Tobias Brunner
7f94528061
vici: Make PPK related options configurable
2018-09-10 18:03:02 +02:00
Tobias Brunner
84cdfbc9bc
child-cfg: Allow suppressing log messages when selecting traffic selectors
...
Although being already logged on level 2, these messages are usually just
confusing if they pop up randomly in the log when e.g. querying the configs
or installing traps. So after this the log messages will only be logged when
actually proposing or selecting traffic selectors during IKE.
2018-06-28 18:46:42 +02:00
Andreas Steffen
ef4a63524f
vici: list cert_policy parameter
2018-06-22 10:39:40 +02:00
Tobias Brunner
fb545dd34d
vici: Also return close action
2018-02-16 09:55:22 +01:00
Andreas Steffen
4eaf08c35b
vici: list-conn reports DPD settings and swanctl displays them
2018-02-15 16:28:06 +01:00
Tobias Brunner
fdf33b0f1c
vici: Add 'get|reset-counters' commands
2017-11-08 16:28:28 +01:00
Tobias Brunner
749ac175fa
child-cfg: Use flags for boolean options
...
Makes it potentially easier to add new flags.
2017-05-23 16:51:15 +02:00
Tobias Brunner
ec5f127a45
vici: Include uniqueness policy in list-conns
2017-02-16 19:24:09 +01:00
Tobias Brunner
04c0219e55
vici: Use unique names for CHILD_SAs in the list-sas command
...
The original name is returned in the new "name" attribute.
This fixes an issue with bindings that map VICI messages to
dictionaries. For instance, in roadwarrior scenarios where every
CHILD_SA has the same name only the information of the last CHILD_SA
would end up in the dictionary for that name.
2017-02-16 19:24:08 +01:00
Tobias Brunner
b657740e16
vici: List namespace/peer-cfg name with policies and allow filtering
...
The two names are also transmitted in separate keys.
2017-02-16 19:24:07 +01:00
Tobias Brunner
7a0fdbab42
shunt-manager: Add an optional namespace for each shunt
...
This will allow us to reuse the names of child configs e.g. when they
are defined in different connections.
2017-02-16 19:24:07 +01:00
Tobias Brunner
3bedf10b25
vici: Add support for IPv6 Transport Proxy Mode
2017-02-16 19:23:50 +01:00
Martin Willi
0b4e539cb3
vici: Include the Netfilter marks in listed CHILD_SAs
2017-02-13 15:11:20 +01:00
Andreas Steffen
04208ac5d4
xof: Defined Extended Output Functions
2016-07-29 12:36:14 +02:00
Andreas Steffen
b1df631212
vici list-conns sends reauthentication and rekeying time information
2016-05-04 18:13:52 +02:00
Andreas Steffen
e9704e90cf
Include manual policy priorities and restriction to interfaces in vici list-conn command
2016-04-09 16:51:02 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
e32504352d
vici: Correctly return IKE SPIs stored in network order
2016-03-04 18:43:26 +01:00
Tobias Brunner
35d0b8b152
vici: Provide ports of local and remote IKE endpoints
2016-03-03 17:13:35 +01:00
Andreas Steffen
4c38c79452
vici: list-cert sends subject, not-before and not-after attributes for pubkeys
2016-01-09 07:23:30 +01:00
Andreas Steffen
9121f6cce1
vici: Enable transport encoding of CERT_TRUSTED_PUBKEY objects
2016-01-03 06:28:49 +01:00
Tobias Brunner
a1dfbb7557
vici: Use correct constant when checking for integrity algorithm
...
Currently both have the value 1024 so no real harm done.
2015-12-21 12:14:12 +01:00
Tobias Brunner
ade20d06c6
vici: CHILD_SA proposals never contain a PRF
2015-12-21 12:14:12 +01:00
Andreas Steffen
92b051bd4a
vici: allow legacy shortcuts in cert queries
2015-12-19 10:30:17 +01:00
Andreas Steffen
02d431022c
Refactored certificate management for the vici and stroke interfaces
2015-12-12 00:19:24 +01:00
Andreas Steffen
334119b843
Share vici_cert_info.c with vici_cred.c
2015-12-11 18:26:55 +01:00
Andreas Steffen
fad851e2d3
Use VICI 2.0 protocol version for certificate queries
2015-12-11 18:26:54 +01:00
Andreas Steffen
5d909303d8
Sort certificate types during enumeration
2015-12-11 18:26:54 +01:00
Tobias Brunner
74270c8c86
vici: Don't report memory usage via leak-detective
...
