diff options
Diffstat (limited to 'src/usr/local/www/diag_states_summary.php')
-rw-r--r-- | src/usr/local/www/diag_states_summary.php | 206 |
1 files changed, 206 insertions, 0 deletions
diff --git a/src/usr/local/www/diag_states_summary.php b/src/usr/local/www/diag_states_summary.php new file mode 100644 index 0000000..7aa91d6 --- /dev/null +++ b/src/usr/local/www/diag_states_summary.php @@ -0,0 +1,206 @@ +<?php +/* + diag_states_summary.php + Copyright (C) 2013-2015 Electric Sheep Fencing, LP + Copyright (C) 2010-2014 Jim Pingle + + Portions borrowed from diag_dump_states.php: + Copyright (C) 2005-2009 Scott Ullrich + Copyright (C) 2005 Colin Smith + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + pfSense_BUILDER_BINARIES: /sbin/pfctl + pfSense_MODULE: filter +*/ + +##|+PRIV +##|*IDENT=page-diagnostics-statessummary +##|*NAME=Diagnostics: States Summary page +##|*DESCR=Allow access to the 'Diagnostics: States Summary' page. +##|*MATCH=diag_states_summary.php* +##|-PRIV + +exec("/sbin/pfctl -s state", $states); + +$srcipinfo = array(); +$dstipinfo = array(); +$allipinfo = array(); +$pairipinfo = array(); + +function addipinfo(&$iparr, $ip, $proto, $srcport, $dstport) { + $iparr[$ip]['seen']++; + $iparr[$ip]['protos'][$proto]['seen']++; + if (!empty($srcport)) { + $iparr[$ip]['protos'][$proto]['srcports'][$srcport]++; + } + if (!empty($dstport)) { + $iparr[$ip]['protos'][$proto]['dstports'][$dstport]++; + } +} + +$row = 0; +if (count($states) > 0) { + foreach ($states as $line) { + $line_split = preg_split("/\s+/", $line); + $iface = array_shift($line_split); + $proto = array_shift($line_split); + $state = array_pop($line_split); + $info = implode(" ", $line_split); + + /* Handle NAT cases + Replaces an external IP + NAT by the internal IP */ + if (strpos($info, ') ->') !== FALSE) { + /* Outbound NAT */ + $info = preg_replace('/(\S+) \((\S+)\)/U', "$2", $info); + } elseif (strpos($info, ') <-') !== FALSE) { + /* Inbound NAT/Port Forward */ + $info = preg_replace('/(\S+) \((\S+)\)/U', "$1", $info); + } + + /* break up info and extract $srcip and $dstip */ + $ends = preg_split("/\<?-\>?/", $info); + + if (strpos($info, '->') === FALSE) { + $srcinfo = $ends[count($ends) - 1]; + $dstinfo = $ends[0]; + } else { + $srcinfo = $ends[0]; + $dstinfo = $ends[count($ends) - 1]; + } + + /* Handle IPv6 */ + $parts = explode(":", $srcinfo); + $partcount = count($parts); + if ($partcount <= 2) { + $srcip = trim($parts[0]); + $srcport = trim($parts[1]); + } else { + preg_match("/([0-9a-f:]+)(\[([0-9]+)\])?/i", $srcinfo, $matches); + $srcip = $matches[1]; + $srcport = trim($matches[3]); + } + + $parts = explode(":", $dstinfo); + $partcount = count($parts); + if ($partcount <= 2) { + $dstip = trim($parts[0]); + $dstport = trim($parts[1]); + } else { + preg_match("/([0-9a-f:]+)(\[([0-9]+)\])?/i", $dstinfo, $matches); + $dstip = $matches[1]; + $dstport = trim($matches[3]); + } + + addipinfo($srcipinfo, $srcip, $proto, $srcport, $dstport); + addipinfo($dstipinfo, $dstip, $proto, $srcport, $dstport); + addipinfo($pairipinfo, "{$srcip} -> {$dstip}", $proto, $srcport, $dstport); + + addipinfo($allipinfo, $srcip, $proto, $srcport, $dstport); + addipinfo($allipinfo, $dstip, $proto, $srcport, $dstport); + + } +} + +function sort_by_ip($a, $b) { + return ip2ulong($a) < ip2ulong($b) ? -1 : 1; +} + +function build_port_info($portarr, $proto) { + if (!$portarr) { + return ''; + } + $ports = array(); + asort($portarr); + foreach (array_reverse($portarr, TRUE) as $port => $count) { + $str = ""; + $service = getservbyport($port, strtolower($proto)); + $port = "{$proto}/{$port}"; + if ($service) { + $port = "{$port} ({$service})"; + } + $ports[] = "{$port}: {$count}"; + } + return implode($ports, ', '); +} + +function print_summary_table($label, $iparr, $sort = TRUE) { ?> + +<h3><?php echo $label; ?></h3> +<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" summary="states summary"> + <tr> + <td class="listhdrr"><?=gettext("IP");?></td> + <td class="listhdrr"># <?=gettext("States");?></td> + <td class="listhdrr"><?=gettext("Proto");?></td> + <td class="listhdrr"># <?=gettext("States");?></td> + <td class="listhdrr"><?=gettext("Src Ports");?></td> + <td class="listhdrr"><?=gettext("Dst Ports");?></td> + </tr> +<?php + if ($sort) { + uksort($iparr, "sort_by_ip"); + } + foreach ($iparr as $ip => $ipinfo) { ?> + <tr> + <td class="vncell"><?php echo $ip; ?></td> + <td class="vncell"><?php echo $ipinfo['seen']; ?></td> + <td class="vncell"> </td> + <td class="vncell"> </td> + <td class="vncell"> </td> + <td class="vncell"> </td> + </tr> + <?php foreach ($ipinfo['protos'] as $proto => $protoinfo) { ?> + <tr> + <td class="list"> </td> + <td class="list"> </td> + <td class="listlr"><?php echo $proto; ?></td> + <td class="listr" align="center"><?php echo $protoinfo['seen']; ?></td> + <td class="listr" align="center"><span title="<?php echo build_port_info($protoinfo['srcports'], $proto); ?>"><?php echo count($protoinfo['srcports']); ?></span></td> + <td class="listr" align="center"><span title="<?php echo build_port_info($protoinfo['dstports'], $proto); ?>"><?php echo count($protoinfo['dstports']); ?></span></td> + </tr> + <?php } ?> +<?php } ?> + +</table> + +<?php +} + +$pgtitle = array(gettext("Diagnostics"), gettext("State Table Summary")); +require_once("guiconfig.inc"); +include("head.inc"); +echo "<body>"; +include("fbegin.inc"); + + +print_summary_table(gettext("By Source IP"), $srcipinfo); +print_summary_table(gettext("By Destination IP"), $dstipinfo); +print_summary_table(gettext("Total per IP"), $allipinfo); +print_summary_table(gettext("By IP Pair"), $pairipinfo, FALSE); +?> + +<?php include("fend.inc"); ?> +</body> +</html> |