diff options
author | Scott Dale <sdale@pfsense.org> | 2007-08-03 23:12:41 +0000 |
---|---|---|
committer | Scott Dale <sdale@pfsense.org> | 2007-08-03 23:12:41 +0000 |
commit | 9624823bc7b5c63e91da029a3b6d02203a560cd4 (patch) | |
tree | 77d6a95d5bb8ed5afffbceedd3a17ace381f029b /usr/local/www/widgets/include | |
parent | 5d7f3e1453bac96719b1fc7df4c156ad05dd9e99 (diff) | |
download | pfsense-9624823bc7b5c63e91da029a3b6d02203a560cd4.zip pfsense-9624823bc7b5c63e91da029a3b6d02203a560cd4.tar.gz |
reorganize ipsec code
Diffstat (limited to 'usr/local/www/widgets/include')
-rw-r--r-- | usr/local/www/widgets/include/ipsec.inc | 68 |
1 files changed, 67 insertions, 1 deletions
diff --git a/usr/local/www/widgets/include/ipsec.inc b/usr/local/www/widgets/include/ipsec.inc index 53ad834..375135a 100644 --- a/usr/local/www/widgets/include/ipsec.inc +++ b/usr/local/www/widgets/include/ipsec.inc @@ -2,6 +2,43 @@ //set variable for custom title $ipsec_title = "IPSec"; +function get_ipsec_tunnel_sad() { + /* query SAD */ + $fd = @popen("/sbin/setkey -D", "r"); + $sad = array(); + if ($fd) { + while (!feof($fd)) { + $line = chop(fgets($fd)); + if (!$line) + continue; + if ($line == "No SAD entries.") + break; + if ($line[0] != "\t") { + if (is_array($cursa)) + $sad[] = $cursa; + $cursa = array(); + list($cursa['src'],$cursa['dst']) = explode(" ", $line); + $i = 0; + } else { + $linea = explode(" ", trim($line)); + if ($i == 1) { + $cursa['proto'] = $linea[0]; + $cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1); + } else if ($i == 2) { + $cursa['ealgo'] = $linea[1]; + } else if ($i == 3) { + $cursa['aalgo'] = $linea[1]; + } + } + $i++; + } + if (is_array($cursa) && count($cursa)) + $sad[] = $cursa; + pclose($fd); + } + return($sad); +} + function get_ipsec_tunnel_src($tunnel) { global $g, $config, $sad; $if = "WAN"; @@ -23,4 +60,33 @@ function get_ipsec_tunnel_src($tunnel) { } return $interfaceip; } -?>
\ No newline at end of file + +function output_ipsec_tunnel_status($tunnel) { + global $g, $config, $sad; + $if = "WAN"; + $interfaceip = get_ipsec_tunnel_src($tunnel); + $foundsrc = false; + $founddst = false; + + if(!is_array($sad)) { + /* we have no sad array, bail */ + return(false); + } + foreach($sad as $sa) { + if($sa['src'] == $interfaceip) + $foundsrc = true; + if($sa['dst'] == $tunnel['remote-gateway']) + $founddst = true; + } + if($foundsrc && $founddst) { + /* tunnel is up */ + $iconfn = "pass"; + return(true); + } else { + /* tunnel is down */ + $iconfn = "reject"; + return(false); + } +} + +?> |