Public/fhem-mirror
1
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-05-04 22:19:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

34_ESPEasy.pm: add IPv6 ULA to local IPs, add regexps to ACLs

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk@14489 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
dev0 2017-06-10 08:13:00 +00:00
parent 2b7292c150
commit ba738d33a7
2 changed files with 71 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fhem/CHANGED
View File

@ -1,5 +1,6 @@
# Add changes at the top of the list. Keep it in ASCII, and 80-char wide. # Add changes at the top of the list. Keep it in ASCII, and 80-char wide.
# Do not insert empty lines here, update check depends on it. # Do not insert empty lines here, update check depends on it.
- change: 34_ESPEasy: add IPv6 ULA to local IPs, add regexps to ACLs
- bugfix: 93_DbLog: V2.16.11, lock SQLite from logging if deleteOldDaysNbl - bugfix: 93_DbLog: V2.16.11, lock SQLite from logging if deleteOldDaysNbl
or reduceLogNbL is running in async mode or reduceLogNbL is running in async mode
- feature: ESPEasy: improved dual ip stack support - feature: ESPEasy: improved dual ip stack support

96
fhem/FHEM/34_ESPEasy.pm
View File

@ -36,7 +36,7 @@ use Color;
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# global/default values # global/default values
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
my $module_version = 1.15; # Version of this module my $module_version = 1.16; # Version of this module
my $minEEBuild = 128; # informational my $minEEBuild = 128; # informational
my $minJsonVersion = 1.02; # checked in received data my $minJsonVersion = 1.02; # checked in received data
@ -56,6 +56,9 @@ my $d_displayTextWidth = 0; # display width, 0 => disable formating
my $d_allowedIPs = "192.168.0.0/16,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12," my $d_allowedIPs = "192.168.0.0/16,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,"
. "fe80::/10,fc00::/7,::1"; . "fe80::/10,fc00::/7,::1";
my $d_localIPs = "^(127|192.168|172.(1[6-9]|2[0-9]|3[01])|10|169.254)\\.|"
. "^(f(e[89ab]|[cd])|::1)";
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# "setCmds" => "min. number of parameters" # "setCmds" => "min. number of parameters"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -609,11 +612,9 @@ sub ESPEasy_Read($) {
my $logHeader = { %$header }; my $logHeader = { %$header };
# public IPs # public IPs
my $re = "^(127|192.168|172.(1[6-9]|2[0-9]|3[01])|10|169.254)\\.|" if (!defined $logHeader->{Authorization} && $peer !~ m/$d_localIPs/) {
. "^(fe[89ab]|::1)"; Log3 $bname, 2, "$btype $name: No basic auth set while using public IP "
if (!defined $logHeader->{Authorization} && $peer !~ m/$re/) { . "address $peer";
Log3 $bname, 2, "$btype $name: No basic auth set while using a public IP "
. "address from peer $peer."
} }
$logHeader->{Authorization} =~ s/Basic\s.*\s/Basic ***** / if defined $logHeader->{Authorization}; $logHeader->{Authorization} =~ s/Basic\s.*\s/Basic ***** / if defined $logHeader->{Authorization};
@ -917,8 +918,8 @@ sub ESPEasy_Attr(@)
if $cmd eq "set" && !(ESPEasy_isAttrCombineDevices($aVal) || $aVal =~ m/^[01]$/ )} if $cmd eq "set" && !(ESPEasy_isAttrCombineDevices($aVal) || $aVal =~ m/^[01]$/ )}
elsif ($aName =~ m/^(allowedIPs|deniedIPs)$/) { elsif ($aName =~ m/^(allowedIPs|deniedIPs)$/) {
$ret = "ip[/netmask][,ip[/netmask]][,...]" $ret = "[comma separated list of] ip[/netmask] or a regexp"
if $cmd eq "set" && !ESPEasy_isIPv64Range($aVal)} if $cmd eq "set" && !ESPEasy_isIPv64Range($aVal,"regexp")}
elsif ($aName =~ m/^(pollGPIOs|rgbGPIOs|wwcwGPIOs)$/) { elsif ($aName =~ m/^(pollGPIOs|rgbGPIOs|wwcwGPIOs)$/) {
$ret = "GPIO_No[,GPIO_No][...]" $ret = "GPIO_No[,GPIO_No][...]"
@ -2312,12 +2313,13 @@ sub ESPEasy_isValidPeer($)
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# check if given ip or ip range is guilty # check if given ip or ip range is guilty
# argument can be: # argument can be:
# - ipv4, ipv4/CIDR, ipv4/dotted, ipv6, ipv6/CIDR # - ipv4, ipv4/CIDR, ipv4/dotted, ipv6, ipv6/CIDR (or a regexp if opt. argument
# $regexChk is set)
# - space or comma separated list of above. # - space or comma separated list of above.
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
sub ESPEasy_isIPv64Range($) sub ESPEasy_isIPv64Range($;$)
{ {
my ($addr) = @_; my ($addr,$regexChk) = @_;
return 0 if !defined $addr; return 0 if !defined $addr;
my @ranges = split(/,| /,$addr); my @ranges = split(/,| /,$addr);
foreach (@ranges) { foreach (@ranges) {
@ -2329,6 +2331,11 @@ sub ESPEasy_isIPv64Range($)
elsif (ESPEasy_isIPv6($ip)) { elsif (ESPEasy_isIPv6($ip)) {
return 0 if defined $nm && !ESPEasy_isNmCIDRv6($nm); return 0 if defined $nm && !ESPEasy_isNmCIDRv6($nm);
} }
elsif (defined $regexChk && !defined $nm) {
return 0 if $ip =~ m/^\*/ || $ip =~ m/^\d+\.\d+\.\d+\.\d+$/; # faulty regexp/ip
eval { "Hallo" =~ m/^$ip$/ };
return $@ ? 0 : 1;
}
else { else {
return 0; return 0;
} }
@ -2347,10 +2354,10 @@ sub ESPEasy_isPeerAllowed($$)
my ($peer,$allowed) = @_; my ($peer,$allowed) = @_;
return $allowed if $allowed =~ m/^[01]$/; return $allowed if $allowed =~ m/^[01]$/;
#return 1 if $allowed =~ /^0.0.0.0\/0(.0.0.0)?$/; # not necessary but faster #return 1 if $allowed =~ /^0.0.0.0\/0(.0.0.0)?$/; # not necessary but faster
my $binPeer = ESPEasy_ip2bin($peer); my $binPeer = ESPEasy_ip2bin($peer);
my @a = split(/,| /,$allowed); my @a = split(/,| /,$allowed);
foreach (@a) { foreach (@a) {
return 1 if $peer =~ m/^$_$/; # a regexp is been used
next if !ESPEasy_isIPv64Range($_); # needed for combinedDevices next if !ESPEasy_isIPv64Range($_); # needed for combinedDevices
my ($addr,$ip,$mask) = ESPEasy_addrToCIDR($_); my ($addr,$ip,$mask) = ESPEasy_addrToCIDR($_);
return 0 if !defined $ip || !defined $mask; # return if ip or mask !guilty return 0 if !defined $ip || !defined $mask; # return if ip or mask !guilty
@ -2576,7 +2583,11 @@ sub ESPEasy_removeGit($)
port and the FHEM ESPEasy bridge port must be the same. port and the FHEM ESPEasy bridge port must be the same.
</li> </li>
<li>Max. 2 ESPEasy bridges can be defined at the same time: 1 for IPv4 and <li>Max. 2 ESPEasy bridges can be defined at the same time: 1 for IPv4 and
1 for IPv6 1 for IPv6
</li>
<li>Further information about this module is available here:
<a href="https://forum.fhem.de/index.php/topic,55728.0.html">Forum #55728
</a>
</li> </li>
<br> <br>
</ul> </ul>
@ -2653,7 +2664,7 @@ sub ESPEasy_removeGit($)
<ul> <ul>
<li><a name="">help</a><br> <li><a name="">help</a><br>
Shows set command usage<br> Shows set command usage<br>
required values: <code>help|pass|user</code></li><br> required values: <code>help|pass|user|clearQueue</code></li><br>
<li><a name="">clearQueue</a><br> <li><a name="">clearQueue</a><br>
Used to erase all command queues.<br> Used to erase all command queues.<br>
@ -2682,15 +2693,47 @@ sub ESPEasy_removeGit($)
<li><a name="ESPEasy_allowedIPs">allowedIPs</a><br> <li><a name="ESPEasy_allowedIPs">allowedIPs</a><br>
Used to limit IPs or IP ranges of ESPs which are allowed to commit data. Used to limit IPs or IP ranges of ESPs which are allowed to commit data.
<br> <br>
Specify comma separated list of IPs or IP ranges. Netmask can be written Specify IP, IP/netmask, regexp or a comma separated list of these values.
as bitmask or dotted decimal. Domain names for dns lookups are not Netmask can be written as bitmask or dotted decimal. Domain names for dns
supported.<br> lookups are not supported.<br>
Possible values: IPv64 address, IPv64/netmask<br> Possible values: IPv64 address, IPv64/netmask, regexp<br>
Default: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fe80::/10,::1 Default: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16,
<br> fe80::/10, fc00::/7, ::1
Eg. 10.68.30.147<br> <br><br>
Eg. 10.68.30.0/24,10.68.31.0/255.255.248.0<br> Examles:<br>
Eg. fe80::/10,2001:1a59:50a9::/48,2002:1a59:50a9::,2003:1a59:50a9:acdc::36
<table><tr><td>
10.68.30.147
</td><td>
=&gt; IPv4 single address
</td></tr><tr><td>
10.68.30.0/25
</td><td>
=&gt; IPv4 CIDR network 192.168.30.0-127
</td></tr><tr><td>
10.68.30.8/255.255.248.0
</td><td>
=&gt; IPv4 CIDR network 192.168.30.8-15
</td></tr><tr><td>
192.168.30.1([0-4][0-9]|50)
</td><td>
=&gt; IPv4 range w/ regexp: 192.168.30.100-150
</td></tr><tr><td>
2001:1a59:50a9::aaaa
</td><td>
=&gt; IPv6 single address
</td></tr><tr><td>
2001:1a59:50a9::/48
</td><td>
=&gt; IPv6 network 2001:1a59:50a9::/48
</td></tr><tr><td>
2001:1a59:50a9::01[0-4][0-9]
</td><td>
=&gt; IPv6 range w/ regexp: 2001:1a59:50a9::0100-0149
</tr></td>
</table>
<span style="font-size:small;">Note that short IPv6 notation (::) must be
used in conjunction with regexps.</span>
</li><br> </li><br>
<li><a name="ESPEasy_authentication">authentication</a><br> <li><a name="ESPEasy_authentication">authentication</a><br>
@ -2782,7 +2825,7 @@ sub ESPEasy_removeGit($)
received by the bridge device and autocreate is not disabled. If you received by the bridge device and autocreate is not disabled. If you
configured your ESP in a way that no data is send independently then you configured your ESP in a way that no data is send independently then you
have to define logical devices. At least wifi rssi value could be defined have to define logical devices. At least wifi rssi value could be defined
to use autocreate.<br><br> to use autocreate and presence detection.<br><br>
<code>define &lt;name&gt; ESPEasy &lt;ip|fqdn&gt; &lt;port&gt; <code>define &lt;name&gt; ESPEasy &lt;ip|fqdn&gt; &lt;port&gt;
&lt;IODev&gt; &lt;identifier&gt;</code><br><br> &lt;IODev&gt; &lt;identifier&gt;</code><br><br>
@ -3156,7 +3199,8 @@ sub ESPEasy_removeGit($)
reading of a device is newer than <a href="#ESPEasy_Interval">interval</a> reading of a device is newer than <a href="#ESPEasy_Interval">interval</a>
seconds then it is marked as being present. This kind of check works for seconds then it is marked as being present. This kind of check works for
ESP devices in deep sleep too but require at least 1 reading that is ESP devices in deep sleep too but require at least 1 reading that is
updated regularly.<br> updated regularly. Therefore the ESP must send the corresponding data
regularly (ESP device option "delay").<br>
Possible values: 0,1<br> Possible values: 0,1<br>
Default: 1 (enabled)</li><br> Default: 1 (enabled)</li><br>
@ -3186,7 +3230,7 @@ sub ESPEasy_removeGit($)
Specify a module command or comma separated list of commands as argument. Specify a module command or comma separated list of commands as argument.
Commands are case insensitive.<br> Commands are case insensitive.<br>
Only necessary if ESPEasy software plugins do not send their data Only necessary if ESPEasy software plugins do not send their data
independently. Useful for commands line STATUS, PWM, ...<br> independently. Useful for commands like STATUS, PWM, ...<br>
Possible values: &lt;set cmd&gt;[,&lt;set cmd&gt;][,...]<br> Possible values: &lt;set cmd&gt;[,&lt;set cmd&gt;][,...]<br>
Default: status<br> Default: status<br>
Eg. <code>attr ESPxx parseCmdResponse status,pwm</code></li><br> Eg. <code>attr ESPxx parseCmdResponse status,pwm</code></li><br>