diff options
| author | John Southworth <john.southworth@vyatta.com> | 2011-01-31 11:46:21 -0600 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2011-01-31 11:46:21 -0600 |
| commit | b9d4ff8b2b7cff31131738be79b2ec4552e9bdde (patch) | |
| tree | 8e9f2962fcdd55205dba4cff8f1659313d4b876c | |
| parent | 6b63b26018f307a9a5e1314713aa9ae0c746ba1a (diff) | |
| download | vyatta-op-vpn-b9d4ff8b2b7cff31131738be79b2ec4552e9bdde.tar.gz vyatta-op-vpn-b9d4ff8b2b7cff31131738be79b2ec4552e9bdde.zip | |
Work on new IPsec operational mode script. Integrate with more CLI commands
12 files changed, 69 insertions, 15 deletions
diff --git a/scripts/vyatta-op-vpn.pl b/scripts/vyatta-op-vpn.pl index 67a9c5b..7a1f19f 100755 --- a/scripts/vyatta-op-vpn.pl +++ b/scripts/vyatta-op-vpn.pl @@ -187,7 +187,15 @@ sub get_peers_for_cli { my %tunnel_hash = get_tunnel_info(); for my $peer ( keys %tunnel_hash ) { - print %{$tunnel_hash{$peer}}->{_rightid}."\n" + print %{$tunnel_hash{$peer}}->{_rightid}."\n"; + } +} + +sub get_conn_for_cli +{ + my %tunnel_hash = get_tunnel_info(); + for my $peer ( keys %tunnel_hash ) { + print "$peer\n"; } } @@ -219,6 +227,7 @@ sub show_ipsec_sa_peer display_ipsec_sa_brief(\%tmphash); } + sub show_ipsec_sa_stats_peer { my %tunnel_hash = get_tunnel_info(); @@ -237,6 +246,19 @@ sub show_ipsec_sa_stats_peer } +sub show_ipsec_sa_stats_conn +{ + my %tunnel_hash = get_tunnel_info(); + my %tmphash = (); + my $peerid = pop(@_); + for my $peer ( keys %tunnel_hash ) { + if ($peer eq $peerid){ + $tmphash{$peer} = \%{$tunnel_hash{$peer}}; + } + } + display_ipsec_sa_stats(\%tmphash); +} + sub show_ipsec_sa_peer_detail { my %tunnel_hash = get_tunnel_info(); @@ -255,6 +277,20 @@ sub show_ipsec_sa_peer_detail } +sub show_ipsec_sa_conn_detail +{ + my %tunnel_hash = get_tunnel_info(); + my %tmphash = (); + my $peerid = pop(@_); + for my $peer ( keys %tunnel_hash ) { + if ($peer eq $peerid){ + $tmphash{$peer} = \%{$tunnel_hash{$peer}}; + } + } + display_ipsec_sa_detail(\%tmphash); + +} + sub show_ipsec_sa_natt { my %tunnel_hash = get_tunnel_info(); @@ -632,16 +668,19 @@ EOH } ## CLI options get processed here -my ($get_peers_for_cli, $show_ipsec_sa, $show_ipsec_sa_detail, , $show_ipsec_sa_peer, $show_ipsec_sa_peer_detail, $show_ipsec_sa_natt, $show_ipsec_sa_stats, $show_ipsec_sa_stats_peer, $show_ike_sa, $show_ike_sa_peer, $show_ike_sa_natt, $show_ike_secrets); +my ($get_peers_for_cli, $get_conn_for_cli, $show_ipsec_sa, $show_ipsec_sa_detail, , $show_ipsec_sa_peer, $show_ipsec_sa_peer_detail, $show_ipsec_sa_natt, $show_ipsec_sa_stats, $show_ipsec_sa_stats_peer, $show_ike_sa, $show_ike_sa_peer, $show_ike_sa_natt, $show_ike_secrets, $show_ipsec_sa_conn_detail, $show_ipsec_sa_stats_conn); GetOptions("show-ipsec-sa!" => \$show_ipsec_sa, "show-ipsec-sa-detail!" => \$show_ipsec_sa_detail, "get-peers-for-cli!" => \$get_peers_for_cli, + "get-conn-for-cli!" => \$get_conn_for_cli, "show-ipsec-sa-peer=s" => \$show_ipsec_sa_peer, "show-ipsec-sa-peer-detail=s" => \$show_ipsec_sa_peer_detail, "show-ipsec-sa-natt!" => \$show_ipsec_sa_natt, "show-ipsec-sa-stats!" => \$show_ipsec_sa_stats, "show-ipsec-sa-stats-peer=s" => \$show_ipsec_sa_stats_peer, + "show-ipsec-sa-stats-conn=s" => \$show_ipsec_sa_stats_conn, + "show-ipsec-sa-conn-detail=s"=> \$show_ipsec_sa_conn_detail, "show-ike-sa!" => \$show_ike_sa, "show-ike-sa-peer=s" => \$show_ike_sa_peer, "show-ike-sa-natt!" => \$show_ike_sa_natt, @@ -650,6 +689,9 @@ GetOptions("show-ipsec-sa!" => \$show_ipsec_sa, if (defined $get_peers_for_cli) { get_peers_for_cli; } +if (defined $get_conn_for_cli) { + get_conn_for_cli; +} if (defined $show_ipsec_sa) { show_ipsec_sa; } @@ -662,6 +704,9 @@ if (defined $show_ipsec_sa_peer) { if (defined $show_ipsec_sa_peer_detail) { show_ipsec_sa_peer_detail($show_ipsec_sa_peer_detail); } +if (defined $show_ipsec_sa_conn_detail) { + show_ipsec_sa_conn_detail($show_ipsec_sa_conn_detail); +} if (defined $show_ipsec_sa_natt) { show_ipsec_sa_natt; } @@ -671,6 +716,9 @@ if (defined $show_ipsec_sa_stats) { if (defined $show_ipsec_sa_stats_peer) { show_ipsec_sa_stats_peer($show_ipsec_sa_stats_peer); } +if (defined $show_ipsec_sa_stats_conn) { + show_ipsec_sa_stats_conn($show_ipsec_sa_stats_conn); +} if (defined $show_ike_sa) { show_ike_sa; } diff --git a/templates/show/vpn/ike/sa/peer/node.def b/templates/show/vpn/ike/sa/peer/node.def index 73c39e4..c1ff1fb 100644 --- a/templates/show/vpn/ike/sa/peer/node.def +++ b/templates/show/vpn/ike/sa/peer/node.def @@ -1 +1 @@ -help: Show all currently active IKE Security