From ad8dade3029c46f10ac1e4b83b68ff63a03f6d65 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Fri, 7 Aug 2015 19:25:08 +0200 Subject: darkstat - complete package rewrite Added pretty much all options supported to GUI, with input validation. --- config/darkstat/darkstat.xml | 405 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 351 insertions(+), 54 deletions(-) (limited to 'config') diff --git a/config/darkstat/darkstat.xml b/config/darkstat/darkstat.xml index 3263012b..c2211de7 100644 --- a/config/darkstat/darkstat.xml +++ b/config/darkstat/darkstat.xml @@ -2,55 +2,50 @@ - - + . - All rights reserved. - */ -/* ========================================================================== */ + darkstat.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009-2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - - Describe your package here - Describe your package requirements here - Currently there are no FAQ items provided. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + Darkstat - 3.0 + 3.1 Diagnostics: Darkstat Darkstat Settings - Setup darkstat specific settings + Setup darkstat specific settings.
Diagnostics
/pkg_edit.php?xml=darkstat.xml&id=0
@@ -60,6 +55,7 @@ darkstat Darkstat bandwidth monitoring daemon + installedpackages->package->$packagename->configuration->settings Darkstat Settings @@ -71,47 +67,348 @@ http://$myurl:666 + enabled - Interface - interface_array + Enable darkstat + enable + checkbox + + + Interface(s) to capture traffic on + capture_interfaces + + (Default is LAN.) + ]]> + interfaces_selection + loopback 3 + true lan + true + + + Darkstat web interface should listen on + bind_interfaces + + + (The default is to listen on all interfaces.) + ]]> + + interfaces_selection + 3 true - + + + + Enable the "local network" feature + localnetworkenable + + + (The default behaviour is to only graph traffic to and from the local host.) + ]]> + + checkbox + localnetworkonly + localnetworkonly + + + Make the web interface ONLY display hosts on the "local network" + localnetworkonly + + + will only display hosts on the "local network" defined below. + ]]> + + checkbox + + + Define a "local network" + localnetwork + Traffic from/to the network/netmask of the selected interface will be considered as "local network". + interfaces_selection + (wan|loopback) + + + Do not use promiscuous mode to capture + nopromisc + + + or may later enter promiscuous mode, due to circumstances beyond darkstat's control.
+ This cannot be used when the "local network" feature is enabled above. + ]]> +
+ checkbox +
+ + Do not resolve IPs to host names + nodns + + + as an extra process is created for DNS resolution. + ]]> + + checkbox + + + Do not display MAC addresses in the hosts table + nomacs + checkbox + + + Do not display the last seen time in the hosts table + nolastseen + checkbox + + + Maximum hosts count + hostsmax + + + This is used to limit how much accounting data will be kept in memory.
+ (If filled in, the number must be greater than 'Maximum number of hosts to keep' below.) + ]]> +
+ input + 5 +
+ + Maximum number of hosts to keep + hostskeep + + + we clean out the hosts table, keeping only the top number of hosts, sorted by total traffic.
+ (If filled in, the number must be lower than 'Maximum hosts count' above.) + ]]> +
+ input + 5 +
+ + Maximum ports count + portsmax + + + This is used to limit how much accounting data will be kept in memory.
+ (If filled in, the number must be greater than 'Maximum number of ports to keep' below.) + ]]> +
+ input + 5 +
+ + Maximum number of ports to keep + portskeep + + + (If filled in, the number must be lower than 'Maximum ports count' above.) + ]]> + + input + 5 + + + Advanced traffic filtering options + advfilter + +
+ Example 1: We only want to account for SSH traffic.
+ Filter expression: port 22

+ Example 2: We don't want to account for traffic between internal IPs.
+ Filter expression: not (src net 192.168.0 and dst net 192.168.0)

+ NOTE: Filter syntax is beyond the scope of this description; please refer to + tcpdump(1), + pcap-filter(7) + and darkstat(8) + documentation.
