diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/vici/README.md | 4 | ||||
| -rw-r--r-- | src/libcharon/plugins/vici/vici_query.c | 17 |
2 files changed, 21 insertions, 0 deletions
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index e20e8ab26..51a17e2a4 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -587,6 +587,10 @@ command. initiator = <yes, if initiator of IKE_SA> initiator-spi = <hex encoded initiator SPI / cookie> responder-spi = <hex encoded responder SPI / cookie> + nat-local = <yes, if local endpoint is behind a NAT> + nat-remote = <yes, if remote endpoint is behind a NAT> + nat-fake = <yes, if NAT situation has been faked as responder> + nat-any = <yes, if any endpoint is behind a NAT (also if faked)> encr-alg = <IKE encryption algorithm string> encr-keysize = <key size for encr-alg, if applicable> integ-alg = <IKE integrity algorithm string> diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 98d264fca..265a17e52 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -222,6 +222,18 @@ static void list_task_queue(private_vici_query_t *this, vici_builder_t *b, } /** + * Add an IKE_SA condition to the given builder + */ +static void add_condition(vici_builder_t *b, ike_sa_t *ike_sa, + char *key, ike_condition_t cond) +{ + if (ike_sa->has_condition(ike_sa, cond)) + { + b->add_kv(b, key, "yes"); + } +} + +/** * List details of an IKE_SA */ static void list_ike(private_vici_query_t *this, vici_builder_t *b, @@ -265,6 +277,11 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, b->add_kv(b, "initiator-spi", "%.16"PRIx64, id->get_initiator_spi(id)); b->add_kv(b, "responder-spi", "%.16"PRIx64, id->get_responder_spi(id)); + add_condition(b, ike_sa, "nat-local", COND_NAT_HERE); + add_condition(b, ike_sa, "nat-remote", COND_NAT_THERE); + add_condition(b, ike_sa, "nat-fake", COND_NAT_FAKE); + add_condition(b, ike_sa, "nat-any", COND_NAT_ANY); + proposal = ike_sa->get_proposal(ike_sa); if (proposal) { |