summaryrefslogtreecommitdiff
path: root/src/op_mode/show_ipsec_connections.py
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-01-17 20:08:49 +0200
committerGitHub <noreply@github.com>2023-01-17 20:08:49 +0200
commitac9631e0bcf5069a699ff64b3447f4ee3e095283 (patch)
tree43bfd02d877dd9cd0886175bc128683b207653b6 /src/op_mode/show_ipsec_connections.py
parenta3b1ffb4f4d71a3de3baa54bb08474951efc281e (diff)
parent89534f72b010ae619157a1c319a4bef1c8156a96 (diff)
downloadvyos-1x-ac9631e0bcf5069a699ff64b3447f4ee3e095283.tar.gz
vyos-1x-ac9631e0bcf5069a699ff64b3447f4ee3e095283.zip
Merge pull request #1762 from sever-sever/T4906-eq
T4906: Fix show vpn ipsec connections data
Diffstat (limited to 'src/op_mode/show_ipsec_connections.py')
-rwxr-xr-xsrc/op_mode/show_ipsec_connections.py28
1 files changed, 15 insertions, 13 deletions
diff --git a/src/op_mode/show_ipsec_connections.py b/src/op_mode/show_ipsec_connections.py
index 4ca8f8e51..cf40c9456 100755
--- a/src/op_mode/show_ipsec_connections.py
+++ b/src/op_mode/show_ipsec_connections.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2022 VyOS maintainers and contributors
+# Copyright (C) 2022-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -70,7 +70,7 @@ def _get_parent_sa_proposal(connection_name: str, data: list) -> dict:
for sa in data:
# check if parent SA exist
if connection_name not in sa.keys():
- return {}
+ continue
if 'encr-alg' in sa[connection_name]:
encr_alg = sa.get(connection_name, '').get('encr-alg')
cipher = encr_alg.split('_')[0]
@@ -98,16 +98,17 @@ def _get_parent_sa_state(connection_name: str, data: list) -> str:
Returns:
Parent SA connection state
"""
+ ike_state = 'down'
if not data:
- return 'down'
+ return ike_state
for sa in data:
# check if parent SA exist
- if connection_name not in sa.keys():
- return 'down'
- if sa[connection_name]['state'].lower() == 'established':
- return 'up'
- else:
- return 'down'
+ for connection, connection_conf in sa.items():
+ if connection_name != connection:
+ continue
+ if connection_conf['state'].lower() == 'established':
+ ike_state = 'up'
+ return ike_state
def _get_child_sa_state(connection_name: str, tunnel_name: str,
@@ -120,19 +121,20 @@ def _get_child_sa_state(connection_name: str, tunnel_name: str,
Returns:
str: `up` if child SA state is 'installed' otherwise `down`
"""
+ child_sa = 'down'
if not data:
- return 'down'
+ return child_sa
for sa in data:
# check if parent SA exist
if connection_name not in sa.keys():
- return 'down'
+ continue
child_sas = sa[connection_name]['child-sas']
# Get all child SA states
# there can be multiple SAs per tunnel
child_sa_states = [
v['state'] for k, v in child_sas.items() if v['name'] == tunnel_name
]
- return 'up' if 'INSTALLED' in child_sa_states else 'down'
+ return 'up' if 'INSTALLED' in child_sa_states else child_sa
def _get_child_sa_info(connection_name: str, tunnel_name: str,
@@ -148,7 +150,7 @@ def _get_child_sa_info(connection_name: str, tunnel_name: str,
for sa in data:
# check if parent SA exist
if connection_name not in sa.keys():
- return {}
+ continue
child_sas = sa[connection_name]['child-sas']
# Get all child SA data
# Skip temp SA name (first key), get only SA values as dict