diff options
Diffstat (limited to 'main/strongswan/0003-vici-add-support-rekeying-events-and-individual-sa-s.patch')
| -rw-r--r-- | main/strongswan/0003-vici-add-support-rekeying-events-and-individual-sa-s.patch | 213 |
1 files changed, 213 insertions, 0 deletions
diff --git a/main/strongswan/0003-vici-add-support-rekeying-events-and-individual-sa-s.patch b/main/strongswan/0003-vici-add-support-rekeying-events-and-individual-sa-s.patch new file mode 100644 index 000000000..635e75fee --- /dev/null +++ b/main/strongswan/0003-vici-add-support-rekeying-events-and-individual-sa-s.patch @@ -0,0 +1,213 @@ +From 228bfd9f9c0fb27a6802f5d4dc8d747cf4644a1d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Thu, 30 Apr 2015 10:58:15 +0300 +Subject: [PATCH 3/4] vici: add support rekeying events, and individual sa + state changes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Useful for monitoring and tracking full SA. + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> +--- + src/libcharon/plugins/vici/vici_query.c | 160 ++++++++++++++++++++++++++++++++ + 1 file changed, 160 insertions(+) + +diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c +index 3d461f7..ade181c 100644 +--- a/src/libcharon/plugins/vici/vici_query.c ++++ b/src/libcharon/plugins/vici/vici_query.c +@@ -1065,7 +1065,13 @@ static void manage_commands(private_vici_query_t *this, bool reg) + this->dispatcher->manage_event(this->dispatcher, "list-conn", reg); + this->dispatcher->manage_event(this->dispatcher, "list-cert", reg); + this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg); ++ this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg); ++ this->dispatcher->manage_event(this->dispatcher, "ike-state-established", reg); ++ this->dispatcher->manage_event(this->dispatcher, "ike-state-destroying", reg); + this->dispatcher->manage_event(this->dispatcher, "child-updown", reg); ++ this->dispatcher->manage_event(this->dispatcher, "child-rekey", reg); ++ this->dispatcher->manage_event(this->dispatcher, "child-state-installed", reg); ++ this->dispatcher->manage_event(this->dispatcher, "child-state-destroying", reg); + manage_command(this, "list-sas", list_sas, reg); + manage_command(this, "list-policies", list_policies, reg); + manage_command(this, "list-conns", list_conns, reg); +@@ -1100,6 +1106,77 @@ METHOD(listener_t, ike_updown, bool, + return TRUE; + } + ++METHOD(listener_t, ike_rekey, bool, ++ private_vici_query_t *this, ike_sa_t *old, ike_sa_t *new) ++{ ++ vici_builder_t *b; ++ time_t now; ++ ++ if (!this->dispatcher->has_event_listeners(this->dispatcher, "ike-rekey")) ++ { ++ return TRUE; ++ } ++ ++ now = time_monotonic(NULL); ++ ++ b = vici_builder_create(); ++ b->begin_section(b, old->get_name(old)); ++ list_ike(this, b, old, now, TRUE); ++ b->begin_section(b, "child-sas"); ++ b->end_section(b); ++ b->end_section(b); ++ ++ b->begin_section(b, new->get_name(new)); ++ list_ike(this, b, new, now, TRUE); ++ b->begin_section(b, "child-sas"); ++ b->end_section(b); ++ b->end_section(b); ++ ++ this->dispatcher->raise_event(this->dispatcher, ++ "ike-rekey", 0, b->finalize(b)); ++ ++ return TRUE; ++} ++ ++METHOD(listener_t, ike_state_change, bool, ++ private_vici_query_t *this, ike_sa_t *ike_sa, ike_sa_state_t state) ++{ ++ char *event; ++ vici_builder_t *b; ++ time_t now; ++ ++ switch (state) ++ { ++ case IKE_ESTABLISHED: ++ event = "ike-state-established"; ++ break; ++ case IKE_DESTROYING: ++ event = "ike-state-destroying"; ++ break; ++ default: ++ return TRUE; ++ } ++ ++ if (!this->dispatcher->has_event_listeners(this->dispatcher, event)) ++ { ++ return TRUE; ++ } ++ ++ now = time_monotonic(NULL); ++ ++ b = vici_builder_create(); ++ b->begin_section(b, ike_sa->get_name(ike_sa)); ++ list_ike(this, b, ike_sa, now, state != IKE_DESTROYING); ++ b->begin_section(b, "child-sas"); ++ b->end_section(b); ++ b->end_section(b); ++ ++ this->dispatcher->raise_event(this->dispatcher, ++ event, 0, b->finalize(b)); ++ ++ return TRUE; ++} ++ + METHOD(listener_t, child_updown, bool, + private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) + { +@@ -1131,6 +1208,85 @@ METHOD(listener_t, child_updown, bool, + return TRUE; + } + ++METHOD(listener_t, child_rekey, bool, ++ private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *old, child_sa_t *new) ++{ ++ vici_builder_t *b; ++ time_t now; ++ ++ if (!this->dispatcher->has_event_listeners(this->dispatcher, "child-rekey")) ++ { ++ return TRUE; ++ } ++ ++ now = time_monotonic(NULL); ++ b = vici_builder_create(); ++ ++ b->begin_section(b, ike_sa->get_name(ike_sa)); ++ list_ike(this, b, ike_sa, now, TRUE); ++ b->begin_section(b, "child-sas"); ++ ++ b->begin_section(b, old->get_name(old)); ++ list_child(this, b, old, now); ++ b->end_section(b); ++ ++ b->begin_section(b, new->get_name(new)); ++ list_child(this, b, new, now); ++ b->end_section(b); ++ ++ b->end_section(b); ++ b->end_section(b); ++ ++ this->dispatcher->raise_event(this->dispatcher, ++ "child-rekey", 0, b->finalize(b)); ++ ++ return TRUE; ++} ++ ++METHOD(listener_t, child_state_change, bool, ++ private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state) ++{ ++ char *event; ++ vici_builder_t *b; ++ time_t now; ++ ++ switch (state) ++ { ++ case CHILD_INSTALLED: ++ event = "child-state-installed"; ++ break; ++ case CHILD_DESTROYING: ++ event = "child-state-destroying"; ++ break; ++ default: ++ return TRUE; ++ } ++ ++ if (!this->dispatcher->has_event_listeners(this->dispatcher, event)) ++ { ++ return TRUE; ++ } ++ ++ now = time_monotonic(NULL); ++ ++ b = vici_builder_create(); ++ b->begin_section(b, ike_sa->get_name(ike_sa)); ++ list_ike(this, b, ike_sa, now, state != CHILD_DESTROYING); ++ b->begin_section(b, "child-sas"); ++ ++ b->begin_section(b, child_sa->get_name(child_sa)); ++ list_child(this, b, child_sa, now); ++ b->end_section(b); ++ ++ b->end_section(b); ++ b->end_section(b); ++ ++ this->dispatcher->raise_event(this->dispatcher, ++ event, 0, b->finalize(b)); ++ ++ return TRUE; ++} ++ + METHOD(vici_query_t, destroy, void, + private_vici_query_t *this) + { +@@ -1149,7 +1305,11 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher) + .public = { + .listener = { + .ike_updown = _ike_updown, ++ .ike_rekey = _ike_rekey, ++ .ike_state_change = _ike_state_change, + .child_updown = _child_updown, ++ .child_rekey = _child_rekey, ++ .child_state_change = _child_state_change, + }, + .destroy = _destroy, + }, +-- +2.4.2 + |