From f6bfac21173a1312152f0fdd623a417cf7fa53d1 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Wed, 10 Oct 2018 13:11:01 +0200 Subject: luci-mod-status: rework iptables status page - Parse and format iptables listing in client side JS - Dynamically update packet counters Signed-off-by: Jo-Philipp Wich --- .../luasrc/controller/admin/status.lua | 32 ++ .../luasrc/view/admin_status/iptables.htm | 387 +++++++++++++++------ 2 files changed, 308 insertions(+), 111 deletions(-) (limited to 'modules/luci-mod-status/luasrc') diff --git a/modules/luci-mod-status/luasrc/controller/admin/status.lua b/modules/luci-mod-status/luasrc/controller/admin/status.lua index 4f04cce545..5b496d83f2 100644 --- a/modules/luci-mod-status/luasrc/controller/admin/status.lua +++ b/modules/luci-mod-status/luasrc/controller/admin/status.lua @@ -8,6 +8,7 @@ function index() entry({"admin", "status", "overview"}, template("admin_status/index"), _("Overview"), 1) entry({"admin", "status", "iptables"}, template("admin_status/iptables"), _("Firewall"), 2).leaf = true + entry({"admin", "status", "iptables_dump"}, call("dump_iptables")).leaf = true entry({"admin", "status", "iptables_action"}, post("action_iptables")).leaf = true entry({"admin", "status", "routes"}, template("admin_status/routes"), _("Routes"), 3) @@ -44,6 +45,37 @@ function action_dmesg() luci.template.render("admin_status/dmesg", {dmesg=dmesg}) end +function dump_iptables(family, table) + local prefix = (family == "6") and "ip6" or "ip" + local ok, lines = pcall(io.lines, "/proc/net/%s_tables_names" % prefix) + if ok and lines then + local s + for s in lines do + if s == table then + local ipt = io.popen( + "/usr/sbin/%stables -t %s --line-numbers -nxvL" + %{ prefix, table }) + + if ipt then + luci.http.prepare_content("text/plain") + + while true do + s = ipt:read(1024) + if not s then break end + luci.http.write(s) + end + + ipt:close() + return + end + end + end + end + + luci.http.status(404, "No such table") + luci.http.prepare_content("text/plain") +end + function action_iptables() if luci.http.formvalue("zero") then if luci.http.formvalue("family") == "6" then diff --git a/modules/luci-mod-status/luasrc/view/admin_status/iptables.htm b/modules/luci-mod-status/luasrc/view/admin_status/iptables.htm index 51e428e40e..45c8795634 100644 --- a/modules/luci-mod-status/luasrc/view/admin_status/iptables.htm +++ b/modules/luci-mod-status/luasrc/view/admin_status/iptables.htm @@ -1,16 +1,11 @@ <%# Copyright 2008-2009 Steven Barth - Copyright 2008-2015 Jo-Philipp Wich + Copyright 2008-2018 Jo-Philipp Wich Licensed to the public under the Apache License 2.0. -%> <%- - - require "luci.sys.iptparser" - local wba = require "luci.tools.webadmin" local fs = require "nixio.fs" - local io = require "io" - local has_ip6tables = fs.access("/usr/sbin/ip6tables") local mode = 4 @@ -18,56 +13,286 @@ mode = luci.dispatcher.context.requestpath mode = tonumber(mode[#mode] ~= "iptables" and mode[#mode]) or 4 end +-%> - local ipt = luci.sys.iptparser.IptParser(mode) +<%+header%> - local rowcnt = 1 - function rowstyle() - rowcnt = rowcnt + 1 - return (rowcnt % 2) + 1 - end + + +

<%:Firewall Status%>

@@ -78,78 +303,18 @@ <% end %> -
- +
" style="position: absolute; right: 0"> +
+
-
- - <% for _, tbl in ipairs(tables) do chaincnt = 0 %> -

<%:Table%>: <%=tbl%>

- - <% for _, chain in ipairs(ipt:chains(tbl)) do - rowcnt = 0 - chaincnt = chaincnt + 1 - chaininfo = ipt:chain(tbl, chain) - %> -

- <%:Chain%> <%=chain%> - (<%- if chaininfo.policy then -%> - <%:Policy%>: <%=chaininfo.policy%>, <%:Packets%>: <%=chaininfo.packets%>, <%:Traffic%>: <%=wba.byte_format(chaininfo.bytes)-%> - <%- else -%> - <%:References%>: <%=chaininfo.references-%> - <%- end -%>) -

- -
-
-
-
<%:Pkts.%>
-
<%:Traffic%>
-
<%:Target%>
-
<%:Prot.%>
-
<%:In%>
-
<%:Out%>
-
<%:Source%>
-
<%:Destination%>
-
<%:Options%>
-
- - <% for _, rule in ipairs(ipt:find({table=tbl, chain=chain})) do %> -
-
<%=rule.packets%>
-
<%=wba.byte_format(rule.bytes)%>
-
<%=rule.target and link_target(tbl, rule.target) or "-"%>
-
<%=rule.protocol%>
-
<%=link_iface(rule.inputif)%>
-
<%=link_iface(rule.outputif)%>
-
<%=rule.source%>
-
<%=rule.destination%>
-
<%=#rule.options > 0 and luci.util.pcdata(table.concat(rule.options, " ")) or "-"%>
-
- <% end %> - - <% if rowcnt == 1 then %> -
-
<%:No rules in this chain%>
-
- <% end %> -
-
- <% end %> - - <% if chaincnt == 0 then %> - <%:No chains in this table%> - <% end %> - -

- <% end %> -
+
+

<%:Collecting data...%>

<%+footer%> -- cgit v1.2.3