Merge commit 'mainline/master' into alt_method

12 files changed, 244 insertions, 65 deletions

diff --git a/usr/local/bin/filterparser.php b/usr/local/bin/filterparser.php
index d432419..3460e3e 100755
--- a/usr/local/bin/filterparser.php
+++ b/usr/local/bin/filterparser.php
@@ -73,7 +73,9 @@ while(!feof($log)) {
 	 dstip      - Destination IP
 	 dstport    - Destination Port
 	*/
-	if ($flent != "")
+	if ($flent != "") {
 		echo "{$flent['time']} {$flent['act']} {$flent['realint']} {$flent['proto']} {$flent['src']} {$flent['dst']}\n";
+		$flent = "";
+	}
 }
 fclose($log); ?>
\ No newline at end of file
diff --git a/usr/local/www/index.php b/usr/local/www/index.php
index 77cfaaa..3e2cf8d 100755
--- a/usr/local/www/index.php
+++ b/usr/local/www/index.php
@@ -553,7 +553,7 @@ echo $jscriptstr;
 					$inputdisplay = "hide";		
 					$showWidget = "inline";
 					$mindiv = "none";
-					berak;
+					break;
 				case "close":
 					$divdisplay = "none";
 					$display = "block";
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php
index 1ff6dcc..a2a07ed 100755
--- a/usr/local/www/interfaces.php
+++ b/usr/local/www/interfaces.php
@@ -228,6 +228,9 @@ if (isset($wancfg['wireless'])) {
 	$pconfig['apbridge_enable'] = isset($wancfg['wireless']['apbridge']['enable']);
 	$pconfig['authmode'] = $wancfg['wireless']['authmode'];
 	$pconfig['hidessid_enable'] = isset($wancfg['wireless']['hidessid']['enable']);
+	$pconfig['auth_server_addr'] = $wancfg['wireless']['auth_server_addr'];
+	$pconfig['auth_server_port'] = $wancfg['wireless']['auth_server_port'];
+	$pconfig['auth_server_shared_secret'] = $wancfg['wireless']['auth_server_shared_secret'];
 	if (is_array($wancfg['wireless']['wpa'])) {
 		$pconfig['debug_mode'] = $wancfg['wireless']['wpa']['debug_mode'];
 		$pconfig['macaddr_acl'] = $wancfg['wireless']['wpa']['macaddr_acl'];
@@ -703,6 +706,9 @@ function handle_wireless_post() {
 	$wancfg['wireless']['wpa']['wpa_gmk_rekey'] = $_POST['wpa_gmk_rekey'];
 	$wancfg['wireless']['wpa']['passphrase'] = $_POST['passphrase'];
 	$wancfg['wireless']['wpa']['ext_wpa_sw'] = $_POST['ext_wpa_sw'];
+	$wancfg['wireless']['auth_server_addr'] = $_POST['auth_server_addr'];
+	$wancfg['wireless']['auth_server_port'] = $_POST['auth_server_port'];
+	$wancfg['wireless']['auth_server_shared_secret'] = $_POST['auth_server_shared_secret'];
 	if ($_POST['hidessid_enable'] == "yes")
 		$wancfg['wireless']['hidessid']['enable'] = true;
 	else if (isset($wancfg['wireless']['hidessid']['enable']))
@@ -1490,12 +1496,33 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe"
 											</td>
 										</tr>
 										<tr>
-											<td valign="top" class="vncell">Enable IEEE802.1X</td>
+											<td valign="top" class="vncell">Enable IEEE802.1X Authentication</td>
 											<td class="vtable">
 												<input name="ieee8021x" type="checkbox" value="yes"  class="formfld" id="ieee8021x" <? if ($pconfig['ieee8021x']) echo "checked";?>>
 												<br/>Setting this option will enable 802.1x authentication.
 											</td>
 										</tr>
+										<tr>
+											<td valign="top" class="vncell">802.1X Authentication Server IP Address</td>
+											<td class="vtable">
+												<input name="auth_server_addr" id="auth_server_addr" type="text" class="formfld unknown" size="66" value="<?=htmlspecialchars($pconfig['auth_server_addr']);?>">
+												<br/>Enter the IP address of the 802.1X Authentication Server.  This is commonly a Radius server (FreeRadius, Internet Authentication Services, etc.)
+											</td>
+										</tr>
+										<tr>
+											<td valign="top" class="vncell">802.1X Authentication Server Port</td>
+											<td class="vtable">
+												<input name="auth_server_port" id="auth_server_port" type="text" class="formfld unknown" size="66" value="<?=htmlspecialchars($pconfig['auth_server_port']);?>">
+												<br/>Leave blank for the default 1812 port.
+											</td>
+										</tr>
+										<tr>
+											<td valign="top" class="vncell">802.1X Authentication Server Shared Secret</td>
+											<td class="vtable">
+												<input name="auth_server_shared_secret" id="auth_server_shared_secret" type="text" class="formfld unknown" size="66" value="<?=htmlspecialchars($pconfig['auth_server_shared_secret']);?>">
+												<br/>
+											</td>
+										</tr>
 									<? endif; ?>
 									<tr>
 										<td colspan="2" valign="top" height="16"></td>
diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php
index e5e73b1..c79734a 100644
--- a/usr/local/www/services_dyndns_edit.php
+++ b/usr/local/www/services_dyndns_edit.php
@@ -175,7 +175,7 @@ include("head.inc");
 					</td>
 				</tr>	
                 <tr>
-                  <td width="22%" valign="top" class="vncellreq">Hostname/Interface</td>
+                  <td width="22%" valign="top" class="vncellreq">Hostname</td>
                   <td width="78%" class="vtable">
                     <input name="host" type="text" class="formfld unknown" id="host" size="30" value="<?=htmlspecialchars($pconfig['host']);?>">
                     <br>
diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php
index fdd03c0..1132fd8 100644
--- a/usr/local/www/status_openvpn.php
+++ b/usr/local/www/status_openvpn.php
@@ -148,8 +148,8 @@ if (is_array($config['openvpn']['openvpn-server'])) {
 		} else {
 			$conn = array();
 			$conn['common_name'] = "[error]";
-			$conn['remote_host'] = "No Management Daemon";
-			$conn['virtual_addr'] = "See Note Below";
+			$conn['remote_host'] = "Management Daemon Unreachable";
+			$conn['virtual_addr'] = "";
 			$conn['bytes_recv'] = 0;
 			$conn['bytes_sent'] = 0;
 			$conn['connect_time'] = 0;
@@ -159,6 +159,91 @@ if (is_array($config['openvpn']['openvpn-server'])) {
 		$servers[] = $server;
 	}
 }
+
+
+if (is_array($config['openvpn']['openvpn-client'])) {
+	foreach ($config['openvpn']['openvpn-client'] as & $settings) {
+
+		$prot = $settings['protocol'];
+		$port = $settings['local_port'];
+
+		$client = array();
+		$client['port'] = $settings['local_port'];
+		if ($settings['description'])
+			$client['name'] = "{$settings['description']} {$prot}:{$port}";
+		else
+			$client['name'] = "Client {$prot}:{$port}";
+
+		$tcpcli = "tcp://127.0.0.1:{$port}";
+		$errval;
+		$errstr;
+
+		$client['status']="down";
+
+		/* open a tcp connection to the management port of each cli */
+		$fp = @stream_socket_client($tcpcli, $errval, $errstr, 1);
+		if ($fp) {
+
+			/* send our status request */
+			fputs($fp, "state 1\n");
+
+			/* recv all response lines */
+			while (!feof($fp)) {
+				/* read the next line */
+				$line = fgets($fp, 1024);
+
+				/* Get the client state */
+				if (strstr($line,"CONNECTED")) {
+					$client['status']="up";
+					$list = explode(",", $line);
+
+					$client['connect_time']  = date("D M j G:i:s Y", $list[0]);
+					$client['virtual_addr']  = $list[3];
+					$client['remote_host'] = $list[4];
+				}
+				/* parse end of output line */
+				if (strstr($line, "END"))
+					break;
+			}
+
+			/* If up, get read/write stats */
+			if (strcmp($client['status'], "up") == 0) {
+				fputs($fp, "status 2\n");
+				/* recv all response lines */
+				while (!feof($fp)) {
+					/* read the next line */
+					$line = fgets($fp, 1024);
+
+					if (strstr($line,"TCP/UDP read bytes")) {
+						$list = explode(",", $line);
+						$client['bytes_recv'] = $list[1];
+					}
+
+					if (strstr($line,"TCP/UDP write bytes")) {
+						$list = explode(",", $line);
+						$client['bytes_sent'] = $list[1];
+					}
+
+					/* parse end of output line */
+					if (strstr($line, "END"))
+						break;
+				}
+			}
+
+			fclose($fp);
+
+		} else {
+			$DisplayNote=true;
+			$client['remote_host'] = "No Management Daemon";
+			$client['virtual_addr'] = "See Note Below";
+			$client['bytes_recv'] = 0;
+			$client['bytes_sent'] = 0;
+			$client['connect_time'] = 0;
+		}
+
+		$clients[] = $client;
+	}
+}
 include("head.inc"); ?>
 
 <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>">
@@ -254,5 +339,65 @@ include("head.inc"); ?>
 </table>
 
 <?php endforeach; ?>
+<br>
+
+
+<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr>
+		<td colspan="6" class="listtopic">
+			OpenVPN client instances statistics
+		</td>
+	</tr>
+	<tr>
+		<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+		<tr>
+			<td class="listhdrr">Name</td>
+			<td class="listhdrr">Status</td>
+			<td class="listhdrr">Connected Since</td>
+			<td class="listhdrr">Virtual Addr</td>
+			<td class="listhdrr">Remote Host</td>
+			<td class="listhdrr">Bytes Sent</td>
+			<td class="listhdrr">Bytes Received</td>
+		</tr>
+
+<?php foreach ($clients as $client): ?>
+		<tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'>
+			<td class="listlr">
+				<?=$client['name'];?>
+			</td>
+			<td class="listlr">
+				<?=$client['status'];?>
+			</td>
+			<td class="listr">
+				<?=$client['connect_time'];?>
+			</td>
+			<td class="listr">
+				<?=$client['virtual_addr'];?>
+			</td>
+			<td class="listr">
+				<?=$client['remote_host'];?>
+			</td>
+			<td class="listr">
+				<?=$client['bytes_sent'];?>
+			</td>
+			<td class="listr">
+				<?=$client['bytes_recv'];?>
+			</td>
+		</tr>
+<?php endforeach; ?>
+		</table>
+	</tr>
+</table>
+
+<?php if ($DisplayNote) {
+	echo "<br/><b>NOTE:</b> You need to bind each OpenVPN client to enable its management daemon: use 'Local port' setting in the OpenVPN client screen";
+}
+?>
+
+<? if ((!isset($clients)) && (!isset($servers))) {
+	echo "No OpenVPN instance defined";
+}
+?>
+
 
 <?php include("fend.inc"); ?>
diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php
index 905413d..63657d0 100644
--- a/usr/local/www/status_rrd_graph_img.php
+++ b/usr/local/www/status_rrd_graph_img.php
@@ -703,6 +703,7 @@ elseif((strstr($curdatabase, "-queuedrops.rrd")) && (file_exists("$rrddbpath$cur
 	$graphcmd .= "--height 200 --width 620 -x \"$scale\" ";
 	if ($altq) {
 		$a_queues =& $altq->get_queue_list();
+		$t = 0;
 	} else {
         	$a_queues = array();
 		$i = 0;
diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php
index 9ccda16..25d3de5 100755
--- a/usr/local/www/status_services.php
+++ b/usr/local/www/status_services.php
@@ -39,6 +39,7 @@
 
 require("guiconfig.inc");
 require_once("service-utils.inc");
+require_once("ipsec.inc");
 require_once("vpn.inc");
 
 function gentitle_pkg($pgname) {
diff --git a/usr/local/www/themes/code-red/rrdcolors.inc.php b/usr/local/www/themes/code-red/rrdcolors.inc.php
index d04762e..cbd6a8d 100755
--- a/usr/local/www/themes/code-red/rrdcolors.inc.php
+++ b/usr/local/www/themes/code-red/rrdcolors.inc.php
@@ -30,10 +30,10 @@
 

 /* This file is included by the RRD graphing page and sets the colors */

 

-$colortrafficup = "666666";

-$colortrafficdown = "990000";

-$colorpacketsup = "666666";

-$colorpacketsdown = "990000";

+$colortrafficup = array("666666", "CCCCCC");

+$colortrafficdown = array("990000", "CC0000");

+$colorpacketsup = array("666666", "CCCCCC");

+$colorpacketsdown = array("990000", "CC0000");

 $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000');

 $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000');

 $colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000');

diff --git a/usr/local/www/themes/the_wall/rrdcolors.inc.php b/usr/local/www/themes/the_wall/rrdcolors.inc.php
index e657259..e3153fd 100644
--- a/usr/local/www/themes/the_wall/rrdcolors.inc.php
+++ b/usr/local/www/themes/the_wall/rrdcolors.inc.php
@@ -36,6 +36,7 @@ $colorpacketsup = array("666666", "CCCCCC");
 $colorpacketsdown = array("990000", "CC0000");
 $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000');
 $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000');
+$colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000');
 $colorqueuesup = array('000000','7B0000','990000','BB0000','CC0000','D90000','EE0000','FF0000','CC0000');
 $colorqueuesdown = array('000000','7B7B7B','999999','BBBBBB','CCCCCC','D9D9D9','EEEEEE','FFFFFF','CCCCCC');
 $colorqueuesdropup = array('000000','7B0000','990000','BB0000','CC0000','D90000','EE0000','FF0000','CC0000');
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index 9c99ef1..f2899e6 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -122,8 +122,8 @@ if ($_POST) {
 	{
 		switch ($pconfig['localid_type']) {
 			case "network":
-				if (!$pconfig['localid_netbits'] || !is_numeric($pconfig['localid_netbits']))
-					$input_errors[] = "A valid local network bit count must be specified..";
+				if (($pconfig['localid_netbits'] != 0 && !$pconfig['localid_netbits']) || !is_numeric($pconfig['localid_netbits']))
+					$input_errors[] = "A valid local network bit count must be specified.";
 			case "address":
 				if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address']))
 					$input_errors[] = "A valid local network IP address must be specified.";
@@ -132,8 +132,8 @@ if ($_POST) {
 
 		switch ($pconfig['remoteid_type']) {
 			case "network":
-				if (!$pconfig['remoteid_netbits'] || !is_numeric($pconfig['remoteid_netbits']))
-					$input_errors[] = "A valid remote network bit count must be specified..";
+				if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits']))
+					$input_errors[] = "A valid remote network bit count must be specified.";
 			case "address":
 				if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address']))
 					$input_errors[] = "A valid remote network IP address must be specified.";
@@ -401,11 +401,12 @@ function change_protocol() {
 										<input name="remoteid_address" type="text" class="formfld unknown" id="remoteid_address" size="20" value="<?=$pconfig['remoteid_address'];?>">
 										/
 										<select name="remoteid_netbits" class="formselect" id="remoteid_netbits">
-										<?php for ($i = 32; $i >= 0; $i--): ?>
-											<option value="<?=$i;?>" <?php if ($i == $pconfig['remoteid_netbits']) echo "selected"; ?>>
-												<?=$i;?>
-											</option>
-										<?php endfor; ?>
+										<?php for ($i = 32; $i >= 0; $i--) { 
+											
+											echo "<option value=\"{$i}\"";
+											if ($i == $pconfig['remoteid_netbits']) echo " selected";
+											echo ">{$i}</option>\n";
+											} ?>
 										</select>
 									</td>
 								</tr>
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index c0ecede..4617e5c 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -79,7 +79,7 @@ if($_GET['act']=="edit"){
 
 	if (isset($id) && $a_server[$id]) {
 
-		$pconfig['disable'] = $a_server[$id]['disable'];
+		$pconfig['disable'] = isset($a_server[$id]['disable']);
 		$pconfig['mode'] = $a_server[$id]['mode'];
 		$pconfig['protocol'] = $a_server[$id]['protocol'];
 		$pconfig['interface'] = $a_server[$id]['interface'];
@@ -257,7 +257,8 @@ if ($_POST) {
 		else
 			$server['vpnid'] = openvpn_vpnid_next();
 
-		$server['disable'] = $pconfig['disable'];
+		if ($_POST['disable'] == "yes")
+			$server['disable'] = true;
 		$server['mode'] = $pconfig['mode'];
 		$server['protocol'] = $pconfig['protocol'];
 		list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']);
@@ -1147,7 +1148,7 @@ function netbios_change() {
 					$i = 0;
 					foreach($a_server as $server):
 						$disabled = "NO";
-						if ($server['disable'])
+						if (isset($server['disable']))
 							$disabled = "YES";
 				?>
 				<tr>
diff --git a/usr/local/www/widgets/widgets/services_status.widget.php b/usr/local/www/widgets/widgets/services_status.widget.php
index a7a88f8..11d448e 100644
--- a/usr/local/www/widgets/widgets/services_status.widget.php
+++ b/usr/local/www/widgets/widgets/services_status.widget.php
@@ -54,23 +54,23 @@ $services = $config['installedpackages']['service'];
  *
  */
 if(isset($config['dnsmasq']['enable'])) {
-	$pconfig['name'] = "dnsmasq";
-	$pconfig['description'] = "DNS Forwarder";
-	$services[] = $pconfig;
-	unset($pconfig);
+	$sconfig['name'] = "dnsmasq";
+	$sconfig['description'] = "DNS Forwarder";
+	$services[] = $sconfig;
+	unset($sconfig);
 }
 
-$pconfig['name'] = "ntpd";
-$pconfig['description'] = "NTP clock sync";
-$services[] = $pconfig;
-unset($pconfig);
+$sconfig['name'] = "ntpd";
+$sconfig['description'] = "NTP clock sync";
+$services[] = $sconfig;
+unset($sconfig);
 
 if(isset($config['captiveportal']['enable'])) {
-	$pconfig['name'] = "lighttpd";
-	$pconfig['description'] = "Captive Portal";
-	$services[] = $pconfig;
-	$pconfig = "";
-	unset($pconfig);
+	$sconfig['name'] = "lighttpd";
+	$sconfig['description'] = "Captive Portal";
+	$services[] = $sconfig;
+	$sconfig = "";
+	unset($sconfig);
 }
 
 $iflist = array();
@@ -87,45 +87,45 @@ foreach($iflist as $if) {
 }
 
 if($show_dhcprelay == true) {
-	$pconfig['name'] = "dhcrelay";
-	$pconfig['description'] = "DHCP Relay";
-	$services[] = $pconfig;
-	unset($pconfig);
+	$sconfig['name'] = "dhcrelay";
+	$sconfig['description'] = "DHCP Relay";
+	$services[] = $sconfig;
+	unset($sconfig);
 }
 
 if(is_dhcp_server_enabled()) {
-	$pconfig['name'] = "dhcpd";
-	$pconfig['description'] = "DHCP Service";
-	$services[] = $pconfig;
-	unset($pconfig);
+	$sconfig['name'] = "dhcpd";
+	$sconfig['description'] = "DHCP Service";
+	$services[] = $sconfig;
+	unset($sconfig);
 }
 
 if(isset($config['snmpd']['enable'])) {
-	$pconfig['name'] = "bsnmpd";
-	$pconfig['description'] = "SNMP Service";
-	$services[] = $pconfig;
-	unset($pconfig);
+	$sconfig['name'] = "bsnmpd";
+	$sconfig['description'] = "SNMP Service";
+	$services[] = $sconfig;
+	unset($sconfig);
 }
 
 if (count($config['igmpproxy']['igmpentry']) > 0) {
-	$pconfig['name'] = "igmpproxy";
-	$pconfig['descritption'] = "IGMP proxy";
-	$services[] = $pconfig;
-	unset($pconfig);
+	$sconfig['name'] = "igmpproxy";
+	$sconfig['description'] = "IGMP proxy";
+	$services[] = $sconfig;
+	unset($sconfig);
 }
 
 if($config['installedpackages']['miniupnpd']['config'][0]['enable']) {
-	$pconfig['name'] = "miniupnpd";
-	$pconfig['description'] = gettext("UPnP Service");
-	$services[] = $pconfig;
-	unset($pconfig);
+	$sconfig['name'] = "miniupnpd";
+	$sconfig['description'] = gettext("UPnP Service");
+	$services[] = $sconfig;
+	unset($sconfig);
 }
 
 if (isset($config['ipsec']['enable'])) {
-	$pconfig['name'] = "racoon";
-	$pconfig['description'] = gettext("IPsec VPN");
-	$services[] = $pconfig;
-	unset($pconfig);
+	$sconfig['name'] = "racoon";
+	$sconfig['description'] = gettext("IPsec VPN");
+	$services[] = $sconfig;
+	unset($sconfig);
 }
 
 foreach (array('server', 'client') as $mode) {
@@ -133,12 +133,12 @@ foreach (array('server', 'client') as $mode) {
 		foreach ($config['installedpackages']["openvpn$mode"]['config'] as $id => $settings) {
 			$setting = $config['installedpackages']["openvpn$mode"]['config'][$id];
 			if (!$setting['disable']) {
-				$pconfig['name'] = "openvpn";
-				$pconfig['mode'] = $mode;
-				$pconfig['id'] = $id;
-				$pconfig['description'] = "OpenVPN ".$mode.": ".htmlspecialchars($setting['description']);
-				$services[] = $pconfig;
-				unset($pconfig);
+				$sconfig['name'] = "openvpn";
+				$sconfig['mode'] = $mode;
+				$sconfig['id'] = $id;
+				$sconfig['description'] = "OpenVPN ".$mode.": ".htmlspecialchars($setting['description']);
+				$services[] = $sconfig;
+				unset($sconfig);
 			}
 		}
 	}