From 7efd2f514cd917876fefeac752a9c3f482d397b9 Mon Sep 17 00:00:00 2001 From: "Arnaud G. GIBERT" Date: Mon, 23 Jun 2025 11:34:42 +0200 Subject: [PATCH] - First commit of the new version! --- usr/local/lib/default.bash | 239 +++++ usr/local/lib/dns.bash | 258 +++++ usr/local/lib/network.bash | 692 ++++++++++++++ usr/local/sbin/rx3_net_adm | 181 ++++ var/www/cgi-bin/vpn-admin_board.cgi | 1352 +++++++++++---------------- 5 files changed, 1922 insertions(+), 800 deletions(-) create mode 100644 usr/local/lib/default.bash create mode 100644 usr/local/lib/dns.bash create mode 100644 usr/local/lib/network.bash create mode 100755 usr/local/sbin/rx3_net_adm diff --git a/usr/local/lib/default.bash b/usr/local/lib/default.bash new file mode 100644 index 0000000..3eb2ad1 --- /dev/null +++ b/usr/local/lib/default.bash @@ -0,0 +1,239 @@ +#!/bin/bash + +if [[ "${DEFAULT_BASH}" != "" ]] +then + return +else + declare -g DEFAULT_BASH=1 +fi + + + +# Global Variable +#----------------------------------------------------------------------------------------------------------------------------------- + + + + + + +# Default Options +#----------------------------------------------------------------------------------------------------------------------------------- + +shopt -s extglob + + + + + +# Print Version +#----------------------------------------------------------------------------------------------------------------------------------- + +version_print() +{ + echo "$VERSION" | sed -e 's/.*: //' -e 's/-/ /' -e 's/_/\./g' -e 's/\$$//' +} + + + + + +# Prin Help +#----------------------------------------------------------------------------------------------------------------------------------- + +help_print() +{ + echo "${NAME} ${HELP}" + +} + + + + + +# Quote Str +#----------------------------------------------------------------------------------------------------------------------------------- + +quote_str() +{ + local quoted=${1//\'/\'\\\'\'} + printf "'%s'" "$quoted" +} + + + + + +# Escape Str +#----------------------------------------------------------------------------------------------------------------------------------- + +escape_str() +{ + echo "$*" | sed -e "s/\"/\\\\\"/g" +} + + + + + +# Line Echo +#----------------------------------------------------------------------------------------------------------------------------------- + +line_echo() +{ + string="$1" + count="$2" + + echo -en "\e[2K\r" + + if [[ "${count}" != "" ]] + then + printf "%05d: %s" "${count}" + echo -en "${string}" + fi +} + + + + + +# Err Echo +#----------------------------------------------------------------------------------------------------------------------------------- + +err_echo() +{ + echo "$@" 1>&2 +} + + + + + +# Exec CMD +#----------------------------------------------------------------------------------------------------------------------------------- + +exec_cmd() +{ + cmd="$1" + + + if [[ "${verbose}" == "true" ]] + then + echo "${cmd}" 1>&2 + fi + + if [[ "${dry_run}" != "true" ]] + then + eval "${cmd}" + fi +} + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# tab_assign +#-------------------------------------------------------------------------------------------------------------------------- + +tab_assign() +{ + declare -n ta_tab=$1 + ta_key=$2 + ta_value=$3 + + + if [[ "${ta_value}" == "-" ]] + then + ta_value="" + fi + + ta_tab[${ta_key}]="${ta_value}" +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# var_assign +#-------------------------------------------------------------------------------------------------------------------------- + +var_assign() +{ + declare -n va_var=$1 + va_value=$2 + va_mode=$3 + + + if [[ "${va_value}" == "-" ]] + then + va_value="" + fi + + if [[ "${va_mode}" == "INC" ]] + then + va_var="${va_var} ${va_value}" + else + va_var="${va_value}" + fi +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# file_lock +#-------------------------------------------------------------------------------------------------------------------------- + +file_lock() +{ + fl_file="$1" + fl_mode="$2" + fl_desc="$3" + + + if [[ ( "${fl_mode}" == "EXCLUSIVE" ) || ( "${fl_mode}" == "WRITE" ) ]] + then + fl_flag="-x" + else + fl_flag="-s" + fi + + if [[ "${fl_desc}" == "" ]] + then + fl_desc="9" + fi + + + eval "exec ${fl_desc}<>\"\${fl_file}\"" + + if ! flock ${fl_flag} -w 5 ${fl_desc} + then + err_echo "Failed to acquire read lock on: [${file}]" + exit 1 + fi +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# file_unlock +#-------------------------------------------------------------------------------------------------------------------------- + +file_unlock() +{ + fu_desc="$1" + + + if [[ "${fu_desc}" == "" ]] + then + fu_desc="9" + fi + + + eval "exec ${fl_desc}<&-" + eval "exec ${fl_desc}>&-" +} diff --git a/usr/local/lib/dns.bash b/usr/local/lib/dns.bash new file mode 100644 index 0000000..e5d3970 --- /dev/null +++ b/usr/local/lib/dns.bash @@ -0,0 +1,258 @@ +#!/bin/bash + +if [[ "${DNS_BASH}" != "" ]] +then + return +else + declare -g DNS_BASH=1 +fi + + + +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +. /usr/global/lib/default.bash + + + +#[ -e /var/cache/dns.cache ] && . /var/cache/dns.cache + + + + + +# Global Variable +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -Ag DNS_A_TAB +declare -g DNS_A_ID_LIST + +declare -Ag DNS_PTR_TAB +declare -g DNS_PTR_ID_LIST + +declare -g DNS_CACHE_FILE="/var/cache/dns.cache" +declare -g DNS_CACHE_LOCK="/var/lock/network/dns.lock" +#declare -g DNS_CACHE_LOCK="${DNS_CACHE_FILE}" + +declare -g DNS_CACHE_UPDATED=0 + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# dns_tab_load +#-------------------------------------------------------------------------------------------------------------------------- + +dns_tab_load() +{ + file_lock "${DNS_CACHE_LOCK}" READ 9 + + if [[ ( -e "${DNS_CACHE_FILE}" ) && ( "${NETWORK_CONFIG_FILE}" -ot "${DNS_CACHE_FILE}" ) ]] + then + ${LOG} 1>&2 "DNS: Read CacheFile" + + while IFS= read -r line + do + line=${line%%#*} + if [[ ! -z "$line" ]] + then + set ${line} + + dtl_type="$1" + dtl_key="$2" + dtl_value="$3" + + dns_tab_put ${dtl_type} "${dtl_key}" "${dtl_value}" + fi + done < ${DNS_CACHE_FILE} + else + ${LOG} 1>&2 "DNS: Init CacheFile" + + >${DNS_CACHE_FILE} + fi + + file_unlock 9 + + DNS_CACHE_UPDATED=0 +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# dns_tab_save +#-------------------------------------------------------------------------------------------------------------------------- + +dns_tab_save() +{ + if [[ "${DNS_CACHE_UPDATED}" != "0" ]] + then + file_lock "${DNS_CACHE_LOCK}" WRITE 9 + + ${LOG} 1>&2 "DNS: Write CacheFile" + + ( + for key in "${!DNS_A_TAB[@]}" + do + echo "A ${key} ${DNS_A_TAB[${key}]}" + done + + for key in "${!DNS_PTR_TAB[@]}" + do + echo "PTR ${key} ${DNS_PTR_TAB[${key}]}" + done + ) | sort -n >${DNS_CACHE_FILE} + + file_unlock 9 + + DNS_CACHE_UPDATED=0 + fi +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# dns_tab_get +#-------------------------------------------------------------------------------------------------------------------------- + +dns_tab_get() +{ + dns_type="$1" + dns_key="$2" + + + case ${dns_type} + in + "A") + if [[ -v DNS_A_TAB["${dns_key}"] ]] + then + dns_value="${DNS_A_TAB["${dns_key}"]}" + else + ${LOG} "DNS: Lookup failed: Type: [${dns_type}] Key: [${dns_key}]" + return 1 + fi + ;; + + "PTR") + if [[ -v DNS_PTR_TAB["${dns_key}"] ]] + then + dns_value="${DNS_PTR_TAB["${dns_key}"]}" + else + ${LOG} "DNS: Lookup failed: Type: [${dns_type}] Key: [${dns_key}]" + return 1 + fi + ;; + esac + + ${LOG} "DNS: Lookup succeed: Type: [${dns_type}] Key: [${dns_key}] Value: [${dns_value}]" + + return 0 +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# dns_tab_put +#-------------------------------------------------------------------------------------------------------------------------- + +dns_tab_put() +{ + dtp_type="$1" + dtp_key="$2" + dtp_value="$3" + + + ${LOG} 1>&2 "DNS: Update cache entry: Type: [${dtp_type}] Key: [${dtp_key}] Value: [${dtp_value}]" + + var_assign DNS_${dtp_type}_ID_LIST "${dtp_key}" INC + tab_assign DNS_${dtp_type}_TAB "${dtp_key}" "${dtp_value}" + + DNS_CACHE_UPDATED=1 +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# dns_lookup +#-------------------------------------------------------------------------------------------------------------------------- + +dns_lookup() +{ + dl_type="$1" + dl_key="$2" + dl_flag="$3" + + + if [[ "${dl_flag}" != "NOCACHE" ]] + then + dns_tab_get ${dl_type} ${dl_key} + else + false + fi + + if [[ "$?" != "0" ]] + then + ${LOG} "DNS: Out of Cache: Type: [${dl_type}] Key: [${dl_key}] Flag: [${dl_flag}]" + + case ${dl_type} + in + "A") + dns_value="$( dig +short ${dl_key} 2>/dev/null)" + ;; + + "PTR") + dns_value="$( dig +short -x ${dl_key} 2>/dev/null)" + dns_value="${dns_value%.}" + ;; + esac + + if [[ "${dl_flag}" != "NOCACHE" ]] + then + dns_tab_put "${dl_type}" "${dl_key}" "${dns_value}" + fi + fi +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# dns_tab_dump +#-------------------------------------------------------------------------------------------------------------------------- + +dns_tab_dump() +{ + echo "DNS_A_ID_LIST: [${DNS_A_ID_LIST}]" + echo + + echo "DNS_A_TAB:" + + for key in "${!DNS_A_TAB[@]}" + do + echo "[${key}]: [${DNS_A_TAB[${key}]}]" + done | sort -n + + echo + + echo "DNS_PTR_ID_LIST: [${DNS_PTR_ID_LIST}]" + echo + + echo "DNS_PTR_TAB:" + + for key in "${!DNS_PTR_TAB[@]}" + do + echo "[${key}]: [${DNS_PTR_TAB[${key}]}]" + done | sort -n + + echo +} diff --git a/usr/local/lib/network.bash b/usr/local/lib/network.bash new file mode 100644 index 0000000..de1d697 --- /dev/null +++ b/usr/local/lib/network.bash @@ -0,0 +1,692 @@ +#!/bin/bash + +if [[ "${NETWORK_BASH}" != "" ]] +then + return +fi + + + +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +. /usr/global/lib/default.bash +. /usr/global/lib/dns.bash + + + + + +# Global Variable +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g NETWORK_BASH=1 + +declare -g NETWORK_OPENVPN_STATUS + +declare -g NETWORK_SRC_TYPE +declare -Ag NETWORK_SRC_TAB +declare -g NETWORK_SRC_ID_LIST +declare -Ag NETWORK_SRC_IP_IDX + +declare -g NETWORK_DST_TYPE +declare -Ag NETWORK_DST_TAB +declare -g NETWORK_DST_ID_LIST + +declare -g NETWORK_CONFIG_FILE="/etc/sysconfig/rx3-network" +declare -g NETWORK_CONFIG_LOCK="/var/lock/network/rx3-network" +#declare -g NETWORK_CONFIG_LOCK="${NETWORK_CONFIG_FILE}" + + + + +file_lock ${NETWORK_CONFIG_LOCK} READ 9 + +[ -e "${NETWORK_CONFIG_FILE}" ] && . "${NETWORK_CONFIG_FILE}" + +file_unlock 9 + + +if [ ! -v LOG ] +then + LOG=":" +fi + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_common_load +#-------------------------------------------------------------------------------------------------------------------------- + +network_common_load() +{ + NETWORK_OPENVPN_STATUS="$( sudo /usr/local/sbin/openvpn-status)" + NETWORK_TABLE_LIST="" +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_common_dump +#-------------------------------------------------------------------------------------------------------------------------- + +network_common_dump() +{ + echo "NETWORK_OPENVPN_STATUS: [${NETWORK_OPENVPN_STATUS}]" + echo + echo "NETWORK_TABLE_LIST: [${NETWORK_TABLE_LIST}]" + echo +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_dst_tab_load +#-------------------------------------------------------------------------------------------------------------------------- + +network_dst_tab_load() +{ + ndtl_id=0 + + + while IFS= read -r line + do + line=${line%%#*} + if [[ ! -z "$line" ]] + then + set ${line} + + ndtl_name="$1" + ndtl_type="$2" + ndtl_device="$3" + ndtl_config="$4" + ndtl_table="$5" + + var_assign NETWORK_DST_ID_LIST "${ndtl_id}" INC + + tab_assign NETWORK_DST_TAB "${ndtl_id},Name" "${ndtl_name}" + tab_assign NETWORK_DST_TAB "${ndtl_id},Type" "${ndtl_type}" + tab_assign NETWORK_DST_TAB "${ndtl_id},Device" "${ndtl_device}" + tab_assign NETWORK_DST_TAB "${ndtl_id},Config" "${ndtl_config}" + tab_assign NETWORK_DST_TAB "${ndtl_id},Table" "${ndtl_table}" + + var_assign NETWORK_TABLE_LIST "${ndtl_table}" INC + + tab_assign NETWORK_DST_TAB "${ndtl_id},Status" "$( ip link show dev ${ndtl_device} 2>/dev/null | grep -q ",UP," && echo 1 || echo 0)" + + dns_lookup A vpn${ndtl_id}.vpn.rx3 "NOCACHE" + tab_assign NETWORK_DST_TAB "${ndtl_id},IP" "${dns_value}" + + case "${ndtl_type}" + in + "0") + set $(ip -s link show ${ndtl_device} 2>/dev/null ) &>/dev/null + + ndtl_bytes_received="$( echo ${27} | numfmt --to=iec-i --suffix=B)" + ndtl_bytes_sent="$( echo ${40} | numfmt --to=iec-i --suffix=B)" + ndtl_uptime="" + ;; + + "1") + set $( echo "${NETWORK_OPENVPN_STATUS}" | grep ${ndtl_device}) &>/dev/null + +# i=1; while [[ $i -lt 50 ]]; do eval "val=\${$i}"; echo "($i):[${val}]" 1>&2; i=$(( $i + 1)); done + + ndtl_bytes_received="$( echo ${18/bytes,} | numfmt --to=iec-i --suffix=B)" + ndtl_bytes_sent="$( echo ${22/bytes,} | numfmt --to=iec-i --suffix=B)" + ndtl_start_date="$( grep "ext-client-${ndtl_device}.conf" /var/log/rx3-vpn.status 2>/dev/null | sed -e "s/.*Date: \[//" -e "s/\].*//")" + + if [[ "${ndtl_start_date}" == "" ]] + then + ndtl_uptime="" + else + ndtl_uptime=$( echo "$(($(date +%s) - $(date -d "${ndtl_start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}') + fi + ;; + esac + + tab_assign NETWORK_DST_TAB "${ndtl_id},Bytes_Received" "${ndtl_bytes_received}" + tab_assign NETWORK_DST_TAB "${ndtl_id},Bytes_Sent" "${ndtl_bytes_sent}" + tab_assign NETWORK_DST_TAB "${ndtl_id},Uptime" "${ndtl_uptime}" + + ndtl_id=$(( ${ndtl_id} + 1)) + fi + done <<< ${NETWORK_DST_CONFIG} +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_dst_tab_get +#-------------------------------------------------------------------------------------------------------------------------- + +network_dst_tab_get() +{ + dst_id="$1" + + dst_name=${NETWORK_DST_TAB["${dst_id},Name"]} + dst_type=${NETWORK_DST_TAB["${dst_id},Type"]} + dst_device=${NETWORK_DST_TAB["${dst_id},Device"]} + dst_config=${NETWORK_DST_TAB["${dst_id},Config"]} + dst_table=${NETWORK_DST_TAB["${dst_id},Table"]} + + dst_status=${NETWORK_DST_TAB["${dst_id},Status"]} + dst_ip=${NETWORK_DST_TAB["${dst_id},IP"]} + dst_bytes_received=${NETWORK_DST_TAB["${dst_id},Bytes_Received"]} + dst_bytes_sent=${NETWORK_DST_TAB["${dst_id},Bytes_Sent"]} + dst_start_date=${NETWORK_DST_TAB["${dst_id},Start_Date"]} + dst_uptime=${NETWORK_DST_TAB["${dst_id},Uptime"]} + +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_dst_tab_dump +#-------------------------------------------------------------------------------------------------------------------------- + +network_dst_tab_dump() +{ + echo "NETWORK_DST_ID_LIST: [${NETWORK_DST_ID_LIST}]" + echo + + echo "NETWORK_DST_TAB:" + + for key in "${!NETWORK_DST_TAB[@]}" + do + echo "[${key}]: [${NETWORK_DST_TAB[${key}]}]" + done | sort -n + + echo +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_src_tab_load +#-------------------------------------------------------------------------------------------------------------------------- + +network_src_tab_load() +{ + nstl_id=0 + nstl_port_default=3000 + + + while IFS= read -r line + do + line=${line%%#*} + if [[ ! -z "$line" ]] + then + set ${line} + + nstl_ip="$1" + nstl_type="$2" + nstl_owner="$3" + nstl_table="$4" + nstl_port_start="$5" + nstl_port_range="$6" + + if [[ "${nstl_port_start}" == "-" ]] + then + nstl_port_start=${nstl_port_default} + fi + + dns_lookup PTR ${nstl_ip} + nstl_name="${dns_value}" + + case "${nstl_type}" + in + "0") + nstl_device="" + nstl_status="2" + + nstl_bytes_received="" + nstl_bytes_sent="" + nstl_uptime="" + nstl_last_seen="" + ;; + + "1") + nstl_device="tun0" + nstl_status_line="$( echo "${NETWORK_OPENVPN_STATUS}" | grep "${nstl_device}.log: CLIENT_LIST.*${nstl_ip},")" + + if [[ "${nstl_status_line}" == "" ]] + then + nstl_status="0" + nstl_bytes_received="" + nstl_bytes_sent="" + nstl_start_date="" + nstl_uptime="" + nstl_last_seen="$( stat -c "%x" /etc/openvpn/status/${nstl_name}.status 2>/dev/null | sed -e 's/\..*//')" + + else + nstl_status="1" + + IFS=, + set ${nstl_status_line} &>/dev/null + unset IFS + + nstl_bytes_received=$( echo ${6} | numfmt --to=iec-i --suffix=B) + nstl_bytes_sent=$( echo ${7} | numfmt --to=iec-i --suffix=B) + nstl_start_date=${8} + nstl_uptime=$( echo "$(($(date +%s) - $(date -d "${nstl_start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}') + nstl_last_seen="$(stat -c "%x" /etc/openvpn/status/${nstl_name}.status 2>/dev/null | sed -e 's/\..*//')" + fi + ;; + esac + + if [[ " ${NETWORK_TABLE_LIST} " != *" ${nstl_table} "* ]] + then + err_echo "Invalid table number: [${nstl_table}] in network src entry: [${nstl_id}]!" + exit 1 + fi + + + var_assign NETWORK_SRC_ID_LIST "${nstl_id}" INC + + tab_assign NETWORK_SRC_TAB "${nstl_id},IP" "${nstl_ip}" + tab_assign NETWORK_SRC_TAB "${nstl_id},Name" "${nstl_name}" + tab_assign NETWORK_SRC_TAB "${nstl_id},Type" "${nstl_type}" + tab_assign NETWORK_SRC_TAB "${nstl_id},Owner" "${nstl_owner}" + tab_assign NETWORK_SRC_TAB "${nstl_id},Table" "${nstl_table}" + tab_assign NETWORK_SRC_TAB "${nstl_id},Port_Start" "${nstl_port_start}" + tab_assign NETWORK_SRC_TAB "${nstl_id},Port_Range" "${nstl_port_range}" + + tab_assign NETWORK_SRC_TAB "${nstl_id},Status" "${nstl_status}" + tab_assign NETWORK_SRC_TAB "${nstl_id},Bytes_Received" "${nstl_bytes_received}" + tab_assign NETWORK_SRC_TAB "${nstl_id},Bytes_Sent" "${nstl_bytes_sent}" + tab_assign NETWORK_SRC_TAB "${nstl_id},Uptime" "${nstl_uptime}" + tab_assign NETWORK_SRC_TAB "${nstl_id},Last_Seen" "${nstl_last_seen}" + + tab_assign NETWORK_SRC_IP_IDX "${nstl_ip}" "${nstl_id}" + + nstl_id=$(( ${nstl_id} + 1)) + nstl_port_default=$(( ${nstl_port_start} + ${nstl_port_range})) + fi + done <<< ${NETWORK_SRC_CONFIG} +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_src_tab_get +#-------------------------------------------------------------------------------------------------------------------------- + +network_src_tab_get() +{ + src_id="$1" + + src_ip=${NETWORK_SRC_TAB["${src_id},IP"]} + src_name=${NETWORK_SRC_TAB["${src_id},Name"]} + src_type=${NETWORK_SRC_TAB["${src_id},Type"]} + src_owner=${NETWORK_SRC_TAB["${src_id},Owner"]} + src_table=${NETWORK_SRC_TAB["${src_id},Table"]} + src_port_start=${NETWORK_SRC_TAB["${src_id},Port_Start"]} + src_port_range=${NETWORK_SRC_TAB["${src_id},Port_Range"]} + + if [[ "${src_port_range}" != "0" ]] + then + src_port_end=$(( ${src_port_start} + ${src_port_range} - 1)) + else + src_port_start="" + src_port_end="" + fi + + src_status=${NETWORK_SRC_TAB["${src_id},Status"]} + src_bytes_received=${NETWORK_SRC_TAB["${src_id},Bytes_Received"]} + src_bytes_sent=${NETWORK_SRC_TAB["${src_id},Bytes_Sent"]} + src_start_date=${NETWORK_SRC_TAB["${src_id},Start_Date"]} + src_uptime=${NETWORK_SRC_TAB["${src_id},Uptime"]} + src_last_seen=${NETWORK_SRC_TAB["${src_id},Last_Seen"]} +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_src_tab_dump +#-------------------------------------------------------------------------------------------------------------------------- + +network_src_tab_dump() +{ + echo "NETWORK_SRC_ID_LIST: [${NETWORK_SRC_ID_LIST}]" + echo + + echo "NETWORK_SRC_IP_IDX:" + + for key in "${!NETWORK_SRC_IP_IDX[@]}" + do + echo "[${key}]: [${NETWORK_SRC_IP_IDX[${key}]}]" + done | sort -n + + echo + + echo "NETWORK_SRC_TAB:" + + for key in "${!NETWORK_SRC_TAB[@]}" + do + echo "[${key}]: [${NETWORK_SRC_TAB[${key}]}]" + done | sort -n + + echo +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_src_tab_ip_lookup +#-------------------------------------------------------------------------------------------------------------------------- + +network_src_tab_ip_lookup() +{ + src_ip="$1" + + src_id=${NETWORK_SRC_IP_IDX["${src_ip}"]} +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_tab_load +#-------------------------------------------------------------------------------------------------------------------------- + +network_tab_load() +{ + dns_tab_load + + network_common_load + + network_dst_tab_load + network_src_tab_load + + dns_tab_save +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_tab_dump +#-------------------------------------------------------------------------------------------------------------------------- + +network_tab_dump() +{ + dns_tab_dump + + network_common_dump + + network_dst_tab_dump + network_src_tab_dump +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_table_init +#-------------------------------------------------------------------------------------------------------------------------- + +network_table_init() +{ + ${LOG} "Add Rx3 routes in VPN tables" + + for table in ${TABLE_LIST} + do + for route in ${IP_ROUTE} + do + ${DEBUG} ip route add ${route/:*/} table ${table} dev ${route/*:/} + done + done + + + ${LOG} "Copy main default rule into table 3 (VPN Local routing table)" + + if [[ "$(ip route list match 0.0.0.0 table main)" != "" ]] + then + ${DEBUG} ip route add $(ip route list match 0.0.0.0 table main) table 3 + fi +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_table_deinit +#-------------------------------------------------------------------------------------------------------------------------- + +network_table_deinit() +{ + ${LOG} "Remove default route in table 3" + + ${DEBUG} ip route del default table 3 + + + ${LOG} "Remove Rx3 routes in VPN tables" + + for table in ${TABLE_LIST} + do + for route in ${IP_ROUTE} + do + ${DEBUG} ip route del ${route/:*/} table ${table} dev ${route/*:/} 2>/dev/null + done + done +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_table_set +#-------------------------------------------------------------------------------------------------------------------------- + +network_table_set() +{ + nts_ip=$1 + nts_table=$2 + + network_src_tab_ip_lookup "${nts_ip}" + + if [[ "${src_id}" == "" ]] + then + err_echo "IP not found: [${nts_ip}]!" + return 1 + fi + + if [[ " ${NETWORK_TABLE_LIST} " != *" ${nts_table} "* ]] + then + err_echo "Table not found: [${nts_table}]!" + return 1 + fi + + + tab_assign NETWORK_SRC_TAB "${src_id},Table" "${ts_table}" + + + ${DEBUG} sed "/^NETWORK_SRC_CONFIG=\"/,/^\"/ { s/^\(${nts_ip//./\\.}[[:space:]]\+\([^\t ]\+[[:space:]]\+\)\{2\}\)[^[:space:]]\+/\1${nts_table}/ }" -i ${NETWORK_CONFIG_FILE} + + ${DEBUG} ip rule del from ${nts_ip} 2>/dev/null + ${DEBUG} ip rule add from ${nts_ip} table ${nts_table} +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_forward_add +#-------------------------------------------------------------------------------------------------------------------------- + +network_forward_add() +{ + nfa_ip=$1 + nfa_port_start=$2 + nfa_port_end=$3 + + + ${DEBUG} iptables -t nat -A PREROUTING-VPN -p tcp -m tcp --dport ${nfa_port_start}:${nfa_port_end} -j DNAT --to ${nfa_ip} + ${DEBUG} iptables -t nat -A PREROUTING-VPN -p udp -m udp --dport ${nfa_port_start}:${nfa_port_end} -j DNAT --to ${nfa_ip} +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_forward_remove +#-------------------------------------------------------------------------------------------------------------------------- + +network_forward_remove() +{ + nfr_ip=$1 + nfr_port_start=$2 + nfr_port_end=$3 + + ${DEBUG} iptables -t nat -D PREROUTING-VPN -p tcp -m tcp --dport ${nfr_port_start}:${nfr_port_end} -j DNAT --to ${nfr_ip} + ${DEBUG} iptables -t nat -D PREROUTING-VPN -p udp -m udp --dport ${nfr_port_start}:${nfr_port_end} -j DNAT --to ${nfr_ip} +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_forward_start +#-------------------------------------------------------------------------------------------------------------------------- + +network_forward_start() +{ + ${LOG} "Create VPN forward chain" + + ${DEBUG} iptables -t nat -N PREROUTING-VPN + + + ${LOG} "Add jump rule for VPN" + + for dst_id in ${NETWORK_DST_ID_LIST} + do + network_dst_tab_get ${dst_id} + + if [[ "${dst_type}" != "0" ]] + then + ${DEBUG} iptables -t nat -A PREROUTING -i ${dst_device} -j PREROUTING-VPN + fi + done + + + ${LOG} "Add VPN client addresse rules" + + for src_id in ${NETWORK_SRC_ID_LIST} + do + network_src_tab_get ${src_id} + + ${DEBUG} ip rule add from ${src_ip} table ${src_table} + + if [[ "${src_port_range}" != "0" ]] + then + network_forward_add "${src_ip}" "${src_port_start}" "${src_port_end}" + fi + done +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_forward_stop +#-------------------------------------------------------------------------------------------------------------------------- + +network_forward_stop() +{ + ${LOG} "Remove VPN client addresse rules" + + for src_id in ${NETWORK_SRC_ID_LIST} + do + network_src_tab_get ${src_id} + + ${DEBUG} ip rule del from ${src_ip} 2>/dev/null + + if [[ "${src_port_range}" != "0" ]] + then + network_forward_remove "${src_ip}" "${src_port_start}" "${src_port_end}" + fi + done + + + ${LOG} "Remove Jump rule for VPN" + + for dst_id in ${NETWORK_DST_ID_LIST} + do + network_dst_tab_get ${dst_id} + + if [[ "${dst_type}" != "0" ]] + then + ${DEBUG} iptables -t nat -D PREROUTING -i ${dst_device} -j PREROUTING-VPN + fi + done + + + ${LOG} "Delete VPN forward chain" + + ${DEBUG} iptables -t nat -X PREROUTING-VPN +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_status +#-------------------------------------------------------------------------------------------------------------------------- + +network_status() +{ + echo "Rules:" + + ip rule show + echo + + if [[ "${NETWORK_TABLE_LIST}" == "" ]] + then + echo "Network table list empty" + echo + else + for table in ${NETWORK_TABLE_LIST} + do + echo "Table ${table}:" + + ip route list table ${table} + echo + done + fi + + echo "Forward:" + + iptables -t nat -L PREROUTING -v -n + echo + + iptables -t nat -L PREROUTING-VPN -v -n +} diff --git a/usr/local/sbin/rx3_net_adm b/usr/local/sbin/rx3_net_adm new file mode 100755 index 0000000..1a50f17 --- /dev/null +++ b/usr/local/sbin/rx3_net_adm @@ -0,0 +1,181 @@ +#!/bin/bash + +RETVAL=0 +prog="rx3-net" + +#DEBUG="" +DEBUG="echo" +#DEBUG=":" + +LOG=":" +#LOG="echo" + + + +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +. /usr/local/lib/network.bash + + + +# Some functions to make the below more readable + +#-------------------------------------------------------------------------------------------------------------------------- +# Rx3-Start +#-------------------------------------------------------------------------------------------------------------------------- + +rx3-start() +{ + network_table_init + + network_forward_start +} + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Rx3-Stop +#-------------------------------------------------------------------------------------------------------------------------- + +rx3-stop() +{ + network_forward_stop + + network_table_deinit + + return 0 +} + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Start +#-------------------------------------------------------------------------------------------------------------------------- + +start() +{ + echo "Starting..." + + if [ -r /var/lock/subsys/rx3-net ] + then + echo "already started" + RETVAL=0 + else + rx3-start + + RETVAL=$? + [ "$RETVAL" = 0 ] && touch /var/lock/subsys/rx3-net + fi + + echo +} + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Stop +#-------------------------------------------------------------------------------------------------------------------------- + +stop() +{ + echo "Stopping..." + + if [ -r /var/lock/subsys/rx3-net ] + then + rx3-stop + + RETVAL=$? + else + echo "already stopped" + RETVAL=0 + fi + + [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/rx3-net + + echo +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Status +#-------------------------------------------------------------------------------------------------------------------------- + +status() +{ + network_status +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Dump +#-------------------------------------------------------------------------------------------------------------------------- + +dump() +{ + network_tab_dump +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Table-Set () +#-------------------------------------------------------------------------------------------------------------------------- + +table_set() +{ + echo "Setting ip:$1 table:$2" + + network_table_set $1 $2 +} + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Main +#-------------------------------------------------------------------------------------------------------------------------- + +network_tab_load + +case "$1" in + start) + start + ;; + + stop) + stop + ;; + + restart) + stop + sleep 1 + start + ;; + + status) + status + ;; + + dump) + dump + ;; + + table_set) + table_set $2 $3 + ;; + + *) + echo "Usage: $0 {start|stop|restart|status|dump|table_set}" + RETVAL=1 + ;; +esac + +exit $RETVAL diff --git a/var/www/cgi-bin/vpn-admin_board.cgi b/var/www/cgi-bin/vpn-admin_board.cgi index 45f3ed7..f7a4186 100755 --- a/var/www/cgi-bin/vpn-admin_board.cgi +++ b/var/www/cgi-bin/vpn-admin_board.cgi @@ -2,90 +2,10 @@ time_in=$(date +%s%N) -. /etc/sysconfig/rx3-net -. /etc/sysconfig/rx3-vpn +. /usr/local/lib/network.bash -CGI_NAME="vpn-admin_board.cgi" -VPN_TYPE[0]="IPSec" -VPN_TYPE[1]="OpenVPN" -VPN_TYPE[2]="L2TP" -VPN_TYPE[3]="PPTP" -VPN_TYPE[4]="NoVPN" - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Lookup Source IP () -#-------------------------------------------------------------------------------------------------------------------------- - -Lookup_Src_IP () -{ - lo_id=0 - - for lo_blk in ${IP_SRC_SN} - do - OIFS=${IFS} - IFS=: - set ${lo_blk} - lo_ip=$1 - lo_table=$2 - lo_owner=$3 - lo_type=$4 - IFS=${OIFS} - - echo "${lo_ip}:${lo_table}:${lo_owner}:${lo_type}:${lo_type}:sn:${lo_id}" - - lo_id=$((${lo_id}+1)) - done - - for lo_blk in ${IP_SRC_PTP} - do - OIFS=${IFS} - IFS=: - set ${lo_blk} - lo_id=$1 - lo_table=$2 - lo_owner=$3 - lo_forward=$4 - IFS=${OIFS} - - for lo_type in 1 2 3 - do - echo "${IP_PREFIX}.${lo_type}.${lo_id}:${lo_table}:${lo_owner}:${lo_type}:${lo_forward}:ptp:${lo_id}" - done - done -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Lookup Owner () -#-------------------------------------------------------------------------------------------------------------------------- - -Lookup_Owner () -{ - for lo_blk in $(Lookup_Src_IP) - do - OIFS=${IFS} - IFS=: - set ${lo_blk} - lo_ip=$1 - lo_table=$2 - lo_owner=$3 - lo_type=$4 - IFS=${OIFS} - - if [[ "${ip}" == "${lo_ip}" ]] - then - echo ${lo_owner} - fi - done -} - #-------------------------------------------------------------------------------------------------------------------------- @@ -96,52 +16,52 @@ Header_Print () { case "${format}" in - "html") + "html") echo "Content-type: text/html" - echo "" + echo "" - echo "" - echo "" - echo " " - echo " " - echo " " - echo " " - echo " " - echo " " + echo "" + echo "" + echo " " + echo " " + echo " " + echo " " + echo " " + echo " " - if [[ "${cmd_status}" == "" ]] - then - echo " Rx3 VPN Admin Board" - else - echo " Rx3 VPN Admin Board: ${cmd_status}" - fi - - if [[ "${redirect}" != "" ]] - then - echo " " - fi + if [[ "${cmd_status}" == "" ]] + then + echo " Rx3 VPN Admin Board" + else + echo " Rx3 VPN Admin Board: ${cmd_status}" + fi + + if [[ "${redirect}" != "" ]] + then + echo " " + fi - echo " " - echo " " - ;; + echo " " + echo " " + ;; - "csv") - echo "Content-type: text/csv" - echo "" + "csv") + echo "Content-type: text/csv" + echo "" - echo "SOF" - - if [[ "${redirect}" != "" ]] - then - echo "CMD: ${cmd_status}" - fi - ;; + echo "SOF" + + if [[ "${redirect}" != "" ]] + then + echo "CMD: ${cmd_status}" + fi + ;; - "txt") - echo "Content-disposition: attachment; filename=${file_name}" - echo "Content-type: text/plain" - echo "" - ;; + "txt") + echo "Content-disposition: attachment; filename=${file_name}" + echo "Content-type: text/plain" + echo "" + ;; esac } @@ -155,375 +75,191 @@ Footer_Print () { case "${format}" in - "html") - echo " " - echo "" - echo "" - ;; - - "csv") - echo "" - echo "EOF" - ;; + "html") + echo " " + echo "" + echo "" + ;; + + "csv") + echo "" + echo "EOF" + ;; esac } #-------------------------------------------------------------------------------------------------------------------------- -# External VPN Status Board +# Destination Status Board #-------------------------------------------------------------------------------------------------------------------------- -External_VPN_Status_Board () +Destination_Status_Board () { if [[ "${format}" == "html" ]] then - echo "

" - echo "
" - echo "

" - echo "" - echo "

External VPN Status Board

" - echo "" - echo " " - echo " " + echo "

" + echo "
" + echo "

" + echo "" + echo "

Destination Status Board

" + echo "" + echo "
#NameTypeDeviceAddressConfigTableStatusBytes InBytes OutUpTime
" + echo " " else - echo "TABLE: External_VPN_Status_Board" - echo "#;Name;Type;Device;Address;Config;Table;Status;Bytes In;Bytes Out;UpTime" + echo "TABLE: Destination_Status_Board" + echo "#;Name;Type;Device;Address;Config;Table;Status;Bytes In;Bytes Out;UpTime" fi - idx=0 - for blk in ${VPN_EXT_LIST} + for dst_id in ${NETWORK_DST_ID_LIST} do - OIFS=${IFS} - IFS=: - set $blk - dev=$1 - conf=$2 - table=$3 - name=$4 - IFS=${OIFS} + network_dst_tab_get ${dst_id} - case "${dev}" - in - "eth"*) - type="Local" - ;; + if [[ ${dst_status} == 0 ]] + then + dst_ip="-" + fi - "tun"*) - type="OpenVPN" - ;; + if [[ "${format}" == "html" ]] + then + echo -n "" + else + echo -n "\"Down\"" + fi - /sbin/ifconfig ${dev} 2>/dev/null | grep UP >/dev/null - - if [[ "$?" == 0 ]] - then - status=1 - else - status=0 - fi - - if [[ ${status} == 0 ]] - then - address="-" - else - case "${type}" in - "Local"|"PPTP") - address="$(ip addr show dev ${dev} | grep "inet " | grep -v "${dev}:" | awk '{print $2;}' | sed -e 's/\/.*//')" - ;; - - "OpenVPN") -# address="$(sudo /usr/local/sbin/ns-launch 3 ${table} /usr/local/bin/my_address_get)" - address="$(host vpn${idx}.vpn.rx3 | sed -e 's/.*address //')" - ;; - esac - fi - - if [[ "${conf}" == "" ]] - then - conf="-" - bytes_received="-" - bytes_sent="-" - uptime="-" - else - if [[ "${status}" == "1" ]] - then - if [[ "$type" == "OpenVPN" ]] - then - bytes_received=$(sudo /usr/local/sbin/openvpn-status ${dev} | grep -e "TCP/UDP read bytes" | sed -e "s/.*,//" | numfmt --to=iec-i --suffix=B) - bytes_sent=$(sudo /usr/local/sbin/openvpn-status ${dev} | grep -e "TCP/UDP write bytes" | sed -e "s/.*,//" | numfmt --to=iec-i --suffix=B) - start_date=$(grep "ext-client-${dev}.conf" /var/log/rx3-vpn.status 2>/dev/null | sed -e "s/.*Date: \[//" -e "s/\].*//") - uptime=$(echo "$(($(date +%s) - $(date -d "${start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}') - else - bytes_received="-" - bytes_sent="-" - start_date="-" - uptime="-" - fi - - else - bytes_received="-" - bytes_sent="-" - uptime="-" - fi - fi - - if [[ "${format}" == "html" ]] - then - echo -n "" - else - echo -n "\"Down\"" - fi - - echo "" - else - echo "${idx};${name};${type};${dev};${conf};${table};${status};${bytes_received};${bytes_sent};${uptime}" - fi - - - idx=$((idx+1)) + echo "" + else + echo "${dst_id};${dst_name};${NETWORK_DST_TYPE[${dst_type}]};${dst_device};${dst_ip};${dst_config};${dst_table};${dst_status};${dst_bytes_received};${dst_bytes_sent};${dst_uptime}" + fi done if [[ "${format}" == "html" ]] then - echo "
#NameTypeDeviceAddressConfigTableStatusBytes InBytes OutUpTime
${dst_id}${dst_name}${NETWORK_DST_TYPE[${dst_type}]}${dst_device}${dst_ip}${dst_config}${dst_table}" - "ppp"*) - type="PPTP" - ;; - esac + if [[ "${dst_status}" == 1 ]] + then + echo -n "\"Up\"
${idx}${name}${type}${dev}${address}${conf}${table}" - - if [[ "${status}" == 1 ]] - then - echo -n "\"Up\"${bytes_received}${bytes_sent}${uptime}${dst_bytes_received:--}${dst_bytes_sent:--}${dst_uptime:--}
" - echo "

" - echo "
" - echo "

" - echo "" + echo " " + echo "

" + echo "
" + echo "

" + echo "" else - echo "" + echo "" fi } #-------------------------------------------------------------------------------------------------------------------------- -# VPN Routing Board Line +# Source Routing Board Line #-------------------------------------------------------------------------------------------------------------------------- -VPN_Routing_Board_Line() +Source_Routing_Board_Line() { - if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${owner}") ]] + src_id=$1 + + network_src_tab_get ${src_id} + + if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${src_owner}") ]] then - if [[ "${REMOTE_USER}" == "${owner}" ]] - then - class="default" - else - if [[ "${filter}" == "owner" ]] - then - class="skip" - else - class="dark" - fi - fi + if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + class="default" + else + if [[ "${filter}" == "owner" ]] + then + class="skip" + else + class="dark" + fi + fi else - class="skip" + # filter == user not owner of this line + + class="skip" fi + if [[ "${class}" != "skip" ]] then - host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') - - case "${vpn_type}" - in - "0") - /sbin/ifconfig ipsec0 2>/dev/null | grep UP >/dev/null + host_name=${src_name} - if [[ "$?" == 0 ]] - then - dev=ipsec0 - status=1 - else - dev="-" - status=0 - fi - ;; + if [[ "${format}" == "html" ]] + then + echo -n "${src_id}" - "1") - dev="tun0" + echo -n "${NETWORK_SRC_TYPE[${src_type}]}${src_ip}${host_name}" - status_line="$(sudo /usr/local/sbin/openvpn-status ${dev} | grep "CLIENT_LIST.*${ip},")" + case "${src_status}" + in + "0") + echo -n "\"Down\"" + ;; - if [[ "${status_line}" == "" ]] - then - bytes_received="-" - bytes_sent="-" - uptime="-" - status=0 - last_seen="$(stat -c "%x" /etc/openvpn/status/${host_name}.status | sed -e 's/\..*//')" - else - status=1 + "1") + echo -n "\"Up\"" + ;; - OIFS=${IFS} - IFS=, - set ${status_line} - header=$1 - h_name=$2 - h_ip=$3 - v_ip=$4 - v_ip6=$5 - v_bytes_received=$6 - v_bytes_sent=$7 - v_date=$8 - v_uptime=$9 - IFS=${OIFS} + "2") + echo -n "-" + ;; + esac - bytes_received="$(echo ${v_bytes_received} | numfmt --to=iec-i --suffix=B)" - bytes_sent="$(echo ${v_bytes_sent} | numfmt --to=iec-i --suffix=B)" - uptime=$(echo "$(($(date +%s) - $(date -d "${v_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}') - last_seen="$(date +"%Y/%m/%d %H:%M:%S")" - fi - ;; - - "2" | "3") - /sbin/ifconfig 2>/dev/null | grep "P-t-P:${ip} " >/dev/null - - if [[ "$?" == 0 ]] - then - dev=$(/sbin/route -n 2>/dev/null | grep "^${ip}" | awk '{print $8}') - bytes_received="-" - bytes_sent="-" - uptime="-" - lastseen="-" - status=1 - else - dev="-" - bytes_received="-" - bytes_sent="-" - uptime="-" - last_seen="-" - status=0 - fi - ;; - - *) - dev="-" - bytes_received="-" - bytes_sent="-" - uptime="-" - last_seen="-" - status=2 - ;; - esac - - if [[ "${forward}" == "${vpn_type}" ]] - then - if [[ "${net_type}" == "sn" ]] - then - port_start=$((3000+${vpn_id}*100)) - else - port_start=$((33000+${vpn_id}*100)) - fi - - port_end=$((${port_start}+99)) - else - port_start="" - port_end="" - fi - - if [[ "${format}" == "html" ]] - then - echo -n "${idx}" - - echo "${VPN_TYPE[${vpn_type}]}${ip}${host_name}" - - case "${status}" - in - "0") - echo -n "\"Down\"" - ;; - - "1") - echo -n "\"Up\"" - ;; - - "2") - echo -n "-" - ;; - esac - - echo -n "${dev}" - else - echo -n "${idx};${VPN_TYPE[${vpn_type}]};${ip};${host_name};${status};${dev};" - fi + echo -n "${src_device}" + else + echo -n "${src_id};${NETWORK_SRC_TYPE[${src_type}]};${src_ip};${host_name};${status};${src_device};" + fi - i=0 + for dst_id in ${NETWORK_DST_ID_LIST} + do + network_dst_tab_get ${dst_id} - for blk in ${VPN_EXT_LIST} - do - if [[ "${format}" == "html" ]] - then - echo -n "
" - - if [[ $i == $id ]] - then - echo -n "\"Up\" " - else - echo -n "\"Down\"" + if [[ "${format}" == "html" ]] + then + echo -n "
" + + if [[ "${dst_table}" == "${src_table}" ]] + then + echo -n "\"Up\" " + else + echo -n "\"Down\"" - if [[ "${REMOTE_USER}" == "${owner}" ]] - then - echo -n "\"Activate\"" - else - echo -n " " - fi - fi + if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + echo -n "\"Activate\"" + else + echo -n " " + fi + fi - echo -n "
" - else + echo -n "
" + else - if [[ $i == $id ]] - then - echo -n "1;" - else - echo -n "0;" - fi - fi + if [[ "${dst_table}" == "${src_table}" ]] + then + echo -n "1;" + else + echo -n "0;" + fi + fi + done + + if [[ "${format}" == "html" ]] + then + if [[ "${port_range}" != "0" ]] + then + echo -n "${src_port_range}${src_port_start:--}${src_port_end:--}" + else + echo -n "${src_port_range}--" + fi - i=$((i + 1)) - done - - if [[ "${format}" == "html" ]] - then - if [[ "${forward}" == "${vpn_type}" ]] - then - echo -n "\"Up\"" - echo -n "${port_start}${port_end}" - else - - if [[ "${REMOTE_USER}" == "${owner}" ]] - then - echo -n "\"Activate\"" - else - echo -n " " - fi - - echo -n "  " - fi - - echo "${owner}${bytes_received}${bytes_sent}${uptime}${last_seen}" - else - - if [[ "${forward}" == "${vpn_type}" ]] - then - echo -n "1;" - else - echo -n "0;" - fi - - echo "${port_start};${port_end};${owner};${bytes_received};${bytes_sent};${uptime};${last_seen}" - fi + echo "${src_owner}${src_bytes_received:--}${src_bytes_sent:--}${src_uptime:--}${src_last_seen:--}" + else + echo "${src_port_range};${src_port_start};${src_port_end};${src_owner};${src_bytes_received};${src_bytes_sent};${src_uptime};${src_last_seen}" + fi fi } @@ -531,82 +267,62 @@ VPN_Routing_Board_Line() #-------------------------------------------------------------------------------------------------------------------------- -# VPN Routing Board +# Source Routing Board #-------------------------------------------------------------------------------------------------------------------------- -VPN_Routing_Board() +Source_Routing_Board() { if [[ "${format}" == "html" ]] then - echo "

" - echo "
" - echo "

" - echo "" - echo "

VPN Routing Board

" - echo "" - echo " " - echo -n " " + echo "

" + echo "
" + echo "

" + echo "" + echo "

Source Routing Board

" + echo "" + echo "
#TypeIPHost NameStatusDevice
" + echo -n " " else - echo "TABLE: VPN_Routing_Board" - echo -n "#;Type;IP;Host Name;Status;Device;" + echo "TABLE: Source_Routing_Board" + echo -n "#;Type;IP;Host Name;Status;Device;" fi - for blk in ${VPN_EXT_LIST} - do - OIFS=${IFS} - IFS=: - set $blk - dev=$1 - conf=$2 - table=$3 - name=$4 - IFS=${OIFS} - if [[ "${format}" == "html" ]] - then - echo -n "" - else - echo -n "${name};" - fi + for dst_id in ${NETWORK_DST_ID_LIST} + do + network_dst_tab_get ${dst_id} + + if [[ "${format}" == "html" ]] + then + echo -n "" + else + echo -n "${dst_name};" + fi done + if [[ "${format}" == "html" ]] then - echo "" + echo "" else - echo "Forward;From Port;To Port;Owner;Bytes In;Bytes Out;UpTime;Last Seen" + echo "Port Range;From Port;To Port;Owner;Bytes In;Bytes Out;UpTime;Last Seen" fi - idx=0 - - for blk in $(Lookup_Src_IP) + + for src_id in ${NETWORK_SRC_ID_LIST} do - OIFS=${IFS} - IFS=: - set $blk - ip=$1 - table=$2 - owner=$3 - vpn_type=$4 - forward=$5 - net_type=$6 - vpn_id=$7 - IFS=${OIFS} - - id=$((table - 3)) - idx=$((idx+1)) - - VPN_Routing_Board_Line + Source_Routing_Board_Line ${src_id} done + if [[ "${format}" == "html" ]] then - echo "
#TypeIPHost NameStatusDevice${name}${dst_name}ForwardFrom PortTo PortOwnerBytes InBytes OutUpTimeLast Seen
Port RangeFrom PortTo PortOwnerBytes InBytes OutUpTimeLast Seen
" - echo "

" - echo "
" - echo "

" + echo " " + echo "

" + echo "
" + echo "

" else - echo "" + echo "" fi } @@ -620,131 +336,121 @@ VPN_OpenVPN_Board() { if [[ "${format}" == "html" ]] then - echo "

" - echo "
" - echo "

" - echo "" - echo "

OpenVPN Board

" - echo "" - echo " " - echo -n " " + echo "

" + echo "
" + echo "

" + echo "" + echo "

OpenVPN Board

" + echo "" + echo "
#IPHost NameConfigurationCertificates
Default Route VPNNo Default Route VPNCA Certificate (.crt)TC Certificate (.key)Private Key (.key)Cerificate Signing Request (.csr)Public Certificate (.crt)
External CrtInline CrtExternal CrtInline Crt
" + echo -n " " else - echo "TABLE: OpenVPN_Board" - echo "#;IP;Host Name;Certificate" + echo "TABLE: OpenVPN_Board" + echo "#;IP;Host Name;Certificate" fi - idx=0 - for blk in $(Lookup_Src_IP) + for src_id in ${NETWORK_SRC_ID_LIST} do - OIFS=${IFS} - IFS=: - set $blk - ip=$1 - table=$2 - owner=$3 - type=$4 - IFS=${OIFS} - - if [[ "${type}" == 1 ]] - then - idx=$((idx+1)) - - if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${owner}") ]] - then - if [[ "${REMOTE_USER}" == "${owner}" ]] + network_src_tab_get ${src_id} + + if [[ "${src_type}" == 1 ]] + then + if [[ ( "${filter}" == "") ||( "${filter}" == "owner") || ( "${filter}" == "${src_owner}") ]] + then + if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] then - class="default" - else - if [[ "${filter}" == "owner" ]] - then - class="skip" - else - class="dark" - fi - fi - else - class="skip" - fi - - if [[ "${class}" != "skip" ]] - then - host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') - - if [[ "${format}" == "html" ]] - then - echo -n "" - echo -n "" - - if [[ "${REMOTE_USER}" == "${owner}" ]] + class="default" + else + if [[ "${filter}" == "owner" ]] then - echo -n "" - else - echo -n "" - fi - - echo -n "" - - if [[ "${REMOTE_USER}" == "${owner}" ]] - then - echo -n "" - else - echo -n "" - fi - else - echo -n "${idx};${ip};${host_name}" - fi - - if [[ "${format}" == "html" ]] + class="skip" + else + class="dark" + fi + fi + else + # filter == user not owner of this line + + class="skip" + fi + + if [[ "${class}" != "skip" ]] + then + if [[ "${format}" == "html" ]] then - echo -n "" + echo -n "" + echo -n "" - if [[ "${REMOTE_USER}" == "${owner}" ]] - then - echo -n "" + if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + echo -n "" + else + echo -n "" + fi - if [[ -f /etc/openvpn/tls/certs/${host_name}.crt ]] + echo -n "" + + if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + echo -n "" + else + echo -n "" + fi + else + echo -n "${src_id};${src_ip};${src_name}" + fi + + if [[ "${format}" == "html" ]] + then + echo -n "" + + if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + echo -n "" + + if [[ -f /etc/openvpn/tls/certs/${src_name}.crt ]] then - echo -n "" - echo -n "" - echo -n "" - else - echo -n "" - echo -n "" - echo -n "" - fi - else - echo -n "" + echo -n "" + echo -n "" + echo -n "" + else + echo -n "" + echo -n "" + echo -n "" + fi + else + echo -n "" - if [[ -f /etc/openvpn/tls/certs/${host_name}.crt ]] - then - echo -n "" - echo -n "" - echo -n "" - else - echo -n "" - echo -n "" - echo -n "" - fi - fi - else - if [[ -f /etc/openvpn/tls/certs/${host_name}.crt ]] + if [[ -f /etc/openvpn/tls/certs/${src_name}.crt ]] + then + echo -n "" + echo -n "" + echo -n "" + else + echo -n "" + echo -n "" + echo -n "" + fi + fi + else + if [[ -f /etc/openvpn/tls/certs/${src_name}.crt ]] then - echo ";1" - else - echo ";0" - fi - fi - fi + echo ";1" + else + echo ";0" + fi + fi + fi fi done if [[ "${format}" == "html" ]] then - echo "
#IPHost NameConfigurationCertificates
Default Route VPNNo Default Route VPNCA Certificate (.crt)TC Certificate (.key)Private Key (.key)Cerificate Signing Request (.csr)Public Certificate (.crt)
External CrtInline CrtExternal CrtInline Crt
${idx}${ip}${host_name}\"Configuration\"Configuration\"Configuration\"Configuration\"Configuration\"Configuration\"CA
${src_id}${src_ip}${src_name}\"Configuration\"TC\"Configuration\"Configuration\"Configuration\"Configuration\"Configuration\"CA\"TC\"Private\"Certificat\"Public
\"Private\"Certificat\"Public
\"TC\"Private\"Certificat\"Public
\"Private\"Certificat\"Public
\"TC\"Private\"Certificat\"Public
\"Private\"Certificat\"Public
\"Private\"Certificat\"Public
\"Private\"Certificat\"Public
" - echo "

" - echo "
" - echo "

" + echo " " + echo "

" + echo "
" + echo "

" fi } @@ -758,54 +464,97 @@ Main_Board_Print () { if [[ "${format}" == "html" ]] then - echo "" + echo "" - if [[ "${filter}" == "owner" ]] - then - echo "

VPN Admin Board - My VPN

" - else - echo "

VPN Admin Board - All VPN

" - fi + if [[ "${admin}" == "true" ]] + then + admin_mode=" - Admin Mode" + else + admin_mode="" + fi + + case "${filter}" + in + "owner") + filter_mode="My VPN" + ;; + + "") + filter_mode="All VPN" + ;; + + *) + filter_mode="${filter} VPN" + ;; + esac - echo "

" - echo "
" - echo "" - echo " Date: $(/bin/date)
" - echo "

" - echo "
" - echo "" + echo "

VPN Admin Board: ${filter_mode}${admin_mode}

" + + + echo "

" + echo "
" + echo "" + echo " Date: $(/bin/date)
" + echo "

" + echo "
" + echo "" fi - External_VPN_Status_Board - VPN_Routing_Board + Destination_Status_Board + Source_Routing_Board VPN_OpenVPN_Board if [[ "${format}" == "html" ]] then - time_out=$(date +%s%N) - elaps=$((${time_out} - ${time_in})) - elaps_sec=$((${elaps} / 1000000000)) - elaps_mili=$(( ( ${elaps} / 1000000) - ( ${elaps_sec} * 1000))) + echo "

" + echo "
" + echo "
" + echo -n " " + + if [[ " ${ADMIN_USER_LIST} " == *" ${REMOTE_USER} "* ]] + then + if [[ "${admin}" == "true" ]] + then + echo -n "Non Admin Mode" + else + echo -n "Admin Mode" + fi - echo "

" - echo "
" - echo "
" - printf "Page generated in %d.%03d seconds" ${elaps_sec} ${elaps_mili} - echo "

" - echo "" - echo "
" - echo "" - echo "

" - echo " Rx3 Admin" - echo "

" - echo "" - echo "
" - echo "" - echo "

" - echo " \"Best" - echo " \"Valid" - echo " \"Valid" - echo "

" + echo -n "   " + fi + + if [[ "${filter}" != "" ]] + then + echo -n "All VPN" + fi + + echo "" + echo "

" + + time_out=$(date +%s%N) + elaps=$((${time_out} - ${time_in})) + elaps_sec=$((${elaps} / 1000000000)) + elaps_mili=$(( ( ${elaps} / 1000000) - ( ${elaps_sec} * 1000))) + + echo "

