Bug #3263
closed
status_graph.php IP list is limited to interface subnet
Added by Leonardo Lombardo over 10 years ago.
Updated about 8 years ago.
Affected Architecture:
i386
Description
In the page status_graph.php the IPs in the list are only from the interface subnet. This does not work when that interface is a routing one and you can have traffic from IPs in other networks.
There was a time during 2.1 development when the whole list of IP addresses with their traffic was sent through to the display code. That was when the Local/Remote and other filters were added to the front end. If that back-end code was re-enabled then all source+destination IP address pairs would be candidates for display, not just ones considered local to pfSense.
Do you mean that if I upgrade that page from the source I can re-enable that feature ?
It is code in the "rate" binary that controls which data is actually fed through to the front-end browser code. The "rate" source code got changed a few times, [[https://github.com/pfsense/pfsense-tools/commits/master/pfPorts/rate/files/patch-rate_abusers.c]] - I think the 05 Mar 2013 code feeds everything through. But then changes were made on 26 Mar 2013 which filtered to count just the IP addresses considered local - is_ours()
I believe the 05 Mar 2013 code worked fine. I'm not aware of bugs with it, and it was possible for the user to filter out the "remote" from the list at the front-end, or not, as they wished.
- Target version deleted (
2.1.1)
I realized how to make the Filter: All and Remote options actually work again in 2.1.1. That code was committed a couple of days ago: https://github.com/pfsense/pfsense/commit/6901d6af97920f816b4dfc1b6d7efebda0bd7633
At least that lets you see everything. That will show public IP addresses of the sites people are accessing as well as the internal IPs of subnets that are routed privately behind the LAN.
What you are asking for is now really a feature request (which I would like also). To be able to choose some other filtering subsets, e.g.:
a) All private IPs (easy to do)
b) All subnets that are routed through (behind) the selected LAN (should be possible to deduce this from the static routes defined on the system and the addresses of the gateways they use - will be a lot trickier if OSPF or some other routing protocol is installed, as the routes will be learnt on-the-fly, but I suppose the code could parse the routing table in real-time to deduce the answer, but does anyone need that?)
I am happy to make the enhancements, but it is extra features, so wouldn't go into 2.1.1
- Status changed from New to Duplicate
- Affected Version deleted (
2.1)
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by