Only call 'ip xfrm state' once, rather than twice per connection

1 files changed, 16 insertions, 2 deletions

diff --git a/ipsectools-model.lua b/ipsectools-model.lua
index 6f5b359..4c1360f 100644
--- a/ipsectools-model.lua
+++ b/ipsectools-model.lua
@@ -49,7 +49,11 @@ end
 
 local function racoonctl_table()
 	local output = {}
-	local value = modelfunctions.run_executable({"racoonctl", "-lll", "show-sa", "isakmp"})
+	local value = modelfunctions.run_executable({"ip", "xfrm", "state", "list", "src", dst})
+	-- Get rid of all lines that don't start with "src"
+	local phase2details = string.gsub(value, "\n[^s][^\n]*", "")
+	
+	value = modelfunctions.run_executable({"racoonctl", "-lll", "show-sa", "isakmp"})
  	for i,line in pairs(format.string_to_table(value,"\n")) do
 		if not ((string.find(line,"^Source")) or (#line == 0)) then
 			entry={}
@@ -90,7 +94,17 @@ local function racoonctl_table()
 				value=(variable[8] or "") .. " " .. (variable[9] or ""),
 				})
 
-			local phase2s = phase2details(variable[2])
+			local dst = string.match(variable[2],"^(.*)%.")	-- Removes the portnumber
+			local input = {}
+			local output = {}
+			for l in string.gmatch(phase2details, "src [^n]* "..dst.."\n") do
+				input[#input+1] = l
+			end
+			for l in string.gmatch(phase2details, "src "..dst.." [^\n]*\n") do
+				output[#output+1] = l
+			end
+			local phase2s = {{label="Outgoing", value=table.concat(output)}, {label="Incoming", value=table.concat(input)}}
+			--local phase2s = phase2details(variable[2])
 			entry['Phase2']=cfe({
 				label="Phase2",
 				value=variable[10],