vici: Optionally terminate IKE_SA immediately
authorTobias Brunner <tobias@strongswan.org>
Fri, 27 Apr 2018 16:09:25 +0000 (18:09 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 22 May 2018 08:06:07 +0000 (10:06 +0200)
src/libcharon/plugins/vici/README.md
src/libcharon/plugins/vici/vici_control.c

index 49cce37..0038f08 100644 (file)
@@ -279,7 +279,9 @@ Terminates an SA while streaming _control-log_ events.
                ike = <terminate an IKE_SA by configuration name>
                child-id = <terminate a CHILD_SA by its reqid>
                ike-id = <terminate an IKE_SA by its unique id>
-               timeout = <timeout in ms before returning>
+               force = <terminate IKE_SA without waiting for proper DELETE, if timeout
+                                is given, waits for a response until it is reached>
+               timeout = <timeout in ms before returning, see below>
                loglevel = <loglevel to issue "control-log" events for>
        } => {
                success = <yes or no>
index 6824079..ce19608 100644 (file)
@@ -225,6 +225,7 @@ CALLBACK(terminate, vici_message_t*,
        enumerator_t *enumerator, *isas, *csas;
        char *child, *ike, *errmsg = NULL;
        u_int child_id, ike_id, current, *del, done = 0;
+       bool force;
        int timeout;
        ike_sa_t *ike_sa;
        child_sa_t *child_sa;
@@ -240,6 +241,7 @@ CALLBACK(terminate, vici_message_t*,
        ike = request->get_str(request, NULL, "ike");
        child_id = request->get_int(request, 0, "child-id");
        ike_id = request->get_int(request, 0, "ike-id");
+       force = request->get_bool(request, FALSE, "force");
        timeout = request->get_int(request, 0, "timeout");
        log.level = request->get_int(request, 1, "loglevel");
 
@@ -326,7 +328,7 @@ CALLBACK(terminate, vici_message_t*,
                }
                else
                {
-                       if (charon->controller->terminate_ike(charon->controller, *del, FALSE,
+                       if (charon->controller->terminate_ike(charon->controller, *del, force,
                                                                                        log_cb, &log, timeout) == SUCCESS)
                        {
                                done++;