Associations (SA) for a specific peer +help: Show all currently active IKE Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/detail/connection/node.def b/templates/show/vpn/ipsec/sa/detail/connection/node.def index 5c642fa..05b45cf 100644 --- a/templates/show/vpn/ipsec/sa/detail/connection/node.def +++ b/templates/show/vpn/ipsec/sa/detail/connection/node.def @@ -1 +1 @@ -help: Show detailed all active IPsec Security Associations (SA) for a specific connection +help: Show details for all active IPsec Security Associations (SA) for a connection diff --git a/templates/show/vpn/ipsec/sa/detail/connection/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/connection/node.tag/node.def index c38a84c..5dd62a7 100644 --- a/templates/show/vpn/ipsec/sa/detail/connection/node.tag/node.def +++ b/templates/show/vpn/ipsec/sa/detail/connection/node.tag/node.def @@ -1,5 +1,3 @@ -help: Show detailed all active IPsec Security Associations (SA) for a specific connection - -run: sudo /opt/vyatta/bin/sudo-users/command_proc_show_vpn show_vpn_ipsec_sa.xsl --pname detail --pval y --pname conn --pval "$7" - -allowed: sudo /usr/sbin/ipsec status | grep '000 "peer-' | perl -p -e 's/^000 "([^"]*)":\s.*/\1/' | sort -u +help: Show details for all active IPsec Security Associations (SA) for a connection +allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli +run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-conn-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/node.def b/templates/show/vpn/ipsec/sa/detail/node.def index d5307a5..1fb13e4 100644 --- a/templates/show/vpn/ipsec/sa/detail/node.def +++ b/templates/show/vpn/ipsec/sa/detail/node.def @@ -1,2 +1,2 @@ -help: Show detailed all active IPsec Security Associations (SA) +help: Show details for all active IPsec Security Associations (SA) run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-detail diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.def index 61a0e78..bbb34b8 100644 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.def +++ b/templates/show/vpn/ipsec/sa/detail/peer/node.def @@ -1 +1 @@ -help: Show detailed all active IPsec Security Associations (SA) for a specific peer +help: Show details for all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def index 6e43c91..cad43ba 100644 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def +++ b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def @@ -1,3 +1,3 @@ -help: Show detailed all active IPsec Security Associations (SA) for a specific peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=get-all-peers -run: sudo /opt/vyatta/bin/sudo-users/command_proc_show_vpn show_vpn_ipsec_sa.xsl --pname detail --pval y --pname peer --pval "$7" +help: Show details for all active IPsec Security Associations (SA) for a peer +allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/peer/node.def b/templates/show/vpn/ipsec/sa/peer/node.def index 089fa5a..7e5e913 100644 --- a/templates/show/vpn/ipsec/sa/peer/node.def +++ b/templates/show/vpn/ipsec/sa/peer/node.def @@ -1 +1 @@ -help: Show all active IPsec Security Associations (SA) for a specific peer +help: Show all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/statistics/connection/node.def b/templates/show/vpn/ipsec/sa/statistics/connection/node.def new file mode 100644 index 0000000..c88c2d0 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/connection/node.def @@ -0,0 +1 @@ +help: Show stats for all active IPsec Security Associations (SA) for a connection diff --git a/templates/show/vpn/ipsec/sa/statistics/connection/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/connection/node.tag/node.def new file mode 100644 index 0000000..4338e0c --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/connection/node.tag/node.def @@ -0,0 +1,3 @@ +help: Show stats for all active IPsec Security Associations (SA) for a connection +allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli +run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats-conn="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.def new file mode 100644 index 0000000..b104a83 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/peer/node.def @@ -0,0 +1 @@ +help: Show stats for all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def new file mode 100644 index 0000000..758333e --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def @@ -0,0 +1,3 @@ +help: Show stats for all active IPsec Security Associations (SA) for a peer +allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats-peer="$7" |