]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | #!/usr/bin/perl\r |
2 | #\r | |
3 | # (c) 2001 Jack Beglinger <jackb_guppy@yahoo.com>\r | |
4 | #\r | |
5 | # (c) 2003 Dave Roberts <countzerouk@hotmail.com> - colour coded netfilter/iptables rewrite for 1.3\r | |
6 | #\r | |
7 | # $Id: connections.cgi,v 1.6.2.11 2005/02/24 07:44:35 gespinasse Exp $\r | |
8 | #\r | |
9 | \r | |
10 | # Setup GREEN, ORANGE, IPCOP, VPN CIDR networks, masklengths and colours only once\r | |
11 | \r | |
12 | my @network=();\r | |
13 | my @masklen=();\r | |
14 | my @colour=();\r | |
15 | \r | |
16 | use Net::IPv4Addr qw( :all );\r | |
17 | \r | |
18 | use strict;\r | |
19 | \r | |
20 | # enable only the following on debugging purpose\r | |
21 | #use warnings;\r | |
22 | #use CGI::Carp 'fatalsToBrowser';\r | |
23 | \r | |
24 | require 'CONFIG_ROOT/general-functions.pl';\r | |
25 | require "${General::swroot}/lang.pl";\r | |
26 | require "${General::swroot}/header.pl";\r | |
27 | \r | |
28 | #workaround to suppress a warning when a variable is used only once\r | |
29 | my @dummy = ( ${Header::table1colour} );\r | |
30 | undef (@dummy);\r | |
31 | \r | |
32 | # Read various files\r | |
33 | \r | |
34 | my %netsettings=();\r | |
35 | &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);\r | |
36 | \r | |
37 | open (ACTIVE, "/proc/net/ip_conntrack") or die 'Unable to open ip_conntrack';\r | |
38 | my @active = <ACTIVE>;\r | |
39 | close (ACTIVE);\r | |
40 | \r | |
41 | my @vpn = ('none');\r | |
42 | open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = <ACTIVE>; close (ACTIVE);\r | |
43 | \r | |
44 | my $aliasfile = "${General::swroot}/ethernet/aliases";\r | |
45 | open(ALIASES, $aliasfile) or die 'Unable to open aliases file.';\r | |
46 | my @aliases = <ALIASES>;\r | |
47 | close(ALIASES);\r | |
48 | \r | |
49 | # Add Green Firewall Interface\r | |
50 | push(@network, $netsettings{'GREEN_ADDRESS'});\r | |
51 | push(@masklen, "255.255.255.255" );\r | |
52 | push(@colour, ${Header::colourfw} );\r | |
53 | \r | |
54 | # Add Green Network to Array\r | |
55 | push(@network, $netsettings{'GREEN_NETADDRESS'});\r | |
56 | push(@masklen, $netsettings{'GREEN_NETMASK'} );\r | |
57 | push(@colour, ${Header::colourgreen} );\r | |
58 | \r | |
59 | # Add Green Routes to Array\r | |
60 | my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`;\r | |
61 | foreach my $route (@routes) {\r | |
62 | chomp($route);\r | |
63 | my @temp = split(/[\t ]+/, $route);\r | |
64 | push(@network, $temp[0]);\r | |
65 | push(@masklen, $temp[2]);\r | |
66 | push(@colour, ${Header::colourgreen} );\r | |
67 | }\r | |
68 | \r | |
69 | # Add Firewall Localhost 127.0.0.1\r | |
70 | push(@network, '127.0.0.1');\r | |
71 | push(@masklen, '255.255.255.255' );\r | |
72 | push(@colour, ${Header::colourfw} );\r | |
73 | \r | |
74 | # Add Orange Network\r | |
75 | if ($netsettings{'ORANGE_DEV'}) {\r | |
76 | push(@network, $netsettings{'ORANGE_NETADDRESS'});\r | |
77 | push(@masklen, $netsettings{'ORANGE_NETMASK'} );\r | |
78 | push(@colour, ${Header::colourorange} );\r | |
79 | # Add Orange Routes to Array\r | |
80 | @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`;\r | |
81 | foreach my $route (@routes) {\r | |
82 | chomp($route);\r | |
83 | my @temp = split(/[\t ]+/, $route);\r | |
84 | push(@network, $temp[0]);\r | |
85 | push(@masklen, $temp[2]);\r | |
86 | push(@colour, ${Header::colourorange} );\r | |
87 | }\r | |
88 | }\r | |
89 | \r | |
90 | # Add Blue Network\r | |
91 | if ($netsettings{'BLUE_DEV'}) {\r | |
92 | push(@network, $netsettings{'BLUE_NETADDRESS'});\r | |
93 | push(@masklen, $netsettings{'BLUE_NETMASK'} );\r | |
94 | push(@colour, ${Header::colourblue} );\r | |
95 | # Add Blue Routes to Array\r | |
96 | @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`;\r | |
97 | foreach my $route (@routes) {\r | |
98 | chomp($route);\r | |
99 | my @temp = split(/[\t ]+/, $route);\r | |
100 | push(@network, $temp[0]);\r | |
101 | push(@masklen, $temp[2]);\r | |
102 | push(@colour, ${Header::colourblue} );\r | |
103 | }\r | |
104 | }\r | |
105 | \r | |
106 | # Add STATIC RED aliases\r | |
107 | if ($netsettings{'RED_DEV'}) {\r | |
108 | # We have a RED eth iface\r | |
109 | if ($netsettings{'RED_TYPE'} eq 'STATIC') {\r | |
110 | # We have a STATIC RED eth iface\r | |
111 | foreach my $line (@aliases)\r | |
112 | {\r | |
113 | chomp($line);\r | |
114 | my @temp = split(/\,/,$line);\r | |
115 | if ( $temp[0] ) {\r | |
116 | push(@network, $temp[0]);\r | |
117 | push(@masklen, $netsettings{'RED_NETMASK'} );\r | |
118 | push(@colour, ${Header::colourfw} );\r | |
119 | }\r | |
120 | }\r | |
121 | }\r | |
122 | }\r | |
123 | \r | |
124 | # Add VPNs\r | |
125 | if ( $vpn[0] ne 'none' ) {\r | |
126 | foreach my $line (@vpn) {\r | |
127 | my @temp = split(/[\t ]+/,$line);\r | |
128 | my @temp1 = split(/[\/:]+/,$temp[3]);\r | |
129 | push(@network, $temp1[0]);\r | |
130 | push(@masklen, ipv4_cidr2msk($temp1[1]));\r | |
131 | push(@colour, ${Header::colourvpn} );\r | |
132 | }\r | |
133 | }\r | |
134 | if (open(IP, "${General::swroot}/red/local-ipaddress")) {\r | |
135 | my $redip = <IP>;\r | |
136 | close(IP);\r | |
137 | chomp $redip;\r | |
138 | push(@network, $redip);\r | |
139 | push(@masklen, '255.255.255.255' );\r | |
140 | push(@colour, ${Header::colourfw} );\r | |
141 | }\r | |
142 | \r | |
143 | &Header::showhttpheaders();\r | |
144 | &Header::openpage($Lang::tr{'connections'}, 1, '');\r | |
145 | &Header::openbigbox('100%', 'left');\r | |
146 | &Header::openbox('100%', 'left', $Lang::tr{'connection tracking'});\r | |
147 | \r | |
148 | print <<END\r | |
149 | <table width='60%'>\r | |
150 | <tr><td align='center'><b>$Lang::tr{'legend'} : </b></td>\r | |
151 | <td align='center' bgcolor='${Header::colourgreen}'><b><font color='#FFFFFF'>$Lang::tr{'lan'}</font></b></td>\r | |
152 | <td align='center' bgcolor='${Header::colourred}'><b><font color='#FFFFFF'>$Lang::tr{'internet'}</font></b></td>\r | |
153 | <td align='center' bgcolor='${Header::colourorange}'><b><font color='#FFFFFF'>$Lang::tr{'dmz'}</font></b></td>\r | |
154 | <td align='center' bgcolor='${Header::colourblue}'><b><font color='#FFFFFF'>$Lang::tr{'wireless'}</font></b></td>\r | |
155 | <td align='center' bgcolor='${Header::colourfw}'><b><font color='#FFFFFF'>IPCop</font></b></td>\r | |
156 | <td align='center' bgcolor='${Header::colourvpn}'><b><font color='#FFFFFF'>$Lang::tr{'vpn'}</font></b></td>\r | |
157 | </tr>\r | |
158 | </table>\r | |
159 | <br />\r | |
160 | <table cellpadding='2'>\r | |
161 | <tr><td align='center'><b>$Lang::tr{'protocol'}</b></td>\r | |
162 | <td align='center'><b>$Lang::tr{'expires'}<br />($Lang::tr{'seconds'})</b></td>\r | |
163 | <td align='center'><b>$Lang::tr{'connection'}<br />$Lang::tr{'status'}</b></td>\r | |
164 | <td align='center'><b>$Lang::tr{'original'}<br />$Lang::tr{'source ip and port'}</b></td>\r | |
165 | <td align='center'><b>$Lang::tr{'original'}<br />$Lang::tr{'dest ip and port'}</b></td>\r | |
166 | <td align='center'><b>$Lang::tr{'expected'}<br />$Lang::tr{'source ip and port'}</b></td>\r | |
167 | <td align='center'><b>$Lang::tr{'expected'}<br />$Lang::tr{'dest ip and port'}</b></td>\r | |
168 | <td align='center'><b>$Lang::tr{'marked'}</b></td>\r | |
169 | <td align='center'><b>$Lang::tr{'use'}</b></td>\r | |
170 | </tr>\r | |
171 | END\r | |
172 | ;\r | |
173 | \r | |
174 | foreach my $line (@active)\r | |
175 | {\r | |
176 | my $protocol='';\r | |
177 | my $expires='';\r | |
178 | my $connstatus='';\r | |
179 | my $orgsip='';\r | |
180 | my $orgdip='';\r | |
181 | my $orgsp='';\r | |
182 | my $orgdp='';\r | |
183 | my $exsip='';\r | |
184 | my $exdip='';\r | |
185 | my $exsp='';\r | |
186 | my $exdp='';\r | |
187 | my $marked='';\r | |
188 | my $use='';\r | |
189 | my $orgsipcolour='';\r | |
190 | my $orgdipcolour='';\r | |
191 | my $exsipcolour='';\r | |
192 | my $exdipcolour='';\r | |
193 | \r | |
194 | chomp($line);\r | |
195 | my @temp = split(' ',$line);\r | |
196 | print "<tr bgcolor='${Header::table1colour}'>\n";\r | |
197 | if ($temp[0] eq 'udp') {\r | |
198 | my $offset = 0;\r | |
199 | $marked = '';\r | |
200 | $protocol = $temp[0] . " (" . $temp[1] . ")";\r | |
201 | $expires = $temp[2];\r | |
202 | $connstatus = ' ';\r | |
203 | $orgsip = substr $temp[3], 4;\r | |
204 | $orgdip = substr $temp[4], 4;\r | |
205 | $orgsp = substr $temp[5], 6;\r | |
206 | $orgdp = substr $temp[6], 6;\r | |
207 | if ($temp[7] eq '[UNREPLIED]') {\r | |
208 | $marked = $temp[7];\r | |
209 | $offset = 1;\r | |
210 | }\r | |
211 | else {\r | |
212 | $connstatus = ' ';\r | |
213 | }\r | |
214 | \r | |
215 | $exsip = substr $temp[7 + $offset], 4;\r | |
216 | $exdip = substr $temp[8 + $offset], 4;\r | |
217 | $exsp = substr $temp[9 + $offset], 6;\r | |
218 | $exdp = substr $temp[10 + $offset], 6;\r | |
219 | if ($marked eq '[UNREPLIED]') {\r | |
220 | $use = substr $temp[11 + $offset], 4;\r | |
221 | }\r | |
222 | else {\r | |
223 | $marked = $temp[11 + $offset];\r | |
224 | $use = substr $marked, 0, 3;\r | |
225 | if ($use eq 'use' ) {\r | |
226 | $marked = '';\r | |
227 | $use = substr $temp[11 + $offset], 4;\r | |
228 | }\r | |
229 | else {\r | |
230 | $use = substr $temp[12 + $offset], 4;\r | |
231 | }\r | |
232 | }\r | |
233 | }\r | |
234 | if ($temp[0] eq 'tcp') {\r | |
235 | my $offset = 0;\r | |
236 | $protocol = $temp[0] . " (" . $temp[1] . ")";\r | |
237 | $expires = $temp[2];\r | |
238 | $connstatus = $temp[3];\r | |
239 | $orgsip = substr $temp[4], 4;\r | |
240 | $orgdip = substr $temp[5], 4;\r | |
241 | $orgsp = substr $temp[6], 6;\r | |
242 | $orgdp = substr $temp[7], 6;\r | |
243 | if ($temp[8] eq '[UNREPLIED]') {\r | |
244 | $marked = $temp[8];\r | |
245 | $offset = 1;\r | |
246 | $use = substr $temp[13], 4;\r | |
247 | }\r | |
248 | else {\r | |
249 | $marked = $temp[12];\r | |
250 | $use = substr $temp[13], 4;\r | |
251 | }\r | |
252 | \r | |
253 | $exsip = substr $temp[8 + $offset], 4;\r | |
254 | $exdip = substr $temp[9 + $offset], 4;\r | |
255 | $exsp = substr $temp[10 + $offset], 6;\r | |
256 | $exdp = substr $temp[11 + $offset], 6;\r | |
257 | }\r | |
258 | if ($temp[0] eq 'unknown') {\r | |
259 | my $offset = 0;\r | |
260 | $protocol = "??? (" . $temp[1] . ")";\r | |
261 | $protocol = "esp (" . $temp[1] . ")" if ($temp[1] == 50);\r | |
262 | $protocol = " ah (" . $temp[1] . ")" if ($temp[1] == 51);\r | |
263 | $expires = $temp[2];\r | |
264 | $connstatus = ' ';\r | |
265 | $orgsip = substr $temp[3], 4;\r | |
266 | $orgdip = substr $temp[4], 4;\r | |
267 | $orgsp = ' ';\r | |
268 | $orgdp = ' ';\r | |
269 | $exsip = substr $temp[5], 4;\r | |
270 | $exdip = substr $temp[6], 4;\r | |
271 | $exsp = ' ';\r | |
272 | $exdp = ' ';\r | |
273 | $marked = ' ';\r | |
274 | $use = ' ';\r | |
275 | }\r | |
276 | if ($temp[0] eq 'gre') {\r | |
277 | my $offset = 0;\r | |
278 | $protocol = $temp[0] . " (" . $temp[1] . ")";\r | |
279 | $expires = $temp[2];\r | |
280 | $orgsip = substr $temp[5], 4;\r | |
281 | $orgdip = substr $temp[6], 4;\r | |
282 | $orgsp = ' ';\r | |
283 | $orgdp = ' ';\r | |
284 | $exsip = substr $temp[11], 4;\r | |
285 | $exdip = substr $temp[12], 4;\r | |
286 | $exsp = ' ';\r | |
287 | $exdp = ' ';\r | |
288 | $marked = $temp[17];\r | |
289 | $use = $temp[18];\r | |
290 | }\r | |
291 | $orgsipcolour = &ipcolour($orgsip);\r | |
292 | $orgdipcolour = &ipcolour($orgdip);\r | |
293 | $exsipcolour = &ipcolour($exsip);\r | |
294 | $exdipcolour = &ipcolour($exdip);\r | |
295 | print <<END\r | |
296 | <td align='center'>$protocol</td>\r | |
297 | <td align='center'>$expires</td>\r | |
298 | <td align='center'>$connstatus</td>\r | |
299 | <td align='center' bgcolor='$orgsipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$orgsip'><font color='#FFFFFF'>$orgsip</font></a><font color='#FFFFFF'>:$orgsp</font></td>\r | |
300 | <td align='center' bgcolor='$orgdipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$orgdip'><font color='#FFFFFF'>$orgdip</font></a><font color='#FFFFFF'>:$orgdp</font></td>\r | |
301 | <td align='center' bgcolor='$exsipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$exsip'><font color='#FFFFFF'>$exsip</font></a><font color='#FFFFFF'>:$exsp</font></td>\r | |
302 | <td align='center' bgcolor='$exdipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$exdip'><font color='#FFFFFF'>$exdip</font></a><font color='#FFFFFF'>:$exdp</font></td>\r | |
303 | <td align='center'>$marked</td><td align='center'>$use</td>\r | |
304 | </tr>\r | |
305 | END\r | |
306 | ;\r | |
307 | }\r | |
308 | print "</table>\n";\r | |
309 | \r | |
310 | &Header::closebox();\r | |
311 | &Header::closebigbox();\r | |
312 | &Header::closepage();\r | |
313 | \r | |
314 | sub ipcolour($) {\r | |
315 | my $id = 0;\r | |
316 | my $line;\r | |
317 | my $colour = ${Header::colourred};\r | |
318 | my ($ip) = $_[0];\r | |
319 | my $found = 0;\r | |
320 | foreach $line (@network)\r | |
321 | {\r | |
322 | if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) {\r | |
323 | $found = 1;\r | |
324 | $colour = $colour[$id];\r | |
325 | }\r | |
326 | $id++;\r | |
327 | }\r | |
328 | return $colour\r | |
329 | }\r |