0)
list ($ip1bin, $ip2bin) = array($ip2bin, $ip1bin); // swap contents of ip1 <= ip2
$rangesubnets = array();
$netsize = 0;
do {
// at loop start, $ip1 is guaranteed strictly less than $ip2 (important for edge case trapping and preventing accidental binary wrapround)
// which means the assignments $ip1 += 1 and $ip2 -= 1 will always be "binary-wrapround-safe"
// step #1 if start ip (as shifted) ends in any '1's, then it must have a single cidr to itself (any cidr would include the '0' below it)
if (substr($ip1bin, -1, 1) == '1') {
// the start ip must be in a separate one-IP cidr range
$new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize);
$rangesubnets[$new_subnet_ip] = $bits - $netsize;
$n = strrpos($ip1bin, '0'); //can't be all 1's
$ip1bin = ($n == 0 ? '' : substr($ip1bin, 0, $n)) . '1' . str_repeat('0', $bits - $n - 1); // BINARY VERSION OF $ip1 += 1
}
// step #2, if end ip (as shifted) ends in any zeros then that must have a cidr to itself (as cidr cant span the 1->0 gap)
if (substr($ip2bin, -1, 1) == '0') {
// the end ip must be in a separate one-IP cidr range
$new_subnet_ip = substr($ip2bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize);
$rangesubnets[$new_subnet_ip] = $bits - $netsize;
$n = strrpos($ip2bin, '1'); //can't be all 0's
$ip2bin = ($n == 0 ? '' : substr($ip2bin, 0, $n)) . '0' . str_repeat('1', $bits - $n - 1); // BINARY VERSION OF $ip2 -= 1
// already checked for the edge case where end = start+1 and start ends in 0x1, above, so it's safe
}
// this is the only edge case arising from increment/decrement.
// it happens if the range at start of loop is exactly 2 adjacent ips, that spanned the 1->0 gap. (we will have enumerated both by now)
if (strcmp($ip2bin, $ip1bin) < 0)
continue;
// step #3 the start and end ip MUST now end in '0's and '1's respectively
// so we have a non-trivial range AND the last N bits are no longer important for CIDR purposes.
$shift = $bits - max(strrpos($ip1bin, '0'), strrpos($ip2bin, '1')); // num of low bits which are '0' in ip1 and '1' in ip2
$ip1bin = str_repeat('0', $shift) . substr($ip1bin, 0, $bits - $shift);
$ip2bin = str_repeat('0', $shift) . substr($ip2bin, 0, $bits - $shift);
$netsize += $shift;
if ($ip1bin === $ip2bin) {
// we're done.
$new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize);
$rangesubnets[$new_subnet_ip] = $bits - $netsize;
continue;
}
// at this point there's still a remaining range, and either startip ends with '1', or endip ends with '0'. So repeat cycle.
} while (strcmp($ip1bin, $ip2bin) < 0);
// subnets are ordered by bit size. Re sort by IP ("naturally") and convert back to IPv4/IPv6
ksort($rangesubnets, SORT_STRING);
$out = array();
foreach ($rangesubnets as $ip => $netmask) {
if ($proto == 'ipv4') {
$i = str_split($ip, 8);
$out[] = implode('.', array( bindec($i[0]),bindec($i[1]),bindec($i[2]),bindec($i[3]))) . '/' . $netmask;
} else
$out[] = Net_IPv6::compress(Net_IPv6::_bin2Ip($ip)) . '/' . $netmask;
}
return $out;
}
# Set php Memory Limit
$uname = posix_uname();
if ($uname['machine'] == "amd64")
ini_set('memory_limit', '256M');
function pfb_update_check($header_url, $list_url, $url_format, $pfbfolder) {
global $pfb;
$pfb['cron_update'] = FALSE;
if ($url_format == "rsync" || $url_format == "html") {
$log = "[ {$header_url} ]\n Skipping timestamp query\n";
pfb_logger("{$log}","1");
$pfb['cron_update'] = TRUE;
}
switch ($url_format) {
case "gz":
case "gz_2":
case "gz_lg":
case "et":
$type = '.gz';
break;
case "zip":
case "xlsx":
$type = '.zip';
break;
case "txt":
$type = '.orig';
break;
case "html":
case "block":
$type = '.raw';
break;
}
$log = "[ {$header_url} ]\n";
pfb_logger("{$log}","1");
$host = @parse_url($list_url);
$local_file = "{$pfb['origdir']}/{$header_url}{$type}";
if (file_exists($local_file)) {
// Determine if URL is Remote or Local
if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) {
$remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($local_file));
} else {
$remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url)));
$remote_tds = preg_replace("/^Last-Modified: /","", $remote_tds);
}
$log = " Remote timestamp: {$remote_tds}\n";
pfb_logger("{$log}","1");
$local_tds = gmdate ("D, d M Y H:i:s T", filemtime($local_file));
$log = " Local timestamp: {$local_tds}\n";
pfb_logger("{$log}","1");
if ("{$remote_tds}" != "{$local_tds}") {
$pfb['cron_update'] = TRUE;
} else {
$log = " Remote file unchanged. Download Terminated\n";
pfb_logger("{$log}","1");
$pfb['cron_update'] = FALSE;
}
} else {
$pfb['cron_update'] = TRUE;
}
if ($pfb['cron_update']) {
// Trigger CRON Process if Updates are Found.
$pfb['update_cron'] = TRUE;
$log = " Updates Found\n";
pfb_logger("{$log}","1");
unlink_if_exists($pfbfolder . '/' . $header_url . '.txt');
}
}
if ($argv[1] == 'update') {
sync_package_pfblockerng("cron");
}
if ($argv[1] == 'dc') {
# (Options - 'bu' Binary Update for Reputation/Alerts Page, 'all' for Country update and 'bu' options.
if ($pfb['cc'] == "") {
exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1");
} else {
exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh bu >> {$pfb['geolog']} 2>&1");
}
pfblockerng_uc_countries();
pfblockerng_get_countries();
// Remove Original Maxmind Database Files
@unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryCSV.zip");
@unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryWhois.csv");
@unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv");
@unlink_if_exists("{$pfb['dbdir']}/country_continent.csv");
}
if ($argv[1] == 'uc') {
pfblockerng_uc_countries();
}
if ($argv[1] == 'gc') {
pfblockerng_get_countries();
}
if ($argv[1] == 'cron') {
$hour = date('H');
$dow = date('N');
$pfb['update_cron'] = FALSE;
# Start hour of the 'Once a day' Schedule
$pfb['dailystart'] = $config['installedpackages']['pfblockerng']['config'][0]['pfb_dailystart'];
# Start hour of the Scheduler
if ($config['installedpackages']['pfblockerng']['config'][0]['pfb_hour'] != "") {
$pfb['hour'] = $config['installedpackages']['pfblockerng']['config'][0]['pfb_hour'];
} else {
$pfb['hour'] = "1";
}
$updates = 0;
# 2 Hour Schedule Converter
$shour = intval(substr($pfb['hour'], 0, 2));
$sch2 = strval($shour);
for ($i=0; $i<11; $i++) {
$shour += 2;
if ($shour > 24)
$shour -= 24;
$sch2 .= "," . strval($shour);
}
# 3 Hour Schedule Converter
$shour = intval(substr($pfb['hour'], 0, 2));
$sch3 = strval($shour);
for ($i=0; $i<7; $i++) {
$shour += 3;
if ($shour > 24)
$shour -= 24;
$sch3 .= "," . strval($shour);
}
# 4 Hour Schedule Converter
$shour = intval(substr($pfb['hour'], 0, 2));
$sch4 = strval($shour);
for ($i=0; $i<5; $i++) {
$shour += 4;
if ($shour > 24)
$shour -= 24;
$sch4 .= "," . strval($shour);
}
# 6 Hour Schedule Converter
$shour = intval(substr($pfb['hour'], 0, 2));
$sch6 = strval($shour);
for ($i=0; $i<3; $i++) {
$shour += 6;
if ($shour > 24)
$shour -= 24;
$sch6 .= "," . strval($shour);
}
# 8 Hour Schedule Converter
$shour = intval(substr($pfb['hour'], 0, 2));
$sch8 = strval($shour);
for ($i=0; $i<2; $i++) {
$shour += 8;
if ($shour > 24)
$shour -= 24;
$sch8 .= "," . strval($shour);
}
# 12 Hour Schedule Converter
$shour = intval(substr($pfb['hour'], 0, 2));
$sch12 = strval($shour) . ",";
$shour += 12;
if ($shour > 24)
$shour -= 24;
$sch12 .= strval($shour);
$e_sch2 = explode(",", $sch2);
$e_sch3 = explode(",", $sch3);
$e_sch4 = explode(",", $sch4);
$e_sch6 = explode(",", $sch6);
$e_sch8 = explode(",", $sch8);
$e_sch12 = explode(",", $sch12);
$log = " CRON PROCESS START [ NOW ]\n";
pfb_logger("{$log}","1");
$list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6");
foreach ($list_type as $ip_type => $vtype) {
if ($config['installedpackages'][$ip_type]['config'] != "") {
foreach ($config['installedpackages'][$ip_type]['config'] as $list) {
if (is_array($list['row']) && $list['action'] != "Disabled") {
foreach ($list['row'] as $row) {
if ($row['url'] != "" && $row['state'] != "Disabled") {
if ($vtype == "_v4") {
$header_url = "{$row['header']}";
} else {
$header_url = "{$row['header']}_v6";
}
# Determine Folder Location for Alias (return array $pfbarr)
pfb_determine_list_detail($list['action']);
$pfbfolder = $pfbarr['folder'];
$list_cron = $list['cron'];
$list_url = $row['url'];
$header_dow = $list['dow'];
$url_format = $row['format'];
// Bypass update if state is defined as "Hold" and list file exists
if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $row['state'] == "Hold") {
continue;
}
# Check if List file exists, if not found run Update
if (!file_exists($pfbfolder . '/' . $header_url . '.txt')) {
$log = " Updates Found\n";
pfb_logger("{$log}","1");
$pfb['update_cron'] = TRUE;
continue;
}
switch ($list_cron) {
case "01hour":
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
break;
case "02hours":
if (in_array($hour, $e_sch2))
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
break;
case "03hours":
if (in_array($hour, $e_sch3))
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
break;
case "04hours":
if (in_array($hour, $e_sch4))
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
break;
case "06hours":
if (in_array($hour, $e_sch6))
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
break;
case "08hours":
if (in_array($hour, $e_sch8))
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
break;
case "12hours":
if (in_array($hour, $e_sch12))
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
break;
case "EveryDay":
if ($hour == $pfb['dailystart'])
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
break;
case "Weekly":
if ($hour == $pfb['dailystart'] && $dow == $header_dow)
pfb_update_check($header_url, $list_url, $url_format, $pfbfolder);
break;
default:
break;
}
}
}
}
}
}
}
if ($pfb['update_cron']) {
sync_package_pfblockerng("cron");
} else {
$log = "\n No Updates required. \n\n";
pfb_logger("{$log}","1");
}
$log = " CRON PROCESS ENDED [ NOW ]\n";
pfb_logger("{$log}","1");
# Call Log Mgmt Function
// If Update GUI 'Manual view' is selected. Last output will be missed. So sleep for 5 secs.
sleep(5);
pfb_log_mgmt();
}
// Function to process the downloaded Maxmind Database and format into Continent txt files.
function pfblockerng_uc_countries() {
global $g,$pfb;
$maxmind_cont = "{$pfb['dbdir']}/country_continent.csv";
$maxmind_cc4 = "{$pfb['dbdir']}/GeoIPCountryWhois.csv";
$maxmind_cc6 = "{$pfb['dbdir']}/GeoIPv6.csv";
# Create Folders if not Exist
$folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}");
foreach ($folder_array as $folder) {
safe_mkdir ("{$folder}",0755);
}
$now = date("m/d/y G:i:s", time());
$log = "Country Code Update Start - [ NOW ]\n\n";
print "Country Code Update Start - [ $now ]\n\n";
pfb_logger("{$log}","3");
if (!file_exists($maxmind_cont) || !file_exists($maxmind_cc4) || !file_exists($maxmind_cc6)) {
$log = " [ MAXMIND UPDATE FAIL, CSV Missing, using Previous Country Code Database \n";
print $log;
pfb_logger("{$log}","3");
return;
}
# Save Date/Time Stamp to MaxMind version file
$maxmind_ver = "MaxMind GeoLite Date/Time Stamps \n\n";
$remote_tds = @implode(preg_grep("/Last-Modified/", get_headers("http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip")));
$maxmind_ver .= "MaxMind_v4 \t" . $remote_tds . "\n";
$local_tds = @gmdate ("D, d M Y H:i:s T", filemtime($maxmind_cc4));
$maxmind_ver .= "Local_v4 \tLast-Modified: " . $local_tds . "\n\n";
$remote_tds = @implode(preg_grep("/Last-Modified/", get_headers("http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz")));
$maxmind_ver .= "MaxMind_v6 \t" . $remote_tds . "\n";
$local_tds = @gmdate ("D, d M Y H:i:s T", filemtime($maxmind_cc6));
$maxmind_ver .= "Local_v6 \tLast-Modified: " . $local_tds . "\n";
$maxmind_ver .= "\nThese Timestamps should *match* \n";
@file_put_contents("{$pfb['logdir']}/maxmind_ver", $maxmind_ver);
// Collect ISO Codes for Each Continent
$log = "Processing Continent Data\n";
print $log;
pfb_logger("{$log}","3");
$cont_array = array ( array($AF),array($AS),array($EU),array($NA),array($OC),array($SA),array($AX));
if (($handle = fopen("{$maxmind_cont}",'r')) !== FALSE) {
while (($cc = fgetcsv($handle)) !== FALSE) {
$cc_key = $cc[0];
$cont_key = $cc[1];
switch ($cont_key) {
case "AF":
$cont_array[0]['continent'] = "Africa";
$cont_array[0]['iso'] .= "{$cc_key},";
$cont_array[0]['file4'] = "{$pfb['ccdir']}/Africa_v4.txt";
$cont_array[0]['file6'] = "{$pfb['ccdir']}/Africa_v6.txt";
break;
case "AS":
$cont_array[1]['continent'] = "Asia";
$cont_array[1]['iso'] .= "{$cc_key},";
$cont_array[1]['file4'] = "{$pfb['ccdir']}/Asia_v4.txt";
$cont_array[1]['file6'] = "{$pfb['ccdir']}/Asia_v6.txt";
break;
case "EU":
$cont_array[2]['continent'] = "Europe";
$cont_array[2]['iso'] .= "{$cc_key},";
$cont_array[2]['file4'] = "{$pfb['ccdir']}/Europe_v4.txt";
$cont_array[2]['file6'] = "{$pfb['ccdir']}/Europe_v6.txt";
break;
case "NA":
$cont_array[3]['continent'] = "North America";
$cont_array[3]['iso'] .= "{$cc_key},";
$cont_array[3]['file4'] = "{$pfb['ccdir']}/North_America_v4.txt";
$cont_array[3]['file6'] = "{$pfb['ccdir']}/North_America_v6.txt";
break;
case "OC":
$cont_array[4]['continent'] = "Oceania";
$cont_array[4]['iso'] .= "{$cc_key},";
$cont_array[4]['file4'] = "{$pfb['ccdir']}/Oceania_v4.txt";
$cont_array[4]['file6'] = "{$pfb['ccdir']}/Oceania_v6.txt";
break;
case "SA":
$cont_array[5]['continent'] = "South America";
$cont_array[5]['iso'] .= "{$cc_key},";
$cont_array[5]['file4'] = "{$pfb['ccdir']}/South_America_v4.txt";
$cont_array[5]['file6'] = "{$pfb['ccdir']}/South_America_v6.txt";
break;
}
}
}
unset($cc);
fclose($handle);
// Add Maxmind Anonymous Proxy and Satellite Providers to array
$cont_array[6]['continent'] = "Proxy and Satellite";
$cont_array[6]['iso'] = "A1,A2";
$cont_array[6]['file4'] = "{$pfb['ccdir']}/Proxy_Satellite_v4.txt";
$cont_array[6]['file6'] = "{$pfb['ccdir']}/Proxy_Satellite_v6.txt";
// Collect Country ISO data and sort to Continent arrays (IPv4 and IPv6)
foreach (array("4", "6") as $type) {
$log = "Processing ISO IPv{$type} Continent/Country Data\n";
print $log;
pfb_logger("{$log}","3");
if ($type == "4") {
$maxmind_cc = "{$pfb['dbdir']}/GeoIPCountryWhois.csv";
} else {
$maxmind_cc = "{$pfb['dbdir']}/GeoIPv6.csv";
}
$iptype = "ip{$type}";
$filetype = "file{$type}";
if (($handle = fopen("{$maxmind_cc}",'r')) !== FALSE) {
while (($cc = fgetcsv($handle)) !== FALSE) {
$cc_key = $cc[4];
$country_key = $cc[5];
$a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1]));
$counter = 0;
foreach ($cont_array as $iso) {
if (preg_match("/\b$cc_key\b/", $iso['iso'])) {
$cont_array[$counter][$cc_key][$iptype] .= $a_cidr . ",";
$cont_array[$counter][$cc_key]['country'] = $country_key;
continue;
}
$counter++;
}
}
}
unset($cc);
fclose($handle);
// Build Continent Files
$counter = 0;
foreach ($cont_array as $iso) {
$header = "";
$pfb_file = "";
$iso_key = "";
$header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n";
$header .= "# Continent IPv{$type}: " . $cont_array[$counter]['continent'] . "\n";
$pfb_file = $cont_array[$counter][$filetype];
$iso_key = array_keys($iso);
foreach ($iso_key as $key) {
if (preg_match("/[A-Z]{2}|A1|A2/", $key)) {
$header .= "# Country: " . $iso[$key]['country'] . "\n";
$header .= "# ISO Code: " . $key . "\n";
$header .= "# Total Networks: " . substr_count($iso[$key][$iptype], ",") . "\n";
$header .= str_replace(",", "\n", $iso[$key][$iptype]);
$iso[$key][$iptype] = "";
}
}
$counter++;
@file_put_contents($pfb_file, $header, LOCK_EX);
}
}
}
// Function to process Continent txt files and create Country ISO files and to Generate GUI XML files.
function pfblockerng_get_countries() {
global $g,$pfb;
$files = array ( "Africa" => "{$pfb['ccdir']}/Africa_v4.txt",
"Asia" => "{$pfb['ccdir']}/Asia_v4.txt",
"Europe" => "{$pfb['ccdir']}/Europe_v4.txt",
"North America" => "{$pfb['ccdir']}/North_America_v4.txt",
"Oceania" => "{$pfb['ccdir']}/Oceania_v4.txt",
"South America" => "{$pfb['ccdir']}/South_America_v4.txt",
"Proxy and Satellite" => "{$pfb['ccdir']}/Proxy_Satellite_v4.txt"
);
// Collect Data to generate new continent XML Files.
$log = "Building pfBlockerNG XML Files \n";
print $log;
pfb_logger("{$log}","3");
foreach ($files as $cont => $file) {
// Process the following for IPv4 and IPv6
foreach (array("4", "6") as $type) {
$log = "IPv{$type} " . $cont . "\n";
print $log;
pfb_logger("{$log}","3");
if ($type == "6")
$file = preg_replace("/v4/", "v6", $file);
$convert = explode("\n", file_get_contents($file));
$cont_name = preg_replace("/ /", "", $cont);
$cont_name_lower = strtolower($cont_name);
$active = array("$cont" => '');
$lastkey = count ($convert) - 1;
$pfb['complete'] = FALSE;
$keycount = 1;
$total = 0;
foreach ($convert as $line) {
if (preg_match("/#/",$line)) {
if ($pfb['complete']) {
${'coptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' ' . $isocode . '';
// Only collect IPv4 for Reputation Tab
if ($type == "4")
$roptions4[] = $country . '-' . $isocode . ' ('. $total .') ' . ' ' . $isocode . '';
// Save ISO data
@file_put_contents($pfb['ccdir'] . '/' . $isocode . '_v' . $type . '.txt', $xml_data, LOCK_EX);
// Clear variables and restart Continent collection process
unset($total, $xml_data);
$pfb['complete'] = FALSE;
}
if (preg_match("/Total Networks: 0/", $line)) { continue;} // Don't Display Countries with Null Data
if (preg_match("/Country:\s(.*)/",$line, $matches)) { $country = $matches[1];}
if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $isocode = $matches[1];}
}
elseif (!preg_match("/#/",$line)) {
$total++;
if (!empty($line))
$xml_data .= $line . "\n";
$pfb['complete'] = TRUE;
}
// Save last EOF ISO IP data
if ($keycount == $lastkey) {
if (preg_match("/Total Networks: 0/", $line)) { continue;} // Dont Display Countries with Null Data
${'coptions' . $type}[] = $country . '-' . $isocode . ' ('. $total .') ' . ' ' . $isocode . '';
if ($type == "4")
$roptions4[] = $country . '-' . $isocode . ' ('. $total .') ' . ' ' . $isocode . '';
@file_put_contents($pfb['ccdir'] . '/' . $isocode . '_v' . $type . '.txt', $xml_data, LOCK_EX);
unset($total, $xml_data);
}
$keycount++;
}
unset ($ips, $convert);
// Sort IP Countries alphabetically and build XML