GeoIP, last bits and pieces for #3856

* show a message when GeoIP is used but no addresses are found * support other vendors as well (format should be documented in our docs)
opnsense · Dec 29, 2019 · b4147a1 · b4147a1
1 parent 31a1da3
commit b4147a1
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 15 deletions.
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php
@@ -321,11 +321,19 @@ public function getGeoIPAction()
     {
         $result = array();
         if ($this->request->isGet()) {
-            $result[static::$internalModelName] = array();
+            $result[static::$internalModelName] = ['geoip' => array()];
             $node = $this->getModel()->getNodeByReference('geoip');
             if ($node != null) {
                 $result[static::$internalModelName]['geoip'] = $node->getNodes();
             }
+            // count aliases that depend on GeoIP data
+            $result[static::$internalModelName]['geoip']['usages'] = 0;
+            foreach ($this->getModel()->aliasIterator() as $alias) {
+                if ($alias['type'] == "geoip") {
+                    $result[static::$internalModelName]['geoip']['usages']++;
+                }
+            }
+            $result[static::$internalModelName]['geoip']['address_count'] = 0;
             if (file_exists('/usr/local/share/GeoIP/alias.stats')) {
                 $stats = json_decode(file_get_contents('/usr/local/share/GeoIP/alias.stats'), true);
                 $result[static::$internalModelName]['geoip'] = array_merge(

diff --git a/src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt b/src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt
@@ -2,7 +2,7 @@
 <link href="{{ cache_safe('/ui/css/flags/flag-icon.css') }}" rel="stylesheet">
 <style>
     @media (min-width: 768px) {
-        .modal-dialog {
+        #DialogAlias > .modal-dialog {
             width: 90%;
             max-width:1200px;
         }
@@ -330,11 +330,30 @@
             });
         });
 
-        let data_get_map = {'frm_GeopIPSettings':"/api/firewall/alias/getGeoIP"};
-        mapDataToFormUI(data_get_map).done(function(data){
-            formatTokenizersUI();
-            $('.selectpicker').selectpicker('refresh');
-        });
+        function loadSettings() {
+            let data_get_map = {'frm_GeopIPSettings':"/api/firewall/alias/getGeoIP"};
+            mapDataToFormUI(data_get_map).done(function(data){
+                if (data.frm_GeopIPSettings.alias.geoip.usages) {
+                    if (!data.frm_GeopIPSettings.alias.geoip.address_count) {
+                        let $msg = "{{ lang._('In order to use GeoIP, you need to configure a source in the GeoIP settings tab') }}";
+                        BootstrapDialog.show({
+                          title: "{{ lang._('GeoIP') }}",
+                          message: $msg,
+                          type: BootstrapDialog.TYPE_INFO,
+                          buttons: [{
+                              label:  "{{ lang._('Close') }}",
+                              action: function(sender){
+                                 sender.close();
+                              }
+                          }]
+                        });
+                    }
+                }
+                formatTokenizersUI();
+                $('.selectpicker').selectpicker('refresh');
+            });
+        }
+        loadSettings();
 
         /**
          * reconfigure
@@ -345,6 +364,7 @@
                 ajaxCall("/api/firewall/alias/reconfigure", {}, function(data,status) {
                     // when done, disable progress animation.
                     $("#reconfigureAct_progress").removeClass("fa fa-spinner fa-pulse");
+                    loadSettings();
                 });
             });
         });

diff --git a/src/opnsense/scripts/filter/download_geoip.py b/src/opnsense/scripts/filter/download_geoip.py
@@ -32,4 +32,8 @@
 from lib.geoip import download_geolite
 
 # output files and lines processed
-print ('%(file_count)d files written, with a total number of %(address_count)d lines' % download_geolite())
+data = download_geolite()
+print ("%(file_count)d files written, with a total number of %(address_count)d lines" % data)
+print ("locations filename : %(locations_filename)s" % data)
+print ("IPv4 filename : %(IPv4)s" % data['address_sources'])
+print ("IPv6 filename : %(IPv6)s" % data['address_sources'])
diff --git a/src/opnsense/scripts/filter/lib/geoip.py b/src/opnsense/scripts/filter/lib/geoip.py
@@ -49,7 +49,13 @@ def download_geolite():
         if cnf.has_section('settings') and cnf.has_option('settings', 'url'):
             url = cnf.get('settings', 'url').strip()
 
-    result = {'address_count': 0 , 'file_count': 0, 'timestamp': None}
+    result = {
+        'address_count': 0 ,
+        'file_count': 0,
+        'timestamp': None,
+        'locations_filename': None,
+        'address_sources': {'IPv4': None, 'IPv6': None}
+    }
     if url is not None:
         # flush data from remote url to temp file and unpack from there
         with tempfile.NamedTemporaryFile() as tmp_stream:
@@ -62,22 +68,30 @@ def download_geolite():
                     file_handles = dict()
                     for item in zf.infolist():
                         if item.file_size > 0:
-                            file_handles[os.path.basename(item.filename)] = item
+                            filename = os.path.basename(item.filename)
+                            file_handles[filename] = item
+                            if filename.lower().find('locations-en.csv') > -1:
+                                result['locations_filename'] = filename
+                            elif filename.lower().find('ipv4.csv') > -1:
+                                result['address_sources']['IPv4'] = filename
+                            elif filename.lower().find('ipv6.csv') > -1:
+                                result['address_sources']['IPv6'] = filename
                     # only process geo ip data when archive contains country definitions
-                    if 'GeoLite2-Country-Locations-en.csv' in file_handles:
-                        dt = datetime.datetime(*file_handles['GeoLite2-Country-Locations-en.csv'].date_time).isoformat()
+                    if result['locations_filename'] is not None:
+                        dt = datetime.datetime(*file_handles[result['locations_filename']].date_time).isoformat()
                         result['timestamp'] = dt
                         country_codes = dict()
                         # parse geoname_id to country code map
-                        for line in zf.open(file_handles['GeoLite2-Country-Locations-en.csv']).read().decode().split('\n'):
+                        locations = zf.open(file_handles[result['locations_filename']]).read()
+                        for line in locations.decode().split('\n'):
                             parts = line.split(',')
                             if len(parts) > 4 and len(parts[4]) >= 1 and len(parts[4]) <= 3:
                                 country_codes[parts[0]] = parts[4]
                         # process all details into files per country / protocol
                         for proto in ['IPv4', 'IPv6']:
-                            if 'GeoLite2-Country-Blocks-%s.csv' % proto in file_handles:
+                            if result['address_sources'][proto] is not None:
                                 output_handles = dict()
-                                country_blocks = zf.open(file_handles['GeoLite2-Country-Blocks-%s.csv' % proto]).read()
+                                country_blocks = zf.open(file_handles[result['address_sources'][proto]]).read()
                                 for line in country_blocks.decode().split('\n'):
                                     parts = line.split(',')
                                     if len(parts) > 3 and parts[1] in country_codes: