diff options
| author | John Southworth <john.southworth@vyatta.com> | 2011-01-27 19:06:17 -0600 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2011-01-27 19:06:17 -0600 |
| commit | ccf08961f8133abfc74fd76b38614f5060dd91ae (patch) | |
| tree | 47a0f91c486853025445ce005eed66d72749fe72 | |
| parent | 547380cd3e21e7b9ab629b5ea0622f40ab0ef7b4 (diff) | |
| download | vyatta-op-vpn-ccf08961f8133abfc74fd76b38614f5060dd91ae.tar.gz vyatta-op-vpn-ccf08961f8133abfc74fd76b38614f5060dd91ae.zip | |
Work on new IPsec operational mode script. Made processing of NAT-T information more efficient
| -rwxr-xr-x | scripts/vyatta-op-vpn.pl | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/scripts/vyatta-op-vpn.pl b/scripts/vyatta-op-vpn.pl index 2e1a443..d851ff6 100755 --- a/scripts/vyatta-op-vpn.pl +++ b/scripts/vyatta-op-vpn.pl @@ -36,6 +36,12 @@ sub get_tunnel_info { while(<IPSECSTATUS>){ push (@ipsecstatus, $_); } + my $cmd = "sudo setkey -D |"; + open(SETKEY, $cmd); + my @setkey = []; + while(<SETKEY>){ + push (@setkey, $_); + } my %tunnel_hash = (); foreach my $line (@ipsecstatus) { if (($line =~ /\"(peer-.*-tunnel-.*?)\"/)){ @@ -145,18 +151,13 @@ sub get_tunnel_info { } # Detect if we are using NAT-T, and get the port numbers if we are - my $cmd = "sudo setkey -D |"; - open(SETKEY, $cmd); - my @setkey = []; - while(<SETKEY>){ - push (@setkey, $_); - } my $natsrc = undef; my $natdst = undef; foreach my $line (@setkey){ if ($line =~ /$tunnel_hash{$connectid}->{_leftip}\[(.*?)\].*?$peerip\[(.*?)\]/){ $natsrc = $1; $natdst = $2; + next; } if ($line =~ /spi=.*?\((.*?)\)/){ if (hex($tunnel_hash{$connectid}->{_outspi}) eq hex($1)){ @@ -164,6 +165,7 @@ sub get_tunnel_info { $tunnel_hash{$connectid}->{_natt} = 1; $tunnel_hash{$connectid}->{_natsrc} = $natsrc; $tunnel_hash{$connectid}->{_natdst} = $natdst; + last; } } else { $natsrc = undef; |