summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/vici
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2018-06-04 09:59:21 +0200
committerYves-Alexis Perez <corsac@debian.org>2018-06-04 09:59:21 +0200
commit51a71ee15c1bcf0e82f363a16898f571e211f9c3 (patch)
tree2a03e117d072c55cfe2863d26b73e64d933e7ad8 /src/libcharon/plugins/vici
parent7793611ee71b576dd9c66dee327349fa64e38740 (diff)
downloadvyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.tar.gz
vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.zip
New upstream version 5.6.3
Diffstat (limited to 'src/libcharon/plugins/vici')
-rw-r--r--src/libcharon/plugins/vici/README.md4
-rw-r--r--src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm23
-rw-r--r--src/libcharon/plugins/vici/ruby/Makefile.in2
-rw-r--r--src/libcharon/plugins/vici/suites/test_message.c2
-rw-r--r--src/libcharon/plugins/vici/vici_attribute.c2
-rw-r--r--src/libcharon/plugins/vici/vici_config.c96
-rw-r--r--src/libcharon/plugins/vici/vici_control.c95
-rw-r--r--src/libcharon/plugins/vici/vici_message.c2
-rw-r--r--src/libcharon/plugins/vici/vici_message.h2
9 files changed, 64 insertions, 164 deletions
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 49cce379d..0038f0844 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -279,7 +279,9 @@ Terminates an SA while streaming _control-log_ events.
ike = <terminate an IKE_SA by configuration name>
child-id = <terminate a CHILD_SA by its reqid>
ike-id = <terminate an IKE_SA by its unique id>
- timeout = <timeout in ms before returning>
+ force = <terminate IKE_SA without waiting for proper DELETE, if timeout
+ is given, waits for a response until it is reached>
+ timeout = <timeout in ms before returning, see below>
loglevel = <loglevel to issue "control-log" events for>
} => {
success = <yes or no>
diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm
index 6524bf76d..b0a7b6285 100644
--- a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm
+++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm
@@ -22,12 +22,27 @@ sub send {
sub receive {
my $self = shift;
my $packet_header;
- my $data;
- $self->{'Socket'}->recv($packet_header, 4);
+ $packet_header = $self->_recv_all(4);
my $packet_len = unpack('N', $packet_header);
- $self->{'Socket'}->recv($data, $packet_len);
- return $data;
+ return $self->_recv_all($packet_len);
+}
+
+sub _recv_all {
+ my ($self, $len) = @_;
+ my $data;
+
+ while ($len)
+ {
+ my $buf;
+ unless (defined $self->{'Socket'}->recv($buf, $len))
+ {
+ die "error reading from socket\n";
+ }
+ $len -= length($buf);
+ $data .= $buf;
+ }
+ return $data;
}
1;
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
index 6d29988db..ff4e07d2d 100644
--- a/src/libcharon/plugins/vici/ruby/Makefile.in
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -476,8 +476,8 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-@RUBY_GEMS_INSTALL_FALSE@install-data-local:
@RUBY_GEMS_INSTALL_FALSE@uninstall-local:
+@RUBY_GEMS_INSTALL_FALSE@install-data-local:
clean: clean-am
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
diff --git a/src/libcharon/plugins/vici/suites/test_message.c b/src/libcharon/plugins/vici/suites/test_message.c
index 73bba239b..1a4af9005 100644
--- a/src/libcharon/plugins/vici/suites/test_message.c
+++ b/src/libcharon/plugins/vici/suites/test_message.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c
index ab765fa14..4d174253d 100644
--- a/src/libcharon/plugins/vici/vici_attribute.c
+++ b/src/libcharon/plugins/vici/vici_attribute.c
@@ -249,7 +249,7 @@ static bool have_vips_from_pool(mem_pool_t *pool, linked_list_t *vips)
{
end = chunk_clone(start);
- /* mem_pool is currenty limited to 2^31 addresses, so 32-bit
+ /* mem_pool is currently limited to 2^31 addresses, so 32-bit
* calculations should be sufficient. */
size = untoh32(start.ptr + start.len - sizeof(size));
htoun32(end.ptr + end.len - sizeof(size), size + pool->get_size(pool));
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index e0e2955e2..f4e9e33ee 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -112,7 +112,7 @@ struct private_vici_config_t {
rwlock_t *lock;
/**
- * Condvar used to snyc running actions
+ * Condvar used to sync running actions
*/
rwlock_condvar_t *condvar;
@@ -533,7 +533,7 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " proposals = %#P", data->proposals);
DBG2(DBG_CFG, " local_ts = %#R", data->local_ts);
DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts);
- DBG2(DBG_CFG, " hw_offload = %u", has_opt(OPT_HW_OFFLOAD));
+ DBG2(DBG_CFG, " hw_offload = %N", hw_offload_names, cfg->hw_offload);
DBG2(DBG_CFG, " sha256_96 = %u", has_opt(OPT_SHA256_96));
}
@@ -892,14 +892,6 @@ CALLBACK(parse_opt_ipcomp, bool,
return parse_option(out, OPT_IPCOMP, v);
}
-/**
- * Parse OPT_HW_OFFLOAD option
- */
-CALLBACK(parse_opt_hw_offl, bool,
- child_cfg_option_t *out, chunk_t v)
-{
- return parse_option(out, OPT_HW_OFFLOAD, v);
-}
/**
* Parse OPT_SHA256_96 option
@@ -944,6 +936,27 @@ CALLBACK(parse_action, bool,
}
/**
+ * Parse an hw_offload_t
+ */
+CALLBACK(parse_hw_offload, bool,
+ action_t *out, chunk_t v)
+{
+ enum_map_t map[] = {
+ { "no", HW_OFFLOAD_NO },
+ { "yes", HW_OFFLOAD_YES },
+ { "auto", HW_OFFLOAD_AUTO },
+ };
+ int d;
+
+ if (parse_map(map, countof(map), &d, v))
+ {
+ *out = d;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
* Parse a uint32_t with the given base
*/
static bool parse_uint32_base(uint32_t *out, chunk_t v, int base)
@@ -1578,7 +1591,7 @@ CALLBACK(child_kv, bool,
{ "tfc_padding", parse_tfc, &child->cfg.tfc },
{ "priority", parse_uint32, &child->cfg.priority },
{ "interface", parse_string, &child->cfg.interface },
- { "hw_offload", parse_opt_hw_offl, &child->cfg.options },
+ { "hw_offload", parse_hw_offload, &child->cfg.hw_offload },
{ "sha256_96", parse_opt_sha256_96,&child->cfg.options },
};
@@ -1954,41 +1967,6 @@ CALLBACK(peer_sn, bool,
}
/**
- * Find reqid of an existing CHILD_SA
- */
-static uint32_t find_reqid(child_cfg_t *cfg)
-{
- enumerator_t *enumerator, *children;
- child_sa_t *child_sa;
- ike_sa_t *ike_sa;
- uint32_t reqid;
-
- reqid = charon->traps->find_reqid(charon->traps, cfg);
- if (reqid)
- { /* already trapped */
- return reqid;
- }
-
- enumerator = charon->controller->create_ike_sa_enumerator(
- charon->controller, TRUE);
- while (!reqid && enumerator->enumerate(enumerator, &ike_sa))
- {
- children = ike_sa->create_child_sa_enumerator(ike_sa);
- while (children->enumerate(children, &child_sa))
- {
- if (streq(cfg->get_name(cfg), child_sa->get_name(child_sa)))
- {
- reqid = child_sa->get_reqid(child_sa);
- break;
- }
- }
- children->destroy(children);
- }
- enumerator->destroy(enumerator);
- return reqid;
-}
-
-/**
* Perform start actions associated with a child config
*/
static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
@@ -2012,8 +1990,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
peer_cfg->get_name(peer_cfg), child_cfg);
break;
default:
- charon->traps->install(charon->traps, peer_cfg, child_cfg,
- find_reqid(child_cfg));
+ charon->traps->install(charon->traps, peer_cfg, child_cfg);
break;
}
break;
@@ -2030,7 +2007,6 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
{
enumerator_t *enumerator, *children;
child_sa_t *child_sa;
- peer_cfg_t *peer_cfg;
ike_sa_t *ike_sa;
uint32_t id = 0, others;
array_t *ids = NULL, *ikeids = NULL;
@@ -2053,7 +2029,8 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
children = ike_sa->create_child_sa_enumerator(ike_sa);
while (children->enumerate(children, &child_sa))
{
- if (child_sa->get_state(child_sa) != CHILD_DELETING)
+ if (child_sa->get_state(child_sa) != CHILD_DELETING &&
+ child_sa->get_state(child_sa) != CHILD_DELETED)
{
if (streq(name, child_sa->get_name(child_sa)))
{
@@ -2106,7 +2083,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
while (array_remove(ikeids, ARRAY_HEAD, &id))
{
DBG1(DBG_CFG, "closing IKE_SA #%u", id);
- charon->controller->terminate_ike(charon->controller,
+ charon->controller->terminate_ike(charon->controller, FALSE,
id, NULL, NULL, 0);
}
array_destroy(ikeids);
@@ -2121,22 +2098,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
charon->shunts->uninstall(charon->shunts, peer_name, name);
break;
default:
- enumerator = charon->traps->create_enumerator(charon->traps);
- while (enumerator->enumerate(enumerator, &peer_cfg,
- &child_sa))
- {
- if (streq(peer_name, peer_cfg->get_name(peer_cfg)) &&
- streq(name, child_sa->get_name(child_sa)))
- {
- id = child_sa->get_reqid(child_sa);
- break;
- }
- }
- enumerator->destroy(enumerator);
- if (id)
- {
- charon->traps->uninstall(charon->traps, id);
- }
+ charon->traps->uninstall(charon->traps, peer_name, name);
break;
}
break;
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index afee649f7..ce19608dc 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -225,6 +225,7 @@ CALLBACK(terminate, vici_message_t*,
enumerator_t *enumerator, *isas, *csas;
char *child, *ike, *errmsg = NULL;
u_int child_id, ike_id, current, *del, done = 0;
+ bool force;
int timeout;
ike_sa_t *ike_sa;
child_sa_t *child_sa;
@@ -240,6 +241,7 @@ CALLBACK(terminate, vici_message_t*,
ike = request->get_str(request, NULL, "ike");
child_id = request->get_int(request, 0, "child-id");
ike_id = request->get_int(request, 0, "ike-id");
+ force = request->get_bool(request, FALSE, "force");
timeout = request->get_int(request, 0, "timeout");
log.level = request->get_int(request, 1, "loglevel");
@@ -326,7 +328,7 @@ CALLBACK(terminate, vici_message_t*,
}
else
{
- if (charon->controller->terminate_ike(charon->controller, *del,
+ if (charon->controller->terminate_ike(charon->controller, *del, force,
log_cb, &log, timeout) == SUCCESS)
{
done++;
@@ -601,41 +603,6 @@ CALLBACK(redirect, vici_message_t*,
return builder->finalize(builder);
}
-/**
- * Find reqid of an existing CHILD_SA
- */
-static uint32_t find_reqid(child_cfg_t *cfg)
-{
- enumerator_t *enumerator, *children;
- child_sa_t *child_sa;
- ike_sa_t *ike_sa;
- uint32_t reqid;
-
- reqid = charon->traps->find_reqid(charon->traps, cfg);
- if (reqid)
- { /* already trapped */
- return reqid;
- }
-
- enumerator = charon->controller->create_ike_sa_enumerator(
- charon->controller, TRUE);
- while (!reqid && enumerator->enumerate(enumerator, &ike_sa))
- {
- children = ike_sa->create_child_sa_enumerator(ike_sa);
- while (children->enumerate(children, &child_sa))
- {
- if (streq(cfg->get_name(cfg), child_sa->get_name(child_sa)))
- {
- reqid = child_sa->get_reqid(child_sa);
- break;
- }
- }
- children->destroy(children);
- }
- enumerator->destroy(enumerator);
- return reqid;
-}
-
CALLBACK(install, vici_message_t*,
private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
{
@@ -666,8 +633,7 @@ CALLBACK(install, vici_message_t*,
peer_cfg->get_name(peer_cfg), child_cfg);
break;
default:
- ok = charon->traps->install(charon->traps, peer_cfg, child_cfg,
- find_reqid(child_cfg));
+ ok = charon->traps->install(charon->traps, peer_cfg, child_cfg);
break;
}
peer_cfg->destroy(peer_cfg);
@@ -679,12 +645,7 @@ CALLBACK(install, vici_message_t*,
CALLBACK(uninstall, vici_message_t*,
private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
{
- peer_cfg_t *peer_cfg;
- child_cfg_t *child_cfg;
- child_sa_t *child_sa;
- enumerator_t *enumerator;
- uint32_t reqid = 0;
- char *child, *ike, *ns;
+ char *child, *ike;
child = request->get_str(request, NULL, "child");
ike = request->get_str(request, NULL, "ike");
@@ -695,53 +656,13 @@ CALLBACK(uninstall, vici_message_t*,
DBG1(DBG_CFG, "vici uninstall '%s'", child);
- if (!ike)
- {
- enumerator = charon->shunts->create_enumerator(charon->shunts);
- while (enumerator->enumerate(enumerator, &ns, &child_cfg))
- {
- if (ns && streq(child, child_cfg->get_name(child_cfg)))
- {
- ike = strdup(ns);
- break;
- }
- }
- enumerator->destroy(enumerator);
- if (ike)
- {
- if (charon->shunts->uninstall(charon->shunts, ike, child))
- {
- free(ike);
- return send_reply(this, NULL);
- }
- free(ike);
- return send_reply(this, "uninstalling policy '%s' failed", child);
- }
- }
- else if (charon->shunts->uninstall(charon->shunts, ike, child))
+ if (charon->shunts->uninstall(charon->shunts, ike, child))
{
return send_reply(this, NULL);
}
-
- enumerator = charon->traps->create_enumerator(charon->traps);
- while (enumerator->enumerate(enumerator, &peer_cfg, &child_sa))
+ else if (charon->traps->uninstall(charon->traps, ike, child))
{
- if ((!ike || streq(ike, peer_cfg->get_name(peer_cfg))) &&
- streq(child, child_sa->get_name(child_sa)))
- {
- reqid = child_sa->get_reqid(child_sa);
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (reqid)
- {
- if (charon->traps->uninstall(charon->traps, reqid))
- {
- return send_reply(this, NULL);
- }
- return send_reply(this, "uninstalling policy '%s' failed", child);
+ return send_reply(this, NULL);
}
return send_reply(this, "policy '%s' not found", child);
}
diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c
index 91d344994..13761f59d 100644
--- a/src/libcharon/plugins/vici/vici_message.c
+++ b/src/libcharon/plugins/vici/vici_message.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
diff --git a/src/libcharon/plugins/vici/vici_message.h b/src/libcharon/plugins/vici/vici_message.h
index d47e7a0f9..1e1a2a463 100644
--- a/src/libcharon/plugins/vici/vici_message.h
+++ b/src/libcharon/plugins/vici/vici_message.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG