Fix cisco ios show crypto ipsec sa (#1768)

* Including letters in SA_SIBLING_FLAGS. * Add trailing newline --------- Co-authored-by: Nicholas Nelson <[email protected]>
networktocode · Jul 23, 2024 · 4228bff · 4228bff
1 parent 7d269d5
commit 4228bff
Show file tree

Hide file tree

Showing 3 changed files with 398 additions and 1 deletion.
diff --git a/ntc_templates/templates/cisco_ios_show_crypto_ipsec_sa_detail.textfsm b/ntc_templates/templates/cisco_ios_show_crypto_ipsec_sa_detail.textfsm
@@ -61,7 +61,7 @@ Value SA_TRANSFORM ([\S\s]+)
 Value SA_IN_USE_SETTINGS ([\S\s]+?)
 Value SA_CONN_ID (\d+)
 Value SA_FLOW_ID ([\S\s]+)
-Value SA_SIBLING_FLAGS (\d+)
+Value SA_SIBLING_FLAGS ([\d\w]+)
 Value SA_CRYPTO_MAP (\S+)
 Value SA_LIFETIME_KBYTES (\d+)
 Value SA_LIFETIME_SEC (\d+)

diff --git a/tests/cisco_ios/show_crypto_ipsec_sa_detail/cisco_ios_show_crypto_ipsec_sa_detail_3.raw b/tests/cisco_ios/show_crypto_ipsec_sa_detail/cisco_ios_show_crypto_ipsec_sa_detail_3.raw
@@ -0,0 +1,111 @@
+interface: Tunnel1
+    Crypto map tag: Tunnel1-head-0, local addr 1.2.3.4
+
+   protected vrf: (none)
+   local  ident (addr/mask/prot/port): (1.2.3.4/255.255.255.255/47/0)
+   remote ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/47/0)
+   current_peer 2.2.2.2 port 4500
+     PERMIT, flags={origin_is_acl,}
+    #pkts encaps: 4981028, #pkts encrypt: 4981028, #pkts digest: 4981028
+    #pkts decaps: 4112421, #pkts decrypt: 4112421, #pkts verify: 4112421
+    #pkts compressed: 0, #pkts decompressed: 0
+    #pkts not compressed: 0, #pkts compr. failed: 0
+    #pkts not decompressed: 0, #pkts decompress failed: 0
+    #pkts no sa (send) 0, #pkts invalid sa (rcv) 0
+    #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
+    #pkts invalid prot (recv) 0, #pkts verify failed: 0
+    #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
+    #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
+    ##pkts replay failed (rcv): 0
+    #pkts tagged (send): 0, #pkts untagged (rcv): 0
+    #pkts not tagged (send): 0, #pkts not untagged (rcv): 0
+    #pkts internal err (send): 0, #pkts internal err (recv) 0
+
+     local crypto endpt.: 1.2.3.4, remote crypto endpt.: 2.2.2.2
+     plaintext mtu 1442, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet8
+     current outbound spi: 0x1234ABCD(305441741)
+     PFS (Y/N): N, DH group: none
+
+     inbound esp sas:
+      spi: 0xABCD1234(2882343476)
+        transform: esp-256-aes esp-sha-hmac ,
+        in use settings ={Transport UDP-Encaps, }
+        conn id: 124, flow_id: Onboard VPN:124, sibling_flags AAAAAAAA80000000, crypto map: Tunnel1-head-0
+        sa timing: remaining key lifetime (k/sec): (4332650/3205)
+        IV size: 16 bytes
+        replay detection support: Y  replay window size: 1024
+        Status: ACTIVE(ACTIVE)
+
+     inbound ah sas:
+
+     inbound pcp sas:
+
+     outbound esp sas:
+      spi: 0x1234ABCD(305441741)
+        transform: esp-256-aes esp-sha-hmac ,
+        in use settings ={Transport UDP-Encaps, }
+        conn id: 123, flow_id: Onboard VPN:123, sibling_flags AAAAAAAA80000000, crypto map: Tunnel1-head-0
+        sa timing: remaining key lifetime (k/sec): (4332649/3205)
+        IV size: 16 bytes
+        replay detection support: Y  replay window size: 1024
+        Status: ACTIVE(ACTIVE)
+
+     outbound ah sas:
+
+     outbound pcp sas:
+
+interface: Tunnel2
+    Crypto map tag: Tunnel2-head-0, local addr 1.2.3.4
+
+   protected vrf: (none)
+   local  ident (addr/mask/prot/port): (1.2.3.4/255.255.255.255/47/0)
+   remote ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/47/0)
+   current_peer 3.3.3.3 port 4500
+     PERMIT, flags={origin_is_acl,}
+    #pkts encaps: 13133657, #pkts encrypt: 13133657, #pkts digest: 13133657
+    #pkts decaps: 12013064, #pkts decrypt: 12013064, #pkts verify: 12013064
+    #pkts compressed: 0, #pkts decompressed: 0
+    #pkts not compressed: 0, #pkts compr. failed: 0
+    #pkts not decompressed: 0, #pkts decompress failed: 0
+    #pkts no sa (send) 0, #pkts invalid sa (rcv) 0
+    #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
+    #pkts invalid prot (recv) 0, #pkts verify failed: 0
+    #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
+    #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
+    ##pkts replay failed (rcv): 1
+    #pkts tagged (send): 0, #pkts untagged (rcv): 0
+    #pkts not tagged (send): 0, #pkts not untagged (rcv): 0
+    #pkts internal err (send): 0, #pkts internal err (recv) 0
+
+     local crypto endpt.: 1.2.3.4, remote crypto endpt.: 3.3.3.3
+     plaintext mtu 1442, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet8
+     current outbound spi: 0x4321DCBA(0987612345)
+     PFS (Y/N): N, DH group: none
+
+     inbound esp sas:
+      spi: 0x1234DCBA(4321567890)
+        transform: esp-256-aes esp-sha-hmac ,
+        in use settings ={Transport UDP-Encaps, }
+        conn id: 457, flow_id: Onboard VPN:457, sibling_flags AAAAAAAA80000000, crypto map: Tunnel2-head-0
+        sa timing: remaining key lifetime (k/sec): (4272028/2813)
+        IV size: 16 bytes
+        replay detection support: Y  replay window size: 1024
+        Status: ACTIVE(ACTIVE)
+
+     inbound ah sas:
+
+     inbound pcp sas:
+
+     outbound esp sas:
+      spi: 0x4321DCBA(0987612345)
+        transform: esp-256-aes esp-sha-hmac ,
+        in use settings ={Transport UDP-Encaps, }
+        conn id: 456, flow_id: Onboard VPN:456, sibling_flags AAAAAAAA80000000, crypto map: Tunnel2-head-0
+        sa timing: remaining key lifetime (k/sec): (4272026/2813)
+        IV size: 16 bytes
+        replay detection support: Y  replay window size: 1024
+        Status: ACTIVE(ACTIVE)
+
+     outbound ah sas:
+
+     outbound pcp sas: