blob: f850e283f9b5bc76771410efcb2d6db7ec68ece5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
<?php
//set variable for custom title
$ipsec_title = "IPSec";
function get_ipsec_tunnel_sad() {
/* query SAD */
$fd = @popen("/sbin/setkey -D", "r");
$sad = array();
if ($fd) {
while (!feof($fd)) {
$line = chop(fgets($fd));
if (!$line)
continue;
if ($line == "No SAD entries.")
break;
if ($line[0] != "\t") {
if (is_array($cursa))
$sad[] = $cursa;
$cursa = array();
list($cursa['src'],$cursa['dst']) = explode(" ", $line);
$i = 0;
} else {
$linea = explode(" ", trim($line));
if ($i == 1) {
$cursa['proto'] = $linea[0];
$cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1);
} else if ($i == 2) {
$cursa['ealgo'] = $linea[1];
} else if ($i == 3) {
$cursa['aalgo'] = $linea[1];
}
}
$i++;
}
if (is_array($cursa) && count($cursa))
$sad[] = $cursa;
pclose($fd);
}
return($sad);
}
function get_ipsec_tunnel_src($tunnel) {
global $g, $config, $sad;
$if = "WAN";
if ($tunnel['interface']) {
$if = $tunnel['interface'];
$realinterface = convert_friendly_interface_to_real_interface_name($if);
$interfaceip = find_interface_ip($realinterface);
}
return $interfaceip;
}
function output_ipsec_tunnel_status($tunnel) {
global $g, $config, $sad;
$if = "WAN";
$interfaceip = get_ipsec_tunnel_src($tunnel);
$foundsrc = false;
$founddst = false;
if(!is_array($sad)) {
/* we have no sad array, bail */
return(false);
}
foreach($sad as $sa) {
if($sa['src'] == $interfaceip)
$foundsrc = true;
if($sa['dst'] == $tunnel['remote-gateway'])
$founddst = true;
}
if($foundsrc && $founddst) {
/* tunnel is up */
$iconfn = "pass";
return(true);
} else {
/* tunnel is down */
$iconfn = "reject";
return(false);
}
}
?>
|
