Rx3/network_tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

- First commit of the new version!

Browse Source
This commit is contained in:
Arnaud G. GIBERT
2025-06-23 11:34:42 +02:00
parent 218b34a909
commit 7efd2f514c
5 changed files with 1922 additions and 800 deletions
Download Patch File Download Diff File Expand all files Collapse all files

239
usr/local/lib/default.bash Normal file
View File

@@ -0,0 +1,239 @@
#!/bin/bash
if [[ "${DEFAULT_BASH}" != "" ]]
then
return
else
declare -g DEFAULT_BASH=1
fi
# Global Variable
#-----------------------------------------------------------------------------------------------------------------------------------
# Default Options
#-----------------------------------------------------------------------------------------------------------------------------------
shopt -s extglob
# Print Version
#-----------------------------------------------------------------------------------------------------------------------------------
version_print()
{
echo "$VERSION" | sed -e 's/.*: //' -e 's/-/ /' -e 's/_/\./g' -e 's/\$$//'
}
# Prin Help
#-----------------------------------------------------------------------------------------------------------------------------------
help_print()
{
echo "${NAME} ${HELP}"
}
# Quote Str
#-----------------------------------------------------------------------------------------------------------------------------------
quote_str()
{
local quoted=${1//\'/\'\\\'\'}
printf "'%s'" "$quoted"
}
# Escape Str
#-----------------------------------------------------------------------------------------------------------------------------------
escape_str()
{
echo "$*" | sed -e "s/\"/\\\\\"/g"
}
# Line Echo
#-----------------------------------------------------------------------------------------------------------------------------------
line_echo()
{
string="$1"
count="$2"
echo -en "\e[2K\r"
if [[ "${count}" != "" ]]
then
printf "%05d: %s" "${count}"
echo -en "${string}"
fi
}
# Err Echo
#-----------------------------------------------------------------------------------------------------------------------------------
err_echo()
{
echo "$@" 1>&2
}
# Exec CMD
#-----------------------------------------------------------------------------------------------------------------------------------
exec_cmd()
{
cmd="$1"
if [[ "${verbose}" == "true" ]]
then
echo "${cmd}" 1>&2
fi
if [[ "${dry_run}" != "true" ]]
then
eval "${cmd}"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# tab_assign
#--------------------------------------------------------------------------------------------------------------------------
tab_assign()
{
declare -n ta_tab=$1
ta_key=$2
ta_value=$3
if [[ "${ta_value}" == "-" ]]
then
ta_value=""
fi
ta_tab[${ta_key}]="${ta_value}"
}
#--------------------------------------------------------------------------------------------------------------------------
# var_assign
#--------------------------------------------------------------------------------------------------------------------------
var_assign()
{
declare -n va_var=$1
va_value=$2
va_mode=$3
if [[ "${va_value}" == "-" ]]
then
va_value=""
fi
if [[ "${va_mode}" == "INC" ]]
then
va_var="${va_var} ${va_value}"
else
va_var="${va_value}"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# file_lock
#--------------------------------------------------------------------------------------------------------------------------
file_lock()
{
fl_file="$1"
fl_mode="$2"
fl_desc="$3"
if [[ ( "${fl_mode}" == "EXCLUSIVE" ) || ( "${fl_mode}" == "WRITE" ) ]]
then
fl_flag="-x"
else
fl_flag="-s"
fi
if [[ "${fl_desc}" == "" ]]
then
fl_desc="9"
fi
eval "exec ${fl_desc}<>\"\${fl_file}\""
if ! flock ${fl_flag} -w 5 ${fl_desc}
then
err_echo "Failed to acquire read lock on: [${file}]"
exit 1
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# file_unlock
#--------------------------------------------------------------------------------------------------------------------------
file_unlock()
{
fu_desc="$1"
if [[ "${fu_desc}" == "" ]]
then
fu_desc="9"
fi
eval "exec ${fl_desc}<&-"
eval "exec ${fl_desc}>&-"
}

258
usr/local/lib/dns.bash Normal file
View File

@@ -0,0 +1,258 @@
#!/bin/bash
if [[ "${DNS_BASH}" != "" ]]
then
return
else
declare -g DNS_BASH=1
fi
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/global/lib/default.bash
#[ -e /var/cache/dns.cache ] && . /var/cache/dns.cache
# Global Variable
#-----------------------------------------------------------------------------------------------------------------------------------
declare -Ag DNS_A_TAB
declare -g DNS_A_ID_LIST
declare -Ag DNS_PTR_TAB
declare -g DNS_PTR_ID_LIST
declare -g DNS_CACHE_FILE="/var/cache/dns.cache"
declare -g DNS_CACHE_LOCK="/var/lock/network/dns.lock"
#declare -g DNS_CACHE_LOCK="${DNS_CACHE_FILE}"
declare -g DNS_CACHE_UPDATED=0
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_load
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_load()
{
file_lock "${DNS_CACHE_LOCK}" READ 9
if [[ ( -e "${DNS_CACHE_FILE}" ) && ( "${NETWORK_CONFIG_FILE}" -ot "${DNS_CACHE_FILE}" ) ]]
then
${LOG} 1>&2 "DNS: Read CacheFile"
while IFS= read -r line
do
line=${line%%#*}
if [[ ! -z "$line" ]]
then
set ${line}
dtl_type="$1"
dtl_key="$2"
dtl_value="$3"
dns_tab_put ${dtl_type} "${dtl_key}" "${dtl_value}"
fi
done < ${DNS_CACHE_FILE}
else
${LOG} 1>&2 "DNS: Init CacheFile"
>${DNS_CACHE_FILE}
fi
file_unlock 9
DNS_CACHE_UPDATED=0
}
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_save
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_save()
{
if [[ "${DNS_CACHE_UPDATED}" != "0" ]]
then
file_lock "${DNS_CACHE_LOCK}" WRITE 9
${LOG} 1>&2 "DNS: Write CacheFile"
(
for key in "${!DNS_A_TAB[@]}"
do
echo "A ${key} ${DNS_A_TAB[${key}]}"
done
for key in "${!DNS_PTR_TAB[@]}"
do
echo "PTR ${key} ${DNS_PTR_TAB[${key}]}"
done
) | sort -n >${DNS_CACHE_FILE}
file_unlock 9
DNS_CACHE_UPDATED=0
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_get
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_get()
{
dns_type="$1"
dns_key="$2"
case ${dns_type}
in
"A")
if [[ -v DNS_A_TAB["${dns_key}"] ]]
then
dns_value="${DNS_A_TAB["${dns_key}"]}"
else
${LOG} "DNS: Lookup failed: Type: [${dns_type}] Key: [${dns_key}]"
return 1
fi
;;
"PTR")
if [[ -v DNS_PTR_TAB["${dns_key}"] ]]
then
dns_value="${DNS_PTR_TAB["${dns_key}"]}"
else
${LOG} "DNS: Lookup failed: Type: [${dns_type}] Key: [${dns_key}]"
return 1
fi
;;
esac
${LOG} "DNS: Lookup succeed: Type: [${dns_type}] Key: [${dns_key}] Value: [${dns_value}]"
return 0
}
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_put
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_put()
{
dtp_type="$1"
dtp_key="$2"
dtp_value="$3"
${LOG} 1>&2 "DNS: Update cache entry: Type: [${dtp_type}] Key: [${dtp_key}] Value: [${dtp_value}]"
var_assign DNS_${dtp_type}_ID_LIST "${dtp_key}" INC
tab_assign DNS_${dtp_type}_TAB "${dtp_key}" "${dtp_value}"
DNS_CACHE_UPDATED=1
}
#--------------------------------------------------------------------------------------------------------------------------
# dns_lookup
#--------------------------------------------------------------------------------------------------------------------------
dns_lookup()
{
dl_type="$1"
dl_key="$2"
dl_flag="$3"
if [[ "${dl_flag}" != "NOCACHE" ]]
then
dns_tab_get ${dl_type} ${dl_key}
else
false
fi
if [[ "$?" != "0" ]]
then
${LOG} "DNS: Out of Cache: Type: [${dl_type}] Key: [${dl_key}] Flag: [${dl_flag}]"
case ${dl_type}
in
"A")
dns_value="$( dig +short ${dl_key} 2>/dev/null)"
;;
"PTR")
dns_value="$( dig +short -x ${dl_key} 2>/dev/null)"
dns_value="${dns_value%.}"
;;
esac
if [[ "${dl_flag}" != "NOCACHE" ]]
then
dns_tab_put "${dl_type}" "${dl_key}" "${dns_value}"
fi
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_dump
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_dump()
{
echo "DNS_A_ID_LIST: [${DNS_A_ID_LIST}]"
echo
echo "DNS_A_TAB:"
for key in "${!DNS_A_TAB[@]}"
do
echo "[${key}]: [${DNS_A_TAB[${key}]}]"
done | sort -n
echo
echo "DNS_PTR_ID_LIST: [${DNS_PTR_ID_LIST}]"
echo
echo "DNS_PTR_TAB:"
for key in "${!DNS_PTR_TAB[@]}"
do
echo "[${key}]: [${DNS_PTR_TAB[${key}]}]"
done | sort -n
echo
}

692
usr/local/lib/network.bash Normal file
View File

@@ -0,0 +1,692 @@
#!/bin/bash
if [[ "${NETWORK_BASH}" != "" ]]
then
return
fi
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/global/lib/default.bash
. /usr/global/lib/dns.bash
# Global Variable
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g NETWORK_BASH=1
declare -g NETWORK_OPENVPN_STATUS
declare -g NETWORK_SRC_TYPE
declare -Ag NETWORK_SRC_TAB
declare -g NETWORK_SRC_ID_LIST
declare -Ag NETWORK_SRC_IP_IDX
declare -g NETWORK_DST_TYPE
declare -Ag NETWORK_DST_TAB
declare -g NETWORK_DST_ID_LIST
declare -g NETWORK_CONFIG_FILE="/etc/sysconfig/rx3-network"
declare -g NETWORK_CONFIG_LOCK="/var/lock/network/rx3-network"
#declare -g NETWORK_CONFIG_LOCK="${NETWORK_CONFIG_FILE}"
file_lock ${NETWORK_CONFIG_LOCK} READ 9
[ -e "${NETWORK_CONFIG_FILE}" ] && . "${NETWORK_CONFIG_FILE}"
file_unlock 9
if [ ! -v LOG ]
then
LOG=":"
fi
#--------------------------------------------------------------------------------------------------------------------------
# network_common_load
#--------------------------------------------------------------------------------------------------------------------------
network_common_load()
{
NETWORK_OPENVPN_STATUS="$( sudo /usr/local/sbin/openvpn-status)"
NETWORK_TABLE_LIST=""
}
#--------------------------------------------------------------------------------------------------------------------------
# network_common_dump
#--------------------------------------------------------------------------------------------------------------------------
network_common_dump()
{
echo "NETWORK_OPENVPN_STATUS: [${NETWORK_OPENVPN_STATUS}]"
echo
echo "NETWORK_TABLE_LIST: [${NETWORK_TABLE_LIST}]"
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# network_dst_tab_load
#--------------------------------------------------------------------------------------------------------------------------
network_dst_tab_load()
{
ndtl_id=0
while IFS= read -r line
do
line=${line%%#*}
if [[ ! -z "$line" ]]
then
set ${line}
ndtl_name="$1"
ndtl_type="$2"
ndtl_device="$3"
ndtl_config="$4"
ndtl_table="$5"
var_assign NETWORK_DST_ID_LIST "${ndtl_id}" INC
tab_assign NETWORK_DST_TAB "${ndtl_id},Name" "${ndtl_name}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Type" "${ndtl_type}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Device" "${ndtl_device}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Config" "${ndtl_config}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Table" "${ndtl_table}"
var_assign NETWORK_TABLE_LIST "${ndtl_table}" INC
tab_assign NETWORK_DST_TAB "${ndtl_id},Status" "$( ip link show dev ${ndtl_device} 2>/dev/null | grep -q ",UP," && echo 1 || echo 0)"
dns_lookup A vpn${ndtl_id}.vpn.rx3 "NOCACHE"
tab_assign NETWORK_DST_TAB "${ndtl_id},IP" "${dns_value}"
case "${ndtl_type}"
in
"0")
set $(ip -s link show ${ndtl_device} 2>/dev/null ) &>/dev/null
ndtl_bytes_received="$( echo ${27} | numfmt --to=iec-i --suffix=B)"
ndtl_bytes_sent="$( echo ${40} | numfmt --to=iec-i --suffix=B)"
ndtl_uptime=""
;;
"1")
set $( echo "${NETWORK_OPENVPN_STATUS}" | grep ${ndtl_device}) &>/dev/null
# i=1; while [[ $i -lt 50 ]]; do eval "val=\${$i}"; echo "($i):[${val}]" 1>&2; i=$(( $i + 1)); done
ndtl_bytes_received="$( echo ${18/bytes,} | numfmt --to=iec-i --suffix=B)"
ndtl_bytes_sent="$( echo ${22/bytes,} | numfmt --to=iec-i --suffix=B)"
ndtl_start_date="$( grep "ext-client-${ndtl_device}.conf" /var/log/rx3-vpn.status 2>/dev/null | sed -e "s/.*Date: \[//" -e "s/\].*//")"
if [[ "${ndtl_start_date}" == "" ]]
then
ndtl_uptime=""
else
ndtl_uptime=$( echo "$(($(date +%s) - $(date -d "${ndtl_start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
fi
;;
esac
tab_assign NETWORK_DST_TAB "${ndtl_id},Bytes_Received" "${ndtl_bytes_received}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Bytes_Sent" "${ndtl_bytes_sent}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Uptime" "${ndtl_uptime}"
ndtl_id=$(( ${ndtl_id} + 1))
fi
done <<< ${NETWORK_DST_CONFIG}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_dst_tab_get
#--------------------------------------------------------------------------------------------------------------------------
network_dst_tab_get()
{
dst_id="$1"
dst_name=${NETWORK_DST_TAB["${dst_id},Name"]}
dst_type=${NETWORK_DST_TAB["${dst_id},Type"]}
dst_device=${NETWORK_DST_TAB["${dst_id},Device"]}
dst_config=${NETWORK_DST_TAB["${dst_id},Config"]}
dst_table=${NETWORK_DST_TAB["${dst_id},Table"]}
dst_status=${NETWORK_DST_TAB["${dst_id},Status"]}
dst_ip=${NETWORK_DST_TAB["${dst_id},IP"]}
dst_bytes_received=${NETWORK_DST_TAB["${dst_id},Bytes_Received"]}
dst_bytes_sent=${NETWORK_DST_TAB["${dst_id},Bytes_Sent"]}
dst_start_date=${NETWORK_DST_TAB["${dst_id},Start_Date"]}
dst_uptime=${NETWORK_DST_TAB["${dst_id},Uptime"]}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_dst_tab_dump
#--------------------------------------------------------------------------------------------------------------------------
network_dst_tab_dump()
{
echo "NETWORK_DST_ID_LIST: [${NETWORK_DST_ID_LIST}]"
echo
echo "NETWORK_DST_TAB:"
for key in "${!NETWORK_DST_TAB[@]}"
do
echo "[${key}]: [${NETWORK_DST_TAB[${key}]}]"
done | sort -n
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# network_src_tab_load
#--------------------------------------------------------------------------------------------------------------------------
network_src_tab_load()
{
nstl_id=0
nstl_port_default=3000
while IFS= read -r line
do
line=${line%%#*}
if [[ ! -z "$line" ]]
then
set ${line}
nstl_ip="$1"
nstl_type="$2"
nstl_owner="$3"
nstl_table="$4"
nstl_port_start="$5"
nstl_port_range="$6"
if [[ "${nstl_port_start}" == "-" ]]
then
nstl_port_start=${nstl_port_default}
fi
dns_lookup PTR ${nstl_ip}
nstl_name="${dns_value}"
case "${nstl_type}"
in
"0")
nstl_device=""
nstl_status="2"
nstl_bytes_received=""
nstl_bytes_sent=""
nstl_uptime=""
nstl_last_seen=""
;;
"1")
nstl_device="tun0"
nstl_status_line="$( echo "${NETWORK_OPENVPN_STATUS}" | grep "${nstl_device}.log: CLIENT_LIST.*${nstl_ip},")"
if [[ "${nstl_status_line}" == "" ]]
then
nstl_status="0"
nstl_bytes_received=""
nstl_bytes_sent=""
nstl_start_date=""
nstl_uptime=""
nstl_last_seen="$( stat -c "%x" /etc/openvpn/status/${nstl_name}.status 2>/dev/null | sed -e 's/\..*//')"
else
nstl_status="1"
IFS=,
set ${nstl_status_line} &>/dev/null
unset IFS
nstl_bytes_received=$( echo ${6} | numfmt --to=iec-i --suffix=B)
nstl_bytes_sent=$( echo ${7} | numfmt --to=iec-i --suffix=B)
nstl_start_date=${8}
nstl_uptime=$( echo "$(($(date +%s) - $(date -d "${nstl_start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
nstl_last_seen="$(stat -c "%x" /etc/openvpn/status/${nstl_name}.status 2>/dev/null | sed -e 's/\..*//')"
fi
;;
esac
if [[ " ${NETWORK_TABLE_LIST} " != *" ${nstl_table} "* ]]
then
err_echo "Invalid table number: [${nstl_table}] in network src entry: [${nstl_id}]!"
exit 1
fi
var_assign NETWORK_SRC_ID_LIST "${nstl_id}" INC
tab_assign NETWORK_SRC_TAB "${nstl_id},IP" "${nstl_ip}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Name" "${nstl_name}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Type" "${nstl_type}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Owner" "${nstl_owner}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Table" "${nstl_table}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Port_Start" "${nstl_port_start}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Port_Range" "${nstl_port_range}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Status" "${nstl_status}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Bytes_Received" "${nstl_bytes_received}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Bytes_Sent" "${nstl_bytes_sent}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Uptime" "${nstl_uptime}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Last_Seen" "${nstl_last_seen}"
tab_assign NETWORK_SRC_IP_IDX "${nstl_ip}" "${nstl_id}"
nstl_id=$(( ${nstl_id} + 1))
nstl_port_default=$(( ${nstl_port_start} + ${nstl_port_range}))
fi
done <<< ${NETWORK_SRC_CONFIG}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_src_tab_get
#--------------------------------------------------------------------------------------------------------------------------
network_src_tab_get()
{
src_id="$1"
src_ip=${NETWORK_SRC_TAB["${src_id},IP"]}
src_name=${NETWORK_SRC_TAB["${src_id},Name"]}
src_type=${NETWORK_SRC_TAB["${src_id},Type"]}
src_owner=${NETWORK_SRC_TAB["${src_id},Owner"]}
src_table=${NETWORK_SRC_TAB["${src_id},Table"]}
src_port_start=${NETWORK_SRC_TAB["${src_id},Port_Start"]}
src_port_range=${NETWORK_SRC_TAB["${src_id},Port_Range"]}
if [[ "${src_port_range}" != "0" ]]
then
src_port_end=$(( ${src_port_start} + ${src_port_range} - 1))
else
src_port_start=""
src_port_end=""
fi
src_status=${NETWORK_SRC_TAB["${src_id},Status"]}
src_bytes_received=${NETWORK_SRC_TAB["${src_id},Bytes_Received"]}
src_bytes_sent=${NETWORK_SRC_TAB["${src_id},Bytes_Sent"]}
src_start_date=${NETWORK_SRC_TAB["${src_id},Start_Date"]}
src_uptime=${NETWORK_SRC_TAB["${src_id},Uptime"]}
src_last_seen=${NETWORK_SRC_TAB["${src_id},Last_Seen"]}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_src_tab_dump
#--------------------------------------------------------------------------------------------------------------------------
network_src_tab_dump()
{
echo "NETWORK_SRC_ID_LIST: [${NETWORK_SRC_ID_LIST}]"
echo
echo "NETWORK_SRC_IP_IDX:"
for key in "${!NETWORK_SRC_IP_IDX[@]}"
do
echo "[${key}]: [${NETWORK_SRC_IP_IDX[${key}]}]"
done | sort -n
echo
echo "NETWORK_SRC_TAB:"
for key in "${!NETWORK_SRC_TAB[@]}"
do
echo "[${key}]: [${NETWORK_SRC_TAB[${key}]}]"
done | sort -n
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# network_src_tab_ip_lookup
#--------------------------------------------------------------------------------------------------------------------------
network_src_tab_ip_lookup()
{
src_ip="$1"
src_id=${NETWORK_SRC_IP_IDX["${src_ip}"]}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_tab_load
#--------------------------------------------------------------------------------------------------------------------------
network_tab_load()
{
dns_tab_load
network_common_load
network_dst_tab_load
network_src_tab_load
dns_tab_save
}
#--------------------------------------------------------------------------------------------------------------------------
# network_tab_dump
#--------------------------------------------------------------------------------------------------------------------------
network_tab_dump()
{
dns_tab_dump
network_common_dump
network_dst_tab_dump
network_src_tab_dump
}
#--------------------------------------------------------------------------------------------------------------------------
# network_table_init
#--------------------------------------------------------------------------------------------------------------------------
network_table_init()
{
${LOG} "Add Rx3 routes in VPN tables"
for table in ${TABLE_LIST}
do
for route in ${IP_ROUTE}
do
${DEBUG} ip route add ${route/:*/} table ${table} dev ${route/*:/}
done
done
${LOG} "Copy main default rule into table 3 (VPN Local routing table)"
if [[ "$(ip route list match 0.0.0.0 table main)" != "" ]]
then
${DEBUG} ip route add $(ip route list match 0.0.0.0 table main) table 3
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# network_table_deinit
#--------------------------------------------------------------------------------------------------------------------------
network_table_deinit()
{
${LOG} "Remove default route in table 3"
${DEBUG} ip route del default table 3
${LOG} "Remove Rx3 routes in VPN tables"
for table in ${TABLE_LIST}
do
for route in ${IP_ROUTE}
do
${DEBUG} ip route del ${route/:*/} table ${table} dev ${route/*:/} 2>/dev/null
done
done
}
#--------------------------------------------------------------------------------------------------------------------------
# network_table_set
#--------------------------------------------------------------------------------------------------------------------------
network_table_set()
{
nts_ip=$1
nts_table=$2
network_src_tab_ip_lookup "${nts_ip}"
if [[ "${src_id}" == "" ]]
then
err_echo "IP not found: [${nts_ip}]!"
return 1
fi
if [[ " ${NETWORK_TABLE_LIST} " != *" ${nts_table} "* ]]
then
err_echo "Table not found: [${nts_table}]!"
return 1
fi
tab_assign NETWORK_SRC_TAB "${src_id},Table" "${ts_table}"
${DEBUG} sed "/^NETWORK_SRC_CONFIG=\"/,/^\"/ { s/^\(${nts_ip//./\\.}[[:space:]]\+\([^\t ]\+[[:space:]]\+\)\{2\}\)[^[:space:]]\+/\1${nts_table}/ }" -i ${NETWORK_CONFIG_FILE}
${DEBUG} ip rule del from ${nts_ip} 2>/dev/null
${DEBUG} ip rule add from ${nts_ip} table ${nts_table}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_forward_add
#--------------------------------------------------------------------------------------------------------------------------
network_forward_add()
{
nfa_ip=$1
nfa_port_start=$2
nfa_port_end=$3
${DEBUG} iptables -t nat -A PREROUTING-VPN -p tcp -m tcp --dport ${nfa_port_start}:${nfa_port_end} -j DNAT --to ${nfa_ip}
${DEBUG} iptables -t nat -A PREROUTING-VPN -p udp -m udp --dport ${nfa_port_start}:${nfa_port_end} -j DNAT --to ${nfa_ip}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_forward_remove
#--------------------------------------------------------------------------------------------------------------------------
network_forward_remove()
{
nfr_ip=$1
nfr_port_start=$2
nfr_port_end=$3
${DEBUG} iptables -t nat -D PREROUTING-VPN -p tcp -m tcp --dport ${nfr_port_start}:${nfr_port_end} -j DNAT --to ${nfr_ip}
${DEBUG} iptables -t nat -D PREROUTING-VPN -p udp -m udp --dport ${nfr_port_start}:${nfr_port_end} -j DNAT --to ${nfr_ip}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_forward_start
#--------------------------------------------------------------------------------------------------------------------------
network_forward_start()
{
${LOG} "Create VPN forward chain"
${DEBUG} iptables -t nat -N PREROUTING-VPN
${LOG} "Add jump rule for VPN"
for dst_id in ${NETWORK_DST_ID_LIST}
do
network_dst_tab_get ${dst_id}
if [[ "${dst_type}" != "0" ]]
then
${DEBUG} iptables -t nat -A PREROUTING -i ${dst_device} -j PREROUTING-VPN
fi
done
${LOG} "Add VPN client addresse rules"
for src_id in ${NETWORK_SRC_ID_LIST}
do
network_src_tab_get ${src_id}
${DEBUG} ip rule add from ${src_ip} table ${src_table}
if [[ "${src_port_range}" != "0" ]]
then
network_forward_add "${src_ip}" "${src_port_start}" "${src_port_end}"
fi
done
}
#--------------------------------------------------------------------------------------------------------------------------
# network_forward_stop
#--------------------------------------------------------------------------------------------------------------------------
network_forward_stop()
{
${LOG} "Remove VPN client addresse rules"
for src_id in ${NETWORK_SRC_ID_LIST}
do
network_src_tab_get ${src_id}
${DEBUG} ip rule del from ${src_ip} 2>/dev/null
if [[ "${src_port_range}" != "0" ]]
then
network_forward_remove "${src_ip}" "${src_port_start}" "${src_port_end}"
fi
done
${LOG} "Remove Jump rule for VPN"
for dst_id in ${NETWORK_DST_ID_LIST}
do
network_dst_tab_get ${dst_id}
if [[ "${dst_type}" != "0" ]]
then
${DEBUG} iptables -t nat -D PREROUTING -i ${dst_device} -j PREROUTING-VPN
fi
done
${LOG} "Delete VPN forward chain"
${DEBUG} iptables -t nat -X PREROUTING-VPN
}
#--------------------------------------------------------------------------------------------------------------------------
# network_status
#--------------------------------------------------------------------------------------------------------------------------
network_status()
{
echo "Rules:"
ip rule show
echo
if [[ "${NETWORK_TABLE_LIST}" == "" ]]
then
echo "Network table list empty"
echo
else
for table in ${NETWORK_TABLE_LIST}
do
echo "Table ${table}:"
ip route list table ${table}
echo
done
fi
echo "Forward:"
iptables -t nat -L PREROUTING -v -n
echo
iptables -t nat -L PREROUTING-VPN -v -n
}

181
usr/local/sbin/rx3_net_adm Executable file
View File

@@ -0,0 +1,181 @@
#!/bin/bash
RETVAL=0
prog="rx3-net"
#DEBUG=""
DEBUG="echo"
#DEBUG=":"
LOG=":"
#LOG="echo"
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/local/lib/network.bash
# Some functions to make the below more readable
#--------------------------------------------------------------------------------------------------------------------------
# Rx3-Start
#--------------------------------------------------------------------------------------------------------------------------
rx3-start()
{
network_table_init
network_forward_start
}
#--------------------------------------------------------------------------------------------------------------------------
# Rx3-Stop
#--------------------------------------------------------------------------------------------------------------------------
rx3-stop()
{
network_forward_stop
network_table_deinit
return 0
}
#--------------------------------------------------------------------------------------------------------------------------
# Start
#--------------------------------------------------------------------------------------------------------------------------
start()
{
echo "Starting..."
if [ -r /var/lock/subsys/rx3-net ]
then
echo "already started"
RETVAL=0
else
rx3-start
RETVAL=$?
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/rx3-net
fi
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# Stop
#--------------------------------------------------------------------------------------------------------------------------
stop()
{
echo "Stopping..."
if [ -r /var/lock/subsys/rx3-net ]
then
rx3-stop
RETVAL=$?
else
echo "already stopped"
RETVAL=0
fi
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/rx3-net
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# Status
#--------------------------------------------------------------------------------------------------------------------------
status()
{
network_status
}
#--------------------------------------------------------------------------------------------------------------------------
# Dump
#--------------------------------------------------------------------------------------------------------------------------
dump()
{
network_tab_dump
}
#--------------------------------------------------------------------------------------------------------------------------
# Table-Set ()
#--------------------------------------------------------------------------------------------------------------------------
table_set()
{
echo "Setting ip:$1 table:$2"
network_table_set $1 $2
}
#--------------------------------------------------------------------------------------------------------------------------
# Main
#--------------------------------------------------------------------------------------------------------------------------
network_tab_load
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 1
start
;;
status)
status
;;
dump)
dump
;;
table_set)
table_set $2 $3
;;
*)
echo "Usage: $0 {start|stop|restart|status|dump|table_set}"
RETVAL=1
;;
esac
exit $RETVAL

586
var/www/cgi-bin/vpn-admin_board.cgi
View File

@@ -2,90 +2,10 @@
time_in=$(date +%s%N) time_in=$(date +%s%N)
. /etc/sysconfig/rx3-net . /usr/local/lib/network.bash
. /etc/sysconfig/rx3-vpn
CGI_NAME="vpn-admin_board.cgi"
VPN_TYPE[0]="IPSec"
VPN_TYPE[1]="OpenVPN"
VPN_TYPE[2]="L2TP"
VPN_TYPE[3]="PPTP"
VPN_TYPE[4]="NoVPN"
#--------------------------------------------------------------------------------------------------------------------------
# Lookup Source IP ()
#--------------------------------------------------------------------------------------------------------------------------
Lookup_Src_IP ()
{
lo_id=0
for lo_blk in ${IP_SRC_SN}
do
OIFS=${IFS}
IFS=:
set ${lo_blk}
lo_ip=$1
lo_table=$2
lo_owner=$3
lo_type=$4
IFS=${OIFS}
echo "${lo_ip}:${lo_table}:${lo_owner}:${lo_type}:${lo_type}:sn:${lo_id}"
lo_id=$((${lo_id}+1))
done
for lo_blk in ${IP_SRC_PTP}
do
OIFS=${IFS}
IFS=:
set ${lo_blk}
lo_id=$1
lo_table=$2
lo_owner=$3
lo_forward=$4
IFS=${OIFS}
for lo_type in 1 2 3
do
echo "${IP_PREFIX}.${lo_type}.${lo_id}:${lo_table}:${lo_owner}:${lo_type}:${lo_forward}:ptp:${lo_id}"
done
done
}
#--------------------------------------------------------------------------------------------------------------------------
# Lookup Owner ()
#--------------------------------------------------------------------------------------------------------------------------
Lookup_Owner ()
{
for lo_blk in $(Lookup_Src_IP)
do
OIFS=${IFS}
IFS=:
set ${lo_blk}
lo_ip=$1
lo_table=$2
lo_owner=$3
lo_type=$4
IFS=${OIFS}
if [[ "${ip}" == "${lo_ip}" ]]
then
echo ${lo_owner}
fi
done
}
#-------------------------------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------------------------------
@@ -171,10 +91,10 @@ Footer_Print ()
#-------------------------------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------------------------------
# External VPN Status Board # Destination Status Board
#-------------------------------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------------------------------
External_VPN_Status_Board () Destination_Status_Board ()
{ {
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
@@ -182,115 +102,40 @@ External_VPN_Status_Board ()
echo " <BR>" echo " <BR>"
echo " </P>" echo " </P>"
echo "" echo ""
echo " <H2>External VPN Status Board</H2>" echo " <H2>Destination Status Board</H2>"
echo "" echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">" echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">"
echo " <TR class=\"header\"><TD class=\"header\">#</TD><TD>Name</TD><TD>Type</TD><TD>Device</TD><TD>Address</TD><TD>Config</TD><TD>Table</TD><TD>Status</TD><TD>Bytes In</TD><TD>Bytes Out</TD><TD>UpTime</TD></TR>" echo " <TR class=\"header\"><TD class=\"header\">#</TD><TD>Name</TD><TD>Type</TD><TD>Device</TD><TD>Address</TD><TD>Config</TD><TD>Table</TD><TD>Status</TD><TD>Bytes In</TD><TD>Bytes Out</TD><TD>UpTime</TD></TR>"
else else
echo "TABLE: External_VPN_Status_Board" echo "TABLE: Destination_Status_Board"
echo "#;Name;Type;Device;Address;Config;Table;Status;Bytes In;Bytes Out;UpTime" echo "#;Name;Type;Device;Address;Config;Table;Status;Bytes In;Bytes Out;UpTime"
fi fi
idx=0
for blk in ${VPN_EXT_LIST} for dst_id in ${NETWORK_DST_ID_LIST}
do do
OIFS=${IFS} network_dst_tab_get ${dst_id}
IFS=:
set $blk
dev=$1
conf=$2
table=$3
name=$4
IFS=${OIFS}
case "${dev}" if [[ ${dst_status} == 0 ]]
in
"eth"*)
type="Local"
;;
"tun"*)
type="OpenVPN"
;;
"ppp"*)
type="PPTP"
;;
esac
/sbin/ifconfig ${dev} 2>/dev/null | grep UP >/dev/null
if [[ "$?" == 0 ]]
then then
status=1 dst_ip="-"
else
status=0
fi
if [[ ${status} == 0 ]]
then
address="-"
else
case "${type}" in
"Local"|"PPTP")
address="$(ip addr show dev ${dev} | grep "inet " | grep -v "${dev}:" | awk '{print $2;}' | sed -e 's/\/.*//')"
;;
"OpenVPN")
# address="$(sudo /usr/local/sbin/ns-launch 3 ${table} /usr/local/bin/my_address_get)"
address="$(host vpn${idx}.vpn.rx3 | sed -e 's/.*address //')"
;;
esac
fi
if [[ "${conf}" == "" ]]
then
conf="-"
bytes_received="-"
bytes_sent="-"
uptime="-"
else
if [[ "${status}" == "1" ]]
then
if [[ "$type" == "OpenVPN" ]]
then
bytes_received=$(sudo /usr/local/sbin/openvpn-status ${dev} | grep -e "TCP/UDP read bytes" | sed -e "s/.*,//" | numfmt --to=iec-i --suffix=B)
bytes_sent=$(sudo /usr/local/sbin/openvpn-status ${dev} | grep -e "TCP/UDP write bytes" | sed -e "s/.*,//" | numfmt --to=iec-i --suffix=B)
start_date=$(grep "ext-client-${dev}.conf" /var/log/rx3-vpn.status 2>/dev/null | sed -e "s/.*Date: \[//" -e "s/\].*//")
uptime=$(echo "$(($(date +%s) - $(date -d "${start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
else
bytes_received="-"
bytes_sent="-"
start_date="-"
uptime="-"
fi
else
bytes_received="-"
bytes_sent="-"
uptime="-"
fi
fi fi
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
echo -n "<TR><TD class="header">${idx}</TD><TD>${name}</TD><TD>${type}</TD><TD>${dev}</TD><TD>${address}</TD><TD>${conf}</TD><TD>${table}</TD><TD>" echo -n "<TR><TD class="header">${dst_id}</TD><TD>${dst_name}</TD><TD>${NETWORK_DST_TYPE[${dst_type}]}</TD><TD>${dst_device}</TD><TD>${dst_ip}</TD><TD>${dst_config}</TD><TD>${dst_table}</TD><TD>"
if [[ "${status}" == 1 ]] if [[ "${dst_status}" == 1 ]]
then then
echo -n "<IMG SRC=\"../icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></TD>" echo -n "<IMG SRC=\"../icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></TD>"
else else
echo -n "<IMG SRC=\"../icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></TD>" echo -n "<IMG SRC=\"../icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></TD>"
fi fi
echo "<TD>${bytes_received}</TD><TD>${bytes_sent}</TD><TD>${uptime}</TD>" echo "<TD>${dst_bytes_received:--}</TD><TD>${dst_bytes_sent:--}</TD><TD>${dst_uptime:--}</TD>"
else else
echo "${idx};${name};${type};${dev};${conf};${table};${status};${bytes_received};${bytes_sent};${uptime}" echo "${dst_id};${dst_name};${NETWORK_DST_TYPE[${dst_type}]};${dst_device};${dst_ip};${dst_config};${dst_table};${dst_status};${dst_bytes_received};${dst_bytes_sent};${dst_uptime}"
fi fi
idx=$((idx+1))
done done
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
@@ -308,14 +153,18 @@ External_VPN_Status_Board ()
#-------------------------------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------------------------------
# VPN Routing Board Line # Source Routing Board Line
#-------------------------------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------------------------------
VPN_Routing_Board_Line() Source_Routing_Board_Line()
{ {
if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${owner}") ]] src_id=$1
network_src_tab_get ${src_id}
if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${src_owner}") ]]
then then
if [[ "${REMOTE_USER}" == "${owner}" ]] if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then then
class="default" class="default"
else else
@@ -327,117 +176,23 @@ VPN_Routing_Board_Line()
fi fi
fi fi
else else
# filter == user not owner of this line
class="skip" class="skip"
fi fi
