1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
#!/usr/bin/perl -w
use strict;
# Script to export the OpenVPN daemon status information (which clients
# are connected from where) as a JSON file that can be served via HTTP.
#
# (C) 2015 by sysmocom - s.f.m.c. GmbH, All rights reserved.
# Author: Harald Welte
use JSON;
use Linux::Inotify2;
use Net::Netmask;
my $OPENVPN_STATE_FILE = "/var/tmp/openvpn.status";
my $JSON_OUTPUT_FILE = "/var/www/openvpn/status.json";
my $srcip_table = {
'Destination 1' => [
'127.0.0.0/8',
],
'Peer 2' => [
'8.8.0.0/16', '1.2.3.0/18',
],
};
my %netblocks;
sub read_netmask_table($)
{
my ($t) = @_;
foreach my $k (keys %$t) {
my $table = {};
foreach my $net (@{$$t{$k}}) {
my $block = new Net::Netmask($net);
$block->storeNetblock($table);
}
$netblocks{$k} = $table;
}
}
sub classify_srcip($)
{
my ($ip) = @_;
foreach my $k (%netblocks) {
my $block = findNetblock($ip, $netblocks{$k});
if ($block) {
return $k;
}
}
return undef;
}
# read the openvpn.status file and parse it, return hash reference to
# its contents.
sub get_openvpn_clients($)
{
my ($fname) = @_;
my $state = 'init';
my $href;
my @clients;
$$href{version} = 1;
open(INFILE, "<", $fname);
while (my $line = <INFILE>) {
chomp($line);
if ($line =~ /^OpenVPN CLIENT LIST$/) {
$state = 'client_list';
} elsif ($line =~ /^ROUTING\ TABLE$/) {
$state = 'routing_table';
} else {
if ($state eq 'client_list') {
my %cl;
if ($line =~ /^Updated,(.*)/) {
$$href{updated} = $1;
} elsif ($line =~ /^(\S+),([0-9\.]+)\:(\d+),(\d+),(\d+),(.*)$/) {
$cl{name} = $1;
$cl{srcip} = $2;
$cl{operator} = classify_srcip($2);
$cl{srcport} = $3 + 0;
$cl{bytes_rx} = $4 + 0;
$cl{bytes_tx} = $5 + 0;
$cl{connected_since} = $6;
push(@clients, \%cl);
}
}
}
}
close(INFILE);
$$href{clients} = \@clients;
return $href;
}
# inotify handler to re-parse/convert openvpn.status on any change
sub status_in_handler
{
my $e = shift;
# read/parse openvpn.status
my $cl = get_openvpn_clients($e->fullname);
# write result to file
open(OUTFILE, ">", $JSON_OUTPUT_FILE);
print(OUTFILE to_json($cl, { pretty => 1 }));
close(OUTFILE);
# also print it to console for debugging
print(to_json($cl, { pretty => 1 }));
}
# main
read_netmask_table($srcip_table);
my $inotify = new Linux::Inotify2 or die("Can't create inotify object: $!");
$inotify->watch($OPENVPN_STATE_FILE, IN_MODIFY, \&status_in_handler);
# endless loop, wait for inotify enents
1 while $inotify->poll;
|
