Merge pull request #1 from firewalla/master

merge updates

alarm/AlarmManager2.js

@@ -1382,10 +1382,10 @@ module.exports = class {
 
       let destIP = alarm["p.dest.ip"];
 
-      if (!destIP)
-        return Promise.reject(new Error("Requiring p.dest.ip"));
-
-
+      if (!destIP) {
+        return alarm;
+      }
+        
       // location
       const loc = await intelManager.ipinfo(destIP)
       if (loc && loc.loc) {

etc/brotab

@@ -6,7 +6,7 @@ SHELL=/bin/bash
 0 0 1-31/2 * * /home/pi/firewalla/scripts/clean-log >/dev/null 2>&1
 * * * * * for x in $(seq 0 10 50); do ( sleep $x; /home/pi/scripts/fire-ping.sh  &>/dev/null) & done
 */2 * * * * ( /home/pi/firewalla/scripts/fireapi-ping.sh  >/dev/null 2>&1 )
-*/5 * * * * ( /home/pi/firewalla/scripts/firemain-ping.sh  >/dev/null 2>&1 )
+*/10 * * * * ( /home/pi/firewalla/scripts/firemain-ping.sh  >/dev/null 2>&1 )
 */5 * * * * ( /home/pi/firewalla/scripts/firemon-ping.sh  >/dev/null 2>&1 )
 0 2 * * * ( sleep $(( ${RANDOM} * 120 / 32768 ))m ; /home/pi/firewalla/scripts/fireupgrade_check.sh >/tmp/fireupgrade.log 2>&1 )
 */5 * * * * logger "Firewalla checkpoint every 5 mins" &>/dev/null

extension/bro/BroNotice.js

@@ -19,6 +19,9 @@ let instance = null;
 const SysManager = require('../../net2/SysManager.js')
 const sysManager = new SysManager();
 
+const HostTool = require('../../net2/HostTool.js');
+const hostTool = new HostTool();
+
 const log = require('../../net2/logger.js')(__filename);
 
 class BroNotice {
@@ -29,7 +32,7 @@ class BroNotice {
   }
 
   async processSSHScan(alarm, broObj) {
-    const subMessage = obj.sub
+    const subMessage = broObj.sub
     // sub message:
     //   Sampled servers:  10.0.1.182, 10.0.1.182, 10.0.1.182, 10.0.1.182, 10.0.1.182
 
@@ -51,7 +54,7 @@ class BroNotice {
     alarm["p.message"] = `${alarm["p.message"].replace(/\.$/, '')} on device: ${addresses.join(",")}`
   }
 
-  async processPortScan(alar, broObj) {
+  async processPortScan(alarm, broObj) {
 
   }
 

monitor/MonitorMain.js

@@ -22,6 +22,9 @@ const sem = require('../sensor/SensorEventManager.js').getInstance();
 
 var bone = require("../lib/Bone.js");
 var config = JSON.parse(require('fs').readFileSync('../net2/config.json', 'utf8'));
+
+const fs = require('fs');
+
 log.info("================================================================================");
 log.info("Monitor Starting:",config.version);
 log.info("================================================================================");
@@ -46,10 +49,11 @@ function run0() {
       sysManager.isConfigInitialized()) {
     run();
   } else {
+    log.forceInfo("Waiting for first app to connect...");
     setTimeout(()=>{
       sysManager.update(null);
       run0();
-    },1000);
+    },3000);
   }
 }
 
@@ -105,6 +109,18 @@ function setStatus(type, opts) {
   Object.assign(type, opts);
 }
 
+function updateTouchFile() {
+  const monitorTouchFile = "/dev/shm/monitor.touch";
+
+  fs.open(monitorTouchFile, 'w', (err, fd) => {
+    if(!err) {
+      fs.close(fd, (err2) => {
+
+      })
+    }
+  })
+}
+
 function run() {
   const firewallaConfig = require('../net2/config.js').getConfig();
   sysManager.setConfig(firewallaConfig) // update sys config when start
@@ -131,7 +147,9 @@ function run() {
   setInterval(() => {
     const type = 'dlp';
     const _status = status[type];
-    log.warn("<== Heart-Beat Message for DLP job ==>");
+
+    updateTouchFile();
+
     setTimeout(() => {
       if (_status.running && _status.runBy !== 'signal') {
         log.error("DLP Timeout", status);
@@ -157,7 +175,9 @@ function run() {
   setInterval(() => {
     const type = 'detect';
     const _status = status[type];
-    log.warn("<== Heart-Beat Message for detect job ==>");
+
+    updateTouchFile();
+
     setTimeout(() => {
       if (_status.running && _status.runBy !== 'signal') {
         log.error("Last Detection Timeout", status);

