From: <ow...@us...> - 2008-07-22 11:14:22
|
Revision: 1600 http://ipcop.svn.sourceforge.net/ipcop/?rev=1600&view=rev Author: owes Date: 2008-07-22 11:14:31 +0000 (Tue, 22 Jul 2008) Log Message: ----------- Connections can be viewed again. This is a quick and fairly dirty hack. We need to consider what info we want to show and how it should be displayed. There simply is too much info in the connection tracking table to squeeze into 1 view. Modified Paths: -------------- ipcop/trunk/html/cgi-bin/connections.cgi Modified: ipcop/trunk/html/cgi-bin/connections.cgi =================================================================== --- ipcop/trunk/html/cgi-bin/connections.cgi 2008-07-22 11:05:54 UTC (rev 1599) +++ ipcop/trunk/html/cgi-bin/connections.cgi 2008-07-22 11:14:31 UTC (rev 1600) @@ -1,5 +1,21 @@ #!/usr/bin/perl # +# This file is part of the IPCop Firewall. +# +# IPCop is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# IPCop is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with IPCop; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# # (c) 2001 Jack Beglinger <jac...@ya...> # # (c) 2003 Dave Roberts <cou...@ho...> - colour coded netfilter/iptables rewrite for 1.3 @@ -36,21 +52,18 @@ # Read various files my %netsettings=(); -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); +&General::readhash('/var/ipcop/ethernet/settings', \%netsettings); -open (ACTIVE, "/proc/net/ip_conntrack") or die 'Unable to open ip_conntrack'; -my @active = <ACTIVE>; -close (ACTIVE); +my @active = `/usr/local/bin/conntrack_helper`; - -my $aliasfile = "${General::swroot}/ethernet/aliases"; +my $aliasfile = '/var/ipcop/ethernet/aliases'; open(ALIASES, $aliasfile) or die 'Unable to open aliases file.'; my @aliases = <ALIASES>; close(ALIASES); # Add VPNs my @vpn = (); -open (ACTIVE, "/proc/net/ipsec_eroute") and @vpn = <ACTIVE>; +open (ACTIVE, '/proc/net/ipsec_eroute') and @vpn = <ACTIVE>; close (ACTIVE); foreach my $line (@vpn) { my @temp = split(/[\t ]+/,$line); @@ -98,10 +111,10 @@ $icount = $netsettings{'ORANGE_COUNT'}; while ( $icount > 0 ) { push(@network, $netsettings{"ORANGE_${icount}_NETADDRESS"}); - push(@masklen, $netsettings{'ORANGE_${icount}_NETMASK'} ); + push(@masklen, $netsettings{"ORANGE_${icount}_NETMASK"} ); push(@colour, 'ipcop_iface_bg_orange' ); # Add Orange Routes to Array - @routes = `/sbin/route -n | /bin/grep $netsettings{'ORANGE_${icount}_DEV'}`; + @routes = `/sbin/route -n | /bin/grep $netsettings{"ORANGE_${icount}_DEV"}`; foreach my $route (@routes) { chomp($route); my @temp = split(/[\t ]+/, $route); @@ -115,11 +128,11 @@ # Add Blue Network $icount = $netsettings{'BLUE_COUNT'}; while ( $icount > 0 ) { - push(@network, $netsettings{'BLUE_${icount}_NETADDRESS'}); - push(@masklen, $netsettings{'BLUE_${icount}_NETMASK'} ); + push(@network, $netsettings{"BLUE_${icount}_NETADDRESS"}); + push(@masklen, $netsettings{"BLUE_${icount}_NETMASK"} ); push(@colour, 'ipcop_iface_bg_blue' ); # Add Blue Routes to Array - @routes = `/sbin/route -n | /bin/grep $netsettings{'BLUE_${icount}_DEV'}`; + @routes = `/sbin/route -n | /bin/grep $netsettings{"BLUE_${icount}_DEV"}`; foreach my $route (@routes) { chomp($route); my @temp = split(/[\t ]+/, $route); @@ -134,7 +147,7 @@ $icount = $netsettings{'RED_COUNT'}; while ( $icount > 0 ) { # We have a RED eth iface - if ($netsettings{'RED_${icount}_TYPE'} eq 'STATIC') { + if ($netsettings{"RED_${icount}_TYPE"} eq 'STATIC') { # We have a STATIC RED eth iface foreach my $line (@aliases) { @@ -150,7 +163,7 @@ $icount--; } -if (open(IP, "${General::swroot}/red/local-ipaddress")) { +if (open(IP, '/var/ipcop/red/local-ipaddress')) { my $redip = <IP>; close(IP); chomp $redip; @@ -163,6 +176,12 @@ #Establish simple filtering&sorting boxes on top of table our %cgiparams; +$cgiparams{'SEE_PROTO'} = ''; +$cgiparams{'SEE_STATE'} = ''; +$cgiparams{'SEE_MARK'} = ''; +$cgiparams{'SEE_SRC'} = ''; +$cgiparams{'SEE_DEST'} = ''; +$cgiparams{'SEE_SORT'} = ''; &General::getcgihash(\%cgiparams); my @list_proto = ($Lang::tr{'all'}, 'icmp', 'udp', 'tcp'); @@ -181,8 +200,8 @@ ) { $cgiparams{'SEE_MARK'} = $list_mark[0] }; if ( ! grep ( /^$cgiparams{'SEE_SORT'}$/ , @list_sort )) { $cgiparams{'SEE_SORT'} = $list_sort[0] }; # *.