summaryrefslogtreecommitdiff
path: root/src/op_mode/show_ipsec_sa.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-04-14 21:00:42 +0200
committerGitHub <noreply@github.com>2021-04-14 21:00:42 +0200
commit95bda816390a1aa0a2da3d1e93fb8bc05012d57b (patch)
treea82eecf9af1c5e054719cfb0835ba3d96b27c812 /src/op_mode/show_ipsec_sa.py
parentf0c8d0be34ca3475b6e7f5da71cedb0bd4b5fd96 (diff)
parent5ac7cea0da73d5c2e932ad51496457b281d7c2c9 (diff)
downloadvyos-1x-95bda816390a1aa0a2da3d1e93fb8bc05012d57b.tar.gz
vyos-1x-95bda816390a1aa0a2da3d1e93fb8bc05012d57b.zip
Merge pull request #805 from sever-sever/T3333
ipsec: T3333: Fix status for SA state op-mode
Diffstat (limited to 'src/op_mode/show_ipsec_sa.py')
-rwxr-xr-xsrc/op_mode/show_ipsec_sa.py8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index 066e36b5e..c98ced158 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -43,8 +43,11 @@ for sa in sas:
# list_sas() returns a list of single-item dicts
for peer in sa:
parent_sa = sa[peer]
+ child_sas = parent_sa["child-sas"]
+ installed_sas = {k: v for k, v in child_sas.items() if v["state"] == b"INSTALLED"}
- if parent_sa["state"] == b"ESTABLISHED":
+ # parent_sa["state"] = IKE state, child_sas["state"] = ESP state
+ if parent_sa["state"] == b"ESTABLISHED" and installed_sas:
state = "up"
else:
state = "down"
@@ -61,9 +64,6 @@ for sa in sas:
remote_id = "N/A"
# The counters can only be obtained from the child SAs
- child_sas = parent_sa["child-sas"]
- installed_sas = {k: v for k, v in child_sas.items() if v["state"] == b"INSTALLED"}
-
if not installed_sas:
data = [peer, state, "N/A", "N/A", "N/A", "N/A", "N/A", "N/A"]
sa_data.append(data)