From d487c74136841221cff3c9b04456fa044e9bf71c Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 10 Jul 2012 13:25:58 +0200 Subject: [PATCH 01/15] core61: add updated files to updater. --- config/rootfiles/core/61/filelists/files | 1 + config/rootfiles/core/61/filelists/fireinfo | 1 + config/rootfiles/core/61/filelists/openvpn | 1 + config/rootfiles/core/61/filelists/pam | 1 + 4 files changed, 4 insertions(+) create mode 120000 config/rootfiles/core/61/filelists/fireinfo create mode 120000 config/rootfiles/core/61/filelists/openvpn create mode 120000 config/rootfiles/core/61/filelists/pam diff --git a/config/rootfiles/core/61/filelists/files b/config/rootfiles/core/61/filelists/files index 11316ebad..4942c1849 100644 --- a/config/rootfiles/core/61/filelists/files +++ b/config/rootfiles/core/61/filelists/files @@ -3,6 +3,7 @@ etc/issue etc/rc.d/init.d/collectd srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/proxy.cgi var/ipfire/general-functions.pl var/ipfire/langs usr/sbin/redirect_wrapper diff --git a/config/rootfiles/core/61/filelists/fireinfo b/config/rootfiles/core/61/filelists/fireinfo new file mode 120000 index 000000000..c46115521 --- /dev/null +++ b/config/rootfiles/core/61/filelists/fireinfo @@ -0,0 +1 @@ +../../../common/fireinfo \ No newline at end of file diff --git a/config/rootfiles/core/61/filelists/openvpn b/config/rootfiles/core/61/filelists/openvpn new file mode 120000 index 000000000..493f3f7a4 --- /dev/null +++ b/config/rootfiles/core/61/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/61/filelists/pam b/config/rootfiles/core/61/filelists/pam new file mode 120000 index 000000000..660a1d80e --- /dev/null +++ b/config/rootfiles/core/61/filelists/pam @@ -0,0 +1 @@ +../../../common/pam \ No newline at end of file From 75bc929eb93145ae5418bed8965ff130efbcc9ed Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 18 Jul 2012 12:21:23 +0200 Subject: [PATCH 02/15] Update connections.cgi: Show byte counters. The connections.cgi file has been rewritten to read the needed information directly from the kernel. Byte counters have been added which show how much data has been transmitted over one connection in each direction. --- config/rootfiles/common/misc-progs | 1 + config/rootfiles/core/61/filelists/files | 1 + html/cgi-bin/connections.cgi | 641 ++++++++++++----------- src/misc-progs/Makefile | 6 +- src/misc-progs/getconntracktable.c | 31 ++ 5 files changed, 363 insertions(+), 317 deletions(-) create mode 100644 src/misc-progs/getconntracktable.c diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index adab51bc1..3c0b398d3 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -5,6 +5,7 @@ usr/local/bin/backupctrl usr/local/bin/dhcpctrl usr/local/bin/extrahdctrl usr/local/bin/fireinfoctrl +usr/local/bin/getconntracktable usr/local/bin/getipstat usr/local/bin/getiptstate #usr/local/bin/iowrap diff --git a/config/rootfiles/core/61/filelists/files b/config/rootfiles/core/61/filelists/files index 1624d83b5..9d4c2cc98 100644 --- a/config/rootfiles/core/61/filelists/files +++ b/config/rootfiles/core/61/filelists/files @@ -7,4 +7,5 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/proxy.cgi var/ipfire/general-functions.pl var/ipfire/langs +usr/local/bin/getconntracktable usr/sbin/redirect_wrapper diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index 14ee20910..54089d0bb 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2011 IPFire Team # +# Copyright (C) 2007-2012 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -19,13 +19,10 @@ # # ############################################################################### -my @network=(); -my @masklen=(); -my @colour=(); +use strict; use Net::IPv4Addr qw( :all ); - -use strict; +use Switch; # enable only the following on debugging purpose #use warnings; @@ -35,42 +32,62 @@ require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; -#workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::table1colour} ); -undef (@dummy); +&Header::showhttpheaders(); -# Read various files +my @network=(); +my @masklen=(); +my @colour=(); my %netsettings=(); &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -open (ACTIVE, '/usr/local/bin/getiptstate |') or die 'Unable to open ip_conntrack'; -my @active = ; -close (ACTIVE); +#workaround to suppress a warning when a variable is used only once +my @dummy = ( ${Header::table1colour} ); +undef (@dummy); + +# Read the connection tracking table. +open(CONNTRACK, "/usr/local/bin/getconntracktable | sort -k 5,5 --numeric-sort --reverse |") or die "Unable to read conntrack table"; +my @conntrack = ; +close(CONNTRACK); + +# Collect data for the @network array. + +# Add Firewall Localhost 127.0.0.1 +push(@network, '127.0.0.1'); +push(@masklen, '255.255.255.255'); +push(@colour, ${Header::colourfw}); if (open(IP, "${General::swroot}/red/local-ipaddress")) { - my $redip = ; - close(IP); - chomp $redip; - push(@network, $redip); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourfw} ); + my $redip = ; + close(IP); + + chomp $redip; + push(@network, $redip); + push(@masklen, '255.255.255.255'); + push(@colour, ${Header::colourfw}); } -my @vpn = `/usr/local/bin/ipsecctrl I 2>/dev/null|grep erouted|cut -d"]" -f3|cut -d"=" -f4|cut -d";" -f1| sed "s|/| |g"`; - foreach my $route (@vpn) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - if ( $temp[0] eq '$redip' ){next;} - push(@network, $temp[0]); - push(@masklen, $temp[1]); - push(@colour, ${Header::colourvpn} ); - } +# Add STATIC RED aliases +if ($netsettings{'RED_DEV'}) { + my $aliasfile = "${General::swroot}/ethernet/aliases"; + open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; + my @aliases = ; + close(ALIASES); -my $aliasfile = "${General::swroot}/ethernet/aliases"; -open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; -my @aliases = ; -close(ALIASES); + # We have a RED eth iface + if ($netsettings{'RED_TYPE'} eq 'STATIC') { + # We have a STATIC RED eth iface + foreach my $line (@aliases) { + chomp($line); + my @temp = split(/\,/,$line); + if ($temp[0]) { + push(@network, $temp[0]); + push(@masklen, $netsettings{'RED_NETMASK'} ); + push(@colour, ${Header::colourfw} ); + } + } + } +} # Add Green Firewall Interface push(@network, $netsettings{'GREEN_ADDRESS'}); @@ -85,32 +102,11 @@ push(@colour, ${Header::colourgreen} ); # Add Green Routes to Array my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`; foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourgreen} ); -} - -# Add Firewall Localhost 127.0.0.1 -push(@network, '127.0.0.1'); -push(@masklen, '255.255.255.255' ); -push(@colour, ${Header::colourfw} ); - -# Add Orange Network -if ($netsettings{'ORANGE_DEV'}) { - push(@network, $netsettings{'ORANGE_NETADDRESS'}); - push(@masklen, $netsettings{'ORANGE_NETMASK'} ); - push(@colour, ${Header::colourorange} ); - # Add Orange Routes to Array - @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`; - foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourorange} ); - } + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourgreen} ); } # Add Blue Firewall Interface @@ -120,304 +116,317 @@ push(@colour, ${Header::colourfw} ); # Add Blue Network if ($netsettings{'BLUE_DEV'}) { - push(@network, $netsettings{'BLUE_NETADDRESS'}); - push(@masklen, $netsettings{'BLUE_NETMASK'} ); - push(@colour, ${Header::colourblue} ); - # Add Blue Routes to Array - @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; - foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); - push(@colour, ${Header::colourblue} ); - } + push(@network, $netsettings{'BLUE_NETADDRESS'}); + push(@masklen, $netsettings{'BLUE_NETMASK'} ); + push(@colour, ${Header::colourblue} ); + + # Add Blue Routes to Array + @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; + foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourblue} ); + } +} + +# Add Orange Network +if ($netsettings{'ORANGE_DEV'}) { + push(@network, $netsettings{'ORANGE_NETADDRESS'}); + push(@masklen, $netsettings{'ORANGE_NETMASK'} ); + push(@colour, ${Header::colourorange} ); + # Add Orange Routes to Array + @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`; + foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourorange} ); + } } # Add OpenVPN net and RED/BLUE/ORANGE entry (when appropriate) if (-e "${General::swroot}/ovpn/settings") { - my %ovpnsettings = (); - &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings); - my @tempovpnsubnet = split("\/",$ovpnsettings{'DOVPN_SUBNET'}); + my %ovpnsettings = (); + &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings); + my @tempovpnsubnet = split("\/",$ovpnsettings{'DOVPN_SUBNET'}); - # add OpenVPN net - push(@network, $tempovpnsubnet[0]); - push(@masklen, $tempovpnsubnet[1]); - push(@colour, ${Header::colourovpn} ); + # add OpenVPN net + push(@network, $tempovpnsubnet[0]); + push(@masklen, $tempovpnsubnet[1]); + push(@colour, ${Header::colourovpn} ); + # add BLUE:port / proto + if (($ovpnsettings{'ENABLED_BLUE'} eq 'on') && $netsettings{'BLUE_DEV'}) { + push(@network, $netsettings{'BLUE_ADDRESS'} ); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourovpn}); + } - if ( ($ovpnsettings{'ENABLED_BLUE'} eq 'on') && $netsettings{'BLUE_DEV'} ) { - # add BLUE:port / proto - push(@network, $netsettings{'BLUE_ADDRESS'} ); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourovpn} ); - } - if ( ($ovpnsettings{'ENABLED_ORANGE'} eq 'on') && $netsettings{'ORANGE_DEV'} ) { - # add ORANGE:port / proto - push(@network, $netsettings{'ORANGE_ADDRESS'} ); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourovpn} ); - } + # add ORANGE:port / proto + if (($ovpnsettings{'ENABLED_ORANGE'} eq 'on') && $netsettings{'ORANGE_DEV'}) { + push(@network, $netsettings{'ORANGE_ADDRESS'} ); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourovpn} ); + } } -# Add STATIC RED aliases -if ($netsettings{'RED_DEV'}) { - # We have a RED eth iface - if ($netsettings{'RED_TYPE'} eq 'STATIC') { - # We have a STATIC RED eth iface - foreach my $line (@aliases) - { - chomp($line); - my @temp = split(/\,/,$line); - if ( $temp[0] ) { - push(@network, $temp[0]); - push(@masklen, $netsettings{'RED_NETMASK'} ); - push(@colour, ${Header::colourfw} ); - } - } - } +open(IPSEC, "/var/ipfire/vpn/config"); +my @ipsec = ; +close(IPSEC); + +foreach my $line (@ipsec) { + my @vpn = split(',', $line); + my ($network, $mask) = split("/", $vpn[12]); + + if (!&General::validip($mask)) { + $mask = ipv4_cidr2msk($mask); + } + + push(@network, $network); + push(@masklen, $mask); + push(@colour, ${Header::colourvpn}); } -# Add VPNs -if ( $vpn[0] ne 'none' ) { - foreach my $line (@vpn) { - my @temp = split(/[\t ]+/,$line); - my @temp1 = split(/[\/:]+/,$temp[3]); - push(@network, $temp1[0]); - push(@masklen, ipv4_cidr2msk($temp1[1])); - push(@colour, ${Header::colourvpn} ); - } -} - -#Establish simple filtering&sorting boxes on top of table - -our %cgiparams; -&Header::getcgihash(\%cgiparams); - -my @list_proto = ($Lang::tr{'all'}, 'icmp', 'udp', 'tcp'); -my @list_state = ($Lang::tr{'all'}, 'SYN_SENT', 'SYN_RECV', 'ESTABLISHED', 'FIN_WAIT', - 'CLOSE_WAIT', 'LAST_ACK', 'TIME_WAIT', 'CLOSE', 'LISTEN'); -my @list_mark = ($Lang::tr{'all'}, '[ASSURED]', '[UNREPLIED]'); -my @list_sort = ('orgsip','protocol', 'expires', 'status', 'orgdip', 'orgsp', - 'orgdp', 'exsip', 'exdip', 'exsp', 'exdp', 'marked'); - -# init or silently correct unknown value... -if ( ! grep ( /^$cgiparams{'SEE_PROTO'}$/ , @list_proto )) { $cgiparams{'SEE_PROTO'} = $list_proto[0] }; -if ( ! grep ( /^$cgiparams{'SEE_STATE'}$/ , @list_state )) { $cgiparams{'SEE_STATE'} = $list_state[0] }; -if ( ($cgiparams{'SEE_MARK'} ne $Lang::tr{'all'}) && # ok the grep should work but it doesn't because of - ($cgiparams{'SEE_MARK'} ne '[ASSURED]') && # the '[' & ']' interpreted as list separator. - ($cgiparams{'SEE_MARK'} ne '[UNREPLIED]') # So, explicitly enumerate items. - ) { $cgiparams{'SEE_MARK'} = $list_mark[0] }; -if ( ! grep ( /^$cgiparams{'SEE_SORT'}$/ , @list_sort )) { $cgiparams{'SEE_SORT'} = $list_sort[0] }; -# *.*.*.* or a valid IP -if ( $cgiparams{'SEE_SRC'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_SRC'} = '*.*.*.*' }; -if ( $cgiparams{'SEE_DEST'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_DEST'} = '*.*.*.*' }; - - -our %entries = (); # will hold the lines analyzed correctly -my $unknownlines = ''; # should be empty all the time... -my $index = 0; # just a counter to make unique entryies in entries - -&Header::showhttpheaders(); +# Show the page. &Header::openpage($Lang::tr{'connections'}, 1, ''); &Header::openbigbox('100%', 'left'); &Header::openbox('100%', 'left', $Lang::tr{'connection tracking'}); -# Build listbox objects -my $menu_proto = &make_select ('SEE_PROTO', $cgiparams{'SEE_PROTO'}, @list_proto); -my $menu_state = &make_select ('SEE_STATE', $cgiparams{'SEE_STATE'}, @list_state); - -print < - - - - - - - - - - -
$Lang::tr{'legend'} : $Lang::tr{'lan'}$Lang::tr{'internet'}$Lang::tr{'dmz'}$Lang::tr{'wireless'}IPFire$Lang::tr{'vpn'}$Lang::tr{'OpenVPN'}
-
- - - - - - - - - - - - - - - - - - - - - - +# Print legend. +print < + + + + + + + + + + +
$Lang::tr{'source ip and port'} $Lang::tr{'dest ip and port'} $Lang::tr{'protocol'}$Lang::tr{'connection'}

$Lang::tr{'status'}		$Lang::tr{'expires'}

($Lang::tr{'seconds'})
 $menu_proto$menu_state 
+ $Lang::tr{'legend'} : + + $Lang::tr{'lan'} + + $Lang::tr{'internet'} + + $Lang::tr{'dmz'} + + $Lang::tr{'wireless'} + + IPFire + + $Lang::tr{'vpn'} + + $Lang::tr{'OpenVPN'} +
+
END -; -my $i=0; -foreach my $line (@active) { - $i++; - if ($i < 3) { - next; - } - chomp($line); - my @temp = split(' ',$line); +# Print table header. +print < + + + $Lang::tr{'protocol'} + + + $Lang::tr{'source ip and port'} + +   + + $Lang::tr{'dest ip and port'} + +   + + $Lang::tr{'download'} / +
$Lang::tr{'upload'} + + + $Lang::tr{'connection'}
$Lang::tr{'status'} + + + $Lang::tr{'expires'}
($Lang::tr{'seconds'}) + + +END - my ($sip, $sport) = split(':', $temp[0]); - my ($dip, $dport) = split(':', $temp[1]); - my $proto = $temp[2]; - my $state; my $ttl; - if ( $proto eq "esp" ){$state = "";$ttl = $temp[3];} - elsif ( $proto eq "icmp" ){$state = "";$ttl = $temp[4];} - else{$state = $temp[3];$ttl = $temp[4];} - - next if( !( - (($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($proto eq $cgiparams{'SEE_PROTO'} )) - && (($cgiparams{'SEE_STATE'} eq $Lang::tr{'all'}) || ($state eq $cgiparams{'SEE_STATE'} )) - && (($cgiparams{'SEE_SRC'} eq "*.*.*.*") || ($sip eq $cgiparams{'SEE_SRC'} )) - && (($cgiparams{'SEE_DEST'} eq "*.*.*.*") || ($dip eq $cgiparams{'SEE_DEST'} )) - )); +foreach my $line (@conntrack) { + my @conn = split(' ', $line); - if (($proto eq 'udp') && ($ttl eq '')) { - $ttl = $state; - $state = ' '; - } + # The first bit is the l3 protocol. + my $l3proto = $conn[0]; - my $sipcol = ipcolour($sip); - my $dipcol = ipcolour($dip); + # Skip everything that is not IPv4. + if ($l3proto ne 'ipv4') { + next; + } + + # L4 protocol (tcp, udp, ...). + my $l4proto = $conn[2]; + + if ($l4proto eq 'unknown') { + $l4proto = ''; + } + + # Source and destination. + my $sip; + my $dip; + my $sport; + my $dport; + my @packets; + my @bytes; + + my $ttl = $conn[4]; + my $state; + if ($l4proto eq 'tcp') { + $state = $conn[5]; + } + + # Kick out everything that is not IPv4. + foreach my $item (@conn) { + my ($key, $val) = split('=', $item); + + switch ($key) { + case "src" { + $sip = $val; + } + case "dst" { + $dip = $val; + } + case "sport" { + $sport = $val; + } + case "dport" { + $dport = $val; + } + case "packets" { + push(@packets, $val); + } + case "bytes" { + push(@bytes, $val); + } + } + } + + my $sip_colour = ipcolour($sip); + my $dip_colour = ipcolour($dip); my $sserv = ''; if ($sport < 1024) { - $sserv = uc(getservbyport($sport, lc($proto))); - if ($sserv ne '') { - $sserv = " ($sserv)"; - } + $sserv = uc(getservbyport($sport, lc($l4proto))); + if ($sserv ne '') { + $sserv = " ($sserv)"; + } } my $dserv = ''; if ($dport < 1024) { - $dserv = uc(getservbyport($dport, lc($proto))); - if ($dserv ne '') { - $dserv = " ($dserv)"; - } + $dserv = uc(getservbyport($dport, lc($l4proto))); + if ($dserv ne '') { + $dserv = " ($dserv)"; + } } - print < - - - $sip - - - - - $sport$sserv - - - - - $dip - - - - - $dport$dserv - - - $proto - $state - $ttl - + my $bytes_in = format_bytes($bytes[0]); + my $bytes_out = format_bytes($bytes[1]); + + # Format TTL + $ttl = format_time($ttl); + + print < + $l4proto + + + $sip + + + + + $sport$sserv + + + + + $dip + + + + + $dport$dserv + + + + $bytes_in / $bytes_out + + $state + $ttl + END -; } -print ""; +# Close the main table. +print ""; &Header::closebox(); &Header::closebigbox(); &Header::closepage(); +sub format_bytes($) { + my $bytes = shift; + my @units = ("B", "k", "M", "G", "T"); + + foreach my $unit (@units) { + if ($bytes < 1024) { + return sprintf("%d%s", $bytes, $unit); + } + + $bytes /= 1024; + } + + return sprintf("%d%s", $bytes, $units[$#units]); +} + +sub format_time($) { + my $time = shift; + + my $seconds = $time % 60; + my $minutes = $time / 60; + + my $hours = 0; + if ($minutes >= 60) { + $hours = $minutes / 60; + $minutes %= 60; + } + + return sprintf("%3d:%02d:%02d", $hours, $minutes, $seconds); +} + sub ipcolour($) { - my $id = 0; - my $line; - my $colour = ${Header::colourred}; - my ($ip) = $_[0]; - my $found = 0; - foreach $line (@network) { - if ($network[$id] eq '') { - $id++; - } else { - if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) { - $found = 1; - $colour = $colour[$id]; - } - $id++; - } - } - return $colour -} + my $id = 0; + my $colour = ${Header::colourred}; + my ($ip) = $_[0]; + my $found = 0; -# Create a string containing a complete SELECT html object -# param1: name -# param2: current value selected -# param3: field list -sub make_select ($,$,$) { - my $select_name = shift; - my $selected = shift; - my $select = ""; - return $select; -} - -# Build a list of IP obtained from the %entries hash -# param1: IP field name -sub get_known_ips ($) { - my $field = shift; - my $qs = $cgiparams{'SEE_SORT'}; # switch the sort order - $cgiparams{'SEE_SORT'} = $field; - - my @liste=('*.*.*.*'); - foreach my $entry ( sort sort_entries keys %entries) { - push (@liste, $entries{$entry}->{$field}) if (! grep (/^$entries{$entry}->{$field}$/,@liste) ); - } - - $cgiparams{'SEE_SORT'} = $qs; #restore sort order - return @liste; -} - -# Used to sort the table containing the lines displayed. -sub sort_entries { #Reverse is not implemented - my $qs=$cgiparams{'SEE_SORT'}; - if ($qs =~ /orgsip|orgdip|exsip|exdip/) { - my @a = split(/\./,$entries{$a}->{$qs}); - my @b = split(/\./,$entries{$b}->{$qs}); - ($a[0]<=>$b[0]) || - ($a[1]<=>$b[1]) || - ($a[2]<=>$b[2]) || - ($a[3]<=>$b[3]); - } elsif ($qs =~ /expire|orgsp|orgdp|exsp|exdp/) { - $entries{$a}->{$qs} <=> $entries{$b}->{$qs}; - } else { - $entries{$a}->{$qs} cmp $entries{$b}->{$qs}; - } + return $colour; } 1; diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index 9f1e3f000..300e9ecbb 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -32,7 +32,8 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \ wirelessctrl getipstat getiptstate qosctrl launch-ether-wake \ redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \ smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ - setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes + setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \ + getconntracktable SUID_UPDX = updxsetperms install : all @@ -160,3 +161,6 @@ fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o rebuildroutes: rebuildroutes.c setuid.o ../install+setup/libsmooth/varval.o $(COMPILE) -I../install+setup/libsmooth/ rebuildroutes.c setuid.o ../install+setup/libsmooth/varval.o -o $@ + +getconntracktable: getconntracktable.c setuid.o ../install+setup/libsmooth/varval.o + $(COMPILE) -I../install+setup/libsmooth/ getconntracktable.c setuid.o ../install+setup/libsmooth/varval.o -o $@ diff --git a/src/misc-progs/getconntracktable.c b/src/misc-progs/getconntracktable.c new file mode 100644 index 000000000..674b211b5 --- /dev/null +++ b/src/misc-progs/getconntracktable.c @@ -0,0 +1,31 @@ +/* IPFire helper program - getconntracktable + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * The kernel's connection tracking table is not readable by + * non-root users. So this helper will just read and output it. + */ + +#include +#include +#include "setuid.h" + +int main(void) { + if (!(initsetuid())) + exit(1); + + FILE *fp = fopen("/proc/net/nf_conntrack", "r"); + if (fp == NULL) { + exit(1); + } + + /* Read content line by line and write it to stdout. */ + char linebuf[STRING_SIZE]; + while (fgets(linebuf, STRING_SIZE, fp)) { + printf("%s", linebuf); + } + + fclose(fp); + return 0; +} From 69491545a39c9a9c0e0b9530ecfdf8c451da373a Mon Sep 17 00:00:00 2001 From: Bernhard Bitsch Date: Wed, 18 Jul 2012 12:56:41 +0200 Subject: [PATCH 03/15] proxy.cgi: Check upstream proxy address and better neighbour detection. --- html/cgi-bin/proxy.cgi | 11 +++++++++-- langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 3 files changed, 11 insertions(+), 2 deletions(-) mode change 100644 => 100755 html/cgi-bin/proxy.cgi diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi old mode 100644 new mode 100755 index 8c9574cd5..6f4aed27a --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -353,6 +353,13 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; goto ERROR; } + if (!($proxysettings{'UPSTREAM_PROXY'} eq '')) { + my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'}); + if (!(&General::validip($temp[0]))) { + $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'}; + goto ERROR; + } + } if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) || ($proxysettings{'CACHE_SIZE'} < 10)) { @@ -984,7 +991,7 @@ print <$Lang::tr{'processes'} END ; -my $count = `arp -a | wc -l`; +my $count = `ip n| wc -l`; if ( $count < 1 ){$count = 1;} if ( -e "/usr/bin/squidclamav" ) { print "".$Lang::tr{'advproxy squidclamav'}."
"; @@ -3013,7 +3020,7 @@ sub writeconfig } $_ = $proxysettings{'UPSTREAM_PROXY'}; - my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); + my ($remotehost, $remoteport) = split(/:/,$_); if ($remoteport eq '') { $remoteport = 80; } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index c7f254ae6..3ec57ebb9 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -223,6 +223,7 @@ 'advproxy errmsg invalid pdc' => 'Ungültiger Hostname für den Primary Domain Controller', 'advproxy errmsg invalid proxy port' => 'Ungültiger Proxy-Port', 'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für Upstream Proxy', +'advproxy errmsg invalid upstream proxy' => 'Ungültige IP für Upstream-Proxy', 'advproxy errmsg invalid user' => 'Benutzername existiert nicht', 'advproxy errmsg ldap base dn' => 'LDAP base DN erforderlich', 'advproxy errmsg ldap bind dn' => 'LDAP bind DN Benutzername und Passwort erforderlich', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 52872f49a..003056f9e 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -223,6 +223,7 @@ 'advproxy errmsg invalid pdc' => 'Invalid hostname for primary domain controller', 'advproxy errmsg invalid proxy port' => 'Invalid proxy port', 'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting', +'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP', 'advproxy errmsg invalid user' => 'Username does not exist', 'advproxy errmsg ldap base dn' => 'LDAP base DN required', 'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required', From eb3b93ccb5788ddf4388bbc559810980fcaca1d8 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 18 Jul 2012 13:04:49 +0200 Subject: [PATCH 04/15] proxy.cgi: Add option to add own configuration settings. --- html/cgi-bin/proxy.cgi | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6f4aed27a..015502a4e 100755 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3930,6 +3930,11 @@ END print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n"; print FILE "url_rewrite_children $proxysettings{'CHILDREN'}\n\n"; } + + # Include file with user defined settings. + if (-e "/etc/squid/squid.conf.local") { + print FILE "include /etc/squid/squid.conf.local\n"; + } close FILE; } From b3de08a247d23a83bdbf4cf477b74d801f64759d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 19 Jul 2012 11:17:09 +0200 Subject: [PATCH 05/15] Add connections.cgi to core update 61. --- config/rootfiles/core/61/filelists/files | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/61/filelists/files b/config/rootfiles/core/61/filelists/files index 9d4c2cc98..396a27f7a 100644 --- a/config/rootfiles/core/61/filelists/files +++ b/config/rootfiles/core/61/filelists/files @@ -3,6 +3,7 @@ etc/issue etc/rc.d/init.d/collectd opt/pakfire/lib/functions.sh srv/web/ipfire/cgi-bin/index.cgi +srv/web/ipfire/cgi-bin/connections.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/proxy.cgi var/ipfire/general-functions.pl From ae9f613950e8b2dd81e19c76f59fb5f9fb23e818 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 19 Jul 2012 12:08:37 +0200 Subject: [PATCH 06/15] ovpnmain.cgi: Sort out issues with FRAGMENT and MSSFIX. Both had no proper default values which has been fixed. --- html/cgi-bin/ovpnmain.cgi | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 92bab4732..f91adf1f4 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -356,11 +356,14 @@ sub writeserverconf { if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } - if ($sovpnsettings{MSSFIX} eq 'on') { - print CONF "mssfix\n"; - } - if (($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{FRAGMENT} ne 0) && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { - print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; + if ($sovpnsettings{'DPROTOCOL'} eq 'udp') { + if ($sovpnsettings{MSSFIX} eq 'on') { + print CONF "mssfix\n"; + } + if ($sovpnsettings{'FRAGMENT'} eq '' || $sovpnsettings{'FRAGMENT'} eq 0) { + $sovpnsettings{'FRAGMENT'} = '1300'; + } + print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; } if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) { print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n"; @@ -529,7 +532,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { } } if ($cgiparams{'MSSFIX'} ne 'on') { - delete $vpnsettings{'MSSFIX'}; + $vpnsettings{'MSSFIX'} = 'off'; } else { $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'}; } @@ -1894,7 +1897,6 @@ ADV_ERROR: if ($cgiparams{'MAX_CLIENTS'} eq '') { $cgiparams{'MAX_CLIENTS'} = '100'; } - if ($cgiparams{'KEEPALIVE_1'} eq '') { $cgiparams{'KEEPALIVE_1'} = '10'; } @@ -1902,7 +1904,13 @@ ADV_ERROR: $cgiparams{'KEEPALIVE_2'} = '60'; } if ($cgiparams{'LOG_VERB'} eq '') { - $cgiparams{'LOG_VERB'} = '3'; + $cgiparams{'LOG_VERB'} = '3'; + } + if ($cgiparams{'MSSFIX'} eq '') { + $cgiparams{'MSSFIX'} = 'on'; + } + if ($cgiparams{'FRAGMENT'} eq '') { + $cgiparams{'FRAGMENT'} = '1300'; } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; From acb305f590ce401aa69898761c761cd24a4c9d18 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 19 Jul 2012 12:28:12 +0200 Subject: [PATCH 07/15] index.cgi: Print OpenVPN N2N status in the same way as IPsec connections. --- html/cgi-bin/index.cgi | 70 ++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 33 deletions(-) diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index 01bb3d685..04a87cf63 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -394,47 +394,51 @@ END } ### -# m.a.d n2n +# Print the OpenVPN N2N connection status. ### - if ( -d "${General::swroot}/ovpn/n2nconf") { -my %confighash=(); -my $display = ''; + my %confighash=(); -&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); -foreach my $dkey (keys %confighash) { -if ($confighash{$dkey}[3] eq 'net') { + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + foreach my $dkey (keys %confighash) { + if (($confighash{$dkey}[3] eq 'net') && (-e "/var/run/$confighash{$dkey}[1]n2n.pid")) { + my $tport = $confighash{$dkey}[22]; + next if ($tport eq ''); + my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); + $tnet->open('127.0.0.1'); + my @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); + my @tustate = split(/\,/, $output[1]); - if (-e "/var/run/$confighash{$dkey}[1]n2n.pid") { - my @output = ""; - my @tustate = ""; - my $tport = $confighash{$dkey}[22]; - my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); - if ($tport ne '') { - $tnet->open('127.0.0.1'); - @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); - @tustate = split(/\,/, $output[1]); - if ( $tustate[1] eq 'CONNECTED') - { $display = "$Lang::tr{'capsopen'}"; - } else { - $display = "$tustate[1]"; } + my $display; + my $display_colour = $Header::colourred; + if ( $tustate[1] eq 'CONNECTED') { + $display_colour = $Header::colourgreen; + $display = $Lang::tr{'capsopen'}; + } else { + $display = $tustate[1]; + } - print <OpenVPN n2n
- $confighash{$dkey}[10] $display - + print < + + $confighash{$dkey}[1] + + + $confighash{$dkey}[11] + + + + + $display + + + + END -; + } + } } -} -} -} -} - -### -# m.a.d n2n end -### # Fireinfo if ( ! -e "/var/ipfire/main/send_profile") { From d9ac41d55627c3b870e88ac9d9dff5f3820331f5 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 19 Jul 2012 12:42:35 +0200 Subject: [PATCH 08/15] connections.cgi: Correctly colour OpenVPN n2n connections. --- html/cgi-bin/connections.cgi | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index 54089d0bb..291f579a5 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -173,7 +173,7 @@ if (-e "${General::swroot}/ovpn/settings") { } } -open(IPSEC, "/var/ipfire/vpn/config"); +open(IPSEC, "${General::swroot}/var/ipfire/vpn/config"); my @ipsec = ; close(IPSEC); @@ -190,6 +190,26 @@ foreach my $line (@ipsec) { push(@colour, ${Header::colourvpn}); } +if (-e "${General::swroot}/ovpn/n2nconf") { + open(OVPNN2N, "${General::swroot}/ovpn/ovpnconfig"); + my @ovpnn2n = ; + close(OVPNN2N); + + foreach my $line (@ovpnn2n) { + my @ovpn = split(',', $line); + next if ($ovpn[4] ne 'net'); + + my ($network, $mask) = split("/", $ovpn[12]); + if (!&General::validip($mask)) { + $mask = ipv4_cidr2msk($mask); + } + + push(@network, $network); + push(@masklen, $mask); + push(@colour, ${Header::colourovpn}); + } +} + # Show the page. &Header::openpage($Lang::tr{'connections'}, 1, ''); &Header::openbigbox('100%', 'left'); From 7d55ca0da4ed4d491885b0ad15a6c80244543323 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 19 Jul 2012 13:14:52 +0200 Subject: [PATCH 09/15] connections.cgi: Show name for "unknown" protocols. --- html/cgi-bin/connections.cgi | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index 291f579a5..21f66d7b2 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -290,8 +290,28 @@ foreach my $line (@conntrack) { # L4 protocol (tcp, udp, ...). my $l4proto = $conn[2]; + # Translate unknown protocols. if ($l4proto eq 'unknown') { - $l4proto = ''; + my $l4protonum = $conn[3]; + if ($l4protonum eq '2') { + $l4proto = 'IGMP'; + } elsif ($l4protonum eq '4') { + $l4proto = 'IPv4 Encap'; + } elsif ($l4protonum eq '33') { + $l4proto = 'DCCP'; + } elsif ($l4protonum eq '41') { + $l4proto = 'IPv6 Encap'; + } elsif ($l4protonum eq '50') { + $l4proto = 'ESP'; + } elsif ($l4protonum eq '51') { + $l4proto = 'AH'; + } elsif ($l4protonum eq '132') { + $l4proto = 'SCTP'; + } else { + $l4proto = $l4protonum; + } + } else { + $l4proto = uc($l4proto); } # Source and destination. @@ -304,7 +324,7 @@ foreach my $line (@conntrack) { my $ttl = $conn[4]; my $state; - if ($l4proto eq 'tcp') { + if ($l4proto eq 'TCP') { $state = $conn[5]; } @@ -337,21 +357,21 @@ foreach my $line (@conntrack) { my $sip_colour = ipcolour($sip); my $dip_colour = ipcolour($dip); - my $sserv = ''; - if ($sport < 1024) { + my $sserv = ''; + if ($sport < 1024) { $sserv = uc(getservbyport($sport, lc($l4proto))); if ($sserv ne '') { $sserv = " ($sserv)"; } - } + } - my $dserv = ''; - if ($dport < 1024) { + my $dserv = ''; + if ($dport < 1024) { $dserv = uc(getservbyport($dport, lc($l4proto))); if ($dserv ne '') { $dserv = " ($dserv)"; } - } + } my $bytes_in = format_bytes($bytes[0]); my $bytes_out = format_bytes($bytes[1]); From a786b755eb828726c8db333b00865432933bcf24 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 19 Jul 2012 14:06:47 +0200 Subject: [PATCH 10/15] calamaris: Make decompressing large logs more memory-friendly. Thanks to Roger Devaux for reporting and testing. Calamaris is now able to process big log files consuming about 10M or RAM (was several gigabytes before). --- config/calamaris/mkreport | 4 ++-- config/rootfiles/core/61/filelists/files | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/config/calamaris/mkreport b/config/calamaris/mkreport index 53db9d571..ee831624c 100644 --- a/config/calamaris/mkreport +++ b/config/calamaris/mkreport @@ -94,7 +94,7 @@ sub processlogfiles { if ($filestr =~ /access\.log/) { open (LOG,"gzip -dc $filestr |"); - foreach () { + while () { if (substr($_,0,10) >= $date_from) { if (substr($_,0,10) <= $date_to) { print TMPLOG "$_"; } } } close(LOG); @@ -106,7 +106,7 @@ sub processlogfiles { if ($filestr =~ /access\.log/) { open (LOG,$filestr); - foreach () { + while () { if (substr($_,0,10) >= $date_from) { if (substr($_,0,10) <= $date_to) { print TMPLOG "$_"; } } } close(LOG); diff --git a/config/rootfiles/core/61/filelists/files b/config/rootfiles/core/61/filelists/files index 396a27f7a..1466fef82 100644 --- a/config/rootfiles/core/61/filelists/files +++ b/config/rootfiles/core/61/filelists/files @@ -8,5 +8,6 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/proxy.cgi var/ipfire/general-functions.pl var/ipfire/langs +var/ipfire/proxy/calamaris/bin/mkreport usr/local/bin/getconntracktable usr/sbin/redirect_wrapper From 24c82ed2128103912012cba5e5775e6873edf2ee Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 19 Jul 2012 22:12:05 +0200 Subject: [PATCH 11/15] services.cgi: Fix wrong memory usage display. --- config/rootfiles/core/61/filelists/files | 1 + html/cgi-bin/services.cgi | 17 +++++++++++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/core/61/filelists/files b/config/rootfiles/core/61/filelists/files index 1466fef82..6ef00dc60 100644 --- a/config/rootfiles/core/61/filelists/files +++ b/config/rootfiles/core/61/filelists/files @@ -6,6 +6,7 @@ srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/connections.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/proxy.cgi +srv/web/ipfire/cgi-bin/services.cgi var/ipfire/general-functions.pl var/ipfire/langs var/ipfire/proxy/calamaris/bin/mkreport diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi index 55740cf26..123c32587 100644 --- a/html/cgi-bin/services.cgi +++ b/html/cgi-bin/services.cgi @@ -240,7 +240,7 @@ sub isrunning{ my $pid = ''; my $testcmd = ''; my $exename; - my @memory; + my $memory; $cmd =~ /(^[a-z]+)/; $exename = $1; @@ -256,13 +256,18 @@ sub isrunning{ } close FILE; } - if (open(FILE, "/proc/${pid}/statm")){ - my $temp = ; - @memory = split(/ /,$temp); + if (open(FILE, "/proc/${pid}/status")) { + while () { + my ($key, $val) = split(":", $_, 2); + if ($key eq 'VmRSS') { + $memory = $val; + last; + } + } + close(FILE); } - close FILE; if ($testcmd =~ /$exename/){ - $status = "$Lang::tr{'running'}$pid$memory[0] KB"; + $status = "$Lang::tr{'running'}$pid$memory"; } } return $status; From 41b72de4e04289498f99a1fb52f75ec1e156a555 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 21 Jul 2012 12:34:51 +0200 Subject: [PATCH 12/15] Re-add donation button from credits.cgi. This reverts commit 39d36c000a493a12c3ed85d3abf094001e463388. --- html/cgi-bin/credits.cgi | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi index 7375afdb8..75e59b18d 100644 --- a/html/cgi-bin/credits.cgi +++ b/html/cgi-bin/credits.cgi @@ -35,6 +35,24 @@ require "${General::swroot}/header.pl"; &Header::openbigbox('100%', 'center'); +&Header::openbox('100%', 'left', $Lang::tr{'donation'}); + +print <$Lang::tr{'donation-text'}

