[strongSwan-dev] [PATCH] vici: add support for SA updown notifications

Timo Teräs timo.teras at iki.fi
Wed Aug 20 15:12:32 CEST 2014 

Signed-off-by: Timo Teräs <timo.teras at iki.fi>
---
First attempt, for feedback. This allows vici clients to subscribe
ike-updown and child-updown events for tracking active SAs.

 src/libcharon/plugins/vici/vici_plugin.c |  2 ++
 src/libcharon/plugins/vici/vici_query.c  | 51 +++++++++++++++++++++++++++
 src/libcharon/plugins/vici/vici_query.h  |  6 ++++
 src/swanctl/command.h                    |  2 +-
 src/swanctl/commands/list_sas.c          | 60 +++++++++++++++++++++++++++++++-
 5 files changed, 119 insertions(+), 2 deletions(-)

diff --git a/src/libcharon/plugins/vici/vici_plugin.c b/src/libcharon/plugins/vici/vici_plugin.c
index 8881fec..867160a 100644
--- a/src/libcharon/plugins/vici/vici_plugin.c
+++ b/src/libcharon/plugins/vici/vici_plugin.c
@@ -107,12 +107,14 @@ static bool register_vici(private_vici_plugin_t *this,
 			hydra->attributes->add_provider(hydra->attributes,
 											&this->attrs->provider);
 			charon->bus->add_logger(charon->bus, &this->logger->logger);
+			charon->bus->add_listener(charon->bus, &this->query->listener);
 			return TRUE;
 		}
 		return FALSE;
 	}
 	else
 	{
+		charon->bus->remove_listener(charon->bus, &this->query->listener);
 		charon->bus->remove_logger(charon->bus, &this->logger->logger);
 		hydra->attributes->remove_provider(hydra->attributes,
 										   &this->attrs->provider);
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 54833ab..e0245b9 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1003,6 +1003,8 @@ static void manage_commands(private_vici_query_t *this, bool reg)
 	this->dispatcher->manage_event(this->dispatcher, "list-policy", reg);
 	this->dispatcher->manage_event(this->dispatcher, "list-conn", reg);
 	this->dispatcher->manage_event(this->dispatcher, "list-cert", reg);
+	this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg);
+	this->dispatcher->manage_event(this->dispatcher, "child-updown", reg);
 	manage_command(this, "list-sas", list_sas, reg);
 	manage_command(this, "list-policies", list_policies, reg);
 	manage_command(this, "list-conns", list_conns, reg);
@@ -1011,6 +1013,51 @@ static void manage_commands(private_vici_query_t *this, bool reg)
 	manage_command(this, "stats", stats, reg);
 }
 
+METHOD(listener_t, ike_updown, bool,
+	private_vici_query_t *this, ike_sa_t *ike_sa, bool up)
+{
+	vici_builder_t *b;
+	time_t now;
+
+	now = time_monotonic(NULL);
+
+	b = vici_builder_create();
+	b->begin_section(b, ike_sa->get_name(ike_sa));
+	list_ike(this, b, ike_sa, now);
+	b->begin_section(b, "child-sas");
+	b->end_section(b);
+	b->end_section(b);
+
+	this->dispatcher->raise_event(this->dispatcher, "ike-updown", 0, b->finalize(b));
+
+	return TRUE;
+}
+
+METHOD(listener_t, child_updown, bool,
+	private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up)
+{
+	vici_builder_t *b;
+	time_t now;
+
+	now = time_monotonic(NULL);
+	b = vici_builder_create();
+
+	b->begin_section(b, ike_sa->get_name(ike_sa));
+	list_ike(this, b, ike_sa, now);
+	b->begin_section(b, "child-sas");
+
+	b->begin_section(b, child_sa->get_name(child_sa));
+	list_child(this, b, child_sa, now);
+	b->end_section(b);
+
+	b->end_section(b);
+	b->end_section(b);
+
+	this->dispatcher->raise_event(this->dispatcher, "child-updown", 0, b->finalize(b));
+
+	return TRUE;
+}
+
 METHOD(vici_query_t, destroy, void,
 	private_vici_query_t *this)
 {
@@ -1027,6 +1074,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher)
 
