webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 03:33:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Hinzugefügt:

Browse Source 
* Nochmal ein neues Shutdown-Bild.
  * Schnelle Profilauswahl in der index.cgi
  * Nettraffic.
  * Capiinfo.
Geändert:
  * Menü komplett neu sortiert.
  * Javascript-Option aus gui.cgi entfernt.
  * Pakfire-Fehler beseitigt.
  * Sämtliche /var/ipcop durch /var/ipfire ersetzt.


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@129 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
ms
2006-05-21 20:54:29 +00:00
parent b34fd95d16
commit 10a04d70a4
22 changed files with 2431 additions and 1248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
config/cdrom/README.txt
View File

@@ -1,42 +1,42 @@
IPCop - The Bad Packets Stop Here (VERSION)
------------------------------------------
Installation
------------
Please read the IPCop Installation PDF before installing the firewall.
This document is located in the \doc directory on the cdrom. It will
guide you through the installation process and will help you make the
necessary decisions during the installation process.
DOS Image utility tools
-----------------------
The dosutils directory contains the following DOS and Windows applications,
please use with caution and please can we draw your attention to the
documentation on the IPCop CD or install image on your network drive.
We also draw your attention to the disclaimer of Warranty below.
rawrite.exe - rawrite executable
rawwritewin.exe - rawwrite for Windows
diskio.dll - this MUST be in the same directory as rawrite for Windows
copying.txt - text file
License
-------
Please read the file COPYING for more information on the license.
Disclaimer of Warranty
----------------------
Users of this software must accept this disclaimer of warranty: "This
software is supplied AS IS. IPCop disclaims all warranties, expressed
or implied, including, without limitation, the warranties of merchantability
and of fitness for any purpose. IPCop assumes no liability for
damages, direct or consequential, which may result from the use of this
software."
IPFire - We secure your network (VERSION)
------------------------------------------
Installation
------------
Please read the IPFire Installation manual before installing the firewall.
This document is located in the \doc directory on the cdrom. It will
guide you through the installation process and will help you make the
necessary decisions during the installation process.
DOS Image utility tools
-----------------------
The dosutils directory contains the following DOS and Windows applications,
please use with caution and please can we draw your attention to the
documentation on the IPFire CD or install image on your network drive.
We also draw your attention to the disclaimer of Warranty below.
rawrite.exe - rawrite executable
rawwritewin.exe - rawwrite for Windows
diskio.dll - this MUST be in the same directory as rawrite for Windows
copying.txt - text file
License
-------
Please read the file COPYING for more information on the license.
Disclaimer of Warranty
----------------------
Users of this software must accept this disclaimer of warranty: "This
software is supplied AS IS. IPFire disclaims all warranties, expressed
or implied, including, without limitation, the warranties of merchantability
and of fitness for any purpose. IPFire assumes no liability for
damages, direct or consequential, which may result from the use of this
software."

41
config/cfgroot/backup-exclude
View File

@@ -1,20 +1,21 @@
var/ipcop/backup/*.system
var/ipcop/backup/backup.key
var/ipcop/backup/sets
var/ipcop/countries.pl
var/ipcop/dhcpc
var/ipcop/eciadsl/modems.db
var/ipcop/eciadsl/firmware00.bin
var/ipcop/header.pl
var/ipcop/general-functions.pl
var/ipcop/lang.pl
var/ipcop/key
var/ipcop/langs
var/ipcop/patches
var/ipcop/ppp/fake-resolv.conf
var/ipcop/red
var/ipcop/time/counter
var/ipcop/firewall/protocols.pl
var/ipcop/firewall/defaultservices
var/ipcop/firewall/icmptypes
var/ipcop/addon-lang
var/ipfire/backup/*.system
var/ipfire/backup/backup.key
var/ipfire/backup/sets
var/ipfire/countries.pl
var/ipfire/dhcpc
var/ipfire/eciadsl/modems.db
var/ipfire/eciadsl/firmware00.bin
var/ipfire/header.pl
var/ipfire/general-functions.pl
var/ipfire/lang.pl
var/ipfire/key
var/ipfire/langs
var/ipfire/patches
var/ipfire/ppp/fake-resolv.conf
var/ipfire/red
var/ipfire/time/counter
var/ipfire/firewall/protocols.pl
var/ipfire/firewall/defaultservices
var/ipfire/firewall/icmptypes
var/ipfire/addon-lang
var/ipfire/net-traffic

2
config/cfgroot/backup-exclude.hardware
View File

@@ -1 +1 @@
var/ipcop/ethernet/settings
var/ipfire/ethernet/settings

2
config/cfgroot/backup-include
View File

@@ -13,4 +13,4 @@
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/var/ipcop/
/var/ipfire/

168
config/cfgroot/header.pl
View File

@@ -9,8 +9,6 @@
# Copyright (c) 2002/08/23 Mark Wormgoor <mark@wormgoor.com> validfqdn()
# Copyright (c) 2003/09/11 Darren Critchley <darrenc@telus.net> srtarray()
#
# $Id: header.pl,v 1.34.2.39 2004/11/26 15:51:27 alanh Exp $
#
package Header;
use CGI();
@@ -19,15 +17,6 @@ use Time::Local;
$|=1; # line buffering
sub get_version() {
my $read_ver = `cat /etc/ipfire-release`;
if ($read_ver =~ /^$/) {
return "IPFire (unknown version)";
}
return $read_ver;
}
$Header::version = get_version();
$Header::revision = 'final';
$Header::swroot = '/var/ipfire';
$Header::pagecolour = '#ffffff';
@@ -139,43 +128,37 @@ sub genmenu {
'title' => "$tr{'network configuration'}",
'enabled' => 1,
};
$subsystem->{'03.updates'} = {
'caption' => $tr{'updates'},
'uri' => '/cgi-bin/updates.cgi',
'title' => "$tr{'updates'}",
'enabled' => 0,
};
$subsystem->{'04.passwords'} = {
$subsystem->{'03.passwords'} = {
'caption' => $tr{'sspasswords'},
'uri' => '/cgi-bin/changepw.cgi',
'title' => "$tr{'sspasswords'}",
'enabled' => 1,
};
$subsystem->{'05.ssh'} = {
$subsystem->{'04.ssh'} = {
'caption' => $tr{'ssh access'},
'uri' => '/cgi-bin/remote.cgi',
'title' => "$tr{'ssh access'}",
'enabled' => 1,
};
$subsystem->{'06.gui'} = {
$subsystem->{'05.gui'} = {
'caption' => $tr{'gui settings'},
'uri' => '/cgi-bin/gui.cgi',
'title' => "$tr{'gui settings'}",
'enabled' => 1,
};
$subsystem->{'07.backup'} = {
$subsystem->{'06.backup'} = {
'caption' => $tr{'backup'},
'uri' => '/cgi-bin/backup.cgi',
'title' => "$tr{'backup'} / $tr{'restore'}",
'enabled' => 0,
};
$subsystem->{'08.shutdown'} = {
$subsystem->{'07.shutdown'} = {
'caption' => $tr{'shutdown'},
'uri' => '/cgi-bin/shutdown.cgi',
'title' => "$tr{'shutdown'} / $tr{'reboot'}",
'enabled' => 1,
};
$subsystem->{'09.credits'} = {
$subsystem->{'08.credits'} = {
'caption' => $tr{'credits'},
'uri' => '/cgi-bin/credits.cgi',
'title' => "$tr{'credits'}",
@@ -256,36 +239,61 @@ sub genmenu {
'title' => "$tr{'external aliases configuration'}",
'enabled' => 1,
};
$subnetwork->{'05.nettraf'} = {
'caption' => '$tr{'sstraffic'}',
'uri' => '/cgi-bin/traffic.cgi',
'title' => "$tr{'sstraffic'}",
'enabled' => 1,
};
$subnetwork->{'06.openvpn'} = {
'caption' => 'OpenVPN',
'uri' => '/cgi-bin/ovpnmain.cgi',
'title' => "$tr{'virtual private networking'}",
'enabled' => 1,
};
$subnetwork->{'07.ipsec'} = {
'caption' => 'IPSec,
'uri' => '/cgi-bin/vpnmain.cgi',
'title' => "$tr{'virtual private networking'}",
'enabled' => 1,
};
my %subserviceshash = ();
my $subservices = \%subserviceshash;
$subservices->{'01.dhcp'} = {
$subservices->{'01.proxy'} = {
'caption' => $tr{'proxy'},
'uri' => '/cgi-bin/proxy.cgi',
'title' => "HTTP: $tr{'web proxy configuration'}",
'enabled' => 1,
};
$subservices->{'02.dhcp'} = {
'caption' => $tr{'dhcp server'},
'uri' => '/cgi-bin/dhcp.cgi',
'title' => "$tr{'dhcp configuration'}",
'enabled' => 1,
};
$subservices->{'02.dyndns'} = {
$subservices->{'03.dyndns'} = {
'caption' => $tr{'dynamic dns'},
'uri' => '/cgi-bin/ddns.cgi',
'title' => "$tr{'dynamic dns client'}",
'enabled' => 1,
};
$subservices->{'03.time'} = {
$subservices->{'04.time'} = {
'caption' => $tr{'time server'},
'uri' => '/cgi-bin/time.cgi',
'title' => "$tr{'time server'}",
'enabled' => 1,
};
$subservices->{'04.shaping'} = {
'caption' => $tr{'traffic shaping'},
'uri' => '/cgi-bin/shaping.cgi',
$subservices->{'05.qos'} = {
