summaryrefslogtreecommitdiffstats
path: root/usr/local/www/widgets/include/ipsec.inc
blob: f25c20bf61f3012749f4eebe5fe88bcba83ffc46 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

<?php
//set variable for custom title
$ipsec_title = "IPSec";

function get_ipsec_tunnel_sad() {
	/* query SAD */
	$fd = @popen("/sbin/setkey -D", "r");
	$sad = array();
	if ($fd) {
		while (!feof($fd)) {
			$line = chop(fgets($fd));
			if (!$line)
				continue;
			if ($line == "No SAD entries.")
				break;
			if ($line[0] != "\t") {
				if (is_array($cursa))
					$sad[] = $cursa;
				$cursa = array();
				list($cursa['src'],$cursa['dst']) = explode(" ", $line);
				$i = 0;
			} else {
				$linea = explode(" ", trim($line));
				if ($i == 1) {
					$cursa['proto'] = $linea[0];
					$cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1);
				} else if ($i == 2) {
					$cursa['ealgo'] = $linea[1];
				} else if ($i == 3) {
					$cursa['aalgo'] = $linea[1];
				}
			}
			$i++;
		}
		if (is_array($cursa) && count($cursa))
			$sad[] = $cursa;
		pclose($fd);
	}
	return($sad);
}

function get_ipsec_tunnel_src($tunnel) {
	global $g, $config, $sad;
	$if = "WAN";
	if ($tunnel['interface']) {
		$iflabels = array('lan' => 'LAN', 'wan' => 'WAN');
 		$carpips = find_number_of_needed_carp_interfaces();
	    for($j=0; $j<$carpips; $j++) {
   			$interfaceip = find_interface_ip("carp" . $j);
  			$iflabels['carp' . $j] = $interfaceip; 
		}
		for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
			$realinterface = convert_friendly_interface_to_real_interface_name('opt' . $j);
			$iflabels['opt' . $j] = find_interface_ip($realinterface);
		}
		$realinterface = convert_friendly_interface_to_real_interface_name($if);
		$interfaceip = find_interface_ip($realinterface);
		$interfaceip = $iflabels[$tunnel['interface']];
	} else {
		$realinterface = convert_friendly_interface_to_real_interface_name($if);
		$interfaceip = find_interface_ip($realinterface);
	}
	return $interfaceip;
}

function output_ipsec_tunnel_status($tunnel) {
	global $g, $config, $sad;
	$if = "WAN";
	$interfaceip = get_ipsec_tunnel_src($tunnel);
	$foundsrc = false;
	$founddst = false;

	if(!is_array($sad)) {
		/* we have no sad array, bail */
		return(false);
	}
	foreach($sad as $sa) {
		if($sa['src'] == $interfaceip) 
			$foundsrc = true;
		if($sa['dst'] == $tunnel['remote-gateway']) 
			$founddst = true;
	}
	if($foundsrc && $founddst) { 
		/* tunnel is up */
		$iconfn = "pass";
		return(true);
	} else {
		/* tunnel is down */
		$iconfn = "reject";
		return(false);
	}
}

?>
OpenPOWER on IntegriCloud