diff options
| author | John Southworth <john.southworth@vyatta.com> | 2011-05-17 18:46:47 -0500 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2011-05-17 18:46:47 -0500 |
| commit | 3bfdb22500632be9ce82327417e60997b2894ecb (patch) | |
| tree | 316443973ff03eb26ed01a542def8956233be50f /lib | |
| parent | aee76f48ffde67800c942058cc751e7146f5f3d4 (diff) | |
| download | vyatta-op-vpn-3bfdb22500632be9ce82327417e60997b2894ecb.tar.gz vyatta-op-vpn-3bfdb22500632be9ce82327417e60997b2894ecb.zip | |
fix parsing of esp string when only one side has data. Remove attempt to figure out the dh-group when the pfs-group shows Phase1, since it doesn't work properly
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/OPMode.pm | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/lib/OPMode.pm b/lib/OPMode.pm index 9071762..7bb35ce 100644 --- a/lib/OPMode.pm +++ b/lib/OPMode.pm @@ -375,6 +375,16 @@ sub process_tunnels{ } my $spi = $tunnel_hash{$connectid}->{_newestspi}; if ($spi ne 'n/a'){ + if ($line =~ /$spi:.*esp.(.*)\@.*\((.*)bytes.*esp.(.*)\@.*/){ + $tunnel_hash{$connectid}->{_outspi} = $1; + $tunnel_hash{$connectid}->{_outbytes} = $2; + $tunnel_hash{$connectid}->{_inspi} = $3; + } + if ($line =~ /$spi:.*esp.(.*)\@.*esp.(.*)\@.*\((.*)bytes/){ + $tunnel_hash{$connectid}->{_outspi} = $1; + $tunnel_hash{$connectid}->{_inspi} = $2; + $tunnel_hash{$connectid}->{_inbytes} = $3; + } if ($line =~ /$spi:.*esp.(.*)\@.*\((.*)bytes.*esp.(.*)\@.*\((.*)bytes/) { $tunnel_hash{$connectid}->{_outspi} = $1; @@ -809,14 +819,6 @@ sub display_ipsec_sa_detail if ($peerid =~ /CN=(.*?),/){ $peerid = $1; } - my $prevdhgrp = 'n/a'; - my $dhgrp = 'n/a'; - for my $tunnel (tunSort(@{$tunhash{$connid}->{_tunnels}})){ - $dhgrp = $tunhash{$connid}->{_dhgrp}; - $dhgrp = $prevdhgrp if ($prevdhgrp ne 'n/a' && $dhgrp eq 'n/a'); - $prevdhgrp = $dhgrp; - } - $dhgrp = conv_dh_group($dhgrp); my $desc = $vpncfg->returnEffectiveValue("peer $tunhash{$connid}->{_configpeer} description"); print "------------------------------------------------------------------\n"; print "Peer IP:\t\t$peerip\n"; @@ -833,7 +835,6 @@ sub display_ipsec_sa_detail my $hash, my $pfsgrp, my $srcnet, my $dstnet, my $inbytes, my $outbytes, my $life, my $expire, my $lca, my $rca, my $lproto, my $rproto, my $lport, my $rport) = @{$tunnel}; - $pfsgrp = $dhgrp if ($pfsgrp eq '<Phase1>'); $enc = conv_enc($enc); $hash = conv_hash($hash); $lport = 'all' if ($lport eq '0'); |