summaryrefslogtreecommitdiff
path: root/src/op_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-10-24 15:26:55 +0200
committerChristian Poessinger <christian@poessinger.com>2019-10-24 15:26:55 +0200
commit1d8e7c841d7eee501e9a822db727fc1eec449b5e (patch)
tree6d31b0319a71e92b2b0ef18abe6c0bd64fb55457 /src/op_mode
parent034c68aa62b5a9a493e77e8ac18f4e38ee621b25 (diff)
parent3400b1dd79702553ebbd40516bf454f3fe47885b (diff)
downloadvyos-1x-1d8e7c841d7eee501e9a822db727fc1eec449b5e.tar.gz
vyos-1x-1d8e7c841d7eee501e9a822db727fc1eec449b5e.zip
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x: T1762: adjust the set_level() calls to use the new list representation. [vyos.config] T1764: support both string and list arguments in config functions. T1759: bug fixes, missing interface IP [vyos.config] T1758: use vyos.configtree for reading values, instead of calling cli-shell-api. [HTTP API] Add endpoints for config file and image management. ddclient: T1030: add cloudflare zone config entry [service https] T1443: organize internal data by server block [vyos.config] T1758: check that config setup has completed before calling showConfig, else, default to config.boot [HTTP API] Use a decorator for functions that require authentication. ddclient: T1030: adjust to latest syntax ddclient: T1030: auto create runtime directories ddclient: T1030: use new default configuration file path T1759: Migrating interfaces T1755: fixes issue with 'show vpn ipsec sa' command where lack of keysize (encr-keysize) will result in KeyError - such as for CHACHA20_POLY1305 T1755: fixes issue with 'show vpn ipsec sa' command where lack of hash (integ-alg) will result in KeyError - such as with GCM based options
Diffstat (limited to 'src/op_mode')
-rwxr-xr-xsrc/op_mode/show_ipsec_sa.py17
-rwxr-xr-xsrc/op_mode/wireguard.py40
2 files changed, 17 insertions, 40 deletions
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index 0828743e8..e319cc38d 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -82,13 +82,24 @@ for sa in sas:
pkts_str = re.sub(r'B', r'', pkts_str)
enc = isa["encr-alg"].decode()
- key_size = isa["encr-keysize"].decode()
- hash = isa["integ-alg"].decode()
+ if "encr-keysize" in isa:
+ key_size = isa["encr-keysize"].decode()
+ else:
+ key_size = ""
+ if "integ-alg" in isa:
+ hash = isa["integ-alg"].decode()
+ else:
+ hash = ""
if "dh-group" in isa:
dh_group = isa["dh-group"].decode()
else:
dh_group = ""
- proposal = "{0}_{1}/{2}".format(enc, key_size, hash)
+
+ proposal = enc
+ if key_size:
+ proposal = "{0}_{1}".format(proposal, key_size)
+ if hash:
+ proposal = "{0}/{1}".format(proposal, hash)
if dh_group:
proposal = "{0}/{1}".format(proposal, dh_group)
diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py
index f6978554d..6860aa3ea 100755
--- a/src/op_mode/wireguard.py
+++ b/src/op_mode/wireguard.py
@@ -23,8 +23,8 @@ import shutil
import subprocess
import syslog as sl
import re
-import time
+from vyos.interface import Interface
from vyos import ConfigError
from vyos.config import Config
@@ -40,41 +40,6 @@ def check_kmod():
sl.syslog(sl.LOG_ERR, "modprobe wireguard failed")
raise ConfigError("modprobe wireguard failed")
-
-def showint(interface):
- output = subprocess.check_output(["wg", "show", interface], universal_newlines=True)
- c = Config()
- c.set_level("interfaces wireguard {}".format(interface))
- description = c.return_effective_value("description".format(interface))
- """ if the interface has a description, modify the output to include it """
- if (description):
- output = re.sub(r"interface: {}".format(re.escape(interface)),"interface: {}\n Description: {}".format(interface,description),output)
-
- """ pull the last handshake times. Assume if the handshake was greater than 5 minutes, the tunnel is down """
- peer_timeouts = {}
- last_hs_output = subprocess.check_output(["wg", "show", interface, "latest-handshakes"], universal_newlines=True)
- for match in re.findall(r'(\S+)\s+(\d+)',last_hs_output):
- peer_timeouts[match[0]] = match[1]
-
- """ modify all the peers, reformat to provide VyOS config provided peername, whether the tunnel is up/down """
- for peer in c.list_effective_nodes(' peer'):
- pubkey = c.return_effective_value("peer {} pubkey".format(peer))
- status = ""
- if int(peer_timeouts[pubkey]) > 0:
- #Five minutes and the tunnel is still up
- if (time.time() - int(peer_timeouts[pubkey]) < (60*5)):
- status = "UP"
- else:
- status = "DOWN"
- elif (peer_timeouts[pubkey] is None):
- status = "DOWN"
- elif (int(peer_timeouts[pubkey]) == 0):
- status = "DOWN"
-
- output = re.sub(r"peer: {}".format(re.escape(pubkey)),"peer: {}\n Status: {}\n public key: {}".format(peer,status,pubkey),output)
-
- print(output)
-
def generate_keypair(pk, pub):
""" generates a keypair which is stored in /config/auth/wireguard """
old_umask = os.umask(0o027)
@@ -185,7 +150,8 @@ if __name__ == '__main__':
if args.listkdir:
list_key_dirs()
if args.showinterface:
- showint(args.showinterface)
+ intf = Interface(args.showinterface)
+ intf.print_interface()
if args.delkdir:
if args.location:
del_key_dir(args.location)