]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/tor.cgi
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tor.cgi: Check for valid port numbers.
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / tor.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2013 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use Locale::Country;
24
25 # enable only the following on debugging purpose
26 use warnings;
27 use CGI::Carp 'fatalsToBrowser';
28
29 require '/var/ipfire/general-functions.pl';
30 require "${General::swroot}/lang.pl";
31 require "${General::swroot}/header.pl";
32
33 #workaround to suppress a warning when a variable is used only once
34 my @dummy = ( ${Header::colouryellow} );
35 undef (@dummy);
36
37 my @bandwidth_limits = (
38 1000 * 1024, # 1G
39 500 * 1024,
40 200 * 1024,
41 100 * 1024, # 100M
42 64 * 1024,
43 50 * 1024,
44 25 * 1024,
45 20 * 1024,
46 16 * 1024,
47 10 * 1024,
48 8 * 1024,
49 4 * 1024,
50 2 * 1024,
51 1024, # 1M
52 512,
53 256,
54 160
55 );
56 my @accounting_periods = ('daily', 'weekly', 'monthly');
57
58 my $TOR_CONTROL_PORT = 9051;
59
60 our %netsettings = ();
61 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
62
63 our %settings = ();
64
65 $settings{'TOR_ENABLED'} = 'off';
66 $settings{'TOR_SOCKS_PORT'} = 9050;
67 $settings{'TOR_EXIT_COUNTRY'} = '';
68 $settings{'TOR_USE_EXIT_NODES'} = '';
69 $settings{'TOR_ALLOWED_SUBNETS'} = "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}";
70 if (&Header::blue_used()) {
71 $settings{'TOR_ALLOWED_SUBNETS'} .= ",$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}";
72 }
73
74 $settings{'TOR_RELAY_ENABLED'} = 'off';
75 $settings{'TOR_RELAY_MODE'} = 'exit';
76 $settings{'TOR_RELAY_PORT'} = 9001;
77 $settings{'TOR_RELAY_NICKNAME'} = '';
78 $settings{'TOR_RELAY_CONTACT_INFO'} = '';
79 $settings{'TOR_RELAY_NOADVERTISE'} = 'off';
80 $settings{'TOR_RELAY_BANDWIDTH_RATE'} = 0;
81 $settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
82 $settings{'TOR_RELAY_ACCOUNTING_LIMIT'} = 0;
83 $settings{'TOR_RELAY_ACCOUNTING_PERIOD'} = 'daily';
84
85 $settings{'ACTION'} = '';
86
87 my $errormessage = '';
88 my $warnmessage = '';
89
90 &Header::showhttpheaders();
91
92 # Get GUI values.
93 &Header::getcgihash(\%settings);
94
95 # Create tor command connection.
96 our $torctrl = &TorConnect();
97
98 # Toggle enable/disable field.
99 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
100 if ($settings{'TOR_RELAY_NICKNAME'} !~ /^[a-zA-Z0-9]+$/) {
101 $errormessage = "$Lang::tr{'tor errmsg invalid relay name'}: $settings{'TOR_RELAY_NICKNAME'}";
102 }
103
104 if (!&General::validport($settings{'TOR_SOCKS_PORT'})) {
105 $errormessage = "$Lang::tr{'tor errmsg invalid socks port'}: $settings{'TOR_SOCKS_PORT'}";
106 }
107
108 if (!&General::validport($settings{'TOR_RELAY_PORT'})) {
109 $errormessage = "$Lang::tr{'tor errmsg invalid relay port'}: $settings{'TOR_RELAY_PORT'}";
110 }
111
112 my @temp = split(/[\n,]/,$settings{'TOR_ALLOWED_SUBNETS'});
113 $settings{'TOR_ALLOWED_SUBNETS'} = "";
114 foreach (@temp) {
115 s/^\s+//g; s/\s+$//g;
116 if ($_) {
117 unless (&General::validipandmask($_)) {
118 $errormessage = "$Lang::tr{'tor errmsg invalid ip or mask'}: $_";
119 }
120 $settings{'TOR_ALLOWED_SUBNETS'} .= $_.",";
121 }
122 }
123
124 @temp = split(/[\n,]/,$settings{'TOR_USE_EXIT_NODES'});
125 $settings{'TOR_USE_EXIT_NODES'} = "";
126 foreach (@temp) {
127 s/^\s+//g; s/\s+$//g;
128 if ($_) {
129 $settings{'TOR_USE_EXIT_NODES'} .= $_.",";
130 }
131 }
132
133 # Burst bandwidth must be less or equal to bandwidth rate.
