'. $ip .''; } break; case 'dstip': if ($_GET['dfilter']) { if ($_GET['dfilter'] == $ip) return $ip; } else { return ''. $ip .''; } break; } } function sortOrder($column) { if ($_GET['order'] == $column) { if ($_GET['sort'] == 'des') return "&sort=asc"; return "&sort=des"; } else return "&sort=asc"; } function stripPort($ip, $showPort = false) { if (!$showPort) { if (strpos($ip,':') > 0) return substr($ip,0,strpos($ip,":")); else return ($ip); } else { if (strpos($ip,':') > 0) { return substr($ip,(strpos($ip,":")+1)); } else return " "; } } // sfilter and dfilter allow setting of source and dest IP filters // on the output. $filterPassThru allows these source and dest // filters to be passed on in the column sorting links. if (($_GET['sfilter']) or ($_GET['dfilter'])) { $filter = ''; if ($_GET['sfilter']) { if (is_ipaddr($_GET['sfilter'])) { $sfilter = $_GET['sfilter']; $filterPassThru = '&sfilter=' . $_GET['sfilter']; } else unset ($_GET['sfilter']); } if ($_GET['dfilter']) { if (is_ipaddr($_GET['dfilter'])) { $dfilter = $_GET['dfilter']; $filterPassThru = '&dfilter=' . $_GET['dfilter']; } else unset ($_GET['dfilter']); } } $dataRows = 300; $rawdata = array(); /* get our states */ // 1 2 3 4 5 6 7 8 //12345678901234567890123456789012345678901234567890123456789012345678901234567890 // [3] => PR D SRC DEST STATE AGE EXP PKTS BYTES // [4] => icmp O 0:0 12 2 10 840 // [5] => tcp I 4:4 710 86399 726 242K // -w 132 sets width of data to 132 // $dataRows defaults to 300 for embedded hardware exec("echo q | /usr/local/sbin/pftop -w 132 $dataRows",$rawdata); // exporting TERM set to nothing gets you a "dumb" term. echo q to pftop makes it // quit out after displaying the first page of data. // Get top line with total state data $topDataLine = $rawdata[2]; //pfTop: Up State 1-5/5, View: default, Order: none $slashPos = strpos($topDataLine,'/') + 1; $commaPos = strpos($topDataLine,','); if (($slashPos > 1) and ($commaPos > 1)) { $totalStates = substr($topDataLine,$slashPos,($commaPos - $slashPos)); } else $totalStates = 0; // Get rid of the header data unset($rawdata[0],$rawdata[1],$rawdata[2],$rawdata[3]); if (isset($rawdata)) { $count = 0; foreach ($rawdata as $line) { if (!strlen(trim($line)) < 70) { //PR DIR SRC DEST STATE AGE EXP PKTS BYTES //tcp Out FIN_WAIT_2:FIN_WAIT_2 00:01:20 00:00:11 28 1933 // 0 1 2 3 4 5 6 7 8 $split = preg_split("/\s+/", trim($line)); $data[$count]['protocol'] = $split[0]; $data[$count]['direction'] = $split[1]; $srcTmp = $split[2]; $data[$count]['srcip'] = stripPort($srcTmp); $data[$count]['srcport'] = stripPort($srcTmp,true); $dstTmp = $split[3]; $data[$count]['expire'] = $split[6]; $data[$count]['dstip'] = stripPort($dstTmp); $data[$count]['dstport'] = stripPort($dstTmp,true); $data[$count]['packets'] = $split[7]; $data[$count]['bytes'] = $split[8]; $count++; } } // Clear the statistics snapshot files, which track the packets and bytes of connections if (isset($_GET['clear'])) { if (file_exists('/tmp/packets')) unlink('/tmp/packets'); if (file_exists('/tmp/bytes')) unlink('/tmp/bytes'); // Redirect so we don't hit "clear" every time we refresh the screen. header("Location: diag_new_states.php?".$filterPassThru); exit; } // Create a new set of stats snapshot files if (isset($_GET['new'])) { $packets = array(); $bytes = array(); // Create variables to let us later quickly access this data if (is_array($data)) { foreach ($data as $row) { $packets[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']] = $row['packets']; $bytes[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']] = $row['bytes']; } } // Write the files out writeStats("packets",$packets); writeStats("bytes",$bytes); // If we're in view mode, pass that on. if (isset($_GET['view'])) $filterPassThru .= "&view=1"; // Redirect so we don't hit "new" every time we refresh the screen. header("Location: diag_new_states.php?&order=bytes&sort=des".$filterPassThru); exit; } // View the delta from the last snapshot against the current data. if (isset($_GET['view'])) { // Read the stats data files readStats("packets",$packets); readStats("bytes",$bytes); if (is_array($data)) { foreach ($data as $key => $row) { if (isset($packets[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']])) { if (isset($bytes[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']])) { $tempPackets = $data[$key]['packets'] - $packets[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']]; $tempBytes = $data[$key]['bytes'] - $bytes[$row['srcip']][$row['srcport']][$row['dstip']][$row['dstport']][$row['protocol']]; if (($tempPackets > -1) && ($tempBytes > -1)) { $data[$key]['packets'] = $tempPackets; $data[$key]['bytes'] = $tempBytes; } } } } } $filterPassThru .= "&view=1"; $viewPassThru = "&view=1"; } // Sort it by the selected order if ($_GET['order']) { natsort2d($data,$_GET['order']); if ($_GET['sort']) { if ($_GET['sort'] == "des") $data = array_reverse($data); } } } function natsort2d( &$arrIn, $index = null ) { $arrTemp = array(); $arrOut = array(); if (is_array($arrIn)) { foreach ( $arrIn as $key=>$value ) { reset($value); $arrTemp[$key] = is_null($index) ? current($value) : $value[$index]; } } natsort($arrTemp); foreach ( $arrTemp as $key=>$value ) { $arrOut[$key] = $arrIn[$key]; } $arrIn = $arrOut; } function writeStats($fname, &$data) { $fname = "/tmp/" . $fname; if (file_exists($fname)) unlink($fname); $file = fopen($fname, 'a'); fwrite($file, serialize($data)); fclose($file); } function readStats($fname, &$data) { $fname = "/tmp/" . $fname; if (file_exists($fname)) { $file = fopen($fname,'r'); $data = unserialize(fread($file, filesize($fname))); fclose($file); } } // Get timestamp of snapshot file, if it exists, for display later. if (!(file_exists('/tmp/packets'))) { $lastSnapshot = "Never"; } else { $lastSnapshot = strftime("%m/%d/%y %H:%M:%S",filectime('/tmp/packets')); } // The next include must be here because we use redirection above include("head.inc"); ?>

Statistics snapshot control
View delta Start new Clear snapshot Last statistics snapshot: Start new Clear Viewing delta of statistics snapshot: Start new Last statistics snapshot:
Source Port Destination Port Protocol Packets Bytes Expires

Firewall connection states displayed: /