From 04f22cdabc1c97d38692f95392429839f0fa90d1 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 9 Nov 2015 11:39:54 +0100
Subject: [PATCH] vici: Add NAT information when listing IKE_SAs

The `nat-local` and `nat-remote` keys contain information on the NAT
status of the local and remote IKE endpoints, respectively.  If a
responder did not detect a NAT but is configured to fake a NAT situation
this is indicated by `nat-fake` (if an initiator fakes a NAT situation
`nat-local` is set).  If any NAT is detected or faked `nat-any` is set.

Closes strongswan/strongswan#16.
---
 src/libcharon/plugins/vici/README.md    |  4 ++++
 src/libcharon/plugins/vici/vici_query.c | 17 +++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index e20e8ab26..51a17e2a4 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -587,6 +587,10 @@ command.
 			initiator = <yes, if initiator of IKE_SA>
 			initiator-spi = <hex encoded initiator SPI / cookie>
 			responder-spi = <hex encoded responder SPI / cookie>
+			nat-local = <yes, if local endpoint is behind a NAT>
+			nat-remote = <yes, if remote endpoint is behind a NAT>
+			nat-fake = <yes, if NAT situation has been faked as responder>
+			nat-any = <yes, if any endpoint is behind a NAT (also if faked)>
 			encr-alg = <IKE encryption algorithm string>
 			encr-keysize = <key size for encr-alg, if applicable>
 			integ-alg = <IKE integrity algorithm string>
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 98d264fca..265a17e52 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -221,6 +221,18 @@ static void list_task_queue(private_vici_query_t *this, vici_builder_t *b,
 	}
 }
 
+/**
+ * Add an IKE_SA condition to the given builder
+ */
+static void add_condition(vici_builder_t *b, ike_sa_t *ike_sa,
+						  char *key, ike_condition_t cond)
+{
+	if (ike_sa->has_condition(ike_sa, cond))
+	{
+		b->add_kv(b, key, "yes");
+	}
+}
+
 /**
  * List details of an IKE_SA
  */
@@ -265,6 +277,11 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
 	b->add_kv(b, "initiator-spi", "%.16"PRIx64, id->get_initiator_spi(id));
 	b->add_kv(b, "responder-spi", "%.16"PRIx64, id->get_responder_spi(id));
 
+	add_condition(b, ike_sa, "nat-local", COND_NAT_HERE);
+	add_condition(b, ike_sa, "nat-remote", COND_NAT_THERE);
+	add_condition(b, ike_sa, "nat-fake", COND_NAT_FAKE);
+	add_condition(b, ike_sa, "nat-any", COND_NAT_ANY);
+
 	proposal = ike_sa->get_proposal(ike_sa);
 	if (proposal)
 	{