reorganize ipsec code

1 files changed, 67 insertions, 1 deletions

diff --git a/usr/local/www/widgets/include/ipsec.inc b/usr/local/www/widgets/include/ipsec.inc
index 53ad834..375135a 100644
--- a/usr/local/www/widgets/include/ipsec.inc
+++ b/usr/local/www/widgets/include/ipsec.inc
@@ -2,6 +2,43 @@
 //set variable for custom title
 $ipsec_title = "IPSec";
 
+function get_ipsec_tunnel_sad() {
+	/* query SAD */
+	$fd = @popen("/sbin/setkey -D", "r");
+	$sad = array();
+	if ($fd) {
+		while (!feof($fd)) {
+			$line = chop(fgets($fd));
+			if (!$line)
+				continue;
+			if ($line == "No SAD entries.")
+				break;
+			if ($line[0] != "\t") {
+				if (is_array($cursa))
+					$sad[] = $cursa;
+				$cursa = array();
+				list($cursa['src'],$cursa['dst']) = explode(" ", $line);
+				$i = 0;
+			} else {
+				$linea = explode(" ", trim($line));
+				if ($i == 1) {
+					$cursa['proto'] = $linea[0];
+					$cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1);
+				} else if ($i == 2) {
+					$cursa['ealgo'] = $linea[1];
+				} else if ($i == 3) {
+					$cursa['aalgo'] = $linea[1];
+				}
+			}
+			$i++;
+		}
+		if (is_array($cursa) && count($cursa))
+			$sad[] = $cursa;
+		pclose($fd);
+	}
+	return($sad);
+}
+
 function get_ipsec_tunnel_src($tunnel) {
 	global $g, $config, $sad;
 	$if = "WAN";
@@ -23,4 +60,33 @@ function get_ipsec_tunnel_src($tunnel) {
 	}
 	return $interfaceip;
 }
-?>
\ No newline at end of file
+
+function output_ipsec_tunnel_status($tunnel) {
+	global $g, $config, $sad;
+	$if = "WAN";
+	$interfaceip = get_ipsec_tunnel_src($tunnel);
+	$foundsrc = false;
+	$founddst = false;
+
+	if(!is_array($sad)) {
+		/* we have no sad array, bail */
+		return(false);
+	}
+	foreach($sad as $sa) {
+		if($sa['src'] == $interfaceip) 
+			$foundsrc = true;
+		if($sa['dst'] == $tunnel['remote-gateway']) 
+			$founddst = true;
+	}
+	if($foundsrc && $founddst) { 
+		/* tunnel is up */
+		$iconfn = "pass";
+		return(true);
+	} else {
+		/* tunnel is down */
+		$iconfn = "reject";
+		return(false);
+	}
+}
+
+?>