]>
Commit | Line | Data |
---|---|---|
ac1cfefa MT |
1 | #!/usr/bin/perl |
2 | # | |
3 | # (c) 2001 Jack Beglinger <jackb_guppy@yahoo.com> | |
4 | # | |
5 | # (c) 2003 Dave Roberts <countzerouk@hotmail.com> - colour coded netfilter/iptables rewrite for 1.3 | |
6 | # | |
7 | # $Id: connections.cgi,v 1.6.2.11 2005/02/24 07:44:35 gespinasse Exp $ | |
8 | # | |
9 | ||
10 | # Setup GREEN, ORANGE, IPCOP, VPN CIDR networks, masklengths and colours only once | |
11 | ||
12 | my @network=(); | |
13 | my @masklen=(); | |
14 | my @colour=(); | |
15 | ||
16 | use Net::IPv4Addr qw( :all ); | |
17 | ||
18 | use strict; | |
19 | ||
20 | # enable only the following on debugging purpose | |
21 | #use warnings; | |
22 | #use CGI::Carp 'fatalsToBrowser'; | |
23 | ||
24 | require 'CONFIG_ROOT/general-functions.pl'; | |
25 | require "${General::swroot}/lang.pl"; | |
26 | require "${General::swroot}/header.pl"; | |
27 | ||
28 | #workaround to suppress a warning when a variable is used only once | |
29 | my @dummy = ( ${Header::table1colour} ); | |
30 | undef (@dummy); | |
31 | ||
32 | # Read various files | |
33 | ||
34 | my %netsettings=(); | |
35 | &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); | |
36 | ||
37 | open (ACTIVE, "/proc/net/ip_conntrack") or die 'Unable to open ip_conntrack'; | |
38 | my @active = <ACTIVE>; | |
39 | close (ACTIVE); | |
40 | ||
41 | my @vpn = ('none'); | |
42 | open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = <ACTIVE>; close (ACTIVE); | |
43 | ||
44 | my $aliasfile = "${General::swroot}/ethernet/aliases"; | |
45 | open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; | |
46 | my @aliases = <ALIASES>; | |
47 | close(ALIASES); | |
48 | ||
49 | # Add Green Firewall Interface | |
50 | push(@network, $netsettings{'GREEN_ADDRESS'}); | |
51 | push(@masklen, "255.255.255.255" ); | |
52 | push(@colour, ${Header::colourfw} ); | |
53 | ||
54 | # Add Green Network to Array | |
55 | push(@network, $netsettings{'GREEN_NETADDRESS'}); | |
56 | push(@masklen, $netsettings{'GREEN_NETMASK'} ); | |
57 | push(@colour, ${Header::colourgreen} ); | |
58 | ||
59 | # Add Green Routes to Array | |
60 | my @routes = `/sbin/route -n | /bin/grep $netsettings{'GREEN_DEV'}`; | |
61 | foreach my $route (@routes) { | |
62 | chomp($route); | |
63 | my @temp = split(/[\t ]+/, $route); | |
64 | push(@network, $temp[0]); | |
65 | push(@masklen, $temp[2]); | |
66 | push(@colour, ${Header::colourgreen} ); | |
67 | } | |
68 | ||
69 | # Add Firewall Localhost 127.0.0.1 | |
70 | push(@network, '127.0.0.1'); | |
71 | push(@masklen, '255.255.255.255' ); | |
72 | push(@colour, ${Header::colourfw} ); | |
73 | ||
74 | # Add Orange Network | |
75 | if ($netsettings{'ORANGE_DEV'}) { | |
76 | push(@network, $netsettings{'ORANGE_NETADDRESS'}); | |
77 | push(@masklen, $netsettings{'ORANGE_NETMASK'} ); | |
78 | push(@colour, ${Header::colourorange} ); | |
79 | # Add Orange Routes to Array | |
80 | @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_DEV'}`; | |
81 | foreach my $route (@routes) { | |
82 | chomp($route); | |
83 | my @temp = split(/[\t ]+/, $route); | |
84 | push(@network, $temp[0]); | |
85 | push(@masklen, $temp[2]); | |
86 | push(@colour, ${Header::colourorange} ); | |
87 | } | |
88 | } | |
89 | ||
90 | # Add Blue Network | |
91 | if ($netsettings{'BLUE_DEV'}) { | |
92 | push(@network, $netsettings{'BLUE_NETADDRESS'}); | |
93 | push(@masklen, $netsettings{'BLUE_NETMASK'} ); | |
94 | push(@colour, ${Header::colourblue} ); | |
95 | # Add Blue Routes to Array | |
96 | @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_DEV'}`; | |
97 | foreach my $route (@routes) { | |
98 | chomp($route); | |
99 | my @temp = split(/[\t ]+/, $route); | |
100 | push(@network, $temp[0]); | |
101 | push(@masklen, $temp[2]); | |
102 | push(@colour, ${Header::colourblue} ); | |
103 | } | |
104 | } | |
105 | ||
106 | # Add STATIC RED aliases | |
107 | if ($netsettings{'RED_DEV'}) { | |
108 | # We have a RED eth iface | |
109 | if ($netsettings{'RED_TYPE'} eq 'STATIC') { | |
110 | # We have a STATIC RED eth iface | |
111 | foreach my $line (@aliases) | |
112 | { | |
113 | chomp($line); | |
114 | my @temp = split(/\,/,$line); | |
115 | if ( $temp[0] ) { | |
116 | push(@network, $temp[0]); | |
117 | push(@masklen, $netsettings{'RED_NETMASK'} ); | |
118 | push(@colour, ${Header::colourfw} ); | |
119 | } | |
120 | } | |
121 | } | |
122 | } | |
123 | ||
124 | # Add VPNs | |
125 | if ( $vpn[0] ne 'none' ) { | |
126 | foreach my $line (@vpn) { | |
127 | my @temp = split(/[\t ]+/,$line); | |
128 | my @temp1 = split(/[\/:]+/,$temp[3]); | |
129 | push(@network, $temp1[0]); | |
130 | push(@masklen, ipv4_cidr2msk($temp1[1])); | |
131 | push(@colour, ${Header::colourvpn} ); | |
132 | } | |
133 | } | |
134 | if (open(IP, "${General::swroot}/red/local-ipaddress")) { | |
135 | my $redip = <IP>; | |
136 | close(IP); | |
137 | chomp $redip; | |
138 | push(@network, $redip); | |
139 | push(@masklen, '255.255.255.255' ); | |
140 | push(@colour, ${Header::colourfw} ); | |
141 | } | |
142 | ||
143 | &Header::showhttpheaders(); | |
144 | &Header::openpage($Lang::tr{'connections'}, 1, ''); | |
145 | &Header::openbigbox('100%', 'left'); | |
146 | &Header::openbox('100%', 'left', $Lang::tr{'connection tracking'}); | |
147 | ||
148 | print <<END | |
149 | <table width='60%'> | |
150 | <tr><td align='center'><b>$Lang::tr{'legend'} : </b></td> | |
151 | <td align='center' bgcolor='${Header::colourgreen}'><b><font color='#FFFFFF'>$Lang::tr{'lan'}</font></b></td> | |
152 | <td align='center' bgcolor='${Header::colourred}'><b><font color='#FFFFFF'>$Lang::tr{'internet'}</font></b></td> | |
153 | <td align='center' bgcolor='${Header::colourorange}'><b><font color='#FFFFFF'>$Lang::tr{'dmz'}</font></b></td> | |
154 | <td align='center' bgcolor='${Header::colourblue}'><b><font color='#FFFFFF'>$Lang::tr{'wireless'}</font></b></td> | |
155 | <td align='center' bgcolor='${Header::colourfw}'><b><font color='#FFFFFF'>IPCop</font></b></td> | |
156 | <td align='center' bgcolor='${Header::colourvpn}'><b><font color='#FFFFFF'>$Lang::tr{'vpn'}</font></b></td> | |
157 | </tr> | |
158 | </table> | |
159 | <br /> | |
160 | <table cellpadding='2'> | |
