[strongSwan-dev] [PATCH 4/4] vici: add support for individual sa state changes

Wed, 30 Mar 2016 00:01:33 -0700 

Useful for monitoring and tracking full SA.

Signed-off-by: Timo Teräs <[email protected]>
---
 src/libcharon/plugins/vici/vici_query.c | 105 ++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)

diff --git a/src/libcharon/plugins/vici/vici_query.c 
b/src/libcharon/plugins/vici/vici_query.c
index 8c538f0..b49f65b 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1356,8 +1356,16 @@ static void manage_commands(private_vici_query_t *this, 
bool reg)
        this->dispatcher->manage_event(this->dispatcher, "list-cert", reg);
        this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg);
        this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg);
+       this->dispatcher->manage_event(this->dispatcher, 
"ike-state-established", reg);
+       this->dispatcher->manage_event(this->dispatcher, 
"ike-state-destroying", reg);
        this->dispatcher->manage_event(this->dispatcher, "child-updown", reg);
        this->dispatcher->manage_event(this->dispatcher, "child-rekey", reg);
+       this->dispatcher->manage_event(this->dispatcher, 
"child-state-installing", reg);
+       this->dispatcher->manage_event(this->dispatcher, 
"child-state-installed", reg);
+       this->dispatcher->manage_event(this->dispatcher, 
"child-state-updating", reg);
+       this->dispatcher->manage_event(this->dispatcher, 
"child-state-rekeying", reg);
+       this->dispatcher->manage_event(this->dispatcher, "child-state-rekeyed", 
reg);
+       this->dispatcher->manage_event(this->dispatcher, 
"child-state-destroying", reg);
        manage_command(this, "list-sas", list_sas, reg);
        manage_command(this, "list-policies", list_policies, reg);
        manage_command(this, "list-conns", list_conns, reg);
@@ -1426,6 +1434,45 @@ METHOD(listener_t, ike_rekey, bool,
        return TRUE;
 }
 
+METHOD(listener_t, ike_state_change, bool,
+       private_vici_query_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
+{
+       char *event;
+       vici_builder_t *b;
+       time_t now;
+
+       switch (state)
+       {
+       case IKE_ESTABLISHED:
+               event = "ike-state-established";
+               break;
+       case IKE_DESTROYING:
+               event = "ike-state-destroying";
+               break;
+       default:
+               return TRUE;
+       }
+
+       if (!this->dispatcher->has_event_listeners(this->dispatcher, event))
+       {
+               return TRUE;
+       }
+
+       now = time_monotonic(NULL);
+
+       b = vici_builder_create();
+       b->begin_section(b, ike_sa->get_name(ike_sa));
+       list_ike(this, b, ike_sa, now, state != IKE_DESTROYING);
+       b->begin_section(b, "child-sas");
+       b->end_section(b);
+       b->end_section(b);
+
+       this->dispatcher->raise_event(this->dispatcher,
+                                                                 event, 0, 
b->finalize(b));
+
+       return TRUE;
+}
+
 METHOD(listener_t, child_updown, bool,
        private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, 
bool up)
 {
@@ -1501,6 +1548,62 @@ METHOD(listener_t, child_rekey, bool,
        return TRUE;
 }
 
+METHOD(listener_t, child_state_change, bool,
+       private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, 
child_sa_state_t state)
+{
+       char *event;
+       vici_builder_t *b;
+       time_t now;
+
+       switch (state)
+       {
+       case CHILD_INSTALLING:
+               event = "child-state-installing";
+               break;
+       case CHILD_INSTALLED:
+               event = "child-state-installed";
+               break;
+       case CHILD_UPDATING:
+               event = "child-state-updating";
+               break;
+       case CHILD_REKEYING:
+               event = "child-state-rekeying";
+               break;
+       case CHILD_REKEYED:
+               event = "child-state-rekeyed";
+               break;
+       case CHILD_DESTROYING:
+               event = "child-state-destroying";
+               break;
+       default:
+               return TRUE;
+       }
+
+       if (!this->dispatcher->has_event_listeners(this->dispatcher, event))
+       {
+               return TRUE;
+       }
+
+       now = time_monotonic(NULL);
+
+       b = vici_builder_create();
+       b->begin_section(b, ike_sa->get_name(ike_sa));
+       list_ike(this, b, ike_sa, now, state != CHILD_DESTROYING);
+       b->begin_section(b, "child-sas");
+
+       b->begin_section(b, child_sa->get_name(child_sa));
+       list_child(this, b, child_sa, now);
+       b->end_section(b);
+
+       b->end_section(b);
+       b->end_section(b);
+
+       this->dispatcher->raise_event(this->dispatcher,
+                                                                 event, 0, 
b->finalize(b));
+
+       return TRUE;
+}
+
 METHOD(vici_query_t, destroy, void,
        private_vici_query_t *this)
 {
@@ -1520,8 +1623,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t 
*dispatcher)
                        .listener = {
                                .ike_updown = _ike_updown,
                                .ike_rekey = _ike_rekey,
+                               .ike_state_change = _ike_state_change,
                                .child_updown = _child_updown,
                                .child_rekey = _child_rekey,
+                               .child_state_change = _child_state_change,
                        },
                        .destroy = _destroy,
                },
-- 
2.7.4

_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev

Reply via email to