diff options
Diffstat (limited to 'src/op_mode')
| -rwxr-xr-x | src/op_mode/cpu_summary.py | 16 | ||||
| -rwxr-xr-x | src/op_mode/dynamic_dns.py (renamed from src/op_mode/dynamic_dns_status.py) | 41 | ||||
| -rwxr-xr-x | src/op_mode/maya_date.py | 7 | ||||
| -rwxr-xr-x | src/op_mode/powerctrl.py | 255 | ||||
| -rwxr-xr-x | src/op_mode/restart_dhcp_relay.py | 53 | ||||
| -rwxr-xr-x | src/op_mode/show_dhcp.py | 167 | ||||
| -rwxr-xr-x | src/op_mode/show_dhcpv6.py | 86 | ||||
| -rwxr-xr-x | src/op_mode/show_igmpproxy.py | 241 | ||||
| -rwxr-xr-x | src/op_mode/show_ipsec_sa.py | 100 | ||||
| -rwxr-xr-x | src/op_mode/system_integrity.py | 69 | ||||
| -rwxr-xr-x | src/op_mode/wireguard.py | 109 |
11 files changed, 1026 insertions, 118 deletions
diff --git a/src/op_mode/cpu_summary.py b/src/op_mode/cpu_summary.py index 7324c75ad..cfd321522 100755 --- a/src/op_mode/cpu_summary.py +++ b/src/op_mode/cpu_summary.py @@ -1,10 +1,22 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. import re - from vyos.util import colon_separated_to_dict - FILE_NAME = '/proc/cpuinfo' with open(FILE_NAME, 'r') as f: diff --git a/src/op_mode/dynamic_dns_status.py b/src/op_mode/dynamic_dns.py index bbff01f49..0d457e247 100755 --- a/src/op_mode/dynamic_dns_status.py +++ b/src/op_mode/dynamic_dns.py @@ -1,5 +1,21 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +import os +import argparse import jinja2 import sys import time @@ -18,7 +34,7 @@ update-status: {{ entry.status }} {% endfor -%} """ -if __name__ == '__main__': +def show_status(): # Do nothing if service is not configured c = Config() if not c.exists_effective('service dns dynamic'): @@ -65,3 +81,26 @@ if __name__ == '__main__': tmpl = jinja2.Template(OUT_TMPL_SRC) print(tmpl.render(data)) + + +def update_ddns(): + os.system('systemctl stop ddclient') + os.remove(cache_file) + os.system('systemctl start ddclient') + + +def main(): + parser = argparse.ArgumentParser() + group = parser.add_mutually_exclusive_group() + group.add_argument("--status", help="Show DDNS status", action="store_true") + group.add_argument("--update", help="Update DDNS on a given interface", action="store_true") + args = parser.parse_args() + + if args.status: + show_status() + elif args.update: + update_ddns() + + +if __name__ == '__main__': + main() diff --git a/src/op_mode/maya_date.py b/src/op_mode/maya_date.py index 7d8aefc91..847b543e0 100755 --- a/src/op_mode/maya_date.py +++ b/src/op_mode/maya_date.py @@ -27,17 +27,16 @@ class MayaDate(object): It represents the number of days passed since some date in the past the Maya believed is the day our world was created. - + Tzolkin calendar is for religious purposes, it has two independent cycles of 13 and 20 days, where 13 day cycle days are numbered, and 20 day cycle days are named. - + Haab calendar is for agriculture and daily life, it's a 365 day calendar with 18 months 20 days each, and 5 nameless days. The smallest unit of the long count calendar is one day (kin). - """ """ The long count calendar uses five different base 18 or base 20 @@ -131,7 +130,7 @@ class MayaDate(object): """ Seconds in day, for conversion from timestamp """ seconds_in_day = 60 * 60 * 24 - + def __init__(self, timestamp): if timestamp is None: self.days = self.start_days diff --git a/src/op_mode/powerctrl.py b/src/op_mode/powerctrl.py index f73d6c005..2f6112fb7 100755 --- a/src/op_mode/powerctrl.py +++ b/src/op_mode/powerctrl.py @@ -1,142 +1,175 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + import os import sys import argparse -from datetime import datetime, timedelta, time as type_time, date as type_date -from subprocess import check_output,CalledProcessError,STDOUT +import subprocess import re +from datetime import datetime, timedelta, time as type_time, date as type_date +from subprocess import check_output, CalledProcessError, STDOUT + def yn(msg, default=False): - default_msg = "[Y/n]" if default else "[y/N]" - while True: - sys.stdout.write("%s %s " % (msg,default_msg)) - c = input().lower() - if c == '': - return default - elif c in ("y", "ye","yes"): - return True - elif c in ("n", "no"): - return False - else: - sys.stdout.write("Please respond with yes/y or no/n\n") + default_msg = "[Y/n]" if default else "[y/N]" + while True: + sys.stdout.write("%s %s " % (msg,default_msg)) + c = input().lower() + if c == '': + return default + elif c in ("y", "ye","yes"): + return True + elif c in ("n", "no"): + return False + else: + sys.stdout.write("Please respond with yes/y or no/n\n") def valid_time(s): - try: - return datetime.strptime(s, "%H:%M").time() - except ValueError: - return None + try: + return datetime.strptime(s, "%H:%M").time() + except ValueError: + return None def valid_date(s): + try: + return datetime.strptime(s, "%d%m%Y").date() + except ValueError: try: - return datetime.strptime(s, "%d%m%Y").date() + return datetime.strptime(s, "%d/%m/%Y").date() except ValueError: + try: + return datetime.strptime(s, "%d.%m.%Y").date() + except ValueError: try: - return datetime.strptime(s, "%d/%m/%Y").date() + return datetime.strptime(s, "%d:%m:%Y").date() except ValueError: - try: - return datetime.strptime(s, "%d.%m.%Y").date() - except ValueError: - try: - return datetime.strptime(s, "%d:%m:%Y").date() - except ValueError: - return None + return None def check_shutdown(): - try: - cmd = check_output(["/bin/systemctl","status","systemd-shutdownd.service"]) - #Shutodwn is scheduled - r = re.findall(r'Status: \"(.*)\"\n', cmd.decode())[0] - print(r) - except CalledProcessError as e: - #Shutdown is not scheduled - print("Shutdown is not scheduled") + try: + cmd = check_output(["/bin/systemctl","status","systemd-shutdownd.service"]) + #Shutodwn is scheduled + r = re.findall(r'Status: \"(.*)\"\n', cmd.decode())[0] + print(r) + except CalledProcessError as e: + #Shutdown is not scheduled + print("Shutdown is not scheduled") def cancel_shutdown(): - try: - cmd = check_output(["/sbin/shutdown","-c"]) - except CalledProcessError as e: - sys.exit("Error aborting shutdown: %s" % e) + try: + cmd = check_output(["/sbin/shutdown","-c"]) + except CalledProcessError as e: + sys.exit("Error aborting shutdown: %s" % e) def execute_shutdown(time, reboot = True, ask=True): - if not ask: - action = "reboot" if reboot else "poweroff" - if not yn("Are you sure you want to %s this system?" % action): - sys.exit(0) - - action = "-r" if reboot else "-P" - - if len(time) == 0: - cmd = check_output(["/sbin/shutdown",action,"now"],stderr=STDOUT) - print(cmd.decode().split(",",1)[0]) - return - - # Try to extract date from the first argument - if len(time) == 1: - time = time[0].split(" ",1) - - if len(time) == 1: - ts=valid_time(time[0]) - if time[0].isdigit() or valid_time(time[0]): - cmd = check_output(["/sbin/shutdown",action,time[0]],stderr=STDOUT) - else: - sys.exit("Timestamp needs to be in format of 12:34") - - elif len(time) == 2: - ts = valid_time(time[0]) - ds = valid_date(time[1]) - if ts and ds: - t = datetime.combine(ds, ts) - td = t-datetime.now() - t2 = 1+int(td.total_seconds())//60 # Get total minutes - cmd = check_output(["/sbin/shutdown",action,str(t2)],stderr=STDOUT) - else: - sys.exit("Timestamp needs to be in format of 12:34\nDatestamp in the format of DD.MM.YY") - else: - sys.exit("Could not decode time and date") + if not ask: + action = "reboot" if reboot else "poweroff" + if not yn("Are you sure you want to %s this system?" % action): + sys.exit(0) + + action = "-r" if reboot else "-P" + if len(time) == 0: + ### T870 legacy reboot job support + chk_vyatta_based_reboots() + ### + + cmd = check_output(["/sbin/shutdown",action,"now"],stderr=STDOUT) print(cmd.decode().split(",",1)[0]) + return -def main(): - parser = argparse.ArgumentParser() - parser.add_argument("--yes", "-y", - help="dont as for shutdown", - action="store_true", - dest="yes") - action = parser.add_mutually_exclusive_group(required=True) - action.add_argument("--reboot", "-r", - help="Reboot the system", - nargs="*", - metavar="Minutes|HH:MM") - - action.add_argument("--poweroff", "-p", - help="Poweroff the system", - nargs="*", - metavar="Minutes|HH:MM") - - action.add_argument("--cancel", "-c", - help="Cancel pending shutdown", - action="store_true") - - action.add_argument("--check", - help="Check pending chutdown", - action="store_true") - args = parser.parse_args() + # Try to extract date from the first argument + if len(time) == 1: + time = time[0].split(" ",1) - try: - if args.reboot: - execute_shutdown(args.reboot, reboot=True, ask=args.yes) - if args.poweroff: - execute_shutdown(args.poweroff, reboot=False,ask=args.yes) - if args.cancel: - cancel_shutdown() - if args.check: - check_shutdown() - except KeyboardInterrupt: - sys.exit("Interrupted") + if len(time) == 1: + ts = valid_time(time[0]) + if time[0].isdigit() or valid_time(time[0]): + cmd = check_output(["/sbin/shutdown",action,time[0]],stderr=STDOUT) + else: + sys.exit("Timestamp needs to be in format of 12:34") + + elif len(time) == 2: + ts = valid_time(time[0]) + ds = valid_date(time[1]) + if ts and ds: + t = datetime.combine(ds, ts) + td = t - datetime.now() + t2 = 1 + int(td.total_seconds())//60 # Get total minutes + cmd = check_output(["/sbin/shutdown",action,str(t2)],stderr=STDOUT) + else: + sys.exit("Timestamp needs to be in format of 12:34\nDatestamp in the format of DD.MM.YY") + else: + sys.exit("Could not decode time and date") + + print(cmd.decode().split(",",1)[0]) + +def chk_vyatta_based_reboots(): + ### T870 commit-confirm is still using the vyatta code base, once gone, the code below can be removed + ### legacy scheduled reboot s are using at and store the is as /var/run/<name>.job + ### name is the node of scheduled the job, commit-confirm checks for that + + f = r'/var/run/confirm.job' + if os .path.exists(f): + jid = open(f).read().strip() + if jid != 0: + subprocess.call(['sudo', 'atrm', jid]) + os.remove(f) + +def main(): + parser = argparse.ArgumentParser() + parser.add_argument("--yes", "-y", + help="dont as for shutdown", + action="store_true", + dest="yes") + action = parser.add_mutually_exclusive_group(required=True) + action.add_argument("--reboot", "-r", + help="Reboot the system", + nargs="*", + metavar="Minutes|HH:MM") + + action.add_argument("--poweroff", "-p", + help="Poweroff the system", + nargs="*", + metavar="Minutes|HH:MM") + + action.add_argument("--cancel", "-c", + help="Cancel pending shutdown", + action="store_true") + + action.add_argument("--check", + help="Check pending chutdown", + action="store_true") + args = parser.parse_args() + + try: + if args.reboot is not None: + execute_shutdown(args.reboot, reboot=True, ask=args.yes) + if args.poweroff is not None: + execute_shutdown(args.poweroff, reboot=False,ask=args.yes) + if args.cancel: + cancel_shutdown() + if args.check: + check_shutdown() + except KeyboardInterrupt: + sys.exit("Interrupted") if __name__ == "__main__": - main() + main() diff --git a/src/op_mode/restart_dhcp_relay.py b/src/op_mode/restart_dhcp_relay.py new file mode 100755 index 000000000..ab02d1eb3 --- /dev/null +++ b/src/op_mode/restart_dhcp_relay.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# File: restart_dhcp_relay.py +# Purpose: +# Restart IPv4 and IPv6 DHCP relay instances of dhcrelay service + +import sys +import argparse +import os + +import vyos.config + +parser = argparse.ArgumentParser() +parser.add_argument("--ipv4", action="store_true", help="Restart IPv4 DHCP relay") +parser.add_argument("--ipv6", action="store_true", help="Restart IPv6 DHCP relay") + +if __name__ == '__main__': + args = parser.parse_args() + c = vyos.config.Config() + + if args.ipv4: + # Do nothing if service is not configured + if not c.exists_effective('service dhcp-relay'): + print("DHCP relay service not configured") + else: + os.system('sudo systemctl restart isc-dhcp-relay.service') + + sys.exit(0) + elif args.ipv6: + # Do nothing if service is not configured + if not c.exists_effective('service dhcpv6-relay'): + print("DHCPv6 relay service not configured") + else: + os.system('sudo systemctl restart isc-dhcpv6-relay.service') + + sys.exit(0) + else: + parser.print_help() + sys.exit(1) diff --git a/src/op_mode/show_dhcp.py b/src/op_mode/show_dhcp.py new file mode 100755 index 000000000..4c4ee6355 --- /dev/null +++ b/src/op_mode/show_dhcp.py @@ -0,0 +1,167 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +import json +import argparse +import ipaddress +import tabulate +import sys + +from vyos.config import Config +from isc_dhcp_leases import Lease, IscDhcpLeases + +lease_file = "/config/dhcpd.leases" +pool_key = "shared-networkname" + +def in_pool(lease, pool): + if pool_key in lease.sets: + if lease.sets[pool_key] == pool: + return True + + return False + +def get_lease_data(lease): + data = {} + + # End time may not be present in backup leases + try: + data["expires"] = lease.end.strftime("%Y/%m/%d %H:%M:%S") + except: + data["expires"] = "" + + data["hardware_address"] = lease.ethernet + data["hostname"] = lease.hostname + data["ip"] = lease.ip + + try: + data["pool"] = lease.sets[pool_key] + except: + data["pool"] = "" + + return data + +def get_leases(leases, state=None, pool=None): + leases = IscDhcpLeases(lease_file).get() + + if state is not None: + leases = list(filter(lambda x: x.binding_state == 'active', leases)) + + if pool is not None: + leases = list(filter(lambda x: in_pool(x, pool), leases)) + + return list(map(get_lease_data, leases)) + +def show_leases(leases): + headers = ["IP address", "Hardware address", "Lease expiration", "Pool", "Client Name"] + + lease_list = [] + for l in leases: + lease_list.append([l["ip"], l["hardware_address"], l["expires"], l["pool"], l["hostname"]]) + + output = tabulate.tabulate(lease_list, headers) + + print(output) + +def get_pool_size(config, pool): + size = 0 + subnets = config.list_effective_nodes("service dhcp-server shared-network-name {0} subnet".format(pool)) + for s in subnets: + ranges = config.list_effective_nodes("service dhcp-server shared-network-name {0} subnet {1} range".format(pool, s)) + for r in ranges: + start = config.return_effective_value("service dhcp-server shared-network-name {0} subnet {1} range {2} start".format(pool, s, r)) + stop = config.return_effective_value("service dhcp-server shared-network-name {0} subnet {1} range {2} stop".format(pool, s, r)) + + size += int(ipaddress.IPv4Address(stop)) - int(ipaddress.IPv4Address(start)) + + return size + +def show_pool_stats(stats): + headers = ["Pool", "Size", "Leases", "Available", "Usage"] + output = tabulate.tabulate(stats, headers) + + print(output) + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + + group = parser.add_mutually_exclusive_group() + group.add_argument("-l", "--leases", action="store_true", help="Show DHCP leases") + group.add_argument("-s", "--statistics", action="store_true", help="Show DHCP statistics") + + parser.add_argument("-e", "--expired", action="store_true", help="Show expired leases") + parser.add_argument("-p", "--pool", type=str, action="store", help="Show lease for specific pool") + parser.add_argument("-j", "--json", action="store_true", default=False, help="Product JSON output") + + args = parser.parse_args() + + # Do nothing if service is not configured + config = Config() + if not config.exists_effective('service dhcp-server'): + print("DHCP service is not configured") + sys.exit(0) + + if args.leases: + if args.expired: + if args.pool: + leases = get_leases(lease_file, state='free', pool=args.pool) + else: + leases = get_leases(lease_file, state='free') + else: + if args.pool: + leases = get_leases(lease_file, state='active', pool=args.pool) + else: + leases = get_leases(lease_file, state='active') + + if args.json: + print(json.dumps(leases, indent=4)) + else: + show_leases(leases) + elif args.statistics: + pools = [] + + # Get relevant pools + if args.pool: + pools = [args.pool] + else: + pools = config.list_effective_nodes("service dhcp-server shared-network-name") + + # Get pool usage stats + stats = [] + for p in pools: + size = get_pool_size(config, p) + leases = len(get_leases(lease_file, state='active', pool=args.pool)) + + if size != 0: + use_percentage = round(leases / size) * 100 + else: + use_percentage = 0 + + if args.json: + pool_stats = {"pool": p, "size": size, "leases": leases, + "available": (size - leases), "percentage": use_percentage} + else: + # For tabulate + pool_stats = [p, size, leases, size - leases, "{0}%".format(use_percentage)] + stats.append(pool_stats) + + # Print stats + if args.json: + print(json.dumps(stats, indent=4)) + else: + show_pool_stats(stats) + else: + print("Use either --leases or --statistics option") diff --git a/src/op_mode/show_dhcpv6.py b/src/op_mode/show_dhcpv6.py new file mode 100755 index 000000000..bf73b92ea --- /dev/null +++ b/src/op_mode/show_dhcpv6.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +import json +import argparse +import ipaddress +import tabulate +import sys + +from vyos.config import Config +from isc_dhcp_leases import Lease, IscDhcpLeases + +lease_file = "/config/dhcpdv6.leases" + +def get_lease_data(lease): + data = {} + + # End time may not be present in backup leases + try: + data["expires"] = lease.end.strftime("%Y/%m/%d %H:%M:%S") + except: + data["expires"] = "" + + data["duid"] = lease.host_identifier_string + data["ip"] = lease.ip + + return data + +def get_leases(leases, state=None): + leases = IscDhcpLeases(lease_file).get() + + if state is not None: + leases = list(filter(lambda x: x.binding_state == 'active', leases)) + + return list(map(get_lease_data, leases)) + +def show_leases(leases): + headers = ["IPv6 address", "Lease expiration", "DUID"] + + lease_list = [] + for l in leases: + lease_list.append([l["ip"], l["expires"], l["duid"]]) + + output = tabulate.tabulate(lease_list, headers) + + print(output) + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + + group = parser.add_mutually_exclusive_group() + group.add_argument("-l", "--leases", action="store_true", help="Show DHCP leases") + group.add_argument("-s", "--statistics", action="store_true", help="Show DHCP statistics") + + parser.add_argument("-p", "--pool", type=str, action="store", help="Show lease for specific pool") + parser.add_argument("-j", "--json", action="store_true", default=False, help="Product JSON output") + + args = parser.parse_args() + + # Do nothing if service is not configured + c = Config() + if not c.exists_effective('service dhcpv6-server'): + print("DHCPv6 service is not configured") + sys.exit(0) + + if args.leases: + leases = get_leases(lease_file, state='active') + show_leases(leases) + elif args.statistics: + print("DHCPv6 statistics option is not available") + else: + print("Invalid option") diff --git a/src/op_mode/show_igmpproxy.py b/src/op_mode/show_igmpproxy.py new file mode 100755 index 000000000..5ccc16287 --- /dev/null +++ b/src/op_mode/show_igmpproxy.py @@ -0,0 +1,241 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# File: show_igmpproxy.py +# Purpose: +# Display istatistics from IPv4 IGMP proxy. +# Used by the "run show ip multicast" command tree. + +import sys +import jinja2 +import argparse +import ipaddress +import socket + +import vyos.config + +# Output Template for "show ip multicast interface" command +# +# Example: +# Interface BytesIn PktsIn BytesOut PktsOut Local +# eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65 +# eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201 +# eth0.3 0.0b 0 0.0b 0 xxx.xxx.x.7 +# tun1 0.0b 0 0.0b 0 xxx.xxx.xxx.2 +vif_out_tmpl = """ +{%- for r in data %} +{{ "%-10s"|format(r.interface) }} {{ "%-12s"|format(r.bytes_in) }} {{ "%-12s"|format(r.pkts_in) }} {{ "%-12s"|format(r.bytes_out) }} {{ "%-12s"|format(r.pkts_out) }} {{ "%-15s"|format(r.loc) }} +{%- endfor %} +""" + +# Output Template for "show ip multicast mfc" command +# +# Example: +# Group Origin In Out Pkts Bytes Wrong +# xxx.xxx.xxx.250 xxx.xx.xxx.75 -- +# xxx.xxx.xx.124 xx.xxx.xxx.26 -- +mfc_out_tmpl = """ +{%- for r in data %} +{{ "%-15s"|format(r.group) }} {{ "%-15s"|format(r.origin) }} {{ "%-12s"|format(r.pkts) }} {{ "%-12s"|format(r.bytes) }} {{ "%-12s"|format(r.wrong) }} {{ "%-10s"|format(r.iif) }} {{ "%-20s"|format(r.oifs|join(', ')) }} +{%- endfor %} +""" + +parser = argparse.ArgumentParser() +parser.add_argument("--interface", action="store_true", help="Interface Statistics") +parser.add_argument("--mfc", action="store_true", help="Multicast Forwarding Cache") + +def byte_string(size): + # convert size to integer + size = int(size) + + # One Terrabyte + s_TB = 1024 * 1024 * 1024 * 1024 + # One Gigabyte + s_GB = 1024 * 1024 * 1024 + # One Megabyte + s_MB = 1024 * 1024 + # One Kilobyte + s_KB = 1024 + # One Byte + s_B = 1 + + if size > s_TB: + return str(round((size/s_TB), 2)) + 'TB' + elif size > s_GB: + return str(round((size/s_GB), 2)) + 'GB' + elif size > s_MB: + return str(round((size/s_MB), 2)) + 'MB' + elif size > s_KB: + return str(round((size/s_KB), 2)) + 'KB' + else: + return str(round((size/s_B), 2)) + 'b' + + return None + +def kernel2ip(addr): + """ + Convert any given addr from Linux Kernel to a proper, IPv4 address + using the correct host byte order. + """ + + # Convert from hex 'FE000A0A' to decimal '4261415434' + addr = int(addr, 16) + # Kernel ABI _always_ uses network byteorder + addr = socket.ntohl(addr) + + return ipaddress.IPv4Address( addr ) + +def do_mr_vif(): + """ + Read contents of file /proc/net/ip_mr_vif and print a more human + friendly version to the command line. IPv4 addresses present as + 32bit integers in hex format are converted to IPv4 notation, too. + """ + + with open('/proc/net/ip_mr_vif', 'r') as f: + lines = len(f.readlines()) + if lines < 2: + return None + + result = { + 'data': [] + } + + # Build up table format string + table_format = { + 'interface': 'Interface', + 'pkts_in' : 'PktsIn', + 'pkts_out' : 'PktsOut', + 'bytes_in' : 'BytesIn', + 'bytes_out': 'BytesOut', + 'loc' : 'Local' + } + result['data'].append(table_format) + + # read and parse information from /proc filesystema + with open('/proc/net/ip_mr_vif', 'r') as f: + header_line = next(f) + for line in f: + data = { + 'interface': line.split()[1], + 'pkts_in' : line.split()[3], + 'pkts_out' : line.split()[5], + + # convert raw byte number to something more human readable + # Note: could be replaced by Python3 hurry.filesize module + 'bytes_in' : byte_string( line.split()[2] ), + 'bytes_out': byte_string( line.split()[4] ), + + # convert IP address from hex 'FE000A0A' to decimal '4261415434' + 'loc' : kernel2ip( line.split()[7] ), + } + result['data'].append(data) + + return result + +def do_mr_mfc(): + """ + Read contents of file /proc/net/ip_mr_cache and print a more human + friendly version to the command line. IPv4 addresses present as + 32bit integers in hex format are converted to IPv4 notation, too. + """ + + with open('/proc/net/ip_mr_cache', 'r') as f: + lines = len(f.readlines()) + if lines < 2: + return None + + # We need this to convert from interface index to a real interface name + # Thus we also skip the format identifier on list index 0 + vif = do_mr_vif()['data'][1:] + + result = { + 'data': [] + } + + # Build up table format string + table_format = { + 'group' : 'Group', + 'origin': 'Origin', + 'iif' : 'In', + 'oifs' : ['Out'], + 'pkts' : 'Pkts', + 'bytes' : 'Bytes', + 'wrong' : 'Wrong' + } + result['data'].append(table_format) + + # read and parse information from /proc filesystem + with open('/proc/net/ip_mr_cache', 'r') as f: + header_line = next(f) + for line in f: + data = { + # convert IP address from hex 'FE000A0A' to decimal '4261415434' + 'group' : kernel2ip( line.split()[0] ), + 'origin': kernel2ip( line.split()[1] ), + + 'iif' : '--', + 'pkts' : '', + 'bytes' : '', + 'wrong' : '', + 'oifs' : [] + } + + iif = int( line.split()[2] ) + if not ((iif == -1) or (iif == 65535)): + data['pkts'] = line.split()[3] + data['bytes'] = byte_string( line.split()[4] ) + data['wrong'] = line.split()[5] + + # convert index to real interface name + data['iif'] = vif[iif]['interface'] + + # convert each output interface index to a real interface name + for oif in line.split()[6:]: + idx = int( oif.split(':')[0] ) + data['oifs'].append( vif[idx]['interface'] ) + + result['data'].append(data) + + return result + +if __name__ == '__main__': + args = parser.parse_args() + + # Do nothing if service is not configured + c = vyos.config.Config() + if not c.exists_effective('protocols igmp-proxy'): + print("IGMP proxy is not configured") + sys.exit(0) + + if args.interface: + data = do_mr_vif() + if data: + tmpl = jinja2.Template(vif_out_tmpl) + print(tmpl.render(data)) + + sys.exit(0) + elif args.mfc: + data = do_mr_mfc() + if data: + tmpl = jinja2.Template(mfc_out_tmpl) + print(tmpl.render(data)) + + sys.exit(0) + else: + parser.print_help() + sys.exit(1) + diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py new file mode 100755 index 000000000..0828743e8 --- /dev/null +++ b/src/op_mode/show_ipsec_sa.py @@ -0,0 +1,100 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2019 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import re +import sys + +import vici +import tabulate +import hurry.filesize + +import vyos.util + + +try: + session = vici.Session() + sas = session.list_sas() +except PermissionError: + print("You do not have a permission to connect to the IPsec daemon") + sys.exit(1) +except ConnectionRefusedError: + print("IPsec is not runing") + sys.exit(1) +except Exception as e: + print("An error occured: {0}".format(e)) + sys.exit(1) + +sa_data = [] + +for sa in sas: + # list_sas() returns a list of single-item dicts + for peer in sa: + parent_sa = sa[peer] + + if parent_sa["state"] == b"ESTABLISHED": + state = "up" + else: + state = "down" + + if state == "up": + uptime = vyos.util.seconds_to_human(parent_sa["established"].decode()) + else: + uptime = "N/A" + + remote_host = parent_sa["remote-host"].decode() + remote_id = parent_sa["remote-id"].decode() + + if remote_host == remote_id: + remote_id = "N/A" + + # The counters can only be obtained from the child SAs + child_sas = parent_sa["child-sas"] + installed_sas = {k: v for k, v in child_sas.items() if v["state"] == b"INSTALLED"} + + if not installed_sas: + data = [peer, state, "N/A", "N/A", "N/A", "N/A", "N/A", "N/A"] + sa_data.append(data) + else: + for csa in installed_sas: + isa = installed_sas[csa] + + bytes_in = hurry.filesize.size(int(isa["bytes-in"].decode())) + bytes_out = hurry.filesize.size(int(isa["bytes-out"].decode())) + bytes_str = "{0}/{1}".format(bytes_in, bytes_out) + + pkts_in = hurry.filesize.size(int(isa["packets-in"].decode()), system=hurry.filesize.si) + pkts_out = hurry.filesize.size(int(isa["packets-out"].decode()), system=hurry.filesize.si) + pkts_str = "{0}/{1}".format(pkts_in, pkts_out) + # Remove B from <1K values + pkts_str = re.sub(r'B', r'', pkts_str) + + enc = isa["encr-alg"].decode() + key_size = isa["encr-keysize"].decode() + hash = isa["integ-alg"].decode() + if "dh-group" in isa: + dh_group = isa["dh-group"].decode() + else: + dh_group = "" + proposal = "{0}_{1}/{2}".format(enc, key_size, hash) + if dh_group: + proposal = "{0}/{1}".format(proposal, dh_group) + + data = [peer, state, uptime, bytes_str, pkts_str, remote_host, remote_id, proposal] + sa_data.append(data) + +headers = ["Connection", "State", "Uptime", "Bytes In/Out", "Packets In/Out", "Remote address", "Remote ID", "Proposal"] +output = tabulate.tabulate(sa_data, headers) +print(output) diff --git a/src/op_mode/system_integrity.py b/src/op_mode/system_integrity.py new file mode 100755 index 000000000..886d94f16 --- /dev/null +++ b/src/op_mode/system_integrity.py @@ -0,0 +1,69 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# + +import sys +import os +import subprocess +import re +import itertools +from datetime import datetime, timedelta + +verf = r'/usr/libexec/vyos/op_mode/version.py' + +def get_sys_build_version(): + if not os.path.exists(verf): + return None + + a = subprocess.check_output(['/usr/libexec/vyos/op_mode/version.py']).decode() + if re.search('^Built on:.