161 | <tr><td align='center'><b>$Lang::tr{'protocol'}</b></td> | |
162 | <td align='center'><b>$Lang::tr{'expires'}<br />($Lang::tr{'seconds'})</b></td> | |
163 | <td align='center'><b>$Lang::tr{'connection'}<br />$Lang::tr{'status'}</b></td> | |
164 | <td align='center'><b>$Lang::tr{'original'}<br />$Lang::tr{'source ip and port'}</b></td> | |
165 | <td align='center'><b>$Lang::tr{'original'}<br />$Lang::tr{'dest ip and port'}</b></td> | |
166 | <td align='center'><b>$Lang::tr{'expected'}<br />$Lang::tr{'source ip and port'}</b></td> | |
167 | <td align='center'><b>$Lang::tr{'expected'}<br />$Lang::tr{'dest ip and port'}</b></td> | |
168 | <td align='center'><b>$Lang::tr{'marked'}</b></td> | |
169 | <td align='center'><b>$Lang::tr{'use'}</b></td> | |
170 | </tr> | |
171 | END | |
172 | ; | |
173 | ||
174 | foreach my $line (@active) | |
175 | { | |
176 | my $protocol=''; | |
177 | my $expires=''; | |
178 | my $connstatus=''; | |
179 | my $orgsip=''; | |
180 | my $orgdip=''; | |
181 | my $orgsp=''; | |
182 | my $orgdp=''; | |
183 | my $exsip=''; | |
184 | my $exdip=''; | |
185 | my $exsp=''; | |
186 | my $exdp=''; | |
187 | my $marked=''; | |
188 | my $use=''; | |
189 | my $orgsipcolour=''; | |
190 | my $orgdipcolour=''; | |
191 | my $exsipcolour=''; | |
192 | my $exdipcolour=''; | |
193 | ||
194 | chomp($line); | |
195 | my @temp = split(' ',$line); | |
196 | print "<tr bgcolor='${Header::table1colour}'>\n"; | |
197 | if ($temp[0] eq 'udp') { | |
198 | my $offset = 0; | |
199 | $marked = ''; | |
200 | $protocol = $temp[0] . " (" . $temp[1] . ")"; | |
201 | $expires = $temp[2]; | |
202 | $connstatus = ' '; | |
203 | $orgsip = substr $temp[3], 4; | |
204 | $orgdip = substr $temp[4], 4; | |
205 | $orgsp = substr $temp[5], 6; | |
206 | $orgdp = substr $temp[6], 6; | |
207 | if ($temp[7] eq '[UNREPLIED]') { | |
208 | $marked = $temp[7]; | |
209 | $offset = 1; | |
210 | } | |
211 | else { | |
212 | $connstatus = ' '; | |
213 | } | |
214 | ||
215 | $exsip = substr $temp[7 + $offset], 4; | |
216 | $exdip = substr $temp[8 + $offset], 4; | |
217 | $exsp = substr $temp[9 + $offset], 6; | |
218 | $exdp = substr $temp[10 + $offset], 6; | |
219 | if ($marked eq '[UNREPLIED]') { | |
220 | $use = substr $temp[11 + $offset], 4; | |
221 | } | |
222 | else { | |
223 | $marked = $temp[11 + $offset]; | |
224 | $use = substr $marked, 0, 3; | |
225 | if ($use eq 'use' ) { | |
226 | $marked = ''; | |
227 | $use = substr $temp[11 + $offset], 4; | |
228 | } | |
229 | else { | |
230 | $use = substr $temp[12 + $offset], 4; | |
231 | } | |
232 | } | |
233 | } | |
234 | if ($temp[0] eq 'tcp') { | |
235 | my $offset = 0; | |
236 | $protocol = $temp[0] . " (" . $temp[1] . ")"; | |
237 | $expires = $temp[2]; | |
238 | $connstatus = $temp[3]; | |
239 | $orgsip = substr $temp[4], 4; | |
240 | $orgdip = substr $temp[5], 4; | |
241 | $orgsp = substr $temp[6], 6; | |
242 | $orgdp = substr $temp[7], 6; | |
243 | if ($temp[8] eq '[UNREPLIED]') { | |
244 | $marked = $temp[8]; | |
245 | $offset = 1; | |
246 | $use = substr $temp[13], 4; | |
247 | } | |
248 | else { | |
249 | $marked = $temp[12]; | |
250 | $use = substr $temp[13], 4; | |
251 | } | |
252 | ||
253 | $exsip = substr $temp[8 + $offset], 4; | |
254 | $exdip = substr $temp[9 + $offset], 4; | |
255 | $exsp = substr $temp[10 + $offset], 6; | |
256 | $exdp = substr $temp[11 + $offset], 6; | |
257 | } | |
258 | if ($temp[0] eq 'unknown') { | |
259 | my $offset = 0; | |
260 | $protocol = "??? (" . $temp[1] . ")"; | |
261 | $protocol = "esp (" . $temp[1] . ")" if ($temp[1] == 50); | |
262 | $protocol = " ah (" . $temp[1] . ")" if ($temp[1] == 51); | |
263 | $expires = $temp[2]; | |
264 | $connstatus = ' '; | |
265 | $orgsip = substr $temp[3], 4; | |
266 | $orgdip = substr $temp[4], 4; | |
267 | $orgsp = ' '; | |
268 | $orgdp = ' '; | |
269 | $exsip = substr $temp[5], 4; | |
270 | $exdip = substr $temp[6], 4; | |
271 | $exsp = ' '; | |
272 | $exdp = ' '; | |
273 | $marked = ' '; | |
274 | $use = ' '; | |
275 | } | |
276 | if ($temp[0] eq 'gre') { | |
277 | my $offset = 0; | |
278 | $protocol = $temp[0] . " (" . $temp[1] . ")"; | |
279 | $expires = $temp[2]; | |
280 | $orgsip = substr $temp[5], 4; | |
281 | $orgdip = substr $temp[6], 4; | |
282 | $orgsp = ' '; | |
283 | $orgdp = ' '; | |
284 | $exsip = substr $temp[11], 4; | |
285 | $exdip = substr $temp[12], 4; | |
286 | $exsp = ' '; | |
287 | $exdp = ' '; | |
288 | $marked = $temp[17]; | |
289 | $use = $temp[18]; | |
290 | } | |
291 | $orgsipcolour = &ipcolour($orgsip); | |
292 | $orgdipcolour = &ipcolour($orgdip); | |
293 | $exsipcolour = &ipcolour($exsip); | |
294 | $exdipcolour = &ipcolour($exdip); | |
295 | print <<END | |
296 | <td align='center'>$protocol</td> | |
297 | <td align='center'>$expires</td> | |
298 | <td align='center'>$connstatus</td> | |
299 | <td align='center' bgcolor='$orgsipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$orgsip'><font color='#FFFFFF'>$orgsip</font></a><font color='#FFFFFF'>:$orgsp</font></td> | |
300 | <td align='center' bgcolor='$orgdipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$orgdip'><font color='#FFFFFF'>$orgdip</font></a><font color='#FFFFFF'>:$orgdp</font></td> | |
301 | <td align='center' bgcolor='$exsipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$exsip'><font color='#FFFFFF'>$exsip</font></a><font color='#FFFFFF'>:$exsp</font></td> | |
302 | <td align='center' bgcolor='$exdipcolour'><a href='/cgi-bin/ipinfo.cgi?ip=$exdip'><font color='#FFFFFF'>$exdip</font></a><font color='#FFFFFF'>:$exdp</font></td> | |
303 | <td align='center'>$marked</td><td align='center'>$use</td> | |
304 | </tr> | |
305 | END | |
306 | ; | |
307 | } | |
308 | print "</table>\n"; | |
309 | ||
310 | &Header::closebox(); | |
311 | &Header::closebigbox(); | |
312 | &Header::closepage(); | |
313 | ||
314 | sub ipcolour($) { | |
315 | my $id = 0; | |
316 | my $line; | |
317 | my $colour = ${Header::colourred}; | |
318 | my ($ip) = $_[0]; | |
319 | my $found = 0; | |
320 | foreach $line (@network) | |
321 | { | |
322 | if (!$found && ipv4_in_network( $network[$id] , $masklen[$id], $ip) ) { | |
323 | $found = 1; | |
324 | $colour = $colour[$id]; | |
325 | } | |
326 | $id++; | |
327 | } | |
328 | return $colour | |
329 | } |