*.*.* or a valid IP -if ( $cgiparams{'SEE_SRC'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_SRC'} = '*.*.*.*' }; -if ( $cgiparams{'SEE_DEST'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/) { $cgiparams{'SEE_DEST'} = '*.*.*.*' }; +if ( $cgiparams{'SEE_SRC'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/ ) { $cgiparams{'SEE_SRC'} = '*.*.*.*' }; +if ( $cgiparams{'SEE_DEST'} !~ /^(\*\.\*\.\*\.\*\.|\d+\.\d+\.\d+\.\d+)$/ ) { $cgiparams{'SEE_DEST'} = '*.*.*.*' }; our %entries = (); # will hold the lines analyzed correctly @@ -203,155 +222,73 @@ my $exdp=''; my $marked=''; my $use=''; + my $extraline=''; chomp($line); my @temp = split(' ',$line); - if ($temp[0] eq 'icmp') { - $protocol = $temp[0]; - $status = $Lang::tr{'all'}; - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : ' '; - } - if ($temp[0] eq 'udp') { - $protocol = $temp[0]; - $status = $Lang::tr{'all'}; - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $marked = $temp[7] eq '[UNREPLIED]' ? '[UNREPLIED]' : defined ($temp[12]) ? $temp[11] : ' '; - } - if ($temp[0] eq 'tcp') { - $protocol = $temp[0]; - $status = $temp[3]; - $orgsip = substr $temp[4], 4; - $orgdip = substr $temp[5], 4; - $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : defined ($temp[13]) ? $temp[12] : ' '; - } - # filter the line if we found a known proto - next if( !( - (($cgiparams{'SEE_PROTO'} eq $Lang::tr{'all'}) || ($protocol eq $cgiparams{'SEE_PROTO'} )) - && (($cgiparams{'SEE_STATE'} eq $Lang::tr{'all'}) || ($status eq $cgiparams{'SEE_STATE'} )) - && (($cgiparams{'SEE_MARK'} eq $Lang::tr{'all'}) || ($marked eq $cgiparams{'SEE_MARK'} )) - && (($cgiparams{'SEE_SRC'} eq "*.*.*.*") || ($orgsip eq $cgiparams{'SEE_SRC'} )) - && (($cgiparams{'SEE_DEST'} eq "*.*.*.*") || ($orgdip eq $cgiparams{'SEE_DEST'} )) - )); - - if ($temp[0] eq 'icmp') { + if ( ($temp[0] eq 'ipv4') && ($temp[2] eq 'udp') ) { my $offset = 0; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; - $status = ' '; - if ($temp[8] eq '[UNREPLIED]' ) { - $offset = +1; - } - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $orgsp = &General::GetIcmpDescription(substr( $temp[5], 5)) . "/" . substr( $temp[6], 5);; - $orgdp = 'id=' . substr( $temp[7], 3); - $exsip = substr $temp[8 + $offset], 4; - $exdip = substr $temp[9 + $offset], 4; - $exsp = &General::GetIcmpDescription(substr( $temp[10 + $offset], 5)). "/" . substr( $temp[11 + $offset], 5); - $exdp = 'id=' . substr( $temp[11 + $offset], 5); - $marked = $temp[8] eq '[UNREPLIED]' ? '[UNREPLIED]' : ' '; - $use = substr( $temp[13 + $offset], 4 ); - } - if ($temp[0] eq 'udp') { - my $offset = 0; $marked = ''; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; + $protocol = $temp[2]; + $expires = $temp[4]; $status = ' '; - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $orgsp = substr $temp[5], 6; - $orgdp = substr $temp[6], 6; - if ($temp[7] eq '[UNREPLIED]') { + $orgsip = substr $temp[5], 4; + $orgdip = substr $temp[6], 4; + $orgsp = substr $temp[7], 6; + $orgdp = substr $temp[8], 6; + if ($temp[11] eq '[UNREPLIED]') { $offset = 1; - $marked = $temp[7]; - $use = substr $temp[12], 4; + $marked = $temp[11]; + $use = substr $temp[19], 4; } else { - if ((substr $temp[11], 0, 3) eq 'use' ) { + if ((substr $temp[17], 0, 3) eq 'use' ) { $marked = ''; - $use = substr $temp[11], 4; + $use = substr $temp[17], 4; } else { - $marked = $temp[11]; - $use = substr $temp[12], 4; + $marked = $temp[17]; + $use = substr $temp[18], 4; } } - $exsip = substr $temp[7 + $offset], 4; - $exdip = substr $temp[8 + $offset], 4; - $exsp = substr $temp[9 + $offset], 6; - $exdp = substr $temp[10 + $offset], 6; + $exsip = substr $temp[11 + $offset], 4; + $exdip = substr $temp[12 + $offset], 4; + $exsp = substr $temp[13 + $offset], 6; + $exdp = substr $temp[14 + $offset], 6; + + $extraline = "$temp[9] $temp[10] , $temp[15+$offset] $temp[16+$offset]"; } - if ($temp[0] eq 'tcp') { + elsif ( ($temp[0] eq 'ipv4') && ($temp[2] eq 'tcp') ) { my $offset = 0; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; - $status = $temp[3]; - $orgsip = substr $temp[4], 4; - $orgdip = substr $temp[5], 4; - $orgsp = substr $temp[6], 6; - $orgdp = substr $temp[7], 6; - if ($temp[8] eq '[UNREPLIED]') { - $marked = $temp[8]; + $protocol = $temp[2]; + $expires = $temp[4]; + $status = $temp[5]; + $orgsip = substr $temp[6], 4; + $orgdip = substr $temp[7], 4; + $orgsp = substr $temp[8], 6; + $orgdp = substr $temp[9], 6; + if ($temp[12] eq '[UNREPLIED]') { + $marked = $temp[0]; $offset = 1; } else { - $marked = $temp[12]; + $marked = $temp[18]; } - $exsip = substr $temp[8 + $offset], 4; - $exdip = substr $temp[9 + $offset], 4; - $exsp = substr $temp[10 + $offset], 6; - $exdp = substr $temp[11 + $offset], 6; - $use = substr $temp[13], 4; + $exsip = substr $temp[12 + $offset], 4; + $exdip = substr $temp[13 + $offset], 4; + $exsp = substr $temp[14 + $offset], 6; + $exdp = substr $temp[15 + $offset], 6; + $use = substr $temp[20], 4; + + $extraline = "$temp[10] $temp[11] , $temp[16+$offset] $temp[17+$offset]"; } - if ($temp[0] eq 'unknown') { - my $offset = 0; - $marked = ''; - $protocol = "??? (" . $temp[1] . ")"; - $protocol = "igmp (" . $temp[1] . ")" if ($temp[1] == 2); - $protocol = "esp (" . $temp[1] . ")" if ($temp[1] == 50); - $protocol = "ah (" . $temp[1] . ")" if ($temp[1] == 51); - $expires = $temp[2]; - $status = ' '; - $orgsip = substr $temp[3], 4; - $orgdip = substr $temp[4], 4; - $orgsp = ' '; - $orgdp = ' '; - if ($temp[5] eq '[UNREPLIED]') { - # IGMP (maybe others) has this format - # unknown 2 234 src=192.168.0.2 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1 dst=192.168.0.2 use=1 - $marked = $temp[5]; - $offset = 1; - } - $exsip = substr $temp[5 + $offset], 4; - $exdip = substr $temp[6 + $offset], 4; - $exsp = ' '; - $exdp = ' '; - $use = ' '; - } - if ($temp[0] eq 'gre') { - my $offset = 0; - $protocol = $temp[0] . " (" . $temp[1] . ")"; - $expires = $temp[2]; - $orgsip = substr $temp[5], 4; - $orgdip = substr $temp[6], 4; - $orgsp = ' '; - $orgdp = ' '; - $exsip = substr $temp[9], 4; - $exdip = substr $temp[10], 4; - $exsp = ' '; - $exdp = ' '; - $marked = $temp[13]; - $use = $temp[14]; - } + # Only from this point, lines have the same known format/field # The floating fields [UNREPLIED] [ASSURED] etc are ok. # Store the line in a hash array for sorting if ( $protocol ) { # line is decoded ? my @record = ( 'index', $index++, + 'extra', $extraline, 'protocol', $protocol, 'expires', $expires, 'status', $status, @@ -370,7 +307,7 @@ $entries{$record->{index}} = $record; # add this to a hash of hashes } else { # it was not a known line $unknownlines .= "<tr bgcolor='${Header::table1colour}'>"; - $unknownlines .= "<td colspan='9'> unknown:$line></td></tr>"; + $unknownlines .= "<td colspan='9'> unknown:$line</td></tr>"; } } @@ -412,16 +349,6 @@ <td align='center'><b>$Lang::tr{'marked'}</b></td> <td align='center'><b>$Lang::tr{'use'}</b></td> </tr> -<tr> - <td align='center'>$menu_proto</td> - <td> </td> - <td align='center'>$menu_state</td> - <td align='center'>$menu_src</td> - <td align='center'>$menu_dest</td> - <td align='center'colspan='2'>$Lang::tr{'sort ascending'}:$menu_sort </td> - <td align='center'>$menu_mark</td> - <td align='center'><input type='submit' value='!' /></td> -</tr> END ; @@ -456,6 +383,10 @@ </tr> END ; + if ( $entries{$entry}->{extra} ne '' ) + { + print "<tr><td colspan='9'>$entries{$entry}->{extra}</td></tr>"; + } } print "$unknownlines</table></form>"; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |