summaryrefslogtreecommitdiff
path: root/src/op_mode
diff options
context:
space:
mode:
Diffstat (limited to 'src/op_mode')
-rwxr-xr-xsrc/op_mode/generate_public_key_command.py41
-rwxr-xr-xsrc/op_mode/ping.py7
-rwxr-xr-xsrc/op_mode/show_wwan.py78
-rwxr-xr-xsrc/op_mode/vpn_ike_sa.py8
-rwxr-xr-xsrc/op_mode/vpn_ipsec.py13
5 files changed, 137 insertions, 10 deletions
diff --git a/src/op_mode/generate_public_key_command.py b/src/op_mode/generate_public_key_command.py
new file mode 100755
index 000000000..7a7b6c923
--- /dev/null
+++ b/src/op_mode/generate_public_key_command.py
@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import sys
+import urllib.parse
+
+import vyos.remote
+
+def get_key(path):
+ url = urllib.parse.urlparse(path)
+ if url.scheme == 'file' or url.scheme == '':
+ with open(os.path.expanduser(path), 'r') as f:
+ key_string = f.read()
+ else:
+ key_string = vyos.remote.get_remote_config(path)
+ return key_string.split()
+
+username = sys.argv[1]
+algorithm, key, identifier = get_key(sys.argv[2])
+
+print('# To add this key as an embedded key, run the following commands:')
+print('configure')
+print(f'set system login user {username} authentication public-keys {identifier} key {key}')
+print(f'set system login user {username} authentication public-keys {identifier} type {algorithm}')
+print('commit')
+print('save')
+print('exit')
diff --git a/src/op_mode/ping.py b/src/op_mode/ping.py
index 29b430d53..924a889db 100755
--- a/src/op_mode/ping.py
+++ b/src/op_mode/ping.py
@@ -50,6 +50,11 @@ options = {
'type': '<seconds>',
'help': 'Number of seconds before ping exits'
},
+ 'do-not-fragment': {
+ 'ping': '{command} -M dont',
+ 'type': 'noarg',
+ 'help': 'Set DF-bit flag to 1 for no fragmentation'
+ },
'flood': {
'ping': 'sudo {command} -f',
'type': 'noarg',
@@ -227,4 +232,4 @@ if __name__ == '__main__':
# print(f'{command} {host}')
os.system(f'{command} {host}')
-
+ \ No newline at end of file
diff --git a/src/op_mode/show_wwan.py b/src/op_mode/show_wwan.py
new file mode 100755
index 000000000..249dda2a5
--- /dev/null
+++ b/src/op_mode/show_wwan.py
@@ -0,0 +1,78 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import argparse
+
+from sys import exit
+from vyos.util import cmd
+
+parser = argparse.ArgumentParser()
+parser.add_argument("--model", help="Get module model", action="store_true")
+parser.add_argument("--revision", help="Get module revision", action="store_true")
+parser.add_argument("--capabilities", help="Get module capabilities", action="store_true")
+parser.add_argument("--imei", help="Get module IMEI/ESN/MEID", action="store_true")
+parser.add_argument("--imsi", help="Get module IMSI", action="store_true")
+parser.add_argument("--msisdn", help="Get module MSISDN", action="store_true")
+parser.add_argument("--sim", help="Get SIM card status", action="store_true")
+parser.add_argument("--signal", help="Get current RF signal info", action="store_true")
+parser.add_argument("--firmware", help="Get current RF signal info", action="store_true")
+
+required = parser.add_argument_group('Required arguments')
+required.add_argument("--interface", help="WWAN interface name, e.g. wwan0", required=True)
+
+def qmi_cmd(device, command, silent=False):
+ tmp = cmd(f'qmicli --device={device} --device-open-proxy {command}')
+ tmp = tmp.replace(f'[{cdc}] ', '')
+ if not silent:
+ # skip first line as this only holds the info headline
+ for line in tmp.splitlines()[1:]:
+ print(line.lstrip())
+ return tmp
+
+if __name__ == '__main__':
+ args = parser.parse_args()
+
+ # remove the WWAN prefix from the interface, required for the CDC interface
+ if_num = args.interface.replace('wwan','')
+ cdc = f'/dev/cdc-wdm{if_num}'
+
+ if args.model:
+ qmi_cmd(cdc, '--dms-get-model')
+ elif args.capabilities:
+ qmi_cmd(cdc, '--dms-get-capabilities')
+ qmi_cmd(cdc, '--dms-get-band-capabilities')
+ elif args.revision:
+ qmi_cmd(cdc, '--dms-get-revision')
+ elif args.imei:
+ qmi_cmd(cdc, '--dms-get-ids')
+ elif args.imsi:
+ qmi_cmd(cdc, '--dms-uim-get-imsi')
+ elif args.msisdn:
+ qmi_cmd(cdc, '--dms-get-msisdn')
+ elif args.sim:
+ qmi_cmd(cdc, '--uim-get-card-status')
+ elif args.signal:
+ qmi_cmd(cdc, '--nas-get-signal-info')
+ qmi_cmd(cdc, '--nas-get-rf-band-info')
+ elif args.firmware:
+ tmp = qmi_cmd(cdc, '--dms-get-manufacturer', silent=True)
+ if 'Sierra Wireless' in tmp:
+ qmi_cmd(cdc, '--dms-swi-get-current-firmware')
+ else:
+ qmi_cmd(cdc, '--dms-get-software-version')
+ else:
+ parser.print_help()
+ exit(1)
diff --git a/src/op_mode/vpn_ike_sa.py b/src/op_mode/vpn_ike_sa.py
index 28da9f8dc..622498a7f 100755
--- a/src/op_mode/vpn_ike_sa.py
+++ b/src/op_mode/vpn_ike_sa.py
@@ -36,9 +36,9 @@ def ike_sa(peer, nat):
peers = []
for conn in sas:
for name, sa in conn.items():
- if peer and not name.startswith('peer-' + peer):
+ if peer and not name.startswith('peer_' + peer):
continue
- if name.startswith('peer-') and name in peers:
+ if name.startswith('peer_') and name in peers:
continue
if nat and 'nat-local' not in sa:
continue
@@ -49,7 +49,9 @@ def ike_sa(peer, nat):
print('%-39s %-39s' % (remote_str, local_str))
state = 'up' if 'state' in sa and s(sa['state']) == 'ESTABLISHED' else 'down'
version = 'IKEv' + s(sa['version'])
- encryption = f'{s(sa["encr-alg"])}_{s(sa["encr-keysize"])}' if 'encr-alg' in sa else 'n/a'
+ encryption = f'{s(sa["encr-alg"])}' if 'encr-alg' in sa else 'n/a'
+ if 'encr-keysize' in sa:
+ encryption += '_' + s(sa["encr-keysize"])
integrity = s(sa['integ-alg']) if 'integ-alg' in sa else 'n/a'
dh_group = s(sa['dh-group']) if 'dh-group' in sa else 'n/a'
natt = 'yes' if 'nat-local' in sa and s(sa['nat-local']) == 'yes' else 'no'
diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py
index 434186abb..582b5ef95 100755
--- a/src/op_mode/vpn_ipsec.py
+++ b/src/op_mode/vpn_ipsec.py
@@ -100,13 +100,13 @@ def generate_x509_pair(name):
print(f'Private key: {X509_PATH}{name}.key')
def get_peer_connections(peer, tunnel, return_all = False):
- search = rf'^conn (peer-{peer}-(tunnel-[\d]+|vti))$'
+ search = rf'^[\s]*(peer_{peer}_(tunnel_[\d]+|vti)).*'
matches = []
- with open(IPSEC_CONF, 'r') as f:
+ with open(SWANCTL_CONF, 'r') as f:
for line in f.readlines():
result = re.match(search, line)
if result:
- suffix = f'tunnel-{tunnel}' if tunnel.isnumeric() else tunnel
+ suffix = f'tunnel_{tunnel}' if tunnel.isnumeric() else tunnel
if return_all or (result[2] == suffix):
matches.append(result[1])
return matches
@@ -171,13 +171,14 @@ def debug_peer(peer, tunnel):
if not tunnel or tunnel == 'all':
tunnel = ''
- conn = get_peer_connection(peer, tunnel)
+ conn = get_peer_connections(peer, tunnel)
- if not conn:
+ if not conns:
print('Peer not found, aborting')
return
- call(f'sudo /usr/sbin/ipsec statusall | grep {conn}')
+ for conn in conns:
+ call(f'sudo /usr/sbin/ipsec statusall | grep {conn}')
if __name__ == '__main__':
parser = argparse.ArgumentParser()