Ok, I pushed the requested changes to the PR. Now the command only displays active connections. Here is the output:
ipsec --briefconnectionstatus 000 Connection list: 000 000 172.16.20.0/24 <==> 172.16.10.0/24 from 172.22.18.102 to 172.22.18.101 (252B/252B) "vpnclient.gwn02.xyz.com", reqid=16388 000 000 Total IPsec connections: loaded 2, active 1 Notice the footer information, "loaded 2, active 1". I loaded one of Tuomi's template connections to demonstrate it only shows active connections. The "ipsec --connectionstatus" shows all of the connections, active or otherwise: ipsec --connectionstatus 000 Connection list: 000 000 "bleve-v4": 0.0.0.0/0===193.65.2.90[O=SMB, CN=vpnclient.gwn02.smb.com,MS+S=C]---193.65.2.89...%any[C=FI, L=Vihti, O=Foobar Oy, OU=Security, CN=Tuomo Soini, [email protected],+MC+S=C]; unoriented; my_ip=193.65.3.126; their_ip=unset; reqid=16392; ... 000 "vpnclient.gwn02.xyz.com": 172.16.20.0/24===172.22.18.102[O=XYZ, CN= vpnclient.gwn02.xyz.com]...172.22.18.101[O=XYZ, CN=vpnserver.gwn01.xyz.com ]===172.16.10.0/24; routed-tunnel; my_ip=unset; their_ip=unset; reqid=16388; ... Regards, Brady On Thu, Nov 2, 2023 at 12:59 PM Paul Wouters <[email protected]> wrote: > On Thu, 2 Nov 2023, Brady Johnson wrote: > > > Here is the PR for this change [0]. I'm not sure why, but the PR is > getting a semgrep failure in github. > > The semgrep issue is unrelated, a fix should be there shortly. > > > The output is the following: > > > > $ ipsec --briefconnectionstatus > > 000 Connection list: > > 000 > > 000 172.16.20.0/24 @ 172.22.18.102 (2KiB in) <==> 172.16.10.0/24 > @ 172.22.18.101 (1KiB in) > > vpnclient.gwn02.xyz.com, reqid=16388 > > Personally, I strongly prefer the first two things are source/mask <=> > dest/mask, > as that is the core info people usually want to see/confirm. Having this > split in two makes this much harder to read. If you want to avoid adding > up the counters, perhaps this format could be considered: > > 000 172.16.20.0/24 <=> 172.16.10.0/24 from 172.22.18.102 to > 172.22.18.101 (2KiB/1KiB) vpnclient.gwn02.xyz.com, reqid=16388 > > > Notice I added the reqid to the output of the "ipsec connectionstatus" > command. > > That's good, thanks. > > > Can I get a review of this PR, please. > > > > [0] https://github.com/libreswan/libreswan/pull/1350 > > Left the comments there too. > > Paul > >
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
