Arnavion/opnsense-dashboard-cli

Use the HTTP API instead of ssh where possible

Arnavion opened this issue · 0 comments

Sicne OPN provides an HTTP API for things, consider using it instead of ssh where possible.

Pros: HTTP requests can be made in parallel.

Cons: HTTP stack, more server CPU usage (PHP, python, shell processes).


  • batched_sysctls_{1,2}

    No equivalent API.

  • clog_filter_log

    /api/diagnostics/filter/log?limit=...&digest=...

    This also abstracts over whether clog or syslog-ng is in use, at the cost of being more expensive (PHP -> Python -> ls -> sort -> seek to end -> read backwards until digest)

  • df

    No equivalent API.

  • dpinger

    No equivalent API.

  • ifconfig

    No equivalent API.

    There's /usr/local/opnsense/scripts/interfaces/list_interfaces.php but it's not hooked up to any API.

  • netstat_bin

    /api/diagnostics/traffic/interface/ - names and bytes only.

    /api/diagnostics/interface/getInterfaceStatistics - names, bytes and addresses; but requires network.starts_with filtering as before for the bytes.

  • netstat_m

    /api/diagnostics/interface/getMemoryStatistics

  • opnconfig

    No equivalent API. Might not be necessary any more.

  • pfctl_s_info

    No equivalent API.

  • pgrep

    No equivalent API.

  • smartctl_a

    /api/smart/service/info POST { "device": "ada0", "type": "a" }

    Blocked on opnsense/plugins#2283

  • smartctl_i

    /api/smart/service/info POST { "device": "ada0", "type": "i" }

    Blocked on opnsense/plugins#2283

  • sysctl_aN

    No equivalent API.

  • sysctl_kern_disks

    /api/smart/service/list POST <empty body>

  • uname_sr

    No equivalent API.

  • version

    /api/core/firmware/status


Note: Dashboard user requires "Effective Privileges: All pages", because at least /api/diagnostics/interface/getInterfaceStatistics is not made available by any of the built-in roles.

Ref: https://github.com/opnsense/core/blob/master/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml