vici: list-conn reports DPD settings and swanctl displays them
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 6 Feb 2018 20:29:17 +0000 (21:29 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 15 Feb 2018 15:28:06 +0000 (16:28 +0100)
src/libcharon/plugins/vici/vici_query.c
src/swanctl/commands/list_conns.c

index 134ea37..461132e 100644 (file)
@@ -774,7 +774,7 @@ CALLBACK(list_conns, vici_message_t*,
        ike_cfg_t *ike_cfg;
        child_cfg_t *child_cfg;
        char *ike, *str, *interface;
-       uint32_t manual_prio;
+       uint32_t manual_prio, dpd_delay, dpd_timeout;
        linked_list_t *list;
        traffic_selector_t *ts;
        lifetime_cfg_t *lft;
@@ -825,6 +825,18 @@ CALLBACK(list_conns, vici_message_t*,
                b->add_kv(b, "unique", "%N", unique_policy_names,
                        peer_cfg->get_unique_policy(peer_cfg));
 
+               dpd_delay = peer_cfg->get_dpd(peer_cfg);
+               if (dpd_delay)
+               {
+                       b->add_kv(b, "dpd_delay", "%u", dpd_delay);
+               }
+
+               dpd_timeout = peer_cfg->get_dpd_timeout(peer_cfg);
+               if (dpd_timeout)
+               {
+                       b->add_kv(b, "dpd_timeout", "%u", dpd_timeout);
+               }
+
                build_auth_cfgs(peer_cfg, TRUE, b);
                build_auth_cfgs(peer_cfg, FALSE, b);
 
@@ -843,6 +855,9 @@ CALLBACK(list_conns, vici_message_t*,
                        b->add_kv(b, "rekey_packets", "%"PRIu64, lft->packets.rekey);
                        free(lft);
 
+                       b->add_kv(b, "dpd_action", "%N", action_names,
+                               child_cfg->get_dpd_action(child_cfg));
+
                        b->begin_list(b, "local-ts");
                        list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
                        selectors = list->create_enumerator(list);
index 19e7050..f692e99 100644 (file)
@@ -84,8 +84,8 @@ CALLBACK(children_sn, int,
 {
        hashtable_t *child;
        char *mode, *interface, *priority;
-       char *rekey_time, *rekey_bytes, *rekey_packets;
-       bool no_time, no_bytes, no_packets, or = FALSE;
+       char *rekey_time, *rekey_bytes, *rekey_packets, *dpd_action, *dpd_delay;
+       bool no_time, no_bytes, no_packets, no_dpd, or = FALSE;
        int ret;
 
        child = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
@@ -98,14 +98,18 @@ CALLBACK(children_sn, int,
                rekey_time    = child->get(child, "rekey_time");
                rekey_bytes   = child->get(child, "rekey_bytes");
                rekey_packets = child->get(child, "rekey_packets");
+               dpd_action    = child->get(child, "dpd_action");
+               dpd_delay     = ike->get(ike, "dpd_delay");
+
                no_time    = streq(rekey_time, "0");
                no_bytes   = streq(rekey_bytes, "0");
                no_packets = streq(rekey_packets, "0");
+               no_dpd     = streq(dpd_delay, "0");
 
                if (strcaseeq(mode, "PASS") || strcaseeq(mode, "DROP") ||
                   (no_time && no_bytes && no_packets))
                {
-                       printf("no rekeying\n");
+                       printf("no rekeying");
                }
                else
                {
@@ -124,8 +128,12 @@ CALLBACK(children_sn, int,
                        {
                                printf("%s %s packets", or ? " or" : "", rekey_packets);
                        }
-                       printf("\n");
                }
+               if (!no_dpd)
+               {
+                       printf(", dpd action is %s", dpd_action);
+               }
+               printf("\n");
 
                printf("    local:  %s\n", child->get(child, "local-ts"));
                printf("    remote: %s\n", child->get(child, "remote-ts"));
@@ -153,7 +161,7 @@ CALLBACK(conn_sn, int,
 
        if (streq(name, "children"))
        {
-               return vici_parse_cb(res, children_sn, NULL, NULL, NULL);
+               return vici_parse_cb(res, children_sn, NULL, NULL, ike);
        }
        if (strpfx(name, "local") || strpfx(name, "remote"))
        {
@@ -225,11 +233,17 @@ CALLBACK(conn_list, int,
 CALLBACK(conns, int,
        void *null, vici_res_t *res, char *name)
 {
-       char *version, *reauth_time, *rekey_time;
+       int ret;
+       char *version, *reauth_time, *rekey_time, *dpd_delay;
+       hashtable_t *ike;
 
        version     = vici_find_str(res, "", "%s.version", name);
-       reauth_time = vici_find_str(res, "", "%s.reauth_time", name);
-       rekey_time  = vici_find_str(res, "", "%s.rekey_time", name);
+       reauth_time = vici_find_str(res, "0", "%s.reauth_time", name);
+       rekey_time  = vici_find_str(res, "0", "%s.rekey_time", name);
+       dpd_delay   = vici_find_str(res, "0", "%s.dpd_delay", name);
+
+       ike = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
+       free(ike->put(ike,"dpd_delay", strdup(dpd_delay)));
 
        printf("%s: %s, ", name, version);
        if (streq(version, "IKEv1"))
@@ -247,22 +261,26 @@ CALLBACK(conns, int,
        {
                printf("reauthentication every %ss", reauth_time);
        }
-       if (streq(version, "IKEv1"))
-       {
-               printf("\n");
-       }
-       else
+       if (!streq(version, "IKEv1"))
        {
                if (streq(rekey_time, "0"))
                {
-                       printf(", no rekeying\n");
+                       printf(", no rekeying");
                }
                else
                {
-                       printf(", rekeying every %ss\n", rekey_time);
+                       printf(", rekeying every %ss", rekey_time);
                }
        }
-       return vici_parse_cb(res, conn_sn, NULL, conn_list, NULL);
+       if (!streq(dpd_delay, "0"))
+       {
+               printf(", dpd delay %ss", dpd_delay);
+       }
+       printf("\n");
+
+       ret = vici_parse_cb(res, conn_sn, NULL, conn_list, ike);
+       free_hashtable(ike);
+       return ret;
 }
 
 CALLBACK(list_cb, void,