#!/usr/local/bin/php . All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ $pgtitle = array("Diagnostics", "Firewall states"); require("guiconfig.inc"); ?> $value ) { reset($value); $arrTemp[$key] = is_null($index) ? current($value) : $value[$index]; } } natsort($arrTemp); foreach ( $arrTemp as $key=>$value ) { $arrOut[$key] = $arrIn[$key]; } $arrIn = $arrOut; } // sfilter and dfilter allow setting of source and dest IP filters // on the output. $filterPassThru allows these source and dest // filters to be passed on in the column sorting links. if (($_GET['sfilter']) or ($_GET['dfilter'])) { $filter = ''; if ($_GET['sfilter']) { if (is_ipaddr($_GET['sfilter'])) { $filter = ' -S ' . $_GET['sfilter']; $filterPassThru = '&sfilter=' . $_GET['sfilter']; } else unset ($_GET['sfilter']); } if ($_GET['dfilter']) { if (is_ipaddr($_GET['dfilter'])) { $filter = ' -D ' . $_GET['dfilter']; $filterPassThru = '&dfilter=' . $_GET['dfilter']; } else unset ($_GET['dfilter']); } } $fd = popen("/sbin/ipfstat -t" . $filter, "r"); // See if the user has set a limit to the number of entries... if (isset($config['diag']['ipfstatentries'])) $linelimit = $config['diag']['ipfstatentries']; else $linelimit = 300; $count = 0; while (!feof($fd)) { $line = trim(fgets($fd)); if (!$line) continue; //Source IP Destination IP ST PR #pkts #bytes ttl //68.16.26.144,1633 167.219.90.224,443 4/4 tcp 366724 370351656 2:30:00 // 0 1 2 3 4 5 6 $split = explode("\t", trim($line)); $srcTmp = $split[0]; $data[$count]['srcip'] = stripPort($srcTmp); $data[$count]['srcport'] = stripPort($srcTmp,true); $dstTmp = $split[1]; $data[$count]['dstip'] = stripPort($dstTmp); $data[$count]['dstport'] = stripPort($dstTmp,true); $data[$count]['protocol'] = $split[3]; $data[$count]['packets'] = $split[4]; $data[$count]['bytes'] = $split[5]; $timeTmp = trim($split[6]); $timeLen = strlen($timeTmp); switch ($timeLen) { case 4: $data[$count]['ttl'] = strtotime("0:0".$timeTmp); break; case 5: $data[$count]['ttl'] = strtotime("0:".$timeTmp); break; case 7: $data[$count]['ttl'] = strtotime($timeTmp); break; default : // Debug logic, in case there is an unforseen issue /*echo $line . "
"; echo $linelimit . "
"; echo $timeTmp . "
";*/ break; } $count++; if ($linelimit == $count) { // We've got all the data the user wanted to see - drop out of the foreach. break; } } pclose($fd); // Clear the statistics snapshot files, which track the packets and bytes of connections if (isset($_GET['clear'])) { if (file_exists('/tmp/packets')) unlink('/tmp/packets'); if (file_exists('/tmp/bytes')) unlink('/tmp/bytes'); // Redirect so we don't hit "clear" every time we refresh the screen. header("Location: diag_ipfstat.php?".$filterPassThru); exit; } // Create a new set of stats snapshot files if (isset($_GET['new'])) { $packets = array(); $bytes = array(); // Create variables to let us later quickly access this data if (is_array($data)) { foreach ($data as $row) { $packets[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']] = $row['packets']; $bytes[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']] = $row['bytes']; } } // Write the files out writeStats("packets",$packets); writeStats("bytes",$bytes); // If we're in view mode, pass that on. if (isset($_GET['view'])) $filterPassThru .= "&view=1"; // Redirect so we don't hit "new" every time we refresh the screen. header("Location: diag_ipfstat.php?order=bytes&sort=des".$filterPassThru); exit; } // View the delta from the last snapshot against the current data. if (isset($_GET['view'])) { // Read the stats data files readStats("packets",$packets); readStats("bytes",$bytes); if (is_array($data)) { foreach ($data as $key => $row) { if (isset($packets[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']])) { if (isset($bytes[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']])) { $tempPackets = $data[$key]['packets'] - $packets[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']]; $tempBytes = $data[$key]['bytes'] - $bytes[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']]; if (($tempPackets > -1) && ($tempBytes > -1)) { $data[$key]['packets'] = $tempPackets; $data[$key]['bytes'] = $tempBytes; } } } } } $filterPassThru .= "&view=1"; $viewPassThru = "&view=1"; } // Sort it by the selected order if ($_GET['order']) { natsort2d($data,$_GET['order']); if ($_GET['sort']) { if ($_GET['sort'] == "des") $data = array_reverse($data); } } function writeStats($fname, &$data) { $fname = "/tmp/" . $fname; if (file_exists($fname)) unlink($fname); $file = fopen($fname, 'a'); fwrite($file, serialize($data)); fclose($file); } function readStats($fname, &$data) { $fname = "/tmp/" . $fname; if (file_exists($fname)) { $file = fopen($fname,'r'); $data = unserialize(fread($file, filesize($fname))); fclose($file); } } function sortOrder($column) { if ($_GET['order'] == $column) { if ($_GET['sort'] == 'des') return "&sort=asc"; return "&sort=des"; } else return "&sort=asc"; } function stripPort($ip, $showPort = false) { if (!$showPort) { if (strpos($ip,',') > 0) return substr($ip,0,strpos($ip,",")); else return ($ip); } else { if (strpos($ip,',') > 0) { return substr($ip,(strpos($ip,",")+1)); } else return " "; } } function displayIP($ip, $col) { global $viewPassThru; switch ($col) { case 'srcip': if ($_GET['sfilter']) { if ($_GET['sfilter'] == $ip) return $ip; } else { return ''. $ip .''; } break; case 'dstip': if ($_GET['dfilter']) { if ($_GET['dfilter'] == $ip) return $ip; } else { return ''. $ip .''; } break; } } // Get timestamp of snapshot file, if it exists, for display later. if (!(file_exists('/tmp/packets'))) { $lastSnapshot = "Never"; } else { $lastSnapshot = strftime("%m/%d/%y %H:%M:%S",filectime('/tmp/packets')); } // Moved this down here due to the potential for redirects, up above. include("fbegin.inc"); // Produce proper HTML $filterPassThru = str_replace("&", "&", $filterPassThru); ?>

Statistics snapshot control

Last statistics snapshot:

Clear

Viewing delta of statistics snapshot:

Start new

Last statistics snapshot:

Firewall connection states displayed: