ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

removed IKE_SA (%K) and CHILD_SA (%P) printf handlers, 3 more to go

This commit is contained in:
Martin Willi 2007-04-11 12:14:51 +00:00
parent cd08b6880b
commit a3ce4bc214
6 changed files with 258 additions and 288 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

285
src/charon/control/stroke_interface.c
View File

@ -967,8 +967,8 @@ static void stroke_del_ca(private_stroke_interface_t *this,
/**
* show status of daemon
*/
static void stroke_statusall(private_stroke_interface_t *this,
stroke_msg_t *msg, FILE *out)
static void stroke_status(private_stroke_interface_t *this,
stroke_msg_t *msg, FILE *out, bool all)
{
iterator_t *iterator, *children;
linked_list_t *list;
@ -978,26 +978,6 @@ static void stroke_statusall(private_stroke_interface_t *this,
child_cfg_t *child_cfg;
ike_sa_t *ike_sa;
char *name = NULL;
leak_detective_status(out);
fprintf(out, "Performance:\n");
fprintf(out, " worker threads: %d idle of %d,",
charon->thread_pool->get_idle_threads(charon->thread_pool),
charon->thread_pool->get_pool_size(charon->thread_pool));
fprintf(out, " job queue load: %d,",
charon->job_queue->get_count(charon->job_queue));
fprintf(out, " scheduled events: %d\n",
charon->event_queue->get_count(charon->event_queue));
list = charon->kernel_interface->create_address_list(charon->kernel_interface);
fprintf(out, "Listening on %d IP addresses:\n", list->get_count(list));
while (list->remove_first(list, (void**)&host) == SUCCESS)
{
fprintf(out, " %H\n", host);
host->destroy(host);
}
list->destroy(list);
if (msg->status.name)
{
@ -1005,123 +985,200 @@ static void stroke_statusall(private_stroke_interface_t *this,
name = msg->status.name;
}
fprintf(out, "Connections:\n");
iterator = this->backend->create_peer_cfg_iterator(this->backend);
while (iterator->iterate(iterator, (void**)&peer_cfg))
if (all)
{
if (peer_cfg->get_ike_version(peer_cfg) != 2 ||
(name && !streq(name, peer_cfg->get_name(peer_cfg))))
{
continue;
}
ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
fprintf(out, "%12s: %H[%D]...%H[%D]\n", peer_cfg->get_name(peer_cfg),
ike_cfg->get_my_host(ike_cfg), peer_cfg->get_my_id(peer_cfg),
ike_cfg->get_other_host(ike_cfg), peer_cfg->get_other_id(peer_cfg));
children = peer_cfg->create_child_cfg_iterator(peer_cfg);
while (children->iterate(children, (void**)&child_cfg))
{
linked_list_t *my_ts, *other_ts;
my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
fprintf(out, "%12s: %#R=== %#R\n", child_cfg->get_name(child_cfg),
my_ts, other_ts);
my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
}
children->destroy(children);
}
iterator->destroy(iterator);
leak_detective_status(out);
fprintf(out, "Performance:\n");
fprintf(out, " worker threads: %d idle of %d,",
charon->thread_pool->get_idle_threads(charon->thread_pool),
charon->thread_pool->get_pool_size(charon->thread_pool));
fprintf(out, " job queue load: %d,",
charon->job_queue->get_count(charon->job_queue));
fprintf(out, " scheduled events: %d\n",
charon->event_queue->get_count(charon->event_queue));
