sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity

added a "purgeike" command to stroke, deleting all IKE_SAs without a CHILD_SA

Browse Source
This commit is contained in:
Martin Willi 2009-05-15 11:02:04 +02:00
parent bb51102b89
commit 832427064c
7 changed files with 69 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/charon/plugins/stroke/stroke_control.c
View File

@ -357,6 +357,46 @@ static void terminate_srcip(private_stroke_control_t *this,
DESTROY_IF(end); DESTROY_IF(end);
} }
/**
* Implementation of stroke_control_t.purge_ike
*/
static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
{
enumerator_t *enumerator;
iterator_t *iterator;
ike_sa_t *ike_sa;
child_sa_t *child_sa;
linked_list_t *list;
uintptr_t del;
stroke_log_info_t info;
info.out = out;
info.level = msg->output_verbosity;
list = linked_list_create();
enumerator = charon->controller->create_ike_sa_enumerator(charon->controller);
while (enumerator->enumerate(enumerator, &ike_sa))
{
iterator = ike_sa->create_child_sa_iterator(ike_sa);
if (!iterator->iterate(iterator, (void**)&child_sa))
{
list->insert_last(list,
(void*)(uintptr_t)ike_sa->get_unique_id(ike_sa));
}
iterator->destroy(iterator);
}
enumerator->destroy(enumerator);
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &del))
{
charon->controller->terminate_ike(charon->controller, del,
(controller_cb_t)stroke_log, &info);
}
enumerator->destroy(enumerator);
list->destroy(list);
}
/** /**
* Implementation of stroke_control_t.route. * Implementation of stroke_control_t.route.
*/ */
@ -441,6 +481,7 @@ stroke_control_t *stroke_control_create()
this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate; this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate;
this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate; this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate;
this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip; this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip;
this->public.purge_ike = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))purge_ike;
this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route; this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route;
this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute; this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute;
this->public.destroy = (void(*)(stroke_control_t*))destroy; this->public.destroy = (void(*)(stroke_control_t*))destroy;

7
src/charon/plugins/stroke/stroke_control.h
View File

@ -53,6 +53,13 @@ struct stroke_control_t {
*/ */
void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
/**
* Delete IKE_SAs without a CHILD_SA.
*
* @param msg stroke message
*/
void (*purge_ike)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
/** /**
* Route a connection. * Route a connection.
* *

7
src/charon/plugins/stroke/stroke_socket.c
View File

@ -341,8 +341,15 @@ static void stroke_reread(private_stroke_socket_t *this,
static void stroke_purge(private_stroke_socket_t *this, static void stroke_purge(private_stroke_socket_t *this,
stroke_msg_t *msg, FILE *out) stroke_msg_t *msg, FILE *out)
{ {
if (msg->purge.flags & PURGE_OCSP)
{
charon->credentials->flush_cache(charon->credentials, charon->credentials->flush_cache(charon->credentials,
CERT_X509_OCSP_RESPONSE); CERT_X509_OCSP_RESPONSE);
}
if (msg->purge.flags & PURGE_IKE)
{
this->control->purge_ike(this->control, msg, out);
}
} }
/** /**

6
src/stroke/stroke.c
View File

@ -248,7 +248,8 @@ static int reread(stroke_keyword_t kw)
} }
static int purge_flags[] = { static int purge_flags[] = {
PURGE_OCSP PURGE_OCSP,
PURGE_IKE,
}; };
static int purge(stroke_keyword_t kw) static int purge(stroke_keyword_t kw)
@ -332,6 +333,8 @@ static void exit_usage(char *error)
printf(" stroke rereadsecrets|rereadcrls|rereadall\n"); printf(" stroke rereadsecrets|rereadcrls|rereadall\n");
printf(" Purge ocsp cache entries:\n"); printf(" Purge ocsp cache entries:\n");
printf(" stroke purgeocsp\n"); printf(" stroke purgeocsp\n");
printf(" Purge IKE_SAs without a CHILD_SA:\n");
printf(" stroke purgeike\n");
printf(" Show leases of a pool:\n"); printf(" Show leases of a pool:\n");
printf(" stroke leases [POOL [ADDRESS]]\n"); printf(" stroke leases [POOL [ADDRESS]]\n");
exit_error(error); exit_error(error);
@ -443,6 +446,7 @@ int main(int argc, char *argv[])
res = reread(token->kw); res = reread(token->kw);
break; break;
case STROKE_PURGE_OCSP: case STROKE_PURGE_OCSP:
case STROKE_PURGE_IKE:
res = purge(token->kw); res = purge(token->kw);
break; break;
case STROKE_LEASES: case STROKE_LEASES:

1
src/stroke/stroke_keywords.h
View File

@ -48,6 +48,7 @@ typedef enum {
STROKE_REREAD_CRLS, STROKE_REREAD_CRLS,
STROKE_REREAD_ALL, STROKE_REREAD_ALL,
STROKE_PURGE_OCSP, STROKE_PURGE_OCSP,
STROKE_PURGE_IKE,
STROKE_LEASES STROKE_LEASES
} stroke_keyword_t; } stroke_keyword_t;

1
src/stroke/stroke_keywords.txt
View File

@ -55,4 +55,5 @@ rereadacerts, STROKE_REREAD_ACERTS
rereadcrls, STROKE_REREAD_CRLS rereadcrls, STROKE_REREAD_CRLS
rereadall, STROKE_REREAD_ALL rereadall, STROKE_REREAD_ALL
purgeocsp, STROKE_PURGE_OCSP purgeocsp, STROKE_PURGE_OCSP
purgeike, STROKE_PURGE_IKE
leases, STROKE_LEASES leases, STROKE_LEASES

2
src/stroke/stroke_msg.h
View File

@ -103,6 +103,8 @@ enum purge_flag_t {
PURGE_NONE = 0x0000, PURGE_NONE = 0x0000,
/** purge ocsp cache entries */ /** purge ocsp cache entries */
PURGE_OCSP = 0x0001, PURGE_OCSP = 0x0001,
/** purge IKE_SAs without a CHILD_SA */
PURGE_IKE = 0x0002,
}; };
/** /**