+',a, re.M) == None: + return None + + dt = ( re.sub('Built on: +','', re.search('^Built on:.+',a, re.M).group(0)) ) + return datetime.strptime(dt,'%a %d %b %Y %H:%M %Z') + +def check_pkgs(dt): + pkg_diffs = { + 'buildtime' : str(dt), + 'pkg' : {} + } + + pkg_info = os.listdir('/var/lib/dpkg/info/') + for file in pkg_info: + if re.search('\.list$', file): + fts = os.stat('/var/lib/dpkg/info/' + file).st_mtime + dt_str = (datetime.utcfromtimestamp(fts).strftime('%Y-%m-%d %H:%M:%S')) + fdt = datetime.strptime(dt_str, '%Y-%m-%d %H:%M:%S') + if fdt > dt: + pkg_diffs['pkg'].update( { str(re.sub('\.list','',file)) : str(fdt)}) + + if len(pkg_diffs['pkg']) != 0: + return pkg_diffs + else: + return None + +def main(): + dt = get_sys_build_version() + pkgs = check_pkgs(dt) + if pkgs != None: + print ("The following packages don\'t fit the image creation time\nbuild time:\t" + pkgs['buildtime']) + for k, v in pkgs['pkg'].items(): + print ("installed: " + v + '\t' + k) + +if __name__ == '__main__': + sys.exit( main() ) + diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py new file mode 100755 index 000000000..66622c04c --- /dev/null +++ b/src/op_mode/wireguard.py @@ -0,0 +1,109 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# + +import argparse +import os +import sys +import subprocess +import syslog as sl + +from vyos import ConfigError + +dir = r'/config/auth/wireguard' +pk = dir + '/private.key' +pub = dir + '/public.key' +psk = dir + '/preshared.key' + +def check_kmod(): + """ check if kmod is loaded, if not load it """ + if not os.path.exists('/sys/module/wireguard'): + sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod") + if os.system('sudo modprobe wireguard') != 0: + sl.syslog(sl.LOG_ERR, "modprobe wireguard failed") + raise ConfigError("modprobe wireguard failed") + +def generate_keypair(): + """ generates a keypair which is stored in /config/auth/wireguard """ + ret = subprocess.call(['wg genkey | tee ' + pk + '|wg pubkey > ' + pub], shell=True) + if ret != 0: + raise ConfigError("wireguard key-pair generation failed") + else: + sl.syslog(sl.LOG_NOTICE, "new keypair wireguard key generated in " + dir) + +def genkey(): + """ helper function to check, regenerate the keypair """ + old_umask = os.umask(0o077) + if os.path.exists(pk) and os.path.exists(pub): + try: + choice = input("You already have a wireguard key-pair already, do you want to re-generate? [y/n] ") + if choice == 'y' or choice == 'Y': + generate_keypair() + except KeyboardInterrupt: + sys.exit(0) + else: + """ if keypair is bing executed from a running iso """ + if not os.path.exists(dir): + os.umask(old_umask) + subprocess.call(['sudo mkdir -p ' + dir], shell=True) + subprocess.call(['sudo chgrp vyattacfg ' + dir], shell=True) + subprocess.call(['sudo chmod 770 ' + dir], shell=True) + generate_keypair() + os.umask(old_umask) + +def showkey(key): + """ helper function to show privkey or pubkey """ + if key == "pub": + if os.path.exists(pub): + print ( open(pub).read().strip() ) + else: + print("no public key found") + + if key == "pk": + if os.path.exists(pk): + print ( open(pk).read().strip() ) + else: + print("no private key found") + +def genpsk(): + """ generates a preshared key and shows it on stdout, it's stroed only in the config """ + subprocess.call(['wg genpsk'], shell=True) + +if __name__ == '__main__': + check_kmod() + + parser = argparse.ArgumentParser(description='wireguard key management') + parser.add_argument('--genkey', action="store_true", help='generate key-pair') + parser.add_argument('--showpub', action="store_true", help='shows public key') + parser.add_argument('--showpriv', action="store_true", help='shows private key') + parser.add_argument('--genpsk', action="store_true", help='generates preshared-key') + args = parser.parse_args() + + try: + if args.genkey: + genkey() + if args.showpub: + showkey("pub") + if args.showpriv: + showkey("pk") + if args.genpsk: + genpsk() + + except ConfigError as e: + print(e) + sys.exit(1) + |