list = charon->kernel_interface->create_address_list(charon->kernel_interface);
fprintf(out, "Listening on %d IP addresses:\n", list->get_count(list));
while (list->remove_first(list, (void**)&host) == SUCCESS)
{
fprintf(out, " %H\n", host);
host->destroy(host);
}
list->destroy(list);
fprintf(out, "Connections:\n");
iterator = this->backend->create_peer_cfg_iterator(this->backend);
while (iterator->iterate(iterator, (void**)&peer_cfg))
{
if (peer_cfg->get_ike_version(peer_cfg) != 2 ||
(name && !streq(name, peer_cfg->get_name(peer_cfg))))
{
continue;
}
ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
fprintf(out, "%12s: %H[%D]...%H[%D]\n", peer_cfg->get_name(peer_cfg),
ike_cfg->get_my_host(ike_cfg), peer_cfg->get_my_id(peer_cfg),
ike_cfg->get_other_host(ike_cfg), peer_cfg->get_other_id(peer_cfg));
children = peer_cfg->create_child_cfg_iterator(peer_cfg);
while (children->iterate(children, (void**)&child_cfg))
{
linked_list_t *my_ts, *other_ts;
my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
fprintf(out, "%12s: %#R=== %#R\n", child_cfg->get_name(child_cfg),
my_ts, other_ts);
my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
}
children->destroy(children);
}
iterator->destroy(iterator);
}
iterator = charon->ike_sa_manager->create_iterator(charon->ike_sa_manager);
if (iterator->get_count(iterator) > 0)
if (all && iterator->get_count(iterator) > 0)
{
fprintf(out, "Security Associations:\n");
}
while (iterator->iterate(iterator, (void**)&ike_sa))
{
bool ike_sa_printed = FALSE;
bool ike_match = FALSE, ike_printed = FALSE;
child_sa_t *child_sa;
iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa);
/* print IKE_SA */
if (name == NULL || strcmp(name, ike_sa->get_name(ike_sa)) == 0)
if (name == NULL || streq(name, ike_sa->get_name(ike_sa)))
{
fprintf(out, "%#K\n", ike_sa);
ike_sa_printed = TRUE;
ike_match = TRUE;
}
while (children->iterate(children, (void**)&child_sa))
{
bool child_sa_match = name == NULL ||
strcmp(name, child_sa->get_name(child_sa)) == 0;
/* print IKE_SA if its name differs from the CHILD_SA's name */
if (!ike_sa_printed && child_sa_match)
bool child_match = FALSE;
if (name == NULL || streq(name, child_sa->get_name(child_sa)))
{
fprintf(out, "%#K\n", ike_sa);
ike_sa_printed = TRUE;
child_match = TRUE;
}
/* print CHILD_SA */
if (child_sa_match)
if ((child_match || ike_match) && !ike_printed)
{
fprintf(out, "%#P\n", child_sa);
}
}
children->destroy(children);
}
iterator->destroy(iterator);
}
peer_cfg_t *cfg = ike_sa->get_peer_cfg(ike_sa);
u_int32_t next;
/**
* show status of daemon
*/
static void stroke_status(private_stroke_interface_t *this,
stroke_msg_t *msg, FILE *out)
{
iterator_t *iterator;
ike_sa_t *ike_sa;
char *name = NULL;
fprintf(out, "%12s[%d]: %N, %H[%D]...%H[%D]\n",
ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
ike_sa_state_names, ike_sa->get_state(ike_sa),
ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa),
ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa));
if (all)
{
fprintf(out, "%12s[%d]: IKE SPIs: %J, ",
ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
ike_sa->get_id(ike_sa));
ike_sa->get_stats(ike_sa, &next);
if (next)
{
fprintf(out, "%s in %ds\n", cfg->use_reauth(cfg) ?
"reauthentication" : "rekeying", next - time(NULL));
}
else
{
fprintf(out, "rekeying disabled");
}
}
if (msg->status.name)
{
pop_string(msg, &(msg->status.name));
name = msg->status.name;
}
iterator = charon->ike_sa_manager->create_iterator(charon->ike_sa_manager);
while (iterator->iterate(iterator, (void**)&ike_sa))
{
bool ike_sa_printed = FALSE;
child_sa_t *child_sa;
iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa);
/* print IKE_SA */
if (name == NULL || strcmp(name, ike_sa->get_name(ike_sa)) == 0)
{
fprintf(out, "%K\n", ike_sa);
ike_sa_printed = TRUE;
}
while (children->iterate(children, (void**)&child_sa))
{
bool child_sa_match = name == NULL ||
strcmp(name, child_sa->get_name(child_sa)) == 0;
/* print IKE_SA if its name differs from the CHILD_SA's name */
if (!ike_sa_printed && child_sa_match)
{
fprintf(out, "%K\n", ike_sa);
ike_sa_printed = TRUE;
ike_printed = TRUE;
}
/* print CHILD_SA */
if (child_sa_match)
if (child_match)
{
fprintf(out, "%P\n", child_sa);
u_int32_t now, rekey;
u_int32_t use_in, use_out, use_fwd;
encryption_algorithm_t encr_alg;
integrity_algorithm_t int_alg;
size_t encr_len, int_len;
mode_t mode;
now = time(NULL);
child_sa->get_stats(child_sa, &mode, &encr_alg, &encr_len,
&int_alg, &int_len, &rekey, &use_in, &use_out,
&use_fwd);
fprintf(out, "%12s{%d}: %N, %N",
child_sa->get_name(child_sa), child_sa->get_reqid(child_sa),
child_sa_state_names, child_sa->get_state(child_sa),
mode_names, mode);
if (child_sa->get_state(child_sa) == CHILD_INSTALLED)
{
fprintf(out, ", %N SPIs: 0x%0x_i 0x%0x_o",
protocol_id_names, child_sa->get_protocol(child_sa),
htonl(child_sa->get_spi(child_sa, TRUE)),
htonl(child_sa->get_spi(child_sa, FALSE)));
if (all)
{
fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa),
child_sa->get_reqid(child_sa));
if (child_sa->get_protocol(child_sa) == PROTO_ESP)
{
fprintf(out, "%N", encryption_algorithm_names, encr_alg);
if (encr_len)
{
fprintf(out, "-%d", encr_len);
}
fprintf(out, "/");
}
fprintf(out, "%N", integrity_algorithm_names, int_alg);
if (int_len)
{
fprintf(out, "-%d", int_len);
}
fprintf(out, ", rekeying ");
if (rekey)
{
fprintf(out, "in %ds", rekey - now);
}
else
{
fprintf(out, "disabled");
}
fprintf(out, ", last use: ");
use_in = max(use_in, use_fwd);
if (use_in)
{
fprintf(out, "%ds_i ", now - use_in);
}
else
{
fprintf(out, "no_i ");
}
if (use_out)
{
fprintf(out, "%ds_o ", now - use_out);
}
else
{
fprintf(out, "no_o ");
}
}
}
fprintf(out, "\n%12s{%d}: %#R=== %#R\n",
child_sa->get_name(child_sa), child_sa->get_reqid(child_sa),
child_sa->get_traffic_selectors(child_sa, TRUE),
child_sa->get_traffic_selectors(child_sa, FALSE));
}
}
children->destroy(children);
@ -1392,10 +1449,10 @@ static void stroke_process(private_stroke_interface_t *this, int strokefd)
stroke_terminate(this, msg, out);
break;
case STR_STATUS:
stroke_status(this, msg, out);
stroke_status(this, msg, out, FALSE);
break;
case STR_STATUS_ALL:
stroke_statusall(this, msg, out);
stroke_status(this, msg, out, TRUE);
break;
case STR_ADD_CONN:
stroke_add_conn(this, msg, out);

