projects / people / pmueller / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| ac1cfefa MT |
1 | #!/usr/bin/perl |
| 2 | # | |
| 3 | # (c) 2001 Jack Beglinger <jackb_guppy@yahoo.com> | |
| 4 | # | |
| 5 | # (c) 2003 Dave Roberts <countzerouk@hotmail.com> - colour coded netfilter/iptables rewrite for 1.3 | |
| 6 | # | |
| 7 | # $Id: connections.cgi,v 1.6.2.11 2005/02/24 07:44:35 gespinasse Exp $ | |
| 8 | # | |
| 9 | ||
| 10 | # Setup GREEN, ORANGE, IPCOP, VPN CIDR networks, masklengths and colours only once | |
| 11 | ||
| 12 | my @network=(); | |
| 13 | my @masklen=(); | |
| 14 | my @colour=(); | |
| 15 | ||
| 16 | use Net::IPv4Addr qw( :all ); | |
| 17 | ||
| 18 | use strict; | |
| 19 | ||
| 20 | # enable only the following on debugging purpose | |
| 21 | #use warnings; | |
| 22 | #use CGI::Carp 'fatalsToBrowser'; | |
| 23 | ||
| 24 | require 'CONFIG_ROOT/general-functions.pl'; | |
| 25 | require "${General::swroot}/lang.pl"; | |
| 26 | require "${General::swroot}/header.pl"; | |
| 27 | ||
| 28 | #workaround to suppress a warning when a variable is used only once | |
| 29 | my @dummy = ( ${Header::table1colour} ); | |
| 30 | undef (@dummy); | |
| 31 | ||
| 32 | # Read various files | |
| 33 | ||
| 34 | my %netsettings=(); | |
| 35 | &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); | |
| 36 | ||
| 37 | open (ACTIVE, "/proc/net/ip_conntrack") or die 'Unable to open ip_conntrack'; | |
| 38 | my @active = <ACTIVE>; | |
| 39 | close (ACTIVE); | |
| 40 | ||
| 41 | my @vpn = ('none'); | |
| 42 | open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = <ACTIVE>; close (ACTIVE); | |
| 43 | ||
| 44 | my $aliasfile = "${General::swroot}/ethernet/aliases"; | |
| 45 | open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; | |
| 46 | my @aliases = <ALIASES>; | |
| 47 | close(ALIASES); | |
| 48 | ||
| 49 | # Add Green Firewall Interface | |
| 50 | push(@network, $netsettings{'GREEN_ADDRESS'}); | |
| 51 | push(@masklen, "255.255.255.255" ); | |
| 52 | push(@colour, ${Header::colourfw} ); | |
| 53 | ||
| 54 | # Add Green Network to Array | |
| 55 | push(@network, $netsettings{'GREEN_NETADDRESS'}); | |
| 56 | push(@masklen, $netsettings{'GREEN_NETMASK'} ); | |
| 57 | push(@colour, ${Header::colourgreen} ); | |
| 58 | ||
| 59 | # Add Green Routes to Array | |
| 60 | my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`; | |
| 61 | foreach my $route (@routes) { | |
| 62 | chomp($route); | |
| 63 | my @temp = split(/[\t ]+/, $route); | |
| 64 | push(@network, $temp[0]); | |
| 65 | push(@masklen, $temp[2]); | |
| 66 | push(@colour, ${Header::colourgreen} ); | |
| 67 | } | |
| 68 | ||
| 69 | # Add Firewall Localhost 127.0.0.1 | |
| 70 | push(@network, '127.0.0.1'); | |
| 71 | push(@masklen, '255.255.255.255' ); | |
| 72 | push(@colour, ${Header::colourfw} ); | |
| 73 | ||
| 74 | # Add Orange Network | |
| 75 | if ($netsettings{'ORANGE_DEV'}) { | |
| 76 | push(@network, $netsettings{'ORANGE_NETADDRESS'}); | |
| 77 | push(@masklen, $netsettings{'ORANGE_NETMASK'} ); | |
| 78 | push(@colour, ${Header::colourorange} ); | |
| 79 | # Add Orange Routes to Array | |
| 80 | @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`; | |
| 81 | foreach my $route (@routes) { | |
| 82 | chomp($route); | |
| 83 | my @temp = split(/[\t ]+/, $route); | |
| 84 | push(@network, $temp[0]); | |
| 85 | push(@masklen, $temp[2]); | |
| 86 | push(@colour, ${Header::colourorange} ); | |
| 87 | } | |
| 88 | } | |
| 89 | ||
| 90 | # Add Blue Network | |
| 91 | if ($netsettings{'BLUE_DEV'}) { | |
| 92 | push(@network, $netsettings{'BLUE_NETADDRESS'}); | |
| 93 | push(@masklen, $netsettings{'BLUE_NETMASK'} ); | |
| 94 | push(@colour, ${Header::colourblue} ); | |
| 95 | # Add Blue Routes to Array | |
| 96 | @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; | |
| 97 | foreach my $route (@routes) { | |
| 98 | chomp($route); | |
| 99 | my @temp = split(/[\t ]+/, $route); | |
| 100 | push(@network, $temp[0]); | |
| 101 | push(@masklen, $temp[2]); | |
| 102 | push(@colour, ${Header::colourblue} ); | |
| 103 | } | |
| 104 | } | |
| 105 | ||
| 106 | # Add STATIC RED aliases | |
| 107 | if ($netsettings{'RED_DEV'}) { | |
| 108 | # We have a RED eth iface | |
| 109 | if ($netsettings{'RED_TYPE'} eq 'STATIC') { | |
| 110 | # We have a STATIC RED eth iface | |
| 111 | foreach my $line (@aliases) | |
| 112 | { | |
| 113 | chomp($line); | |
| 114 | my @temp = split(/\,/,$line); | |
| 115 | if ( $temp[0] ) { | |
| 116 | push(@network, $temp[0]); | |
| 117 | push(@masklen, $netsettings{'RED_NETMASK'} ); | |
| 118 | push(@colour, ${Header::colourfw} ); | |
| 119 | } | |
| 120 | } | |
| 121 | } | |
| 122 | } | |
| 123 | ||
| 124 | # Add VPNs | |
| 125 | if ( $vpn[0] ne 'none' ) { | |
| 126 | foreach my $line (@vpn) { | |
| 127 | my @temp = split(/[\t ]+/,$line); | |
| 128 | my @temp1 = split(/[\/:]+/,$temp[3]); | |
| 129 | push(@network, $temp1[0]); | |
| 130 | push(@masklen, ipv4_cidr2msk($temp1[1])); | |
| 131 | push(@colour, ${Header::colourvpn} ); | |
| 132 | } | |
| 133 | } | |
| 134 | if (open(IP, "${General::swroot}/red/local-ipaddress")) { | |
| 135 | my $redip = <IP>; | |
| 136 | close(IP); | |
| 137 | chomp $redip; | |
| 138 | push(@network, $redip); | |
| 139 | push(@masklen, '255.255.255.255' ); | |
| 140 | push(@colour, ${Header::colourfw} ); | |
| 141 | } | |
| 142 | ||
| 143 | &Header::showhttpheaders(); | |
| 144 | &Header::openpage($Lang::tr{'connections'}, 1, ''); | |
| 145 | &Header::openbigbox('100%', 'left'); | |
| 146 | &Header::openbox('100%', 'left', $Lang::tr{'connection tracking'}); | |
| 147 | ||
| 148 | print <<END | |
| 149 | <table width='60%'> | |
| 150 | <tr><td align='center'><b>$Lang::tr{'legend'} : </b></td> | |
| 151 | <td align='center' bgcolor='${Header::colourgreen}'><b><font color='#FFFFFF'>$Lang::tr{'lan'}</font></b></td> | |
| 152 | <td align='center' bgcolor='${Header::colourred}'><b><font color='#FFFFFF'>$Lang::tr{'internet'}</font></b></td> | |
| 153 | <td align='center' bgcolor='${Header::colourorange}'><b><font color='#FFFFFF'>$Lang::tr{'dmz'}</font></b></td> | |
| 154 | <td align='center' bgcolor='${Header::colourblue}'><b><font color='#FFFFFF'>$Lang::tr{'wireless'}</font></b></td> | |
| 155 | <td align='center' bgcolor='${Header::colourfw}'><b><font color='#FFFFFF'>IPCop</font></b></td> | |
| 156 | <td align='center' bgcolor='${Header::colourvpn}'><b><font color='#FFFFFF'>$Lang::tr{'vpn'}</font></b></td> | |
| 157 | </tr> | |
| 158 | </table> | |
| 159 | <br /> | |
| 160 | <table cellpadding='2'> | |
| 161 | <tr><td align='center'><b>$Lang::tr{'protocol'}</b></td> | |
| 162 | <td align='center'><b>$Lang::tr{'expires'}<br />($Lang::tr{'seconds'})</b></td> | |
| 163 | <td align='center'><b>$Lang::tr{'connection'}<br />$Lang::tr{'status'}</b></td> | |
| 164 | <td align='center'><b>$Lang::tr{'original'}<br />$Lang::tr{'source ip and port'}</b></td> | |
| 165 | <td align='center'><b>$Lang::tr{'original'}<br />$Lang::tr{'dest ip and port'}</b></td> | |
| 166 | <td align='center'><b>$Lang::tr{'expected'}<br />$Lang::tr{'source ip and port'}</b></td> | |
| 167 | <td align='center'><b>$Lang::tr{'expected'}<br />$Lang::tr{'dest ip and port'}</b></td> | |
| 168 | <td align='center'><b>$Lang::tr{'marked'}</b></td> | |
| 169 | <td align='center'><b>$Lang::tr{'use'}</b></td> | |
| 170 | </tr> | |
| 171 | END | |
| 172 | ; | |
| 173 | ||
| 174 | foreach my $line (@active) | |
| 175 | { | |
| 176 | my $protocol=''; | |
| 177 | my $expires=''; | |
| 178 | my $connstatus=''; | |
| 179 | my $orgsip=''; | |
| 180 | my $orgdip=''; | |
| 181 | my $orgsp=''; | |
| 182 | my $orgdp=''; | |
| 183 | my $exsip=''; | |
| 184 | my $exdip=''; | |
| 185 | my $exsp=''; | |
| 186 | my $exdp=''; | |
| 187 | my $marked=''; | |
| 188 | my $use=''; | |
| 189 | my $orgsipcolour=''; | |
| 190 | my $orgdipcolour=''; | |
| 191 | my $exsipcolour=''; | |
| 192 | my $exdipcolour=''; | |
| 193 | ||
| 194 | chomp($line); | |
| 195 | my @temp = split(' ',$line); | |
| 196 | print "<tr bgcolor='${Header::table1colour}'>\n"; | |
| 197 | if ($temp[0] eq 'udp') { | |
| 198 | my $offset = 0; | |
| 199 | $marked = ''; | |
| 200 | $protocol = $temp[0] . " (" . $temp[1] . ")"; | |
| 201 | $expires = $temp[2]; | |
| 202 | $connstatus = ' '; | |
| 203 | $orgsip = substr $temp[3], 4; | |
| 204 | $orgdip = substr $temp[4], 4; | |
| 205 | $orgsp = substr $temp[5], 6; | |
| 206 | $orgdp = substr $temp[6], 6; | |
| 207 | if ($temp[7] eq '[UNREPLIED]') { | |
| 208 | $marked = $temp[7]; | |
| 209 | $offset = 1; | |
| 210 | } | |
| 211 | else { | |
| 212 | $connstatus = ' '; | |
| 213 | } | |
| 214 | ||
| 215 | $exsip = substr $temp[7 + $offset], 4; | |
| 216 | $exdip = substr $temp[8 + $offset], 4; | |
| 217 | $exsp = substr $temp[9 + $offset], 6; | |
| 218 | $exdp = substr $temp[10 + $offset], 6; | |
| 219 | if ($marked eq '[UNREPLIED]') { | |
| 220 | $use = substr $temp[11 + $offset], 4; | |
| 221 | } | |
| 222 | else { | |
| 223 | $marked = $temp[11 + $offset]; | |
| 224 | $use = substr $marked, 0, 3; | |
| 225 | if ($use eq 'use' ) { | |
| 226 | $marked = ''; | |
| 227 | $use = substr $temp[11 + $offset], 4; | |
| 228 | } | |
| 229 | else { | |
| 230 | $use = substr $temp[12 + $offset], 4; | |
| 231 | } | |
| 232 | } | |
| 233 | } | |
| 234 | if ($temp[0] eq 'tcp') { | |
| 235 | my $offset = 0; | |
| 236 | $protocol = $temp[0] . " (" . $temp[1] . ")"; | |
| 237 | $expires = $temp[2]; | |
| 238 | $connstatus = $temp[3]; | |
| 239 | $orgsip = substr $temp[4], 4; | |
| 240 | $orgdip = substr $temp[5], 4; | |
| 241 | $orgsp = substr $temp[6], 6; | |
| 242 | $orgdp = substr $temp[7], 6; | |
| 243 | if ($temp[8] eq '[UNREPLIED]') { | |
| 244 | $marked = $temp[8]; | |
| 245 | $offset = 1; | |
| 246 | $use = substr $temp[13], 4; | |
| 247 | } | |
| 248 | else { | |
| 249 | $marked = $temp[12]; | |
| 250 | $use = substr $temp[13], 4; | |
| 251 | } | |
| 252 | ||
| 253 | $exsip = substr $temp[8 + $offset], 4; | |
| 254 | $exdip = substr $temp[9 + $offset], 4; | |
| 255 | $exsp = substr $temp[10 + $offset], 6; | |
| 256 | $exdp = substr $temp[11 + $offset], 6; | |
| 257 | } | |
| 258 | if ($temp[0] eq 'unknown') { | |
| 259 | my $offset = 0; | |
| 260 | $protocol = "??? (" . $temp[1] . ")"; | |
| 261 | $protocol = "esp (" . $temp[1] . ")" if ($temp[1] == 50); | |
| 262 | $protocol = " ah (" . $temp[1] . ")" if ($temp[1] == 51); | |
| 263 | $expires = $temp[2]; | |
| 264 | $connstatus = ' '; | |
| 265 | $orgsip = substr $temp[3], 4; | |
| 266 | $orgdip = substr $temp[4], 4; | |
| 267 | $orgsp = ' '; | |
| 268 | $orgdp = ' '; | |
| 269 | $exsip = substr $temp[5], 4; | |
| 270 | $exdip = substr $temp[6], 4; | |
| 271 | $exsp = ' '; | |
| 272 | $exdp = ' '; | |
| 273 | $marked = ' '; | |
| 274 | $use = ' '; | |
| 275 | } | |
| 276 | if ($temp[0] eq 'gre') { | |
| 277 | my $offset = 0; | |
| 278 | $protocol = $temp[0] . " (" . $temp[1] . ")"; | |
| 279 | $expires = $temp[2]; | |
| 280 | $orgsip = substr $temp[5], 4; | |
| 281 | $orgdip = substr $temp[6], 4; | |
| 282 | $orgsp = ' '; | |
| 283 | $orgdp = ' '; | |
| 284 | $exsip = substr $temp[11], 4; | |
| 285 | $exdip = substr $temp[12], 4; | |
| 286 | $exsp = ' '; | |
| 287 | $exdp = ' '; | |
| 288 | $marked = $temp[17]; | |
| 289 | $use = $temp[18]; | |
| 290 | } | |
| 291 | $orgsipcolour = &ipcolour($orgsip); | |
| 292 | $orgdipcolour = &ipcolour($orgdip); | |
| 293 | $exsipcolour = &ipcolour($exsip); | |
| 294 | $exdipcolour = &ipcolour($exdip); | |
| 295 | print <<END | |
| 296 | <td align='center'>$protocol</td> | |
| 297 | <td align='center'>$expires</td> | |
| 298 | <td align='center'>$connstatus</td> | |
| 299 | <td align='center' bgcolor='$orgsipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$orgsip'><font color='#FFFFFF'>$orgsip</font></a><font color='#FFFFFF'>:$orgsp</font></td> | |
| 300 | <td align='center' bgcolor='$orgdipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$orgdip'><font color='#FFFFFF'>$orgdip</font></a><font color='#FFFFFF'>:$orgdp</font></td> | |
| 301 | <td align='center' bgcolor='$exsipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$exsip'><font color='#FFFFFF'>$exsip</font></a><font color='#FFFFFF'>:$exsp</font></td> | |
| 302 | <td align='center' bgcolor='$exdipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$exdip'><font color='#FFFFFF'>$exdip</font></a><font color='#FFFFFF'>:$exdp</font></td> | |
| 303 | <td align='center'>$marked</td><td align='center'>$use</td> | |
| 304 | </tr> | |
| 305 | END | |
| 306 | ; | |
| 307 | } | |
| 308 | print "</table>\n"; | |
| 309 | ||
| 310 | &Header::closebox(); | |
| 311 | &Header::closebigbox(); | |
| 312 | &Header::closepage(); | |
| 313 | ||
| 314 | sub ipcolour($) { | |
| 315 | my $id = 0; | |
| 316 | my $line; | |
| 317 | my $colour = ${Header::colourred}; | |
| 318 | my ($ip) = $_[0]; | |
| 319 | my $found = 0; | |
| 320 | foreach $line (@network) | |
| 321 | { | |
| 322 | if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) { | |
| 323 | $found = 1; | |
| 324 | $colour = $colour[$id]; | |
| 325 | } | |
| 326 | $id++; | |
| 327 | } | |
| 328 | return $colour | |
| 329 | } |