+ WARNING: You are completely on your own with this! If misconfigured, darkstat will malfunction or even not start at all. + ]]> +
+ textarea + base64 + 65 + 5 + +
+ + 0) && ($hostsmax > $hostskeep)) { + $start .= " --hosts-max {$hostsmax}"; + } + if (($hostskeep > 0) && ($hostskeep < $hostsmax)) { + $start .= " --hosts-keep {$hostskeep}"; + } + $portsmax = $darkstat_config['portsmax']; + $portskeep = $darkstat_config['portskeep']; + if (($portsmax > 0) && ($portsmax > $portskeep)) { + $start .= " --ports-max {$portsmax}"; + } + if (($portskeep > 0) && ($portskeep < $portsmax)) { + $start .= " --ports-keep {$portskeep}"; + } + $advfilter = $darkstat_config['advfilter']; + if ($advfilter != "") { + $start .= " -f " . escapeshellarg(base64_decode($advfilter)); + } + write_rcfile(array( "file" => "darkstat.sh", "start" => $start, "stop" => "/usr/bin/killall darkstat" ) ); - start_service("darkstat"); + + /* If the service is (being) disabled, stop it (if running) and do nothing else */ + if (!($darkstat_config['enable'])) { + if (is_process_running("darkstat")) { + stop_service("darkstat"); + } + return; + } else { + restart_service("darkstat"); + } + + config_unlock(); conf_mount_ro(); } + + function validate_input_darkstat($post, &$input_errors) { + if (($_POST['port']) && ($_POST['port'] < 1 || $_POST['port'] < 65535 || !is_numericint($_POST['port']))) { + $input_errors[] .= gettext("The value for 'Maximum number of ports' to keep' must be a positive integer between 1 and 65535."); + } + if (($_POST['hostsmax']) && ($_POST['hostsmax'] < 1 || !is_numericint($_POST['hostsmax']))) { + $input_errors[] = gettext("The value for 'Maximum hosts count' must be a positive integer."); + } + if (($_POST['hostskeep']) && ($_POST['hostskeep'] < 1 || !is_numericint($_POST['hostskeep']))) { + $input_errors[] .= gettext("The value for 'Maximum number of hosts to keep' must be a positive integer."); + } + if ($_POST['hostsmax'] || $_POST['hostskeep']) { + if ($_POST['hostsmax'] <= $_POST['hostskeep']) { + $input_errors[] .= gettext("'Maximum hosts count' must be greater than 'Maximum number of hosts to keep'."); + } + } + if (($_POST['portsmax']) && ($_POST['portsmax'] < 1 || !is_numericint($_POST['portsmax']))) { + $input_errors[] .= gettext("The value for 'Maximum ports count' must be a positive integer."); + } + if (($_POST['portskeep']) && ($_POST['portskeep'] < 1 || !is_numericint($_POST['portskeep']))) { + $input_errors[] .= gettext("The value for 'Maximum number of ports' to keep' must be a positive integer."); + } + if ($_POST['portsmax'] || $_POST['portskeep']) { + if ($_POST['portsmax'] <= $_POST['portskeep']) { + $input_errors[] .= gettext("'Maximum ports count' must be greater than 'Maximum number of ports to keep'."); + } + } + if ($_POST['localnetworkenable'] && $_POST['nopromisc'] != "") { + $input_errors[] .= gettext("'Do not use promiscuous mode to capture' cannot be used when the 'local network' feature is enabled."); + } + if ($_POST['localnetwork']) { + $int = convert_friendly_interface_to_real_interface_name($post['localnetwork']); + $ip = find_interface_ip($int); + if (!is_ipaddrv4($ip)) { + $input_errors[] .= gettext("The selected 'local network' interface has no IPv4 configured. Configured IPv4 is required."); + } + } + if (($post['advfilter']) && !preg_match("/^[a-zA-Z0-9\+\-\=\(\):. ]*$/", $post['advfilter'])) { + $input_errors[] .= gettext('Advanced traffic filtering options may only contain characters matching ^[a-zA-Z0-9\+\-\=\(\):. ]*$ regexp.'); + } + } + ]]> - - sync_package_darkstat(); + + sync_package_darkstat(); sync_package_darkstat(); - exec("rm -f /usr/local/etc/rc.d/darkstat.sh"); + unlink_if_exists("/usr/local/etc/rc.d/darkstat.sh"); + + validate_input_darkstat($_POST, $input_errors); +
-- cgit v1.2.3