ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

vici: Explicitly use peer name when uninstalling trap and shunt policies 

Also adds an `ike` parameter to the `uninstall` command.
This commit is contained in:
Tobias Brunner 2016-11-16 18:13:59 +01:00
parent 02767e4309
commit 7627f5f9c7
3 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libcharon/plugins/vici/README.md
View File

@ -312,7 +312,7 @@ Install a trap, drop or bypass policy defined by a CHILD_SA config.
{
child = <CHILD_SA configuration name to install>
ike = <optional IKE_SA configuraiton name to find child under>
ike = <optional IKE_SA configuration name to find child under>
} => {
success = <yes or no>
errmsg = <error string on failure>
@ -324,6 +324,8 @@ Uninstall a trap, drop or bypass policy defined by a CHILD_SA config.
{
child = <CHILD_SA configuration name to install>
ike = <optional IKE_SA configuration name to find child under,
if not given the first policy matching child is removed>
} => {
success = <yes or no>
errmsg = <error string on failure>

12
src/libcharon/plugins/vici/vici_config.c
View File

@ -1757,7 +1757,8 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
{
case MODE_PASS:
case MODE_DROP:
charon->shunts->install(charon->shunts, NULL, child_cfg);
charon->shunts->install(charon->shunts,
peer_cfg->get_name(peer_cfg), child_cfg);
break;
default:
charon->traps->install(charon->traps, peer_cfg, child_cfg,
@ -1778,6 +1779,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
{
enumerator_t *enumerator, *children;
child_sa_t *child_sa;
peer_cfg_t *peer_cfg;
ike_sa_t *ike_sa;
uint32_t id = 0, others;
array_t *ids = NULL, *ikeids = NULL;
@ -1865,13 +1867,15 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
{
case MODE_PASS:
case MODE_DROP:
charon->shunts->uninstall(charon->shunts, NULL, name);
charon->shunts->uninstall(charon->shunts, peer_name, name);
break;
default:
enumerator = charon->traps->create_enumerator(charon->traps);
while (enumerator->enumerate(enumerator, NULL, &child_sa))
while (enumerator->enumerate(enumerator, &peer_cfg,
&child_sa))
{
if (streq(name, child_sa->get_name(child_sa)))
if (streq(peer_name, peer_cfg->get_name(peer_cfg)) &&
streq(name, child_sa->get_name(child_sa)))
{
id = child_sa->get_reqid(child_sa);
break;

34
src/libcharon/plugins/vici/vici_control.c
View File

@ -565,7 +565,8 @@ CALLBACK(install, vici_message_t*,
{
case MODE_PASS:
case MODE_DROP:
ok = charon->shunts->install(charon->shunts, NULL, child_cfg);
ok = charon->shunts->install(charon->shunts,
peer_cfg->get_name(peer_cfg), child_cfg);
break;
default:
ok = charon->traps->install(charon->traps, peer_cfg, child_cfg,
@ -581,12 +582,15 @@ CALLBACK(install, vici_message_t*,
CALLBACK(uninstall, vici_message_t*,
private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
{
peer_cfg_t *peer_cfg;
child_cfg_t *child_cfg;
child_sa_t *child_sa;
enumerator_t *enumerator;
uint32_t reqid = 0;
char *child;
char *child, *ike, *ns;
child = request->get_str(request, NULL, "child");
ike = request->get_str(request, NULL, "ike");
if (!child)
{
return send_reply(this, "missing configuration name");
@ -594,15 +598,35 @@ CALLBACK(uninstall, vici_message_t*,
DBG1(DBG_CFG, "vici uninstall '%s'", child);
if (charon->shunts->uninstall(charon->shunts, NULL, child))
if (!ike)
{
enumerator = charon->shunts->create_enumerator(charon->shunts);
while (enumerator->enumerate(enumerator, &ns, &child_cfg))
{
if (ns && streq(child, child_cfg->get_name(child_cfg)))
{
ike = strdup(ns);
break;
}
}
enumerator->destroy(enumerator);
if (ike && charon->shunts->uninstall(charon->shunts, ike, child))
{
free(ike);
return send_reply(this, NULL);
}
free(ike);
}
else if (charon->shunts->uninstall(charon->shunts, ike, child))
{
return send_reply(this, NULL);
}
enumerator = charon->traps->create_enumerator(charon->traps);
while (enumerator->enumerate(enumerator, NULL, &child_sa))
while (enumerator->enumerate(enumerator, &peer_cfg, &child_sa))
{
if (streq(child, child_sa->get_name(child_sa)))
if ((!ike || streq(ike, peer_cfg->get_name(peer_cfg))) &&
streq(child, child_sa->get_name(child_sa)))
{
reqid = child_sa->get_reqid(child_sa);
break;