'caption' => 'Quality of Service',
'uri' => '/cgi-bin/qos.cgi',
'title' => "$tr{'traffic shaping settings'}",
'enabled' => 1,
};
$subservices->{'05.ids'} = {'caption' => $tr{'intrusion detection'},
$subservices->{'06.ids'} = {'caption' => $tr{'intrusion detection'},
'enabled' => 1,
'uri' => '/cgi-bin/ids.cgi',
'title' => "$tr{'intrusion detection system'} (Snort)",
@@ -322,87 +330,6 @@ sub genmenu {
};
my %subhttphash = ();
my $subhttp = \%subhttphash;
$subhttp->{'01.proxy'} = {
'caption' => $tr{'proxy'},
'uri' => '/cgi-bin/advproxy.cgi',
'title' => "HTTP: $tr{'web proxy configuration'}",
'enabled' => 1,
};
$subhttp->{'02.contentfilter'} = {
'caption' => $tr{'content filter'},
'uri' => '/cgi-bin/dansguardian.cgi',
'title' => "HTTP: $tr{'content filter'}",
'enabled' => 1,
};
$subhttp->{'03.antivirus'} = {
'caption' => $tr{'antivirus'},
'uri' => '/cgi-bin/httpantivirus.cgi',
'title' => "HTTP: $tr{'antivirus'}",
'enabled' => 1,
};
$subhttp->{'04.proxymanagment'} = {
'caption' => $tr{'DS Managment'},
'uri' => '/cgi-bin/proxygm.cgi',
'title' => "HTTP: $tr{'DS Managment'}",
'enabled' => 1,
};
$subhttp->{'05.activatedgroups'} = {
'caption' => $tr{'activated Groups'},
'uri' => '/cgi-bin/proxyag.cgi',
'title' => "HTTP: $tr{'activated Groups'}",
'enabled' => 1,
};
$subhttp->{'06.advancedproxy'} = {
'caption' => $tr{'Proxy Advanced'},
'uri' => '/cgi-bin/proxyad.cgi',
'title' => "HTTP: $tr{'Proxy Advanced'}",
'enabled' => 1,
};
my %subproxyhash = ();
my $subproxy = \%subproxyhash;
$subproxy->{'01.http'} = {'caption' => $tr{'HTTP'},
'enabled' => 1,
'subMenu' => $subhttp
};
$subproxy->{'02.ftp'} = {'caption' => 'FTP',
'enabled' => 1,
'subMenu' => $subftp
};
my %subopenvpnhash = ();
my $subopenvpn = \%subopenvpnhash;
$subopenvpn->{'01.server'} = {'caption' => $tr{'openvpn'},
'uri' => '/cgi-bin/openvpn.cgi',
'title' => "$tr{'virtual private networking'}",
'enabled' => 1,
};
$subopenvpn->{'02.client'} = {'caption' => $tr{'openvpnclient'},
'uri' => '/cgi-bin/openvpnclient.cgi',
'title' => "$tr{'virtual private networking'}",
'enabled' => 1,
};
my %subvpnhash = ();
my $subvpn = \%subvpnhash;
$subvpn->{'01.openvpn'} = {'caption' => $tr{'openvpn'},
'subMenu' => $subopenvpn,
'enabled' => 1,
};
$subvpn->{'02.ipsec'} = {'caption' => $tr{'ipsec'},
'uri' => '/cgi-bin/vpnmain.cgi',
'title' => "$tr{'virtual private networking'}",
'enabled' => 1,
};
my %sublogshash = ();
my $sublogs = \%sublogshash;
@@ -465,11 +392,21 @@ sub genmenu {
'title' => "$tr{'paketmanager'}",
'enabled' => 1,
};
$subipfire->{'02.asterisk'} = {'caption' => $tr{'asterisk'},
'uri' => '/cgi-bin/asterisk.cgi',
'title' => "$tr{'asterisk'}",
'enabled' => 1,
};
$subipfire->{'02.samba'} = {'caption' => $tr{'samba'},
'uri' => '/cgi-bin/samba.cgi',
'title' => "$tr{'samba'}",
'enabled' => 1,
};
$subipfire->{'99.help'} = {'caption' => $tr{'help'},
'uri' => '/cgi-bin/help.cgi',
'title' => "$tr{'help'}",
'enabled' => 1,
};
@@ -497,7 +434,7 @@ sub genmenu {
'enabled' => 1,
'subMenu' => $subproxy
};
$menu->{'07.vpn'} = {'caption' => 'VPN',
$menu->{'07.ipfire'} = {'caption' => 'IPFire',
'enabled' => 1,
'subMenu' => $subvpn
};
@@ -505,12 +442,6 @@ sub genmenu {
'enabled' => 1,
'subMenu' => $sublogs
};
$menu->{'09.ipfire'} = {'caption' => 'IPFire',
'enabled' => 1,
'subMenu' => $subipfire
};
if (! blue_used() && ! orange_used()) {
$menu->{'05.firewall'}{'subMenu'}->{'03.dmz'}{'enabled'} = 0;
@@ -876,7 +807,6 @@ sub closepage () {
<p>
<div style="font-size: 9px"><b>Status:</b> $status <b>Uptime:</b>$uptime</div>
</p>
<p><a href="http://www.ipfire.org">IPFire</a> $version (c)</p>
</div>
</body>
<meta http-equiv="Page-Enter" content="blendTrans(Duration=1.0,Transition=12)">

