webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 03:33:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update connections.cgi: Show byte counters.

Browse Source 
The connections.cgi file has been rewritten to read
the needed information directly from the kernel.

Byte counters have been added which show how much data
has been transmitted over one connection in each
direction.
This commit is contained in:
Michael Tremer
2012-07-18 12:21:23 +02:00
parent b0c682c06f
commit 75bc929eb9
5 changed files with 363 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/rootfiles/common/misc-progs
View File

@@ -5,6 +5,7 @@ usr/local/bin/backupctrl
usr/local/bin/dhcpctrl usr/local/bin/dhcpctrl
usr/local/bin/extrahdctrl usr/local/bin/extrahdctrl
usr/local/bin/fireinfoctrl usr/local/bin/fireinfoctrl
usr/local/bin/getconntracktable
usr/local/bin/getipstat usr/local/bin/getipstat
usr/local/bin/getiptstate usr/local/bin/getiptstate
#usr/local/bin/iowrap #usr/local/bin/iowrap

1
config/rootfiles/core/61/filelists/files
View File

@@ -7,4 +7,5 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/proxy.cgi
var/ipfire/general-functions.pl var/ipfire/general-functions.pl
var/ipfire/langs var/ipfire/langs
usr/local/bin/getconntracktable
usr/sbin/redirect_wrapper usr/sbin/redirect_wrapper

641
html/cgi-bin/connections.cgi
View File

@@ -2,7 +2,7 @@
############################################################################### ###############################################################################
# # # #
# IPFire.org - A linux based firewall # # IPFire.org - A linux based firewall #
# Copyright (C) 2007-2011 IPFire Team <info@ipfire.org> # # Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
# # # #
# This program is free software: you can redistribute it and/or modify # # This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by # # it under the terms of the GNU General Public License as published by #
@@ -19,13 +19,10 @@
# # # #
############################################################################### ###############################################################################
my @network=(); use strict;
my @masklen=();
my @colour=();
use Net::IPv4Addr qw( :all ); use Net::IPv4Addr qw( :all );
use Switch;
use strict;
# enable only the following on debugging purpose # enable only the following on debugging purpose
#use warnings; #use warnings;
@@ -35,42 +32,62 @@ require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl"; require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl"; require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once &Header::showhttpheaders();
my @dummy = ( ${Header::table1colour} );
undef (@dummy);
# Read various files my @network=();
my @masklen=();
my @colour=();
my %netsettings=(); my %netsettings=();
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
open (ACTIVE, '/usr/local/bin/getiptstate |') or die 'Unable to open ip_conntrack'; #workaround to suppress a warning when a variable is used only once
my @active = <ACTIVE>; my @dummy = ( ${Header::table1colour} );
close (ACTIVE); undef (@dummy);
# Read the connection tracking table.
open(CONNTRACK, "/usr/local/bin/getconntracktable | sort -k 5,5 --numeric-sort --reverse |") or die "Unable to read conntrack table";
my @conntrack = <CONNTRACK>;
close(CONNTRACK);
# Collect data for the @network array.
# Add Firewall Localhost 127.0.0.1
push(@network, '127.0.0.1');
push(@masklen, '255.255.255.255');
push(@colour, ${Header::colourfw});
if (open(IP, "${General::swroot}/red/local-ipaddress")) { if (open(IP, "${General::swroot}/red/local-ipaddress")) {
my $redip = <IP>; my $redip = <IP>;
close(IP); close(IP);
chomp $redip;
push(@network, $redip); chomp $redip;
push(@masklen, '255.255.255.255' ); push(@network, $redip);
push(@colour, ${Header::colourfw} ); push(@masklen, '255.255.255.255');
push(@colour, ${Header::colourfw});
} }
my @vpn = `/usr/local/bin/ipsecctrl I 2>/dev/null|grep erouted|cut -d"]" -f3|cut -d"=" -f4|cut -d";" -f1| sed "s|/| |g"`; # Add STATIC RED aliases
foreach my $route (@vpn) { if ($netsettings{'RED_DEV'}) {
chomp($route); my $aliasfile = "${General::swroot}/ethernet/aliases";
my @temp = split(/[\t ]+/, $route); open(ALIASES, $aliasfile) or die 'Unable to open aliases file.';
if ( $temp[0] eq '$redip' ){next;} my @aliases = <ALIASES>;
push(@network, $temp[0]); close(ALIASES);
push(@masklen, $temp[1]);
push(@colour, ${Header::colourvpn} );
}
my $aliasfile = "${General::swroot}/ethernet/aliases"; # We have a RED eth iface
open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; if ($netsettings{'RED_TYPE'} eq 'STATIC') {
my @aliases = <ALIASES>; # We have a STATIC RED eth iface
close(ALIASES); foreach my $line (@aliases) {
chomp($line);
my @temp = split(/\,/,$line);
if ($temp[0]) {
push(@network, $temp[0]);
push(@masklen, $netsettings{'RED_NETMASK'} );
push(@colour, ${Header::colourfw} );
}
}
}
}
# Add Green Firewall Interface # Add Green Firewall Interface
push(@network, $netsettings{'GREEN_ADDRESS'}); push(@network, $netsettings{'GREEN_ADDRESS'});
@@ -85,32 +102,11 @@ push(@colour, ${Header::colourgreen} );
# Add Green Routes to Array # Add Green Routes to Array
my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`; my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`;
foreach my $route (@routes) { foreach my $route (@routes) {
chomp($route); chomp($route);
my @temp = split(/[\t ]+/, $route); my @temp = split(/[\t ]+/, $route);
push(@network, $temp[0]); push(@network, $temp[0]);
push(@masklen, $temp[2]); push(@masklen, $temp[2]);
push(@colour, ${Header::colourgreen} ); push(@colour, ${Header::colourgreen} );
}
# Add Firewall Localhost 127.0.0.1
push(@network, '127.0.0.1');
push(@masklen, '255.255.255.255' );
push(@colour, ${Header::colourfw} );
# Add Orange Network
if ($netsettings{'ORANGE_DEV'}) {
push(@network, $netsettings{'ORANGE_NETADDRESS'});
push(@masklen, $netsettings{'ORANGE_NETMASK'} );
push(@colour, ${Header::colourorange} );
# Add Orange Routes to Array
@routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`;
foreach my $route (@routes) {
chomp($route);
my @temp = split(/[\t ]+/, $route);
push(@network, $temp[0]);
push(@masklen, $temp[2]);
push(@colour, ${Header::colourorange} );
}
} }
# Add Blue Firewall Interface # Add Blue Firewall Interface
@@ -120,304 +116,317 @@ push(@colour, ${Header::colourfw} );
# Add Blue Network # Add Blue Network
if ($netsettings{'BLUE_DEV'}) { if ($netsettings{'BLUE_DEV'}) {
push(@network, $netsettings{'BLUE_NETADDRESS'}); push(@network, $netsettings{'BLUE_NETADDRESS'});
push(@masklen, $netsettings{'BLUE_NETMASK'} ); push(@masklen, $netsettings{'BLUE_NETMASK'} );
push(@colour, ${Header::colourblue} ); push(@colour, ${Header::colourblue} );
# Add Blue Routes to Array
@routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; # Add Blue Routes to Array
foreach my $route (@routes) { @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`;
chomp($route); foreach my $route (@routes) {
my @temp = split(/[\t ]+/, $route); chomp($route);
push(@network, $temp[0]); my @temp = split(/[\t ]+/, $route);
push(@masklen, $temp[2]); push(@network, $temp[0]);
push(@colour, ${Header::colourblue} ); push(@masklen, $temp[2]);
} push(@colour, ${Header::colourblue} );
}
}
# Add Orange Network
if ($netsettings{'ORANGE_DEV'}) {
push(@network, $netsettings{'ORANGE_NETADDRESS'});
push(@masklen, $netsettings{'ORANGE_NETMASK'} );
push(@colour, ${Header::colourorange} );
# Add Orange Routes to Array
@routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`;
foreach my $route (@routes) {
chomp($route);
my @temp = split(/[\t ]+/, $route);
push(@network, $temp[0]);
push(@masklen, $temp[2]);
push(@colour, ${Header::colourorange} );
}
} }
# Add OpenVPN net and RED/BLUE/ORANGE entry (when appropriate) # Add OpenVPN net and RED/BLUE/ORANGE entry (when appropriate)
if (-e "${General::swroot}/ovpn/settings") { if (-e "${General::swroot}/ovpn/settings") {
my %ovpnsettings = (); my %ovpnsettings = ();
&General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings); &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings);
my @tempovpnsubnet = split("\/",$ovpnsettings{'DOVPN_SUBNET'}); my @tempovpnsubnet = split("\/",$ovpnsettings{'DOVPN_SUBNET'});
# add OpenVPN net # add OpenVPN net
push(@network, $tempovpnsubnet[0]); push(@network, $tempovpnsubnet[0]);
push(@masklen, $tempovpnsubnet[1]); push(@masklen, $tempovpnsubnet[1]);
push(@colour, ${Header::colourovpn} ); push(@colour, ${Header::colourovpn} );
# add BLUE:port / proto
if (($ovpnsettings{'ENABLED_BLUE'} eq 'on') && $netsettings{'BLUE_DEV'}) {
push(@network, $netsettings{'BLUE_ADDRESS'} );
push(@masklen, '255.255.255.255' );
push(@colour, ${Header::colourovpn});
}
if ( ($ovpnsettings{'ENABLED_BLUE'} eq 'on') && $netsettings{'BLUE_DEV'} ) { # add ORANGE:port / proto
# add BLUE:port / proto if (($ovpnsettings{'ENABLED_ORANGE'} eq 'on') && $netsettings{'ORANGE_DEV'}) {
push(@network, $netsettings{'BLUE_ADDRESS'} ); push(@network, $netsettings{'ORANGE_ADDRESS'} );
push(@masklen, '255.255.255.255' ); push(@masklen, '255.255.255.255' );
push(@colour, ${Header::colourovpn} ); push(@colour, ${Header::colourovpn} );
} }
if ( ($ovpnsettings{'ENABLED_ORANGE'} eq 'on') && $netsettings{'ORANGE_DEV'} ) {
# add ORANGE:port / proto
push(@network, $netsettings{'ORANGE_ADDRESS'} );
push(@masklen, '255.255.255.255' );
push(@colour, ${Header::colourovpn} );
}
} }
# Add STATIC RED aliases open(IPSEC, "/var/ipfire/vpn/config");
if ($netsettings{'RED_DEV'}) { my @ipsec = <IPSEC>;
# We have a RED eth iface close(IPSEC);
if ($netsettings{'RED_TYPE'} eq 'STATIC') {
# We have a STATIC RED eth iface foreach my $line (@ipsec) {
foreach my $line (@aliases) my @vpn = split(',', $line);
{ my ($network, $mask) = split("/", $vpn[12]);
chomp($line);
my @temp = split(/\,/,$line); if (!&General::validip($mask)) {
if ( $temp[0] ) { $mask = ipv4_cidr2msk($mask);
push(@network, $temp[0]); }
push(@masklen, $netsettings{'RED_NETMASK'} );
push(@colour, ${Header::colourfw} ); push(@network, $network);
} push(@masklen, $mask);
} push(@colour, ${Header::colourvpn});
}
} }
# Add VPNs # Show the page.
if ( $vpn[0] ne 'none' ) {
foreach my $line (@vpn) {
my @temp = split(/[\t ]+/,$line);
my @temp1 = split(/[\/:]+/,$temp[3]);
push(@network, $temp1[0]);
push(@masklen, ipv4_cidr2msk($temp1[1]));
push(@colour, ${Header::colourvpn} );
}
}
#Establish simple filtering&sorting boxes on top of table
our %cgiparams;
&Header::getcgihash(\%cgiparams);
my @list_proto = ($Lang::tr{'all'}, 'icmp', 'udp', 'tcp');
my @list_state = ($Lang::tr{'all'}, 'SYN_SENT', 'SYN_RECV', 'ESTABLISHED', 'FIN_WAIT',
'CLOSE_WAIT', 'LAST_ACK', 'TIME_WAIT', 'CLOSE', 'LISTEN');
my @list_mark = ($Lang::tr{'all'}, '[ASSURED]', '[UNREPLIED]');
my @list_sort = ('orgsip','protocol', 'expires', 'status', 'orgdip', 'orgsp',
'orgdp', 'exsip', 'exdip', 'exsp', 'exdp', 'marked');
# init or silently correct unknown value...
if ( ! grep ( /^$cgiparams{'SEE_PROTO'}$/ , @list_proto )) { $cgiparams{'SEE_PROTO'} = $list_proto[0] };
if ( ! grep ( /^$cgiparams{'SEE_STATE'}$/ , @list_state )) { $cgiparams{'SEE_STATE'} = $list_state[0] };
if ( ($cgiparams{'SEE_MARK'} ne $Lang::tr{'all'}) && # ok the grep should work but it doesn't because of
($cgiparams{'SEE_MARK'} ne '[ASSURED]') && # the '[' & ']' interpreted as list separator.
($cgiparams{'SEE_MARK'} ne '[UNREPLIED]') # So, explicitly enumerate items.
) { $cgiparams{'SEE_MARK'} = $list_mark[0] };
if ( ! grep ( /^$cgiparams{'SEE_SORT'}$/ , @list_sort )) { $cgiparams{'SEE_SORT'} = $list_sort[0] };
# *.*.*.* or a valid IP
if ( $cgiparams{'SEE_SRC'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_SRC'} = '*.*.*.*' };
if ( $cgiparams{'SEE_DEST'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_DEST'} = '*.*.*.*' };
our %entries = (); # will hold the lines analyzed correctly
my $unknownlines = ''; # should be empty all the time...
my $index = 0; # just a counter to make unique entryies in entries
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'connections'}, 1, ''); &Header::openpage($Lang::tr{'connections'}, 1, '');
&Header::openbigbox('100%', 'left'); &Header::openbigbox('100%', 'left');
&Header::openbox('100%', 'left', $Lang::tr{'connection tracking'}); &Header::openbox('100%', 'left', $Lang::tr{'connection tracking'});
# Build listbox objects # Print legend.
my $menu_proto = &make_select ('SEE_PROTO', $cgiparams{'SEE_PROTO'}, @list_proto); print <<END;
my $menu_state = &make_select ('SEE_STATE', $cgiparams{'SEE_STATE'}, @list_state); <table width='100%'>
<tr>
print <<END <td align='center'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'> <b>$Lang::tr{'legend'} : </b>
<table width='100%'> </td>
<tr><td align='center'><b>$Lang::tr{'legend'} : </b></td> <td align='center' bgcolor='${Header::colourgreen}'>
<td align='center' bgcolor='${Header::colourgreen}'><b><font color='#FFFFFF'>$Lang::tr{'lan'}</font></b></td> <b><font color='#FFFFFF'>$Lang::tr{'lan'}</font></b>
<td align='center' bgcolor='${Header::colourred}'><b><font color='#FFFFFF'>$Lang::tr{'internet'}</font></b></td> </td>
<td align='center' bgcolor='${Header::colourorange}'><b><font color='#FFFFFF'>$Lang::tr{'dmz'}</font></b></td> <td align='center' bgcolor='${Header::colourred}'>
<td align='center' bgcolor='${Header::colourblue}'><b><font color='#FFFFFF'>$Lang::tr{'wireless'}</font></b></td> <b><font color='#FFFFFF'>$Lang::tr{'internet'}</font></b>
<td align='center' bgcolor='${Header::colourfw}'><b><font color='#FFFFFF'>IPFire</font></b></td> </td>
<td align='center' bgcolor='${Header::colourvpn}'><b><font color='#FFFFFF'>$Lang::tr{'vpn'}</font></b></td> <td align='center' bgcolor='${Header::colourorange}'>
<td align='center' bgcolor='${Header::colourovpn}'><b><font color='#FFFFFF'>$Lang::tr{'OpenVPN'}</font></b></td> <b><font color='#FFFFFF'>$Lang::tr{'dmz'}</font></b>
</tr> </td>
</table> <td align='center' bgcolor='${Header::colourblue}'>
<br /> <b><font color='#FFFFFF'>$Lang::tr{'wireless'}</font></b>
<table width='100%'> </td>
<tr><td align='center'><font size=2>$Lang::tr{'source ip and port'}</font></td> <td align='center' bgcolor='${Header::colourfw}'>
<td>&nbsp;</td> <b><font color='#FFFFFF'>IPFire</font></b>
<td align='center'><font size=2>$Lang::tr{'dest ip and port'}</font></td> </td>
<td>&nbsp;</td> <td align='center' bgcolor='${Header::colourvpn}'>
<td align='center'><font size=2>$Lang::tr{'protocol'}</font></td> <b><font color='#FFFFFF'>$Lang::tr{'vpn'}</font></b>
<td align='center'><font size=2>$Lang::tr{'connection'}<br></br>$Lang::tr{'status'}</font></td> </td>
<td align='center'><font size=2>$Lang::tr{'expires'}<br></br>($Lang::tr{'seconds'})</font></td> <td align='center' bgcolor='${Header::colourovpn}'>
<b><font color='#FFFFFF'>$Lang::tr{'OpenVPN'}</font></b>
</tr> </td>
<tr><td colspan='4'>&nbsp;</td> </tr>
<td align='center'>$menu_proto</td> </table>
<td align='center'>$menu_state</td> <br>
<td>&nbsp;</td>
</tr>
<tr>
<td align='center' colspan='7'></td>
</tr>
<tr>
<td align='center' colspan='7'><input type='submit' value="$Lang::tr{'update'}" /></td>
</tr>
END END
;
my $i=0; # Print table header.
foreach my $line (@active) { print <<END;
$i++; <table width='100%'>
if ($i < 3) { <tr>
next; <th align='center'>
} $Lang::tr{'protocol'}
chomp($line); </th>
my @temp = split(' ',$line); <th align='center'>
$Lang::tr{'source ip and port'}
</th>
<th>&nbsp;</th>
<th align='center'>
$Lang::tr{'dest ip and port'}
</th>
<th>&nbsp;</th>
<th align='center'>
$Lang::tr{'download'} /
<br>$Lang::tr{'upload'}
</th>
<th align='center'>
$Lang::tr{'connection'}<br>$Lang::tr{'status'}
</th>
<th align='center'>
$Lang::tr{'expires'}<br>($Lang::tr{'seconds'})
</th>
</tr>
END
my ($sip, $sport) = split(':', $temp[0]); foreach my $line (@conntrack) {
my ($dip, $dport) = split(':', $temp[1]); my @conn = split(' ', $line);
my $proto = $temp[2];
my $state; my $ttl;
if ( $proto eq "esp" ){$state = "";$ttl = $temp[3];}
elsif ( $proto eq "icmp" ){$state = "";$ttl = $temp[4];}
else{$state = $temp[3];$ttl = $temp[4];}
next if( !(
(($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($proto eq $cgiparams{'SEE_PROTO'} ))
&& (($cgiparams{'SEE_STATE'} eq $Lang::tr{'all'}) || ($state eq $cgiparams{'SEE_STATE'} ))
&& (($cgiparams{'SEE_SRC'} eq "*.*.*.*") || ($sip eq $cgiparams{'SEE_SRC'} ))
&& (($cgiparams{'SEE_DEST'} eq "*.*.*.*") || ($dip eq $cgiparams{'SEE_DEST'} ))
));
if (($proto eq 'udp') && ($ttl eq '')) { # The first bit is the l3 protocol.
$ttl = $state; my $l3proto = $conn[0];
$state = '&nbsp;';
}
my $sipcol = ipcolour($sip); # Skip everything that is not IPv4.
my $dipcol = ipcolour($dip); if ($l3proto ne 'ipv4') {
next;
}
# L4 protocol (tcp, udp, ...).
my $l4proto = $conn[2];
if ($l4proto eq 'unknown') {
$l4proto = '';
}
# Source and destination.
my $sip;
my $dip;
my $sport;
my $dport;
my @packets;
my @bytes;
my $ttl = $conn[4];
my $state;
if ($l4proto eq 'tcp') {
$state = $conn[5];
}
# Kick out everything that is not IPv4.
foreach my $item (@conn) {
my ($key, $val) = split('=', $item);
switch ($key) {
case "src" {
$sip = $val;
}
case "dst" {
$dip = $val;
}
case "sport" {
$sport = $val;
}
case "dport" {
$dport = $val;
}
case "packets" {
push(@packets, $val);
}
case "bytes" {
push(@bytes, $val);
}
}
}
my $sip_colour = ipcolour($sip);
my $dip_colour = ipcolour($dip);
my $sserv = ''; my $sserv = '';
if ($sport < 1024) { if ($sport < 1024) {
$sserv = uc(getservbyport($sport, lc($proto))); $sserv = uc(getservbyport($sport, lc($l4proto)));
if ($sserv ne '') { if ($sserv ne '') {
$sserv = "&nbsp;($sserv)"; $sserv = "&nbsp;($sserv)";
} }
} }
my $dserv = ''; my $dserv = '';
if ($dport < 1024) { if ($dport < 1024) {
$dserv = uc(getservbyport($dport, lc($proto))); $dserv = uc(getservbyport($dport, lc($l4proto)));
if ($dserv ne '') { if ($dserv ne '') {
$dserv = "&nbsp;($dserv)"; $dserv = "&nbsp;($dserv)";
} }
} }
print <<END my $bytes_in = format_bytes($bytes[0]);
<tr > my $bytes_out = format_bytes($bytes[1]);
<td align='center' bgcolor='$sipcol'>
<a href='/cgi-bin/ipinfo.cgi?ip=$sip'> # Format TTL
<font color='#FFFFFF'>$sip</font> $ttl = format_time($ttl);
</a>
</td> print <<END;
<td align='center' bgcolor='$sipcol'> <tr>
<a href='http://isc.sans.org/port_details.php?port=$sport' target='top'> <td align='center'>$l4proto</td>
<font color='#FFFFFF'>$sport$sserv</font> <td align='center' bgcolor='$sip_colour'>
</a> <a href='/cgi-bin/ipinfo.cgi?ip=$sip'>
</td> <font color='#FFFFFF'>$sip</font>
<td align='center' bgcolor='$dipcol'> </a>
<a href='/cgi-bin/ipinfo.cgi?ip=$dip'> </td>
<font color='#FFFFFF'>$dip</font> <td align='center' bgcolor='$sip_colour'>
</a> <a href='http://isc.sans.org/port_details.php?port=$sport' target='top'>
</td> <font color='#FFFFFF'>$sport$sserv</font>
<td align='center' bgcolor='$dipcol'> </a>
<a href='http://isc.sans.org/port_details.php?port=$dport' target='top'> </td>
<font color='#FFFFFF'>$dport$dserv</font> <td align='center' bgcolor='$dip_colour'>
</a> <a href='/cgi-bin/ipinfo.cgi?ip=$dip'>
</td> <font color='#FFFFFF'>$dip</font>
<td align='center'>$proto</td> </a>
<td align='center'>$state</td> </td>
<td align='center'>$ttl</td> <td align='center' bgcolor='$dip_colour'>
</tr> <a href='http://isc.sans.org/port_details.php?port=$dport' target='top'>
<font color='#FFFFFF'>$dport$dserv</font>
</a>
</td>
<td align='center'>
$bytes_in / $bytes_out
</td>
<td align='center'>$state</td>
<td align='center'>$ttl</td>
</tr>
END END
;
} }
print "</table></form>"; # Close the main table.
print "</table>";
&Header::closebox(); &Header::closebox();
&Header::closebigbox(); &Header::closebigbox();
&Header::closepage(); &Header::closepage();
sub format_bytes($) {
my $bytes = shift;
my @units = ("B", "k", "M", "G", "T");
foreach my $unit (@units) {
if ($bytes < 1024) {
return sprintf("%d%s", $bytes, $unit);
}
$bytes /= 1024;
}
return sprintf("%d%s", $bytes, $units[$#units]);
}
sub format_time($) {
my $time = shift;
my $seconds = $time % 60;
my $minutes = $time / 60;
my $hours = 0;
if ($minutes >= 60) {
$hours = $minutes / 60;
$minutes %= 60;
}
return sprintf("%3d:%02d:%02d", $hours, $minutes, $seconds);
}
sub ipcolour($) { sub ipcolour($) {
my $id = 0; my $id = 0;
my $line; my $colour = ${Header::colourred};
my $colour = ${Header::colourred}; my ($ip) = $_[0];
my ($ip) = $_[0]; my $found = 0;
my $found = 0;
foreach $line (@network) {
if ($network[$id] eq '') {
$id++;
} else {
if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) {
$found = 1;
$colour = $colour[$id];
}
$id++;
}
}
return $colour
}
# Create a string containing a complete SELECT html object foreach my $line (@network) {
# param1: name if ($network[$id] eq '') {
# param2: current value selected $id++;
# param3: field list } else {
sub make_select ($,$,$) { if (!$found && ipv4_in_network($network[$id], $masklen[$id], $ip) ) {
my $select_name = shift; $found = 1;
my $selected = shift; $colour = $colour[$id];
my $select = "<select name='$select_name'>"; }
$id++;
}
}
foreach my $value (@_) { return $colour;
my $check = $selected eq $value ? "selected='selected'" : '';
$select .= "<option $check value='$value'>$value</option>";
}
$select .= "</select>";
return $select;
}
# Build a list of IP obtained from the %entries hash
# param1: IP field name
sub get_known_ips ($) {
my $field = shift;
my $qs = $cgiparams{'SEE_SORT'}; # switch the sort order
$cgiparams{'SEE_SORT'} = $field;
my @liste=('*.*.*.*');
foreach my $entry ( sort sort_entries keys %entries) {
push (@liste, $entries{$entry}->{$field}) if (! grep (/^$entries{$entry}->{$field}$/,@liste) );
}
$cgiparams{'SEE_SORT'} = $qs; #restore sort order
return @liste;
}
# Used to sort the table containing the lines displayed.
sub sort_entries { #Reverse is not implemented
my $qs=$cgiparams{'SEE_SORT'};
if ($qs =~ /orgsip|orgdip|exsip|exdip/) {
my @a = split(/\./,$entries{$a}->{$qs});
my @b = split(/\./,$entries{$b}->{$qs});
($a[0]<=>$b[0]) ||
($a[1]<=>$b[1]) ||
($a[2]<=>$b[2]) ||
($a[3]<=>$b[3]);
} elsif ($qs =~ /expire|orgsp|orgdp|exsp|exdp/) {
$entries{$a}->{$qs} <=> $entries{$b}->{$qs};
} else {
$entries{$a}->{$qs} cmp $entries{$b}->{$qs};
}
} }
1; 1;

6
src/misc-progs/Makefile
View File

@@ -32,7 +32,8 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
wirelessctrl getipstat getiptstate qosctrl launch-ether-wake \ wirelessctrl getipstat getiptstate qosctrl launch-ether-wake \
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \ redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
getconntracktable
SUID_UPDX = updxsetperms SUID_UPDX = updxsetperms
install : all install : all
@@ -160,3 +161,6 @@ fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o
rebuildroutes: rebuildroutes.c setuid.o ../install+setup/libsmooth/varval.o rebuildroutes: rebuildroutes.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ rebuildroutes.c setuid.o ../install+setup/libsmooth/varval.o -o $@ $(COMPILE) -I../install+setup/libsmooth/ rebuildroutes.c setuid.o ../install+setup/libsmooth/varval.o -o $@
getconntracktable: getconntracktable.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ getconntracktable.c setuid.o ../install+setup/libsmooth/varval.o -o $@

31
src/misc-progs/getconntracktable.c Normal file
View File

@@ -0,0 +1,31 @@
/* IPFire helper program - getconntracktable
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
* The kernel's connection tracking table is not readable by
* non-root users. So this helper will just read and output it.
*/
#include <stdio.h>
#include <stdlib.h>
#include "setuid.h"
int main(void) {
if (!(initsetuid()))
exit(1);
FILE *fp = fopen("/proc/net/nf_conntrack", "r");
if (fp == NULL) {
exit(1);
}
/* Read content line by line and write it to stdout. */
char linebuf[STRING_SIZE];
while (fgets(linebuf, STRING_SIZE, fp)) {
printf("%s", linebuf);
}
fclose(fp);
return 0;
}