+
+
+ + + + +
+
+
+ +END +; +&Header::closebox(); + &Header::openbox('100%', 'left', $Lang::tr{'credits'}); print < Date: Sat, 21 Jul 2012 12:44:41 +0200 Subject: [PATCH 13/15] Add credits.cgi to updater. --- config/rootfiles/core/61/filelists/files | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/61/filelists/files b/config/rootfiles/core/61/filelists/files index 6ef00dc60..55fbcf19f 100644 --- a/config/rootfiles/core/61/filelists/files +++ b/config/rootfiles/core/61/filelists/files @@ -2,6 +2,7 @@ etc/system-release etc/issue etc/rc.d/init.d/collectd opt/pakfire/lib/functions.sh +srv/web/ipfire/cgi-bin/credits.cgi srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/connections.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi From cd025baaceeabdd1fd50af0476dfedacb8f60ce6 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 22 Jul 2012 10:25:10 +0200 Subject: [PATCH 14/15] close core61. --- html/cgi-bin/proxy.cgi | 0 make.sh | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) mode change 100755 => 100644 html/cgi-bin/proxy.cgi diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi old mode 100755 new mode 100644 diff --git a/make.sh b/make.sh index 89f979d95..265677b57 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.11" # Version number CORE="61" # Core Level (Filename) -PAKFIRE_CORE="60" # Core Level (PAKFIRE) +PAKFIRE_CORE="61" # Core Level (PAKFIRE) GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir From e3cb5d8b8e966f78ac5e11f61220d28b990f9e48 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 22 Jul 2012 10:28:42 +0200 Subject: [PATCH 15/15] start core62. --- config/rootfiles/core/62/exclude | 12 ++++ config/rootfiles/core/62/filelists/files | 2 + config/rootfiles/core/62/meta | 1 + config/rootfiles/core/62/update.sh | 80 ++++++++++++++++++++++++ make.sh | 2 +- 5 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 config/rootfiles/core/62/exclude create mode 100644 config/rootfiles/core/62/filelists/files create mode 100644 config/rootfiles/core/62/meta create mode 100644 config/rootfiles/core/62/update.sh diff --git a/config/rootfiles/core/62/exclude b/config/rootfiles/core/62/exclude new file mode 100644 index 000000000..7360266bd --- /dev/null +++ b/config/rootfiles/core/62/exclude @@ -0,0 +1,12 @@ +srv/web/ipfire/html/proxy.pac +etc/udev/rules.d/30-persistent-network.rules +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +var/updatecache +etc/localtime +var/ipfire/ovpn +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf diff --git a/config/rootfiles/core/62/filelists/files b/config/rootfiles/core/62/filelists/files new file mode 100644 index 000000000..409e5fe8a --- /dev/null +++ b/config/rootfiles/core/62/filelists/files @@ -0,0 +1,2 @@ +etc/system-release +etc/issue diff --git a/config/rootfiles/core/62/meta b/config/rootfiles/core/62/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/core/62/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/62/update.sh b/config/rootfiles/core/62/update.sh new file mode 100644 index 000000000..0c37b836c --- /dev/null +++ b/config/rootfiles/core/62/update.sh @@ -0,0 +1,80 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2012 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# +# Remove old core updates from pakfire cache to save space... +core=62 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# +#Stop services + +# +#Extract files +extract_files + +# +#Start services + +# +#Update Language cache +#perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +#Rebuild module dep's +#arch=`uname -m` +#if [ ${arch::3} == "arm" ]; then +# depmod -a 2.6.32.45-ipfire-versatile >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-kirkwood >/dev/null 2>&1 +#else +# depmod -a 2.6.32.45-ipfire >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-pae >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-xen >/dev/null 2>&1 +#fi + + +#Rebuild initrd's because some compat-wireless modules are inside +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45.img 2.6.32.45-ipfire +#if [ -e /boot/ipfirerd-2.6.32.45-pae.img ]; then +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-pae.img 2.6.32.45-ipfire-pae +#fi +#if [ -e /boot/ipfirerd-2.6.32.45-xen.img ]; then +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-xen.img 2.6.32.45-ipfire-xen +#fi + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# +#Finish +/etc/init.d/fireinfo start +sendprofile +#Don't report the exitcode last command +exit 0 diff --git a/make.sh b/make.sh index 265677b57..c88a8eb25 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.11" # Version number -CORE="61" # Core Level (Filename) +CORE="62" # Core Level (Filename) PAKFIRE_CORE="61" # Core Level (PAKFIRE) GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch SLOGAN="www.ipfire.org" # Software slogan