summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/vici
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2016-07-16 15:19:53 +0200
committerYves-Alexis Perez <corsac@debian.org>2016-07-16 15:19:53 +0200
commitbf372706c469764d59e9f29c39e3ecbebd72b8d2 (patch)
tree0f0e296e2d50e4a7faf99ae6fa428d2681e81ea1 /src/libcharon/plugins/vici
parent518dd33c94e041db0444c7d1f33da363bb8e3faf (diff)
downloadvyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.tar.gz
vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.zip
Imported Upstream version 5.5.0
Diffstat (limited to 'src/libcharon/plugins/vici')
-rw-r--r--src/libcharon/plugins/vici/Makefile.in27
-rw-r--r--src/libcharon/plugins/vici/README.md11
-rw-r--r--src/libcharon/plugins/vici/libvici.c18
-rw-r--r--src/libcharon/plugins/vici/perl/Makefile.in26
-rw-r--r--src/libcharon/plugins/vici/python/MANIFEST.in1
-rw-r--r--src/libcharon/plugins/vici/python/Makefile.am20
-rw-r--r--src/libcharon/plugins/vici/python/Makefile.in46
-rw-r--r--src/libcharon/plugins/vici/python/README.rst24
-rw-r--r--src/libcharon/plugins/vici/python/setup.py.in18
-rw-r--r--src/libcharon/plugins/vici/python/vici/protocol.py11
-rw-r--r--src/libcharon/plugins/vici/ruby/Makefile.in28
-rw-r--r--src/libcharon/plugins/vici/suites/test_socket.c4
-rw-r--r--src/libcharon/plugins/vici/vici_attribute.c6
-rw-r--r--src/libcharon/plugins/vici/vici_config.c329
-rw-r--r--src/libcharon/plugins/vici/vici_control.c6
-rw-r--r--src/libcharon/plugins/vici/vici_dispatcher.c6
-rw-r--r--src/libcharon/plugins/vici/vici_message.c2
-rw-r--r--src/libcharon/plugins/vici/vici_query.c36
-rw-r--r--src/libcharon/plugins/vici/vici_socket.c6
19 files changed, 385 insertions, 240 deletions
diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in
index 86ed00792..b943c09ce 100644
--- a/src/libcharon/plugins/vici/Makefile.in
+++ b/src/libcharon/plugins/vici/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -84,8 +94,6 @@ check_PROGRAMS = $(am__EXEEXT_1)
@USE_PYTHON_EGGS_TRUE@am__append_2 = python
@USE_PERL_CPAN_TRUE@am__append_3 = perl
subdir = src/libcharon/plugins/vici
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -99,6 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -274,6 +283,7 @@ am__tty_colors = { \
fi; \
}
DIST_SUBDIRS = ruby python perl
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -305,6 +315,7 @@ ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -354,6 +365,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -388,6 +400,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -499,6 +512,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -602,7 +616,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/vici/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -1319,6 +1332,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \
tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES uninstall-pluginLTLIBRARIES
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 52929bd74..cf5a85a8d 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -277,8 +277,8 @@ Terminates an SA while streaming _control-log_ events.
{
child = <terminate a CHILD_SA by configuration name>
ike = <terminate an IKE_SA by configuration name>
- child_id = <terminate a CHILD_SA by its reqid>
- ike_id = <terminate an IKE_SA by its unique id>
+ child-id = <terminate a CHILD_SA by its reqid>
+ ike-id = <terminate an IKE_SA by its unique id>
timeout = <timeout in ms before returning>
loglevel = <loglevel to issue "control-log" events for>
} => {
@@ -337,7 +337,7 @@ events.
{
noblock = <use non-blocking mode if key is set>
ike = <filter listed IKE_SAs by its name>
- ike_id = <filter listed IKE_SA by its unique id>
+ ike-id = <filter listed IKE_SA by its unique id>
} => {
# completes after streaming list-sa events
}
@@ -734,6 +734,8 @@ _list-conns_ command.
<list of valid remote IKE endpoint addresses>
]
version = <IKE version as string, IKEv1|IKEv2 or 0 for any>
+ reauth_time = <IKE_SA reauthentication interval in seconds>
+ rekey_time = <IKE_SA rekeying interval in seconds>
local*, remote* = { # multiple local and remote auth sections
class = <authentication type>
@@ -758,6 +760,9 @@ _list-conns_ command.
children = {
<CHILD_SA config name>* = {
mode = <IPsec mode>
+ rekey_time = <CHILD_SA rekeying interval in seconds>
+ rekey_bytes = <CHILD_SA rekeying interval in bytes>
+ rekey_packets = <CHILD_SA rekeying interval in packets>
local-ts = [
<list of local traffic selectors>
]
diff --git a/src/libcharon/plugins/vici/libvici.c b/src/libcharon/plugins/vici/libvici.c
index 7c98c8b69..0b549a511 100644
--- a/src/libcharon/plugins/vici/libvici.c
+++ b/src/libcharon/plugins/vici/libvici.c
@@ -123,7 +123,7 @@ static bool read_error(vici_conn_t *conn, int err)
/**
* Handle a command response message
*/
-static bool handle_response(vici_conn_t *conn, u_int32_t len)
+static bool handle_response(vici_conn_t *conn, uint32_t len)
{
chunk_t buf;
@@ -140,11 +140,11 @@ static bool handle_response(vici_conn_t *conn, u_int32_t len)
/**
* Dispatch received event message
*/
-static bool handle_event(vici_conn_t *conn, u_int32_t len)
+static bool handle_event(vici_conn_t *conn, uint32_t len)
{
vici_message_t *message;
event_t *event;
- u_int8_t namelen;
+ uint8_t namelen;
char name[257], *buf;
if (len < sizeof(namelen))
@@ -198,8 +198,8 @@ static bool handle_event(vici_conn_t *conn, u_int32_t len)
CALLBACK(on_read, bool,
vici_conn_t *conn, stream_t *stream)
{
- u_int32_t len;
- u_int8_t op;
+ uint32_t len;
+ uint8_t op;
ssize_t hlen;
hlen = stream->read(stream, &len, sizeof(len), FALSE);
@@ -358,8 +358,8 @@ vici_res_t* vici_submit(vici_req_t *req, vici_conn_t *conn)
vici_message_t *message;
vici_res_t *res;
chunk_t data;
- u_int32_t len;
- u_int8_t namelen, op;
+ uint32_t len;
+ uint8_t namelen, op;
message = req->b->finalize(req->b);
if (!message)
@@ -678,8 +678,8 @@ void vici_free_res(vici_res_t *res)
int vici_register(vici_conn_t *conn, char *name, vici_event_cb_t cb, void *user)
{
event_t *event;
- u_int32_t len;
- u_int8_t namelen, op;
+ uint32_t len;
+ uint8_t namelen, op;
int ret = 1;
op = cb ? VICI_EVENT_REGISTER : VICI_EVENT_UNREGISTER;
diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in
index 550d3e980..e32e9668c 100644
--- a/src/libcharon/plugins/vici/perl/Makefile.in
+++ b/src/libcharon/plugins/vici/perl/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,7 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/vici/perl
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -116,12 +126,14 @@ am__can_run_installinfo = \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -316,6 +330,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -370,7 +385,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/perl/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/vici/perl/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -547,6 +561,8 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
all-local: Vici-Session/pm_to_blib
diff --git a/src/libcharon/plugins/vici/python/MANIFEST.in b/src/libcharon/plugins/vici/python/MANIFEST.in
index 1aba38f67..9d5d250d0 100644
--- a/src/libcharon/plugins/vici/python/MANIFEST.in
+++ b/src/libcharon/plugins/vici/python/MANIFEST.in
@@ -1 +1,2 @@
include LICENSE
+include README.rst
diff --git a/src/libcharon/plugins/vici/python/Makefile.am b/src/libcharon/plugins/vici/python/Makefile.am
index 5936f2a5e..20a6f436d 100644
--- a/src/libcharon/plugins/vici/python/Makefile.am
+++ b/src/libcharon/plugins/vici/python/Makefile.am
@@ -1,4 +1,4 @@
-EXTRA_DIST = LICENSE MANIFEST.in \
+EXTRA_DIST = LICENSE README.rst MANIFEST.in \
setup.py.in \
vici/test/__init__.py \
vici/test/test_protocol.py \
@@ -10,26 +10,34 @@ EXTRA_DIST = LICENSE MANIFEST.in \
$(srcdir)/setup.py: $(srcdir)/setup.py.in
$(AM_V_GEN) sed \
- -e "s:@EGG_VERSION@:$(PACKAGE_VERSION):" \
+ -e "s:@EGG_VERSION@:$(PYTHON_PACKAGE_VERSION):" \
$(srcdir)/setup.py.in > $@
-all-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+all-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
-dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py
+dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py
(cd $(srcdir); $(PYTHON) setup.py bdist_egg \
-b $(shell readlink -f $(builddir))/build \
-d $(shell readlink -f $(builddir))/dist)
+package: $(EXTRA_DIST) $(srcdir)/setup.py
+ (cd $(srcdir); $(PYTHON) setup.py sdist \
+ -d $(shell readlink -f $(builddir))/dist \
+ bdist_wheel --universal \
+ -d $(shell readlink -f $(builddir))/dist)
+
clean-local:
(cd $(srcdir); [ ! -f setup.py ] || $(PYTHON) setup.py clean -a)
rm -rf $(srcdir)/setup.py $(srcdir)/vici.egg-info $(builddir)/dist
if PYTHON_EGGS_INSTALL
-install-exec-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+install-exec-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
$(EASY_INSTALL) $(PYTHONEGGINSTALLDIR) \
- dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+ dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
endif
if USE_PY_TEST
TESTS = $(PY_TEST)
endif
+
+.PHONY: package
diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in
index 894a7e275..7d1c64267 100644
--- a/src/libcharon/plugins/vici/python/Makefile.in
+++ b/src/libcharon/plugins/vici/python/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,7 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/vici/python
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -138,12 +148,14 @@ am__tty_colors = { \
std=''; \
fi; \
}
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -193,6 +205,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -227,6 +240,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -338,6 +352,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -366,7 +381,7 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-EXTRA_DIST = LICENSE MANIFEST.in \
+EXTRA_DIST = LICENSE README.rst MANIFEST.in \
setup.py.in \
vici/test/__init__.py \
vici/test/test_protocol.py \
@@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/python/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/vici/python/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -663,26 +677,36 @@ uninstall-am:
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
$(srcdir)/setup.py: $(srcdir)/setup.py.in
$(AM_V_GEN) sed \
- -e "s:@EGG_VERSION@:$(PACKAGE_VERSION):" \
+ -e "s:@EGG_VERSION@:$(PYTHON_PACKAGE_VERSION):" \
$(srcdir)/setup.py.in > $@
-all-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+all-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
-dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py
+dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py
(cd $(srcdir); $(PYTHON) setup.py bdist_egg \
-b $(shell readlink -f $(builddir))/build \
-d $(shell readlink -f $(builddir))/dist)
+package: $(EXTRA_DIST) $(srcdir)/setup.py
+ (cd $(srcdir); $(PYTHON) setup.py sdist \
+ -d $(shell readlink -f $(builddir))/dist \
+ bdist_wheel --universal \
+ -d $(shell readlink -f $(builddir))/dist)
+
clean-local:
(cd $(srcdir); [ ! -f setup.py ] || $(PYTHON) setup.py clean -a)
rm -rf $(srcdir)/setup.py $(srcdir)/vici.egg-info $(builddir)/dist
-@PYTHON_EGGS_INSTALL_TRUE@install-exec-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+@PYTHON_EGGS_INSTALL_TRUE@install-exec-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
@PYTHON_EGGS_INSTALL_TRUE@ $(EASY_INSTALL) $(PYTHONEGGINSTALLDIR) \
-@PYTHON_EGGS_INSTALL_TRUE@ dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+@PYTHON_EGGS_INSTALL_TRUE@ dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg
+
+.PHONY: package
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libcharon/plugins/vici/python/README.rst b/src/libcharon/plugins/vici/python/README.rst
new file mode 100644
index 000000000..3990f6300
--- /dev/null
+++ b/src/libcharon/plugins/vici/python/README.rst
@@ -0,0 +1,24 @@
+About
+-----
+
+The strongSwan VICI protocol allows external applications to monitor, configure
+and control the IKE daemon charon. This Python package provides a native client
+side implementation of the VICI protocol, well suited to script automated tasks
+in a reliable way.
+
+
+Example Usage
+-------------
+
+.. code-block:: python
+
+ >>> import vici
+ >>> s = vici.Session()
+ >>> s.version()
+ OrderedDict([('daemon', b'charon'), ('version', b'5.4.0'),
+ ('sysname', b'Linux'), ('release', b'3.13.0-27-generic'), ('machine', b'x86_64')])
+ >>> s.load_pool({"p1": {"addrs": "10.0.0.0/24"}})
+ OrderedDict([('success', b'yes')])
+ >>> s.get_pools()
+ OrderedDict([('p1', OrderedDict([('base', b'10.0.0.0'), ('size', b'254'),
+ ('online', b'0'), ('offline', b'0')]))])
diff --git a/src/libcharon/plugins/vici/python/setup.py.in b/src/libcharon/plugins/vici/python/setup.py.in
index 0e4ad8236..62b0c5899 100644
--- a/src/libcharon/plugins/vici/python/setup.py.in
+++ b/src/libcharon/plugins/vici/python/setup.py.in
@@ -1,25 +1,21 @@
from setuptools import setup
-
-long_description = (
- "The strongSwan VICI protocol allows external application to monitor, "
- "configure and control the IKE daemon charon. This python package provides "
- "a native client side implementation of the VICI protocol, well suited to "
- "script automated tasks in a reliable way."
-)
+with open('README.rst') as file:
+ long_description = file.read()
setup(
name="vici",
version="@EGG_VERSION@",
- description="Native python interface for strongSwan VICI",
- author="Bjorn Schuberg",
+ description="Native Python interface for strongSwan's VICI protocol",
+ long_description=long_description,
+ author="strongSwan Project",
+ author_email="info@strongswan.org",
url="https://wiki.strongswan.org/projects/strongswan/wiki/Vici",
license="MIT",
packages=["vici"],
- long_description=long_description,
include_package_data=True,
classifiers=(
- "Development Status :: 3 - Alpha",
+ "Development Status :: 5 - Production/Stable",
"Intended Audience :: Developers",
"Intended Audience :: System Administrators",
"License :: OSI Approved :: MIT License",
diff --git a/src/libcharon/plugins/vici/python/vici/protocol.py b/src/libcharon/plugins/vici/python/vici/protocol.py
index 855a7b2e2..4951817eb 100644
--- a/src/libcharon/plugins/vici/python/vici/protocol.py
+++ b/src/libcharon/plugins/vici/python/vici/protocol.py
@@ -20,15 +20,22 @@ class Transport(object):
self.socket.sendall(struct.pack("!I", len(packet)) + packet)
def receive(self):
- raw_length = self.socket.recv(self.HEADER_LENGTH)
+ raw_length = self._recvall(self.HEADER_LENGTH)
length, = struct.unpack("!I", raw_length)
- payload = self.socket.recv(length)
+ payload = self._recvall(length)
return payload
def close(self):
self.socket.shutdown(socket.SHUT_RDWR)
self.socket.close()
+ def _recvall(self, count):
+ """Ensure to read count bytes from the socket"""
+ data = b""
+ while len(data) < count:
+ data += self.socket.recv(count - len(data))
+ return data
+
class Packet(object):
CMD_REQUEST = 0 # Named request message
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
index b87d83de4..aceb28adc 100644
--- a/src/libcharon/plugins/vici/ruby/Makefile.in
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -78,7 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = src/libcharon/plugins/vici/ruby
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -116,12 +126,14 @@ am__can_run_installinfo = \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+ATOMICLIB = @ATOMICLIB@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
@@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -316,6 +330,7 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
@@ -360,7 +375,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -455,8 +469,8 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-@RUBY_GEMS_INSTALL_FALSE@uninstall-local:
@RUBY_GEMS_INSTALL_FALSE@install-data-local:
+@RUBY_GEMS_INSTALL_FALSE@uninstall-local:
clean: clean-am
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
@@ -538,6 +552,8 @@ uninstall-am: uninstall-local
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-local
+.PRECIOUS: Makefile
+
vici.gemspec: $(srcdir)/vici.gemspec.in
$(AM_V_GEN) sed \
diff --git a/src/libcharon/plugins/vici/suites/test_socket.c b/src/libcharon/plugins/vici/suites/test_socket.c
index 8d545c6c1..d0c0fa76f 100644
--- a/src/libcharon/plugins/vici/suites/test_socket.c
+++ b/src/libcharon/plugins/vici/suites/test_socket.c
@@ -32,7 +32,7 @@ static void echo_inbound(void *user, u_int id, chunk_t buf)
ck_assert_int_eq(data->id, id);
/* count number of bytes, including the header */
- data->bytes += buf.len + sizeof(u_int32_t);
+ data->bytes += buf.len + sizeof(uint32_t);
/* echo back data chunk */
data->s->send(data->s, id, chunk_clone(buf));
}
@@ -81,7 +81,7 @@ START_TEST(test_echo)
0x00,0x00,0x00,0x0A, 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x02A,
);
char buf[m.len];
- u_int32_t len;
+ uint32_t len;
lib->processor->set_threads(lib->processor, 4);
diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c
index 9064d3d8c..e0d9b4ae8 100644
--- a/src/libcharon/plugins/vici/vici_attribute.c
+++ b/src/libcharon/plugins/vici/vici_attribute.c
@@ -233,7 +233,7 @@ static bool have_vips_from_pool(mem_pool_t *pool, linked_list_t *vips)
enumerator_t *enumerator;
host_t *host;
chunk_t start, end, current;
- u_int32_t size;
+ uint32_t size;
bool found = FALSE;
host = pool->get_base(pool);
@@ -477,10 +477,10 @@ CALLBACK(pool_li, bool,
{
if (host->get_family(host) == AF_INET)
{ /* IPv4 attributes contain a subnet mask */
- u_int32_t netmask = 0;
+ uint32_t netmask = 0;
if (mask)
- { /* shifting u_int32_t by 32 or more is undefined */
+ { /* shifting uint32_t by 32 or more is undefined */
mask = 32 - mask;
netmask = htonl((0xFFFFFFFF >> mask) << mask);
}
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 6ebbedc47..d919e1d94 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -57,22 +57,32 @@
/**
* Magic value for an undefined lifetime
*/
-#define LFT_UNDEFINED (~(u_int64_t)0)
+#define LFT_UNDEFINED (~(uint64_t)0)
/**
* Default IKE rekey time
*/
-#define LFT_DEFAULT_IKE_REKEY (4 * 60 * 60)
+#define LFT_DEFAULT_IKE_REKEY_TIME (4 * 60 * 60)
/**
* Default CHILD rekey time
*/
-#define LFT_DEFAULT_CHILD_REKEY (1 * 60 * 60)
+#define LFT_DEFAULT_CHILD_REKEY_TIME (1 * 60 * 60)
+
+/**
+ * Default CHILD rekey bytes
+ */
+#define LFT_DEFAULT_CHILD_REKEY_BYTES 0
+
+/**
+ * Default CHILD rekey packets
+ */
+#define LFT_DEFAULT_CHILD_REKEY_PACKETS 0
/**
* Undefined replay window
*/
-#define REPLAY_UNDEFINED (~(u_int32_t)0)
+#define REPLAY_UNDEFINED (~(uint32_t)0)
typedef struct private_vici_config_t private_vici_config_t;
@@ -242,7 +252,7 @@ typedef struct {
typedef struct {
request_data_t *request;
auth_cfg_t *cfg;
- u_int32_t round;
+ uint32_t round;
} auth_data_t;
/**
@@ -259,20 +269,20 @@ static void free_auth_data(auth_data_t *data)
*/
typedef struct {
request_data_t *request;
- u_int32_t version;
+ uint32_t version;
bool aggressive;
bool encap;
bool mobike;
bool send_certreq;
bool pull;
cert_policy_t send_cert;
- u_int64_t dpd_delay;
- u_int64_t dpd_timeout;
+ uint64_t dpd_delay;
+ uint64_t dpd_timeout;
fragmentation_t fragmentation;
unique_policy_t unique;
- u_int32_t keyingtries;
- u_int32_t local_port;
- u_int32_t remote_port;
+ uint32_t keyingtries;
+ uint32_t local_port;
+ uint32_t remote_port;
char *local_addrs;
char *remote_addrs;
linked_list_t *local;
@@ -281,10 +291,10 @@ typedef struct {
linked_list_t *children;
linked_list_t *vips;
char *pools;
- u_int64_t reauth_time;
- u_int64_t rekey_time;
- u_int64_t over_time;
- u_int64_t rand_time;
+ uint64_t reauth_time;
+ uint64_t rekey_time;
+ uint64_t over_time;
+ uint64_t rand_time;
} peer_data_t;
/**
@@ -422,24 +432,12 @@ static void free_peer_data(peer_data_t *data)
*/
typedef struct {
request_data_t *request;
- lifetime_cfg_t lft;
- char* updown;
- bool hostaccess;
- bool ipcomp;
- bool policies;
- ipsec_mode_t mode;
- u_int32_t replay_window;
- action_t dpd_action;
- action_t start_action;
- action_t close_action;
- u_int32_t reqid;
- u_int32_t tfc;
- mark_t mark_in;
- mark_t mark_out;
- u_int64_t inactivity;
linked_list_t *proposals;
linked_list_t *local_ts;
linked_list_t *remote_ts;
+ uint32_t replay_window;
+ bool policies;
+ child_cfg_create_t cfg;
} child_data_t;
/**
@@ -447,35 +445,39 @@ typedef struct {
*/
static void log_child_data(child_data_t *data, char *name)
{
+ child_cfg_create_t *cfg = &data->cfg;
+
DBG2(DBG_CFG, " child %s:", name);
- DBG2(DBG_CFG, " rekey_time = %llu", data->lft.time.rekey);
- DBG2(DBG_CFG, " life_time = %llu", data->lft.time.life);
- DBG2(DBG_CFG, " rand_time = %llu", data->lft.time.jitter);
- DBG2(DBG_CFG, " rekey_bytes = %llu", data->lft.bytes.rekey);
- DBG2(DBG_CFG, " life_bytes = %llu", data->lft.bytes.life);
- DBG2(DBG_CFG, " rand_bytes = %llu", data->lft.bytes.jitter);
- DBG2(DBG_CFG, " rekey_packets = %llu", data->lft.packets.rekey);
- DBG2(DBG_CFG, " life_packets = %llu", data->lft.packets.life);
- DBG2(DBG_CFG, " rand_packets = %llu", data->lft.packets.jitter);
- DBG2(DBG_CFG, " updown = %s", data->updown);
- DBG2(DBG_CFG, " hostaccess = %u", data->hostaccess);
- DBG2(DBG_CFG, " ipcomp = %u", data->ipcomp);
- DBG2(DBG_CFG, " mode = %N", ipsec_mode_names, data->mode);
+ DBG2(DBG_CFG, " rekey_time = %llu", cfg->lifetime.time.rekey);
+ DBG2(DBG_CFG, " life_time = %llu", cfg->lifetime.time.life);
+ DBG2(DBG_CFG, " rand_time = %llu", cfg->lifetime.time.jitter);
+ DBG2(DBG_CFG, " rekey_bytes = %llu", cfg->lifetime.bytes.rekey);
+ DBG2(DBG_CFG, " life_bytes = %llu", cfg->lifetime.bytes.life);
+ DBG2(DBG_CFG, " rand_bytes = %llu", cfg->lifetime.bytes.jitter);
+ DBG2(DBG_CFG, " rekey_packets = %llu", cfg->lifetime.packets.rekey);
+ DBG2(DBG_CFG, " life_packets = %llu", cfg->lifetime.packets.life);
+ DBG2(DBG_CFG, " rand_packets = %llu", cfg->lifetime.packets.jitter);
+ DBG2(DBG_CFG, " updown = %s", cfg->updown);
+ DBG2(DBG_CFG, " hostaccess = %u", cfg->hostaccess);
+ DBG2(DBG_CFG, " ipcomp = %u", cfg->ipcomp);
+ DBG2(DBG_CFG, " mode = %N", ipsec_mode_names, cfg->mode);
DBG2(DBG_CFG, " policies = %u", data->policies);
if (data->replay_window != REPLAY_UNDEFINED)
{
DBG2(DBG_CFG, " replay_window = %u", data->replay_window);
}
- DBG2(DBG_CFG, " dpd_action = %N", action_names, data->dpd_action);
- DBG2(DBG_CFG, " start_action = %N", action_names, data->start_action);
- DBG2(DBG_CFG, " close_action = %N", action_names, data->close_action);
- DBG2(DBG_CFG, " reqid = %u", data->reqid);
- DBG2(DBG_CFG, " tfc = %d", data->tfc);
+ DBG2(DBG_CFG, " dpd_action = %N", action_names, cfg->dpd_action);
+ DBG2(DBG_CFG, " start_action = %N", action_names, cfg->start_action);
+ DBG2(DBG_CFG, " close_action = %N", action_names, cfg->close_action);
+ DBG2(DBG_CFG, " reqid = %u", cfg->reqid);
+ DBG2(DBG_CFG, " tfc = %d", cfg->tfc);
+ DBG2(DBG_CFG, " priority = %d", cfg->priority);
+ DBG2(DBG_CFG, " interface = %s", cfg->interface);
DBG2(DBG_CFG, " mark_in = %u/%u",
- data->mark_in.value, data->mark_in.mask);
+ cfg->mark_in.value, cfg->mark_in.mask);
DBG2(DBG_CFG, " mark_out = %u/%u",
- data->mark_out.value, data->mark_out.mask);
- DBG2(DBG_CFG, " inactivity = %llu", data->inactivity);
+ cfg->mark_out.value, cfg->mark_out.mask);
+ DBG2(DBG_CFG, " inactivity = %llu", cfg->inactivity);
DBG2(DBG_CFG, " proposals = %#P", data->proposals);
DBG2(DBG_CFG, " local_ts = %#R", data->local_ts);
DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts);
@@ -492,7 +494,8 @@ static void free_child_data(child_data_t *data)
offsetof(traffic_selector_t, destroy));
data->remote_ts->destroy_offset(data->remote_ts,
offsetof(traffic_selector_t, destroy));
- free(data->updown);
+ free(data->cfg.updown);
+ free(data->cfg.interface);
}
/**
@@ -568,8 +571,8 @@ CALLBACK(parse_ts, bool,
struct protoent *protoent;
struct servent *svc;
long int p;
- u_int16_t from = 0, to = 0xffff;
- u_int8_t proto = 0;
+ uint16_t from = 0, to = 0xffff;
+ uint8_t proto = 0;
if (!vici_stringify(v, buf, sizeof(buf)))
{
@@ -613,7 +616,7 @@ CALLBACK(parse_ts, bool,
{
return FALSE;
}
- proto = (u_int8_t)p;
+ proto = (uint8_t)p;
}
}
if (streq(port, "opaque"))
@@ -809,10 +812,10 @@ CALLBACK(parse_action, bool,
}
/**
- * Parse a u_int32_t
+ * Parse a uint32_t
*/
CALLBACK(parse_uint32, bool,
- u_int32_t *out, chunk_t v)
+ uint32_t *out, chunk_t v)
{
char buf[16], *end;
u_long l;
@@ -831,10 +834,10 @@ CALLBACK(parse_uint32, bool,
}
/**
- * Parse a u_int64_t
+ * Parse a uint64_t
*/
CALLBACK(parse_uint64, bool,
- u_int64_t *out, chunk_t v)
+ uint64_t *out, chunk_t v)
{
char buf[16], *end;
unsigned long long l;
@@ -856,7 +859,7 @@ CALLBACK(parse_uint64, bool,
* Parse a relative time
*/
CALLBACK(parse_time, bool,
- u_int64_t *out, chunk_t v)
+ uint64_t *out, chunk_t v)
{
char buf[16], *end;
u_long l;
@@ -906,7 +909,7 @@ CALLBACK(parse_time, bool,
* Parse byte volume
*/
CALLBACK(parse_bytes, bool,
- u_int64_t *out, chunk_t v)
+ uint64_t *out, chunk_t v)
{
char buf[16], *end;
unsigned long long l;
@@ -968,7 +971,7 @@ CALLBACK(parse_mark, bool,
* Parse TFC padding option
*/
CALLBACK(parse_tfc, bool,
- u_int32_t *out, chunk_t v)
+ uint32_t *out, chunk_t v)
{
if (chunk_equals(v, chunk_from_str("mtu")))
{
@@ -1327,29 +1330,31 @@ CALLBACK(child_kv, bool,
child_data_t *child, vici_message_t *message, char *name, chunk_t value)
{
parse_rule_t rules[] = {
- { "updown", parse_string, &child->updown },
- { "hostaccess", parse_bool, &child->hostaccess },
- { "mode", parse_mode, &child->mode },
- { "policies", parse_bool, &child->policies },
- { "replay_window", parse_uint32, &child->replay_window },
- { "rekey_time", parse_time, &child->lft.time.rekey },
- { "life_time", parse_time, &child->lft.time.life },
- { "rand_time", parse_time, &child->lft.time.jitter },
- { "rekey_bytes", parse_bytes, &child->lft.bytes.rekey },
- { "life_bytes", parse_bytes, &child->lft.bytes.life },
- { "rand_bytes", parse_bytes, &child->lft.bytes.jitter },
- { "rekey_packets", parse_uint64, &child->lft.packets.rekey },
- { "life_packets", parse_uint64, &child->lft.packets.life },
- { "rand_packets", parse_uint64, &child->lft.packets.jitter },
- { "dpd_action", parse_action, &child->dpd_action },
- { "start_action", parse_action, &child->start_action },
- { "close_action", parse_action, &child->close_action },
- { "ipcomp", parse_bool, &child->ipcomp },
- { "inactivity", parse_time, &child->inactivity },
- { "reqid", parse_uint32, &child->reqid },
- { "mark_in", parse_mark, &child->mark_in },
- { "mark_out", parse_mark, &child->mark_out },
- { "tfc_padding", parse_tfc, &child->tfc },
+ { "updown", parse_string, &child->cfg.updown },
+ { "hostaccess", parse_bool, &child->cfg.hostaccess },
+ { "mode", parse_mode, &child->cfg.mode },
+ { "policies", parse_bool, &child->policies },
+ { "replay_window", parse_uint32, &child->replay_window },
+ { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey },
+ { "life_time", parse_time, &child->cfg.lifetime.time.life },
+ { "rand_time", parse_time, &child->cfg.lifetime.time.jitter },
+ { "rekey_bytes", parse_bytes, &child->cfg.lifetime.bytes.rekey },
+ { "life_bytes", parse_bytes, &child->cfg.lifetime.bytes.life },
+ { "rand_bytes", parse_bytes, &child->cfg.lifetime.bytes.jitter },
+ { "rekey_packets", parse_uint64, &child->cfg.lifetime.packets.rekey },
+ { "life_packets", parse_uint64, &child->cfg.lifetime.packets.life },
+ { "rand_packets", parse_uint64, &child->cfg.lifetime.packets.jitter },
+ { "dpd_action", parse_action, &child->cfg.dpd_action },
+ { "start_action", parse_action, &child->cfg.start_action },
+ { "close_action", parse_action, &child->cfg.close_action },
+ { "ipcomp", parse_bool, &child->cfg.ipcomp },
+ { "inactivity", parse_time, &child->cfg.inactivity },
+ { "reqid", parse_uint32, &child->cfg.reqid },
+ { "mark_in", parse_mark, &child->cfg.mark_in },
+ { "mark_out", parse_mark, &child->cfg.mark_out },
+ { "tfc_padding", parse_tfc, &child->cfg.tfc },
+ { "priority", parse_uint32, &child->cfg.priority },
+ { "interface", parse_string, &child->cfg.interface },
};
return parse_rules(rules, countof(rules), name, value,
@@ -1430,6 +1435,42 @@ CALLBACK(peer_kv, bool,
&peer->request->reply);
}
+/**
+ * Check and update lifetimes
+ */
+static void check_lifetimes(lifetime_cfg_t *lft)
+{
+ /* if no hard lifetime specified, add one at soft lifetime + 10% */
+ if (lft->time.life == LFT_UNDEFINED)
+ {
+ lft->time.life = lft->time.rekey * 110 / 100;
+ }
+ if (lft->bytes.life == LFT_UNDEFINED)
+ {
+ lft->bytes.life = lft->bytes.rekey * 110 / 100;
+ }
+ if (lft->packets.life == LFT_UNDEFINED)
+ {
+ lft->packets.life = lft->packets.rekey * 110 / 100;
+ }
+ /* if no rand time defined, use difference of hard and soft */
+ if (lft->time.jitter == LFT_UNDEFINED)
+ {
+ lft->time.jitter = lft->time.life -
+ min(lft->time.life, lft->time.rekey);
+ }
+ if (lft->bytes.jitter == LFT_UNDEFINED)
+ {
+ lft->bytes.jitter = lft->bytes.life -
+ min(lft->bytes.life, lft->bytes.rekey);
+ }
+ if (lft->packets.jitter == LFT_UNDEFINED)
+ {
+ lft->packets.jitter = lft->packets.life -
+ min(lft->packets.life, lft->packets.rekey);
+ }
+}
+
CALLBACK(children_sn, bool,
peer_data_t *peer, vici_message_t *message, vici_parse_context_t *ctx,
char *name)
@@ -1439,29 +1480,28 @@ CALLBACK(children_sn, bool,
.proposals = linked_list_create(),
.local_ts = linked_list_create(),
.remote_ts = linked_list_create(),
- .mode = MODE_TUNNEL,
.policies = TRUE,
.replay_window = REPLAY_UNDEFINED,
- .dpd_action = ACTION_NONE,
- .start_action = ACTION_NONE,
- .close_action = ACTION_NONE,
- .lft = {
- .time = {
- .rekey = LFT_DEFAULT_CHILD_REKEY,
- .life = LFT_UNDEFINED,
- .jitter = LFT_UNDEFINED,
- },
- .bytes = {
- .rekey = LFT_UNDEFINED,
- .life = LFT_UNDEFINED,
- .jitter = LFT_UNDEFINED,
+ .cfg = {
+ .mode = MODE_TUNNEL,
+ .lifetime = {
+ .time = {
+ .rekey = LFT_DEFAULT_CHILD_REKEY_TIME,
+ .life = LFT_UNDEFINED,
+ .jitter = LFT_UNDEFINED,
+ },
+ .bytes = {
+ .rekey = LFT_DEFAULT_CHILD_REKEY_BYTES,
+ .life = LFT_UNDEFINED,
+ .jitter = LFT_UNDEFINED,
+ },
+ .packets = {
+ .rekey = LFT_DEFAULT_CHILD_REKEY_PACKETS,
+ .life = LFT_UNDEFINED,
+ .jitter = LFT_UNDEFINED,
+ },
},
- .packets = {
- .rekey = LFT_UNDEFINED,
- .life = LFT_UNDEFINED,
- .jitter = LFT_UNDEFINED,
- },
- }
+ },
};
child_cfg_t *cfg;
proposal_t *proposal;
@@ -1496,55 +1536,13 @@ CALLBACK(children_sn, bool,
child.proposals->insert_last(child.proposals, proposal);
}
}
+ child.cfg.suppress_policies = !child.policies;
- /* if no hard lifetime specified, add one at soft lifetime + 10% */
- if (child.lft.time.life == LFT_UNDEFINED)
- {
- child.lft.time.life = child.lft.time.rekey * 110 / 100;
- }
- if (child.lft.bytes.life == LFT_UNDEFINED)
- {
- child.lft.bytes.life = child.lft.bytes.rekey * 110 / 100;
- }
- if (child.lft.packets.life == LFT_UNDEFINED)
- {
- child.lft.packets.life = child.lft.packets.rekey * 110 / 100;
- }
- /* if no soft lifetime specified, add one at hard lifetime - 10% */
- if (child.lft.bytes.rekey == LFT_UNDEFINED)
- {
- child.lft.bytes.rekey = child.lft.bytes.life * 90 / 100;
- }
- if (child.lft.packets.rekey == LFT_UNDEFINED)
- {
- child.lft.packets.rekey = child.lft.packets.life * 90 / 100;
- }
- /* if no rand time defined, use difference of hard and soft */
- if (child.lft.time.jitter == LFT_UNDEFINED)
- {
- child.lft.time.jitter = child.lft.time.life -
- min(child.lft.time.life, child.lft.time.rekey);
- }
- if (child.lft.bytes.jitter == LFT_UNDEFINED)
- {
- child.lft.bytes.jitter = child.lft.bytes.life -
- min(child.lft.bytes.life, child.lft.bytes.rekey);
- }
- if (child.lft.packets.jitter == LFT_UNDEFINED)
- {
- child.lft.packets.jitter = child.lft.packets.life -
- min(child.lft.packets.life, child.lft.packets.rekey);
- }
+ check_lifetimes(&child.cfg.lifetime);
log_child_data(&child, name);
- cfg = child_cfg_create(name, &child.lft, child.updown,
- child.hostaccess, child.mode, child.start_action,
- child.dpd_action, child.close_action, child.ipcomp,
- child.inactivity, child.reqid, &child.mark_in,
- &child.mark_out, child.tfc);
-
- cfg->set_mipv6_options(cfg, FALSE, child.policies);
+ cfg = child_cfg_create(name, &child.cfg);
if (child.replay_window != REPLAY_UNDEFINED)
{
@@ -1649,12 +1647,12 @@ CALLBACK(peer_sn, bool,
/**
* Find reqid of an existing CHILD_SA
*/
-static u_int32_t find_reqid(child_cfg_t *cfg)
+static uint32_t find_reqid(child_cfg_t *cfg)
{
enumerator_t *enumerator, *children;
child_sa_t *child_sa;
ike_sa_t *ike_sa;
- u_int32_t reqid;
+ uint32_t reqid;
reqid = charon->traps->find_reqid(charon->traps, cfg);
if (reqid)
@@ -1723,7 +1721,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
enumerator_t *enumerator, *children;
child_sa_t *child_sa;
ike_sa_t *ike_sa;
- u_int32_t id = 0, others;
+ uint32_t id = 0, others;
array_t *ids = NULL, *ikeids = NULL;
char *name;
@@ -1987,6 +1985,7 @@ CALLBACK(config_sn, bool,
.rand_time = LFT_UNDEFINED,
};
enumerator_t *enumerator;
+ peer_cfg_create_t cfg;
peer_cfg_t *peer_cfg;
ike_cfg_t *ike_cfg;
child_cfg_t *child_cfg;
@@ -2046,7 +2045,7 @@ CALLBACK(config_sn, bool,
if (peer.rekey_time == LFT_UNDEFINED && peer.reauth_time == LFT_UNDEFINED)
{
/* apply a default rekey time if no rekey/reauth time set */
- peer.rekey_time = LFT_DEFAULT_IKE_REKEY;
+ peer.rekey_time = LFT_DEFAULT_IKE_REKEY_TIME;
peer.reauth_time = 0;
}
if (peer.rekey_time == LFT_UNDEFINED)
@@ -2083,12 +2082,22 @@ CALLBACK(config_sn, bool,
peer.local_addrs, peer.local_port,
peer.remote_addrs, peer.remote_port,
peer.fragmentation, 0);
- peer_cfg = peer_cfg_create(name, ike_cfg, peer.send_cert, peer.unique,
- peer.keyingtries, peer.rekey_time, peer.reauth_time,
- peer.rand_time, peer.over_time, peer.mobike,
- peer.aggressive, peer.pull,
- peer.dpd_delay, peer.dpd_timeout,
- FALSE, NULL, NULL);
+
+ cfg = (peer_cfg_create_t){
+ .cert_policy = peer.send_cert,
+ .unique = peer.unique,
+ .keyingtries = peer.keyingtries,
+ .rekey_time = peer.rekey_time,
+ .reauth_time = peer.reauth_time,
+ .jitter_time = peer.rand_time,
+ .over_time = peer.over_time,
+ .no_mobike = !peer.mobike,
+ .aggressive = peer.aggressive,
+ .push_mode = !peer.pull,
+ .dpd = peer.dpd_delay,
+ .dpd_timeout = peer.dpd_timeout,
+ };
+ peer_cfg = peer_cfg_create(name, ike_cfg, &cfg);
while (peer.local->remove_first(peer.local,
(void**)&auth) == SUCCESS)
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index c526d2fda..44003819a 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -507,12 +507,12 @@ CALLBACK(redirect, vici_message_t*,
/**
* Find reqid of an existing CHILD_SA
*/
-static u_int32_t find_reqid(child_cfg_t *cfg)
+static uint32_t find_reqid(child_cfg_t *cfg)
{
enumerator_t *enumerator, *children;
child_sa_t *child_sa;
ike_sa_t *ike_sa;
- u_int32_t reqid;
+ uint32_t reqid;
reqid = charon->traps->find_reqid(charon->traps, cfg);
if (reqid)
@@ -583,7 +583,7 @@ CALLBACK(uninstall, vici_message_t*,
{
child_sa_t *child_sa;
enumerator_t *enumerator;
- u_int32_t reqid = 0;
+ uint32_t reqid = 0;
char *child;
child = request->get_str(request, NULL, "child");
diff --git a/src/libcharon/plugins/vici/vici_dispatcher.c b/src/libcharon/plugins/vici/vici_dispatcher.c
index 31292d6b3..ffe0d61e5 100644
--- a/src/libcharon/plugins/vici/vici_dispatcher.c
+++ b/src/libcharon/plugins/vici/vici_dispatcher.c
@@ -119,10 +119,10 @@ static void send_op(private_vici_dispatcher_t *this, u_int id,
bio_writer_t *writer;
u_int len;
- len = sizeof(u_int8_t);
+ len = sizeof(uint8_t);
if (name)
{
- len += sizeof(u_int8_t) + strlen(name);
+ len += sizeof(uint8_t) + strlen(name);
}
if (message)
{
@@ -308,7 +308,7 @@ CALLBACK(inbound, void,
{
bio_reader_t *reader;
chunk_t chunk;
- u_int8_t type;
+ uint8_t type;
char name[257];
reader = bio_reader_create(data);
diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c
index fb6e8a1ab..58b896773 100644
--- a/src/libcharon/plugins/vici/vici_message.c
+++ b/src/libcharon/plugins/vici/vici_message.c
@@ -137,7 +137,7 @@ typedef struct {
METHOD(enumerator_t, parse_enumerate, bool,
parse_enumerator_t *this, vici_type_t *out, char **name, chunk_t *value)
{
- u_int8_t type;
+ uint8_t type;
chunk_t data;
if (!this->reader->remaining(this->reader) ||
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 284c23ee0..04cea004e 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -86,8 +86,8 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b,
child_sa_t *child, time_t now)
{
time_t t;
- u_int64_t bytes, packets;
- u_int16_t alg, ks;
+ uint64_t bytes, packets;
+ uint16_t alg, ks;
proposal_t *proposal;
enumerator_t *enumerator;
traffic_selector_t *ts;
@@ -152,7 +152,7 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b,
b->add_kv(b, "packets-in", "%" PRIu64, packets);
if (t)
{
- b->add_kv(b, "use-in", "%"PRIu64, (u_int64_t)(now - t));
+ b->add_kv(b, "use-in", "%"PRIu64, (uint64_t)(now - t));
}
child->get_usestats(child, FALSE, &t, &bytes, &packets);
@@ -160,7 +160,7 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b,
b->add_kv(b, "packets-out", "%"PRIu64, packets);
if (t)
{
- b->add_kv(b, "use-out", "%"PRIu64, (u_int64_t)(now - t));
+ b->add_kv(b, "use-out", "%"PRIu64, (uint64_t)(now - t));
}
t = child->get_lifetime(child, FALSE);
@@ -272,7 +272,7 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
ike_sa_id_t *id;
identification_t *eap;
proposal_t *proposal;
- u_int16_t alg, ks;
+ uint16_t alg, ks;
host_t *host;
b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa));
@@ -682,9 +682,11 @@ CALLBACK(list_conns, vici_message_t*,
peer_cfg_t *peer_cfg;
ike_cfg_t *ike_cfg;
child_cfg_t *child_cfg;
- char *ike, *str;
+ char *ike, *str, *interface;
+ uint32_t manual_prio;
linked_list_t *list;
traffic_selector_t *ts;
+ lifetime_cfg_t *lft;
vici_builder_t *b;
ike = request->get_str(request, NULL, "ike");
@@ -725,6 +727,10 @@ CALLBACK(list_conns, vici_message_t*,
b->add_kv(b, "version", "%N", ike_version_names,
peer_cfg->get_ike_version(peer_cfg));
+ b->add_kv(b, "reauth_time", "%u",
+ peer_cfg->get_reauth_time(peer_cfg, FALSE));
+ b->add_kv(b, "rekey_time", "%u",
+ peer_cfg->get_rekey_time(peer_cfg, FALSE));
build_auth_cfgs(peer_cfg, TRUE, b);
build_auth_cfgs(peer_cfg, FALSE, b);
@@ -739,6 +745,12 @@ CALLBACK(list_conns, vici_message_t*,
b->add_kv(b, "mode", "%N", ipsec_mode_names,
child_cfg->get_mode(child_cfg));
+ lft = child_cfg->get_lifetime(child_cfg, FALSE);
+ b->add_kv(b, "rekey_time", "%"PRIu64, lft->time.rekey);
+ b->add_kv(b, "rekey_bytes", "%"PRIu64, lft->bytes.rekey);
+ b->add_kv(b, "rekey_packets", "%"PRIu64, lft->packets.rekey);
+ free(lft);
+
b->begin_list(b, "local-ts");
list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
selectors = list->create_enumerator(list);
@@ -761,6 +773,18 @@ CALLBACK(list_conns, vici_message_t*,
list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
b->end_list(b /* remote-ts */);
+ interface = child_cfg->get_interface(child_cfg);
+ if (interface)
+ {
+ b->add_kv(b, "interface", "%s", interface);
+ }
+
+ manual_prio = child_cfg->get_manual_prio(child_cfg);
+ if (manual_prio)
+ {
+ b->add_kv(b, "priority", "%u", manual_prio);
+ }
+
b->end_section(b);
}
children->destroy(children);
diff --git a/src/libcharon/plugins/vici/vici_socket.c b/src/libcharon/plugins/vici/vici_socket.c
index 67fd7e8e3..2a55fd061 100644
--- a/src/libcharon/plugins/vici/vici_socket.c
+++ b/src/libcharon/plugins/vici/vici_socket.c
@@ -95,11 +95,11 @@ typedef struct {
/** bytes of length header sent/received */
u_char hdrlen;
/** bytes of length header */
- char hdr[sizeof(u_int32_t)];
+ char hdr[sizeof(uint32_t)];
/** send/receive buffer on heap */
chunk_t buf;
/** bytes sent/received in buffer */
- u_int32_t done;
+ uint32_t done;
} msg_buf_t;
/**
@@ -411,7 +411,7 @@ CALLBACK(on_write, bool,
static bool do_read(private_vici_socket_t *this, entry_t *entry,
stream_t *stream, char *errmsg, size_t errlen)
{
- u_int32_t msglen;
+ uint32_t msglen;
ssize_t len;
/* assemble the length header first */
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 14:09:34 +0000