[prev in list] [next in list] [prev in thread] [next in thread]
List: ipcop-svn
Subject: [Ipcop-svn] SF.net SVN: ipcop:[3497]
From: owes () users ! sourceforge ! net
Date: 2009-08-26 14:01:51
Message-ID: E1MgJ4R-0004Fu-3k () d5vjzd1 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 3497
http://ipcop.svn.sourceforge.net/ipcop/?rev=3497&view=rev
Author: owes
Date: 2009-08-26 14:01:50 +0000 (Wed, 26 Aug 2009)
Log Message:
-----------
Fully use NetAddr-IP
Modified Paths:
--------------
ipcop/trunk/html/cgi-bin/connections.cgi
Modified: ipcop/trunk/html/cgi-bin/connections.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/connections.cgi 2009-08-26 14:00:14 UTC (rev 3496)
+++ ipcop/trunk/html/cgi-bin/connections.cgi 2009-08-26 14:01:50 UTC (rev 3497)
@@ -32,10 +32,9 @@
use strict;
-# Setup GREEN, ORANGE, IPCOP, VPN CIDR networks, masklengths and colours only once
+# network will hold all known 'networks' in address/mask format. If mask is missing \
/32 is assumed. my @network = ();
-my @masklen = ();
my @routes = ();
my @colour = ();
# since we want to show the OpenVPN Tunnel 'colored' we also check for protocol/port
@@ -44,11 +43,11 @@
my @protocols=();
# enable only the following on debugging purpose
-#use warnings; no warnings 'once';
-#use CGI::Carp 'fatalsToBrowser';
+use warnings; no warnings 'once';
+use CGI::Carp 'fatalsToBrowser';
my $debug = 0;
-use Net::IPv4Addr qw( :all );
+use NetAddr::IP;
use XML::Simple;
use XML::Parser::Style::Tree;
@@ -81,85 +80,44 @@
# Add limited broadcast
push(@network, "255.255.255.255");
-push(@masklen, "255.255.255.255");
push(@colour, 'ipcop_iface_bg_fw');
push(@ports, '0');
push(@protocols, '');
+# TODO: output of eroute needs verification
# Add VPNs
-my @vpn = `/usr/local/bin/conntrack_helper --eroute`;
-foreach my $line (@vpn) {
- my @temp = split(/[\t ]+/, $line);
- @temp = split(/[\/:]+/, $temp[3]);
- push(@network, $temp[0]);
- push(@masklen, ipv4_cidr2msk($temp[1]));
- push(@colour, 'ipcop_iface_bg_ipsec');
- push(@ports, '0');
- push(@protocols, '');
-}
+#my @vpn = `/usr/local/bin/conntrack_helper --eroute`;
+#foreach my $line (@vpn) {
+# my @temp = split(/[\t ]+/, $line);
+# @temp = split(/[\/:]+/, $temp[3]);
+# push(@network, $temp[0]);
+# push(@masklen, ipv4_cidr2msk($temp[1]));
+# push(@colour, 'ipcop_iface_bg_ipsec');
+# push(@ports, '0');
+# push(@protocols, '');
+#}
-$icount = $netsettings{'GREEN_COUNT'};
-while ($icount > 0) {
-
- # Add Green Firewall Interface
- push(@network, $netsettings{"GREEN_${icount}_ADDRESS"});
- push(@masklen, "255.255.255.255");
- push(@colour, 'ipcop_iface_bg_fw');
- push(@ports, '0');
- push(@protocols, '');
-
- # Add Green Broadcast address
- push(@network, $netsettings{"GREEN_${icount}_BROADCAST"});
- push(@masklen, "255.255.255.255");
- push(@colour, 'ipcop_iface_bg_fw');
- push(@ports, '0');
- push(@protocols, '');
-
- # Add Green Network to Array
- push(@network, $netsettings{"GREEN_${icount}_NETADDRESS"});
- push(@masklen, $netsettings{"GREEN_${icount}_NETMASK"});
- push(@colour, 'ipcop_iface_bg_green');
- push(@ports, '0');
- push(@protocols, '');
-
- # Add Green Routes to Array
- @routes = `/sbin/route -n | /bin/grep ' $netsettings{"GREEN_${icount}_DEV"}'`;
- foreach my $route (@routes) {
- chomp($route);
- my @temp = split(/[\t ]+/, $route);
- push(@network, $temp[0]);
- push(@masklen, $temp[2]);
- push(@colour, 'ipcop_iface_bg_green');
- push(@ports, '0');
- push(@protocols, '');
- }
- $icount--;
-}
-
# Add Firewall Localhost 127.0.0.1
push(@network, '127.0.0.1');
-push(@masklen, '255.255.255.255');
push(@colour, 'ipcop_iface_bg_fw');
push(@ports, '0');
push(@protocols, '');
# Add IGMP Multicast 224.0.0.0/4
-push(@network, '224.0.0.1');
-push(@masklen, '240.0.0.0');
+push(@network, '224.0.0.1/4');
push(@colour, 'ipcop_iface_bg_fw');
push(@ports, '0');
push(@protocols, '');
+
# Add OpenVPN net and RED/BLUE/ORANGE entry (when appropriate)
if (-e '/var/ipcop/openvpn/settings') {
my %ovpnsettings = ();
&General::readhash('/var/ipcop/openvpn/settings', \%ovpnsettings);
- my @tempovpnsubnet = split("\/",$ovpnsettings{'DOVPN_SUBNET'});
if ( $ovpnsettings{'DOVPN_SUBNET'} ne '') {
# add OpenVPN net
- push(@network, $tempovpnsubnet[0]);
- push(@masklen, $tempovpnsubnet[1]);
+ push(@network, $ovpnsettings{'DOVPN_SUBNET'});
push(@colour, 'ipcop_iface_bg_ovpn');
push(@ports, '0');
push(@protocols, '');
@@ -171,7 +129,6 @@
close(IP);
chomp $redip;
push(@network, $redip);
- push(@masklen, '255.255.255.255');
push(@colour, 'ipcop_iface_bg_ovpn');
push(@ports, $ovpnsettings{'DDEST_PORT'});
push(@protocols, $ovpnsettings{'DPROTOCOL'});
@@ -179,7 +136,6 @@
if ( ($ovpnsettings{'ENABLED_BLUE_1'} eq 'on') && ($netsettings{'BLUE_COUNT'} > \
0) ) { # add BLUE:port / proto
push(@network, $netsettings{'BLUE_1_ADDRESS'});
- push(@masklen, '255.255.255.255');
push(@colour, 'ipcop_iface_bg_ovpn');
push(@ports, $ovpnsettings{'DDEST_PORT'});
push(@protocols, $ovpnsettings{'DPROTOCOL'});
@@ -187,87 +143,65 @@
if ( ($ovpnsettings{'ENABLED_ORANGE_1'} eq 'on') && \
($netsettings{'ORANGE_COUNT'} > 0) ) { # add ORANGE:port / proto
push(@network, $netsettings{'ORANGE_1_ADDRESS'});
- push(@masklen, '255.255.255.255');
push(@colour, 'ipcop_iface_bg_ovpn');
push(@ports, $ovpnsettings{'DDEST_PORT'});
push(@protocols, $ovpnsettings{'DPROTOCOL'});
}
}
-# Add Orange Network
-$icount = $netsettings{'ORANGE_COUNT'};
-while ($icount > 0) {
- push(@network, $netsettings{"ORANGE_${icount}_NETADDRESS"});
- push(@masklen, $netsettings{"ORANGE_${icount}_NETMASK"});
- push(@colour, 'ipcop_iface_bg_orange');
- push(@ports, '0');
- push(@protocols, '');
+# Add Green, Blue, Orange Network
+foreach my $interface ("GREEN","ORANGE","BLUE") {
+ $icount = $netsettings{"${interface}_COUNT"};
+ while ($icount > 0) {
- # Add Orange Broadcast address
- push(@network, $netsettings{"ORANGE_${icount}_BROADCAST"});
- push(@masklen, "255.255.255.255");
- push(@colour, 'ipcop_iface_bg_fw');
- push(@ports, '0');
- push(@protocols, '');
+ my $ip = new NetAddr::IP($netsettings{"${interface}_${icount}_ADDRESS"}, \
$netsettings{"${interface}_${icount}_NETMASK"}); + my $lc_colour = \
"ipcop_iface_bg_".lc(${interface});
- # Add Orange Routes to Array
- @routes = `/sbin/route -n | /bin/grep $netsettings{"ORANGE_${icount}_DEV"}`;
- foreach my $route (@routes) {
- chomp($route);
- my @temp = split(/[\t ]+/, $route);
- push(@network, $temp[0]);
- push(@masklen, $temp[2]);
- push(@colour, 'ipcop_iface_bg_orange');
+ # Add Firewall Interface (only for GREEN ?)
+ if ($interface eq 'GREEN') {
+ push(@network, $ip->addr());
+ push(@colour, 'ipcop_iface_bg_fw');
+ push(@ports, '0');
+ push(@protocols, '');
+ }
+
+ # Add Broadcast address
+ push(@network, $ip->broadcast()->addr());
+ push(@colour, 'ipcop_iface_bg_fw');
push(@ports, '0');
push(@protocols, '');
- }
- $icount--;
-}
-# Add Blue Network
-$icount = $netsettings{'BLUE_COUNT'};
-while ($icount > 0) {
- push(@network, $netsettings{"BLUE_${icount}_NETADDRESS"});
- push(@masklen, $netsettings{"BLUE_${icount}_NETMASK"});
- push(@colour, 'ipcop_iface_bg_blue');
- push(@ports, '0');
- push(@protocols, '');
-
- # Add Blue Broadcast address
- push(@network, $netsettings{"BLUE_${icount}_BROADCAST"});
- push(@masklen, "255.255.255.255");
- push(@colour, 'ipcop_iface_bg_fw');
- push(@ports, '0');
- push(@protocols, '');
-
- # Add Blue Routes to Array
- @routes = `/sbin/route -n | /bin/grep $netsettings{"BLUE_${icount}_DEV"}`;
- foreach my $route (@routes) {
- chomp($route);
- my @temp = split(/[\t ]+/, $route);
- push(@network, $temp[0]);
- push(@masklen, $temp[2]);
- push(@colour, 'ipcop_iface_bg_blue');
+ # Add Network
+ push(@network, $ip->network());
+ push(@colour, $lc_colour);
push(@ports, '0');
push(@protocols, '');
+
+ # Add Routes
+ @routes = `/sbin/ip route list | /bin/grep \
'via.*$netsettings{"${interface}_${icount}_DEV"}'`; + foreach my $route \
(@routes) { + chomp($route);
+ my @temp = split(/[\t ]+/, $route);
+ push(@network, $temp[0]);
+ push(@colour, 'ipcop_iface_bg_green');
+ push(@ports, '0');
+ push(@protocols, '');
+ }
+ $icount--;
}
- $icount--;
}
# Add STATIC RED aliases
$icount = $netsettings{'RED_COUNT'};
while ($icount > 0) {
-
# We have a RED eth iface
if ($netsettings{"RED_${icount}_TYPE"} eq 'STATIC') {
-
# We have a STATIC RED eth iface
foreach my $line (@aliases) {
chomp($line);
my @temp = split(/\,/, $line);
if ($temp[0]) {
push(@network, $temp[0]);
- push(@masklen, $netsettings{'RED_${icount}_NETMASK'});
push(@colour, 'ipcop_iface_bg_fw');
push(@ports, '0');
push(@protocols, '');
@@ -282,12 +216,12 @@
close(IP);
chomp $redip;
push(@network, $redip);
- push(@masklen, '255.255.255.255');
push(@colour, 'ipcop_iface_bg_fw');
push(@ports, '0');
push(@protocols, '');
}
+
#Establish simple filtering&sorting boxes on top of table
our %cgiparams;
@@ -424,9 +358,9 @@
my $line;
&Header::openbox('100%', 'left', $Lang::tr{'connection tracking'});
print "<table width='100%'>";
- print "<tr><th>IP</th><th>Mask</th><th>Port</th><th>Protocol</th><th>Colour</th><tr>\n";
+ print "<tr><th>Address</th><th>Port</th><th>Protocol</th><th>Colour</th></tr>\n";
foreach $line (@network) {
- print "<tr><td>$network[$id]</td><td>$masklen[$id]</td><td>$ports[$id]</td><td>$protocols[$id]</td><td>$colour[$id]</td></tr>";
+ print "<tr><td>$network[$id]</td><td>$ports[$id]</td><td>$protocols[$id]</td><td>$colour[$id]</td></tr>";
$id++;
}
print "</table>";
@@ -580,11 +514,12 @@
my $id = 0;
my $line;
my $colour = 'ipcop_iface_bg_red';
- my ($ip) = $_[0];
+ my $ip = new NetAddr::IP($_[0]);
my ($port) = $_[1];
my ($protocol) = substr $_[2], 0, 3;
foreach $line (@network) {
- if (ipv4_in_network($network[$id], $masklen[$id], $ip)
+ my $range = new NetAddr::IP($network[$id]);
+ if ($range->contains($ip)
&& (($ports[$id] eq $port) || ($ports[$id] eq '0'))
&& (($protocols[$id] eq $protocol) || ($protocols[$id] eq ''))) {
return $colour[$id];
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic