fea: add restart for ipsec tunnel.

luscis · Jun 19, 2024 · 3eb0c78 · 3eb0c78
1 parent 8799004
commit 3eb0c78
Show file tree

Hide file tree

Showing 4 changed files with 79 additions and 20 deletions.
diff --git a/cmd/api/v5/ipsec.go b/cmd/api/v5/ipsec.go
@@ -25,8 +25,12 @@ type IPSecTunnel struct {
 	Cmd
 }
 
-func (o IPSecTunnel) Url(prefix string) string {
-	return prefix + "/api/network/ipsec/tunnel"
+func (o IPSecTunnel) Url(prefix string, action string) string {
+	url := prefix + "/api/network/ipsec/tunnel"
+	if action != "" {
+		url += "/" + action
+	}
+	return url
 }
 
 func (o IPSecTunnel) Add(c *cli.Context) error {
@@ -39,7 +43,7 @@ func (o IPSecTunnel) Add(c *cli.Context) error {
 		LeftPort:  c.Int("localport"),
 		RightPort: c.Int("remoteport"),
 	}
-	url := o.Url(c.String("url"))
+	url := o.Url(c.String("url"), "")
 	clt := o.NewHttp(c.String("token"))
 	if err := clt.PostJSON(url, output, nil); err != nil {
 		return err
@@ -52,25 +56,38 @@ func (o IPSecTunnel) Remove(c *cli.Context) error {
 		Right:     c.String("remote"),
 		Transport: c.String("transport"),
 	}
-	url := o.Url(c.String("url"))
+	url := o.Url(c.String("url"), "")
 	clt := o.NewHttp(c.String("token"))
 	if err := clt.DeleteJSON(url, output, nil); err != nil {
 		return err
 	}
 	return nil
 }
 
+func (o IPSecTunnel) Restart(c *cli.Context) error {
+	output := &schema.IPSecTunnel{
+		Right:     c.String("remote"),
+		Transport: c.String("transport"),
+	}
+	url := o.Url(c.String("url"), "restart")
+	clt := o.NewHttp(c.String("token"))
+	if err := clt.PutJSON(url, output, nil); err != nil {
+		return err
+	}
+	return nil
+}
+
 func (o IPSecTunnel) Tmpl() string {
 	return `# total {{ len . }}
-{{ps -15 "Right"}} {{ps -15 "Transport"}} {{ps -15 "Secret"}} {{ps -15 "Port"}} {{ps -15 "Connection"}} 
+{{ps -15 "Remote"}} {{ps -15 "Transport"}} {{ps -15 "Secret"}} {{ps -15 "Connection"}}
 {{- range . }}
-{{ps -15 .Right}} {{ps -15 .Transport }} {{ps -15 .Secret}} {{.LeftPort}}-{{.RightPort}} {{.LeftId}}-{{.RightId}}
+{{ps -15 .Right}} {{ps -15 .Transport }} {{ps -15 .Secret}} [{{.LeftId}}]{{.LeftPort}} -> [{{.RightId}}]{{.RightPort}}
 {{- end }}
 `
 }
 
 func (o IPSecTunnel) List(c *cli.Context) error {
-	url := o.Url(c.String("url"))
+	url := o.Url(c.String("url"), "")
 	clt := o.NewHttp(c.String("token"))
 	var items []schema.IPSecTunnel
 	if err := clt.GetJSON(url, &items); err != nil {
@@ -87,7 +104,7 @@ func (o IPSecTunnel) Commands() *cli.Command {
 		Subcommands: []*cli.Command{
 			{
 				Name:  "add",
-				Usage: "Add a tunnel for the network",
+				Usage: "Add a ipsec tunnel",
 				Flags: []cli.Flag{
 					&cli.StringFlag{Name: "remote", Required: true},
 					&cli.StringFlag{Name: "remoteid"},
@@ -101,17 +118,26 @@ func (o IPSecTunnel) Commands() *cli.Command {
 			},
 			{
 				Name:    "remove",
-				Usage:   "Remove a tunnel from the network",
+				Usage:   "Remove a ipsec tunnel",
 				Aliases: []string{"rm"},
 				Flags: []cli.Flag{
 					&cli.StringFlag{Name: "remote", Required: true},
 					&cli.StringFlag{Name: "transport", Required: true},
 				},
 				Action: o.Remove,
 			},
+			{
+				Name:  "restart",
+				Usage: "restart a ipsec tunnel",
+				Flags: []cli.Flag{
+					&cli.StringFlag{Name: "remote", Required: true},
+					&cli.StringFlag{Name: "transport", Required: true},
+				},
+				Action: o.Restart,
+			},
 			{
 				Name:    "list",
-				Usage:   "Display all tunnel of the network",
+				Usage:   "Display all ipsec tunnel",
 				Aliases: []string{"ls"},
 				Flags:   []cli.Flag{},
 				Action:  o.List,

diff --git a/pkg/api/api.go b/pkg/api/api.go
@@ -98,6 +98,7 @@ type Networker interface {
 type IPSecer interface {
 	AddTunnel(data schema.IPSecTunnel)
 	DelTunnel(data schema.IPSecTunnel)
+	RestartTunnel(data schema.IPSecTunnel)
 	ListTunnels(call func(obj schema.IPSecTunnel))
 }
 

diff --git a/pkg/api/ipsec.go b/pkg/api/ipsec.go
@@ -16,6 +16,7 @@ func (h IPSec) Router(router *mux.Router) {
 	router.HandleFunc("/api/network/ipsec/tunnel", h.Get).Methods("GET")
 	router.HandleFunc("/api/network/ipsec/tunnel", h.Post).Methods("POST")
 	router.HandleFunc("/api/network/ipsec/tunnel", h.Delete).Methods("DELETE")
+	router.HandleFunc("/api/network/ipsec/tunnel/restart", h.Restart).Methods("PUT")
 }
 
 func (h IPSec) Get(w http.ResponseWriter, r *http.Request) {
@@ -58,3 +59,17 @@ func (h IPSec) Delete(w http.ResponseWriter, r *http.Request) {
 	Call.secer.DelTunnel(*tun)
 	ResponseMsg(w, 0, "")
 }
+
+func (h IPSec) Restart(w http.ResponseWriter, r *http.Request) {
+	tun := &schema.IPSecTunnel{}
+	if err := GetData(r, tun); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	if Call.secer == nil {
+		http.Error(w, "network is nil", http.StatusBadRequest)
+		return
+	}
+	Call.secer.RestartTunnel(*tun)
+	ResponseMsg(w, 0, "")
+}
diff --git a/pkg/switch/ipsec.go b/pkg/switch/ipsec.go
@@ -113,6 +113,16 @@ func (w *IPSecWorker) startConn(name string) {
 	})
 }
 
+func (w *IPSecWorker) restartTunnel(tun *co.IPSecTunnel) {
+	name := tun.Name
+	if tun.Transport == "vxlan" {
+		w.startConn(name + "-c1")
+		w.startConn(name + "-c2")
+	} else if tun.Transport == "gre" {
+		w.startConn(name + "-c1")
+	}
+}
+
 func (w *IPSecWorker) addTunnel(tun *co.IPSecTunnel) error {
 	connTmpl := ""
 	secTmpl := ""
@@ -138,12 +148,7 @@ func (w *IPSecWorker) addTunnel(tun *co.IPSecTunnel) error {
 			w.out.Error("WorkerImpl.AddTunnel %s", err)
 			return err
 		}
-		if tun.Transport == "vxlan" {
-			w.startConn(name + "-c1")
-			w.startConn(name + "-c2")
-		} else if tun.Transport == "gre" {
-			w.startConn(name + "-c1")
-		}
+		w.restartTunnel(tun)
 	}
 
 	return nil
@@ -160,12 +165,11 @@ func (w *IPSecWorker) Start(v api.Switcher) {
 func (w *IPSecWorker) removeTunnel(tun *co.IPSecTunnel) error {
 	name := tun.Name
 	if tun.Transport == "vxlan" {
-		libol.Exec("ipsec", "auto", "--delete", "--asynchronous", name+"-c1")
-		libol.Exec("ipsec", "auto", "--delete", "--asynchronous", name+"-c2")
+		libol.Exec("ipsec", "auto", "--start", "--asynchronous", name+"-c1")
+		libol.Exec("ipsec", "auto", "--start", "--asynchronous", name+"-c2")
 	} else if tun.Transport == "gre" {
-		libol.Exec("ipsec", "auto", "--delete", "--asynchronous", name+"-c1")
+		libol.Exec("ipsec", "auto", "--start", "--asynchronous", name+"-c1")
 	}
-
 	cfile := fmt.Sprintf("/etc/ipsec.d/%s.conf", name)
 	sfile := fmt.Sprintf("/etc/ipsec.d/%s.secrets", name)
 
@@ -225,6 +229,19 @@ func (w *IPSecWorker) DelTunnel(data schema.IPSecTunnel) {
 	}
 }
 
+func (w *IPSecWorker) RestartTunnel(data schema.IPSecTunnel) {
+	cfg := &co.IPSecTunnel{
+		Left:      data.Left,
+		Right:     data.Right,
+		Secret:    data.Secret,
+		Transport: data.Transport,
+	}
+	cfg.Correct()
+	if _, index := w.spec.FindTunnel(cfg); index != -1 {
+		w.restartTunnel(cfg)
+	}
+}
+
 func (w *IPSecWorker) ListTunnels(call func(obj schema.IPSecTunnel)) {
 	for _, tun := range w.spec.Tunnels {
 		obj := schema.IPSecTunnel{