Révision fe12d7ea
Ajouté par Ermal il y a plus de 9 ans
etc/inc/ipsec.inc | ||
---|---|---|
324 | 324 |
global $config; |
325 | 325 |
|
326 | 326 |
if (!is_array($config['ipsec'])) |
327 |
return; |
|
327 |
return false;
|
|
328 | 328 |
if (!is_array($config['ipsec']['phase1'])) |
329 |
return; |
|
329 |
return false;
|
|
330 | 330 |
if (empty($config['ipsec']['phase1'])) |
331 |
return; |
|
331 |
return false;
|
|
332 | 332 |
|
333 | 333 |
foreach ($config['ipsec']['phase1'] as $ph1tmp) { |
334 | 334 |
if ($ph1tmp['ikeid'] == $ph2ent['ikeid']) { |
... | ... | |
343 | 343 |
/* |
344 | 344 |
* Check phase1 communications status |
345 | 345 |
*/ |
346 |
function ipsec_phase1_status(& $ph1ent) {
|
|
346 |
function ipsec_phase1_status($ipsec_status, $ikeid) {
|
|
347 | 347 |
|
348 |
$loc_ip = get_ipsec_tunnel_src($ph1ent); |
|
349 |
$rmt_ip = $ph1ent['remote-gateway']; |
|
350 |
|
|
351 |
if (ipsec_lookup_ipsakmp_sa($loc_ip,$rmt_ip)) |
|
352 |
return true; |
|
348 |
foreach ($ipsec_status as $ike) { |
|
349 |
if ($ike['peerconfig'] != "con{$ikeid}") |
|
350 |
continue; |
|
351 |
if ($ike['status'] == "established") |
|
352 |
return true; |
|
353 |
break; |
|
354 |
} |
|
353 | 355 |
|
354 | 356 |
return false; |
355 | 357 |
} |
... | ... | |
357 | 359 |
/* |
358 | 360 |
* Check phase2 communications status |
359 | 361 |
*/ |
360 |
function ipsec_phase2_status(& $spd,& $sad,& $ph1ent,& $ph2ent) { |
|
361 |
|
|
362 |
$loc_ip = ipsec_get_phase1_src($ph1ent); |
|
363 |
$rmt_ip = ipsec_get_phase1_dst($ph1ent); |
|
362 |
function ipsec_phase2_status($ipsec_status, &$phase2) { |
|
364 | 363 |
|
365 |
$loc_id = ipsec_idinfo_to_cidr($ph2ent['localid'],true,$ph2ent['mode']); |
|
366 |
if (!empty($ph2ent['natlocalid'])) |
|
367 |
$natloc_id = ipsec_idinfo_to_cidr($ph2ent['natlocalid'],true,$ph2ent['mode']); |
|
368 |
$rmt_id = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true,$ph2ent['mode']); |
|
369 |
|
|
370 |
/* check for established SA in both directions */ |
|
371 |
if( ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) { |
|
372 |
if (empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"in",$rmt_ip,$loc_ip,$rmt_id,$loc_id)) |
|
373 |
return true; |
|
374 |
else if (!empty($ph2ent['natlocalid']) && ipsec_lookup_ipsec_sa($spd,$sad,"out",$loc_ip,$rmt_ip,$loc_id,$rmt_id)) |
|
375 |
return true; |
|
376 |
} |
|
364 |
if (ipsec_lookup_phase1($ph2ent,$ph1ent)) |
|
365 |
return ipsec_phase1_status($ipsec_status, $ph1ent['ikeid']); |
|
377 | 366 |
|
378 | 367 |
return false; |
379 | 368 |
} |
Formats disponibles : Unified diff
Correct the functions for returning tunnel status to use strongswan status reports