summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/vici
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
committerYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
commite1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch)
treeae0c8b5f4cd8289d0797882ea18969f33ea59a1e /src/libcharon/plugins/vici
parent11d6b62db969bdd808d0f56706cb18f113927a31 (diff)
downloadvyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz
vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip
New upstream version 5.6.1
Diffstat (limited to 'src/libcharon/plugins/vici')
-rw-r--r--src/libcharon/plugins/vici/Makefile.am1
-rw-r--r--src/libcharon/plugins/vici/Makefile.in3
-rw-r--r--src/libcharon/plugins/vici/README.md29
-rw-r--r--src/libcharon/plugins/vici/perl/Makefile.in2
-rw-r--r--src/libcharon/plugins/vici/python/Makefile.in2
-rw-r--r--src/libcharon/plugins/vici/ruby/Makefile.in4
-rw-r--r--src/libcharon/plugins/vici/vici_config.c26
-rw-r--r--src/libcharon/plugins/vici/vici_plugin.c1
-rw-r--r--src/libcharon/plugins/vici/vici_query.c161
9 files changed, 220 insertions, 9 deletions
diff --git a/src/libcharon/plugins/vici/Makefile.am b/src/libcharon/plugins/vici/Makefile.am
index af0b65cd0..e8bcdbaa3 100644
--- a/src/libcharon/plugins/vici/Makefile.am
+++ b/src/libcharon/plugins/vici/Makefile.am
@@ -2,6 +2,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/plugins/pubkey \
-I$(top_srcdir)/src/libcharon \
+ -I$(top_srcdir)/src/libcharon/plugins/counters \
-DSWANCTLDIR=\""${swanctldir}\"" \
-DIPSEC_PIDDIR=\"${piddir}\"
diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in
index cd3dafb08..d28223dca 100644
--- a/src/libcharon/plugins/vici/Makefile.in
+++ b/src/libcharon/plugins/vici/Makefile.in
@@ -343,9 +343,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -550,6 +552,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/plugins/pubkey \
-I$(top_srcdir)/src/libcharon \
+ -I$(top_srcdir)/src/libcharon/plugins/counters \
-DSWANCTLDIR=\""${swanctldir}\"" \
-DIPSEC_PIDDIR=\"${piddir}\"
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index f47f80cad..83521250d 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -682,6 +682,35 @@ List currently loaded algorithms and their implementation.
}
}
+### get-counters() ###
+
+List global or connection-specific counters for several IKE events.
+
+ {
+ name = <optional connection name, omit for global counters>
+ all = <yes to get counters for all connections, name is ignored>
+ } => {
+ counters = {
+ <name|empty for global counters> = {
+ <pairs of counter name and 64-bit counter value>
+ }
+ }
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### reset-counters() ###
+
+Reset global or connection-specific IKE event counters.
+
+ {
+ name = <optional connection name, omit for global counters>
+ all = <yes to reset counters for all connections, name is ignored>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
## Server-issued events ##
Based on the packet layer, the vici plugin raises event messages using named
diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in
index f48eb6abb..59b0774b8 100644
--- a/src/libcharon/plugins/vici/perl/Makefile.in
+++ b/src/libcharon/plugins/vici/perl/Makefile.in
@@ -161,9 +161,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in
index 7d5944ab1..057ea88f4 100644
--- a/src/libcharon/plugins/vici/python/Makefile.in
+++ b/src/libcharon/plugins/vici/python/Makefile.in
@@ -183,9 +183,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
index b1222765b..ff4e07d2d 100644
--- a/src/libcharon/plugins/vici/ruby/Makefile.in
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -161,9 +161,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -474,8 +476,8 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-@RUBY_GEMS_INSTALL_FALSE@install-data-local:
@RUBY_GEMS_INSTALL_FALSE@uninstall-local:
+@RUBY_GEMS_INSTALL_FALSE@install-data-local:
clean: clean-am
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 0c355e3a0..e0e2955e2 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -495,6 +495,7 @@ static void log_child_data(child_data_t *data, char *name)
{
child_cfg_create_t *cfg = &data->cfg;
+#define has_opt(opt) ({ (cfg->options & (opt)) == (opt); })
DBG2(DBG_CFG, " child %s:", name);
DBG2(DBG_CFG, " rekey_time = %llu", cfg->lifetime.time.rekey);
DBG2(DBG_CFG, " life_time = %llu", cfg->lifetime.time.life);
@@ -506,12 +507,12 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " life_packets = %llu", cfg->lifetime.packets.life);
DBG2(DBG_CFG, " rand_packets = %llu", cfg->lifetime.packets.jitter);
DBG2(DBG_CFG, " updown = %s", cfg->updown);
- DBG2(DBG_CFG, " hostaccess = %u", cfg->options & OPT_HOSTACCESS);
- DBG2(DBG_CFG, " ipcomp = %u", cfg->options & OPT_IPCOMP);
+ DBG2(DBG_CFG, " hostaccess = %u", has_opt(OPT_HOSTACCESS));
+ DBG2(DBG_CFG, " ipcomp = %u", has_opt(OPT_IPCOMP));
DBG2(DBG_CFG, " mode = %N%s", ipsec_mode_names, cfg->mode,
- cfg->options & OPT_PROXY_MODE ? "_PROXY" : "");
+ has_opt(OPT_PROXY_MODE) ? "_PROXY" : "");
DBG2(DBG_CFG, " policies = %u", data->policies);
- DBG2(DBG_CFG, " policies_fwd_out = %u", cfg->options & OPT_FWD_OUT_POLICIES);
+ DBG2(DBG_CFG, " policies_fwd_out = %u", has_opt(OPT_FWD_OUT_POLICIES));
if (data->replay_window != REPLAY_UNDEFINED)
{
DBG2(DBG_CFG, " replay_window = %u", data->replay_window);
@@ -525,14 +526,15 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " interface = %s", cfg->interface);
DBG2(DBG_CFG, " mark_in = %u/%u",
cfg->mark_in.value, cfg->mark_in.mask);
+ DBG2(DBG_CFG, " mark_in_sa = %u", has_opt(OPT_MARK_IN_SA));
DBG2(DBG_CFG, " mark_out = %u/%u",
cfg->mark_out.value, cfg->mark_out.mask);
DBG2(DBG_CFG, " inactivity = %llu", cfg->inactivity);
DBG2(DBG_CFG, " proposals = %#P", data->proposals);
DBG2(DBG_CFG, " local_ts = %#R", data->local_ts);
DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts);
- DBG2(DBG_CFG, " hw_offload = %u", cfg->options & OPT_HW_OFFLOAD);
- DBG2(DBG_CFG, " sha256_96 = %u", cfg->options & OPT_SHA256_96);
+ DBG2(DBG_CFG, " hw_offload = %u", has_opt(OPT_HW_OFFLOAD));
+ DBG2(DBG_CFG, " sha256_96 = %u", has_opt(OPT_SHA256_96));
}
/**
@@ -882,7 +884,7 @@ CALLBACK(parse_opt_fwd_out, bool,
}
/**
- * Parse OPT_FWD_OUT_POLICIES option
+ * Parse OPT_IPCOMP option
*/
CALLBACK(parse_opt_ipcomp, bool,
child_cfg_option_t *out, chunk_t v)
@@ -909,6 +911,15 @@ CALLBACK(parse_opt_sha256_96, bool,
}
/**
+ * Parse OPT_MARK_IN_SA option
+ */
+CALLBACK(parse_opt_mark_in, bool,
+ child_cfg_option_t *out, chunk_t v)
+{
+ return parse_option(out, OPT_MARK_IN_SA, v);
+}
+
+/**
* Parse an action_t
*/
CALLBACK(parse_action, bool,
@@ -1562,6 +1573,7 @@ CALLBACK(child_kv, bool,
{ "inactivity", parse_time, &child->cfg.inactivity },
{ "reqid", parse_uint32, &child->cfg.reqid },
{ "mark_in", parse_mark, &child->cfg.mark_in },
+ { "mark_in_sa", parse_opt_mark_in, &child->cfg.options },
{ "mark_out", parse_mark, &child->cfg.mark_out },
{ "tfc_padding", parse_tfc, &child->cfg.tfc },
{ "priority", parse_uint32, &child->cfg.priority },
diff --git a/src/libcharon/plugins/vici/vici_plugin.c b/src/libcharon/plugins/vici/vici_plugin.c
index 136651261..53da75e2a 100644
--- a/src/libcharon/plugins/vici/vici_plugin.c
+++ b/src/libcharon/plugins/vici/vici_plugin.c
@@ -176,6 +176,7 @@ METHOD(plugin_t, get_features, int,
static plugin_feature_t f[] = {
PLUGIN_CALLBACK((plugin_feature_callback_t)register_vici, NULL),
PLUGIN_PROVIDE(CUSTOM, "vici"),
+ PLUGIN_SDEPEND(CUSTOM, "counters"),
};
*features = f;
return countof(f);
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 2cc59591f..134ea375d 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2015 Tobias Brunner, Andreas Steffen
+ * Copyright (C) 2015-2017 Tobias Brunner
+ * Copyright (C) 2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2014 Martin Willi
@@ -55,6 +56,32 @@
#include <asn1/asn1.h>
#include <credentials/certificates/certificate.h>
#include <credentials/certificates/x509.h>
+#include <counters_query.h>
+
+ENUM(vici_counter_type_names,
+ COUNTER_INIT_IKE_SA_REKEY, COUNTER_OUT_INFORMATIONAL_RSP,
+ "ike-rekey-init",
+ "ike-rekey-resp",
+ "child-rekey",
+ "invalid",
+ "invalid-spi",
+ "ike-init-in-req",
+ "ike-init-in-resp",
+ "ike-init-out-req",
+ "ike-init-out-resp",
+ "ike-auth-in-req",
+ "ike-auth-in-resp",
+ "ike-auth-out-req",
+ "ike-auth-out-resp",
+ "create-child-in-req",
+ "create-child-in-resp",
+ "create-child-out-req",
+ "create-child-out-resp",
+ "info-in-req",
+ "info-in-resp",
+ "info-out-req",
+ "info-out-resp",
+);
typedef struct private_vici_query_t private_vici_query_t;
@@ -74,6 +101,11 @@ struct private_vici_query_t {
vici_dispatcher_t *dispatcher;
/**
+ * Query interface for counters
+ */
+ counters_query_t *counters;
+
+ /**
* Daemon startup timestamp
*/
time_t uptime;
@@ -1223,6 +1255,131 @@ CALLBACK(get_algorithms, vici_message_t*,
return b->finalize(b);
}
+/**
+ * Make sure we have the counters query interface
+ */
+static inline bool ensure_counters(private_vici_query_t *this)
+{
+ if (this->counters)
+ {
+ return TRUE;
+ }
+ return (this->counters = lib->get(lib, "counters")) != NULL;
+}
+
+/**
+ * Add a single set of counters to the message
+ *
+ * Frees the array of counter values
+ */
+static void add_counters(vici_builder_t *b, char *name, uint64_t *counters)
+{
+ char buf[BUF_LEN];
+ counter_type_t i;
+
+ b->begin_section(b, name ?: "");
+ for (i = 0; i < COUNTER_MAX; i++)
+ {
+ snprintf(buf, sizeof(buf), "%N", vici_counter_type_names, i);
+ b->add_kv(b, buf, "%"PRIu64, counters[i]);
+ }
+ b->end_section(b);
+ free(counters);
+}
+
+CALLBACK(get_counters, vici_message_t*,
+ private_vici_query_t *this, char *name, u_int id, vici_message_t *request)
+{
+ vici_builder_t *b;
+ enumerator_t *enumerator;
+ uint64_t *counters;
+ char *conn, *errmsg = NULL;
+ bool all;
+
+ b = vici_builder_create();
+
+ if (ensure_counters(this))
+ {
+ conn = request->get_str(request, NULL, "name");
+ all = request->get_bool(request, FALSE, "all");
+
+ b->begin_section(b, "counters");
+ if (all)
+ {
+ enumerator = this->counters->get_names(this->counters);
+ while (enumerator->enumerate(enumerator, &conn))
+ {
+ counters = this->counters->get_all(this->counters, conn);
+ if (counters)
+ {
+ add_counters(b, conn, counters);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ else
+ {
+ counters = this->counters->get_all(this->counters, conn);
+ if (counters)
+ {
+ add_counters(b, conn, counters);
+ }
+ else
+ {
+ errmsg = "no counters found for this connection";
+ }
+ }
+ b->end_section(b);
+ }
+ else
+ {
+ errmsg = "no counters available (plugin missing?)";
+ }
+
+ b->add_kv(b, "success", errmsg ? "no" : "yes");
+ if (errmsg)
+ {
+ b->add_kv(b, "errmsg", "%s", errmsg);
+ }
+ return b->finalize(b);
+}
+
+CALLBACK(reset_counters, vici_message_t*,
+ private_vici_query_t *this, char *name, u_int id, vici_message_t *request)
+{
+ vici_builder_t *b;
+ char *conn, *errmsg = NULL;
+ bool all;
+
+ b = vici_builder_create();
+
+ if (ensure_counters(this))
+ {
+ conn = request->get_str(request, NULL, "name");
+ all = request->get_bool(request, FALSE, "all");
+
+ if (all)
+ {
+ this->counters->reset_all(this->counters);
+ }
+ else
+ {
+ this->counters->reset(this->counters, conn);
+ }
+ }
+ else
+ {
+ errmsg = "no counters available (plugin missing?)";
+ }
+
+ b->add_kv(b, "success", errmsg ? "no" : "yes");
+ if (errmsg)
+ {
+ b->add_kv(b, "errmsg", "%s", errmsg);
+ }
+ return b->finalize(b);
+}
+
CALLBACK(version, vici_message_t*,
private_vici_query_t *this, char *name, u_int id, vici_message_t *request)
{
@@ -1423,6 +1580,8 @@ static void manage_commands(private_vici_query_t *this, bool reg)
manage_command(this, "list-conns", list_conns, reg);
manage_command(this, "list-certs", list_certs, reg);
manage_command(this, "get-algorithms", get_algorithms, reg);
+ manage_command(this, "get-counters", get_counters, reg);
+ manage_command(this, "reset-counters", reset_counters, reg);
manage_command(this, "version", version, reg);
manage_command(this, "stats", stats, reg);
}