Skip to content

O
OpnSense
Commit d5c6ce35 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

ipsec/diag, list non routed connections, for https://github.com/opnsense/core/issues/1688

parent 203ba240
Hide whitespace changes
Inline Side-by-side
Showing with 24 additions and 14 deletions
src/opnsense/scripts/ipsec/list_status.py
View file @ d5c6ce35
#!/usr/local/bin/python2.7 #!/usr/local/bin/python2.7
""" """
Copyright (c) 2015 Ad Schellevis Copyright (c) 2015-2017 Ad Schellevis
All rights reserved. All rights reserved.
Redistribution and use in source and binary forms, with or without Redistribution and use in source and binary forms, with or without
...@@ -40,21 +40,31 @@ except socket.error: ...@@ -40,21 +40,31 @@ except socket.error:
print ('ipsec not active') print ('ipsec not active')
sys.exit(0) sys.exit(0)
def parse_sa(in_conn):
result = {'local-addrs': '', 'remote-addrs': '', 'children': '', 'local-id': '', 'remote-id': ''}
result['version'] = in_conn['version']
if 'local_addrs' in in_conn:
result['local-addrs'] = ','.join(in_conn['local_addrs'])
elif 'local-host' in in_conn:
result['local-addrs'] = in_conn['local-host']
if 'remote_addrs' in in_conn:
result['remote-addrs'] = ','.join(in_conn['remote_addrs'])
elif 'remote-host' in in_conn:
result['remote-addrs'] = in_conn['remote-host']
if 'children' in in_conn:
result['children'] = in_conn['children']
result['sas'] = []
return result
result = dict() result = dict()
# parse connections # parse connections
for conns in s.list_conns(): for conns in s.list_conns():
for connection_id in conns: for connection_id in conns:
result[connection_id] = dict() result[connection_id] = parse_sa(conns[connection_id])
result[connection_id]['version'] = conns[connection_id]['version']
result[connection_id]['local-addrs'] = ','.join(conns[connection_id]['local_addrs'])
result[connection_id]['local-id'] = ''
result[connection_id]['local-class'] = [] result[connection_id]['local-class'] = []
result[connection_id]['remote-id'] = ''
result[connection_id]['remote-class'] = [] result[connection_id]['remote-class'] = []
result[connection_id]['remote-addrs'] = ','.join(conns[connection_id]['remote_addrs'])
result[connection_id]['children'] = conns[connection_id]['children']
result[connection_id]['sas'] = []
# parse local-% and remote-% keys # parse local-% and remote-% keys
for connKey in conns[connection_id].keys(): for connKey in conns[connection_id].keys():
if connKey.find('local-') == 0: if connKey.find('local-') == 0:
...@@ -65,14 +75,14 @@ for conns in s.list_conns(): ...@@ -65,14 +75,14 @@ for conns in s.list_conns():
if 'id' in conns[connection_id][connKey]: if 'id' in conns[connection_id][connKey]:
result[connection_id]['remote-id'] = conns[connection_id][connKey]['id'] result[connection_id]['remote-id'] = conns[connection_id][connKey]['id']
result[connection_id]['remote-class'].append(conns[connection_id][connKey]['class']) result[connection_id]['remote-class'].append(conns[connection_id][connKey]['class'])
result[connection_id]['local-class'] = '+'.join(result[connection_id]['local-class']) result[connection_id]['local-class'] = '+'.join(result[connection_id]['local-class'])
result[connection_id]['remote-class'] = '+'.join(result[connection_id]['remote-class']) result[connection_id]['remote-class'] = '+'.join(result[connection_id]['remote-class'])
# attach Security Associations # attach Security Associations
for sas in s.list_sas(): for sas in s.list_sas():
for sa in sas: for sa in sas:
if sa in result: if sa not in result:
result[sa]['sas'].append(sas[sa]) result[sa] = parse_sa(sas[sa])
result[sa]['sas'].append(sas[sa])
print(ujson.dumps(result)) print (ujson.dumps(result))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023