diff options
-rw-r--r-- | debian/control | 1 | ||||
-rwxr-xr-x | src/op_mode/show_ipsec_sa.py | 16 |
2 files changed, 14 insertions, 3 deletions
diff --git a/debian/control b/debian/control index 34e95a547..7061d50ef 100644 --- a/debian/control +++ b/debian/control @@ -25,6 +25,7 @@ Depends: python3, python3-tabulate, python3-six, python3-isc-dhcp-leases, + python3-hurry.filesize, ipaddrcheck, tcpdump, tshark, diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py index c0ef1feef..3c8d678eb 100755 --- a/src/op_mode/show_ipsec_sa.py +++ b/src/op_mode/show_ipsec_sa.py @@ -4,17 +4,22 @@ import re import subprocess import tabulate +import hurry.filesize def parse_conn_spec(s): # Example: ESTABLISHED 14 seconds ago, 10.0.0.2[foo]...10.0.0.1[10.0.0.1] return re.search(r'.*ESTABLISHED\s+(.*)ago,\s(.*)\[(.*)\]\.\.\.(.*)\[(.*)\].*', s).groups() def parse_ike_line(s): - # Example: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes try: - return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups() + # Example with traffic: AES_CBC_256/HMAC_SHA2_256_128/ECP_521, 2382660 bytes_i (1789 pkts, 2s ago), 2382660 bytes_o ... + return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups() except AttributeError: - return (None, None, None, None, None) + try: + # Example without traffic: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes + return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups() + except AttributeError: + return (None, None, None, None, None) # Get a list of all configured connections @@ -35,6 +40,11 @@ for conn in connections: if ip == id: id = None enc, hash, dh, bytes_in, bytes_out = parse_ike_line(status) + + # Convert bytes to human-readable units + bytes_in = hurry.filesize.size(bytes_in) + bytes_out = hurry.filesize.size(bytes_out) + status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, "{0}/{1}/{2}".format(enc, hash, dh)] except Exception as e: print(status) |