134 if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} == 0) {
135 $settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
136
137 } elsif ($settings{'TOR_RELAY_BANDWIDTH_BURST'} < $settings{'TOR_RELAY_BANDWIDTH_RATE'}) {
138 $settings{'TOR_RELAY_BANDWIDTH_BURST'} = $settings{'TOR_RELAY_BANDWIDTH_RATE'};
139 }
140
141 if ($errormessage eq '') {
142 # Write configuration settings to file.
143 &General::writehash("${General::swroot}/tor/settings", \%settings);
144
145 # Update configuration files.
146 &BuildConfiguration();
147 }
148 } else {
149 # Load settings from file.
150 &General::readhash("${General::swroot}/tor/settings", \%settings);
151 }
152
153 &showMainBox();
154
155 # Close Tor control connection.
156 &TorClose($torctrl);
157
158 # Functions
159
160 sub showMainBox() {
161 my %checked = ();
162 my %selected = ();
163
164 $checked{'TOR_ENABLED'}{'on'} = '';
165 $checked{'TOR_ENABLED'}{'off'} = '';
166 $checked{'TOR_ENABLED'}{$settings{'TOR_ENABLED'}} = 'checked';
167
168 $checked{'TOR_RELAY_ENABLED'}{'on'} = '';
169 $checked{'TOR_RELAY_ENABLED'}{'off'} = '';
170 $checked{'TOR_RELAY_ENABLED'}{$settings{'TOR_RELAY_ENABLED'}} = 'checked';
171
172 &Header::openpage($Lang::tr{'tor configuration'}, 1, '');
173 &Header::openbigbox('100%', 'left', '', $errormessage);
174
175 if ($errormessage) {
176 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
177 print "<font class='base'>$errormessage&nbsp;</font>\n";
178 &Header::closebox();
179 }
180
181 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
182
183 &Header::openbox('100%', 'left', $Lang::tr{'tor configuration'});
184
185 print <<END;
186 <table width='100%'>
187 <tr>
188 <td colspan='4' class='base'><b>$Lang::tr{'tor common settings'}</b></td>
189 </tr>
190 <tr>
191 <td width='25%' class='base'>$Lang::tr{'tor enabled'}:</td>
192 <td width='30%'><input type='checkbox' name='TOR_ENABLED' $checked{'TOR_ENABLED'}{'on'} /></td>
193 <td width='25%' class='base'>$Lang::tr{'tor socks port'}:</td>
194 <td width='20%'><input type='text' name='TOR_SOCKS_PORT' value='$settings{'TOR_SOCKS_PORT'}' size='5' /></td>
195 </tr>
196 <tr>
197 <td width='25%' class='base'>$Lang::tr{'tor relay enabled'}:</td>
198 <td width='30%'><input type='checkbox' name='TOR_RELAY_ENABLED' $checked{'TOR_RELAY_ENABLED'}{'on'} /></td>
199 <td width='25%' class='base'></td>
200 <td width='20%'></td>
201 </tr>
202 </table>
203 END
204
205 if ($settings{'TOR_ENABLED'} eq 'on') {
206 my @temp = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
207 $settings{'TOR_ALLOWED_SUBNETS'} = join("\n", @temp);
208
209 @temp = split(",", $settings{'TOR_USE_EXIT_NODES'});
210 $settings{'TOR_USE_EXIT_NODES'} = join("\n", @temp);
211
212 print <<END;
213 <br>
214 <hr size='1'>
215 <br>
216
217 <table width='100%'>
218 <tr>
219 <td colspan='4' class='base'><b>$Lang::tr{'tor acls'}</b></td>
220 </tr>
221 <tr>
222 <td colspan='2' class='base' width='55%'>
223 $Lang::tr{'tor allowed subnets'}:
224 </td>
225 <td colspan='2' width='45%'></td>
226 </tr>
227 <tr>
228 <td colspan='2' class='base' width='55%'>
229 <textarea name='TOR_ALLOWED_SUBNETS' cols='32' rows='3' wrap='off'>$settings{'TOR_ALLOWED_SUBNETS'}</textarea>
230 </td>
231 <td colspan='2' width='45%'></td>
232 </tr>
233 </table>
234
235 <br>
236 <hr size='1'>
237 <br>
238
239 <table width='100%'>