if [[ "${class}" != "skip" ]] if [[ "${class}" != "skip" ]]
then then
host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') host_name=${src_name}
case "${vpn_type}"
in
"0")
/sbin/ifconfig ipsec0 2>/dev/null | grep UP >/dev/null
if [[ "$?" == 0 ]]
then
dev=ipsec0
status=1
else
dev="-"
status=0
fi
;;
"1")
dev="tun0"
status_line="$(sudo /usr/local/sbin/openvpn-status ${dev} | grep "CLIENT_LIST.*${ip},")"
if [[ "${status_line}" == "" ]]
then
bytes_received="-"
bytes_sent="-"
uptime="-"
status=0
last_seen="$(stat -c "%x" /etc/openvpn/status/${host_name}.status | sed -e 's/\..*//')"
else
status=1
OIFS=${IFS}
IFS=,
set ${status_line}
header=$1
h_name=$2
h_ip=$3
v_ip=$4
v_ip6=$5
v_bytes_received=$6
v_bytes_sent=$7
v_date=$8
v_uptime=$9
IFS=${OIFS}
bytes_received="$(echo ${v_bytes_received} | numfmt --to=iec-i --suffix=B)"
bytes_sent="$(echo ${v_bytes_sent} | numfmt --to=iec-i --suffix=B)"
uptime=$(echo "$(($(date +%s) - $(date -d "${v_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
last_seen="$(date +"%Y/%m/%d %H:%M:%S")"
fi
;;
"2" | "3")
/sbin/ifconfig 2>/dev/null | grep "P-t-P:${ip} " >/dev/null
if [[ "$?" == 0 ]]
then
dev=$(/sbin/route -n 2>/dev/null | grep "^${ip}" | awk '{print $8}')
bytes_received="-"
bytes_sent="-"
uptime="-"
lastseen="-"
status=1
else
dev="-"
bytes_received="-"
bytes_sent="-"
uptime="-"
last_seen="-"
status=0
fi
;;
*)
dev="-"
bytes_received="-"
bytes_sent="-"
uptime="-"
last_seen="-"
status=2
;;
esac
if [[ "${forward}" == "${vpn_type}" ]]
then
if [[ "${net_type}" == "sn" ]]
then
port_start=$((3000+${vpn_id}*100))
else
port_start=$((33000+${vpn_id}*100))
fi
port_end=$((${port_start}+99))
else
port_start=""
port_end=""
fi
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
echo -n "<TR class="${class}"><TD class="header">${idx}</TD>" echo -n "<TR class="${class}"><TD class="header">${src_id}</TD>"
echo "<TD>${VPN_TYPE[${vpn_type}]}</TD><TD>${ip}</TD><TD>${host_name}</TD>" echo -n "<TD>${NETWORK_SRC_TYPE[${src_type}]}</TD><TD>${src_ip}</TD><TD>${host_name}</TD>"
case "${status}" case "${src_status}"
in in
"0") "0")
echo -n "<TD><IMG SRC=\"../icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></TD>" echo -n "<TD><IMG SRC=\"../icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></TD>"
@@ -452,77 +207,58 @@ VPN_Routing_Board_Line()
;; ;;
esac esac
echo -n "<TD>${dev}</TD>" echo -n "<TD>${src_device}</TD>"
else else
echo -n "${idx};${VPN_TYPE[${vpn_type}]};${ip};${host_name};${status};${dev};" echo -n "${src_id};${NETWORK_SRC_TYPE[${src_type}]};${src_ip};${host_name};${status};${src_device};"
fi fi
i=0 for dst_id in ${NETWORK_DST_ID_LIST}
for blk in ${VPN_EXT_LIST}
do do
network_dst_tab_get ${dst_id}
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
echo -n "<TD><TABLE class=\"${class}\" BORDER=\"0\" WIDTH=\"100%\"><TR><TD class=\"half\">" echo -n "<TD><TABLE class=\"${class}\" BORDER=\"0\" WIDTH=\"100%\"><TR><TD class=\"half\">"
if [[ $i == $id ]] if [[ "${dst_table}" == "${src_table}" ]]
then then
echo -n "<IMG SRC=\"../icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></TD><TD>&nbsp;" echo -n "<IMG SRC=\"../icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></TD><TD>&nbsp;"
else else
echo -n "<IMG SRC=\"../icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></TD><TD>" echo -n "<IMG SRC=\"../icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></TD><TD>"
if [[ "${REMOTE_USER}" == "${owner}" ]] if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then then
echo -n "<A HREF=\"${CGI_NAME}?cmd=route_set&amp;filter=${filter}&amp;ip=${ip}&amp;vpn=${i}\"><IMG SRC=\"../icons/user-invisible.png\" TITLE=\"Activate\" ALT=\"Activate\"></A>" echo -n "<A HREF=\"?cmd=route_set&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;vpn=${dst_id}\"><IMG SRC=\"../icons/user-invisible.png\" TITLE=\"Activate\" ALT=\"Activate\"></A>"
else else
echo -n "&nbsp;" echo -n "&nbsp;"
fi fi
fi fi
echo -n "</TD></TR></TABLE>" echo -n "</TD></TR></TABLE></TD>"
else else
if [[ $i == $id ]] if [[ "${dst_table}" == "${src_table}" ]]
then then
echo -n "1;" echo -n "1;"
else else
echo -n "0;" echo -n "0;"
fi fi
fi fi
i=$((i + 1))
done done
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
if [[ "${forward}" == "${vpn_type}" ]] if [[ "${port_range}" != "0" ]]
then then
echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></TD>" echo -n "<TD>${src_port_range}</TD><TD>${src_port_start:--}</TD><TD>${src_port_end:--}</TD>"
echo -n "<TD>${port_start}</TD><TD>${port_end}</TD>"
else else
echo -n "<TD>${src_port_range}</TD><TD>-</TD><TD>-</TD>"
if [[ "${REMOTE_USER}" == "${owner}" ]]
then
echo -n "<TD><A HREF=\"${CGI_NAME}?cmd=forward_set&amp;filter=${filter}&amp;ip=${ip}\"><IMG SRC=\"../icons/user-invisible.png\" TITLE=\"Activate\" ALT=\"Activate\"></A></TD>"
else
echo -n "<TD>&nbsp;</TD>"
fi fi
echo -n "<TD>&nbsp;</TD><TD>&nbsp;</TD>" echo "<TD><A HREF=\"?admin=${admin}&amp;filter=${src_owner}\">${src_owner}</A></TD><TD>${src_bytes_received:--}</TD><TD>${src_bytes_sent:--}</TD><TD>${src_uptime:--}</TD><TD>${src_last_seen:--}</TD></TR>"
fi
echo "<TD><A HREF="?filter=${owner}">${owner}</A></TD><TD>${bytes_received}</TD><TD>${bytes_sent}</TD><TD>${uptime}</TD><TD>${last_seen}</TD></TR>"
else else
echo "${src_port_range};${src_port_start};${src_port_end};${src_owner};${src_bytes_received};${src_bytes_sent};${src_uptime};${src_last_seen}"
if [[ "${forward}" == "${vpn_type}" ]]
then
echo -n "1;"
else
echo -n "0;"
fi
echo "${port_start};${port_end};${owner};${bytes_received};${bytes_sent};${uptime};${last_seen}"
fi fi
fi fi
@@ -531,10 +267,10 @@ VPN_Routing_Board_Line()
#-------------------------------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------------------------------
# VPN Routing Board # Source Routing Board
#-------------------------------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------------------------------
VPN_Routing_Board() Source_Routing_Board()
{ {
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
@@ -542,63 +278,43 @@ VPN_Routing_Board()
echo " <BR>" echo " <BR>"
echo " </P>" echo " </P>"
echo "" echo ""
echo " <H2>VPN Routing Board</H2>" echo " <H2>Source Routing Board</H2>"
echo "" echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">" echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">"
echo -n " <TR class="header"><TD class="header">#</TD><TD>Type</TD><TD>IP</TD><TD>Host Name</TD><TD>Status</TD><TD>Device</TD>" echo -n " <TR class="header"><TD class="header">#</TD><TD>Type</TD><TD>IP</TD><TD>Host Name</TD><TD>Status</TD><TD>Device</TD>"
else else
echo "TABLE: VPN_Routing_Board" echo "TABLE: Source_Routing_Board"
echo -n "#;Type;IP;Host Name;Status;Device;" echo -n "#;Type;IP;Host Name;Status;Device;"
fi fi
for blk in ${VPN_EXT_LIST}
for dst_id in ${NETWORK_DST_ID_LIST}
do do
OIFS=${IFS} network_dst_tab_get ${dst_id}
IFS=:
set $blk
dev=$1
conf=$2
table=$3
name=$4
IFS=${OIFS}
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
echo -n "<TD>${name}</TD>" echo -n "<TD>${dst_name}</TD>"
else else
echo -n "${name};" echo -n "${dst_name};"
fi fi
done done
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
echo "<TD>Forward</TD><TD>From Port</TD><TD>To Port</TD><TD>Owner</TD><TD>Bytes In</TD><TD>Bytes Out</TD><TD>UpTime</TD><TD>Last Seen</TD></TR>" echo "<TD>Port Range</TD><TD>From Port</TD><TD>To Port</TD><TD>Owner</TD><TD>Bytes In</TD><TD>Bytes Out</TD><TD>UpTime</TD><TD>Last Seen</TD></TR>"
else else
echo "Forward;From Port;To Port;Owner;Bytes In;Bytes Out;UpTime;Last Seen" echo "Port Range;From Port;To Port;Owner;Bytes In;Bytes Out;UpTime;Last Seen"
fi fi
idx=0
for blk in $(Lookup_Src_IP) for src_id in ${NETWORK_SRC_ID_LIST}
do do
OIFS=${IFS} Source_Routing_Board_Line ${src_id}
IFS=:
set $blk
ip=$1
table=$2
owner=$3
vpn_type=$4
forward=$5
net_type=$6
vpn_id=$7
IFS=${OIFS}
id=$((table - 3))
idx=$((idx+1))
VPN_Routing_Board_Line
done done
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
echo " </TABLE>" echo " </TABLE>"
@@ -633,26 +349,16 @@ VPN_OpenVPN_Board()
echo "#;IP;Host Name;Certificate" echo "#;IP;Host Name;Certificate"
fi fi
idx=0
for blk in $(Lookup_Src_IP) for src_id in ${NETWORK_SRC_ID_LIST}
do do
OIFS=${IFS} network_src_tab_get ${src_id}
IFS=:
set $blk
ip=$1
table=$2
owner=$3
type=$4
IFS=${OIFS}
if [[ "${type}" == 1 ]] if [[ "${src_type}" == 1 ]]
then then
idx=$((idx+1)) if [[ ( "${filter}" == "") ||( "${filter}" == "owner") || ( "${filter}" == "${src_owner}") ]]
if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${owner}") ]]
then then
if [[ "${REMOTE_USER}" == "${owner}" ]] if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then then
class="default" class="default"
else else
@@ -664,50 +370,50 @@ VPN_OpenVPN_Board()
fi fi
fi fi
else else
# filter == user not owner of this line
class="skip" class="skip"
fi fi
if [[ "${class}" != "skip" ]] if [[ "${class}" != "skip" ]]
then then
host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//')
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
echo -n "<TR class=\"${class}\"><TD class=\"header\">${idx}</TD><TD>${ip}</TD><TD>${host_name}</TD>" echo -n "<TR class=\"${class}\"><TD class=\"header\">${src_id}</TD><TD>${src_ip}</TD><TD>${src_name}</TD>"
echo -n "<TD><A HREF=\"${CGI_NAME}?cmd=config_download&amp;ip=${ip}&amp;defroute=true&amp;type=ext\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration Default Route External Certificates\" ALT=\"Configuration External Certificates\"></A></TD>" echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;defroute=true&amp;type=ext\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration Default Route External Certificates\" ALT=\"Configuration External Certificates\"></A></TD>"
if [[ "${REMOTE_USER}" == "${owner}" ]] if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then then
echo -n "<TD><A HREF=\"${CGI_NAME}?cmd=config_download&amp;ip=${ip}&amp;defroute=true&amp;type=inline\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration Default Route Inline Certificates\" ALT=\"Configuration Inline Certificates\"></A></TD>" echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;defroute=true&amp;type=inline\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration Default Route Inline Certificates\" ALT=\"Configuration Inline Certificates\"></A></TD>"
else else
echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration Inline Certificates\" ALT=\"Configuration Inline Certificates\"></TD>" echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration Inline Certificates\" ALT=\"Configuration Inline Certificates\"></TD>"
fi fi
echo -n "<TD><A HREF=\"${CGI_NAME}?cmd=config_download&amp;ip=${ip}&amp;defroute=false&amp;type=ext\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration NoDefault Route External Certificates\" ALT=\"Configuration External Certificates\"></A></TD>" echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;defroute=false&amp;type=ext\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration NoDefault Route External Certificates\" ALT=\"Configuration External Certificates\"></A></TD>"
if [[ "${REMOTE_USER}" == "${owner}" ]] if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then then
echo -n "<TD><A HREF=\"${CGI_NAME}?cmd=config_download&amp;ip=${ip}&amp;defroute=false&amp;type=inline\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration NoDefault Route Inline Certificates\" ALT=\"Configuration Inline Certificates\"></A></TD>" echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;defroute=false&amp;type=inline\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration NoDefault Route Inline Certificates\" ALT=\"Configuration Inline Certificates\"></A></TD>"
else else
echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration Inline Certificates\" ALT=\"Configuration Inline Certificates\"></TD>" echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"Configuration Inline Certificates\" ALT=\"Configuration Inline Certificates\"></TD>"
fi fi
else else
echo -n "${idx};${ip};${host_name}" echo -n "${src_id};${src_ip};${src_name}"
fi fi
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
echo -n "<TD><A HREF=\"${CGI_NAME}?cmd=cert_download&amp;filter=${filter}&amp;ip=${ip}&amp;type=ca\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"CA Certificate\" ALT=\"CA Certificate\"></A></TD>" echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;type=ca\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"CA Certificate\" ALT=\"CA Certificate\"></A></TD>"
if [[ "${REMOTE_USER}" == "${owner}" ]] if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then then
echo -n "<TD><A HREF=\"${CGI_NAME}?cmd=cert_download&amp;filter=${filter}&amp;ip=${ip}&amp;type=tc\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"TC Certificate\" ALT=\"TC Certificate\"></A></TD>" echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;type=tc\" ><IMG SRC=\"../icons/user-online.png\" TITLE=\"TC Certificate\" ALT=\"TC Certificate\"></A></TD>"
if [[ -f /etc/openvpn/tls/certs/${host_name}.crt ]] if [[ -f /etc/openvpn/tls/certs/${src_name}.crt ]]
then then
echo -n "<TD><A HREF=\"${CGI_NAME}?cmd=cert_download&amp;filter=${filter}&amp;ip=${ip}&amp;type=key\"><IMG SRC=\"../icons/user-online.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></A></TD>" echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;type=key\"><IMG SRC=\"../icons/user-online.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></A></TD>"
echo -n "<TD><A HREF=\"${CGI_NAME}?cmd=cert_download&amp;filter=${filter}&amp;ip=${ip}&amp;type=csr\"><IMG SRC=\"../icons/user-online.png\" TITLE=\"Certificate Signing Request\" ALT=\"Certificat Signing Request\"></A></TD>" echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;type=csr\"><IMG SRC=\"../icons/user-online.png\" TITLE=\"Certificate Signing Request\" ALT=\"Certificat Signing Request\"></A></TD>"
echo -n "<TD><A HREF=\"${CGI_NAME}?cmd=cert_download&amp;filter=${filter}&amp;ip=${ip}&amp;type=crt\"><IMG SRC=\"../icons/user-online.png\" TITLE=\"Public Certificate\" ALT=\"Public Certificate\"></A></TD></TR>" echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;type=crt\"><IMG SRC=\"../icons/user-online.png\" TITLE=\"Public Certificate\" ALT=\"Public Certificate\"></A></TD></TR>"
else else
echo -n "<TD><IMG SRC=\"../icons/user-busy.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></TD>" echo -n "<TD><IMG SRC=\"../icons/user-busy.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></TD>"
echo -n "<TD><IMG SRC=\"../icons/user-busy.png\" TITLE=\"Certificat Signing Request\" ALT=\"Certificat Signing Request\"></TD>" echo -n "<TD><IMG SRC=\"../icons/user-busy.png\" TITLE=\"Certificat Signing Request\" ALT=\"Certificat Signing Request\"></TD>"
@@ -716,7 +422,7 @@ VPN_OpenVPN_Board()
else else
echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"TC Certificate\" ALT=\"TC Certificate\"></TD>" echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"TC Certificate\" ALT=\"TC Certificate\"></TD>"
if [[ -f /etc/openvpn/tls/certs/${host_name}.crt ]] if [[ -f /etc/openvpn/tls/certs/${src_name}.crt ]]
then then
echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></TD>" echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></TD>"
echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"Certificat Signing Request\" ALT=\"Certificat Signing Request\"></TD>" echo -n "<TD><IMG SRC=\"../icons/user-online.png\" TITLE=\"Certificat Signing Request\" ALT=\"Certificat Signing Request\"></TD>"
@@ -728,7 +434,7 @@ VPN_OpenVPN_Board()
fi fi
fi fi
else else
if [[ -f /etc/openvpn/tls/certs/${host_name}.crt ]] if [[ -f /etc/openvpn/tls/certs/${src_name}.crt ]]
then then
echo ";1" echo ";1"
else else
@@ -760,13 +466,31 @@ Main_Board_Print ()
then then
echo "" echo ""
if [[ "${filter}" == "owner" ]] if [[ "${admin}" == "true" ]]
then then
echo " <H1>VPN Admin Board - My VPN</H1>" admin_mode=" - Admin Mode"
else else
echo " <H1>VPN Admin Board - All VPN</H1>" admin_mode=""
fi fi
case "${filter}"
in
"owner")
filter_mode="My VPN"
;;
"")
filter_mode="All VPN"
;;
*)
filter_mode="${filter} VPN"
;;
esac
echo " <H1>VPN Admin Board: ${filter_mode}${admin_mode}</H1>"
echo " <P>" echo " <P>"
echo " <BR>" echo " <BR>"
echo "" echo ""
@@ -776,12 +500,37 @@ Main_Board_Print ()
echo "" echo ""
fi fi
External_VPN_Status_Board Destination_Status_Board
VPN_Routing_Board Source_Routing_Board
VPN_OpenVPN_Board VPN_OpenVPN_Board
if [[ "${format}" == "html" ]] if [[ "${format}" == "html" ]]
then then
echo " <P>"
echo " <BR>"
echo " <BR>"
echo -n " "
if [[ " ${ADMIN_USER_LIST} " == *" ${REMOTE_USER} "* ]]
then
if [[ "${admin}" == "true" ]]
then
echo -n "<A HREF=\"?filter=${filter}\">Non Admin Mode</A>"
else
echo -n "<A HREF=\"?admin=true&amp;filter=${filter}\">Admin Mode</A>"
fi
echo -n "&nbsp;&nbsp;&nbsp;"
fi
if [[ "${filter}" != "" ]]
then
echo -n "<A HREF=\"?admin=${admin}\">All VPN</A>"
fi
echo ""
echo " </P>"
time_out=$(date +%s%N) time_out=$(date +%s%N)
elaps=$((${time_out} - ${time_in})) elaps=$((${time_out} - ${time_in}))
elaps_sec=$((${elaps} / 1000000000)) elaps_sec=$((${elaps} / 1000000000))
@@ -831,6 +580,7 @@ vpn=""
type="" type=""
redirect="" redirect=""
cmd_status="" cmd_status=""
admin=""
if [[ "${QUERY_STRING}" != "" ]] if [[ "${QUERY_STRING}" != "" ]]
then then
@@ -856,6 +606,10 @@ then
format=${arg} format=${arg}
;; ;;
"admin")
admin=${arg}
;;
"filter") "filter")
filter=${arg} filter=${arg}
;; ;;
@@ -893,12 +647,28 @@ fi
#-------------------------------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------------------------------
# Command Handler # Command Handler
#-------------------------------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------------------------------
case "${cmd}" network_tab_load
in
#network_tab_dump
if [[ ( ${admin} == "true") && ( " ${ADMIN_USER_LIST} " != *" ${REMOTE_USER} "*) ]]
then
cmd_status="${cmd}: Admin NOT_AUTHORIZED"
redirect="?filter=${filter}"
Header_Print
Footer_Print
else
case "${cmd}"
in
"") "")
Header_Print Header_Print
Main_Board_Print Main_Board_Print
@@ -906,11 +676,12 @@ in
;; ;;
"route_set") "route_set")
owner=$(Lookup_Owner) network_src_tab_ip_lookup "${ip}"
network_src_tab_get "${src_id}"
if [[ "${REMOTE_USER}" == "${owner}" ]] if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then then
sudo /etc/init.d/rx3-net table_set $ip $((${vpn} + 3)) 2>&1 >/dev/null sudo /usr/local/sbin/rx3_net_adm table_set ${ip} $((${vpn} + 3)) 1>&2
if [[ "$?" == 0 ]] if [[ "$?" == 0 ]]
then then
@@ -919,41 +690,20 @@ in
cmd_status="route_set: KO" cmd_status="route_set: KO"
fi fi
else else
cmd_status="route_set: NOT_AUTHORIZED" cmd_status="route_set: NOT_AUTHORIZED [${REMOTE_USER}]/[${src_owner}]"
fi fi
redirect="${CGI_NAME}?filter=${filter}" redirect="?admin=${admin}&amp;filter=${filter}"
Header_Print
Footer_Print
;;
"forward_set")
owner=$(Lookup_Owner)
if [[ "${REMOTE_USER}" == "${owner}" ]]
then
sudo /etc/init.d/rx3-net forward_set $ip 2>&1 >/dev/null
if [[ "$?" == 0 ]]
then
cmd_status="forward_set: OK "
else
cmd_status="forward_set: KO"
fi
else
cmd_status="forward_set: NOT_AUTHORIZED"
fi
redirect="${CGI_NAME}?filter=${filter}"
Header_Print Header_Print
Footer_Print Footer_Print
;; ;;
"cert_download") "cert_download")
owner=$(Lookup_Owner) network_src_tab_ip_lookup "${ip}"
network_src_tab_get "${src_id}"
if [[ "${type}" == "ca" ]] || [[ "${type}" == "crt" ]] || [[ "${REMOTE_USER}" == "${owner}" ]] if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ca") || ( "${type}" == "crt") ]]
then then
cmd_status="cert_download: OK" cmd_status="cert_download: OK"
format="txt" format="txt"
@@ -981,7 +731,7 @@ in
else else
cmd_status="cert_download: NOT_AUTHORIZED" cmd_status="cert_download: NOT_AUTHORIZED"
redirect="${CGI_NAME}?filter=${filter}" redirect="?admin=${admin}&amp;filter=${filter}"
format="html" format="html"
Header_Print Header_Print
@@ -990,9 +740,10 @@ in
;; ;;
"config_download") "config_download")
owner=$(Lookup_Owner) network_src_tab_ip_lookup "${ip}"
network_src_tab_get "${src_id}"
if [[ ( "${type}" == "ext") || ( ( "${type}" == "inline") && ( "${REMOTE_USER}" == "${owner}")) ]] if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ext") ]]
then then
cmd_status="config_download: OK" cmd_status="config_download: OK"
@@ -1025,7 +776,7 @@ in
else else
cmd_status="config_download: NOT_AUTHORIZED" cmd_status="config_download: NOT_AUTHORIZED"
redirect="${CGI_NAME}?filter=${filter}" redirect="?admin=${admin}&amp;filter=${filter}"
format="html" format="html"
Header_Print Header_Print
@@ -1039,4 +790,5 @@ in
Header_Print Header_Print
Footer_Print Footer_Print
;; ;;
esac esac
fi