net2/BroDetect.js

@@ -1563,27 +1563,7 @@ module.exports = class {
                     dh = "0.0.0.0";
                 }
 
-                let actionobj = {
-                     title: obj.msg,
-                     actions: ["ignore"],
-                     src: obj.src,
-                     dst: obj.dst,
-                     note: obj.note,
-                     target: lh,
-                     msg: obj.msg,
-                     obj: obj
-                };
-
                 (async () => {
-                    const srcName = await hostTool.getName(obj.src)
-                    const dstName = await hostTool.getName(obj.dst)
-                    if(srcName) {
-                        actionobj.shname = srcName
-                    }
-                    if(dstName) {
-                        actionobj.dhname = dstName
-                    }
-
                     let localIP = lh;
                     let message = obj.msg;
                     let noticeType = obj.note;

net2/SysManager.js

@@ -272,6 +272,10 @@ module.exports = class {
   setLanguage(language, callback) {
     callback = callback || function() {}
 
+    // FIXME: disable set language feature temporarliy
+    callback(null);
+    return;
+
     this.language = language;
     const theLanguage = i18n.setLocale(this.language);
     if(theLanguage !== this.language) {

net2/logger.js

@@ -38,13 +38,16 @@ if (require('fs').existsSync("/tmp/FWPRODUCTION")) {
   production = true;
 }
 
-
+var globalLogLevel = 'info';
+if(production) {
+  globalLogLevel = 'warn';
+}
 
 function getFileTransport() {
   let loglevel = 'info';
-  if (production) {
-    loglevel = 'warn';
-  }   
+  // if (production) {
+  //   loglevel = 'warn';
+  // }   
 
   return new(winston.transports.File)({
     level: loglevel,
@@ -71,9 +74,9 @@ function getFileTransport() {
 
 function getConsoleTransport() {
   let loglevel = 'info';
-  if (production) {
-    loglevel = 'warn';
-  }    
+  // if (production) {
+  //   loglevel = 'warn';
+  // }    
 
   return new(winston.transports.Console)({
     loglevel: loglevel,
@@ -151,7 +154,7 @@ module.exports = function (component) {
   var wrap = {};
   wrap.component = component;
   wrap.effectiveLogLevel = null;
-  wrap.globalLogLevel = logger.level;
+  wrap.globalLogLevel = globalLogLevel;
 
   let getLogLevel = function() {
     if(wrap.effectiveLogLevel) {

net2/main.js

@@ -30,6 +30,20 @@ log.info("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 const async = require('asyncawait/async');
 const await = require('asyncawait/await');
 
+const fs = require('fs');
+
+function updateTouchFile() {
+  const mainTouchFile = "/dev/shm/main.touch";
+
+  fs.open(mainTouchFile, 'w', (err, fd) => {
+    if(!err) {
+      fs.close(fd, (err2) => {
+
+      })
+    }
+  })
+}
+
 let bone = require("../lib/Bone.js");
 
 let firewalla = require("./Firewalla.js");
@@ -41,7 +55,6 @@ let mode = require('./Mode.js')
 // api/main/monitor all depends on sysManager configuration
 var SysManager = require('./SysManager.js');
 var sysManager = new SysManager('info');
-var fs = require('fs');
 var config = JSON.parse(fs.readFileSync(`${__dirname}/config.json`, 'utf8'));
 
 let BoneSensor = require('../sensor/BoneSensor');
@@ -80,7 +93,7 @@ function run0() {
     setTimeout(()=>{
       sysManager.update(null);
       run0();
-    },1000);
+    },3000);
   }
 }
 
@@ -289,6 +302,8 @@ function run() {
 
   },1000*2);
 
+  updateTouchFile();
+
   setInterval(()=>{
     let memoryUsage = Math.floor(process.memoryUsage().rss / 1000000);
     try {
@@ -298,7 +313,9 @@ function run() {
       }
     } catch(e) {
     }
-    log.warn("<== Heart-Beat Message for FireMain Memory Cleanup ==>");
+
+    updateTouchFile();
+
   },1000*60*5);
 
   setInterval(()=>{

scripts/alias.sh

@@ -29,4 +29,9 @@ alias fufu='sudo -u pi git fetch origin $branch && sudo -u pi git reset --hard F
 alias node='/home/pi/firewalla/bin/node'
 alias fuc='/home/pi/firewalla/scripts/fireupgrade_check.sh'
 alias srr='/home/pi/firewalla/scripts/main-run'
-alias rc='redis-cli'
+alias srrr='/home/pi/firewalla/scripts/fireupgrade_check.sh'
+alias rc='redis-cli'
+alias ll0='redis-cli publish "TO.FireMain" "{\"type\":\"ChangeLogLevel\", \"name\":\"*\", \"toProcess\":\"FireMain\", \"level\":\"info\"}"'
+alias ll1='redis-cli publish "TO.FireKick" "{\"type\":\"ChangeLogLevel\", \"name\":\"*\", \"toProcess\":\"FireKick\", \"level\":\"info\"}"'
+alias ll2='redis-cli publish "TO.FireMon" "{\"type\":\"ChangeLogLevel\", \"name\":\"*\", \"toProcess\":\"FireMon\", \"level\":\"info\"}"'
+alias ll3='redis-cli publish "TO.FireApi" "{\"type\":\"ChangeLogLevel\", \"name\":\"*\", \"toProcess\":\"FireApi\", \"level\":\"info\"}"'

scripts/firemain-ping.sh

@@ -10,8 +10,10 @@ SLEEP_TIMEOUT=10
 # there should be updated logs in log file
 MMIN="-10"
 
+FILE=/dev/shm/main.touch
+
 firemain_ping() {
-	RESULT=$(find /home/pi/logs/ -name "FireMain*" -mmin ${MMIN})
+	RESULT=$(find $FILE -mmin ${MMIN})
   if [[ "x$RESULT" == "x" ]]; then
 		return 1
 	else

scripts/firemon-ping.sh

@@ -10,8 +10,10 @@ SLEEP_TIMEOUT=10
 # there should be updated logs in log file
 MMIN="-10"
 
+FILE=/dev/shm/monitor.touch
+
 firemon_ping() {
-	RESULT=$(find /home/pi/logs/ -name "FireMon*" -mmin ${MMIN})
+	RESULT=$(find $FILE -mmin ${MMIN})
   if [[ "x$RESULT" == "x" ]]; then
 		return 1
 	else

sensor/CategoryUpdateSensor.js

@@ -28,7 +28,7 @@ const categoryUpdater = new CategoryUpdater();
 const categoryHashsetMapping = {
   "games": "app.gaming",
   "social": "app.social",
-  // "video": "app.video",
+  "av": "app.video",
   "porn": "app.porn"  // dnsmasq redirect to blue hole if porn
 }
 

vpn/Default.txt

@@ -6,6 +6,8 @@ resolv-retry infinite
 nobind
 persist-key
 persist-tun
+compress lzo
+remote-cert-tls server
 mute-replay-warnings
 key-direction 1
 cipher AES-128-CBC

vpn/VpnManager.js

@@ -279,7 +279,9 @@ module.exports = class {
                 mydns = "8.8.8.8"; // use google DNS as default
             }
 
-            let cmd = util.format("cd %s/vpn; sudo -E ./ovpngen.sh %s %s %s %s %s; sync", fHome, clientname, password, sysManager.myIp(), ip, mydns);
+            const vpnLockFile = "/dev/shm/vpn_gen_lock_file";
+
+            let cmd = util.format("cd %s/vpn; flock -n %s -c 'sudo -E ./ovpngen.sh %s %s %s %s %s'; sync", fHome, vpnLockFile, clientname, password, sysManager.myIp(), ip, mydns);
             log.info("VPNManager:GEN", cmd);
             this.getovpn = require('child_process').exec(cmd, (err, out, code) => {
                 if (err) {