From 8ffdc78c49e128755e0024dbb55a3f3d3796f7cd Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 21 Aug 2020 17:33:56 +0100 Subject: [PATCH] web UI: Add graph for connection tracking Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter --- config/cfgroot/graphs.pl | 28 ++++++++++++++++++++++++++++ doc/language_issues.de | 1 + doc/language_issues.en | 4 +++- doc/language_issues.es | 2 ++ doc/language_issues.fr | 2 ++ doc/language_issues.it | 2 ++ doc/language_issues.nl | 2 ++ doc/language_issues.pl | 2 ++ doc/language_issues.ru | 2 ++ doc/language_issues.tr | 2 ++ doc/language_missings | 15 +++++++++++++++ html/cgi-bin/netother.cgi | 10 +++++++++- langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 2 ++ 14 files changed, 73 insertions(+), 2 deletions(-) diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index 0e29e0e2d9..4783e67f7e 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -1160,3 +1160,31 @@ sub updateentropygraph { print "Error in RRD::graph for entropy: ".$ERROR."\n" if $ERROR; } + +sub updateconntrackgraph { + my $period = $_[0]; + my @command = ( + @GRAPH_ARGS, + "-", + "--start", + "-1" . $period, + "-r", + "--lower-limit","0", + "-t $Lang::tr{'connection tracking'}", + "-v $Lang::tr{'open connections'}", + "DEF:conntrack=$mainsettings{'RRDLOG'}/collectd/localhost/conntrack/conntrack.rrd:entropy:AVERAGE", + "LINE3:conntrack#ff0000:" . sprintf("%-15s", $Lang::tr{'open connections'}), + "VDEF:ctmin=conntrack,MINIMUM", + "VDEF:ctmax=conntrack,MAXIMUM", + "VDEF:ctavg=conntrack,AVERAGE", + "GPRINT:ctmax:" . sprintf("%15s\\: %%5.0lf", $Lang::tr{'maximum'}), + "GPRINT:ctmin:" . sprintf("%15s\\: %%5.0lf", $Lang::tr{'minimum'}), + "GPRINT:ctavg:" . sprintf("%15s\\: %%5.0lf", $Lang::tr{'average'}) . "\\n", + "--color=BACK" . $color{"color21"}, + ); + + RRDs::graph(@command); + $ERROR = RRDs::error; + + print STDERR "Error in RRD::Graph for conntrack: " . $ERROR . "\n" if $ERROR; +} diff --git a/doc/language_issues.de b/doc/language_issues.de index f2a7ba8aee..667b98b27d 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -767,6 +767,7 @@ WARNING: translation string unused: zoneconf val ppp assignment error WARNING: translation string unused: zoneconf val vlan amount assignment error WARNING: translation string unused: zoneconf val vlan tag assignment error WARNING: translation string unused: zoneconf val zoneslave amount error +WARNING: untranslated string: connnection tracking = Connection Tracking WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date! WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string diff --git a/doc/language_issues.en b/doc/language_issues.en index 40cba2292f..10b56af031 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -492,6 +492,7 @@ WARNING: untranslated string: connection type = Connection Type WARNING: untranslated string: connection type is invalid = Connection type is invalid. WARNING: untranslated string: connections = Connections WARNING: untranslated string: connections are associated with this ca. deleting the ca will delete these connections as well. = connections are associated with this CA. Deleting the CA will delete these connections as well. +WARNING: untranslated string: connnection tracking = Connection Tracking WARNING: untranslated string: connscheduler = Connection Scheduler WARNING: untranslated string: could not be opened = could not be opened. WARNING: untranslated string: could not download latest updates = Could not download latest updates. @@ -1113,7 +1114,7 @@ WARNING: untranslated string: invalid input for keepalive 1 = Invalid input for WARNING: untranslated string: invalid input for keepalive 1:2 = Invalid input for Keepalive use at least a ratio of 1:2 WARNING: untranslated string: invalid input for keepalive 2 = Invalid input for Keepalive ping-restart WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address -WARNING: untranslated string: invalid input for max clients = Invalid input for Max Clients +WARNING: untranslated string: invalid input for max clients = Invalid input for Max Clients. The maximum of 1024 clients has been exceeded WARNING: untranslated string: invalid input for mode = Invalid input for mode WARNING: untranslated string: invalid input for name = Invalid input for user's full name or system hostname WARNING: untranslated string: invalid input for oink code = Invalid input for Oink code @@ -1378,6 +1379,7 @@ WARNING: untranslated string: one year = One Year WARNING: untranslated string: only digits allowed in holdoff field = Only digits allowed in holdoff field WARNING: untranslated string: only digits allowed in max retries field = Only digits allowed in max retries field. WARNING: untranslated string: only digits allowed in the idle timeout = Only digits allowed in the idle timeout. +WARNING: untranslated string: open connections = Open Connections WARNING: untranslated string: openssl produced an error = OpenSSL produced an error WARNING: untranslated string: openvpn client = OpenVPN client WARNING: untranslated string: openvpn default = Default diff --git a/doc/language_issues.es b/doc/language_issues.es index f7431f6927..043df5c0f8 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -793,6 +793,7 @@ WARNING: untranslated string: ccd routes = Routing: WARNING: untranslated string: ccd subnet = Subnet WARNING: untranslated string: ccd used = Used addresses WARNING: untranslated string: check all = Check all +WARNING: untranslated string: connnection tracking = Connection Tracking WARNING: untranslated string: count = Count WARNING: untranslated string: countries = Countries WARNING: untranslated string: country codes and flags = Country Codes and Flags: @@ -1199,6 +1200,7 @@ WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week WARNING: untranslated string: one year = One Year +WARNING: untranslated string: open connections = Open Connections WARNING: untranslated string: openvpn default = Default WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server. WARNING: untranslated string: openvpn fragment allowed with udp = Using fragment is only allowed when using the UDP protocol. diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 597883693f..1ebed2140b 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -807,6 +807,7 @@ WARNING: translation string unused: zoneconf val ppp assignment error WARNING: translation string unused: zoneconf val vlan amount assignment error WARNING: translation string unused: zoneconf val vlan tag assignment error WARNING: translation string unused: zoneconf val zoneslave amount error +WARNING: untranslated string: connnection tracking = Connection Tracking WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: guardian block a host = unknown string @@ -839,6 +840,7 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: legacy architecture warning = You are running IPFire on a legacy architecture and it is recommended to upgrade +WARNING: untranslated string: open connections = Open Connections WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index c943da739a..f0790ed231 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -832,6 +832,7 @@ WARNING: untranslated string: block = Block WARNING: untranslated string: broken = Broken WARNING: untranslated string: bytes = unknown string WARNING: untranslated string: check all = Check all +WARNING: untranslated string: connnection tracking = Connection Tracking WARNING: untranslated string: cpu frequency = CPU frequency WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning @@ -1012,6 +1013,7 @@ WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week WARNING: untranslated string: one year = One Year +WARNING: untranslated string: open connections = Open Connections WARNING: untranslated string: outgoing compression in bytes per second = Outgoing compression WARNING: untranslated string: outgoing overhead in bytes per second = Outgoing Overhead WARNING: untranslated string: ovpn add conf = Additional configuration diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 7496d647c5..2dfde5c5ba 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -826,6 +826,7 @@ WARNING: untranslated string: broken = Broken WARNING: untranslated string: bytes = unknown string WARNING: untranslated string: capabilities = Capabilities WARNING: untranslated string: check all = Check all +WARNING: untranslated string: connnection tracking = Connection Tracking WARNING: untranslated string: cpu frequency = CPU frequency WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning @@ -1037,6 +1038,7 @@ WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week WARNING: untranslated string: one year = One Year +WARNING: untranslated string: open connections = Open Connections WARNING: untranslated string: outgoing compression in bytes per second = Outgoing compression WARNING: untranslated string: outgoing overhead in bytes per second = Outgoing Overhead WARNING: untranslated string: ovpn add conf = Additional configuration diff --git a/doc/language_issues.pl b/doc/language_issues.pl index f7431f6927..043df5c0f8 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -793,6 +793,7 @@ WARNING: untranslated string: ccd routes = Routing: WARNING: untranslated string: ccd subnet = Subnet WARNING: untranslated string: ccd used = Used addresses WARNING: untranslated string: check all = Check all +WARNING: untranslated string: connnection tracking = Connection Tracking WARNING: untranslated string: count = Count WARNING: untranslated string: countries = Countries WARNING: untranslated string: country codes and flags = Country Codes and Flags: @@ -1199,6 +1200,7 @@ WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week WARNING: untranslated string: one year = One Year +WARNING: untranslated string: open connections = Open Connections WARNING: untranslated string: openvpn default = Default WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server. WARNING: untranslated string: openvpn fragment allowed with udp = Using fragment is only allowed when using the UDP protocol. diff --git a/doc/language_issues.ru b/doc/language_issues.ru index a3eb336696..52de2e3825 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -796,6 +796,7 @@ WARNING: untranslated string: ccd subnet = Subnet WARNING: untranslated string: ccd used = Used addresses WARNING: untranslated string: check all = Check all WARNING: untranslated string: community rules = Snort/VRT GPLv2 Community Rules +WARNING: untranslated string: connnection tracking = Connection Tracking WARNING: untranslated string: count = Count WARNING: untranslated string: countries = Countries WARNING: untranslated string: country codes and flags = Country Codes and Flags: @@ -1201,6 +1202,7 @@ WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week WARNING: untranslated string: one year = One Year +WARNING: untranslated string: open connections = Open Connections WARNING: untranslated string: openvpn default = Default WARNING: untranslated string: openvpn destination port used = The destination port is already used by another OpenVPN server. WARNING: untranslated string: openvpn fragment allowed with udp = Using fragment is only allowed when using the UDP protocol. diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 60a646e5f2..e5792e08e3 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -815,6 +815,7 @@ WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Pro WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: broken = Broken WARNING: untranslated string: bytes = unknown string +WARNING: untranslated string: connnection tracking = Connection Tracking WARNING: untranslated string: cpu frequency = CPU frequency WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning @@ -925,6 +926,7 @@ WARNING: untranslated string: no data = unknown string WARNING: untranslated string: no entries = No entries at the moment. WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: not validating = Not validating +WARNING: untranslated string: open connections = Open Connections WARNING: untranslated string: ovpn connection name = Connection Name WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit!
Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore.
Please update to the latest IPFire version and generate a new root and host certificate.

All OpenVPN clients needs then to be renewed!
diff --git a/doc/language_missings b/doc/language_missings index 3fbaad77b6..c9c42d15a4 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -25,6 +25,7 @@ < Captive invalid coupon < Captive please enter a coupon code < choose media +< connnection tracking < could not connect to www ipfire org < cryptographic settings < dhcp server disabled on blue interface @@ -183,6 +184,7 @@ < ccd subnet < ccd used < check all +< connnection tracking < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -626,6 +628,7 @@ < one month < one week < one year +< open connections < openvpn default < openvpn destination port used < openvpn disabled @@ -920,9 +923,11 @@ < ansi t1.483 < bewan adsl pci st < bewan adsl usb +< connnection tracking < g.dtm < g.lite < legacy