Tailing the log now longer highlights blocked queries

zerbey · July 14, 2021, 4:19pm

Blocked queries used to show up red, this stopped happening with the latest beta (pihole -t).

Pi-hole vDev (release/v5.4, v5.3.1-49-ga52a5e7e)
Web Interface vDev (release/v5.6, v5.5-44-g4e1f7c2)
FTL vDev (release/v5.9, vDev-c5f4931)

jfb · July 14, 2021, 7:12pm

Mine are showing in color:

  Pi-hole version is release/v5.4 v5.3.1-49-ga52a5e7e (Latest: v5.3.1)
  AdminLTE version is release/v5.6 v5.5-44-g4e1f7c2 (Latest: v5.5)
  FTL version is release/v5.9 vDev-c5f4931 (Latest: v5.8.1)

yubiuser · July 14, 2021, 7:37pm

What is the blocking mode you use?
Using NODATA I also get nothing in red, but using NULL I get the red colored output.

jfb · July 14, 2021, 7:43pm

NULL.

zerbey · July 14, 2021, 10:18pm

BLOCKINGMODE=IP-NODATA-AAAA

By setting it to NULL I get the red text again.

yubiuser · July 15, 2021, 7:06pm

Can you please post the output of

dig flurry.com

from a client device?

zerbey · July 15, 2021, 11:14pm

With blocking mode set to BLOCKINGMODE=IP-NODATA-AAAA:

$ dig @192.168.1.10 flurry.com

; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.1.10 flurry.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47714
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;flurry.com.                    IN      A

;; ANSWER SECTION:
flurry.com.             2       IN      A       192.168.1.10

;; Query time: 4 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Thu Jul 15 19:12:51 EDT 2021
;; MSG SIZE  rcvd: 55

Jul 15 19:13:38: query[A] flurry.com from 192.168.1.10
Jul 15 19:13:38: gravity blocked flurry.com is 192.168.1.10

Output was not red.

And if I set blocking mode to NULL I get 0.0.0.0 in the output as expected and it's coloured red.

yubiuser · July 16, 2021, 7:16pm

With IP-NODATA-AAAA Pi.hole will return it's own IP on A requests for blocked domains. In your case 192.168.1.10 the code that colors the output red does only look for certain strings in the logs and colors them red

github.com

pi-hole/pi-hole/blob/a52a5e7ef2e202e386ae8362788c4e47ea308278/pihole#L372

    
      
              echo "  ${CROSS} Warning: Query logging is disabled"
            fi
            echo -e "  ${INFO} Press Ctrl-C to exit"
          
          
  # Strip date from each line
            # Color blocklist/blacklist/wildcard entries as red
            # Color A/AAAA/DHCP strings as white
            # Color everything else as gray
            tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \
              -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
              -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN).*),${COL_RED}&${COL_NC}," \
              -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
              -e "s,.*,${COL_GRAY}&${COL_NC},"
            exit 0
          }
          
          
piholeCheckoutFunc() {
            if [[ "$2" == "-h" ]] || [[ "$2" == "--help" ]]; then
              echo "Usage: pihole checkout [repo] [branch]
          Example: 'pihole checkout master' or 'pihole checkout core dev'
          Switch Pi-hole subsystems to a different GitHub branch

There was a certain change which removed the IP which was "hard coded" in setupVars.conf from this line.

@DL6ER
Unintended side effect of:

DL6ER · July 16, 2021, 7:34pm

Why do we need to differentiate based on the returned address at all? It may be everything with IP blocking modes.

If the string contains (blacklisted |gravity blocked ) isn't this sufficient to add red color? Regardless of what the blocking mode is? Why would we check for any address in addition to these unique strings?

yubiuser · July 16, 2021, 7:39pm

It should... but it's not working (anymore). I set it toIP-NODATA-AAAA and got the second line grey colored

Bildschirmfoto zu 2021-07-16 21-39-33

DL6ER · July 16, 2021, 7:41pm

Oh yes, I meant we should change the filter to be less strict as a suggestion.

Like

--e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN).*),${COL_RED}&${COL_NC}," \
+-e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \

(without having tested this myself)

yubiuser · July 16, 2021, 7:48pm

DL6ER:

Like

--e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN).*),${COL_RED}&${COL_NC}," \
+-e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \

(without having tested this myself)

Works like charm

Bildschirmfoto zu 2021-07-16 21-47-49

yubiuser · July 16, 2021, 7:56pm

github.com/pi-hole/pi-hole

Fix coloring of pihole -t

pi-hole:development ← yubiuser:fix_coloring

opened 07:56PM - 16 Jul 21 UTC

yubiuser

+1 -1

**By submitting this pull request, I confirm the following:** *please fill any… appropriate checkboxes, e.g: [X]* - [x] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md), as well as this entire template. - [x] I have made only one major change in my proposed changes. - [x] I have commented my proposed changes within the code. - [x] I have tested my proposed changes, and have included unit tests where possible. - [x] I am willing to help maintain this change if there are issues with it later. - [x] I give this submission freely and claim no ownership. - [x] It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) - [x] I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) Please make sure you [Sign Off](https://github.com/pi-hole/pi-hole/wiki/How-to-signoff-your-commits.) all commits. Pi-hole enforces the [DCO](https://github.com/pi-hole/pi-hole/wiki/Contributing-to-the-project). --- **What does this PR aim to accomplish?:** Simplifies the code for coloring the output of `pihole -t` in red for blocked queries. This is broken in the current beta version of Pi-hole using an `IP` or `IP-NODATA-AAAA` blocking mode as reported [here](https://discourse.pi-hole.net/t/tailing-the-log-now-longer-highlights-blocked-queries/48264). Fix proposed by @DL6ER

zerbey · July 16, 2021, 9:20pm

Thanks!

DL6ER · July 17, 2021, 8:50am

The beta has been updated.

zerbey · July 17, 2021, 4:29pm

Confirming functionality has returned in the latest beta.