Skip to content

Commit 86f31c7

Browse files
committed
Add UCI/CSV host import, subnet parsing & UI tweaks
Expose UCI subnet import and OpenWrt-export CSV host import in the UI, implement parsing/conversion helpers, and apply several usability and rendering fixes. Changes: - ARCHITECTURE.md: update status notes to reflect implemented protocol/port matching, zone inference, network importers, import/export and usability improvements; add script entry and bump last-updated date. - public/index.html: UI/CSS additions (file-label, button styles, graph expand mode, show-more row), fixed align-items spelling, added UCI subnet input and import controls, bulk-import help box linking to scripts/openwrt_export_hosts.sh, support for OpenWrt export CSV format, reset confirmation for loading example, import/session UX changes (import as labelled file control, renamed buttons), relationship preview with show-more control, and graph expand/collapse behavior. - JS: implemented parseUciSubnetMappings, parseUciAssignment, networkToCidr/netmask parsing utilities, parseOpenWrtExportCsvLine, CSV heuristics (looksLikeDeviceCsv, improved header detection and mapping), subnet merge/update flows, relationship preview limiting, and other integration glue. - scripts/openwrt_export_hosts.sh: improved DHCP lease export script to compute CIDRs from ip/netmask (prefix/netmask helpers), robust header and file checks, output format documented and example preserved. Why: These changes enable users to import subnet mappings from OpenWrt UCI exports and to bulk-import hosts from the helper export script, improve UX for importing/exporting sessions and the graph visualiser, and align the docs with implemented functionality.
1 parent 61e5616 commit 86f31c7

3 files changed

Lines changed: 434 additions & 72 deletions

File tree

ARCHITECTURE.md

Lines changed: 19 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,8 @@ This is a visual analysis tool, not a full OpenWrt firewall simulator. The decis
2929
openwrt-firewall-visualiser/
3030
├── README.md # Placeholder project documentation
3131
├── ARCHITECTURE.md # This architecture guide
32+
├── scripts/
33+
│ └── openwrt_export_hosts.sh
3234
└── public/
3335
└── index.html # Complete single-file application
3436
```
@@ -203,7 +205,7 @@ Device checks run in two steps:
203205
2. If no specific rule matches, fall back to evaluateZonePath().
204206
```
205207

206-
The parser stores `proto` and `dest_port`, but the current decision engine does not use protocol or port matching. That should be addressed before presenting the app as an accurate per-service firewall analyser.
208+
When protocol or destination port criteria are supplied in the path tester, the decision engine matches them against `proto` and `dest_port` fields. Empty criteria continue to behave as broad "any protocol / any port" checks.
207209

208210
## Phase D: View Rendering
209211

@@ -350,7 +352,7 @@ The example is useful for demonstrating the relationship views, but it should no
350352
| Manual device mapping | Accurate device context depends on user input |
351353
| Simplified parser | Good for common UCI files, not a complete UCI interpreter |
352354
| Simplified decision engine | Useful for visual exploration, not a full firewall simulation |
353-
| Protocol and port fields are not evaluated | Per-service conclusions may be inaccurate |
355+
| Simplified protocol and port matching | Handles common protocol and port/range checks, but not every OpenWrt match expression |
354356
| Browser-local persistence | Saved state is per browser/profile unless exported as JSON |
355357
| CDN dependency | Graph rendering depends on external script availability |
356358
| No automated tests | Behaviour is currently verified manually |
@@ -520,7 +522,7 @@ Benefits:
520522

521523
### Phase G: Zone Inference Engine
522524

523-
Status: partially implemented.
525+
Status: implemented.
524526

525527
Objective: automatically assign firewall zones from subnet definitions when imported hosts do not include a zone.
526528

@@ -558,19 +560,12 @@ Implemented details:
558560
- `parseSubnetMappings()` parses CIDR mappings.
559561
- `inferZoneForIp()` assigns zones during import when a host line has no explicit zone.
560562
- Unresolved imported hosts are counted in the import result panel.
561-
562-
Todo:
563-
564-
- Supported Input Formats
565-
- 1. Manual Zone/Subnet Mapping (done)
566-
- 2. OpenWRT UCI Export (todo)
567-
- uci show firewall | grep "\.network="
568-
- uci show network | grep -E "\.(ipaddr|netmask|proto)="
569-
-
563+
- `parseUciSubnetMappings()` imports subnet mappings from OpenWrt UCI export lines such as `uci show firewall` and `uci show network`.
564+
- `networkToCidr()` converts `ipaddr` plus `netmask` into the correct CIDR network.
570565

571566
### Phase H: Network Discovery Importers
572567

573-
Status: partially implemented.
568+
Status: implemented.
574569

575570
Objective: support importing host data directly from common network tooling output.
576571

@@ -585,20 +580,11 @@ Implemented details:
585580

586581
- `parseNeighbourLine()` supports Linux/OpenWrt `ip neighbour` and common `arp -a` output.
587582
- `parseDhcpLeaseLine()` supports OpenWrt `/tmp/dhcp.leases`.
583+
- `parseOpenWrtExportCsvLine()` supports CSV from `scripts/openwrt_export_hosts.sh`.
588584
- DHCP hostnames are preferred when present.
589585
- IP-only names are used when no hostname is available.
590586
- Skipped source lines are shown in the import result panel.
591-
592-
TODO:
593-
594-
- Better placeholder for different import methods
595-
- Support for `openwrt_export_hosts.sh` script
596-
- ip,hostname,zone,mac
597-
172.16.20.10,Alexa-Kitchen,iot,aa:bb:cc:dd:ee:ff
598-
172.16.20.11,Alexa-Bedroom,iot,aa:bb:cc:dd:ee:00
599-
172.16.30.25,Guest-Phone,guest,aa:bb:cc:dd:ee:11
600-
- ? button which points to the script
601-
-
587+
- The bulk import help button documents the supported commands and links to the helper script.
602588

603589
### Phase I: Relationship Analysis Engine
604590

@@ -640,7 +626,7 @@ Implemented improvements:
640626

641627
### Phase K: Import, Export, And Comparison
642628

643-
Status: Mostly.
629+
Status: implemented.
644630

645631
Workflows for longer-lived analysis are now available.
646632

@@ -651,24 +637,19 @@ Implemented improvements:
651637
- Export graph images.
652638
- Compare two firewall configs.
653639
- Show before/after impact for changed forwardings and rules.
654-
655-
Todo:
656-
657-
- Clear colour coding for Export Session
658-
- Clearer button for Import Session
640+
- Export Session uses a distinct positive-action button.
641+
- Import Session / Devices is a dedicated file-import control.
659642

660643
### Phase L: Usability
661644

662-
Status: In progress.
645+
Status: implemented.
663646

664647
Implementation improvements:
665648

666-
- Load examples (make this have a prompt, as it removed all existing configs, and can only be got back if 'Export Session JSON' was done prior)
667-
- Button to expand Graph Visualiser
668-
- Move 'Export Graph PNG' to graph visualiser
669-
-
670-
- Dropdown button for Device Relationship Map "see more" when items exceed 15 items
671-
-
649+
- Loading the example now prompts before replacing the current state.
650+
- Graph Visualiser has an expand/collapse button.
651+
- Export Graph PNG moved into the Graph Visualiser toolbar.
652+
- Device Relationship Map shows the first 15 relationships by default and adds a show-all/show-fewer control when needed.
672653

673654
## Development Notes
674655

@@ -703,4 +684,4 @@ Use this workflow after changes:
703684

704685
## Last Updated
705686

706-
2026-06-09
687+
2026-06-10

0 commit comments

Comments
 (0)