* build an interface array list */
- if (function_exists('get_configured_interface_list'))
- $int_array = get_configured_interface_list();
- else {
- $int_array = array('lan');
- for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
- if(isset($config['interfaces']['opt' . $j]['enable']))
- if(isset($config['interfaces']['opt' . $j]['gateway']))
- $int_array[] = "opt{$j}";
- }
-
- $home_net = "";
+function snort_find_interface_ipv6($interface, $flush = false)
+{
+ global $interface_ipv6_arr_cache;
+ global $interface_snv6_arr_cache;
+ global $config;
+
+ $interface = trim($interface);
+ $interface = get_real_interface($interface);
+
+ if (!does_interface_exist($interface))
+ return;
- /* iterate through interface list and write out whitelist items
- * and also compile a home_net list for snort.
- */
- foreach ($int_array as $int) {
- /* calculate interface subnet information */
- if (function_exists('get_interface_ip')) {
- $subnet = get_interface_ip($int);
- if (is_ipaddr($subnet)) {
- $sn = get_interface_subnet($int);
- $home_net .= "{$subnet}/{$sn} ";
- }
- } else {
- $ifcfg = $config['interfaces'][$int];
- switch ($ifcfg['ipaddr']) {
- case "pppoe":
- case "pptp":
- case "l2tp":
- if (function_exists('get_interface_ip'))
- $subnet = get_interface_ip($int);
- else
- $subnet = find_interface_ip("ng0");
-
- if (is_ipaddr($subnet))
- $home_net .= "{$subnet} ";
- break;
- case "dhcp":
- $subnet = find_interface_ip(snort_get_real_interface($int));
- if (is_ipaddr($subnet))
- $home_net .= "{$subnet} ";
- break;
- default:
- if (is_ipaddr($ifcfg['ipaddr'])) {
- $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
- if ($ifcfg['subnet'])
- $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
+ /* Setup IP cache */
+ if (!isset($interface_ipv6_arr_cache[$interface]) or $flush) {
+ $ifinfo = pfSense_get_interface_addresses($interface);
+ // FIXME: Add IPv6 support to the pfSense module
+ exec("/sbin/ifconfig {$interface} inet6", $output);
+ foreach($output as $line) {
+ if(preg_match("/inet6/", $line)) {
+ $parts = explode(" ", $line);
+ if(preg_match("/fe80::/", $parts[1])) {
+ $ifinfo['ipaddrv6'] = $parts[1];
+ if($parts[2] == "-->") {
+ $parts[5] = "126";
+ $ifinfo['subnetbitsv6'] = $parts[5];
+ } else {
+ $ifinfo['subnetbitsv6'] = $parts[3];
+ }
}
- break;
}
}
+ $interface_ipv6_arr_cache[$interface] = $ifinfo['ipaddrv6'];
+ $interface_snv6_arr_cache[$interface] = $ifinfo['subnetbitsv6'];
}
- if ($snort_pfsense_basever == 'yes' && $wanip == 'yes') {
- /* add all WAN ips to the whitelist */
- $wan_if = get_real_wan_interface();
- $ip = find_interface_ip($wan_if);
- if (is_ipaddr($ip))
- $home_net .= "{$ip} ";
- }
+ return $interface_ipv6_arr_cache[$interface];
+}
- if ($wangw == 'yes') {
- /* Add Gateway on WAN interface to whitelist (For RRD graphs) */
- $gw = get_interface_gateway('wan');
- if($gw)
- $home_net .= "{$gw} ";
+function snort_get_interface_ipv6($interface = "wan")
+{
+ global $config;
+ $realif = get_failover_interface($interface);
+ switch($config['interfaces'][$interface]['ipaddrv6']) {
+ case "6rd":
+ case "6to4":
+ $realif = "stf0";
+ break;
}
-
- if($wandns == 'yes') {
- /* Add DNS server for WAN interface to whitelist */
- $dns_servers = get_dns_servers();
- foreach ($dns_servers as $dns) {
- if($dns)
- $home_net .= "{$dns} ";
- }
+ if (!$realif) {
+ if (preg_match("/^carp/i", $interface))
+ $realif = $interface;
+ else if (preg_match("/^[a-z0-9]+_vip/i", $interface))
+ $realif = $interface;
+ else
+ return null;
}
- if($vips == 'yes') {
- /* iterate all vips and add to whitelist */
- if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
- foreach($config['virtualip']['vip'] as $vip)
- if($vip['subnet'])
- $home_net .= "{$vip['subnet']} ";
- }
- }
+ $curip = snort_find_interface_ipv6($realif);
+
+ if (strstr($curip, '%', TRUE)) {
+ $curip = strstr($curip, '%', TRUE);
+ }else if (is_ipaddrv6($curip)){
+ $curip = $curip;
+ }
+
+ if ($curip && is_ipaddrv6($curip) && ($curip != "::"))
+ return $curip;
+ else
+ return null;
+}
- /* Add loopback to whitelist (ftphelper) */
- $home_net .= "127.0.0.1 ";
+/* func builds custom whitelests */
+function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) {
+ global $config, $g, $snort_pfsense_basever;
- /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */
- if ($vpns == 'yes') {
- if ($snort_pfsense_basever == 'yes') // chk what pfsense version were on
- $vpns_list = get_vpns_list();
- else if ($snort_pfsense_basever == 'no') // chk what pfsense version were on
- $vpns_list = filter_get_vpns_list();
+ // build an interface array list
+ $int_array = get_configured_interface_list();
- if (!empty($vpns_list))
- $home_net .= "{$vpns_list} ";
- }
+ /* calculate ipv4 interface subnet information */
+ $home_net = '';
+ $snort_calc_iface_subnet_list = function($int) use(&$home_net) {
+
+ $subnet = get_interface_ip($int);
+ $sn = get_interface_subnet($int);
+ $subnet_v6 = snort_get_interface_ipv6($int);
+ $sn_v6 = get_interface_subnetv6($int);
+
+ if (is_ipaddr($subnet) && !empty($subnet)) {
+ $home_net .= "{$subnet}/{$sn},";
+ }
- /* never ever compair numbers to words */
- if ($userwips > -1) {
- if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+ if (is_ipaddr($subnet_v6) && !empty($subnet_v6)) {
+ $home_net .= "{$subnet_v6}/{$sn_v6},";
+ }
+
+ };
+
+ /* Add Gateway on WAN interface to whitelist (For RRD graphs) */
+ $snort_calc_gateway_list = function($int) use (&$home_net) {
- $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address'];
+ $gw = get_interface_gateway($int);
+ $sn = get_interface_subnet($int);
+ $gw_v6 = get_interface_gateway_v6($int);
+ $sn_v6 = get_interface_subnetv6($int);
+
+
+ if(!empty($gw) && is_ipaddr($gw)) {
+ $home_net .= "{$gw}/{$sn},";
+ }
+
+ if(!empty($gw_v6) && is_ipaddr($gw_v6)) {
+ $home_net .= "{$gw_v6}/{$sn_v6},";
+ }
+
+ };
+
+ // iterate through interface list and write out whitelist items and also compile a home_net list for snort.
+ foreach ($int_array as $int) {
+
+ if (!empty($int)) {
+ $snort_calc_iface_subnet_list($int);
+
+ if ($wangw == 'yes')
+ $snort_calc_gateway_list($int);
+
+ }
+
}
- $home_net = trim($home_net);
-
- /* this foe whitelistfile, convert spaces to carriage returns */
- if ($build_netlist == 'whitelist') {
- $whitelist_home_net = str_replace(" ", "\n", $home_net);
- $whitelist_home_net = str_replace(" ", "\n", $home_net);
- return $whitelist_home_net;
+ /*
+ * Add DNS server for WAN interface to whitelist
+ *
+ * NOTE: does this get ipv6 ips
+ */
+ $snort_dns_list = function() use(&$home_net) {
+
+ $dns_servers = get_dns_servers();
+ foreach ($dns_servers as $dns) {
+ if(!empty($dns) && is_ipaddr($dns)) {
+ $home_net .= "{$dns},";
+ }
+ }
+
+ };
+
+ if($wandns == 'yes') {
+ $snort_dns_list();
+ }
+
+ /*
+ * iterate all vips and add to whitelist
+ * NOTE: does this get ipv6 ips
+ *
+ */
+ $snort_vips_list = function() use(&$home_net, &$config) {
+
+ if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
+ foreach($config['virtualip']['vip'] as $vip)
+ if(!empty($vip['subnet']))
+ $home_net .= "{$vip['subnet']},";
+ }
+
+ };
+
+ if($vips == 'yes') {
+ $snort_vips_list();
}
- /* this is for snort.conf */
- $validator = explode(" ", $home_net);
- $valresult = array();
- foreach ($validator as $vald) {
- if (empty($vald))
- continue;
- $valresult[] = $vald;
+ /*
+ * grab a list of vpns and whitelist if user desires added by nestorfish 954
+ *
+ * NOTE: does this get ipv6 ips
+ */
+ $snort_vpns_list = function() use(&$home_net, &$config) {
+ $vpns_list = filter_get_vpns_list();
+
+ if (!empty($vpns_list))
+ $home_net .= "{$vpns_list},";
+ };
+
+ if ($vpns == 'yes') {
+ $snort_vpns_list();
+ }
+
+ $snort_userwips_list = function() use(&$home_net, &$userwips, &$config) {
+
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+
+ $home_net .= $config['installedpackages']['snortglobal']['whitelist']['item'][$userwips]['address'] . ',';
+
+ };
+
+ if ($userwips > -1) {
+ $snort_userwips_list();
}
- $home_net = implode(",", $valresult);
- $home_net = "[{$home_net}]";
+ // add loopback iface
+ $home_net .= '127.0.0.1,';
+ $home_net .= '::1,';
+
+ /*
+ * makes sure there is no duplicates
+ * splits $home_net to (ipv6 ip), (ipv6 cidr), (ipv4 ip), (ipv4 cidr)
+ */
+ $snort_clean_home_net = function() use(&$home_net) {
+
+ $home_net = trim($home_net);
+ $home_net = explode(',', $home_net);
+ $net_ipv4_cidr = array();
+ $net_ipv4 = array();
+ $net_ipv6_cidr = array();
+ $net_ipv6 = array();
+
+ // split into 4 arrays
+ foreach ($home_net as $net_ip) {
+
+ if (preg_match("/\./", $net_ip)) {
+ if (preg_match("/\//", $net_ip)) {
+ if (!in_array($net_ip, $net_ipv4_cidr))
+ array_push($net_ipv4_cidr, $net_ip);
+ }else{
+ if (!in_array($net_ip, $net_ipv4))
+ array_push($net_ipv4, $net_ip);
+ }
+ }
+
+ if (preg_match("/:/", $net_ip)) {
+ if (preg_match("/\//", $net_ip)) {
+ if (!in_array($net_ip, $net_ipv6_cidr))
+ array_push($net_ipv6_cidr, $net_ip);
+ }else{
+ if (!in_array($net_ip, $net_ipv6))
+ array_push($net_ipv6, $net_ip);
+ }
+ }
+ } // end foreach
+
+ // TODO: make sure that ips are not in cidr
+
+ $home_net = '';
+ foreach ($net_ipv4_cidr as $net_ipv4_cidr_ip) {
+ if (!empty($net_ipv4_cidr_ip))
+ $home_net .= $net_ipv4_cidr_ip . ',';
+ }
+ foreach ($net_ipv4 as $net_ipv4_ip) {
+ if (!empty($net_ipv4_ip))
+ $home_net .= $net_ipv4_ip . ',';
+ }
+ foreach ($net_ipv6_cidr as $net_ipv6_cidr_ip) {
+ if (!empty($net_ipv6_cidr_ip))
+ $home_net .= $net_ipv6_cidr_ip . ',';
+ }
+ foreach ($net_ipv6 as $net_ipv6_ip) {
+ if (!empty($net_ipv6_ip))
+ $home_net .= $net_ipv6_ip . ',';
+ }
+
+ // remove , if its the last char
+ if($home_net[strlen($home_net)-1] === ',') {
+ $home_net = substr_replace($home_net, '', -1);
+ }
+
+ };
+ $snort_clean_home_net();
+
return $home_net;
-}
+
+} // end func builds custom whitelests
/* checks to see if snort is running yes/no and stop/start */
@@ -460,17 +594,14 @@ function post_delete_logs()
$snort_tcpd_rm_list = snort_build_order($snort_list_tcpd);
snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]);
}
- } else
+ } else {
exec("/bin/rm $snort_log_dir/{$snort_uuid}_{$if_real}/snort.tcpdump*");
-
- /* create barnyard2 configuration file */
- //if ($value['barnyard_enable'] == 'on')
- //create_barnyard2_conf($id, $if_real, $snort_uuid);
-
- if ($value['perform_stat'] == 'on')
- @file_put_contents("$snort_log_dirt/{$snort_uuid}_{$if_real}/snort.stats", "");
+
+ if ($value['perform_stat'] == 'on')
+ @file_put_contents("$snort_log_dirt/{$snort_uuid}_{$if_real}/snort.stats", "");
+ }
}
- }
+ } // end foreach
}
function snort_postinstall()
@@ -832,23 +963,26 @@ function sync_snort_package_config()
if ($if_real != '' && $snort_uuid != '') {
- /* only build whitelist when needed */
- if ($value['blockoffenders7'] == 'on')
+ // only build whitelist when needed
+ if ($value['blockoffenders7'] === 'on') {
create_snort_whitelist($id, $if_real);
+ }
- /* only build threshold when needed */
- if ($value['suppresslistname'] != 'default')
+ // only build threshold when needed
+ if ($value['suppresslistname'] !== 'default'){
create_snort_suppress($id, $if_real);
+ }
- /* create snort configuration file */
+ // create snort configuration file
create_snort_conf($id, $if_real, $snort_uuid);
- /* if rules exist cp rules to each iface */
+ // if rules exist cp rules to each iface
create_rules_iface($id, $if_real, $snort_uuid);
- /* create barnyard2 configuration file */
- if ($value['barnyard_enable'] == 'on')
+ // create barnyard2 configuration file
+ if ($value['barnyard_enable'] == 'on') {
create_barnyard2_conf($id, $if_real, $snort_uuid);
+ }
}
}
@@ -931,12 +1065,16 @@ function create_snort_whitelist($id, $if_real) {
} else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) {
$whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']);
- if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) {
return;
+ }
$whitelist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w];
- $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'],
- $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w);
+ $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'], $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w);
+
+ // this foe whitelistfile, convert spaces to carriage returns
+ $w_data = str_replace(',', "\n", $w_data);
+ $w_data = str_replace(',,', "\n", $w_data);
/* open snort's whitelist for writing */
@file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data);
@@ -1961,19 +2099,13 @@ EOD;
else
$def_max_queued_segs_type = ' max_queued_segs ' . $snortcfg['max_queued_segs'] . ',';
- $snort_preprocessor_decoder_rules = "";
- if (file_exists("/usr/local/etc/snort/preproc_rules/preprocessor.rules"))
- $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
- if (file_exists("/usr/local/etc/snort/preproc_rules/decoder.rules"))
- $snort_preprocessor_decoder_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
-
/* build snort configuration file */
$snort_conf_text = <<<EOD
##############################################################################
# #
# snort configuration file generated by the pfSense package manager system #
-# see /usr/local/pkg/snort.inc # #
+# see /usr/local/pkg/snort.inc #
# for snort ver. 2.9.2.3 #
# more information Snort can be found at http://www.snort.org/ #
# #
@@ -1985,9 +2117,8 @@ EOD;
#
#########################
-# TODO: bug, auto gen is adding extra 127.0.0.1
-ipvar HOME_NET {$home_net}
-ipvar EXTERNAL_NET {$external_net}
+ipvar HOME_NET [{$home_net}]
+ipvar EXTERNAL_NET [{$external_net}]
###################
#
@@ -2454,8 +2585,6 @@ $spoink_type
include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config
include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config
-{$snort_preprocessor_decoder_rules}
-
$threshold_file_name
# Snort user pass through configuration
@@ -2467,7 +2596,9 @@ $threshold_file_name
#
###################
- {$selected_rules_sections}
+
+{$selected_rules_sections}
+
EOD;
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index cdf23825..aee7bee1 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -30,7 +30,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-require_once("/usr/local/www/guiconfig.inc");
+require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort.inc");
@@ -38,6 +38,7 @@ global $g;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
+
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
@@ -375,11 +376,10 @@ function enable_change(enable_change) {
}
//-->
</script>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<form method="post" enctype="multipart/form-data" name="iform" id="iform">
<?php
/* Display Alert message */
if ($input_errors) {
diff --git a/config/snort-dev/snort_interfaces_whitelist_edit.php b/config/snort-dev/snort_interfaces_whitelist_edit.php
index fe3c54a5..14c016db 100644
--- a/config/snort-dev/snort_interfaces_whitelist_edit.php
+++ b/config/snort-dev/snort_interfaces_whitelist_edit.php
@@ -67,17 +67,22 @@ if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'
$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty';
/* returns true if $name is a valid name for a whitelist file name or ip */
-function is_validwhitelistname($name) {
+function is_validwhitelistname($name, $type) {
if (!is_string($name))
- return false;
+ return false;
- if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name))
- return true;
+ if ($type === 'name' && !preg_match("/[^a-zA-Z0-9\_]/", $name))
+ return true;
+
+ if ($type === 'ip' && !preg_match("/[^a-zA-Z0-9\:\,\.\/]/", $name))
+ return true;
+
+ if ($type === 'detail' && !preg_match("/[^a-zA-Z0-9\:\,\.\+\s]/", $name))
+ return true;
return false;
}
-
if (isset($id) && $a_whitelist[$id]) {
/* old settings */
@@ -85,6 +90,7 @@ if (isset($id) && $a_whitelist[$id]) {
$pconfig['name'] = $a_whitelist[$id]['name'];
$pconfig['uuid'] = $a_whitelist[$id]['uuid'];
$pconfig['detail'] = $a_whitelist[$id]['detail'];
+ $pconfig['addressuuid'] = $a_whitelist[$id]['addressuuid'];
$pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype'];
$pconfig['address'] = $a_whitelist[$id]['address'];
$pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']);
@@ -104,24 +110,23 @@ if ($_POST['submit']) {
unset($input_errors);
$pconfig = $_POST;
- /* input validation */
- $reqdfields = explode(" ", "name");
- $reqdfieldsn = explode(",", "Name");
+ //input validation
+ $reqdfields = explode(" ", "name"); // post name required
+ $reqdfieldsn = explode(",", "Name"); // error msg name
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if(strtolower($_POST['name']) == "defaultwhitelist")
$input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
- $x = is_validwhitelistname($_POST['name']);
- if (!isset($x)) {
- $input_errors[] = "Reserved word used for whitelist file name.";
- } else {
- if (is_validwhitelistname($_POST['name']) == false)
- $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset.";
- }
+
+ if (is_validwhitelistname($_POST['name'], 'name') == false)
+ $input_errors[] = "Whitelist name may only consist of the characters a-z, A-Z and 0-9. Note: No Spaces.";
+
+ if (is_validwhitelistname($_POST['descr'], 'detail') == false)
+ $input_errors[] = "Whitelist description name may only consist of the characters [a-z, A-Z 0-9 + , :]. Note: No Spaces.";
- /* check for name conflicts */
+ // check for name conflicts
foreach ($a_whitelist as $w_list) {
if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
continue;
@@ -132,50 +137,64 @@ if ($_POST['submit']) {
}
}
- $isfirst = 0;
- $address = "";
- $final_address_details .= "";
- /* add another entry code */
- for($x=0; $x<499; $x++) {
- if (!empty($_POST["address{$x}"])) {
- if ($is_first > 0)
- $address .= " ";
- $address .= $_POST["address{$x}"];
- if ($_POST["address_subnet{$x}"] <> "")
- $address .= "" . $_POST["address_subnet{$x}"];
-
- /* Compress in details to a single key, data separated by pipes.
- Pulling details here lets us only pull in details for valid
- address entries, saving us from having to track which ones to
- process later. */
- $final_address_detail = mb_convert_encoding($_POST["detail{$x}"],'HTML-ENTITIES','auto');
- if ($final_address_detail <> "")
- $final_address_details .= $final_address_detail;
- else {
- $final_address_details .= "Entry added" . " ";
- $final_address_details .= date('r');
+ // build string lists
+ if (!empty($pconfig[addresses])) {
+ $countArray = count($pconfig[addresses]);
+ $i = 0;
+
+ foreach ($pconfig[addresses] as $address) {
+
+ $i++;
+
+ if (is_validwhitelistname($address[address], 'ip') == false) {
+ $input_errors[] = "List of IPs may only consist of the characters [. : 0-9]. Note: No Spaces.";
}
- $final_address_details .= "||";
- $is_first++;
- }
+
+ if (is_validwhitelistname($address[detail], 'detail') == false) {
+ $input_errors[] = "List of IP descriptions may only consist of the characters [a-z, A-Z 0-9 + , :].";
+ }
+
+ if (!empty($address[address]) && !empty($address[uuid])) {
+
+ $final_address_ip .= $address[address];
+
+ $final_address_uuid .= $address[uuid];
+
+ if (empty($address[detail])) {
+ $final_address_details .= "Entry added " . date('r');
+ }else{
+ $final_address_details .= $address[detail];
+ }
+
+ if($i < $countArray){
+ $final_address_ip .= ',';
+ $final_address_details .= '||';
+ $final_address_uuid .= '||';
+ }
+ }
+ }
}
-
+
+ $w_list = array();
+ // post user input
+ $w_list['name'] = $_POST['name'];
+ $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $w_list['uuid'] = $whitelist_uuid;
+ $w_list['snortlisttype'] = $_POST['snortlisttype'];
+ $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
+ $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
+ $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no';
+ $w_list['vips'] = $_POST['vips']? 'yes' : 'no';
+ $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no';
+
+ $w_list['addressuuid'] = $final_address_uuid;
+ $w_list['address'] = $final_address_ip;
+ $w_list['detail'] = $final_address_details;
+
+ if (empty($final_address_ip) && $w_list['wanips'] === 'no' && $w_list['wangateips'] === 'no' && $w_list['wandnsips'] === 'no' && $w_list['vips'] === 'no' && $w_list['vpnips'] === 'no')
+ $input_errors[] = "You must add a \"auto generated ip\" or a \"custom ip\"! ";
+
if (!$input_errors) {
- $w_list = array();
- /* post user input */
- $w_list['name'] = $_POST['name'];
- $w_list['uuid'] = $whitelist_uuid;
- $w_list['snortlisttype'] = $_POST['snortlisttype'];
- $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
- $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
- $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no';
- $w_list['vips'] = $_POST['vips']? 'yes' : 'no';
- $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no';
-
- $w_list['address'] = $address;
- $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $w_list['detail'] = $final_address_details;
-
if (isset($id) && $a_whitelist[$id])
$a_whitelist[$id] = $w_list;
else
@@ -183,15 +202,25 @@ if ($_POST['submit']) {
write_config();
- /* create whitelist and homenet file then sync files */
+ // create whitelist and homenet file then sync files
sync_snort_package_config();
header("Location: /snort/snort_interfaces_whitelist.php");
exit;
} else {
+
+ $pconfig['wanips'] = $a_whitelist[$id]['wanips'];
+ $pconfig['wangateips'] = $a_whitelist[$id]['wangateips'];
+ $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips'];
+ $pconfig['vips'] = $a_whitelist[$id]['vips'];
+ $pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
+
$pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $pconfig['address'] = $address;
+ $pconfig['address'] = $final_address_ip;
$pconfig['detail'] = $final_address_details;
+ $pconfig['addressuuid'] = $final_address_uuid;
+
+ $input_errors[] = 'Press Cancel to reset.';
}
}
@@ -207,36 +236,36 @@ include_once("head.inc");
include("fbegin.inc");
echo $snort_general_css;
?>
-<script type="text/javascript" src="/javascript/row_helper.js"></script>
- <input type='hidden' name='address_type' value='textbox' />
- <script type="text/javascript">
-
- rowname[0] = "address";
- rowtype[0] = "textbox";
- rowsize[0] = "20";
- rowname[1] = "detail";
- rowtype[1] = "textbox";
- rowsize[1] = "30";
-</script>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<div id="inputerrors"></div>
-
-<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform">
<?php
/* Display Alert message */
if ($input_errors)
print_input_errors($input_errors); // TODO: add checks
if ($savemsg)
- print_info_box2($savemsg);
+ print_info_box($savemsg);
?>
+<div id="inputerrors"></div>
+
+<form action="snort_interfaces_whitelist_edit.php?id=<?=$id?>" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
+ display_top_tabs($tab_array);
+?>
+ </td>
+</tr>
<tr>
<td class="tabcont">
@@ -358,32 +387,33 @@ echo $snort_general_css;
<?php
/* cleanup code */
$counter = 0;
- $address = $pconfig['address'];
- if ($address <> ""):
- $item = explode(" ", $address);
- $item3 = explode("||", $pconfig['detail']);
- foreach($item as $ww):
- $address = $item[$counter];
- $item4 = $item3[$counter];
+ if (!empty($pconfig['address'])):
+
+ $addressArray = explode(',', $pconfig['address']);
+ $detailArray = explode('||', $pconfig['detail']);
+ $RowUUIDArray = explode('||', $pconfig['addressuuid']);
+
+ foreach($addressArray as $address):
+ if (!empty($address)):
+ $detail = $detailArray[$counter];
+ $rowaddressuuid= $RowUUIDArray[$counter];
?>
- <tr>
- <td><input name="address<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="30" value="<?=htmlspecialchars($address);?>" /></td>
- <td><input name="detail<?php echo $counter; ?>" class="formfld unknown" type="text" id="address<?php echo $counter; ?>" size="50" value="<?=$item4;?>" /></td>
- <td>
- <?php echo "<input type=\"image\" src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" onclick=\"removeRow(this); return false;\" value=\"Delete\" />"; ?>
- </td>
- </tr>
+ <tr id="<?=$rowaddressuuid?>">
+ <td><input autocomplete="off" name="addresses[<?=$rowaddressuuid;?>][address]" class="formfld unknown" size="30" value="<?=$address;?>" type="text"></td>
+ <td><input autocomplete="off" name="addresses[<?=$rowaddressuuid;?>][detail]" class="formfld unknown" size="50" value="<?=$detail;?>" type="text"></td>
+ <td><img id="<?=$rowaddressuuid;?>" class="icon_x removeRow" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" alt="" title="remove entry" border="0"></td>
+ <td><input name="addresses[<?=$rowaddressuuid;?>][uuid]" value="<?=$rowaddressuuid;?>" type="hidden"></td>
+ </tr>
+
<?php
$counter++;
-
- endforeach; endif;
+ endif;
+ endforeach;
+ endif;
?>
</tbody>
</table>
- <a onclick="javascript:addRowTo('maintable'); return false;"
- href="#"><img border="0"
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt=""
- title="add another entry" /> </a></td>
+ <img id="addNewRow" class="icon_x" border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /></td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
@@ -400,12 +430,62 @@ echo $snort_general_css;
</form>
<script type="text/javascript">
- /* row and col adjust when you add extra entries */
+
+
+/*! Needs to be watched not my code <- IMPORTANT
+* JavaScript UUID Generator, v0.0.1
+*
+* Copyright (c) 2009 Massimo Lombardo.
+* Dual licensed under the MIT and the GNU GPL licenses.
+*/
+
+function genUUID() {
+ var uuid = (function () {
+ var i,
+ c = "89ab",
+ u = [];
+ for (i = 0; i < 36; i += 1) {
+ u[i] = (Math.random() * 16 | 0).toString(16);
+ }
+ u[8] = u[13] = u[18] = u[23] = "";
+ u[14] = "4";
+ u[19] = c.charAt(Math.random() * 4 | 0);
+ return u.join("");
+ })();
+ return {
+ toString: function () {
+ return uuid;
+ },
+ valueOf: function () {
+ return uuid;
+ }
+ }
+};
+
+
+ jQuery(".icon_x").live('mouseover', function() {
+ jQuery(this).css('cursor', 'pointer');
+ });
+
- field_counter_js = 3;
- rows = 1;
- totalrows = <?php echo $counter; ?>;
- loaded = <?php echo $counter; ?>;
+ jQuery('#addNewRow').live("click", function(){
+
+ var addRowCount = genUUID();
+
+ jQuery('#maintable > tbody').append(
+ "\n" + '<tr id="' + addRowCount + '">' + "\n" +
+ '<td><input autocomplete="off" name="addresses[' + addRowCount + '][address]" class="formfld unknown" size="30" value="" type="text"></td>' + "\n" +
+ '<td><input autocomplete="off" name="addresses[' + addRowCount + '][detail]" class="formfld unknown" size="50" value="" type="text"></td>' + "\n" +
+ '<td><img id="' + addRowCount + '" class="icon_x removeRow" border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" alt="" title="remove entry" /></td>' + "\n" +
+ '<td><input name="addresses[' + addRowCount + '][uuid]" type="hidden" value="' + addRowCount + '" /></td>' + "\n" +
+ '</tr>' + "\n"
+ );
+ });
+
+
+ jQuery(".removeRow").live('click', function(){
+ jQuery("#" + this.id).remove();
+ });
</script>