diff --git a/config/calamaris/mkreport b/config/calamaris/mkreport index 53db9d571..ee831624c 100644 --- a/config/calamaris/mkreport +++ b/config/calamaris/mkreport @@ -94,7 +94,7 @@ sub processlogfiles { if ($filestr =~ /access\.log/) { open (LOG,"gzip -dc $filestr |"); - foreach () { + while () { if (substr($_,0,10) >= $date_from) { if (substr($_,0,10) <= $date_to) { print TMPLOG "$_"; } } } close(LOG); @@ -106,7 +106,7 @@ sub processlogfiles { if ($filestr =~ /access\.log/) { open (LOG,$filestr); - foreach () { + while () { if (substr($_,0,10) >= $date_from) { if (substr($_,0,10) <= $date_to) { print TMPLOG "$_"; } } } close(LOG); diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index adab51bc1..3c0b398d3 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -5,6 +5,7 @@ usr/local/bin/backupctrl usr/local/bin/dhcpctrl usr/local/bin/extrahdctrl usr/local/bin/fireinfoctrl +usr/local/bin/getconntracktable usr/local/bin/getipstat usr/local/bin/getiptstate #usr/local/bin/iowrap diff --git a/config/rootfiles/core/61/filelists/files b/config/rootfiles/core/61/filelists/files index 56981ed01..55fbcf19f 100644 --- a/config/rootfiles/core/61/filelists/files +++ b/config/rootfiles/core/61/filelists/files @@ -2,8 +2,14 @@ etc/system-release etc/issue etc/rc.d/init.d/collectd opt/pakfire/lib/functions.sh +srv/web/ipfire/cgi-bin/credits.cgi srv/web/ipfire/cgi-bin/index.cgi +srv/web/ipfire/cgi-bin/connections.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/proxy.cgi +srv/web/ipfire/cgi-bin/services.cgi var/ipfire/general-functions.pl var/ipfire/langs +var/ipfire/proxy/calamaris/bin/mkreport +usr/local/bin/getconntracktable usr/sbin/redirect_wrapper diff --git a/config/rootfiles/core/61/filelists/fireinfo b/config/rootfiles/core/61/filelists/fireinfo new file mode 120000 index 000000000..c46115521 --- /dev/null +++ b/config/rootfiles/core/61/filelists/fireinfo @@ -0,0 +1 @@ +../../../common/fireinfo \ No newline at end of file diff --git a/config/rootfiles/core/61/filelists/openvpn b/config/rootfiles/core/61/filelists/openvpn new file mode 120000 index 000000000..493f3f7a4 --- /dev/null +++ b/config/rootfiles/core/61/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/61/filelists/pam b/config/rootfiles/core/61/filelists/pam new file mode 120000 index 000000000..660a1d80e --- /dev/null +++ b/config/rootfiles/core/61/filelists/pam @@ -0,0 +1 @@ +../../../common/pam \ No newline at end of file diff --git a/config/rootfiles/core/62/exclude b/config/rootfiles/core/62/exclude new file mode 100644 index 000000000..7360266bd --- /dev/null +++ b/config/rootfiles/core/62/exclude @@ -0,0 +1,12 @@ +srv/web/ipfire/html/proxy.pac +etc/udev/rules.d/30-persistent-network.rules +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +var/updatecache +etc/localtime +var/ipfire/ovpn +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf diff --git a/config/rootfiles/core/62/filelists/files b/config/rootfiles/core/62/filelists/files new file mode 100644 index 000000000..409e5fe8a --- /dev/null +++ b/config/rootfiles/core/62/filelists/files @@ -0,0 +1,2 @@ +etc/system-release +etc/issue diff --git a/config/rootfiles/core/62/meta b/config/rootfiles/core/62/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/core/62/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/62/update.sh b/config/rootfiles/core/62/update.sh new file mode 100644 index 000000000..0c37b836c --- /dev/null +++ b/config/rootfiles/core/62/update.sh @@ -0,0 +1,80 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2012 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# +# Remove old core updates from pakfire cache to save space... +core=62 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# +#Stop services + +# +#Extract files +extract_files + +# +#Start services + +# +#Update Language cache +#perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +#Rebuild module dep's +#arch=`uname -m` +#if [ ${arch::3} == "arm" ]; then +# depmod -a 2.6.32.45-ipfire-versatile >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-kirkwood >/dev/null 2>&1 +#else +# depmod -a 2.6.32.45-ipfire >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-pae >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-xen >/dev/null 2>&1 +#fi + + +#Rebuild initrd's because some compat-wireless modules are inside +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45.img 2.6.32.45-ipfire +#if [ -e /boot/ipfirerd-2.6.32.45-pae.img ]; then +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-pae.img 2.6.32.45-ipfire-pae +#fi +#if [ -e /boot/ipfirerd-2.6.32.45-xen.img ]; then +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-xen.img 2.6.32.45-ipfire-xen +#fi + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# +#Finish +/etc/init.d/fireinfo start +sendprofile +#Don't report the exitcode last command +exit 0 diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index 14ee20910..21f66d7b2 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2011 IPFire Team # +# Copyright (C) 2007-2012 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -19,13 +19,10 @@ # # ############################################################################### -my @network=(); -my @masklen=(); -my @colour=(); +use strict; use Net::IPv4Addr qw( :all ); - -use strict; +use Switch; # enable only the following on debugging purpose #use warnings; @@ -35,42 +32,62 @@ require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table1colour} ); -undef (@dummy); +&Header::showhttpheaders(); -# Read various files +my @network=(); +my @masklen=(); +my @colour=(); my %netsettings=(); &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -open (ACTIVE, '/usr/local/bin/getiptstate |') or die 'Unable to open ip_conntrack'; -my @active = ; -close (ACTIVE); +#workaround to suppress a warning when a variable is used only once +my @dummy = ( ${Header::table1colour} ); +undef (@dummy); + +# Read the connection tracking table. +open(CONNTRACK, "/usr/local/bin/getconntracktable | sort -k 5,5 --numeric-sort --reverse |") or die "Unable to read conntrack table"; +my @conntrack = ; +close(CONNTRACK); + +# Collect data for the @network array. + +# Add Firewall Localhost 127.0.0.1 +push(@network, '127.0.0.1'); +push(@masklen, '255.255.255.255'); +push(@colour, ${Header::colourfw}); if (open(IP, "${General::swroot}/red/local-ipaddress")) { - my $redip = ; - close(IP); - chomp $redip; - push(@network, $redip); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourfw} ); + my $redip = ; + close(IP); + + chomp $redip; + push(@network, $redip); + push(@masklen, '255.255.255.255'); + push(@colour, ${Header::colourfw}); } -my @vpn = `/usr/local/bin/ipsecctrl I 2>/dev/null|grep erouted|cut -d"]" -f3|cut -d"=" -f4|cut -d";" -f1| sed "s|/| |g"`; - foreach my $route (@vpn) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - if ( $temp[0] eq '$redip' ){next;} - push(@network, $temp[0]); - push(@masklen, $temp[1]); - push(@colour, ${Header::colourvpn} ); - } +# Add STATIC RED aliases +if ($netsettings{'RED_DEV'}) { + my $aliasfile = "${General::swroot}/ethernet/aliases"; + open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; + my @aliases = ; + close(ALIASES); -my $aliasfile = "${General::swroot}/ethernet/aliases"; -open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; -my @aliases = ; -close(ALIASES); + # We have a RED eth iface + if ($netsettings{'RED_TYPE'} eq 'STATIC') { + # We have a STATIC RED eth iface + foreach my $line (@aliases) { + chomp($line); + my @temp = split(/\,/,$line); + if ($temp[0]) { + push(@network, $temp[0]); + push(@masklen, $netsettings{'RED_NETMASK'} ); + push(@colour, ${Header::colourfw} ); + } + } + } +} # Add Green Firewall Interface push(@network, $netsettings{'GREEN_ADDRESS'}); @@ -85,32 +102,11 @@ push(@colour, ${Header::colourgreen} ); # Add Green Routes to Array my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`; foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourgreen} ); -} - -# Add Firewall Localhost 127.0.0.1 -push(@network, '127.0.0.1'); -push(@masklen, '255.255.255.255' ); -push(@colour, ${Header::colourfw} ); - -# Add Orange Network -if ($netsettings{'ORANGE_DEV'}) { - push(@network, $netsettings{'ORANGE_NETADDRESS'}); - push(@masklen, $netsettings{'ORANGE_NETMASK'} ); - push(@colour, ${Header::colourorange} ); - # Add Orange Routes to Array - @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`; - foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourorange} ); - } + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourgreen} ); } # Add Blue Firewall Interface @@ -120,304 +116,357 @@ push(@colour, ${Header::colourfw} ); # Add Blue Network if ($netsettings{'BLUE_DEV'}) { - push(@network, $netsettings{'BLUE_NETADDRESS'}); - push(@masklen, $netsettings{'BLUE_NETMASK'} ); - push(@colour, ${Header::colourblue} ); - # Add Blue Routes to Array - @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; - foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourblue} ); - } + push(@network, $netsettings{'BLUE_NETADDRESS'}); + push(@masklen, $netsettings{'BLUE_NETMASK'} ); + push(@colour, ${Header::colourblue} ); + + # Add Blue Routes to Array + @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; + foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourblue} ); + } +} + +# Add Orange Network +if ($netsettings{'ORANGE_DEV'}) { + push(@network, $netsettings{'ORANGE_NETADDRESS'}); + push(@masklen, $netsettings{'ORANGE_NETMASK'} ); + push(@colour, ${Header::colourorange} ); + # Add Orange Routes to Array + @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`; + foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourorange} ); + } } # Add OpenVPN net and RED/BLUE/ORANGE entry (when appropriate) if (-e "${General::swroot}/ovpn/settings") { - my %ovpnsettings = (); - &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings); - my @tempovpnsubnet = split("\/",$ovpnsettings{'DOVPN_SUBNET'}); + my %ovpnsettings = (); + &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings); + my @tempovpnsubnet = split("\/",$ovpnsettings{'DOVPN_SUBNET'}); - # add OpenVPN net - push(@network, $tempovpnsubnet[0]); - push(@masklen, $tempovpnsubnet[1]); - push(@colour, ${Header::colourovpn} ); + # add OpenVPN net + push(@network, $tempovpnsubnet[0]); + push(@masklen, $tempovpnsubnet[1]); + push(@colour, ${Header::colourovpn} ); + # add BLUE:port / proto + if (($ovpnsettings{'ENABLED_BLUE'} eq 'on') && $netsettings{'BLUE_DEV'}) { + push(@network, $netsettings{'BLUE_ADDRESS'} ); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourovpn}); + } - if ( ($ovpnsettings{'ENABLED_BLUE'} eq 'on') && $netsettings{'BLUE_DEV'} ) { - # add BLUE:port / proto - push(@network, $netsettings{'BLUE_ADDRESS'} ); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourovpn} ); - } - if ( ($ovpnsettings{'ENABLED_ORANGE'} eq 'on') && $netsettings{'ORANGE_DEV'} ) { - # add ORANGE:port / proto - push(@network, $netsettings{'ORANGE_ADDRESS'} ); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourovpn} ); - } + # add ORANGE:port / proto + if (($ovpnsettings{'ENABLED_ORANGE'} eq 'on') && $netsettings{'ORANGE_DEV'}) { + push(@network, $netsettings{'ORANGE_ADDRESS'} ); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourovpn} ); + } } -# Add STATIC RED aliases -if ($netsettings{'RED_DEV'}) { - # We have a RED eth iface - if ($netsettings{'RED_TYPE'} eq 'STATIC') { - # We have a STATIC RED eth iface - foreach my $line (@aliases) - { - chomp($line); - my @temp = split(/\,/,$line); - if ( $temp[0] ) { - push(@network, $temp[0]); - push(@masklen, $netsettings{'RED_NETMASK'} ); - push(@colour, ${Header::colourfw} ); - } - } - } +open(IPSEC, "${General::swroot}/var/ipfire/vpn/config"); +my @ipsec = ; +close(IPSEC); + +foreach my $line (@ipsec) { + my @vpn = split(',', $line); + my ($network, $mask) = split("/", $vpn[12]); + + if (!&General::validip($mask)) { + $mask = ipv4_cidr2msk($mask); + } + + push(@network, $network); + push(@masklen, $mask); + push(@colour, ${Header::colourvpn}); } -# Add VPNs -if ( $vpn[0] ne 'none' ) { - foreach my $line (@vpn) { - my @temp = split(/[\t ]+/,$line); - my @temp1 = split(/[\/:]+/,$temp[3]); - push(@network, $temp1[0]); - push(@masklen, ipv4_cidr2msk($temp1[1])); - push(@colour, ${Header::colourvpn} ); - } +if (-e "${General::swroot}/ovpn/n2nconf") { + open(OVPNN2N, "${General::swroot}/ovpn/ovpnconfig"); + my @ovpnn2n = ; + close(OVPNN2N); + + foreach my $line (@ovpnn2n) { + my @ovpn = split(',', $line); + next if ($ovpn[4] ne 'net'); + + my ($network, $mask) = split("/", $ovpn[12]); + if (!&General::validip($mask)) { + $mask = ipv4_cidr2msk($mask); + } + + push(@network, $network); + push(@masklen, $mask); + push(@colour, ${Header::colourovpn}); + } } -#Establish simple filtering&sorting boxes on top of table - -our %cgiparams; -&Header::getcgihash(\%cgiparams); - -my @list_proto = ($Lang::tr{'all'}, 'icmp', 'udp', 'tcp'); -my @list_state = ($Lang::tr{'all'}, 'SYN_SENT', 'SYN_RECV', 'ESTABLISHED', 'FIN_WAIT', - 'CLOSE_WAIT', 'LAST_ACK', 'TIME_WAIT', 'CLOSE', 'LISTEN'); -my @list_mark = ($Lang::tr{'all'}, '[ASSURED]', '[UNREPLIED]'); -my @list_sort = ('orgsip','protocol', 'expires', 'status', 'orgdip', 'orgsp', - 'orgdp', 'exsip', 'exdip', 'exsp', 'exdp', 'marked'); - -# init or silently correct unknown value... -if ( ! grep ( /^$cgiparams{'SEE_PROTO'}$/ , @list_proto )) { $cgiparams{'SEE_PROTO'} = $list_proto[0] }; -if ( ! grep ( /^$cgiparams{'SEE_STATE'}$/ , @list_state )) { $cgiparams{'SEE_STATE'} = $list_state[0] }; -if ( ($cgiparams{'SEE_MARK'} ne $Lang::tr{'all'}) && # ok the grep should work but it doesn't because of - ($cgiparams{'SEE_MARK'} ne '[ASSURED]') && # the '[' & ']' interpreted as list separator. - ($cgiparams{'SEE_MARK'} ne '[UNREPLIED]') # So, explicitly enumerate items. - ) { $cgiparams{'SEE_MARK'} = $list_mark[0] }; -if ( ! grep ( /^$cgiparams{'SEE_SORT'}$/ , @list_sort )) { $cgiparams{'SEE_SORT'} = $list_sort[0] }; -# *.*.*.* or a valid IP -if ( $cgiparams{'SEE_SRC'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_SRC'} = '*.*.*.*' }; -if ( $cgiparams{'SEE_DEST'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_DEST'} = '*.*.*.*' }; - - -our %entries = (); # will hold the lines analyzed correctly -my $unknownlines = ''; # should be empty all the time... -my $index = 0; # just a counter to make unique entryies in entries - -&Header::showhttpheaders(); +# Show the page. &Header::openpage($Lang::tr{'connections'}, 1, ''); &Header::openbigbox('100%', 'left'); &Header::openbox('100%', 'left', $Lang::tr{'connection tracking'}); -# Build listbox objects -my $menu_proto = &make_select ('SEE_PROTO', $cgiparams{'SEE_PROTO'}, @list_proto); -my $menu_state = &make_select ('SEE_STATE', $cgiparams{'SEE_STATE'}, @list_state); - -print < - - - - - - - - - - -
$Lang::tr{'legend'} : $Lang::tr{'lan'}$Lang::tr{'internet'}$Lang::tr{'dmz'}$Lang::tr{'wireless'}IPFire$Lang::tr{'vpn'}$Lang::tr{'OpenVPN'}
-
- - - - - - - - - - - - - - - - - - - - - - +# Print legend. +print < + + + + + + + + + + +
$Lang::tr{'source ip and port'} $Lang::tr{'dest ip and port'} $Lang::tr{'protocol'}$Lang::tr{'connection'}

$Lang::tr{'status'}		$Lang::tr{'expires'}

($Lang::tr{'seconds'})
 $menu_proto$menu_state 
+ $Lang::tr{'legend'} : + + $Lang::tr{'lan'} + + $Lang::tr{'internet'} + + $Lang::tr{'dmz'} + + $Lang::tr{'wireless'} + + IPFire + + $Lang::tr{'vpn'} + + $Lang::tr{'OpenVPN'} +
+
END -; -my $i=0; -foreach my $line (@active) { - $i++; - if ($i < 3) { - next; - } - chomp($line); - my @temp = split(' ',$line); - - my ($sip, $sport) = split(':', $temp[0]); - my ($dip, $dport) = split(':', $temp[1]); - my $proto = $temp[2]; - my $state; my $ttl; - if ( $proto eq "esp" ){$state = "";$ttl = $temp[3];} - elsif ( $proto eq "icmp" ){$state = "";$ttl = $temp[4];} - else{$state = $temp[3];$ttl = $temp[4];} - - next if( !( - (($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($proto eq $cgiparams{'SEE_PROTO'} )) - && (($cgiparams{'SEE_STATE'} eq $Lang::tr{'all'}) || ($state eq $cgiparams{'SEE_STATE'} )) - && (($cgiparams{'SEE_SRC'} eq "*.*.*.*") || ($sip eq $cgiparams{'SEE_SRC'} )) - && (($cgiparams{'SEE_DEST'} eq "*.*.*.*") || ($dip eq $cgiparams{'SEE_DEST'} )) - )); - - if (($proto eq 'udp') && ($ttl eq '')) { - $ttl = $state; - $state = ' '; - } - - my $sipcol = ipcolour($sip); - my $dipcol = ipcolour($dip); - - my $sserv = ''; - if ($sport < 1024) { - $sserv = uc(getservbyport($sport, lc($proto))); - if ($sserv ne '') { - $sserv = " ($sserv)"; - } - } - - my $dserv = ''; - if ($dport < 1024) { - $dserv = uc(getservbyport($dport, lc($proto))); - if ($dserv ne '') { - $dserv = " ($dserv)"; - } - } - - print < - - - $sip - - - - - $sport$sserv - - - - - $dip - - - - - $dport$dserv - - - $proto - $state - $ttl - +# Print table header. +print < + + + $Lang::tr{'protocol'} + + + $Lang::tr{'source ip and port'} + +   + + $Lang::tr{'dest ip and port'} + +   + + $Lang::tr{'download'} / +
$Lang::tr{'upload'} + + + $Lang::tr{'connection'}
$Lang::tr{'status'} + + + $Lang::tr{'expires'}
($Lang::tr{'seconds'}) + + +END + +foreach my $line (@conntrack) { + my @conn = split(' ', $line); + + # The first bit is the l3 protocol. + my $l3proto = $conn[0]; + + # Skip everything that is not IPv4. + if ($l3proto ne 'ipv4') { + next; + } + + # L4 protocol (tcp, udp, ...). + my $l4proto = $conn[2]; + + # Translate unknown protocols. + if ($l4proto eq 'unknown') { + my $l4protonum = $conn[3]; + if ($l4protonum eq '2') { + $l4proto = 'IGMP'; + } elsif ($l4protonum eq '4') { + $l4proto = 'IPv4 Encap'; + } elsif ($l4protonum eq '33') { + $l4proto = 'DCCP'; + } elsif ($l4protonum eq '41') { + $l4proto = 'IPv6 Encap'; + } elsif ($l4protonum eq '50') { + $l4proto = 'ESP'; + } elsif ($l4protonum eq '51') { + $l4proto = 'AH'; + } elsif ($l4protonum eq '132') { + $l4proto = 'SCTP'; + } else { + $l4proto = $l4protonum; + } + } else { + $l4proto = uc($l4proto); + } + + # Source and destination. + my $sip; + my $dip; + my $sport; + my $dport; + my @packets; + my @bytes; + + my $ttl = $conn[4]; + my $state; + if ($l4proto eq 'TCP') { + $state = $conn[5]; + } + + # Kick out everything that is not IPv4. + foreach my $item (@conn) { + my ($key, $val) = split('=', $item); + + switch ($key) { + case "src" { + $sip = $val; + } + case "dst" { + $dip = $val; + } + case "sport" { + $sport = $val; + } + case "dport" { + $dport = $val; + } + case "packets" { + push(@packets, $val); + } + case "bytes" { + push(@bytes, $val); + } + } + } + + my $sip_colour = ipcolour($sip); + my $dip_colour = ipcolour($dip); + + my $sserv = ''; + if ($sport < 1024) { + $sserv = uc(getservbyport($sport, lc($l4proto))); + if ($sserv ne '') { + $sserv = " ($sserv)"; + } + } + + my $dserv = ''; + if ($dport < 1024) { + $dserv = uc(getservbyport($dport, lc($l4proto))); + if ($dserv ne '') { + $dserv = " ($dserv)"; + } + } + + my $bytes_in = format_bytes($bytes[0]); + my $bytes_out = format_bytes($bytes[1]); + + # Format TTL + $ttl = format_time($ttl); + + print < + $l4proto + + + $sip + + + + + $sport$sserv + + + + + $dip + + + + + $dport$dserv + + + + $bytes_in / $bytes_out + + $state + $ttl + END -; } -print ""; +# Close the main table. +print ""; &Header::closebox(); &Header::closebigbox(); &Header::closepage(); +sub format_bytes($) { + my $bytes = shift; + my @units = ("B", "k", "M", "G", "T"); + + foreach my $unit (@units) { + if ($bytes < 1024) { + return sprintf("%d%s", $bytes, $unit); + } + + $bytes /= 1024; + } + + return sprintf("%d%s", $bytes, $units[$#units]); +} + +sub format_time($) { + my $time = shift; + + my $seconds = $time % 60; + my $minutes = $time / 60; + + my $hours = 0; + if ($minutes >= 60) { + $hours = $minutes / 60; + $minutes %= 60; + } + + return sprintf("%3d:%02d:%02d", $hours, $minutes, $seconds); +} + sub ipcolour($) { - my $id = 0; - my $line; - my $colour = ${Header::colourred}; - my ($ip) = $_[0]; - my $found = 0; - foreach $line (@network) { - if ($network[$id] eq '') { - $id++; - } else { - if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) { - $found = 1; - $colour = $colour[$id]; - } - $id++; - } - } - return $colour -} + my $id = 0; + my $colour = ${Header::colourred}; + my ($ip) = $_[0]; + my $found = 0; -# Create a string containing a complete SELECT html object -# param1: name -# param2: current value selected -# param3: field list -sub make_select ($,$,$) { - my $select_name = shift; - my $selected = shift; - my $select = ""; - return $select; -} - -# Build a list of IP obtained from the %entries hash -# param1: IP field name -sub get_known_ips ($) { - my $field = shift; - my $qs = $cgiparams{'SEE_SORT'}; # switch the sort order - $cgiparams{'SEE_SORT'} = $field; - - my @liste=('*.*.*.*'); - foreach my $entry ( sort sort_entries keys %entries) { - push (@liste, $entries{$entry}->{$field}) if (! grep (/^$entries{$entry}->{$field}$/,@liste) ); - } - - $cgiparams{'SEE_SORT'} = $qs; #restore sort order - return @liste; -} - -# Used to sort the table containing the lines displayed. -sub sort_entries { #Reverse is not implemented - my $qs=$cgiparams{'SEE_SORT'}; - if ($qs =~ /orgsip|orgdip|exsip|exdip/) { - my @a = split(/\./,$entries{$a}->{$qs}); - my @b = split(/\./,$entries{$b}->{$qs}); - ($a[0]<=>$b[0]) || - ($a[1]<=>$b[1]) || - ($a[2]<=>$b[2]) || - ($a[3]<=>$b[3]); - } elsif ($qs =~ /expire|orgsp|orgdp|exsp|exdp/) { - $entries{$a}->{$qs} <=> $entries{$b}->{$qs}; - } else { - $entries{$a}->{$qs} cmp $entries{$b}->{$qs}; - } + return $colour; } 1; diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi index 7375afdb8..75e59b18d 100644 --- a/html/cgi-bin/credits.cgi +++ b/html/cgi-bin/credits.cgi @@ -35,6 +35,24 @@ require "${General::swroot}/header.pl"; &Header::openbigbox('100%', 'center'); +&Header::openbox('100%', 'left', $Lang::tr{'donation'}); + +print <$Lang::tr{'donation-text'}

+
+
+ + + + +
+
+
+ +END +; +&Header::closebox(); + &Header::openbox('100%', 'left', $Lang::tr{'credits'}); print <5, Errmode=>'return', Port=>$tport); + $tnet->open('127.0.0.1'); + my @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); + my @tustate = split(/\,/, $output[1]); - if (-e "/var/run/$confighash{$dkey}[1]n2n.pid") { - my @output = ""; - my @tustate = ""; - my $tport = $confighash{$dkey}[22]; - my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); - if ($tport ne '') { - $tnet->open('127.0.0.1'); - @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); - @tustate = split(/\,/, $output[1]); - if ( $tustate[1] eq 'CONNECTED') - { $display = "$Lang::tr{'capsopen'}"; - } else { - $display = "$tustate[1]"; } + my $display; + my $display_colour = $Header::colourred; + if ( $tustate[1] eq 'CONNECTED') { + $display_colour = $Header::colourgreen; + $display = $Lang::tr{'capsopen'}; + } else { + $display = $tustate[1]; + } - print <OpenVPN n2n
- $confighash{$dkey}[10] $display - + print < + + $confighash{$dkey}[1] + + + $confighash{$dkey}[11] + + + + + $display + + + + END -; + } + } } -} -} -} -} - -### -# m.a.d n2n end -### # Fireinfo if ( ! -e "/var/ipfire/main/send_profile") { diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 92bab4732..f91adf1f4 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -356,11 +356,14 @@ sub writeserverconf { if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } - if ($sovpnsettings{MSSFIX} eq 'on') { - print CONF "mssfix\n"; - } - if (($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{FRAGMENT} ne 0) && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { - print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; + if ($sovpnsettings{'DPROTOCOL'} eq 'udp') { + if ($sovpnsettings{MSSFIX} eq 'on') { + print CONF "mssfix\n"; + } + if ($sovpnsettings{'FRAGMENT'} eq '' || $sovpnsettings{'FRAGMENT'} eq 0) { + $sovpnsettings{'FRAGMENT'} = '1300'; + } + print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; } if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) { print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n"; @@ -529,7 +532,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { } } if ($cgiparams{'MSSFIX'} ne 'on') { - delete $vpnsettings{'MSSFIX'}; + $vpnsettings{'MSSFIX'} = 'off'; } else { $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'}; } @@ -1894,7 +1897,6 @@ ADV_ERROR: if ($cgiparams{'MAX_CLIENTS'} eq '') { $cgiparams{'MAX_CLIENTS'} = '100'; } - if ($cgiparams{'KEEPALIVE_1'} eq '') { $cgiparams{'KEEPALIVE_1'} = '10'; } @@ -1902,7 +1904,13 @@ ADV_ERROR: $cgiparams{'KEEPALIVE_2'} = '60'; } if ($cgiparams{'LOG_VERB'} eq '') { - $cgiparams{'LOG_VERB'} = '3'; + $cgiparams{'LOG_VERB'} = '3'; + } + if ($cgiparams{'MSSFIX'} eq '') { + $cgiparams{'MSSFIX'} = 'on'; + } + if ($cgiparams{'FRAGMENT'} eq '') { + $cgiparams{'FRAGMENT'} = '1300'; } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 8c9574cd5..015502a4e 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -353,6 +353,13 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; goto ERROR; } + if (!($proxysettings{'UPSTREAM_PROXY'} eq '')) { + my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'}); + if (!(&General::validip($temp[0]))) { + $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'}; + goto ERROR; + } + } if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) || ($proxysettings{'CACHE_SIZE'} < 10)) { @@ -984,7 +991,7 @@ print <$Lang::tr{'processes'} END ; -my $count = `arp -a | wc -l`; +my $count = `ip n| wc -l`; if ( $count < 1 ){$count = 1;} if ( -e "/usr/bin/squidclamav" ) { print "".$Lang::tr{'advproxy squidclamav'}."
"; @@ -3013,7 +3020,7 @@ sub writeconfig } $_ = $proxysettings{'UPSTREAM_PROXY'}; - my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); + my ($remotehost, $remoteport) = split(/:/,$_); if ($remoteport eq '') { $remoteport = 80; } @@ -3923,6 +3930,11 @@ END print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n"; print FILE "url_rewrite_children $proxysettings{'CHILDREN'}\n\n"; } + + # Include file with user defined settings. + if (-e "/etc/squid/squid.conf.local") { + print FILE "include /etc/squid/squid.conf.local\n"; + } close FILE; } diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi index 55740cf26..123c32587 100644 --- a/html/cgi-bin/services.cgi +++ b/html/cgi-bin/services.cgi @@ -240,7 +240,7 @@ sub isrunning{ my $pid = ''; my $testcmd = ''; my $exename; - my @memory; + my $memory; $cmd =~ /(^[a-z]+)/; $exename = $1; @@ -256,13 +256,18 @@ sub isrunning{ } close FILE; } - if (open(FILE, "/proc/${pid}/statm")){ - my $temp = ; - @memory = split(/ /,$temp); + if (open(FILE, "/proc/${pid}/status")) { + while () { + my ($key, $val) = split(":", $_, 2); + if ($key eq 'VmRSS') { + $memory = $val; + last; + } + } + close(FILE); } - close FILE; if ($testcmd =~ /$exename/){ - $status = "$Lang::tr{'running'}$pid$memory[0] KB"; + $status = "$Lang::tr{'running'}$pid$memory"; } } return $status; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index c7f254ae6..3ec57ebb9 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -223,6 +223,7 @@ 'advproxy errmsg invalid pdc' => 'Ungültiger Hostname für den Primary Domain Controller', 'advproxy errmsg invalid proxy port' => 'Ungültiger Proxy-Port', 'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für Upstream Proxy', +'advproxy errmsg invalid upstream proxy' => 'Ungültige IP für Upstream-Proxy', 'advproxy errmsg invalid user' => 'Benutzername existiert nicht', 'advproxy errmsg ldap base dn' => 'LDAP base DN erforderlich', 'advproxy errmsg ldap bind dn' => 'LDAP bind DN Benutzername und Passwort erforderlich', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 52872f49a..003056f9e 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -223,6 +223,7 @@ 'advproxy errmsg invalid pdc' => 'Invalid hostname for primary domain controller', 'advproxy errmsg invalid proxy port' => 'Invalid proxy port', 'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting', +'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP', 'advproxy errmsg invalid user' => 'Username does not exist', 'advproxy errmsg ldap base dn' => 'LDAP base DN required', 'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required', diff --git a/make.sh b/make.sh index 2f2c79c02..b0a692c21 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.11" # Version number -CORE="61" # Core Level (Filename) -PAKFIRE_CORE="60" # Core Level (PAKFIRE) +CORE="62" # Core Level (Filename) +PAKFIRE_CORE="61" # Core Level (PAKFIRE) GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index 9f1e3f000..300e9ecbb 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -32,7 +32,8 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \ wirelessctrl getipstat getiptstate qosctrl launch-ether-wake \ redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \ smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ - setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes + setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \ + getconntracktable SUID_UPDX = updxsetperms install : all @@ -160,3 +161,6 @@ fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o rebuildroutes: rebuildroutes.c setuid.o ../install+setup/libsmooth/varval.o $(COMPILE) -I../install+setup/libsmooth/ rebuildroutes.c setuid.o ../install+setup/libsmooth/varval.o -o $@ + +getconntracktable: getconntracktable.c setuid.o ../install+setup/libsmooth/varval.o + $(COMPILE) -I../install+setup/libsmooth/ getconntracktable.c setuid.o ../install+setup/libsmooth/varval.o -o $@ diff --git a/src/misc-progs/getconntracktable.c b/src/misc-progs/getconntracktable.c new file mode 100644 index 000000000..674b211b5 --- /dev/null +++ b/src/misc-progs/getconntracktable.c @@ -0,0 +1,31 @@ +/* IPFire helper program - getconntracktable + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * The kernel's connection tracking table is not readable by + * non-root users. So this helper will just read and output it. + */ + +#include +#include +#include "setuid.h" + +int main(void) { + if (!(initsetuid())) + exit(1); + + FILE *fp = fopen("/proc/net/nf_conntrack", "r"); + if (fp == NULL) { + exit(1); + } + + /* Read content line by line and write it to stdout. */ + char linebuf[STRING_SIZE]; + while (fgets(linebuf, STRING_SIZE, fp)) { + printf("%s", linebuf); + } + + fclose(fp); + return 0; +}