diff options
| author | Martin Willi <martin@revosec.ch> | 2012-10-08 11:36:07 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-10-24 11:34:30 +0200 |
| commit | 5715af75086e7e6a181c655df10186453c55d1c9 (patch) | |
| tree | 6b87041b6045826cc22242747a49f488e1274a84 /src | |
| parent | 81e0e1034407572aecf8aa6de83b183a67e71dc0 (diff) | |
| download | strongswan-5715af75086e7e6a181c655df10186453c55d1c9.tar.bz2 strongswan-5715af75086e7e6a181c655df10186453c55d1c9.tar.xz | |
Add stroke counters for invalid IKE messages
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_counter.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_counter.c b/src/libcharon/plugins/stroke/stroke_counter.c index ab2882ed5..67ed9882c 100644 --- a/src/libcharon/plugins/stroke/stroke_counter.c +++ b/src/libcharon/plugins/stroke/stroke_counter.c @@ -65,6 +65,32 @@ struct private_stroke_counter_t { spinlock_t *lock; }; +METHOD(listener_t, alert, bool, + private_stroke_counter_t *this, ike_sa_t *ike_sa, + alert_t alert, va_list args) +{ + stroke_counter_type_t type; + + switch (alert) + { + case ALERT_INVALID_IKE_SPI: + type = COUNTER_IN_INVALID_IKE_SPI; + break; + case ALERT_PARSE_ERROR_HEADER: + case ALERT_PARSE_ERROR_BODY: + type = COUNTER_IN_INVALID; + break; + default: + return TRUE; + } + + this->lock->lock(this->lock); + this->counter[type]++; + this->lock->unlock(this->lock); + + return TRUE; +} + METHOD(listener_t, ike_rekey, bool, private_stroke_counter_t *this, ike_sa_t *old, ike_sa_t *new) { @@ -116,6 +142,7 @@ stroke_counter_t *stroke_counter_create() INIT(this, .public = { .listener = { + .alert = _alert, .ike_rekey = _ike_rekey, .child_rekey = _child_rekey, }, |