summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/control1
-rwxr-xr-xsrc/op_mode/show_ipsec_sa.py16
2 files changed, 14 insertions, 3 deletions
diff --git a/debian/control b/debian/control
index 34e95a547..7061d50ef 100644
--- a/debian/control
+++ b/debian/control
@@ -25,6 +25,7 @@ Depends: python3,
python3-tabulate,
python3-six,
python3-isc-dhcp-leases,
+ python3-hurry.filesize,
ipaddrcheck,
tcpdump,
tshark,
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index c0ef1feef..3c8d678eb 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -4,17 +4,22 @@ import re
import subprocess
import tabulate
+import hurry.filesize
def parse_conn_spec(s):
# Example: ESTABLISHED 14 seconds ago, 10.0.0.2[foo]...10.0.0.1[10.0.0.1]
return re.search(r'.*ESTABLISHED\s+(.*)ago,\s(.*)\[(.*)\]\.\.\.(.*)\[(.*)\].*', s).groups()
def parse_ike_line(s):
- # Example: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes
try:
- return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups()
+ # Example with traffic: AES_CBC_256/HMAC_SHA2_256_128/ECP_521, 2382660 bytes_i (1789 pkts, 2s ago), 2382660 bytes_o ...
+ return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups()
except AttributeError:
- return (None, None, None, None, None)
+ try:
+ # Example without traffic: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes
+ return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups()
+ except AttributeError:
+ return (None, None, None, None, None)
# Get a list of all configured connections
@@ -35,6 +40,11 @@ for conn in connections:
if ip == id:
id = None
enc, hash, dh, bytes_in, bytes_out = parse_ike_line(status)
+
+ # Convert bytes to human-readable units
+ bytes_in = hurry.filesize.size(bytes_in)
+ bytes_out = hurry.filesize.size(bytes_out)
+
status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, "{0}/{1}/{2}".format(enc, hash, dh)]
except Exception as e:
print(status)