summaryrefslogtreecommitdiffstats
path: root/usr
diff options
context:
space:
mode:
Diffstat (limited to 'usr')
-rw-r--r--usr/local/www/diag_ipsec.php22
-rwxr-xr-xusr/local/www/diag_logs_filter_dynamic.php53
-rw-r--r--usr/local/www/javascript/filter_log.js2
-rw-r--r--usr/local/www/services_captiveportal.php4
-rw-r--r--usr/local/www/widgets/widgets/ipsec.widget.php67
-rw-r--r--usr/local/www/widgets/widgets/log.widget.php56
6 files changed, 155 insertions, 49 deletions
diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php
index 391e29b..e6347c5 100644
--- a/usr/local/www/diag_ipsec.php
+++ b/usr/local/www/diag_ipsec.php
@@ -55,8 +55,20 @@ require("ipsec.inc");
if ($_GET['act'] == 'connect') {
if (ctype_digit($_GET['ikeid'])) {
- mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
- mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid']));
+ $ph1ent = ipsec_get_phase1($_GET['ikeid']);
+ if (!empty($ph1ent)) {
+ if ($ph1ent['iketype'] == 'ikev1') {
+ $ph2entries = ipsec_get_number_of_phase2($_GET['ikeid']);
+ for ($i = 0; $i < $ph2entries; $i++) {
+ $connid = escapeshellarg("con{$_GET['ikeid']}00{$i}");
+ mwexec("/usr/local/sbin/ipsec down {$connid}");
+ mwexec("/usr/local/sbin/ipsec up {$connid}");
+ }
+ } else {
+ mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid']));
+ mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid']));
+ }
+ }
}
} else if ($_GET['act'] == 'ikedisconnect') {
if (ctype_digit($_GET['ikeid'])) {
@@ -122,7 +134,11 @@ $status = ipsec_smp_dump_status();
if (is_array($status['query']) && is_array($status['query']['ikesalist']) && is_array($status['query']['ikesalist']['ikesa'])):
foreach ($status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa):
$con_id = substr($ikesa['peerconfig'], 3);
- $ipsecconnected[$con_id] = $con_id;
+ if ($ikesa['version'] == 1) {
+ $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
+ $ipsecconnected[$ph1idx] = $ph1idx;
+ } else
+ $ipsecconnected[$con_id] = $con_id;
if (ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ikesa['id']))
$icon = "pass";
diff --git a/usr/local/www/diag_logs_filter_dynamic.php b/usr/local/www/diag_logs_filter_dynamic.php
index d4722f0..2413bf2 100755
--- a/usr/local/www/diag_logs_filter_dynamic.php
+++ b/usr/local/www/diag_logs_filter_dynamic.php
@@ -1,7 +1,7 @@
<?php
/* $Id$ */
/*
- diag_logs_filter.php
+ diag_logs_filter_dynamic.php
part of pfSesne
Copyright (C) 2004-2009 Scott Ullrich
Copyright (C) 2013-2014 Electric Sheep Fencing, LP
@@ -83,11 +83,29 @@ include("head.inc");
?>
/* Called by the AJAX updater */
function format_log_line(row) {
- var i = 0;
- var line = '<td class="listMRlr nowrap" align="center">' + row[i++] + '<\/td>';
- while (i < 6) {
- line += '<td class="listMRr nowrap">' + row[i++] + '<\/td>';
+ if ( row[8] == '6' ) {
+ srcIP = '[' + row[3] + ']';
+ dstIP = '[' + row[5] + ']';
+ } else {
+ srcIP = row[3];
+ dstIP = row[5];
}
+
+ if ( row[4] == '' )
+ srcPort = '';
+ else
+ srcPort = ':' + row[4];
+ if ( row[6] == '' )
+ dstPort = '';
+ else
+ dstPort = ':' + row[6];
+
+ var line = '<td class="listMRlr" align="center">' + row[0] + '</td>' +
+ '<td class="listMRr nowrap">' + row[1] + '</td>' +
+ '<td class="listMRr nowrap">' + row[2] + '</td>' +
+ '<td class="listMRr nowrap">' + srcIP + srcPort + '</td>' +
+ '<td class="listMRr nowrap">' + dstIP + dstPort + '</td>' +
+ '<td class="listMRr nowrap">' + row[7] + '</td>';
return line;
}
//]]>
@@ -145,7 +163,25 @@ include("head.inc");
$rowIndex = 0;
foreach ($filterlog as $filterent):
$evenRowClass = $rowIndex % 2 ? " listMReven" : " listMRodd";
- $rowIndex++;?>
+ $rowIndex++;
+ if ($filterent['version'] == '6') {
+ $srcIP = "[" . htmlspecialchars($filterent['srcip']) . "]";
+ $dstIP = "[" . htmlspecialchars($filterent['dstip']) . "]";
+ } else {
+ $srcIP = htmlspecialchars($filterent['srcip']);
+ $dstIP = htmlspecialchars($filterent['dstip']);
+ }
+
+ if ($filterent['srcport'])
+ $srcPort = ":" . htmlspecialchars($filterent['srcport']);
+ else
+ $srcPort = "";
+
+ if ($filterent['dstport'])
+ $dstPort = ":" . htmlspecialchars($filterent['dstport']);
+ else
+ $dstPort = "";
+ ?>
<tr class="<?=$evenRowClass?>">
<td class="listMRlr nowrap" align="center">
<a href="#" onclick="javascript:getURL('diag_logs_filter.php?getrulenum=<?php echo "{$filterent['rulenum']},{$filterent['act']}"; ?>', outputrule);">
@@ -154,8 +190,8 @@ include("head.inc");
</td>
<td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['time']);?></td>
<td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['interface']);?></td>
- <td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['src']);?></td>
- <td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['dst']);?></td>
+ <td class="listMRr nowrap"><?php echo $srcIP . $srcPort;?></td>
+ <td class="listMRr nowrap"><?php echo $dstIP . $dstPort;?></td>
<?php
if ($filterent['proto'] == "TCP")
$filterent['proto'] .= ":{$filterent['tcpflags']}";
@@ -163,7 +199,6 @@ include("head.inc");
<td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['proto']);?></td>
</tr>
<?php endforeach; ?>
- <tr style="display:none;"><td></td></tr>
</tbody>
</table>
</div>
diff --git a/usr/local/www/javascript/filter_log.js b/usr/local/www/javascript/filter_log.js
index 2cee6d4..66a7309 100644
--- a/usr/local/www/javascript/filter_log.js
+++ b/usr/local/www/javascript/filter_log.js
@@ -59,7 +59,7 @@ function fetch_new_rules_callback(callback_data) {
for(var x=0; x<data_split.length-1; x++) {
/* loop through rows */
row_split = data_split[x].split("||");
- lastsawtime = row_split[6];
+ lastsawtime = row_split[9];
var tmp = format_log_line(row_split);
if ( !(tmp) ) continue;
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 70a72ba..42b0a0d 100644
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -1017,10 +1017,10 @@ function enable_change(enable_change) {
gettext('Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). ' .
'Make sure to include a form (POST to %1$s) with a submit button (%2$s) and a hidden field with %3$s and %4$s. ' .
'Include the %5$s and %6$s and/or %7$s input fields if authentication is enabled, otherwise it will always fail.'),
- "&quot;{$PORTAL_ACTION}&quot;",
+ '&quot;$PORTAL_ACTION$&quot;',
"name=&quot;accept&quot;",
"name=&quot;redirurl&quot;",
- "value=&quot;{$PORTAL_REDIRURL}&quot;",
+ 'value=&quot;$PORTAL_REDIRURL$&quot;',
"&quot;auth_user&quot;",
"&quot;auth_pass&quot;",
"&quot;auth_voucher&quot;");
diff --git a/usr/local/www/widgets/widgets/ipsec.widget.php b/usr/local/www/widgets/widgets/ipsec.widget.php
index e510005..8d29e6a 100644
--- a/usr/local/www/widgets/widgets/ipsec.widget.php
+++ b/usr/local/www/widgets/widgets/ipsec.widget.php
@@ -39,7 +39,7 @@ require_once("guiconfig.inc");
require_once("functions.inc");
require_once("ipsec.inc");
-if (isset($config['ipsec']['phase1'])){?>
+if (isset($config['ipsec']['phase1'])) { ?>
<div>&nbsp;</div>
<?php
$tab_array = array();
@@ -56,39 +56,58 @@ if (isset($config['ipsec']['phase1'])){?>
$activecounter = 0;
$inactivecounter = 0;
+ if (!is_array($ipsec_status['query'])) {
+ $ipsec_status['query'] = array();
+ $ipsec_status['query']['ikesalist'] = array();
+ $ipsec_status['query']['ikesalist']['ikesa'] = array();
+ } else if (is_array($ipsec_status['query']['ikesalist'])) {
+ $ipsec_status['query']['ikesalist'] = array();
+ $ipsec_status['query']['ikesalist']['ikesa'] = array();
+ } else if (is_array($ipsec_status['query']['ikesalist']['ikesa']))
+ $ipsec_status['query']['ikesalist']['ikesa'] = array();
+
$ipsec_detail_array = array();
+ $ikev1num = array();
foreach ($config['ipsec']['phase2'] as $ph2ent){
if ($ph2ent['remoteid']['type'] == "mobile")
continue;
ipsec_lookup_phase1($ph2ent,$ph1ent);
- if (!isset($ph1ent['disabled']) && !isset($ph2ent['disabled'])) {
- if (is_array($ipsec_status['query']) &&
- is_array($ipsec_status['query']['ikesalist']) &&
- is_array($ipsec_status['query']['ikesalist']['ikesa'])) {
- foreach ($ipsec_status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa) {
- if ($ph1ent['ikeid'] == substr($ikesa['peerconfig'], 3)) {
- $ikeid = $ikesa['id'];
- if (ipsec_phase1_status($ipsec_status['query']['ikesalist']['ikesa'], $ikeid)) {
- /* tunnel is up */
- $iconfn = "true";
- $activecounter++;
- } else {
- /* tunnel is down */
- $iconfn = "false";
- $inactivecounter++;
- }
- }
+ if (isset($ph1ent['disabled']) && isset($ph2ent['disabled']))
+ continue;
+
+ $ph2number = ipsec_get_number_of_phase2($ph1ent['ikeid']);
+ if ($ph1ent['iketype'] == 'ikev1' && $ph2number > 1) {
+ if (!isset($ikev1num[$ph1ent['ikeid']]))
+ $ikev1num[$ph1ent['ikeid']] = 0;
+ else
+ $ikev1num[$ph1ent['ikeid']]++;
+ $ikeid = "con{$ph1ent['ikeid']}00" . $ikev1num[$ph1ent['ikeid']];
+ } else
+ $ikeid = "con{$ph1ent['ikeid']}";
+
+ foreach ($ipsec_status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa) {
+ if ($ikeid == $ikesa['peerconfig']) {
+ $ph2ikeid = $ikesa['id'];
+ if (ipsec_phase1_status($ipsec_status['query']['ikesalist']['ikesa'], $ph2ikeid)) {
+ /* tunnel is up */
+ $iconfn = "true";
+ $activecounter++;
+ } else {
+ /* tunnel is down */
+ $iconfn = "false";
+ $inactivecounter++;
}
}
-
- $ipsec_detail_array[] = array('src' => convert_friendly_interface_to_friendly_descr($ph1ent['interface']),
- 'dest' => $ph1ent['remote-gateway'],
- 'remote-subnet' => ipsec_idinfo_to_text($ph2ent['remoteid']),
- 'descr' => $ph2ent['descr'],
- 'status' => $iconfn);
}
+
+ $ipsec_detail_array[] = array('src' => convert_friendly_interface_to_friendly_descr($ph1ent['interface']),
+ 'dest' => $ph1ent['remote-gateway'],
+ 'remote-subnet' => ipsec_idinfo_to_text($ph2ent['remoteid']),
+ 'descr' => $ph2ent['descr'],
+ 'status' => $iconfn);
}
+ unset($ikev1num);
}
if (isset($config['ipsec']['phase2'])){ ?>
diff --git a/usr/local/www/widgets/widgets/log.widget.php b/usr/local/www/widgets/widgets/log.widget.php
index fb240fb..2677ee5 100644
--- a/usr/local/www/widgets/widgets/log.widget.php
+++ b/usr/local/www/widgets/widgets/log.widget.php
@@ -105,11 +105,30 @@ else
/* Called by the AJAX updater */
function format_log_line(row) {
- var line = '<td class="listMRlr" align="center">' + row[0] + '<\/td>' +
- '<td class="listMRr ellipsis" title="' + row[1] + '">' + row[1].slice(0,-3) + '<\/td>' +
- '<td class="listMRr ellipsis" title="' + row[2] + '">' + row[2] + '<\/td>' +
- '<td class="listMRr ellipsis" title="' + row[3] + '">' + row[3] + '<\/td>' +
- '<td class="listMRr ellipsis" title="' + row[4] + '">' + row[4] + '<\/td>';
+ var rrText = "<?php echo gettext("Reverse Resolve with DNS"); ?>";
+
+ if ( row[8] == '6' ) {
+ srcIP = '[' + row[3] + ']';
+ dstIP = '[' + row[5] + ']';
+ } else {
+ srcIP = row[3];
+ dstIP = row[5];
+ }
+
+ if ( row[4] == '' )
+ srcPort = '';
+ else
+ srcPort = ':' + row[4];
+ if ( row[6] == '' )
+ dstPort = '';
+ else
+ dstPort = ':' + row[6];
+
+ var line = '<td class="listMRlr" align="center">' + row[0] + '</td>' +
+ '<td class="listMRr ellipsis" title="' + row[1] + '">' + row[1].slice(0,-3) + '</td>' +
+ '<td class="listMRr ellipsis" title="' + row[2] + '">' + row[2] + '</td>' +
+ '<td class="listMRr ellipsis" title="' + srcIP + srcPort + '"><a href="diag_dns.php?host=' + row[3] + '" title="' + rrText + '">' + srcIP + '</a></td>' +
+ '<td class="listMRr ellipsis" title="' + dstIP + dstPort + '"><a href="diag_dns.php?host=' + row[5] + '" title="' + rrText + '">' + dstIP + '</a>' + dstPort + '</td>';
var nentriesacts = "<?php echo $nentriesacts; ?>";
var nentriesinterfaces = "<?php echo $nentriesinterfaces; ?>";
@@ -188,6 +207,24 @@ function format_log_line(row) {
foreach ($filterlog as $filterent):
$evenRowClass = $rowIndex % 2 ? " listMReven" : " listMRodd";
$rowIndex++;
+ if ($filterent['version'] == '6') {
+ $srcIP = "[" . htmlspecialchars($filterent['srcip']) . "]";
+ $dstIP = "[" . htmlspecialchars($filterent['dstip']) . "]";
+ } else {
+ $srcIP = htmlspecialchars($filterent['srcip']);
+ $dstIP = htmlspecialchars($filterent['dstip']);
+ }
+
+ if ($filterent['srcport'])
+ $srcPort = ":" . htmlspecialchars($filterent['srcport']);
+ else
+ $srcPort = "";
+
+ if ($filterent['dstport'])
+ $dstPort = ":" . htmlspecialchars($filterent['dstport']);
+ else
+ $dstPort = "";
+
?>
<tr class="<?=$evenRowClass?>">
<td class="listMRlr nowrap" align="center">
@@ -197,19 +234,18 @@ function format_log_line(row) {
</td>
<td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['time']);?>"><?php echo substr(htmlspecialchars($filterent['time']),0,-3);?></td>
<td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['interface']);?>"><?php echo htmlspecialchars($filterent['interface']);?></td>
- <td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['src']);?>">
+ <td class="listMRr ellipsis nowrap" title="<?php echo $srcIP . $srcPort;?>">
<a href="diag_dns.php?host=<?php echo "{$filterent['srcip']}"; ?>" title="<?=gettext("Reverse Resolve with DNS");?>">
- <?php echo htmlspecialchars($filterent['srcip']);?></a></td>
- <td class="listMRr ellipsis nowrap" title="<?php echo htmlspecialchars($filterent['dst']);?>">
+ <?php echo $srcIP;?></a></td>
+ <td class="listMRr ellipsis nowrap" title="<?php echo $dstIP . $dstPort;?>">
<a href="diag_dns.php?host=<?php echo "{$filterent['dstip']}"; ?>" title="<?=gettext("Reverse Resolve with DNS");?>">
- <?php echo htmlspecialchars($filterent['dstip']);?></a><?php echo ":" . htmlspecialchars($filterent['dstport']);?></td>
+ <?php echo $dstIP;?></a><?php echo $dstPort;?></td>
<?php
if ($filterent['proto'] == "TCP")
$filterent['proto'] .= ":{$filterent['tcpflags']}";
?>
</tr>
<?php endforeach; ?>
- <tr style="display:none;"><td></td></tr>
</tbody>
</table>
OpenPOWER on IntegriCloud