def add_ip_networks(ip_route: IPRoute, ip_networks, ipsec_connection_name): ipsec_info = IPSecInfo(ip_route=ip_route) ipsec_entries = ipsec_info.entries() rules = [] table = iptc.Table(iptc.Table.NAT) table.autocommit = False chain = iptc.Chain(table, 'POSTROUTING') filter_func = functools.partial(comment_matches_ipsec_connection, ipsec_connection_name) existing_rules = filter_iptables_rules(chain, filter_func) existing_rules_sources = set( map(lambda er: netaddr.IPNetwork(er.src), existing_rules)) for network in ip_networks: if network in existing_rules_sources: continue route_to_rule = functools.partial(ipsec_route_to_rule, network, ip_route) rules.extend(map(route_to_rule, ipsec_entries)) if len(rules) > 0: for rule in rules: install_iptables_rule(table, ipsec_connection_name, *rule) table.commit()
def is_connection_up(ip_route: IPRoute, ipsec_connection): ipsec_info = IPSecInfo(ip_route=ip_route) routes = get_ipsec_connection_routes(ipsec_info, ipsec_connection) return len(routes) > 0