nuno hat die Gist bearbeitet 1 month ago. Zu Änderung gehen
1 file changed, 83 insertions
gistfile1.txt(Datei erstellt)
| @@ -0,0 +1,83 @@ | |||
| 1 | + | def poll_handshakes(): | |
| 2 | + | """ | |
| 3 | + | Poll wg show latest-handshakes periodically. | |
| 4 | + | Log a handshake event only when gap > WG_HANDSHAKE_CHECK_SEC (new session). | |
| 5 | + | """ | |
| 6 | + | global _hs_last_logged | |
| 7 | + | ||
| 8 | + | _hs_last_logged = load_hs_cache() | |
| 9 | + | ||
| 10 | + | pubkey_to_name = build_pubkey_to_name() | |
| 11 | + | log.info(f"Handshake poller started — {len(pubkey_to_name)} peers, " | |
| 12 | + | f"session threshold {WG_HANDSHAKE_CHECK_SEC}s") | |
| 13 | + | ||
| 14 | + | while True: | |
| 15 | + | try: | |
| 16 | + | result = subprocess.run( | |
| 17 | + | ["wg", "show", WG_WG_INTERFACE, "latest-handshakes"], | |
| 18 | + | capture_output=True, text=True | |
| 19 | + | ) | |
| 20 | + | for line in result.stdout.strip().splitlines(): | |
| 21 | + | parts = line.split() | |
| 22 | + | if len(parts) != 2: | |
| 23 | + | continue | |
| 24 | + | pubkey, ts_str = parts | |
| 25 | + | try: | |
| 26 | + | ts = int(ts_str) | |
| 27 | + | except ValueError: | |
| 28 | + | continue | |
| 29 | + | if ts == 0: | |
| 30 | + | continue | |
| 31 | + | ||
| 32 | + | client = pubkey_to_name.get(pubkey) | |
| 33 | + | if not client: | |
| 34 | + | continue | |
| 35 | + | ||
| 36 | + | last = _hs_last_logged.get(pubkey, 0) | |
| 37 | + | gap = ts - last | |
| 38 | + | ||
| 39 | + | # Always update last seen | |
| 40 | + | _hs_last_logged[pubkey] = ts | |
| 41 | + | ||
| 42 | + | if gap < WG_HANDSHAKE_CHECK_SEC: | |
| 43 | + | continue # keepalive, skip | |
| 44 | + | ||
| 45 | + | # Get endpoint | |
| 46 | + | endpoint = get_endpoint(pubkey) or '' | |
| 47 | + | ||
| 48 | + | if not endpoint: | |
| 49 | + | try: | |
| 50 | + | cache = json.loads(ENDPOINT_CACHE_FILE.read_text()) | |
| 51 | + | endpoint = cache.get(client, '') | |
| 52 | + | except Exception: | |
| 53 | + | pass | |
| 54 | + | ||
| 55 | + | ||
| 56 | + | # New session, log it | |
| 57 | + | entry = { | |
| 58 | + | "timestamp": datetime.fromtimestamp(ts, tz=timezone.utc).isoformat(), | |
| 59 | + | "ip": "", | |
| 60 | + | "client": client, | |
| 61 | + | "event": "handshake", | |
| 62 | + | "endpoint": endpoint, | |
| 63 | + | } | |
| 64 | + | try: | |
| 65 | + | with EVENTS_LOG.open("a") as f: | |
| 66 | + | f.write(json.dumps(entry) + "\n") | |
| 67 | + | log.info(f"New session: {client} from {endpoint}") | |
| 68 | + | except Exception as e: | |
| 69 | + | log.error(f"Failed to write handshake event: {e}") | |
| 70 | + | ||
| 71 | + | log.debug(f"Gap for {client}: {gap}s (threshold: {WG_HANDSHAKE_CHECK_SEC}s)") | |
| 72 | + | save_hs_cache(_hs_last_logged) | |
| 73 | + | ||
| 74 | + | except Exception as e: | |
| 75 | + | log.error(f"Handshake poll error: {e}") | |
| 76 | + | ||
| 77 | + | time.sleep(WG_HANDSHAKE_CHECK_SEC // 2) # poll at half the threshold | |
| 78 | + | ||
| 79 | + | # ============================================ | |
| 80 | + | # Packet Handler | |
| 81 | + | # ============================================ | |
| 82 | + | ||
| 83 | + | def handle_packet(pkt): | |
Neuer
Älter