added a "purgeike" command to stroke, deleting all IKE_SAs without a CHILD_SA

2025-10-06 00:00:47 -04:00 · 2009-05-15 11:02:04 +02:00 · 2009-05-15 11:02:04 +02:00 · 832427064c
commit 832427064c
parent bb51102b89
7 changed files with 69 additions and 6 deletions
--- a/src/charon/plugins/stroke/stroke_control.c
+++ b/src/charon/plugins/stroke/stroke_control.c
@ -357,6 +357,46 @@ static void terminate_srcip(private_stroke_control_t *this,
 	DESTROY_IF(end);
 }
 /**
 * Implementation of stroke_control_t.purge_ike
 */
 static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
 {
 	enumerator_t *enumerator;
 	iterator_t *iterator;
 	ike_sa_t *ike_sa;
 	child_sa_t *child_sa;
 	linked_list_t *list;
 	uintptr_t del;
 	stroke_log_info_t info;
 	info.out = out;
 	info.level = msg->output_verbosity;
 	list = linked_list_create();
 	enumerator = charon->controller->create_ike_sa_enumerator(charon->controller);
 	while (enumerator->enumerate(enumerator, &ike_sa))
 	{
 		iterator = ike_sa->create_child_sa_iterator(ike_sa);
 		if (!iterator->iterate(iterator, (void**)&child_sa))
 		{
 			list->insert_last(list,
 						(void*)(uintptr_t)ike_sa->get_unique_id(ike_sa));
 		}
 		iterator->destroy(iterator);
 	}
 	enumerator->destroy(enumerator);
 	enumerator = list->create_enumerator(list);
 	while (enumerator->enumerate(enumerator, &del))
 	{
 		charon->controller->terminate_ike(charon->controller, del,
 									(controller_cb_t)stroke_log, &info);
 	}
 	enumerator->destroy(enumerator);
 	list->destroy(list);
 }
 /**
 * Implementation of stroke_control_t.route.
 */
@ -441,6 +481,7 @@ stroke_control_t *stroke_control_create()
 	this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate;
 	this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate;
 	this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip;
 	this->public.purge_ike = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))purge_ike;
 	this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route;
 	this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute;
 	this->public.destroy = (void(*)(stroke_control_t*))destroy;
--- a/src/charon/plugins/stroke/stroke_control.h
+++ b/src/charon/plugins/stroke/stroke_control.h
@ -53,6 +53,13 @@ struct stroke_control_t {
 	 */
 	void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
 	/**
 	 * Delete IKE_SAs without a CHILD_SA.
 	 *
 	 * @param msg		stroke message
 	 */
 	void (*purge_ike)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
 	/**
 	 * Route a connection.
 	 *
@ -68,9 +75,9 @@ struct stroke_control_t {
 	void (*unroute)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
 	/**
-     * Destroy a stroke_control instance.
+	 * Destroy a stroke_control instance.
-     */
+	 */
-    void (*destroy)(stroke_control_t *this);
+	void (*destroy)(stroke_control_t *this);
 };
 /**
--- a/src/charon/plugins/stroke/stroke_socket.c
+++ b/src/charon/plugins/stroke/stroke_socket.c
@ -341,8 +341,15 @@ static void stroke_reread(private_stroke_socket_t *this,
 static void stroke_purge(private_stroke_socket_t *this,
 						 stroke_msg_t *msg, FILE *out)
 {
-	charon->credentials->flush_cache(charon->credentials,
+	if (msg->purge.flags & PURGE_OCSP)
-									 CERT_X509_OCSP_RESPONSE);
+	{
 		charon->credentials->flush_cache(charon->credentials,
 										 CERT_X509_OCSP_RESPONSE);
 	}
 	if (msg->purge.flags & PURGE_IKE)
 	{
 		this->control->purge_ike(this->control, msg, out);
 	}
 }
 /**
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@ -248,7 +248,8 @@ static int reread(stroke_keyword_t kw)
 }
 static int purge_flags[] = {
-	PURGE_OCSP
+	PURGE_OCSP,
 	PURGE_IKE,
 };
 static int purge(stroke_keyword_t kw)
@ -332,6 +333,8 @@ static void exit_usage(char *error)
 	printf("    stroke rereadsecrets|rereadcrls|rereadall\n");
 	printf("  Purge ocsp cache entries:\n");
 	printf("    stroke purgeocsp\n");
 	printf("  Purge IKE_SAs without a CHILD_SA:\n");
 	printf("    stroke purgeike\n");
 	printf("  Show leases of a pool:\n");
 	printf("    stroke leases [POOL [ADDRESS]]\n");
 	exit_error(error);
@ -443,6 +446,7 @@ int main(int argc, char *argv[])
 			res = reread(token->kw);
 			break;
 		case STROKE_PURGE_OCSP:
 		case STROKE_PURGE_IKE:
 			res = purge(token->kw);
 			break;
 		case STROKE_LEASES:
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@ -48,6 +48,7 @@ typedef enum {
 	STROKE_REREAD_CRLS,
 	STROKE_REREAD_ALL,
 	STROKE_PURGE_OCSP,
 	STROKE_PURGE_IKE,
 	STROKE_LEASES
 } stroke_keyword_t;
--- a/src/stroke/stroke_keywords.txt
+++ b/src/stroke/stroke_keywords.txt
@ -55,4 +55,5 @@ rereadacerts,    STROKE_REREAD_ACERTS
 rereadcrls,      STROKE_REREAD_CRLS
 rereadall,       STROKE_REREAD_ALL
 purgeocsp,       STROKE_PURGE_OCSP
 purgeike,        STROKE_PURGE_IKE
 leases,          STROKE_LEASES
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@ -103,6 +103,8 @@ enum purge_flag_t {
 	PURGE_NONE =		0x0000,
 	/** purge ocsp cache entries */
 	PURGE_OCSP =		0x0001,
 	/** purge IKE_SAs without a CHILD_SA */
 	PURGE_IKE =			0x0002,
 };
 /**