From 46bc6e545a17e77202aaf01ec0cd8d5a46567525 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 25 Aug 2015 08:08:24 -0300 Subject: Move main pfSense content to src/ --- src/usr/local/www/diag_packet_capture.php | 485 ++++++++++++++++++++++++++++++ 1 file changed, 485 insertions(+) create mode 100644 src/usr/local/www/diag_packet_capture.php (limited to 'src/usr/local/www/diag_packet_capture.php') diff --git a/src/usr/local/www/diag_packet_capture.php b/src/usr/local/www/diag_packet_capture.php new file mode 100644 index 0000000..14be5d1 --- /dev/null +++ b/src/usr/local/www/diag_packet_capture.php @@ -0,0 +1,485 @@ + 0) ? get_host_boolean($value, $host) : ""; + if (is_ipaddr($host)) { + return "{$andor}host {$not}" . $host; + } elseif (is_subnet($host)) { + return "{$andor}net {$not}" . $host; + } else { + return ""; + } +} + +if ($_POST['downloadbtn'] == gettext("Download Capture")) { + $nocsrf = true; +} + +$pgtitle = array(gettext("Diagnostics"), gettext("Packet Capture")); +require_once("guiconfig.inc"); +require_once("pfsense-utils.inc"); + +$fp = "/root/"; +$fn = "packetcapture.cap"; +$snaplen = 0;//default packet length +$count = 100;//default number of packets to capture + +$fams = array('ip', 'ip6'); +$protos = array('icmp', 'icmp6', 'tcp', 'udp', 'arp', 'carp', 'esp', + '!icmp', '!icmp6', '!tcp', '!udp', '!arp', '!carp', '!esp'); + +$input_errors = array(); + +$interfaces = get_configured_interface_with_descr(); +if (isset($config['ipsec']['enable'])) { + $interfaces['ipsec'] = "IPsec"; +} +foreach (array('server', 'client') as $mode) { + if (is_array($config['openvpn']["openvpn-{$mode}"])) { + foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { + if (!isset($setting['disable'])) { + $interfaces['ovpn' . substr($mode, 0, 1) . $setting['vpnid']] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + } + } + } +} + +if ($_POST) { + $host = $_POST['host']; + $selectedif = $_POST['interface']; + $count = $_POST['count']; + $snaplen = $_POST['snaplen']; + $port = $_POST['port']; + $detail = $_POST['detail']; + $fam = $_POST['fam']; + $proto = $_POST['proto']; + + if (!array_key_exists($selectedif, $interfaces)) { + $input_errors[] = gettext("Invalid interface."); + } + if ($fam !== "" && $fam !== "ip" && $fam !== "ip6") { + $input_errors[] = gettext("Invalid address family."); + } + if ($proto !== "" && !in_array(strip_not($proto), $protos)) { + $input_errors[] = gettext("Invalid protocol."); + } + + if ($host != "") { + $host_string = str_replace(array(" ", "|", ","), array("", "#|", "#+"), $host); + if (strpos($host_string, '#') === false) { + $hosts = array($host); + } else { + $hosts = explode('#', $host_string); + } + foreach ($hosts as $h) { + if (!is_subnet(strip_host_logic($h)) && !is_ipaddr(strip_host_logic($h))) { + $input_errors[] = sprintf(gettext("A valid IP address or CIDR block must be specified. [%s]"), $h); + } + } + } + if ($port != "") { + if (!is_port(strip_not($port))) { + $input_errors[] = gettext("Invalid value specified for port."); + } + } + if ($snaplen == "") { + $snaplen = 0; + } else { + if (!is_numeric($snaplen) || $snaplen < 0) { + $input_errors[] = gettext("Invalid value specified for packet length."); + } + } + if ($count == "") { + $count = 0; + } else { + if (!is_numeric($count) || $count < 0) { + $input_errors[] = gettext("Invalid value specified for packet count."); + } + } + + if (!count($input_errors)) { + $do_tcpdump = true; + + conf_mount_rw(); + + if ($_POST['promiscuous']) { + //if promiscuous mode is checked + $disablepromiscuous = ""; + } else { + //if promiscuous mode is unchecked + $disablepromiscuous = "-p"; + } + + if ($_POST['dnsquery']) { + //if dns lookup is checked + $disabledns = ""; + } else { + //if dns lookup is unchecked + $disabledns = "-n"; + } + + if ($_POST['startbtn'] != "") { + $action = gettext("Start"); + + //delete previous packet capture if it exists + if (file_exists($fp.$fn)) { + unlink ($fp.$fn); + } + + } elseif ($_POST['stopbtn'] != "") { + $action = gettext("Stop"); + $processes_running = trim(shell_exec("/bin/ps axw -O pid= | /usr/bin/grep tcpdump | /usr/bin/grep {$fn} | /usr/bin/egrep -v '(pflog|grep)'")); + + //explode processes into an array, (delimiter is new line) + $processes_running_array = explode("\n", $processes_running); + + //kill each of the packetcapture processes + foreach ($processes_running_array as $process) { + $process_id_pos = strpos($process, ' '); + $process_id = substr($process, 0, $process_id_pos); + exec("kill $process_id"); + } + + } elseif ($_POST['downloadbtn'] != "") { + //download file + $fs = filesize($fp.$fn); + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename=$fn"); + header("Content-Length: $fs"); + readfile($fp.$fn); + exit; + } + } +} else { + $do_tcpdump = false; +} + +include("head.inc"); ?> + + + + + + + + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+
+ /> +
+
: +
+ +
+
+ +
+
+ +
+
+
+
+ +
+
+
+ +
+
+ +
" . gettext("Enter 0 (zero) for no count limit.");?> +
+ +
+ " . + gettext("Note:") . " " . + gettext("This option does not affect the level of detail when downloading the packet capture.");?> +
+ /> +
+
: +
  + "; + } else { + echo " "; + } + if (file_exists($fp.$fn) and $processisrunning != true) { + echo " "; + echo ""; + echo "
" . gettext("The packet capture file was last updated:") . " " . date("F jS, Y g:i:s a.", filemtime($fp.$fn)); + } +?> +
+
+ + + + +
+"; + if ($processisrunning == true) { + echo("" . gettext("Packet Capture is running.") . "
"); + } + + if ($do_tcpdump) { + $matches = array(); + + if (in_array($fam, $fams)) { + $matches[] = $fam; + } + + if (in_array($proto, $protos)) { + $matches[] = fixup_not($proto); + } + + if ($port != "") { + $matches[] = "port ".fixup_not($port); + } + + if ($host != "") { + $hostmatch = ""; + $hostcount = 0; + foreach ($hosts as $h) { + $h = fixup_host($h, $hostcount++); + if (!empty($h)) { + $hostmatch .= " " . $h; + } + } + if (!empty($hostmatch)) { + $matches[] = "({$hostmatch})"; + } + } + + if ($count != "0") { + $searchcount = "-c " . $count; + } else { + $searchcount = ""; + } + + $selectedif = convert_friendly_interface_to_real_interface_name($selectedif); + + if ($action == gettext("Start")) { + $matchstr = implode($matches, " and "); + echo("" . gettext("Packet Capture is running.") . "
"); + $cmd = "/usr/sbin/tcpdump -i {$selectedif} {$disablepromiscuous} {$searchcount} -s {$snaplen} -w {$fp}{$fn} " . escapeshellarg($matchstr); + // Debug + //echo $cmd; + mwexec_bg ($cmd); + } else { + //action = stop + echo("" . gettext("Packet Capture stopped.") . "

" . gettext("Packets Captured:") . "
"); +?> + + + +   +
+
+ + + + -- cgit v1.1