diff options
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | src/command_proc_base.hh | 82 | ||||
| -rw-r--r-- | src/command_proc_show_vpn.cc | 829 | ||||
| -rw-r--r-- | src/command_proc_show_vpn.hh | 222 | ||||
| -rw-r--r-- | src/rl_str_proc.cc | 98 | ||||
| -rw-r--r-- | src/rl_str_proc.hh | 32 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ike_sa.xsl | 107 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ike_secrets.xsl | 61 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ike_status.xsl | 48 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ipsec_sa.xsl | 160 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ipsec_sa_statistics.xsl | 62 | ||||
| -rw-r--r-- | src/xsl/show_vpn_ipsec_status.xsl | 57 | ||||
| -rw-r--r-- | src/xsl_processor.cc | 76 | ||||
| -rw-r--r-- | src/xsl_processor.hh | 28 |
14 files changed, 1 insertions, 1863 deletions
diff --git a/debian/control b/debian/control index 6f5cdbb..716fae5 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper (>= 5), autotools-dev, libsablot0-dev (>= 1.0.3-1) Standards-Version: 3.7.2 Package: vyatta-op-vpn -Architecture: any +Architecture: all Depends: vyatta-op, vyatta-bash | bash (>= 3.1), vyatta-cfg-vpn, diff --git a/src/command_proc_base.hh b/src/command_proc_base.hh deleted file mode 100644 index d9820a8..0000000 --- a/src/command_proc_base.hh +++ /dev/null @@ -1,82 +0,0 @@ -/** - * Module: command_proc_base.hh - * - * Author: Michael Larson - * Date: 2005 - * Description: - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation; either version 2 of the License, - * or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - * - * Copyright 2006, Vyatta, Inc. - */ -#ifndef __COMMAND_PROC_BASE_HH__ -#define __COMMAND_PROC_BASE_HH__ - -#include <assert.h> -#include <vector> -#include <list> -#include <string> - -#define UNUSED(var) assert(sizeof(var) != 0) - - -/** - * Derive from this class when you want to create a new unformatted to xml processing implementation. - * - **/ -class CommandProcBase -{ -public: - typedef std::vector<std::string> StringColl; - typedef std::vector<std::string>::iterator StringIter; - -public: - CommandProcBase() {;} - virtual ~CommandProcBase() {;} - - /** - * - **/ - virtual std::string - process(const std::string &cmd, bool debug, std::string &reason) = 0; - - /** - * - **/ - static std::string - name() {return std::string("");} - - /** - * - **/ - virtual bool - is_valid() = 0; - - /** - * - **/ - virtual std::string - xsl() {return _xsl;} - -protected: //method - std::list<std::string> - tokenize(const std::string &line); - -protected: - std::string _xsl; -}; - -#endif diff --git a/src/command_proc_show_vpn.cc b/src/command_proc_show_vpn.cc deleted file mode 100644 index 7e1d43d..0000000 --- a/src/command_proc_show_vpn.cc +++ /dev/null @@ -1,829 +0,0 @@ -/** - * Module: command_proc_show_vpn.cc - * - * Author(s): Michael Larson, Marat Nepomnyashy - * Date: 2008 - * Description: - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation; either version 2 of the License, - * or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - * - * Copyright 2008, Vyatta, Inc. - */ - -#include <stdio.h> -#include <iostream> -#include <list> -#include <string> -#include <dirent.h> -#include <string.h> -#include <stdlib.h> -//#include "config.h" -#include "rl_str_proc.hh" -//#include <librl_common/rl_interface.hh> -#include "command_proc_show_vpn.hh" -#include "xsl_processor.hh" - -using namespace std; - -int main(int argc, char ** argv) { - - //Build out string request based on the number of argcs. - string request; - bool debug = false; - for (int i = 1; i < argc; ++i) { - if (strcmp((const char *)argv[i], "--debug") == 0) { - debug = true; - } else { - request += string(argv[i]) + string(" "); - } - } - if (debug) { - cout << "request: " << request << endl; - } - - - CommandProcShowVPN proc; - - // process command and create xml output - string reason; - string xml_out = proc.process(request, debug, reason); - if (debug) { - cout << "output xml:" << endl << xml_out << endl; - } - - if (xml_out.empty() == true) { - cout << reason << endl; - exit(0); - } - - bool catch_param_name = false; - bool catch_param_val = false; - string param_name; - string param_val; - list<pair<string,string> > listParams; - for (int i = 1; i < argc; ++i) { - if (strcmp(argv[i], "--pname") == 0) { - catch_param_name = true; - catch_param_val = false; - param_name = ""; - param_val = ""; - } else if (strcmp(argv[i], "--pval") == 0) { - catch_param_name = false; - catch_param_val = true; - param_val = ""; - } else { - if (catch_param_name) { - param_name = argv[i]; - catch_param_name = false; - } - if (catch_param_val) { - param_val = argv[i]; - catch_param_val = false; - } - } - if (param_name.length() > 0 && param_val.length() > 0) { - listParams.push_back(pair<string,string>(param_name, param_val)); - param_name = ""; - param_val = ""; - } - } - - - XSLProcessor xsl_processor(debug); - - cout << xsl_processor.transform(xml_out, proc.xsl(), listParams) << endl; -} - - - -/** - * - **/ -CommandProcShowVPN::CommandProcShowVPN() : CommandProcBase() -{ - string str; - for (int i = 0; i < 8; ++i) { - _pad.push_back(str); - str += "0"; - } -} - -/** - * - **/ -CommandProcShowVPN::~CommandProcShowVPN() -{ - list<Peer*>::iterator i = _peers.begin(); - const list<Peer*>::const_iterator iEnd = _peers.end(); - while (i != iEnd) { - delete *i; - *i = NULL; - i++; - } -} - -/** - * - **/ -std::string -CommandProcShowVPN::process(const string &cmd, bool debug, string &reason) -{ - UNUSED(reason); - char buf[2048]; - string ipsec_cmd; - FILE *f; - StrProc proc_str(cmd, " "); - - _xsl = XSLDIR "/" + proc_str.get(0); - - - _xml_out << "<opcommand name='vpn'><format type='row'>"; - - - -// ipsec eroute -// ipsec spi -// ipsec spigrp -// ipsec spi status -// ipsec setup --status -// ipsec statusall - - ipsec_cmd = "cat /etc/ipsec.secrets"; - f = popen(ipsec_cmd.c_str(), "r"); - if (f) { - while(fgets(buf, 2047, f) != NULL) { - string line(buf); - convert_to_xml_secrets(line, debug); - } - if (pclose(f) != 0) { - return string(""); - } - } - - ipsec_cmd = "cat /var/run/pluto.pid 2>/dev/null"; - f = popen(ipsec_cmd.c_str(), "r"); - if (f) { - while(fgets(buf, 2047, f) != NULL) { - string line(buf); - convert_to_xml_pluto_pid(line, debug); - } - if (pclose(f) != 0) { - reason = "VPN is not running"; - return string(""); - } - } - - process_conf(debug); - - ipsec_cmd = "ipsec statusall"; - f = popen(ipsec_cmd.c_str(), "r"); - if (f) { - while(fgets(buf, 2047, f) != NULL) { - string line(buf); - convert_to_xml_auto_status(line, debug); - } - if (pclose(f) != 0) { - return string(""); - } - } - - convert_to_xml_setkey_d(debug); - - std::list<Peer*>::const_iterator i = _peers.begin(); - const std::list<Peer*>::const_iterator iEnd = _peers.end(); - while (i != iEnd) { - const Peer * p_peer = *i; - if (p_peer != NULL) { - _xml_out << "<peer>"; - _xml_out << "<left_ip>" << p_peer->_left_ip << "</left_ip>"; - _xml_out << "<right_ip>" << p_peer->_right_ip << "</right_ip>"; - _xml_out << "<peer_ip>" << p_peer->_left_ip << "</peer_ip>"; - _xml_out << "<ike_encrypt>" << p_peer->_ike_encrypt << "</ike_encrypt>"; - _xml_out << "<ike_hash>" << p_peer->_ike_hash << "</ike_hash>"; - _xml_out << "<ike_dh>" << p_peer->_ike_dh << "</ike_dh>"; - _xml_out << "<ike_activetime>" << ((p_peer->_ike_state == "up") ? (p_peer->_ike_seconds_lifetime - p_peer->_ike_seconds_lifetime_left) : 0) << "</ike_activetime>"; - _xml_out << "<ike_lifetime>" << p_peer->_ike_seconds_lifetime << "</ike_lifetime>"; - _xml_out << "<ike_state>" << p_peer->_ike_state << "</ike_state>"; - _xml_out << "<nat_traversal>" << (p_peer->_nat_trav ? "enabled" : "disabled") << "</nat_traversal>"; - if (p_peer->_nat_trav) { - _xml_out << "<nat_src_port>" << p_peer->_nat_src_port << "</nat_src_port>"; - _xml_out << "<nat_dst_port>" << p_peer->_nat_dst_port << "</nat_dst_port>"; - } else { - _xml_out << "<nat_src_port>n/a</nat_src_port>"; - _xml_out << "<nat_dst_port>n/a</nat_dst_port>"; - } - - std::map<std::string, Tunnel*>::const_iterator iter = p_peer->getConstPeerTunnels().getConstTunnelsMap().begin(); - const std::map<std::string, Tunnel*>::const_iterator iterEnd = p_peer->getConstPeerTunnels().getConstTunnelsMap().end(); - while (iter != iterEnd) { - Tunnel * p_tunnel = iter->second; - if (p_tunnel != NULL) { - //first do the in direction - _xml_out << "<setkey>"; - _xml_out << "<conn_name>" << iter->first << "</conn_name>"; - _xml_out << "<tunnel>" << p_tunnel->_tunnel_number << "</tunnel>"; - _xml_out << "<dir>in</dir>"; - _xml_out << "<spi>" << p_tunnel->_in._session_id << "</spi>"; - _xml_out << "<esp_encrypt>" << p_tunnel->_esp_encrypt << "</esp_encrypt>"; - _xml_out << "<esp_hash>" << p_tunnel->_esp_hash << "</esp_hash>"; - _xml_out << "<pfs_group>" << p_tunnel->_pfs_group << "</pfs_group>"; - _xml_out << "<active_time>" << p_tunnel->_in._active_time << "</active_time>"; - _xml_out << "<bytes>" << p_tunnel->_in._bytes << "</bytes>"; - _xml_out << "<keylife>" << p_tunnel->_keylife << "</keylife>"; - _xml_out << "<left>" << p_tunnel->_left_net << "</left>"; - _xml_out << "<right>" << p_tunnel->_right_net << "</right>"; - _xml_out << "<esp_state>" << p_tunnel->_esp_state << "</esp_state>"; - _xml_out << "</setkey>"; - - //now do the out direction - _xml_out << "<setkey>"; - _xml_out << "<conn_name>" << iter->first << "</conn_name>"; - _xml_out << "<tunnel>" << p_tunnel->_tunnel_number << "</tunnel>"; - _xml_out << "<dir>out</dir>"; - _xml_out << "<spi>" << p_tunnel->_out._session_id << "</spi>"; - _xml_out << "<esp_encrypt>" << p_tunnel->_esp_encrypt << "</esp_encrypt>"; - _xml_out << "<esp_hash>" << p_tunnel->_esp_hash << "</esp_hash>"; - _xml_out << "<pfs_group>" << p_tunnel->_pfs_group << "</pfs_group>"; - _xml_out << "<active_time>" << p_tunnel->_out._active_time << "</active_time>"; - _xml_out << "<bytes>" << p_tunnel->_out._bytes << "</bytes>"; - _xml_out << "<keylife>" << p_tunnel->_keylife << "</keylife>"; - _xml_out << "<left>" << p_tunnel->_right_net << "</left>"; - _xml_out << "<right>" << p_tunnel->_left_net << "</right>"; - _xml_out << "<esp_state>" << p_tunnel->_esp_state << "</esp_state>"; - _xml_out << "</setkey>"; - } - ++iter; - } - } - _xml_out << "</peer>"; - ++i; - } - - if (_xml_out.tellp() > 0) { - _xml_out << "</format></opcommand>"; - } - return _xml_out.str(); -} - -/** - * - >ipsec eroute -[root@localhost etc]# ipsec eroute -/usr/libexec/ipsec/eroute: NETKEY does not support eroute table. - - **/ -void -CommandProcShowVPN::convert_to_xml_secrets(const string &line, bool debug) -{ - if (debug) { - cout << "processing: convert_to_xml_secrets" << endl; - } - StrProc proc_str(line, " "); - if (proc_str.size() > 0) { - _xml_out << "<secret>"; - _xml_out << "<sip>" << proc_str.get(0) << "</sip>"; - _xml_out << "<dip>" << proc_str.get(1) << "</dip>"; - _xml_out << "<key>" << proc_str.get(4) << "</key>"; - _xml_out << "</secret>"; - } - /* - if (line.find("Media type") != string::npos) { - _xml_out += "<csudsu_type>" + proc_str.get(2) + "</csudsu_type>"; - } - */ - return; -} - -/** - * -mercury:~# cat /var/run/pluto.pid -3688 - **/ -void -CommandProcShowVPN::convert_to_xml_pluto_pid(const string &line, bool debug) -{ - if (debug) { - cout << "processing: convert_to_xml_secrets" << endl; - } - StrProc proc_str(line, " "); - if (proc_str.size() > 0) { - _xml_out << "<pluto_pid>" << proc_str.get(0) << "</pluto_pid>"; - } - return; -} - -/** - * -mercury:~# setkey -D -10.3.0.198 10.1.0.54 - esp mode=tunnel spi=1222935307(0x48e4830b) reqid=16385(0x00004001) - E: 3des-cbc 9a562c3f 6a2a9209 02fd7390 524c987e 38491354 1ffe8d44 - A: hmac-md5 b35fd32c 387f2b05 7262373f bc1769bb - seq=0x00000000 replay=32 flags=0x00000000 state=mature - created: Jan 5 15:34:55 2007 current: Jan 5 15:42:47 2007 - diff: 472(s) hard: 0(s) soft: 0(s) - last: hard: 0(s) soft: 0(s) - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) - allocated: 0 hard: 0 soft: 0 - sadb_seq=1 pid=9770 refcnt=0 -10.1.0.54 10.3.0.198 - esp mode=tunnel spi=2194861623(0x82d2ee37) reqid=16385(0x00004001) - E: 3des-cbc ba1cad93 b0b901d3 5b645165 0719fad2 6ab60ec1 a7c6c593 - A: hmac-md5 0fa8adc6 9f90012f c3a37145 be698b61 - seq=0x00000000 replay=32 flags=0x00000000 state=mature - created: Jan 5 15:34:55 2007 current: Jan 5 15:42:47 2007 - diff: 472(s) hard: 0(s) soft: 0(s) - last: hard: 0(s) soft: 0(s) - current: 0(bytes) hard: 0(bytes) soft: 0(bytes) - allocated: 0 hard: 0 soft: 0 - sadb_seq=0 pid=9770 refcnt=0 - - **/ -void -CommandProcShowVPN::convert_to_xml_setkey_d(bool debug) -{ - if (debug) { - cout << "processing: convert_to_xml_setkey_d: " << endl; - } - - string left_addr, right_addr, dir; - string spi, sessionid, encryption, key_hash; - string active_time, bytes; - int nat_src_port = 0, nat_dst_port = 0; - bool in_flag = true; - -// std::map<std::string, Tunnel>::const_iterator iter = _coll.end(); -// std::list<Peer>::const_iterator iter = _peers.begin(); - - Tunnel * p_tunnel = NULL; - - string cmd = "setkey -D"; - char buf[2048]; - FILE *f = popen(cmd.c_str(), "r"); - if (f) { - while(fgets(buf, 2047, f) != NULL) { - string line(buf); - - if (line.length() > 0 && isdigit(line[0])) { - StrProc ips(line, " "); - string src = ips.get(0); - string::size_type src_o = src.find('['); - string::size_type src_c = src.find(']'); - if (src_o != string::npos && src_c != string::npos) { - nat_src_port = atoi(src.substr(src_o + 1, src_c - src_o - 1).c_str()); - } else { -// nat_src_port.clear(); - } - string dst = ips.get(1); - string::size_type dst_o = dst.find('['); - string::size_type dst_c = dst.find(']'); - if (dst_o != string::npos && dst_c != string::npos) { - nat_dst_port = atoi(dst.substr(dst_o + 1, dst_c - dst_o - 1).c_str()); - } else { -// nat_dst_port.clear(); - } - } - - StrProc proc_str(line, " "); - if (line.find("spi=") != string::npos) { - string tmp = proc_str.get(2); - int pos = tmp.find("("); - spi = tmp.substr(pos+3,tmp.length()-pos-4); - - //now find the entry that corresponds with this spi - std::list<Peer*>::iterator iPeer = _peers.begin(); - const std::list<Peer*>::const_iterator iPeerEnd = _peers.end(); - - while (iPeer != iPeerEnd) { - Peer * p_peer = *iPeer; - if (p_peer != NULL) { - std::map<std::string, Tunnel*>::iterator iPeerTunnel = p_peer->getPeerTunnels().getTunnelsMap().begin(); - const std::map<std::string, Tunnel*>::const_iterator iPeerTunnelEnd = p_peer->getPeerTunnels().getTunnelsMap().end(); - - Tunnel * p_tunnelHere = NULL; - while (iPeerTunnel != iPeerTunnelEnd) { - p_tunnelHere = iPeerTunnel->second; - if (p_tunnelHere != NULL) { - if (debug) { - cout << "comparing spis: " << spi << ", " << p_tunnelHere->_in._session_id << ", " << p_tunnelHere->_out._session_id << endl; - } - - if (spi == p_tunnelHere->_in._session_id) { - in_flag = true; - if (debug) { - cout << "found match with spis for in" << endl; - } - break; - } else if (spi == p_tunnelHere->_out._session_id) { - in_flag = false; - if (debug) { - cout << "found match with spis for out" << endl; - } - break; - } - } - ++iPeerTunnel; - } - - if (iPeerTunnel == iPeerTunnelEnd) { - p_tunnel = NULL; - } else { - p_tunnel = p_tunnelHere; - if (proc_str.get(0) == "esp-udp") { - p_peer->_nat_trav = true; - p_peer->_nat_src_port = nat_src_port; - p_peer->_nat_dst_port = nat_dst_port; - } else { - p_peer->_nat_trav = false; - } - break; - } - } - ++iPeer; - } - } - /* else if (line.find("state=") != string::npos) { - if (iter != _coll.end()) { - string trans_state; - string state = proc_str.get(3); - if (state.find("mature") != string::npos) { - trans_state = "up"; - } - else if (state.find("larval") != string::npos) { - trans_state = "init"; - } - else { - trans_state = "down"; - } - - if (in_flag == true) { - iter->second._in._state = trans_state; - } - else { - iter->second._out._state = trans_state; - } - } - } - */ - else if (p_tunnel != NULL && line.find("diff:") != string::npos) { - if (in_flag == true) { - p_tunnel->_in._active_time = atoi(proc_str.get(1).c_str()); - } else { - p_tunnel->_out._active_time = atoi(proc_str.get(1).c_str()); - } - } else if (p_tunnel != NULL && (proc_str.get(0).find("current:") != string::npos)) { - if (in_flag == true) { - p_tunnel->_in._bytes = atoi(proc_str.get(1).c_str()); - } else { - p_tunnel->_out._bytes = atoi(proc_str.get(1).c_str()); - } - //now complete the transaction here - p_tunnel = NULL; - } - } - if (pclose(f) != 0) { - return; - } - } -} - -/** - * - * -sample from conf file: - -conn peer-10.6.0.22-tunnel-1 - left=10.6.0.2 - right=10.6.0.22 - type=tunnel - authby=secret - leftsubnet=10.1.0.0/24 - rightsubnet=10.7.0.16/28 - ike=aes256-md5-modp1536 - esp=aes256-md5 - auto=start - - * - **/ -void -CommandProcShowVPN::process_conf(bool debug) -{ - if (debug) { - cout << "processing: process_conf" << endl; - } - - string cmd("cat /etc/ipsec.conf"); - char buf[2048]; - FILE *f = popen(cmd.c_str(), "r"); - if (f) { - string src, dst; - string rightnet, leftnet, tunnel, tunnel_num; - - while(fgets(buf, 2047, f) != NULL) { - string line(buf); - int pos = line.find("="); - if (line.find("conn peer-") != string::npos) { - StrProc proc_str(line, " "); - tunnel = proc_str.get(1); - string::size_type dash = tunnel.find_last_of('-'); - if (dash != string::npos) tunnel_num = tunnel.substr(dash + 1); - src = ""; - dst = ""; - } - else if (line.find("left=") != string::npos) { - src=line.substr(pos+1,line.length()-pos-2); - if (src == "%any") { - src = "0.0.0.0"; - } - } - else if (line.find("leftid=") != string::npos) { - src = line.substr(pos + 1, line.length() - pos - 2); - } - else if (line.find("right=") != string::npos) { - dst=line.substr(pos+1,line.length()-pos-2); - if (dst == "%any") { - dst = "0.0.0.0"; - } - } - else if (line.find("rightid=") != string::npos) { - dst = line.substr(pos + 1, line.length() - pos - 2); - } - else if (line.find("rightsubnet=") != string::npos) { - rightnet=line.substr(pos+1,line.length()-pos-2); - } - else if (line.find("leftsubnet=") != string::npos) { - leftnet=line.substr(pos+1,line.length()-pos-2); - } - else if (line.find("interfaces") != string::npos) { - _interface_conf_line = line; - } - else if (line.find("auto=start") != string::npos || line.find("auto=add") != string::npos) { - Peer * p_peer = NULL; - std::list<Peer*>::iterator i = _peers.begin(); - const std::list<Peer*>::const_iterator iEnd = _peers.end(); - while (i != iEnd) { - Peer * p_peerCheck = *i; - if (p_peerCheck != NULL && p_peerCheck->_right_ip == src && p_peerCheck->_left_ip == dst) { - p_peer = p_peerCheck; - break; - } - ++i; - } - if (p_peer == NULL) { - p_peer = new Peer(); - _peers.push_back(p_peer); - p_peer->_right_ip = src; - p_peer->_left_ip = dst; - } - - Tunnel * p_tunnel = new Tunnel(_all_tunnels, *p_peer); - p_tunnel->_tunnel_name = tunnel; - p_tunnel->_tunnel_number = tunnel_num; - p_tunnel->_right_net = rightnet; - p_tunnel->_left_net = leftnet; - p_peer->getPeerTunnels().add(tunnel, p_tunnel); - _all_tunnels.add(tunnel, p_tunnel); - } - } - pclose(f); - } - return; -} - -/** - * - * - **/ -void -CommandProcShowVPN::convert_to_xml_auto_status(const string &line, bool debug) -{ - if (debug) { - cout << "processing: convert_to_xml_auto_status" << endl; - } - StrProc proc_str(line, " "); - - if (line.find("000 interface") != string::npos) { - string tmp = proc_str.get(2); - string::size_type pos = tmp.find("/"); - if (pos != string::npos) { - string interface = tmp.substr(0,pos); - if (_interface_conf_line.find(interface) != string::npos) { - _xml_out << "<auto_status_interface>"; - _xml_out << "<iface>" << interface << "</iface>"; - _xml_out << "<address>" << proc_str.get(3) << "</address>"; - _xml_out << "</auto_status_interface>"; - } - } - } - - string strToken1 = proc_str.get(1); - string strToken2 = proc_str.get(2); - - string strTunnelName; - if ((strToken1.find("\"peer-") == 0) && (strToken1[strToken1.length() - 1] == ':')) { - string::size_type iEnd = strToken1.find("\"", 1); - if (iEnd != string::npos) { - strTunnelName = strToken1.substr(1, iEnd-1); - } - } else if ((strToken1.length() > 2 && strToken1[0] == '#' && strToken1[strToken1.length() - 1] == ':') && ((strToken2.find("\"peer-") == 0))) { - string::size_type iEnd = strToken2.find("\"", 1); - if (iEnd != string::npos) { - strTunnelName = strToken2.substr(1, iEnd-1); - } - } - - if (strTunnelName.length() == 0) return; - - string::size_type iPeer = strTunnelName.find("peer-"); - string::size_type iTunnel = strTunnelName.find("-tunnel-"); - if (iPeer == string::npos || iPeer != 0 || iTunnel == string::npos) return; - string strPeerIP = strTunnelName.substr(5, iTunnel - 5); - - Tunnel * p_tunnel = _all_tunnels.getTunnelsMap()[strTunnelName]; - - if (p_tunnel == NULL) return; - - //now retrieve ike and esp encryption and hash - if (line.find(" proposal: ") != string::npos) { //look up encryption/hash - //strip out the tunnel - - // 000 "peer-10.6.0.57-tunnel-1": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536 - // 000 "peer-10.6.0.57-tunnel-1": ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=<Phase1> - - // need to parse lifetime from setup output - // 000 "peer-10.6.0.57-tunnel-50": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 00 - - string eh = proc_str.get(4); - - StrProc tmp(eh, "/"); - - //allowed e values: aes128, aes256, 3des - //allowed h values: md5, sha1, sha2_256, sha2_384, sha2_512 - //allowed m values: MOD1024, MODP1536 - string e = tmp.get(0); - string h = tmp.get(1); - string m = tmp.get(2); - if (e.find("128") != string::npos) { - e = "aes128"; - } else if (e.find("256") != string::npos) { - e = "aes256"; - } else if (e.find("3DES") != string::npos) { - e = "3des"; - } - - if (h.find("MD5") != string::npos) { - h = "md5"; - } else if (h.find("SHA1") != string::npos) { - h = "sha1"; - } else if (h.find("_256") != string::npos) { - h = "sha2_256"; - } else if (h.find("_384") != string::npos) { - h = "sha2_384"; - } else if (h.find("_512") != string::npos) { - h = "sha2_512"; - } - - if (m.find("1024") != string::npos) { - m = "2"; - } else if (m.find("1536") != string::npos) { - m = "5"; - } else if (m.find("Phase1") != string::npos) { - m = "Phase1"; - } else { - m = "Disabled"; - } - - //assign encryption and hash - if (proc_str.get(2) == "IKE") { - p_tunnel->getPeer()._ike_encrypt = e; - p_tunnel->getPeer()._ike_hash = h; - p_tunnel->getPeer()._ike_dh = m; - } else { //ESP - p_tunnel->_esp_encrypt = e; - p_tunnel->_esp_hash = h; - p_tunnel->_pfs_group = m; - } - - } else if (line.find("ike_life:") != string::npos) { - p_tunnel->getPeer()._ike_seconds_lifetime = atoi(proc_str.get(3).substr(0,proc_str.get(3).length()-1).c_str()); - p_tunnel->_keylife = atoi(proc_str.get(5).c_str()); - } else if (line.find("STATE_") != string::npos) { //for state now... - if (p_tunnel->getPeer()._ike_state == "down") p_tunnel->getPeer()._ike_state = "init"; - if (p_tunnel->_esp_state == "down") p_tunnel->_esp_state = "init"; - - { - string strIKEEI("ISAKMP SA established); EVENT_SA_EXPIRE in "); - string::size_type iIKEEI = line.find(strIKEEI); - if (iIKEEI != string::npos) { - string strIKEExpireIn = line.substr(iIKEEI, line.length() - iIKEEI); - string strSecondsStart = strIKEExpireIn.substr(strIKEEI.length(), strIKEExpireIn.length() - strIKEEI.length()); - string::size_type iSecondsEnd = strSecondsStart.find("s; "); - if (iSecondsEnd != string::npos) { - string strSeconds = strSecondsStart.substr(0, iSecondsEnd); - int ike_seconds_lifetime_left = atoi(strSeconds.c_str()); - if (ike_seconds_lifetime_left > 0) { - p_tunnel->getPeer()._ike_seconds_lifetime_left = ike_seconds_lifetime_left; - p_tunnel->getPeer()._ike_state = "up"; - } - } - } - } - { - string strIKERI("ISAKMP SA established); EVENT_SA_REPLACE in "); - string::size_type iIKERI = line.find(strIKERI); - if (iIKERI != string::npos) { - string strIKEReplaceIn = line.substr(iIKERI, line.length() - iIKERI); - string strSecondsStart = strIKEReplaceIn.substr(strIKERI.length(), strIKEReplaceIn.length() - strIKERI.length()); - string::size_type iSecondsEnd = strSecondsStart.find("s; "); - if (iSecondsEnd != string::npos) { - string strSeconds = strSecondsStart.substr(0, iSecondsEnd); - int ike_seconds_lifetime_left = atoi(strSeconds.c_str()); - if (ike_seconds_lifetime_left > 0) { - p_tunnel->getPeer()._ike_seconds_lifetime_left = ike_seconds_lifetime_left; - p_tunnel->getPeer()._ike_state = "up"; - } - } - } - } - - - if (line.find("IPsec SA established); EVENT_SA_REPLACE") != string::npos) p_tunnel->_esp_state = "up"; - } else if (line.find("esp.") != string::npos) { //look up tunnel id - //strip out the tunnel - - // 000 #2: "peer-10.6.0.57-tunnel-1" esp.d54ce9b0@10.6.0.57 esp.225ad1e@10.6.0.55 tun.0@10.6.0.57 tun.0@10.6.0.55 - - if (debug) { - cout << "ipsec statusall: found esp: " << line << ", " << strTunnelName << endl; - } - - StrProc ps(line, "@"); - string id = ps.get(0); - int start = id.rfind("."); - id = id.substr(start+1, id.length()-start-1); - id = _pad[8 - id.length()] + id; - p_tunnel->_in._session_id = id; - - id = ps.get(1); - start = id.rfind("."); - id = id.substr(start+1, id.length()-start-1); - id = _pad[8 - id.length()] + id; - p_tunnel->_out._session_id = id; - - } -} - -const PeerTunnels & Peer::getConstPeerTunnels() const { - return _peer_tunnels; -} - -PeerTunnels & Peer::getPeerTunnels() { - return _peer_tunnels; -} - -Tunnel::~Tunnel() { - _all_tunnels.unlink(this); - _peer._peer_tunnels.unlink(this); -} -Peer & Tunnel::getPeer() { - return _peer; -} -Tunnels::~Tunnels() { - map<string, Tunnel*>::iterator i = _tunnels.begin(); - const map<string, Tunnel*>::const_iterator iEnd = _tunnels.end(); - while (i != iEnd) { - Tunnel * p_tunnel = i->second; - if (p_tunnel != NULL) { - i->second = NULL; - delete p_tunnel; - } - i++; - } -} -Tunnels::Tunnels() { -} -const map<string, Tunnel*> & Tunnels::getConstTunnelsMap() const { - return _tunnels; -} -map<string, Tunnel*> & Tunnels::getTunnelsMap() { - return _tunnels; -} -void Tunnels::add(const string & strTunnelName, Tunnel * p_tunnel) { - _tunnels[strTunnelName] = p_tunnel; -} -void Tunnels::unlink(const Tunnel * p_tunnel) { - if (p_tunnel != NULL) _tunnels[p_tunnel->_tunnel_name] = NULL; -} diff --git a/src/command_proc_show_vpn.hh