diff --git a/src/opnsense/scripts/filter/delete_table.py b/src/opnsense/scripts/filter/delete_table.py index d5d6f056f..3ff7e129e 100755 --- a/src/opnsense/scripts/filter/delete_table.py +++ b/src/opnsense/scripts/filter/delete_table.py @@ -35,22 +35,15 @@ import os import sys if __name__ == '__main__': - result = [] if len(sys.argv) > 2: # always validate if the item is in the pf table before trying to delete - with tempfile.NamedTemporaryFile() as output_stream: - # delete an entry from a pf table - subprocess.call(['/sbin/pfctl', '-t', sys.argv[1], '-T', 'show'], - stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - if sys.argv[2].strip() == 'ALL': - if len(output_stream.read().decode().strip().split('\n')) > 0: - # delete all entries from a pf table - subprocess.call(['/sbin/pfctl', '-t', sys.argv[1], '-T', 'flush'], - stdout=output_stream, stderr=open(os.devnull, 'wb')) - else: - for line in output_stream.read().decode().strip().split('\n'): - if line.strip() == sys.argv[2].strip(): - result = [] - subprocess.call(['/sbin/pfctl', '-t', sys.argv[1], '-T', 'delete', line.strip()], - stdout=open(os.devnull, 'wb'), stderr=open(os.devnull, 'wb')) + sp = subprocess.run(['/sbin/pfctl', '-t', sys.argv[1], '-T', 'show'], capture_output=True, text=True) + if sys.argv[2].strip() == 'ALL': + if len(sp.stdout.strip().split('\n')) > 0: + # delete all entries from a pf table + subprocess.run(['/sbin/pfctl', '-t', sys.argv[1], '-T', 'flush'], capture_output=True) + else: + for line in sp.stdout.strip().split('\n'): + if line.strip() == sys.argv[2].strip(): + subprocess.run(['/sbin/pfctl', '-t', sys.argv[1], '-T', 'delete', line.strip()], + capture_output=True) diff --git a/src/opnsense/scripts/filter/find_table_references.py b/src/opnsense/scripts/filter/find_table_references.py index e7f0e9639..68d1e42f4 100755 --- a/src/opnsense/scripts/filter/find_table_references.py +++ b/src/opnsense/scripts/filter/find_table_references.py @@ -45,23 +45,17 @@ if __name__ == '__main__': tables = [] # Fetch tables - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-sT'], stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - for line in output_stream.read().decode().strip().split('\n'): - tables.append(line.strip()) + sp = subprocess.run(['/sbin/pfctl', '-sT'], capture_output=True, text=True) + for line in sp.stdout.strip().split('\n'): + tables.append(line.strip()) # Fetch IP ranges in this table and check if they match for table in tables: - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-t', table, '-T', 'show'], - stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - for line in output_stream.read().decode().strip().split('\n'): - if line.strip() != "": - if ip in IPNetwork(line.strip()): - result['matches'].append(table) - + sp = subprocess.run(['/sbin/pfctl', '-t', table, '-T', 'show'], capture_output=True, text=True) + for line in sp.stdout.strip().split('\n'): + if line.strip() != "": + if ip in IPNetwork(line.strip()): + result['matches'].append(table) print(ujson.dumps(result)) except AddrFormatError: diff --git a/src/opnsense/scripts/filter/kill_table.py b/src/opnsense/scripts/filter/kill_table.py index d3b3ad2ad..d26f8d907 100755 --- a/src/opnsense/scripts/filter/kill_table.py +++ b/src/opnsense/scripts/filter/kill_table.py @@ -28,28 +28,25 @@ -------------------------------------------------------------------------------------- drop an existing pf alias table """ -import tempfile import subprocess import os import sys import ujson if __name__ == '__main__': - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-sT'], stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - tables = list() - for line in output_stream.read().decode().strip().split('\n'): - tables.append(line.strip()) - # only try to remove alias if it exists - if len(sys.argv) > 1 and sys.argv[1] in tables: - # cleanup related alias file - for suffix in ['txt', 'md5.txt', 'self.txt']: - if os.path.isfile('/var/db/aliastables/%s.