 	INIT(this,
 		.public = {
+			.listener = {
+				.ike_updown = _ike_updown,
+				.child_updown = _child_updown,
+			},
 			.destroy = _destroy,
 		},
 		.dispatcher = dispatcher,
diff --git a/src/libcharon/plugins/vici/vici_query.h b/src/libcharon/plugins/vici/vici_query.h
index da72b14..dd2a2fa 100644
--- a/src/libcharon/plugins/vici/vici_query.h
+++ b/src/libcharon/plugins/vici/vici_query.h
@@ -18,6 +18,7 @@
  * @{ @ingroup vici
  */
 
+#include <bus/listeners/listener.h>
 #include "vici_dispatcher.h"
 
 #ifndef VICI_QUERY_H_
@@ -31,6 +32,11 @@ typedef struct vici_query_t vici_query_t;
 struct vici_query_t {
 
 	/**
+	 * Implements listener_t.
+	 */
+	listener_t listener;
+
+	/**
 	 * Destroy a vici_query_t.
 	 */
 	void (*destroy)(vici_query_t *this);
diff --git a/src/swanctl/command.h b/src/swanctl/command.h
index 8510fa4..65488c3 100644
--- a/src/swanctl/command.h
+++ b/src/swanctl/command.h
@@ -27,7 +27,7 @@
 /**
  * Maximum number of commands (+1).
  */
-#define MAX_COMMANDS 16
+#define MAX_COMMANDS 17
 
 /**
  * Maximum number of options in a command (+3)
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index 80c279c..5ddabaf 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -262,9 +262,12 @@ CALLBACK(ike_sas, int,
 CALLBACK(list_cb, void,
 	command_format_options_t *format, char *name, vici_res_t *res)
 {
+	char buf[256];
+
 	if (*format & COMMAND_FORMAT_RAW)
 	{
-		vici_dump(res, "list-sa event", *format & COMMAND_FORMAT_PRETTY,
+		snprintf(buf, sizeof(buf), "%s event", name);
+		vici_dump(res, buf, *format & COMMAND_FORMAT_PRETTY,
 				  stdout);
 	}
 	else
@@ -346,6 +349,48 @@ static int list_sas(vici_conn_t *conn)
 	return 0;
 }
 
+static int monitor_sas(vici_conn_t *conn)
+{
+	command_format_options_t format = COMMAND_FORMAT_NONE;
+	char *arg;
+
+	while (TRUE)
+	{
+		switch (command_getopt(&arg))
+		{
+			case 'h':
+				return command_usage(NULL);
+			case 'P':
+				format |= COMMAND_FORMAT_PRETTY;
+				/* fall through to raw */
+			case 'r':
+				format |= COMMAND_FORMAT_RAW;
+				continue;
+			case EOF:
+				break;
+			default:
+				return command_usage("invalid --list-sas option");
+		}
+		break;
+	}
+	if (vici_register(conn, "ike-updown", list_cb, &format) != 0)
+	{
+		fprintf(stderr, "registering for SAs failed: %s\n", strerror(errno));
+		return errno;
+	}
+	if (vici_register(conn, "child-updown", list_cb, &format) != 0)
+	{
+		fprintf(stderr, "registering for SAs failed: %s\n", strerror(errno));
+		return errno;
+	}
+
+	wait_sigint();
+
+	fprintf(stderr, "disconnecting...\n");
+
+	return 0;
+}
+
 /**
  * Register the command.
  */
@@ -364,3 +409,16 @@ static void __attribute__ ((constructor))reg()
 		}
 	});
 }
+
+static void __attribute__ ((constructor))reg_monitor_sa()
+{
+	command_register((command_t) {
+		monitor_sas, 'm', "monitor-sa", "monitor for IKE_SA changes",
+		{"[--raw|--pretty]"},
+		{
+			{"help",		'h', 0, "show usage information"},
+			{"raw",			'r', 0, "dump raw response message"},
+			{"pretty",		'P', 0, "dump raw response message in pretty print"},
+		}
+	});
+}
-- 
2.1.0

More information about the Dev mailing list