diff --git a/database-update.sql b/database-update.sql index b3b2a0e98b..fbfaa559ef 100644 --- a/database-update.sql +++ b/database-update.sql @@ -4,3 +4,5 @@ ALTER TABLE `bgpPeers_cbgp` ADD `AcceptedPrefixes` INT NOT NULL ,ADD `DeniedP ALTER TABLE `bgpPeers_cbgp` ADD UNIQUE `unique_index` ( `device_id` , `bgpPeerIdentifier` , `afi` , `safi` ); ALTER TABLE `ports` ADD UNIQUE `device_ifIndex` ( `device_id` , `ifIndex` ); ALTER TABLE `devices` CHANGE `port` `port` SMALLINT( 5 ) UNSIGNED NOT NULL DEFAULT '161'; +CREATE TABLE IF NOT EXISTS `ipsec_tunnels` ( `tunnel_id` int(11) NOT NULL AUTO_INCREMENT, `device_id` int(11) NOT NULL, `peer_port` int(11) NOT NULL, `peer_addr` varchar(64) COLLATE utf8_unicode_ci NOT NULL, `local_addr` varchar(64) COLLATE utf8_unicode_ci NOT NULL, `local_port` int(11) NOT NULL, `tunnel_name` varchar(96) COLLATE utf8_unicode_ci NOT NULL, `tunnel_status` varchar(11) COLLATE utf8_unicode_ci NOT NULL, PRIMARY KEY (`tunnel_id`), UNIQUE KEY `unique_index` (`device_id`,`peer_addr`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci ; + diff --git a/html/includes/graphs/ipsectunnel/auth.inc.php b/html/includes/graphs/ipsectunnel/auth.inc.php new file mode 100644 index 0000000000..98ca0ffe66 --- /dev/null +++ b/html/includes/graphs/ipsectunnel/auth.inc.php @@ -0,0 +1,20 @@ + diff --git a/html/includes/graphs/ipsectunnel/bits.inc.php b/html/includes/graphs/ipsectunnel/bits.inc.php new file mode 100644 index 0000000000..4dec3cc5e9 --- /dev/null +++ b/html/includes/graphs/ipsectunnel/bits.inc.php @@ -0,0 +1,8 @@ + diff --git a/html/includes/graphs/ipsectunnel/pkts.inc.php b/html/includes/graphs/ipsectunnel/pkts.inc.php new file mode 100644 index 0000000000..eea215dcc1 --- /dev/null +++ b/html/includes/graphs/ipsectunnel/pkts.inc.php @@ -0,0 +1,19 @@ + diff --git a/html/pages/device.inc.php b/html/pages/device.inc.php index 8f59c44a4c..2fb222d20a 100644 --- a/html/pages/device.inc.php +++ b/html/pages/device.inc.php @@ -114,6 +114,9 @@ if (device_permitted($_GET['opta']) || $check_device == $_GET['opta']) ### $routing_tabs is used in device/routing/ to build the tabs menu. we built it here to save some queries + $device_routing_count['ipsec_tunnels'] = dbFetchCell("SELECT COUNT(*) FROM `ipsec_tunnels` WHERE `device_id` = ?", array($device['device_id'])); + if ($device_routing_count['ipsec_tunnels']) { $routing_tabs[] = 'ipsec_tunnels'; } + $device_routing_count['bgp'] = dbFetchCell("SELECT COUNT(*) FROM `bgpPeers` WHERE `device_id` = ?", array($device['device_id'])); if ($device_routing_count['bgp']) { $routing_tabs[] = 'bgp'; } diff --git a/html/pages/device/routing.inc.php b/html/pages/device/routing.inc.php index 72ca23bb86..280fe6b011 100644 --- a/html/pages/device/routing.inc.php +++ b/html/pages/device/routing.inc.php @@ -1,6 +1,7 @@ IPSEC Tunnels » "); + +$menu_options = array('basic' => 'Basic', + ); + +if (!$_GET['opta']) { $_GET['opta'] = "basic"; } + +$sep = ""; +foreach ($menu_options as $option => $text) +{ + if ($_GET['optd'] == $option) { echo(""); } + echo('' . $text + . ''); + if ($_GET['optd'] == $option) { echo(""); } + echo(" | "); +} + +unset($sep); + +echo(' Graphs: '); + +$graph_types = array("bits" => "Bits", + "pkts" => "Packets", + "errors" => "Errors"); + +foreach ($graph_types as $type => $descr) +{ + echo("$type_sep"); + if ($_GET['opte'] == $type) { echo(""); } + echo(''.$descr.''); + if ($_GET['opte'] == $type) { echo(""); } + +# echo('('); +# if ($_GET['opte'] == $type) { echo(""); } +# echo('Mini'); +# if ($_GET['opte'] == $type) { echo(""); } +# echo(')'); + $type_sep = " | "; +} + +print_optionbar_end(); + +echo("
"); +$i = "0"; +foreach (dbFetchRows("SELECT * FROM `ipsec_tunnels` WHERE `device_id` = ? ORDER BY `peer_addr`", array($device['device_id'])) as $tunnel) +{ + +if (is_integer($i/2)) { $bg_colour = $list_colour_a; } else { $bg_colour = $list_colour_b; } + +if($tunnel['tunnel_status'] == "active") { $tunnel_class="green"; } else { $tunnel_class="red"; } + +echo(""); +echo(""); +echo(""); +echo(""); +echo(""); + if ($_GET['optd'] == "graphs") + { + echo(''); + echo(" + "); + } + + +echo(""); +echo(""); + + + + + $i++; +} + +echo("
" . $tunnel['local_addr'] . " » " . $tunnel['peer_addr'] . "" . $tunnel['tunnel_name'] . "" . $tunnel['tunnel_status'] . "
"); + $graph_type = "ipsectunnel_" . $_GET['opte']; + +$graph_array['height'] = "100"; +$graph_array['width'] = "215"; +$graph_array['to'] = $config['time']['now']; +$graph_array['id'] = $tunnel['tunnel_id']; +$graph_array['type'] = $graph_type; + +include("includes/print-quadgraphs.inc.php"); + + + echo(" +
"); + +?> diff --git a/includes/defaults.inc.php b/includes/defaults.inc.php index 99f38d2756..1060a61e08 100644 --- a/includes/defaults.inc.php +++ b/includes/defaults.inc.php @@ -334,6 +334,7 @@ $config['poller_modules']['cisco-ipsec-flow-monitor'] = 1; $config['poller_modules']['cisco-remote-access-monitor'] = 1; $config['poller_modules']['cisco-cef'] = 1; $config['poller_modules']['cisco-mac-accounting'] = 1; +$config['poller_modules']['cipsec-tunnels'] = 1; #include("includes/polling/altiga-ssl.inc.php"); diff --git a/includes/polling/cipsec-tunnels.inc.php b/includes/polling/cipsec-tunnels.inc.php new file mode 100644 index 0000000000..ac8a66a4f5 --- /dev/null +++ b/includes/polling/cipsec-tunnels.inc.php @@ -0,0 +1,102 @@ + $tunnel) +{ + + $tunnel = array_merge($tunnel, $ike_array[$tunnel['cipSecTunIkeTunnelIndex']]); + + echo("Tunnel $index (".$tunnel['cipSecTunIkeTunnelIndex'].")\n"); + + echo("Address ".$tunnel['cikeTunRemoteValue']."\n"); + + $address = $tunnel['cikeTunRemoteValue']; + + $oids = array ( + "cipSecTunInOctets", + "cipSecTunInDecompOctets", + "cipSecTunInPkts", + "cipSecTunInDropPkts", + "cipSecTunInReplayDropPkts", + "cipSecTunInAuths", + "cipSecTunInAuthFails", + "cipSecTunInDecrypts", + "cipSecTunInDecryptFails", + "cipSecTunOutOctets", + "cipSecTunOutUncompOctets", + "cipSecTunOutPkts", + "cipSecTunOutDropPkts", + "cipSecTunOutAuths", + "cipSecTunOutAuthFails", + "cipSecTunOutEncrypts", + "cipSecTunOutEncryptFails"); + + $db_oids = array("cipSecTunStatus" => "tunnel_status", + "cikeTunLocalName" => "tunnel_name", + "cikeTunLocalValue" => "local_addr"); + + + + if(!is_array($tunnels[$tunnel['cikeTunRemoteValue']])) + { + $tunnel_id = dbInsert(array('device_id' => $device['device_id'], 'peer_addr' => $tunnel['cikeTunRemoteValue'], 'local_addr' => $tunnel['cikeTunLocalValue'], 'tunnel_name' => $tunnel['cikeTunLocalName']), 'ipsec_tunnels'); + } else { + foreach($db_oids as $db_oid => $db_value) { + $db_update[$db_value] = $tunnel[$db_oid]; + } + + $updated = dbUpdate($db_update, 'ipsec_tunnels', '`tunnel_id` = ?', array($tunnels[$tunnel['cikeTunRemoteValue']]['tunnel_id'])); + } + + if (is_numeric($tunnel['cipSecTunHcInOctets']) && is_numeric($tunnel['cipSecTunHcInDecompOctets']) && + is_numeric($tunnel['cipSecTunHcOutOctets']) && is_numeric($tunnel['cipSecTunHcOutUncompOctets'])) + { + echo("HC "); + + $tunnel['cipSecTunInOctets'] = $tunnel['cipSecTunHcInOctets']; + $tunnel['cipSecTunInDecompOctets'] = $tunnel['cipSecTunHcInDecompOctets']; + $tunnel['cipSecTunOutOctets'] = $tunnel['cipSecTunHcOutOctets']; + $tunnel['cipSecTunOutUncompOctets'] = $tunnel['cipSecTunHcOutUncompOctets']; + } + + $rrd_file = $config['rrd_dir'] . "/" . $device['hostname'] . "/ipsectunnel-".$address.".rrd"; + + $rrd_create = "RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 RRA:MAX:0.5:1:600 \ + RRA:MAX:0.5:6:700 RRA:MAX:0.5:24:775 RRA:MAX:0.5:288:797"; + + foreach ($oids as $oid) + { + $oid_ds = truncate(str_replace("cipSec", "", $oid), 19, ''); + $rrd_create .= " DS:$oid_ds:COUNTER:600:U:1000000000"; + } + + $rrdupdate = "N"; + + foreach ($oids as $oid) + { + if (is_numeric($tunnel[$oid])) + { + $value = $tunnel[$oid]; + } else { + $value = "0"; + } + $rrdupdate .= ":$value"; + } + + if (isset($tunnel['cikeTunRemoteValue'])) + { + if (!file_exists($rrd_file)) { rrdtool_create($rrd_file, $rrd_create); } + rrdtool_update($rrd_file, $rrdupdate); + #$graphs['ipsec_tunnels'] = TRUE; + } + +} + +unset($oids, $data, $data_array, $oid, $tunnel); + +?>