X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=config%2Fcfgroot%2Fgeneral-functions.pl;h=9a5e6714d612e334c96309e9c2cfa2d994ea205b;hb=192d43080e3026701b8de77d8b4ae2bf507c993b;hp=602617361bbae69b69ae80e1b5e954640bc8dab9;hpb=e81be1e1edb0df7e11c305938838caa6c776ae8c;p=people%2Fteissler%2Fipfire-2.x.git diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 602617361..9a5e6714d 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -39,6 +39,96 @@ sub log $logmessage = $1; system('logger', '-t', $tag, $logmessage); } +sub setup_default_networks +{ + my %netsettings=(); + my $defaultNetworks = shift; + + &readhash("/var/ipfire/ethernet/settings", \%netsettings); + + # Get current defined networks (Red, Green, Blue, Orange) + $defaultNetworks->{$Lang::tr{'fwhost any'}}{'IPT'} = "0.0.0.0/0.0.0.0"; + $defaultNetworks->{$Lang::tr{'fwhost any'}}{'NAME'} = "ALL"; + + $defaultNetworks->{$Lang::tr{'green'}}{'IPT'} = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"; + $defaultNetworks->{$Lang::tr{'green'}}{'NET'} = "$netsettings{'GREEN_ADDRESS'}"; + $defaultNetworks->{$Lang::tr{'green'}}{'NAME'} = "GREEN"; + + if ($netsettings{'RED_DEV'} ne ''){ + $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'IPT'} = "$netsettings{'RED_NETADDRESS'}/$netsettings{'RED_NETMASK'}"; + $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'NET'} = "$netsettings{'RED_ADDRESS'}"; + $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'NAME'} = "RED"; + } + if ($netsettings{'ORANGE_DEV'} ne ''){ + $defaultNetworks->{$Lang::tr{'orange'}}{'IPT'} = "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"; + $defaultNetworks->{$Lang::tr{'orange'}}{'NET'} = "$netsettings{'ORANGE_ADDRESS'}"; + $defaultNetworks->{$Lang::tr{'orange'}}{'NAME'} = "ORANGE"; + } + + if ($netsettings{'BLUE_DEV'} ne ''){ + $defaultNetworks->{$Lang::tr{'blue'}}{'IPT'} = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; + $defaultNetworks->{$Lang::tr{'blue'}}{'NET'} = "$netsettings{'BLUE_ADDRESS'}"; + $defaultNetworks->{$Lang::tr{'blue'}}{'NAME'} = "BLUE"; + } + + #IPFire himself + $defaultNetworks->{'IPFire'}{'NAME'} = "IPFire"; + + # OpenVPN + if(-e "${General::swroot}/ovpn/settings") + { + my %ovpnSettings = (); + &readhash("${General::swroot}/ovpn/settings", \%ovpnSettings); + + # OpenVPN on Red? + if(defined($ovpnSettings{'DOVPN_SUBNET'})) + { + my ($ip,$sub) = split(/\//,$ovpnSettings{'DOVPN_SUBNET'}); + $sub=&General::iporsubtocidr($sub); + my @tempovpnsubnet = split("\/", $ovpnSettings{'DOVPN_SUBNET'}); + $defaultNetworks->{'OpenVPN ' ."($ip/$sub)"}{'ADR'} = $tempovpnsubnet[0]; + $defaultNetworks->{'OpenVPN ' ."($ip/$sub)"}{'NAME'} = "OpenVPN-Dyn"; + } + } # end OpenVPN + # IPsec RW NET + if(-e "${General::swroot}/vpn/settings") + { + my %ipsecsettings = (); + &readhash("${General::swroot}/vpn/settings", \%ipsecsettings); + if($ipsecsettings{'RW_NET'} ne '') + { + my ($ip,$sub) = split(/\//,$ipsecsettings{'RW_NET'}); + $sub=&General::iporsubtocidr($sub); + my @tempipsecsubnet = split("\/", $ipsecsettings{'RW_NET'}); + $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'ADR'} = $tempipsecsubnet[0]; + $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NAME'} = "IPsec RW"; + $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NET'} = &getnextip($ip); + } + } +} +sub