summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/stroke
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/stroke')
-rw-r--r--src/libcharon/plugins/stroke/Makefile.am1
-rw-r--r--src/libcharon/plugins/stroke/Makefile.in3
-rw-r--r--src/libcharon/plugins/stroke/stroke_counter.c369
-rw-r--r--src/libcharon/plugins/stroke/stroke_counter.h60
-rw-r--r--src/libcharon/plugins/stroke/stroke_plugin.c1
-rw-r--r--src/libcharon/plugins/stroke/stroke_socket.c3
6 files changed, 50 insertions, 387 deletions
diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am
index 26edc3dcd..9456dd908 100644
--- a/src/libcharon/plugins/stroke/Makefile.am
+++ b/src/libcharon/plugins/stroke/Makefile.am
@@ -1,5 +1,6 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libcharon/plugins/counters \
-I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/stroke \
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 70374b32f..3cf95f9a9 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -454,6 +456,7 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libcharon/plugins/counters \
-I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/stroke \
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
diff --git a/src/libcharon/plugins/stroke/stroke_counter.c b/src/libcharon/plugins/stroke/stroke_counter.c
index e93fd4ef2..8eb9968e4 100644
--- a/src/libcharon/plugins/stroke/stroke_counter.c
+++ b/src/libcharon/plugins/stroke/stroke_counter.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG
*
@@ -13,10 +16,11 @@
* for more details.
*/
+#include <inttypes.h>
+
#include "stroke_counter.h"
-#include <threading/spinlock.h>
-#include <collections/hashtable.h>
+#include <counters_query.h>
ENUM(stroke_counter_type_names,
COUNTER_INIT_IKE_SA_REKEY, COUNTER_OUT_INFORMATIONAL_RSP,
@@ -56,277 +60,51 @@ struct private_stroke_counter_t {
stroke_counter_t public;
/**
- * Global counter values
- */
- uint64_t counter[COUNTER_MAX];
-
- /**
- * Counters for specific connection names, char* => entry_t
- */
- hashtable_t *conns;
-
- /**
- * Lock for counter values
+ * Reference to query interface
*/
- spinlock_t *lock;
+ counters_query_t *query;
};
/**
- * Counters for a specific connection name
- */
-typedef struct {
- /** connection name */
- char *name;
- /** counter values for connection */
- uint64_t counter[COUNTER_MAX];
-} entry_t;
-
-/**
- * Destroy named entry
- */
-static void destroy_entry(entry_t *this)
-{
- free(this->name);
- free(this);
-}
-
-/**
- * Hashtable hash function
- */
-static u_int hash(char *name)
-{
- return chunk_hash(chunk_from_str(name));
-}
-
-/**
- * Hashtable equals function
- */
-static bool equals(char *a, char *b)
-{
- return streq(a, b);
-}
-
-/**
- * Get the name of an IKE_SA, but return NULL if it is not known yet
- */
-static char *get_ike_sa_name(ike_sa_t *ike_sa)
-{
- peer_cfg_t *peer_cfg;
-
- if (ike_sa)
- {
- peer_cfg = ike_sa->get_peer_cfg(ike_sa);
- if (peer_cfg)
- {
- return peer_cfg->get_name(peer_cfg);
- }
- }
- return NULL;
-}
-
-/**
- * Increase a counter for a named entry
+ * Make sure we have the query interface
*/
-static void count_named(private_stroke_counter_t *this,
- ike_sa_t *ike_sa, stroke_counter_type_t type)
+static inline bool ensure_query(private_stroke_counter_t *this)
{
- entry_t *entry;
- char *name;
-
- name = get_ike_sa_name(ike_sa);
- if (name)
+ if (this->query)
{
- entry = this->conns->get(this->conns, name);
- if (!entry)
- {
- INIT(entry,
- .name = strdup(name),
- );
- this->conns->put(this->conns, entry->name, entry);
- }
- entry->counter[type]++;
- }
-}
-
-METHOD(listener_t, alert, bool,
- private_stroke_counter_t *this, ike_sa_t *ike_sa,
- alert_t alert, va_list args)
-{
- stroke_counter_type_t type;
-
- switch (alert)
- {
- case ALERT_INVALID_IKE_SPI:
- type = COUNTER_IN_INVALID_IKE_SPI;
- break;
- case ALERT_PARSE_ERROR_HEADER:
- case ALERT_PARSE_ERROR_BODY:
- type = COUNTER_IN_INVALID;
- break;
- default:
- return TRUE;
- }
-
- this->lock->lock(this->lock);
- this->counter[type]++;
- count_named(this, ike_sa, type);
- this->lock->unlock(this->lock);
-
- return TRUE;
-}
-
-METHOD(listener_t, ike_rekey, bool,
- private_stroke_counter_t *this, ike_sa_t *old, ike_sa_t *new)
-{
- stroke_counter_type_t type;
- ike_sa_id_t *id;
-
- id = new->get_id(new);
- if (id->is_initiator(id))
- {
- type = COUNTER_INIT_IKE_SA_REKEY;
- }
- else
- {
- type = COUNTER_RESP_IKE_SA_REKEY;
- }
-
- this->lock->lock(this->lock);
- this->counter[type]++;
- count_named(this, old, type);
- this->lock->unlock(this->lock);
-
- return TRUE;
-}
-
-METHOD(listener_t, child_rekey, bool,
- private_stroke_counter_t *this, ike_sa_t *ike_sa,
- child_sa_t *old, child_sa_t *new)
-{
- this->lock->lock(this->lock);
- this->counter[COUNTER_CHILD_SA_REKEY]++;
- count_named(this, ike_sa, COUNTER_CHILD_SA_REKEY);
- this->lock->unlock(this->lock);
-
- return TRUE;
-}
-
-METHOD(listener_t, message_hook, bool,
- private_stroke_counter_t *this, ike_sa_t *ike_sa, message_t *message,
- bool incoming, bool plain)
-{
- stroke_counter_type_t type;
- bool request;
-
- if ((incoming && !plain) || (!incoming && !plain))
- { /* handle each message only once */
return TRUE;
}
-
- request = message->get_request(message);
- switch (message->get_exchange_type(message))
- {
- case IKE_SA_INIT:
- if (incoming)
- {
- type = request ? COUNTER_IN_IKE_SA_INIT_REQ
- : COUNTER_IN_IKE_SA_INIT_RSP;
- }
- else
- {
- type = request ? COUNTER_OUT_IKE_SA_INIT_REQ
- : COUNTER_OUT_IKE_SA_INIT_RES;
- }
- break;
- case IKE_AUTH:
- if (incoming)
- {
- type = request ? COUNTER_IN_IKE_AUTH_REQ
- : COUNTER_IN_IKE_AUTH_RSP;
- }
- else
- {
- type = request ? COUNTER_OUT_IKE_AUTH_REQ
- : COUNTER_OUT_IKE_AUTH_RSP;
- }
- break;
- case CREATE_CHILD_SA:
- if (incoming)
- {
- type = request ? COUNTER_IN_CREATE_CHILD_SA_REQ
- : COUNTER_IN_CREATE_CHILD_SA_RSP;
- }
- else
- {
- type = request ? COUNTER_OUT_CREATE_CHILD_SA_REQ
- : COUNTER_OUT_CREATE_CHILD_SA_RSP;
- }
- break;
- case INFORMATIONAL:
- if (incoming)
- {
- type = request ? COUNTER_IN_INFORMATIONAL_REQ
- : COUNTER_IN_INFORMATIONAL_RSP;
- }
- else
- {
- type = request ? COUNTER_OUT_INFORMATIONAL_REQ
- : COUNTER_OUT_INFORMATIONAL_RSP;
- }
- break;
- default:
- return TRUE;
- }
-
- this->lock->lock(this->lock);
- this->counter[type]++;
- count_named(this, ike_sa, type);
- this->lock->unlock(this->lock);
-
- return TRUE;
+ return (this->query = lib->get(lib, "counters")) != NULL;
}
/**
- * Print a single counter value to out
- */
-static void print_counter(FILE *out, stroke_counter_type_t type,
- uint64_t counter)
-{
- fprintf(out, "%-18N %12llu\n", stroke_counter_type_names, type, counter);
-}
-
-/**
- * Print IKE counters for a specific connection
+ * Print global or connection-specific IKE counters
*/
static void print_one(private_stroke_counter_t *this, FILE *out, char *name)
{
- uint64_t counter[COUNTER_MAX];
- entry_t *entry;
- int i;
+ uint64_t *counters;
+ counter_type_t i;
- this->lock->lock(this->lock);
- entry = this->conns->get(this->conns, name);
- if (entry)
+ counters = this->query->get_all(this->query, name);
+ if (!counters)
{
- for (i = 0; i < countof(this->counter); i++)
- {
- counter[i] = entry->counter[i];
- }
+ fprintf(out, "No IKE counters found for '%s'\n", name);
+ return;
}
- this->lock->unlock(this->lock);
-
- if (entry)
+ if (name)
{
fprintf(out, "\nList of IKE counters for '%s':\n\n", name);
- for (i = 0; i < countof(this->counter); i++)
- {
- print_counter(out, i, counter[i]);
- }
}
else
{
- fprintf(out, "No IKE counters found for '%s'\n", name);
+ fprintf(out, "\nList of IKE counters:\n\n");
+ }
+ for (i = 0; i < COUNTER_MAX; i++)
+ {
+ fprintf(out, "%-18N %12"PRIu64"\n", stroke_counter_type_names, i,
+ counters[i]);
}
+ free(counters);
}
/**
@@ -335,104 +113,44 @@ static void print_one(private_stroke_counter_t *this, FILE *out, char *name)
static void print_all(private_stroke_counter_t *this, FILE *out)
{
enumerator_t *enumerator;
- entry_t *entry;
- linked_list_t *list;
char *name;
- list = linked_list_create();
-
- this->lock->lock(this->lock);
- enumerator = this->conns->create_enumerator(this->conns);
- while (enumerator->enumerate(enumerator, &name, &entry))
- {
- list->insert_last(list, strdup(name));
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-
- enumerator = list->create_enumerator(list);
+ enumerator = this->query->get_names(this->query);
while (enumerator->enumerate(enumerator, &name))
{
print_one(this, out, name);
}
enumerator->destroy(enumerator);
-
- list->destroy_function(list, free);
-}
-
-/**
- * Print global counters
- */
-static void print_global(private_stroke_counter_t *this, FILE *out)
-{
- uint64_t counter[COUNTER_MAX];
- int i;
-
- this->lock->lock(this->lock);
- for (i = 0; i < countof(this->counter); i++)
- {
- counter[i] = this->counter[i];
- }
- this->lock->unlock(this->lock);
-
- fprintf(out, "\nList of IKE counters:\n\n");
-
- for (i = 0; i < countof(this->counter); i++)
- {
- print_counter(out, i, counter[i]);
- }
}
METHOD(stroke_counter_t, print, void,
private_stroke_counter_t *this, FILE *out, char *name)
{
- if (name)
+ if (!ensure_query(this))
+ {
+ fprintf(out, "\nNo counters available (plugin missing?)\n\n");
+ return;
+ }
+ if (name && streq(name, "all"))
{
- if (streq(name, "all"))
- {
- return print_all(this, out);
- }
- return print_one(this, out, name);
+ return print_all(this, out);
}
- return print_global(this, out);
+ return print_one(this, out, name);
}
METHOD(stroke_counter_t, reset, void,
private_stroke_counter_t *this, char *name)
{
- this->lock->lock(this->lock);
- if (name)
- {
- entry_t *entry;
-
- entry = this->conns->remove(this->conns, name);
- if (entry)
- {
- destroy_entry(entry);
- }
- }
- else
+ if (!ensure_query(this))
{
- memset(&this->counter, 0, sizeof(this->counter));
+ return;
}
- this->lock->unlock(this->lock);
+ this->query->reset(this->query, name);
}
METHOD(stroke_counter_t, destroy, void,
private_stroke_counter_t *this)
{
- enumerator_t *enumerator;
- char *name;
- entry_t *entry;
-
- enumerator = this->conns->create_enumerator(this->conns);
- while (enumerator->enumerate(enumerator, &name, &entry))
- {
- destroy_entry(entry);
- }
- enumerator->destroy(enumerator);
- this->conns->destroy(this->conns);
- this->lock->destroy(this->lock);
free(this);
}
@@ -445,19 +163,10 @@ stroke_counter_t *stroke_counter_create()
INIT(this,
.public = {
- .listener = {
- .alert = _alert,
- .ike_rekey = _ike_rekey,
- .child_rekey = _child_rekey,
- .message = _message_hook,
- },
.print = _print,
.reset = _reset,
.destroy = _destroy,
},
- .conns = hashtable_create((hashtable_hash_t)hash,
- (hashtable_equals_t)equals, 4),
- .lock = spinlock_create(),
);
return &this->public;
diff --git a/src/libcharon/plugins/stroke/stroke_counter.h b/src/libcharon/plugins/stroke/stroke_counter.h
index fecf39f56..2ff431c88 100644
--- a/src/libcharon/plugins/stroke/stroke_counter.h
+++ b/src/libcharon/plugins/stroke/stroke_counter.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG
*
@@ -21,69 +24,16 @@
#ifndef STROKE_COUNTER_H_
#define STROKE_COUNTER_H_
-#include <bus/listeners/listener.h>
+#include <library.h>
typedef struct stroke_counter_t stroke_counter_t;
-typedef enum stroke_counter_type_t stroke_counter_type_t;
-
-enum stroke_counter_type_t {
- /** initiated IKE_SA rekeyings */
- COUNTER_INIT_IKE_SA_REKEY,
- /** responded IKE_SA rekeyings */
- COUNTER_RESP_IKE_SA_REKEY,
- /** completed CHILD_SA rekeyings */
- COUNTER_CHILD_SA_REKEY,
- /** messages with invalid types, length, or a value out of range */
- COUNTER_IN_INVALID,
- /** messages with an invalid IKE SPI */
- COUNTER_IN_INVALID_IKE_SPI,
- /** received IKE_SA_INIT requests */
- COUNTER_IN_IKE_SA_INIT_REQ,
- /** received IKE_SA_INIT responses */
- COUNTER_IN_IKE_SA_INIT_RSP,
- /** sent IKE_SA_INIT requests */
- COUNTER_OUT_IKE_SA_INIT_REQ,
- /** sent IKE_SA_INIT responses */
- COUNTER_OUT_IKE_SA_INIT_RES,
- /** received IKE_AUTH requests */
- COUNTER_IN_IKE_AUTH_REQ,
- /** received IKE_AUTH responses */
- COUNTER_IN_IKE_AUTH_RSP,
- /** sent IKE_AUTH requests */
- COUNTER_OUT_IKE_AUTH_REQ,
- /** sent IKE_AUTH responses */
- COUNTER_OUT_IKE_AUTH_RSP,
- /** received CREATE_CHILD_SA requests */
- COUNTER_IN_CREATE_CHILD_SA_REQ,
- /** received CREATE_CHILD_SA responses */
- COUNTER_IN_CREATE_CHILD_SA_RSP,
- /** sent CREATE_CHILD_SA requests */
- COUNTER_OUT_CREATE_CHILD_SA_REQ,
- /** sent CREATE_CHILD_SA responses */
- COUNTER_OUT_CREATE_CHILD_SA_RSP,
- /** received INFORMATIONAL requests */
- COUNTER_IN_INFORMATIONAL_REQ,
- /** received INFORMATIONAL responses */
- COUNTER_IN_INFORMATIONAL_RSP,
- /** sent INFORMATIONAL requests */
- COUNTER_OUT_INFORMATIONAL_REQ,
- /** sent INFORMATIONAL responses */
- COUNTER_OUT_INFORMATIONAL_RSP,
- /** number of counter types */
- COUNTER_MAX
-};
/**
- * Collection of counter values for different IKE events.
+ * Interface for counter values for different IKE events.
*/
struct stroke_counter_t {
/**
- * Implements listener_t.
- */
- listener_t listener;
-
- /**
* Print counter values to an output stream.
*
* @param out output stream to write to
diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c
index 62095e368..0a34fb458 100644
--- a/src/libcharon/plugins/stroke/stroke_plugin.c
+++ b/src/libcharon/plugins/stroke/stroke_plugin.c
@@ -66,6 +66,7 @@ METHOD(plugin_t, get_features, int,
static plugin_feature_t f[] = {
PLUGIN_CALLBACK((plugin_feature_callback_t)register_stroke, NULL),
PLUGIN_PROVIDE(CUSTOM, "stroke"),
+ PLUGIN_SDEPEND(CUSTOM, "counters"),
PLUGIN_SDEPEND(PRIVKEY, KEY_RSA),
PLUGIN_SDEPEND(PRIVKEY, KEY_ECDSA),
PLUGIN_SDEPEND(PRIVKEY, KEY_DSA),
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 65d345db3..c568440b7 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -744,7 +744,6 @@ METHOD(stroke_socket_t, destroy, void,
&this->attribute->provider);
charon->attributes->remove_handler(charon->attributes,
&this->handler->handler);
- charon->bus->remove_listener(charon->bus, &this->counter->listener);
this->cred->destroy(this->cred);
this->ca->destroy(this->ca);
this->config->destroy(this->config);
@@ -789,7 +788,7 @@ stroke_socket_t *stroke_socket_create()
&this->attribute->provider);
charon->attributes->add_handler(charon->attributes,
&this->handler->handler);
- charon->bus->add_listener(charon->bus, &this->counter->listener);
+
max_concurrent = lib->settings->get_int(lib->settings,
"%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT,
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 14:18:02 +0000