/usr/local/www/diag_ipsec_spd.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/diag_ipsec_spd.php @ 89a9d56b

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2	4d875b4f	Scott Ullrich	<?php
3	b46bfcf5	Bill Marquette	/* $Id$ */
4	5b237745	Scott Ullrich	/*
5			diag_ipsec_spd.php
6	4d875b4f	Scott Ullrich	Copyright (C) 2004 Scott Ullrich
7			All rights reserved.
8
9			originially part of m0n0wall (http://m0n0.ch/wall)
10	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
11			All rights reserved.
12	4d875b4f	Scott Ullrich
13	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
14			modification, are permitted provided that the following conditions are met:
15	4d875b4f	Scott Ullrich
16	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
17			this list of conditions and the following disclaimer.
18	4d875b4f	Scott Ullrich
19	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
20			notice, this list of conditions and the following disclaimer in the
21			documentation and/or other materials provided with the distribution.
22	4d875b4f	Scott Ullrich
23	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
25			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
27			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32			POSSIBILITY OF SUCH DAMAGE.
33			*/
34
35			require("guiconfig.inc");
36	b63695db	Scott Ullrich
37	0f10aee4	Bill Marquette	$pgtitle = "Diagnostics: IPSec: SPD";
38	b63695db	Scott Ullrich	include("head.inc");
39
40	5b237745	Scott Ullrich	?>
41
42			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
43			<?php include("fbegin.inc"); ?>
44	310b2c06	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
45	5b237745	Scott Ullrich	<table width="100%" border="0" cellpadding="0" cellspacing="0">
46			<tr><td>
47	b63695db	Scott Ullrich	<?php
48			$tab_array = array();
49			$tab_array[0] = array("SAD", false, "diag_ipsec_sad.php");
50			$tab_array[1] = array("SPD", true, "diag_ipsec_spd.php");
51			display_top_tabs($tab_array);
52			?>
53	5b237745	Scott Ullrich	</td></tr>
54	4d875b4f	Scott Ullrich	<tr>
55	0f10aee4	Bill Marquette	<td>
56	5b237745	Scott Ullrich	<?php
57
58			/* delete any SP? */
59			if ($_GET['act'] == "del") {
60			$fd = @popen("/usr/sbin/setkey -c > /dev/null 2>&1", "w");
61			if ($fd) {
62			fwrite($fd, "spddelete {$_GET['src']} {$_GET['dst']} any -P {$_GET['dir']} ;\n");
63			pclose($fd);
64			sleep(1);
65			}
66			}
67
68			/* query SAD */
69			$fd = @popen("/usr/sbin/setkey -DP", "r");
70			$spd = array();
71			if ($fd) {
72			while (!feof($fd)) {
73			$line = chop(fgets($fd));
74			if (!$line)
75			continue;
76			if ($line == "No SPD entries.")
77			break;
78			if ($line[0] != "\t") {
79			if (is_array($cursp))
80			$spd[] = $cursp;
81			$cursp = array();
82			$linea = explode(" ", $line);
83			$cursp['src'] = substr($linea[0], 0, strpos($linea[0], "["));
84			$cursp['dst'] = substr($linea[1], 0, strpos($linea[1], "["));
85			$i = 0;
86			} else if (is_array($cursp)) {
87			$linea = explode(" ", trim($line));
88			if ($i == 1) {
89			if ($linea[1] == "none") /* don't show default anti-lockout rule */
90			unset($cursp);
91			else
92			$cursp['dir'] = $linea[0];
93			} else if ($i == 2) {
94			$upperspec = explode("/", $linea[0]);
95			$cursp['proto'] = $upperspec[0];
96			list($cursp['ep_src'], $cursp['ep_dst']) = explode("-", $upperspec[2]);
97			}
98			}
99			$i++;
100			}
101			if (is_array($cursp) && count($cursp))
102			$spd[] = $cursp;
103			pclose($fd);
104			}
105			?>
106	033ede97	Scott Ullrich	<div id="mainarea" style="background:#eeeeee">
107	0f10aee4	Bill Marquette	<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
108			<?php if (count($spd)): ?>
109	5b237745	Scott Ullrich	<tr>
110			<td nowrap class="listhdrr">Source</td>
111			<td nowrap class="listhdrr">Destination</a></td>
112			<td nowrap class="listhdrr">Direction</td>
113			<td nowrap class="listhdrr">Protocol</td>
114			<td nowrap class="listhdrr">Tunnel endpoints</td>
115			<td nowrap class="list"></td>
116			</tr>
117			<?php
118			foreach ($spd as $sp): ?>
119			<tr>
120			<td class="listlr" valign="top"><?=htmlspecialchars($sp['src']);?></td>
121			<td class="listr" valign="top"><?=htmlspecialchars($sp['dst']);?></td>
122	06351943	Scott Ullrich	<td class="listr" valign="top"><img src="/themes/<?= $g['theme']; ?>/images/icon_<?=$sp['dir'];?>.gif" width="11" height="11" style="margin-top: 2px"></td>
123	5b237745	Scott Ullrich	<td class="listr" valign="top"><?=htmlspecialchars(strtoupper($sp['proto']));?></td>
124			<td class="listr" valign="top"><?=htmlspecialchars($sp['ep_src']);?> - <br>
125			<?=htmlspecialchars($sp['ep_dst']);?></td>
126			<td class="list" nowrap>
127			<?php
128			$args = "src=" . rawurlencode($sp['src']);
129			$args .= "&dst=" . rawurlencode($sp['dst']);
130			$args .= "&dir=" . rawurlencode($sp['dir']);
131			?>
132	06351943	Scott Ullrich	<a href="diag_ipsec_spd.php?act=del&<?=$args;?>" onclick="return confirm('Do you really want to delete this security policy?')"><img src="/themes/<?= $g['theme']; ?>/images/icon_x.gif" width="17" height="17" border="0"></a>
133	5b237745	Scott Ullrich	</td>
134	4d875b4f	Scott Ullrich
135	5b237745	Scott Ullrich	</tr>
136			<?php endforeach; ?>
137			</table>
138			<br>
139	0f10aee4	Bill Marquette	<table class="tabcont" border="0" cellspacing="0" cellpadding="6">
140	4d875b4f	Scott Ullrich	<tr>
141	677c0869	Erik Kristensen	<td width="16"><img src="/themes/<?= $g['theme']; ?>/icons/icon_in.gif" width="11" height="11"></td>
142	5b237745	Scott Ullrich	<td>incoming (as seen by firewall)</td>
143			</tr>
144	4d875b4f	Scott Ullrich	<tr>
145	5b237745	Scott Ullrich	<td colspan="5" height="4"></td>
146			</tr>
147	4d875b4f	Scott Ullrich	<tr>
148	677c0869	Erik Kristensen	<td><img src="/themes/<?= $g['theme']; ?>/icons/icon_out.gif" width="11" height="11"></td>
149	5b237745	Scott Ullrich	<td>outgoing (as seen by firewall)</td>
150			</tr>
151			<?php else: ?>
152	0f10aee4	Bill Marquette	<tr><td><p><strong>No IPsec security policies.</strong></p></td></tr>
153	5b237745	Scott Ullrich	<?php endif; ?>
154	c55a8ab9	Holger Bauer	<td colspan="4">
155			<p><span class="vexpl"><span class="red"><strong>Note:<br>
156			</strong></span>You can configure your IPSEC <a href="vpn_ipsec.php">here</a>.</span></p>
157			</td>
158	0f10aee4	Bill Marquette	</table>
159	12af52d9	Scott Ullrich	</div>
160	0f10aee4	Bill Marquette	</td></tr></table>
161	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
162			</body>
163			</html>

Project

General

Profile

pfSense