From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: connections.cgi: iptables connection tracking. Date: Mon, 25 Mar 2013 15:38:18 +0100 Message-ID: <1364222298.1844.86.camel@rice-oxley.tremer.info> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7200014169803398466==" List-Id: --===============7200014169803398466== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hey, a shell script is not the best way how to sort things, but I think we can accept this because before the current version of the CGI file, there was a lot of sorting done with shell commands as well. I did not try to run your code, because I am waiting for the other "two more sorting options". Michael On Sat, 2013-03-23 at 09:38 +0100, Kay-Michael K=C3=B6hler wrote: > I did some progress on sorting with connections.cgi and i want to > share with you guys. >=20 >=20 > To keep the sorting less time consuming and with a minimum memory > footprint, i added a bash script what is doing all the sorting and > removed the sort command from the piped command line.=20 >=20 >=20 > Eight green arrows for sorting on source ip, source port, destination > ip and destination port will now appear on iptables connections > tracking WUI. >=20 >=20 > I will add two more sorting option later after finished some other > work for ipfire. >=20 >=20 > The bash script "consort.sh" goes to /usr/local/bin. >=20 >=20 > Ok, now the two diffs to the actual git >=20 >=20 > diff --git a/src/scripts/consort.sh b/src/scripts/consort.sh > new file mode 100755 > index 0000000..1633beb > --- /dev/null > +++ b/src/scripts/consort.sh > @@ -0,0 +1,83 @@ > +#/bin/bash > +##########################################################################= ##### > +# > # > +# IPFire.org - A linux based firewall > # > +# Copyright (C) 2007-2013 IPFire Team > # > +# > # > +# This program is free software: you can redistribute it and/or > modify # > +# it under the terms of the GNU General Public License as published > by # > +# the Free Software Foundation, either version 3 of the License, or > # > +# (at your option) any later version. > # > +# > # > +# This program is distributed in the hope that it will be useful, > # > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > # > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > # > +# GNU General Public License for more details. > # > +# > # > +# You should have received a copy of the GNU General Public License > # > +# along with this program. If not, see > . # > +# > # > +##########################################################################= ##### > + > +# sort conntrack table entries based on ip addresses > +# @parm sort field=20 > +do_ip_sort() { > + sed \ > + -r \ > + 's/.*src=3D([0-9\.]+).*dst=3D([0-9\.]+).*src=3D.*/\'$1'#\0/' $FILE_NAME \ > + | sort \ > + -t. \ > + -k 1,1n$SORT_ORDER -k 2,2n$SORT_ORDER -k 3,3n$SORT_ORDER -k 4,4n > $SORT_ORDER \ > + | sed \ > + -r \ > + 's/.*#(.*)/\1/' > +} > + > +# sort conntrack table entries based on port addresses > +# @parm sort field=20 > +do_port_sort() { > + sed \ > + -r \ > + 's/.*sport=3D([0-9]+).*dport=3D([0-9]+).*src=3D.*/\'$1'#\0/' $FILE_NAME \ > + | sort \ > + -t# \ > + -k 1,1n$SORT_ORDER \ > + | sed \ > + -r \ > + 's/.*#(.*)/\1/' > +} > + > +SORT_ORDER=3D > +FILE_NAME=3D > + > +if [ $# -lt 2 ]; then > + echo "Usage: consort 1=3DsrcIp,2=3DdstIp,3=3DsrcPort,4=3DdstPort> = [input > file]" > + echo " consort.sh 1 a.txt" > + echo " cat a.txt | consort 1" > + exit; > +fi > + > +if [[ 'a d A D' =3D~ $2 ]]; then > + if [[ 'd D' =3D~ $2 ]]; then > + SORT_ORDER=3Dr > + fi > +else > + echo "Unknown sort order \"$2\"" > + exit; > +fi > + > +if [ $# =3D=3D 3 ]; then > + if [ ! -f $3 ]; then > + echo "File not found." > + exit; > + fi > + FILE_NAME=3D$3 > +fi > + > +if [[ '1 2' =3D~ $1 ]]; then > + do_ip_sort $1=20 > +elif [[ '3 4' =3D~ $1 ]]; then > + do_port_sort $(($1-2)) > +else > + echo "Unknown sort criteria \"$1\"" > +fi >=20 >=20 >=20 >=20 > diff --git a/html/cgi-bin/connections.cgi > b/html/cgi-bin/connections.cgi > index 1edf3e5..0c20957 100644 > --- a/html/cgi-bin/connections.cgi > +++ b/html/cgi-bin/connections.cgi > @@ -34,6 +34,31 @@ > =20 > my $colour_multicast =3D "#A0A0A0"; > =20 > +# sort arguments for connection tracking table > +# the sort field. eg. 1=3Dsrc IP, 2=3Ddst IP, 3=3Dsrc port, 4=3Ddst port > +my $SORT_FIELD =3D 0; > +# the sort order. (a)scending orr (d)escending > +my $SORT_ORDER =3D 0; > +# cgi query arguments > +my %cgiin; > +# debug mode > +my $debug =3D 0; > + > +# retrieve query arguments > +# note: let a-z A-Z and 0-9 pass as value only > +if (length ($ENV{'QUERY_STRING'}) > 0){ > + my $name; > + my $value; > + my $buffer =3D $ENV{'QUERY_STRING'}; > + my @pairs =3D split(/&/, $buffer); > + foreach my $pair (@pairs){ > + ($name, $value) =3D split(/=3D/, $pair); > + $value =3D~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; # e.g. > "%20" =3D> " " > + $value =3D~ s/[^a-zA-Z0-9]*//g; # a-Z 0-9 will pass > + $cgiin{$name} =3D $value;=20 > + } > +} > + > &Header::showhttpheaders(); > =20 > my @network=3D(); > @@ -43,12 +68,43 @@ > my %netsettings=3D(); > &General::readhash("${General::swroot}/ethernet/settings", \% > netsettings); > =20 > +# output cgi query arrguments to browser on debug > +if ( $debug ){ > + &Header::openbox('100%', 'center', 'DEBUG'); > + my $debugCount =3D 0; > + foreach my $line (sort keys %cgiin) { > + print "$line =3D '$cgiin{$line}'
\n"; > + $debugCount++; > + } > + print " Count: $debugCount\n"; > + &Header::closebox(); > +} > + > #workaround to suppress a warning when a variable is used only once > my @dummy =3D ( ${Header::table1colour} ); > undef (@dummy); > =20 > -# Read the connection tracking table. > -open(CONNTRACK, "/usr/local/bin/getconntracktable | sort -k 5,5 > --numeric-sort --reverse |") or die "Unable to read conntrack table"; > + > + > +# check sorting arguments > +if ( $cgiin{'sort_field'} ~~ [ '1','2','3','4' ] ) { > + $SORT_FIELD =3D $cgiin{'sort_field'}; > + > + if ( $cgiin{'sort_order'} ~~ [ 'a','d','A','D' ] ) { > + $SORT_ORDER =3D lc($cgiin{'sort_order'}); > + } > +} > + > +# Read and sort the connection tracking table > +# do sorting=20 > +if ($SORT_FIELD and $SORT_ORDER) {=20 > + # field sorting when sorting arguments are sane > + open(CONNTRACK, "/usr/local/bin/getconntracktable > | /usr/local/bin/consort.sh $SORT_FIELD $SORT_ORDER |") or die "Unable > to read conntrack table"; > +} else { > + # default sorting with no query arguments > + open(CONNTRACK, "/usr/local/bin/getconntracktable | sort -k 5,5 > --numeric-sort --reverse |") or die "Unable to read conntrack table"; > +} > + > my @conntrack =3D ; > close(CONNTRACK); > =20 > @@ -263,21 +319,49 @@ >
> END > =20 > +if ($SORT_FIELD and $SORT_ORDER) { > + my @sort_field_name =3D ( > + $Lang::tr{'source ip'}, > + $Lang::tr{'destination ip'}, > + $Lang::tr{'source port'}, > + $Lang::tr{'destination port'} > + ); > + my $sort_order_name; > + if (lc($SORT_ORDER) eq "a") { > + $sort_order_name =3D $Lang::tr{'sort ascending'}; > + } else { > + $sort_order_name =3D $Lang::tr{'sort descending'}; > + } > + > +print < +
> + $sort_order_name: $sort_field_name[$SORT_FIELD-1] > +
> +END > +; > +} > + > # Print table header. > print < > - > + > > - > - > - > - >
> $Lang::tr{'protocol'} > > + > + src=3D"/images/up.gif"> > + src=3D"/images/down.gif"> > $Lang::tr{'source ip and port'} > + src=3D"/images/up.gif"> > + src=3D"/images/down.gif"> >   > + > + src=3D"/images/up.gif"> > + src=3D"/images/down.gif"> > $Lang::tr{'dest ip and port'} > + src=3D"/images/up.gif"> > + src=3D"/images/down.gif"> >   > $Lang::tr{'download'} / >
$Lang::tr{'upload'} >=20 >=20 >=20 >=20 > 2013/3/10 Michael Tremer > Hi, > =20 > sure, this is fine with me. Just try to make the sorting > process > efficient so that even ten thousands of connections are > properly > displayed. > =20 > -Michael > =20 > On Sun, 2013-03-10 at 17:01 +0100, Kay-Michael K=C3=B6hler wrote: > > Hello everyone > > > > > > i'm going to start development on connections.cgi to have > some kind of > > sorting at "iptables connection > tracking" (status->connections) > > > > > > I think it is a good idea to have the following (asc/desc) > sort > > options: > > > > > > "Protocol" > > "Source IP:Port" > > "Destination IP Port" > > "Connection status" > > > > > > If you guys agree it would be a please for me to share and > post the > > patch here when i'm done. > > > > > > Regards > > > > > > Kay-Michael > =20 > > _______________________________________________ > > Development mailing list > > Development(a)lists.ipfire.org > > http://lists.ipfire.org/mailman/listinfo/development > =20 > _______________________________________________ > Development mailing list > Development(a)lists.ipfire.org > http://lists.ipfire.org/mailman/listinfo/development >=20 >=20 --===============7200014169803398466==--