From 2b695b475ec075a4aaa4532cbe846d510a941b75 Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Mon, 5 Jan 2026 18:38:36 +0100
Subject: [PATCH] fix(luci-app-secubox-netifyd): Collector sans socket v1.0.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Modifié le collecteur pour fonctionner sans socket Unix.
Parse netifyd -s + table ARP + stats réseau.

- Supprimé dépendance socat
- Parse netifyd -s pour metrics
- Utilise ARP pour device count
- Calcule bytes depuis /sys/class/net
- Mis à jour RPC pour device_count et total_bytes

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 .../secubox/luci-app-secubox-netifyd/Makefile |  2 +-
 .../usr/libexec/rpcd/luci.secubox-netifyd     |  5 +-
 .../root/usr/sbin/netifyd-collector           | 63 ++++++++-----------
 3 files changed, 31 insertions(+), 39 deletions(-)

diff --git a/package/secubox/luci-app-secubox-netifyd/Makefile b/package/secubox/luci-app-secubox-netifyd/Makefile
index a4fef4fc..d0419ef1 100644
--- a/package/secubox/luci-app-secubox-netifyd/Makefile
+++ b/package/secubox/luci-app-secubox-netifyd/Makefile
@@ -8,7 +8,7 @@ PKG_MAINTAINER:=CyberMind <contact@cybermind.fr>
 PKG_ARCH:=all
 
 LUCI_TITLE:=SecuBox Netifyd Deep Packet Inspection Interface
-LUCI_DEPENDS:=+luci-base +rpcd +netifyd +jq +socat +secubox-core
+LUCI_DEPENDS:=+luci-base +rpcd +netifyd +jq +secubox-core
 LUCI_DESCRIPTION:=Complete LuCI interface for netifyd DPI engine with real-time flow monitoring, application detection, and network analytics
 LUCI_PKGARCH:=all
 
diff --git a/package/secubox/luci-app-secubox-netifyd/root/usr/libexec/rpcd/luci.secubox-netifyd b/package/secubox/luci-app-secubox-netifyd/root/usr/libexec/rpcd/luci.secubox-netifyd
index 471867ee..e5ae0245 100755
--- a/package/secubox/luci-app-secubox-netifyd/root/usr/libexec/rpcd/luci.secubox-netifyd
+++ b/package/secubox/luci-app-secubox-netifyd/root/usr/libexec/rpcd/luci.secubox-netifyd
@@ -423,13 +423,14 @@ get_dashboard() {
 	if [ -f "$NETIFYD_STATUS" ] && command -v jq >/dev/null 2>&1; then
 		# Use actual data from status.json
 		local total_flows=$(jq -r '.flow_count // 0' "$NETIFYD_STATUS" 2>/dev/null || echo 0)
-		local unique_devices=$(jq -r '.devices | length // 0' "$NETIFYD_STATUS" 2>/dev/null || echo 0)
+		local unique_devices=$(jq -r '.device_count // 0' "$NETIFYD_STATUS" 2>/dev/null || echo 0)
 		local dhc_size=$(jq -r '.dhc_size // 0' "$NETIFYD_STATUS" 2>/dev/null || echo 0)
+		local total_bytes=$(jq -r '.total_bytes // 0' "$NETIFYD_STATUS" 2>/dev/null || echo 0)
 
 		json_add_int "active_flows" "$total_flows"
 		json_add_int "unique_devices" "$unique_devices"
 		json_add_int "unique_applications" "$dhc_size"
-		json_add_int "total_bytes" 0
+		json_add_int "total_bytes" "$total_bytes"
 	else
 		json_add_int "active_flows" 0
 		json_add_int "unique_devices" 0
diff --git a/package/secubox/luci-app-secubox-netifyd/root/usr/sbin/netifyd-collector b/package/secubox/luci-app-secubox-netifyd/root/usr/sbin/netifyd-collector
index 810f92bf..c7a994cc 100644
--- a/package/secubox/luci-app-secubox-netifyd/root/usr/sbin/netifyd-collector
+++ b/package/secubox/luci-app-secubox-netifyd/root/usr/sbin/netifyd-collector
@@ -4,8 +4,8 @@
 # Copyright (C) 2025 CyberMind.fr
 
 NETIFYD_STATUS="/var/run/netifyd/status.json"
-NETIFYD_SOCKET="/var/run/netifyd/netifyd.sock"
 TMP_FILE="/tmp/netifyd-status.tmp"
+FLOW_DUMP="/tmp/netifyd-flow-dump.json"
 
 # Create run directory if needed
 mkdir -p /var/run/netifyd
@@ -19,55 +19,46 @@ fi
 # Get status from netifyd CLI
 STATUS_OUTPUT=$(netifyd -s 2>/dev/null)
 
-# Parse active flows count
-FLOW_COUNT=$(echo "$STATUS_OUTPUT" | grep -i "active flows" | awk '{print $NF}' | tr -d ',' || echo 0)
+# Parse flow count from status
+FLOW_COUNT=$(echo "$STATUS_OUTPUT" | grep -i "flows:" | head -1 | awk '{print $2}' | tr -d ',' || echo 0)
 
-# Try to get data from socket if available
-if [ -S "$NETIFYD_SOCKET" ] && command -v socat >/dev/null 2>&1; then
-	# Request flow dump from socket (with 2 second timeout)
-	SOCKET_DATA=$(timeout 2 socat - UNIX-CONNECT:"$NETIFYD_SOCKET" <<EOF 2>/dev/null
-{"type":"request","request":"flow_dump"}
-EOF
-)
+# Parse detection stats from status output
+# Example lines:
+#   Detection Cache Entries: 156
+#   Detected Applications: 24
+#   Detected Protocols: 12
+DHC_SIZE=$(echo "$STATUS_OUTPUT" | grep -i "cache entries\|applications" | head -1 | awk '{print $NF}' | tr -d ',' || echo 0)
+PROTO_COUNT=$(echo "$STATUS_OUTPUT" | grep -i "protocols:" | awk '{print $NF}' | tr -d ',' || echo 0)
 
-	# Parse socket data if available
-	if [ -n "$SOCKET_DATA" ] && command -v jq >/dev/null 2>&1; then
-		# Extract devices (unique IPs/MACs)
-		DEVICES=$(echo "$SOCKET_DATA" | jq -c '[.flows[]? | {ip: (.local_ip // "unknown"), mac: (.local_mac // "unknown")}] | unique' 2>/dev/null || echo '[]')
+# Try to extract device count from ARP table as fallback
+DEVICE_COUNT=$(ip neigh show | grep -c "REACHABLE\|STALE\|DELAY" 2>/dev/null || echo 0)
 
-		# Count unique applications
-		APP_COUNT=$(echo "$SOCKET_DATA" | jq '[.flows[]?.detected_application // "Unknown"] | unique | length' 2>/dev/null || echo 0)
-
-		# Count unique protocols
-		PROTO_COUNT=$(echo "$SOCKET_DATA" | jq '[.flows[]?.detected_protocol // "Unknown"] | unique | length' 2>/dev/null || echo 0)
-
-		# Calculate total bytes
-		TOTAL_BYTES=$(echo "$SOCKET_DATA" | jq '[.flows[]? | (.bytes_orig // 0) + (.bytes_resp // 0)] | add' 2>/dev/null || echo 0)
-
-		# Build devices object from array
-		DEVICES_OBJ=$(echo "$DEVICES" | jq -c 'reduce .[] as $item ({}; .[$item.mac] += [$item.ip])' 2>/dev/null || echo '{}')
-	else
-		DEVICES_OBJ='{}'
-		APP_COUNT=0
-		PROTO_COUNT=0
-		TOTAL_BYTES=0
-	fi
+# Build minimal devices object (MAC -> IP mapping from ARP)
+if command -v jq >/dev/null 2>&1; then
+	DEVICES_OBJ=$(ip neigh show 2>/dev/null | awk '$5 != "" && $1 != "" {print "{\"mac\":\""$5"\",\"ip\":\""$1"\"}"}' | jq -s 'reduce .[] as $item ({}; .[$item.mac] += [$item.ip])' 2>/dev/null || echo '{}')
 else
-	# Fallback: estimate from netifyd -s output
 	DEVICES_OBJ='{}'
-	APP_COUNT=0
-	PROTO_COUNT=0
-	TOTAL_BYTES=0
 fi
 
+# Estimate total bytes from interface stats
+TOTAL_BYTES=0
+for iface in br-lan eth0 eth1 wlan0; do
+	if [ -d "/sys/class/net/$iface" ]; then
+		RX=$(cat /sys/class/net/$iface/statistics/rx_bytes 2>/dev/null || echo 0)
+		TX=$(cat /sys/class/net/$iface/statistics/tx_bytes 2>/dev/null || echo 0)
+		TOTAL_BYTES=$((TOTAL_BYTES + RX + TX))
+	fi
+done
+
 # Create JSON status file
 cat > "$TMP_FILE" <<EOF
 {
 	"flow_count": ${FLOW_COUNT:-0},
 	"devices": ${DEVICES_OBJ},
-	"dhc_size": ${APP_COUNT:-0},
+	"dhc_size": ${DHC_SIZE:-0},
 	"protocol_count": ${PROTO_COUNT:-0},
 	"total_bytes": ${TOTAL_BYTES:-0},
+	"device_count": ${DEVICE_COUNT:-0},
 	"timestamp": $(date +%s),
 	"uptime": $(awk '{print int($1)}' /proc/uptime 2>/dev/null || echo 0)
 }