ipsec: libreswan: Fix regexp for connections waiting on child SA.

These should be considered active, because pluto is waiting for the other side to react. We should not remove them or try to repair. Such connections have an extra text between the SA number and the name of the connection. Ideally, we would like not to parse the output of ipsec status, since it's very error prone, but there is, unfortunately, no other interface. Signed-off-by: Ilya Maximets <[email protected]>
igsilya · Oct 29, 2024 · 0749a54 · 0749a54
1 parent 1fddefd
commit 0749a54
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
@@ -729,7 +729,7 @@ conn prevent_unencrypted_vxlan
             return conns
 
         for line in pout.splitlines():
-            m = re.search(r"#\d+: \"(.*)\".*", line)
+            m = re.search(r"#\d+: .*\"(.*)\".*", line)
             if not m:
                 continue