Unauthenticated traffic information (to be used by Arduino)
-
Hi Folks,
I am trying to get my hands on the traffic data which draws the graphs. Finding it in the source and using it is quite simple but I want anonymous access to it as it'll be an Arduino polling the information.
Is there an existing method of me getting this type of data or would it be best (possible?) for me to create a package to expose this. If going the long way around, package, then I could put a basic username / password on the request.
Or, best of all, is there an existing method I can do this? I've had a look at the packages like Bandwidthd and given what an Arduino can do, would be better to get the basic data and ease up on parsing it.
Thanks for any tips
Crispin
-
Are you asking how to transfer data out of the firewall? Couldn't you use any of the standard methods like tftp, anonymous ftp, wget, curl, or scp?
-
I intend using http in the Arduino to poll the firewall (on the LAN side). The response will be something along the lines of the current bandwidth.
To use ftp / or scp would not give me realtime (within reason)My first hack will be to copy the current way it's done for the bandwidth graphs strip it back so there is no authentication etc. This is dirty though and not guaranteed wok after a firmware upgrade.
My best option might be to create a package..
-
I intend using http in the Arduino to poll the firewall (on the LAN side). The response will be something along the lines of the current bandwidth.
Ok, for [unauthenticated] http I would probably modify /var/etc/lighty-webConfigurator.conf to expose the data I wanted exposed. (Are we talking about the rrd files?)
To use ftp / or scp would not give me realtime (within reason)
Not knowing your details I'll have to trust you on that, but (t)ftp and scp aren't any slower than http… ;) Personally I would install ssh keys and have scp grab the data I wanted.
That said... if you're using a utility similar to wget or curl, they do support authentication. If you don't want the root password on the arduino (understandable), you could add a user with limited rights in System: User Manager.
My first hack will be to copy the current way it's done for the bandwidth graphs strip it back so there is no authentication etc. This is dirty though and not guaranteed wok after a firmware upgrade.
I'm not entirely sure what you are saying here, but I think you could modify the lighthttpd configuration to expose the data you need without compromising overall security (too much). But you are correct, such a modification would not survive a pfSense upgrade.
-
I intend using http in the Arduino to poll the firewall (on the LAN side). The response will be something along the lines of the current bandwidth.
Ok, for [unauthenticated] http I would probably modify /var/etc/lighty-webConfigurator.conf to expose the data I wanted exposed. (Are we talking about the rrd files?)
Thanks, I'll take a look at that. No, not rrd as such. I just want to make a http call and the response must be a simple "12345" which is the bandwidth being used now
Perhaps I should give a bit of context :)
I have an old needle meter (clicky) which I am controlling from an Arduino. I want to make this show my current bandwidth being used. So, every 500ms I would make a http call to the firewall and reset the meter based on the value returned (that is all the easy part ;) )To use ftp / or scp would not give me realtime (within reason)
Not knowing your details I'll have to trust you on that, but (t)ftp and scp aren't any slower than http… ;) Personally I would install ssh keys and have scp grab the data I wanted.
Hopefully a bit of context cleared it up? it's not the speed of the transfer I am worried about but rather that freshness of the data.
That said… if you're using a utility similar to wget or curl, they do support authentication. If you don't want the root password on the arduino (understandable), you could add a user with limited rights in System: User Manager.
It appears the arduino web client library is a bit flaky on the authentication side of things. I've tried logging into pfSense with username:password@10.10.50.1 but it does not seem to like it. My guess is that it's because pfSense does not use iis/apache authentication but rather hand-rolled stuff (correct me if I am wrong)
My first hack will be to copy the current way it's done for the bandwidth graphs strip it back so there is no authentication etc. This is dirty though and not guaranteed wok after a firmware upgrade.
I'm not entirely sure what you are saying here, but I think you could modify the lighthttpd configuration to expose the data you need without compromising overall security (too much). But you are correct, such a modification would not survive a pfSense upgrade.
Yup, but it's a good PoC for me in the meantime :D
Onwards I go :)
-
Well, that's the hardest thing I have every done. Made a copy of the file bandwidth_by_ip.php and commented out the line require_once('guiconfig.inc'); and viola! No authentication needed to get my bandwidth readings :D
Now, to think of a more permanent solution. (but play time first)