#!/usr/bin/env python3 # # Copyright (C) 2019 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # # import sys import os import re from vyos.config import Config from vyos import ConfigError from vyos.util import popen, run from vyos import airbag airbag.enable() # Define for recovering gl_ipsec_conf = None def get_config(): c = Config() config_data = { 'qat_conf' : None, 'ipsec_conf' : None, 'openvpn_conf' : None, } if c.exists('system acceleration qat'): config_data['qat_conf'] = True if c.exists('vpn ipsec '): gl_ipsec_conf = True config_data['ipsec_conf'] = True if c.exists('interfaces openvpn'): config_data['openvpn_conf'] = True return config_data # Control configured VPN service which can use QAT def vpn_control(action): # XXX: Should these commands report failure if action == 'restore' and gl_ipsec_conf: return run('ipsec start') return run(f'ipsec {action}') def verify(c): # Check if QAT service installed if not os.path.exists('/etc/init.d/qat_service'): raise ConfigError("Warning: QAT init file not found") if c['qat_conf'] == None: return # Check if QAT device exist output, err = popen('lspci -nn', decode='utf-8') if not err: data = re.findall('(8086:19e2)|(8086:37c8)|(8086:0435)|(8086:6f54)', output) #If QAT devices found if not data: print("\t No QAT acceleration device found") sys.exit(1) def apply(c): if c['ipsec_conf']: # Shutdown VPN service which can use QAT vpn_control('stop') # Disable QAT service if c['qat_conf'] == None: run('/etc/init.d/qat_service stop') if c['ipsec_conf']: vpn_control('start') return # Run qat init.d script run('/etc/init.d/qat_service start') if c['ipsec_conf']: # Recovery VPN service vpn_control('start') if __name__ == '__main__': try: c = get_config() verify(c) apply(c) except ConfigError as e: print(e) vpn_control('restore') sys.exit(1)