swanctl: Add option to force IKE_SA termination
authorTobias Brunner <tobias@strongswan.org>
Fri, 27 Apr 2018 16:11:42 +0000 (18:11 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 22 May 2018 08:06:07 +0000 (10:06 +0200)
src/swanctl/commands/terminate.c

index 8b3233c..bce404a 100644 (file)
@@ -39,6 +39,7 @@ static int terminate(vici_conn_t *conn)
        command_format_options_t format = COMMAND_FORMAT_NONE;
        char *arg, *child = NULL, *ike = NULL;
        int ret = 0, timeout = 0, level = 1, child_id = 0, ike_id = 0;
+       bool force = FALSE;
 
        while (TRUE)
        {
@@ -55,6 +56,9 @@ static int terminate(vici_conn_t *conn)
                        case 'c':
                                child = arg;
                                continue;
+                       case 'f':
+                               force = TRUE;
+                               continue;
                        case 'i':
                                ike = arg;
                                continue;
@@ -101,6 +105,10 @@ static int terminate(vici_conn_t *conn)
        {
                vici_add_key_valuef(req, "ike-id", "%d", ike_id);
        }
+       if (force)
+       {
+               vici_add_key_valuef(req, "force", "yes");
+       }
        if (timeout)
        {
                vici_add_key_valuef(req, "timeout", "%d", timeout * 1000);
@@ -150,6 +158,7 @@ static void __attribute__ ((constructor))reg()
                        {"ike",                 'i', 1, "terminate by IKE_SA name"},
                        {"child-id",    'C', 1, "terminate by CHILD_SA reqid"},
                        {"ike-id",              'I', 1, "terminate by IKE_SA unique identifier"},
+                       {"force",               'f', 0, "terminate IKE_SA without waiting, unless timeout is set"},
                        {"timeout",             't', 1, "timeout in seconds before detaching"},
                        {"raw",                 'r', 0, "dump raw response message"},
                        {"pretty",              'P', 0, "dump raw response message in pretty print"},