diff options
| author | jules-vyos <vyos@ourhouse.org.uk> | 2017-09-03 21:25:50 +0100 |
|---|---|---|
| committer | jules-vyos <vyos@ourhouse.org.uk> | 2017-09-03 21:25:50 +0100 |
| commit | f6f567b8b168dbe0d4bdb1b08c0f84faa0d362cb (patch) | |
| tree | 1ce5e1911f588045a92e385cde8dd7630ffb47d7 /lib | |
| parent | c322d07f1d1568ff1ea9a7a85efd825e42cba9d1 (diff) | |
| download | vyatta-op-vpn-f6f567b8b168dbe0d4bdb1b08c0f84faa0d362cb.tar.gz vyatta-op-vpn-f6f567b8b168dbe0d4bdb1b08c0f84faa0d362cb.zip | |
Fixes for show vpn ike sa and show vpn ipsec sa
Fixed 'show vpn ike sa' to actually show output when the tunnel isn't up.
Foxed 'show vpn ipsec sa' to actually use the pretty-printing code, rather than swanctl --list-sas, which is pretty unpleasant.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/OPMode.pm | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/lib/OPMode.pm b/lib/OPMode.pm index 0068e96..38bea1c 100644 --- a/lib/OPMode.pm +++ b/lib/OPMode.pm @@ -615,19 +615,21 @@ sub process_tunnels{ $tunnel_hash{$connectid}->{_ikelife} = $ikelife; $tunnel_hash{$connectid}->{_pfsgrp} = $pfs_group; - } elsif ($line =~ /\]:\s+IKE.* SPIs: .* (reauthentication|rekeying) (disabled|in .*)/) { + } elsif ($line =~ /\]:\s+IKE.* SPIs:/) { my $ikever; ($ikever) = $line =~ /IKEv(.*?) SPI/; $tunnel_hash{$connectid}->{_ikever} = $ikever; my $expiry_time; - (undef,$expiry_time) = $line =~ /(reauthentication|rekeying) (.*)/; - $tunnel_hash{$connectid}->{_ikeexpire} = conv_time($expiry_time); + if($line =~ /(reauthentication|rekeying)/) + {(undef,$expiry_time) = $line =~ /(reauthentication|rekeying) (.*)/; + $tunnel_hash{$connectid}->{_ikeexpire} = conv_time($expiry_time); + my $atime = $tunnel_hash{$connectid}->{_ikelife} - $tunnel_hash{$connectid}->{_ikeexpire}; # $atime = $ike_lifetime - $ike_expire if (($ike_lifetime ne 'n/a') && ($ike_expire ne 'n/a')); $tunnel_hash{$connectid}->{_ikestate} = "up" if ($atime >= 0); - + } } elsif ($line =~ /\]:\s+IKE.proposal:(.*?)\/(.*?)\/(.*?)\/(.*)/) { $tunnel_hash{$connectid}->{_ikeencrypt} = $1; $tunnel_hash{$connectid}->{_ikehash} = $2; @@ -1260,7 +1262,7 @@ sub display_ike_sa_brief { my $lip = $th{$connectid}->{_lip}; $peerid = $th{$connectid}->{_rip}; my $tunnel = "$peerid-$lip"; - next if ($th{$connectid}->{_ikestate} eq 'down'); + #next if ($th{$connectid}->{_ikestate} eq 'down'); if (not exists $tunhash{$tunnel}) { $tunhash{$tunnel}={ _configpeer => conv_id_rev($th{$connectid}->{_peerid}), @@ -1304,8 +1306,10 @@ EOH $dhgrp = conv_dh_group($dhgrp)."(".$dhgrp.")"; my $atime = $life - $expire; $atime = 0 if ($atime == $life); + my $ike_out = "N/A"; + $ike_out = "IKEv".$ver if( $ver > 0 ); printf " %-6s %-6s %-8s %-7s %-14s %-6s %-7s %-7s\n", - $state, "IKEv".$ver, $enc, $hash, $dhgrp, $natt, $atime, $life; + $state, $ike_out, $enc, $hash, $dhgrp, $natt, $atime, $life; } print "\n \n"; } |