Merge branch 'current' into crux

2 files changed, 27 insertions, 4 deletions

diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index 353528aba..f5452579e 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -89,6 +89,9 @@ def get_config():
       ### addresses
       if c.exists(cnf + ' address'):
         config_data['interfaces'][intfc]['addr'] = c.return_values(cnf + ' address')
+      ### interface up/down
+      if c.exists(cnf + ' disable'):
+        config_data['interfaces'][intfc]['state'] = 'disable' 
       ### listen port
       if c.exists(cnf + ' port'):
         config_data['interfaces'][intfc]['lport'] = c.return_value(cnf + ' port')
@@ -121,6 +124,7 @@ def get_config():
           if c.exists(cnf + ' peer ' + p + ' preshared-key'):
             config_data['interfaces'][intfc]['peer'][p]['psk'] = c.return_value(cnf + ' peer ' + p + ' preshared-key')
   
+
   return config_data
 
 def verify(c):
@@ -159,12 +163,21 @@ def apply(c):
   c_eff = Config()
   c_eff.set_level('interfaces wireguard')
 
+  ### link status up/down aka interface disable
+
+  for intf in c['interfaces']:
+    if c['interfaces'][intf]['state'] == 'disable':
+      sl.syslog(sl.LOG_NOTICE, "disable interface " + intf)
+      subprocess.call(['ip l s dev ' + intf + ' down ' + ' &>/dev/null'], shell=True)
+    else:
+      sl.syslog(sl.LOG_NOTICE, "enable interface " + intf)
+      subprocess.call(['ip l s dev ' + intf + ' up ' + ' &>/dev/null'], shell=True)
+
   ### deletion of a specific interface
   for intf in c['interfaces']:
     if c['interfaces'][intf]['status'] == 'delete':
       sl.syslog(sl.LOG_NOTICE, "removing interface " + intf)
       subprocess.call(['ip l d dev ' + intf + ' &>/dev/null'], shell=True)
-      
 
     ### peer deletion
     peer_eff = c_eff.list_effective_nodes( intf + ' peer')
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index c0ef1feef..3c8d678eb 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -4,17 +4,22 @@ import re
 import subprocess
 
 import tabulate
+import hurry.filesize
 
 def parse_conn_spec(s):
     # Example: ESTABLISHED 14 seconds ago, 10.0.0.2[foo]...10.0.0.1[10.0.0.1]
     return re.search(r'.*ESTABLISHED\s+(.*)ago,\s(.*)\[(.*)\]\.\.\.(.*)\[(.*)\].*', s).groups()
 
 def parse_ike_line(s):
-    # Example: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes
     try:
-        return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups()
+        # Example with traffic: AES_CBC_256/HMAC_SHA2_256_128/ECP_521, 2382660 bytes_i (1789 pkts, 2s ago), 2382660 bytes_o ...
+        return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups()
     except AttributeError:
-        return (None, None, None, None, None)
+        try:
+            # Example without traffic: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes
+            return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups()
+        except AttributeError:
+            return (None, None, None, None, None)
 
 
 # Get a list of all configured connections
@@ -35,6 +40,11 @@ for conn in connections:
             if ip == id:
                 id = None
             enc, hash, dh, bytes_in, bytes_out = parse_ike_line(status)
+
+            # Convert bytes to human-readable units
+            bytes_in = hurry.filesize.size(bytes_in)
+            bytes_out = hurry.filesize.size(bytes_out)
+
             status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, "{0}/{1}/{2}".format(enc, hash, dh)]
         except Exception as e:
             print(status)