get_aliases +{ + + my $defaultNetworks = shift; + open(FILE, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.'; + my @current = ; + close(FILE); + my $ctr = 0; + foreach my $line (@current) + { + if ($line ne ''){ + chomp($line); + my @temp = split(/\,/,$line); + if ($temp[2] eq '') { + $temp[2] = "Alias $ctr : $temp[0]"; + } + $defaultNetworks->{$temp[2]}{'IPT'} = "$temp[0]"; + $defaultNetworks->{$temp[2]}{'NET'} = "$temp[0]"; + + $ctr++; + } + } +} sub readhash { @@ -139,21 +229,36 @@ sub writehashpart close FILE; } -sub age -{ +sub age { my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, - $atime, $mtime, $ctime, $blksize, $blocks) = stat $_[0]; - my $now = time; - - my $totalsecs = $now - $mtime; - my $days = int($totalsecs / 86400); - my $totalhours = int($totalsecs / 3600); - my $hours = $totalhours % 24; - my $totalmins = int($totalsecs / 60); - my $mins = $totalmins % 60; + $atime, $mtime, $ctime, $blksize, $blocks) = stat $_[0]; + my $totalsecs = time() - $mtime; + my @s = (); + my $secs = $totalsecs % 60; + $totalsecs /= 60; + if ($secs > 0) { + push(@s, "${secs}s"); + } + + my $min = $totalsecs % 60; + $totalsecs /= 60; + if ($min > 0) { + push(@s, "${min}m"); + } - return "${days}d ${hours}h ${mins}m ${secs}s"; + my $hrs = $totalsecs % 24; + $totalsecs /= 24; + if ($hrs > 0) { + push(@s, "${hrs}h"); + } + + my $days = int($totalsecs); + if ($days > 0) { + push(@s, "${days}d"); + } + + return join(" ", reverse(@s)); } sub validip @@ -383,13 +488,13 @@ sub validipandmask if ($ccdip=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1>0 && $1<=255 && $2>=0 && $2<=255 && $3>=0 && $3<=255 && $4<=255 ))) { #Subnet in decimal and valid? if ($ccdsubnet=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { - for (my $i=8;$i<=30;$i++){ + for (my $i=8;$i<=32;$i++){ if (&General::cidrtosub($i) eq $ccdsubnet){ return 1; } } #Subnet already in binary format? - }elsif ($ccdsubnet=~/^(\d{1,2})$/ && (($1<=30 && $1>=8))){ + }elsif ($ccdsubnet=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ return 1; }else{ return 0; @@ -399,6 +504,66 @@ sub validipandmask return 0; } +sub checksubnets +{ + my %ccdconfhash=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $errormessage; + my ($ip,$cidr)=split(/\//,$ccdnet); + $cidr=&iporsubtocidr($cidr); + #get OVPN-Subnet (dynamic range) + my %ovpnconf=(); + &readhash("${General::swroot}/ovpn/settings", \%ovpnconf); + my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'}); + $ovpncidr=&iporsubtocidr($ovpncidr); + #check if we try to use same network as ovpn server + if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") { + $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."
"; + return $errormessage; + } + #check if we use a network-name/subnet that already exists + &readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + @ccdconf=split(/\//,$ccdconfhash{$key}[1]); + if ($ccdname eq $ccdconfhash{$key}[0]) + { + $errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."
"; + return $errormessage; + } + my ($newip,$newsub) = split(/\//,$ccdnet); + if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1]))) + { + $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."
"; + return $errormessage; + } + } + #check if we use a ipsec right network which is already defined + my %ipsecconf=(); + &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf); + foreach my $key (keys %ipsecconf){ + if ($ipsecconf{$key}[11] ne ''){ + my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]); + $ipsecsub=&iporsubtodec($ipsecsub); + if($ipsecconf{$key}[1] ne $ccdname){ + if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){ + $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[1]"; + return $errormessage; + } + } + } + } + #check if we use one of ipfire's networks (green,orange,blue) + my %ownnet=(); + &readhash("${General::swroot}/ethernet/settings", \%ownnet); + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} +} + + sub validport { $_ = $_[0]; @@ -750,13 +915,14 @@ sub FetchPublicIp { my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} ); } - my ($out, $response) = Net::SSLeay::get_http( 'checkip.dyndns.org', + my $user_agent = &MakeUserAgent(); + my ($out, $response) = Net::SSLeay::get_http( 'checkip4.dns.lightningwirelabs.com', 80, "/", - Net::SSLeay::make_headers('User-Agent' => 'IPFire' ) + Net::SSLeay::make_headers('User-Agent' => $user_agent ) ); if ($response =~ m%HTTP/1\.. 200 OK%) { - $out =~ /Current IP Address: (\d+.\d+.\d+.\d+)/; + $out =~ /Your IP address is: (\d+.\d+.\d+.\d+)/; return $1; } return ''; @@ -812,9 +978,11 @@ sub GetDyndnsRedIP { close(IP); chomp $ip; + # 100.64.0.0/10 is reserved for dual-stack lite (http://tools.ietf.org/html/rfc6598). if (&General::IpInSubnet ($ip,'10.0.0.0','255.0.0.0') || &General::IpInSubnet ($ip,'172.16.0.0.','255.240.0.0') || - &General::IpInSubnet ($ip,'192.168.0.0','255.255.0.0')) + &General::IpInSubnet ($ip,'192.168.0.0','255.255.0.0') || + &General::IpInSubnet ($ip,'100.64.0.0', '255.192.0.0')) { if ($settings{'BEHINDROUTER'} eq 'FETCH_IP') { my $RealIP = &General::FetchPublicIp; @@ -873,4 +1041,93 @@ sub GetIcmpDescription ($) { 'Experimental'); if ($index>41) {return 'unknown'} else {return @icmp_description[$index]}; } + +sub GetCoreUpdateVersion() { + my $core_update; + + open(FILE, "/opt/pakfire/db/core/mine"); + while () { + $core_update = $_; + last; + } + close(FILE); + + return $core_update; +} + +sub MakeUserAgent() { + my $user_agent = "IPFire/$General::version"; + + my $core_update = &GetCoreUpdateVersion(); + if ($core_update ne "") { + $user_agent .= "/$core_update"; + } + + return $user_agent; +} + +sub RedIsWireless() { + # This function checks if a network device is a wireless device. + + my %settings = (); + &readhash("${General::swroot}/ethernet/settings", \%settings); + + # Find the name of the network device. + my $device = $settings{'RED_DEV'}; + + # Exit, if no device is configured. + return 0 if ($device eq ""); + + # Return 1 if the device is a wireless one. + my $path = "/sys/class/net/$device/wireless"; + if (-d $path) { + return 1; + } + + # Otherwise return zero. + return 0; +} + +# Function to read a file with UTF-8 charset. +sub read_file_utf8 ($) { + my ($file) = @_; + + open my $in, '<:encoding(UTF-8)', $file or die "Could not open '$file' for reading $!"; + local $/ = undef; + my $all = <$in>; + close $in; + + return $all; +} + +# Function to write a file with UTF-8 charset. +sub write_file_utf8 ($) { + my ($file, $content) = @_; + + open my $out, '>:encoding(UTF-8)', $file or die "Could not open '$file' for writing $!";; + print $out $content; + close $out; + + return; +} + +my $FIREWALL_RELOAD_INDICATOR = "${General::swroot}/firewall/reread"; + +sub firewall_config_changed() { + open FILE, ">$FIREWALL_RELOAD_INDICATOR" or die "Could not open $FIREWALL_RELOAD_INDICATOR"; + close FILE; +} + +sub firewall_needs_reload() { + if (-e "$FIREWALL_RELOAD_INDICATOR") { + return 1; + } + + return 0; +} + +sub firewall_reload() { + system("/usr/local/bin/firewallctrl"); +} + 1;