luci-app-strongswan-swanctl: add missing uci options

Signed-off-by: Lukas Voegl <lvoegl@tdt.de>
author: Lukas Voegl <lvoegl@tdt.de> 2023-11-08 12:56:42 +0100
committer: Lukas Voegl <lvoegl@tdt.de> 2023-11-24 11:17:21 +0100
commit: 1aac8df6f880b94847c6518c074cad1dc3ffb408 (patch)
tree: 339e4d9bd9417403da78aa566608649fef13c8de
parent: bec5159369599a165130e924f4785789b70257a5 (diff)
1 files changed, 200 insertions, 56 deletions
diff --git a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js
index c2aeff2a7b..c18814aac3 100644
--- a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js
+++ b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/swanctl.js
@@ -5,6 +5,14 @@
 'require tools.widgets as widgets';
 'require strongswan_algorithms';
 
+function validateTimeFormat(section_id, value) {
+	if (value && !value.match(/^\d+[smhd]$/)) {
+		return _('Number must have suffix s, m, h or d');
+	}
+
+	return true;
+}
+
 function addAlgorithms(o, algorithms) {
 	algorithms.forEach(function (algorithm) {
 		if (strongswan_algorithms.isInsecure(algorithm)) {
@@ -16,6 +24,10 @@ function addAlgorithms(o, algorithms) {
 }
 
 return view.extend({
+	load: function () {
+		return uci.load('network');
+	},
+
 	render: function () {
 		var m, s, o;
 
@@ -51,70 +63,35 @@ return view.extend({
 		s.addremove = true;
 		s.nodescriptions = true;
 
-		o = s.option(form.Flag, 'enabled', _('Enabled'),
+		o = s.tab('general', _('General'));
+		o = s.tab('authentication', _('Authentication'));
+		o = s.tab('advanced', _('Advanced'));
+
+		o = s.taboption('general', form.Flag, 'enabled', _('Enabled'),
 			_('Configuration is enabled or not'));
 		o.rmempty = false;
 
-		o = s.option(form.Value, 'gateway', _('Gateway (Remote Endpoint)'),
+		o = s.taboption('general', form.Value, 'gateway', _('Gateway (Remote Endpoint)'),
 			_('IP address or FQDN name of the tunnel remote endpoint'));
 		o.datatype = 'or(hostname,ipaddr)';
 		o.rmempty = false;
 
-		o = s.option(form.Value, 'local_gateway', _('Local Gateway'),
+		o = s.taboption('general', form.Value, 'local_gateway', _('Local Gateway'),
 			_('IP address or FQDN of the tunnel local endpoint'));
 		o.datatype = 'or(hostname,ipaddr)';
 		o.modalonly = true;
 
-		o = s.option(form.Value, 'local_sourceip', _('Local Source IP'),
+		o = s.taboption('general', form.Value, 'local_sourceip', _('Local Source IP'),
 			_('Virtual IP(s) to request in IKEv2 configuration payloads requests'));
 		o.datatype = 'ipaddr';
 		o.modalonly = true;
 
-		o = s.option(form.Value, 'local_ip', _('Local IP'),
+		o = s.taboption('general', form.Value, 'local_ip', _('Local IP'),
 			_('Local address(es) to use in IKE negotiation'));
 		o.datatype = 'ipaddr';
 		o.modalonly = true;
 
-		o = s.option(form.Value, 'local_identifier', _('Local Identifier'),
-			_('Local identifier for IKE (phase 1)'));
-		o.datatype = 'string';
-		o.placeholder = 'C=US, O=Acme Corporation, CN=headquarters';
-		o.modalonly = true;
-
-		o = s.option(form.Value, 'remote_identifier', _('Remote Identifier'),
-			_('Remote identifier for IKE (phase 1)'));
-		o.datatype = 'string';
-		o.placeholder = 'C=US, O=Acme Corporation, CN=soho';
-		o.modalonly = true;
-
-		o = s.option(form.ListValue, 'authentication_method',
-			_('Authentication Method'), _('IKE authentication (phase 1)'));
-		o.modalonly = true;
-		o.value('psk', 'Pre-shared Key');
-		o.value('pubkey', 'Public Key');
-
-		o = s.option(form.Value, 'pre_shared_key', _('Pre-Shared Key'),
-			_('The pre-shared key for the tunnel'));
-		o.datatype = 'string';
-		o.password = true;
-		o.modalonly = true;
-		o.depends('authentication_method', 'psk');
-
-		o = s.option(form.Flag, 'mobike', _('MOBIKE'),
-			_('MOBIKE (IKEv2 Mobility and Multihoming Protocol)'));
-		o.default = '1';
-		o.modalonly = true;
-
-		o = s.option(form.ListValue, 'fragmentation', _('IKE Fragmentation'),
-			_('Use IKE fragmentation'));
-		o.value('yes');
-		o.value('no');
-		o.value('force');
-		o.value('accept');
-		o.default = 'yes';
-		o.modalonly = true;
-
-		o = s.option(form.MultiValue, 'crypto_proposal', _('Crypto Proposal'),
+		o = s.taboption('general', form.MultiValue, 'crypto_proposal', _('Crypto Proposal'),
 			_('List of IKE (phase 1) proposals to use for authentication'));
 		o.load = function (section_id) {
 			this.keylist = [];
@@ -135,7 +112,7 @@ return view.extend({
 		};
 		o.rmempty = false;
 
-		o = s.option(form.MultiValue, 'tunnel', _('Tunnel'),
+		o = s.taboption('general', form.MultiValue, 'tunnel', _('Tunnel'),
 			_('Name of ESP (phase 2) section'));
 		o.load = function (section_id) {
 			this.keylist = [];
@@ -154,30 +131,162 @@ return view.extend({
 		};
 		o.rmempty = false;
 
+		o = s.taboption('authentication', form.ListValue, 'authentication_method',
+			_('Authentication Method'), _('IKE authentication (phase 1)'));
+		o.modalonly = true;
+		o.value('psk', 'Pre-shared Key');
+		o.value('pubkey', 'Public Key');
+
+		o = s.taboption('authentication', form.Value, 'local_identifier', _('Local Identifier'),
+			_('Local identifier for IKE (phase 1)'));
+		o.datatype = 'string';
+		o.placeholder = 'C=US, O=Acme Corporation, CN=headquarters';
+		o.modalonly = true;
+
+		o = s.taboption('authentication', form.Value, 'remote_identifier', _('Remote Identifier'),
+			_('Remote identifier for IKE (phase 1)'));
+		o.datatype = 'string';
+		o.placeholder = 'C=US, O=Acme Corporation, CN=soho';
+		o.modalonly = true;
+
+		o = s.taboption('authentication', form.Value, 'pre_shared_key', _('Pre-Shared Key'),
+			_('The pre-shared key for the tunnel'));
+		o.datatype = 'string';
+		o.password = true;
+		o.modalonly = true;
+		o.rmempty = false;
+		o.depends('authentication_method', 'psk');
+
+		o = s.taboption('authentication', form.Value, 'local_cert', _('Local Certificate'),
+			_('Certificate pathname to use for authentication'));
+		o.datatype = 'file';
+		o.depends('authentication_method', 'pubkey');
+		o.modalonly = true;
+
+		o = s.taboption('authentication', form.Value, 'local_key', _('Local Key'),
+			_('Private key pathname to use with above certificate'));
+		o.datatype = 'file';
+		o.modalonly = true;
+
+		o = s.taboption('authentication', form.Value, 'ca_cert', _('CA Certificate'),
+			_("CA certificate that need to lie in remote peer's certificate's path of trust"));
+		o.datatype = 'file';
+		o.depends('authentication_method', 'pubkey');
+		o.modalonly = true;
+
+
+		o = s.taboption('advanced', form.Flag, 'mobike', _('MOBIKE'),
+			_('MOBIKE (IKEv2 Mobility and Multihoming Protocol)'));
+		o.default = '1';
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.ListValue, 'fragmentation', _('IKE Fragmentation'),
+			_('Use IKE fragmentation'));
+		o.value('yes');
+		o.value('no');
+		o.value('force');
+		o.value('accept');
+		o.default = 'yes';
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'keyingretries', _('Keying Retries'),
+			_('Number of retransmissions attempts during initial negotiation'));
+		o.datatype = 'uinteger';
+		o.default = '3';
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'dpddelay', _('DPD Delay'),
+			_('Interval to check liveness of a peer'));
+		o.validate = validateTimeFormat;
+		o.default = '30s';
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'inactivity', _('Inactivity'),
+			_('Interval before closing an inactive CHILD_SA'));
+		o.validate = validateTimeFormat;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'rekeytime', _('Rekey Time'),
+			_('IKEv2 interval to refresh keying material; also used to compute lifetime'));
+		o.validate = validateTimeFormat;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'overtime', _('Overtime'),
+			_('Limit on time to complete rekeying/reauthentication'));
+		o.validate = validateTimeFormat;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.ListValue, 'keyexchange', _('Keyexchange'),
+			_('Version of IKE for negotiation'));
+		o.value('ikev1', 'IKEv1 (%s)', _('deprecated'));
+		o.value('ikev2', 'IKEv2');
+		o.value('ike', 'IKE (%s, %s)'.format(_('both'), _('deprecated')));
+		o.default = 'ikev2';
+		o.modalonly = true;
+
 		// Tunnel Configuration
 		s = m.section(form.GridSection, 'tunnel', _('Tunnel Configuration'),
 			_('Define Connection Children to be used as Tunnels in Remote Configurations.'));
 		s.addremove = true;
 		s.nodescriptions = true;
 
-		o = s.option(form.DynamicList, 'local_subnet', _('Local Subnet'),
+		o = s.tab('general', _('General'));
+		o = s.tab('advanced', _('Advanced'));
+
+		o = s.taboption('general', form.DynamicList, 'local_subnet', _('Local Subnet'),
 			_('Local network(s)'));
 		o.datatype = 'subnet';
 		o.placeholder = '192.168.1.1/24';
 		o.rmempty = false;
 
-		o = s.option(form.DynamicList, 'remote_subnet', _('Remote Subnet'),
+		o = s.taboption('general', form.DynamicList, 'remote_subnet', _('Remote Subnet'),
 			_('Remote network(s)'));
 		o.datatype = 'subnet';
 		o.placeholder = '192.168.2.1/24';
 		o.rmempty = false;
 
-		o = s.option(form.Value, 'local_nat', _('Local NAT'),
+		o = s.taboption('general', form.Value, 'local_nat', _('Local NAT'),
 			_('NAT range for tunnels with overlapping IP addresses'));
 		o.datatype = 'subnet';
 		o.modalonly = true;
 
-		o = s.option(form.MultiValue, 'crypto_proposal',
+		o = s.taboption('general', form.ListValue, 'if_id', ('XFRM Interface ID'),
+			_('XFRM interface ID set on input and output interfaces'));
+		o.load = function (section_id) {
+			this.keylist = [];
+			this.vallist = [];
+
+			var xfrmSections = uci.sections('network').filter(function (section) {
+				return section.proto == 'xfrm';
+			});
+
+			xfrmSections.forEach(L.bind(function (section) {
+				this.value(section.ifid,
+					'%s (%s)'.format(section.ifid, section['.name']));
+			}, this));
+
+			return this.super('load', [section_id]);
+		}
+		o.optional = true;
+		o.modalonly = true;
+
+		o = s.taboption('general', form.ListValue, 'startaction', _('Start Action'),
+			_('Action on initial configuration load'));
+		o.value('none');
+		o.value('trap');
+		o.value('start');
+		o.default = 'trap';
+		o.modalonly = true;
+
+		o = s.taboption('general', form.ListValue, 'closeaction', _('Close Action'),
+			_('Action when CHILD_SA is closed'));
+		o.value('none');
+		o.value('trap');
+		o.value('start');
+		o.optional = true;
+		o.modalonly = true;
+
+		o = s.taboption('general', form.MultiValue, 'crypto_proposal',
 			_('Crypto Proposal (Phase 2)'),
 			_('List of ESP (phase two) proposals. Only Proposals with checked ESP flag are selectable'));
 		o.load = function (section_id) {
@@ -199,17 +308,52 @@ return view.extend({
 		};
 		o.rmempty = false;
 
-		o = s.option(form.ListValue, 'startaction', _('Start Action'),
-			_('Action on initial configuration load'));
+		o = s.taboption('advanced', form.Value, 'updown', _('Up/Down Script Path'),
+			_('Path to script to run on CHILD_SA up/down events'));
+		o.datatype = 'file';
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'lifetime', _('Lifetime'),
+			_('Maximum duration of the CHILD_SA before closing'));
+		o.validate = validateTimeFormat;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.ListValue, 'dpdaction', _('DPD Action'),
+			_('Action when DPD timeout occurs'));
 		o.value('none');
+		o.value('clear');
 		o.value('trap');
 		o.value('start');
-		o.default = 'trap';
+		o.optional = true;
 		o.modalonly = true;
 
-		o = s.option(form.Value, 'updown', _('Up/Down Script Path'),
-			_('Path to script to run on CHILD_SA up/down events'));
-		o.datatype = 'file';
+		o = s.taboption('advanced', form.Value, 'rekeytime', _('Rekey Time'),
+			_('Duration of the CHILD_SA before rekeying'));
+		o.validate = validateTimeFormat;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Flag, 'ipcomp', _('IPComp'),
+			_('Enable ipcomp compression'));
+		o.default = '0';
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.ListValue, 'hw_offload', _('H/W Offload'),
+			_('Enable Hardware offload'));
+		o.value('yes');
+		o.value('no');
+		o.value('auto');
+		o.optional = true;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'priority', _('Priority'),
+			_('Priority of the CHILD_SA'));
+		o.datatype = 'uinteger';
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'replay_window', _('Replay Window'),
+			'%s; %s'.format(_('Replay Window of the CHILD_SA'),
+				_('Values larger than 32 are supported by the Netlink backend only')));
+		o.datatype = 'uinteger';
 		o.modalonly = true;
 
 		// Crypto Proposals
author	Lukas Voegl <lvoegl@tdt.de>	2023-11-08 12:56:42 +0100
committer	Lukas Voegl <lvoegl@tdt.de>	2023-11-24 11:17:21 +0100
commit	1aac8df6f880b94847c6518c074cad1dc3ffb408 (patch)
tree	339e4d9bd9417403da78aa566608649fef13c8de
parent	bec5159369599a165130e924f4785789b70257a5 (diff)