search

jaredhendrickson13 / pfsense-api

The missing REST API package for pfSense
https://pfrest.org/
Apache License 2.0
654 stars 97 forks source link

State Table IDs #494

Closed Phil403 closed 1 week ago

Phil403 commented 2 weeks ago

Is your feature request related to existing pfSense functionality that is missing from the API? Please describe. /firewall/states /firewall/state

Is your feature request related to a problem? Please describe. (Tested with API v2.0.0-rc-30b2715 on pfSense 2.7.2) Every GET Request for /firewall/states generateres inconsistent IDs on some states. Especially on bigger state tables. GET Requests for /firewall/state (with specifing an ID) occasionally come back with different Responses

Describe the solution you'd like Maybe considering persistent IDs for state table GET Request for /firewall/state(s) with filter options instead of ID

Additional context A possible application for this feature is to continuously monitor specific states, for example in media streaming.

jaredhendrickson13 commented 2 weeks ago

You can use querying and filtering for GET requests to the /api/v2/firewall/states endpoint to target states based on specific criteria. For example:

curl -s -k -u admin:pfsense -X GET 'https://localhost/api/v2/firewall/states?interface=em0&destination__startswith=192.168'
{
  "code": 200,
  "status": "ok",
  "response_id": "SUCCESS",
  "message": "",
  "data": [
    {
      "id": 2,
      "interface": "em0",
      "protocol": "icmp",
      "direction": "out",
      "source": "192.168.55.72:62750",
      "destination": "192.168.55.1:62750",
      "age": "03:53:18",
      "expires_in": "00:00:10",
      "packets_total": 52763,
      "packets_in": 26396,
      "packets_out": 26367,
      "bytes_total": 1530127,
      "bytes_in": 765484,
      "bytes_out": 764643
    },
    {
      "id": 6,
      "interface": "em0",
      "protocol": "tcp",
      "direction": "in",
      "source": "192.168.1.171:61290",
      "destination": "192.168.55.72:443",
      "age": "00:00:55",
      "expires_in": "00:00:35",
      "packets_total": 34,
      "packets_in": 16,
      "packets_out": 18,
      "bytes_total": 7087,
      "bytes_in": 1468,
      "bytes_out": 5619
    },
    {
      "id": 7,
      "interface": "em0",
      "protocol": "tcp",
      "direction": "in",
      "source": "192.168.1.171:61321",
      "destination": "192.168.55.72:443",
      "age": "00:00:00",
      "expires_in": "24:00:00",
      "packets_total": 23,
      "packets_in": 11,
      "packets_out": 12,
      "bytes_total": 3782,
      "bytes_in": 1217,
      "bytes_out": 2565
    }
  ]
}

I do agree the id isn't fully sufficient for firewall states since they change quite rapidly. The goal would be to deprecate /api/v2/firewall/state once the package supports queryable DELETE requests to plural endpoints. That will allow all interactions with firewall states to use querying and filtering instead of IDs. I'll see if I can fit that in before v2 releases without making too many changes. If not, that'll likely be a v2.1.0 fix.

Thanks!