diff options
| author | Marat Nepomnyashy <marat@vyatta.com> | 2008-01-03 13:44:11 -0800 |
|---|---|---|
| committer | Marat Nepomnyashy <marat@vyatta.com> | 2008-01-03 13:44:11 -0800 |
| commit | 9898653db6226eef9c5ac4e7dc9b6470d96bfb63 (patch) | |
| tree | 984e12dde2bc8ea2ab07d63af5bb860f38ed0d46 | |
| download | vyatta-op-vpn-9898653db6226eef9c5ac4e7dc9b6470d96bfb63.tar.gz vyatta-op-vpn-9898653db6226eef9c5ac4e7dc9b6470d96bfb63.zip | |
Initial checkin of VPN operations mechanism.
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | COPYING | 27 | ||||
| -rw-r--r-- | Makefile.am | 38 | ||||
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | README | 7 | ||||
| -rw-r--r-- | configure.ac | 41 | ||||
| -rw-r--r-- | debian/README | 7 | ||||
| -rwxr-xr-x | debian/autogen.sh | 37 | ||||
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rw-r--r-- | debian/compat | 1 | ||||
| -rw-r--r-- | debian/control | 19 | ||||
| -rw-r--r-- | debian/copyright | 35 | ||||
| -rw-r--r-- | debian/docs | 2 | ||||
| -rw-r--r-- | debian/linda | 1 | ||||
| -rw-r--r-- | debian/lintian | 2 | ||||
| -rwxr-xr-x | debian/rules | 102 | ||||
| -rw-r--r-- | src/command_proc_base.hh | 82 | ||||
| -rw-r--r-- | src/command_proc_show_vpn.cc | 856 | ||||
| -rw-r--r-- | src/command_proc_show_vpn.hh | 222 | ||||
| -rw-r--r-- | src/rl_str_proc.cc | 109 | ||||
| -rw-r--r-- | src/rl_str_proc.hh | 52 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ike_sa.xsl | 107 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ike_secrets.xsl | 61 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ike_status.xsl | 48 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ipsec_sa.xsl | 160 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ipsec_sa_statistics.xsl | 62 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ipsec_status.xsl | 57 | ||||
| -rw-r--r-- | src/xsl_processor.cc | 76 | ||||
| -rw-r--r-- | src/xsl_processor.hh | 28 |
29 files changed, 2246 insertions, 0 deletions
@@ -0,0 +1 @@ +eng@vyatta.com @@ -0,0 +1,27 @@ +/* + * Package: vyatt-op-vpn + * + * **** License **** + * Version: VPL 1.0 + * + * The contents of this file are subject to the Vyatta Public License + * Version 1.0 ("License"); you may not use this file except in + * compliance with the License. You may obtain a copy of the License at + * http://www.vyatta.com/vpl + * + * Software distributed under the License is distributed on an "AS IS" + * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + * the License for the specific language governing rights and limitations + * under the License. + * + * This code was originally developed by Vyatta, Inc. + * Portions created by Vyatta are Copyright (C) "YEAR" Vyatta, Inc. + * All Rights Reserved. + * + * Author(s): Bob Gilligan, Marat Nepomnyashy + * Date: 2008 + * Description: Vyatta operational command completion and base templates for VPN functionality + * + * **** End License **** + * + */ diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..316dfe1 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,38 @@ +opdir = $(datadir)/vyatta-op/templates + +xsldir = @XSLDIR@ + +bin_sudo_usersdir = $(bindir)/sudo-users + +xsl_DATA = + +bin_sudo_users_SCRIPTS = + +xsl_DATA += src/xsl/show_vpn_ike_sa.xsl +xsl_DATA += src/xsl/show_vpn_ike_secrets.xsl +xsl_DATA += src/xsl/show_vpn_ike_status.xsl +xsl_DATA += src/xsl/show_vpn_ipsec_sa_statistics.xsl +xsl_DATA += src/xsl/show_vpn_ipsec_sa.xsl +xsl_DATA += src/xsl/show_vpn_ipsec_status.xsl + +sbin_PROGRAMS = command_proc_show_vpn + + +command_proc_show_vpn_SOURCES = src/command_proc_base.hh +command_proc_show_vpn_SOURCES += src/command_proc_show_vpn.cc +command_proc_show_vpn_SOURCES += src/command_proc_show_vpn.hh +command_proc_show_vpn_SOURCES += src/rl_str_proc.cc +command_proc_show_vpn_SOURCES += src/rl_str_proc.hh +command_proc_show_vpn_SOURCES += src/xsl_processor.cc +command_proc_show_vpn_SOURCES += src/xsl_processor.hh +command_proc_show_vpn_LDADD = -lsablot + + +cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ + cpio -0pd + +install-exec-hook: + mkdir -p $(DESTDIR)$(opdir) + cd templates; $(cpiop) $(DESTDIR)$(opdir) + + @@ -0,0 +1 @@ +see http://www.vyatta.com/news/ @@ -0,0 +1,7 @@ +The Debian Package vyatta-op-vpn +------------------------------------- + +This package has the CLI template for the vpn commands + + + -- Marat Nepomnyashy <marat@vyatta.com> Wed 02 Jan 2008 diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..7574e12 --- /dev/null +++ b/configure.ac @@ -0,0 +1,41 @@ +# Process this file with autoconf to produce a configure script. +AC_PREREQ(2.59) + +m4_define([VERSION_ID], [m4_esyscmd([ + if test -f .version ; then + head -n 1 .version | tr -d \\n + else + echo -n 2.4 + fi])]) +AC_INIT([vyatta-op-vpn], VERSION_ID, [vyatta-support@vyatta.com]) + +test -n "$VYATTA_VERSION" || VYATTA_VERSION=$PACKAGE_VERSION + +AC_CONFIG_AUX_DIR([config]) +AM_INIT_AUTOMAKE([gnu no-dist-gzip dist-bzip2 subdir-objects]) +AC_PREFIX_DEFAULT([/opt/vyatta]) + +XSLDIR=/opt/vyatta/share/xsl/ + + +AC_PROG_CC +AM_PROG_AS +AM_PROG_CC_C_O +AC_PROG_LIBTOOL +AC_PROG_LEX +AC_PROG_YACC + + +AC_ARG_ENABLE([nostrip], + AC_HELP_STRING([--enable-nostrip], + [include -nostrip option during packaging]), + [NOSTRIP=-nostrip], [NOSTRIP=]) + +AC_CONFIG_FILES( + [Makefile]) + +AC_SUBST(NOSTRIP) +AC_SUBST(XSLDIR) + +AC_OUTPUT + diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..dad3622 --- /dev/null +++ b/debian/README @@ -0,0 +1,7 @@ +The Debian Package vyatta-op-vpn +------------------------------------- + +This package has the CLI template for the vpn commands + + + -- Marat Nepomnyashy <marat@vyatta.com> Wed 02 Jan 2008 diff --git a/debian/autogen.sh b/debian/autogen.sh new file mode 100755 index 0000000..ff125d1 --- /dev/null +++ b/debian/autogen.sh @@ -0,0 +1,37 @@ +#!/bin/sh + + +if [ -d .git ] ; then +# generate GNU/Debian format ChangeLog from git log + + rm -f ChangeLog + + if which git2cl >/dev/null ; then + git-log --pretty --numstat --summary | git2cl >> ChangeLog + else + git-log --pretty=short >> ChangeLog + fi + +# append repository reference + + url=` git repo-config --get remote.origin.url` + test "x$url" = "x" && url=`pwd` + + branch=`git-branch --no-color | sed '/^\* /!d; s/^\* //'` + test "x$branch" = "x" && branch=master + + sha=`git log --pretty=oneline --no-color -n 1 | cut -c-8` + test "x$sha" = "x" && sha=00000000 + + echo "$url#$branch-$sha" >> ChangeLog + +fi + +rm -rf config +rm -f aclocal.m4 config.guess config.statusconfig.sub configure INSTALL + +autoreconf --force --install + +rm -f config.sub config.guess +ln -s /usr/share/misc/config.sub . +ln -s /usr/share/misc/config.guess . diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..1eed1e2 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +vyatta-op-vpn (0.1) unstable; urgency=low + + * Initial Release. + + -- Marat Nepomnyashy <marat@vyatta.co> Wed, 02 Jan 2008 12:19:47 -0700 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +5 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..1f38057 --- /dev/null +++ b/debian/control @@ -0,0 +1,19 @@ +Source: vyatta-op-vpn +Section: contrib/net +Priority: extra +Maintainer: Marat Nepomnyashy <marat@vyatta.com> +Build-Depends: debhelper (>= 5), autotools-dev +Standards-Version: 3.7.2 + +Package: vyatta-op-vpn +Architecture: all +Depends: bash (>= 3.1), + vyatta-op, + vyatta-cfg-vpn +Suggests: util-linux (>= 2.13-5), + net-tools, + ethtool, + ncurses-bin (>= 5.5-5), + ntpdate +Description: Vyatta operational commands for VPN. + Vyatta operational commands for VPN. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..fa0b3a2 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,35 @@ +This package was debianized by Marat Nepomnyashy <marat@vyatta.com> on +Wed Jan 02 12:19:47 PST 2008 + + +It's original content from the GIT repository <http://vyatt.com/git/> + +Upstream Author: + + <eng@vyatta.com> + +Copyright: + + Copyright (C) 2008 Vyatta, Inc. + All Rights Reserved. + +License: + + The contents of this package are subject to the Vyatta Public License + Version 1.0 ("License"); you may not use this file except in + compliance with the License. You may obtain a copy of the License at + http://www.vyatta.com/vpl + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + This code was originally developed by Vyatta, Inc. + Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +The Debian packaging is (C) 2008, Vyatta, Inc., and +is licensed under the GPL, see above. diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..50bd824 --- /dev/null +++ b/debian/docs @@ -0,0 +1,2 @@ +NEWS +README diff --git a/debian/linda b/debian/linda new file mode 100644 index 0000000..0381d9d --- /dev/null +++ b/debian/linda @@ -0,0 +1 @@ +Tag: file-in-opt diff --git a/debian/lintian b/debian/lintian new file mode 100644 index 0000000..a5d78e0 --- /dev/null +++ b/debian/lintian @@ -0,0 +1,2 @@ +vyatta-op-vpn: file-in-unusual-dir +vyatta-op-vpn: dir-or-file-in-opt diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..77a5d1b --- /dev/null +++ b/debian/rules @@ -0,0 +1,102 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +PACKAGE=vyatta-op-vpn +PKGDIR=$(CURDIR)/debian/$(PACKAGE) + +CFLAGS = -Wall -g + +configure = ./configure +configure += --host=$(DEB_HOST_GNU_TYPE) +configure += --build=$(DEB_BUILD_GNU_TYPE) +configure += --prefix=/opt/vyatta +configure += --mandir=\$${prefix}/share/man +configure += --infodir=\$${prefix}/share/info +configure += CFLAGS="$(CFLAGS)" +configure += LDFLAGS="-Wl,-z,defs" + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +configure: configure.ac Makefile.am + chmod +x debian/autogen.sh + debian/autogen.sh + +config.status: configure + dh_testdir + rm -f config.cache + $(configure) + +build: build-stamp + +build-stamp: config.status + dh_testdir + $(MAKE) + touch $@ + +clean: clean-patched + +# Clean everything up, including everything auto-generated +# at build time that needs not to be kept around in the Debian diff +clean-patched: + dh_testdir + dh_testroot + if test -f Makefile ; then $(MAKE) clean distclean ; fi + rm -f build-stamp + rm -f config.status config.sub config.guess config.log + rm -f aclocal.m4 configure Makefile.in Makefile INSTALL + rm -f etc/default/vyatta + rm -rf config + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) DESTDIR=$(PKGDIR) install + + install -D --mode=0644 debian/lintian $(PKGDIR)/usr/share/lintian/overrides/$(PACKAGE) + install -D --mode=0644 debian/linda $(PKGDIR)/usr/share/linda/overrides/$(PACKAGE) + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_install + dh_installdebconf + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install +# This is an architecture independent package +# so; we have nothing to do by default. + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install diff --git a/src/command_proc_base.hh b/src/command_proc_base.hh new file mode 100644 index 0000000..d9820a8 --- /dev/null +++ b/src/command_proc_base.hh @@ -0,0 +1,82 @@ +/** + * Module: command_proc_base.hh + * + * Author: Michael Larson + * Date: 2005 + * Description: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 2 of the License, + * or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + * + * Copyright 2006, Vyatta, Inc. + */ +#ifndef __COMMAND_PROC_BASE_HH__ +#define __COMMAND_PROC_BASE_HH__ + +#include <assert.h> +#include <vector> +#include <list> +#include <string> + +#define UNUSED(var) assert(sizeof(var) != 0) + + +/** + * Derive from this class when you want to create a new unformatted to xml processing implementation. + * + **/ +class CommandProcBase +{ +public: + typedef std::vector<std::string> StringColl; + typedef std::vector<std::string>::iterator StringIter; + +public: + CommandProcBase() {;} + virtual ~CommandProcBase() {;} + + /** + * + **/ + virtual std::string + process(const std::string &cmd, bool debug, std::string &reason) = 0; + + /** + * + **/ + static std::string + name() {return std::string("");} + + /** + * + **/ + virtual bool + is_valid() = 0; + + /** + * + **/ + virtual std::string + xsl() {return _xsl;} + +protected: //method + std::list<std::string> + tokenize(const std::string &line); + +protected: + std::string _xsl; +}; + +#endif diff --git a/src/command_proc_show_vpn.cc b/src/command_proc_show_vpn.cc new file mode 100644 index 0000000..e36c5d8 --- /dev/null +++ b/src/command_proc_show_vpn.cc @@ -0,0 +1,856 @@ +/** + * Module: command_proc_show_vpn.cc + * + * Author(s): Michael Larson, Marat Nepomnyashy + * Date: 2008 + * Description: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 2 of the License, + * or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + * + * Copyright 2008, Vyatta, Inc. + */ + +#include <iostream> +#include <list> +#include <string> +#include <dirent.h> +//#include "config.h" +#include "rl_str_proc.hh" +//#include <librl_common/rl_interface.hh> +#include "command_proc_show_vpn.hh" +#include "xsl_processor.hh" + +using namespace std; + +int main(int argc, char ** argv) { + + //Build out string request based on the number of argcs. + string request; + bool debug = false; + for (int i = 1; i < argc; ++i) { + if (strcmp(argv[i], "--debug") == 0) { + debug = true; + } else { + request += string(argv[i]) + string(" "); + } + } + if (debug) { + cout << "request: " << request << endl; + } + + + CommandProcShowVPN proc; + + // process command and create xml output + string reason; + string xml_out = proc.process(request, debug, reason); + if (debug) { + cout << "output xml:" << endl << xml_out << endl; + } + + if (xml_out.empty() == true) { + cout << "no xml reason: " << reason << endl; + exit(0); + } + + bool catch_param_name = false; + bool catch_param_val = false; + string param_name; + string param_val; + list<pair<string,string> > listParams; + for (int i = 1; i < argc; ++i) { + if (strcmp(argv[i], "--pname") == 0) { + catch_param_name = true; + catch_param_val = false; + param_name = ""; + param_val = ""; + } else if (strcmp(argv[i], "--pval") == 0) { + catch_param_name = false; + catch_param_val = true; + param_val = ""; + } else { + if (catch_param_name) { + param_name = argv[i]; + catch_param_name = false; + } + if (catch_param_val) { + param_val = argv[i]; + catch_param_val = false; + } + } + if (param_name.length() > 0 && param_val.length() > 0) { + listParams.push_back(pair<string,string>(param_name, param_val)); + param_name = ""; + param_val = ""; + } + } + + + XSLProcessor xsl_processor(debug); + + cout << xsl_processor.transform(xml_out, proc.xsl(), listParams) << endl; +} + + + +/** + * + **/ +CommandProcShowVPN::CommandProcShowVPN() : CommandProcBase() +{ + string str; + for (int i = 0; i < 8; ++i) { + _pad.push_back(str); + str += "0"; + } +} + +/** + * + **/ +CommandProcShowVPN::~CommandProcShowVPN() +{ + list<Peer*>::iterator i = _peers.begin(); + const list<Peer*>::const_iterator iEnd = _peers.end(); + while (i != iEnd) { + delete *i; + *i = NULL; + } +} + +/** + * + **/ +std::string +CommandProcShowVPN::process(const string &cmd, bool debug, string &reason) +{ + UNUSED(reason); + char buf[2048]; + string ipsec_cmd; + FILE *f; + StrProc proc_str(cmd, " "); + + _xsl = XSLDIR "/" + proc_str.get(1); + + + _xml_out << "<opcommand name='vpn'><format type='row'>"; + + + +// ipsec eroute +// ipsec spi +// ipsec spigrp +// ipsec spi status +// ipsec setup --status +// ipsec auto --status + + ipsec_cmd = "cat /etc/ipsec.secrets"; + f = popen(ipsec_cmd.c_str(), "r"); + if (f) { + while(fgets(buf, 2047, f) != NULL) { + string line(buf); + convert_to_xml_secrets(line, debug); + } + if (pclose(f) != 0) { + return string(""); + } + } + + ipsec_cmd = "cat /var/run/pluto/pluto.pid 2>/dev/null"; + f = popen(ipsec_cmd.c_str(), "r"); + if (f) { + while(fgets(buf, 2047, f) != NULL) { + string line(buf); + convert_to_xml_pluto_pid(line, debug); + } + if (pclose(f) != 0) { + reason = "VPN is not running"; + return string(""); + } + } + + process_conf(debug); + + ipsec_cmd = "ipsec auto --status"; + f = popen(ipsec_cmd.c_str(), "r"); + if (f) { + while(fgets(buf, 2047, f) != NULL) { + string line(buf); + convert_to_xml_auto_status(line, debug); + } + if (pclose(f) != 0) { + return string(""); + } + } + + convert_to_xml_setkey_d(debug); + + ipsec_cmd = "ipsec setup --status"; + f = popen(ipsec_cmd.c_str(), "r"); + if (f) { + while(fgets(buf, 2047, f) != NULL) { + string line(buf); + convert_to_xml_setup_status(line, debug); + } + if (pclose(f) != 0) { + return string(""); + } + } + + std::list<Peer*>::const_iterator i = _peers.begin(); + const std::list<Peer*>::const_iterator iEnd = _peers.end(); + while (i != iEnd) { + const Peer * p_peer = *i; + if (p_peer != NULL) { + _xml_out << "<peer>"; + _xml_out << "<left_ip>" << p_peer->_left_ip << "</left_ip>"; + _xml_out << "<right_ip>" << p_peer->_right_ip << "</right_ip>"; + _xml_out << "<peer_ip>" << p_peer->_left_ip << "</peer_ip>"; + _xml_out << "<ike_encrypt>" << p_peer->_ike_encrypt << "</ike_encrypt>"; + _xml_out << "<ike_hash>" << p_peer->_ike_hash << "</ike_hash>"; + _xml_out << "<ike_dh>" << p_peer->_ike_dh << "</ike_dh>"; + _xml_out << "<ike_activetime>" << ((p_peer->_ike_state == "up") ? (p_peer->_ike_seconds_lifetime - p_peer->_ike_seconds_lifetime_left) : 0) << "</ike_activetime>"; + _xml_out << "<ike_lifetime>" << p_peer->_ike_seconds_lifetime << "</ike_lifetime>"; + _xml_out << "<ike_state>" << p_peer->_ike_state << "</ike_state>"; + _xml_out << "<nat_traversal>" << (p_peer->_nat_trav ? "enabled" : "disabled") << "</nat_traversal>"; + if (p_peer->_nat_trav) { + _xml_out << "<nat_src_port>" << p_peer->_nat_src_port << "</nat_src_port>"; + _xml_out << "<nat_dst_port>" << p_peer->_nat_dst_port << "</nat_dst_port>"; + } else { + _xml_out << "<nat_src_port>n/a</nat_src_port>"; + _xml_out << "<nat_dst_port>n/a</nat_dst_port>"; + } + + std::map<std::string, Tunnel*>::const_iterator iter = p_peer->getConstPeerTunnels().getConstTunnelsMap().begin(); + const std::map<std::string, Tunnel*>::const_iterator iterEnd = p_peer->getConstPeerTunnels().getConstTunnelsMap().end(); + while (iter != iterEnd) { + Tunnel * p_tunnel = iter->second; + if (p_tunnel != NULL) { + //first do the in direction + _xml_out << "<setkey>"; + _xml_out << "<conn_name>" << iter->first << "</conn_name>"; + _xml_out << "<tunnel>" << p_tunnel->_tunnel_number << "</tunnel>"; + _xml_out << "<dir>in</dir>"; + _xml_out << "<spi>" << p_tunnel->_in._session_id << "</spi>"; + _xml_out << "<esp_encrypt>" << p_tunnel->_esp_encrypt << "</esp_encrypt>"; + _xml_out << "<esp_hash>" << p_tunnel->_esp_hash << "</esp_hash>"; + _xml_out << "<pfs_group>" << p_tunnel->_pfs_group << "</pfs_group>"; + _xml_out << "<active_time>" << p_tunnel->_in._active_time << "</active_time>"; + _xml_out << "<bytes>" << p_tunnel->_in._bytes << "</bytes>"; + _xml_out << "<keylife>" << p_tunnel->_keylife << "</keylife>"; + _xml_out << "<left>" << p_tunnel->_left_net << "</left>"; + _xml_out << "<right>" << p_tunnel->_right_net << "</right>"; + _xml_out << "<esp_state>" << p_tunnel->_esp_state << "</esp_state>"; + _xml_out << "</setkey>"; + + //now do the out direction + _xml_out << "<setkey>"; + _xml_out << "<conn_name>" << iter->first << "</conn_name>"; + _xml_out << "<tunnel>" << p_tunnel->_tunnel_number << "</tunnel>"; + _xml_out << "<dir>out</dir>"; + _xml_out << "<spi>" << p_tunnel->_out._session_id << "</spi>"; + _xml_out << "<esp_encrypt>" << p_tunnel->_esp_encrypt << "</esp_encrypt>"; + _xml_out << "<esp_hash>" << p_tunnel->_esp_hash << "</esp_hash>"; + _xml_out << "<pfs_group>" << p_tunnel->_pfs_group << "</pfs_group>"; + _xml_out << "<active_time>" << p_tunnel->_out._active_time << "</active_time>"; + _xml_out << "<bytes>" << p_tunnel->_out._bytes << "</bytes>"; + _xml_out << "<keylife>" << p_tunnel->_keylife << "</keylife>"; + _xml_out << "<left>" << p_tunnel->_right_net << "</left>"; + _xml_out << "<right>" << p_tunnel->_left_net << "</right>"; + _xml_out << "<esp_state>" << p_tunnel->_esp_state << "</esp_state>"; + _xml_out << "</setkey>"; + } + ++iter; + } + } + _xml_out << "</peer>"; + ++i; + } + + if (_xml_out.tellp() > 0) { + _xml_out << "</format></opcommand>"; + } + return _xml_out.str(); +} + +/** + * + >ipsec eroute +[root@localhost etc]# ipsec eroute +/usr/libexec/ipsec/eroute: NETKEY does not support eroute table. + + **/ +void +CommandProcShowVPN::convert_to_xml_secrets(const string &line, bool debug) +{ + if (debug) { + cout << "processing: convert_to_xml_secrets" << endl; + } + StrProc proc_str(line, " "); + if (proc_str.size() > 0) { + _xml_out << "<secret>"; + _xml_out << "<sip>" << proc_str.get(0) << "</sip>"; + _xml_out << "<dip>" << proc_str.get(1) << "</dip>"; + _xml_out << "<key>" << proc_str.get(4) << "</key>"; + _xml_out << "</secret>"; + } + /* + if (line.find("Media type") != string::npos) { + _xml_out += "<csudsu_type>" + proc_str.get(2) + "</csudsu_type>"; + } + */ + return; +} + +/** + * +mercury:~# cat /var/run/pluto/pluto.pid +3688 + **/ +void +CommandProcShowVPN::convert_to_xml_pluto_pid(const string &line, bool debug) +{ + if (debug) { + cout << "processing: convert_to_xml_secrets" << endl; + } + StrProc proc_str(line, " "); + if (proc_str.size() > 0) { + _xml_out << "<pluto_pid>" << proc_str.get(0) << "</pluto_pid>"; + } + return; +} + +/** + * +mercury:~# setkey -D +10.3.0.198 10.1.0.54 + esp mode=tunnel spi=1222935307(0x48e4830b) reqid=16385(0x00004001) + E: 3des-cbc 9a562c3f 6a2a9209 02fd7390 524c987e 38491354 1ffe8d44 + A: hmac-md5 b35fd32c 387f2b05 7262373f bc1769bb + seq=0x00000000 replay=32 flags=0x00000000 state=mature + created: Jan 5 15:34:55 2007 current: Jan 5 15:42:47 2007 + diff: 472(s) hard: 0(s) soft: 0(s) + last: hard: 0(s) soft: 0(s) + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) + allocated: 0 hard: 0 soft: 0 + sadb_seq=1 pid=9770 refcnt=0 +10.1.0.54 10.3.0.198 + esp mode=tunnel spi=2194861623(0x82d2ee37) reqid=16385(0x00004001) + E: 3des-cbc ba1cad93 b0b901d3 5b645165 0719fad2 6ab60ec1 a7c6c593 + A: hmac-md5 0fa8adc6 9f90012f c3a37145 be698b61 + seq=0x00000000 replay=32 flags=0x00000000 state=mature + created: Jan 5 15:34:55 2007 current: Jan 5 15:42:47 2007 + diff: 472(s) hard: 0(s) soft: 0(s) + last: hard: 0(s) soft: 0(s) + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) + allocated: 0 hard: 0 soft: 0 + sadb_seq=0 pid=9770 refcnt=0 + + **/ +void +CommandProcShowVPN::convert_to_xml_setkey_d(bool debug) +{ + if (debug) { + cout << "processing: convert_to_xml_setkey_d: " << endl; + } + + string left_addr, right_addr, dir; + string spi, sessionid, encryption, key_hash; + string active_time, bytes; + int nat_src_port = 0, nat_dst_port = 0; + bool in_flag = true; + +// std::map<std::string, Tunnel>::const_iterator iter = _coll.end(); +// std::list<Peer>::const_iterator iter = _peers.begin(); + + Tunnel * p_tunnel = NULL; + + string cmd = "setkey -D"; + char buf[2048]; + FILE *f = popen(cmd.c_str(), "r"); + if (f) { + while(fgets(buf, 2047, f) != NULL) { + string line(buf); + + if (line.length() > 0 && isdigit(line[0])) { + StrProc ips(line, " "); + string src = ips.get(0); + string::size_type src_o = src.find('['); + string::size_type src_c = src.find(']'); + if (src_o != string::npos && src_c != string::npos) { + nat_src_port = atoi(src.substr(src_o + 1, src_c - src_o - 1).c_str()); + } else { +// nat_src_port.clear(); + } + string dst = ips.get(1); + string::size_type dst_o = dst.find('['); + string::size_type dst_c = dst.find(']'); + if (dst_o != string::npos && dst_c != string::npos) { + nat_dst_port = atoi(dst.substr(dst_o + 1, dst_c - dst_o - 1).c_str()); + } else { +// nat_dst_port.clear(); + } + } + + StrProc proc_str(line, " "); + if (line.find("spi=") != string::npos) { + string tmp = proc_str.get(2); + int pos = tmp.find("("); + spi = tmp.substr(pos+3,tmp.length()-pos-4); + + //now find the entry that corresponds with this spi + std::list<Peer*>::iterator iPeer = _peers.begin(); + const std::list<Peer*>::const_iterator iPeerEnd = _peers.end(); + + while (iPeer != iPeerEnd) { + Peer * p_peer = *iPeer; + if (p_peer != NULL) { + std::map<std::string, Tunnel*>::iterator iPeerTunnel = p_peer->getPeerTunnels().getTunnelsMap().begin(); + const std::map<std::string, Tunnel*>::const_iterator iPeerTunnelEnd = p_peer->getPeerTunnels().getTunnelsMap().end(); + + Tunnel * p_tunnelHere = NULL; + while (iPeerTunnel != iPeerTunnelEnd) { + p_tunnelHere = iPeerTunnel->second; + if (p_tunnelHere != NULL) { + if (debug) { + cout << "comparing spis: " << spi << ", " << p_tunnelHere->_in._session_id << ", " << p_tunnelHere->_out._session_id << endl; + } + + if (spi == p_tunnelHere->_in._session_id) { + in_flag = true; + if (debug) { + cout << "found match with spis for in" << endl; + } + break; + } else if (spi == p_tunnelHere->_out._session_id) { + in_flag = false; + if (debug) { + cout << "found match with spis for out" << endl; + } + break; + } + } + ++iPeerTunnel; + } + + if (iPeerTunnel == iPeerTunnelEnd) { + p_tunnel = NULL; + } else { + p_tunnel = p_tunnelHere; + if (proc_str.get(0) == "esp-udp") { + p_peer->_nat_trav = true; + p_peer->_nat_src_port = nat_src_port; + p_peer->_nat_dst_port = nat_dst_port; + } else { + p_peer->_nat_trav = false; + } + break; + } + } + ++iPeer; + } + } + /* else if (line.find("state=") != string::npos) { + if (iter != _coll.end()) { + string trans_state; + string state = proc_str.get(3); + if (state.find("mature") != string::npos) { + trans_state = "up"; + } + else if (state.find("larval") != string::npos) { + trans_state = "init"; + } + else { + trans_state = "down"; + } + + if (in_flag == true) { + iter->second._in._state = trans_state; + } + else { + iter->second._out._state = trans_state; + } + } + } + */ + else if (p_tunnel != NULL && line.find("diff:") != string::npos) { + if (in_flag == true) { + p_tunnel->_in._active_time = atoi(proc_str.get(1).c_str()); + } else { + p_tunnel->_out._active_time = atoi(proc_str.get(1).c_str()); + } + } else if (p_tunnel != NULL && (proc_str.get(0).find("current:") != string::npos)) { + if (in_flag == true) { + p_tunnel->_in._bytes = atoi(proc_str.get(1).c_str()); + } else { + p_tunnel->_out._bytes = atoi(proc_str.get(1).c_str()); + } + //now complete the transaction here + p_tunnel = NULL; + } + } + if (pclose(f) != 0) { + return; + } + } +} + +/** + * + * +sample from conf file: + +conn peer-10.6.0.22-tunnel-1 + left=10.6.0.2 + right=10.6.0.22 + type=tunnel + authby=secret + leftsubnet=10.1.0.0/24 + rightsubnet=10.7.0.16/28 + ike=aes256-md5-modp1536 + esp=aes256-md5 + auto=start + + * + **/ +void +CommandProcShowVPN::process_conf(bool debug) +{ + if (debug) { + cout << "processing: process_conf" << endl; + } + + string cmd("cat /etc/ipsec.conf"); + char buf[2048]; + FILE *f = popen(cmd.c_str(), "r"); + if (f) { + string src, dst; + string rightnet, leftnet, tunnel, tunnel_num; + + while(fgets(buf, 2047, f) != NULL) { + string line(buf); + int pos = line.find("="); + if (line.find("conn peer-") != string::npos) { + StrProc proc_str(line, " "); + tunnel = proc_str.get(1); + string::size_type dash = tunnel.find_last_of('-'); + if (dash != string::npos) tunnel_num = tunnel.substr(dash + 1); + src = ""; + dst = ""; + } + else if (line.find("left=") != string::npos) { + src=line.substr(pos+1,line.length()-pos-2); + if (src == "%any") { + src = "0.0.0.0"; + } + } + else if (line.find("right=") != string::npos) { + dst=line.substr(pos+1,line.length()-pos-2); + if (dst == "%any") { + dst = "0.0.0.0"; + } + } + else if (line.find("rightsubnet=") != string::npos) { + rightnet=line.substr(pos+1,line.length()-pos-2); + } + else if (line.find("leftsubnet=") != string::npos) { + leftnet=line.substr(pos+1,line.length()-pos-2); + } + else if (line.find("interfaces") != string::npos) { + _interface_conf_line = line; + } + else if (line.find("auto=start") != string::npos || line.find("auto=add") != string::npos) { + Peer * p_peer = NULL; + std::list<Peer*>::iterator i = _peers.begin(); + const std::list<Peer*>::const_iterator iEnd = _peers.end(); + while (i != iEnd) { + Peer * p_peerCheck = *i; + if (p_peerCheck != NULL && p_peerCheck->_right_ip == src && p_peerCheck->_left_ip == dst) { + p_peer = p_peerCheck; + break; + } + ++i; + } + if (p_peer == NULL) { + p_peer = new Peer(); + _peers.push_back(p_peer); + p_peer->_right_ip = src; + p_peer->_left_ip = dst; + } + + Tunnel * p_tunnel = new Tunnel(_all_tunnels, *p_peer); + p_tunnel->_tunnel_name = tunnel; + p_tunnel->_tunnel_number = tunnel_num; + p_tunnel->_right_net = rightnet; + p_tunnel->_left_net = leftnet; + p_peer->getPeerTunnels().add(tunnel, p_tunnel); + _all_tunnels.add(tunnel, p_tunnel); + } + } + pclose(f); + } + return; +} + +/** + * + >ipsec eroute +[root@localhost etc]# ipsec setup --status +IPsec running - pluto pid: 31272 +pluto pid 31272 +No tunnels up + + **/ +void +CommandProcShowVPN::convert_to_xml_setup_status(const string &line, bool debug) +{ + if (debug) { + cout << "processing: convert_to_xml_setup_status" << endl; + } + StrProc proc_str(line, " "); + if (line.find("- pluto pid") != string::npos) { + _xml_out << "<setup_status_pid>" << proc_str.get(5) << "</setup_status_pid>"; + } + else if (line.find("tunnels") != string::npos) { + _xml_out << "<setup_status_tunnels>" << proc_str.get(0) << "</setup_status_tunnels>"; + } + return; +} + + + +/** + * + * + **/ +void +CommandProcShowVPN::convert_to_xml_auto_status(const string &line, bool debug) +{ + if (debug) { + cout << "processing: convert_to_xml_auto_status" << endl; + } + StrProc proc_str(line, " "); + + if (line.find("000 interface") != string::npos) { + string tmp = proc_str.get(2); + string::size_type pos = tmp.find("/"); + if (pos != string::npos) { + string interface = tmp.substr(0,pos); + if (_interface_conf_line.find(interface) != string::npos) { + _xml_out << "<auto_status_interface>"; + _xml_out << "<iface>" << interface << "</iface>"; + _xml_out << "<address>" << proc_str.get(3) << "</address>"; + _xml_out << "</auto_status_interface>"; + } + } + } + + string strToken1 = proc_str.get(1); + string strToken2 = proc_str.get(2); + + string strTunnelName; + if ((strToken1.find("\"peer-") == 0) && (strToken1[strToken1.length() - 1] == ':')) { + string::size_type iEnd = strToken1.find("\"", 1); + if (iEnd != string::npos) { + strTunnelName = strToken1.substr(1, iEnd-1); + } + } else if ((strToken1.length() > 2 && strToken1[0] == '#' && strToken1[strToken1.length() - 1] == ':') && ((strToken2.find("\"peer-") == 0))) { + string::size_type iEnd = strToken2.find("\"", 1); + if (iEnd != string::npos) { + strTunnelName = strToken2.substr(1, iEnd-1); + } + } + + if (strTunnelName.length() == 0) return; + + string::size_type iPeer = strTunnelName.find("peer-"); + string::size_type iTunnel = strTunnelName.find("-tunnel-"); + if (iPeer == string::npos || iPeer != 0 || iTunnel == string::npos) return; + string strPeerIP = strTunnelName.substr(5, iTunnel - 5); + + Tunnel * p_tunnel = _all_tunnels.getTunnelsMap()[strTunnelName]; + + if (p_tunnel == NULL) return; + + //now retrieve ike and esp encryption and hash + if (line.find(" algorithm newest:") != string::npos) { //look up encryption/hash + //strip out the tunnel + + // 000 "peer-10.6.0.57-tunnel-1": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536 + // 000 "peer-10.6.0.57-tunnel-1": ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=<Phase1> + + // need to parse lifetime from setup output + // 000 "peer-10.6.0.57-tunnel-50": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 00 + + string eh = proc_str.get(5); + + StrProc tmp(eh, "-"); + + //allowed e values: aes128, aes256, 3des + //allowed h values: md5, sha1, sha2_256, sha2_384, sha2_512 + //allowed m values: MOD1024, MODP1536 + string e = tmp.get(0); + string h = tmp.get(1); + string m = tmp.get(2); + if (e.find("128") != string::npos) { + e = "aes128"; + } else if (e.find("256") != string::npos) { + e = "aes256"; + } else if (e.find("3DES") != string::npos) { + e = "3des"; + } + + if (h.find("MD5") != string::npos) { + h = "md5"; + } else if (h.find("SHA1") != string::npos) { + h = "sha1"; + } else if (h.find("_256") != string::npos) { + h = "sha2_256"; + } else if (h.find("_384") != string::npos) { + h = "sha2_384"; + } else if (h.find("_512") != string::npos) { + h = "sha2_512"; + } + + //assign encryption and hash + if (proc_str.get(2) == "IKE") { + p_tunnel->getPeer()._ike_encrypt = e; + p_tunnel->getPeer()._ike_hash = h; + } else { //ESP + p_tunnel->_esp_encrypt = e; + p_tunnel->_esp_hash = h; + } + + if (m == "MOD1024") { + p_tunnel->getPeer()._ike_dh = "2"; + } else if (m == "MODP1536") { + p_tunnel->getPeer()._ike_dh = "5"; + } + + string pfsgroup_token = proc_str.get(6); + if (pfsgroup_token.length() > 11) { + p_tunnel->_pfs_group = pfsgroup_token.substr(10, pfsgroup_token.length() - 11); + } + } else if (line.find("ike_life:") != string::npos) { + p_tunnel->getPeer()._ike_seconds_lifetime = atoi(proc_str.get(3).substr(0,proc_str.get(3).length()-1).c_str()); + p_tunnel->_keylife = atoi(proc_str.get(5).c_str()); + } else if (line.find("STATE_") != string::npos) { //for state now... + if (p_tunnel->getPeer()._ike_state == "down") p_tunnel->getPeer()._ike_state = "init"; + if (p_tunnel->_esp_state == "down") p_tunnel->_esp_state = "init"; + + { + string strIKEEI("ISAKMP SA established); EVENT_SA_EXPIRE in "); + string::size_type iIKEEI = line.find(strIKEEI); + if (iIKEEI != string::npos) { + string strIKEExpireIn = line.substr(iIKEEI, line.length() - iIKEEI); + string strSecondsStart = strIKEExpireIn.substr(strIKEEI.length(), strIKEExpireIn.length() - strIKEEI.length()); + string::size_type iSecondsEnd = strSecondsStart.find("s; "); + if (iSecondsEnd != string::npos) { + string strSeconds = strSecondsStart.substr(0, iSecondsEnd); + int ike_seconds_lifetime_left = atoi(strSeconds.c_str()); + if (ike_seconds_lifetime_left > 0) { + p_tunnel->getPeer()._ike_seconds_lifetime_left = ike_seconds_lifetime_left; + p_tunnel->getPeer()._ike_state = "up"; + } + } + } + } + { + string strIKERI("ISAKMP SA established); EVENT_SA_REPLACE in "); + string::size_type iIKERI = line.find(strIKERI); + if (iIKERI != string::npos) { + string strIKEReplaceIn = line.substr(iIKERI, line.length() - iIKERI); + string strSecondsStart = strIKEReplaceIn.substr(strIKERI.length(), strIKEReplaceIn.length() - strIKERI.length()); + string::size_type iSecondsEnd = strSecondsStart.find("s; "); + if (iSecondsEnd != string::npos) { + string strSeconds = strSecondsStart.substr(0, iSecondsEnd); + int ike_seconds_lifetime_left = atoi(strSeconds.c_str()); + if (ike_seconds_lifetime_left > 0) { + p_tunnel->getPeer()._ike_seconds_lifetime_left = ike_seconds_lifetime_left; + p_tunnel->getPeer()._ike_state = "up"; + } + } + } + } + + + if (line.find("IPsec SA established); EVENT_SA_REPLACE") != string::npos) p_tunnel->_esp_state = "up"; + } else if (line.find("esp.") != string::npos) { //look up tunnel id + //strip out the tunnel + + // 000 #2: "peer-10.6.0.57-tunnel-1" esp.d54ce9b0@10.6.0.57 esp.225ad1e@10.6.0.55 tun.0@10.6.0.57 tun.0@10.6.0.55 + + if (debug) { + cout << "ipsec auto --status: found esp: " << line << ", " << strTunnelName << endl; + } + + StrProc ps(line, "@"); + string id = ps.get(0); + int start = id.rfind("."); + id = id.substr(start+1, id.length()-start-1); + id = _pad[8 - id.length()] + id; + p_tunnel->_in._session_id = id; + + id = ps.get(1); + start = id.rfind("."); + id = id.substr(start+1, id.length()-start-1); + id = _pad[8 - id.length()] + id; + p_tunnel->_out._session_id = id; + + } +} + +const PeerTunnels & Peer::getConstPeerTunnels() const { + return _peer_tunnels; +} + +PeerTunnels & Peer::getPeerTunnels() { + return _peer_tunnels; +} + +Tunnel::~Tunnel() { + _all_tunnels.unlink(this); + _peer._peer_tunnels.unlink(this); +} +Peer & Tunnel::getPeer() { + return _peer; +} +Tunnels::~Tunnels() { + map<string, Tunnel*>::iterator i = _tunnels.begin(); + const map<string, Tunnel*>::const_iterator iEnd = _tunnels.end(); + while (i != iEnd) { + Tunnel * p_tunnel = i->second; + if (p_tunnel != NULL) { + i->second = NULL; + delete p_tunnel; + } + i++; + } +} +Tunnels::Tunnels() { +} +const map<string, Tunnel*> & Tunnels::getConstTunnelsMap() const { + return _tunnels; +} +map<string, Tunnel*> & Tunnels::getTunnelsMap() { + return _tunnels; +} +void Tunnels::add(const string & strTunnelName, Tunnel * p_tunnel) { + _tunnels[strTunnelName] = p_tunnel; +} +void Tunnels::unlink(const Tunnel * p_tunnel) { + if (p_tunnel != NULL) _tunnels[p_tunnel->_tunnel_name] = NULL; +} diff --git a/src/command_proc_show_vpn.hh b/src/command_proc_show_vpn.hh new file mode 100644 index 0000000..b72b21b --- /dev/null +++ b/src/command_proc_show_vpn.hh @@ -0,0 +1,222 @@ +/** + * Module: command_proc_show_vpn.hh + * + * Author: Michael Larson + * Date: 2006 + * Description: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 2 of the License, + * or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + * + * Copyright 2006, Vyatta, Inc. + */ +#ifndef __COMMAND_PROC_SHOW_VPN_HH__ +#define __COMMAND_PROC_SHOW_VPN_HH__ + +#include <sstream> +#include <string> +#include <map> +#include "command_proc_base.hh" + +#define XSLDIR "/opt/vyatta/share/xsl" + + +using namespace std; + +class Dir +{ +public: + Dir() : _session_id("n/a"),_bytes(0),_active_time(0) {} + +public: + string _session_id; //same as tunnel_id + int _bytes; + int _active_time; +}; + +class AllTunnels; +class Peer; +class PeerTunnels; + +class Tunnel +{ +public: + ~Tunnel(); + Tunnel(AllTunnels & all_tunnels, Peer & peer) : _esp_encrypt("n/a"),_esp_hash("n/a"),_esp_state("down"),_keylife(0), _all_tunnels(all_tunnels), _peer(peer) {} + +public: + + Dir _in; + Dir _out; + + string _tunnel_name; + string _tunnel_number; + string _esp_encrypt; + string _esp_hash; + string _pfs_group; + + string _esp_state; + + int _keylife; + string _left_net; + string _right_net; + + Peer & getPeer(); +private: + AllTunnels & _all_tunnels; + Peer & _peer; +}; + +class Tunnels { +public: + ~Tunnels(); + + const map<string, Tunnel*> & getConstTunnelsMap() const; + + map<string, Tunnel*> & getTunnelsMap(); + void add(const string & strTunnelName, Tunnel * p_tunnel); + void unlink(const Tunnel * p_tunnel); + +protected: + Tunnels(); + +private: + map<string, Tunnel*> _tunnels; + +}; + +class AllTunnels : public Tunnels { + +}; + +class PeerTunnels : public Tunnels { + +}; + +class Peer +{ +friend Tunnel::~Tunnel(); + +public: + Peer() : _ike_seconds_lifetime(0), _ike_seconds_lifetime_left(0), _ike_encrypt("n/a"),_ike_hash("n/a"), _ike_state("down"), _nat_trav(false), _nat_src_port(0), _nat_dst_port(0) {} + + int _ike_seconds_lifetime; + int _ike_seconds_lifetime_left; + + string _ike_encrypt; + string _ike_hash; + string _ike_dh; + string _ike_state; + + string _left_ip; + string _right_ip; + + bool _nat_trav; + int _nat_src_port; + int _nat_dst_port; + + const PeerTunnels & getConstPeerTunnels() const; + + PeerTunnels & getPeerTunnels(); +protected: + PeerTunnels _peer_tunnels; +}; + +class CommandProcShowVPN : public CommandProcBase +{ +public: +// typedef std::map<std::string, Tunnel> Coll; +// typedef std::map<std::string, Tunnel>::iterator Iter; + +public: + CommandProcShowVPN(); + ~CommandProcShowVPN(); + + static std::string + name() {return "showvpntable";} + + /** + * + **/ + bool + is_valid() {return true;} + + /** + * + **/ + std::string + process(const std::string &cmd, bool debug, std::string &reason); + +private: + /** + * + **/ + void + convert_to_xml_secrets(const std::string &line, bool debug); + + /** + * + **/ + void + convert_to_xml_pluto_pid(const std::string &line, bool debug); + + /** + * + **/ + void + convert_to_xml_setkey_d(bool debug); + + /** + * + **/ + void + convert_to_xml_setkey_dp(const std::string &line, bool debug, string &net1, string &net2); + + /** + * + **/ + void + convert_to_xml_setup_status(const std::string &line, bool debug); + + /** + * + **/ + void + convert_to_xml_auto_status(const std::string &line, bool debug); + + /** + * + **/ + void + process_conf(bool debug); + + /** + * + **/ + void + update_tunnel(const string &tunnel, const string &right, const string &left, const string &rightnet, const string &leftnet, const string &lifetime, bool debug); + +protected: + ostringstream _xml_out; + list<Peer*> _peers; + AllTunnels _all_tunnels; + + string _interface_conf_line; + vector<std::string> _pad; + +private: +}; + +#endif //__COMMAND_PROC_SHOW_VPN_H__ diff --git a/src/rl_str_proc.cc b/src/rl_str_proc.cc new file mode 100644 index 0000000..7715de3 --- /dev/null +++ b/src/rl_str_proc.cc @@ -0,0 +1,109 @@ +/* + * Module: rl_str_proc.cc + * + * **** License **** + * Version: VPL 1.0 + * + * The contents of this file are subject to the Vyatta Public License + * Version 1.0 ("License"); you may not use this file except in + * compliance with the License. You may obtain a copy of the License at + * http://www.vyatta.com/vpl + * + * Software distributed under the License is distributed on an "AS IS" + * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + * the License for the specific language governing rights and limitations + * under the License. + * + * This code was originally developed by Vyatta, Inc. + * Portions created by Vyatta are Copyright (C) 2005, 2006, 2007 Vyatta, Inc. + * All Rights Reserved. + * + * Author: Michael Larson + * Date: 2005 + * Description: + * + * **** End License **** + * + */ +#include "rl_str_proc.hh" + +using namespace std; + +/** + * + **/ +StrProc::StrProc(const string &in_str, const string &token) +{ + string tmp = in_str; + + //convert tabs to spaces + uint32_t pos = 0; + string tabtospace = " "; + string::iterator iter = tmp.begin(); + while ((pos = tmp.find("\t", pos)) != string::npos) { + tmp.replace(pos, 1, tabtospace); + pos += tabtospace.length(); + } + + //remove the cr + pos = tmp.find("\n"); + if (pos != string::npos) { + tmp.replace(pos, 1, ""); + } + + //now handle the case of the multiple length token + //note that we are using the '~' as a token internally + uint32_t start = 0, end; + while ((start = tmp.find(token, start)) != string::npos) { + tmp.replace(start, token.length(), "~"); + } + + + while ((start = tmp.find_first_not_of("~")) != string::npos) { + tmp = tmp.substr(start, tmp.length() - start); + end = tmp.find_first_of("~"); + _str_coll.push_back(tmp.substr(0, end)); + tmp = tmp.substr(end+1, tmp.length() - end-1); + if (end == string::npos) { + break; + } + } +} + +/** + * + **/ +string +StrProc::get(int i) +{ + if (uint32_t(i) >= _str_coll.size()) { + return string(""); + } + return _str_coll[i]; +} + +/** + * + **/ +string +StrProc::get(int start, int end) +{ + if (uint32_t(start) >= _str_coll.size()) { + return string(""); + } + + string tmp; + for (int i = start; (i < end) && (uint32_t(i) < _str_coll.size()); ++i) { + tmp += _str_coll[i] + " "; + } + return tmp.substr(0,tmp.length()-1); +} + +/** + * + **/ +vector<string> +StrProc::get() +{ + return _str_coll; +} diff --git a/src/rl_str_proc.hh b/src/rl_str_proc.hh new file mode 100644 index 0000000..5d0f418 --- /dev/null +++ b/src/rl_str_proc.hh @@ -0,0 +1,52 @@ +/* + * Module: rl_str_proc.hh + * + * **** License **** + * Version: VPL 1.0 + * + * The contents of this file are subject to the Vyatta Public License + * Version 1.0 ("License"); you may not use this file except in + * compliance with the License. You may obtain a copy of the License at + * http://www.vyatta.com/vpl + * + * Software distributed under the License is distributed on an "AS IS" + * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + * the License for the specific language governing rights and limitations + * under the License. + * + * This code was originally developed by Vyatta, Inc. + * Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. + * All Rights Reserved. + * + * Author: Michael Larson + * Date: 2006 + * Description: + * + * **** End License **** + * + */ + +#ifndef __RL_STR_PROC_HH__ +#define __RL_STR_PROC_HH__ + +#include <vector> +#include <string> + +class StrProc +{ +public: + StrProc(const std::string &in, const std::string &token); + + std::string get(int i); + + std::string get(int start, int end); + + std::vector<std::string> get(); + + int size() {return _str_coll.size();} + +private: + std::vector<std::string> _str_coll; +}; + +#endif //__RL_STR_PROC_HH__ diff --git a/src/xsl/show_vpn_ike_sa.xsl b/src/xsl/show_vpn_ike_sa.xsl new file mode 100644 index 0000000..3a4779f --- /dev/null +++ b/src/xsl/show_vpn_ike_sa.xsl @@ -0,0 +1,107 @@ +<?xml version="1.0"?> +<!DOCTYPE stylesheet [ +<!ENTITY newln " "> +]> + +<!-- /* + * Copyright 2007, Vyatta, Inc. + * + * GNU General Public License + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + * + * Module: show_ike_sa.xsl + * + * Author: Mike Horn, Marat Nepomnyashy + * Date: 2007 + * + */ --> + +<!--XSL template for formatting the "show ike sa" command output--> + +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> + +<xsl:param name="nat"/> +<xsl:param name="peer"/> + +<xsl:variable name="pad7" select="' '"/> +<xsl:variable name="pad7_len" select="string-length($pad7)"/> +<xsl:variable name="pad9" select="' '"/> +<xsl:variable name="pad9_len" select="string-length($pad9)"/> +<xsl:variable name="pad10" select="' '"/> +<xsl:variable name="pad10_len" select="string-length($pad10)"/> +<xsl:variable name="pad16" select="' '"/> +<xsl:variable name="pad16_len" select="string-length($pad16)"/> + +<xsl:template match="/"> + <xsl:text>&newln;</xsl:text> + <xsl:text>Local IP Peer IP State Encrypt Hash NAT-T A-Time L-Time</xsl:text> + <xsl:text>&newln;</xsl:text> + <xsl:text>-------- ------- ----- ------- ---- ----- ------ ------</xsl:text> + <xsl:text>&newln;</xsl:text> + <xsl:for-each select="opcommand/format/peer"> + <xsl:choose> + <xsl:when test="string-length($peer) > 0"> + <xsl:if test="$peer=peer_ip"> + <xsl:call-template name="show_ike_sa"> + <xsl:with-param name="row" select="." /> + </xsl:call-template> + </xsl:if> + </xsl:when> + <xsl:when test="string-length($nat) > 0"> + <xsl:if test="$nat = nat_traversal"> + <xsl:call-template name="show_ike_sa"> + <xsl:with-param name="row" select="." /> + </xsl:call-template> + </xsl:if> + </xsl:when> + <xsl:otherwise> + <xsl:call-template name="show_ike_sa"> + <xsl:with-param name="row" select="." /> + </xsl:call-template> + </xsl:otherwise> + </xsl:choose> + </xsl:for-each> +</xsl:template> + + <xsl:template name="show_ike_sa"> + <xsl:param name="row" /> + <xsl:variable name="t_right_ip" select="substring(right_ip,1,15)"/> + <xsl:variable name="t_peer_ip" select="substring(peer_ip,1,15)"/> + <xsl:variable name="t_ike_state" select="substring(ike_state,1,9)"/> + <xsl:variable name="t_ike_encrypt" select="substring(ike_encrypt,1,9)"/> + <xsl:variable name="t_ike_hash" select="substring(ike_hash,1,8)"/> + <xsl:variable name="t_ike_activetime" select="substring(ike_activetime,1,6)"/> + <xsl:variable name="t_ike_lifetime" select="substring(ike_lifetime,1,6)"/> + + <xsl:value-of select="$t_right_ip"/> + <xsl:value-of select="substring($pad16,1,$pad16_len - string-length($t_right_ip))"/> + <xsl:value-of select="$t_peer_ip"/> + <xsl:value-of select="substring($pad16,1,$pad16_len - string-length($t_peer_ip))"/> + <xsl:value-of select="$t_ike_state"/> + <xsl:value-of select="substring($pad10,1,$pad10_len - string-length($t_ike_state))"/> + <xsl:value-of select="$t_ike_encrypt"/> + <xsl:value-of select="substring($pad10,1,$pad10_len - string-length($t_ike_encrypt))"/> + <xsl:value-of select="$t_ike_hash"/> + <xsl:value-of select="substring($pad9,1,$pad9_len - string-length($t_ike_hash))"/> + <xsl:if test="nat_traversal='enabled'"><xsl:text>Yes </xsl:text></xsl:if> + <xsl:if test="nat_traversal='disabled'"><xsl:text>No </xsl:text></xsl:if> + <xsl:value-of select="$t_ike_activetime"/> + <xsl:value-of select="substring($pad7,1,$pad7_len - string-length($t_ike_activetime))"/> + <xsl:value-of select="$t_ike_lifetime"/> + <xsl:value-of select="substring($pad7,1,$pad7_len - string-length($t_ike_lifetime))"/> + <xsl:text>&newln;</xsl:text> + </xsl:template> +</xsl:stylesheet> diff --git a/src/xsl/show_vpn_ike_secrets.xsl b/src/xsl/show_vpn_ike_secrets.xsl new file mode 100644 index 0000000..4c610bd --- /dev/null +++ b/src/xsl/show_vpn_ike_secrets.xsl @@ -0,0 +1,61 @@ +<?xml version="1.0"?> +<!DOCTYPE stylesheet [ +<!ENTITY newln " "> +]> + +<!-- /* + * Copyright 2007, Vyatta, Inc. + * + * GNU General Public License + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + * + * Module: show_ike_secrets.xsl + * + * Author: Mike Horn, Marat Nepomnyashy + * Date: 2007 + * + */ --> + +<!--XSL template for formatting the "show ike secrets" command output--> + +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> + +<xsl:variable name="pad16" select="' '"/> +<xsl:variable name="pad16_len" select="string-length($pad16)"/> + +<xsl:template match="/"> +<xsl:text>&newln;</xsl:text> +<xsl:text>Local IP Peer IP Secret</xsl:text> +<xsl:text>&newln;</xsl:text> +<xsl:text>-------- ------- ------</xsl:text> +<xsl:text>&newln;</xsl:text> +<xsl:for-each select="opcommand/format/secret"> + + <xsl:variable name="t_sip" select="substring(sip,1,15)"/> + <xsl:variable name="t_dip" select="substring(dip,1,15)"/> + <xsl:variable name="t_key" select="substring(key,2,string-length(key)-2)"/> + + <xsl:value-of select="$t_sip"/> + <xsl:value-of select="substring($pad16,1,$pad16_len - string-length($t_sip))"/> + <xsl:value-of select="$t_dip"/> + <xsl:value-of select="substring($pad16,1,$pad16_len - string-length($t_dip))"/> + <xsl:value-of select="$t_key"/> + <xsl:text>&newln;</xsl:text> + +</xsl:for-each> +</xsl:template> + +</xsl:stylesheet> diff --git a/src/xsl/show_vpn_ike_status.xsl b/src/xsl/show_vpn_ike_status.xsl new file mode 100644 index 0000000..64fb7e7 --- /dev/null +++ b/src/xsl/show_vpn_ike_status.xsl @@ -0,0 +1,48 @@ +<?xml version="1.0"?> +<!DOCTYPE stylesheet [ +<!ENTITY newln " "> +]> + +<!-- /* + * Copyright 2006, Vyatta, Inc. + * + * GNU General Public License + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + * + * Module: show_arp.xsl + * + * Author(s): Mike Horn, Marat Nepomnyashy + * Date: 2007 + * + */ --> + +<!--XSL template for formatting the "show ike status" command output--> + +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/"> +<xsl:variable name="pluto_pid" select="opcommand/format/pluto_pid" /> +<xsl:choose> + <xsl:when test="string($pluto_pid)"> +IKE Process Running + +PID: <xsl:value-of select="$pluto_pid" /> + </xsl:when> + <xsl:otherwise> +IKE Process NOT Running + </xsl:otherwise> +</xsl:choose> +</xsl:template> +</xsl:stylesheet> diff --git a/src/xsl/show_vpn_ipsec_sa.xsl b/src/xsl/show_vpn_ipsec_sa.xsl new file mode 100644 index 0000000..b3cc8ab --- /dev/null +++ b/src/xsl/show_vpn_ipsec_sa.xsl @@ -0,0 +1,160 @@ +<?xml version="1.0"?> +<!DOCTYPE stylesheet [ +<!ENTITY newln " "> +]> + +<!-- /* + * Copyright 2007, Vyatta, Inc. + * + * GNU General Public License + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + * + * Module: show_vpn_ipsec_sa.xsl + * + * Author: Mike Horn, Marat Nepomnyashy + * Date: 2007 + * + */ --> + +<!--XSL template for formatting the output of a number of "show vpn ipsec sa" commands--> + +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> + +<xsl:param name="conn"/> +<xsl:param name="detail"/> +<xsl:param name="nat"/> +<xsl:param name="peer"/> + +<xsl:variable name="pad4" select="' '"/> +<xsl:variable name="pad4_len" select="string-length($pad4)"/> +<xsl:variable name="pad5" select="' '"/> +<xsl:variable name="pad5_len" select="string-length($pad5)"/> +<xsl:variable name="pad6" select="' '"/> +<xsl:variable name="pad6_len" select="string-length($pad6)"/> +<xsl:variable name="pad7" select="' '"/> +<xsl:variable name="pad7_len" select="string-length($pad7)"/> +<xsl:variable name="pad8" select="' '"/> +<xsl:variable name="pad8_len" select="string-length($pad8)"/> +<xsl:variable name="pad9" select="' '"/> +<xsl:variable name="pad9_len" select="string-length($pad9)"/> +<xsl:variable name="pad11" select="' '"/> +<xsl:variable name="pad11_len" select="string-length($pad11)"/> +<xsl:variable name="pad16" select="' '"/> +<xsl:variable name="pad16_len" select="string-length($pad16)"/> + +<xsl:template match="/"> +<xsl:text>&newln;</xsl:text> + +<xsl:if test="$detail != 'y'"> + <xsl:text>Peer IP Tunnel# Dir SPI Encrypt Hash NAT-T A-Time L-Time</xsl:text> + <xsl:text>&newln;</xsl:text> + <xsl:text>------- ------- --- --- ------- ---- ----- ------ ------</xsl:text> + <xsl:text>&newln;</xsl:text> +</xsl:if> + +<xsl:for-each select="opcommand/format/peer/setkey"> + <xsl:choose> + <xsl:when test="string-length($conn) > 0"> + <xsl:if test="contains(conn_name, $conn)"> + <xsl:call-template name="show_ipsec_sa"> + <xsl:with-param name="row" select="." /> + </xsl:call-template> + </xsl:if> + </xsl:when> + <xsl:when test="string-length($nat) > 0"> + <xsl:if test="$nat = ../nat_traversal"> + <xsl:call-template name="show_ipsec_sa"> + <xsl:with-param name="row" select="." /> + </xsl:call-template> + </xsl:if> + </xsl:when> + <xsl:when test="string-length($peer) > 0"> + <xsl:if test="$peer=../peer_ip"> + <xsl:call-template name="show_ipsec_sa"> + <xsl:with-param name="row" select="." /> + </xsl:call-template> + </xsl:if> + </xsl:when> + <xsl:otherwise> + <xsl:call-template name="show_ipsec_sa"> + <xsl:with-param name="row" select="." /> + </xsl:call-template> + </xsl:otherwise> + </xsl:choose> +</xsl:for-each> +</xsl:template> + + <xsl:template name="show_ipsec_sa"> + <xsl:param name="row" /> + <xsl:choose> + <xsl:when test="$detail = 'y'"> + <xsl:if test="position() > 1"> + <xsl:text>---------</xsl:text><xsl:text>&newln;</xsl:text> + <xsl:text>&newln;</xsl:text> + </xsl:if> + <xsl:text>Conn Name: </xsl:text><xsl:value-of select="conn_name"/><xsl:text>&newln;</xsl:text> + <xsl:text>State: </xsl:text><xsl:value-of select="../ike_state"/><xsl:text>&newln;</xsl:text> + <xsl:text>Peer IP: </xsl:text><xsl:value-of select="../peer_ip"/><xsl:text>&newln;</xsl:text> + <xsl:text>Direction: </xsl:text><xsl:value-of select="dir"/><xsl:text>&newln;</xsl:text> + <!--<xsl:text>Outbound interface: !!</xsl:text> <xsl:text>&newln;</xsl:text>--> + <xsl:text>Source Net: </xsl:text><xsl:value-of select="left"/><xsl:text>&newln;</xsl:text> + <xsl:text>Dest Net: </xsl:text><xsl:value-of select="right"/><xsl:text>&newln;</xsl:text> + <xsl:text>SPI: </xsl:text><xsl:value-of select="spi"/><xsl:text>&newln;</xsl:text> + <xsl:text>Encryption: </xsl:text><xsl:value-of select="esp_encrypt"/><xsl:text>&newln;</xsl:text> + <xsl:text>Hash: </xsl:text><xsl:value-of select="esp_hash"/><xsl:text>&newln;</xsl:text> + <xsl:text>PFS Group: </xsl:text><xsl:value-of select="pfs_group"/><xsl:text>&newln;</xsl:text> + <xsl:text>DH Group: </xsl:text><xsl:value-of select="../ike_dh"/><xsl:text>&newln;</xsl:text> + <xsl:text>NAT Traversal: </xsl:text><xsl:if test="../nat_traversal='enabled'"><xsl:text>Yes</xsl:text></xsl:if><xsl:if test="../nat_traversal='disabled'"><xsl:text>No</xsl:text></xsl:if><xsl:text>&newln;</xsl:text> + <xsl:text>NAT Source Port: </xsl:text><xsl:value-of select="../nat_src_port"/><xsl:text>&newln;</xsl:text> + <xsl:text>NAT Dest Port: </xsl:text><xsl:value-of select="../nat_dst_port"/><xsl:text>&newln;</xsl:text> + <!--<xsl:text>Packets: !! </xsl:text> <xsl:text>&newln;</xsl:text>--> + <xsl:text>Bytes: </xsl:text><xsl:value-of select="bytes"/><xsl:text>&newln;</xsl:text> + <xsl:text>Active time (s): </xsl:text><xsl:value-of select="active_time"/><xsl:text>&newln;</xsl:text> + <xsl:text>Lifetime (s): </xsl:text><xsl:value-of select="keylife"/><xsl:text>&newln;</xsl:text> + </xsl:when> + <xsl:otherwise> + <xsl:variable name="t_peer_ip" select="substring(../peer_ip,1,15)"/> + <xsl:variable name="t_tunnel" select="substring(tunnel,1,8)"/> + <xsl:variable name="t_dir" select="substring(dir,1,3)"/> + <xsl:variable name="t_spi" select="substring(spi,1,8)"/> + <xsl:variable name="t_esp_encrypt" select="substring(esp_encrypt,1,10)"/> + <xsl:variable name="t_esp_hash" select="substring(esp_hash,1,10)"/> + <xsl:variable name="t_active_time" select="substring(active_time,1,6)"/> + <xsl:variable name="t_keylife" select="substring(keylife,1,6)"/> + + <xsl:value-of select="$t_peer_ip"/> + <xsl:value-of select="substring($pad16,1,$pad16_len - string-length($t_peer_ip))"/> + <xsl:value-of select="$t_tunnel"/> + <xsl:value-of select="substring($pad8,1,$pad8_len - string-length($t_tunnel))"/> + <xsl:value-of select="$t_dir"/> + <xsl:value-of select="substring($pad4,1,$pad4_len - string-length($t_dir))"/> + <xsl:value-of select="$t_spi"/> + <xsl:value-of select="substring($pad9,1,$pad9_len - string-length($t_spi))"/> + <xsl:value-of select="$t_esp_encrypt"/> + <xsl:value-of select="substring($pad11,1,$pad11_len - string-length($t_esp_encrypt))"/> + <xsl:value-of select="$t_esp_hash"/> + <xsl:value-of select="substring($pad11,1,$pad11_len - string-length($t_esp_hash))"/> + <xsl:if test="../nat_traversal='enabled'"><xsl:text>Yes </xsl:text></xsl:if> + <xsl:if test="../nat_traversal='disabled'"><xsl:text>No </xsl:text></xsl:if> + <xsl:value-of select="$t_active_time"/> + <xsl:value-of select="substring($pad7,1,$pad7_len - string-length($t_active_time))"/> + <xsl:value-of select="$t_keylife"/> + <xsl:text>&newln;</xsl:text> + </xsl:otherwise> + </xsl:choose> + </xsl:template> +</xsl:stylesheet> + diff --git a/src/xsl/show_vpn_ipsec_sa_statistics.xsl b/src/xsl/show_vpn_ipsec_sa_statistics.xsl new file mode 100644 index 0000000..a1fe889 --- /dev/null +++ b/src/xsl/show_vpn_ipsec_sa_statistics.xsl @@ -0,0 +1,62 @@ +<?xml version="1.0"?> +<!DOCTYPE stylesheet [ +<!ENTITY newln " "> +]> + +<!-- /* + * Copyright 2007, Vyatta, Inc. + * + * GNU General Public License + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + * + * Module: show_ipsec_sa_statistics.xsl + * + * Author: Mike Horn, Marat Nepomnyashy + * Date: 2007 + * + */ --> + +<!--XSL template for formatting the "show ipsec sa statistics" command output--> + +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> + +<xsl:variable name="pad4" select="' '"/> +<xsl:variable name="pad4_len" select="string-length($pad4)"/> +<xsl:variable name="pad16" select="' '"/> +<xsl:variable name="pad16_len" select="string-length($pad16)"/> +<xsl:variable name="pad19" select="' '"/> +<xsl:variable name="pad19_len" select="string-length($pad19)"/> + +<xsl:template match="/"> +<xsl:text>&newln;</xsl:text> +<xsl:text>Peer IP Dir SRC Network DST Network Bytes</xsl:text> +<xsl:text>&newln;</xsl:text> +<xsl:text>------- --- ----------- ----------- -----</xsl:text> +<xsl:text>&newln;</xsl:text> +<xsl:for-each select="opcommand/format/peer/setkey"> + <xsl:value-of select="../peer_ip"/> + <xsl:value-of select="substring($pad16,1,$pad16_len - string-length(../peer_ip))"/> + <xsl:value-of select="dir"/> + <xsl:value-of select="substring($pad4,1,$pad4_len - string-length(dir))"/> + <xsl:value-of select="left"/> + <xsl:value-of select="substring($pad19,1,$pad19_len - string-length(left))"/> + <xsl:value-of select="right"/> + <xsl:value-of select="substring($pad19,1,$pad19_len - string-length(right))"/> + <xsl:value-of select="bytes"/> + <xsl:text>&newln;</xsl:text> +</xsl:for-each> +</xsl:template> +</xsl:stylesheet> diff --git a/src/xsl/show_vpn_ipsec_status.xsl b/src/xsl/show_vpn_ipsec_status.xsl new file mode 100644 index 0000000..d56ef1e --- /dev/null +++ b/src/xsl/show_vpn_ipsec_status.xsl @@ -0,0 +1,57 @@ +<?xml version="1.0"?> +<!DOCTYPE stylesheet [ +<!ENTITY newln " "> +]> + +<!-- /* + * Copyright 2007, Vyatta, Inc. + * + * GNU General Public License + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + * + * Module: show_vpn_ipsec_status.xsl + * + * Author: Mike Horn, Marat Nepomnyashy + * Date: 2007 + * + */ --> + +<!--XSL template for formatting the "show ipsec status" command output--> + +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:variable name="pad2" select="' '"/> +<xsl:variable name="pad2_len" select="string-length($pad2)"/> +<xsl:variable name="pad8" select="' '"/> +<xsl:variable name="pad8_len" select="string-length($pad8)"/> +<xsl:template match="/"> +<xsl:variable name="pluto_pid" select="opcommand/format/pluto_pid" /> +<xsl:choose> +<xsl:when test="string($pluto_pid)"> +IPSec Process Running PID: <xsl:value-of select="$pluto_pid" /><xsl:text>&newln;</xsl:text><xsl:text>&newln;</xsl:text> +<xsl:value-of select="//opcommand/format/setup_status_tunnels" /> Active IPsec Tunnels<xsl:text>&newln;</xsl:text> +IPsec Interfaces: +<xsl:for-each select="opcommand/format/auto_status_interface"> +<xsl:value-of select="$pad2"/> +<xsl:value-of select="iface"/><xsl:value-of select="substring($pad8,1,$pad8_len - string-length(iface))"/>(<xsl:value-of select="address"/>) +</xsl:for-each> +</xsl:when> +<xsl:otherwise> +IPSec Process NOT Running +</xsl:otherwise> +</xsl:choose> +</xsl:template> +</xsl:stylesheet> + diff --git a/src/xsl_processor.cc b/src/xsl_processor.cc new file mode 100644 index 0000000..f40b611 --- /dev/null +++ b/src/xsl_processor.cc @@ -0,0 +1,76 @@ +/** + * Module: xsl_processor.cc + * + * Author: Michael Larson + * Date: 2005 + */ +#include <string> +#include <iostream> +#include <sablot.h> +#include "xsl_processor.hh" + +using namespace std; + +/** + * + **/ +XSLProcessor::XSLProcessor(bool debug) : _debug(debug) +{ + +} + +/** + * + **/ +XSLProcessor::~XSLProcessor() +{ + +} + +/** + * + **/ +std::string +XSLProcessor::transform(const string &input, const string &xsl, const list<pair<string,string> > & listParams) +{ + if (_debug) { + cout << "input to xsl processor: " << endl << input << endl << xsl << endl; + } + + //for now we'll dump this into a file, but this will have to change soon. + string formatted_output; + + //example below from http://www.gingerall.org/ga/html/sablot/sparse-frameset.html + SablotSituation S; + SablotHandle proc; + SDOM_Document xml; + + SablotCreateSituation(&S); + + SablotParseBuffer(S, input.c_str(), &xml); + + SablotCreateProcessorForSituation(S, &proc); + SablotAddArgTree(S, proc, "data", xml); + list<pair<string, string> >::const_iterator i = listParams.begin(); + list<pair<string, string> >::const_iterator iEnd = listParams.end(); + while (i != iEnd) { + SablotAddParam(S, proc, i->first.c_str(), i->second.c_str()); + i++; + } + SablotRunProcessorGen(S, proc, xsl.c_str(), "arg:/data", "arg:/out"); + + char *result; + SablotGetResultArg(proc, "arg:/out", &result); + + formatted_output = result; + + //now strip away the first line + int pos = formatted_output.find("\n"); + formatted_output = formatted_output.substr(pos + 1, formatted_output.length() - pos - 1); + + SablotFree(result); + SablotDestroyProcessor(proc); + SablotDestroySituation(S); + + return formatted_output; +} diff --git a/src/xsl_processor.hh b/src/xsl_processor.hh new file mode 100644 index 0000000..ac9b047 --- /dev/null +++ b/src/xsl_processor.hh @@ -0,0 +1,28 @@ +/** + * Module: xsl_processor.hh + * + * Author: Michael Larson + * Date: 2005 + */ +#ifndef __XSL_PROCESSOR_HH__ +#define __XSL_PROCESSOR_HH__ + +#include <list> +#include <string> +#include <utility> + + +class XSLProcessor +{ +public: + XSLProcessor(bool debug); + ~XSLProcessor(); + + std::string + transform(const std::string &input, const std::string &xsl, const std::list<std::pair<std::string, std::string> > & listParams); + +private: + bool _debug; +}; + +#endif //__XSL_PROCESSOR_HH__ |