webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make connection tracking list sortable.

Browse Source
This commit is contained in:
Kay-Michael Köhler
2013-04-26 12:21:08 +02:00
committed by Michael Tremer
parent 9856eec1cc
commit 9b37e91ef6
3 changed files with 279 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/rootfiles/common/stage2
View File

@@ -71,6 +71,7 @@ usr/lib/libstdc++.so.6
#usr/local/bin/archive.files
usr/local/bin/backupiso
usr/local/bin/connscheduler
usr/local/bin/consort.sh
usr/local/bin/dialctrl.pl
usr/local/bin/hddshutdown
usr/local/bin/httpscert

127
html/cgi-bin/connections.cgi
View File

@@ -34,6 +34,31 @@ require "${General::swroot}/header.pl";
my $colour_multicast = "#A0A0A0";
# sort arguments for connection tracking table
# the sort field. eg. 1=src IP, 2=dst IP, 3=src port, 4=dst port
my $SORT_FIELD = 0;
# the sort order. (a)scending orr (d)escending
my $SORT_ORDER = 0;
# cgi query arguments
my %cgiin;
# debug mode
my $debug = 0;
# retrieve query arguments
# note: let a-z A-Z and 0-9 pass as value only
if (length ($ENV{'QUERY_STRING'}) > 0){
my $name;
my $value;
my $buffer = $ENV{'QUERY_STRING'};
my @pairs = split(/&/, $buffer);
foreach my $pair (@pairs){
($name, $value) = split(/=/, $pair);
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; # e.g. "%20" => " "
$value =~ s/[^a-zA-Z0-9]*//g; # a-Z 0-9 will pass
$cgiin{$name} = $value;
}
}
&Header::showhttpheaders();
my @network=();
@@ -43,12 +68,40 @@ my @colour=();
my %netsettings=();
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
# output cgi query arrguments to browser on debug
if ( $debug ){
&Header::openbox('100%', 'center', 'DEBUG');
my $debugCount = 0;
foreach my $line (sort keys %cgiin) {
print "$line = '$cgiin{$line}'<br />\n";
$debugCount++;
}
print "&nbsp;Count: $debugCount\n";
&Header::closebox();
}
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::table1colour} );
undef (@dummy);
# Read the connection tracking table.
open(CONNTRACK, "/usr/local/bin/getconntracktable | sort -k 5,5 --numeric-sort --reverse |") or die "Unable to read conntrack table";
# check sorting arguments
if ( $cgiin{'sort_field'} ~~ [ '1','2','3','4','5','6','7','8','9' ] ) {
$SORT_FIELD = $cgiin{'sort_field'};
if ( $cgiin{'sort_order'} ~~ [ 'a','d','A','D' ] ) {
$SORT_ORDER = lc($cgiin{'sort_order'});
}
}
# Read and sort the connection tracking table
# do sorting
if ($SORT_FIELD and $SORT_ORDER) {
# field sorting when sorting arguments are sane
open(CONNTRACK, "/usr/local/bin/getconntracktable | /usr/local/bin/consort.sh $SORT_FIELD $SORT_ORDER |") or die "Unable to read conntrack table";
} else {
# default sorting with no query arguments
open(CONNTRACK, "/usr/local/bin/getconntracktable | sort -k 5,5 --numeric-sort --reverse |") or die "Unable to read conntrack table";
}
my @conntrack = <CONNTRACK>;
close(CONNTRACK);
@@ -263,21 +316,81 @@ print <<END;
<br>
END
if ($SORT_FIELD and $SORT_ORDER) {
my @sort_field_name = (
$Lang::tr{'source ip'},
$Lang::tr{'destination ip'},
$Lang::tr{'source port'},
$Lang::tr{'destination port'},
$Lang::tr{'protocol'},
$Lang::tr{'connection'}.' '.$Lang::tr{'status'},
$Lang::tr{'expires'}.' ('.$Lang::tr{'seconds'}.')',
$Lang::tr{'download'},
$Lang::tr{'upload'}
);
my $sort_order_name;
if (lc($SORT_ORDER) eq "a") {
$sort_order_name = $Lang::tr{'sort ascending'};
} else {
$sort_order_name = $Lang::tr{'sort descending'};
}
print <<END
<div style="font-weight:bold;margin:10px;font-size: 70%">
$sort_order_name: $sort_field_name[$SORT_FIELD-1]
</div>
END
;
}
# Print table header.
print <<END;
<table width='100%'>
<tr>
<tr valign="top"">
<th align='center'>
<a href="?sort_field=5&sort_order=d"><img style="width:10px" src="/images/up.gif"></a>
<a href="?sort_field=5&sort_order=a"><img style="width:10px" src="/images/down.gif"></a>
</th>
<th align='center' colspan="2">
<a href="?sort_field=1&sort_order=d"><img style="width:10px" src="/images/up.gif"></a>
<a href="?sort_field=1&sort_order=a"><img style="width:10px" src="/images/down.gif"></a>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a href="?sort_field=3&sort_order=d"><img style="width:10px" src="/images/up.gif"></a>
<a href="?sort_field=3&sort_order=a"><img style="width:10px" src="/images/down.gif"></a>
</th>
<th align='center' colspan="2">
<a href="?sort_field=2&sort_order=d"><img style="width:10px" src="/images/up.gif"></a>
<a href="?sort_field=2&sort_order=a"><img style="width:10px" src="/images/down.gif"></a>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a href="?sort_field=4&sort_order=d"><img style="width:10px" src="/images/up.gif"></a>
<a href="?sort_field=4&sort_order=a"><img style="width:10px" src="/images/down.gif"></a>
</th>
<th align='center'>
<a href="?sort_field=8&sort_order=d"><img style="width:10px" src="/images/up.gif"></a>
<a href="?sort_field=8&sort_order=a"><img style="width:10px" src="/images/down.gif"></a>
&nbsp;&nbsp;&nbsp;&nbsp;
<a href="?sort_field=9&sort_order=d"><img style="width:10px" src="/images/up.gif"></a>
<a href="?sort_field=9&sort_order=a"><img style="width:10px" src="/images/down.gif"></a>
</th>
<th align='center'>
<a href="?sort_field=6&sort_order=d"><img style="width:10px" src="/images/up.gif"></a>
<a href="?sort_field=6&sort_order=a"><img style="width:10px" src="/images/down.gif"></a>
</th>
<th align='center'>
<a href="?sort_field=7&sort_order=d"><img style="width:10px" src="/images/up.gif"></a>
<a href="?sort_field=7&sort_order=a"><img style="width:10px" src="/images/down.gif"></a>
</th>
</tr>
<tr valign="top"">
<th align='center'>
$Lang::tr{'protocol'}
</th>
<th align='center'>
<th align='center' colspan="2">
$Lang::tr{'source ip and port'}
</th>
<th>&nbsp;</th>
<th align='center'>
<th align='center' colspan="2">
$Lang::tr{'dest ip and port'}
</th>
<th>&nbsp;</th>
<th align='center'>
$Lang::tr{'download'} /
<br>$Lang::tr{'upload'}

158
src/scripts/consort.sh Normal file
View File

@@ -0,0 +1,158 @@
#/bin/bash
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
# sort conntrack table entries based on ip addresses
# @parm sort field
do_ip_sort() {
sed \
-r \
's/.*src=([0-9\.]+).*dst=([0-9\.]+).*src=.*/\'$1'#\0/' $FILE_NAME \
| sort \
-t. \
-k 1,1n$SORT_ORDER -k 2,2n$SORT_ORDER -k 3,3n$SORT_ORDER -k 4,4n$SORT_ORDER \
| sed \
-r \
's/.*#(.*)/\1/'
}
# sort conntrack table entries based on port addresses
# @parm sort field
do_port_sort() {
sed \
-r \
's/.*sport=([0-9]+).*dport=([0-9]+).*src=.*/\'$1'#\0/' $FILE_NAME \
| sort \
-t# \
-k 1,1n$SORT_ORDER \
| sed \
-r \
's/.*#(.*)/\1/'
}
# sort conntrack table entries based on protocol
do_protocol_sort() {
sed \
-r \
's/^[0-9a-zA-Z]+[ ]+[0-9]+[ ]+([a-zA-Z0-9]+)/\1#\0/' $FILE_NAME \
| sort \
-t# \
-k 1,1$SORT_ORDER \
| sed \
-r \
's/.*#(.*)/\1/'
}
# sort conntrack table entries based on connection status
do_status_sort() {
sed \
-r \
's/^[0-9a-zA-Z]+[ ]+[0-9]+[ ]+[a-zA-Z0-9]+[ ]+[0-9]+[ ]+[0-9]+[ ]+([a-zA-Z_0-9]+)[ ]+|^[0-9a-zA-Z]+[ ]+[0-9]+[ ]+[a-zA-Z0-9]+[ ]+[0-9]+[ ]+[0-9]+([ ]+)/\1#\0/' $FILE_NAME \
| sort \
-t# \
-k 1,1$SORT_ORDER \
| sed \
-r \
's/.*#(.*)/\1/'
}
# sort conntrack table entries based on connection time to life
do_ttl_sort() {
sed \
-r \
's/^[0-9a-zA-Z]+[ ]+[0-9]+[ ]+[a-zA-Z0-9]+[ ]+[0-9]+[ ]+([0-9]+)[ ]+/\1#\0/' $FILE_NAME \
| sort \
-t# \
-k 1,1n$SORT_ORDER \
| sed \
-r \
's/.*#(.*)/\1/'
}
# sort conntrack table entries based on downloaded bytes
do_downloaded_bytes_sort() {
sed \
-r \
's/.*src=.*bytes=([0-9]+).*src=/\1#\0/' $FILE_NAME \
| sort \
-t# \
-k 1,1n$SORT_ORDER \
| sed \
-r \
's/.*#(.*)/\1/'
}
# sort conntrack table entries based on uploaded bytes
do_uploaded_bytes_sort() {
sed \
-r \
's/.*src=.*bytes=([0-9]+).*/\1#\0/' $FILE_NAME \
| sort \
-t# \
-k 1,1n$SORT_ORDER \
| sed \
-r \
's/.*#(.*)/\1/'
}
SORT_ORDER=
FILE_NAME=
if [ $# -lt 2 ]; then
echo "Usage: consort <sort criteria 1=srcIp,2=dstIp,3=srcPort,4=dstPort,5=protocol,6=connection status> <a=ascending,d=descending> [input file]"
echo " consort.sh 1 a a.txt"
echo " cat a.txt | consort 1 d"
exit;
fi
if [[ 'a d A D' =~ $2 ]]; then
if [[ 'd D' =~ $2 ]]; then
SORT_ORDER=r
fi
else
echo "Unknown sort order \"$2\""
exit;
fi
if [ $# == 3 ]; then
if [ ! -f $3 ]; then
echo "File not found."
exit;
fi
FILE_NAME=$3
fi
if [[ '1 2' =~ $1 ]]; then
do_ip_sort $1
elif [[ '3 4' =~ $1 ]]; then
do_port_sort $(($1-2))
elif [[ '5' =~ $1 ]]; then
do_protocol_sort
elif [[ '6' =~ $1 ]]; then
do_status_sort
elif [[ '7' =~ $1 ]]; then
do_ttl_sort
elif [[ '8' =~ $1 ]]; then
do_downloaded_bytes_sort
elif [[ '9' =~ $1 ]]; then
do_uploaded_bytes_sort
else
echo "Unknown sort criteria \"$1\""
fi