%s' % (sys.argv[1], suffix)): - os.remove('/var/db/aliastables/%s.%s' % (sys.argv[1], suffix)) - subprocess.call(['/sbin/pfctl', '-t', sys.argv[1], '-T', 'kill'], stdout=open(os.devnull, 'wb'), stderr=open(os.devnull, 'wb')) - # all good, exit 0 - sys.exit(0) + sp = subprocess.run(['/sbin/pfctl', '-sT'], capture_output=True, text=True) + tables = list() + for line in sp.stdout.strip().split('\n'): + tables.append(line.strip()) + # only try to remove alias if it exists + if len(sys.argv) > 1 and sys.argv[1] in tables: + # cleanup related alias file + for suffix in ['txt', 'md5.txt', 'self.txt']: + if os.path.isfile('/var/db/aliastables/%s.%s' % (sys.argv[1], suffix)): + os.remove('/var/db/aliastables/%s.%s' % (sys.argv[1], suffix)) + subprocess.run(['/sbin/pfctl', '-t', sys.argv[1], '-T', 'kill'], capture_output=True) + # all good, exit 0 + sys.exit(0) # not found (or other issue) sys.exit(-1) diff --git a/src/opnsense/scripts/filter/list_counters.py b/src/opnsense/scripts/filter/list_counters.py index 354e8f826..c50b34340 100755 --- a/src/opnsense/scripts/filter/list_counters.py +++ b/src/opnsense/scripts/filter/list_counters.py @@ -36,39 +36,37 @@ import ujson if __name__ == '__main__': result = dict() - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-vvsI'], stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - intf = None - for line in output_stream.read().decode().strip().split('\n'): - if line.find('[') == -1 and line[0] not in (' ', '\t'): - intf = line.strip() - result[intf] = {'inbytespass': 0, 'outbytespass': 0, 'inpktspass': 0, 'outpktspass': 0, - 'inbytesblock': 0, 'outbytesblock': 0, 'inpktsblock': 0, 'outpktsblock': 0, - 'inpkts':0, 'inbytes': 0, 'outpkts': 0, 'outbytes': 0} - if intf is not None and line.find('[') > -1: - packets = int(line.split(' Packets:')[-1].strip().split()[0]) - bytes = int(line.split(' Bytes:')[-1].strip().split()[0]) - if line.find('In4/Pass:') > -1 or line.find('In6/Pass:') > -1: - result[intf]['inpktspass'] += packets - result[intf]['inbytespass'] += bytes - result[intf]['inpkts'] += packets - result[intf]['inbytes'] += bytes - elif line.find('In4/Block:') > -1 or line.find('In6/Block:') > -1: - result[intf]['inbytesblock'] += packets - result[intf]['inpktsblock'] += bytes - result[intf]['inpkts'] += packets - result[intf]['inbytes'] += bytes - elif line.find('Out4/Pass:') > -1 or line.find('Out6/Pass:') > -1: - result[intf]['outpktspass'] += packets - result[intf]['outbytespass'] += bytes - result[intf]['outpkts'] += packets - result[intf]['outbytes'] += bytes - elif line.find('Out4/Block:') > -1 or line.find('Out6/Block:') > -1: - result[intf]['outpktsblock'] += packets - result[intf]['outbytesblock'] += bytes - result[intf]['outpkts'] += packets - result[intf]['outbytes'] += bytes + sp = subprocess.run(['/sbin/pfctl', '-vvsI'], capture_output=True, text=True) + intf = None + for line in sp.stdout.strip().split('\n'): + if line.find('[') == -1 and line[0] not in (' ', '\t'): + intf = line.strip() + result[intf] = {'inbytespass': 0, 'outbytespass': 0, 'inpktspass': 0, 'outpktspass': 0, + 'inbytesblock': 0, 'outbytesblock': 0, 'inpktsblock': 0, 'outpktsblock': 0, + 'inpkts':0, 'inbytes': 0, 'outpkts': 0, 'outbytes': 0} + if intf is not None and line.find('[') > -1: + packets = int(line.split(' Packets:')[-1].strip().split()[0]) + bytes = int(line.split(' Bytes:')[-1].strip().split()[0]) + if line.find('In4/Pass:') > -1 or line.find('In6/Pass:') > -1: + result[intf]['inpktspass'] += packets + result[intf]['inbytespass'] += bytes + result[intf]['inpkts'] += packets + result[intf]['inbytes'] += bytes + elif line.find('In4/Block:') > -1 or line.find('In6/Block:') > -1: + result[intf]['inbytesblock'] += packets + result[intf]['inpktsblock'] += bytes + result[intf]['inpkts'] += packets + result[intf]['inbytes'] += bytes + elif line.find('Out4/Pass:') > -1 or line.find('Out6/Pass:') > -1: + result[intf]['outpktspass'] += packets + result[intf]['outbytespass'] += bytes + result[intf]['outpkts'] += packets + result[intf]['outbytes'] += bytes + elif line.find('Out4/Block:') > -1 or line.find('Out6/Block:') > -1: + result[intf]['outpktsblock'] += packets + result[intf]['outbytesblock'] += bytes + result[intf]['outpkts'] += packets + result[intf]['outbytes'] += bytes # handle command line argument (type selection) if len(sys.argv) > 1 and sys.argv[1] == 'json': diff --git a/src/opnsense/scripts/filter/list_osfp.py b/src/opnsense/scripts/filter/list_osfp.py index cf5256580..7aaa3fb8e 100755 --- a/src/opnsense/scripts/filter/list_osfp.py +++ b/src/opnsense/scripts/filter/list_osfp.py @@ -28,21 +28,17 @@ -------------------------------------------------------------------------------------- list os fingerprints """ -import tempfile import subprocess -import os import sys import ujson if __name__ == '__main__': result = [] - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-s', 'osfp'], stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - data = output_stream.read().decode().strip() - if data.count('\n') > 2: - for line in data.split('\n')[2:]: - result.append(line.replace('\t', ' ').strip()) + sp = subprocess.run(['/sbin/pfctl', '-s', 'osfp'], capture_output=True) + data = sp.stdout.decode().strip() + if data.count('\n') > 2: + for line in data.split('\n')[2:]: + result.append(line.replace('\t', ' ').strip()) # handle command line argument (type selection) if len(sys.argv) > 1 and sys.argv[1] == 'json': diff --git a/src/opnsense/scripts/filter/list_pfsync.py b/src/opnsense/scripts/filter/list_pfsync.py index 688d68ea2..9f06aaf98 100755 --- a/src/opnsense/scripts/filter/list_pfsync.py +++ b/src/opnsense/scripts/filter/list_pfsync.py @@ -29,24 +29,20 @@ list pfsync info - nodes (unique creator id's from states) """ -import tempfile import subprocess -import os import sys import ujson if __name__ == '__main__': result = {'nodes': []} - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-s', 'state', '-vv'], stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - data = output_stream.read().decode().strip() - if data.count('\n') > 2: - for line in data.split('\n'): - if line.find('creatorid:') > -1: - creatorid = line.split('creatorid:')[1].strip() - if creatorid not in result['nodes']: - result['nodes'].append(creatorid) + sp = subprocess.run(['/sbin/pfctl', '-s', 'state', '-vv'], capture_output=True) + data = sp.stdout.decode().strip() + if data.count('\n') > 2: + for line in data.split('\n'): + if line.find('creatorid:') > -1: + creatorid = line.split('creatorid:')[1].strip() + if creatorid not in result['nodes']: + result['nodes'].append(creatorid) # handle command line argument (type selection) if len(sys.argv) > 1 and sys.argv[1] == 'json': diff --git a/src/opnsense/scripts/filter/list_states.py