swanctl: Add a terminate command
authorMartin Willi <martin@revosec.ch>
Tue, 11 Feb 2014 16:14:51 +0000 (17:14 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 7 May 2014 13:48:13 +0000 (15:48 +0200)
src/swanctl/Makefile.am
src/swanctl/commands/terminate.c [new file with mode: 0644]

index 968f795..30bff43 100644 (file)
@@ -3,6 +3,7 @@ sbin_PROGRAMS = swanctl
 swanctl_SOURCES = \
        command.c command.h \
        commands/initiate.c \
+       commands/terminate.c \
        commands/list_sas.c \
        swanctl.c
 
diff --git a/src/swanctl/commands/terminate.c b/src/swanctl/commands/terminate.c
new file mode 100644 (file)
index 0000000..b0e2c66
--- /dev/null
@@ -0,0 +1,153 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+#include <errno.h>
+
+
+CALLBACK(log_cb, void,
+       bool *raw, char *name, vici_res_t *msg)
+{
+       if (*raw)
+       {
+               vici_dump(msg, "log", stdout);
+       }
+       else
+       {
+               printf("[%s] %s\n",
+                          vici_find_str(msg, "   ", "group"),
+                          vici_find_str(msg, "", "msg"));
+       }
+}
+
+static int terminate(vici_conn_t *conn)
+{
+       vici_req_t *req;
+       vici_res_t *res;
+       bool raw = FALSE;
+       char *arg, *child = NULL, *ike = NULL;
+       int ret = 0, timeout = 0, level = 1, child_id = 0, ike_id = 0;
+
+       while (TRUE)
+       {
+               switch (command_getopt(&arg))
+               {
+                       case 'h':
+                               return command_usage(NULL);
+                       case 'r':
+                               raw = TRUE;
+                               continue;
+                       case 'c':
+                               child = arg;
+                               continue;
+                       case 'i':
+                               ike = arg;
+                               continue;
+                       case 'C':
+                               child_id = atoi(arg);
+                               continue;
+                       case 'I':
+                               ike_id = atoi(arg);
+                               continue;
+                       case 't':
+                               timeout = atoi(arg);
+                               continue;
+                       case 'l':
+                               level = atoi(arg);
+                               continue;
+                       case EOF:
+                               break;
+                       default:
+                               return command_usage("invalid --terminate option");
+               }
+               break;
+       }
+
+       if (vici_register(conn, "control-log", log_cb, &raw) != 0)
+       {
+               fprintf(stderr, "registering for log failed: %s\n", strerror(errno));
+               return errno;
+       }
+       req = vici_begin("terminate");
+       if (child)
+       {
+               vici_add_key_valuef(req, "child", "%s", child);
+       }
+       if (ike)
+       {
+               vici_add_key_valuef(req, "ike", "%s", ike);
+       }
+       if (child_id)
+       {
+               vici_add_key_valuef(req, "child-id", "%d", child_id);
+       }
+       if (ike_id)
+       {
+               vici_add_key_valuef(req, "ike-id", "%d", ike_id);
+       }
+       if (timeout)
+       {
+               vici_add_key_valuef(req, "timeout", "%d", timeout * 1000);
+       }
+       vici_add_key_valuef(req, "loglevel", "%d", level);
+       res = vici_submit(req, conn);
+       if (!res)
+       {
+               fprintf(stderr, "terminate request failed: %s\n", strerror(errno));
+               return errno;
+       }
+       if (raw)
+       {
+               vici_dump(res, "terminate reply", stdout);
+       }
+       else
+       {
+               if (streq(vici_find_str(res, "no", "success"), "yes"))
+               {
+                       printf("terminate completed successfully\n");
+               }
+               else
+               {
+                       fprintf(stderr, "terminate failed: %s\n",
+                                       vici_find_str(res, "", "errmsg"));
+                       ret = 1;
+               }
+       }
+       vici_free_res(res);
+       return ret;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+       command_register((command_t) {
+               terminate, 't', "terminate", "terminate a connection",
+               {"--child <name> | --ike <name | --child-id <id> | --ike-id <id>",
+                "[--timeout <s>] [--raw]"},
+               {
+                       {"help",                'h', 0, "show usage information"},
+                       {"child",               'c', 1, "terminate by CHILD_SA name"},
+                       {"ike",                 'i', 1, "terminate by IKE_SA name"},
+                       {"child-id",    'C', 1, "terminate by CHILD_SA reqid"},
+                       {"ike-id",              'I', 1, "terminate by IKE_SA unique identifier"},
+                       {"timeout",             't', 1, "timeout in seconds before detaching"},
+                       {"raw",                 'r', 0, "dump raw response message"},
+                       {"loglevel",    'l', 1, "verbosity of redirected log"},
+               }
+       });
+}