X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fconnections.cgi;h=14ee20910509b0e9633e6b5d586039d7cda7d12e;hb=0cb985d8fc753e7875695f8ac66f9c9db1462636;hp=27d0998ca46b915cd4186cce0476883d82b3a7b1;hpb=f2fdd0c1e9a3ccf539cd477a6111281eadc200a7;p=people%2Fteissler%2Fipfire-2.x.git diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index 27d0998ca..14ee20910 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -1,15 +1,23 @@ #!/usr/bin/perl -# -# (c) 2001 Jack Beglinger -# -# (c) 2003 Dave Roberts - colour coded netfilter/iptables rewrite for 1.3 -# -# (c) 2006 Franck - add sorting+filtering capability -# -# (c) 2006 Peter Schälchli -inetwork (bug) -# - -# Setup GREEN, ORANGE, IPFIRE, VPN CIDR networks, masklengths and colours only once +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2011 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### my @network=(); my @masklen=(); @@ -21,7 +29,7 @@ use strict; # enable only the following on debugging purpose #use warnings; -use CGI::Carp 'fatalsToBrowser'; +#use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; @@ -36,13 +44,28 @@ undef (@dummy); my %netsettings=(); &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -open (ACTIVE, 'iptstate -1rbt |') or die 'Unable to open ip_conntrack'; +open (ACTIVE, '/usr/local/bin/getiptstate |') or die 'Unable to open ip_conntrack'; my @active = ; close (ACTIVE); -my @vpn = ('none'); -#open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = ; -#close (ACTIVE); +if (open(IP, "${General::swroot}/red/local-ipaddress")) { + my $redip = ; + close(IP); + chomp $redip; + push(@network, $redip); + push(@masklen, '255.255.255.255' ); + push(@colour, ${Header::colourfw} ); +} + +my @vpn = `/usr/local/bin/ipsecctrl I 2>/dev/null|grep erouted|cut -d"]" -f3|cut -d"=" -f4|cut -d";" -f1| sed "s|/| |g"`; + foreach my $route (@vpn) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + if ( $temp[0] eq '$redip' ){next;} + push(@network, $temp[0]); + push(@masklen, $temp[1]); + push(@colour, ${Header::colourvpn} ); + } my $aliasfile = "${General::swroot}/ethernet/aliases"; open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; @@ -122,15 +145,7 @@ if (-e "${General::swroot}/ovpn/settings") { push(@masklen, $tempovpnsubnet[1]); push(@colour, ${Header::colourovpn} ); - if ( ($ovpnsettings{'ENABLED'} eq 'on') && open(IP, "${General::swroot}/red/local-ipaddress") ) { - # add RED:port / proto - my $redip = ; - close(IP); - chomp $redip; - push(@network, $redip ); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourovpn} ); - } + if ( ($ovpnsettings{'ENABLED_BLUE'} eq 'on') && $netsettings{'BLUE_DEV'} ) { # add BLUE:port / proto push(@network, $netsettings{'BLUE_ADDRESS'} ); @@ -173,15 +188,6 @@ if ( $vpn[0] ne 'none' ) { push(@colour, ${Header::colourvpn} ); } } -if (open(IP, "${General::swroot}/red/local-ipaddress")) { - my $redip = ; - close(IP); - chomp $redip; - push(@network, $redip); - push(@masklen, '255.255.255.255' ); - push(@colour, ${Header::colourfw} ); -} - #Establish simple filtering&sorting boxes on top of table @@ -272,8 +278,10 @@ foreach my $line (@active) { my ($sip, $sport) = split(':', $temp[0]); my ($dip, $dport) = split(':', $temp[1]); my $proto = $temp[2]; - my $state = $temp[3]; - my $ttl = $temp[4]; + my $state; my $ttl; + if ( $proto eq "esp" ){$state = "";$ttl = $temp[3];} + elsif ( $proto eq "icmp" ){$state = "";$ttl = $temp[4];} + else{$state = $temp[3];$ttl = $temp[4];} next if( !( (($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($proto eq $cgiparams{'SEE_PROTO'} ))