From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 27 Apr 2018 16:11:42 +0000 (+0200)
Subject: swanctl: Add option to force IKE_SA termination
X-Git-Tag: 5.6.3dr2~2^2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=c057cd26fa8d25f7de6df76a7ab4473e9bc1b2a3;p=thirdparty%2Fstrongswan.git

swanctl: Add option to force IKE_SA termination
---

diff --git a/src/swanctl/commands/terminate.c b/src/swanctl/commands/terminate.c
index 8b3233c89f..bce404a54f 100644
--- a/src/swanctl/commands/terminate.c
+++ b/src/swanctl/commands/terminate.c
@@ -39,6 +39,7 @@ static int terminate(vici_conn_t *conn)
 	command_format_options_t format = COMMAND_FORMAT_NONE;
 	char *arg, *child = NULL, *ike = NULL;
 	int ret = 0, timeout = 0, level = 1, child_id = 0, ike_id = 0;
+	bool force = FALSE;
 
 	while (TRUE)
 	{
@@ -55,6 +56,9 @@ static int terminate(vici_conn_t *conn)
 			case 'c':
 				child = arg;
 				continue;
+			case 'f':
+				force = TRUE;
+				continue;
 			case 'i':
 				ike = arg;
 				continue;
@@ -101,6 +105,10 @@ static int terminate(vici_conn_t *conn)
 	{
 		vici_add_key_valuef(req, "ike-id", "%d", ike_id);
 	}
+	if (force)
+	{
+		vici_add_key_valuef(req, "force", "yes");
+	}
 	if (timeout)
 	{
 		vici_add_key_valuef(req, "timeout", "%d", timeout * 1000);
@@ -150,6 +158,7 @@ static void __attribute__ ((constructor))reg()
 			{"ike",			'i', 1, "terminate by IKE_SA name"},
 			{"child-id",	'C', 1, "terminate by CHILD_SA reqid"},
 			{"ike-id",		'I', 1, "terminate by IKE_SA unique identifier"},
+			{"force",		'f', 0, "terminate IKE_SA without waiting, unless timeout is set"},
 			{"timeout",		't', 1, "timeout in seconds before detaching"},
 			{"raw",			'r', 0, "dump raw response message"},
 			{"pretty",		'P', 0, "dump raw response message in pretty print"},