fix: ipsec status dectection
This commit is contained in:
Ely Deckers
parent
be58c15c5c
commit
5265b64ca3
|
|
@ -1201,14 +1201,12 @@ class Command
|
||||||
{
|
{
|
||||||
PfEnv::init_config_arr(array("ipsec", "phase1"));
|
PfEnv::init_config_arr(array("ipsec", "phase1"));
|
||||||
|
|
||||||
$result = "";
|
|
||||||
|
|
||||||
$process_result = function ($vk, $r) {
|
$process_result = function ($vk, $r) {
|
||||||
if ($vk != "state") {
|
if ($vk != "state") {
|
||||||
return $r;
|
return $r;
|
||||||
}
|
}
|
||||||
|
|
||||||
$v = self::get_value_mapping("ipsec.state", strtolower($r));
|
$v = self::get_value_mapping("ipsec.state", strtolower($r[$vk]));
|
||||||
|
|
||||||
$carp_status = self::get_carp_status();
|
$carp_status = self::get_carp_status();
|
||||||
|
|
||||||
|
|
@ -1221,7 +1219,7 @@ class Command
|
||||||
|
|
||||||
$ipsec_list_sa = PfEnv::ipsec_list_sa();
|
$ipsec_list_sa = PfEnv::ipsec_list_sa();
|
||||||
if (!is_array($ipsec_list_sa)) {
|
if (!is_array($ipsec_list_sa)) {
|
||||||
return $process_result($value_key, $result);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
$config = PfEnv::cfg();
|
$config = PfEnv::cfg();
|
||||||
|
|
@ -1239,10 +1237,11 @@ class Command
|
||||||
|
|
||||||
return array_merge(
|
return array_merge(
|
||||||
$p,
|
$p,
|
||||||
[$cname => $ph1ent[$ike_id]],
|
[$cname => $ike_id],
|
||||||
);
|
);
|
||||||
}, []);
|
}, []);
|
||||||
|
|
||||||
|
|
||||||
// Phase-Status match borrowed from status_ipsec.php
|
// Phase-Status match borrowed from status_ipsec.php
|
||||||
$maybe_ike_sa = Util::array_first(function ($ike_sa) use ($ike_id, $connection_map) {
|
$maybe_ike_sa = Util::array_first(function ($ike_sa) use ($ike_id, $connection_map) {
|
||||||
$con_id = isset($ike_sa["con-id"]) ?
|
$con_id = isset($ike_sa["con-id"]) ?
|
||||||
|
|
@ -1260,15 +1259,25 @@ class Command
|
||||||
}, $ipsec_list_sa);
|
}, $ipsec_list_sa);
|
||||||
|
|
||||||
if (!$maybe_ike_sa) {
|
if (!$maybe_ike_sa) {
|
||||||
return $process_result($value_key, $result);
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($req_id == -1) {
|
||||||
|
return $process_result($value_key, $maybe_ike_sa);
|
||||||
}
|
}
|
||||||
|
|
||||||
$just_matching_child_sas =
|
$just_matching_child_sas =
|
||||||
array_filter($maybe_ike_sa["child-sas"], fn($child_sa) => ($child_sa["reqid"] == $req_id));
|
array_filter($maybe_ike_sa["child-sas"], fn($child_sa) => ($child_sa["reqid"] == $req_id));
|
||||||
|
|
||||||
|
if (count($just_matching_child_sas) === 0) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
$result = NULL;
|
||||||
|
|
||||||
// Asking for Phase2 Status Value
|
// Asking for Phase2 Status Value
|
||||||
foreach ($just_matching_child_sas as $child_sa) {
|
foreach ($just_matching_child_sas as $child_sa) {
|
||||||
$result = $child_sa[$value_key];
|
$result = $child_sa;
|
||||||
|
|
||||||
// If state is rekeyed go on
|
// If state is rekeyed go on
|
||||||
if (strtolower($child_sa["state"]) == "rekeyed") {
|
if (strtolower($child_sa["state"]) == "rekeyed") {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue