diff options
4 files changed, 209 insertions, 2 deletions
diff --git a/applications/luci-app-strongswan-swanctl/Makefile b/applications/luci-app-strongswan-swanctl/Makefile index 0e847c7bf5..cadd2dacc5 100644 --- a/applications/luci-app-strongswan-swanctl/Makefile +++ b/applications/luci-app-strongswan-swanctl/Makefile @@ -9,8 +9,8 @@ PKG_LICENSE:=GPL-2.0-or-later PKG_MAINTAINER:=Nicholas Smith <nicholas@nbembedded.com>, Lukas Voegl <lvoegl@tdt.de> LUCI_TITLE:=LuCI support for strongSwan via swanctl -LUCI_DESCRIPTION:=Configuration for strongSwan based on swanctl -LUCI_DEPENDS:=+strongswan-swanctl +LUCI_DESCRIPTION:=Status and configuration for strongSwan based on swanctl +LUCI_DEPENDS:=+strongswan-swanctl +swanmon include ../../luci.mk diff --git a/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/status.js b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/status.js new file mode 100644 index 0000000000..d0a936cc6e --- /dev/null +++ b/applications/luci-app-strongswan-swanctl/htdocs/luci-static/resources/view/strongswan-swanctl/status.js @@ -0,0 +1,189 @@ +'use strict'; +'require view'; +'require dom'; +'require poll'; +'require fs'; +'require ui'; + +function formatTime(seconds, selectCount) { + var days = Math.floor(seconds / (60 * 60 * 24)); + var hours = Math.floor(seconds / (60 * 60)) % 24; + var minutes = Math.floor(seconds / 60) % 60; + var seconds = Math.floor(seconds % 60); + + var times = [ + [days, _('Day'), _('Days')], + [hours, _('Hour'), _('Hours')], + [minutes, _('Minute'), _('Minutes')], + [seconds, _('Second'), _('Seconds')] + ].filter(function ([time, singular, plural]) { + return time > 0; + }); + + var selectedTimes = times.slice(0, selectCount); + return selectedTimes.map(function ([time, singular, plural]) { + var unit = time > 1 ? plural : singular; + return '%d %s'.format(time, unit); + }).join(', '); +} + +function buildSection(name, table) { + return E('div', { 'class': 'cbi-section' }, [ + E('h2', [name]), + table + ]); +} + +function buildTable(rows) { + return E('table', { 'class': 'table', }, rows); +} + +function buildKeyValueTable(kvPairs) { + var rows = kvPairs.map(function (row) { + return E('tr', { 'class': 'tr' }, [ + E('td', { 'class': 'td', 'width': '33%' }, E('strong', [row[0]])), + E('td', { 'class': 'td' }, [row[1]]) + ]); + }); + return buildTable(rows); +} + +function collectErrorMessages(results) { + var errorMessages = results.reduce(function (messages, result) { + return messages.concat(result.errors.map(function (error) { + return error.message; + })); + }, []); + var uniqueErrorMessages = new Set(errorMessages); + + return [...uniqueErrorMessages]; +} + +return view.extend({ + load: function () { + return Promise.all([ + fs.exec_direct('/usr/sbin/swanmon', ['version'], 'json'), + fs.exec_direct('/usr/sbin/swanmon', ['stats'], 'json'), + fs.exec_direct('/usr/sbin/swanmon', ['list-sas'], 'json') + ]); + }, + + pollData: function (container) { + poll.add(L.bind(function () { + return this.load().then(L.bind(function (results) { + dom.content(container, this.renderContent(results)); + }, this)); + }, this)); + }, + + renderContent: function (results) { + var node = E('div', [E('div')]); + var firstNode = node.firstElementChild; + + var errorMessages = collectErrorMessages(results); + if (errorMessages.length > 0) { + var messageEls = errorMessages.map(function (message) { + return E('li', message); + }); + + firstNode.appendChild(E('h4', _('Querying strongSwan failed'))); + firstNode.appendChild(E('ul', messageEls)); + + return node; + } + + var [version, stats, sas] = results.map(function (r) { + return r.data; + }); + + var uptimeSeconds = (new Date() - new Date(stats.uptime.since)) / 1000; + var statsSection = buildSection(_('Stats'), buildKeyValueTable([ + [_('Version'), version.version], + [_('Uptime'), formatTime(uptimeSeconds, 2)], + [_('Daemon'), version.daemon], + [_('Active IKE_SAs'), stats.ikesas.total], + [_('Half-Open IKE_SAs'), stats.ikesas['half-open']] + ])); + firstNode.appendChild(statsSection); + + var tableRows = sas.map(function (conn) { + var name = Object.keys(conn)[0]; + var data = conn[name]; + var childSas = []; + + Object.entries(data['child-sas']).forEach(function ([name, data]) { + var table = buildKeyValueTable([ + [_('State'), data.state], + [_('Mode'), data.mode], + [_('Protocol'), data.protocol], + [_('Local Traffic Selectors'), data['local-ts'].join(', ')], + [_('Remote Traffic Selectors'), data['remote-ts'].join(', ')], + [_('Encryption Algorithm'), data['encr-alg']], + [_('Encryption Keysize'), data['encr-keysize']], + [_('Bytes in'), data['bytes-in']], + [_('Bytes out'), data['bytes-out']], + [_('Life Time'), formatTime(data['life-time'], 2)], + [_('Install Time'), formatTime(data['install-time'], 2)], + [_('Rekey in'), formatTime(data['rekey-time'], 2)], + [_('SPI in'), data['spi-in']], + [_('SPI out'), data['spi-out']] + ]); + childSas.push(E('div', { 'class': 'cbi-section' }, [ + E('h4', { 'style': 'margin-top: 0; padding-top: 0;' }, [name]), + table + ])); + }); + childSas.push(E('button', { + 'class': 'btn cbi-button cbi-button-apply', + 'click': ui.hideModal + }, _('Close'))); + + return E('tr', { 'class': 'tr' }, [ + E('td', { 'class': 'td' }, [name]), + E('td', { 'class': 'td' }, [data.state]), + E('td', { 'class': 'td' }, [data['remote-host']]), + E('td', { 'class': 'td' }, [data.version]), + E('td', { 'class': 'td' }, [formatTime(data.established, 2)]), + E('td', { 'class': 'td' }, [formatTime(data['reauth-time'], 2)]), + E('td', { 'class': 'td' }, [E('button', { + 'class': 'btn cbi-button cbi-button-apply', + 'click': function (ev) { + ui.showModal(_('CHILD_SAs'), childSas) + } + }, _('Show Details'))]) + ]); + }); + var connSection = buildSection(_('Security Associations (SAs)'), buildTable([ + E('tr', { 'class': 'tr' }, [ + E('th', { 'class': 'th' }, [_('Name')]), + E('th', { 'class': 'th' }, [_('State')]), + E('th', { 'class': 'th' }, [_('Remote')]), + E('th', { 'class': 'th' }, [_('IKE Version')]), + E('th', { 'class': 'th' }, [_('Established for')]), + E('th', { 'class': 'th' }, [_('Reauthentication in')]), + E('th', { 'class': 'th' }, [_('Details')]) + ]), + ...tableRows + ])); + firstNode.appendChild(connSection); + + return node; + }, + + render: function (results) { + var content = E([], [ + E('h2', [_('strongSwan Status')]), + E('div') + ]); + var container = content.lastElementChild; + + dom.content(container, this.renderContent(results)); + this.pollData(container); + + return content; + }, + + handleSaveApply: null, + handleSave: null, + handleReset: null +}); diff --git a/applications/luci-app-strongswan-swanctl/root/usr/share/luci/menu.d/luci-app-strongswan-swanctl.json b/applications/luci-app-strongswan-swanctl/root/usr/share/luci/menu.d/luci-app-strongswan-swanctl.json index 2f0c5c5d1f..d229869d64 100644 --- a/applications/luci-app-strongswan-swanctl/root/usr/share/luci/menu.d/luci-app-strongswan-swanctl.json +++ b/applications/luci-app-strongswan-swanctl/root/usr/share/luci/menu.d/luci-app-strongswan-swanctl.json @@ -11,5 +11,18 @@ "luci-app-strongswan-swanctl" ] } + }, + "admin/status/strongswan": { + "title": "strongSwan IPsec", + "order": 90, + "action": { + "type": "view", + "path": "strongswan-swanctl/status" + }, + "depends": { + "acl": [ + "luci-app-strongswan-swanctl" + ] + } } } diff --git a/applications/luci-app-strongswan-swanctl/root/usr/share/rpcd/acl.d/luci-app-strongswan-swanctl.json b/applications/luci-app-strongswan-swanctl/root/usr/share/rpcd/acl.d/luci-app-strongswan-swanctl.json index 4f022c9463..d3b44a27a2 100644 --- a/applications/luci-app-strongswan-swanctl/root/usr/share/rpcd/acl.d/luci-app-strongswan-swanctl.json +++ b/applications/luci-app-strongswan-swanctl/root/usr/share/rpcd/acl.d/luci-app-strongswan-swanctl.json @@ -2,6 +2,11 @@ "luci-app-strongswan-swanctl": { "description": "Grant access to luci-app-strongswan-swanctl", "read": { + "file": { + "/usr/sbin/swanmon version": [ "exec" ], + "/usr/sbin/swanmon stats": [ "exec" ], + "/usr/sbin/swanmon list-sas": [ "exec" ] + }, "uci": [ "ipsec" ] }, "write": { |