ipsec/diag, list non routed connections, for https://github.com/opnsense/core/issues/1688

(cherry picked from commit d5c6ce35) (cherry picked from commit efd25658)

ipsec/diag, list non routed connections, for https://github.com/opnsense/core/issues/1688
(cherry picked from commit d5c6ce35) (cherry picked from commit efd25658)
c3214890 · Ad Schellevis · Franco Fichtner · 52815848 · c3214890 · c3214890
Commit c3214890 authored Jun 22, 2017 by Ad Schellevis Committed by Franco Fichtner Jul 06, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 14 deletions

list_status.py src/opnsense/scripts/ipsec/list_status.py +26 -14

diag_ipsec.php src/www/diag_ipsec.php +1 -0

No files found.
--- a/src/opnsense/scripts/ipsec/list_status.py
+++ b/src/opnsense/scripts/ipsec/list_status.py
 #!/usr/local/bin/python2.7
 """
-    Copyright (c) 2015 Ad Schellevis
+    Copyright (c) 2015-2017 Ad Schellevis
    All rights reserved.
    Redistribution and use in source and binary forms, with or without
@@ -40,21 +40,32 @@ except socket.error:
    print ('ipsec not active')
    sys.exit(0)
+def parse_sa(in_conn):
+    result = {'local-addrs': '', 'remote-addrs': '', 'children': '', 'local-id': '', 'remote-id': ''}
+    result['version'] = in_conn['version']
+    if 'local_addrs' in in_conn:
+        result['local-addrs'] = ','.join(in_conn['local_addrs'])
+    elif 'local-host' in in_conn:
+        result['local-addrs'] = in_conn['local-host']
+    if 'remote_addrs'  in in_conn:
+        result['remote-addrs'] =  ','.join(in_conn['remote_addrs'])
+    elif 'remote-host' in in_conn:
+        result['remote-addrs'] = in_conn['remote-host']
+    if 'children' in in_conn:
+        result['children'] = in_conn['children']
+    result['sas'] = []
+    return result
 result = dict()
 # parse connections
 for conns in s.list_conns():
    for connection_id in conns:
-        result[connection_id] = dict()
+        result[connection_id] = parse_sa(conns[connection_id])
-        result[connection_id]['version'] = conns[connection_id]['version']
+        result[connection_id]['routed'] = True
-        result[connection_id]['local-addrs'] = ','.join(conns[connection_id]['local_addrs'])
-        result[connection_id]['local-id'] = ''
        result[connection_id]['local-class'] = []
-        result[connection_id]['remote-id'] = ''
        result[connection_id]['remote-class'] = []
-        result[connection_id]['remote-addrs'] =  ','.join(conns[connection_id]['remote_addrs'])
-        result[connection_id]['children'] = conns[connection_id]['children']
-        result[connection_id]['sas'] = []
        # parse local-% and remote-% keys
        for connKey in conns[connection_id].keys():
            if connKey.find('local-') == 0:
@@ -65,14 +76,15 @@ for conns in s.list_conns():
                if 'id' in conns[connection_id][connKey]:
                    result[connection_id]['remote-id'] = conns[connection_id][connKey]['id']
                result[connection_id]['remote-class'].append(conns[connection_id][connKey]['class'])
        result[connection_id]['local-class'] = '+'.join(result[connection_id]['local-class'])
        result[connection_id]['remote-class'] = '+'.join(result[connection_id]['remote-class'])
 # attach Security Associations
 for sas in s.list_sas():
    for sa in sas:
-        if sa in result:
+        if sa not in result:
-            result[sa]['sas'].append(sas[sa])
+            result[sa] = parse_sa(sas[sa])
+            result[sa]['routed'] = False
+        result[sa]['sas'].append(sas[sa])
-print(ujson.dumps(result))
+print (ujson.dumps(result))
--- a/src/www/diag_ipsec.php
+++ b/src/www/diag_ipsec.php
@@ -210,6 +210,7 @@ include("head.inc");
                                </td>
                                <td class="hidden-xs hidden-sm">
                                  <?= $child_sa['state']?>
+                                  <?= $ipsec_conn['routed'] ? '<br/>'.gettext("Routed") : "";?>
                                </td>
                                <td>
                                    <small>