summaryrefslogtreecommitdiff
path: root/src/op_mode/show_ipsec_sa.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/op_mode/show_ipsec_sa.py')
-rwxr-xr-xsrc/op_mode/show_ipsec_sa.py21
1 files changed, 14 insertions, 7 deletions
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index 8240c4fd3..792c27dad 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -1,23 +1,30 @@
#!/usr/bin/env python3
import re
+import sys
import subprocess
import tabulate
import hurry.filesize
def parse_conn_spec(s):
- # Example: ESTABLISHED 14 seconds ago, 10.0.0.2[foo]...10.0.0.1[10.0.0.1]
- return re.search(r'.*ESTABLISHED\s+(.*)ago,\s(.*)\[(.*)\]\.\.\.(.*)\[(.*)\].*', s).groups()
+ try:
+ # Example: ESTABLISHED 14 seconds ago, 10.0.0.2[foo]...10.0.0.1[10.0.0.1]
+ return re.search(r'.*ESTABLISHED\s+(.*)ago,\s(.*)\[(.*)\]\.\.\.(.*)\[(.*)\].*', s).groups()
+ except AttributeError:
+ # No active SAs found, so we have nothing to display
+ print("No established security associations found.")
+ print("Use \"show vpn ipsec sa\" to view inactive and connecting tunnels.")
+ sys.exit(0)
def parse_ike_line(s):
try:
# Example with traffic: AES_CBC_256/HMAC_SHA2_256_128/ECP_521, 2382660 bytes_i (1789 pkts, 2s ago), 2382660 bytes_o ...
- return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups()
+ return re.search(r'.*:\s+(.*\/.*(?:\/.*)?),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups()
except AttributeError:
try:
# Example without traffic: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes
- return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups()
+ return re.search(r'.*:\s+(.*\/.*(?:\/.*)?),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups()
except AttributeError:
return (None, None, None, None, None)
@@ -25,7 +32,7 @@ def parse_ike_line(s):
# Get a list of all configured connections
with open('/etc/ipsec.conf', 'r') as f:
config = f.read()
- connections = re.findall(r'conn\s([^\s]+)\s*\n', config)
+ connections = set(re.findall(r'conn\s([^\s]+)\s*\n', config))
connections = list(filter(lambda s: s != '%default', connections))
status_data = []
@@ -39,13 +46,13 @@ for conn in connections:
time, _, _, ip, id = parse_conn_spec(status)
if ip == id:
id = None
- enc, hash, dh, bytes_in, bytes_out = parse_ike_line(status)
+ enc, bytes_in, bytes_out = parse_ike_line(status)
# Convert bytes to human-readable units
bytes_in = hurry.filesize.size(int(bytes_in))
bytes_out = hurry.filesize.size(int(bytes_out))
- status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, "{0}/{1}/{2}".format(enc, hash, dh)]
+ status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, enc]
except Exception as e:
print(status)
raise e