498
config/cfgroot/net-traffic-lib.pl Normal file
View File

@@ -0,0 +1,498 @@
#!/usr/bin/perl
#
# $Id: net-traffic-lib.pl,v 1.4 2005/03/17 11:43:55 dotzball Exp $
#
# Summarize all IP accounting files from start to end time
#
# Copyright (C) 1997 - 2000 Moritz Both
# 2001 - 2002 Al Zaharov
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# The author can be reached via email: moritz@daneben.de, or by
# snail mail: Moritz Both, Im Moore 26, 30167 Hannover,
# Germany. Phone: +49-511-1610129
#
#
# 22 June 2004 By Achim Weber dotzball@users.sourceforge.net
# - changed to use it with Net-Traffic Addon
# - renamed to avoid issues when calling this file or original ipacsum
# - this file is net-traffic-lib.pl for IPCop 1.4.0
#
package Traffic;
use 5.000;
use Getopt::Long;
use POSIX qw(strftime);
use Time::Local;
use Socket;
use IO::Handle;
$|=1; # line buffering
@moff = (0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 );
# =()<$datdelim="@<DATDELIM>@";>()=
$datdelim="#-#-#-#-#";
# =()<$prefix="@<prefix>@";>()=
$prefix="/usr";
# =()<$exec_prefix="@<exec_prefix>@";>()=
$exec_prefix="${prefix}";
# =()<$INSTALLPATH="@<INSTALLPATH>@";>()=
$INSTALLPATH="${exec_prefix}/sbin";
$datdir="/var/log/ip-acct";
$me=$0;
$me =~ s|^.*/([^/]+)$|$1|;
$now = time;
$fetchipac="$INSTALLPATH/fetchipac";
$rule_regex = ".*"; # match rules with this regex only
## Net-Traffic variables ##
my %allDays = ();
my $allDaysBytes;
my $tzoffset = 0;
my $displayMode = "daily";
my ($curMonth, $curYear);
${Traffic::blue_in} = 'incoming BLUE';
${Traffic::green_in} = 'incoming GREEN';
${Traffic::orange_in} = 'incoming ORANGE';
${Traffic::red_in} = 'incoming RED';
${Traffic::blue_out} = 'outgoing BLUE';
${Traffic::green_out} = 'outgoing GREEN';
${Traffic::orange_out} = 'outgoing ORANGE';
${Traffic::red_out} = 'outgoing RED';
sub calcTraffic{
$allDaysBytes = shift;
$starttime = shift;
$endtime = shift;
$displayMode = shift;
$starttime =~ /^(\d\d\d\d)(\d\d)/;
$curYear = $1;
$curMonth = $2;
# calculate time zone offset in seconds - use difference of output of date
# command and time function, round it
$tzoffset = time-timegm(localtime());
$machine_name = undef;
$starttime = makeunixtime($starttime);
$endtime = makeunixtime($endtime);
$endtime -= 1;
# options that we need to pass to fetchipac if we call it.
$fetchipac_options = "--directory=$datdir";
$endtime = $now if ($endtime > $now);
$starttime = 0 if ($starttime < 0);
$mystarttime = &makemydailytime($starttime);
$myendtime = &makemydailytime($endtime);
%rule_firstfile = %rule_lastfile = ( );
# find out which timestamps we need to read.
# remember newest timestamp before starttime so we know when data for
# the first file starts
# also remember oldest timestamp after end time
$newest_timestamp_before_starttime = "";
$oldest_timestamp_after_endtime = "";
open(DATA, "$fetchipac $fetchipac_options --timestamps=$starttime,$endtime ".
"--machine-output-format|") || die "$me: cant run $fetchipac\n";
# the first thing is the timestamp count
$count=<DATA>;
if ($count == 0) {
return ();
}
while(<DATA>)
{
if (/^(.)\s(\d+)$/) {
my $ts = $2;
if ($1 eq "-") {
$newest_timestamp_before_starttime=$ts;
}
elsif ($1 eq "+") {
$oldest_timestamp_after_endtime=$ts;
}
elsif ($1 eq "*") {
push(@timestamps, $ts);
}
else {
die "$me: illegal output from $fetchipac: \"$_\"\n";
}
}
else {
die "$me: illegal output from $fetchipac: \"$_\"\n";
}
}
close DATA;
push(@timestamps, $oldest_timestamp_after_endtime)
if ($oldest_timestamp_after_endtime);
unshift(@timestamps, $newest_timestamp_before_starttime)
if ($newest_timestamp_before_starttime);
$rulenumber = 0;
# read all data we need and put the data into memory.
&read_data;
@days_sorted = sort keys %allDays;
return @days_sorted;
}
##########################
# END OF MAIN PROGRAM
##########################
# read all data (@timestmaps contains the timestamps, must be sorted!)
# and put the data into our global memory data
# structures. special care must be taken with data of the first and
# the last timestamps we read, since we only want data which is from our
# time frame. Furthermore, data from before and after this time frame
# must be preserved in special data structures because we might replace
# them (option --replace) and have to write extra data for these times
# then.
sub read_data {
my $run_s;
my $s;
my $i;
my $in_time = 0;
my $after_time = 0;
my $curDay = $starttime;
# feed the timestamp list to fetchipac on its stdin.
socketpair(CHILD, PARENT, AF_UNIX, SOCK_STREAM, PF_UNSPEC)
or die "socketpair: $!";
CHILD->autoflush(1);
PARENT->autoflush(1);
my $pid = open(CHILD, "-|");
die "$me: can't fork: $!\n" unless defined $pid;
if ($pid == 0) {
# child
close CHILD;
open(FETCHIPAC, "|$fetchipac $fetchipac_options --record "
."--machine-output-format")
or die "$me: cant exec fetchipac\n";
#this is much more efficient than the original code (Manfred Weihs)
# and it adds more troubles than solves (Al Zakharov)
if ($timestamps[0] == $newest_timestamp_before_starttime) {
print(FETCHIPAC $timestamps[1],"-",$timestamps[$count],"\n");
} else {
print(FETCHIPAC $timestamps[0],"-",$timestamps[$count-1],"\n");
}
close(FETCHIPAC);
close(PARENT);
exit;
}
close PARENT;
my $laststamp = undef;
$laststamp = $newest_timestamp_before_starttime
if ($newest_timestamp_before_starttime);
$i = 0;
$i++ if ($laststamp);
while (<CHILD>) {
# first line of fetchipac output: "ADD"
/^ADD\s*$/i or die "$me: bad line from fetchipac: $_\n";
# second line of fetchipac output: timestamp no_of_records
$_ = <CHILD> || last;
/^(\d+)\s(\d+)$/ or die "$me: bad line from fetchipac: $_\n";
my $timestamp = int $1;
my $number_of_records = int $2;
my $do_collect = 1;
if ($displayMode =~ /^daily/) {
# increment Day aslong current timestamp is not in current Day
while ( ($timestamp-$curDay) > 86399) {
$curDay += 86400;
}
}
else
{
my @dummy = localtime($timestamp);
# increment Month aslong current timestamp is not in current Month
while ($curMonth < ($dummy[4]+1) || $curYear<($dummy[5]+1900)) {
$curMonth++;
if ($curMonth > 12) {
$curMonth = 1;
$curYear++;
}
my $newMonth = $curYear;
$newMonth .= $curMonth < 10 ? "0".$curMonth."01" : $curMonth."01";
$newMonth .= "01";
$curDay = &makeunixtime($newMonth);
}
}
if ($timestamp < $starttime) {
