Add negotiated cipher to status file format 2 and 3

With NCP turned off, this will still display the cipher used.

Trac: #814

Signed-off-by: Gert van Dijk <gert@gertvandijk.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20171111161122.30087-2-gert@gertvandijk.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15817.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 6c74b81e0081ddc72a038ad6655a90ecc6d9a1d0..4114f40885bd41942c88c2d39466b91af237aa04 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2485,7 +2485,7 @@ Connected Since.
 .B 2
 \-\- a more reliable format for external processing. Compared to version 1, the
 client list contains some additional fields: Virtual Address, Virtual IPv6
-Address, Username, Client ID, Peer ID.
+Address, Username, Client ID, Peer ID, Data Channel Cipher.
 Future versions may extend the number of fields.
 .br
 .B 3

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 6a72a1dcc13bde8da1cd2d76c7c833516f1406dd..3da8c110dcc7d6cdc9f83ffb33c29581a246fa3a 100644 (file)
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -50,6 +50,8 @@
 #include "forward-inline.h"
 #include "pf-inline.h"
 
+#include "crypto_backend.h"
+
 /*#define MULTI_DEBUG_EVENT_LOOP*/
 
 #ifdef MULTI_DEBUG_EVENT_LOOP
@@ -940,8 +942,8 @@ multi_print_status(struct multi_context *m, struct status_output *so, const int
              */
             status_printf(so, "TITLE%c%s", sep, title_string);
             status_printf(so, "TIME%c%s%c%u", sep, time_string(now, 0, false, &gc_top), sep, (unsigned int)now);
-            status_printf(so, "HEADER%cCLIENT_LIST%cCommon Name%cReal Address%cVirtual Address%cVirtual IPv6 Address%cBytes Received%cBytes Sent%cConnected Since%cConnected Since (time_t)%cUsername%cClient ID%cPeer ID",
-                          sep, sep, sep, sep, sep, sep, sep, sep, sep, sep, sep, sep);
+            status_printf(so, "HEADER%cCLIENT_LIST%cCommon Name%cReal Address%cVirtual Address%cVirtual IPv6 Address%cBytes Received%cBytes Sent%cConnected Since%cConnected Since (time_t)%cUsername%cClient ID%cPeer ID%cData Channel Cipher",
+                          sep, sep, sep, sep, sep, sep, sep, sep, sep, sep, sep, sep, sep);
             hash_iterator_init(m->hash, &hi);
             while ((he = hash_iterator_next(&hi)))
             {
@@ -956,7 +958,7 @@ multi_print_status(struct multi_context *m, struct status_output *so, const int
 #else
                                   ""
 #endif
-                                  "%c%" PRIu32,
+                                  "%c%" PRIu32 "%c%s",
                                   sep, tls_common_name(mi->context.c2.tls_multi, false),
                                   sep, mroute_addr_print(&mi->real, &gc),
                                   sep, print_in_addr_t(mi->reporting_addr, IA_EMPTY_IF_UNDEF, &gc),
@@ -971,7 +973,8 @@ multi_print_status(struct multi_context *m, struct status_output *so, const int
 #else
                                   sep,
 #endif
-                                  sep, mi->context.c2.tls_multi ? mi->context.c2.tls_multi->peer_id : UINT32_MAX);
+                                  sep, mi->context.c2.tls_multi ? mi->context.c2.tls_multi->peer_id : UINT32_MAX,
+                                  sep, translate_cipher_name_to_openvpn(mi->context.options.ciphername));
                 }
                 gc_free(&gc);
             }