This slowed down the `swanctl --stats` calls in the test scenarios
significantly, with not much added value.
2015-12-11 18:26:53 +01:00
Tobias Brunner
de34defcd0
vici: Add get-algorithms command to query loaded algorithms and implementations
2015-11-30 10:55:55 +01:00
Tobias Brunner
bdb8b76515
vici: Return local and remote virtual IPs when listing SAs
2015-11-10 10:43:24 +01:00
Tobias Brunner
04f22cdabc
vici: Add NAT information when listing IKE_SAs
...
The `nat-local` and `nat-remote` keys contain information on the NAT
status of the local and remote IKE endpoints, respectively. If a
responder did not detect a NAT but is configured to fake a NAT situation
this is indicated by `nat-fake` (if an initiator fakes a NAT situation
`nat-local` is set). If any NAT is detected or faked `nat-any` is set.
Closes strongswan/strongswan#16 .
2015-11-09 11:55:51 +01:00
Tobias Brunner
735f929ca7
ike: Only consider number of half-open SAs as responder when deciding whether COOKIEs are sent
2015-08-27 11:18:51 +02:00
Tobias Brunner
65ac0851c0
vici: Add ike/child-rekey events
2015-08-17 11:12:17 +02:00
Tobias Brunner
22842cce0d
vici: Don't include a child-sas section in ike-updown event
...
This makes it clearer that only the data concerning the IKE_SA is
transmitted (there could be CHILD_SAs e.g. during IKEv1
reauthentication).
2015-08-17 11:12:17 +02:00
Tobias Brunner
085b8f4fb0
vici: Explicitly notify listeners of the type of ike/child-updown event
2015-08-17 11:12:12 +02:00
Timo Teräs
a7e4a2d6c2
vici: Add support for ike_sa and child_sa updown notifications
...
Useful for monitoring and management purposes.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2015-05-04 13:38:39 +02:00
Tobias Brunner
70728eb1b6
child-sa: Add a new state to track rekeyed IKEv1 CHILD_SAs
...
This is needed to handle DELETEs properly, which was previously done via
CHILD_REKEYING, which we don't use anymore since 5c6a62ceb6
as it prevents
reauthentication.
2015-03-25 12:00:20 +01:00
Martin Willi
94bb26fae3
vici: Return authentication rounds with unique names
...
To simplify handling of authentication rounds in dictionaries/hashtables on the
client side, we assign unique names to each authentication round when listing
connection.
2015-03-18 13:59:14 +01:00
Tobias Brunner
6d41927b42
vici: Use %u to print stats returned by mallinfo(3)
...
Fixes #886 .
2015-03-13 15:26:01 +01:00
Martin Willi
adc1885bf7
vici: Include the CHILD_SA unique ID in list-sa event
2015-02-20 13:34:50 +01:00
Martin Willi
5885ec2a27
vici: Support memory stats without leak-detective on Windows
2014-06-17 17:55:45 +02:00
Martin Willi
65689ce76a
vici: Add a stats command returning various daemon infos and statistics
2014-06-17 17:55:45 +02:00
Martin Willi
dfb23fa159
vici: Add Windows support
2014-06-04 15:53:12 +02:00
Martin Willi
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
Martin Willi
0963a9952c
vici: Don't compare unsigned certificate_type_t to -1
2014-05-07 14:13:37 +02:00
Martin Willi
101dba01ce
vici: Add a list-certs command to query different certificate types
2014-05-07 14:13:37 +02:00
Martin Willi
b57739f721
vici: Support pinning end entity and CA certificates to connections
2014-05-07 14:13:37 +02:00
Martin Willi
e6e975ff9d
vici: Support missing groups option in auth config
2014-05-07 14:13:37 +02:00
Martin Willi
e1b65630b2
vici: Add a command listing all or specific loaded connections using events
2014-05-07 14:13:36 +02:00