]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - html/cgi-bin/tor.cgi
projects / people / teissler / ipfire-2.x.git / blob
? search:


0c5477fd60fa7040046b6d0e19df20627ecf37fd
[people/teissler/ipfire-2.x.git] / html / cgi-bin / tor.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2013 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use Locale::Country;
24
25 # enable only the following on debugging purpose
26 use warnings;
27 use CGI::Carp 'fatalsToBrowser';
28
29 require '/var/ipfire/general-functions.pl';
30 require "${General::swroot}/lang.pl";
31 require "${General::swroot}/header.pl";
32
33 #workaround to suppress a warning when a variable is used only once
34 my @dummy = ( ${Header::colouryellow} );
35 undef (@dummy);
36
37 my @bandwidth_limits = (
38 1000 * 1024, # 1G
39 500 * 1024,
40 200 * 1024,
41 100 * 1024, # 100M
42 64 * 1024,
43 50 * 1024,
44 25 * 1024,
45 20 * 1024,
46 16 * 1024,
47 10 * 1024,
48 8 * 1024,
49 4 * 1024,
50 2 * 1024,
51 1024, # 1M
52 512,
53 256,
54 160
55 );
56 my @accounting_periods = ('daily', 'weekly', 'monthly');
57
58 my $TOR_CONTROL_PORT = 9051;
59
60 our %netsettings = ();
61 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
62
63 our %settings = ();
64
65 $settings{'TOR_ENABLED'} = 'off';
66 $settings{'TOR_SOCKS_PORT'} = 9050;
67 $settings{'TOR_EXIT_COUNTRY'} = '';
68 $settings{'TOR_USE_EXIT_NODES'} = '';
69 $settings{'TOR_ALLOWED_SUBNETS'} = "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}";
70 if (&Header::blue_used()) {
71 $settings{'TOR_ALLOWED_SUBNETS'} .= ",$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}";
72 }
73
74 $settings{'TOR_RELAY_ENABLED'} = 'off';
75 $settings{'TOR_RELAY_MODE'} = 'exit';
76 $settings{'TOR_RELAY_PORT'} = 9001;
77 $settings{'TOR_RELAY_NOADVERTISE'} = 'off';
78 $settings{'TOR_RELAY_BANDWIDTH_RATE'} = 0;
79 $settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
80 $settings{'TOR_RELAY_ACCOUNTING_LIMIT'} = 0;
81 $settings{'TOR_RELAY_ACCOUNTING_PERIOD'} = 'daily';
82
83 $settings{'ACTION'} = '';
84
85 my $errormessage = '';
86 my $warnmessage = '';
87
88 &Header::showhttpheaders();
89
90 # Get GUI values.
91 &Header::getcgihash(\%settings);
92
93 # Create tor command connection.
94 our $torctrl = &TorConnect();
95
96 # Toggle enable/disable field.
97 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
98 my @temp = split(/[\n,]/,$settings{'TOR_ALLOWED_SUBNETS'});
99 $settings{'TOR_ALLOWED_SUBNETS'} = "";
100 foreach (@temp) {
101 s/^\s+//g; s/\s+$//g;
102 if ($_) {
103 unless (&General::validipandmask($_)) {
104 $errormessage = "$Lang::tr{'tor errmsg invalid ip or mask'}: $_";
105 }
106 $settings{'TOR_ALLOWED_SUBNETS'} .= $_.",";
107 }
108 }
109
110 @temp = split(/[\n,]/,$settings{'TOR_USE_EXIT_NODES'});
111 $settings{'TOR_USE_EXIT_NODES'} = "";
112 foreach (@temp) {
113 s/^\s+//g; s/\s+$//g;
114 if ($_) {
115 $settings{'TOR_USE_EXIT_NODES'} .= $_.",";
116 }
117 }
118
119 # Burst bandwidth must be less or equal to bandwidth rate.
