vici: Add NAT information when listing IKE_SAs
The `nat-local` and `nat-remote` keys contain information on the NAT status of the local and remote IKE endpoints, respectively. If a responder did not detect a NAT but is configured to fake a NAT situation this is indicated by `nat-fake` (if an initiator fakes a NAT situation `nat-local` is set). If any NAT is detected or faked `nat-any` is set. Closes strongswan/strongswan#16.
This commit is contained in:
parent
4fc0a9d40b
commit
04f22cdabc
|
@ -587,6 +587,10 @@ command.
|
|||
initiator = <yes, if initiator of IKE_SA>
|
||||
initiator-spi = <hex encoded initiator SPI / cookie>
|
||||
responder-spi = <hex encoded responder SPI / cookie>
|
||||
nat-local = <yes, if local endpoint is behind a NAT>
|
||||
nat-remote = <yes, if remote endpoint is behind a NAT>
|
||||
nat-fake = <yes, if NAT situation has been faked as responder>
|
||||
nat-any = <yes, if any endpoint is behind a NAT (also if faked)>
|
||||
encr-alg = <IKE encryption algorithm string>
|
||||
encr-keysize = <key size for encr-alg, if applicable>
|
||||
integ-alg = <IKE integrity algorithm string>
|
||||
|
|
|
@ -221,6 +221,18 @@ static void list_task_queue(private_vici_query_t *this, vici_builder_t *b,
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Add an IKE_SA condition to the given builder
|
||||
*/
|
||||
static void add_condition(vici_builder_t *b, ike_sa_t *ike_sa,
|
||||
char *key, ike_condition_t cond)
|
||||
{
|
||||
if (ike_sa->has_condition(ike_sa, cond))
|
||||
{
|
||||
b->add_kv(b, key, "yes");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* List details of an IKE_SA
|
||||
*/
|
||||
|
@ -265,6 +277,11 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
|
|||
b->add_kv(b, "initiator-spi", "%.16"PRIx64, id->get_initiator_spi(id));
|
||||
b->add_kv(b, "responder-spi", "%.16"PRIx64, id->get_responder_spi(id));
|
||||
|
||||
add_condition(b, ike_sa, "nat-local", COND_NAT_HERE);
|
||||
add_condition(b, ike_sa, "nat-remote", COND_NAT_THERE);
|
||||
add_condition(b, ike_sa, "nat-fake", COND_NAT_FAKE);
|
||||
add_condition(b, ike_sa, "nat-any", COND_NAT_ANY);
|
||||
|
||||
proposal = ike_sa->get_proposal(ike_sa);
|
||||
if (proposal)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue