From 5ac7cea0da73d5c2e932ad51496457b281d7c2c9 Mon Sep 17 00:00:00 2001
From: sever-sever <v.gletenko@vyos.io>
Date: Wed, 14 Apr 2021 17:38:22 +0000
Subject: ipsec: T3333: Fix status for SA state op-mode

---
 src/op_mode/show_ipsec_sa.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index 066e36b5e..c98ced158 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -43,8 +43,11 @@ for sa in sas:
     # list_sas() returns a list of single-item dicts
     for peer in sa:
         parent_sa = sa[peer]
+        child_sas = parent_sa["child-sas"]
+        installed_sas = {k: v for k, v in child_sas.items() if v["state"] == b"INSTALLED"}
 
-        if parent_sa["state"] == b"ESTABLISHED":
+        # parent_sa["state"] = IKE state, child_sas["state"] = ESP state
+        if parent_sa["state"] == b"ESTABLISHED" and installed_sas:
             state = "up"
         else:
             state = "down"
@@ -61,9 +64,6 @@ for sa in sas:
             remote_id = "N/A"
 
         # The counters can only be obtained from the child SAs
-        child_sas = parent_sa["child-sas"]
-        installed_sas = {k: v for k, v in child_sas.items() if v["state"] == b"INSTALLED"}
-
         if not installed_sas:
             data = [peer, state, "N/A", "N/A", "N/A", "N/A", "N/A", "N/A"]
             sa_data.append(data)
-- 
cgit v1.2.3