1 files changed, 52 insertions, 12 deletions
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index bb299567b..75f014516 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -36,6 +36,8 @@ struct stroke_token {
     stroke_keyword_t kw;
 };
 
+static int output_verbosity = 1; /* CONTROL */
+
 static char* push_string(stroke_msg_t *msg, char *string)
 {
 	unsigned long string_start = msg->length;
@@ -61,7 +63,7 @@ static int send_stroke_msg (stroke_msg_t *msg)
 	ctl_addr.sun_family = AF_UNIX;
 	strcpy(ctl_addr.sun_path, STROKE_SOCKET);
 
-	msg->output_verbosity = 1; /* CONTROL */
+	msg->output_verbosity = output_verbosity;
 
 	sock = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (sock < 0)
@@ -91,11 +93,11 @@ static int send_stroke_msg (stroke_msg_t *msg)
 
 		/* we prompt if we receive a magic keyword */
 		if ((byte_count >= 12 &&
-			 strcmp(buffer + byte_count - 12, "Passphrase:\n") == 0) ||
+			 streq(buffer + byte_count - 12, "Passphrase:\n")) ||
 			(byte_count >= 10 &&
-			 strcmp(buffer + byte_count - 10, "Password:\n") == 0) ||
+			 streq(buffer + byte_count - 10, "Password:\n")) ||
 			(byte_count >= 5 &&
-			 strcmp(buffer + byte_count - 5, "PIN:\n") == 0))
+			 streq(buffer + byte_count - 5, "PIN:\n")))
 		{
 			/* remove trailing newline */
 			pass = strrchr(buffer, '\n');
@@ -140,23 +142,25 @@ static int add_connection(char *name,
 	msg.type = STR_ADD_CONN;
 
 	msg.add_conn.name = push_string(&msg, name);
-	msg.add_conn.ikev2 = 1;
-	msg.add_conn.auth_method = 2;
+	msg.add_conn.version = 2;
 	msg.add_conn.mode = 1;
 	msg.add_conn.mobike = 1;
 	msg.add_conn.dpd.action = 1;
+	msg.add_conn.install_policy = 1;
 
 	msg.add_conn.me.id = push_string(&msg, my_id);
 	msg.add_conn.me.address = push_string(&msg, my_addr);
 	msg.add_conn.me.ikeport = 500;
 	msg.add_conn.me.subnets = push_string(&msg, my_nets);
 	msg.add_conn.me.sendcert = 1;
+	msg.add_conn.me.to_port = 65535;
 
 	msg.add_conn.other.id = push_string(&msg, other_id);
 	msg.add_conn.other.address = push_string(&msg, other_addr);
 	msg.add_conn.other.ikeport = 500;
 	msg.add_conn.other.subnets = push_string(&msg, other_nets);
 	msg.add_conn.other.sendcert = 1;
+	msg.add_conn.other.to_port = 65535;
 
 	return send_stroke_msg(&msg);
 }
@@ -319,6 +323,8 @@ static int purge(stroke_keyword_t kw)
 
 static int export_flags[] = {
 	EXPORT_X509,
+	EXPORT_CONN_CERT,
+	EXPORT_CONN_CHAIN,
 };
 
 static int export(stroke_keyword_t kw, char *selector)
@@ -364,6 +370,17 @@ static int user_credentials(char *name, char *user, char *pass)
 	return send_stroke_msg(&msg);
 }
 
+static int counters(int reset, char *name)
+{
+	stroke_msg_t msg;
+
+	msg.type = STR_COUNTERS;
+	msg.length = offsetof(stroke_msg_t, buffer);
+	msg.counters.name = push_string(&msg, name);
+	msg.counters.reset = reset;
+
+	return send_stroke_msg(&msg);
+}
 
 static int set_loglevel(char *type, u_int level)
 {
@@ -390,7 +407,7 @@ static void exit_usage(char *error)
 	printf("Usage:\n");
 	printf("  Add a connection:\n");
 	printf("    stroke add NAME MY_ID OTHER_ID MY_ADDR OTHER_ADDR\\\n");
-	printf("           MY_NET OTHER_NET MY_NETBITS OTHER_NETBITS\n");
+	printf("           MY_NET OTHER_NET\n");
 	printf("    where: ID is any IKEv2 ID \n");
 	printf("           ADDR is a IPv4 address\n");
 	printf("           NET is a IPv4 subnet in CIDR notation\n");
@@ -400,22 +417,28 @@ static void exit_usage(char *error)
 	printf("  Initiate a connection:\n");
 	printf("    stroke up NAME\n");
 	printf("    where: NAME is a connection name added with \"stroke add\"\n");
+	printf("  Initiate a connection without blocking:\n");
+	printf("    stroke up-nb NAME\n");
+	printf("    where: NAME is a connection name added with \"stroke add\"\n");
 	printf("  Terminate a connection:\n");
 	printf("    stroke down NAME\n");
 	printf("    where: NAME is a connection name added with \"stroke add\"\n");
+	printf("  Terminate a connection without blocking:\n");
+	printf("    stroke down-nb NAME\n");
+	printf("    where: NAME is a connection name added with \"stroke add\"\n");
 	printf("  Terminate a connection by remote srcip:\n");
 	printf("    stroke down-srcip START [END]\n");
 	printf("    where: START and optional END define the clients source IP\n");
 	printf("  Set loglevel for a logging type:\n");
 	printf("    stroke loglevel TYPE LEVEL\n");
-	printf("    where: TYPE is any|dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|tnc|imc|imv|pts|tls|lib\n");
+	printf("    where: TYPE is any|dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|tnc|imc|imv|pts|tls|esp|lib\n");
 	printf("           LEVEL is -1|0|1|2|3|4\n");
 	printf("  Show connection status:\n");
 	printf("    stroke status\n");
 	printf("  Show extended status information:\n");
 	printf("    stroke statusall\n");
 	printf("  Show extended status information without blocking:\n");
-	printf("    stroke statusallnb\n");
+	printf("    stroke statusall-nb\n");
 	printf("  Show list of authority and attribute certificates:\n");
 	printf("    stroke listcacerts|listocspcerts|listaacerts|listacerts\n");
 	printf("  Show list of end entity certificates, ca info records  and crls:\n");
@@ -436,6 +459,8 @@ static void exit_usage(char *error)
 	printf("    stroke purgeike\n");
 	printf("  Export credentials to the console:\n");
 	printf("    stroke exportx509 DN\n");
+	printf("    stroke exportconncert connname\n");
+	printf("    stroke exportconnchain connname\n");
 	printf("  Show current memory usage:\n");
 	printf("    stroke memusage\n");
 	printf("  Show leases of a pool:\n");
@@ -445,6 +470,8 @@ static void exit_usage(char *error)
 	printf("    where: NAME is a connection name added with \"stroke add\"\n");
 	printf("           USERNAME is the username\n");
 	printf("           PASSWORD is the optional password, you'll be asked to enter it if not given\n");
+	printf("  Show IKE counters:\n");
+	printf("    stroke listcounters [connection-name]\n");
 	exit_error(error);
 }
 
@@ -471,7 +498,7 @@ int main(int argc, char *argv[])
 	switch (token->kw)
 	{
 		case STROKE_ADD:
-			if (argc < 11)
+			if (argc < 9)
 			{
 				exit_usage("\"add\" needs more parameters...");
 			}
@@ -488,6 +515,9 @@ int main(int argc, char *argv[])
 			}
 			res = del_connection(argv[2]);
 			break;
+		case STROKE_UP_NOBLK:
+			output_verbosity = -1;
+			/* fall-through */
 		case STROKE_UP:
 			if (argc < 3)
 			{
@@ -495,6 +525,9 @@ int main(int argc, char *argv[])
 			}
 			res = initiate_connection(argv[2]);
 			break;
+		case STROKE_DOWN_NOBLK:
+			output_verbosity = -1;
+			/* fall-through */
 		case STROKE_DOWN:
 			if (argc < 3)
 			{
@@ -554,7 +587,7 @@ int main(int argc, char *argv[])
 		case STROKE_LIST_ALGS:
 		case STROKE_LIST_PLUGINS:
 		case STROKE_LIST_ALL:
-			res = list(token->kw, argc > 2 && strcmp(argv[2], "--utc") == 0);
+			res = list(token->kw, argc > 2 && streq(argv[2], "--utc"));
 			break;
 		case STROKE_REREAD_SECRETS:
 		case STROKE_REREAD_CACERTS:
@@ -572,9 +605,11 @@ int main(int argc, char *argv[])
 			res = purge(token->kw);
 			break;
 		case STROKE_EXPORT_X509:
+		case STROKE_EXPORT_CONN_CERT:
+		case STROKE_EXPORT_CONN_CHAIN:
 			if (argc != 3)
 			{
-				exit_usage("\"exportx509\" needs a distinguished name");
+				exit_usage("\"export\" needs a name");
 			}
 			res = export(token->kw, argv[2]);
 			break;
@@ -593,6 +628,11 @@ int main(int argc, char *argv[])
 			}
 			res = user_credentials(argv[2], argv[3], argc > 4 ? argv[4] : NULL);
 			break;
+		case STROKE_COUNTERS:
+		case STROKE_COUNTERS_RESET:
+			res = counters(token->kw == STROKE_COUNTERS_RESET,
+						   argc > 2 ? argv[2] : NULL);
+			break;
 		default:
 			exit_usage(NULL);
 	}