CyberMind-FR
595bc5c06f
Dashboard Enhancements: 1. Real-Time Interface Statistics - Per-interface traffic monitoring (br-lan, br-wan) - TCP/UDP/ICMP packet breakdown with percentages - Total traffic and packet counts per interface - Visual progress bars showing protocol distribution - Dropped packet alerts when present - Auto-refreshing every 5 seconds 2. Improved Flow Display - Better flow status showing Active vs Expired counts - Enhanced "Network Flows" card subtitle format - Changed icon from exchange-alt to stream - Clearer separation of active/expired metrics RPC Backend Changes: 3. Interface Stats in Dashboard API - Added "interfaces" object to get_dashboard response - Per-interface metrics: tcp_packets, udp_packets, icmp_packets - Traffic data: ip_bytes, wire_bytes - Quality metrics: capture_dropped packets - Dynamically discovers all monitored interfaces 4. Enhanced Flow Statistics - Added flows_active and flows_expired to stats object - More accurate flow state tracking - Better resource utilization metrics UI/UX Improvements: 5. Live Interface Cards - Clean card-based design for each interface - Color-coded protocol stats (TCP=blue, UDP=green, ICMP=orange) - Responsive grid layout adapts to screen size - Real-time percentage calculations - Smooth transitions on data updates 6. Visual Hierarchy - Interface section positioned between overview stats and apps - Clear visual separation with border and padding - Consistent color scheme across dashboard - Better information density Technical Details: - Extracts interface list from netifyd status.json stats object - Calculates protocol percentages client-side - Uses grid layout for responsive display - Leverages existing formatBytes utility - No performance impact (lightweight rendering) Benefits: ✅ See exactly which interface has traffic (LAN vs WAN) ✅ Understand protocol distribution per interface ✅ Quickly spot packet drops or issues ✅ Better network troubleshooting capabilities ✅ Real-time visibility into router traffic patterns Example Output: br-lan: 0 packets (LAN - local network) br-wan: 85 TCP, 15 UDP, 13 ICMP = 113 total packets (WAN - internet) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| htdocs/luci-static/resources | ||
| root | ||
| Makefile | ||
| README-FLOW-DATA.md | ||
| README.md | ||
SecuBox Netifyd Deep Packet Inspection Interface
Complete LuCI interface for Netifyd DPI engine with real-time flow monitoring, application detection, and network analytics.
Features
Real-Time Monitoring
- Live Flow Tracking: Monitor active network flows in real-time via socket interface
- Socket Integration: Connect to Netifyd via TCP or Unix domain socket
- Auto-Refresh: Configurable polling intervals for live updates
Application & Protocol Detection
- Deep Packet Inspection: Leverage Netifyd's DPI engine
- Application Identification: Detect and track applications (HTTP, HTTPS, SSH, DNS, etc.)
- Protocol Analysis: Identify network protocols and analyze traffic patterns
- SSL/TLS Inspection: Extract SSL certificate information and cipher details
Device Tracking
- Network Discovery: Automatically detect devices on the network
- Traffic Analytics: Track upload/download statistics per device
- MAC/IP Mapping: Correlate MAC addresses with IP addresses
- Last Seen Tracking: Monitor device activity timestamps
Service Management
- Start/Stop/Restart: Full control of Netifyd service
- Enable/Disable: Configure auto-start on boot
- Status Monitoring: View service health and uptime
- Configuration: Manage Netifyd settings via UCI
Analytics & Reporting
- Top Applications: Visual charts of most-used applications
- Top Protocols: Protocol usage statistics
- Traffic Statistics: Total bytes, packets, and flow counts
- Export Functionality: Export flows to JSON or CSV format
Requirements
- OpenWrt 21.02 or later
- LuCI (luci-base)
- netifyd package installed
- jq (for JSON processing)
- secubox-core
Installation
Via SecuBox App Store
# From LuCI Admin panel
Navigate to SecuBox → App Store → Search for "Netifyd"
Click "Install"
Manual Installation
opkg update
opkg install luci-app-secubox-netifyd
service rpcd restart
Configuration
Basic Setup
- Install netifyd:
opkg install netifyd
- Configure netifyd socket (edit
/etc/netifyd.conf):
[socket]
listen_path[0] = /var/run/netifyd/netifyd.sock
listen_address[0] = 127.0.0.1:7150
- Start netifyd:
service netifyd start
service netifyd enable
- Access LuCI interface:
Navigate to: SecuBox → Network Intelligence
Advanced Configuration
Configure via LuCI Settings page or UCI:
uci set secubox-netifyd.settings.socket_address='127.0.0.1'
uci set secubox-netifyd.settings.socket_port='7150'
uci set secubox-netifyd.settings.auto_start='1'
uci set secubox-netifyd.monitoring.enable_app_detection='1'
uci set secubox-netifyd.analytics.enabled='1'
uci commit secubox-netifyd
Usage
Dashboard
- View real-time service status
- Monitor active flows, devices, and applications
- Quick statistics overview
- Service control buttons
Live Flows
- Real-time flow table with auto-refresh
- Source/destination IP and ports
- Protocol and application detection
- Traffic statistics (bytes, packets, duration)
- Export flows to JSON/CSV
Applications
- Top applications by traffic volume
- Flow counts per application
- Traffic percentage visualization
- Sortable application list
Devices
- Active device list with MAC/IP addresses
- Upload/download statistics per device
- Last seen timestamps
- Total traffic tracking
Settings
- Socket configuration (TCP/Unix)
- Flow retention and limits
- Monitoring toggles
- Analytics preferences
- Alert configuration
API Methods
Service Control
get_service_status- Get Netifyd service statusservice_start- Start Netifyd serviceservice_stop- Stop Netifyd serviceservice_restart- Restart Netifyd serviceservice_enable- Enable auto-startservice_disable- Disable auto-start
Data Retrieval
get_realtime_flows- Get live flow dataget_flow_statistics- Get flow statisticsget_top_applications- Get top applicationsget_top_protocols- Get top protocolsget_detected_devices- Get detected devicesget_dashboard- Get dashboard summary
Configuration
get_config- Get current configurationupdate_config- Update configurationget_interfaces- Get monitored interfaces
Utilities
clear_cache- Clear flow cacheexport_flows- Export flows (JSON/CSV)
Architecture
┌─────────────────────────────────────────────┐
│ LuCI Frontend (JavaScript) │
│ ┌─────────┐ ┌──────────┐ ┌──────────────┐ │
│ │Dashboard│ │ Flows │ │Applications/ │ │
│ │ │ │ │ │ Devices │ │
│ └─────────┘ └──────────┘ └──────────────┘ │
└──────────────────┬──────────────────────────┘
│ RPC Calls
┌──────────────────▼──────────────────────────┐
│ RPCD Backend (Shell) │
│ luci.secubox-netifyd │
│ ┌────────────────────────────────────────┐ │
│ │ Service Control │ Data Aggregation │ │
│ │ Config Management │ Statistics │ │
│ └────────────────────────────────────────┘ │
└──────────────────┬──────────────────────────┘
│ Socket/CLI
┌──────────────────▼──────────────────────────┐
│ Netifyd DPI Engine │
│ ┌────────────────────────────────────────┐ │
│ │ Deep Packet Inspection │ │
│ │ Application Detection │ │
│ │ Protocol Analysis │ │
│ │ Flow Tracking │ │
│ └────────────────────────────────────────┘ │
└─────────────────────────────────────────────┘
Netifyd Socket Interface
Netifyd streams JSON data via:
- TCP Socket:
127.0.0.1:7150(default) - Unix Socket:
/var/run/netifyd/netifyd.sock
Example Flow Data Structure
{
"ip_orig": "192.168.1.100",
"ip_resp": "93.184.216.34",
"port_orig": 54321,
"port_resp": 443,
"protocol": "TCP",
"application": "HTTPS",
"bytes_orig": 12345,
"bytes_resp": 98765,
"packets_orig": 45,
"packets_resp": 123,
"duration": 120,
"ssl_sni": "example.com"
}
Troubleshooting
Netifyd Not Starting
# Check netifyd installation
which netifyd
# Check configuration
cat /etc/netifyd.conf
# View logs
logread | grep netifyd
# Restart manually
/etc/init.d/netifyd restart
Socket Connection Failed
# Test TCP socket
nc -z 127.0.0.1 7150
# Check netifyd process
ps | grep netifyd
# Verify socket configuration
grep listen /etc/netifyd.conf
No Flow Data
# Check if netifyd is capturing
netifyd -s
# Verify interfaces
grep interface /etc/netifyd.conf
# Check dump file
cat /run/netifyd/sink-request.json
Performance Considerations
- Flow Limit: Default 10,000 flows (configurable)
- Retention: Default 1 hour (configurable)
- Polling Interval: 3-10 seconds (configurable)
- Display Limit: 100 flows in UI (full export available)
Security Notes
- Socket listens on localhost by default
- No external access without explicit configuration
- Flow data contains sensitive network information
- Recommend firewall rules if exposing socket externally
Development
File Structure
luci-app-secubox-netifyd/
├── Makefile
├── README.md
├── root/
│ ├── etc/config/secubox-netifyd
│ └── usr/
│ ├── libexec/rpcd/luci.secubox-netifyd
│ └── share/
│ ├── rpcd/acl.d/luci-app-secubox-netifyd.json
│ └── luci/menu.d/luci-app-secubox-netifyd.json
└── htdocs/luci-static/resources/
├── secubox-netifyd/
│ ├── api.js
│ └── netifyd.css
└── view/secubox-netifyd/
├── dashboard.js
├── flows.js
├── applications.js
├── devices.js
└── settings.js
License
MIT License - Copyright (C) 2025 CyberMind.fr
Links
Credits
- Netify by eGloo: Deep packet inspection engine
- SecuBox Team: LuCI integration and interface design
- OpenWrt Community: Platform and package ecosystem