summaryrefslogtreecommitdiff
path: root/src/swanctl/commands
diff options
context:
space:
mode:
Diffstat (limited to 'src/swanctl/commands')
-rw-r--r--src/swanctl/commands/list_conns.c112
-rw-r--r--src/swanctl/commands/list_sas.c7
-rw-r--r--src/swanctl/commands/load_authorities.c2
-rw-r--r--src/swanctl/commands/load_conns.c2
-rw-r--r--src/swanctl/commands/load_pools.c2
5 files changed, 116 insertions, 9 deletions
diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c
index 019c88888..19e7050da 100644
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@@ -2,6 +2,9 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
@@ -80,15 +83,64 @@ CALLBACK(children_sn, int,
hashtable_t *ike, vici_res_t *res, char *name)
{
hashtable_t *child;
+ char *mode, *interface, *priority;
+ char *rekey_time, *rekey_bytes, *rekey_packets;
+ bool no_time, no_bytes, no_packets, or = FALSE;
int ret;
child = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
ret = vici_parse_cb(res, NULL, values, list, child);
if (ret == 0)
{
- printf(" %s: %s\n", name, child->get(child, "mode"));
+ mode = child->get(child, "mode");
+ printf(" %s: %s, ", name, mode);
+
+ rekey_time = child->get(child, "rekey_time");
+ rekey_bytes = child->get(child, "rekey_bytes");
+ rekey_packets = child->get(child, "rekey_packets");
+ no_time = streq(rekey_time, "0");
+ no_bytes = streq(rekey_bytes, "0");
+ no_packets = streq(rekey_packets, "0");
+
+ if (strcaseeq(mode, "PASS") || strcaseeq(mode, "DROP") ||
+ (no_time && no_bytes && no_packets))
+ {
+ printf("no rekeying\n");
+ }
+ else
+ {
+ printf("rekeying every");
+ if (!no_time)
+ {
+ printf(" %ss", rekey_time);
+ or = TRUE;
+ }
+ if (!no_bytes)
+ {
+ printf("%s %s bytes", or ? " or" : "", rekey_bytes);
+ or = TRUE;
+ }
+ if (!no_packets)
+ {
+ printf("%s %s packets", or ? " or" : "", rekey_packets);
+ }
+ printf("\n");
+ }
+
printf(" local: %s\n", child->get(child, "local-ts"));
printf(" remote: %s\n", child->get(child, "remote-ts"));
+
+ interface = child->get(child, "interface");
+ if (interface)
+ {
+ printf(" interface: %s\n", interface);
+ }
+
+ priority = child->get(child, "priority");
+ if (priority)
+ {
+ printf(" priority: %s\n", priority);
+ }
}
free_hashtable(child);
return ret;
@@ -106,18 +158,35 @@ CALLBACK(conn_sn, int,
if (strpfx(name, "local") || strpfx(name, "remote"))
{
hashtable_t *auth;
+ char *class;
auth = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
ret = vici_parse_cb(res, NULL, values, list, auth);
if (ret == 0)
{
+ class = auth->get(auth, "class") ?: "unspecified";
+ if (strcaseeq(class, "EAP"))
+ {
+ class = auth->get(auth, "eap-type") ?: class;
+ }
printf(" %s %s authentication:\n",
- strpfx(name, "local") ? "local" : "remote",
- auth->get(auth, "class") ?: "unspecified");
+ strpfx(name, "local") ? "local" : "remote", class);
if (auth->get(auth, "id"))
{
printf(" id: %s\n", auth->get(auth, "id"));
}
+ if (auth->get(auth, "eap_id"))
+ {
+ printf(" eap_id: %s\n", auth->get(auth, "eap_id"));
+ }
+ if (auth->get(auth, "xauth_id"))
+ {
+ printf(" xauth_id: %s\n", auth->get(auth, "xauth_id"));
+ }
+ if (auth->get(auth, "aaa_id"))
+ {
+ printf(" aaa_id: %s\n", auth->get(auth, "aaa_id"));
+ }
if (auth->get(auth, "groups"))
{
printf(" groups: %s\n", auth->get(auth, "groups"));
@@ -156,8 +225,43 @@ CALLBACK(conn_list, int,
CALLBACK(conns, int,
void *null, vici_res_t *res, char *name)
{
- printf("%s: %s\n", name, vici_find_str(res, "", "%s.version", name));
+ char *version, *reauth_time, *rekey_time;
+
+ version = vici_find_str(res, "", "%s.version", name);
+ reauth_time = vici_find_str(res, "", "%s.reauth_time", name);
+ rekey_time = vici_find_str(res, "", "%s.rekey_time", name);
+ printf("%s: %s, ", name, version);
+ if (streq(version, "IKEv1"))
+ {
+ if (streq(reauth_time, "0"))
+ {
+ reauth_time = rekey_time;
+ }
+ }
+ if (streq(reauth_time, "0"))
+ {
+ printf("no reauthentication");
+ }
+ else
+ {
+ printf("reauthentication every %ss", reauth_time);
+ }
+ if (streq(version, "IKEv1"))
+ {
+ printf("\n");
+ }
+ else
+ {
+ if (streq(rekey_time, "0"))
+ {
+ printf(", no rekeying\n");
+ }
+ else
+ {
+ printf(", rekeying every %ss\n", rekey_time);
+ }
+ }
return vici_parse_cb(res, conn_sn, NULL, conn_list, NULL);
}
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index fd080227d..e5f251d17 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -196,10 +196,13 @@ CALLBACK(ike_sa, int,
{
if (streq(name, "child-sas"))
{
- printf("%s: #%s, %s, IKEv%s, %s:%s\n",
+ bool is_initiator = streq(ike->get(ike, "initiator"), "yes");
+
+ printf("%s: #%s, %s, IKEv%s, %s_i%s %s_r%s\n",
ike->get(ike, "name"), ike->get(ike, "uniqueid"),
ike->get(ike, "state"), ike->get(ike, "version"),
- ike->get(ike, "initiator-spi"), ike->get(ike, "responder-spi"));
+ ike->get(ike, "initiator-spi"), is_initiator ? "*" : "",
+ ike->get(ike, "responder-spi"), is_initiator ? "" : "*");
printf(" local '%s' @ %s[%s]",
ike->get(ike, "local-id"), ike->get(ike, "local-host"),
diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c
index 88dde6aaf..352a185e8 100644
--- a/src/swanctl/commands/load_authorities.c
+++ b/src/swanctl/commands/load_authorities.c
@@ -292,7 +292,7 @@ int load_authorities_cfg(vici_conn_t *conn, command_format_options_t format,
}
if (found == 0)
{
- printf("no authorities found, %u unloaded\n", unloaded);
+ fprintf(stderr, "no authorities found, %u unloaded\n", unloaded);
return 0;
}
if (loaded == found)
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index bbc700d5c..87526bc79 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -396,7 +396,7 @@ int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
}
if (found == 0)
{
- printf("no connections found, %u unloaded\n", unloaded);
+ fprintf(stderr, "no connections found, %u unloaded\n", unloaded);
return 0;
}
if (loaded == found)
diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c
index d7fbd1341..2b9fa2d42 100644
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@@ -235,7 +235,7 @@ int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
}
if (found == 0)
{
- printf("no pools found, %u unloaded\n", unloaded);
+ fprintf(stderr, "no pools found, %u unloaded\n", unloaded);
return 0;
}
if (loaded == found)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 07:25:50 +0000