b/src/command_proc_show_vpn.hh deleted file mode 100644 index b72b21b..0000000 --- a/src/command_proc_show_vpn.hh +++ /dev/null @@ -1,222 +0,0 @@ -/** - * Module: command_proc_show_vpn.hh - * - * Author: Michael Larson - * Date: 2006 - * Description: - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation; either version 2 of the License, - * or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - * - * Copyright 2006, Vyatta, Inc. - */ -#ifndef __COMMAND_PROC_SHOW_VPN_HH__ -#define __COMMAND_PROC_SHOW_VPN_HH__ - -#include <sstream> -#include <string> -#include <map> -#include "command_proc_base.hh" - -#define XSLDIR "/opt/vyatta/share/xsl" - - -using namespace std; - -class Dir -{ -public: - Dir() : _session_id("n/a"),_bytes(0),_active_time(0) {} - -public: - string _session_id; //same as tunnel_id - int _bytes; - int _active_time; -}; - -class AllTunnels; -class Peer; -class PeerTunnels; - -class Tunnel -{ -public: - ~Tunnel(); - Tunnel(AllTunnels & all_tunnels, Peer & peer) : _esp_encrypt("n/a"),_esp_hash("n/a"),_esp_state("down"),_keylife(0), _all_tunnels(all_tunnels), _peer(peer) {} - -public: - - Dir _in; - Dir _out; - - string _tunnel_name; - string _tunnel_number; - string _esp_encrypt; - string _esp_hash; - string _pfs_group; - - string _esp_state; - - int _keylife; - string _left_net; - string _right_net; - - Peer & getPeer(); -private: - AllTunnels & _all_tunnels; - Peer & _peer; -}; - -class Tunnels { -public: - ~Tunnels(); - - const map<string, Tunnel*> & getConstTunnelsMap() const; - - map<string, Tunnel*> & getTunnelsMap(); - void add(const string & strTunnelName, Tunnel * p_tunnel); - void unlink(const Tunnel * p_tunnel); - -protected: - Tunnels(); - -private: - map<string, Tunnel*> _tunnels; - -}; - -class AllTunnels : public Tunnels { - -}; - -class PeerTunnels : public Tunnels { - -}; - -class Peer -{ -friend Tunnel::~Tunnel(); - -public: - Peer() : _ike_seconds_lifetime(0), _ike_seconds_lifetime_left(0), _ike_encrypt("n/a"),_ike_hash("n/a"), _ike_state("down"), _nat_trav(false), _nat_src_port(0), _nat_dst_port(0) {} - - int _ike_seconds_lifetime; - int _ike_seconds_lifetime_left; - - string _ike_encrypt; - string _ike_hash; - string _ike_dh; - string _ike_state; - - string _left_ip; - string _right_ip; - - bool _nat_trav; - int _nat_src_port; - int _nat_dst_port; - - const PeerTunnels & getConstPeerTunnels() const; - - PeerTunnels & getPeerTunnels(); -protected: - PeerTunnels _peer_tunnels; -}; - -class CommandProcShowVPN : public CommandProcBase -{ -public: -// typedef std::map<std::string, Tunnel> Coll; -// typedef std::map<std::string, Tunnel>::iterator Iter; - -public: - CommandProcShowVPN(); - ~CommandProcShowVPN(); - - static std::string - name() {return "showvpntable";} - - /** - * - **/ - bool - is_valid() {return true;} - - /** - * - **/ - std::string - process(const std::string &cmd, bool debug, std::string &reason); - -private: - /** - * - **/ - void - convert_to_xml_secrets(const std::string &line, bool debug); - - /** - * - **/ - void - convert_to_xml_pluto_pid(const std::string &line, bool debug); - - /** - * - **/ - void - convert_to_xml_setkey_d(bool debug); - - /** - * - **/ - void - convert_to_xml_setkey_dp(const std::string &line, bool debug, string &net1, string &net2); - - /** - * - **/ - void - convert_to_xml_setup_status(const std::string &line, bool debug); - - /** - * - **/ - void - convert_to_xml_auto_status(const std::string &line, bool debug); - - /** - * - **/ - void - process_conf(bool debug); - - /** - * - **/ - void - update_tunnel(const string &tunnel, const string &right, const string &left, const string &rightnet, const string &leftnet, const string &lifetime, bool debug); - -protected: - ostringstream _xml_out; - list<Peer*> _peers; - AllTunnels _all_tunnels; - - string _interface_conf_line; - vector<std::string> _pad; - -private: -}; - -#endif //__COMMAND_PROC_SHOW_VPN_H__ diff --git a/src/rl_str_proc.cc b/src/rl_str_proc.cc deleted file mode 100644 index a35ff2f..0000000 --- a/src/rl_str_proc.cc +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Module: rl_str_proc.cc - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License version 2 as published by the - * Free Software Foundation. - */ -#include "rl_str_proc.hh" - -using namespace std; - -/** - * - **/ -StrProc::StrProc(const string &in_str, const string &token) -{ - string tmp = in_str; - - //convert tabs to spaces - size_t pos = 0; - string tabtospace = " "; - string::iterator iter = tmp.begin(); - while ((pos = tmp.find("\t", pos)) != string::npos) { - tmp.replace(pos, 1, tabtospace); - pos += tabtospace.length(); - } - - // convert & to & - string amp = "&"; - pos = 0; - while ((pos = tmp.find("&", pos)) != string::npos) { - tmp.replace(pos, 1, amp); - pos += amp.length(); - } - - //remove the cr - pos = tmp.find("\n"); - if (pos != string::npos) { - tmp.replace(pos, 1, ""); - } - - //now handle the case of the multiple length token - //note that we are using the '~' as a token internally - size_t start = 0, end; - while ((start = tmp.find(token, start)) != string::npos) { - tmp.replace(start, token.length(), "~"); - } - - - while ((start = tmp.find_first_not_of("~")) != string::npos) { - tmp = tmp.substr(start, tmp.length() - start); - end = tmp.find_first_of("~"); - _str_coll.push_back(tmp.substr(0, end)); - tmp = tmp.substr(end+1, tmp.length() - end-1); - if (end == string::npos) { - break; - } - } -} - -/** - * - **/ -string -StrProc::get(int i) -{ - if (((unsigned int) i) >= _str_coll.size()) { - return string(""); - } - return _str_coll[i]; -} - -/** - * - **/ -string -StrProc::get(int start, int end) -{ - if (((unsigned int) start) >= _str_coll.size()) { - return string(""); - } - - string tmp; - for (int i = start; (i < end) && (((unsigned int) i) < _str_coll.size()); - ++i) { - tmp += _str_coll[i] + " "; - } - return tmp.substr(0,tmp.length()-1); -} - -/** - * - **/ -vector<string> -StrProc::get() -{ - return _str_coll; -} diff --git a/src/rl_str_proc.hh b/src/rl_str_proc.hh deleted file mode 100644 index 3080395..0000000 --- a/src/rl_str_proc.hh +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Module: rl_str_proc.hh - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License version 2 as published by the - * Free Software Foundation. - */ - -#ifndef __RL_STR_PROC_HH__ -#define __RL_STR_PROC_HH__ - -#include <vector> -#include <string> - -class StrProc -{ -public: - StrProc(const std::string &in, const std::string &token); - - std::string get(int i); - - std::string get(int start, int end); - - std::vector<std::string> get(); - - int size() {return _str_coll.size();} - -private: - std::vector<std::string> _str_coll; -}; - -#endif //__RL_STR_PROC_HH__ diff --git a/src/xsl/show_vpn_ike_sa.xsl b/src/xsl/show_vpn_ike_sa.xsl deleted file mode 100644 index 38f88e0..0000000 --- a/src/xsl/show_vpn_ike_sa.xsl +++ /dev/null @@ -1,107 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE stylesheet [ -<!ENTITY newln " "> -]> - -<!-- /* - * Copyright 2007, Vyatta, Inc. - * - * GNU General Public License - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License, version 2, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - * - * Module: show_ike_sa.xsl - * - * Author: Mike Horn, Marat Nepomnyashy - * Date: 2007 - * - */ --> - -<!--XSL template for formatting the "show ike sa" command output--> - -<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> - -<xsl:param name="nat"/> -<xsl:param name="peer"/> - -<xsl:variable name="pad7" select="' '"/> -<xsl:variable name="pad7_len" select="string-length($pad7)"/> -<xsl:variable name="pad9" select="' '"/> -<xsl:variable name="pad9_len" select="string-length($pad9)"/> -<xsl:variable name="pad10" select="' '"/> -<xsl:variable name="pad10_len" select="string-length($pad10)"/> -<xsl:variable name="pad16" select="' '"/> -<xsl:variable name="pad16_len" select="string-length($pad16)"/> - -<xsl:template match="/"> - <xsl:text>&newln;</xsl:text> - <xsl:text>Local Peer State Encrypt Hash NAT-T A-Time L-Time</xsl:text> - <xsl:text>&newln;</xsl:text> - <xsl:text>-------- ------- ----- ------- ---- ----- ------ ------</xsl:text> - <xsl:text>&newln;</xsl:text> - <xsl:for-each select="opcommand/format/peer"> - <xsl:choose> - <xsl:when test="string-length($peer) > 0"> - <xsl:if test="$peer=peer_ip"> - <xsl:call-template name="show_ike_sa"> - <xsl:with-param name="row" select="." /> - </xsl:call-template> - </xsl:if> - </xsl:when> - <xsl:when test="string-length($nat) > 0"> - <xsl:if test="$nat = nat_traversal"> - <xsl:call-template name="show_ike_sa"> - <xsl:with-param name="row" select="." /> - </xsl:call-template> - </xsl:if> - </xsl:when> - <xsl:otherwise> - <xsl:call-template name="show_ike_sa"> - <xsl:with-param name="row" select="." /> - </xsl:call-template> - </xsl:otherwise> - </xsl:choose> - </xsl:for-each> -</xsl:template> - - <xsl:template name="show_ike_sa"> - <xsl:param name="row" /> - <xsl:variable name="t_right_ip" select="substring(right_ip,1,15)"/> - <xsl:variable name="t_peer_ip" select="substring(peer_ip,1,15)"/> - <xsl:variable name="t_ike_state" select="substring(ike_state,1,9)"/> - <xsl:variable name="t_ike_encrypt" select="substring(ike_encrypt,1,9)"/> - <xsl:variable name="t_ike_hash" select="substring(ike_hash,1,8)"/> - <xsl:variable name="t_ike_activetime" select="substring(ike_activetime,1,6)"/> - <xsl:variable name="t_ike_lifetime" select="substring(ike_lifetime,1,6)"/> - - <xsl:value-of select="$t_right_ip"/> - <xsl:value-of select="substring($pad16,1,$pad16_len - string-length($t_right_ip))"/> - <xsl:value-of select="$t_peer_ip"/> - <xsl:value-of select="substring($pad16,1,$pad16_len - string-length($t_peer_ip))"/> - <xsl:value-of select="$t_ike_state"/> - <xsl:value-of select="substring($pad10,1,$pad10_len - string-length($t_ike_state))"/> - <xsl:value-of select="$t_ike_encrypt"/> - <xsl:value-of select="substring($pad10,1,$pad10_len - string-length($t_ike_encrypt))"/> - <xsl:value-of select="$t_ike_hash"/> - <xsl:value-of select="substring($pad9,1,$pad9_len - string-length($t_ike_hash))"/> - <xsl:if test="nat_traversal='enabled'"><xsl:text>Yes </xsl:text></xsl:if> - <xsl:if test="nat_traversal='disabled'"><xsl:text>No </xsl:text></xsl:if> - <xsl:value-of select="$t_ike_activetime"/> - <xsl:value-of select="substring($pad7,1,$pad7_len - string-length($t_ike_activetime))"/> - <xsl:value-of select="$t_ike_lifetime"/> - <xsl:value-of select="substring($pad7,1,$pad7_len - string-length($t_ike_lifetime))"/> - <xsl:text>&newln;</xsl:text> - </xsl:template> -</xsl:stylesheet> diff --git a/src/xsl/show_vpn_ike_secrets.xsl b/src/xsl/show_vpn_ike_secrets.xsl deleted file mode 100644 index 3cf5511..0000000 --- a/src/xsl/show_vpn_ike_secrets.xsl +++ /dev/null @@ -1,61 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE stylesheet [ -<!ENTITY newln " "> -]> - -<!-- /* - * Copyright 2007, Vyatta, Inc. - * - * GNU General Public License - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License, version 2, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - * - * Module: show_ike_secrets.xsl - * - * Author: Mike Horn, Marat Nepomnyashy - * Date: 2007 - * - */ --> - -<!--XSL template for formatting the "show ike secrets" command output--> - -<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> - -<xsl:variable name="pad16" select="' '"/> -<xsl:variable name="pad16_len" select="string-length($pad16)"/> - -<xsl:template match="/"> -<xsl:text>&newln;</xsl:text> -<xsl:text>Local Peer Secret</xsl:text> -<xsl:text>&newln;</xsl:text> -<xsl:text>-------- ------- ------</xsl:text> -<xsl:text>&newln;</xsl:text> -<xsl:for-each select="opcommand/format/secret"> - - <xsl:variable name="t_sip" select="substring(sip,1,15)"/> - <xsl:variable name="t_dip" select="substring(dip,1,15)"/> - <xsl:variable name="t_key" select="substring(key,2,string-length(key)-2)"/> - - <xsl:value-of select="$t_sip"/> - <xsl:value-of select="substring($pad16,1,$pad16_len - string-length($t_sip))"/> - <xsl:value-of select="$t_dip"/> - <xsl:value-of select="substring($pad16,1,$pad16_len - string-length($t_dip))"/> - <xsl:value-of select="$t_key"/> - <xsl:text>&newln;</xsl:text> - -</xsl:for-each> -</xsl:template> - -</xsl:stylesheet> diff --git a/src/xsl/show_vpn_ike_status.xsl b/src/xsl/show_vpn_ike_status.xsl deleted file mode 100644 index 64fb7e7..0000000 --- a/src/xsl/show_vpn_ike_status.xsl +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE stylesheet [ -<!ENTITY newln " "> -]> - -<!-- /* - * Copyright 2006, Vyatta, Inc. - * - * GNU General Public License - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License, version 2, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - * - * Module: show_arp.xsl - * - * Author(s): Mike Horn, Marat Nepomnyashy - * Date: 2007 - * - */ --> - -<!--XSL template for formatting the "show ike status" command output--> - -<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> -<xsl:template match="/"> -<xsl:variable name="pluto_pid" select="opcommand/format/pluto_pid" /> -<xsl:choose> - <xsl:when test="string($pluto_pid)"> -IKE Process Running - -PID: <xsl:value-of select="$pluto_pid" /> - </xsl:when> - <xsl:otherwise> -IKE Process NOT Running - </xsl:otherwise> -</xsl:choose> -</xsl:template> -</xsl:stylesheet> diff --git a/src/xsl/show_vpn_ipsec_sa.xsl b/src/xsl/show_vpn_ipsec_sa.xsl deleted file mode 100644 index 79d6d6f..0000000 --- a/src/xsl/show_vpn_ipsec_sa.xsl +++ /dev/null @@ -1,160 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE stylesheet [ -<!ENTITY newln " "> -]> - -<!-- /* - * Copyright 2007, Vyatta, Inc. - * - * GNU General Public License - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License, version 2, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - * - * Module: show_vpn_ipsec_sa.xsl - * - * Author: Mike Horn, Marat Nepomnyashy - * Date: 2007 - * - */ --> - -<!--XSL template for formatting the output of a number of "show vpn ipsec sa" commands--> - -<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> - -<xsl:param name="conn"/> -<xsl:param name="detail"/> -<xsl:param name="nat"/> -<xsl:param name="peer"/> - -<xsl:variable name="pad4" select="' '"/> -<xsl:variable name="pad4_len" select="string-length($pad4)"/> -<xsl:variable name="pad5" select="' '"/> -<xsl:variable name="pad5_len" select="string-length($pad5)"/> -<xsl:variable name="pad6" select="' '"/> -<xsl:variable name="pad6_len" select="string-length($pad6)"/> -<xsl:variable name="pad7" select="' '"/> -<xsl:variable name="pad7_len" select="string-length($pad7)"/> -<xsl:variable name="pad8" select="' '"/> -<xsl:variable name="pad8_len" select="string-length($pad8)"/> -<xsl:variable name="pad9" select="' '"/> -<xsl:variable name="pad9_len" select="string-length($pad9)"/> -<xsl:variable name="pad11" select="' '"/> -<xsl:variable name="pad11_len" select="string-length($pad11)"/> -<xsl:variable name="pad16" select="' '"/> -<xsl:variable name="pad16_len" select="string-length($pad16)"/> - -<xsl:template match="/"> -<xsl:text>&newln;</xsl:text> - -<xsl:if test="$detail != 'y'"> - <xsl:text>Peer Tunnel# Dir SPI Encrypt Hash NAT-T A-Time L-Time</xsl:text> - <xsl:text>&newln;</xsl:text> - <xsl:text>------- ------- --- --- ------- ---- ----- ------ ------</xsl:text> - <xsl:text>&newln;</xsl:text> -</xsl:if> - -<xsl:for-each select="opcommand/format/peer/setkey"> - <xsl:choose> - <xsl:when test="string-length($conn) > 0"> - <xsl:if test="$conn = conn_name"> - <xsl:call-template name="show_ipsec_sa"> - <xsl:with-param name="row" select="." /> - </xsl:call-template> - </xsl:if> - </xsl:when> - <xsl:when test="string-length($nat) > 0"> - <xsl:if test="$nat = ../nat_traversal"> - <xsl:call-template name="show_ipsec_sa"> - <xsl:with-param name="row" select="." /> - </xsl:call-template> - </xsl:if> - </xsl:when> - <xsl:when test="string-length($peer) > 0"> - <xsl:if test="$peer=../peer_ip"> - <xsl:call-template name="show_ipsec_sa"> - <xsl:with-param name="row" select="." /> - </xsl:call-template> - </xsl:if> - </xsl:when> - <xsl:otherwise> - <xsl:call-template name="show_ipsec_sa"> - <xsl:with-param name="row" select="." /> - </xsl:call-template> - </xsl:otherwise> - </xsl:choose> -</xsl:for-each> -</xsl:template> - - <xsl:template name="show_ipsec_sa"> - <xsl:param name="row" /> - <xsl:choose> - <xsl:when test="$detail = 'y'"> - <xsl:if test="position() > 1"> - <xsl:text>---------</xsl:text><xsl:text>&newln;</xsl:text> - <xsl:text>&newln;</xsl:text> - </xsl:if> - <xsl:text>Conn Name: </xsl:text><xsl:value-of select="conn_name"/><xsl:text>&newln;</xsl:text> - <xsl:text>State: </xsl:text><xsl:value-of select="../ike_state"/><xsl:text>&newln;</xsl:text> - <xsl:text>Peer: </xsl:text><xsl:value-of select="../peer_ip"/><xsl:text>&newln;</xsl:text> - <xsl:text>Direction: </xsl:text><xsl:value-of select="dir"/><xsl:text>&newln;</xsl:text> - <!--<xsl:text>Outbound interface: !!</xsl:text> <xsl:text>&newln;</xsl:text>--> - <xsl:text>Source Net: </xsl:text><xsl:value-of select="left"/><xsl:text>&newln;</xsl:text> - <xsl:text>Dest Net: </xsl:text><xsl:value-of select="right"/><xsl:text>&newln;</xsl:text> - <xsl:text>SPI: </xsl:text><xsl:value-of select="spi"/><xsl:text>&newln;</xsl:text> - <xsl:text>Encryption: </xsl:text><xsl:value-of select="esp_encrypt"/><xsl:text>&newln;</xsl:text> - <xsl:text>Hash: </xsl:text><xsl:value-of select="esp_hash"/><xsl:text>&newln;</xsl:text> - <xsl:text>PFS Group: </xsl:text><xsl:value-of select="pfs_group"/><xsl:text>&newln;</xsl:text> - <xsl:text>DH Group: </xsl:text><xsl:value-of select="../ike_dh"/><xsl:text>&newln;</xsl:text> - <xsl:text>NAT Traversal: </xsl:text><xsl:if test="../nat_traversal='enabled'"><xsl:text>Yes</xsl:text></xsl:if><xsl:if test="../nat_traversal='disabled'"><xsl:text>No</xsl:text></xsl:if><xsl:text>&newln;</xsl:text> - <xsl:text>NAT Source Port: </xsl:text><xsl:value-of select="../nat_src_port"/><xsl:text>&newln;</xsl:text> - <xsl:text>NAT Dest Port: </xsl:text><xsl:value-of select="../nat_dst_port"/><xsl:text>&newln;</xsl:text> - <!--<xsl:text>Packets: !! </xsl:text> <xsl:text>&newln;</xsl:text>--> - <xsl:text>Bytes: </xsl:text><xsl:value-of select="bytes"/><xsl:text>&newln;</xsl:text> - <xsl:text>Active time (s): </xsl:text><xsl:value-of select="active_time"/><xsl:text>&newln;</xsl:text> - <xsl:text>Lifetime (s): </xsl:text><xsl:value-of select="keylife"/><xsl:text>&newln;</xsl:text> - </xsl:when> - <xsl:otherwise> - <xsl:variable name="t_peer_ip" select="substring(../peer_ip,1,15)"/> - <xsl:variable name="t_tunnel" select="substring(tunnel,1,8)"/> - <xsl:variable name="t_dir" select="substring(dir,1,3)"/> - <xsl:variable name="t_spi" select="substring(spi,1,8)"/> - <xsl:variable name="t_esp_encrypt" select="substring(esp_encrypt,1,10)"/> - <xsl:variable name="t_esp_hash" select="substring(esp_hash,1,10)"/> - <xsl:variable name="t_active_time" select="substring(active_time,1,6)"/> - <xsl:variable name="t_keylife" select="substring(keylife,1,6)"/> - - <xsl:value-of select="$t_peer_ip"/> - <xsl:value-of select="substring($pad16,1,$pad16_len - string-length($t_peer_ip))"/> - <xsl:value-of select="$t_tunnel"/> - <xsl:value-of select="substring($pad8,1,$pad8_len - string-length($t_tunnel))"/> - <xsl:value-of select="$t_dir"/> - <xsl:value-of select="substring($pad4,1,$pad4_len - string-length($t_dir))"/> - <xsl:value-of select="$t_spi"/> - <xsl:value-of select="substring($pad9,1,$pad9_len - string-length($t_spi))"/> - <xsl:value-of select="$t_esp_encrypt"/> - <xsl:value-of select="substring($pad11,1,$pad11_len - string-length($t_esp_encrypt))"/> - <xsl:value-of select="$t_esp_hash"/> - <xsl:value-of select="substring($pad11,1,$pad11_len - string-length($t_esp_hash))"/> - <xsl:if test="../nat_traversal='enabled'"><xsl:text>Yes </xsl:text></xsl:if> - <xsl:if test="../nat_traversal='disabled'"><xsl:text>No </xsl:text></xsl:if> - <xsl:value-of select="$t_active_time"/> - <xsl:value-of select="substring($pad7,1,$pad7_len - string-length($t_active_time))"/> - <xsl:value-of select="$t_keylife"/> - <xsl:text>&newln;</xsl:text> - </xsl:otherwise> - </xsl:choose> - </xsl:template> -</xsl:stylesheet> - diff --git a/src/xsl/show_vpn_ipsec_sa_statistics.xsl b/src/xsl/show_vpn_ipsec_sa_statistics.xsl deleted file mode 100644 index 75c421b..0000000 --- a/src/xsl/show_vpn_ipsec_sa_statistics.xsl +++ /dev/null @@ -1,62 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE stylesheet [ -<!ENTITY newln " "> -]> - -<!-- /* - * Copyright 2007, Vyatta, Inc. - * - * GNU General Public License - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License, version 2, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - * - * Module: show_ipsec_sa_statistics.xsl - * - * Author: Mike Horn, Marat Nepomnyashy - * Date: 2007 - * - */ --> - -<!--XSL template for formatting the "show ipsec sa statistics" command output--> - -<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> - -<xsl:variable name="pad4" select="' '"/> -<xsl:variable name="pad4_len" select="string-length($pad4)"/> -<xsl:variable name="pad16" select="' '"/> -<xsl:variable name="pad16_len" select="string-length($pad16)"/> -<xsl:variable name="pad19" select="' '"/> -<xsl:variable name="pad19_len" select="string-length($pad19)"/> - -<xsl:template match="/"> -<xsl:text>&newln;</xsl:text> -<xsl:text>Peer Dir SRC Network DST Network Bytes</xsl:text> -<xsl:text>&newln;</xsl:text> -<xsl:text>------- --- ----------- ----------- -----</xsl:text> -<xsl:text>&newln;</xsl:text> -<xsl:for-each select="opcommand/format/peer/setkey"> - <xsl:value-of select="../peer_ip"/> - <xsl:value-of select="substring($pad16,1,$pad16_len - string-length(../peer_ip))"/> - <xsl:value-of select="dir"/> - <xsl:value-of select="substring($pad4,1,$pad4_len - string-length(dir))"/> - <xsl:value-of select="left"/> - <xsl:value-of select="substring($pad19,1,$pad19_len - string-length(left))"/> - <xsl:value-of select="right"/> - <xsl:value-of select="substring($pad19,1,$pad19_len - string-length(right))"/> - <xsl:value-of select="bytes"/> - <xsl:text>&newln;</xsl:text> -</xsl:for-each> -</xsl:template> -</xsl:stylesheet> diff --git a/src/xsl/show_vpn_ipsec_status.xsl b/src/xsl/show_vpn_ipsec_status.xsl deleted file mode 100644 index 63ca9e7..0000000 --- a/src/xsl/show_vpn_ipsec_status.xsl +++ /dev/null @@ -1,57 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE stylesheet [ -<!ENTITY newln " "> -]> - -<!-- /* - * Copyright 2007, Vyatta, Inc. - * - * GNU General Public License - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License, version 2, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - * - * Module: show_vpn_ipsec_status.xsl - * - * Author: Mike Horn, Marat Nepomnyashy - * Date: 2007 - * - */ --> - -<!--XSL template for formatting the "show ipsec status" command output--> - -<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> -<xsl:variable name="pad2" select="' '"/> -<xsl:variable name="pad2_len" select="string-length($pad2)"/> -<xsl:variable name="pad8" select="' '"/> -<xsl:variable name="pad8_len" select="string-length($pad8)"/> -<xsl:template match="/"> -<xsl:variable name="pluto_pid" select="opcommand/format/pluto_pid" /> -<xsl:choose> -<xsl:when test="string($pluto_pid)"> -IPSec Process Running <xsl:text>&newln;</xsl:text><xsl:text>&newln;</xsl:text> -PID: <xsl:value-of select="$pluto_pid" /><xsl:text>&newln;</xsl:text><xsl:text>&newln;</xsl:text> -IPsec Interfaces: -<xsl:for-each select="opcommand/format/auto_status_interface"> -<xsl:value-of select="$pad2"/> -<xsl:value-of select="iface"/><xsl:value-of select="substring($pad8,1,$pad8_len - string-length(iface))"/>(<xsl:value-of select="address"/>) -</xsl:for-each> -</xsl:when> -<xsl:otherwise> -IPSec Process NOT Running -</xsl:otherwise> -</xsl:choose> -</xsl:template> -</xsl:stylesheet> - diff --git a/src/xsl_processor.cc b/src/xsl_processor.cc deleted file mode 100644 index f40b611..0000000 --- a/src/xsl_processor.cc +++ /dev/null @@ -1,76 +0,0 @@ -/** - * Module: xsl_processor.cc - * - * Author: Michael Larson - * Date: 2005 - */ -#include <string> -#include <iostream> -#include <sablot.h> -#include "xsl_processor.hh" - -using namespace std; - -/** - * - **/ -XSLProcessor::XSLProcessor(bool debug) : _debug(debug) -{ - -} - -/** - * - **/ -XSLProcessor::~XSLProcessor() -{ - -} - -/** - * - **/ -std::string -XSLProcessor::transform(const string &input, const string &xsl, const list<pair<string,string> > & listParams) -{ - if (_debug) { - cout << "input to xsl processor: " << endl << input << endl << xsl << endl; - } - - //for now we'll dump this into a file, but this will have to change soon. - string formatted_output; - - //example below from http://www.gingerall.org/ga/html/sablot/sparse-frameset.html - SablotSituation S; - SablotHandle proc; - SDOM_Document xml; - - SablotCreateSituation(&S); - - SablotParseBuffer(S, input.c_str(), &xml); - - SablotCreateProcessorForSituation(S, &proc); - SablotAddArgTree(S, proc, "data", xml); - list<pair<string, string> >::const_iterator i = listParams.begin(); - list<pair<string, string> >::const_iterator iEnd = listParams.end(); - while (i != iEnd) { - SablotAddParam(S, proc, i->first.c_str(), i->second.c_str()); - i++; - } - SablotRunProcessorGen(S, proc, xsl.c_str(), "arg:/data", "arg:/out"); - - char *result; - SablotGetResultArg(proc, "arg:/out", &result); - - formatted_output = result; - - //now strip away the first line - int pos = formatted_output.find("\n"); - formatted_output = formatted_output.substr(pos + 1, formatted_output.length() - pos - 1); - - SablotFree(result); - SablotDestroyProcessor(proc); - SablotDestroySituation(S); - - return formatted_output; -} diff --git a/src/xsl_processor.hh b/src/xsl_processor.hh deleted file mode 100644 index ac9b047..0000000 --- a/src/xsl_processor.hh +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Module: xsl_processor.hh - * - * Author: Michael Larson - * Date: 2005 - */ -#ifndef __XSL_PROCESSOR_HH__ -#define __XSL_PROCESSOR_HH__ - -#include <list> -#include <string> -#include <utility> - - -class XSLProcessor -{ -public: - XSLProcessor(bool debug); - ~XSLProcessor(); - - std::string - transform(const std::string &input, const std::string &xsl, const std::list<std::pair<std::string, std::string> > & listParams); - -private: - bool _debug; -}; - -#endif //__XSL_PROCESSOR_HH__ |