# this record is too old, we dont need the data.
# However, the timestamp gives us a clue on the
# time period the next item covers.
$do_collect = 0;
}
my $irec;
# read each record
my $data = &read_data_record(CHILD, $number_of_records);
if ($do_collect && $in_time == 0) {
# the data is from after starttime. if it is the
# first one, split the data (if we know for how
# long this data is valid, and if $laststamp is not
# equal to $starttime in which case the split is
# redundant). If we don't have a clue about the
# last file time before our first file was created,
# we do not know how much of the file data is in our
# time frame. we assume everything belongs to us.
$in_time = 1;
# if ($laststamp && $laststamp != $starttime) {
if ($laststamp && $laststamp != $newest_timestamp_before_starttime) {
my $newdata = &split_data($data,
$laststamp, $timestamp, $starttime);
$glb_data_before = $data;
$data = $newdata;
$laststamp = $starttime;
}
}
if ($timestamp > $endtime) {
# this data is too new, but the data in it may have
# begun within our time frame. (if endtime eq laststamp
# we do a redundant split here, too - it works for now
# and --replace relies on it, but it is ugly.)
if ($after_time == 0) {
$after_time = 1;
if ($laststamp) {
$glb_data_after =
&split_data($data,$laststamp,$timestamp,$endtime);
} else {
$do_collect = 0;
}
} else {
$do_collect = 0; # just too new.
}
}
if ($do_collect) {
&collect_data($data, $i, $curDay);
}
$laststamp = $timestamp;
$i++;
}
close CHILD;
wait;
}
# split the data in $1 (format as from read_data) into a pair of two
# such data sets. The set referenced to as $1 will afterwards contain
# the first part of the data, another set which is returned contains
# the second part of the data.
# interpret the data as having start time=$2 and end time=$3 and split
# time=$4
sub split_data {
my $data = shift;
my $mstart = shift;
my $mend = shift;
my $msplit = shift;
# calculate factors for multiplications
my $ust = $mstart;
my $uperiod = $mend - $ust;
my $usplit = $msplit - $ust;
if ($uperiod < 0) {
# hmmm? die Daten sind rueckwaerts???
$uperiod = -$uperiod;
}
my $fac1;
if ($usplit < 0) {
$fac1 = 0;
}
elsif ($usplit > $uperiod) {
$fac1 = 1;
}
else {
$fac1 = $usplit / $uperiod;
}
# $fac1 now says us how much weight the first result has.
# initialize the set we will return.
my @ret = ( );
foreach $set (@$data) {
my ($rule, $bytes, $pkts) = @$set;
$$set[1] = int($bytes * $fac1 + 0.5);
$$set[2] = int($pkts * $fac1 + 0.5);
push(@ret, [ $rule, $bytes - $$set[1], $pkts - $$set[2] ]);
}
return \@ret;
}
# put data from one file into global data structures
# must be called in correct sorted file name order to set rules_lastfile
# and rules_firstfile (which are currently useless)
# arguments:
# $1=index number of file; $2 = reference to array with data from file
sub collect_data {
my($filedata, $ifile, $i, $day);
$filedata = shift;
$ifile=shift;
$day =shift;
# if day first appeared in this file, initialize its
# life.
if (!defined($allDays{$day})) {
return if (&init_filter_id($day));
$allDays{$day} = $rulenumber++;
}
for ($i=0; $i<=$#$filedata; $i++) {
my $set = $$filedata[$i];
my $rule = $$set[0];
my $bytes = $$set[1];
my $pkts = $$set[2];
$_ = $rule;
/^(.*) \(.*$/;
$_ = $1;
/^forwarded (.*)$/;
$rule = $1;
$allDaysBytes->{$day}{$rule} += $bytes;
}
}
# initialize data variables for a new rule - if it is new
sub init_filter_id {
my($s, $ifile) = @_;
if (!defined $allDaysBytes->{$s}) {
if ($displayMode =~ /^daily/) {
my $newDay = &makemydailytime($s);
$newDay =~ /^\d\d\d\d-(\d\d)-\d\d$/;
return 1 if ($1 > $curMonth && $displayMode ne "daily_multi");
$allDaysBytes->{$s}{'Day'} = $newDay;
}
else {
$allDaysBytes->{$s}{'Day'} = &makemymonthlytime($s);
}
$allDaysBytes->{$s}{${Traffic::blue_in}} = int(0);
$allDaysBytes->{$s}{${Traffic::green_in}} = int(0);
$allDaysBytes->{$s}{${Traffic::orange_in}} = int(0);
$allDaysBytes->{$s}{${Traffic::red_in}} = int(0);
$allDaysBytes->{$s}{${Traffic::blue_out}} = int(0);
$allDaysBytes->{$s}{${Traffic::green_out}} = int(0);
$allDaysBytes->{$s}{${Traffic::orange_out}} = int(0);
$allDaysBytes->{$s}{${Traffic::red_out}} = int(0);
}
return 0;
}
# read data record from filehandle $1
# number of records is $2
# Return value: reference to array a of length n;
# n is the number of rules
# each field in a is an array aa with 3 fields
# the fields in arrays aa are: [0]=name of rule; [1]=byte count;
# [2]=packet count
# function does not use global variables
sub read_data_record {
my($file, $number_of_records, $beforedata, $indata, $i, $irec);
my($pkts, $bytes, $rule);
my(@result);
$file=shift;
$number_of_records = shift;
$indata=0;
$beforedata=1;
for($irec = 0; $irec < $number_of_records; $irec++) {
$_ = <$file>;
chop;
/^\(\s*(.*)$/ or die "$me: bad line from fetchipac (expecting machine name): $_\n";
$machine_name = $1; # remember final machine name
while(<$file>) {
last if (/^\)$/); # terminating line ')'
/^(\d+)\s(\d+)\s\|(.*)\|$/
or die "$me: bad line from fetchipac (expecting rule item): $_\n";
$bytes = $1;
$pkts = $2;
$rule = $3;
if ($rule =~ /$rule_regex/) {
push(@result, [ $rule, $bytes, $pkts]);
}
}
}
# read another emtpy line (data format consistency)
$_ = <$file>;
die "$me: bad data from fetchipac (expected emtpy line): $_\n"
if ($_ !~ /^$/);
\@result;
}
# given a string in format YYYYMMDD[hh[mm[ss]]], make unix time
# use time zone offset $tzoffset (input=wall clock time, output=UTC)
sub makeunixtime {
my($y, $m, $d, $h, $i, $e);
$s = shift;
$h=0; $i=0; $e=0;
if ($s =~ /^(\d\d\d\d)(\d\d)(\d\d)/) {
($y, $m, $d) = ($1, $2, $3);
if ($s =~ /^\d\d\d\d\d\d\d\d-?(\d\d)/) {
$h=$1;
if ($s =~ /^\d\d\d\d\d\d\d\d-?\d\d(\d\d)/) {
$i=$1;
if ($s =~ /^\d\d\d\d\d\d\d\d-?\d\d\d\d(\d\d)/) {
$e=$1;
}
}
}
}
else {
return 0;
}
$y-=1970;
$s = (($y)*365) + int(($y+2)/4) + $moff[$m-1] + $d-1;
$s-- if (($y+2)%4 == 0 && $m < 3);
$s*86400 + $h*3600 + $i*60 + $e + $tzoffset;
}
# return the given unix time in localtime in "mydaily" time format
sub makemydailytime {
my($s)=shift;
my($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime($s);
return sprintf("%04d-%02d-%02d", 1900+$year, $mon+1, $mday);
}
# return the given unix time in localtime in "mymonthly" time format
sub makemymonthlytime {
my($s)=shift;
my($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime($s);
return sprintf("%04d-%02d", 1900+$year, $mon+1);
}
# EOF

98
config/cfgroot/proxy-acl
View File

@@ -1,49 +1,49 @@
# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes
# you make will be overwritten whenever you resave proxy settings using the
# web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then
# restart squid using the web interface. Changes made to the 'acl' file
# will propagate to the 'squid.conf' file at that time.
# [Scott Tregear, 22 Feb 2005]
# Uncomment the following line to enable logging of User-Agent header:
#useragent_log /var/log/squid/user_agent.log
# Uncomment the following line to enable logging of Referer header:
#referer_log /var/log/squid/referer.log
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port __PROXY_PORT__ # Squid port (for icons)
acl IPCop_http port 81
acl IPCop_https port 444
acl IPCop_ips dst __GREEN_IP__ __BLUE_IP__
acl IPCop_networks src __GREEN_NET__ __BLUE_NET__
acl CONNECT method CONNECT
##Access to squid:
#local machine, no restriction
http_access allow localhost
#GUI admin if local machine connects
http_access allow IPCop_ips IPCop_networks IPCop_http
http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
#Deny not web services
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#Finally allow IPCop_networks clients
http_access allow IPCop_networks
http_access deny all
# Do not modify '/var/ipfire/proxy/squid.conf' directly since any changes
# you make will be overwritten whenever you resave proxy settings using the
# web interface! Instead, modify the file '/var/ipfire/proxy/acl' and then
# restart squid using the web interface. Changes made to the 'acl' file
# will propagate to the 'squid.conf' file at that time.
# [Scott Tregear, 22 Feb 2005]
# Uncomment the following line to enable logging of User-Agent header:
#useragent_log /var/log/squid/user_agent.log
# Uncomment the following line to enable logging of Referer header:
#referer_log /var/log/squid/referer.log
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port __PROXY_PORT__ # Squid port (for icons)
acl IPCop_http port 81
acl IPCop_https port 444
acl IPCop_ips dst __GREEN_IP__ __BLUE_IP__
acl IPCop_networks src __GREEN_NET__ __BLUE_NET__
acl CONNECT method CONNECT
##Access to squid:
#local machine, no restriction
http_access allow localhost
#GUI admin if local machine connects
http_access allow IPCop_ips IPCop_networks IPCop_http
http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
#Deny not web services
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#Finally allow IPCop_networks clients
http_access allow IPCop_networks
http_access deny all