From 953bec9b56a71b0bd64da510e32e9586b42412fb Mon Sep 17 00:00:00 2001 From: Daniel <43214013+daniel-pro@users.noreply.github.com> Date: Tue, 1 Jan 2019 22:27:02 +0100 Subject: T1119: 'show vpn ipsec sa' shows tunnel twice in 1.2.0-RC11 Removed duplicates from "connections" list. --- src/op_mode/show_ipsec_sa.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py index 117824632..4827e6691 100755 --- a/src/op_mode/show_ipsec_sa.py +++ b/src/op_mode/show_ipsec_sa.py @@ -32,7 +32,7 @@ def parse_ike_line(s): # Get a list of all configured connections with open('/etc/ipsec.conf', 'r') as f: config = f.read() - connections = re.findall(r'conn\s([^\s]+)\s*\n', config) + connections = set(re.findall(r'conn\s([^\s]+)\s*\n', config)) connections = list(filter(lambda s: s != '%default', connections)) status_data = [] -- cgit v1.2.3 From 59471ed0c249771fa6c46cf0b020222b7caeee42 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 3 Jan 2019 15:37:28 +0100 Subject: T1147: Fix SNMP config file generation on newly installed systems --- src/conf_mode/snmp.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 026f6d2f7..d21a2b603 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -21,6 +21,7 @@ import os import shutil import stat import pwd +import time import jinja2 import random @@ -793,6 +794,9 @@ def apply(snmp): # snmpd, which we see when a magic line appears in this file. snmpReady = False while not snmpReady: + while not os.path.exists(config_file_user): + time.sleep(1) + with open(config_file_user, 'r') as f: for line in f: # Search for our magic string inside the file -- cgit v1.2.3 From e8cb7260689c0dec9cf86811a6a57f8851b2c151 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Sun, 6 Jan 2019 05:03:30 +0100 Subject: T1159: correct handling of SAs without PFS in "show vpn ipsec sa". --- src/op_mode/show_ipsec_sa.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py index 4827e6691..4c39aba66 100755 --- a/src/op_mode/show_ipsec_sa.py +++ b/src/op_mode/show_ipsec_sa.py @@ -20,11 +20,11 @@ def parse_conn_spec(s): def parse_ike_line(s): try: # Example with traffic: AES_CBC_256/HMAC_SHA2_256_128/ECP_521, 2382660 bytes_i (1789 pkts, 2s ago), 2382660 bytes_o ... - return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups() + return re.search(r'.*:\s+(.*\/.*(?:\/.*)?),\s+(\d+)\s+bytes_i\s\(.*pkts,.*\),\s+(\d+)\s+bytes_o', s).groups() except AttributeError: try: # Example without traffic: 3DES_CBC/HMAC_MD5_96/MODP_1024, 0 bytes_i, 0 bytes_o, rekeying in 45 minutes - return re.search(r'.*:\s+(.*)\/(.*)\/(.*),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups() + return re.search(r'.*:\s+(.*\/.*(?:\/.*)?),\s+(\d+)\s+bytes_i,\s+(\d+)\s+bytes_o,\s+rekeying', s).groups() except AttributeError: return (None, None, None, None, None) @@ -46,13 +46,13 @@ for conn in connections: time, _, _, ip, id = parse_conn_spec(status) if ip == id: id = None - enc, hash, dh, bytes_in, bytes_out = parse_ike_line(status) + enc, bytes_in, bytes_out = parse_ike_line(status) # Convert bytes to human-readable units bytes_in = hurry.filesize.size(int(bytes_in)) bytes_out = hurry.filesize.size(int(bytes_out)) - status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, "{0}/{1}/{2}".format(enc, hash, dh)] + status_line = [conn, "up", time, "{0}/{1}".format(bytes_in, bytes_out), ip, id, enc] except Exception as e: print(status) raise e -- cgit v1.2.3 From 3223b33a555c614e799a3e968f8da4aff6d31fdf Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 6 Jan 2019 10:55:02 +0100 Subject: T1129: fix handling of raw DHCP 'subnet-parameters' subnet-parameters were not added to the resulting configuration. --- src/conf_mode/dhcp_server.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index 560c80e7f..c1f3c62dc 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -150,6 +150,12 @@ shared-network {{ network.name }} { {%- if subnet.domain_name %} option domain-name "{{ subnet.domain_name }}"; {%- endif -%} + {%- if subnet.subnet_parameters %} + # The following {{ subnet.subnet_parameters | length }} line(s) were added as subnet-parameters in the CLI and have not been validated + {%- for param in subnet.subnet_parameters %} + {{ param }} + {%- endfor -%} + {%- endif %} {%- if subnet.tftp_server %} option tftp-server-name "{{ subnet.tftp_server }}"; {%- endif -%} @@ -570,7 +576,7 @@ def get_config(): # # deprecate this and issue a warning like we do for DNS forwarding? if conf.exists('subnet-parameters'): - config['subnet_parameters'] = conf.return_values('subnet-parameters') + subnet['subnet_parameters'] = conf.return_values('subnet-parameters') # This option is used to identify a TFTP server and, if supported by the client, should have # the same effect as the server-name declaration. BOOTP clients are unlikely to support this -- cgit v1.2.3 From 60a8793aef2c1af95d7a992bfc0a381e1a8a61cd Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 6 Jan 2019 10:56:33 +0100 Subject: T1129: replace quotes when dealing with 'subnet/global-parameters' --- src/conf_mode/dhcp_server.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src') diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index c1f3c62dc..22ada72a8 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -773,6 +773,11 @@ def generate(dhcp): tmpl = jinja2.Template(config_tmpl) config_text = tmpl.render(dhcp) + + # Please see: https://phabricator.vyos.net/T1129 for quoting of the raw parameters + # we can pass to ISC DHCPd + config_text = config_text.replace(""",'"') + with open(config_file, 'w') as f: f.write(config_text) -- cgit v1.2.3