]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - html/cgi-bin/tor.cgi
projects / people / teissler / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'ummeegge/useragent' into next
[people/teissler/ipfire-2.x.git] / html / cgi-bin / tor.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2013 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use Locale::Country;
24
25 # enable only the following on debugging purpose
26 use warnings;
27 use CGI::Carp 'fatalsToBrowser';
28
29 require '/var/ipfire/general-functions.pl';
30 require "${General::swroot}/lang.pl";
31 require "${General::swroot}/header.pl";
32
33 #workaround to suppress a warning when a variable is used only once
34 my @dummy = ( ${Header::colouryellow} );
35 undef (@dummy);
36
37 my @bandwidth_limits = (
38 1000 * 1024, # 1G
39 500 * 1024,
40 200 * 1024,
41 100 * 1024, # 100M
42 64 * 1024,
43 50 * 1024,
44 25 * 1024,
45 20 * 1024,
46 16 * 1024,
47 10 * 1024,
48 8 * 1024,
49 4 * 1024,
50 2 * 1024,
51 1024, # 1M
52 512,
53 256,
54 160
55 );
56 my @accounting_periods = ('daily', 'weekly', 'monthly');
57
58 my $TOR_CONTROL_PORT = 9051;
59
60 our %netsettings = ();
61 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
62
63 our %settings = ();
64
65 $settings{'TOR_ENABLED'} = 'off';
66 $settings{'TOR_SOCKS_PORT'} = 9050;
67 $settings{'TOR_EXIT_COUNTRY'} = '';
68 $settings{'TOR_USE_EXIT_NODES'} = '';
69 $settings{'TOR_ALLOWED_SUBNETS'} = "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}";
70 if (&Header::blue_used()) {
71 $settings{'TOR_ALLOWED_SUBNETS'} .= ",$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}";
72 }
73
74 $settings{'TOR_RELAY_ENABLED'} = 'off';
75 $settings{'TOR_RELAY_MODE'} = 'exit';
76 $settings{'TOR_RELAY_ADDRESS'} = '';
77 $settings{'TOR_RELAY_PORT'} = 9001;
78 $settings{'TOR_RELAY_NICKNAME'} = '';
79 $settings{'TOR_RELAY_CONTACT_INFO'} = '';
80 $settings{'TOR_RELAY_BANDWIDTH_RATE'} = 0;
81 $settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
82 $settings{'TOR_RELAY_ACCOUNTING_LIMIT'} = 0;
83 $settings{'TOR_RELAY_ACCOUNTING_PERIOD'} = 'daily';
84
85 $settings{'ACTION'} = '';
86
87 my $errormessage = '';
88 my $warnmessage = '';
89
90 &Header::showhttpheaders();
91
92 # Get GUI values.
93 &Header::getcgihash(\%settings);
94
95 # Create tor command connection.
96 our $torctrl = &TorConnect();
97
98 # Toggle enable/disable field.
99 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
100 if ($settings{'TOR_RELAY_NICKNAME'} ne '') {
101 if ($settings{'TOR_RELAY_NICKNAME'} !~ /^[a-zA-Z0-9]+$/) {
102 $errormessage = "$Lang::tr{'tor errmsg invalid relay name'}: $settings{'TOR_RELAY_NICKNAME'}";
103 }
104 }
105
106 if (!&General::validport($settings{'TOR_SOCKS_PORT'})) {
107 $errormessage = "$Lang::tr{'tor errmsg invalid socks port'}: $settings{'TOR_SOCKS_PORT'}";
108 }
109
110 if (!&General::validport($settings{'TOR_RELAY_PORT'})) {
111 $errormessage = "$Lang::tr{'tor errmsg invalid relay port'}: $settings{'TOR_RELAY_PORT'}";
112 }
113
114 if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
115 if ((!&General::validfqdn($settings{'TOR_RELAY_ADDRESS'})) && (!&General::validip($settings{'TOR_RELAY_ADDRESS'}))) {
116 $errormessage = "$Lang::tr{'tor errmsg invalid relay address'}: $settings{'TOR_RELAY_ADDRESS'}";
117 }
118 }
119
120 if ($settings{'TOR_RELAY_ACCOUNTING_LIMIT'} !~ /^\d+$/) {
121 $errormessage = "$Lang::tr{'tor errmsg invalid accounting limit'}: $settings{'TOR_RELAY_ACCOUNTING_LIMIT'}";
122 }
123
124 my @temp = split(/[\n,]/,$settings{'TOR_ALLOWED_SUBNETS'});
125 $settings{'TOR_ALLOWED_SUBNETS'} = "";
126 foreach (@temp) {
127 s/^\s+//g; s/\s+$//g;
128 if ($_) {
129 unless (&General::validipandmask($_)) {
130 $errormessage = "$Lang::tr{'tor errmsg invalid ip or mask'}: $_";
131 }
132 $settings{'TOR_ALLOWED_SUBNETS'} .= $_.",";
133 }
134 }
135
136 @temp = split(/[\n,]/,$settings{'TOR_USE_EXIT_NODES'});
137 $settings{'TOR_USE_EXIT_NODES'} = "";
138 foreach (@temp) {
139 s/^\s+//g; s/\s+$//g;
140 if ($_) {
141 $settings{'TOR_USE_EXIT_NODES'} .= $_.",";
142 }
143 }
144
145 # Burst bandwidth must be less or equal to bandwidth rate.
146 if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} == 0) {
147 $settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
148
149 } elsif ($settings{'TOR_RELAY_BANDWIDTH_BURST'} < $settings{'TOR_RELAY_BANDWIDTH_RATE'}) {
150 $settings{'TOR_RELAY_BANDWIDTH_BURST'} = $settings{'TOR_RELAY_BANDWIDTH_RATE'};
151 }
152
153 if ($errormessage eq '') {
154 # Write configuration settings to file.
155 &General::writehash("${General::swroot}/tor/settings", \%settings);
156
157 # Update configuration files.
158 &BuildConfiguration();
159 }
160 } else {
161 # Load settings from file.
162 &General::readhash("${General::swroot}/tor/settings", \%settings);
163 }
164
165 &showMainBox();
166
167 # Close Tor control connection.
168 &TorClose($torctrl);
169
170 # Functions
171
172 sub showMainBox() {
173 my %checked = ();
174 my %selected = ();
175
176 $checked{'TOR_ENABLED'}{'on'} = '';
177 $checked{'TOR_ENABLED'}{'off'} = '';
178 $checked{'TOR_ENABLED'}{$settings{'TOR_ENABLED'}} = 'checked';
179
180 $checked{'TOR_RELAY_ENABLED'}{'on'} = '';
181 $checked{'TOR_RELAY_ENABLED'}{'off'} = '';
182 $checked{'TOR_RELAY_ENABLED'}{$settings{'TOR_RELAY_ENABLED'}} = 'checked';
183
184 &Header::openpage($Lang::tr{'tor configuration'}, 1, '');
185 &Header::openbigbox('100%', 'left', '', $errormessage);
186
187 if ($errormessage) {
188 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
189 print "<font class='base'>$errormessage&nbsp;</font>\n";
190 &Header::closebox();
191 }
192
193 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
194
195 &Header::openbox('100%', 'left', $Lang::tr{'tor configuration'});
196
197 print <<END;
198 <table width='100%'>
199 <tr>
200 <td colspan='4' class='base'><b>$Lang::tr{'tor common settings'}</b></td>
201 </tr>
202 <tr>
203 <td width='25%' class='base'>$Lang::tr{'tor enabled'}:</td>
204 <td width='30%'><input type='checkbox' name='TOR_ENABLED' $checked{'TOR_ENABLED'}{'on'} /></td>
205 <td width='25%' class='base'>$Lang::tr{'tor socks port'}:</td>
206 <td width='20%'><input type='text' name='TOR_SOCKS_PORT' value='$settings{'TOR_SOCKS_PORT'}' size='5' /></td>
207 </tr>
208 <tr>
209 <td width='25%' class='base'>$Lang::tr{'tor relay enabled'}:</td>
210 <td width='30%'><input type='checkbox' name='TOR_RELAY_ENABLED' $checked{'TOR_RELAY_ENABLED'}{'on'} /></td>
211 <td width='25%' class='base'></td>
212 <td width='20%'></td>
213 </tr>
214 </table>
215 END
216
217 my @temp = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
218 $settings{'TOR_ALLOWED_SUBNETS'} = join("\n", @temp);
219
220 @temp = split(",", $settings{'TOR_USE_EXIT_NODES'});
221 $settings{'TOR_USE_EXIT_NODES'} = join("\n", @temp);
222
223 print <<END;
224 <br>
225 <hr size='1'>
226 <br>
227
228 <table width='100%'>
229 <tr>
230 <td colspan='4' class='base'><b>$Lang::tr{'tor acls'}</b></td>
231 </tr>
232 <tr>
233 <td colspan='2' class='base' width='55%'>
234 $Lang::tr{'tor allowed subnets'}:
235 </td>
236 <td colspan='2' width='45%'></td>
237 </tr>
238 <tr>
239 <td colspan='2' class='base' width='55%'>
240 <textarea name='TOR_ALLOWED_SUBNETS' cols='32' rows='3' wrap='off'>$settings{'TOR_ALLOWED_SUBNETS'}</textarea>
241 </td>
242 <td colspan='2' width='45%'></td>
243 </tr>
244 </table>
245
246 <br>
247 <hr size='1'>
248 <br>
249
250 <table width='100%'>
251 <tr>
252 <td colspan='4' class='base'><b>$Lang::tr{'tor exit nodes'}</b></td>
253 </tr>
254 <tr>
255 <td colspan='2' class='base' width='55%'></td>
256 <td colspan='2' class='base' width='45%'>$Lang::tr{'tor use exit nodes'}:</td>
257 </tr>
258 <tr>
259 <td width='50%' colspan='2'>
260 <select name='TOR_EXIT_COUNTRY'>
261 <option value=''>- $Lang::tr{'tor exit country any'} -</option>
262 END
263
264 my @country_names = Locale::Country::all_country_names();
265 foreach my $country_name (sort @country_names) {
266 my $country_code = Locale::Country::country2code($country_name);
267 $country_code = uc($country_code);
268 print "<option value='$country_code'>$country_name ($country_code)</option>\n";
269 }
270
271 print <<END;
272 </select>
273 </td>
274 <td width='50%' colspan='2'>
275 <textarea name='TOR_USE_EXIT_NODES' cols='32' rows='3' wrap='off'>$settings{'TOR_USE_EXIT_NODES'}</textarea>
276 </td>
277 </tr>
278 </table>
279 <br><br>
280 END
281
282 &Header::closebox();
283
284 # Tor relay box
285 $selected{'TOR_RELAY_MODE'}{'bridge'} = '';
286 $selected{'TOR_RELAY_MODE'}{'exit'} = '';
287 $selected{'TOR_RELAY_MODE'}{'private-bridge'} = '';
288 $selected{'TOR_RELAY_MODE'}{'relay'} = '';
289 $selected{'TOR_RELAY_MODE'}{$settings{'TOR_RELAY_MODE'}} = 'selected';
290
291 $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'} = '';
292 foreach (@bandwidth_limits) {
293 $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_} = '';
294 }
295 $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$settings{'TOR_RELAY_BANDWIDTH_RATE'}} = 'selected';
296
297 $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'} = '';
298 foreach (@bandwidth_limits) {
299 $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_} = '';
300 }
301 $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$settings{'TOR_RELAY_BANDWIDTH_BURST'}} = 'selected';
302
303 foreach (@accounting_periods) {
304 $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_} = '';
305 }
306 $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$settings{'TOR_RELAY_ACCOUNTING_PERIOD'}} = 'selected';
307
308 &Header::openbox('100%', 'left', $Lang::tr{'tor relay configuration'});
309
310 print <<END;
311 <table width='100%'>
312 <tr>
313 <td width='25%' class='base'>$Lang::tr{'tor relay mode'}:</td>
314 <td width='30%'>
315 <select name='TOR_RELAY_MODE'>
316 <option value='exit' $selected{'TOR_RELAY_MODE'}{'exit'}>$Lang::tr{'tor relay mode exit'}</option>
317 <option value='relay' $selected{'TOR_RELAY_MODE'}{'relay'}>$Lang::tr{'tor relay mode relay'}</option>
318 <option value='bridge' $selected{'TOR_RELAY_MODE'}{'bridge'}>$Lang::tr{'tor relay mode bridge'}</option>
319 <option value='private-bridge' $selected{'TOR_RELAY_MODE'}{'private-bridge'}>$Lang::tr{'tor relay mode private bridge'}</option>
320 </select>
321 </td>
322 <td width='25%' class='base'>$Lang::tr{'tor relay nickname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
323 <td width='20%'>
324 <input type='text' name='TOR_RELAY_NICKNAME' value='$settings{'TOR_RELAY_NICKNAME'}' />
325 </td>
326 </tr>
327 <tr>
328 <td width='25%' class='base'>$Lang::tr{'tor relay address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
329 <td width='30%'>
330 <input type='text' name='TOR_RELAY_ADDRESS' value='$settings{'TOR_RELAY_ADDRESS'}' />
331 </td>
332 <td width='25%' class='base'>$Lang::tr{'tor relay port'}:</td>
333 <td width='20%'>
334 <input type='text' name='TOR_RELAY_PORT' value='$settings{'TOR_RELAY_PORT'}' size='5' />
335 </td>
336 </tr>
337 <tr>
338 <td width='25%' class='base'>$Lang::tr{'tor contact info'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
339 <td width='75%' colspan='3'>
340 <input type='text' name='TOR_RELAY_CONTACT_INFO' value='$settings{'TOR_RELAY_CONTACT_INFO'}' style='width: 98%;' />
341 </td>
342 </tr>
343 </table>
344
345 <hr size='1'>
346
347 <table width='100%'>
348 <tr>
349 <td colspan='4' class='base'><b>$Lang::tr{'tor bandwidth settings'}</b></td>
350 </tr>
351 <tr>
352 <td width='25%' class='base'>$Lang::tr{'tor bandwidth rate'}:</td>
353 <td width='30%' class='base'>
354 <select name='TOR_RELAY_BANDWIDTH_RATE'>
355 END
356
357 foreach (@bandwidth_limits) {
358 if ($_ >= 1024) {
359 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
360 } else {
361 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>$_ kBit/s</option>\n";
362 }
363 }
364
365 print <<END;
366 <option value='0' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
367 </select>
368 </td>
369 <td width='25%' class='base'>$Lang::tr{'tor accounting limit'}:</td>
370 <td width='20%'>
371 <input type='text' name='TOR_RELAY_ACCOUNTING_LIMIT' value='$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}' size='12' />
372 </td>
373 </tr>
374 <tr>
375 <td width='25%' class='base'>$Lang::tr{'tor bandwidth burst'}:</td>
376 <td width='20%' class='base'>
377 <select name='TOR_RELAY_BANDWIDTH_BURST'>
378 END
379
380 foreach (@bandwidth_limits) {
381 if ($_ >= 1024) {
382 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
383 } else {
384 print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>$_ kBit/s</option>\n";
385 }
386 }
387 print <<END;
388 <option value='0' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
389 </select>
390 </td>
391 <td width='25%' class='base'>$Lang::tr{'tor accounting period'}:</td>
392 <td width='20%'>
393 <select name='TOR_RELAY_ACCOUNTING_PERIOD'>
394 END
395
396 foreach (@accounting_periods) {
397 print "<option value='$_' $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_}>$Lang::tr{'tor accounting period '.$_}</option>";
398 }
399
400 print <<END;
401 </select>
402 </td>
403 </tr>
404 </table>
405 END
406
407 &Header::closebox();
408
409 print <<END;
410 <table width='100%'>
411 <tr>
412 <td>
413 <img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'this field may be blank'}</font>
414 </td>
415 <td align='right'>&nbsp;</td>
416 </tr>
417 </table>
418
419 <hr>
420
421 <table width='100%'>
422 <tr>
423 <td>&nbsp;</td>
424 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
425 <td>&nbsp;</td>
426 </tr>
427 </table>
428 END
429
430 # If we have a control connection, show the stats.
431 if ($torctrl) {
432 &Header::openbox('100%', 'left', $Lang::tr{'tor stats'});
433
434 my @traffic = &TorTrafficStats($torctrl);
435
436 if (@traffic) {
437 print <<END;
438 <table width='100%'>
439 END
440
441 if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
442 my $fingerprint = &TorRelayFingerprint($torctrl);
443 if ($fingerprint) {
444 print <<END;
445 <tr>
446 <td width='40%' class='base'>$Lang::tr{'tor relay fingerprint'}:</td>
447 <td width='60%'>
448 <a href='https://atlas.torproject.org/#details/$fingerprint' target='_blank'>$fingerprint</a>
449 </td>
450 </tr>
451 END
452 }
453 }
454
455 my $address = TorGetInfo($torctrl, "address");
456 if ($address) {
457 print <<END;
458 <tr>
459 <td width='40%' class='base'>$Lang::tr{'tor relay external address'}:</td>
460 <td width='60%'>$address</td>
461 </tr>
462 END
463 }
464
465 print <<END;
466 <tr>
467 <td width='40%'>$Lang::tr{'tor traffic read written'}:</td>
468 END
469 print "<td width='60%'>" . &FormatBytes($traffic[0]) ."/". &FormatBytes($traffic[1]) . "</td>";
470 print <<END;
471 </tr>
472 </table>
473 END
474 }
475
476 my $accounting = &TorAccountingStats($torctrl);
477 if ($accounting) {
478 print <<END;
479 <table width='100%'>
480 <tr>
481 <td colspan='2' class='base'><b>$Lang::tr{'tor accounting'}</b></td>
482 </tr>
483 END
484
485 if ($accounting->{'hibernating'} eq "hard") {
486 print <<END;
487 <tr>
488 <td class='base' colspan='2' bgcolor="$Header::colourred" align='center'>
489 <font color='white'>$Lang::tr{'tor traffic limit hard'}</font>
490 </td>
491 </tr>
492 END
493 } elsif ($accounting->{'hibernating'} eq "soft") {
494 print <<END;
495 <tr>
496 <td class='base' colspan='2' bgcolor="$Header::colourorange" align='center'>
497 <font color='white'>$Lang::tr{'tor traffic limit soft'}</font>
498 </td>
499 </tr>
500 END
501 }
502
503 print <<END;
504 <tr>
505 <td width='40%' class='base'>$Lang::tr{'tor accounting interval'}</td>
506 <td width='60%'>
507 $accounting->{'interval-start'} - $accounting->{'interval-end'}
508 </td>
509 </tr>
510 <tr>
511 <td width='40%' class='base'>$Lang::tr{'tor accounting bytes'}</td>
512 <td width='60%'>
513 END
514
515 print &FormatBytes($accounting->{'bytes_read'}) . "/" . &FormatBytes($accounting->{'bytes_written'});
516 print " (" . &FormatBytes($accounting->{'bytes-left_read'}) . "/" . &FormatBytes($accounting->{'bytes-left_written'});
517 print " $Lang::tr{'tor accounting bytes left'})";
518
519 print <<END;
520 </td>
521 </tr>
522 </table>
523 END
524 }
525
526 my @nodes = &TorORConnStatus($torctrl);
527 if (@nodes) {
528 my $nodes_length = scalar @nodes;
529 print <<END;
530 <table width='100%'>
531 <tr>
532 <td width='40%' class='base'><b>$Lang::tr{'tor connected relays'}</b></td>
533 <td width='60%' colspan='2'>($nodes_length)</td>
534 </tr>
535 END
536
537 foreach my $node (@nodes) {
538 print <<END;
539 <tr>
540 <td width='40%'>
541 <a href='https://atlas.torproject.org/#details/$node->{'fingerprint'}' target='_blank'>
542 $node->{'name'}
543 </a>
544 </td>
545 <td width='30%'>
546 END
547
548 if (exists($node->{'country_code'})) {
549 print "<a href='country.cgi#$node->{'country_code'}'><img src='/images/flags/$node->{'country_code'}.png' border='0' align='absmiddle' alt='$node->{'country_code'}'></a>";
550 }
551
552 print <<END;
553 <a href='ipinfo.cgi?ip=$node->{'address'}'>$node->{'address'}</a>:$node->{'port'}
554 </td>
555 <td width='30%' align='right'>
556 ~$node->{'bandwidth_string'}
557 </td>
558 </tr>
559 END
560 }
561 print "</table>";
562 }
563
564 &Header::closebox();
565 }
566
567 print "</form>\n";
568
569 &Header::closebigbox();
570 &Header::closepage();
571 }
572
573 sub BuildConfiguration() {
574 my %settings = ();
575 &General::readhash("${General::swroot}/tor/settings", \%settings);
576
577 my $torrc = "${General::swroot}/tor/torrc";
578
579 open(FILE, ">$torrc");
580
581 # Global settings.
582 print FILE "ControlPort $TOR_CONTROL_PORT\n";
583
584 if ($settings{'TOR_ENABLED'} eq 'on') {
585 my $strict_nodes = 0;
586
587 print FILE "SocksPort 0.0.0.0:$settings{'TOR_SOCKS_PORT'}\n";
588
589 my @subnets = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
590 foreach (@subnets) {
591 print FILE "SocksPolicy accept $_\n" if (&General::validipandmask($_));
592 }
593 print FILE "SocksPolicy reject *\n" if (@subnets);
594
595 if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
596 $strict_nodes = 1;
597
598 print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n";
599 }
600
601 if ($settings{'TOR_USE_EXIT_NODES'} ne '') {
602 $strict_nodes = 1;
603
604 my @nodes = split(",", $settings{'TOR_USE_EXIT_NODES'});
605 foreach (@nodes) {
606 print FILE "ExitNode $_\n";
607 }
608 }
609
610 if ($strict_nodes > 0) {
611 print FILE "StrictNodes 1\n";
612 }
613 }
614
615 if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
616 # Reject access to private networks.
617 print FILE "ExitPolicyRejectPrivate 1\n";
618
619 print FILE "ORPort $settings{'TOR_RELAY_PORT'}\n";
620
621 if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
622 print FILE "Address $settings{'TOR_RELAY_ADDRESS'}\n";
623 }
624
625 if ($settings{'TOR_RELAY_NICKNAME'} ne '') {
626 print FILE "Nickname $settings{'TOR_RELAY_NICKNAME'}\n";
627 }
628
629 if ($settings{'TOR_RELAY_CONTACT_INFO'} ne '') {
630 print FILE "ContactInfo $settings{'TOR_RELAY_CONTACT_INFO'}\n";
631 }
632
633 # Limit to bridge mode.
634 my $is_bridge = 0;
635
636 if ($settings{'TOR_RELAY_MODE'} eq 'bridge') {
637 $is_bridge++;
638
639 # Private bridge.
640 } elsif ($settings{'TOR_RELAY_MODE'} eq 'private-bridge') {
641 $is_bridge++;
642
643 print FILE "PublishServerDescriptor 0\n";
644
645 # Exit node.
646 } elsif ($settings{'TOR_RELAY_MODE'} eq 'exit') {
647 print FILE "ExitPolicy accept *:*\n";
648
649 # Relay only.
650 } elsif ($settings{'TOR_RELAY_MODE'} eq 'relay') {
651 print FILE "ExitPolicy reject *:*\n";
652 }
653
654 if ($is_bridge > 0) {
655 print FILE "BridgeRelay 1\n";
656 print FILE "Exitpolicy reject *:*\n";
657 }
658
659 if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} > 0) {
660 print FILE "RelayBandwidthRate ";
661 print FILE $settings{'TOR_RELAY_BANDWIDTH_RATE'} / 8;
662 print FILE " KB\n";
663
664 if ($settings{'TOR_RELAY_BANDWIDTH_BURST'} > 0) {
665 print FILE "RelayBandwidthBurst ";
666 print FILE $settings{'TOR_RELAY_BANDWIDTH_BURST'} / 8;
667 print FILE " KB\n";
668 }
669 }
670
671 if ($settings{'TOR_RELAY_ACCOUNTING_LIMIT'} > 0) {
672 print FILE "AccountingMax ".$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}." MB\n";
673
674 if ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'daily') {
675 print FILE "AccountingStart day 00:00\n";
676 } elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'weekly') {
677 print FILE "AccountingStart week 1 00:00\n";
678 } elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'monthly') {
679 print FILE "AccountingStart month 1 00:00\n";
680 }
681 }
682 }
683
684 close(FILE);
685
686 # Restart the service.
687 if (($settings{'TOR_ENABLED'} eq 'on') || ($settings{'TOR_RELAY_ENABLED'} eq 'on')) {
688 system("/usr/local/bin/torctrl restart &>/dev/null");
689 } else {
690 system("/usr/local/bin/torctrl stop &>/dev/null");
691 }
692 }
693
694 sub TorConnect() {
695 my $socket = new IO::Socket::INET(
696 Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => $TOR_CONTROL_PORT,
697 ) or return;
698
699 $socket->autoflush(1);
700
701 # Authenticate.
702 &TorSendCommand($socket, "AUTHENTICATE");
703
704 return $socket;
705 }
706
707 sub TorSendCommand() {
708 my ($socket, $cmd) = @_;
709
710 # Replace line ending with \r\n.
711 chomp $cmd;
712 $cmd .= "\r\n";
713
714 $socket->send($cmd);
715
716 my @output = ();
717 while (my $line = <$socket>) {
718 # Skip empty lines.
719 if ($line =~ /^.\r\n$/) {
720 next;
721 }
722
723 # Command has been successfully executed.
724 if ($line =~ /250 OK/) {
725 last;
726
727 # Error.
728 } elsif ($line =~ /^5\d+/) {
729 last;
730
731 } else {
732 # Remove line endings.
733 $line =~ s/\r\n$//;
734
735 push(@output, $line);
736 }
737 }
738
739 return @output;
740 }
741
742 sub TorSendCommandOneLine() {
743 my ($tor, $cmd) = @_;
744
745 my @output = &TorSendCommand($tor, $cmd);
746 return $output[0];
747 }
748
749 sub TorGetInfo() {
750 my ($tor, $cmd) = @_;
751
752 my $output = &TorSendCommandOneLine($tor, "GETINFO ".$cmd);
753
754 my ($key, $value) = split("=", $output);
755 return $value;
756 }
757
758 sub TorClose() {
759 my $socket = shift;
760
761 if ($socket) {
762 $socket->shutdown(2);
763 }
764 }
765
766 sub TorTrafficStats() {
767 my $tor = shift;
768
769 my $output_read = &TorGetInfo($tor, "traffic/read");
770 my $output_written = &TorGetInfo($tor, "traffic/written");
771
772 return ($output_read, $output_written);
773 }
774
775 sub TorRelayFingerprint() {
776 my $tor = shift;
777
778 return &TorGetInfo($tor, "fingerprint");
779 }
780
781 sub TorORConnStatus() {
782 my $tor = shift;
783 my @nodes = ();
784
785 my @output = &TorSendCommand($tor, "GETINFO orconn-status");
786 foreach (@output) {
787 $_ =~ s/^250[\+-]orconn-status=//;
788 next if ($_ eq "");
789 last if ($_ eq ".");
790 next unless ($_ =~ /^\$/);
791
792 my @line = split(" ", $_);
793 my @node = split(/[=~]/, $line[0]);
794
795 my $node = &TorNodeDescription($tor, $node[0]);
796 if ($node) {
797 push(@nodes, $node);
798 }
799 }
800
801 # Sort by names.
802 @nodes = sort { $a->{'name'} cmp $b->{'name'} } @nodes;
803
804 return @nodes;
805 }
806
807 sub TorNodeDescription() {
808 my ($tor, $fingerprint) = @_;
809 $fingerprint =~ s/\$//;
810
811 my $node = {
812 fingerprint => $fingerprint,
813 exit_node => 0,
814 };
815
816 my @output = &TorSendCommand($tor, "GETINFO ns/id/$node->{'fingerprint'}");
817
818 foreach (@output) {
819 # Router
820 if ($_ =~ /^r (\w+) (.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\d+)/) {
821 $node->{'name'} = $1;
822 $node->{'address'} = $3;
823 $node->{'port'} = $4;
824
825 my $country_code = &TorGetInfo($tor, "ip-to-country/$node->{'address'}");
826 $node->{'country_code'} = $country_code;
827
828 # Flags
829 } elsif ($_ =~ /^s (.*)$/) {
830 $node->{'flags'} = split(" ", $1);
831
832 foreach my $flag ($node->{'flags'}) {
833 if ($flag eq "Exit") {
834 $node->{'exit_node'}++;
835 }
836 }
837
838 # Bandwidth
839 } elsif ($_ =~ /^w Bandwidth=(\d+)/) {
840 $node->{'bandwidth'} = $1 * 8;
841 $node->{'bandwidth_string'} = &FormatBitsPerSecond($node->{'bandwidth'});
842 }
843 }
844
845 if (exists($node->{'name'})) {
846 return $node;
847 }
848 }
849
850 sub TorAccountingStats() {
851 my $tor = shift;
852 my $ret = {};
853
854 my $enabled = &TorGetInfo($tor, "accounting/enabled");
855 if ($enabled ne '1') {
856 return;
857 }
858
859 my @cmds = ("hibernating", "interval-start", "interval-end");
860 foreach (@cmds) {
861 $ret->{$_} = &TorGetInfo($tor, "accounting/$_");
862 }
863
864 my @cmds = ("bytes", "bytes-left");
865 foreach (@cmds) {
866 my $output = &TorGetInfo($tor, "accounting/$_");
867 my @bytes = split(" ", $output);
868
869 $ret->{$_."_read"} = $bytes[0];
870 $ret->{$_."_written"} = $bytes[1];
871 }
872
873 return $ret;
874 }
875
876 sub FormatBytes() {
877 my $bytes = shift;
878
879 my @units = ("B", "KB", "MB", "GB", "TB");
880 my $units_index = 0;
881
882 while (($units_index <= $#units) && ($bytes >= 1024)) {
883 $units_index++;
884 $bytes /= 1024;
885 }
886
887 return sprintf("%.2f %s", $bytes, $units[$units_index]);
888 }
889
890 sub FormatBitsPerSecond() {
891 my $bits = shift;
892
893 my @units = ("Bit/s", "KBit/s", "MBit/s", "GBit/s", "TBit/s");
894 my $units_index = 0;
895
896 while (($units_index <= $#units) && ($bits >= 1024)) {
897 $units_index++;
898 $bits /= 1024;
899 }
900
901 return sprintf("%.2f %s", $bits, $units[$units_index]);
902 }
Timo's tree of IPFire 2.x