120 if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} == 0) {
121 $settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
122
123 } elsif ($settings{'TOR_RELAY_BANDWIDTH_BURST'} < $settings{'TOR_RELAY_BANDWIDTH_RATE'}) {
124 $settings{'TOR_RELAY_BANDWIDTH_BURST'} = $settings{'TOR_RELAY_BANDWIDTH_RATE'};
125 }
126
127 if ($errormessage eq '') {
128 # Write configuration settings to file.
129 &General::writehash("${General::swroot}/tor/settings", \%settings);
130
131 # Update configuration files.
132 &BuildConfiguration();
133 }
134
135 # Reset ACTION.
136 $settings{'ACTION'} = '';
137 }
138
139 # Load settings from file.
140 &General::readhash("${General::swroot}/tor/settings", \%settings);
141
142 &showMainBox();
143
144 # Close Tor control connection.
145 &TorClose($torctrl);
146
147 # Functions
148
149 sub showMainBox() {
150 my %checked = ();
151 my %selected = ();
152
153 $checked{'TOR_ENABLED'}{'on'} = '';
154 $checked{'TOR_ENABLED'}{'off'} = '';
155 $checked{'TOR_ENABLED'}{$settings{'TOR_ENABLED'}} = 'checked';
156
157 $checked{'TOR_RELAY_ENABLED'}{'on'} = '';
158 $checked{'TOR_RELAY_ENABLED'}{'off'} = '';
159 $checked{'TOR_RELAY_ENABLED'}{$settings{'TOR_RELAY_ENABLED'}} = 'checked';
160
161 &Header::openpage($Lang::tr{'tor configuration'}, 1, '');
162 &Header::openbigbox('100%', 'left', '', $errormessage);
163
164 if ($errormessage) {
165 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
166 print "<font class='base'>$errormessage&nbsp;</font>\n";
167 &Header::closebox();
168 }
169
170 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
171
172 &Header::openbox('100%', 'left', $Lang::tr{'tor configuration'});
173
174 print <<END;
175 <table width='100%'>
176 <tr>
177 <td colspan='4' class='base'><b>$Lang::tr{'tor common settings'}</b></td>
178 </tr>
179 <tr>
180 <td width='25%' class='base'>$Lang::tr{'tor enabled'}:</td>
181 <td width='30%'><input type='checkbox' name='TOR_ENABLED' $checked{'TOR_ENABLED'}{'on'} /></td>
182 <td width='25%' class='base'>$Lang::tr{'tor socks port'}:</td>
183 <td width='20%'><input type='text' name='TOR_SOCKS_PORT' value='$settings{'TOR_SOCKS_PORT'}' size='5' /></td>
184 </tr>
185 <tr>
186 <td width='25%' class='base'>$Lang::tr{'tor relay enabled'}:</td>
187 <td width='30%'><input type='checkbox' name='TOR_RELAY_ENABLED' $checked{'TOR_RELAY_ENABLED'}{'on'} /></td>
188 <td width='25%' class='base'></td>
189 <td width='20%'></td>
190 </tr>
191 </table>
192 END
193
194 if ($settings{'TOR_ENABLED'} eq 'on') {
195 my @temp = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
196 $settings{'TOR_ALLOWED_SUBNETS'} = join("\n", @temp);
197
198 @temp = split(",", $settings{'TOR_USE_EXIT_NODES'});
199 $settings{'TOR_USE_EXIT_NODES'} = join("\n", @temp);
200
201 print <<END;
202 <br>
203 <hr size='1'>
204 <br>
205
206 <table width='100%'>
207 <tr>
208 <td colspan='4' class='base'><b>$Lang::tr{'tor acls'}</b></td>
209 </tr>
210 <tr>
211 <td colspan='2' class='base' width='55%'>
212 $Lang::tr{'tor allowed subnets'}:
213 </td>
214 <td colspan='2' width='45%'></td>
215 </tr>
216 <tr>
217 <td colspan='2' class='base' width='55%'>
218 <textarea name='TOR_ALLOWED_SUBNETS' cols='32' rows='3' wrap='off'>$settings{'TOR_ALLOWED_SUBNETS'}</textarea>
219 </td>
220 <td colspan='2' width='45%'></td>
221 </tr>
222 </table>
223
224 <br>
225 <hr size='1'>
226 <br>
227
228 <table width='100%'>
229 <tr>
230 <td colspan='4' class='base'><b>$Lang::tr{'tor exit nodes'}</b></td>
231 </tr>
232 <tr>
233 <td colspan='2' class='base' width='55%'></td>
234 <td colspan='2' class='base' width='45%'>$Lang::tr{'tor use exit nodes'}:</td>
235 </tr>
236 <tr>
237 <td width='50%' colspan='2'>
238 <select name='TOR_EXIT_COUNTRY'>
239 <option value=''>- $Lang::tr{'tor exit country any'} -</option>
240 END
241
242 my @country_names = Locale::Country::all_country_names();
243 foreach my $country_name (sort @country_names) {
244 my $country_code = Locale::Country::country2code($country_name);
245 $country_code = uc($country_code);
246 print "<option value='$country_code'>$country_name ($country_code)</option>\n";
247 }
248
249 print <<END;
250 </select>
251 </td>
252 <td width='50%' colspan='2'>
253 <textarea name='TOR_USE_EXIT_NODES' cols='32' rows='3' wrap='off'>$settings{'TOR_USE_EXIT_NODES'}</textarea>
254 </td>
255 </tr>
256 </table>
257 <br><br>
258 END
259 }
260
261 &Header::closebox();
262
263 if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
264 $checked{'TOR_RELAY_NOADVERTISE'}{'on'} = '';
265 $checked{'TOR_RELAY_NOADVERTISE'}{'off'} = '';
266 $checked{'TOR_RELAY_NOADVERTISE'}{$settings{'TOR_RELAY_NOADVERTISE'}} = 'checked';
267
268 $selected{'TOR_RELAY_MODE'}{'bridge'} = '';
269 $selected{'TOR_RELAY_MODE'}{'exit'} = '';
270 $selected{'TOR_RELAY_MODE'}{'private-bridge'} = '';
271 $selected{'TOR_RELAY_MODE'}{'relay'} = '';
272 $selected{'TOR_RELAY_MODE'}{$settings{'TOR_RELAY_MODE'}} = 'selected';
273
274 $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'} = '';
275 foreach (@bandwidth_limits) {
276 $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_} = '';
277 }
278 $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$settings{'TOR_RELAY_BANDWIDTH_RATE'}} = 'selected';
279
280 $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'} = '';
281 foreach (@bandwidth_limits) {
282 $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_} = '';
283 }
284 $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$settings{'TOR_RELAY_BANDWIDTH_BURST'}} = 'selected';
285
286 foreach (@accounting_periods) {
287 $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_} = '';
288 }
289 $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$settings{'TOR_RELAY_ACCOUNTING_PERIOD'}} = 'selected';
290
291 &Header::openbox('100%', 'left', $Lang::tr{'tor relay configuration'});
292
293 print <<END;
294 <table width='100%'>
295 <tr>
296 <td width='25%' class='base'>$Lang::tr{'tor relay mode'}:</td>
297 <td width='30%'>
298 <select name='TOR_RELAY_MODE'>
299 <option value='exit' $selected{'TOR_RELAY_MODE'}{'exit'}>$Lang::tr{'tor relay mode exit'}</option>
300 <option value='relay' $selected{'TOR_RELAY_MODE'}{'relay'}>$Lang::tr{'tor relay mode relay'}</option>
301 <option value='bridge' $selected{'TOR_RELAY_MODE'}{'bridge'}>$Lang::tr{'tor relay mode bridge'}</option>
302 <option value='private-bridge' $selected{'TOR_RELAY_MODE'}{'private-bridge'}>$Lang::tr{'tor relay mode private bridge'}</option>
303 </select>
304 </td>
305 <td width='25%' class='base'>$Lang::tr{'tor relay port'}:</td>
306 <td width='20%'>
307 <input type='text' name='TOR_RELAY_PORT' value='$settings{'TOR_RELAY_PORT'}' size='5' />
308 </td>
309 </tr>
310 <tr>
311 <td width='25%' class='base'>$Lang::tr{'tor relay address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
312 <td width='30%'>
313 <input type='text' name='TOR_RELAY_ADDRESS' value='$settings{'TOR_RELAY_ADDRESS'}' />
314 </td>
315 <td width='25%' class='base'>$Lang::tr{'tor do not advertise relay'}:</td>
316 <td width='20%'>
317 <input type='checkbox' name='TOR_RELAY_NOADVERTISE' $checked{'TOR_RELAY_NOADVERTISE'}{'on'} />
318 </td>
319 </tr>
320 <tr>
321 <td width='25%' class='base'>$Lang::tr{'tor relay nickname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
322 <td width='30%'>
323 <input type='text' name='TOR_RELAY_NICKNAME' value='$settings{'TOR_RELAY_NICKNAME'}' />
324 </td>
325 <td colspan='2'></td>
326 </tr>
327 <tr>
328 <td width='25%' class='base'>$Lang::tr{'tor contact info'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
329 <td width='75%' colspan='3'>
330 <input type='text' name='TOR_RELAY_CONTACT_INFO' value='$settings{'TOR_RELAY_CONTACT_INFO'}' size='60' />
331 </td>
332 </tr>
333 </table>
334
335 <hr size='1'>
336
337 <table width='100%'>
338 <tr>
339 <td colspan='4' class='base'><b>$Lang::tr{'tor bandwidth settings'}</b></td>
340 </tr>
341 <tr>
342 <td width='25%' class='base'>$Lang::tr{'tor bandwidth rate'}:</td>
343 <td width='30%' class='base'>
344 <select name='TOR_RELAY_BANDWIDTH_RATE'>
345 END
346
347 foreach (@bandwidth_limits) {
348 if ($_ >= 1024) {
349 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
350 } else {
351 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>$_ kBit/s</option>\n";
352 }
353 }
354
355 print <<END;
356 <option value='0' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
357 </select>
358 </td>
359 <td width='25%' class='base'>$Lang::tr{'tor accounting limit'}:</td>
360 <td width='20%'>
361 <input type='text' name='TOR_RELAY_ACCOUNTING_LIMIT' value='$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}' size='12' />
362 </td>
363 </tr>
364 <tr>
365 <td width='25%' class='base'>$Lang::tr{'tor bandwidth burst'}:</td>
366 <td width='20%' class='base'>
367 <select name='TOR_RELAY_BANDWIDTH_BURST'>
368 END
369
370 foreach (@bandwidth_limits) {
371 if ($_ >= 1024) {
372 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
373 } else {
374 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>$_ kBit/s</option>\n";
375 }
376 }
377 print <<END;
378 <option value='0' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
379 </select>
380 </td>
381 <td width='25%' class='base'>$Lang::tr{'tor accounting period'}:</td>
382 <td width='20%'>
383 <select name='TOR_RELAY_ACCOUNTING_PERIOD'>
384 END
385
386 foreach (@accounting_periods) {
387 print "<option value='$_' $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_}>$Lang::tr{'tor accounting period '.$_}</option>";
388 }
389
390 print <<END;
391 </select>
392 </td>
393 </tr>
394 </table>
395 END
396
397 &Header::closebox();
398 }
399
400 print <<END;
401 <table width='100%'>
402 <tr>
403 <td>
404 <img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'this field may be blank'}</font>
405 </td>
406 <td align='right'>&nbsp;</td>
407 </tr>
408 </table>
409
410 <hr>
411
412 <table width='100%'>
413 <tr>
414 <td>&nbsp;</td>
415 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
416 <td>&nbsp;</td>
417 </tr>
418 </table>
419 END
420
421 # If we have a control connection, show the stats.
422 if ($torctrl) {
423 &Header::openbox('100%', 'left', $Lang::tr{'tor stats'});
424
425 my @traffic = &TorTrafficStats($torctrl);
426
427 if (@traffic) {
428 print <<END;
429 <table width='100%'>
430 END
431
432 if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
433 my $fingerprint = &TorRelayFingerprint($torctrl);
434 if ($fingerprint) {
435 print <<END;
436 <tr>
437 <td width='40%' class='base'>$Lang::tr{'tor relay fingerprint'}:</td>
438 <td width='60%'>
439 <a href='https://atlas.torproject.org/#details/$fingerprint' target='_blank'>$fingerprint</a>
440 </td>
441 </tr>
442 END
443 }
444 }
445
446 my $address = TorGetInfo($torctrl, "address");
447 if ($address) {
448 print <<END;
449 <tr>
450 <td width='40%' class='base'>$Lang::tr{'tor relay external address'}:</td>
451 <td width='60%'>$address</td>
452 </tr>
453 END
454 }
455
456 print <<END;
457 <tr>
458 <td width='40%'>$Lang::tr{'tor traffic read written'}:</td>
459 END
460 print "<td width='60%'>" . &FormatBytes($traffic[0]) ."/". &FormatBytes($traffic[1]) . "</td>";
461 print <<END;
462 </tr>
463 </table>
464 END
465 }
466
467 my $accounting = &TorAccountingStats($torctrl);
468 if ($accounting) {
469 print <<END;
470 <table width='100%'>
471 <tr>
472 <td colspan='2' class='base'><b>$Lang::tr{'tor accounting'}</b></td>
473 </tr>
474 END
475
476 if ($accounting->{'hibernating'} eq "hard") {
477 print <<END;
478 <tr>
479 <td class='base' colspan='2' bgcolor="$Header::colourred" align='center'>
480 <font color='white'>$Lang::tr{'tor traffic limit hard'}</font>
481 </td>
482 </tr>
483 END
484 } elsif ($accounting->{'hibernating'} eq "soft") {
485 print <<END;
486 <tr>
487 <td class='base' colspan='2' bgcolor="$Header::colourorange" align='center'>
488 <font color='white'>$Lang::tr{'tor traffic limit soft'}</font>
489 </td>
490 </tr>
491 END
492 }
493
494 print <<END;
495 <tr>
496 <td width='40%' class='base'>$Lang::tr{'tor accounting interval'}</td>
497 <td width='60%'>
498 $accounting->{'interval-start'} - $accounting->{'interval-end'}
499 </td>
500 </tr>
501 <tr>
502 <td width='40%' class='base'>$Lang::tr{'tor accounting bytes'}</td>
503 <td width='60%'>
504 END
505
506 print &FormatBytes($accounting->{'bytes_read'}) . "/" . &FormatBytes($accounting->{'bytes_written'});
507 print " (" . &FormatBytes($accounting->{'bytes-left_read'}) . "/" . &FormatBytes($accounting->{'bytes-left_written'});
508 print " $Lang::tr{'tor accounting bytes left'})";
509
510 print <<END;
511 </td>
512 </tr>
513 </table>
514 END
515 }
516
517 my @nodes = &TorORConnStatus($torctrl);
518 if (@nodes) {
519 my $nodes_length = scalar @nodes;
520 print <<END;
521 <table width='100%'>
522 <tr>
523 <td width='40%' class='base'><b>$Lang::tr{'tor connected relays'}</b></td>
524 <td width='60%' colspan='2'>($nodes_length)</td>
525 </tr>
526 END
527
528 foreach my $node (@nodes) {
529 print <<END;
530 <tr>
531 <td width='40%'>
532 <a href='https://atlas.torproject.org/#details/$node->{'fingerprint'}' target='_blank'>
533 $node->{'name'}
534 </a>
535 </td>
536 <td width='30%'>
537 END
538
539 if (exists($node->{'country_code'})) {
540 print "<a href='country.cgi#$node->{'country_code'}'><img src='/images/flags/$node->{'country_code'}.png' border='0' align='absmiddle' alt='$node->{'country_code'}'></a>";
541 }
542
543 print <<END;
544 <a href='ipinfo.cgi?ip=$node->{'address'}'>$node->{'address'}</a>:$node->{'port'}
545 </td>
546 <td width='30%' align='right'>
547 ~$node->{'bandwidth_string'}
548 </td>
549 </tr>
550 END
551 }
552 print "</table>";
553 }
554
555 &Header::closebox();
556 }
557
558 print "</form>\n";
559
560 &Header::closebigbox();
561 &Header::closepage();
562 }
563
564 sub BuildConfiguration() {
565 my %settings = ();
566 &General::readhash("${General::swroot}/tor/settings", \%settings);
567
568 my $torrc = "${General::swroot}/tor/torrc";
569
570 open(FILE, ">$torrc");
571
572 # Global settings.
573 print FILE "ControlPort $TOR_CONTROL_PORT\n";
574
575 if ($settings{'TOR_ENABLED'} eq 'on') {
576 my $strict_nodes = 0;
577
578 print FILE "SocksPort 0.0.0.0:$settings{'TOR_SOCKS_PORT'}\n";
579
580 my @subnets = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
581 foreach (@subnets) {
582 print FILE "SocksPolicy accept $_\n" if (&General::validipandmask($_));
583 }
584 print FILE "SocksPolicy reject *\n" if (@subnets);
585
586 if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
587 $strict_nodes = 1;
588
589 print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n";
590 }
591
592 if ($settings{'TOR_USE_EXIT_NODES'} ne '') {
593 $strict_nodes = 1;
594
595 my @nodes = split(",", $settings{'TOR_USE_EXIT_NODES'});
596 foreach (@nodes) {
597 print FILE "ExitNode $_\n";
598 }
599 }
600
601 if ($strict_nodes > 0) {
602 print FILE "StrictNodes 1\n";
603 }
604 }
605
606 if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
607 # Reject access to private networks.
608 print FILE "ExitPolicyRejectPrivate 1\n";
609
610 print FILE "ORPort $settings{'TOR_RELAY_PORT'}";
611 if ($settings{'TOR_RELAY_NOADVERTISE'} eq 'on') {
612 print FILE " NoAdvertise";
613 }
614 print FILE "\n";
615
616 if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
617 print FILE "Address $settings{'TOR_RELAY_ADDRESS'}\n";
618 }
619
620 if ($settings{'TOR_RELAY_NICKNAME'} ne '') {
621 print FILE "Nickname $settings{'TOR_RELAY_NICKNAME'}\n";
622 }
623
624 if ($settings{'TOR_RELAY_CONTACT_INFO'} ne '') {
625 print FILE "ContactInfo $settings{'TOR_RELAY_CONTACT_INFO'}\n";
626 }
627
628 # Limit to bridge mode.
629 my $is_bridge = 0;
630
631 if ($settings{'TOR_RELAY_MODE'} eq 'bridge') {
632 $is_bridge++;
633
634 # Private bridge.
635 } elsif ($settings{'TOR_RELAY_MODE'} eq 'private-bridge') {
636 $is_bridge++;
637
638 print FILE "PublishServerDescriptor 0\n";
639
640 # Exit node.
641 } elsif ($settings{'TOR_RELAY_MODE'} eq 'exit') {
642 print FILE "ExitPolicy accept *:*\n";
643
644 # Relay only.
645 } elsif ($settings{'TOR_RELAY_MODE'} eq 'relay') {
646 print FILE "ExitPolicy reject *:*\n";
647 }
648
649 if ($is_bridge > 0) {
650 print FILE "BridgeRelay 1\n";
651 print FILE "Exitpolicy reject *:*\n";
652 }
653
654 if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} > 0) {
655 print FILE "RelayBandwidthRate ";
656 print FILE $settings{'TOR_RELAY_BANDWIDTH_RATE'} / 8;
657 print FILE " KB\n";
658
659 if ($settings{'TOR_RELAY_BANDWIDTH_BURST'} > 0) {
660 print FILE "RelayBandwidthBurst ";
661 print FILE $settings{'TOR_RELAY_BANDWIDTH_BURST'} / 8;
662 print FILE " KB\n";
663 }
664 }
665
666 if ($settings{'TOR_RELAY_ACCOUNTING_LIMIT'} > 0) {
667 print FILE "AccountingMax ".$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}." MB\n";
668
669 if ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'daily') {
670 print FILE "AccountingStart day 00:00\n";
671 } elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'weekly') {
672 print FILE "AccountingStart week 1 00:00\n";
673 } elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'monthly') {
674 print FILE "AccountingStart month 1 00:00\n";
675 }
676 }
677 }
678
679 close(FILE);
680
681 # Restart the service.
682 if (($settings{'TOR_ENABLED'} eq 'on') || ($settings{'TOR_RELAY_ENABLED'} eq 'on')) {
683 system("/usr/local/bin/torctrl restart &>/dev/null");
684 } else {
685 system("/usr/local/bin/torctrl stop &>/dev/null");
686 }
687 }
688
689 sub TorConnect() {
690 my $socket = new IO::Socket::INET(
691 Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => $TOR_CONTROL_PORT,
692 ) or return;
693
694 $socket->autoflush(1);
695
696 # Authenticate.
697 &TorSendCommand($socket, "AUTHENTICATE");
698
699 return $socket;
700 }
701
702 sub TorSendCommand() {
703 my ($socket, $cmd) = @_;
704
705 # Replace line ending with \r\n.
706 chomp $cmd;
707 $cmd .= "\r\n";
708
709 $socket->send($cmd);
710
711 my @output = ();
712 while (my $line = <$socket>) {
713 # Skip empty lines.
714 if ($line =~ /^.\r\n$/) {
715 next;
716 }
717
718 # Command has been successfully executed.
719 if ($line =~ /250 OK/) {
720 last;
721
722 # Error.
723 } elsif ($line =~ /^5\d+/) {
724 last;
725
726 } else {
727 # Remove line endings.
728 $line =~ s/\r\n$//;
729
730 push(@output, $line);
731 }
732 }
733
734 return @output;
735 }
736
737 sub TorSendCommandOneLine() {
738 my ($tor, $cmd) = @_;
739
740 my @output = &TorSendCommand($tor, $cmd);
741 return $output[0];
742 }
743
744 sub TorGetInfo() {
745 my ($tor, $cmd) = @_;
746
747 my $output = &TorSendCommandOneLine($tor, "GETINFO ".$cmd);
748
749 my ($key, $value) = split("=", $output);
750 return $value;
751 }
752
753 sub TorClose() {
754 my $socket = shift;
755
756 if ($socket) {
757 $socket->shutdown(2);
758 }
759 }
760
761 sub TorTrafficStats() {
762 my $tor = shift;
763
764 my $output_read = &TorGetInfo($tor, "traffic/read");
765 my $output_written = &TorGetInfo($tor, "traffic/written");
766
767 return ($output_read, $output_written);
768 }
769
770 sub TorRelayFingerprint() {
771 my $tor = shift;
772
773 return &TorGetInfo($tor, "fingerprint");
774 }
775
776 sub TorORConnStatus() {
777 my $tor = shift;
778 my @nodes = ();
779
780 my @output = &TorSendCommand($tor, "GETINFO orconn-status");
781 foreach (@output) {
782 $_ =~ s/^250[\+-]orconn-status=//;
783 next if ($_ eq "");
784 last if ($_ eq ".");
785 next unless ($_ =~ /^\$/);
786
787 my @line = split(" ", $_);
788 my @node = split(/[=~]/, $line[0]);
789
790 my $node = &TorNodeDescription($tor, $node[0]);
791 if ($node) {
792 push(@nodes, $node);
793 }
794 }
795
796 # Sort by names.
797 @nodes = sort { $a->{'name'} cmp $b->{'name'} } @nodes;
798
799 return @nodes;
800 }
801
802 sub TorNodeDescription() {
803 my ($tor, $fingerprint) = @_;
804 $fingerprint =~ s/\$//;
805
806 my $node = {
807 fingerprint => $fingerprint,
808 exit_node => 0,
809 };
810
811 my @output = &TorSendCommand($tor, "GETINFO ns/id/$node->{'fingerprint'}");
812
813 foreach (@output) {
814 # Router
815 if ($_ =~ /^r (\w+) (.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\d+)/) {
816 $node->{'name'} = $1;
817 $node->{'address'} = $3;
818 $node->{'port'} = $4;
819
820 my $country_code = &TorGetInfo($tor, "ip-to-country/$node->{'address'}");
821 $node->{'country_code'} = $country_code;
822
823 # Flags
824 } elsif ($_ =~ /^s (.*)$/) {
825 $node->{'flags'} = split(" ", $1);
826
827 foreach my $flag ($node->{'flags'}) {
828 if ($flag eq "Exit") {
829 $node->{'exit_node'}++;
830 }
831 }
832
833 # Bandwidth
834 } elsif ($_ =~ /^w Bandwidth=(\d+)/) {
835 $node->{'bandwidth'} = $1 * 8;
836 $node->{'bandwidth_string'} = &FormatBitsPerSecond($node->{'bandwidth'});
837 }
838 }
839
840 if (exists($node->{'name'})) {
841 return $node;
842 }
843 }
844
845 sub TorAccountingStats() {
846 my $tor = shift;
847 my $ret = {};
848
849 my $enabled = &TorGetInfo($tor, "accounting/enabled");
850 if ($enabled ne '1') {
851 return;
852 }
853
854 my @cmds = ("hibernating", "interval-start", "interval-end");
855 foreach (@cmds) {
856 $ret->{$_} = &TorGetInfo($tor, "accounting/$_");
857 }
858
859 my @cmds = ("bytes", "bytes-left");
860 foreach (@cmds) {
861 my $output = &TorGetInfo($tor, "accounting/$_");
862 my @bytes = split(" ", $output);
863
864 $ret->{$_."_read"} = $bytes[0];
865 $ret->{$_."_written"} = $bytes[1];
866 }
867
868 return $ret;
869 }
870
871 sub FormatBytes() {
872 my $bytes = shift;
873
874 my @units = ("B", "KB", "MB", "GB", "TB");
875 my $units_index = 0;
876
877 while (($units_index <= $#units) && ($bytes >= 1024)) {
878 $units_index++;
879 $bytes /= 1024;
880 }
881
882 return sprintf("%.2f %s", $bytes, $units[$units_index]);
883 }
884
885 sub FormatBitsPerSecond() {
886 my $bits = shift;
887
888 my @units = ("Bit/s", "KBit/s", "MBit/s", "GBit/s", "TBit/s");
889 my $units_index = 0;
890
891 while (($units_index <= $#units) && ($bits >= 1024)) {
892 $units_index++;
893 $bits /= 1024;
894 }
895
896 return sprintf("%.2f %s", $bits, $units[$units_index]);
897 }
Timo's tree of IPFire 2.x