]>
Commit | Line | Data |
---|---|---|
9a25910a TL |
1 | Description: Fix ovs-monitor-ipsec |
2 | Open subprocesses in the text mode. | |
3 | Use valid strongSwan configuration. | |
4 | Use python3 dictionary iterators. | |
5 | Forwarded: no | |
6 | Author: Jakub Safarik <jsfrk@protonmail.com> | |
7 | Last-Update: 2019-09-29 | |
8 | --- a/ipsec/ovs-monitor-ipsec.in | |
9 | +++ b/ipsec/ovs-monitor-ipsec.in | |
10 | @@ -99,7 +99,8 @@ | |
11 | the IPsec policy.""" | |
12 | policies = {} | |
13 | proc = subprocess.Popen([self.IP, 'xfrm', 'policy'], | |
14 | - stdout=subprocess.PIPE) | |
15 | + stdout=subprocess.PIPE, | |
16 | + universal_newlines=True) | |
17 | while True: | |
18 | line = proc.stdout.readline().strip() | |
19 | if line == '': | |
20 | @@ -122,7 +123,8 @@ | |
21 | is SELECTOR.""" | |
22 | securities = {} | |
23 | proc = subprocess.Popen([self.IP, 'xfrm', 'state'], | |
24 | - stdout=subprocess.PIPE) | |
25 | + stdout=subprocess.PIPE, | |
26 | + universal_newlines=True) | |
27 | while True: | |
28 | line = proc.stdout.readline().strip() | |
29 | if line == '': | |
30 | @@ -145,10 +147,18 @@ | |
31 | """This class does StrongSwan specific configurations.""" | |
32 | ||
33 | STRONGSWAN_CONF = """%s | |
34 | -charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes | |
35 | -charon.plugins.kernel-netlink.xfrm_ack_expires = 10 | |
36 | -charon.load_modular = yes | |
37 | -charon.plugins.gcm.load = yes | |
38 | +charon { | |
39 | + plugins { | |
40 | + kernel-netlink { | |
41 | + set_proto_port_transport_sa = yes | |
42 | + xfrm_ack_expires = 10 | |
43 | + } | |
44 | + gcm { | |
45 | + load = yes | |
46 | + } | |
47 | + } | |
48 | + load_modular = yes | |
49 | +} | |
50 | """ % (FILE_HEADER) | |
51 | ||
52 | CONF_HEADER = """%s | |
53 | @@ -243,7 +253,9 @@ | |
54 | sample line from the parsed outpus as <value>. """ | |
55 | ||
56 | conns = {} | |
57 | - proc = subprocess.Popen([self.IPSEC, 'status'], stdout=subprocess.PIPE) | |
58 | + proc = subprocess.Popen([self.IPSEC, 'status'], | |
59 | + stdout=subprocess.PIPE, | |
60 | + universal_newlines=True) | |
61 | ||
62 | while True: | |
63 | line = proc.stdout.readline().strip() | |
64 | @@ -340,7 +352,7 @@ | |
65 | # about possibility of ovs-monitor-ipsec to block for each tunnel | |
66 | # while strongSwan sends IKE messages over Internet. | |
67 | conns_dict = self.get_active_conns() | |
68 | - for ifname, conns in conns_dict.iteritems(): | |
69 | + for ifname, conns in conns_dict.items(): | |
70 | tunnel = monitor.tunnels.get(ifname) | |
71 | for conn in conns: | |
72 | # IPsec "connection" names that we choose in strongswan | |
73 | @@ -536,7 +548,7 @@ | |
74 | ||
75 | # Delete old connections | |
76 | conns_dict = self.get_active_conns() | |
77 | - for ifname, conns in conns_dict.iteritems(): | |
78 | + for ifname, conns in conns_dict.items(): | |
79 | tunnel = monitor.tunnels.get(ifname) | |
80 | ||
81 | for conn in conns: | |
82 | @@ -989,7 +1001,7 @@ | |
83 | skb_mark = None | |
84 | is_valid = False | |
85 | ||
86 | - for row in data["Open_vSwitch"].rows.itervalues(): | |
87 | + for row in data["Open_vSwitch"].rows.values(): | |
88 | pki[0] = row.other_config.get("certificate") | |
89 | pki[1] = row.other_config.get("private_key") | |
90 | pki[2] = row.other_config.get("ca_cert") | |
91 | @@ -1016,7 +1028,7 @@ | |
92 | table.""" | |
93 | ifaces = set() | |
94 | ||
95 | - for row in data["Interface"].rows.itervalues(): | |
96 | + for row in data["Interface"].rows.values(): | |
97 | if not self.is_tunneling_type_supported(row.type): | |
98 | continue | |
99 | if not self.is_ipsec_required(row.options): | |
100 | @@ -1047,7 +1059,7 @@ | |
101 | return | |
102 | s = "" | |
103 | conns = self.ike_helper.get_active_conns() | |
104 | - for name, tunnel in self.tunnels.iteritems(): | |
105 | + for name, tunnel in self.tunnels.items(): | |
106 | s += tunnel.show(policies, securities, conns) | |
107 | unix_conn.reply(s) | |
108 | ||
109 | @@ -1064,7 +1076,7 @@ | |
110 | if self.ike_helper.config_global(self): | |
111 | needs_refresh = True | |
112 | ||
113 | - for name, tunnel in self.tunnels.iteritems(): | |
114 | + for name, tunnel in self.tunnels.items(): | |
115 | if tunnel.last_refreshed_version != tunnel.version: | |
116 | tunnel.last_refreshed_version = tunnel.version | |
117 | needs_refresh = True |