Skip to content

O
OpnSense
Commit 9766a61a authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(legacy) code style ipsec.inc

parent 4b4e32b7
Show whitespace changes
Inline Side-by-side
Showing with 326 additions and 320 deletions
src/etc/inc/ipsec.inc
View file @ 9766a61a
...@@ -33,7 +33,8 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE ...@@ -33,7 +33,8 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE
"job" => "Job Processing", "cfg" => "Configuration backend", "knl" => "Kernel Interface", "job" => "Job Processing", "cfg" => "Configuration backend", "knl" => "Kernel Interface",
"net" => "Networking", "asn" => "ASN encoding", "enc" => "Message encoding", "net" => "Networking", "asn" => "ASN encoding", "enc" => "Message encoding",
"imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service", "imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service",
"tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSWAN Lib"); "tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSWAN Lib"
);
$p1_ealgos = array( $p1_ealgos = array(
'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), 'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
...@@ -43,7 +44,8 @@ $p1_ealgos = array( ...@@ -43,7 +44,8 @@ $p1_ealgos = array(
'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), 'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
'3des' => array( 'name' => '3DES' ), '3des' => array( 'name' => '3DES' ),
'cast128' => array( 'name' => 'CAST128' ), 'cast128' => array( 'name' => 'CAST128' ),
'des' => array( 'name' => 'DES' )); 'des' => array( 'name' => 'DES' )
);
$p2_ealgos = array( $p2_ealgos = array(
'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), 'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
...@@ -53,7 +55,8 @@ $p2_ealgos = array( ...@@ -53,7 +55,8 @@ $p2_ealgos = array(
'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), 'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
'3des' => array( 'name' => '3DES' ), '3des' => array( 'name' => '3DES' ),
'cast128' => array( 'name' => 'CAST128' ), 'cast128' => array( 'name' => 'CAST128' ),
'des' => array( 'name' => 'DES' )); 'des' => array( 'name' => 'DES' )
);
$p2_halgos = array( $p2_halgos = array(
'hmac_md5' => 'MD5', 'hmac_md5' => 'MD5',
...@@ -67,7 +70,8 @@ $p2_halgos = array( ...@@ -67,7 +70,8 @@ $p2_halgos = array(
$p2_protos = array( $p2_protos = array(
'esp' => 'ESP', 'esp' => 'ESP',
'ah' => 'AH'); 'ah' => 'AH'
);
$p2_pfskeygroups = array( $p2_pfskeygroups = array(
0 => 'off', 0 => 'off',
...@@ -122,12 +126,14 @@ function ipsec_idinfo_to_cidr(& $idinfo, $addrbits = false, $mode = "") { ...@@ -122,12 +126,14 @@ function ipsec_idinfo_to_cidr(& $idinfo, $addrbits = false, $mode = "") {
switch ($idinfo['type']) { switch ($idinfo['type']) {
case "address": case "address":
if ($addrbits) { if ($addrbits) {
if ($mode == "tunnel6") if ($mode == "tunnel6") {
return $idinfo['address']."/128"; return $idinfo['address']."/128";
else } else {
return $idinfo['address']."/32"; return $idinfo['address']."/32";
} else }
} else {
return $idinfo['address']; return $idinfo['address'];
}
break; /* NOTREACHED */ break; /* NOTREACHED */
case "network": case "network":
return "{$idinfo['address']}/{$idinfo['netbits']}"; return "{$idinfo['address']}/{$idinfo['netbits']}";
...@@ -137,8 +143,9 @@ function ipsec_idinfo_to_cidr(& $idinfo, $addrbits = false, $mode = "") { ...@@ -137,8 +143,9 @@ function ipsec_idinfo_to_cidr(& $idinfo, $addrbits = false, $mode = "") {
return "0.0.0.0/0"; return "0.0.0.0/0";
break; /* NOTREACHED */ break; /* NOTREACHED */
default: default:
if (empty($mode) && !empty($idinfo['mode'])) if (empty($mode) && !empty($idinfo['mode'])) {
$mode = $idinfo['mode']; $mode = $idinfo['mode'];
}
if ($mode == "tunnel6") { if ($mode == "tunnel6") {
$address = get_interface_ipv6($idinfo['type']); $address = get_interface_ipv6($idinfo['type']);
...@@ -187,12 +194,13 @@ function ipsec_lookup_phase1(&$ph2ent, &$ph1ent) ...@@ -187,12 +194,13 @@ function ipsec_lookup_phase1(&$ph2ent, &$ph1ent)
* Check phase1 communications status * Check phase1 communications status
*/ */
function ipsec_phase1_status($ipsec_status, $ikeid) { function ipsec_phase1_status($ipsec_status, $ikeid) {
foreach ($ipsec_status as $ike) { foreach ($ipsec_status as $ike) {
if ($ike['id'] != $ikeid) if ($ike['id'] != $ikeid) {
continue; continue;
if ($ike['status'] == 'established') }
if ($ike['status'] == 'established') {
return true; return true;
}
break; break;
} }
...@@ -209,27 +217,30 @@ function ipsec_dump_spd() ...@@ -209,27 +217,30 @@ function ipsec_dump_spd()
if ($fd) { if ($fd) {
while (!feof($fd)) { while (!feof($fd)) {
$line = chop(fgets($fd)); $line = chop(fgets($fd));
if (!$line) if (!$line) {
continue; continue;
if ($line == "No SPD entries.") }
if ($line == "No SPD entries.") {
break; break;
}
if ($line[0] != "\t") { if ($line[0] != "\t") {
if (isset($cursp)) if (isset($cursp)) {
$spd[] = $cursp; $spd[] = $cursp;
}
$cursp = array(); $cursp = array();
$linea = explode(" ", $line); $linea = explode(" ", $line);
$cursp['srcid'] = substr($linea[0], 0, strpos($linea[0], "[")); $cursp['srcid'] = substr($linea[0], 0, strpos($linea[0], "["));
$cursp['dstid'] = substr($linea[1], 0, strpos($linea[1], "[")); $cursp['dstid'] = substr($linea[1], 0, strpos($linea[1], "["));
$i = 0; $i = 0;
} else if (isset($cursp)) { } elseif (isset($cursp)) {
$linea = explode(" ", trim($line)); $linea = explode(" ", trim($line));
switch($i) switch($i) {
{
case 1: case 1:
if ($linea[1] == "none") /* don't show default anti-lockout rule */ if ($linea[1] == "none") { /* don't show default anti-lockout rule */
unset($cursp); unset($cursp);
else } else {
$cursp['dir'] = $linea[0]; $cursp['dir'] = $linea[0];
}
break; break;
case 2: case 2:
$upperspec = explode("/", $linea[0]); $upperspec = explode("/", $linea[0]);
...@@ -241,8 +252,9 @@ function ipsec_dump_spd() ...@@ -241,8 +252,9 @@ function ipsec_dump_spd()
} }
$i++; $i++;
} }
if (isset($cursp) && count($cursp)) if (isset($cursp) && count($cursp)) {
$spd[] = $cursp; $spd[] = $cursp;
}
pclose($fd); pclose($fd);
} }
...@@ -259,20 +271,20 @@ function ipsec_dump_sad() ...@@ -259,20 +271,20 @@ function ipsec_dump_sad()
if ($fd) { if ($fd) {
while (!feof($fd)) { while (!feof($fd)) {
$line = chop(fgets($fd)); $line = chop(fgets($fd));
if (!$line || $line[0] == " ") if (!$line || $line[0] == " ") {
continue; continue;
if ($line == "No SAD entries.") }
if ($line == "No SAD entries.") {
break; break;
if ($line[0] != "\t") }
{ if ($line[0] != "\t") {
if (is_array($cursa)) if (is_array($cursa)) {
$sad[] = $cursa; $sad[] = $cursa;
}
$cursa = array(); $cursa = array();
list($cursa['src'],$cursa['dst']) = explode(" ", $line); list($cursa['src'],$cursa['dst']) = explode(" ", $line);
$i = 0; $i = 0;
} } else {
else
{
$linea = explode(" ", trim($line)); $linea = explode(" ", trim($line));
switch ($i) { switch ($i) {
case 1: case 1:
...@@ -295,8 +307,9 @@ function ipsec_dump_sad() ...@@ -295,8 +307,9 @@ function ipsec_dump_sad()
} }
$i++; $i++;
} }
if (is_array($cursa) && count($cursa)) if (is_array($cursa) && count($cursa)) {
$sad[] = $cursa; $sad[] = $cursa;
}
pclose($fd); pclose($fd);
} }
...@@ -316,9 +329,7 @@ function ipsec_mobilekey_sort() { ...@@ -316,9 +329,7 @@ function ipsec_mobilekey_sort() {
function ipsec_get_number_of_phase2($ikeid) { function ipsec_get_number_of_phase2($ikeid) {
global $config; global $config;
$a_phase2 = $config['ipsec']['phase2']; $a_phase2 = $config['ipsec']['phase2'];
$nbph2=0; $nbph2=0;
if (is_array($a_phase2) && count($a_phase2)) { if (is_array($a_phase2) && count($a_phase2)) {
foreach ($a_phase2 as $ph2tmp) { foreach ($a_phase2 as $ph2tmp) {
if ($ph2tmp['ikeid'] == $ikeid) { if ($ph2tmp['ikeid'] == $ikeid) {
...@@ -326,7 +337,6 @@ function ipsec_get_number_of_phase2($ikeid) { ...@@ -326,7 +337,6 @@ function ipsec_get_number_of_phase2($ikeid) {
} }
} }
} }
return $nbph2; return $nbph2;
} }
...@@ -340,55 +350,51 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) { ...@@ -340,55 +350,51 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) {
} }
$addr = ipsec_get_phase1_src($ph1ent); $addr = ipsec_get_phase1_src($ph1ent);
if (!$addr) if (!$addr) {
return array(); return array();
}
} elseif ($side == "peer") { } elseif ($side == "peer") {
$id_type = $ph1ent['peerid_type']; $id_type = $ph1ent['peerid_type'];
if (isset($ph1ent['peerid_data'])) { if (isset($ph1ent['peerid_data'])) {
$id_data = $ph1ent['peerid_data']; $id_data = $ph1ent['peerid_data'];
} }
if (isset($ph1ent['mobile'])) if (isset($ph1ent['mobile'])) {
$addr = "%any"; $addr = "%any";
else } else {
$addr = $ph1ent['remote-gateway']; $addr = $ph1ent['remote-gateway'];
}
} else { } else {
return array(); return array();
} }
$thisid_type = $id_type; $thisid_type = $id_type;
switch ($thisid_type) { switch ($thisid_type) {
case "myaddress": case "myaddress":
$thisid_type = "address"; $thisid_type = "address";
$thisid_data = $addr; $thisid_data = $addr;
break; break;
case "dyn_dns": case "dyn_dns":
$thisid_type = "address"; $thisid_type = "address";
$thisid_data = resolve_retry($id_data); $thisid_data = resolve_retry($id_data);
break; break;
case "peeraddress": case "peeraddress":
$thisid_type = "address"; $thisid_type = "address";
$thisid_data = $rgmap[$ph1ent['remote-gateway']]; $thisid_data = $rgmap[$ph1ent['remote-gateway']];
break; break;
case "address"; case "address";
$thisid_data = $id_data; $thisid_data = $id_data;
break; break;
case "fqdn"; case "fqdn";
case "keyid tag"; case "keyid tag";
case "user_fqdn"; case "user_fqdn";
case "asn1dn"; case "asn1dn";
$thisid_data = $id_data; $thisid_data = $id_data;
if( $thisid_data ) if( $thisid_data ) {
$thisid_data = "{$thisid_data}"; $thisid_data = "{$thisid_data}";
}
break; break;
} }
return array($thisid_type, $thisid_data); return array($thisid_type, $thisid_data);
} }
?> ?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023