170
src/charon/sa/child_sa.c
View File

@ -27,7 +27,6 @@
#include <stdio.h>
#include <string.h>
#include <printf.h>
#include <daemon.h>
@ -211,6 +210,52 @@ static child_cfg_t* get_config(private_child_sa_t *this)
return this->config;
}
/**
* Implementation of child_sa_t.get_stats.
*/
static void get_stats(private_child_sa_t *this, mode_t *mode,
encryption_algorithm_t *encr_algo, size_t *encr_len,
integrity_algorithm_t *int_algo, size_t *int_len,
u_int32_t *rekey, u_int32_t *use_in, u_int32_t *use_out,
u_int32_t *use_fwd)
{
sa_policy_t *policy;
iterator_t *iterator;
u_int32_t in = 0, out = 0, fwd = 0, time;
iterator = this->policies->create_iterator(this->policies, TRUE);
while (iterator->iterate(iterator, (void**)&policy))
{
if (charon->kernel_interface->query_policy(charon->kernel_interface,
policy->other_ts, policy->my_ts, POLICY_IN, &time) == SUCCESS)
{
in = max(in, time);
}
if (charon->kernel_interface->query_policy(charon->kernel_interface,
policy->my_ts, policy->other_ts, POLICY_OUT, &time) == SUCCESS)
{
out = max(out, time);
}
if (charon->kernel_interface->query_policy(charon->kernel_interface,
policy->other_ts, policy->my_ts, POLICY_FWD, &time) == SUCCESS)
{
fwd = max(fwd, time);
}
}
iterator->destroy(iterator);
*mode = this->mode;
*encr_algo = this->encryption.algorithm;
*encr_len = this->encryption.key_size;
*int_algo = this->integrity.algorithm;
*int_len = this->integrity.key_size;
*rekey = this->rekey_time;
*use_in = in;
*use_out = out;
*use_fwd = fwd;
}
/**
* Run the up/down script
*/
@ -542,7 +587,7 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal,
this->encryption = *enc_algo;
this->integrity = *int_algo;
this->install_time = time(NULL);
this->rekey_time = soft;
this->rekey_time = this->install_time + soft;
return status;
}
@ -736,126 +781,6 @@ static status_t get_use_time(private_child_sa_t *this, bool inbound, time_t *use
return status;
}
/**
* output handler in printf()
*/
static int print(FILE *stream, const struct printf_info *info,
const void *const *args)
{
private_child_sa_t *this = *((private_child_sa_t**)(args[0]));
iterator_t *iterator;
sa_policy_t *policy;
u_int32_t now, rekeying;
u_int32_t use, use_in, use_fwd;
status_t status;
size_t written = 0;
if (this == NULL)
{
return fprintf(stream, "(null)");
}
now = time(NULL);
written += fprintf(stream, "%12s{%d}: %N, %N",
this->config->get_name(this->config), this->reqid,
child_sa_state_names, this->state,
mode_names, this->mode);
if (this->state == CHILD_INSTALLED)
{
written += fprintf(stream, ", %N SPIs: 0x%0x_i 0x%0x_o",
protocol_id_names, this->protocol,
htonl(this->me.spi), htonl(this->other.spi));
if (info->alt)
{
written += fprintf(stream, "\n%12s{%d}: ",
this->config->get_name(this->config),
this->reqid);
if (this->protocol == PROTO_ESP)
{
written += fprintf(stream, "%N", encryption_algorithm_names,
this->encryption.algorithm);
if (this->encryption.key_size)
{
written += fprintf(stream, "-%d", this->encryption.key_size);
}
written += fprintf(stream, "/");
}
written += fprintf(stream, "%N", integrity_algorithm_names,
this->integrity.algorithm);
if (this->integrity.key_size)
{
written += fprintf(stream, "-%d", this->integrity.key_size);
}
written += fprintf(stream, ", rekeying ");
/* calculate rekey times */
if (this->rekey_time)
{
rekeying = this->install_time + this->rekey_time - now;
written += fprintf(stream, "in %ds", rekeying);
}
else
{
written += fprintf(stream, "disabled");
}
}
}
iterator = this->policies->create_iterator(this->policies, TRUE);
while (iterator->iterate(iterator, (void**)&policy))
{
written += fprintf(stream, "\n%12s{%d}: %R===%R, last use: ",
this->config->get_name(this->config), this->reqid,
policy->my_ts, policy->other_ts);
/* query time of last policy use */
/* inbound: POLICY_IN or POLICY_FWD */
status = charon->kernel_interface->query_policy(charon->kernel_interface,
policy->other_ts, policy->my_ts, POLICY_IN, &use_in);
use_in = (status == SUCCESS)? use_in : 0;
status = charon->kernel_interface->query_policy(charon->kernel_interface,
policy->other_ts, policy->my_ts, POLICY_FWD, &use_fwd);
use_fwd = (status == SUCCESS)? use_fwd : 0;
use = max(use_in, use_fwd);
if (use)
{
written += fprintf(stream, "%ds_i ", now - use);
}
else
{
written += fprintf(stream, "no_i ");
}
/* outbound: POLICY_OUT */
status = charon->kernel_interface->query_policy(charon->kernel_interface,
policy->my_ts, policy->other_ts, POLICY_OUT, &use);
if (status == SUCCESS && use)
{
written += fprintf(stream, "%ds_o ", now - use);
}
else
{
written += fprintf(stream, "no_o ");
}
}
iterator->destroy(iterator);
return written;
}
/**
* register printf() handlers
*/
static void __attribute__ ((constructor))print_register()
{
register_printf_function(PRINTF_CHILD_SA, print, arginfo_ptr);
}
/**
* Update the host adress/port of a SA
*/
@ -1082,6 +1007,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
this->public.get_reqid = (u_int32_t(*)(child_sa_t*))get_reqid;
this->public.get_spi = (u_int32_t(*)(child_sa_t*, bool))get_spi;
this->public.get_protocol = (protocol_id_t(*)(child_sa_t*))get_protocol;
this->public.get_stats = (void(*)(child_sa_t*, mode_t*,encryption_algorithm_t*,size_t*,integrity_algorithm_t*,size_t*,u_int32_t*,u_int32_t*,u_int32_t*,u_int32_t*))get_stats;
this->public.alloc = (status_t(*)(child_sa_t*,linked_list_t*))alloc;
this->public.add = (status_t(*)(child_sa_t*,proposal_t*,mode_t,prf_plus_t*))add;
this->public.update = (status_t(*)(child_sa_t*,proposal_t*,mode_t,prf_plus_t*))update;

19
src/charon/sa/child_sa.h
View File

@ -140,6 +140,25 @@ struct child_sa_t {
*/
protocol_id_t (*get_protocol) (child_sa_t *this);
/**
* @brief Get info and statistics about this CHILD_SA.
*
* @param mode mode this IKE_SA uses
* @param encr_algo encryption algorithm used by this CHILD_SA.
* @param encr_len key length of the algorithm, if any
* @param int_algo integrity algorithm used by this CHILD_SA
* @param int_len key length of the algorithm, if any
* @param rekey time when rekeying is scheduled
* @param use_in time when last traffic was seen coming in
* @param use_out time when last traffic was seen going out
* @param use_fwd time when last traffic was getting forwarded
*/
void (*get_stats)(child_sa_t *this, mode_t *mode,
encryption_algorithm_t *encr, size_t *encr_len,
integrity_algorithm_t *int_algo, size_t *int_len,
u_int32_t *rekey, u_int32_t *use_in, u_int32_t *use_out,
u_int32_t *use_fwd);
/**
* @brief Allocate SPIs for given proposals.
*

61
src/charon/sa/ike_sa.c
View File

@ -280,6 +280,18 @@ static char *get_name(private_ike_sa_t *this)
return "(unnamed)";
}
/**
* Implementation of ike_sa_t.get_stats.
*/
static void get_stats(private_ike_sa_t *this, u_int32_t *next_rekeying)
{
if (next_rekeying)
{
*next_rekeying = this->time.rekey;
}
}
/**
* Implementation of ike_sa_t.get_my_host.
*/
@ -1807,54 +1819,6 @@ static void add_dns_server(private_ike_sa_t *this, host_t *dns)
fclose(file);
}
/**
* output handler in printf()
*/
static int print(FILE *stream, const struct printf_info *info,
const void *const *args)
{
int written = 0;
bool reauth = FALSE;
private_ike_sa_t *this = *((private_ike_sa_t**)(args[0]));
if (this->peer_cfg)
{
reauth = this->peer_cfg->use_reauth(this->peer_cfg);
}
if (this == NULL)
{
return fprintf(stream, "(null)");
}
written = fprintf(stream, "%12s[%d]: %N, %H[%D]...%H[%D]", get_name(this),
this->unique_id, ike_sa_state_names, this->state,
this->my_host, this->my_id, this->other_host,
this->other_id);
if (this->time.rekey)
{
written += fprintf(stream, "\n%12s[%d]: IKE SPIs: %J, %s in %ds",
get_name(this), this->unique_id, this->ike_sa_id,
reauth ? "reauthentication" : "rekeying",
this->time.rekey - time(NULL));
}
else
{
written += fprintf(stream, "\n%12s[%d]: IKE SPIs: %J, rekeying disabled",
get_name(this), this->unique_id, this->ike_sa_id);
}
return written;
}
/**
* register printf() handlers
*/
static void __attribute__ ((constructor))print_register()
{
register_printf_function(PRINTF_IKE_SA, print, arginfo_ptr);
}
/**
* Implementation of ike_sa_t.destroy.
*/
@ -1906,6 +1870,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
/* Public functions */
this->public.get_state = (ike_sa_state_t(*)(ike_sa_t*)) get_state;
this->public.set_state = (void(*)(ike_sa_t*,ike_sa_state_t)) set_state;
this->public.get_stats = (void(*)(ike_sa_t*,u_int32_t*))get_stats;
this->public.get_name = (char*(*)(ike_sa_t*))get_name;
this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
this->public.initiate = (status_t(*)(ike_sa_t*,child_cfg_t*)) initiate;

7
src/charon/sa/ike_sa.h
View File

@ -183,6 +183,13 @@ struct ike_sa_t {
*/
ike_sa_state_t (*get_state) (ike_sa_t *this);
/**
* @brief Get some statistics about this IKE_SA.
*
* @param next_rekeying when the next rekeying is scheduled
*/
void (*get_stats)(ike_sa_t *this, u_int32_t *next_rekeying);
/**
* @brief Set the state of the IKE_SA.
*

4
src/libstrongswan/printf_hook.h
View File

@ -41,12 +41,8 @@
/** 1 argument: ike_sa_id_t *id */
#define PRINTF_IKE_SA_ID 'J'
/** 1 argument: ike_sa_t *ike_sa */
#define PRINTF_IKE_SA 'K'
/** 1 argument: message_t *message */
#define PRINTF_ENUM 'N'
/** 1 argument: child_sa_t *child_sa */
#define PRINTF_CHILD_SA 'P'
/** 1 argument: traffic_selector_t *ts */
#define PRINTF_TRAFFIC_SELECTOR 'R'
/** 1 argument: time_t *time; with #-modifier 2 arguments: time_t *time, bool utc */
#define PRINTF_TIME 'T'