From e41ae4d952e276d8497d38f5761806c14ea542d2 Mon Sep 17 00:00:00 2001 From: DmitriyEshenko Date: Wed, 9 Sep 2020 06:45:40 +0000 Subject: openconnect: T2036: Move CLI commands under vpn openconnect --- src/op_mode/anyconnect-control.py | 67 -------------------------------------- src/op_mode/openconnect-control.py | 67 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 67 deletions(-) delete mode 100755 src/op_mode/anyconnect-control.py create mode 100755 src/op_mode/openconnect-control.py (limited to 'src/op_mode') diff --git a/src/op_mode/anyconnect-control.py b/src/op_mode/anyconnect-control.py deleted file mode 100755 index 6382016b7..000000000 --- a/src/op_mode/anyconnect-control.py +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2020 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import sys -import argparse -import json - -from vyos.config import Config -from vyos.util import popen, run, DEVNULL -from tabulate import tabulate - -occtl = '/usr/bin/occtl' -occtl_socket = '/run/ocserv/occtl.socket' - -def show_sessions(): - out, code = popen("sudo {0} -j -s {1} show users".format(occtl, occtl_socket),stderr=DEVNULL) - if code: - sys.exit('Cannot get anyconnect users information') - else: - headers = ["interface", "username", "ip", "remote IP", "RX", "TX", "state", "uptime"] - sessions = json.loads(out) - ses_list = [] - for ses in sessions: - ses_list.append([ses["Device"], ses["Username"], ses["IPv4"], ses["Remote IP"], ses["_RX"], ses["_TX"], ses["State"], ses["_Connected at"]]) - if len(ses_list) > 0: - print(tabulate(ses_list, headers)) - else: - print("No active anyconnect sessions") - -def is_ocserv_configured(): - if not Config().exists_effective('vpn anyconnect'): - print("vpn anyconnect server is not configured") - sys.exit(1) - -def main(): - #parese args - parser = argparse.ArgumentParser() - parser.add_argument('--action', help='Control action', required=True) - parser.add_argument('--selector', help='Selector username|ifname|sid', required=False) - parser.add_argument('--target', help='Target must contain username|ifname|sid', required=False) - args = parser.parse_args() - - - # Check is IPoE configured - is_ocserv_configured() - - if args.action == "restart": - run("systemctl restart ocserv") - sys.exit(0) - elif args.action == "show_sessions": - show_sessions() - -if __name__ == '__main__': - main() diff --git a/src/op_mode/openconnect-control.py b/src/op_mode/openconnect-control.py new file mode 100755 index 000000000..ef9fe618c --- /dev/null +++ b/src/op_mode/openconnect-control.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import sys +import argparse +import json + +from vyos.config import Config +from vyos.util import popen, run, DEVNULL +from tabulate import tabulate + +occtl = '/usr/bin/occtl' +occtl_socket = '/run/ocserv/occtl.socket' + +def show_sessions(): + out, code = popen("sudo {0} -j -s {1} show users".format(occtl, occtl_socket),stderr=DEVNULL) + if code: + sys.exit('Cannot get openconnect users information') + else: + headers = ["interface", "username", "ip", "remote IP", "RX", "TX", "state", "uptime"] + sessions = json.loads(out) + ses_list = [] + for ses in sessions: + ses_list.append([ses["Device"], ses["Username"], ses["IPv4"], ses["Remote IP"], ses["_RX"], ses["_TX"], ses["State"], ses["_Connected at"]]) + if len(ses_list) > 0: + print(tabulate(ses_list, headers)) + else: + print("No active openconnect sessions") + +def is_ocserv_configured(): + if not Config().exists_effective('vpn openconnect'): + print("vpn openconnect server is not configured") + sys.exit(1) + +def main(): + #parese args + parser = argparse.ArgumentParser() + parser.add_argument('--action', help='Control action', required=True) + parser.add_argument('--selector', help='Selector username|ifname|sid', required=False) + parser.add_argument('--target', help='Target must contain username|ifname|sid', required=False) + args = parser.parse_args() + + + # Check is Openconnect server configured + is_ocserv_configured() + + if args.action == "restart": + run("systemctl restart ocserv") + sys.exit(0) + elif args.action == "show_sessions": + show_sessions() + +if __name__ == '__main__': + main() -- cgit v1.2.3 From c3d170b17e39e94e6f53e4afd8d0468d35e9d8fc Mon Sep 17 00:00:00 2001 From: sever-sever Date: Thu, 10 Sep 2020 07:16:39 +0000 Subject: op-mode: T2856: Fix broken pipe in show version all --- op-mode-definitions/show-version.xml | 2 +- src/op_mode/show_version.py | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) (limited to 'src/op_mode') diff --git a/op-mode-definitions/show-version.xml b/op-mode-definitions/show-version.xml index aae5bb008..905a4865c 100644 --- a/op-mode-definitions/show-version.xml +++ b/op-mode-definitions/show-version.xml @@ -18,7 +18,7 @@ Show system version and versions of all packages - ${vyos_op_scripts_dir}/show_version.py --all + echo "Package versions:"; dpkg -l | awk '$0~/>/{exit}1' diff --git a/src/op_mode/show_version.py b/src/op_mode/show_version.py index d0d5c6785..5bbc2e1f1 100755 --- a/src/op_mode/show_version.py +++ b/src/op_mode/show_version.py @@ -27,7 +27,6 @@ from sys import exit from vyos.util import call parser = argparse.ArgumentParser() -parser.add_argument("-a", "--all", action="store_true", help="Include individual package versions") parser.add_argument("-f", "--funny", action="store_true", help="Add something funny to the output") parser.add_argument("-j", "--json", action="store_true", help="Produce JSON output") @@ -65,9 +64,5 @@ if __name__ == '__main__': tmpl = Template(version_output_tmpl) print(tmpl.render(version_data)) - if args.all: - print("Package versions:") - call("dpkg -l") - if args.funny: print(vyos.limericks.get_random()) -- cgit v1.2.3 From 8ae88b5ba5cbc34b9992ccdde4229d44cfe56225 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 13 Sep 2020 17:28:42 +0200 Subject: op-mode: T2841: support IPv6 for "monitor bandwidth-test initiate" --- op-mode-definitions/monitor-bandwidth-test.xml | 2 +- src/op_mode/monitor_bandwidth_test.sh | 30 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100755 src/op_mode/monitor_bandwidth_test.sh (limited to 'src/op_mode') diff --git a/op-mode-definitions/monitor-bandwidth-test.xml b/op-mode-definitions/monitor-bandwidth-test.xml index 5959e05f2..5b36b1da5 100644 --- a/op-mode-definitions/monitor-bandwidth-test.xml +++ b/op-mode-definitions/monitor-bandwidth-test.xml @@ -20,7 +20,7 @@ <hostname> <x.x.x.x> <h:h:h:h:h:h:h:h> - iperf -c $4 + ${vyos_op_scripts_dir}/monitor_bandwidth_test.sh "$4" diff --git a/src/op_mode/monitor_bandwidth_test.sh b/src/op_mode/monitor_bandwidth_test.sh new file mode 100755 index 000000000..6da0291c5 --- /dev/null +++ b/src/op_mode/monitor_bandwidth_test.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +if ipaddrcheck --is-ipv6 $1; then + # Set address family to IPv6 when an IPv6 address was specified + OPT="-V" +elif [[ $(dig $1 AAAA +short | grep -v '\.$' | wc -l) -gt 0 ]]; then + # CNAME is also part of the dig answer thus we must remove any + # CNAME response and only shot the AAAA response(s), this is done + # by grep -v '\.$' + + # Set address family to IPv6 when FQDN has at least one AAAA record + OPT="-V" +fi + +/usr/bin/iperf $OPT -c $1 + -- cgit v1.2.3 From b82871584b2a087b5b690f8eace1e99b7c948cf3 Mon Sep 17 00:00:00 2001 From: sever-sever Date: Mon, 14 Sep 2020 07:27:48 +0000 Subject: op-mode: T2874: Add new utill for mtu-check --- op-mode-definitions/force-mtu-host.xml | 34 ++++++++++++++++++++++ src/op_mode/force_mtu_host.sh | 52 ++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 op-mode-definitions/force-mtu-host.xml create mode 100755 src/op_mode/force_mtu_host.sh (limited to 'src/op_mode') diff --git a/op-mode-definitions/force-mtu-host.xml b/op-mode-definitions/force-mtu-host.xml new file mode 100644 index 000000000..b92179f11 --- /dev/null +++ b/op-mode-definitions/force-mtu-host.xml @@ -0,0 +1,34 @@ + + + + + + + Show MTU max value for remote host protocol TCP + + + + + IP address of the remote host + + <hostname> <x.x.x.x> <h:h:h:h:h:h:h:h> + + + ${vyos_op_scripts_dir}/force_mtu_host.sh $4 + + + + Source interface + + + + + ${vyos_op_scripts_dir}/force_mtu_host.sh $4 $6 + + + + + + + + diff --git a/src/op_mode/force_mtu_host.sh b/src/op_mode/force_mtu_host.sh new file mode 100755 index 000000000..02955c729 --- /dev/null +++ b/src/op_mode/force_mtu_host.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash +# +# Module: vyos-show-ram.sh +# Displays memory usage information in minimalistic format +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +target=$1 +interface=$2 + +# IPv4 header 20 byte + TCP header 20 byte +ipv4_overhead=40 + +# IPv6 headter 40 byte + TCP header 20 byte +ipv6_overhead=60 + +# If no arguments +if [[ $# -eq 0 ]] ; then + echo "Target host not defined" + exit 1 +fi + +# If one argument, it's ip address. If 2, the second arg "interface" +if [[ $# -eq 1 ]] ; then + mtu=$(sudo nmap -T4 --script path-mtu -F $target | grep "PMTU" | awk {'print $NF'}) +elif [[ $# -eq 2 ]]; then + mtu=$(sudo nmap -T4 -e $interface --script path-mtu -F $target | grep "PMTU" | awk {'print $NF'}) +fi + +tcpv4_mss=$(($mtu-$ipv4_overhead)) +tcpv6_mss=$(($mtu-$ipv6_overhead)) + +echo " +Recommended maximum values (or less) for target $target: +--- +MTU: $mtu +TCP-MSS: $tcpv4_mss +TCP-MSS_IPv6: $tcpv6_mss +" + -- cgit v1.2.3