diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-26 15:12:02 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-26 15:12:02 -0300 |
commit | 03b19a93f4d8d870507ee96121cee4acd748dd2a (patch) | |
tree | 71a34e9e7e73d13de21cb4ad831799fb10c30df4 /src/usr/local/www/diag_dump_states.php | |
parent | 7f410a121522c5d0e2660256ae50c1fde1df3645 (diff) | |
parent | 30ce58ac1ea27b758d5112cb5a3b190c9760f010 (diff) | |
download | pfsense-03b19a93f4d8d870507ee96121cee4acd748dd2a.zip pfsense-03b19a93f4d8d870507ee96121cee4acd748dd2a.tar.gz |
Merge branch 'master' into bootstrap
Diffstat (limited to 'src/usr/local/www/diag_dump_states.php')
-rwxr-xr-x | src/usr/local/www/diag_dump_states.php | 230 |
1 files changed, 230 insertions, 0 deletions
diff --git a/src/usr/local/www/diag_dump_states.php b/src/usr/local/www/diag_dump_states.php new file mode 100755 index 0000000..9bd63f1 --- /dev/null +++ b/src/usr/local/www/diag_dump_states.php @@ -0,0 +1,230 @@ +<?php +/* + diag_dump_states.php +*/ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2005 Colin Smith + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ +/* + pfSense_BUILDER_BINARIES: /sbin/pfctl + pfSense_MODULE: filter +*/ + +##|+PRIV +##|*IDENT=page-diagnostics-showstates +##|*NAME=Diagnostics: Show States page +##|*DESCR=Allow access to the 'Diagnostics: Show States' page. +##|*MATCH=diag_dump_states.php* +##|-PRIV + +require_once("guiconfig.inc"); +require_once("interfaces.inc"); + +/* handle AJAX operations */ +if (isset($_POST['action']) && $_POST['action'] == "remove") { + if (isset($_POST['srcip']) && isset($_POST['dstip']) && is_ipaddr($_POST['srcip']) && is_ipaddr($_POST['dstip'])) { + $retval = pfSense_kill_states($_POST['srcip'], $_POST['dstip']); + echo htmlentities("|{$_POST['srcip']}|{$_POST['dstip']}|0|"); + } else { + echo gettext("invalid input"); + } + return; +} + +if (isset($_POST['filter']) && isset($_POST['killfilter'])) { + if (is_ipaddr($_POST['filter'])) { + $tokill = $_POST['filter'] . "/32"; + } elseif (is_subnet($_POST['filter'])) { + $tokill = $_POST['filter']; + } else { + // Invalid filter + $tokill = ""; + } + if (!empty($tokill)) { + $retval = pfSense_kill_states($tokill); + $retval = pfSense_kill_states("0.0.0.0/0", $tokill); + } +} + +$pgtitle = array(gettext("Diagnostics"), gettext("Show States")); +include("head.inc"); +?> + +<script> +events.push(function(){ + $('a[data-entry]').on('click', function(){ + var el = $(this); + var data = $(this).data('entry').split('|'); + + $.ajax( + '/diag_dump_states.php', + { + type: 'post', + data: { + action: 'remove', + srcip: data[0], + dstip: data[1] + }, + success: function(){ + el.parents('tr').remove(); + }, + }); + }); +}); +</script> + +<?php +$tab_array = array(); +$tab_array[] = array(gettext("States"), true, "diag_dump_states.php"); +if (isset($config['system']['lb_use_sticky'])) + $tab_array[] = array(gettext("Source Tracking"), false, "diag_dump_states_sources.php"); +$tab_array[] = array(gettext("Reset States"), false, "diag_resetstate.php"); +display_top_tabs($tab_array); + +// Start of tab content +$current_statecount=`pfctl -si | grep "current entries" | awk '{ print $3 }'`; + +require('classes/Form.class.php'); + +$form = new Form(false); + +$section = new Form_Section('State filter'); + +$section->addInput(new Form_Input( + 'filter', + 'Filter expression', + 'text', + $_POST['filter'], + ['placeholder' => 'Simple filter such as 192.168, v6, icmp or ESTABLISHED'] +)); + +$filterbtn = new Form_Button('filterbtn', 'Filter', null); +$filterbtn->removeClass('btn-primary')->addClass('btn-default btn-sm'); +$section->addInput(new Form_StaticText( + '', + $filterbtn +)); + +if (isset($_POST['filter']) && (is_ipaddr($_POST['filter']) || is_subnet($_POST['filter']))) { + $killbtn = new Form_Button('killfilter', 'Kill States'); + $killbtn->removeClass('btn-primary')->addClass('btn-danger btn-sm'); + $section->addInput(new Form_StaticText( + 'Kill filtered states', + $killbtn + ))->setHelp('Remove all states to and from the filtered address'); +} + +$form->add($section); +print $form; +?> +<table class="table table-striped"> + <thead> + <tr> + <th><?=gettext("Int")?></th> + <th><?=gettext("Proto")?></th> + <th><?=gettext("Source -> Router -> Destination")?></th> + <th><?=gettext("State")?></th> + <th></th> <!-- For the optional "Remove" button --> + </tr> + </thead> + <tbody> +<?php + $row = 0; + /* get our states */ + $grepline = (isset($_POST['filter'])) ? "| /usr/bin/egrep " . escapeshellarg(htmlspecialchars($_POST['filter'])) : ""; + $fd = popen("/sbin/pfctl -s state {$grepline}", "r" ); + while ($line = chop(fgets($fd))) { + if($row >= 10000) + break; + + $line_split = preg_split("/\s+/", $line); + + $iface = array_shift($line_split); + $proto = array_shift($line_split); + $state = array_pop($line_split); + $info = implode(" ", $line_split); + + // We may want to make this optional, with a large state table, this could get to be expensive. + $iface = convert_real_interface_to_friendly_descr($iface); + + /* break up info and extract $srcip and $dstip */ + $ends = preg_split("/\<?-\>?/", $info); + $parts = explode(":", $ends[0]); + $srcip = trim($parts[0]); + $parts = explode(":", $ends[count($ends) - 1]); + $dstip = trim($parts[0]); +?> + <tr> + <td><?= $iface ?></td> + <td><?= $proto ?></td> + <td><?= $info ?></td> + <td><?= $state ?></td> + + <td> + <a class="btn btn-xs btn-danger" data-entry="<?=$srcip?>|<?=$dstip?>" + title="<?=sprintf(gettext('Remove all state entries from %s to %s'), $srcip, $dstip);?>">Remove</a> + </td> + </tr> +<?php $row++; } ?> + </tbody> +</table> +<?php + +if ($row == 0) { + if (isset($_POST['filter']) && !empty($_POST['filter'])) + $errmsg = gettext('No states were found that match the current filter'); + else + $errmsg = gettext('No states were found'); + + print('<p class="alert alert-warning">' . $errmsg . '</p>'); +} + +include("foot.inc");
\ No newline at end of file |