From 4eaf08c35b3d9db6ad9b6e3bc5a7ac55421feda5 Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Tue, 6 Feb 2018 21:29:17 +0100
Subject: [PATCH] vici: list-conn reports DPD settings and swanctl displays
 them

---
 src/libcharon/plugins/vici/vici_query.c | 17 ++++++++-
 src/swanctl/commands/list_conns.c       | 50 +++++++++++++++++--------
 2 files changed, 50 insertions(+), 17 deletions(-)

diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 134ea375d3..461132e031 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -774,7 +774,7 @@ CALLBACK(list_conns, vici_message_t*,
 	ike_cfg_t *ike_cfg;
 	child_cfg_t *child_cfg;
 	char *ike, *str, *interface;
-	uint32_t manual_prio;
+	uint32_t manual_prio, dpd_delay, dpd_timeout;
 	linked_list_t *list;
 	traffic_selector_t *ts;
 	lifetime_cfg_t *lft;
@@ -825,6 +825,18 @@ CALLBACK(list_conns, vici_message_t*,
 		b->add_kv(b, "unique", "%N", unique_policy_names,
 			peer_cfg->get_unique_policy(peer_cfg));
 
+		dpd_delay = peer_cfg->get_dpd(peer_cfg);
+		if (dpd_delay)
+		{
+			b->add_kv(b, "dpd_delay", "%u", dpd_delay);
+		}
+
+		dpd_timeout = peer_cfg->get_dpd_timeout(peer_cfg);
+		if (dpd_timeout)
+		{
+			b->add_kv(b, "dpd_timeout", "%u", dpd_timeout);
+		}
+
 		build_auth_cfgs(peer_cfg, TRUE, b);
 		build_auth_cfgs(peer_cfg, FALSE, b);
 
@@ -843,6 +855,9 @@ CALLBACK(list_conns, vici_message_t*,
 			b->add_kv(b, "rekey_packets", "%"PRIu64, lft->packets.rekey);
 			free(lft);
 
+			b->add_kv(b, "dpd_action", "%N", action_names,
+				child_cfg->get_dpd_action(child_cfg));
+
 			b->begin_list(b, "local-ts");
 			list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
 			selectors = list->create_enumerator(list);
diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c
index 19e7050da8..f692e9966f 100644
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@@ -84,8 +84,8 @@ CALLBACK(children_sn, int,
 {
 	hashtable_t *child;
 	char *mode, *interface, *priority;
-	char *rekey_time, *rekey_bytes, *rekey_packets;
-	bool no_time, no_bytes, no_packets, or = FALSE;
+	char *rekey_time, *rekey_bytes, *rekey_packets, *dpd_action, *dpd_delay;
+	bool no_time, no_bytes, no_packets, no_dpd, or = FALSE;
 	int ret;
 
 	child = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
@@ -98,14 +98,18 @@ CALLBACK(children_sn, int,
 		rekey_time    = child->get(child, "rekey_time");
 		rekey_bytes   = child->get(child, "rekey_bytes");
 		rekey_packets = child->get(child, "rekey_packets");
+		dpd_action    = child->get(child, "dpd_action");
+		dpd_delay     = ike->get(ike, "dpd_delay");
+
 		no_time    = streq(rekey_time, "0");
 		no_bytes   = streq(rekey_bytes, "0");
 		no_packets = streq(rekey_packets, "0");
+		no_dpd     = streq(dpd_delay, "0");
 
 		if (strcaseeq(mode, "PASS") || strcaseeq(mode, "DROP") ||
 		   (no_time && no_bytes && no_packets))
 		{
-			printf("no rekeying\n");
+			printf("no rekeying");
 		}
 		else
 		{
@@ -124,8 +128,12 @@ CALLBACK(children_sn, int,
 			{
 				printf("%s %s packets", or ? " or" : "", rekey_packets);
 			}
-			printf("\n");
 		}
+		if (!no_dpd)
+		{
+			printf(", dpd action is %s", dpd_action);
+		}
+		printf("\n");
 
 		printf("    local:  %s\n", child->get(child, "local-ts"));
 		printf("    remote: %s\n", child->get(child, "remote-ts"));
@@ -153,7 +161,7 @@ CALLBACK(conn_sn, int,
 
 	if (streq(name, "children"))
 	{
-		return vici_parse_cb(res, children_sn, NULL, NULL, NULL);
+		return vici_parse_cb(res, children_sn, NULL, NULL, ike);
 	}
 	if (strpfx(name, "local") || strpfx(name, "remote"))
 	{
@@ -225,11 +233,17 @@ CALLBACK(conn_list, int,
 CALLBACK(conns, int,
 	void *null, vici_res_t *res, char *name)
 {
-	char *version, *reauth_time, *rekey_time;
+	int ret;
+	char *version, *reauth_time, *rekey_time, *dpd_delay;
+	hashtable_t *ike;
 
 	version     = vici_find_str(res, "", "%s.version", name);
-	reauth_time = vici_find_str(res, "", "%s.reauth_time", name);
-	rekey_time  = vici_find_str(res, "", "%s.rekey_time", name);
+	reauth_time = vici_find_str(res, "0", "%s.reauth_time", name);
+	rekey_time  = vici_find_str(res, "0", "%s.rekey_time", name);
+	dpd_delay   = vici_find_str(res, "0", "%s.dpd_delay", name);
+
+	ike = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
+	free(ike->put(ike,"dpd_delay", strdup(dpd_delay)));
 
 	printf("%s: %s, ", name, version);
 	if (streq(version, "IKEv1"))
@@ -247,22 +261,26 @@ CALLBACK(conns, int,
 	{
 		printf("reauthentication every %ss", reauth_time);
 	}
-	if (streq(version, "IKEv1"))
-	{
-		printf("\n");
-	}
-	else
+	if (!streq(version, "IKEv1"))
 	{
 		if (streq(rekey_time, "0"))
 		{
-			printf(", no rekeying\n");
+			printf(", no rekeying");
 		}
 		else
 		{
-			printf(", rekeying every %ss\n", rekey_time);
+			printf(", rekeying every %ss", rekey_time);
 		}
 	}
-	return vici_parse_cb(res, conn_sn, NULL, conn_list, NULL);
+	if (!streq(dpd_delay, "0"))
+	{
+		printf(", dpd delay %ss", dpd_delay);
+	}
+	printf("\n");
+
+	ret = vici_parse_cb(res, conn_sn, NULL, conn_list, ike);
+	free_hashtable(ike);
+	return ret;
 }
 
 CALLBACK(list_cb, void,
-- 
2.47.2