Signed-off-by: Timo Teräs <[email protected]>
---
First attempt, for feedback. This allows vici clients to subscribe
ike-updown and child-updown events for tracking active SAs.
src/libcharon/plugins/vici/vici_plugin.c | 2 ++
src/libcharon/plugins/vici/vici_query.c | 51 +++++++++++++++++++++++++++
src/libcharon/plugins/vici/vici_query.h | 6 ++++
src/swanctl/command.h | 2 +-
src/swanctl/commands/list_sas.c | 60 +++++++++++++++++++++++++++++++-
5 files changed, 119 insertions(+), 2 deletions(-)
diff --git a/src/libcharon/plugins/vici/vici_plugin.c
b/src/libcharon/plugins/vici/vici_plugin.c
index 8881fec..867160a 100644
--- a/src/libcharon/plugins/vici/vici_plugin.c
+++ b/src/libcharon/plugins/vici/vici_plugin.c
@@ -107,12 +107,14 @@ static bool register_vici(private_vici_plugin_t *this,
hydra->attributes->add_provider(hydra->attributes,
&this->attrs->provider);
charon->bus->add_logger(charon->bus,
&this->logger->logger);
+ charon->bus->add_listener(charon->bus,
&this->query->listener);
return TRUE;
}
return FALSE;
}
else
{
+ charon->bus->remove_listener(charon->bus,
&this->query->listener);
charon->bus->remove_logger(charon->bus, &this->logger->logger);
hydra->attributes->remove_provider(hydra->attributes,
&this->attrs->provider);
diff --git a/src/libcharon/plugins/vici/vici_query.c
b/src/libcharon/plugins/vici/vici_query.c
index 54833ab..e0245b9 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1003,6 +1003,8 @@ static void manage_commands(private_vici_query_t *this,
bool reg)
this->dispatcher->manage_event(this->dispatcher, "list-policy", reg);
this->dispatcher->manage_event(this->dispatcher, "list-conn", reg);
this->dispatcher->manage_event(this->dispatcher, "list-cert", reg);
+ this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg);
+ this->dispatcher->manage_event(this->dispatcher, "child-updown", reg);
manage_command(this, "list-sas", list_sas, reg);
manage_command(this, "list-policies", list_policies, reg);
manage_command(this, "list-conns", list_conns, reg);
@@ -1011,6 +1013,51 @@ static void manage_commands(private_vici_query_t *this,
bool reg)
manage_command(this, "stats", stats, reg);
}
+METHOD(listener_t, ike_updown, bool,
+ private_vici_query_t *this, ike_sa_t *ike_sa, bool up)
+{
+ vici_builder_t *b;
+ time_t now;
+
+ now = time_monotonic(NULL);
+
+ b = vici_builder_create();
+ b->begin_section(b, ike_sa->get_name(ike_sa));
+ list_ike(this, b, ike_sa, now);
+ b->begin_section(b, "child-sas");
+ b->end_section(b);
+ b->end_section(b);
+
+ this->dispatcher->raise_event(this->dispatcher, "ike-updown", 0,
b->finalize(b));
+
+ return TRUE;
+}
+
+METHOD(listener_t, child_updown, bool,
+ private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
bool up)
+{
+ vici_builder_t *b;
+ time_t now;
+
+ now = time_monotonic(NULL);
+ b = vici_builder_create();
+
+ b->begin_section(b, ike_sa->get_name(ike_sa));
+ list_ike(this, b, ike_sa, now);
+ b->begin_section(b, "child-sas");
+
+ b->begin_section(b, child_sa->get_name(child_sa));
+ list_child(this, b, child_sa, now);
+ b->end_section(b);
+
+ b->end_section(b);
+ b->end_section(b);
+
+ this->dispatcher->raise_event(this->dispatcher, "child-updown", 0,
b->finalize(b));
+
+ return TRUE;
+}
+
METHOD(vici_query_t, destroy, void,
private_vici_query_t *this)
{
@@ -1027,6 +1074,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t
*dispatcher)
INIT(this,
.public = {
+ .listener = {
+ .ike_updown = _ike_updown,
+ .child_updown = _child_updown,
+ },
.destroy = _destroy,
},
.dispatcher = dispatcher,
diff --git a/src/libcharon/plugins/vici/vici_query.h
b/src/libcharon/plugins/vici/vici_query.h
index da72b14..dd2a2fa 100644
--- a/src/libcharon/plugins/vici/vici_query.h
+++ b/src/libcharon/plugins/vici/vici_query.h
@@ -18,6 +18,7 @@
* @{ @ingroup vici
*/
+#include <bus/listeners/listener.h>
#include "vici_dispatcher.h"
#ifndef VICI_QUERY_H_
@@ -31,6 +32,11 @@ typedef struct vici_query_t vici_query_t;
struct vici_query_t {
/**
+ * Implements listener_t.
+ */
+ listener_t listener;
+
+ /**
* Destroy a vici_query_t.
*/
void (*destroy)(vici_query_t *this);
diff --git a/src/swanctl/command.h b/src/swanctl/command.h
index 8510fa4..65488c3 100644
--- a/src/swanctl/command.h
+++ b/src/swanctl/command.h
@@ -27,7 +27,7 @@
/**
* Maximum number of commands (+1).
*/
-#define MAX_COMMANDS 16
+#define MAX_COMMANDS 17
/**
* Maximum number of options in a command (+3)
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index 80c279c..5ddabaf 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -262,9 +262,12 @@ CALLBACK(ike_sas, int,
CALLBACK(list_cb, void,
command_format_options_t *format, char *name, vici_res_t *res)
{
+ char buf[256];
+
if (*format & COMMAND_FORMAT_RAW)
{
- vici_dump(res, "list-sa event", *format & COMMAND_FORMAT_PRETTY,
+ snprintf(buf, sizeof(buf), "%s event", name);
+ vici_dump(res, buf, *format & COMMAND_FORMAT_PRETTY,
stdout);
}
else
@@ -346,6 +349,48 @@ static int list_sas(vici_conn_t *conn)
return 0;
}
+static int monitor_sas(vici_conn_t *conn)
+{
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ char *arg;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --list-sas
option");
+ }
+ break;
+ }
+ if (vici_register(conn, "ike-updown", list_cb, &format) != 0)
+ {
+ fprintf(stderr, "registering for SAs failed: %s\n",
strerror(errno));
+ return errno;
+ }
+ if (vici_register(conn, "child-updown", list_cb, &format) != 0)
+ {
+ fprintf(stderr, "registering for SAs failed: %s\n",
strerror(errno));
+ return errno;
+ }
+
+ wait_sigint();
+
+ fprintf(stderr, "disconnecting...\n");
+
+ return 0;
+}
+
/**
* Register the command.
*/
@@ -364,3 +409,16 @@ static void __attribute__ ((constructor))reg()
}
});
}
+
+static void __attribute__ ((constructor))reg_monitor_sa()
+{
+ command_register((command_t) {
+ monitor_sas, 'm', "monitor-sa", "monitor for IKE_SA changes",
+ {"[--raw|--pretty]"},
+ {
+ {"help", 'h', 0, "show usage
information"},
+ {"raw", 'r', 0, "dump raw response
message"},
+ {"pretty", 'P', 0, "dump raw response
message in pretty print"},
+ }
+ });
+}
--
2.1.0
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
