[strongSwan-dev] [PATCH 4/4] vici: add support for individual sa state changes

[Timo Teräs]

Useful for monitoring and tracking full SA.

Signed-off-by: Timo Teräs <timo.teras at iki.fi>
---
 src/libcharon/plugins/vici/vici_query.c | 105 ++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)

diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 8c538f0..b49f65b 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1356,8 +1356,16 @@ static void manage_commands(private_vici_query_t *this, bool reg)
 	this->dispatcher->manage_event(this->dispatcher, "list-cert", reg);
 	this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg);
 	this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg);
+	this->dispatcher->manage_event(this->dispatcher, "ike-state-established", reg);
+	this->dispatcher->manage_event(this->dispatcher, "ike-state-destroying", reg);
 	this->dispatcher->manage_event(this->dispatcher, "child-updown", reg);
 	this->dispatcher->manage_event(this->dispatcher, "child-rekey", reg);
+	this->dispatcher->manage_event(this->dispatcher, "child-state-installing", reg);
+	this->dispatcher->manage_event(this->dispatcher, "child-state-installed", reg);
+	this->dispatcher->manage_event(this->dispatcher, "child-state-updating", reg);
+	this->dispatcher->manage_event(this->dispatcher, "child-state-rekeying", reg);
+	this->dispatcher->manage_event(this->dispatcher, "child-state-rekeyed", reg);
+	this->dispatcher->manage_event(this->dispatcher, "child-state-destroying", reg);
 	manage_command(this, "list-sas", list_sas, reg);
 	manage_command(this, "list-policies", list_policies, reg);
 	manage_command(this, "list-conns", list_conns, reg);
@@ -1426,6 +1434,45 @@ METHOD(listener_t, ike_rekey, bool,
 	return TRUE;
 }
 
+METHOD(listener_t, ike_state_change, bool,
+	private_vici_query_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
+{
+	char *event;
+	vici_builder_t *b;
+	time_t now;
+
+	switch (state)
+	{
+	case IKE_ESTABLISHED:
+		event = "ike-state-established";
+		break;
+	case IKE_DESTROYING:
+		event = "ike-state-destroying";
+		break;
+	default:
+		return TRUE;
+	}
+
+	if (!this->dispatcher->has_event_listeners(this->dispatcher, event))
+	{
+		return TRUE;
+	}
+
+	now = time_monotonic(NULL);
+
+	b = vici_builder_create();
+	b->begin_section(b, ike_sa->get_name(ike_sa));
+	list_ike(this, b, ike_sa, now, state != IKE_DESTROYING);
+	b->begin_section(b, "child-sas");
+	b->end_section(b);
+	b->end_section(b);
+
+	this->dispatcher->raise_event(this->dispatcher,
+								  event, 0, b->finalize(b));
+
+	return TRUE;
+}
+
 METHOD(listener_t, child_updown, bool,
 	private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up)
 {
@@ -1501,6 +1548,62 @@ METHOD(listener_t, child_rekey, bool,
 	return TRUE;
 }
 
+METHOD(listener_t, child_state_change, bool,
+	private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state)
+{
+	char *event;
+	vici_builder_t *b;
+	time_t now;
+
+	switch (state)
+	{
+	case CHILD_INSTALLING:
+		event = "child-state-installing";
+		break;
+	case CHILD_INSTALLED:
+		event = "child-state-installed";
+		break;
+	case CHILD_UPDATING:
+		event = "child-state-updating";
+		break;
+	case CHILD_REKEYING:
+		event = "child-state-rekeying";
+		break;
+	case CHILD_REKEYED:
+		event = "child-state-rekeyed";
+		break;
+	case CHILD_DESTROYING:
+		event = "child-state-destroying";
+		break;
+	default:
+		return TRUE;
+	}
+
+	if (!this->dispatcher->has_event_listeners(this->dispatcher, event))
+	{
+		return TRUE;
+	}
+
+	now = time_monotonic(NULL);
+
+	b = vici_builder_create();
+	b->begin_section(b, ike_sa->get_name(ike_sa));
+	list_ike(this, b, ike_sa, now, state != CHILD_DESTROYING);
+	b->begin_section(b, "child-sas");
+
+	b->begin_section(b, child_sa->get_name(child_sa));
+	list_child(this, b, child_sa, now);
+	b->end_section(b);
+
+	b->end_section(b);
+	b->end_section(b);
+
+	this->dispatcher->raise_event(this->dispatcher,
+								  event, 0, b->finalize(b));
+
+	return TRUE;
+}
+
 METHOD(vici_query_t, destroy, void,
 	private_vici_query_t *this)
 {
@@ -1520,8 +1623,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher)
 			.listener = {
 				.ike_updown = _ike_updown,
 				.ike_rekey = _ike_rekey,
+				.ike_state_change = _ike_state_change,
 				.child_updown = _child_updown,
 				.child_rekey = _child_rekey,
+				.child_state_change = _child_state_change,
 			},
 			.destroy = _destroy,
 		},
-- 
2.7.4