diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-10-24 15:26:55 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2019-10-24 15:26:55 +0200 |
commit | 1d8e7c841d7eee501e9a822db727fc1eec449b5e (patch) | |
tree | 6d31b0319a71e92b2b0ef18abe6c0bd64fb55457 /src/op_mode | |
parent | 034c68aa62b5a9a493e77e8ac18f4e38ee621b25 (diff) | |
parent | 3400b1dd79702553ebbd40516bf454f3fe47885b (diff) | |
download | vyos-1x-1d8e7c841d7eee501e9a822db727fc1eec449b5e.tar.gz vyos-1x-1d8e7c841d7eee501e9a822db727fc1eec449b5e.zip |
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x:
T1762: adjust the set_level() calls to use the new list representation.
[vyos.config] T1764: support both string and list arguments in config functions.
T1759: bug fixes, missing interface IP
[vyos.config] T1758: use vyos.configtree for reading values, instead of calling cli-shell-api.
[HTTP API] Add endpoints for config file and image management.
ddclient: T1030: add cloudflare zone config entry
[service https] T1443: organize internal data by server block
[vyos.config] T1758: check that config setup has completed before calling showConfig, else, default to config.boot
[HTTP API] Use a decorator for functions that require authentication.
ddclient: T1030: adjust to latest syntax
ddclient: T1030: auto create runtime directories
ddclient: T1030: use new default configuration file path
T1759: Migrating interfaces
T1755: fixes issue with 'show vpn ipsec sa' command where lack of keysize (encr-keysize) will result in KeyError - such as for CHACHA20_POLY1305
T1755: fixes issue with 'show vpn ipsec sa' command where lack of hash (integ-alg) will result in KeyError - such as with GCM based options
Diffstat (limited to 'src/op_mode')
-rwxr-xr-x | src/op_mode/show_ipsec_sa.py | 17 | ||||
-rwxr-xr-x | src/op_mode/wireguard.py | 40 |
2 files changed, 17 insertions, 40 deletions
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py index 0828743e8..e319cc38d 100755 --- a/src/op_mode/show_ipsec_sa.py +++ b/src/op_mode/show_ipsec_sa.py @@ -82,13 +82,24 @@ for sa in sas: pkts_str = re.sub(r'B', r'', pkts_str) enc = isa["encr-alg"].decode() - key_size = isa["encr-keysize"].decode() - hash = isa["integ-alg"].decode() + if "encr-keysize" in isa: + key_size = isa["encr-keysize"].decode() + else: + key_size = "" + if "integ-alg" in isa: + hash = isa["integ-alg"].decode() + else: + hash = "" if "dh-group" in isa: dh_group = isa["dh-group"].decode() else: dh_group = "" - proposal = "{0}_{1}/{2}".format(enc, key_size, hash) + + proposal = enc + if key_size: + proposal = "{0}_{1}".format(proposal, key_size) + if hash: + proposal = "{0}/{1}".format(proposal, hash) if dh_group: proposal = "{0}/{1}".format(proposal, dh_group) diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py index f6978554d..6860aa3ea 100755 --- a/src/op_mode/wireguard.py +++ b/src/op_mode/wireguard.py @@ -23,8 +23,8 @@ import shutil import subprocess import syslog as sl import re -import time +from vyos.interface import Interface from vyos import ConfigError from vyos.config import Config @@ -40,41 +40,6 @@ def check_kmod(): sl.syslog(sl.LOG_ERR, "modprobe wireguard failed") raise ConfigError("modprobe wireguard failed") - -def showint(interface): - output = subprocess.check_output(["wg", "show", interface], universal_newlines=True) - c = Config() - c.set_level("interfaces wireguard {}".format(interface)) - description = c.return_effective_value("description".format(interface)) - """ if the interface has a description, modify the output to include it """ - if (description): - output = re.sub(r"interface: {}".format(re.escape(interface)),"interface: {}\n Description: {}".format(interface,description),output) - - """ pull the last handshake times. Assume if the handshake was greater than 5 minutes, the tunnel is down """ - peer_timeouts = {} - last_hs_output = subprocess.check_output(["wg", "show", interface, "latest-handshakes"], universal_newlines=True) - for match in re.findall(r'(\S+)\s+(\d+)',last_hs_output): - peer_timeouts[match[0]] = match[1] - - """ modify all the peers, reformat to provide VyOS config provided peername, whether the tunnel is up/down """ - for peer in c.list_effective_nodes(' peer'): - pubkey = c.return_effective_value("peer {} pubkey".format(peer)) - status = "" - if int(peer_timeouts[pubkey]) > 0: - #Five minutes and the tunnel is still up - if (time.time() - int(peer_timeouts[pubkey]) < (60*5)): - status = "UP" - else: - status = "DOWN" - elif (peer_timeouts[pubkey] is None): - status = "DOWN" - elif (int(peer_timeouts[pubkey]) == 0): - status = "DOWN" - - output = re.sub(r"peer: {}".format(re.escape(pubkey)),"peer: {}\n Status: {}\n public key: {}".format(peer,status,pubkey),output) - - print(output) - def generate_keypair(pk, pub): """ generates a keypair which is stored in /config/auth/wireguard """ old_umask = os.umask(0o027) @@ -185,7 +150,8 @@ if __name__ == '__main__': if args.listkdir: list_key_dirs() if args.showinterface: - showint(args.showinterface) + intf = Interface(args.showinterface) + intf.print_interface() if args.delkdir: if args.location: del_key_dir(args.location) |