summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Dale <sdale@pfsense.org>2007-08-03 23:12:41 +0000
committerScott Dale <sdale@pfsense.org>2007-08-03 23:12:41 +0000
commit9624823bc7b5c63e91da029a3b6d02203a560cd4 (patch)
tree77d6a95d5bb8ed5afffbceedd3a17ace381f029b
parent5d7f3e1453bac96719b1fc7df4c156ad05dd9e99 (diff)
downloadpfsense-9624823bc7b5c63e91da029a3b6d02203a560cd4.zip
pfsense-9624823bc7b5c63e91da029a3b6d02203a560cd4.tar.gz
reorganize ipsec code
-rw-r--r--usr/local/www/widgets/include/ipsec.inc68
-rw-r--r--usr/local/www/widgets/widgets/ipsec.widget.php65
2 files changed, 80 insertions, 53 deletions
diff --git a/usr/local/www/widgets/include/ipsec.inc b/usr/local/www/widgets/include/ipsec.inc
index 53ad834..375135a 100644
--- a/usr/local/www/widgets/include/ipsec.inc
+++ b/usr/local/www/widgets/include/ipsec.inc
@@ -2,6 +2,43 @@
//set variable for custom title
$ipsec_title = "IPSec";
+function get_ipsec_tunnel_sad() {
+ /* query SAD */
+ $fd = @popen("/sbin/setkey -D", "r");
+ $sad = array();
+ if ($fd) {
+ while (!feof($fd)) {
+ $line = chop(fgets($fd));
+ if (!$line)
+ continue;
+ if ($line == "No SAD entries.")
+ break;
+ if ($line[0] != "\t") {
+ if (is_array($cursa))
+ $sad[] = $cursa;
+ $cursa = array();
+ list($cursa['src'],$cursa['dst']) = explode(" ", $line);
+ $i = 0;
+ } else {
+ $linea = explode(" ", trim($line));
+ if ($i == 1) {
+ $cursa['proto'] = $linea[0];
+ $cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1);
+ } else if ($i == 2) {
+ $cursa['ealgo'] = $linea[1];
+ } else if ($i == 3) {
+ $cursa['aalgo'] = $linea[1];
+ }
+ }
+ $i++;
+ }
+ if (is_array($cursa) && count($cursa))
+ $sad[] = $cursa;
+ pclose($fd);
+ }
+ return($sad);
+}
+
function get_ipsec_tunnel_src($tunnel) {
global $g, $config, $sad;
$if = "WAN";
@@ -23,4 +60,33 @@ function get_ipsec_tunnel_src($tunnel) {
}
return $interfaceip;
}
-?> \ No newline at end of file
+
+function output_ipsec_tunnel_status($tunnel) {
+ global $g, $config, $sad;
+ $if = "WAN";
+ $interfaceip = get_ipsec_tunnel_src($tunnel);
+ $foundsrc = false;
+ $founddst = false;
+
+ if(!is_array($sad)) {
+ /* we have no sad array, bail */
+ return(false);
+ }
+ foreach($sad as $sa) {
+ if($sa['src'] == $interfaceip)
+ $foundsrc = true;
+ if($sa['dst'] == $tunnel['remote-gateway'])
+ $founddst = true;
+ }
+ if($foundsrc && $founddst) {
+ /* tunnel is up */
+ $iconfn = "pass";
+ return(true);
+ } else {
+ /* tunnel is down */
+ $iconfn = "reject";
+ return(false);
+ }
+}
+
+?>
diff --git a/usr/local/www/widgets/widgets/ipsec.widget.php b/usr/local/www/widgets/widgets/ipsec.widget.php
index 57d5745..526fd63 100644
--- a/usr/local/www/widgets/widgets/ipsec.widget.php
+++ b/usr/local/www/widgets/widgets/ipsec.widget.php
@@ -40,40 +40,9 @@
$tab_array[1] = array("Tunnel Status", false, "ipsec-tunnel");
display_widget_tabs($tab_array);
- /* query SAD */
- $fd = @popen("/sbin/setkey -D", "r");
$sad = array();
- if ($fd) {
- while (!feof($fd)) {
- $line = chop(fgets($fd));
- if (!$line)
- continue;
- if ($line == "No SAD entries.")
- break;
- if ($line[0] != "\t") {
- if (is_array($cursa))
- $sad[] = $cursa;
- $cursa = array();
- list($cursa['src'],$cursa['dst']) = explode(" ", $line);
- $i = 0;
- } else {
- $linea = explode(" ", trim($line));
- if ($i == 1) {
- $cursa['proto'] = $linea[0];
- $cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1);
- } else if ($i == 2) {
- $cursa['ealgo'] = $linea[1];
- } else if ($i == 3) {
- $cursa['aalgo'] = $linea[1];
- }
- }
- $i++;
- }
- if (is_array($cursa) && count($cursa))
- $sad[] = $cursa;
- pclose($fd);
- }
-
+ $sad = get_ipsec_tunnel_sad();
+
$activecounter = 0;
$inactivecounter = 0;
@@ -86,19 +55,7 @@
$foundsrc = false;
$founddst = false;
- foreach($sad as $sa) {
- if (!$foundsrc){
- $sourceIF = find_ip_interface($sa['src']);
- $sourceIF = convert_real_interface_to_friendly_interface_name($sourceIF);
-
- if($sourceIF == $tunnel['interface'])
- $foundsrc = true;
- }
- if($sa['dst'] == $tunnel['remote-gateway'])
- $founddst = true;
- }
-
- if($foundsrc && $founddst) {
+ if(output_ipsec_tunnel_status($tunnel)) {
/* tunnel is up */
$iconfn = "true";
$activecounter++;
@@ -108,12 +65,16 @@
$inactivecounter++;
}
- if (isset($tunnel['disabled']))
+ if (isset($tunnel['disabled'])) {
$tun_disabled = "true";
-
- $ipsec_detail_array[] = array('src' => $tunnel['interface'], 'dest' => $tunnel['remote-gateway'], 'remote-subnet' => $tunnel['remote-subnet'], 'descr' => $tunnel['descr'], 'status' => $iconfn, 'disabled' => $tun_disabled);
-
- }
+ }
+ $ipsec_detail_array[] = array('src' => $tunnel['interface'],
+ 'dest' => $tunnel['remote-gateway'],
+ 'remote-subnet' => $tunnel['remote-subnet'],
+ 'descr' => $tunnel['descr'],
+ 'status' => $iconfn,
+ 'disabled' => $tun_disabled);
+ }
?>
<div id="ipsec-Overview" style="display:block;background-color:#EEEEEE;">
@@ -156,7 +117,7 @@
</div>
<div style="max-height:105px;overflow:auto;">
<?php
- foreach ($ipsec_detail_array as $ipsec):
+ foreach ($ipsec_detail_array as $ipsec) :
if ($ipsec['disabled'] == "true"){
$spans = "<span class=\"gray\">";
OpenPOWER on IntegriCloud