summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJohn Southworth <john.southworth@vyatta.com>2011-05-17 18:46:47 -0500
committerJohn Southworth <john.southworth@vyatta.com>2011-05-17 18:46:47 -0500
commit3bfdb22500632be9ce82327417e60997b2894ecb (patch)
tree316443973ff03eb26ed01a542def8956233be50f /lib
parentaee76f48ffde67800c942058cc751e7146f5f3d4 (diff)
downloadvyatta-op-vpn-3bfdb22500632be9ce82327417e60997b2894ecb.tar.gz
vyatta-op-vpn-3bfdb22500632be9ce82327417e60997b2894ecb.zip
fix parsing of esp string when only one side has data. Remove attempt to figure out the dh-group when the pfs-group shows Phase1, since it doesn't work properly
Diffstat (limited to 'lib')
-rw-r--r--lib/OPMode.pm19
1 files changed, 10 insertions, 9 deletions
diff --git a/lib/OPMode.pm b/lib/OPMode.pm
index 9071762..7bb35ce 100644
--- a/lib/OPMode.pm
+++ b/lib/OPMode.pm
@@ -375,6 +375,16 @@ sub process_tunnels{
}
my $spi = $tunnel_hash{$connectid}->{_newestspi};
if ($spi ne 'n/a'){
+ if ($line =~ /$spi:.*esp.(.*)\@.*\((.*)bytes.*esp.(.*)\@.*/){
+ $tunnel_hash{$connectid}->{_outspi} = $1;
+ $tunnel_hash{$connectid}->{_outbytes} = $2;
+ $tunnel_hash{$connectid}->{_inspi} = $3;
+ }
+ if ($line =~ /$spi:.*esp.(.*)\@.*esp.(.*)\@.*\((.*)bytes/){
+ $tunnel_hash{$connectid}->{_outspi} = $1;
+ $tunnel_hash{$connectid}->{_inspi} = $2;
+ $tunnel_hash{$connectid}->{_inbytes} = $3;
+ }
if ($line =~ /$spi:.*esp.(.*)\@.*\((.*)bytes.*esp.(.*)\@.*\((.*)bytes/)
{
$tunnel_hash{$connectid}->{_outspi} = $1;
@@ -809,14 +819,6 @@ sub display_ipsec_sa_detail
if ($peerid =~ /CN=(.*?),/){
$peerid = $1;
}
- my $prevdhgrp = 'n/a';
- my $dhgrp = 'n/a';
- for my $tunnel (tunSort(@{$tunhash{$connid}->{_tunnels}})){
- $dhgrp = $tunhash{$connid}->{_dhgrp};
- $dhgrp = $prevdhgrp if ($prevdhgrp ne 'n/a' && $dhgrp eq 'n/a');
- $prevdhgrp = $dhgrp;
- }
- $dhgrp = conv_dh_group($dhgrp);
my $desc = $vpncfg->returnEffectiveValue("peer $tunhash{$connid}->{_configpeer} description");
print "------------------------------------------------------------------\n";
print "Peer IP:\t\t$peerip\n";
@@ -833,7 +835,6 @@ sub display_ipsec_sa_detail
my $hash, my $pfsgrp, my $srcnet, my $dstnet,
my $inbytes, my $outbytes, my $life, my $expire, my $lca,
my $rca, my $lproto, my $rproto, my $lport, my $rport) = @{$tunnel};
- $pfsgrp = $dhgrp if ($pfsgrp eq '<Phase1>');
$enc = conv_enc($enc);
$hash = conv_hash($hash);
$lport = 'all' if ($lport eq '0');