From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 2 Jun 2021 12:37:39 +0000 (+0200)
Subject: vici: Add options to only return specific CHILD_SAs in list-sas()
X-Git-Tag: 5.9.6rc1~3^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1c7fac768becf70a3cdf8e84542704e4507bdd2;p=thirdparty%2Fstrongswan.git

vici: Add options to only return specific CHILD_SAs in list-sas()
---

diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 5226bd349c..6b75711fa0 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -277,7 +277,7 @@ Terminates an SA while streaming _control-log_ events.
 	{
 		child = <terminate a CHILD_SA by configuration name>
 		ike = <terminate an IKE_SA by configuration name>
-		child-id = <terminate a CHILD_SA by its reqid>
+		child-id = <terminate a CHILD_SA by its unique id>
 		ike-id = <terminate an IKE_SA by its unique id>
 		force = <terminate IKE_SA without waiting for proper DELETE, if timeout
 				 is given, waits for a response until it is reached>
@@ -300,7 +300,7 @@ Initiate the rekeying of an SA.
 	{
 		child = <rekey a CHILD_SA by configuration name>
 		ike = <rekey an IKE_SA by configuration name>
-		child-id = <rekey a CHILD_SA by its reqid>
+		child-id = <rekey a CHILD_SA by its unique id>
 		ike-id = <rekey an IKE_SA by its unique id>
 		reauth = <reauthenticate instead of rekey an IKEv2 SA>
 	} => {
@@ -361,6 +361,8 @@ events.
 		noblock = <use non-blocking mode if key is set>
 		ike = <filter listed IKE_SAs by its name>
 		ike-id = <filter listed IKE_SA by its unique id>
+		child = <filter listed CHILD_SAs by name>
+		child-id = <filter listed CHILD_SAs by unique id>
 	} => {
 		# completes after streaming list-sa events
 	}
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 4164269b3a..ff2d36b21d 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -529,15 +529,16 @@ CALLBACK(list_sas, vici_message_t*,
 	ike_sa_t *ike_sa;
 	child_sa_t *child_sa;
 	time_t now;
-	char *ike;
-	u_int ike_id;
+	char *ike, *child;
+	u_int ike_id, child_id;
 	bool bl;
 	char buf[BUF_LEN];
 
-
 	bl = request->get_str(request, NULL, "noblock") == NULL;
 	ike = request->get_str(request, NULL, "ike");
 	ike_id = request->get_int(request, 0, "ike-id");
+	child = request->get_str(request, NULL, "child");
+	child_id = request->get_int(request, 0, "child-id");
 
 	isas = charon->controller->create_ike_sa_enumerator(charon->controller, bl);
 	while (isas->enumerate(isas, &ike_sa))
@@ -562,6 +563,15 @@ CALLBACK(list_sas, vici_message_t*,
 		csas = ike_sa->create_child_sa_enumerator(ike_sa);
 		while (csas->enumerate(csas, &child_sa))
 		{
+			if (child && !streq(child, child_sa->get_name(child_sa)))
+			{
+				continue;
+			}
+			if (child_id && child_sa->get_unique_id(child_sa) != child_id)
+			{
+				continue;
+			}
+
 			snprintf(buf, sizeof(buf), "%s-%u", child_sa->get_name(child_sa),
 					 child_sa->get_unique_id(child_sa));
 			b->begin_section(b, buf);