architecture warning +< open connections < upload fcdsl.o ############################################################################ # Checking cgi-bin translations for language: it # @@ -1001,6 +1006,7 @@ < Captive WiFi coupon < Captive wrong ext < check all +< connnection tracking < cpu frequency < crypto error < cryptographic settings @@ -1163,6 +1169,7 @@ < one month < one week < one year +< open connections < outgoing compression in bytes per second < outgoing overhead in bytes per second < ovpn add conf @@ -1357,6 +1364,7 @@ < Captive WiFi coupon < Captive wrong ext < check all +< connnection tracking < cpu frequency < crypto error < cryptographic settings @@ -1555,6 +1563,7 @@ < one month < one week < one year +< open connections < outgoing compression in bytes per second < outgoing overhead in bytes per second < ovpn add conf @@ -1820,6 +1829,7 @@ < ccd used < check all < community rules +< connnection tracking < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -2265,6 +2275,7 @@ < one month < one week < one year +< open connections < openvpn default < openvpn destination port used < openvpn disabled @@ -2671,6 +2682,7 @@ < ccd used < check all < community rules +< connnection tracking < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -3123,6 +3135,7 @@ < one month < one week < one year +< open connections < openvpn default < openvpn destination port used < openvpn disabled @@ -3407,6 +3420,7 @@ < advproxy wpad view pac < broken < Captive delete logo +< connnection tracking < cpu frequency < crypto error < cryptographic settings @@ -3489,6 +3503,7 @@ < not affected < not validating < okay +< open connections < ovpn connection name < ovpn error dh < ovpn error md5 diff --git a/html/cgi-bin/netother.cgi b/html/cgi-bin/netother.cgi index 4f03c82e83..3256a0d6b7 100755 --- a/html/cgi-bin/netother.cgi +++ b/html/cgi-bin/netother.cgi @@ -41,7 +41,11 @@ my @querry = split(/\?/,$ENV{'QUERY_STRING'}); $querry[0] = '' unless defined $querry[0]; $querry[1] = 'hour' unless defined $querry[1]; -if ( $querry[0] =~ "fwhits"){ +if ( $querry[0] eq "conntrack") { + print "Content-Type: image/png\n\n"; + binmode(STDOUT); + &Graphs::updateconntrackgraph($querry[1]); +} elsif ( $querry[0] =~ "fwhits"){ print "Content-type: image/png\n\n"; binmode(STDOUT); &Graphs::updatefwhitsgraph($querry[1]); @@ -67,6 +71,10 @@ if ( $querry[0] =~ "fwhits"){ &Header::closebox(); } + &Header::openbox('100%', 'center', $Lang::tr{'connnection tracking'}); + &Graphs::makegraphbox("netother.cgi", "conntrack", "day"); + &Header::closebox(); + &Header::openbox('100%', 'center', "$Lang::tr{'firewallhits'} $Lang::tr{'graph'}"); &Graphs::makegraphbox("netother.cgi","fwhits","day"); &Header::closebox(); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 11c0cc4758..4a8b9e0fff 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1833,6 +1833,7 @@ 'only digits allowed in max retries field' => 'Im Feld "Maximale Wiederholversuche" sind nur Ziffern erlaubt.', 'only digits allowed in the idle timeout' => 'Im Feld "Leerlauf-Wartezeit" sind nur Ziffern erlaubt.', 'only red' => 'Nur ROT', +'open connections' => 'Offene Verbindungen', 'open to all' => 'Überschreibe externen Zugang zu ALL', 'openssl produced an error' => 'OpenSSL hat einen Fehler verursacht', 'openvpn client' => 'OpenVPN-Client', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index de60a3bb37..8012a47601 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -658,6 +658,7 @@ 'connection type is invalid' => 'Connection type is invalid.', 'connections' => 'Connections', 'connections are associated with this ca. deleting the ca will delete these connections as well.' => 'connections are associated with this CA. Deleting the CA will delete these connections as well.', +'connnection tracking' => 'Connection Tracking', 'connscheduler' => 'Connection Scheduler', 'core notice 1' => 'Notice: There is an core-update from', 'core notice 2' => 'to', @@ -1859,6 +1860,7 @@ 'only digits allowed in max retries field' => 'Only digits allowed in max retries field.', 'only digits allowed in the idle timeout' => 'Only digits allowed in the idle timeout.', 'only red' => 'Only RED', +'open connections' => 'Open Connections', 'open to all' => 'Override external access to ALL', 'openssl produced an error' => 'OpenSSL produced an error', 'openvpn client' => 'OpenVPN client', -- 2.39.2