/usr/local/www/diag_packet_capture.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/diag_packet_capture.php @ f8707b15

1	ab6a5cfc	Scott Ullrich	<?php
2			/*
3
4			Redistribution and use in source and binary forms, with or without
5			modification, are permitted provided that the following conditions are met:
6
7			1. Redistributions of source code must retain the above copyright notice,
8			this list of conditions and the following disclaimer.
9
10			2. Redistributions in binary form must reproduce the above copyright
11			notice, this list of conditions and the following disclaimer in the
12			documentation and/or other materials provided with the distribution.
13
14			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
15			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
16			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
17			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
18			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
23			POSSIBILITY OF SUCH DAMAGE.
24			*/
25
26	f35abee2	jim-p	/*
27	13d193c2	Scott Ullrich	pfSense_BUILDER_BINARIES: /bin/ps /usr/bin/grep /usr/sbin/tcpdump
28			pfSense_MODULE: routing
29			*/
30
31	6b07c15a	Matthew Grooms	##\|+PRIV
32			##\|*IDENT=page-diagnostics-packetcapture
33			##\|*NAME=Diagnostics: Packet Capture page
34			##\|*DESCR=Allow access to the 'Diagnostics: Packet Capture' page.
35			##\|MATCH=diag_packet_capture.php
36			##\|-PRIV
37
38	f257c139	jim-p	if ($_POST['downloadbtn'] == gettext("Download Capture"))
39			$nocsrf = true;
40
41	1c550bed	Renato Botelho	$pgtitle = array(gettext("Diagnostics"), gettext("Packet Capture"));
42	d7cd7129	Scott Ullrich	require_once("guiconfig.inc");
43			require_once("pfsense-utils.inc");
44	ab6a5cfc	Scott Ullrich
45	4e7d1665	Scott Ullrich	$fp = "/root/";
46	ab6a5cfc	Scott Ullrich	$fn = "packetcapture.cap";
47	68ed7d9d	Chris Buechler	$snaplen = 0;//default packet length
48	ab6a5cfc	Scott Ullrich	$count = 100;//default number of packets to capture
49
50			if ($_POST) {
51			$do_tcpdump = true;
52			$host = $_POST['host'];
53			$selectedif = $_POST['interface'];
54			$count = $_POST['count'];
55			$packetlength = $_POST['snaplen'];
56			$port = $_POST['port'];
57			$detail = $_POST['detail'];
58	f35abee2	jim-p	$fam = $_POST['fam'];
59
60	4e7d1665	Scott Ullrich	conf_mount_rw();
61	ab6a5cfc	Scott Ullrich
62	b39ca83c	Scott Ullrich	if ($_POST['dnsquery']) {
63			//if dns lookup is checked
64	ab6a5cfc	Scott Ullrich	$disabledns = "";
65	b39ca83c	Scott Ullrich	} else {
66			//if dns lookup is unchecked
67	ab6a5cfc	Scott Ullrich	$disabledns = "-n";
68			}
69
70	b39ca83c	Scott Ullrich	if ($_POST['startbtn'] != "" ) {
71	1c550bed	Renato Botelho	$action = gettext("Start");
72	f35abee2	jim-p
73			//delete previous packet capture if it exists
74			if (file_exists($fp.$fn))
75			unlink ($fp.$fn);
76	ab6a5cfc	Scott Ullrich
77	b39ca83c	Scott Ullrich	} elseif ($_POST['stopbtn']!= "") {
78	1c550bed	Renato Botelho	$action = gettext("Stop");
79	d67b6b17	jim-p	$processes_running = trim(shell_exec("/bin/ps axw -O pid= \| /usr/bin/grep tcpdump \| /usr/bin/grep {$fn} \| /usr/bin/egrep -v '(pflog\|grep)'"));
80	d5c2fde5	Scott Ullrich
81			//explode processes into an array, (delimiter is new line)
82			$processes_running_array = explode("\n", $processes_running);
83
84			//kill each of the packetcapture processes
85	b39ca83c	Scott Ullrich	foreach ($processes_running_array as $process) {
86	d5c2fde5	Scott Ullrich	$process_id_pos = strpos($process, ' ');
87			$process_id = substr($process, 0, $process_id_pos);
88			exec("kill $process_id");
89			}
90
91	b39ca83c	Scott Ullrich	} else {
92			//download file
93	93c86d2b	Scott Dale	$fs = filesize($fp.$fn);
94	ab6a5cfc	Scott Ullrich	header("Content-Type: application/octet-stream");
95	f35abee2	jim-p	header("Content-Disposition: attachment; filename=$fn");
96	ab6a5cfc	Scott Ullrich	header("Content-Length: $fs");
97			readfile($fp.$fn);
98	f257c139	jim-p	exit;
99	ab6a5cfc	Scott Ullrich	}
100	b39ca83c	Scott Ullrich	} else {
101	ab6a5cfc	Scott Ullrich	$do_tcpdump = false;
102			}
103			include("head.inc"); ?>
104	b39ca83c	Scott Ullrich
105	ab6a5cfc	Scott Ullrich	<body link="#000000" vlink="#0000CC" alink="#0000CC">
106	b39ca83c	Scott Ullrich
107			<?php
108	f35abee2	jim-p	include("fbegin.inc");
109	b39ca83c	Scott Ullrich	?>
110	ab6a5cfc	Scott Ullrich
111			<table width="100%" border="0" cellpadding="0" cellspacing="0">
112	89fae3e7	jim-p	<tr><td>
113			<form action="diag_packet_capture.php" method="post" name="iform" id="iform">
114			<table width="100%" border="0" cellpadding="6" cellspacing="0">
115	f35abee2	jim-p	<tr>
116	89fae3e7	jim-p	<td colspan="2" valign="top" class="listtopic"><?=gettext("Packet capture");?></td>
117			</tr>
118			<tr>
119			<td width="17%" valign="top" class="vncellreq"><?=gettext("Interface");?></td>
120			<td width="83%" class="vtable">
121			<select name="interface">
122	f35abee2	jim-p	<?php
123	89fae3e7	jim-p	$interfaces = get_configured_interface_with_descr();
124			if (isset($config['ipsec']['enable']))
125			$interfaces['ipsec'] = "IPsec";
126			foreach (array('server', 'client') as $mode) {
127			if (is_array($config['openvpn']["openvpn-{$mode}"])) {
128			foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) {
129			if (!isset($setting['disable'])) {
130			$interfaces['ovpn' . substr($mode, 0, 1) . $setting['vpnid']] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']);
131	0aba3822	jim-p	}
132			}
133	89fae3e7	jim-p	}
134			}
135			foreach ($interfaces as $iface => $ifacename): ?>
136			<option value="<?=$iface;?>" <?php if ($selectedif == $iface) echo "selected"; ?>>
137			<?php echo $ifacename;?>
138			</option>
139			<?php endforeach;?>
140			</select>
141			<br/><?=gettext("Select the interface on which to capture traffic.");?>
142			</td>
143			</tr>
144			<tr>
145			<td width="17%" valign="top" class="vncellreq"><?=gettext("Address Family");?></td>
146			<td width="83%" class="vtable">
147			<select name="fam">
148			<option value="">Any</option>
149			<option value="ip" <?php if ($fam == "ip") echo "selected"; ?>>IPv4 Only</option>
150			<option value="ip6" <?php if ($fam == "ip6") echo "selected"; ?>>IPv6 Only</option>
151			</select>
152			<br/><?=gettext("Select the type of traffic to be captured, either Any, IPv4 only or IPv6 only.");?>
153			</td>
154			</tr>
155			<tr>
156			<td width="17%" valign="top" class="vncellreq"><?=gettext("Host Address");?></td>
157			<td width="83%" class="vtable">
158			<input name="host" type="text" class="formfld host" id="host" size="20" value="<?=htmlspecialchars($host);?>">
159			<br/><?=gettext("This value is either the Source or Destination IP address or subnet in CIDR notation. The packet capture will look for this address in either field.");?>
160			<br/><?=gettext("This value can be a domain name or IP address, or subnet in CIDR notation.");?>
161			<br/><?=gettext("If you leave this field blank, all packets on the specified interface will be captured.");?>
162			</td>
163			</tr>
164			<tr>
165			<td width="17%" valign="top" class="vncellreq"><?=gettext("Port");?></td>
166			<td width="83%" class="vtable">
167			<input name="port" type="text" class="formfld unknown" id="port" size="5" value="<?=$port;?>">
168			<br/><?=gettext("The port can be either the source or destination port. The packet capture will look for this port in either field.");?>
169			<br/><?=gettext("Leave blank if you do not want to filter by port.");?>
170			</td>
171			</tr>
172			<tr>
173			<td width="17%" valign="top" class="vncellreq"><?=gettext("Packet Length");?></td>
174			<td width="83%" class="vtable">
175			<input name="snaplen" type="text" class="formfld unknown" id="snaplen" size="5" value="<?=$snaplen;?>">
176			<br/><?=gettext("The Packet length is the number of bytes of each packet that will be captured. Default value is 0, which will capture the entire frame regardless of its size.");?>
177			</td>
178			</tr>
179			<tr>
180			<td width="17%" valign="top" class="vncellreq"><?=gettext("Count");?></td>
181			<td width="83%" class="vtable">
182			<input name="count" type="text" class="formfld unknown" id="count" size="5" value="<?=$count;?>">
183			<br/><?=gettext("This is the number of packets the packet capture will grab. Default value is 100.") . "<br/>" . gettext("Enter 0 (zero) for no count limit.");?>
184			</tr>
185			<tr>
186			<td width="17%" valign="top" class="vncellreq"><?=gettext("Level of Detail");?></td>
187			<td width="83%" class="vtable">
188			<select name="detail" type="text" class="formselect" id="detail" size="1">
189			<option value="-q" <?php if ($detail == "-q") echo "selected"; ?>><?=gettext("Normal");?></option>
190			<option value="-v" <?php if ($detail == "-v") echo "selected"; ?>><?=gettext("Medium");?></option>
191			<option value="-vv" <?php if ($detail == "-vv") echo "selected"; ?>><?=gettext("High");?></option>
192			<option value="-vv -e" <?php if ($detail == "-vv -e") echo "selected"; ?>><?=gettext("Full");?></option>
193			</select>
194			<br/><?=gettext("This is the level of detail that will be displayed after hitting 'Stop' when the packets have been captured.") . "<br/><b>" .
195			gettext("Note:") . "</b> " .
196			gettext("This option does not affect the level of detail when downloading the packet capture.");?>
197			</tr>
198			<tr>
199			<td width="17%" valign="top" class="vncellreq"><?=gettext("Reverse DNS Lookup");?></td>
200			<td width="83%" class="vtable">
201			<input name="dnsquery" type="checkbox"<?php if($_POST['dnsquery']) echo " CHECKED"; ?>>
202			<br/><?=gettext("This check box will cause the packet capture to perform a reverse DNS lookup associated with all IP addresses.");?>
203			<br/><b><?=gettext("Note");?>: </b><?=gettext("This option can cause delays for large packet captures.");?>
204			</td>
205			</tr>
206			<tr>
207			<td width="17%" valign="top"> </td>
208			<td width="83%">
209	b39ca83c	Scott Ullrich	<?php
210	d5c2fde5	Scott Ullrich
211	89fae3e7	jim-p	/* check to see if packet capture tcpdump is already running */
212			$processcheck = (trim(shell_exec("/bin/ps axw -O pid= \| /usr/bin/grep tcpdump \| /usr/bin/grep {$fn} \| /usr/bin/egrep -v '(pflog\|grep)'")));
213
214			if ($processcheck != "")
215			$processisrunning = true;
216			else
217			$processisrunning = false;
218
219			if (($action == gettext("Stop") or $action == "") and $processisrunning != true)
220			echo "<input type=\"submit\" name=\"startbtn\" value=\"" . gettext("Start") . "\"> ";
221			else {
222			echo "<input type=\"submit\" name=\"stopbtn\" value=\"" . gettext("Stop") . "\"> ";
223			}
224			if (file_exists($fp.$fn) and $processisrunning != true) {
225			echo "<input type=\"submit\" name=\"downloadbtn\" value=\"" . gettext("Download Capture") . "\">";
226			echo "  (" . gettext("The packet capture file was last updated:") . " " . date("F jS, Y g:i:s a.", filemtime($fp.$fn)) . ")";
227			}
228	b39ca83c	Scott Ullrich	?>
229	89fae3e7	jim-p	</td>
230			</tr>
231	77877238	jim-p	</table>
232			</form>
233			<table width="100%" border="0" cellpadding="6" cellspacing="0">
234	89fae3e7	jim-p	<tr>
235			<td valign="top" colspan="2">
236	b39ca83c	Scott Ullrich	<?php
237	89fae3e7	jim-p	echo "<font face='terminal' size='2'>";
238			if ($processisrunning == true)
239			echo("<strong>" . gettext("Packet Capture is running.") . "</strong><br/>");
240
241			if ($do_tcpdump) {
242			$matches = array();
243
244			if (($fam == "ip6") \|\| ($fam == "ip"))
245			$matches[] = $fam;
246
247			if ($port != "")
248			$matches[] = "port ".$port;
249
250			if ($host != "") {
251			if (is_ipaddr($host))
252			$matches[] = "host " . $host;
253			elseif (is_subnet($host))
254			$matches[] = "net " . $host;
255			}
256
257			if ($count != "0" ) {
258			$searchcount = "-c " . $count;
259			} else {
260			$searchcount = "";
261			}
262
263			$selectedif = convert_friendly_interface_to_real_interface_name($selectedif);
264
265			if ($action == gettext("Start")) {
266			$matchstr = implode($matches, " and ");
267			echo("<strong>" . gettext("Packet Capture is running.") . "</strong><br/>");
268			mwexec_bg ("/usr/sbin/tcpdump -i $selectedif $searchcount -s $packetlength -w $fp$fn $matchstr");
269			// echo "/usr/sbin/tcpdump -i $selectedif $searchcount -s $packetlength -w $fp$fn $matchstr";
270			} else {
271			//action = stop
272			echo("<strong>" . gettext("Packet Capture stopped.") . "<br/><br/>" . gettext("Packets Captured:") . "</strong><br/>");
273	b39ca83c	Scott Ullrich	?>
274	89fae3e7	jim-p	<textarea style="width:98%" name="code" rows="15" cols="66" wrap="off" readonly="readonly">
275	b39ca83c	Scott Ullrich	<?php
276	89fae3e7	jim-p	system ("/usr/sbin/tcpdump $disabledns $detail -r $fp$fn");
277	b39ca83c	Scott Ullrich
278	89fae3e7	jim-p	conf_mount_ro();
279	b39ca83c	Scott Ullrich	?>
280	89fae3e7	jim-p	</textarea>
281	b39ca83c	Scott Ullrich	<?php
282	89fae3e7	jim-p	}
283			}
284	b39ca83c	Scott Ullrich	?>
285	89fae3e7	jim-p	</td>
286			</tr>
287			</table>
288			</td></tr>
289	b39ca83c	Scott Ullrich	</table>
290	4e7d1665	Scott Ullrich
291	f35abee2	jim-p	<?php
292			include("fend.inc");
293	4e7d1665	Scott Ullrich	?>

Project

General

Profile

pfSense