added a "purgeike" command to stroke, deleting all IKE_SAs without a CHILD_SA
authorMartin Willi <martin@strongswan.org>
Fri, 15 May 2009 09:02:04 +0000 (11:02 +0200)
committerMartin Willi <martin@strongswan.org>
Fri, 15 May 2009 09:02:56 +0000 (11:02 +0200)
src/charon/plugins/stroke/stroke_control.c
src/charon/plugins/stroke/stroke_control.h
src/charon/plugins/stroke/stroke_socket.c
src/stroke/stroke.c
src/stroke/stroke_keywords.h
src/stroke/stroke_keywords.txt
src/stroke/stroke_msg.h

index ef918bb..c572117 100644 (file)
@@ -358,6 +358,46 @@ static void terminate_srcip(private_stroke_control_t *this,
 }
 
 /**
+ * Implementation of stroke_control_t.purge_ike
+ */
+static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+{
+       enumerator_t *enumerator;
+       iterator_t *iterator;
+       ike_sa_t *ike_sa;
+       child_sa_t *child_sa;
+       linked_list_t *list;
+       uintptr_t del;
+       stroke_log_info_t info;
+       
+       info.out = out;
+       info.level = msg->output_verbosity;
+       
+       list = linked_list_create();
+       enumerator = charon->controller->create_ike_sa_enumerator(charon->controller);
+       while (enumerator->enumerate(enumerator, &ike_sa))
+       {
+               iterator = ike_sa->create_child_sa_iterator(ike_sa);
+               if (!iterator->iterate(iterator, (void**)&child_sa))
+               {
+                       list->insert_last(list,
+                                               (void*)(uintptr_t)ike_sa->get_unique_id(ike_sa));
+               }
+               iterator->destroy(iterator);
+       }
+       enumerator->destroy(enumerator);
+       
+       enumerator = list->create_enumerator(list);
+       while (enumerator->enumerate(enumerator, &del))
+       {
+               charon->controller->terminate_ike(charon->controller, del,
+                                                                       (controller_cb_t)stroke_log, &info);
+       }
+       enumerator->destroy(enumerator);
+       list->destroy(list);
+}
+
+/**
  * Implementation of stroke_control_t.route.
  */
 static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
@@ -441,6 +481,7 @@ stroke_control_t *stroke_control_create()
        this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate;
        this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate;
        this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip;
+       this->public.purge_ike = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))purge_ike;
        this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route;
        this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute;
        this->public.destroy = (void(*)(stroke_control_t*))destroy;
index 08b8ea3..5a61a90 100644 (file)
@@ -54,6 +54,13 @@ struct stroke_control_t {
        void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
        
        /**
+        * Delete IKE_SAs without a CHILD_SA.
+        *
+        * @param msg           stroke message
+        */
+       void (*purge_ike)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
+       
+       /**
         * Route a connection.
         *
         * @param msg           stroke message
@@ -68,9 +75,9 @@ struct stroke_control_t {
        void (*unroute)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
        
        /**
-     * Destroy a stroke_control instance.
-     */
-    void (*destroy)(stroke_control_t *this);
+        * Destroy a stroke_control instance.
+        */
+       void (*destroy)(stroke_control_t *this);
 };
 
 /**
index 906473c..f61171e 100644 (file)
@@ -341,8 +341,15 @@ static void stroke_reread(private_stroke_socket_t *this,
 static void stroke_purge(private_stroke_socket_t *this,
                                                 stroke_msg_t *msg, FILE *out)
 {
-       charon->credentials->flush_cache(charon->credentials,
-                                                                        CERT_X509_OCSP_RESPONSE);
+       if (msg->purge.flags & PURGE_OCSP)
+       {
+               charon->credentials->flush_cache(charon->credentials,
+                                                                                CERT_X509_OCSP_RESPONSE);
+       }
+       if (msg->purge.flags & PURGE_IKE)
+       {
+               this->control->purge_ike(this->control, msg, out);
+       }
 }
 
 /**
index 412efc2..c27a8ca 100644 (file)
@@ -248,7 +248,8 @@ static int reread(stroke_keyword_t kw)
 }
 
 static int purge_flags[] = {
-       PURGE_OCSP
+       PURGE_OCSP,
+       PURGE_IKE,
 };
 
 static int purge(stroke_keyword_t kw)
@@ -332,6 +333,8 @@ static void exit_usage(char *error)
        printf("    stroke rereadsecrets|rereadcrls|rereadall\n");
        printf("  Purge ocsp cache entries:\n");
        printf("    stroke purgeocsp\n");
+       printf("  Purge IKE_SAs without a CHILD_SA:\n");
+       printf("    stroke purgeike\n");
        printf("  Show leases of a pool:\n");
        printf("    stroke leases [POOL [ADDRESS]]\n");
        exit_error(error);
@@ -443,6 +446,7 @@ int main(int argc, char *argv[])
                        res = reread(token->kw);
                        break;
                case STROKE_PURGE_OCSP:
+               case STROKE_PURGE_IKE:
                        res = purge(token->kw);
                        break;
                case STROKE_LEASES:
index d50b113..6332000 100644 (file)
@@ -48,6 +48,7 @@ typedef enum {
        STROKE_REREAD_CRLS,
        STROKE_REREAD_ALL,
        STROKE_PURGE_OCSP,
+       STROKE_PURGE_IKE,
        STROKE_LEASES
 } stroke_keyword_t;
 
index 3ce4211..96fa0bf 100644 (file)
@@ -55,4 +55,5 @@ rereadacerts,    STROKE_REREAD_ACERTS
 rereadcrls,      STROKE_REREAD_CRLS
 rereadall,       STROKE_REREAD_ALL
 purgeocsp,       STROKE_PURGE_OCSP
+purgeike,        STROKE_PURGE_IKE
 leases,          STROKE_LEASES
index 3718309..704c88c 100644 (file)
@@ -103,6 +103,8 @@ enum purge_flag_t {
        PURGE_NONE =            0x0000,
        /** purge ocsp cache entries */
        PURGE_OCSP =            0x0001,
+       /** purge IKE_SAs without a CHILD_SA */
+       PURGE_IKE =                     0x0002,
 };
 
 /**