summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@baturin.org>2019-01-12 17:21:14 +0100
committerDaniil Baturin <daniil@baturin.org>2019-01-12 17:21:14 +0100
commit4bd4083400e9f6331afcf1fe8015ff05cd0fcbf1 (patch)
tree8fcebfebe3728dcd0aff297f3657d94194a3541d
parent3c563b3ae8397da33a03c0429c17b97eb9625c5f (diff)
downloadvyos-1x-4bd4083400e9f6331afcf1fe8015ff05cd0fcbf1.tar.gz
vyos-1x-4bd4083400e9f6331afcf1fe8015ff05cd0fcbf1.zip
T1175: add support for DMVPN connections to the "show vpn ipsec sa" script.
-rwxr-xr-xsrc/op_mode/show_ipsec_sa.py46
1 files changed, 35 insertions, 11 deletions
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index 792c27dad..1ce306a45 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -17,16 +17,35 @@ def parse_conn_spec(s):
print("Use \"show vpn ipsec sa\" to view inactive and connecting tunnels.")
sys.exit(0)
-def parse_ike_line(s):
+def parse_sa_counters(s):
+ bytes_in, bytes_out = None, None
try:
# Example with traffic: AES_CBC_256/HMAC_SHA2_256_128/ECP_521, 2382660 bytes_i (1789 pkts, 2s ago), 2382660 bytes_o ...
- return re.search(r'.*:\s+(.*\/.*(?:\/.*)?),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups()
+ bytes_in, bytes_out = re.search(r'\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups()
except AttributeError:
try:
# Example without traffic: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes
- return re.search(r'.*:\s+(.*\/.*(?:\/.*)?),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups()
+ bytes_in, bytes_out = re.search(r'\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups()
except AttributeError:
- return (None, None, None, None, None)
+ pass
+
+ if (bytes_in is not None) and (bytes_out is not None):
+ # Convert bytes to human-readable units
+ bytes_in = hurry.filesize.size(int(bytes_in))
+ bytes_out = hurry.filesize.size(int(bytes_out))
+
+ result = "{0}/{1}".format(bytes_in, bytes_out)
+ else:
+ result = "N/A"
+
+ return result
+
+def parse_ike_proposal(s):
+ result = re.search(r'IKE proposal:\s+(.*)\s', s)
+ if result:
+ return result.groups(0)[0]
+ else:
+ return "N/A"
# Get a list of all configured connections
@@ -35,6 +54,15 @@ with open('/etc/ipsec.conf', 'r') as f:
connections = set(re.findall(r'conn\s([^\s]+)\s*\n', config))
connections = list(filter(lambda s: s != '%default', connections))
+try:
+ # DMVPN connections have to be handled separately
+ with open('/etc/swanctl/swanctl.conf', 'r') as f:
+ dmvpn_config = f.read()
+ dmvpn_connections = re.findall(r'\s+(dmvpn-.*)\s+{\n', dmvpn_config)
+ connections += dmvpn_connections
+except:
+ pass
+
status_data = []
for conn in connections:
@@ -46,13 +74,9 @@ for conn in connections:
time, _, _, ip, id = parse_conn_spec(status)
if ip == id:
id = None
- enc, bytes_in, bytes_out = parse_ike_line(status)
-
- # Convert bytes to human-readable units
- bytes_in = hurry.filesize.size(int(bytes_in))
- bytes_out = hurry.filesize.size(int(bytes_out))
-
- status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, enc]
+ counters = parse_sa_counters(status)
+ enc = parse_ike_proposal(status)
+ status_line = [conn, "up", time, counters, ip, id, enc]
except Exception as e:
print(status)
raise e