Since IPsec routing information do not show up in the normal routing table, also displaying the contents of table 220 on netother.cgi might be useful for debugging purposes.
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- html/cgi-bin/netother.cgi | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/html/cgi-bin/netother.cgi b/html/cgi-bin/netother.cgi index dde1b603a..ac02b8148 100644 --- a/html/cgi-bin/netother.cgi +++ b/html/cgi-bin/netother.cgi @@ -79,6 +79,12 @@ if ( $querry[0] =~ "fwhits"){ print "<pre>$output</pre>\n"; &Header::closebox();
+ &Header::openbox('100%', 'left', "$Lang::tr{'routing table entries'} 220"); + $output = `/sbin/ip route list table 220`; + $output = &Header::cleanhtml($output,"y"); + print "<pre>$output</pre>\n"; + &Header::closebox() + &Header::openbox('100%', 'left', $Lang::tr{'arp table entries'}); $output = `/sbin/ip neigh show`; $output = &Header::cleanhtml($output,"y");
Hi,
I appreciate the thought, but I think the implementation might be very confusing.
I think the patch could be improved by:
* Removing the 220 number and simply call it “IPsec VPN Routing Table”
* Not show the box when the table is empty which it will be for all users that are not using IPsec
And since it is basically a static table, I do not see what there is to gain for the user from this. How can this help with debugging?
-Michael
On 7 Mar 2020, at 18:46, Peter Müller peter.mueller@ipfire.org wrote:
Since IPsec routing information do not show up in the normal routing table, also displaying the contents of table 220 on netother.cgi might be useful for debugging purposes.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
html/cgi-bin/netother.cgi | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/html/cgi-bin/netother.cgi b/html/cgi-bin/netother.cgi index dde1b603a..ac02b8148 100644 --- a/html/cgi-bin/netother.cgi +++ b/html/cgi-bin/netother.cgi @@ -79,6 +79,12 @@ if ( $querry[0] =~ "fwhits"){ print "<pre>$output</pre>\n"; &Header::closebox();
- &Header::openbox('100%', 'left', "$Lang::tr{'routing table entries'} 220");
- $output = `/sbin/ip route list table 220`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
- &Header::closebox()
- &Header::openbox('100%', 'left', $Lang::tr{'arp table entries'}); $output = `/sbin/ip neigh show`; $output = &Header::cleanhtml($output,"y");
-- 2.16.4
Hello Michael,
Hi,
I appreciate the thought, but I think the implementation might be very confusing.
I think the patch could be improved by:
- Removing the 220 number and simply call it “IPsec VPN Routing Table”
Okay, good point.
- Not show the box when the table is empty which it will be for all users that are not using IPsec
ACK.
And since it is basically a static table, I do not see what there is to gain for the user from this. How can this help with debugging?
For the same reasons we display contents of the routing table, I guess. The user is able to do quick plausibility checks over it, without digging/using the search engine of his/hers least distrust for the command that shows him the IPsec routing information.
Thanks, and best regards, Peter Müller
-Michael
On 7 Mar 2020, at 18:46, Peter Müller peter.mueller@ipfire.org wrote:
Since IPsec routing information do not show up in the normal routing table, also displaying the contents of table 220 on netother.cgi might be useful for debugging purposes.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
html/cgi-bin/netother.cgi | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/html/cgi-bin/netother.cgi b/html/cgi-bin/netother.cgi index dde1b603a..ac02b8148 100644 --- a/html/cgi-bin/netother.cgi +++ b/html/cgi-bin/netother.cgi @@ -79,6 +79,12 @@ if ( $querry[0] =~ "fwhits"){ print "<pre>$output</pre>\n"; &Header::closebox();
- &Header::openbox('100%', 'left', "$Lang::tr{'routing table entries'} 220");
- $output = `/sbin/ip route list table 220`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
- &Header::closebox()
- &Header::openbox('100%', 'left', $Lang::tr{'arp table entries'}); $output = `/sbin/ip neigh show`; $output = &Header::cleanhtml($output,"y");
-- 2.16.4
Okay. Will you update the patch accordingly, please?
-Michael
On 8 Mar 2020, at 13:15, Peter Müller peter.mueller@ipfire.org wrote:
Hello Michael,
Hi,
I appreciate the thought, but I think the implementation might be very confusing.
I think the patch could be improved by:
- Removing the 220 number and simply call it “IPsec VPN Routing Table”
Okay, good point.
- Not show the box when the table is empty which it will be for all users that are not using IPsec
ACK.
And since it is basically a static table, I do not see what there is to gain for the user from this. How can this help with debugging?
For the same reasons we display contents of the routing table, I guess. The user is able to do quick plausibility checks over it, without digging/using the search engine of his/hers least distrust for the command that shows him the IPsec routing information.
Thanks, and best regards, Peter Müller
-Michael
On 7 Mar 2020, at 18:46, Peter Müller peter.mueller@ipfire.org wrote:
Since IPsec routing information do not show up in the normal routing table, also displaying the contents of table 220 on netother.cgi might be useful for debugging purposes.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
html/cgi-bin/netother.cgi | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/html/cgi-bin/netother.cgi b/html/cgi-bin/netother.cgi index dde1b603a..ac02b8148 100644 --- a/html/cgi-bin/netother.cgi +++ b/html/cgi-bin/netother.cgi @@ -79,6 +79,12 @@ if ( $querry[0] =~ "fwhits"){ print "<pre>$output</pre>\n"; &Header::closebox();
- &Header::openbox('100%', 'left', "$Lang::tr{'routing table entries'} 220");
- $output = `/sbin/ip route list table 220`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
- &Header::closebox()
- &Header::openbox('100%', 'left', $Lang::tr{'arp table entries'}); $output = `/sbin/ip neigh show`; $output = &Header::cleanhtml($output,"y");
-- 2.16.4
Since IPsec routing information do not show up in the normal routing table, also displaying the contents of table 220 on netother.cgi might be useful for debugging purposes.
The second version of this patch omits the output if routing table 220 is empty and introduces a custom translation for IPsec routing table entries instead of just adding the table number to the generic translation.
Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org --- html/cgi-bin/netother.cgi | 8 ++++++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 3 files changed, 10 insertions(+) mode change 100644 => 100755 html/cgi-bin/netother.cgi
diff --git a/html/cgi-bin/netother.cgi b/html/cgi-bin/netother.cgi old mode 100644 new mode 100755 index dde1b603a..4f03c82e8 --- a/html/cgi-bin/netother.cgi +++ b/html/cgi-bin/netother.cgi @@ -79,6 +79,14 @@ if ( $querry[0] =~ "fwhits"){ print "<pre>$output</pre>\n"; &Header::closebox();
+ $output = `/sbin/ip route list table 220`; + if ( $output ) { + &Header::openbox('100%', 'left', $Lang::tr{'ipsec routing table entries'}); + $output = &Header::cleanhtml($output,"y"); + print "<pre>$output</pre>\n"; + &Header::closebox() + } + &Header::openbox('100%', 'left', $Lang::tr{'arp table entries'}); $output = `/sbin/ip neigh show`; $output = &Header::cleanhtml($output,"y"); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 80579e7cc..6f7b4db59 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1498,6 +1498,7 @@ 'ipsec mode tunnel' => 'Tunnel', 'ipsec network' => 'IPsec-Netzwerk', 'ipsec no connections' => 'Keine aktiven IPsec-Verbindungen', +'ipsec routing table entries' => 'Einträge der IPsec-Routing-Tabelle', 'ipsec settings' => 'IPsec-Einstellungen', 'iptable rules' => 'IPTable-Regeln', 'iptmangles' => 'IPTable Mangles', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a68c8f411..1e1aed53c 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1547,6 +1547,7 @@ 'ipsec mode tunnel' => 'Tunnel', 'ipsec network' => 'IPsec network', 'ipsec no connections' => 'No active IPsec connections', +'ipsec routing table entries' => 'IPsec Routing Table Entries', 'ipsec settings' => 'IPsec Settings', 'iptable rules' => 'IPTable rules', 'iptmangles' => 'IPTable Mangles',
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 21 Mar 2020, at 16:03, Peter Müller peter.mueller@ipfire.org wrote:
Since IPsec routing information do not show up in the normal routing table, also displaying the contents of table 220 on netother.cgi might be useful for debugging purposes.
