diff options
author | jim-p <jimp@netgate.com> | 2019-01-21 14:21:00 -0500 |
---|---|---|
committer | jim-p <jimp@netgate.com> | 2019-01-21 14:22:19 -0500 |
commit | 0b07930db7df24708a097af92548ac40450b478c (patch) | |
tree | 6085ba71ab0cbc89b64cfb718dce7b5fadac9027 | |
parent | 5c8aaa20a730931d0fa5027ddae368bc649e6b6e (diff) | |
download | pfsense-0b07930db7df24708a097af92548ac40450b478c.zip pfsense-0b07930db7df24708a097af92548ac40450b478c.tar.gz |
Packet capture page fixes. Fixes #9239
* Add "None" output level
* Detect large files and refuse to print them in the GUI textarea
* Ensure output buffering is off before doing readfile to avoid PHP
consuming memory while downloading a large capture.
(cherry picked from commit 36192f4a459ec5d5baf06819102ba783c1725ba1)
-rwxr-xr-x | src/usr/local/www/diag_packet_capture.php | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/src/usr/local/www/diag_packet_capture.php b/src/usr/local/www/diag_packet_capture.php index 0679387..4015d42 100755 --- a/src/usr/local/www/diag_packet_capture.php +++ b/src/usr/local/www/diag_packet_capture.php @@ -112,6 +112,7 @@ $fp = "/root/"; $fn = "packetcapture.cap"; $snaplen = 0;//default packet length $count = 100;//default number of packets to capture +$max_display_size = 50*1024*1024; // 50MB limit on GUI capture display. See https://redmine.pfsense.org/issues/9239 $fams = array('ip', 'ip6'); $protos = array('icmp', 'icmp6', 'tcp', 'udp', 'arp', 'carp', 'esp', 'pfsync', @@ -259,14 +260,19 @@ if ($_POST) { $process_id = substr($process, 0, $process_id_pos); exec("kill $process_id"); } - } elseif ($_POST['downloadbtn'] != "") { //download file $fs = filesize($fp.$fn); header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename=$fn"); - header("Content-Length: $fs"); + header("Content-Disposition: attachment; filename={$fn}"); + header("Content-Length: {$fs}"); + /* Ensure output buffering is off so PHP does not consume + * memory in readfile(). https://redmine.pfsense.org/issues/9239 */ + while (ob_get_level()) { + @ob_end_clean(); + } readfile($fp.$fn); + @ob_end_flush(); exit; } } @@ -398,6 +404,7 @@ $section->addInput(new Form_Select( 'medium' => gettext('Medium'), 'high' => gettext('High'), 'full' => gettext('Full'), + 'none' => gettext('None'), ) ))->setHelp('This is the level of detail that will be displayed after hitting "Stop" when the packets have been captured.%s' . 'This option does not affect the level of detail when downloading the packet capture. ', @@ -538,7 +545,15 @@ if ($do_tcpdump) : } print('<textarea class="form-control" rows="20" style="font-size: 13px; font-family: consolas,monaco,roboto mono,liberation mono,courier;">'); - system("/usr/sbin/tcpdump {$disabledns} {$detail_args} {$iscarp} -r {$fp}{$fn}"); + if (filesize($fp.$fn) > $max_display_size) + print(gettext("Packet capture file is too large to display in the GUI.") . + "\n" . + gettext("Download the file, or view it in the console or ssh shell.")); + elseif ($detail == 'none') { + print(gettext("Select a detail level to view the contents of the packet capture.")); + } else { + system("/usr/sbin/tcpdump {$disabledns} {$detail_args} {$iscarp} -r {$fp}{$fn}"); + } print('</textarea>'); ?> |