240 <tr>
241 <td colspan='4' class='base'><b>$Lang::tr{'tor exit nodes'}</b></td>
242 </tr>
243 <tr>
244 <td colspan='2' class='base' width='55%'></td>
245 <td colspan='2' class='base' width='45%'>$Lang::tr{'tor use exit nodes'}:</td>
246 </tr>
247 <tr>
248 <td width='50%' colspan='2'>
249 <select name='TOR_EXIT_COUNTRY'>
250 <option value=''>- $Lang::tr{'tor exit country any'} -</option>
251 END
252
253 my @country_names = Locale::Country::all_country_names();
254 foreach my $country_name (sort @country_names) {
255 my $country_code = Locale::Country::country2code($country_name);
256 $country_code = uc($country_code);
257 print "<option value='$country_code'>$country_name ($country_code)</option>\n";
258 }
259
260 print <<END;
261 </select>
262 </td>
263 <td width='50%' colspan='2'>
264 <textarea name='TOR_USE_EXIT_NODES' cols='32' rows='3' wrap='off'>$settings{'TOR_USE_EXIT_NODES'}</textarea>
265 </td>
266 </tr>
267 </table>
268 <br><br>
269 END
270 }
271
272 &Header::closebox();
273
274 if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
275 $checked{'TOR_RELAY_NOADVERTISE'}{'on'} = '';
276 $checked{'TOR_RELAY_NOADVERTISE'}{'off'} = '';
277 $checked{'TOR_RELAY_NOADVERTISE'}{$settings{'TOR_RELAY_NOADVERTISE'}} = 'checked';
278
279 $selected{'TOR_RELAY_MODE'}{'bridge'} = '';
280 $selected{'TOR_RELAY_MODE'}{'exit'} = '';
281 $selected{'TOR_RELAY_MODE'}{'private-bridge'} = '';
282 $selected{'TOR_RELAY_MODE'}{'relay'} = '';
283 $selected{'TOR_RELAY_MODE'}{$settings{'TOR_RELAY_MODE'}} = 'selected';
284
285 $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'} = '';
286 foreach (@bandwidth_limits) {
287 $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_} = '';
288 }
289 $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$settings{'TOR_RELAY_BANDWIDTH_RATE'}} = 'selected';
290
291 $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'} = '';
292 foreach (@bandwidth_limits) {
293 $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_} = '';
294 }
295 $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$settings{'TOR_RELAY_BANDWIDTH_BURST'}} = 'selected';
296
297 foreach (@accounting_periods) {
298 $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_} = '';
299 }
300 $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$settings{'TOR_RELAY_ACCOUNTING_PERIOD'}} = 'selected';
301
302 &Header::openbox('100%', 'left', $Lang::tr{'tor relay configuration'});
303
304 print <<END;
305 <table width='100%'>
306 <tr>
307 <td width='25%' class='base'>$Lang::tr{'tor relay mode'}:</td>
308 <td width='30%'>
309 <select name='TOR_RELAY_MODE'>
310 <option value='exit' $selected{'TOR_RELAY_MODE'}{'exit'}>$Lang::tr{'tor relay mode exit'}</option>
311 <option value='relay' $selected{'TOR_RELAY_MODE'}{'relay'}>$Lang::tr{'tor relay mode relay'}</option>
312 <option value='bridge' $selected{'TOR_RELAY_MODE'}{'bridge'}>$Lang::tr{'tor relay mode bridge'}</option>
313 <option value='private-bridge' $selected{'TOR_RELAY_MODE'}{'private-bridge'}>$Lang::tr{'tor relay mode private bridge'}</option>
314 </select>
315 </td>
316 <td width='25%' class='base'>$Lang::tr{'tor relay port'}:</td>
317 <td width='20%'>
318 <input type='text' name='TOR_RELAY_PORT' value='$settings{'TOR_RELAY_PORT'}' size='5' />
319 </td>
320 </tr>
321 <tr>
322 <td width='25%' class='base'>$Lang::tr{'tor relay address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
323 <td width='30%'>
324 <input type='text' name='TOR_RELAY_ADDRESS' value='$settings{'TOR_RELAY_ADDRESS'}' />
325 </td>
326 <td width='25%' class='base'>$Lang::tr{'tor do not advertise relay'}:</td>
327 <td width='20%'>
328 <input type='checkbox' name='TOR_RELAY_NOADVERTISE' $checked{'TOR_RELAY_NOADVERTISE'}{'on'} />
329 </td>
330 </tr>
331 <tr>
332 <td width='25%' class='base'>$Lang::tr{'tor relay nickname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
333 <td width='30%'>
334 <input type='text' name='TOR_RELAY_NICKNAME' value='$settings{'TOR_RELAY_NICKNAME'}' />
335 </td>
336 <td colspan='2'></td>
337 </tr>
338 <tr>
339 <td width='25%' class='base'>$Lang::tr{'tor contact info'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
340 <td width='75%' colspan='3'>
341 <input type='text' name='TOR_RELAY_CONTACT_INFO' value='$settings{'TOR_RELAY_CONTACT_INFO'}' size='60' />
342 </td>
343 </tr>
344 </table>
345
346 <hr size='1'>
347
348 <table width='100%'>
349 <tr>
350 <td colspan='4' class='base'><b>$Lang::tr{'tor bandwidth settings'}</b></td>
351 </tr>
352 <tr>
353 <td width='25%' class='base'>$Lang::tr{'tor bandwidth rate'}:</td>
354 <td width='30%' class='base'>
355 <select name='TOR_RELAY_BANDWIDTH_RATE'>
356 END
357
358 foreach (@bandwidth_limits) {
359 if ($_ >= 1024) {
360 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
361 } else {
362 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>$_ kBit/s</option>\n";
363 }
364 }
365
366 print <<END;
367 <option value='0' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
368 </select>
369 </td>
370 <td width='25%' class='base'>$Lang::tr{'tor accounting limit'}:</td>
371 <td width='20%'>
372 <input type='text' name='TOR_RELAY_ACCOUNTING_LIMIT' value='$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}' size='12' />
373 </td>
374 </tr>
375 <tr>
376 <td width='25%' class='base'>$Lang::tr{'tor bandwidth burst'}:</td>
377 <td width='20%' class='base'>
378 <select name='TOR_RELAY_BANDWIDTH_BURST'>
379 END
380
381 foreach (@bandwidth_limits) {
382 if ($_ >= 1024) {
383 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
384 } else {
385 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>$_ kBit/s</option>\n";
386 }
387 }
388 print <<END;
389 <option value='0' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
390 </select>
391 </td>
392 <td width='25%' class='base'>$Lang::tr{'tor accounting period'}:</td>
393 <td width='20%'>
394 <select name='TOR_RELAY_ACCOUNTING_PERIOD'>
395 END
396
397 foreach (@accounting_periods) {
398 print "<option value='$_' $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_}>$Lang::tr{'tor accounting period '.$_}</option>";
399 }
400
401 print <<END;
402 </select>
403 </td>
404 </tr>
405 </table>
406 END
407
408 &Header::closebox();
409 }
410
411 print <<END;
412 <table width='100%'>
413 <tr>
414 <td>
415 <img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'this field may be blank'}</font>
416 </td>
417 <td align='right'>&nbsp;</td>
418 </tr>
419 </table>
420
421 <hr>
422
423 <table width='100%'>
424 <tr>
425 <td>&nbsp;</td>
426 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
427 <td>&nbsp;</td>
428 </tr>
429 </table>
430 END
431
432 # If we have a control connection, show the stats.
433 if ($torctrl) {
434 &Header::openbox('100%', 'left', $Lang::tr{'tor stats'});
435
436 my @traffic = &TorTrafficStats($torctrl);
437
438 if (@traffic) {
439 print <<END;
440 <table width='100%'>
441 END
442
443 if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
444 my $fingerprint = &TorRelayFingerprint($torctrl);
445 if ($fingerprint) {
446 print <<END;
447 <tr>
448 <td width='40%' class='base'>$Lang::tr{'tor relay fingerprint'}:</td>
449 <td width='60%'>
450 <a href='https://atlas.torproject.org/#details/$fingerprint' target='_blank'>$fingerprint</a>
451 </td>
452 </tr>
453 END
454 }
455 }
456
457 my $address = TorGetInfo($torctrl, "address");
458 if ($address) {
459 print <<END;
460 <tr>
461 <td width='40%' class='base'>$Lang::tr{'tor relay external address'}:</td>
462 <td width='60%'>$address</td>
463 </tr>
464 END
465 }
466
467 print <<END;
468 <tr>
469 <td width='40%'>$Lang::tr{'tor traffic read written'}:</td>
470 END
471 print "<td width='60%'>" . &FormatBytes($traffic[0]) ."/". &FormatBytes($traffic[1]) . "</td>";
472 print <<END;
473 </tr>
474 </table>
475 END
476 }
477
478 my $accounting = &TorAccountingStats($torctrl);
479 if ($accounting) {
480 print <<END;
481 <table width='100%'>
482 <tr>
483 <td colspan='2' class='base'><b>$Lang::tr{'tor accounting'}</b></td>
484 </tr>
485 END
486
487 if ($accounting->{'hibernating'} eq "hard") {
488 print <<END;
489 <tr>
490 <td class='base' colspan='2' bgcolor="$Header::colourred" align='center'>
491 <font color='white'>$Lang::tr{'tor traffic limit hard'}</font>
492 </td>
493 </tr>
494 END
495 } elsif ($accounting->{'hibernating'} eq "soft") {
496 print <<END;
497 <tr>
498 <td class='base' colspan='2' bgcolor="$Header::colourorange" align='center'>
499 <font color='white'>$Lang::tr{'tor traffic limit soft'}</font>
500 </td>
501 </tr>
502 END
503 }
504
505 print <<END;
506 <tr>
507 <td width='40%' class='base'>$Lang::tr{'tor accounting interval'}</td>
508 <td width='60%'>
509 $accounting->{'interval-start'} - $accounting->{'interval-end'}
510 </td>
511 </tr>
512 <tr>
513 <td width='40%' class='base'>$Lang::tr{'tor accounting bytes'}</td>
514 <td width='60%'>
515 END
516
517 print &FormatBytes($accounting->{'bytes_read'}) . "/" . &FormatBytes($accounting->{'bytes_written'});
518 print " (" . &FormatBytes($accounting->{'bytes-left_read'}) . "/" . &FormatBytes($accounting->{'bytes-left_written'});
519 print " $Lang::tr{'tor accounting bytes left'})";
520
521 print <<END;
522 </td>
523 </tr>
524 </table>
525 END
526 }
527
528 my @nodes = &TorORConnStatus($torctrl);
529 if (@nodes) {
530 my $nodes_length = scalar @nodes;
531 print <<END;
532 <table width='100%'>
533 <tr>
534 <td width='40%' class='base'><b>$Lang::tr{'tor connected relays'}</b></td>
535 <td width='60%' colspan='2'>($nodes_length)</td>
536 </tr>
537 END
538
539 foreach my $node (@nodes) {
540 print <<END;
541 <tr>
542 <td width='40%'>
543 <a href='https://atlas.torproject.org/#details/$node->{'fingerprint'}' target='_blank'>
544 $node->{'name'}
545 </a>
546 </td>
547 <td width='30%'>
548 END
549
550 if (exists($node->{'country_code'})) {
551 print "<a href='country.cgi#$node->{'country_code'}'><img src='/images/flags/$node->{'country_code'}.png' border='0' align='absmiddle' alt='$node->{'country_code'}'></a>";
552 }
553
554 print <<END;
555 <a href='ipinfo.cgi?ip=$node->{'address'}'>$node->{'address'}</a>:$node->{'port'}
556 </td>
557 <td width='30%' align='right'>
558 ~$node->{'bandwidth_string'}
559 </td>
560 </tr>
561 END
562 }
563 print "</table>";
564 }
565
566 &Header::closebox();
567 }
568
569 print "</form>\n";
570
571 &Header::closebigbox();
572 &Header::closepage();
573 }
574
575 sub BuildConfiguration() {
576 my %settings = ();
577 &General::readhash("${General::swroot}/tor/settings", \%settings);
578
579 my $torrc = "${General::swroot}/tor/torrc";
580
581 open(FILE, ">$torrc");
582
583 # Global settings.
584 print FILE "ControlPort $TOR_CONTROL_PORT\n";
585
586 if ($settings{'TOR_ENABLED'} eq 'on') {
587 my $strict_nodes = 0;
588
589 print FILE "SocksPort 0.0.0.0:$settings{'TOR_SOCKS_PORT'}\n";
590
591 my @subnets = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
592 foreach (@subnets) {
593 print FILE "SocksPolicy accept $_\n" if (&General::validipandmask($_));
594 }
595 print FILE "SocksPolicy reject *\n" if (@subnets);
596
597 if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
598 $strict_nodes = 1;
599
600 print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n";
601 }
602
603 if ($settings{'TOR_USE_EXIT_NODES'} ne '') {
604 $strict_nodes = 1;
605
606 my @nodes = split(",", $settings{'TOR_USE_EXIT_NODES'});
607 foreach (@nodes) {
608 print FILE "ExitNode $_\n";
609 }
610 }
611
612 if ($strict_nodes > 0) {
613 print FILE "StrictNodes 1\n";
614 }
615 }
616
617 if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
618 # Reject access to private networks.
619 print FILE "ExitPolicyRejectPrivate 1\n";
620
621 print FILE "ORPort $settings{'TOR_RELAY_PORT'}";
622 if ($settings{'TOR_RELAY_NOADVERTISE'} eq 'on') {
623 print FILE " NoAdvertise";
624 }
625 print FILE "\n";
626
627 if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
628 print FILE "Address $settings{'TOR_RELAY_ADDRESS'}\n";
629 }
630
631 if ($settings{'TOR_RELAY_NICKNAME'} ne '') {
632 print FILE "Nickname $settings{'TOR_RELAY_NICKNAME'}\n";
633 }
634
635 if ($settings{'TOR_RELAY_CONTACT_INFO'} ne '') {
636 print FILE "ContactInfo $settings{'TOR_RELAY_CONTACT_INFO'}\n";
637 }
638
639 # Limit to bridge mode.
640 my $is_bridge = 0;
641
642 if ($settings{'TOR_RELAY_MODE'} eq 'bridge') {
643 $is_bridge++;
644
645 # Private bridge.
646 } elsif ($settings{'TOR_RELAY_MODE'} eq 'private-bridge') {
647 $is_bridge++;
648
649 print FILE "PublishServerDescriptor 0\n";
650
651 # Exit node.
652 } elsif ($settings{'TOR_RELAY_MODE'} eq 'exit') {
653 print FILE "ExitPolicy accept *:*\n";
654
655 # Relay only.
656 } elsif ($settings{'TOR_RELAY_MODE'} eq 'relay') {
657 print FILE "ExitPolicy reject *:*\n";
658 }
659
660 if ($is_bridge > 0) {
661 print FILE "BridgeRelay 1\n";
662 print FILE "Exitpolicy reject *:*\n";
663 }
664
665 if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} > 0) {
666 print FILE "RelayBandwidthRate ";
667 print FILE $settings{'TOR_RELAY_BANDWIDTH_RATE'} / 8;
668 print FILE " KB\n";
669
670 if ($settings{'TOR_RELAY_BANDWIDTH_BURST'} > 0) {
671 print FILE "RelayBandwidthBurst ";
672 print FILE $settings{'TOR_RELAY_BANDWIDTH_BURST'} / 8;
673 print FILE " KB\n";
674 }
675 }
676
677 if ($settings{'TOR_RELAY_ACCOUNTING_LIMIT'} > 0) {
678 print FILE "AccountingMax ".$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}." MB\n";
679
680 if ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'daily') {
681 print FILE "AccountingStart day 00:00\n";
682 } elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'weekly') {
683 print FILE "AccountingStart week 1 00:00\n";
684 } elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'monthly') {
685 print FILE "AccountingStart month 1 00:00\n";
686 }
687 }
688 }
689
690 close(FILE);
691
692 # Restart the service.
693 if (($settings{'TOR_ENABLED'} eq 'on') || ($settings{'TOR_RELAY_ENABLED'} eq 'on')) {
694 system("/usr/local/bin/torctrl restart &>/dev/null");
695 } else {
696 system("/usr/local/bin/torctrl stop &>/dev/null");
697 }
698 }
699
700 sub TorConnect() {
701 my $socket = new IO::Socket::INET(
702 Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => $TOR_CONTROL_PORT,
703 ) or return;
704
705 $socket->autoflush(1);
706
707 # Authenticate.
708 &TorSendCommand($socket, "AUTHENTICATE");
709
710 return $socket;
711 }
712
713 sub TorSendCommand() {
714 my ($socket, $cmd) = @_;
715
716 # Replace line ending with \r\n.
717 chomp $cmd;
718 $cmd .= "\r\n";
719
720 $socket->send($cmd);
721
722 my @output = ();
723 while (my $line = <$socket>) {
724 # Skip empty lines.
725 if ($line =~ /^.\r\n$/) {
726 next;
727 }
728
729 # Command has been successfully executed.
730 if ($line =~ /250 OK/) {
731 last;
732
733 # Error.
734 } elsif ($line =~ /^5\d+/) {
735 last;
736
737 } else {
738 # Remove line endings.
739 $line =~ s/\r\n$//;
740
741 push(@output, $line);
742 }
743 }
744
745 return @output;
746 }
747
748 sub TorSendCommandOneLine() {
749 my ($tor, $cmd) = @_;
750
751 my @output = &TorSendCommand($tor, $cmd);
752 return $output[0];
753 }
754
755 sub TorGetInfo() {
756 my ($tor, $cmd) = @_;
757
758 my $output = &TorSendCommandOneLine($tor, "GETINFO ".$cmd);
759
760 my ($key, $value) = split("=", $output);
761 return $value;
762 }
763
764 sub TorClose() {
765 my $socket = shift;
766
767 if ($socket) {
768 $socket->shutdown(2);
769 }
770 }
771
772 sub TorTrafficStats() {
773 my $tor = shift;
774
775 my $output_read = &TorGetInfo($tor, "traffic/read");
776 my $output_written = &TorGetInfo($tor, "traffic/written");
777
778 return ($output_read, $output_written);
779 }
780
781 sub TorRelayFingerprint() {
782 my $tor = shift;
783
784 return &TorGetInfo($tor, "fingerprint");
785 }
786
787 sub TorORConnStatus() {
788 my $tor = shift;
789 my @nodes = ();
790
791 my @output = &TorSendCommand($tor, "GETINFO orconn-status");
792 foreach (@output) {
793 $_ =~ s/^250[\+-]orconn-status=//;
794 next if ($_ eq "");
795 last if ($_ eq ".");
796 next unless ($_ =~ /^\$/);
797
798 my @line = split(" ", $_);
799 my @node = split(/[=~]/, $line[0]);
800
801 my $node = &TorNodeDescription($tor, $node[0]);
802 if ($node) {
803 push(@nodes, $node);
804 }
805 }
806
807 # Sort by names.
808 @nodes = sort { $a->{'name'} cmp $b->{'name'} } @nodes;
809
810 return @nodes;
811 }
812
813 sub TorNodeDescription() {
814 my ($tor, $fingerprint) = @_;
815 $fingerprint =~ s/\$//;
816
817 my $node = {
818 fingerprint => $fingerprint,
819 exit_node => 0,
820 };
821
822 my @output = &TorSendCommand($tor, "GETINFO ns/id/$node->{'fingerprint'}");
823
824 foreach (@output) {
825 # Router
826 if ($_ =~ /^r (\w+) (.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\d+)/) {
827 $node->{'name'} = $1;
828 $node->{'address'} = $3;
829 $node->{'port'} = $4;
830
831 my $country_code = &TorGetInfo($tor, "ip-to-country/$node->{'address'}");
832 $node->{'country_code'} = $country_code;
833
834 # Flags
835 } elsif ($_ =~ /^s (.*)$/) {
836 $node->{'flags'} = split(" ", $1);
837
838 foreach my $flag ($node->{'flags'}) {
839 if ($flag eq "Exit") {
840 $node->{'exit_node'}++;
841 }
842 }
843
844 # Bandwidth
845 } elsif ($_ =~ /^w Bandwidth=(\d+)/) {
846 $node->{'bandwidth'} = $1 * 8;
847 $node->{'bandwidth_string'} = &FormatBitsPerSecond($node->{'bandwidth'});
848 }
849 }
850
851 if (exists($node->{'name'})) {
852 return $node;
853 }
854 }
855
856 sub TorAccountingStats() {
857 my $tor = shift;
858 my $ret = {};
859
860 my $enabled = &TorGetInfo($tor, "accounting/enabled");
861 if ($enabled ne '1') {
862 return;
863 }
864
865 my @cmds = ("hibernating", "interval-start", "interval-end");
866 foreach (@cmds) {
867 $ret->{$_} = &TorGetInfo($tor, "accounting/$_");
868 }
869
870 my @cmds = ("bytes", "bytes-left");
871 foreach (@cmds) {
872 my $output = &TorGetInfo($tor, "accounting/$_");
873 my @bytes = split(" ", $output);
874
875 $ret->{$_."_read"} = $bytes[0];
876 $ret->{$_."_written"} = $bytes[1];
877 }
878
879 return $ret;
880 }
881
882 sub FormatBytes() {
883 my $bytes = shift;
884
885 my @units = ("B", "KB", "MB", "GB", "TB");
886 my $units_index = 0;
887
888 while (($units_index <= $#units) && ($bytes >= 1024)) {
889 $units_index++;
890 $bytes /= 1024;
891 }
892
893 return sprintf("%.2f %s", $bytes, $units[$units_index]);
894 }
895
896 sub FormatBitsPerSecond() {
897 my $bits = shift;
898
899 my @units = ("Bit/s", "KBit/s", "MBit/s", "GBit/s", "TBit/s");
900 my $units_index = 0;
901
902 while (($units_index <= $#units) && ($bits >= 1024)) {
903 $units_index++;
904 $bits /= 1024;
905 }
906
907 return sprintf("%.2f %s", $bits, $units[$units_index]);
908 }
Peter's tree of IPFire 2.x