summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/vpnprof/OPMode.pm55
-rw-r--r--scripts/vyatta-dmvpn-op.pl22
-rw-r--r--scripts/vyatta-op-vpnprof.pl5
-rw-r--r--templates/show/vpn/ipsec/sa/detail/node.def1
-rw-r--r--templates/show/vpn/ipsec/sa/detail/profile/node.def1
-rw-r--r--templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def3
-rw-r--r--templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def1
-rw-r--r--templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def3
-rw-r--r--templates/show/vpn/ipsec/sa/statistics/node.def1
-rw-r--r--templates/show/vpn/ipsec/sa/statistics/profile/node.def1
-rw-r--r--templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def3
-rw-r--r--templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def1
-rw-r--r--templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def3
13 files changed, 96 insertions, 4 deletions
diff --git a/lib/vpnprof/OPMode.pm b/lib/vpnprof/OPMode.pm
index 00c1ffd..6af2a37 100644
--- a/lib/vpnprof/OPMode.pm
+++ b/lib/vpnprof/OPMode.pm
@@ -572,6 +572,12 @@ sub show_ipsec_sa_detail
display_ipsec_sa_detail(\%tunnel_hash);
}
+sub show_ipsec_sa_stats
+{
+ my %tunnel_hash = get_tunnel_info();
+ display_ipsec_sa_stats(\%tunnel_hash);
+}
+
sub show_ipsec_sa_profile
{
my $profile = pop(@_);
@@ -820,4 +826,53 @@ sub display_ipsec_sa_detail
print "\n";
}
}
+
+sub display_ipsec_sa_stats
+{
+ my %th = %{pop(@_)};
+ my $listref = [];
+ my %tunhash = ();
+ my $myid = undef;
+ my $peerid = undef;
+ for my $connectid (keys %th){
+ my $lip = conv_ip($th{$connectid}->{_lip});
+ $peerid = conv_ip($th{$connectid}->{_rip});
+ my $tunnel = "$peerid-$lip";
+
+ if (not exists $tunhash{$tunnel}) {
+ $tunhash{$tunnel}={
+ _configpeer => conv_id_rev($th{$connectid}->{_peerid}),
+ _tunnels => []
+ };
+ }
+ my @tmp = ( $th{$connectid}->{_tunnelnum},
+ $th{$connectid}->{_lsnet},
+ $th{$connectid}->{_rsnet},
+ $th{$connectid}->{_inbytes},
+ $th{$connectid}->{_outbytes} );
+ push (@{$tunhash{$tunnel}->{_tunnels}}, [ @tmp ]);
+ }
+ for my $connid (keys %tunhash){
+ print <<EOH;
+Peer ID / IP Local ID / IP
+------------ -------------
+EOH
+ (my $peerid, my $myid) = $connid =~ /(.*?)-(.*)/;
+ printf "%-39s %-39s\n", $peerid, $myid;
+ print <<EOH;
+
+ Tunnel Dir Source Network Destination Network Bytes
+ ------ --- -------------- ------------------- -----
+EOH
+ for my $tunnel (tunSort(@{$tunhash{$connid}->{_tunnels}})){
+ (my $tunnum, my $srcnet, my $dstnet,
+ my $inbytes, my $outbytes) = @{$tunnel};
+ printf " %-6s %-3s %-28s %-28s %-8s\n",
+ $tunnum, 'in', $dstnet, $srcnet, $inbytes;
+ printf " %-6s %-3s %-28s %-28s %-8s\n",
+ $tunnum, 'out', $srcnet, $dstnet, $outbytes;
+ }
+ print "\n \n";
+ }
+}
1;
diff --git a/scripts/vyatta-dmvpn-op.pl b/scripts/vyatta-dmvpn-op.pl
index 4a33498..8f27596 100644
--- a/scripts/vyatta-dmvpn-op.pl
+++ b/scripts/vyatta-dmvpn-op.pl
@@ -33,16 +33,30 @@ sub clear_tunnel {
print "Resetting tunnel $tunnel with profile $profile...\n";
# turn down the connection
- `sudo ipsec down dmvpn-$profile-tunnel-$tunnel`;
+ `sudo ipsec down vpnprof-tunnel-$tunnel`;
# sleep for 1/4th of a second for connection to go down
`sudo sleep 0.25`;
- # turn connection up
- `sudo ipsec up dmvpn-$profile-tunnel-$tunnel`;
+ # turn connection up. For conns with 'right=%any' it's useless to up, so commented it
+ #`sudo ipsec up vpnprof-tunnel-$tunnel`;
# sleep for 3/4th of a second for connection to come up
- `sudo sleep 0.75`;
+ #`sudo sleep 0.75`;
+
+ my @addresses = split(' ', `cli-shell-api returnActiveValues interfaces tunnel $tunnel address`);
+ for my $addr (@addresses) {
+ $addr =~ /'(.*)\.(.*)\.(.*)\.(.*)\//;
+ my $pattern = "$1.$2.$3.$4-to-";
+ my $line = `sudo ipsec statusall | grep $pattern | head -n 1`;
+ if ($line =~ /\"(.*-to-.*)\"/) {
+ my $conn = $1;
+ `sudo ipsec down $conn`;
+ #Actually, we don't need timeouts here cause this script will wait child process to be finished.
+ `sudo ipsec up $conn`;
+ }
+ }
+
}
if ($op eq '') {
diff --git a/scripts/vyatta-op-vpnprof.pl b/scripts/vyatta-op-vpnprof.pl
index 2f173fb..3988e04 100644
--- a/scripts/vyatta-op-vpnprof.pl
+++ b/scripts/vyatta-op-vpnprof.pl
@@ -24,6 +24,7 @@ GetOptions("show-ipsec-sa!" => \$show_ipsec_sa,
"show-ipsec-sa-profile-detail=s" => \$show_ipsec_sa_profile_detail,
"show-ipsec-sa-stats!" => \$show_ipsec_sa_stats,
"show-ipsec-sa-stats-profile=s" => \$show_ipsec_sa_stats_profile,
+ "show-ipsec-sa-stats-conn=s{2}" => \@show_ipsec_sa_stats_conn,
"show-ipsec-sa-conn-detail=s{2}" => \@show_ipsec_sa_conn_detail,
"show-ipsec-sa-conn=s{2}" => \@show_ipsec_sa_conn);
@@ -57,3 +58,7 @@ if (defined $show_ipsec_sa_stats) {
if (defined $show_ipsec_sa_stats_profile) {
Vyatta::vpnprof::OPMode::show_ipsec_sa_stats_profile($show_ipsec_sa_stats_profile);
}
+if (defined @show_ipsec_sa_stats_conn) {
+ Vyatta::vpnprof::OPMode::show_ipsec_sa_stats_conn(@show_ipsec_sa_stats_conn);
+}
+
diff --git a/templates/show/vpn/ipsec/sa/detail/node.def b/templates/show/vpn/ipsec/sa/detail/node.def
index 1fb13e4..1397817 100644
--- a/templates/show/vpn/ipsec/sa/detail/node.def
+++ b/templates/show/vpn/ipsec/sa/detail/node.def
@@ -1,2 +1,3 @@
help: Show details for all active IPsec Security Associations (SA)
run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-detail
+ sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-detail
diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.def
new file mode 100644
index 0000000..00a4e7c
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/detail/profile/node.def
@@ -0,0 +1 @@
+help: Show details for all active IPsec Security Associations (SA) for a profile
diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def
new file mode 100644
index 0000000..fbb6218
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def
@@ -0,0 +1,3 @@
+help: Show details for all active IPsec Security Associations (SA) for a profile
+allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli
+run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-profile-detail="$7"
diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def
new file mode 100644
index 0000000..58100d8
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def
@@ -0,0 +1 @@
+help: Show details for the active IPsec Security Association (SA) for a tunnel bound to profile
diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def
new file mode 100644
index 0000000..ac5fd14
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def
@@ -0,0 +1,3 @@
+help: Show details for the active IPsec Security Associations (SA) for a tunnel bound to profile
+allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]}
+run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-conn-detail $7 $9
diff --git a/templates/show/vpn/ipsec/sa/statistics/node.def b/templates/show/vpn/ipsec/sa/statistics/node.def
index ad7c5d8..84fa4b7 100644
--- a/templates/show/vpn/ipsec/sa/statistics/node.def
+++ b/templates/show/vpn/ipsec/sa/statistics/node.def
@@ -1,2 +1,3 @@
help: Show statistics of all active tunnels that have IPsec Security Associations (SA)
run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats
+ sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats
diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.def
new file mode 100644
index 0000000..7b5e040
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/statistics/profile/node.def
@@ -0,0 +1 @@
+help: Show stats for all active IPsec Security Associations (SA) for a profile
diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def
new file mode 100644
index 0000000..9d49f44
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def
@@ -0,0 +1,3 @@
+help: Show stats for all active IPsec Security Associations (SA) for a profile
+allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli
+run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-profile="$7"
diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def
new file mode 100644
index 0000000..4b131c5
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def
@@ -0,0 +1 @@
+help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile
diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def
new file mode 100644
index 0000000..b8aa7dc
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def
@@ -0,0 +1,3 @@
+help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile
+allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]}
+run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-conn $7 $9