Imported Upstream version 5.5.0

author: Yves-Alexis Perez <corsac@debian.org> 2016-07-16 15:19:53 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2016-07-16 15:19:53 +0200
commit: bf372706c469764d59e9f29c39e3ecbebd72b8d2 (patch)
tree: 0f0e296e2d50e4a7faf99ae6fa428d2681e81ea1 /src/swanctl/commands/list_conns.c
parent: 518dd33c94e041db0444c7d1f33da363bb8e3faf (diff)
download: vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.tar.gz
vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.zip
1 files changed, 108 insertions, 4 deletions
diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c
index 019c88888..19e7050da 100644
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@@ -2,6 +2,9 @@
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  *
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
  * Free Software Foundation; either version 2 of the License, or (at your
@@ -80,15 +83,64 @@ CALLBACK(children_sn, int,
 	hashtable_t *ike, vici_res_t *res, char *name)
 {
 	hashtable_t *child;
+	char *mode, *interface, *priority;
+	char *rekey_time, *rekey_bytes, *rekey_packets;
+	bool no_time, no_bytes, no_packets, or = FALSE;
 	int ret;
 
 	child = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
 	ret = vici_parse_cb(res, NULL, values, list, child);
 	if (ret == 0)
 	{
-		printf("  %s: %s\n", name, child->get(child, "mode"));
+		mode = child->get(child, "mode");
+		printf("  %s: %s, ", name, mode);
+
+		rekey_time    = child->get(child, "rekey_time");
+		rekey_bytes   = child->get(child, "rekey_bytes");
+		rekey_packets = child->get(child, "rekey_packets");
+		no_time    = streq(rekey_time, "0");
+		no_bytes   = streq(rekey_bytes, "0");
+		no_packets = streq(rekey_packets, "0");
+
+		if (strcaseeq(mode, "PASS") || strcaseeq(mode, "DROP") ||
+		   (no_time && no_bytes && no_packets))
+		{
+			printf("no rekeying\n");
+		}
+		else
+		{
+			printf("rekeying every");
+			if (!no_time)
+			{
+				printf(" %ss", rekey_time);
+				or = TRUE;
+			}
+			if (!no_bytes)
+			{
+				printf("%s %s bytes", or ? " or" : "", rekey_bytes);
+				or = TRUE;
+			}
+			if (!no_packets)
+			{
+				printf("%s %s packets", or ? " or" : "", rekey_packets);
+			}
+			printf("\n");
+		}
+
 		printf("    local:  %s\n", child->get(child, "local-ts"));
 		printf("    remote: %s\n", child->get(child, "remote-ts"));
+
+		interface = child->get(child, "interface");
+		if (interface)
+		{
+			printf("    interface: %s\n", interface);
+		}
+
+		priority = child->get(child, "priority");
+		if (priority)
+		{
+			printf("    priority: %s\n", priority);
+		}
 	}
 	free_hashtable(child);
 	return ret;
@@ -106,18 +158,35 @@ CALLBACK(conn_sn, int,
 	if (strpfx(name, "local") || strpfx(name, "remote"))
 	{
 		hashtable_t *auth;
+		char *class;
 
 		auth = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
 		ret = vici_parse_cb(res, NULL, values, list, auth);
 		if (ret == 0)
 		{
+			class = auth->get(auth, "class") ?: "unspecified";
+			if (strcaseeq(class, "EAP"))
+			{
+				class = auth->get(auth, "eap-type") ?: class;
+			}
 			printf("  %s %s authentication:\n",
-				strpfx(name, "local") ? "local" : "remote",
-				auth->get(auth, "class") ?: "unspecified");
+				strpfx(name, "local") ? "local" : "remote", class);
 			if (auth->get(auth, "id"))
 			{
 				printf("    id: %s\n", auth->get(auth, "id"));
 			}
+			if (auth->get(auth, "eap_id"))
+			{
+				printf("    eap_id: %s\n", auth->get(auth, "eap_id"));
+			}
+			if (auth->get(auth, "xauth_id"))
+			{
+				printf("    xauth_id: %s\n", auth->get(auth, "xauth_id"));
+			}
+			if (auth->get(auth, "aaa_id"))
+			{
+				printf("    aaa_id: %s\n", auth->get(auth, "aaa_id"));
+			}
 			if (auth->get(auth, "groups"))
 			{
 				printf("    groups: %s\n", auth->get(auth, "groups"));
@@ -156,8 +225,43 @@ CALLBACK(conn_list, int,
 CALLBACK(conns, int,
 	void *null, vici_res_t *res, char *name)
 {
-	printf("%s: %s\n", name, vici_find_str(res, "", "%s.version", name));
+	char *version, *reauth_time, *rekey_time;
+
+	version     = vici_find_str(res, "", "%s.version", name);
+	reauth_time = vici_find_str(res, "", "%s.reauth_time", name);
+	rekey_time  = vici_find_str(res, "", "%s.rekey_time", name);
 
+	printf("%s: %s, ", name, version);
+	if (streq(version, "IKEv1"))
+	{
+		if (streq(reauth_time, "0"))
+		{
+			reauth_time = rekey_time;
+		}
+	}
+	if (streq(reauth_time, "0"))
+	{
+		printf("no reauthentication");
+	}
+	else
+	{
+		printf("reauthentication every %ss", reauth_time);
+	}
+	if (streq(version, "IKEv1"))
+	{
+		printf("\n");
+	}
+	else
+	{
+		if (streq(rekey_time, "0"))
+		{
+			printf(", no rekeying\n");
+		}
+		else
+		{
+			printf(", rekeying every %ss\n", rekey_time);
+		}
+	}
 	return vici_parse_cb(res, conn_sn, NULL, conn_list, NULL);
 }
author	Yves-Alexis Perez <corsac@debian.org>	2016-07-16 15:19:53 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2016-07-16 15:19:53 +0200
commit	bf372706c469764d59e9f29c39e3ecbebd72b8d2 (patch)
tree	0f0e296e2d50e4a7faf99ae6fa428d2681e81ea1 /src/swanctl/commands/list_conns.c
parent	518dd33c94e041db0444c7d1f33da363bb8e3faf (diff)
download	vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.tar.gz vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.zip