From 8f146251cffcb7bfafd445c55cca7314d35e8e95 Mon Sep 17 00:00:00 2001
From: Akkadius <akkadius1@gmail.com>
Date: Fri, 15 Sep 2017 07:19:28 -0500
Subject: [PATCH] Implement excessive DHCP requests tracker

---
 api/get_dhcp_requests.js                   | 18 ++++++++
 app.js                                     | 50 ++++++++++++++++++++++
 public/templates/dhcp_statistics_page.html | 47 ++++++++++++++++++++
 3 files changed, 115 insertions(+)
 create mode 100644 api/get_dhcp_requests.js

diff --git a/api/get_dhcp_requests.js b/api/get_dhcp_requests.js
new file mode 100644
index 0000000..1d91139
--- /dev/null
+++ b/api/get_dhcp_requests.js
@@ -0,0 +1,18 @@
+var express = require('express');
+var router = express.Router();
+var fs = require('fs');
+
+router.get('/', function(req, res, next) {
+
+    var stat_data = dhcp_requests;
+
+    for (var key in stat_data) {
+        if(stat_data[key].request_count <= 1)
+            delete stat_data[key];
+    }
+
+    res.setHeader('Content-Type', 'application/json');
+    res.send(JSON.stringify(stat_data));
+});
+
+module.exports = router;
\ No newline at end of file
diff --git a/app.js b/app.js
index 63bfce3..396de62 100644
--- a/app.js
+++ b/app.js
@@ -51,6 +51,7 @@ app.use('/api/get_active_leases/', require('./api/get_active_leases'));
 app.use('/api/get_subnet_details/', require('./api/get_subnet_details'));
 app.use('/api/get_vendor_count/', require('./api/get_vendor_count'));
 app.use('/api/get_mac_oui_count_by_vendor/', require('./api/get_mac_oui_count_by_vendor'));
+app.use('/api/get_dhcp_requests/', require('./api/get_dhcp_requests'));
 
 app.set('view engine', 'html');
 
@@ -276,12 +277,61 @@ var tail_dhcp_log = new tail_module(
 	options
 );
 
+dhcp_requests = {};
+
 tail_dhcp_log.on("line", function(data) {
 	if(listening_to_log_file) {
 		wss.broadcast_event(data, 'dhcp_log_subscription');
 	}
+
+	/* Collect Excessive DHCP Request Data */
+	if(/DHCPREQUEST/i.test(data)){
+
+        var request_from = "";
+        var request_for = "";
+        var request_via = "";
+
+        var request_data = data.split(" ");
+        var length = request_data.length;
+        for (var i = 0; i < length; i++) {
+            if(request_data[i] == "from"){
+            	request_from = request_data[i + 1];
+			}
+            if(request_data[i] == "for"){
+            	request_for = request_data[i + 1];
+			}
+            if(request_data[i] == "via"){
+            	request_via = request_data[i + 1];
+			}
+        }
+
+        if(typeof dhcp_requests[request_from] === "undefined")
+            dhcp_requests[request_from] = {};
+
+		if(typeof dhcp_requests[request_from].request_for === "undefined")
+            dhcp_requests[request_from].request_for = request_for;
+
+        if(typeof dhcp_requests[request_from].request_via === "undefined")
+            dhcp_requests[request_from].request_via = request_via;
+
+        if(typeof dhcp_requests[request_from].request_count === "undefined")
+            dhcp_requests[request_from].request_count = 0;
+
+        dhcp_requests[request_from].request_count++;
+	}
 });
 
+const purge_request_data = setInterval(function() {
+    for (var key in dhcp_requests) {
+        if(dhcp_requests[key].request_count <= 10)
+            delete dhcp_requests[key];
+    }
+}, 600 * 1000); /* 10 Minutes */
+
+const purge_request_data_hour = setInterval(function() {
+    dhcp_requests = {};
+}, 3600 * 1000); /* 60 Minutes */
+
 wss.on('connection', function connection(ws) {
 	socket_clients++;
 	console.log("[WS] CLIENT_CONNECT: Socket clients (" + socket_clients + ")");
diff --git a/public/templates/dhcp_statistics_page.html b/public/templates/dhcp_statistics_page.html
index 78c08ec..bb89b0d 100644
--- a/public/templates/dhcp_statistics_page.html
+++ b/public/templates/dhcp_statistics_page.html
@@ -20,6 +20,27 @@
             </div>
         </div>
 
+        <div class="card hide_me">
+            <div class="header">
+                <h2>Excessive DHCP Requests</h2>
+            </div>
+            <div class="body">
+                <small>Usually indicative of a physical error on the network with one-way communication</small>
+                <table id="excessive_requests"  class="table table-bordered table-striped table-hover js-basic-example dataTable dashboard-task-infos">
+                    <thead>
+                        <tr>
+                            <th>MAC</th>
+                            <th>Requesting IP</th>
+                            <th>Request Via</th>
+                            <th>Count</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                    </tbody>
+                </table>
+            </div>
+        </div>
+
     </div>
     <!-- #END# Area Chart -->
     <!-- Device Chart -->
@@ -112,5 +133,31 @@
         $('.hide_me').show();
     });
 
+    $.getJSON( "/api/get_dhcp_requests", function( data ) {
+        $.each(data, function(k, v) {
+            console.log(k);
+
+            $('#excessive_requests  > tbody:last-child').append('<tr>' +
+                '<td>' + k + '</td>' +
+                '<td>' + data[k].request_for + '</td>' +
+                '<td>' + data[k].request_via + '</td>' +
+                '<td>' + data[k].request_count.toLocaleString('en') + '</td>' +
+                '</tr>'
+            );
+
+        });
+
+        excessive_requests = $('#excessive_requests').DataTable({
+            dom: 'rftip',
+            responsive: true,
+            "pageLength": 20,
+            "aaSorting": [],
+            "order": [[ 3, "desc" ]]
+        });
+
+        // $('table').fadeIn(100);
+        $('.hide_me').show();
+    });
+
 
 </script>
\ No newline at end of file