From: Arne Fitzenreiter Date: Thu, 6 Dec 2012 18:29:29 +0000 (+0100) Subject: Merge remote-tracking branch 'origin/next' into thirteen X-Git-Tag: v2.13-beta1~13 X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=d7a3254acedb43995d6a6e769562576cc7ff8639;hp=2e732994a12431c6f7aa14876f358da90cfc9f32 Merge remote-tracking branch 'origin/next' into thirteen Conflicts: config/rootfiles/common/stage2 make.sh --- diff --git a/config/backup/include b/config/backup/include index 8806640cff..a1d1fbc4a0 100644 --- a/config/backup/include +++ b/config/backup/include @@ -16,6 +16,7 @@ /var/ipfire/dhcp/* /var/ipfire/main/* /var/ipfire/outgoing/groups +/var/ipfire/outgoing/macgroups /var/ipfire/outgoing/rules /var/ipfire/outgoing/p2protocols /var/ipfire/ovpn @@ -28,6 +29,8 @@ /var/ipfire/vpn /var/log/ip-acct/* /var/log/rrd/* +/var/log/rrd/collectd +/var/log/rrd/vnstat /etc/sysconfig/firewall.local /etc/sysconfig/rc.local /root/.gitconfig diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 567f2e104e..c14f9903fc 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -18,8 +18,7 @@ use strict; use Socket; use IO::Socket; use Net::SSLeay; -use Net::IPv4Addr; - +use Net::IPv4Addr qw(:all); $|=1; # line buffering $General::version = 'VERSION'; @@ -212,21 +211,273 @@ sub validipormask return &validmask($mask); } +sub subtocidr +{ + #gets: Subnet in decimal (255.255.255.0) + #Gives: 24 (The cidr of network) + my ($byte1, $byte2, $byte3, $byte4) = split(/\./, $_[0].".0.0.0.0"); + my $num = ($byte1 * 16777216) + ($byte2 * 65536) + ($byte3 * 256) + $byte4; + my $bin = unpack("B*", pack("N", $num)); + my $count = ($bin =~ tr/1/1/); + return $count; +} + +sub cidrtosub +{ + #gets: Cidr of network (20-30 for ccd) + #Konverts 30 to 255.255.255.252 e.g + my $cidr=$_[0]; + my $netmask = &Net::IPv4Addr::ipv4_cidr2msk($cidr); + return "$netmask"; +} + +sub iporsubtodec +{ + #Gets: Ip address or subnetmask in decimal oder CIDR + #Gives: What it gets only in CIDR format + my $subnet=$_[0]; + my $net; + my $mask; + my $full=0; + if ($subnet =~ /^(.*?)\/(.*?)$/) { + ($net,$mask) = split (/\//,$subnet); + $full=1; + return "$subnet"; + }else{ + $mask=$subnet; + } + #Subnet already in decimal and valid? + if ($mask=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=32;$i++){ + if (&General::cidrtosub($i) eq $mask){ + if ($full == 0){return $mask;}else{ + return $net."/".$mask; + } + } + } + } + #Subnet in binary format? + if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ + if($full == 0){ return &General::cidrtosub($mask);}else{ + return $net."/".&General::cidrtosub($mask); + } + }else{ + return 3; + } + return 3; +} + + +sub iporsubtocidr +{ + #gets: Ip Address or subnetmask in decimal oder CIDR + #Gives: What it gets only in CIDR format + my $subnet=$_[0]; + my $net; + my $mask; + my $full=0; + if ($subnet =~ /^(.*?)\/(.*?)$/) { + ($net,$mask) = split (/\//,$subnet); + $full=1; + }else{ + $mask=$subnet; + } + #Subnet in decimal and valid? + if ($mask=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=32;$i++){ + if (&General::cidrtosub($i) eq $mask){ + if ($full == 0){return &General::subtocidr($mask);}else{ + return $net."/".&General::subtocidr($mask); + } + } + } + } + #Subnet already in binary format? + if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ + if($full == 0){ return $mask;}else{ + return $net."/".$mask; + } + }else{ + return 3; + } + return 3; +} + +sub getnetworkip +{ + #Gets: IP, CIDR (10.10.10.0-255, 24) + #Gives: 10.10.10.0 + my ($ccdip,$ccdsubnet) = @_; + my $ip_address_binary = inet_aton( $ccdip ); + my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1); + my $network_address = inet_ntoa( $ip_address_binary & $netmask_binary ); + return $network_address; +} + +sub getccdbc +{ + #Gets: IP in Form ("192.168.0.0/24") + #Gives: Broadcastaddress of network + my $ccdnet=$_; + my ($ccdip,$ccdsubnet) = split "/",$ccdnet; + my $ip_address_binary = inet_aton( $ccdip ); + my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1); + my $broadcast_address = inet_ntoa( $ip_address_binary | ~$netmask_binary ); + return $broadcast_address; +} + +sub ip2dec +{ + my $ip_num; + my $ip=$_[0]; + if ( $ip =~ /(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/ ) { + $ip_num = (($1*256**3) + ($2*256**2) + ($3*256) + $4); + } else { + $ip_num = -1; + } + $ip_num = (($1*256**3) + ($2*256**2) + ($3*256) + $4); + return($ip_num); +} + +sub dec2ip +{ + my $ip; + my $ip_num=$_[0]; + my $o1=$ip_num%256; + $ip_num=int($ip_num/256); + my $o2=$ip_num%256; + $ip_num=int($ip_num/256); + my $o3=$ip_num%256; + $ip_num=int($ip_num/256); + my $o4=$ip_num%256; + $ip="$o4.$o3.$o2.$o1"; + return ($ip); +} + +sub getnextip +{ + my $decip=&ip2dec($_[0]); + $decip=$decip+4; + return &dec2ip($decip); +} + +sub getlastip +{ + my $decip=&ip2dec($_[0]); + $decip--; + return &dec2ip($decip); +} + sub validipandmask { - my $ipandmask = $_[0]; + #Gets: Ip address in 192.168.0.0/24 or 192.168.0.0/255.255.255.0 and checks if subnet valid + #Gives: True bzw 0 if success or false + my $ccdnet=$_[0]; + my $subcidr; + + if (!($ccdnet =~ /^(.*?)\/(.*?)$/)) { + return 0; + } + my ($ccdip,$ccdsubnet)=split (/\//, $ccdnet); + #IP valid? + if ($ccdip=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1>0 && $1<=255 && $2>=0 && $2<=255 && $3>=0 && $3<=255 && $4<=255 ))) { + #Subnet in decimal and valid? + if ($ccdsubnet=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=32;$i++){ + if (&General::cidrtosub($i) eq $ccdsubnet){ + return 1; + } + } + #Subnet already in binary format? + }elsif ($ccdsubnet=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ + return 1; + }else{ + return 0; + } + + } + return 0; +} + +sub checksubnets +{ + + my %ccdconfhash=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $errormessage; + my ($ip,$cidr)=split(/\//,$ccdnet); + $cidr=&iporsubtocidr($cidr); + + + #get OVPN-Subnet (dynamic range) + my %ovpnconf=(); + &readhash("${General::swroot}/ovpn/settings", \%ovpnconf); + my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'}); + $ovpncidr=&iporsubtocidr($ovpncidr); + + #check if we try to use same network as ovpn server + if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") { + $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."
"; + return $errormessage; + } + + #check if we use a network-name/subnet that already exists + &readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + @ccdconf=split(/\//,$ccdconfhash{$key}[1]); + if ($ccdname eq $ccdconfhash{$key}[0]) + { + $errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."
"; + return $errormessage; + } + my ($newip,$newsub) = split(/\//,$ccdnet); + if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1]))) + { + $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."
"; + return $errormessage; + } + + } + #check if we use a name which is already used by ovpn + + + + + + #check if we use a ipsec right network which is already defined + my %ipsecconf=(); + &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf); + foreach my $key (keys %ipsecconf){ + if ($ipsecconf{$key}[11] ne ''){ + #$errormessage="DRIN!"; + #return $errormessage; + + my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]); + $ipsecsub=&iporsubtodec($ipsecsub); + + if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){ + $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[2]"; + return $errormessage; + } + } + } + + + #check if we use one of ipfire's networks (green,orange,blue) + my %ownnet=(); + &readhash("${General::swroot}/ethernet/settings", \%ownnet); + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} + + - # split it into number and mask. - if (!($ipandmask =~ /^(.*?)\/(.*?)$/)) { - return 0; } - my $ip = $1; - my $mask = $2; - # first part not a ip? - if (!(&validip($ip))) { - return 0; } - return &validmask($mask); } + sub validport { $_ = $_[0]; @@ -276,7 +527,7 @@ sub validhostname if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($hostname !~ /^[a-zA-Z0-9-]*$/) { + if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { return 0;} # First character can only be a letter or a digit if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { @@ -407,7 +658,12 @@ sub NextIP ) ); } - +sub NextIP2 +{ + return &Socket::inet_ntoa( pack("N", 4 + unpack('N', &Socket::inet_aton(shift)) + ) + ); +} sub ipcidr { my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift); @@ -465,13 +721,13 @@ sub writehasharray { open(FILE, ">$filename") or die "Unable to write to file $filename"; foreach $key (keys %$hash) { - if ($key =~ /^[0-9]+$/) { - print FILE "$key"; - foreach $i (0 .. $#{$hash->{$key}}) { - print FILE ",$hash->{$key}[$i]"; - } - print FILE "\n"; - } + if ($key =~ /^[0-9]+$/) { + print FILE "$key"; + foreach $i (0 .. $#{$hash->{$key}}) { + print FILE ",$hash->{$key}[$i]"; + } + print FILE "\n"; + } } close FILE; return; diff --git a/config/cron/crontab b/config/cron/crontab index 5cca1facc4..ad90b07ca9 100644 --- a/config/cron/crontab +++ b/config/cron/crontab @@ -11,7 +11,7 @@ HOME=/ */5 * * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.cyclic 01 * * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.hourly &nice(10),bootrun 25 1 * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.daily -&nice(10),bootrun 47 2 * * 0 test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly +&nice(10),bootrun 47 2 * * 1 test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly &nice(10),bootrun 52 3 1 * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.monthly # Log rotation diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index 7b10832549..cc3cb1d907 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -85,4 +85,14 @@ Order deny,allow Allow from all + + Alias /proxy-reports/ /var/log/sarg/ + + AllowOverride None + Options None + AuthName "IPFire - Restricted" + AuthType Basic + AuthUserFile /var/ipfire/auth/users + Require user admin + diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 7fa4a436b1..7cd1934bee 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -84,6 +84,9 @@ usr/local/bin/scanhd usr/local/bin/setddns.pl usr/local/bin/settime usr/local/bin/timecheck +#usr/local/bin/uname +usr/local/bin/update-lang-cache +usr/local/bin/vpn-watch #usr/local/include #usr/local/lib #usr/local/sbin @@ -105,6 +108,7 @@ usr/local/bin/timecheck #usr/local/share/zoneinfo #usr/local/src #usr/sbin +usr/sbin/ovpn-ccd-convert #usr/share #usr/share/doc #usr/share/doc/licenses diff --git a/config/rootfiles/core/65/exclude b/config/rootfiles/core/65/exclude new file mode 100644 index 0000000000..b6a8d1dfa9 --- /dev/null +++ b/config/rootfiles/core/65/exclude @@ -0,0 +1,13 @@ +srv/web/ipfire/html/proxy.pac +etc/udev/rules.d/30-persistent-network.rules +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +var/updatecache +etc/localtime +var/ipfire/ovpn +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +var/state/dhcp/dhcpd.leases diff --git a/config/rootfiles/core/65/filelists/GeoIP b/config/rootfiles/core/65/filelists/GeoIP new file mode 100644 index 0000000000..0258236c03 --- /dev/null +++ b/config/rootfiles/core/65/filelists/GeoIP @@ -0,0 +1 @@ +usr/local/share/GeoIP/GeoIP.dat diff --git a/config/rootfiles/core/65/filelists/daq b/config/rootfiles/core/65/filelists/daq new file mode 120000 index 0000000000..d0e0956f28 --- /dev/null +++ b/config/rootfiles/core/65/filelists/daq @@ -0,0 +1 @@ +../../../common/daq \ No newline at end of file diff --git a/config/rootfiles/core/65/filelists/files b/config/rootfiles/core/65/filelists/files new file mode 100644 index 0000000000..67bd0b38e6 --- /dev/null +++ b/config/rootfiles/core/65/filelists/files @@ -0,0 +1,10 @@ +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/logs.cgi/calamaris.dat +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +usr/sbin/ovpn-ccd-convert +var/ipfire/general-functions.pl +var/ipfire/langs +var/ipfire/backup/include diff --git a/config/rootfiles/core/65/meta b/config/rootfiles/core/65/meta new file mode 100644 index 0000000000..d547fa86fa --- /dev/null +++ b/config/rootfiles/core/65/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/65/update.sh b/config/rootfiles/core/65/update.sh new file mode 100644 index 0000000000..88f5b3633d --- /dev/null +++ b/config/rootfiles/core/65/update.sh @@ -0,0 +1,91 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2012 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# +# Remove old core updates from pakfire cache to save space... +core=65 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# +#Stop services + +# +#Extract files +extract_files + +# +#Start services + +# +#Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +# Convert OpenVPN RW connections. +/usr/sbin/ovpn-ccd-convert + +# Update crontab. +sed -i /var/spool/cron/root.orig \ + -e 's@^.*fcron.weekly.*$@\&nice(10),bootrun 47 2 \* \* 1\ttest -x /usr/local/bin/run-parts \&\& /usr/local/bin/run-parts /etc/fcron.weekly@' +fcrontab -z &>/dev/null + +# Reload apache configuration. +/etc/init.d/apache reload &>/dev/null + +#Rebuild module dep's +#arch=`uname -m` +#if [ ${arch::3} == "arm" ]; then +# depmod -a 2.6.32.45-ipfire-versatile >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-kirkwood >/dev/null 2>&1 +#else +# depmod -a 2.6.32.45-ipfire >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-pae >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-xen >/dev/null 2>&1 +#fi + + +#Rebuild initrd's because some compat-wireless modules are inside +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45.img 2.6.32.45-ipfire +#if [ -e /boot/ipfirerd-2.6.32.45-pae.img ]; then +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-pae.img 2.6.32.45-ipfire-pae +#fi +#if [ -e /boot/ipfirerd-2.6.32.45-xen.img ]; then +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-xen.img 2.6.32.45-ipfire-xen +#fi + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# +#Finish +/etc/init.d/fireinfo start +sendprofile +#Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/packages/libstatgrab b/config/rootfiles/packages/libstatgrab new file mode 100644 index 0000000000..2c61411632 --- /dev/null +++ b/config/rootfiles/packages/libstatgrab @@ -0,0 +1,35 @@ +usr/bin/saidar +usr/bin/statgrab +#usr/bin/statgrab-make-mrtg-config +#usr/bin/statgrab-make-mrtg-index +#usr/include/statgrab.h +#usr/include/statgrab_deprecated.h +#usr/lib/libstatgrab.a +#usr/lib/libstatgrab.la +#usr/lib/libstatgrab.so +usr/lib/libstatgrab.so.6 +usr/lib/libstatgrab.so.6.2.3 +#usr/lib/pkgconfig/libstatgrab.pc +#usr/share/man/man1/saidar.1 +#usr/share/man/man1/statgrab-make-mrtg-config.1 +#usr/share/man/man1/statgrab-make-mrtg-index.1 +#usr/share/man/man1/statgrab.1 +#usr/share/man/man3/sg_get_cpu_percents.3 +#usr/share/man/man3/sg_get_cpu_stats.3 +#usr/share/man/man3/sg_get_cpu_stats_diff.3 +#usr/share/man/man3/sg_get_disk_io_stats.3 +#usr/share/man/man3/sg_get_disk_io_stats_diff.3 +#usr/share/man/man3/sg_get_fs_stats.3 +#usr/share/man/man3/sg_get_host_info.3 +#usr/share/man/man3/sg_get_load_stats.3 +#usr/share/man/man3/sg_get_mem_stats.3 +#usr/share/man/man3/sg_get_network_iface_stats.3 +#usr/share/man/man3/sg_get_network_io_stats.3 +#usr/share/man/man3/sg_get_network_io_stats_diff.3 +#usr/share/man/man3/sg_get_page_stats.3 +#usr/share/man/man3/sg_get_page_stats_diff.3 +#usr/share/man/man3/sg_get_process_count.3 +#usr/share/man/man3/sg_get_process_stats.3 +#usr/share/man/man3/sg_get_swap_stats.3 +#usr/share/man/man3/sg_get_user_stats.3 +#usr/share/man/man3/statgrab.3 diff --git a/config/rootfiles/packages/sarg b/config/rootfiles/packages/sarg new file mode 100644 index 0000000000..9a0672c788 --- /dev/null +++ b/config/rootfiles/packages/sarg @@ -0,0 +1,48 @@ +etc/fcron.daily/sarg-reports +etc/fcron.hourly/sarg-reports +etc/fcron.monthly/sarg-reports +etc/fcron.weekly/sarg-reports +etc/sarg +etc/sarg/css.tpl +etc/sarg/exclude_codes +etc/sarg/sarg.conf +#etc/sarg/sarg.conf.default +etc/sarg/user_limit_block +usr/bin/sarg +usr/sbin/update-sarg-reports +usr/share/locale/bg/LC_MESSAGES/sarg.mo +usr/share/locale/ca/LC_MESSAGES/sarg.mo +usr/share/locale/cs/LC_MESSAGES/sarg.mo +usr/share/locale/da/LC_MESSAGES/sarg.mo +usr/share/locale/de/LC_MESSAGES/sarg.mo +usr/share/locale/el/LC_MESSAGES/sarg.mo +usr/share/locale/es/LC_MESSAGES/sarg.mo +usr/share/locale/fr/LC_MESSAGES/sarg.mo +usr/share/locale/hu/LC_MESSAGES/sarg.mo +usr/share/locale/id/LC_MESSAGES/sarg.mo +usr/share/locale/it/LC_MESSAGES/sarg.mo +usr/share/locale/ja/LC_MESSAGES/sarg.mo +usr/share/locale/lv/LC_MESSAGES/sarg.mo +usr/share/locale/nl/LC_MESSAGES/sarg.mo +usr/share/locale/pl/LC_MESSAGES/sarg.mo +usr/share/locale/pt/LC_MESSAGES/sarg.mo +usr/share/locale/pt_BR/LC_MESSAGES/sarg.mo +usr/share/locale/ro/LC_MESSAGES/sarg.mo +usr/share/locale/ru/LC_MESSAGES/sarg.mo +usr/share/locale/sk/LC_MESSAGES/sarg.mo +usr/share/locale/sr/LC_MESSAGES/sarg.mo +usr/share/locale/tr/LC_MESSAGES/sarg.mo +usr/share/locale/uk/LC_MESSAGES/sarg.mo +usr/share/locale/zh_CN/LC_MESSAGES/sarg.mo +#usr/share/man/man1/sarg.1 +usr/share/sarg +usr/share/sarg/fonts +usr/share/sarg/fonts/DejaVuSans.ttf +usr/share/sarg/fonts/FreeSans.ttf +usr/share/sarg/fonts/README +usr/share/sarg/fonts/license +usr/share/sarg/images +usr/share/sarg/images/datetime.png +usr/share/sarg/images/graph.png +usr/share/sarg/images/sarg-squidguard-block.png +usr/share/sarg/images/sarg.png diff --git a/config/rootfiles/packages/stress b/config/rootfiles/packages/stress new file mode 100644 index 0000000000..2b0a0003a6 --- /dev/null +++ b/config/rootfiles/packages/stress @@ -0,0 +1,3 @@ +usr/bin/stress +#usr/share/info/stress.info +#usr/share/man/man1/stress.1 \ No newline at end of file diff --git a/config/sarg/cron.daily b/config/sarg/cron.daily new file mode 100644 index 0000000000..8ae1b1b19a --- /dev/null +++ b/config/sarg/cron.daily @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports daily >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/cron.hourly b/config/sarg/cron.hourly new file mode 100644 index 0000000000..1e7b5ff309 --- /dev/null +++ b/config/sarg/cron.hourly @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports today >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/cron.monthly b/config/sarg/cron.monthly new file mode 100644 index 0000000000..07b9efc4e4 --- /dev/null +++ b/config/sarg/cron.monthly @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports monthly >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/cron.weekly b/config/sarg/cron.weekly new file mode 100644 index 0000000000..1f8287c855 --- /dev/null +++ b/config/sarg/cron.weekly @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports weekly >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/sarg.conf b/config/sarg/sarg.conf new file mode 100644 index 0000000000..6331aaf531 --- /dev/null +++ b/config/sarg/sarg.conf @@ -0,0 +1,696 @@ +# sarg.conf +# +# TAG: access_log file +# Where is the access.log file +# sarg -l file +# +access_log /var/log/squid/access.log + +# TAG: graphs yes|no +# Use graphics where is possible. +# graph_days_bytes_bar_color blue|green|yellow|orange|brown|red +# +graphs yes +graph_days_bytes_bar_color orange + +# TAG: graph_font +# The full path to the TTF font file to use to create the graphs. It is required +# if graphs is set to yes. +# +graph_font /usr/share/sarg/fonts/DejaVuSans.ttf + +# TAG: title +# Especify the title for html page. +# +title "Squid User Access Reports" + +# TAG: font_face +# Especify the font for html page. +# +font_face Tahoma,Verdana,Arial + +# TAG: header_color +# Especify the header color +# +header_color darkblue + +# TAG: header_bgcolor +# Especify the header bgcolor +# +header_bgcolor blanchedalmond + +# TAG: font_size +# Especify the text font size +# +font_size 12px + +# TAG: header_font_size +# Especify the header font size +# +header_font_size 12px + +# TAG: title_font_size +# Especify the title font size +# +title_font_size 12px + +# TAG: background_color +# TAG: background_color +# Html page background color +# +# background_color white + +# TAG: text_color +# Html page text color +# +text_color #000000 + +# TAG: text_bgcolor +# Html page text background color +# +text_bgcolor lavender + +# TAG: title_color +# Html page title color +# +#title_color green + +# TAG: logo_image +# Html page logo. +# +#logo_image none + +# TAG: logo_text +# Html page logo text. +# +#logo_text "" + +# TAG: logo_text_color +# Html page logo texti color. +# +#logo_text_color #000000 + +# TAG: logo_image_size +# Html page logo image size. +# width height +# +#image_size 80 45 + +# TAG: background_image +# Html page background image +# +#background_image none + +# TAG: password +# User password file used by Squid authentication scheme +# If used, generate reports just for that users. +# +#password none + +# TAG: temporary_dir +# Temporary directory name for work files +# sarg -w dir +# +#temporary_dir /tmp + +# TAG: output_dir +# The reports will be saved in that directory +# sarg -o dir +# +output_dir /srv/web/ipfire/html/sarg + +# TAG: output_email +# Email address to send the reports. If you use this tag, no html reports will be generated. +# sarg -e email +# +#output_email none + +# TAG: resolve_ip yes/no +# Convert ip address to dns name +# sarg -n +resolve_ip no + +# TAG: user_ip yes/no +# Use Ip Address instead userid in reports. +# sarg -p +#user_ip no + +# TAG: topuser_sort_field field normal/reverse +# Sort field for the Topuser Report. +# Allowed fields: USER CONNECT BYTES TIME +# +#topuser_sort_field BYTES reverse + +# TAG: user_sort_field field normal/reverse +# Sort field for the User Report. +# Allowed fields: SITE CONNECT BYTES TIME +# +#user_sort_field BYTES reverse + +# TAG: exclude_users file +# users within the file will be excluded from reports. +# you can use indexonly to have only index.html file. +# +#exclude_users none + +# TAG: exclude_hosts file +# Hosts, domains or subnets will be excluded from reports. +# +# Eg.: 192.168.10.10 - exclude ip address only +# 192.168.10.0/24 - exclude full C class +# s1.acme.foo - exclude hostname only +# *.acme.foo - exclude full domain name +# +#exclude_hosts none + +# TAG: useragent_log file +# useragent.log file patch to generate useragent report. +# +#useragent_log /var/log/squid/user_agent.log + +# TAG: date_format +# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww) +# +date_format e + +# TAG: per_user_limit file MB +# Saves userid on file if download exceed n MB. +# This option allow you to disable user access if user exceed a download limit. +# +#per_user_limit none + +# TAG: lastlog n +# How many reports files must be keept in reports directory. +# The oldest report file will be automatically removed. +# 0 - no limit. +# +#lastlog 0 + +# TAG: remove_temp_files yes +# Remove temporary files: geral, usuarios, top, periodo from root report directory. +# +#remove_temp_files yes + +# TAG: index yes|no|only +# Generate the main index.html. +# only - generate only the main index.html +# +#index yes + +# TAG: index_tree date|file +# How to generate the index. +# +#index_tree file + +# TAG: overwrite_report yes|no +# yes - if report date already exist then will be overwrited. +# no - if report date already exist then will be renamed to filename.n, filename.n+1 +# +overwrite_report yes + +# TAG: records_without_userid ignore|ip|everybody +# What can I do with records without user id (no authentication) in access.log file ? +# +# ignore - This record will be ignored. +# ip - Use ip address instead. (default) +# everybody - Use "everybody" instead. +# +#records_without_userid ip + +# TAG: use_comma no|yes +# Use comma instead point in reports. +# Eg.: use_comma yes => 23,450,110 +# use_comma no => 23.450.110 +# +#use_comma no + +# TAG: mail_utility +# Mail command to use to send reports via SMTP. Sarg calls it like this: +# mail_utility -s "SARG report, date" "output_email" <"mail_content" +# +# Therefore, it is possible to add more arguments to the command by specifying them +# here. +# +# If you need too, you can use a shell script to process the content of /dev/stdin +# (/dev/stdin is the mail_content passed by sarg to the script) and call whatever +# command you like. It is not limited to mailing the report via SMTP. +# +# Don't forget to quote the command if necessary (i.e. if the path contains +# characters that must be quoted). +# +#mail_utility mailx + +# TAG: topsites_num n +# How many sites in topsites report. +# +#topsites_num 100 + +# TAG: topsites_sort_order CONNECT|BYTES A|D +# Sort for topsites report, where A=Ascendent, D=Descendent +# +#topsites_sort_order CONNECT D + +# TAG: index_sort_order A/D +# Sort for index.html, where A=Ascendent, D=Descendent +# +#index_sort_order D + +# TAG: exclude_codes file +# Ignore records with these codes. Eg.: NONE/400 +# Write one code per line. Lines starting with a # are ignored. +# Only codes matching exactly one of the line is rejected. The +# comparison is not case sensitive. +# +#exclude_codes /usr/local/sarg/exclude_codes + +# TAG: replace_index string +# Replace "index.html" in the main index file with this string +# If null "index.html" is used +# +#replace_index + +# TAG: max_elapsed milliseconds +# If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time. +# Use 0 for no checking +# +#max_elapsed 28800000 +# 8 Hours + +# TAG: report_type type +# What kind of reports to generate. +# topusers - users, sites, times, bytes, connects, links to accessed sites, etc +# topsites - site, connect and bytes report +# sites_users - users and sites report +# users_sites - accessed sites by the user report +# date_time - bytes used per day and hour report +# denied - denied sites with full URL report +# auth_failures - autentication failures report +# site_user_time_date - sites, dates, times and bytes report +# downloads - downloads per user report +# +# Eg.: report_type topsites denied +# +report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads + +# TAG: usertab filename +# You can change the "userid" or the "ip address" to be a real user name on the reports. +# If resolve_ip is active, the ip address is resolved before being looked up into this +# file. That is, if you want to map the ip address, be sure to set resolv_ip to no or +# the resolved name will be looked into the file instead of the ip address. Note that +# it can be used to resolve any ip address known to the dns and then map the unresolved +# ip addresses to a name found in the usertab file. +# Table syntax: +# userid name or ip address name +# Eg: +# SirIsaac Isaac Newton +# vinci Leonardo da Vinci +# 192.168.10.1 Karol Wojtyla +# +# Each line must be terminated with '\n' +# If usertab have value "ldap" (case ignoring), user names +# will be taken from LDAP server. This method as approaches for reception +# of usernames from Active Didectory +# +#usertab none + +# TAG: LDAPHost hostname +# FQDN or IP address of host with LDAP service or AD DC +# default is '127.0.0.1' +#LDAPHost 127.0.0.1 + +# TAG: LDAPPort port +# LDAP service port number +# default is '389' +#LDAPPort 389 + +# TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com +# DN of LDAP user, who is authorized to read user's names from LDAP base +# default is empty line +#LDAPBindDN cn=proxy,dc=mydomain,dc=local + +# TAG: LDAPBindPW secret +# Password of DN, who is authorized to read user's names from LDAP base +# default is empty line +#LDAPBindPW secret + +# TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com +# LDAP search base +# default is empty line +#LDAPBaseSearch ou=users,dc=mydomain,dc=local + +# TAG: LDAPFilterSearch (uid=%s) +# User search filter by user's logins in LDAP +# First founded record will be used +# %s - will be changed to userlogins from access.log file +# filter string can have up to 5 '%s' tags +# default value is '(uid=%s)' +#LDAPFilterSearch (uid=%s) + +# TAG: LDAPTargetAttr attributename +# Name of the attribute containing a name of the user +# default value is 'cn' +#LDAPTargetAttr cn + +# TAG: long_url yes|no +# If yes, the full url is showed in report. +# If no, only the site will be showed +# +# YES option generate very big sort files and reports. +# +#long_url no + +# TAG: date_time_by bytes|elap +# Date/Time reports show the downloaded volume or the elapsed time or both. +# +#date_time_by bytes + +# TAG: charset name +# ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit) +# graphic character sets for writing in alphabetic languages +# You can use the following charsets: +# Latin1 - West European +# Latin2 - East European +# Latin3 - South European +# Latin4 - North European +# Cyrillic +# Arabic +# Greek +# Hebrew +# Latin5 - Turkish +# Latin6 +# Windows-1251 +# Japan +# Koi8-r +# UTF-8 +# +#charset Latin1 + +# TAG: user_invalid_char "&/" +# Records that contain invalid characters in userid will be ignored by Sarg. +# +#user_invalid_char "&/" + +# TAG: privacy yes|no +# privacy_string "***.***.***.***" +# privacy_string_color blue +# In some countries the sysadm cannot see the visited sites by a restrictive law. +# Using privacy yes the visited url will be changes by privacy_string and the link +# will be removed from reports. +# +#privacy no +#privacy_string "***.***.***.***" +#privacy_string_color blue + +# TAG: include_users "user1:user2:...:usern" +# Reports will be generated only for listed users. +# +#include_users none + +# TAG: exclude_string "string1:string2:...:stringn" +# Records from access.log file that contain one of listed strings will be ignored. +# +#exclude_string none + +# TAG: show_successful_message yes|no +# Shows "Successful report generated on dir" at end of process. +# +#show_successful_message yes + +# TAG: show_read_statistics yes|no +# Shows some reading statistics. +# +show_read_statistics yes + +# TAG: topuser_fields +# Which fields must be in Topuser report. +# +#topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE + +# TAG: user_report_fields +# Which fields must be in User report. +# +#user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE + +# TAG: bytes_in_sites_users_report yes|no +# Bytes field must be in Site & Users Report ? +# +#bytes_in_sites_users_report no + +# TAG: topuser_num n +# How many users in topsites report. 0 = no limit +# +#topuser_num 0 + +# TAG: datafile file +# Save the report results in a file to populate some database +# +#datafile none + +# TAG: datafile_delimiter ";" +# ascii character to use as a field separator in datafile +# +#datafile_delimiter ";" + +# TAG: datafile_fields all +# Which data fields must be in datafile +# user;date;time;url;connect;bytes;in_cache;out_cache;elapsed +# +#datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed + +# TAG: datafile_url ip|name +# Saves the URL as ip or name in datafile +# +#datafile_url ip + +# TAG: weekdays +# The weekdays to take into account ( Sunday->0, Saturday->6 ) +# Example: +#weekdays 1-3,5 +# Default: +#weekdays 0-6 + +# TAG: hours +# The hours to take into account +# Example: +#hours 7-12,14,16,18-20 +# Default: +#hours 0-23 + +# TAG: dansguardian_conf file +# DansGuardian.conf file path +# Generate reports from DansGuardian logs. +# Use 'none' to disable it. +# dansguardian_conf /usr/dansguardian/dansguardian.conf +# +#dansguardian_conf none + +# TAG: dansguardian_filter_out_date on|off +# This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action. +# Note the change of parameter value compared with the old option. +# 'off' use the record even if its date is outside of the range found in the input log file. +# 'on' use the record only if its date is in the range found in the input log file. +# +#dansguardian_filter_out_date on + +# TAG: squidguard_conf file +# path to squidGuard.conf file +# Generate reports from SquidGuard logs. +# Use 'none' to disable. +# You can use sarg -L filename to use an alternate squidGuard log. +# squidguard_conf /usr/local/squidGuard/squidGuard.conf +# +#squidguard_conf none + +# TAG: redirector_log file +# the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option +# may be repeated up to 64 times to read multiple files. +# If this option is specified, it takes precedence over squidguard_conf. +# The command line option -L override this option. +# +#redirector_log /usr/local/squidGuard/var/logs/urls.log + +# TAG: redirector_filter_out_date on|off +# This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not +# appropriate with respect to their action. +# Note the change of parameter value compared with the old options. +# 'off' use the record even if its date is outside of the range found in the input log file. +# 'on' use the record only if its date is in the range found in the input log file. +# +#redirector_filter_out_date on + +# TAG: redirector_log_format +# Format string for web proxy redirector logs. +# This option was named squidguard_log_format before sarg 2.3. +# REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end# +# SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# +#redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# + +# TAG: show_sarg_info yes|no +# shows sarg information and site path on each report bottom +# +#show_sarg_info yes + +# TAG: show_sarg_logo yes|no +# shows sarg logo +# +#show_sarg_logo yes + +# TAG: parsed_output_log directory +# Saves the processed log in a sarg format after parsing the squid log file. +# This is a way to dump all of the data structures out, after parsing from +# the logs (presumably this data will be much smaller than the log files themselves), +# and pull them back in for later processing and merging with data from previous logs. +# +#parsed_output_log none + +# TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress +# Command to run to compress sarg parsed output log. It may contain +# options (such as -f to overwrite existing target file). The name of +# the file to compresse is provided at the end of this +# command line. Don't forget to quote things appropriately. +# +#parsed_output_log_compress /bin/gzip + +# TAG: displayed_values bytes|abbreviation +# how the values will be displayed in reports. +# eg. bytes - 209.526 +# abbreviation - 210K +# +#displayed_values bytes + +# Report limits +# TAG: authfail_report_limit n +# TAG: denied_report_limit n +# TAG: siteusers_report_limit n +# TAG: squidguard_report_limit n +# TAG: user_report_limit n +# TAG: dansguardian_report_limit n +# TAG: download_report_limit n +# report limits (lines). +# '0' no limit +# +#authfail_report_limit 10 +#denied_report_limit 10 +#siteusers_report_limit 0 +#squidguard_report_limit 10 +#dansguardian_report_limit 10 +#user_report_limit 10 +#user_report_limit 50 + +# TAG: www_document_root dir +# Where is your Web DocumentRoot +# Sarg will create sarg-php directory with some PHP modules: +# - sarg-squidguard-block.php - add urls from user reports to squidGuard DB +# +#www_document_root /var/www/html + +# TAG: block_it module_url +# This tag allow you to pass urls from user reports to a cgi or php module, +# to be blocked by some Squid acl +# +# Eg.: block_it /sarg-php/sarg-block-it.php +# sarg-block-it is a php that will append a url to a flat file. +# You must change /var/www/html/sarg-php/sarg-block-it to point to your file +# in $filename variable, and chown to a httpd owner. +# +# sarg will pass http://module_url?url=url +# +#block_it none + +# TAG: external_css_file path +# Provide the path to an external css file to link into the HTML reports instead of +# the inline css written by sarg when this option is not set. +# +# In versions prior to 2.3, this used to be an absolute file name to +# a file to include verbatim in each HTML page but, as it takes a lot of +# space, version 2.3 switched to a link to an external css file. +# Therefore, this option must contain the HTTP server path on which a client +# browser may find the css file. +# +# Sarg use theses style classes: +# .logo logo class +# .info sarg information class, align=center +# .title_c title class, align=center +# .header_c header class, align:center +# .header_l header class, align:left +# .header_r header class, align:right +# .text text class, align:right +# .data table text class, align:right +# .data2 table text class, align:left +# .data3 table text class, align:center +# .link link class +# +# Sarg can be instructed to output the internal css it inline +# into the reports with this command: +# +# sarg --css +# +# You can redirect the output to a file of your choice and edit +# it to your liking. +# +#external_css_file none + +# TAG: user_authentication yes|no +# Allow user authentication in User Reports using .htaccess +# Parameters: +# AuthUserTemplateFile - The template to use to create the +# .htaccess file. In the template, %u is replaced by the +# user's ID for which the report is generated. The path of the +# template is relative to the directory containing sarg +# configuration file. +# +# user_authentication no +# AuthUserTemplateFile sarg_htaccess + +# TAG: download_suffix "suffix,suffix,...,suffix" +# file suffix to be considered as "download" in Download report. +# Use 'none' to disable. +# +download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg" + +# TAG: ulimit n +# The maximum number of open file descriptors to avoid "Too many open files" error message. +# You need to run sarg as root to use ulimit tag. +# If you run sarg with a low privilege user, set to 'none' to disable ulimit +# +#ulimit 20000 + +# TAG: ntlm_user_format username|domainname+username +# NTLM users format. +# +#ntlm_user_format domainname+username + +# TAG: realtime_refresh_time num sec +# How many time to auto refresh the realtime report +# 0 = disable +# +# realtime_refresh_time 3 + +# TAG: realtime_access_log_lines num +# How many last lines to get from access.log file +# +# realtime_access_log_lines 1000 + +# TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST +# Which records must be in realtime report. +# +# realtime_types GET,PUT,CONNECT + +# TAG: realtime_unauthenticated_records: ignore|show +# What to do with unauthenticated records in realtime report. +# +# realtime_unauthenticated_records: show + +# TAG: byte_cost value no_cost_limit +# Cost per byte. +# Eg. byte_cost 0.01 100000000 +# per byte cost = 0.01 +# bytes with no cost = 100 Mb +# 0 = disable +# +# byte_cost 0.01 50000000 + +# TAG: squid24 on|off +# Compatilibity with squid version <= 2.4 when using emulate_http_log on +# +# squid24 off diff --git a/config/sarg/update-sarg-reports b/config/sarg/update-sarg-reports new file mode 100644 index 0000000000..9f2ab4c8cd --- /dev/null +++ b/config/sarg/update-sarg-reports @@ -0,0 +1,188 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) 2012 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +export LC_ALL=C + +SARG_CONFIG="/etc/sarg/sarg.conf" +SQUID_LOG="/var/log/squid/access.log" +REPORTS_PATH="/var/log/sarg" + +function date_calc() { + local when + local range="false" + + case "${1}" in + month) + when="1 month ago" + range="true" + ;; + week) + when="1 week ago" + ;; + yesterday) + when="1 day ago" + ;; + today) + when="today" + ;; + *) + return 1 + ;; + esac + + if [ "${range}" = "true" ]; then + echo "$(date --date "${when}" +01/%m/%Y)-$(date --date "${when}" +31/%m/%Y)" + else + date --date "${when}" +%d/%m/%Y + fi + + return 0 +} + +function compile_report() { + local interval=${1} + + local date + case "${interval}" in + today) + date=$(date_calc today) + ;; + daily) + date=$(date_calc yesterday) + ;; + weekly) + date="$(date_calc week)-$(date_calc yesterday)" + ;; + monthly) + date="$(date_calc month)" + ;; + esac + [ -n "${date}" ] || return 1 + + # Determine max. number of archived log files to search. + local max_logs + case "${interval}" in + today|daily) + max_logs=3 + ;; + weekly) + max_logs=14 + ;; + monthly) + max_logs=40 + ;; + esac + + # Create reports_path, if not exists. + local reports_path="${REPORTS_PATH}/${interval}" + mkdir -p ${reports_path} + + # Remove already existant data on today's reports. + case "${interval}" in + today) + rm -rf ${reports_path}/* + ;; + esac + + # Run SARG. + get_logs ${max_logs} | sarg -f ${SARG_CONFIG} -l - -d ${date} -o ${reports_path} +} + +function get_logs() { + local max=${1} + + if [ -z "${max}" ]; then + max=10000 + fi + + local idx=0 + while [ ${idx} -le ${max} ]; do + file=$(search_log_file ${idx}) + + # If no log file could be opened, we are done. + [ -z "${file}" ] && break + + case "${file}" in + # Logs in plain text. + *.log) + cat ${file} + ;; + + # GZip compressed log files. + *.gz) + gzip -d < ${file} + ;; + + # XZ compressed log files. + *.xz) + xz -d < ${file} + ;; + + # Unhandled stuff. + *) + echo "Unhandled file type: ${file}" >&2 + ;; + esac + + idx=$(( ${idx} + 1 )) + done + + return 0 +} + +function search_log_file() { + local idx=${1} + + if [ "${idx}" = "0" ] && [ -e "${SQUID_LOG}" ]; then + echo "${SQUID_LOG}" + return 0 + fi + + local algo + for algo in gz xz; do + file="${SQUID_LOG}.${idx}.${algo}" + + if [ -e "${file}" ]; then + echo "${file}" + return 0 + fi + done + + return 1 +} + +# Main. + +case "${1}" in + today|daily|weekly|monthly) + compile_report ${1} + ;; + *) + echo "${0} - Squid proxy reports creation tool" + echo + echo "Usage: ${0} [interval]" + echo " interval: today, daily, weekly, monthly" + echo + exit 0 + ;; +esac + +exit 0 diff --git a/doc/language_issues.de b/doc/language_issues.de index 5a42ae50e9..137217c994 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -68,6 +68,9 @@ WARNING: translation string unused: cache size WARNING: translation string unused: calamaris report interval (in minutes) WARNING: translation string unused: calc traffic all x minutes WARNING: translation string unused: capsinactive +WARNING: translation string unused: ccd err iroute +WARNING: translation string unused: ccd err netadr +WARNING: translation string unused: ccd maxclients WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config diff --git a/doc/language_issues.en b/doc/language_issues.en index 6d6a2a66df..68fef77be3 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -87,6 +87,8 @@ WARNING: translation string unused: cache size WARNING: translation string unused: calamaris report interval (in minutes) WARNING: translation string unused: calc traffic all x minutes WARNING: translation string unused: capsinactive +WARNING: translation string unused: ccd err iroute +WARNING: translation string unused: ccd err netadr WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config diff --git a/doc/language_issues.es b/doc/language_issues.es index 6bcbf86217..eca067d53d 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -500,7 +500,43 @@ WARNING: untranslated string: Async logging enabled WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled @@ -546,11 +582,28 @@ WARNING: untranslated string: outgoing firewall p2p description 2 WARNING: untranslated string: outgoing firewall p2p description 3 WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group +WARNING: untranslated string: ovpn errmsg green already pushed +WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes +WARNING: untranslated string: ovpn routes push +WARNING: untranslated string: ovpn routes push options WARNING: untranslated string: pakfire ago +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: system information WARNING: untranslated string: visit us at diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 189932fab1..91beb6f7ea 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -499,7 +499,43 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: dns address deleted txt WARNING: untranslated string: fireinfo ipfire version @@ -534,11 +570,24 @@ WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other WARNING: untranslated string: our donors WARNING: untranslated string: outgoing firewall reserved groupname +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes WARNING: untranslated string: pakfire ago +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: snort working WARNING: untranslated string: static routes WARNING: untranslated string: system information diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 6bcbf86217..eca067d53d 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -500,7 +500,43 @@ WARNING: untranslated string: Async logging enabled WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled @@ -546,11 +582,28 @@ WARNING: untranslated string: outgoing firewall p2p description 2 WARNING: untranslated string: outgoing firewall p2p description 3 WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group +WARNING: untranslated string: ovpn errmsg green already pushed +WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes +WARNING: untranslated string: ovpn routes push +WARNING: untranslated string: ovpn routes push options WARNING: untranslated string: pakfire ago +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: system information WARNING: untranslated string: visit us at diff --git a/doc/language_issues.ru b/doc/language_issues.ru index e25d81de4a..e36449a2ff 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -491,7 +491,43 @@ WARNING: untranslated string: Add a route WARNING: untranslated string: Edit an existing route WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: disk access per WARNING: untranslated string: extrahd because there is already a device mounted @@ -516,10 +552,23 @@ WARNING: untranslated string: other WARNING: untranslated string: our donors WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing traffic in bytes per second +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: visit us at WARNING: untranslated string: vpn keyexchange diff --git a/doc/language_missings b/doc/language_missings index 55e0e407b5..83fbf90ce6 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -4,6 +4,7 @@ ############################################################################ # Checking cgi-bin translations for language: en # ############################################################################ +< ccd maxclients ############################################################################ # Checking install/setup translations for language: fr # ############################################################################ @@ -11,6 +12,45 @@ # Checking cgi-bin translations for language: fr # ############################################################################ < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isipsecnet +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd noaddnet +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < dns address deleted txt < fireinfo ipfire version @@ -45,6 +85,19 @@ < openvpn subnet is used < other < our donors +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly +< server restart < snort working < static routes < system information @@ -81,6 +134,45 @@ ############################################################################ < advproxy errmsg invalid upstream proxy < Async logging enabled +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isipsecnet +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd noaddnet +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < fireinfo ipfire version < fireinfo is disabled @@ -126,6 +218,23 @@ < outgoing firewall p2p description 2 < outgoing firewall p2p description 3 < outgoing firewall view group +< ovpn errmsg green already pushed +< ovpn errmsg invalid ip or mask +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes +< ovpn routes push +< ovpn routes push options +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly +< server restart < Set time on boot < static routes < system information @@ -138,6 +247,45 @@ # Checking cgi-bin translations for language: pl # ############################################################################ < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isipsecnet +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd noaddnet +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < extrahd because there is already a device mounted < extrahd cant umount @@ -161,6 +309,23 @@ < openvpn subnet is used < other < our donors +< ovpn errmsg green already pushed +< ovpn errmsg invalid ip or mask +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes +< ovpn routes push +< ovpn routes push options +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly +< server restart < static routes < visit us at < vpn keyexchange @@ -172,6 +337,45 @@ ############################################################################ < Add a route < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isipsecnet +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd noaddnet +< ccd none +< ccd routes +< ccd subnet +< ccd used < day-graph < deprecated fs warn < disk access per @@ -203,6 +407,19 @@ < other < our donors < outgoing traffic in bytes per second +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly +< server restart < static routes < visit us at < vpn keyexchange diff --git a/html/cgi-bin/logs.cgi/calamaris.dat b/html/cgi-bin/logs.cgi/calamaris.dat index 19a3693999..07fdf8a880 100644 --- a/html/cgi-bin/logs.cgi/calamaris.dat +++ b/html/cgi-bin/logs.cgi/calamaris.dat @@ -24,6 +24,7 @@ my $unique=time; my $squidlogdir = "/var/log/squid"; my $reportdir = "${General::swroot}/proxy/calamaris/reports"; +my $sargdir = "/var/log/sarg"; unless (-e $reportdir) { mkdir($reportdir) } @@ -98,6 +99,7 @@ if ($reportsettings{'ACTION'} eq $Lang::tr{'calamaris create report'}) delete $reportsettings{'DAY_END'}; delete $reportsettings{'MONTH_END'}; delete $reportsettings{'YEAR_END'}; + delete $reportsettings{'REPORT'}; &General::writehash("${General::swroot}/proxy/calamaris/settings", \%reportsettings); @@ -240,6 +242,86 @@ if ($errormessage) { &Header::closebox(); } +# Link sarg reports. +if (-e $sargdir) { + &Header::openbox('100%', 'left', "$Lang::tr{'proxy reports'}:"); + + print < + +END + + # Today. + if (-e "$sargdir/today") { + print < + $Lang::tr{'proxy reports today'} + +END + } else { + print < + $Lang::tr{'proxy reports today'} + +END + } + + # Daily. + if (-e "$sargdir/daily") { + print < + $Lang::tr{'proxy reports daily'} + +END + } else { + print < + $Lang::tr{'proxy reports daily'} + +END + } + + # Weekly. + if (-e "$sargdir/weekly") { + print < + $Lang::tr{'proxy reports weekly'} + +END + } else { + print < + $Lang::tr{'proxy reports weekly'} + +END + } + + # Monthly. + if (-e "$sargdir/monthly") { + print < + $Lang::tr{'proxy reports monthly'} + +END + } else { + print < + $Lang::tr{'proxy reports monthly'} + +END + } + + print < + + +

+END + + &Header::closebox(); +} + + &Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); print <\n"; diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi old mode 100644 new mode 100755 index 990fe6600b..2b0c4ba60d --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -36,10 +36,10 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl"; # enable only the following on debugging purpose -use warnings; -use CGI::Carp 'fatalsToBrowser'; +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::colourgreen} ); +my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} ); undef (@dummy); my %color = (); @@ -50,6 +50,9 @@ my %mainsettings = (); ### ### Initialize variables ### +my %ccdconfhash=(); +my %ccdroutehash=(); +my %ccdroute2hash=(); my %netsettings=(); my %cgiparams=(); my %vpnsettings=(); @@ -61,6 +64,10 @@ my $warnmessage = ''; my $errormessage = ''; my %settings=(); my $routes_push_file = ''; +my $confighost="${General::swroot}/fwhosts/customhosts"; +my $configgrp="${General::swroot}/fwhosts/customgroups"; +my $customnet="${General::swroot}/fwhosts/customnetworks"; +my $name; &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'ENABLED_BLUE'} = 'off'; @@ -77,8 +84,13 @@ $cgiparams{'DHCP_WINS'} = ''; $cgiparams{'ROUTES_PUSH'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; +$cgiparams{'number'} = ''; +$cgiparams{'PMTU_DISCOVERY'} = ''; $routes_push_file = "${General::swroot}/ovpn/routes_push"; unless (-e $routes_push_file) { system("touch $routes_push_file"); } +unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); } +unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); } +unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); } &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); @@ -313,7 +325,6 @@ sub disallowreserved return; } - sub writeserverconf { my %sovpnsettings = (); my @temp = (); @@ -329,7 +340,6 @@ sub writeserverconf { print CONF "#DAN prepare OpenVPN for listening on blue and orange\n"; print CONF ";local $sovpnsettings{'VPN_IP'}\n"; print CONF "dev $sovpnsettings{'DDEVICE'}\n"; - print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; print CONF "proto $sovpnsettings{'DPROTOCOL'}\n"; print CONF "port $sovpnsettings{'DDEST_PORT'}\n"; print CONF "script-security 3 system\n"; @@ -342,18 +352,48 @@ sub writeserverconf { print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; - print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; - + #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; + + # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500. + # If we doesn't use one of them, we can use the configured mtu value. + if ($sovpnsettings{'MSSFIX'} eq 'on') + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + else + { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; } + if ($vpnsettings{'ROUTES_PUSH'} ne '') { - @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); - foreach (@temp) - { - @tempovpnsubnet = split("\/",&General::ipcidr2msk($_)); - print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n"; + @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); + foreach (@temp) + { + @tempovpnsubnet = split("\/",&General::ipcidr2msk($_)); + print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n"; + } } - } +# a.marx ccd + my %ccdconfhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + my $a=$ccdconfhash{$key}[1]; + my ($b,$c) = split (/\//, $a); + print CONF "route $b ".&General::cidrtosub($c)."\n"; + } + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]); + print CONF "route $a $b\n"; + } + } +# ccd end - if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { + if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } if ($sovpnsettings{MSSFIX} eq 'on') { @@ -362,6 +402,14 @@ sub writeserverconf { if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; } + + # Check if a valid operating mode has been choosen and use it. + if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) { + print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n"; + } + if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) { print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n"; } @@ -407,7 +455,7 @@ sub writeserverconf { close(CONF); } -# + sub emptyserverlog{ if (open(FILE, ">/var/log/ovpnserver.log")) { flock FILE, 2; @@ -417,6 +465,274 @@ sub emptyserverlog{ } +sub delccdnet +{ + my %ccdconfhash = (); + my %ccdhash = (); + my $ccdnetname=$_[0]; + if (-f "${General::swroot}/ovpn/ovpnconfig"){ + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $ccdnetname) { + $errormessage=$Lang::tr{'ccd err hostinnet'}; + return; + } + } + } + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if ($ccdconfhash{$key}[0] eq $ccdnetname){ + delete $ccdconfhash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + + &writeserverconf; + return 0; +} + +sub addccdnet +{ + my %ccdconfhash=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $subcidr; + my @ip2=(); + my $checkup; + my $ccdip; + my $baseaddress; + + + #check name + if ($ccdname eq '') + { + $errormessage=$errormessage.$Lang::tr{'ccd err name'}."
"; + return + } + + if(!&General::validhostname($ccdname)) + { + $errormessage=$Lang::tr{'ccd err invalidname'}; + return; + } + + ($ccdip,$subcidr) = split (/\//,$ccdnet); + $subcidr=&General::iporsubtocidr($subcidr); + #check subnet + if ($subcidr > 30) + { + $errormessage=$Lang::tr{'ccd err invalidnet'}; + return; + } + #check ip + if (!&General::validipandmask($ccdnet)){ + $errormessage=$Lang::tr{'ccd err invalidnet'}; + return; + } + + $errormessage=&General::checksubnets($ccdname,$ccdnet); + + + if (!$errormessage) { + my %ccdconfhash=(); + $baseaddress=&General::getnetworkip($ccdip,$subcidr); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + my $key = &General::findhasharraykey (\%ccdconfhash); + foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";} + $ccdconfhash{$key}[0] = $ccdname; + $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr; + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + &writeserverconf; + $cgiparams{'ccdname'}=''; + $cgiparams{'ccdsubnet'}=''; + return 1; + } +} + +sub modccdnet +{ + + my $newname=$_[0]; + my $oldname=$_[1]; + my %ccdconfhash=(); + my %ccdhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if ($ccdconfhash{$key}[0] eq $oldname) { + foreach my $key1 (keys %ccdconfhash) { + if ($ccdconfhash{$key1}[0] eq $newname){ + $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'}; + return; + }else{ + $ccdconfhash{$key}[0]= $newname; + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + last; + } + } + } + } + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $oldname) { + $ccdhash{$key}[32]=$newname; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + last; + } + } + + return 0; +} +sub ccdmaxclients +{ + my $ccdnetwork=$_[0]; + my @octets=(); + my @subnet=(); + @octets=split("\/",$ccdnetwork); + @subnet= split /\./, &General::cidrtosub($octets[1]); + my ($a,$b,$c,$d,$e); + $a=256-$subnet[0]; + $b=256-$subnet[1]; + $c=256-$subnet[2]; + $d=256-$subnet[3]; + $e=($a*$b*$c*$d)/4; + return $e-1; +} + +sub getccdadresses +{ + my $ipin=$_[0]; + my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin; + my $cidr=$_[1]; + chomp($cidr); + my $count=$_[2]; + my $hasip=$_[3]; + chomp($hasip); + my @iprange=(); + my %ccdhash=(); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; + for (my $i=1;$i<=$count;$i++) { + my $tmpip=$iprange[$i-1]; + my $stepper=$i*4; + $iprange[$i]= &General::getnextip($tmpip,4); + } + my $r=0; + foreach my $key (keys %ccdhash) { + $r=0; + foreach my $tmp (@iprange){ + my ($net,$sub) = split (/\//,$ccdhash{$key}[33]); + if ($net eq $tmp) { + if ( $hasip ne $ccdhash{$key}[33] ){ + splice (@iprange,$r,1); + } + } + $r++; + } + } + return @iprange; +} + +sub fillselectbox +{ + my $boxname=$_[1]; + my ($ccdip,$subcidr) = split("/",$_[0]); + my $tz=$_[2]; + my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz); + print""; +} + +sub hostsinnet +{ + my $name=$_[0]; + my %ccdhash=(); + my $i=0; + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $name){ $i++;} + } + return $i; +} + +sub check_routes_push +{ + my $val=$_[0]; + my ($ip,$cidr) = split (/\//, $val); + ##check for existing routes in routes_push + if (-e "${General::swroot}/ovpn/routes_push") { + open(FILE,"${General::swroot}/ovpn/routes_push"); + while () { + $_=~s/\s*$//g; + + my ($ip2,$cidr2) = split (/\//,"$_"); + my $val2=$ip2."/".&General::iporsubtodec($cidr2); + + if($val eq $val2){ + return 0; + } + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){ + return 0; + } + }; + close(FILE); + } + return 1; +} + +sub check_ccdroute +{ + my %ccdroutehash=(); + my $val=$_[0]; + my ($ip,$cidr) = split (/\//, $val); + #check for existing routes in ccdroute + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){ + return 0; + } + my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]); + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){ + return 0; + } + } + } + return 1; +} +sub check_ccdconf +{ + my %ccdconfhash=(); + my $val=$_[0]; + my ($ip,$cidr) = split (/\//, $val); + #check for existing routes in ccdroute + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){ + return 0; + } + my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]); + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){ + return 0; + } + + } + return 1; +} + ### # m.a.d net2net ### @@ -451,6 +767,7 @@ sub read_routepushfile while () { $vpnsettings{'ROUTES_PUSH'} .= $_ }; close(FILE); $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'}; + } } @@ -490,11 +807,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} || &emptyserverlog(); } # #restart openvpn server - if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ +# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ #workarund, till SIGHUP also works when running as nobody - system('/usr/local/bin/openvpnctrl', '-r'); - &emptyserverlog(); - } +# system('/usr/local/bin/openvpnctrl', '-r'); +# &emptyserverlog(); +# } } ### @@ -516,6 +833,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'}; $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'}; + $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'}; my @temp=(); if ($cgiparams{'FRAGMENT'} eq '') { @@ -533,6 +851,17 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { } else { $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'}; } + + if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) { + + if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) { + $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'}; + goto ADV_ERROR; + } + } + if ($cgiparams{'DHCP_DOMAIN'} ne ''){ unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) { $errormessage = $Lang::tr{'invalid input for dhcp domain'}; @@ -554,24 +883,47 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { if ($cgiparams{'ROUTES_PUSH'} ne ''){ @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'}); undef $vpnsettings{'ROUTES_PUSH'}; - foreach (@temp) + + foreach my $tmpip (@temp) { s/^\s+//g; s/\s+$//g; - if ($_) + + if ($tmpip) { - unless (&General::validipandmask($_)) { - $errormessage = $Lang::tr{'ovpn errmsg invalid ip or mask'}; - goto ADV_ERROR; + $tmpip=~s/\s*$//g; + unless (&General::validipandmask($tmpip)) { + $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'}; + goto ADV_ERROR; } - my ($ip, $cidr) = split("\/",&General::ipcidr2msk($_)); + my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip)); + if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) { $errormessage = $Lang::tr{'ovpn errmsg green already pushed'}; - goto ADV_ERROR; + goto ADV_ERROR; } - $vpnsettings{'ROUTES_PUSH'} .= $_."\n"; +# a.marx ccd + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){ + $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ; + goto ADV_ERROR; + } + my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]); + if (&General::IpInSubnet ($ip,$ip2,$cidr2)){ + $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ; + goto ADV_ERROR; + } + } + } + +# ccd end + + $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n"; } - } - &write_routepushfile; + } + &write_routepushfile; undef $vpnsettings{'ROUTES_PUSH'}; } else { @@ -656,6 +1008,17 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; }; } + + # Check if a valid operating mode has been choosen and use it. + if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) { + if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) { + if($cgiparams{'MTU'} eq '1500') { + print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n"; + } + } + } print SERVERCONF "# Auth. Server\n"; print SERVERCONF "tls-server\n"; print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; @@ -734,6 +1097,17 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; }; } + + # Check if a valid operating mode has been choosen and use it. + if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) { + if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) { + if ($cgiparams{'MTU'} eq '1500') { + print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n"; + } + } + } print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; @@ -1571,29 +1945,26 @@ END my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`; if ($confighash{$cgiparams{'KEY'}}) { + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + $confighash{$cgiparams{'KEY'}}[0] = 'on'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { - $confighash{$cgiparams{'KEY'}}[0] = 'on'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); - } - - } else { + } + } else { - $confighash{$cgiparams{'KEY'}}[0] = 'off'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + $confighash{$cgiparams{'KEY'}}[0] = 'off'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ if ($n2nactive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); - } + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + } - } else { + } else { $errormessage = $Lang::tr{'invalid key'}; - } + } } } @@ -1665,6 +2036,15 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";} if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} } + if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') || + ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') || + ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) { + if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) { + if ($tunmtu eq '1500' ) { + print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n"; + } + } + } print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; @@ -1718,12 +2098,26 @@ else my $zip = Archive::Zip->new(); - print CLIENTCONF "#OpenVPN Server conf\r\n"; + print CLIENTCONF "#OpenVPN Client conf\r\n"; print CLIENTCONF "tls-client\r\n"; print CLIENTCONF "client\r\n"; + print CLIENTCONF "nobind\n"; print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n"; print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; - print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; + + # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500 + # or use configured value. + if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif ($vpnsettings{MSSFIX} eq 'on') + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + else + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; } + if ( $vpnsettings{'ENABLED'} eq 'on'){ print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n"; if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){ @@ -1767,6 +2161,15 @@ else if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) { print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n"; } + + # Check if a valid operating mode has been choosen and use it. + if (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) { + if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) { + print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n"; + } + } close(CLIENTCONF); $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; @@ -1814,10 +2217,41 @@ else } unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + +# A.Marx CCD delete ccd files and routes + + + if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]") + { + unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]"; + } + + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroutehash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroute2hash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + &writeserverconf; + + +# CCD end + + delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + #&writeserverconf(); } else { $errormessage = $Lang::tr{'invalid key'}; @@ -1884,9 +2318,11 @@ else %cgiparams = (); %cahash = (); %confighash = (); + my $disabled; &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams); read_routepushfile; - + + # if ($cgiparams{'CLIENT2CLIENT'} eq '') { # $cgiparams{'CLIENT2CLIENT'} = 'on'; # } @@ -1913,6 +2349,7 @@ ADV_ERROR: $checked{'MSSFIX'}{'off'} = ''; $checked{'MSSFIX'}{'on'} = ''; $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; + $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\''; $selected{'LOG_VERB'}{'1'} = ''; $selected{'LOG_VERB'}{'2'} = ''; $selected{'LOG_VERB'}{'3'} = ''; @@ -1926,9 +2363,7 @@ ADV_ERROR: $selected{'LOG_VERB'}{'11'} = ''; $selected{'LOG_VERB'}{'0'} = ''; $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; - - - + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); @@ -1940,8 +2375,8 @@ ADV_ERROR: } &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); print < - + +
@@ -1950,7 +2385,7 @@ ADV_ERROR: - + @@ -1975,7 +2410,7 @@ if ($cgiparams{'ROUTES_PUSH'} ne '') print $cgiparams{'ROUTES_PUSH'}; } -print < @@ -1986,7 +2421,7 @@ print <$Lang::tr{'misc-options'} - + @@ -2015,7 +2450,15 @@ print <mssfix - + + + + + + + + +
$Lang::tr{'dhcp-options'}
Domain
DNS
Client-To-Client Default: on
$Lang::tr{'ovpn mtu-disc'} $Lang::tr{'ovpn mtu-disc yes'} $Lang::tr{'ovpn mtu-disc maybe'} $Lang::tr{'ovpn mtu-disc no'} $Lang::tr{'ovpn mtu-disc off'}