added a "ipsec down-srcip <start> [<end>]" command to terminate IKE_SAs by remote virtual ip

4 files changed, 31 insertions, 0 deletions

diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 90d99acbc..01537b321 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -158,6 +158,17 @@ static int terminate_connection(char *name)
 	return send_stroke_msg(&msg);
 }
 
+static int terminate_connection_srcip(char *start, char *end)
+{
+	stroke_msg_t msg;
+	
+	msg.type = STR_TERMINATE_SRCIP;
+	msg.length = offsetof(stroke_msg_t, buffer);
+	msg.terminate_srcip.start = push_string(&msg, start);
+	msg.terminate_srcip.end = push_string(&msg, end);
+	return send_stroke_msg(&msg);
+}
+
 static int route_connection(char *name)
 {
 	stroke_msg_t msg;
@@ -284,6 +295,9 @@ static void exit_usage(char *error)
 	printf("  Terminate a connection:\n");
 	printf("    stroke down NAME\n");
 	printf("    where: NAME is a connection name added with \"stroke add\"\n");
+	printf("  Terminate a connection by remote srcip:\n");
+	printf("    stroke down-srcip START [END]\n");
+	printf("    where: START and optional END define the clients source IP\n");
 	printf("  Set loglevel for a logging type:\n");
 	printf("    stroke loglevel TYPE LEVEL\n");
 	printf("    where: TYPE is any|dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib\n");
@@ -354,6 +368,13 @@ int main(int argc, char *argv[])
 			}
 			res = terminate_connection(argv[2]);
 			break;
+		case STROKE_DOWNSRCIP:
+			if (argc < 3)
+			{
+				exit_usage("\"down-srcip\" needs start and end address");
+			}
+			res = terminate_connection_srcip(argv[2], argc > 3 ? argv[3] : NULL);
+			break;
 		case STROKE_ROUTE:
 			if (argc < 3)
 			{
diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h
index 7bad0d4d6..b99863178 100644
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@@ -26,6 +26,7 @@ typedef enum {
 	STROKE_UNROUTE,
 	STROKE_UP,
 	STROKE_DOWN,
+	STROKE_DOWNSRCIP,
 	STROKE_LOGLEVEL,
 	STROKE_STATUS,
 	STROKE_STATUSALL,
diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt
index 672203ca6..dfe03fb6a 100644
--- a/src/stroke/stroke_keywords.txt
+++ b/src/stroke/stroke_keywords.txt
@@ -33,6 +33,7 @@ route,           STROKE_ROUTE
 unroute,         STROKE_UNROUTE
 up,              STROKE_UP
 down,            STROKE_DOWN
+down-srcip,      STROKE_DOWNSRCIP
 loglevel,        STROKE_LOGLEVEL
 status,          STROKE_STATUS
 statusall,       STROKE_STATUSALL
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index 8258fdc7d..40447e37f 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -158,6 +158,8 @@ struct stroke_msg_t {
 		STR_DEL_CONN,
 		/* terminate connection */
 		STR_TERMINATE,
+		/* terminate connection by peers srcip/virtual ip */
+		STR_TERMINATE_SRCIP,
 		/* show connection status */
 		STR_STATUS,
 		/* show verbose connection status */
@@ -187,6 +189,12 @@ struct stroke_msg_t {
 		struct {
 			char *name;
 		} initiate, route, unroute, terminate, status, del_conn, del_ca;
+		
+		/* data for STR_TERMINATE_SRCIP */
+		struct {
+			char *start;
+			char *end;
+		} terminate_srcip;
 
 		/* data for STR_ADD_CONN */
 		struct {