summaryrefslogtreecommitdiff
path: root/src/op_mode/show_ipsec_sa.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/op_mode/show_ipsec_sa.py')
-rwxr-xr-xsrc/op_mode/show_ipsec_sa.py11
1 files changed, 6 insertions, 5 deletions
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index b7927fcc2..c98ced158 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -43,8 +43,11 @@ for sa in sas:
# list_sas() returns a list of single-item dicts
for peer in sa:
parent_sa = sa[peer]
+ child_sas = parent_sa["child-sas"]
+ installed_sas = {k: v for k, v in child_sas.items() if v["state"] == b"INSTALLED"}
- if parent_sa["state"] == b"ESTABLISHED":
+ # parent_sa["state"] = IKE state, child_sas["state"] = ESP state
+ if parent_sa["state"] == b"ESTABLISHED" and installed_sas:
state = "up"
else:
state = "down"
@@ -61,15 +64,13 @@ for sa in sas:
remote_id = "N/A"
# The counters can only be obtained from the child SAs
- child_sas = parent_sa["child-sas"]
- installed_sas = {k: v for k, v in child_sas.items() if v["state"] == b"INSTALLED"}
-
if not installed_sas:
data = [peer, state, "N/A", "N/A", "N/A", "N/A", "N/A", "N/A"]
sa_data.append(data)
else:
for csa in installed_sas:
isa = installed_sas[csa]
+ csa_name = isa['name']
bytes_in = hurry.filesize.size(int(isa["bytes-in"].decode()))
bytes_out = hurry.filesize.size(int(isa["bytes-out"].decode()))
@@ -103,7 +104,7 @@ for sa in sas:
if dh_group:
proposal = "{0}/{1}".format(proposal, dh_group)
- data = [peer, state, uptime, bytes_str, pkts_str, remote_host, remote_id, proposal]
+ data = [csa_name, state, uptime, bytes_str, pkts_str, remote_host, remote_id, proposal]
sa_data.append(data)
headers = ["Connection", "State", "Uptime", "Bytes In/Out", "Packets In/Out", "Remote address", "Remote ID", "Proposal"]
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 18:37:59 +0000