From: Martin Willi <martin@revosec.ch>
Date: Mon, 8 Oct 2012 09:36:07 +0000 (+0200)
Subject: Add stroke counters for invalid IKE messages
X-Git-Tag: 5.0.2dr4~322
X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=5715af75086e7e6a181c655df10186453c55d1c9

Add stroke counters for invalid IKE messages
---

diff --git a/src/libcharon/plugins/stroke/stroke_counter.c b/src/libcharon/plugins/stroke/stroke_counter.c
index ab2882e..67ed988 100644
--- a/src/libcharon/plugins/stroke/stroke_counter.c
+++ b/src/libcharon/plugins/stroke/stroke_counter.c
@@ -65,6 +65,32 @@ struct private_stroke_counter_t {
 	spinlock_t *lock;
 };
 
+METHOD(listener_t, alert, bool,
+	private_stroke_counter_t *this, ike_sa_t *ike_sa,
+	alert_t alert, va_list args)
+{
+	stroke_counter_type_t type;
+
+	switch (alert)
+	{
+		case ALERT_INVALID_IKE_SPI:
+			type = COUNTER_IN_INVALID_IKE_SPI;
+			break;
+		case ALERT_PARSE_ERROR_HEADER:
+		case ALERT_PARSE_ERROR_BODY:
+			type = COUNTER_IN_INVALID;
+			break;
+		default:
+			return TRUE;
+	}
+
+	this->lock->lock(this->lock);
+	this->counter[type]++;
+	this->lock->unlock(this->lock);
+
+	return TRUE;
+}
+
 METHOD(listener_t, ike_rekey, bool,
 	private_stroke_counter_t *this, ike_sa_t *old, ike_sa_t *new)
 {
@@ -116,6 +142,7 @@ stroke_counter_t *stroke_counter_create()
 	INIT(this,
 		.public = {
 			.listener = {
+				.alert = _alert,
 				.ike_rekey = _ike_rekey,
 				.child_rekey = _child_rekey,
 			},