The second version of this patch omits the output if routing table 220 is empty and introduces a custom translation for IPsec routing table entries instead of just adding the table number to the generic translation.
Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
html/cgi-bin/netother.cgi | 8 ++++++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 3 files changed, 10 insertions(+) mode change 100644 => 100755 html/cgi-bin/netother.cgi
diff --git a/html/cgi-bin/netother.cgi b/html/cgi-bin/netother.cgi old mode 100644 new mode 100755 index dde1b603a..4f03c82e8 --- a/html/cgi-bin/netother.cgi +++ b/html/cgi-bin/netother.cgi @@ -79,6 +79,14 @@ if ( $querry[0] =~ "fwhits"){ print "<pre>$output</pre>\n"; &Header::closebox();
- $output = `/sbin/ip route list table 220`;
- if ( $output ) {
&Header::openbox('100%', 'left', $Lang::tr{'ipsec routing table entries'});$output = &Header::cleanhtml($output,"y");print "<pre>$output</pre>\n";&Header::closebox()- }
- &Header::openbox('100%', 'left', $Lang::tr{'arp table entries'}); $output = `/sbin/ip neigh show`; $output = &Header::cleanhtml($output,"y");
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 80579e7cc..6f7b4db59 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1498,6 +1498,7 @@ 'ipsec mode tunnel' => 'Tunnel', 'ipsec network' => 'IPsec-Netzwerk', 'ipsec no connections' => 'Keine aktiven IPsec-Verbindungen', +'ipsec routing table entries' => 'Einträge der IPsec-Routing-Tabelle', 'ipsec settings' => 'IPsec-Einstellungen', 'iptable rules' => 'IPTable-Regeln', 'iptmangles' => 'IPTable Mangles', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a68c8f411..1e1aed53c 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1547,6 +1547,7 @@ 'ipsec mode tunnel' => 'Tunnel', 'ipsec network' => 'IPsec network', 'ipsec no connections' => 'No active IPsec connections', +'ipsec routing table entries' => 'IPsec Routing Table Entries', 'ipsec settings' => 'IPsec Settings', 'iptable rules' => 'IPTable rules', 'iptmangles' => 'IPTable Mangles', -- 2.16.4
This patch doesn't apply. It also change the rights of the netother.cgi in git. This should be 644 not 755
Am 2020-03-21 17:03, schrieb Peter Müller:
Since IPsec routing information do not show up in the normal routing table, also displaying the contents of table 220 on netother.cgi might be useful for debugging purposes.
The second version of this patch omits the output if routing table 220 is empty and introduces a custom translation for IPsec routing table entries instead of just adding the table number to the generic translation.
Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
html/cgi-bin/netother.cgi | 8 ++++++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 3 files changed, 10 insertions(+) mode change 100644 => 100755 html/cgi-bin/netother.cgi
diff --git a/html/cgi-bin/netother.cgi b/html/cgi-bin/netother.cgi old mode 100644 new mode 100755 index dde1b603a..4f03c82e8 --- a/html/cgi-bin/netother.cgi +++ b/html/cgi-bin/netother.cgi @@ -79,6 +79,14 @@ if ( $querry[0] =~ "fwhits"){ print "<pre>$output</pre>\n"; &Header::closebox();
- $output = `/sbin/ip route list table 220`;
- if ( $output ) {
&Header::openbox('100%', 'left', $Lang::tr{'ipsec routing tableentries'});
$output = &Header::cleanhtml($output,"y");print "<pre>$output</pre>\n";&Header::closebox()- }
- &Header::openbox('100%', 'left', $Lang::tr{'arp table entries'}); $output = `/sbin/ip neigh show`; $output = &Header::cleanhtml($output,"y");
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 80579e7cc..6f7b4db59 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1498,6 +1498,7 @@ 'ipsec mode tunnel' => 'Tunnel', 'ipsec network' => 'IPsec-Netzwerk', 'ipsec no connections' => 'Keine aktiven IPsec-Verbindungen', +'ipsec routing table entries' => 'Einträge der IPsec-Routing-Tabelle', 'ipsec settings' => 'IPsec-Einstellungen', 'iptable rules' => 'IPTable-Regeln', 'iptmangles' => 'IPTable Mangles', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a68c8f411..1e1aed53c 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1547,6 +1547,7 @@ 'ipsec mode tunnel' => 'Tunnel', 'ipsec network' => 'IPsec network', 'ipsec no connections' => 'No active IPsec connections', +'ipsec routing table entries' => 'IPsec Routing Table Entries', 'ipsec settings' => 'IPsec Settings', 'iptable rules' => 'IPTable rules', 'iptmangles' => 'IPTable Mangles',
Hello *,
for your information: The patch was already applied by Arne at March 26th, but the Patchwork did not get it and so Git complained when he tried to apply it again.
Everything is fine, move along. :-)
Thanks, and best regards, Peter Müller
This patch doesn't apply. It also change the rights of the netother.cgi in git. This should be 644 not 755
Am 2020-03-21 17:03, schrieb Peter Müller:
Since IPsec routing information do not show up in the normal routing table, also displaying the contents of table 220 on netother.cgi might be useful for debugging purposes.
The second version of this patch omits the output if routing table 220 is empty and introduces a custom translation for IPsec routing table entries instead of just adding the table number to the generic translation.
Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
html/cgi-bin/netother.cgi | 8 ++++++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 3 files changed, 10 insertions(+) mode change 100644 => 100755 html/cgi-bin/netother.cgi
diff --git a/html/cgi-bin/netother.cgi b/html/cgi-bin/netother.cgi old mode 100644 new mode 100755 index dde1b603a..4f03c82e8 --- a/html/cgi-bin/netother.cgi +++ b/html/cgi-bin/netother.cgi @@ -79,6 +79,14 @@ if ( $querry[0] =~ "fwhits"){ print "<pre>$output</pre>\n"; &Header::closebox();
+ $output = `/sbin/ip route list table 220`; + if ( $output ) { + &Header::openbox('100%', 'left', $Lang::tr{'ipsec routing table entries'}); + $output = &Header::cleanhtml($output,"y"); + print "<pre>$output</pre>\n"; + &Header::closebox() + }
&Header::openbox('100%', 'left', $Lang::tr{'arp table entries'}); $output = `/sbin/ip neigh show`; $output = &Header::cleanhtml($output,"y"); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 80579e7cc..6f7b4db59 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1498,6 +1498,7 @@ 'ipsec mode tunnel' => 'Tunnel', 'ipsec network' => 'IPsec-Netzwerk', 'ipsec no connections' => 'Keine aktiven IPsec-Verbindungen', +'ipsec routing table entries' => 'Einträge der IPsec-Routing-Tabelle', 'ipsec settings' => 'IPsec-Einstellungen', 'iptable rules' => 'IPTable-Regeln', 'iptmangles' => 'IPTable Mangles', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a68c8f411..1e1aed53c 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1547,6 +1547,7 @@ 'ipsec mode tunnel' => 'Tunnel', 'ipsec network' => 'IPsec network', 'ipsec no connections' => 'No active IPsec connections', +'ipsec routing table entries' => 'IPsec Routing Table Entries', 'ipsec settings' => 'IPsec Settings', 'iptable rules' => 'IPTable rules', 'iptmangles' => 'IPTable Mangles',
-
Arne Fitzenreiter -
Michael Tremer -
Peter Müller