1
|
<?php
|
2
|
/*
|
3
|
diag_dump_states.php
|
4
|
Copyright (C) 2005-2009 Scott Ullrich
|
5
|
Copyright (C) 2005 Colin Smith
|
6
|
All rights reserved.
|
7
|
|
8
|
Redistribution and use in source and binary forms, with or without
|
9
|
modification, are permitted provided that the following conditions are met:
|
10
|
|
11
|
1. Redistributions of source code must retain the above copyright notice,
|
12
|
this list of conditions and the following disclaimer.
|
13
|
|
14
|
2. Redistributions in binary form must reproduce the above copyright
|
15
|
notice, this list of conditions and the following disclaimer in the
|
16
|
documentation and/or other materials provided with the distribution.
|
17
|
|
18
|
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
19
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
20
|
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
21
|
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
22
|
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
23
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
24
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
25
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
26
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
27
|
POSSIBILITY OF SUCH DAMAGE.
|
28
|
*/
|
29
|
|
30
|
/*
|
31
|
pfSense_BUILDER_BINARIES: /sbin/pfctl
|
32
|
pfSense_MODULE: filter
|
33
|
*/
|
34
|
|
35
|
##|+PRIV
|
36
|
##|*IDENT=page-diagnostics-showstates
|
37
|
##|*NAME=Diagnostics: Show States page
|
38
|
##|*DESCR=Allow access to the 'Diagnostics: Show States' page.
|
39
|
##|*MATCH=diag_dump_states.php*
|
40
|
##|-PRIV
|
41
|
|
42
|
require_once("guiconfig.inc");
|
43
|
require_once("interfaces.inc");
|
44
|
|
45
|
/* handle AJAX operations */
|
46
|
if($_GET['action']) {
|
47
|
if($_GET['action'] == "remove") {
|
48
|
if (is_ipaddr($_GET['srcip']) and is_ipaddr($_GET['dstip'])) {
|
49
|
$retval = mwexec("/sbin/pfctl -k " . escapeshellarg($_GET['srcip']) . " -k " . escapeshellarg($_GET['dstip']));
|
50
|
echo htmlentities("|{$_GET['srcip']}|{$_GET['dstip']}|{$retval}|");
|
51
|
} else {
|
52
|
echo gettext("invalid input");
|
53
|
}
|
54
|
return;
|
55
|
}
|
56
|
}
|
57
|
|
58
|
if ($_GET['filter'] && ($_GET['killfilter'] == "Kill")) {
|
59
|
if (is_ipaddr($_GET['filter'])) {
|
60
|
$tokill = escapeshellarg($_GET['filter'] . "/32");
|
61
|
} elseif (is_subnet($_GET['filter'])) {
|
62
|
$tokill = escapeshellarg($_GET['filter']);
|
63
|
} else {
|
64
|
// Invalid filter
|
65
|
$tokill = "";
|
66
|
}
|
67
|
if (!empty($tokill)) {
|
68
|
$retval = mwexec("/sbin/pfctl -k {$tokill} -k 0/0");
|
69
|
$retval = mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$tokill}");
|
70
|
}
|
71
|
}
|
72
|
|
73
|
$pgtitle = array(gettext("Diagnostics"),gettext("Show States"));
|
74
|
include("head.inc");
|
75
|
|
76
|
?>
|
77
|
|
78
|
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>">
|
79
|
<?php include("fbegin.inc"); ?>
|
80
|
<form action="diag_dump_states.php" method="get" name="iform">
|
81
|
|
82
|
<script type="text/javascript">
|
83
|
//<![CDATA[
|
84
|
function removeState(srcip, dstip) {
|
85
|
var busy = function(index,icon) {
|
86
|
jQuery(icon).bind("onclick","");
|
87
|
jQuery(icon).attr('src',jQuery(icon).attr('src').replace("\.gif", "_d.gif"));
|
88
|
jQuery(icon).css("cursor","wait");
|
89
|
}
|
90
|
|
91
|
jQuery('img[name="i:' + srcip + ":" + dstip + '"]').each(busy);
|
92
|
|
93
|
jQuery.ajax(
|
94
|
"<?=$_SERVER['SCRIPT_NAME'];?>" +
|
95
|
"?action=remove&srcip=" + srcip + "&dstip=" + dstip,
|
96
|
{ type: "get", complete: removeComplete }
|
97
|
);
|
98
|
}
|
99
|
|
100
|
function removeComplete(req) {
|
101
|
var values = req.responseText.split("|");
|
102
|
if(values[3] != "0") {
|
103
|
alert('<?=gettext("An error occurred.");?>');
|
104
|
return;
|
105
|
}
|
106
|
|
107
|
jQuery('tr[id="r:' + values[1] + ":" + values[2] + '"]').each(
|
108
|
function(index,row) { jQuery(row).fadeOut(1000); }
|
109
|
);
|
110
|
}
|
111
|
//]]>
|
112
|
</script>
|
113
|
|
114
|
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="tabcon">
|
115
|
<tr>
|
116
|
<td>
|
117
|
<?php
|
118
|
$tab_array = array();
|
119
|
$tab_array[] = array(gettext("States"), true, "diag_dump_states.php");
|
120
|
if (isset($config['system']['lb_use_sticky']))
|
121
|
$tab_array[] = array(gettext("Source Tracking"), false, "diag_dump_states_sources.php");
|
122
|
$tab_array[] = array(gettext("Reset States"), false, "diag_resetstate.php");
|
123
|
display_top_tabs($tab_array);
|
124
|
?>
|
125
|
</td>
|
126
|
</tr>
|
127
|
<tr>
|
128
|
<td>
|
129
|
<div id="mainarea">
|
130
|
|
131
|
<!-- Start of tab content -->
|
132
|
|
133
|
<?php
|
134
|
$current_statecount=`pfctl -si | grep "current entries" | awk '{ print $3 }'`;
|
135
|
?>
|
136
|
|
137
|
<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" summary="states">
|
138
|
<tr>
|
139
|
<td>
|
140
|
<form action="<?=$_SERVER['SCRIPT_NAME'];?>" method="get">
|
141
|
<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" summary="filter">
|
142
|
<tr>
|
143
|
<td>
|
144
|
<?=gettext("Current total state count");?>: <?= $current_statecount ?>
|
145
|
</td>
|
146
|
<td style="font-weight:bold;" align="right">
|
147
|
<?=gettext("Filter expression:");?>
|
148
|
<input type="text" name="filter" class="formfld search" value="<?=htmlspecialchars($_GET['filter']);?>" size="30" />
|
149
|
<input type="submit" class="formbtn" value="<?=gettext("Filter");?>" />
|
150
|
<?php if (is_ipaddr($_GET['filter']) || is_subnet($_GET['filter'])): ?>
|
151
|
<input type="submit" class="formbtn" name="killfilter" value="<?=gettext("Kill");?>" />
|
152
|
<?php endif; ?>
|
153
|
</td>
|
154
|
</tr>
|
155
|
</table>
|
156
|
</form>
|
157
|
</td>
|
158
|
</tr>
|
159
|
<tr>
|
160
|
<td>
|
161
|
<table class="tabcont sortable" width="100%" border="0" cellspacing="0" cellpadding="0" summary="results">
|
162
|
<thead>
|
163
|
<tr>
|
164
|
<th class="listhdrr" width="5%"><?=gettext("Int");?></th>
|
165
|
<th class="listhdrr" width="5%"><?=gettext("Proto");?></th>
|
166
|
<th class="listhdrr" width="65"><?=gettext("Source -> Router -> Destination");?></th>
|
167
|
<th class="listhdr" width="24%"><?=gettext("State");?></th>
|
168
|
<th class="list sort_ignore" width="1%"></th>
|
169
|
</tr>
|
170
|
</thead>
|
171
|
<tbody>
|
172
|
<?php
|
173
|
$row = 0;
|
174
|
/* get our states */
|
175
|
$grepline = ($_GET['filter']) ? "| /usr/bin/egrep " . escapeshellarg(htmlspecialchars($_GET['filter'])) : "";
|
176
|
$fd = popen("/sbin/pfctl -s state {$grepline}", "r" );
|
177
|
while ($line = chop(fgets($fd))) {
|
178
|
if($row >= 10000)
|
179
|
break;
|
180
|
|
181
|
$line_split = preg_split("/\s+/", $line);
|
182
|
|
183
|
$iface = array_shift($line_split);
|
184
|
$proto = array_shift($line_split);
|
185
|
$state = array_pop($line_split);
|
186
|
$info = implode(" ", $line_split);
|
187
|
|
188
|
// We may want to make this optional, with a large state table, this could get to be expensive.
|
189
|
$iface = convert_real_interface_to_friendly_descr($iface);
|
190
|
|
191
|
/* break up info and extract $srcip and $dstip */
|
192
|
$ends = preg_split("/\<?-\>?/", $info);
|
193
|
$parts = explode(":", $ends[0]);
|
194
|
$srcip = trim($parts[0]);
|
195
|
$parts = explode(":", $ends[count($ends) - 1]);
|
196
|
$dstip = trim($parts[0]);
|
197
|
|
198
|
?>
|
199
|
<tr valign="top" id="r:<?= $srcip ?>:<?= $dstip ?>">
|
200
|
<td class="listlr"><?= $iface ?></td>
|
201
|
<td class="listr"><?= $proto ?></td>
|
202
|
<td class="listr"><?= $info ?></td>
|
203
|
<td class="listr"><?= $state ?></td>
|
204
|
<td class="list">
|
205
|
<img src="/themes/<?= $g['theme'] ?>/images/icons/icon_x.gif" height="17" width="17" border="0"
|
206
|
onclick="removeState('<?= $srcip ?>', '<?= $dstip ?>');" style="cursor:pointer;"
|
207
|
name="i:<?= $srcip ?>:<?= $dstip ?>"
|
208
|
title="<?= gettext('Remove all state entries from') ?> <?= $srcip ?> <?= gettext('to') ?> <?= $dstip ?>" alt="" />
|
209
|
</td>
|
210
|
</tr>
|
211
|
<?php
|
212
|
$row++;
|
213
|
ob_flush();
|
214
|
}
|
215
|
|
216
|
if ($row == 0): ?>
|
217
|
<tr>
|
218
|
<td class="list" colspan="4" align="center" valign="top">
|
219
|
<?= gettext("No states were found.") ?>
|
220
|
</td>
|
221
|
</tr>
|
222
|
<?php endif;
|
223
|
pclose($fd);
|
224
|
?>
|
225
|
</tbody>
|
226
|
</table>
|
227
|
</td>
|
228
|
</tr>
|
229
|
<tr>
|
230
|
<td class="list" colspan="4" align="center" valign="top">
|
231
|
<?php if (!empty($_GET['filter'])): ?>
|
232
|
<?=gettext("States matching current filter")?>: <?= $row ?>
|
233
|
<?php endif; ?>
|
234
|
</td>
|
235
|
</tr>
|
236
|
</table>
|
237
|
|
238
|
<!-- End of tab content -->
|
239
|
|
240
|
</div>
|
241
|
</td>
|
242
|
</tr>
|
243
|
</table>
|
244
|
</form>
|
245
|
|
246
|
<?php require("fend.inc"); ?>
|
247
|
</body>
|
248
|
</html>
|