From 4bd4083400e9f6331afcf1fe8015ff05cd0fcbf1 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Sat, 12 Jan 2019 17:21:14 +0100 Subject: T1175: add support for DMVPN connections to the "show vpn ipsec sa" script. --- src/op_mode/show_ipsec_sa.py | 46 +++++++++++++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 11 deletions(-) (limited to 'src/op_mode/show_ipsec_sa.py') diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py index 792c27dad..1ce306a45 100755 --- a/src/op_mode/show_ipsec_sa.py +++ b/src/op_mode/show_ipsec_sa.py @@ -17,16 +17,35 @@ def parse_conn_spec(s): print("Use \"show vpn ipsec sa\" to view inactive and connecting tunnels.") sys.exit(0) -def parse_ike_line(s): +def parse_sa_counters(s): + bytes_in, bytes_out = None, None try: # Example with traffic: AES_CBC_256/HMAC_SHA2_256_128/ECP_521, 2382660 bytes_i (1789 pkts, 2s ago), 2382660 bytes_o ... - return re.search(r'.*:\s+(.*\/.*(?:\/.*)?),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups() + bytes_in, bytes_out = re.search(r'\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups() except AttributeError: try: # Example without traffic: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes - return re.search(r'.*:\s+(.*\/.*(?:\/.*)?),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups() + bytes_in, bytes_out = re.search(r'\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups() except AttributeError: - return (None, None, None, None, None) + pass + + if (bytes_in is not None) and (bytes_out is not None): + # Convert bytes to human-readable units + bytes_in = hurry.filesize.size(int(bytes_in)) + bytes_out = hurry.filesize.size(int(bytes_out)) + + result = "{0}/{1}".format(bytes_in, bytes_out) + else: + result = "N/A" + + return result + +def parse_ike_proposal(s): + result = re.search(r'IKE proposal:\s+(.*)\s', s) + if result: + return result.groups(0)[0] + else: + return "N/A" # Get a list of all configured connections @@ -35,6 +54,15 @@ with open('/etc/ipsec.conf', 'r') as f: connections = set(re.findall(r'conn\s([^\s]+)\s*\n', config)) connections = list(filter(lambda s: s != '%default', connections)) +try: + # DMVPN connections have to be handled separately + with open('/etc/swanctl/swanctl.conf', 'r') as f: + dmvpn_config = f.read() + dmvpn_connections = re.findall(r'\s+(dmvpn-.*)\s+{\n', dmvpn_config) + connections += dmvpn_connections +except: + pass + status_data = [] for conn in connections: @@ -46,13 +74,9 @@ for conn in connections: time, _, _, ip, id = parse_conn_spec(status) if ip == id: id = None - enc, bytes_in, bytes_out = parse_ike_line(status) - - # Convert bytes to human-readable units - bytes_in = hurry.filesize.size(int(bytes_in)) - bytes_out = hurry.filesize.size(int(bytes_out)) - - status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, enc] + counters = parse_sa_counters(status) + enc = parse_ike_proposal(status) + status_line = [conn, "up", time, counters, ip, id, enc] except Exception as e: print(status) raise e -- cgit v1.2.3