summaryrefslogtreecommitdiff
path: root/src/op_mode/ipsec.py
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-01-10 12:36:56 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2023-01-10 12:36:56 +0000
commit584e783ace6f803d7b8b1e949c25e29c147f4693 (patch)
treec4d1dd3099b0f70213f1b8637fb6676fb5dc2a05 /src/op_mode/ipsec.py
parent91e0ad075586d27e51a354dbe057d04957b30168 (diff)
downloadvyos-1x-584e783ace6f803d7b8b1e949c25e29c147f4693.tar.gz
vyos-1x-584e783ace6f803d7b8b1e949c25e29c147f4693.zip
T4906: Fix show vpn ipsec connections data
We get incorrect data when shows connections As we get list of all connections we should compare the connection name with entries in list and set correct data if they match
Diffstat (limited to 'src/op_mode/ipsec.py')
-rwxr-xr-xsrc/op_mode/ipsec.py28
1 files changed, 15 insertions, 13 deletions
diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py
index e0d204a0a..f6417764a 100755
--- a/src/op_mode/ipsec.py
+++ b/src/op_mode/ipsec.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2022 VyOS maintainers and contributors
+# Copyright (C) 2022-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -173,7 +173,7 @@ def _get_parent_sa_proposal(connection_name: str, data: list) -> dict:
for sa in data:
# check if parent SA exist
if connection_name not in sa.keys():
- return {}
+ continue
if 'encr-alg' in sa[connection_name]:
encr_alg = sa.get(connection_name, '').get('encr-alg')
cipher = encr_alg.split('_')[0]
@@ -203,16 +203,17 @@ def _get_parent_sa_state(connection_name: str, data: list) -> str:
Returns:
Parent SA connection state
"""
+ ike_state = 'down'
if not data:
- return 'down'
+ return ike_state
for sa in data:
# check if parent SA exist
- if connection_name not in sa.keys():
- return 'down'
- if sa[connection_name]['state'].lower() == 'established':
- return 'up'
- else:
- return 'down'
+ for connection, connection_conf in sa.items():
+ if connection_name != connection:
+ continue
+ if connection_conf['state'].lower() == 'established':
+ ike_state = 'up'
+ return ike_state
def _get_child_sa_state(connection_name: str, tunnel_name: str,
@@ -227,19 +228,20 @@ def _get_child_sa_state(connection_name: str, tunnel_name: str,
Returns:
str: `up` if child SA state is 'installed' otherwise `down`
"""
+ child_sa = 'down'
if not data:
- return 'down'
+ return child_sa
for sa in data:
# check if parent SA exist
if connection_name not in sa.keys():
- return 'down'
+ continue
child_sas = sa[connection_name]['child-sas']
# Get all child SA states
# there can be multiple SAs per tunnel
child_sa_states = [
v['state'] for k, v in child_sas.items() if v['name'] == tunnel_name
]
- return 'up' if 'INSTALLED' in child_sa_states else 'down'
+ return 'up' if 'INSTALLED' in child_sa_states else child_sa
def _get_child_sa_info(connection_name: str, tunnel_name: str,
@@ -257,7 +259,7 @@ def _get_child_sa_info(connection_name: str, tunnel_name: str,
for sa in data:
# check if parent SA exist
if connection_name not in sa.keys():
- return {}
+ continue
child_sas = sa[connection_name]['child-sas']
# Get all child SA data
# Skip temp SA name (first key), get only SA values as dict