b/src/opnsense/scripts/filter/list_states.py index 4e5e0db40..3c20b9533 100755 --- a/src/opnsense/scripts/filter/list_states.py +++ b/src/opnsense/scripts/filter/list_states.py @@ -28,9 +28,7 @@ -------------------------------------------------------------------------------------- list pf states """ -import tempfile import subprocess -import os import sys import ujson import argparse @@ -62,47 +60,45 @@ if __name__ == '__main__': inputargs = parser.parse_args() result = {'details': [], 'total_entries': 0} - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-s', 'state'], stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - data = output_stream.read().decode().strip() - if data.count('\n') > 2: - for line in data.split('\n'): - parts = line.split() - if len(parts) >= 6: - # count total number of state table entries - result['total_entries'] += 1 - # apply filter when provided - if inputargs.filter != "" and line.lower().find(inputargs.filter) == -1: - continue - # limit results - if inputargs.limit.isdigit() and len(result['details']) >= int(inputargs.limit): - continue - record = dict() - record['nat_addr'] = None - record['nat_port'] = None - record['iface'] = parts[0] - record['proto'] = parts[1] - record['src_addr'] = parse_address(parts[2])['addr'] - record['src_port'] = parse_address(parts[2])['port'] - record['ipproto'] = parse_address(parts[2])['ipproto'] + sp = subprocess.run(['/sbin/pfctl', '-s', 'state'], capture_output=True, text=True) + data = sp.stdout.strip() + if data.count('\n') > 2: + for line in data.split('\n'): + parts = line.split() + if len(parts) >= 6: + # count total number of state table entries + result['total_entries'] += 1 + # apply filter when provided + if inputargs.filter != "" and line.lower().find(inputargs.filter) == -1: + continue + # limit results + if inputargs.limit.isdigit() and len(result['details']) >= int(inputargs.limit): + continue + record = dict() + record['nat_addr'] = None + record['nat_port'] = None + record['iface'] = parts[0] + record['proto'] = parts[1] + record['src_addr'] = parse_address(parts[2])['addr'] + record['src_port'] = parse_address(parts[2])['port'] + record['ipproto'] = parse_address(parts[2])['ipproto'] - if parts[3].find('(') > -1: - # NAT enabled - record['nat_addr'] = parts[3][1:].split(':')[0] - record['nat_port'] = parts[3].split(':')[1][:-1] + if parts[3].find('(') > -1: + # NAT enabled + record['nat_addr'] = parts[3][1:].split(':')[0] + record['nat_port'] = parts[3].split(':')[1][:-1] - record['dst_addr'] = parse_address(parts[-2])['addr'] - record['dst_port'] = parse_address(parts[-2])['port'] + record['dst_addr'] = parse_address(parts[-2])['addr'] + record['dst_port'] = parse_address(parts[-2])['port'] - if parts[-3] == '->': - record['direction'] = 'out' - else: - record['direction'] = 'in' + if parts[-3] == '->': + record['direction'] = 'out' + else: + record['direction'] = 'in' - record['state'] = parts[-1] + record['state'] = parts[-1] - result['details'].append(record) + result['details'].append(record) result['total'] = len(result['details']) diff --git a/src/opnsense/scripts/filter/list_table.py b/src/opnsense/scripts/filter/list_table.py index 36e93c16f..50f84451e 100755 --- a/src/opnsense/scripts/filter/list_table.py +++ b/src/opnsense/scripts/filter/list_table.py @@ -29,40 +29,33 @@ returns the contents of a pf table (optional as a json container) usage : list_table.py [tablename] [optional|json] """ -import tempfile import subprocess -import os import sys import ujson if __name__ == '__main__': result = dict() if len(sys.argv) > 1: - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-t', sys.argv[1], '-vT', 'show'], - stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.write(b'\n') # always make sure we have a final line-ending - output_stream.seek(0) - prev_entry='' - statistics=dict() - for rline in output_stream: - line = rline.decode() - if not line.startswith('\t'): - this_entry = line.strip() - if len(prev_entry) > 0: - result[prev_entry] = statistics - prev_entry = this_entry - statistics=dict() - else: - parts = line.split() - if len(parts) > 6: - if parts[3].isdigit() and parts[5].isdigit(): - pkts=int(parts[3]) - bytes=int(parts[5]) - topic = parts[0].lower().replace('/', '_').replace(':', '') - if pkts > 0: - statistics['%s_p' % topic] = pkts - statistics['%s_b' % topic] = bytes + sp = subprocess.run(['/sbin/pfctl', '-t', sys.argv[1], '-vT', 'show'], capture_output=True, text=True) + prev_entry='' + statistics=dict() + for line in sp.stdout.split('\n') + []: + if not line.startswith('\t'): + this_entry = line.strip() + if len(prev_entry) > 0: + result[prev_entry] = statistics + prev_entry = this_entry + statistics=dict() + else: + parts = line.split() + if len(parts) > 6: + if parts[3].isdigit() and parts[5].isdigit(): + pkts=int(parts[3]) + bytes=int(parts[5]) + topic = parts[0].lower().replace('/', '_').replace(':', '') + if pkts > 0: + statistics['%s_p' % topic] = pkts + statistics['%s_b' % topic] = bytes # handle command line argument (type selection) if len(sys.argv) > 2 and sys.argv[2] == 'json': diff --git a/src/opnsense/scripts/filter/list_tables.py b/src/opnsense/scripts/filter/list_tables.py index 972810e4d..d7632cb45 100755 --- a/src/opnsense/scripts/filter/list_tables.py +++ b/src/opnsense/scripts/filter/list_tables.py @@ -28,20 +28,15 @@ -------------------------------------------------------------------------------------- returns a list of pf tables (optional as a json container) """ -import tempfile import subprocess -import os import sys import ujson if __name__ == '__main__': result = [] - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-sT'], stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - for line in output_stream.read().decode().strip().split('\n'): - result.append(line.strip()) - + sp = subprocess.run(['/sbin/pfctl', '-sT'], capture_output=True, text=True) + for line in sp.stdout.strip().split('\n'): + result.append(line.strip()) # handle command line argument (type selection) if len(sys.argv) > 1 and sys.argv[1] == 'json': print(ujson.dumps(result)) diff --git a/src/opnsense/scripts/filter/pfinfo.py b/src/opnsense/scripts/filter/pfinfo.py index 63bb78d20..fb016cef4 100755 --- a/src/opnsense/scripts/filter/pfinfo.py +++ b/src/opnsense/scripts/filter/pfinfo.py @@ -29,19 +29,15 @@ returns raw pf info (optional packed in a json container) """ import collections -import tempfile import subprocess -import os import sys import ujson if __name__ == '__main__': result = collections.OrderedDict() for stattype in ['info', 'memory', 'timeouts', 'Interfaces', 'rules']: - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-vvs'+stattype], stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - result[stattype] = output_stream.read().decode().strip() + sp = subprocess.run(['/sbin/pfctl', '-vvs'+stattype], capture_output=True, text=True) + result[stattype] = sp.stdout.strip() # handle command line argument (type selection) if len(sys.argv) > 1 and sys.argv[1] == 'json': diff --git a/src/opnsense/scripts/filter/read_log.py b/src/opnsense/scripts/filter/read_log.py index a7dd674de..46104885a 100755 --- a/src/opnsense/scripts/filter/read_log.py +++ b/src/opnsense/scripts/filter/read_log.py @@ -33,7 +33,6 @@ import sys from hashlib import md5 import argparse import ujson -import tempfile import subprocess sys.path.insert(0, "/usr/local/opnsense/site-python") from log_helper import reverse_log_reader, fetch_clog @@ -85,19 +84,16 @@ def fetch_rule_details(): rule_map[rule_md5] = ''.join(lbl.split('"')[2:]).strip().strip('# : ') # use pfctl to create a list per rule number with the details found - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-vvPsr'], - stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - for line in output_stream.read().decode().strip().split('\n'): - if line.startswith('@'): - line_id = line.split()[0][1:] - if line.find(' label ') > -1: - rid = ''.join(line.split(' label ')[-1:]).strip()[1:-1] - if rid in rule_map: - result[line_id] = {'rid': rid, 'label': rule_map[rid]} - else: - result[line_id] = {'rid': None, 'label': rid} + sp = subprocess.run(['/sbin/pfctl', '-vvPsr'], capture_output=True, text=True) + for line in sp.stdout.strip().split('\n'): + if line.startswith('@'): + line_id = line.split()[0][1:] + if line.find(' label ') > -1: + rid = ''.join(line.split(' label ')[-1:]).strip()[1:-1] + if rid in rule_map: + result[line_id] = {'rid': rid, 'label': rule_map[rid]} + else: + result[line_id] = {'rid': None, 'label': rid} return result diff --git a/src/opnsense/scripts/filter/rule_stats.py b/src/opnsense/scripts/filter/rule_stats.py index 1669dde8a..d7722cebc 100755 --- a/src/opnsense/scripts/filter/rule_stats.py +++ b/src/opnsense/scripts/filter/rule_stats.py @@ -36,40 +36,37 @@ import subprocess if __name__ == '__main__': results = dict() hex_digits = set("0123456789abcdef") - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-sr', '-v'], stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.write(b'\n') # always make sure we have a final line-ending - output_stream.seek(0) - stats = dict() - prev_line = '' - for rline in output_stream: - line = rline.decode().strip() - if len(line) == 0 or line[0] != '[': - if prev_line.find(' label ') > -1: - lbl = prev_line.split(' label ')[-1] - if lbl.count('"') >= 2: - rule_md5 = lbl.split('"')[1] - if len(rule_md5) == 32 and set(rule_md5).issubset(hex_digits): - if rule_md5 in results: - # aggregate raw pf rules (a single rule in out ruleset could be expanded) - for key in stats: - if key in results[rule_md5]: - if key == 'pf_rules': - results[rule_md5][key] += 1 - else: - results[rule_md5][key] += stats[key] + sp = subprocess.run(['/sbin/pfctl', '-sr', '-v'], capture_output=True, text=True) + stats = dict() + prev_line = '' + for rline in sp.stdout.split('\n') + []: + line = rline.strip() + if len(line) == 0 or line[0] != '[': + if prev_line.find(' label ') > -1: + lbl = prev_line.split(' label ')[-1] + if lbl.count('"') >= 2: + rule_md5 = lbl.split('"')[1] + if len(rule_md5) == 32 and set(rule_md5).issubset(hex_digits): + if rule_md5 in results: + # aggregate raw pf rules (a single rule in out ruleset could be expanded) + for key in stats: + if key in results[rule_md5]: + if key == 'pf_rules': + results[rule_md5][key] += 1 else: - results[rule_md5][key] = stats[key] - else: - results[rule_md5] = stats - # reset for next rule - prev_line = line - stats = {'pf_rules': 1} - elif line[0] == '[' and line.find('Evaluations') > 0: - parts = line.strip('[ ]').replace(':', ' ').split() - for i in range(0, len(parts)-1, 2): - if parts[i+1].isdigit(): - stats[parts[i].lower()] = int(parts[i+1]) + results[rule_md5][key] += stats[key] + else: + results[rule_md5][key] = stats[key] + else: + results[rule_md5] = stats + # reset for next rule + prev_line = line + stats = {'pf_rules': 1} + elif line[0] == '[' and line.find('Evaluations') > 0: + parts = line.strip('[ ]').replace(':', ' ').split() + for i in range(0, len(parts)-1, 2): + if parts[i+1].isdigit(): + stats[parts[i].lower()] = int(parts[i+1]) # output print (ujson.dumps(results)) diff --git a/src/opnsense/scripts/filter/update_tables.py b/src/opnsense/scripts/filter/update_tables.py index e69b7e2ba..8a6ea1dd5 100755 --- a/src/opnsense/scripts/filter/update_tables.py +++ b/src/opnsense/scripts/filter/update_tables.py @@ -36,7 +36,6 @@ import json import urllib3 import xml.etree.cElementTree as ET import syslog -import tempfile import subprocess import glob from lib.alias import Alias @@ -142,36 +141,30 @@ if __name__ == '__main__': alias_content_txt = "" alias_pf_content = list() - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-t', alias_name, '-T', 'show'], - stdout=output_stream, stderr=open(os.devnull, 'wb')) - output_stream.seek(0) - for line in output_stream.read().decode().strip().split('\n'): - line = line.strip() - if line: - alias_pf_content.append(line) + sp = subprocess.run(['/sbin/pfctl', '-t', alias_name, '-T', 'show'], capture_output=True, text=True) + for line in sp.stdout.strip().split('\n'): + line = line.strip() + if line: + alias_pf_content.append(line) if (len(alias_content) != len(alias_pf_content) or alias_changed_or_expired) and alias.get_parser(): # if the alias is changed, expired or the one in memory has a different number of items, load table # (but only if we know how to handle this alias type) if len(alias_content) == 0: # flush when target is empty - subprocess.call(['/sbin/pfctl', '-t', alias_name, '-T', 'flush'], - stdout=open(os.devnull, 'wb'), stderr=open(os.devnull, 'wb')) + subprocess.run(['/sbin/pfctl', '-t', alias_name, '-T', 'flush'], capture_output=True) else: # replace table contents with collected alias - with tempfile.NamedTemporaryFile() as output_stream: - subprocess.call(['/sbin/pfctl', '-t', alias_name, '-T', 'replace', '-f', - '/var/db/aliastables/%s.txt' % alias_name], - stdout=open(os.devnull, 'wb'), stderr=output_stream) - output_stream.seek(0) - error_output = output_stream.read().decode().strip() - if error_output.find('pfctl: ') > -1: - result['status'] = 'error' - if 'messages' not in result: - result['messages'] = list() - if error_output not in result['messages']: - result['messages'].append(error_output.replace('pfctl: ', '')) + sp = subprocess.run(['/sbin/pfctl', '-t', alias_name, '-T', 'replace', '-f', + '/var/db/aliastables/%s.txt' % alias_name], capture_output=True, text=True) + + error_output = sp.stdout.strip() + if error_output.find('pfctl: ') > -1: + result['status'] = 'error' + if 'messages' not in result: + result['messages'] = list() + if error_output not in result['messages']: + result['messages'].append(error_output.replace('pfctl: ', '')) # cleanup removed aliases to_remove = dict() for filename in glob.glob('/var/db/aliastables/*.txt'): @@ -182,10 +175,7 @@ if __name__ == '__main__': to_remove[aliasname].append(filename) for aliasname in to_remove: syslog.syslog(syslog.LOG_NOTICE, 'remove old alias %s' % aliasname) - subprocess.call( - ['/sbin/pfctl', '-t', aliasname, '-T', 'kill'], - stdout=open(os.devnull, 'wb'), stderr=open(os.devnull, 'wb') - ) + subprocess.run(['/sbin/pfctl', '-t', aliasname, '-T', 'kill'], capture_output=True) for filename in to_remove[aliasname]: os.remove(filename)