1 |
diff -urN xtables-addons-2.14.old/extensions/xt_geoip.h xtables-addons-2.14/extensions/xt_geoip.h |
2 |
--- xtables-addons-2.14.old/extensions/xt_geoip.h 2017-11-22 21:29:25.000000000 +0400 |
3 |
+++ xtables-addons-2.14/extensions/xt_geoip.h 2020-06-07 22:15:24.187564284 +0400 |
4 |
@@ -18,7 +18,7 @@ |
5 |
XT_GEOIP_DST = 1 << 1, /* Perform check on Destination IP */ |
6 |
XT_GEOIP_INV = 1 << 2, /* Negate the condition */ |
7 |
|
8 |
- XT_GEOIP_MAX = 15, /* Maximum of countries */ |
9 |
+ XT_GEOIP_MAX = 50, /* Maximum of countries */ |
10 |
}; |
11 |
|
12 |
/* Yup, an address range will be passed in with host-order */ |
13 |
diff -urN xtables-addons-2.14.old/geoip/xt_geoip_build xtables-addons-2.14/geoip/xt_geoip_build |
14 |
--- xtables-addons-2.14.old/geoip/xt_geoip_build 2017-11-22 21:29:25.000000000 +0400 |
15 |
+++ xtables-addons-2.14/geoip/xt_geoip_build 2020-06-07 22:21:36.000000000 +0400 |
16 |
@@ -1,10 +1,14 @@ |
17 |
#!/usr/bin/perl |
18 |
# |
19 |
# Converter for MaxMind CSV database to binary, for xt_geoip |
20 |
-# Copyright © Jan Engelhardt, 2008-2011 |
21 |
+# Copyright Jan Engelhardt, 2008-2011 |
22 |
+# Copyright Philip Prindeville, 2018 |
23 |
+# Added Twice output (BE, LE) for v1.x for SME9 - Mab974, 2018 |
24 |
# |
25 |
use Getopt::Long; |
26 |
-use IO::Handle; |
27 |
+use Net::CIDR::Lite; |
28 |
+use Socket qw(AF_INET AF_INET6 inet_pton); |
29 |
+use warnings; |
30 |
use Text::CSV_XS; # or trade for Text::CSV |
31 |
use strict; |
32 |
|
33 |
@@ -32,33 +36,208 @@ |
34 |
} |
35 |
} |
36 |
|
37 |
+my %countryId; |
38 |
+my %countryName; |
39 |
+ |
40 |
+my $dir = findVersion(); |
41 |
+ |
42 |
+&loadCountries(); |
43 |
+ |
44 |
&dump(&collect()); |
45 |
|
46 |
-sub collect |
47 |
+sub findVersion |
48 |
{ |
49 |
- my %country; |
50 |
- |
51 |
- while (my $row = $csv->getline(*ARGV)) { |
52 |
- if (!defined($country{$row->[4]})) { |
53 |
- $country{$row->[4]} = { |
54 |
- name => $row->[5], |
55 |
- pool_v4 => [], |
56 |
- pool_v6 => [], |
57 |
- }; |
58 |
+ my @dirs = (); |
59 |
+ my $filename; |
60 |
+ |
61 |
+ opendir(my $dh, '.') || die "Can't open .: $!\n"; |
62 |
+ |
63 |
+ while (($filename = readdir($dh))) { |
64 |
+ if ($filename =~ m/^GeoLite2-Country-CSV_\d{8}$/) { |
65 |
+ push(@dirs, $filename); |
66 |
} |
67 |
- my $c = $country{$row->[4]}; |
68 |
- if ($row->[0] =~ /:/) { |
69 |
- push(@{$c->{pool_v6}}, |
70 |
- [&ip6_pack($row->[0]), &ip6_pack($row->[1])]); |
71 |
+ } |
72 |
+ closedir $dh; |
73 |
+ |
74 |
+ @dirs = sort @dirs; |
75 |
+ return pop(@dirs); |
76 |
+} |
77 |
+ |
78 |
+sub loadCountries |
79 |
+{ |
80 |
+ my $file = "$dir/GeoLite2-Country-Locations-en.csv"; |
81 |
+ |
82 |
+ sub id; sub cc; sub long; sub ct; sub cn; |
83 |
+ |
84 |
+ %countryId = (); |
85 |
+ %countryName = (); |
86 |
+ |
87 |
+ open(my $fh, '<', $file) || die "Couldn't open list country names\n"; |
88 |
+ |
89 |
+ # first line is headers |
90 |
+ my $row = $csv->getline($fh); |
91 |
+ |
92 |
+ my %header = map { ($row->[$_], $_); } (0..$#{$row}); |
93 |
+ |
94 |
+ my %pairs = ( |
95 |
+ country_iso_code => 'ISO Country Code', |
96 |
+ geoname_id => 'ID', |
97 |
+ country_name => 'Country Name', |
98 |
+ continent_code => 'Continent Code', |
99 |
+ continent_name => 'Continent Name', |
100 |
+ ); |
101 |
+ |
102 |
+ # verify that the columns we need are present |
103 |
+ map { die "Table has no $pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs; |
104 |
+ |
105 |
+ my %remapping = ( |
106 |
+ id => 'geoname_id', |
107 |
+ cc => 'country_iso_code', |
108 |
+ long => 'country_name', |
109 |
+ ct => 'continent_code', |
110 |
+ cn => 'continent_name', |
111 |
+ ); |
112 |
+ |
113 |
+ # now create a function which returns the value of that column # |
114 |
+ map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping; |
115 |
+ |
116 |
+ while (my $row = $csv->getline($fh)) { |
117 |
+ if ($row->[cc] eq '' && $row->[long] eq '') { |
118 |
+ $countryId{$row->[id]} = $row->[ct]; |
119 |
+ $countryName{$row->[ct]} = $row->[cn]; |
120 |
} else { |
121 |
- push(@{$c->{pool_v4}}, [$row->[2], $row->[3]]); |
122 |
- } |
123 |
- if ($. % 4096 == 0) { |
124 |
- print STDERR "\r\e[2K$. entries"; |
125 |
+ $countryId{$row->[id]} = $row->[cc]; |
126 |
+ $countryName{$row->[cc]} = $row->[long]; |
127 |
} |
128 |
} |
129 |
|
130 |
- print STDERR "\r\e[2K$. entries total\n"; |
131 |
+ $countryName{A1} = 'Anonymous Proxy'; |
132 |
+ $countryName{A2} = 'Satellite Provider'; |
133 |
+ $countryName{O1} = 'Other Country'; |
134 |
+ |
135 |
+ close($fh); |
136 |
+ |
137 |
+ # clean up the namespace |
138 |
+ undef &id; undef &cc; undef &long; undef &ct; undef &cn; |
139 |
+} |
140 |
+ |
141 |
+sub lookupCountry |
142 |
+{ |
143 |
+ my ($id, $rid, $proxy, $sat) = @_; |
144 |
+ |
145 |
+ if ($proxy) { |
146 |
+ return 'A1'; |
147 |
+ } elsif ($sat) { |
148 |
+ return 'A2'; |
149 |
+ } |
150 |
+ $id ||= $rid; |
151 |
+ if ($id eq '') { |
152 |
+ return 'O1'; |
153 |
+ } |
154 |
+ die "Unknown id: $id line $.\n" unless (exists $countryId{$id}); |
155 |
+ return $countryId{$id}; |
156 |
+} |
157 |
+ |
158 |
+sub collect |
159 |
+{ |
160 |
+ my ($file, $fh, $row); |
161 |
+ my (%country, %header); |
162 |
+ |
163 |
+ sub net; sub id; sub rid; sub proxy; sub sat; |
164 |
+ |
165 |
+ my %pairs = ( |
166 |
+ network => 'Network', |
167 |
+ registered_country_geoname_id => 'Registered Country ID', |
168 |
+ geoname_id => 'Country ID', |
169 |
+ is_anonymous_proxy => 'Anonymous Proxy', |
170 |
+ is_satellite_provider => 'Satellite', |
171 |
+ ); |
172 |
+ |
173 |
+ foreach (sort keys %countryName) { |
174 |
+ $country{$_} = { |
175 |
+ name => $countryName{$_}, |
176 |
+ pool_v4 => Net::CIDR::Lite->new(), |
177 |
+ pool_v6 => Net::CIDR::Lite->new(), |
178 |
+ }; |
179 |
+ } |
180 |
+ |
181 |
+ $file = "$dir/GeoLite2-Country-Blocks-IPv4.csv"; |
182 |
+ |
183 |
+ open($fh, '<', $file) || die "Can't open IPv4 database\n"; |
184 |
+ |
185 |
+ # first line is headers |
186 |
+ $row = $csv->getline($fh); |
187 |
+ |
188 |
+ %header = map { ($row->[$_], $_); } (0..$#{$row}); |
189 |
+ |
190 |
+ # verify that the columns we need are present |
191 |
+ map { die "Table has no %pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs; |
192 |
+ |
193 |
+ my %remapping = ( |
194 |
+ net => 'network', |
195 |
+ id => 'geoname_id', |
196 |
+ rid => 'registered_country_geoname_id', |
197 |
+ proxy => 'is_anonymous_proxy', |
198 |
+ sat => 'is_satellite_provider', |
199 |
+ ); |
200 |
+ |
201 |
+ # now create a function which returns the value of that column # |
202 |
+ map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping; |
203 |
+ |
204 |
+ while ($row = $csv->getline($fh)) { |
205 |
+ my ($cc, $cidr); |
206 |
+ |
207 |
+ $cc = lookupCountry($row->[id], $row->[rid], $row->[proxy], $row->[sat]); |
208 |
+ $cidr = $row->[net]; |
209 |
+ $country{$cc}->{pool_v4}->add($cidr); |
210 |
+ |
211 |
+ #if ($. % 4096 == 0) { |
212 |
+ # print STDERR "\r\e[2K$. entries"; |
213 |
+ #} |
214 |
+ } |
215 |
+ |
216 |
+ #print STDERR "\r\e[2K$. entries total\n"; |
217 |
+ |
218 |
+ close($fh); |
219 |
+ |
220 |
+ # clean up the namespace |
221 |
+ undef &net; undef &id; undef &rid; undef &proxy; undef &sat; |
222 |
+ |
223 |
+ $file = "$dir/GeoLite2-Country-Blocks-IPv6.csv"; |
224 |
+ |
225 |
+ open($fh, '<', $file) || die "Can't open IPv6 database\n"; |
226 |
+ |
227 |
+ # first line is headers |
228 |
+ $row = $csv->getline($fh); |
229 |
+ |
230 |
+ %header = map { ($row->[$_], $_); } (0..$#{$row}); |
231 |
+ |
232 |
+ # verify that the columns we need are present |
233 |
+ map { die "Table has no %pairs{$_} column\n" unless (exists $header{$_}); } keys %pairs; |
234 |
+ |
235 |
+ # unlikely the IPv6 table has different columns, but just to be sure |
236 |
+ # create a function which returns the value of that column # |
237 |
+ map { eval "sub $_ () { \$header{\$remapping{$_}}; }" ; } keys %remapping; |
238 |
+ |
239 |
+ while ($row = $csv->getline($fh)) { |
240 |
+ my ($cc, $cidr); |
241 |
+ |
242 |
+ $cc = lookupCountry($row->[id], $row->[rid], $row->[proxy], $row->[sat]); |
243 |
+ $cidr = $row->[net]; |
244 |
+ $country{$cc}->{pool_v6}->add($cidr); |
245 |
+ |
246 |
+ #if ($. % 4096 == 0) { |
247 |
+ # print STDERR "\r\e[2K$. entries"; |
248 |
+ #} |
249 |
+ } |
250 |
+ |
251 |
+ #print STDERR "\r\e[2K$. entries total\n"; |
252 |
+ |
253 |
+ close($fh); |
254 |
+ |
255 |
+ # clean up the namespace |
256 |
+ undef &net; undef &id; undef &rid; undef &proxy; undef &sat; |
257 |
+ |
258 |
return \%country; |
259 |
} |
260 |
|
261 |
@@ -66,18 +245,23 @@ |
262 |
{ |
263 |
my $country = shift @_; |
264 |
|
265 |
- foreach my $iso_code (sort keys %$country) { |
266 |
+ foreach my $iso_code (sort keys %{$country}) { |
267 |
&dump_one($iso_code, $country->{$iso_code}); |
268 |
} |
269 |
} |
270 |
|
271 |
sub dump_one |
272 |
{ |
273 |
+# 2 sub-directories added pour big-endian and little-endian |
274 |
+ |
275 |
my($iso_code, $country) = @_; |
276 |
my($file, $fh_le, $fh_be); |
277 |
- |
278 |
+ my ($start, $end); |
279 |
+ my @ranges; |
280 |
+ |
281 |
+ @ranges = $country->{pool_v6}->list_range(); |
282 |
printf "%5u IPv6 ranges for %s %s\n", |
283 |
- scalar(@{$country->{pool_v6}}), |
284 |
+ scalar(@ranges), |
285 |
$iso_code, $country->{name}; |
286 |
|
287 |
$file = "$target_dir/LE/".uc($iso_code).".iv6"; |
288 |
@@ -90,15 +274,23 @@ |
289 |
print STDERR "Error opening $file: $!\n"; |
290 |
exit 1; |
291 |
} |
292 |
- foreach my $range (@{$country->{pool_v6}}) { |
293 |
- print $fh_be $range->[0], $range->[1]; |
294 |
- print $fh_le &ip6_swap($range->[0]), &ip6_swap($range->[1]); |
295 |
+ binmode($fh_be); |
296 |
+ binmode($fh_le); |
297 |
+ |
298 |
+ foreach my $range (@ranges) { |
299 |
+ ($start, $end) = split('-', $range); |
300 |
+ $start = inet_pton(AF_INET6, $start); |
301 |
+ $end = inet_pton(AF_INET6, $end); |
302 |
+ print $fh_be $start, $end; |
303 |
+ |
304 |
+ print $fh_le &ip6_swap($start), &ip6_swap($end); |
305 |
} |
306 |
close $fh_le; |
307 |
close $fh_be; |
308 |
|
309 |
+ @ranges = $country->{pool_v4}->list_range(); |
310 |
printf "%5u IPv4 ranges for %s %s\n", |
311 |
- scalar(@{$country->{pool_v4}}), |
312 |
+ scalar(@ranges), |
313 |
$iso_code, $country->{name}; |
314 |
|
315 |
$file = "$target_dir/LE/".uc($iso_code).".iv4"; |
316 |
@@ -111,31 +303,29 @@ |
317 |
print STDERR "Error opening $file: $!\n"; |
318 |
exit 1; |
319 |
} |
320 |
- foreach my $range (@{$country->{pool_v4}}) { |
321 |
- print $fh_le pack("VV", $range->[0], $range->[1]); |
322 |
- print $fh_be pack("NN", $range->[0], $range->[1]); |
323 |
+ binmode($fh_be); |
324 |
+ binmode($fh_le); |
325 |
+ |
326 |
+ foreach my $range (@ranges) { |
327 |
+ ($start, $end) = split('-', $range); |
328 |
+ my $start = inet_pton(AF_INET, $start); |
329 |
+ my $end = inet_pton(AF_INET, $end); |
330 |
+ print $fh_be $start, $end; |
331 |
+ print $fh_le ip4_swap($start), ip4_swap($end); |
332 |
} |
333 |
close $fh_le; |
334 |
close $fh_be; |
335 |
} |
336 |
|
337 |
-sub ip6_pack |
338 |
+sub ip6_swap |
339 |
{ |
340 |
- my $addr = shift @_; |
341 |
- $addr =~ s{::}{:!:}; |
342 |
- my @addr = split(/:/, $addr); |
343 |
- my @e = (0) x 8; |
344 |
- foreach (@addr) { |
345 |
- if ($_ eq "!") { |
346 |
- $_ = join(':', @e[0..(8-scalar(@addr))]); |
347 |
- } |
348 |
- } |
349 |
- @addr = split(/:/, join(':', @addr)); |
350 |
- $_ = hex($_) foreach @addr; |
351 |
- return pack("n*", @addr); |
352 |
+ my ($p1, $p2, $p3, $p4) = unpack 'a4 a4 a4 a4', shift @_; |
353 |
+ return pack "a4 a4 a4 a4", ip4_swap($p1), ip4_swap($p2), |
354 |
+ ip4_swap($p3), ip4_swap($p4); |
355 |
} |
356 |
|
357 |
-sub ip6_swap |
358 |
+sub ip4_swap |
359 |
{ |
360 |
- return pack("V*", unpack("N*", shift @_)); |
361 |
+ my ($b1, $b2, $b3, $b4) = unpack 'a a a a', shift @_; |
362 |
+ return pack "a a a a", $b4, $b3, $b2, $b1; |
363 |
} |
364 |
diff -urN xtables-addons-2.14.old/geoip/xt_geoip_build.1 xtables-addons-2.14/geoip/xt_geoip_build.1 |
365 |
--- xtables-addons-2.14.old/geoip/xt_geoip_build.1 2017-11-22 21:29:25.000000000 +0400 |
366 |
+++ xtables-addons-2.14/geoip/xt_geoip_build.1 2020-06-07 22:21:36.000000000 +0400 |
367 |
@@ -5,7 +5,7 @@ |
368 |
.SH Syntax |
369 |
.PP |
370 |
\fI/usr/libexec/xt_geoip/\fP\fBxt_geoip_build\fP [\fB\-D\fP |
371 |
-\fItarget_dir\fP] [\fIfile\fP...] |
372 |
+\fItarget_dir\fP] |
373 |
.SH Description |
374 |
.PP |
375 |
xt_geoip_build is used to build packed raw representations of the range |
376 |
@@ -16,7 +16,12 @@ |
377 |
also ordered, as xt_geoip relies on this property for its bisection approach to |
378 |
work. |
379 |
.PP |
380 |
-Input is processed from the listed files, or if none is given, from stdin. |
381 |
+It expects to find a directory named |
382 |
+.IR GeoLite2-Country-CSV_YYYYMMDD |
383 |
+in the current directory, and will select the most recent if multiple |
384 |
+instances are found. The |
385 |
+.IR xt_geoip_dl |
386 |
+script can be used to populate this directory. |
387 |
.PP |
388 |
Since the script is usually installed to the libexec directory of the |
389 |
xtables-addons package and this is outside $PATH (on purpose), invoking the |
390 |
diff -urN xtables-addons-2.14.old/geoip/xt_geoip_dl xtables-addons-2.14/geoip/xt_geoip_dl |
391 |
--- xtables-addons-2.14.old/geoip/xt_geoip_dl 2017-11-22 21:29:25.000000000 +0400 |
392 |
+++ xtables-addons-2.14/geoip/xt_geoip_dl 2020-06-07 22:25:47.711229516 +0400 |
393 |
@@ -1,8 +1,26 @@ |
394 |
#!/bin/sh |
395 |
|
396 |
-rm -f GeoIPv6.csv GeoIPv6.csv.gz GeoIPCountryCSV.zip GeoIPCountryWhois.csv; |
397 |
-wget \ |
398 |
- http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz \ |
399 |
- http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip; |
400 |
-gzip -d GeoIPv6.csv.gz; |
401 |
-unzip GeoIPCountryCSV.zip; |
402 |
+status=$(/sbin/e-smith/config getprop geoip status) |
403 |
+if [[ "$status" != "enabled" ]] |
404 |
+then |
405 |
+ echo "Geoip is not enabled. No download." |
406 |
+ exit 1 |
407 |
+fi |
408 |
+ |
409 |
+LicenseKey=$(/sbin/e-smith/config getprop geoip LicenseKey) |
410 |
+if [ -z $LicenseKey ] |
411 |
+then |
412 |
+ echo "No License Key available. Downloading cannot be performed" |
413 |
+ exit 1 |
414 |
+fi |
415 |
+ |
416 |
+rm -rf GeoLite2-Country-CSV_* |
417 |
+ |
418 |
+if ( ! wget -O GeoLite2-Country-CSV.zip -q "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=${LicenseKey}&suffix=zip" ) |
419 |
+then |
420 |
+ echo "Error while downloading" |
421 |
+ exit 2 |
422 |
+fi |
423 |
+ |
424 |
+unzip -q GeoLite2-Country-CSV.zip |
425 |
+rm -f GeoLite2-Country-CSV.zip |
426 |
diff -urN xtables-addons-2.14.old/mconfig xtables-addons-2.14/mconfig |
427 |
--- xtables-addons-2.14.old/mconfig 2017-11-22 21:29:25.000000000 +0400 |
428 |
+++ xtables-addons-2.14/mconfig 2020-06-18 11:15:58.417767490 +0400 |
429 |
@@ -9,7 +9,7 @@ |
430 |
build_IPMARK=m |
431 |
build_LOGMARK=m |
432 |
build_SYSRQ=m |
433 |
-build_TARPIT=m |
434 |
+##build_TARPIT=m centos 7 compatibility |
435 |
build_condition=m |
436 |
build_fuzzy=m |
437 |
build_geoip=m |