diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-11-09 11:39:54 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-11-09 11:55:51 +0100 |
| commit | 04f22cdabc1c97d38692f95392429839f0fa90d1 (patch) | |
| tree | c8759a8fd060f1886db06399c1ba9a13a46f8869 /src | |
| parent | 4fc0a9d40b4664eeee3e92831dd47e4d99aaabe9 (diff) | |
| download | strongswan-04f22cdabc1c97d38692f95392429839f0fa90d1.tar.bz2 strongswan-04f22cdabc1c97d38692f95392429839f0fa90d1.tar.xz | |
vici: Add NAT information when listing IKE_SAs
The `nat-local` and `nat-remote` keys contain information on the NAT
status of the local and remote IKE endpoints, respectively. If a
responder did not detect a NAT but is configured to fake a NAT situation
this is indicated by `nat-fake` (if an initiator fakes a NAT situation
`nat-local` is set). If any NAT is detected or faked `nat-any` is set.
Closes strongswan/strongswan#16.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/vici/README.md | 4 | ||||
| -rw-r--r-- | src/libcharon/plugins/vici/vici_query.c | 17 |
2 files changed, 21 insertions, 0 deletions
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index e20e8ab26..51a17e2a4 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -587,6 +587,10 @@ command. initiator = <yes, if initiator of IKE_SA> initiator-spi = <hex encoded initiator SPI / cookie> responder-spi = <hex encoded responder SPI / cookie> + nat-local = <yes, if local endpoint is behind a NAT> + nat-remote = <yes, if remote endpoint is behind a NAT> + nat-fake = <yes, if NAT situation has been faked as responder> + nat-any = <yes, if any endpoint is behind a NAT (also if faked)> encr-alg = <IKE encryption algorithm string> encr-keysize = <key size for encr-alg, if applicable> integ-alg = <IKE integrity algorithm string> diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 98d264fca..265a17e52 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -222,6 +222,18 @@ static void list_task_queue(private_vici_query_t *this, vici_builder_t *b, } /** + * Add an IKE_SA condition to the given builder + */ +static void add_condition(vici_builder_t *b, ike_sa_t *ike_sa, + char *key, ike_condition_t cond) +{ + if (ike_sa->has_condition(ike_sa, cond)) + { + b->add_kv(b, key, "yes"); + } +} + +/** * List details of an IKE_SA */ static void list_ike(private_vici_query_t *this, vici_builder_t *b, @@ -265,6 +277,11 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, b->add_kv(b, "initiator-spi", "%.16"PRIx64, id->get_initiator_spi(id)); b->add_kv(b, "responder-spi", "%.16"PRIx64, id->get_responder_spi(id)); + add_condition(b, ike_sa, "nat-local", COND_NAT_HERE); + add_condition(b, ike_sa, "nat-remote", COND_NAT_THERE); + add_condition(b, ike_sa, "nat-fake", COND_NAT_FAKE); + add_condition(b, ike_sa, "nat-any", COND_NAT_ANY); + proposal = ike_sa->get_proposal(ike_sa); if (proposal) { |