diff options
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/diag_ipsec.php | 22 | ||||
-rwxr-xr-x | usr/local/www/diag_logs_filter_dynamic.php | 53 | ||||
-rw-r--r-- | usr/local/www/javascript/filter_log.js | 2 | ||||
-rw-r--r-- | usr/local/www/services_captiveportal.php | 4 | ||||
-rw-r--r-- | usr/local/www/widgets/widgets/ipsec.widget.php | 67 | ||||
-rw-r--r-- | usr/local/www/widgets/widgets/log.widget.php | 56 |
6 files changed, 155 insertions, 49 deletions
diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php index 391e29b..e6347c5 100644 --- a/usr/local/www/diag_ipsec.php +++ b/usr/local/www/diag_ipsec.php @@ -55,8 +55,20 @@ require("ipsec.inc"); if ($_GET['act'] == 'connect') { if (ctype_digit($_GET['ikeid'])) { - mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); - mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid'])); + $ph1ent = ipsec_get_phase1($_GET['ikeid']); + if (!empty($ph1ent)) { + if ($ph1ent['iketype'] == 'ikev1') { + $ph2entries = ipsec_get_number_of_phase2($_GET['ikeid']); + for ($i = 0; $i < $ph2entries; $i++) { + $connid = escapeshellarg("con{$_GET['ikeid']}00{$i}"); + mwexec("/usr/local/sbin/ipsec down {$connid}"); + mwexec("/usr/local/sbin/ipsec up {$connid}"); + } + } else { + mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); + mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid'])); + } + } } } else if ($_GET['act'] == 'ikedisconnect') { if (ctype_digit($_GET['ikeid'])) { @@ -122,7 +134,11 @@ $status = ipsec_smp_dump_status(); if (is_array($status['query']) && is_array($status['query']['ikesalist']) && is_array($status['query']['ikesalist']['ikesa'])): foreach ($status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa): $con_id = substr($ikesa['peerconfig'], 3); - $ipsecconnected[$con_id] = $con_id; + if ($ikesa['version'] == 1) { + $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); + $ipsecconnected[$ph1idx] = $ph1idx; + } else + $ipsecconnected[$con_id] = $con_id; if (ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ikesa['id'])) $icon = "pass"; diff --git a/usr/local/www/diag_logs_filter_dynamic.php b/usr/local/www/diag_logs_filter_dynamic.php index d4722f0..2413bf2 100755 --- a/usr/local/www/diag_logs_filter_dynamic.php +++ b/usr/local/www/diag_logs_filter_dynamic.php @@ -1,7 +1,7 @@ <?php /* $Id$ */ /* - diag_logs_filter.php + diag_logs_filter_dynamic.php part of pfSesne Copyright (C) 2004-2009 Scott Ullrich Copyright (C) 2013-2014 Electric Sheep Fencing, LP @@ -83,11 +83,29 @@ include("head.inc"); ?> /* Called by the AJAX updater */ function format_log_line(row) { - var i = 0; - var line = '<td class="listMRlr nowrap" align="center">' + row[i++] + '<\/td>'; - while (i < 6) { - line += '<td class="listMRr nowrap">' + row[i++] + '<\/td>'; + if ( row[8] == '6' ) { + srcIP = '[' + row[3] + ']'; + dstIP = '[' + row[5] + ']'; + } else { + srcIP = row[3]; + dstIP = row[5]; } + + if ( row[4] == '' ) + srcPort = ''; + else + srcPort = ':' + row[4]; + if ( row[6] == '' ) + dstPort = ''; + else + dstPort = ':' + row[6]; + + var line = '<td class="listMRlr" align="center">' + row[0] + '</td>' + + '<td class="listMRr nowrap">' + row[1] + '</td>' + + '<td class="listMRr nowrap">' + row[2] + '</td>' + + '<td class="listMRr nowrap">' + srcIP + srcPort + '</td>' + + '<td class="listMRr nowrap">' + dstIP + dstPort + '</td>' + + '<td class="listMRr nowrap">' + row[7] + '</td>'; return line; } //]]> @@ -145,7 +163,25 @@ include("head.inc"); $rowIndex = 0; foreach ($filterlog as $filterent): $evenRowClass = $rowIndex % 2 ? " listMReven" : " listMRodd"; - $rowIndex++;?> + $rowIndex++; + if ($filterent['version'] == '6') { + $srcIP = "[" . htmlspecialchars($filterent['srcip']) . "]"; + $dstIP = "[" . htmlspecialchars($filterent['dstip']) . "]"; + } else { + $srcIP = htmlspecialchars($filterent['srcip']); + $dstIP = htmlspecialchars($filterent['dstip']); + } + + if ($filterent['srcport']) + $srcPort = ":" . htmlspecialchars($filterent['srcport']); + else + $srcPort = ""; + + if ($filterent['dstport']) + $dstPort = ":" . htmlspecialchars($filterent['dstport']); + else + $dstPort = ""; + ?> <tr class="<?=$evenRowClass?>"> <td class="listMRlr nowrap" align="center"> <a href="#" onclick="javascript:getURL('diag_logs_filter.php?getrulenum=<?php echo "{$filterent['rulenum']},{$filterent['act']}"; ?>', outputrule);"> @@ -154,8 +190,8 @@ include("head.inc"); </td> <td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['time']);?></td> <td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['interface']);?></td> - <td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['src']);?></td> - <td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['dst']);?></td> + <td class="listMRr nowrap"><?php echo $srcIP . $srcPort;?></td> + <td class="listMRr nowrap"><?php echo $dstIP . $dstPort;?></td> <?php if ($filterent['proto'] == "TCP") $filterent['proto'] .= ":{$filterent['tcpflags']}"; @@ -163,7 +199,6 @@ include("head.inc"); <td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['proto']);?></td> </tr> <?php endforeach; ?> - <tr style="display:none;"><td></td></tr> </tbody> </table> </div> diff --git a/usr/local/www/javascript/filter_log.js b/usr/local/www/javascript/filter_log.js index 2cee6d4..66a7309 100644 --- a/usr/local/www/javascript/filter_log.js +++ b/usr/local/www/javascript/filter_log.js @@ -59,7 +59,7 @@ function fetch_new_rules_callback(callback_data) { for(var x=0; x<data_split.length-1; x++) { /* loop through rows */ row_split = data_split[x].split("||"); - lastsawtime = row_split[6]; + lastsawtime = row_split[9]; var tmp = format_log_line(row_split); if ( !(tmp) ) continue; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 70a72ba..42b0a0d 100644 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -1017,10 +1017,10 @@ function enable_change(enable_change) { gettext('Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). ' . 'Make sure to include a form (POST to %1$s) with a submit button (%2$s) and a hidden field with %3$s and %4$s. ' . 'Include the %5$s and %6$s and/or %7$s input fields if authentication is enabled, otherwise it will always fail.'), - ""{$PORTAL_ACTION}"", + '"$PORTAL_ACTION$"', "name="accept"", "name="redirurl"", - "value="{$PORTAL_REDIRURL}"", + 'value="$PORTAL_REDIRURL$"', ""auth_user"", ""auth_pass"", ""auth_voucher""); diff --git a/usr/local/www/widgets/widgets/ipsec.widget.php b/usr/local/www/widgets/widgets/ipsec.widget.php index e510005..8d29e6a 100644 --- a/usr/local/www/widgets/widgets/ipsec.widget.php +++ b/usr/local/www/widgets/widgets/ipsec.widget.php @@ -39,7 +39,7 @@ require_once("guiconfig.inc"); require_once("functions.inc"); require_once("ipsec.inc"); -if (isset($config['ipsec']['phase1'])){?> +if (isset($config['ipsec']['phase1'])) { ?> <div> </div> <?php $tab_array = array(); @@ -56,39 +56,58 @@ if (isset($config['ipsec']['phase1'])){?> $activecounter = 0; $inactivecounter = 0; + if (!is_array($ipsec_status['query'])) { + $ipsec_status['query'] = array(); + $ipsec_status['query']['ikesalist'] = array(); + $ipsec_status['query']['ikesalist']['ikesa'] = array(); + } else if (is_array($ipsec_status['query']['ikesalist'])) { + $ipsec_status['query']['ikesalist'] = array(); + $ipsec_status['query']['ikesalist']['ikesa'] = array(); + } else if (is_array($ipsec_status['query']['ikesalist']['ikesa'])) + $ipsec_status['query']['ikesalist']['ikesa'] = array(); + $ipsec_detail_array = array(); + $ikev1num = array(); foreach ($config['ipsec']['phase2'] as $ph2ent){ if ($ph2ent['remoteid']['type'] == "mobile") continue; ipsec_lookup_phase1($ph2ent,$ph1ent); - if (!isset($ph1ent['disabled']) && !isset($ph2ent['disabled'])) { - if (is_array($ipsec_status['query']) && - is_array($ipsec_status['query']['ikesalist']) && - is_array($ipsec_status['query']['ikesalist']['ikesa'])) { - foreach ($ipsec_status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa) { - if ($ph1ent['ikeid'] == substr($ikesa['peerconfig'], 3)) { - $ikeid = $ikesa['id']; - if (ipsec_phase1_status($ipsec_status['query']['ikesalist']['ikesa'], $ikeid)) { - /* tunnel is up */ - $iconfn = "true"; - $activecounter++; - } else { - /* tunnel is down */ - $iconfn = "false"; - $inactivecounter++; - } - } + if (isset($ph1ent['disabled']) && isset($ph2ent['disabled'])) + continue; + + $ph2number = ipsec_get_number_of_phase2($ph1ent['ikeid']); + if ($ph1ent['iketype'] == 'ikev1' && $ph2number > 1) { + if (!isset($ikev1num[$ph1ent['ikeid']])) + $ikev1num[$ph1ent['ikeid']] = 0; + else + $ikev1num[$ph1ent['ikeid']]++; + $ikeid = "con{$ph1ent['ikeid']}00" . $ikev1num[$ph1ent['ikeid']]; + } else + $ikeid = "con{$ph1ent['ikeid']}"; + + foreach ($ipsec_status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa) { + if ($ikeid == $ikesa['peerconfig']) { + $ph2ikeid = $ikesa['id']; + if (ipsec_phase1_status($ipsec_status['query']['ikesalist']['ikesa'], $ph2ikeid)) { + /* tunnel is up */ + $iconfn = "true"; + $activecounter++; + } else { + /* tunnel is down */ + $iconfn = "false"; + $inactivecounter++; } } - - $ipsec_detail_array[] = array('src' => convert_friendly_interface_to_friendly_descr($ph1ent['interface']), - 'dest' => $ph1ent['remote-gateway'], - 'remote-subnet' => ipsec_idinfo_to_text($ph2ent['remoteid']), - 'descr' => $ph2ent['descr'], - 'status' => $iconfn); } + + $ipsec_detail_array[] = array('src' => convert_friendly_interface_to_friendly_descr($ph1ent['interface']), + 'dest' => $ph1ent['remote-gateway'], + 'remote-subnet' => ipsec_idinfo_to_text($ph2ent['remoteid']), + 'descr' => $ph2ent['descr'], + 'status' => $iconfn); } + unset($ikev1num); } if (isset($config['ipsec']['phase2'])){ ?> diff --git a/usr/local/www/widgets/widgets/log.widget.php b/usr/local/www/widgets/widgets/log.widget.php index fb240fb..2677ee5 100644 --- a/usr/local/www/widgets/widgets/log.widget.php +++ b/usr/local/www/widgets/widgets/log.widget.php @@ -105,11 +105,30 @@ else /* Called by the AJAX updater */ function format_log_line(row) { - var line = '<td class="listMRlr" align="center">' + row[0] + '<\/td>' + - '<td class="listMRr ellipsis" title="' + row[1] + '">' + row[1].slice(0,-3) + '<\/td>' + - '<td class="listMRr ellipsis" title="' + row[2] + '">' + row[2] + '<\/td>' + - '<td class="listMRr ellipsis" title="' + row[3] + '">' + row[3] + '<\/td>' + - '<td class="listMRr ellipsis" title="' + row[4] + '">' + row[4] + '<\/td>'; + var rrText = "<?php echo gettext("Reverse Resolve with DNS"); ?>"; + + if ( row[8] == '6' ) { + srcIP = '[' + row[3] + ']'; + dstIP = '[' + row[5] + ']'; + } else { + srcIP = row[3]; + dstIP = row[5]; + } + + if ( row[4] == '' ) + srcPort = ''; + else + srcPort = ':' + row[4]; + if ( row[6] == '' ) + dstPort = ''; + else + dstPort = ':' + row[6]; + + var line = '<td class="listMRlr" align="center">' + row[0] + '</td>' + + '<td class="listMRr ellipsis" title="' + row[1] + '">' + row[1].slice(0,-3) + '</td>' + + '<td class="listMRr ellipsis" title="' + row[2] + '">' + row[2] + '</td>' + + '<td class="listMRr ellipsis" title="' + srcIP + srcPort + '"><a href="diag_dns.php?host=' + row[3] + '" title="' + rrText + '">' + srcIP + '</a></td>' + + '<td class="listMRr ellipsis" title="' + dstIP + dstPort + '"><a href="diag_dns.php?host=' + row[5] + '" title="' + rrText + '">' + dstIP + '</a>' + dstPort + '</td>'; var nentriesacts = "<?php echo $nentriesacts; ?>"; var nentriesinterfaces = "<?php echo $nentriesinterfaces; ?>"; @@ -188,6 +207,24 @@ function format_log_line(row) { foreach ($filterlog as $filterent): $evenRowClass = $rowIndex % 2 ? " listMReven" : " listMRodd"; $rowIndex++; + if ($filterent['version'] == '6') { + $srcIP = "[" . htmlspecialchars($filterent['srcip']) . "]"; + $dstIP = "[" . htmlspecialchars($filterent['dstip']) . "]"; + } else { + $srcIP = htmlspecialchars($filterent['srcip']); + $dstIP = htmlspecialchars($filterent['dstip']); + } + + if ($filterent['srcport']) + $srcPort = ":" . htmlspecialchars($filterent['srcport']); + else + $srcPort = ""; + + if ($filterent['dstport']) + $dstPort = ":" . htmlspecialchars($filterent['dstport']); + else + $dstPort = ""; + ?> <tr class="<?=$evenRowClass?>"> <td class="listMRlr nowrap" align="center"> @@ -197,19 +234,18 @@ function format_log_line(row) { </td> <td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['time']);?>"><?php echo substr(htmlspecialchars($filterent['time']),0,-3);?></td> <td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['interface']);?>"><?php echo htmlspecialchars($filterent['interface']);?></td> - <td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['src']);?>"> + <td class="listMRr ellipsis nowrap" title="<?php echo $srcIP . $srcPort;?>"> <a href="diag_dns.php?host=<?php echo "{$filterent['srcip']}"; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"> - <?php echo htmlspecialchars($filterent['srcip']);?></a></td> - <td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['dst']);?>"> + <?php echo $srcIP;?></a></td> + <td class="listMRr ellipsis nowrap" title="<?php echo $dstIP . $dstPort;?>"> <a href="diag_dns.php?host=<?php echo "{$filterent['dstip']}"; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"> - <?php echo htmlspecialchars($filterent['dstip']);?></a><?php echo ":" . htmlspecialchars($filterent['dstport']);?></td> + <?php echo $dstIP;?></a><?php echo $dstPort;?></td> <?php if ($filterent['proto'] == "TCP") $filterent['proto'] .= ":{$filterent['tcpflags']}"; ?> </tr> <?php endforeach; ?> - <tr style="display:none;"><td></td></tr> </tbody> </table> |