Commit 73df7592 authored by Franco Fichtner's avatar Franco Fichtner

ipsec: strip vpn_ prefix from backend functions for clarity

(cherry picked from commit c68033bc)
parent a9d780c4
......@@ -1178,7 +1178,7 @@ function interfaces_configure()
system_routing_configure();
/* reload IPsec tunnels */
vpn_ipsec_configure();
ipsec_configure();
/* reload dhcpd (interface enabled/disabled status may have changed) */
services_dhcpd_configure();
......@@ -3262,7 +3262,7 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven
system_routing_configure($interface);
/* reload ipsec tunnels */
vpn_ipsec_configure();
ipsec_configure();
/* restart dnsmasq or unbound */
if (isset($config['dnsmasq']['enable'])) {
......
......@@ -400,7 +400,7 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
}
/* include all configuration functions */
function vpn_ipsec_convert_to_modp($index)
function ipsec_convert_to_modp($index)
{
$convertion = "";
switch ($index) {
......@@ -433,7 +433,7 @@ function vpn_ipsec_convert_to_modp($index)
return $convertion;
}
function vpn_ipsec_configure()
function ipsec_configure()
{
global $config, $p2_ealgos, $ipsec_loglevels;
......@@ -913,7 +913,7 @@ EOD;
} else {
$ealgosp1 = "ike = {$ealg_id}-{$ph1ent['hash-algorithm']}";
}
$modp = vpn_ipsec_convert_to_modp($ph1ent['dhgroup']);
$modp = ipsec_convert_to_modp($ph1ent['dhgroup']);
if (!empty($modp)) {
$ealgosp1 .= "-{$modp}";
}
......@@ -1086,7 +1086,7 @@ EOD;
foreach ($ph2ent['hash-algorithm-option'] as $halgo) {
$halgo = str_replace('hmac_', '', $halgo);
$tmpealgo = "{$ealg_id}{$keylen}-{$halgo}";
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']);
$modp = ipsec_convert_to_modp($ph2ent['pfsgroup']);
if (!empty($modp)) {
$tmpealgo .= "-{$modp}";
}
......@@ -1094,7 +1094,7 @@ EOD;
}
} else {
$tmpealgo = "{$ealg_id}{$keylen}";
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']);
$modp = ipsec_convert_to_modp($ph2ent['pfsgroup']);
if (!empty($modp)) {
$tmpealgo .= "-{$modp}";
}
......@@ -1107,7 +1107,7 @@ EOD;
foreach ($ph2ent['hash-algorithm-option'] as $halgo) {
$halgo = str_replace('hmac_', '', $halgo);
$tmpealgo = "{$ealg_id}{$ealg_kl}-{$halgo}";
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']);
$modp = ipsec_convert_to_modp($ph2ent['pfsgroup']);
if (!empty($modp)) {
$tmpealgo .= "-{$modp}";
}
......@@ -1115,7 +1115,7 @@ EOD;
}
} else {
$tmpealgo = "{$ealg_id}{$ealg_kl}";
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']);
$modp = ipsec_convert_to_modp($ph2ent['pfsgroup']);
if (!empty($modp)) {
$tmpealgo .= "-{$modp}";
}
......@@ -1128,7 +1128,7 @@ EOD;
} else if (isset($ph2ent['protocol']) && $ph2ent['protocol'] == 'ah') {
$ealgoAHsp2arr_details = array();
if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) {
$modp = vpn_ipsec_convert_to_modp($ph2ent['pfsgroup']);
$modp = ipsec_convert_to_modp($ph2ent['pfsgroup']);
foreach ($ph2ent['hash-algorithm-option'] as $tmpAHalgo) {
$tmpAHalgo = str_replace('hmac_', '', $tmpAHalgo);
if (!empty($modp)) {
......@@ -1295,10 +1295,10 @@ EOD;
/*
* Forcefully restart IPsec
* This is required for when dynamic interfaces reload
* For all other occasions the normal vpn_ipsec_configure()
* For all other occasions the normal ipsec_configure()
* will gracefully reload the settings without restarting
*/
function vpn_ipsec_force_reload($interface = '')
function ipsec_force_reload($interface = '')
{
global $config;
......@@ -1321,6 +1321,6 @@ function vpn_ipsec_force_reload($interface = '')
/* if ipsec is enabled, start up again */
if (isset($ipseccfg['enable'])) {
log_error(gettext("Forcefully reloading IPsec"));
vpn_ipsec_configure();
ipsec_configure();
}
}
......@@ -256,7 +256,7 @@ function restore_config_section_xmlrpc($new_config)
}
if (isset($old_config['ipsec']['enable']) !== isset($config['ipsec']['enable'])) {
vpn_ipsec_configure();
ipsec_configure();
}
unset($old_config);
......
......@@ -319,7 +319,7 @@ filter_configure_sync();
vpn_setup();
/* start IPsec tunnels */
$ipsec_dynamic_hosts = vpn_ipsec_configure();
$ipsec_dynamic_hosts = ipsec_configure();
/* start SNMP service */
services_snmpd_configure();
......@@ -360,7 +360,7 @@ system_syslogd_start();
/* If there are ipsec dynamic hosts try again to reload the tunnels as rc.newipsecdns does */
if ($ipsec_dynamic_hosts) {
vpn_ipsec_configure();
ipsec_configure();
filter_configure();
}
......
......@@ -50,9 +50,10 @@ if (isset($config['ipsec']['enable'])) {
$ipseclck = lock('ipsecdns', LOCK_EX);
vpn_ipsec_configure();
ipsec_configure();
if (isset($config['ipsec']['failoverforcereload']))
vpn_ipsec_force_reload();
if (isset($config['ipsec']['failoverforcereload'])) {
ipsec_force_reload();
}
unlock($ipseclck);
......@@ -201,7 +201,7 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
services_dyndns_configure($interface);
/* reconfigure IPsec tunnels */
vpn_ipsec_force_reload($interface);
ipsec_force_reload($interface);
/* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn") {
......
......@@ -127,7 +127,7 @@ if (is_ipaddrv6($oldipv6)) {
// Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) {
/* reconfigure IPsec tunnels */
vpn_ipsec_force_reload($interface);
ipsec_force_reload($interface);
/* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn")
......@@ -147,7 +147,7 @@ services_dnsupdate_process($interface);
services_dyndns_configure($interface);
/* reconfigure IPsec tunnels */
vpn_ipsec_force_reload($interface);
ipsec_force_reload($interface);
/* start OpenVPN server & clients */
if (substr($interface_real, 0, 4) != "ovpn")
......
......@@ -79,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
if (isset($_POST['apply'])) {
$retval = vpn_ipsec_configure();
$retval = ipsec_configure();
/* reload the filter in the background */
filter_configure();
$savemsg = get_std_save_message();
......@@ -91,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} elseif (isset($_POST['save'])) {
$config['ipsec']['enable'] = !empty($_POST['enable']) ? true : false;
write_config();
vpn_ipsec_configure();
ipsec_configure();
header("Location: vpn_ipsec.php");
exit;
} elseif (!empty($_POST['act']) && $_POST['act'] == "delphase1" ) {
......
......@@ -57,13 +57,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
} elseif (isset($_POST['apply'])) {
// apply changes
$retval = vpn_ipsec_configure();
/* reload the filter in the background */
ipsec_configure();
filter_configure();
$savemsg = get_std_save_message();
if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec');
}
clear_subsystem_dirty('ipsec');
} else {
// nothing to post, redirect
header("Location: vpn_ipsec_keys.php");
......
......@@ -90,14 +90,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
exit;
} elseif (isset($_POST['apply'])) {
// apply changes
$retval = 0;
$retval = vpn_ipsec_configure();
ipsec_configure();
$savemsg = get_std_save_message();
if ($retval >= 0) {
if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec');
}
}
clear_subsystem_dirty('ipsec');
header("Location: vpn_ipsec_mobile.php?savemsg=".$savemsg);
exit;
} elseif (isset($_POST['submit'])) {
......
......@@ -400,7 +400,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
/* if the remote gateway changed and the interface is not WAN then remove route */
/* the vpn_ipsec_configure() handles adding the route */
/* the ipsec_configure() handles adding the route */
if ($pconfig['interface'] <> "wan") {
if ($old_ph1ent['remote-gateway'] <> $pconfig['remote-gateway']) {
mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}");
......
......@@ -100,9 +100,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config();
$savemsg = get_std_save_message();
filter_configure();
vpn_ipsec_configure();
ipsec_configure();
}
$service_hook = 'ipsec';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment