def add_ip_networks(ip_route: IPRoute, ip_networks, ipsec_connection_name):
ipsec_info = IPSecInfo(ip_route=ip_route)
ipsec_entries = ipsec_info.entries()
rules = []
table = iptc.Table(iptc.Table.NAT)
table.autocommit = False
chain = iptc.Chain(table, 'POSTROUTING')
filter_func = functools.partial(comment_matches_ipsec_connection,
ipsec_connection_name)
existing_rules = filter_iptables_rules(chain, filter_func)
existing_rules_sources = set(
map(lambda er: netaddr.IPNetwork(er.src), existing_rules))
for network in ip_networks:
if network in existing_rules_sources:
continue
route_to_rule = functools.partial(ipsec_route_to_rule, network,
ip_route)
rules.extend(map(route_to_rule, ipsec_entries))
if len(rules) > 0:
for rule in rules:
install_iptables_rule(table, ipsec_connection_name, *rule)
table.commit()
def add_ip_networks(ip_route: IPRoute, ip_networks, ipsec_connection_name):
ipsec_info = IPSecInfo(ip_route=ip_route)
ipsec_entries = ipsec_info.entries()
rules = []
table = iptc.Table(iptc.Table.NAT)
table.autocommit = False
chain = iptc.Chain(table, 'POSTROUTING')
filter_func = functools.partial(comment_matches_ipsec_connection, ipsec_connection_name)
existing_rules = filter_iptables_rules(chain, filter_func)
existing_rules_sources = set(map(lambda er: netaddr.IPNetwork(er.src), existing_rules))
for network in ip_networks:
if network in existing_rules_sources:
continue
route_to_rule = functools.partial(ipsec_route_to_rule, network, ip_route)
rules.extend(map(route_to_rule, ipsec_entries))
if len(rules) > 0:
for rule in rules:
install_iptables_rule(table, ipsec_connection_name, *rule)
table.commit()
def get_ipsec_connection_routes(ipsec_info: IPSecInfo,
ipsec_connection):
filter_func = functools.partial(route_table_entry_matches_ipsec_connection,
ipsec_connection)
return tuple(filter(filter_func, ipsec_info.entries()))
def is_connection_up(ip_route: IPRoute, ipsec_connection):
ipsec_info = IPSecInfo(ip_route=ip_route)
routes = get_ipsec_connection_routes(ipsec_info, ipsec_connection)
return len(routes) > 0
def get_ipsec_connection_routes(ipsec_info: IPSecInfo, ipsec_connection):
filter_func = functools.partial(route_table_entry_matches_ipsec_connection,
ipsec_connection)
return tuple(filter(filter_func, ipsec_info.entries()))
