swanctl: Add --redirect command
authorTobias Brunner <tobias@strongswan.org>
Tue, 28 Apr 2015 16:00:01 +0000 (18:00 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Mar 2016 15:02:59 +0000 (16:02 +0100)
src/swanctl/Makefile.am
src/swanctl/command.h
src/swanctl/commands/redirect.c [new file with mode: 0644]
src/swanctl/swanctl.8.in

index 5b6b8e4..fb02714 100644 (file)
@@ -4,6 +4,7 @@ swanctl_SOURCES = \
        command.c command.h \
        commands/initiate.c \
        commands/terminate.c \
+       commands/redirect.c \
        commands/install.c \
        commands/list_sas.c \
        commands/list_pols.c \
index 7eb11a6..8d0a2e6 100644 (file)
@@ -27,7 +27,7 @@
 /**
  * Maximum number of commands (+1).
  */
-#define MAX_COMMANDS 22
+#define MAX_COMMANDS 23
 
 /**
  * Maximum number of options in a command (+3)
diff --git a/src/swanctl/commands/redirect.c b/src/swanctl/commands/redirect.c
new file mode 100644 (file)
index 0000000..0afe96a
--- /dev/null
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) 2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+#include <errno.h>
+
+static int redirect(vici_conn_t *conn)
+{
+       vici_req_t *req;
+       vici_res_t *res;
+       command_format_options_t format = COMMAND_FORMAT_NONE;
+       char *arg, *peer_ip = NULL, *peer_id = NULL, *ike = NULL, *gateway = NULL;
+       int ret = 0, ike_id = 0;
+
+       while (TRUE)
+       {
+               switch (command_getopt(&arg))
+               {
+                       case 'h':
+                               return command_usage(NULL);
+                       case 'P':
+                               format |= COMMAND_FORMAT_PRETTY;
+                               /* fall through to raw */
+                       case 'r':
+                               format |= COMMAND_FORMAT_RAW;
+                               continue;
+                       case 'i':
+                               ike = arg;
+                               continue;
+                       case 'I':
+                               ike_id = atoi(arg);
+                               continue;
+                       case 'p':
+                               peer_ip = arg;
+                               continue;
+                       case 'd':
+                               peer_id = arg;
+                               continue;
+                       case 'g':
+                               gateway = arg;
+                               continue;
+                       case EOF:
+                               break;
+                       default:
+                               return command_usage("invalid --redirect option");
+               }
+               break;
+       }
+       req = vici_begin("redirect");
+       if (ike)
+       {
+               vici_add_key_valuef(req, "ike", "%s", ike);
+       }
+       if (ike_id)
+       {
+               vici_add_key_valuef(req, "ike-id", "%d", ike_id);
+       }
+       if (peer_ip)
+       {
+               vici_add_key_valuef(req, "peer-ip", "%s", peer_ip);
+       }
+       if (peer_id)
+       {
+               vici_add_key_valuef(req, "peer-id", "%s", peer_id);
+       }
+       if (gateway)
+       {
+               vici_add_key_valuef(req, "gateway", "%s", gateway);
+       }
+       res = vici_submit(req, conn);
+       if (!res)
+       {
+               ret = errno;
+               fprintf(stderr, "redirect request failed: %s\n", strerror(errno));
+               return ret;
+       }
+       if (format & COMMAND_FORMAT_RAW)
+       {
+               vici_dump(res, "redirect reply", format & COMMAND_FORMAT_PRETTY,
+                                 stdout);
+       }
+       else
+       {
+               if (streq(vici_find_str(res, "no", "success"), "yes"))
+               {
+                       printf("redirect completed successfully\n");
+               }
+               else
+               {
+                       fprintf(stderr, "redirect failed: %s\n",
+                                       vici_find_str(res, "", "errmsg"));
+                       ret = 1;
+               }
+       }
+       vici_free_res(res);
+       return ret;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+       command_register((command_t) {
+               redirect, 'd', "redirect", "redirect an IKE_SA",
+               {"--ike <name> | --ike-id <id> | --peer-ip <ip>",
+                "--peer-id <id> | --gateway <ip|fqdn> [--raw|--pretty]"},
+               {
+                       {"help",                'h', 0, "show usage information"},
+                       {"ike",                 'i', 1, "redirect by IKE_SA name"},
+                       {"ike-id",              'I', 1, "redirect by IKE_SA unique identifier"},
+                       {"peer-ip",             'p', 1, "redirect by client IP"},
+                       {"peer-id",             'd', 1, "redirect by IKE_SA name"},
+                       {"gateway",             'g', 1, "target gateway (IP or FQDN)"},
+                       {"raw",                 'r', 0, "dump raw response message"},
+                       {"pretty",              'P', 0, "dump raw response message in pretty print"},
+               }
+       });
+}
index 4b49d30..a307460 100644 (file)
@@ -41,6 +41,10 @@ initiate a connection
 \-\-terminate\fR
 terminate a connection
 .TP
+.B "\-d, \-\-redirect"
+\-\-redirect\fR
+redirect an IKE_SA
+.TP
 .B "\-p, \-\-install"
 install a trap or shunt policy
 .TP