From 584e783ace6f803d7b8b1e949c25e29c147f4693 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Tue, 10 Jan 2023 12:36:56 +0000
Subject: T4906: Fix show vpn ipsec connections data

We get incorrect data when shows connections
As we get list of all connections we should compare the connection
name with entries in list and set correct data if they match
---
 src/op_mode/ipsec.py | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py
index e0d204a0a..f6417764a 100755
--- a/src/op_mode/ipsec.py
+++ b/src/op_mode/ipsec.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2022 VyOS maintainers and contributors
+# Copyright (C) 2022-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -173,7 +173,7 @@ def _get_parent_sa_proposal(connection_name: str, data: list) -> dict:
     for sa in data:
         # check if parent SA exist
         if connection_name not in sa.keys():
-            return {}
+            continue
         if 'encr-alg' in sa[connection_name]:
             encr_alg = sa.get(connection_name, '').get('encr-alg')
             cipher = encr_alg.split('_')[0]
@@ -203,16 +203,17 @@ def _get_parent_sa_state(connection_name: str, data: list) -> str:
     Returns:
         Parent SA connection state
     """
+    ike_state = 'down'
     if not data:
-        return 'down'
+        return ike_state
     for sa in data:
         # check if parent SA exist
-        if connection_name not in sa.keys():
-            return 'down'
-        if sa[connection_name]['state'].lower() == 'established':
-            return 'up'
-        else:
-            return 'down'
+        for connection, connection_conf in sa.items():
+            if connection_name != connection:
+                continue
+            if connection_conf['state'].lower() == 'established':
+                ike_state = 'up'
+    return ike_state
 
 
 def _get_child_sa_state(connection_name: str, tunnel_name: str,
@@ -227,19 +228,20 @@ def _get_child_sa_state(connection_name: str, tunnel_name: str,
     Returns:
         str: `up` if child SA state is 'installed' otherwise `down`
     """
+    child_sa = 'down'
     if not data:
-        return 'down'
+        return child_sa
     for sa in data:
         # check if parent SA exist
         if connection_name not in sa.keys():
-            return 'down'
+            continue
         child_sas = sa[connection_name]['child-sas']
         # Get all child SA states
         # there can be multiple SAs per tunnel
         child_sa_states = [
             v['state'] for k, v in child_sas.items() if v['name'] == tunnel_name
         ]
-        return 'up' if 'INSTALLED' in child_sa_states else 'down'
+        return 'up' if 'INSTALLED' in child_sa_states else child_sa
 
 
 def _get_child_sa_info(connection_name: str, tunnel_name: str,
@@ -257,7 +259,7 @@ def _get_child_sa_info(connection_name: str, tunnel_name: str,
     for sa in data:
         # check if parent SA exist
         if connection_name not in sa.keys():
-            return {}
+            continue
         child_sas = sa[connection_name]['child-sas']
         # Get all child SA data
         # Skip temp SA name (first key), get only SA values as dict
-- 
cgit v1.2.3