rearrange diagnostics pages and add some more context

5 years ago · 61e9d6d7d1
parent afacb5c329
commit 61e9d6d7d1
7 changed files with 174 additions and 36 deletions
--- a/source/firewall.rst
+++ b/source/firewall.rst
@ -27,7 +27,7 @@ These are all combined in the firewall section.
   manual/how-tos/shaper
   manual/how-tos/carp
   manual/logging_firewall
-   manual/diagnostics
+   manual/diagnostics_firewall


 ---------------
--- a/source/interfaces.rst
+++ b/source/interfaces.rst
@ -16,11 +16,11 @@ All traffic flowing through your appliance is using (virtual) interfaces, this i
   :titlesonly:

   manual/interfaces
-   manual/diagnostics
   manual/interfaces_settings
   manual/other-interfaces
   manual/mobile_wan
   manual/ipv6
+   manual/diagnostics_interfaces
   manual/logging_interfaces

 ---------------
--- a/source/manual/diagnostics.rst
+++ b/source/manual/diagnostics.rst
@ -1,33 +0,0 @@
-===========
-Diagnostics
-===========
-
-In order to get more insight into your network, and to help solve problems, OPNsense contains several diagnostic tools.
-
-The tools can be found in three places:
-
-* :menuselection:`System --> Diagnostics`
-* :menuselection:`Interfaces --> Diagnostics` (plus one under :menuselection:`Interfaces --> Overview`
-* :menuselection:`Firewall --> Diagnostics`
-
-The following tools are available:
-
-================================================================== ===========================================================================
- :menuselection:`System --> Diagnostics --> Activity`               Show executed commands
- :menuselection:`System --> Diagnostics --> Services`               Shows running services, allows starting/stopping/restarting
- :menuselection:`Interfaces --> Diagnostics --> ARP Table`          Show ARP table, which lists local connected IPv4 peers
- :menuselection:`Interfaces --> Diagnostics --> DNS Lookup`         Easy lookup of IPs and A records that belong to a hostname
- :menuselection:`Interfaces --> Diagnostics --> NDP Table`          Show NDP table, which lists local connected IPv6 peers
- :menuselection:`Interfaces --> Diagnostics --> Packet capture`     Capture packets travelling through an interface
- :menuselection:`Interfaces --> Diagnostics --> Ping`               Ping a hostname or IP address
- :menuselection:`Interfaces --> Diagnostics --> Port Probe`         Test if a host has a certain TCP port open and accepts connections on it
- :menuselection:`Interfaces --> Diagnostics --> Trace Route`        Trace route to a hostname or IP address
- :menuselection:`Interfaces --> Overview`                           Shows status, addresses, packet counts, etc. per interface
- :menuselection:`Firewall --> Diagnostics --> pfInfo`               General information and statistics for pf
- :menuselection:`Firewall --> Diagnostics --> pfTop`                Currently active pf states and routes
- :menuselection:`Firewall --> Diagnostics --> pfTables`             Shows IP addresses belonging to aliases
- :menuselection:`Firewall --> Diagnostics --> Sockets`              Shows listening sockets for IPv4 and IPv6
- :menuselection:`Firewall --> Diagnostics --> States Dump`          Currently active states
- :menuselection:`Firewall --> Diagnostics --> States Reset`         Delete active states and source tracking (cancels connections)
- :menuselection:`Firewall --> Diagnostics --> States Summary`       Show states sorted by criteria like source IP, destination IP, …
-================================================================== ===========================================================================
--- a/source/manual/diagnostics_firewall.rst
+++ b/source/manual/diagnostics_firewall.rst
@ -0,0 +1,64 @@
+===========
+Diagnostics
+===========
+
+-----------------------------------------
+pfInfo
+-----------------------------------------
+
+Various detailed statistics gathered from `pfctl <https://www.freebsd.org/cgi/man.cgi?query=pfctl>`__,
+such as packet counters per interface, memory limits, configured timeouts and detailed active rules.
+
+-----------------------------------------
+pfTop
+-----------------------------------------
+
+`pftop <https://www.freebsd.org/cgi/man.cgi?query=pftop>`__ displays the active packetfilter states and rules, and periodically updates this information.
+
+-----------------------------------------
+pfTables
+-----------------------------------------
+
+Detailed insight into loaded aliases and their content. When an alias has **Statistics** enabled, it will show these
+too.
+
+It's also possible to manually adjust the contents, using **Quick add address** or the delete button.
+
+.. Note::
+
+    When deleting items, keep in mind that the regular update process might put the address (or network) back in, since
+    deletion isn't persistent.
+
+.. Tip::
+
+    Use "Find references" to check if an address would match any configured aliases, which is very practical for debugging
+    purposes, since it will also check if an address fits a network (such as 10.0.0.2 fits in 10.0.0.0/24).
+
+
+-----------------------------------------
+Sockets
+-----------------------------------------
+
+Shows listening (or all) sockets for IPv4 and IPv6
+
+-----------------------------------------
+States Dump
+-----------------------------------------
+
+Insight into the state table (pf), offers the ability to search for specific states and removal.
+
+-----------------------------------------
+States Reset
+-----------------------------------------
+
+Delete all active states and source tracking (cancels connections)
+
+.. Warning::
+
+    Handle with care, a state reset will discard all active connections, in which case clients might have to reconnect
+
+-----------------------------------------
+States Summary
+-----------------------------------------
+
+Show states sorted by criteria like source IP, destination IP, …
--- a/source/manual/diagnostics_interfaces.rst
+++ b/source/manual/diagnostics_interfaces.rst
@ -0,0 +1,75 @@
+===========
+Diagnostics
+===========
+
+The interface diagnostics page contains various tools to help debug network issues.
+
+---------------------
+ARP Table
+---------------------
+
+The `ARP <https://en.wikipedia.org/wiki/Address_Resolution_Protocol>`__ table module shows all MAC addresses known by this firewall.
+
+==============================================================================================================================================
+
+=========================== ==================================================================================================================
+IP                          IPv4 address
+MAC                         `MAC <https://en.wikipedia.org/wiki/MAC_address>`__ address
+Manufacturer                Manufacturer looked up with the mac address above
+Interface                   Associated interface
+Interface name              The name of the interface if found
+Hostname                    In case of a DHCPv4 client, the hostname when found in the leases file
+=========================== ==================================================================================================================
+
+---------------------
+DNS Lookup
+---------------------
+
+Perform a quick dns lookup from the firewall.
+
+---------------------
+NDP Table
+---------------------
+
+Show addresses learned by the `Neighbor Discovery Protocol <https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol>`__ for IPv6.
+
+==============================================================================================================================================
+
+=========================== ==================================================================================================================
+IPv6                        IPv6 address
+MAC                         `MAC <https://en.wikipedia.org/wiki/MAC_address>`__ address
+Manufacturer                Manufacturer looked up with the mac address above
+Interface                   Associated interface
+Interface name              The name of the interface if found
+=========================== ==================================================================================================================
+
+
+---------------------
+Packet capture
+---------------------
+
+The packet capture module can be used to deep dive into traffic passing a (or multiple) network interfaces.
+It has some options you can choose from, such as the interface to listen on, protocol you interested in and
+host to track.
+
+Packet capture uses `tcpdump <https://www.tcpdump.org/>`__ and runs in the background. After a capture is performed you can
+either look into it using the **View capture** button or download the pcap file to inspect it in an external tool, such as `Wireshark <https://www.wireshark.org/>`__.
+
+---------------------
+Ping
+---------------------
+
+Use ping to establish if a remote host can be reached using ICMP.
+
+---------------------
+Port Probe
+---------------------
+
+Test if a host has a certain TCP port open and accepts connections on it.
+
+---------------------
+Trace Route
+---------------------
+
+Use `traceroute <https://www.freebsd.org/cgi/man.cgi?query=traceroute>`__ /  `traceroute6 <https://www.freebsd.org/cgi/man.cgi?query=traceroute6>`__
+to measure the path traffic would follow when trying to reach a specific host.
--- a/source/manual/diagnostics_system.rst
+++ b/source/manual/diagnostics_system.rst
@ -0,0 +1,32 @@
+===========
+Diagnostics
+===========
+
+-------------------------------
+Activity
+-------------------------------
+
+The activity module shows current active processes and their details, you can search within the list of activities, fetch
+general information (like load averages, number of processes, etc.) using the info button in the footer of the grid.
+
+==============================================================================================================================================
+
+=========================== ==================================================================================================================
+PID                         The process id of this process
+USERNAME                    Username executed this process
+PRI                         Current priority of the process
+NICE                        NICE is the `nice <https://en.wikipedia.org/wiki/Nice_(Unix)>`__ amount (in the range -20 to 20)
+SIZE                        Total size of the process (text, data, and stack)
+RES                         Current amount of resident memory, RAM currently in use by the process
+C                           is the processor number on which the process is executing	(visible only on SMP systems)
+TIME                        The number of system and	user cpu seconds that the process has used
+WCPU                        Weighted cpu percentage
+COMMAND                     Command string
+=========================== ==================================================================================================================
+
+
+-------------------------------
+Services
+-------------------------------
+
+The services page shows the configured services and status, you can stop/start/restart all of them here.
--- a/source/system.rst
+++ b/source/system.rst
@ -27,7 +27,7 @@ activities.
   manual/settingsmenu
   manual/certificates
   manual/logging_system
-   manual/diagnostics
+   manual/diagnostics_system


 ---------------