These should be considered active, because pluto is waiting for the other side to react. We should not remove them or try to repair. Such connections have an extra text between the SA number and the name of the connection.
Ideally, we would like not to parse the output of ipsec status, since it's very error prone, but there is, unfortunately, no other interface. Acked-by: Roi Dayan <[email protected]> Acked-by: Eelco Chaudron <[email protected]> Signed-off-by: Ilya Maximets <[email protected]> --- ipsec/ovs-monitor-ipsec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 771a3c745..08df35c36 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -729,7 +729,7 @@ conn prevent_unencrypted_vxlan return conns for line in pout.splitlines(): - m = re.search(r"#\d+: \"(.*)\".*", line) + m = re.search(r"#\d+: .*\"(.*)\".*", line) if not m: continue -- 2.46.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
