Exemplo n.º 1
0
    def test5_conn_filter(self):
        conf = loads(self.strongswan_in)
        
        names = lambda lst: list(x[0] for x in lst)

        self.assertEqual(
            names(conf.conn_filter(
                Key('leftsubnet') == '10.1.0.0/16' and Key('right') == '%any'
            )),
            ['roadwarrior']
        )
        conf['conn', 'myconn'] = {'left': '10.1.0.1', 'right': '192.168.0.2'}
        
        self.assertEqual(
            names(conf.conn_filter(
                Keys('left', 'right').contains('192.168.0.2')
            )),
            ['myconn']
        )
        
        self.assertEqual(
            names(conf.conn_filter(Key('left') != '10.10.10.10')),
            ['%default', 'roadwarrior', 'myconn']
        )
        
        
        del conf['conn', 'roadwarrior']
        
        self.assertEqual(
            conf.conn_filter(
                Key('leftsubnet') == '10.1.0.0/16' or Key('right') == '%any'
            ),
            []
        )
Exemplo n.º 2
0
    def test5_conn_filter(self):
        conf = loads(self.strongswan_in)

        names = lambda lst: list(x[0] for x in lst)

        self.assertEqual(
            names(
                conf.conn_filter(
                    Key('leftsubnet') == '10.1.0.0/16'
                    and Key('right') == '%any')), ['roadwarrior'])
        conf['conn', 'myconn'] = {'left': '10.1.0.1', 'right': '192.168.0.2'}

        self.assertEqual(
            names(
                conf.conn_filter(
                    Keys('left', 'right').contains('192.168.0.2'))),
            ['myconn'])

        self.assertEqual(names(conf.conn_filter(Key('left') != '10.10.10.10')),
                         ['%default', 'roadwarrior', 'myconn'])

        del conf['conn', 'roadwarrior']

        self.assertEqual(
            conf.conn_filter(
                Key('leftsubnet') == '10.1.0.0/16' or Key('right') == '%any'),
            [])
Exemplo n.º 3
0
def load_ipsec_conf(parsed_args):
    try:
        with open(parsed_args.ipsecConf, 'rt') as ipsec_conf_file:
            ipsec_conf_str = ipsec_conf_file.read()
    except BaseException as e:
        raise DockerIPSecError('Failed to read: {0}'.format(parsed_args.ipsecConf)) from e
    try:
        return ipsecparse.loads(ipsec_conf_str)
    except BaseException as e:
        raise DockerIPSecError('Failed to parse: {0}'.format(parsed_args.ipsecConf)) from e
Exemplo n.º 4
0
    def test4(self):
        conf = """
config setup
    nat_traversal=yes
    plutodebug="all crypt" # testing quoted string
    
conn myconn
    left=192.168.0.2
    right=10.0.0.1"""
        conf = loads(conf)
        self.assertEqual(conf['config', 'setup']['plutodebug'], "all crypt")
Exemplo n.º 5
0
    def test4(self):
        conf = """
config setup
    nat_traversal=yes
    plutodebug="all crypt" # testing quoted string
    
conn myconn
    left=192.168.0.2
    right=10.0.0.1"""
        conf = loads(conf)
        self.assertEqual(conf['config','setup']['plutodebug'], "all crypt")
Exemplo n.º 6
0
def load_ipsec_conf(parsed_args):
    try:
        with open(parsed_args.ipsecConf, 'rt') as ipsec_conf_file:
            ipsec_conf_str = ipsec_conf_file.read()
    except BaseException as e:
        raise DockerIPSecError('Failed to read: {0}'.format(
            parsed_args.ipsecConf)) from e
    try:
        return ipsecparse.loads(ipsec_conf_str)
    except BaseException as e:
        raise DockerIPSecError('Failed to parse: {0}'.format(
            parsed_args.ipsecConf)) from e
Exemplo n.º 7
0
    def test3_empty_values(self):
        conf = """
conn myconn1
    dpddelay=
    salifetime=1h
    aggrmode=

conn myconn2
    phase2=esp
    leftsubnet=
"""
        conf = loads(conf)
        self.assertEqual(conf['conn', 'myconn1']['dpddelay'], '')
        self.assertEqual(conf['conn', 'myconn1']['aggrmode'], '')
        self.assertEqual(conf['conn', 'myconn2']['leftsubnet'], '')
Exemplo n.º 8
0
    def test3_empty_values(self):
        conf = """
conn myconn1
    dpddelay=
    salifetime=1h
    aggrmode=

conn myconn2
    phase2=esp
    leftsubnet=
"""
        conf = loads(conf)
        self.assertEqual(conf['conn', 'myconn1']['dpddelay'], '')
        self.assertEqual(conf['conn', 'myconn1']['aggrmode'], '')
        self.assertEqual(conf['conn', 'myconn2']['leftsubnet'], '')
Exemplo n.º 9
0
    def test2_empty_lines(self):
        conf = """


config setup

    nat_traversal=yes
    
    
    strictcrlpolicy=yes

"""
        self.assertEqual(
            dumps(loads(conf), indent='    '), """\
config setup
    nat_traversal=yes
    strictcrlpolicy=yes
""")
Exemplo n.º 10
0
    def test2_empty_lines(self):
        conf = """


config setup

    nat_traversal=yes
    
    
    strictcrlpolicy=yes

"""
        self.assertEqual(
            dumps(loads(conf), indent = '    '),
            """\
config setup
    nat_traversal=yes
    strictcrlpolicy=yes
"""
        )
Exemplo n.º 11
0
from subprocess import Popen, PIPE, STDOUT
import os

####
#ipsec_status, err = subprocess.Popen(['ipsec', 'status'], stdout=subprocess.PIPE).communicate()
ipsec_status, err = subprocess.Popen(['cat', 'ipsec.status'],
                                     stdout=subprocess.PIPE).communicate()

####
#Apontar o arquivo de configuração do ipsec
ipsec_conf_file = 'cliente.conf'

sline = '========================================================================================================================================'
ssline = '----------------------------------------------------------------------------------------------------------------------------------------'

config = loads(open(ipsec_conf_file).read())

#Main dict
data = {}
#ipsec global dict
globaldict = {}
globaldict['total'] = []

sline = '========================================================================================================================================'
ssline = '----------------------------------------------------------------------------------------------------------------------------------------'
print(sline)
print('\t\t\t\t\tLibreSwan Status v.1.1 - by. wjesus')

for info in config:
    name = info[1]
    print(sline)
Exemplo n.º 12
0
def main():
    desc = 'Start and stop IPSec tunnels while allowing docker containers to route traffic down the tunnels'
    parser = argparse.ArgumentParser(
        description=desc,
        formatter_class=argparse.ArgumentDefaultsHelpFormatter)

    parser.add_argument('command',
                        type=str,
                        choices=set(
                            ('up', 'down', 'addbridge', 'removebridge')),
                        help='Start or stop an IPSec tunnel')

    parser.add_argument('connection', type=str, default='')

    parser.add_argument('--docker-bridge',
                        dest='dockerBridge',
                        type=str,
                        default='docker0',
                        help='Name of the docker bridge')
    parser.add_argument('--ipsec-route-table',
                        dest='ipsecRouteTable',
                        type=int,
                        default=220,
                        help='Route table containing IPSec routes')
    parser.add_argument('--ipsec-conf',
                        dest='ipsecConf',
                        type=str,
                        default='/etc/ipsec.conf',
                        help='IPSec configuration file')

    parsedArgs = parser.parse_args()

    with open(parsedArgs.ipsecConf, 'rt') as ipsecConfFile:
        ipsecConfStr = ipsecConfFile.read()

    ipsecConnectionName = parsedArgs.connection
    if (ipsecConnectionName == ''):
        ipsecConf = ipsecparse.loads(ipsecConfStr)
        ipsecConnectionEntries = map(
            lambda e: (e[0][0], e[1]),
            filter(lambda e: e[0][0] == 'conn' and e[0][1] != '%default',
                   ipsecConf.entries()))
        ipsecConnections = dict(ipsecConnectionEntries)
        if (len(ipsecConnections) != 1):
            print(
                'IPSec configuration in {0} contains more than one connection, specify which one:'
            )
            for c in ipsecConnections.keys():
                print(c + '\n')
            return 1

        ipsecConnectionName = tuple(ipsecConnections.keys())[0]

    if (parsedArgs.command == 'down'):
        docker_ipsec.removeIPTablesRules()
        if (not docker_ipsec.ipsec('down', ipsecConnectionName, verbose=True)):
            return 1
        return 0

    if (parsedArgs.command == 'removebridge'):

        def _removalFunc(j):
            try:
                return j['dockerBridgeName'] == parsedArgs.dockerBridge
            except:
                return Fale

        docker_ipsec.removeIPTablesRules(filterFunc=_removalFunc)
        return 0

    ipRoute = pyroute2.IPRoute()
    dockerInfo = docker_ipsec.DockerInfo(
        ipRoute=ipRoute, dockerBridgeName=parsedArgs.dockerBridge)

    if parsedArgs.command == 'up' and not docker_ipsec.ipsec(
            'up', ipsecConnectionName, verbose=True):
        return 1

    assert parsedArgs.command in ['up', 'addbridge']

    ipsecInfo = docker_ipsec.IPSecInfo(
        ipRoute=ipRoute, ipsecTableIndex=parsedArgs.ipsecRouteTable)

    def ipsecEntryToIPTablesRule(e):
        outputInterfaceIndex = e.outputInterfaceIndex()
        outputInterface = docker_ipsec.getInterfaceNameForIndex(
            outputInterfaceIndex, ipRoute=ipRoute)
        return (e.sourceIP(), outputInterface, e.destCIDR(), dockerInfo.cidr())

    rules = tuple(map(ipsecEntryToIPTablesRule, ipsecInfo.entries()))
    table = iptc.Table(iptc.Table.NAT)
    table.autocommit = False
    for rule in rules:
        docker_ipsec.installIPTablesRule(table, parsedArgs.dockerBridge, *rule)
    table.commit()
Exemplo n.º 13
0
def main():
    desc = 'Start and stop IPSec tunnels while allowing docker containers to route traffic down the tunnels'
    parser = argparse.ArgumentParser(description=desc, formatter_class=argparse.ArgumentDefaultsHelpFormatter)

    parser.add_argument('command', type=str, choices=set(('up', 'down', 'addbridge', 'removebridge')),
                        help='Start or stop an IPSec tunnel')

    parser.add_argument('connection', type=str, default='')

    parser.add_argument('--docker-bridge', dest='dockerBridge', type=str, default='docker0',
                        help='Name of the docker bridge')
    parser.add_argument('--ipsec-route-table', dest='ipsecRouteTable', type=int, default=220,
                        help='Route table containing IPSec routes')
    parser.add_argument('--ipsec-conf', dest='ipsecConf', type=str, default='/etc/ipsec.conf',
                        help='IPSec configuration file')
    
    parsedArgs = parser.parse_args()

    with open(parsedArgs.ipsecConf, 'rt') as ipsecConfFile:
        ipsecConfStr = ipsecConfFile.read()

    ipsecConnectionName = parsedArgs.connection
    if (ipsecConnectionName == ''):
        ipsecConf = ipsecparse.loads(ipsecConfStr)
        ipsecConnectionEntries = map(lambda e: (e[0][0], e[1]),
                                    filter(lambda e: e[0][0] == 'conn' and e[0][1] != '%default',
                                           ipsecConf.entries()))
        ipsecConnections = dict(ipsecConnectionEntries)
        if (len(ipsecConnections) != 1):
            print('IPSec configuration in {0} contains more than one connection, specify which one:')
            for c in ipsecConnections.keys():
                print(c + '\n')
            return 1

        ipsecConnectionName = tuple(ipsecConnections.keys())[0]

    if (parsedArgs.command == 'down'):
        docker_ipsec.removeIPTablesRules()
        if (not docker_ipsec.ipsec('down', ipsecConnectionName, verbose=True)):
            return 1
        return 0

    if (parsedArgs.command == 'removebridge'):
        def _removalFunc(j):
            try:
                return j['dockerBridgeName'] == parsedArgs.dockerBridge
            except:
                return Fale
        docker_ipsec.removeIPTablesRules(filterFunc=_removalFunc)
        return 0

    ipRoute = pyroute2.IPRoute()
    dockerInfo = docker_ipsec.DockerInfo(ipRoute=ipRoute, dockerBridgeName=parsedArgs.dockerBridge)

    if parsedArgs.command == 'up' and not docker_ipsec.ipsec('up', ipsecConnectionName, verbose=True):
        return 1

    assert parsedArgs.command in ['up', 'addbridge']

    ipsecInfo = docker_ipsec.IPSecInfo(ipRoute=ipRoute, ipsecTableIndex=parsedArgs.ipsecRouteTable)

    def ipsecEntryToIPTablesRule(e):
        outputInterfaceIndex = e.outputInterfaceIndex()
        outputInterface = docker_ipsec.getInterfaceNameForIndex(outputInterfaceIndex, ipRoute=ipRoute)
        return (e.sourceIP(), outputInterface, e.destCIDR(), dockerInfo.cidr())

    rules = tuple(map(ipsecEntryToIPTablesRule, ipsecInfo.entries()))
    table = iptc.Table(iptc.Table.NAT)
    table.autocommit = False
    for rule in rules:
        docker_ipsec.installIPTablesRule(table, parsedArgs.dockerBridge, *rule)
    table.commit()
Exemplo n.º 14
0
 def test1(self):
     self.assertEqual(dumps(loads(self.strongswan_in), indent='    '),
                      self.strongswan_out)
Exemplo n.º 15
0
 def test1(self):
     self.assertEqual(
         dumps(loads(self.strongswan_in), indent = '    '),
         self.strongswan_out
     )
Exemplo n.º 16
0
def main():
    desc = "Start and stop IPSec tunnels while allowing docker containers to route traffic down the tunnels"
    parser = argparse.ArgumentParser(description=desc, formatter_class=argparse.ArgumentDefaultsHelpFormatter)

    parser.add_argument("command", type=str, choices=set(("up", "down")), help="Start or stop an IPSec tunnel")

    parser.add_argument("connection", type=str, default="")

    parser.add_argument(
        "--docker-bridge", dest="dockerBridge", type=str, default="docker0", help="Name of the docker bridge"
    )
    parser.add_argument(
        "--ipsec-route-table", dest="ipsecRouteTable", type=int, default=220, help="Route table containing IPSec routes"
    )
    parser.add_argument(
        "--ipsec-conf", dest="ipsecConf", type=str, default="/etc/ipsec.conf", help="IPSec configuration file"
    )

    parsedArgs = parser.parse_args()

    with open(parsedArgs.ipsecConf, "rt") as ipsecConfFile:
        ipsecConfStr = ipsecConfFile.read()

    ipsecConnectionName = parsedArgs.connection
    if ipsecConnectionName == "":
        ipsecConf = ipsecparse.loads(ipsecConfStr)
        ipsecConnectionEntries = map(
            lambda e: (e[0][0], e[1]),
            filter(lambda e: e[0][0] == "conn" and e[0][1] != "%default", ipsecConf.entries()),
        )
        ipsecConnections = dict(ipsecConnectionEntries)
        if len(ipsecConnections) != 1:
            print("IPSec configuration in {0} contains more than one connection, specify which one:")
            for c in ipsecConnections.keys():
                print(c + "\n")
            return 1

        ipsecConnectionName = tuple(ipsecConnections.keys())[0]

    if parsedArgs.command == "down":
        docker_ipsec.removeIPTablesRules()
        if not docker_ipsec.ipsec("down", ipsecConnectionName, verbose=True):
            return 1
        return 0

    ipRoute = pyroute2.IPRoute()
    dockerInfo = docker_ipsec.DockerInfo(ipRoute=ipRoute, dockerBridgeName=parsedArgs.dockerBridge)

    if not docker_ipsec.ipsec("up", ipsecConnectionName, verbose=True):
        return 1

    ipsecInfo = docker_ipsec.IPSecInfo(ipRoute=ipRoute, ipsecTableIndex=parsedArgs.ipsecRouteTable)

    def ipsecEntryToIPTablesRule(e):
        outputInterfaceIndex = e.outputInterfaceIndex()
        outputInterface = docker_ipsec.getInterfaceNameForIndex(outputInterfaceIndex, ipRoute=ipRoute)
        return (e.sourceIP(), outputInterface, e.destCIDR(), dockerInfo.cidr())

    rules = tuple(map(ipsecEntryToIPTablesRule, ipsecInfo.entries()))
    table = iptc.Table(iptc.Table.NAT)
    table.autocommit = False
    for rule in rules:
        docker_ipsec.installIPTablesRule(table, *rule)
    table.commit()