Vici python examples: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „ <pre> # This python script is *not* required to setup and run a tunnel, # rather it shows how an external python script can bring a tunnel up / down and monit…“)
 
(Die Seite wurde geleert.)
 
Zeile 1: Zeile 1:
  
<pre>
 
# This python script is *not* required to setup and run a tunnel,
 
# rather it shows how an external python script can bring a tunnel up / down and monitor its status.
 
 
import vici
 
import multiprocessing
 
import collections
 
import time
 
# NOTE: unless you are root you will need to do the following: sudo chmod 777 /var/run/charon.vici
 
 
# Edit target_connections in the VState to include the VPN connections you would like to keep alive
 
# if this connection is dropped for some reason it will be re-started automatically by the python script
 
 
class VState(object):
 
    """holds the VPN state"""
 
    def __init__(self):
 
        self.alive = True
 
        self.session = vici.Session()
 
        self.possible_connections = []
 
        self.target_connections = ['rw-2']
 
        self.active_connections = []
 
   
 
class StrongSwan(object):
 
    def __init__(self,  queue = None):
 
        self.state = VState()
 
        self.get_possible_connections()
 
   
 
    def process_control_connection_in(self):
 
        '''handle incoming mavlink packets'''
 
        pass
 
   
 
    def check_interfaces(self):
 
        state = self.state
 
        for vpn_conn in state.session.list_sas():
 
            for key in state.active_connections:
 
try:
 
                  print 'key', key
 
                  print vpn_conn[key]
 
                  print vpn_conn[key]['established']
 
                  print vpn_conn[key]['state']
 
                  print vpn_conn[key]['local-host']
 
                  print vpn_conn[key]['remote-host']
 
except:
 
  pass
 
               
 
                try:
 
                    child = vpn_conn[key]['child-sas']
 
                    if child == {}:
 
                        child = None
 
                except:
 
                    print 'tunnel not connected at child level!'
 
                    child = None
 
               
 
                if child is not None:
 
                    for child_key in child:
 
                       
 
                        print 'time: ', time.time(), 'child key', child_key, child[child_key]['bytes-in'], child[child_key]['bytes-out']
 
                   
 
                        #print 'packets'
 
                        #print 'in: ', child[child_key]['packets-in']
 
                        #print 'out: ', child[child_key]['packets-out']
 
                       
 
                        #print 'bytes'
 
                        #print 'in: ', child[child_key]['bytes-in']
 
                        #print 'out: ', child[child_key]['bytes-out']
 
                   
 
                        #print child[child_key]['mode']
 
                        #print 'ip: ', child[child_key]['local-ts']
 
                        #print child[child_key]['remote-ts']
 
                        #print 'key: ', child[child_key]['rekey-time']
 
                        #print 'life: ', child[child_key]['life-time']
 
                   
 
               
 
                if key in state.target_connections and child is None:
 
                    self.connection_down(key)
 
                    self.connection_up(key)
 
       
 
        for key in state.target_connections:
 
            if key not in state.active_connections:
 
                #the connection is inactive
 
                self.connection_up(key)
 
               
 
       
 
    def connection_up(self, key):
 
        state = self.state
 
        print 'up: ', key
 
sa = collections.OrderedDict()
 
sa['child'] = key
 
sa['timeout'] = '2000'
 
sa['loglevel'] = '0'
 
rep =state.session.initiate(sa)
 
rep.next()
 
rep.close()
 
 
        #TODO: handle errors, log?
 
       
 
    def connection_down(self, key):
 
        state = self.state
 
        print 'down: ', key
 
sa = collections.OrderedDict()
 
sa['ike'] = key
 
sa['timeout'] = '2000'
 
sa['loglevel'] = '0'
 
rep =state.session.terminate(sa)
 
rep.next()
 
rep.close()
 
   
 
#TODO: handle errors, log?
 
 
    def get_possible_connections(self):
 
        '''reset and repopulate possible connections based on /etc/ipsec.conf'''
 
        state = self.state
 
        state.possible_connections = []
 
        for conn in state.session.list_conns():
 
            for key in conn:
 
                state.possible_connections.append(key)
 
       
 
        print 'p',state.possible_connections
 
               
 
    def get_active_connections(self):
 
        state = self.state
 
        state.active_connections = []
 
       
 
        for conn in state.session.list_sas():
 
            for key in conn:
 
                state.active_connections.append(key)
 
       
 
        print 'a', state.active_connections
 
               
 
    def is_alive(self):
 
        return self.state.alive
 
 
def main_loop():
 
    '''main processing loop'''
 
    #make a strongSwan control object
 
    VPN = StrongSwan()
 
    while VPN.is_alive():
 
        VPN.process_control_connection_in()
 
        VPN.get_possible_connections()
 
        VPN.get_active_connections()
 
        VPN.check_interfaces()
 
        time.sleep(1.0)
 
   
 
 
 
if __name__ == '__main__':
 
    #run main loop as a process
 
    main = multiprocessing.Process(target=main_loop)
 
    main.start()
 
    main.join()
 
</pre>
 

Aktuelle Version vom 18. Dezember 2017, 17:24 Uhr

Abgerufen von „https://xinux.net/index.php?title=Vici_python_examples&oldid=16137