Projet

Général

Profil

« Précédent | Suivant » 

Révision fe12d7ea

Ajouté par Ermal il y a plus de 9 ans

Correct the functions for returning tunnel status to use strongswan status reports

Voir les différences:

etc/inc/ipsec.inc
324 324 
	global $config;
325 325 

  		




  326
  326
  
    
	if (!is_array($config['ipsec']))


  		




  327
  
  
    
		return;


  		




  
  327
  
    
		return false;


  		




  328
  328
  
    
	if (!is_array($config['ipsec']['phase1']))


  		




  329
  
  
    
		return;


  		




  
  329
  
    
		return false;


  		




  330
  330
  
    
	if (empty($config['ipsec']['phase1']))


  		




  331
  
  
    
		return;


  		




  
  331
  
    
		return false;


  		




  332
  332
  
    

  		




  333
  333
  
    
	foreach ($config['ipsec']['phase1'] as $ph1tmp) {


  		




  334
  334
  
    
	    if ($ph1tmp['ikeid'] == $ph2ent['ikeid']) {


  		




  ......




  343
  343
  
    
/*


  		




  344
  344
  
    
 * Check phase1 communications status


  		




  345
  345
  
    
 */


  		




  346
  
  
    
function ipsec_phase1_status(& $ph1ent) {


  		




  
  346
  
    
function ipsec_phase1_status($ipsec_status, $ikeid) {


  		




  347
  347
  
    

  		




  348
  
  
    
	$loc_ip = get_ipsec_tunnel_src($ph1ent);


  		




  349
  
  
    
	$rmt_ip = $ph1ent['remote-gateway'];


  		




  350
  
  
    

  		




  351
  
  
    
	if (ipsec_lookup_ipsakmp_sa($loc_ip,$rmt_ip))


  		




  352
  
  
    
		return true;


  		




  
  348
  
    
	foreach ($ipsec_status as $ike) {


  		




  
  349
  
    
		if ($ike['peerconfig'] != "con{$ikeid}")


  		




  
  350
  
    
			continue;


  		




  
  351
  
    
		if ($ike['status'] == "established")


  		




  
  352
  
    
			return true;


  		




  
  353
  
    
		break;


  		




  
  354
  
    
	}


  		




  353
  355
  
    

  		




  354
  356
  
    
	return false;


  		




  355
  357
  
    
}


  		




  ......




  357
  359
  
    
/*


  		




  358
  360
  
    
 * Check phase2 communications status


  		




  359
  361
  
    
 */


  		




  360
  
  
    
function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) {


  		




  361
  
  
    

  		




  362
  
  
    
	$loc_ip = ipsec_get_phase1_src($ph1ent);


  		




  363
  
  
    
	$rmt_ip = ipsec_get_phase1_dst($ph1ent);


  		




  
  362
  
    
function ipsec_phase2_status($ipsec_status, &$phase2) {


  		




  364
  363
  
    

  		




  365
  
  
    
	$loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true,$ph2ent['mode']);


  		




  366
  
  
    
	if (!empty($ph2ent['natlocalid']))


  		




  367
  
  
    
		$natloc_id = ipsec_idinfo_to_cidr($ph2ent['natlocalid'],true,$ph2ent['mode']);


  		




  368
  
  
    
	$rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true,$ph2ent['mode']);


  		




  369
  
  
    

  		




  370
  
  
    
	/* check for established SA in both directions */


  		




  371
  
  
    
	if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) {


  		




  372
  
  
    
		if (empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$loc_id))


  		




  373
  
  
    
			return true;


  		




  374
  
  
    
		else if (!empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id))


  		




  375
  
  
    
			return true;


  		




  376
  
  
    
	}


  		




  
  364
  
    
	if (ipsec_lookup_phase1($ph2ent,$ph1ent))


  		




  
  365
  
    
		return ipsec_phase1_status($ipsec_status, $ph1ent['ikeid']);


  		




  377
  366
  
    

  		




  378
  367
  
    
	return false;


  		




  379
  368
  
    
}


  		












  

    
      usr/local/www/diag_ipsec_xml.php
    
  





  50
  50
  
    

  		




  51
  51
  
    
$a_phase2 = &$config['ipsec']['phase2'];


  		




  52
  52
  
    

  		




  53
  
  
    
$spd = ipsec_dump_spd();


  		




  54
  
  
    
$sad = ipsec_dump_sad();


  		




  
  53
  
    
$status = ipsec_smp_dump_status();


  		




  55
  54
  
    

  		




  56
  
  
    
if(is_array($a_phase2)) {


  		




  
  55
  
    
if (is_array($status['query']) && $status['query']['ikesalist'] && $status['query']['ikesalist']['ikesa'])) {


  		




  57
  56
  
    
	foreach ($a_phase2 as $ph2ent) {


  		




  58
  57
  
    
		ipsec_lookup_phase1($ph2ent,$ph1ent);


  		




  59
  58
  
    
		$tunnel = array();


  		




  60
  59
  
    
		if (!isset($ph2ent['disabled']) && !isset($ph1ent['disabled'])) {


  		




  61
  
  
    
			if(ipsec_phase2_status($spd,$sad,$ph1ent,$ph2ent))


  		




  
  60
  
    
			if(ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ph1ent['ikeid']))


  		




  62
  61
  
    
				$tunnel['state'] = "up";


  		




  63
  62
  
    
			elseif(!isset($config['ipsec']['enable']))


  		




  64
  63
  
    
				$tunnel['state'] = "disabled";


  		












Formats disponibles :  Unified diff