Project

General

Profile

Actions

Bug #3263

closed

status_graph.php IP list is limited to interface subnet

Added by Leonardo Lombardo about 11 years ago. Updated over 8 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
10/10/2013
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
i386

Description

In the page status_graph.php the IPs in the list are only from the interface subnet. This does not work when that interface is a routing one and you can have traffic from IPs in other networks.

Actions #1

Updated by Phillip Davis about 11 years ago

There was a time during 2.1 development when the whole list of IP addresses with their traffic was sent through to the display code. That was when the Local/Remote and other filters were added to the front end. If that back-end code was re-enabled then all source+destination IP address pairs would be candidates for display, not just ones considered local to pfSense.

Actions #2

Updated by Leonardo Lombardo about 11 years ago

Do you mean that if I upgrade that page from the source I can re-enable that feature ?

Actions #3

Updated by Phillip Davis about 11 years ago

It is code in the "rate" binary that controls which data is actually fed through to the front-end browser code. The "rate" source code got changed a few times, [[https://github.com/pfsense/pfsense-tools/commits/master/pfPorts/rate/files/patch-rate_abusers.c]] - I think the 05 Mar 2013 code feeds everything through. But then changes were made on 26 Mar 2013 which filtered to count just the IP addresses considered local - is_ours()
I believe the 05 Mar 2013 code worked fine. I'm not aware of bugs with it, and it was possible for the user to filter out the "remote" from the list at the front-end, or not, as they wished.

Actions #4

Updated by Chris Buechler almost 11 years ago

  • Target version deleted (2.1.1)
Actions #5

Updated by Phillip Davis almost 11 years ago

I realized how to make the Filter: All and Remote options actually work again in 2.1.1. That code was committed a couple of days ago: https://github.com/pfsense/pfsense/commit/6901d6af97920f816b4dfc1b6d7efebda0bd7633
At least that lets you see everything. That will show public IP addresses of the sites people are accessing as well as the internal IPs of subnets that are routed privately behind the LAN.
What you are asking for is now really a feature request (which I would like also). To be able to choose some other filtering subsets, e.g.:
a) All private IPs (easy to do)
b) All subnets that are routed through (behind) the selected LAN (should be possible to deduce this from the static routes defined on the system and the addresses of the gateways they use - will be a lot trickier if OSPF or some other routing protocol is installed, as the routes will be learnt on-the-fly, but I suppose the code could parse the routing table in real-time to deduce the answer, but does anyone need that?)

I am happy to make the enhancements, but it is extra features, so wouldn't go into 2.1.1

Actions #6

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Duplicate
  • Affected Version deleted (2.1)

duplicate of #2234

Actions

Also available in: Atom PDF