" + echo "
" + echo "
" + printf "Page generated in %d.%03d seconds" ${elaps_sec} ${elaps_mili} + echo "

" + echo "" + echo "
" + echo "" + echo "

" + echo " Rx3 Admin" + echo "

" + echo "" + echo "
" + echo "" + echo "

" + echo " \"Best" + echo " \"Valid" + echo " \"Valid" + echo "

" fi } @@ -831,6 +580,7 @@ vpn="" type="" redirect="" cmd_status="" +admin="" if [[ "${QUERY_STRING}" != "" ]] then @@ -848,37 +598,41 @@ then case "${var}" in - "cmd") - cmd=${arg} - ;; + "cmd") + cmd=${arg} + ;; - "format") - format=${arg} - ;; + "format") + format=${arg} + ;; - "filter") - filter=${arg} - ;; + "admin") + admin=${arg} + ;; - "ip") - ip=${arg} - ;; + "filter") + filter=${arg} + ;; - "vpn") - vpn=${arg} - ;; + "ip") + ip=${arg} + ;; - "type") - type=${arg} - ;; + "vpn") + vpn=${arg} + ;; - "filename") - filename=${arg} - ;; + "type") + type=${arg} + ;; - "defroute") - defroute=${arg} - ;; + "filename") + filename=${arg} + ;; + + "defroute") + defroute=${arg} + ;; esac shift @@ -893,150 +647,148 @@ fi + + #-------------------------------------------------------------------------------------------------------------------------- # Command Handler #-------------------------------------------------------------------------------------------------------------------------- -case "${cmd}" -in - "") - Header_Print - Main_Board_Print - Footer_Print - ;; +network_tab_load - "route_set") - owner=$(Lookup_Owner) +#network_tab_dump - if [[ "${REMOTE_USER}" == "${owner}" ]] - then - sudo /etc/init.d/rx3-net table_set $ip $((${vpn} + 3)) 2>&1 >/dev/null +if [[ ( ${admin} == "true") && ( " ${ADMIN_USER_LIST} " != *" ${REMOTE_USER} "*) ]] +then + cmd_status="${cmd}: Admin NOT_AUTHORIZED" - if [[ "$?" == 0 ]] - then - cmd_status="route_set: OK" - else - cmd_status="route_set: KO" - fi - else - cmd_status="route_set: NOT_AUTHORIZED" - fi - - redirect="${CGI_NAME}?filter=${filter}" - - Header_Print - Footer_Print - ;; - - "forward_set") - owner=$(Lookup_Owner) - - if [[ "${REMOTE_USER}" == "${owner}" ]] - then - sudo /etc/init.d/rx3-net forward_set $ip 2>&1 >/dev/null - if [[ "$?" == 0 ]] - then - cmd_status="forward_set: OK " - else - cmd_status="forward_set: KO" - fi - else - cmd_status="forward_set: NOT_AUTHORIZED" - fi - - redirect="${CGI_NAME}?filter=${filter}" - - Header_Print - Footer_Print - ;; - - "cert_download") - owner=$(Lookup_Owner) - - if [[ "${type}" == "ca" ]] || [[ "${type}" == "crt" ]] || [[ "${REMOTE_USER}" == "${owner}" ]] - then - cmd_status="cert_download: OK" - format="txt" - - case "${type}" - in - "ca") - file_name="ca.crt" - host_name="" - ;; - - "tc") - file_name="tc.key" - host_name="" - ;; - - *) - host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') - file_name="${host_name}.${type}" - ;; - esac - - Header_Print - sudo /usr/local/sbin/cert_dump ${type} ${host_name} - else - cmd_status="cert_download: NOT_AUTHORIZED" - - redirect="${CGI_NAME}?filter=${filter}" - - format="html" - Header_Print - Footer_Print - fi - ;; - - "config_download") - owner=$(Lookup_Owner) - - if [[ ( "${type}" == "ext") || ( ( "${type}" == "inline") && ( "${REMOTE_USER}" == "${owner}")) ]] - then - cmd_status="config_download: OK" - - host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') - template_name="rx3-client.ovpn" - - if [[ "${defroute}" == "false" ]] - then - defroute_pipe="sed s/#pull-filter/pull-filter/" - route_type="nodefroute" - else - defroute_pipe="cat" - route_type="defroute" - fi - - format="txt" - - if [[ "${type}" == "ext" ]] - then - file_name="${host_name}-${route_type}-external.ovpn" - Header_Print - - sed \"; sudo \/usr\/local\/sbin\/cert_dump ca; echo \"<\/ca>\")/" -e "s/cert tls\/certs\/CLIENT_FQDN.crt/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump crt CLIENT_FQDN; echo \"<\/cert>\")/" -e "s/key tls\/private\/CLIENT_FQDN.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump key CLIENT_FQDN; echo \"<\/key>\")/" -e "s/tls-crypt tls\/private\/tc.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump tc; echo \"<\/tls-crypt>\")/" -e "s/CLIENT_FQDN/${host_name}/g")\"" | ${defroute_pipe} - fi - else - cmd_status="config_download: NOT_AUTHORIZED" - - redirect="${CGI_NAME}?filter=${filter}" - - format="html" - Header_Print - Footer_Print - fi - ;; - - *) - cmd_status="${cmd}: UNKNOWN_CMD" - - Header_Print - Footer_Print - ;; -esac + redirect="?filter=${filter}" + + Header_Print + Footer_Print +else + + case "${cmd}" + in + "") + Header_Print + Main_Board_Print + Footer_Print + ;; + + "route_set") + network_src_tab_ip_lookup "${ip}" + network_src_tab_get "${src_id}" + + if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + sudo /usr/local/sbin/rx3_net_adm table_set ${ip} $((${vpn} + 3)) 1>&2 + + if [[ "$?" == 0 ]] + then + cmd_status="route_set: OK" + else + cmd_status="route_set: KO" + fi + else + cmd_status="route_set: NOT_AUTHORIZED [${REMOTE_USER}]/[${src_owner}]" + fi + + redirect="?admin=${admin}&filter=${filter}" + + Header_Print + Footer_Print + ;; + + "cert_download") + network_src_tab_ip_lookup "${ip}" + network_src_tab_get "${src_id}" + + if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ca") || ( "${type}" == "crt") ]] + then + cmd_status="cert_download: OK" + format="txt" + + case "${type}" + in + "ca") + file_name="ca.crt" + host_name="" + ;; + + "tc") + file_name="tc.key" + host_name="" + ;; + + *) + host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') + file_name="${host_name}.${type}" + ;; + esac + + Header_Print + sudo /usr/local/sbin/cert_dump ${type} ${host_name} + else + cmd_status="cert_download: NOT_AUTHORIZED" + + redirect="?admin=${admin}&filter=${filter}" + + format="html" + Header_Print + Footer_Print + fi + ;; + + "config_download") + network_src_tab_ip_lookup "${ip}" + network_src_tab_get "${src_id}" + + if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ext") ]] + then + cmd_status="config_download: OK" + + host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') + template_name="rx3-client.ovpn" + + if [[ "${defroute}" == "false" ]] + then + defroute_pipe="sed s/#pull-filter/pull-filter/" + route_type="nodefroute" + else + defroute_pipe="cat" + route_type="defroute" + fi + + format="txt" + + if [[ "${type}" == "ext" ]] + then + file_name="${host_name}-${route_type}-external.ovpn" + Header_Print + + sed \"; sudo \/usr\/local\/sbin\/cert_dump ca; echo \"<\/ca>\")/" -e "s/cert tls\/certs\/CLIENT_FQDN.crt/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump crt CLIENT_FQDN; echo \"<\/cert>\")/" -e "s/key tls\/private\/CLIENT_FQDN.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump key CLIENT_FQDN; echo \"<\/key>\")/" -e "s/tls-crypt tls\/private\/tc.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump tc; echo \"<\/tls-crypt>\")/" -e "s/CLIENT_FQDN/${host_name}/g")\"" | ${defroute_pipe} + fi + else + cmd_status="config_download: NOT_AUTHORIZED" + + redirect="?admin=${admin}&filter=${filter}" + + format="html" + Header_Print + Footer_Print + fi + ;; + + *) + cmd_status="${cmd}: UNKNOWN_CMD" + + Header_Print + Footer_Print + ;; + esac +fi