|
Line 0
Link Here
|
|
|
1 |
From 04f22cdabc1c97d38692f95392429839f0fa90d1 Mon Sep 17 00:00:00 2001 |
| 2 |
From: Tobias Brunner <tobias@strongswan.org> |
| 3 |
Date: Mon, 9 Nov 2015 11:39:54 +0100 |
| 4 |
Subject: [PATCH] vici: Add NAT information when listing IKE_SAs |
| 5 |
|
| 6 |
The `nat-local` and `nat-remote` keys contain information on the NAT |
| 7 |
status of the local and remote IKE endpoints, respectively. If a |
| 8 |
responder did not detect a NAT but is configured to fake a NAT situation |
| 9 |
this is indicated by `nat-fake` (if an initiator fakes a NAT situation |
| 10 |
`nat-local` is set). If any NAT is detected or faked `nat-any` is set. |
| 11 |
|
| 12 |
Closes strongswan/strongswan#16. |
| 13 |
--- |
| 14 |
src/libcharon/plugins/vici/README.md | 4 ++++ |
| 15 |
src/libcharon/plugins/vici/vici_query.c | 17 +++++++++++++++++ |
| 16 |
2 files changed, 21 insertions(+) |
| 17 |
|
| 18 |
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md |
| 19 |
index e20e8ab..51a17e2 100644 |
| 20 |
--- src/libcharon/plugins/vici/README.md |
| 21 |
+++ src/libcharon/plugins/vici/README.md |
| 22 |
@@ -587,6 +587,10 @@ command. |
| 23 |
initiator = <yes, if initiator of IKE_SA> |
| 24 |
initiator-spi = <hex encoded initiator SPI / cookie> |
| 25 |
responder-spi = <hex encoded responder SPI / cookie> |
| 26 |
+ nat-local = <yes, if local endpoint is behind a NAT> |
| 27 |
+ nat-remote = <yes, if remote endpoint is behind a NAT> |
| 28 |
+ nat-fake = <yes, if NAT situation has been faked as responder> |
| 29 |
+ nat-any = <yes, if any endpoint is behind a NAT (also if faked)> |
| 30 |
encr-alg = <IKE encryption algorithm string> |
| 31 |
encr-keysize = <key size for encr-alg, if applicable> |
| 32 |
integ-alg = <IKE integrity algorithm string> |
| 33 |
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c |
| 34 |
index 98d264f..265a17e 100644 |
| 35 |
--- src/libcharon/plugins/vici/vici_query.c |
| 36 |
+++ src/libcharon/plugins/vici/vici_query.c |
| 37 |
@@ -222,6 +222,18 @@ static void list_task_queue(private_vici_query_t *this, vici_builder_t *b, |
| 38 |
} |
| 39 |
|
| 40 |
/** |
| 41 |
+ * Add an IKE_SA condition to the given builder |
| 42 |
+ */ |
| 43 |
+static void add_condition(vici_builder_t *b, ike_sa_t *ike_sa, |
| 44 |
+ char *key, ike_condition_t cond) |
| 45 |
+{ |
| 46 |
+ if (ike_sa->has_condition(ike_sa, cond)) |
| 47 |
+ { |
| 48 |
+ b->add_kv(b, key, "yes"); |
| 49 |
+ } |
| 50 |
+} |
| 51 |
+ |
| 52 |
+/** |
| 53 |
* List details of an IKE_SA |
| 54 |
*/ |
| 55 |
static void list_ike(private_vici_query_t *this, vici_builder_t *b, |
| 56 |
@@ -265,6 +277,11 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, |
| 57 |
b->add_kv(b, "initiator-spi", "%.16"PRIx64, id->get_initiator_spi(id)); |
| 58 |
b->add_kv(b, "responder-spi", "%.16"PRIx64, id->get_responder_spi(id)); |
| 59 |
|
| 60 |
+ add_condition(b, ike_sa, "nat-local", COND_NAT_HERE); |
| 61 |
+ add_condition(b, ike_sa, "nat-remote", COND_NAT_THERE); |
| 62 |
+ add_condition(b, ike_sa, "nat-fake", COND_NAT_FAKE); |
| 63 |
+ add_condition(b, ike_sa, "nat-any", COND_NAT_ANY); |
| 64 |
+ |
| 65 |
proposal = ike_sa->get_proposal(ike_sa); |
| 66 |
if (proposal) |
| 67 |
{ |