swanctl: Add --rekey command

diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
index 9ca759ea3faf5c7e84098d78a23f7af880b62060..2fc998262b034efb1a88c69736ed45c3bb49104c 100644 (file)
--- a/src/swanctl/Makefile.am
+++ b/src/swanctl/Makefile.am
@@ -4,6 +4,7 @@ swanctl_SOURCES = \
        command.c command.h \
        commands/initiate.c \
        commands/terminate.c \
+       commands/rekey.c \
        commands/redirect.c \
        commands/install.c \
        commands/list_sas.c \

diff --git a/src/swanctl/command.h b/src/swanctl/command.h
index 7b92ae91a363f8e06d7c1229c6520eab87260215..c17811498ce2dbc162d42833cf31e48c206a09aa 100644 (file)
--- a/src/swanctl/command.h
+++ b/src/swanctl/command.h
@@ -27,7 +27,7 @@
 /**
  * Maximum number of commands (+1).
  */
-#define MAX_COMMANDS 24
+#define MAX_COMMANDS 25
 
 /**
  * Maximum number of options in a command (+3)

diff --git a/src/swanctl/commands/rekey.c b/src/swanctl/commands/rekey.c
new file mode 100644 (file)
index 0000000..47a3136
--- /dev/null
+++ b/src/swanctl/commands/rekey.c
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+#include <errno.h>
+
+static int rekey(vici_conn_t *conn)
+{
+       vici_req_t *req;
+       vici_res_t *res;
+       command_format_options_t format = COMMAND_FORMAT_NONE;
+       char *arg, *child = NULL, *ike = NULL;
+       int ret = 0, child_id = 0, ike_id = 0;
+
+       while (TRUE)
+       {
+               switch (command_getopt(&arg))
+               {
+                       case 'h':
+                               return command_usage(NULL);
+                       case 'P':
+                               format |= COMMAND_FORMAT_PRETTY;
+                               /* fall through to raw */
+                       case 'r':
+                               format |= COMMAND_FORMAT_RAW;
+                               continue;
+                       case 'c':
+                               child = arg;
+                               continue;
+                       case 'i':
+                               ike = arg;
+                               continue;
+                       case 'C':
+                               child_id = atoi(arg);
+                               continue;
+                       case 'I':
+                               ike_id = atoi(arg);
+                               continue;
+                       case EOF:
+                               break;
+                       default:
+                               return command_usage("invalid --rekey option");
+               }
+               break;
+       }
+
+       req = vici_begin("rekey");
+       if (child)
+       {
+               vici_add_key_valuef(req, "child", "%s", child);
+       }
+       if (ike)
+       {
+               vici_add_key_valuef(req, "ike", "%s", ike);
+       }
+       if (child_id)
+       {
+               vici_add_key_valuef(req, "child-id", "%d", child_id);
+       }
+       if (ike_id)
+       {
+               vici_add_key_valuef(req, "ike-id", "%d", ike_id);
+       }
+       res = vici_submit(req, conn);
+       if (!res)
+       {
+               ret = errno;
+               fprintf(stderr, "rekey request failed: %s\n", strerror(errno));
+               return ret;
+       }
+       if (format & COMMAND_FORMAT_RAW)
+       {
+               vici_dump(res, "rekey reply", format & COMMAND_FORMAT_PRETTY,
+                                 stdout);
+       }
+       else
+       {
+               if (streq(vici_find_str(res, "no", "success"), "yes"))
+               {
+                       printf("rekey completed successfully\n");
+               }
+               else
+               {
+                       fprintf(stderr, "rekey failed: %s\n",
+                                       vici_find_str(res, "", "errmsg"));
+                       ret = 1;
+               }
+       }
+       vici_free_res(res);
+       return ret;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+       command_register((command_t) {
+               rekey, 'R', "rekey", "rekey an SA",
+               {"--child <name> | --ike <name | --child-id <id> | --ike-id <id>",
+                "[--raw|--pretty]"},
+               {
+                       {"help",                'h', 0, "show usage information"},
+                       {"child",               'c', 1, "rekey by CHILD_SA name"},
+                       {"ike",                 'i', 1, "rekey by IKE_SA name"},
+                       {"child-id",    'C', 1, "rekey by CHILD_SA unique identifier"},
+                       {"ike-id",              'I', 1, "rekey by IKE_SA unique identifier"},
+                       {"raw",                 'r', 0, "dump raw response message"},
+                       {"pretty",              'P', 0, "dump raw response message in pretty print"},
+               }
+       });
+}

diff --git a/src/swanctl/swanctl.8.in b/src/swanctl/swanctl.8.in
index 9c5a5a03d3c306b6592888a3f28eaa790c59f9f9..391fe486f2bc55261fa370df2b2852f05f24d7a5 100644 (file)
--- a/src/swanctl/swanctl.8.in
+++ b/src/swanctl/swanctl.8.in
@@ -40,6 +40,9 @@ initiate a connection
 .B "\-t, \-\-terminate"
 terminate a connection
 .TP
+.B "\-R, \-\-rekey"
+rekey an SA
+.TP
 .B "\-d, \-\-redirect"
 redirect an IKE_SA
 .TP