Merge branch 'user/strongswan/1' into 'master'

user/strongswan: import from Alpine

Imported from Alpine.

This package excludes the printf test suite because it was segfaulting. However, that test suite only tests the libc implementations of vsnprintf. All other tests pass.

See merge request !69

1 files changed, 159 insertions, 0 deletions

diff --git a/user/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch b/user/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
new file mode 100644
index 000000000..06dc121e8
--- /dev/null
+++ b/user/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
@@ -0,0 +1,159 @@
+From 0e4f1118e68736bb96ae23f4c6cb85f2ebbc998d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Mon, 21 Sep 2015 13:42:11 +0300
+Subject: [PATCH] vici: add support for individual sa state changes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Useful for monitoring and tracking full SA.
+
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+---
+ src/libcharon/plugins/vici/vici_query.c | 105 ++++++++++++++++++++++++++++++++
+ 1 file changed, 105 insertions(+)
+
+diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
+index 309a11c03..83a5daaa7 100644
+--- a/src/libcharon/plugins/vici/vici_query.c
++++ b/src/libcharon/plugins/vici/vici_query.c
+@@ -1624,8 +1624,16 @@ static void manage_commands(private_vici_query_t *this, bool reg)
+ 	this->dispatcher->manage_event(this->dispatcher, "list-cert", reg);
+ 	this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg);
+ 	this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg);
++	this->dispatcher->manage_event(this->dispatcher, "ike-state-established", reg);
++	this->dispatcher->manage_event(this->dispatcher, "ike-state-destroying", reg);
+ 	this->dispatcher->manage_event(this->dispatcher, "child-updown", reg);
+ 	this->dispatcher->manage_event(this->dispatcher, "child-rekey", reg);
++	this->dispatcher->manage_event(this->dispatcher, "child-state-installing", reg);
++	this->dispatcher->manage_event(this->dispatcher, "child-state-installed", reg);
++	this->dispatcher->manage_event(this->dispatcher, "child-state-updating", reg);
++	this->dispatcher->manage_event(this->dispatcher, "child-state-rekeying", reg);
++	this->dispatcher->manage_event(this->dispatcher, "child-state-rekeyed", reg);
++	this->dispatcher->manage_event(this->dispatcher, "child-state-destroying", reg);
+ 	manage_command(this, "list-sas", list_sas, reg);
+ 	manage_command(this, "list-policies", list_policies, reg);
+ 	manage_command(this, "list-conns", list_conns, reg);
+@@ -1696,6 +1704,45 @@ METHOD(listener_t, ike_rekey, bool,
+ 	return TRUE;
+ }
+ 
++METHOD(listener_t, ike_state_change, bool,
++	private_vici_query_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
++{
++	char *event;
++	vici_builder_t *b;
++	time_t now;
++
++	switch (state)
++	{
++	case IKE_ESTABLISHED:
++		event = "ike-state-established";
++		break;
++	case IKE_DESTROYING:
++		event = "ike-state-destroying";
++		break;
++	default:
++		return TRUE;
++	}
++
++	if (!this->dispatcher->has_event_listeners(this->dispatcher, event))
++	{
++		return TRUE;
++	}
++
++	now = time_monotonic(NULL);
++
++	b = vici_builder_create();
++	b->begin_section(b, ike_sa->get_name(ike_sa));
++	list_ike(this, b, ike_sa, now, state != IKE_DESTROYING);
++	b->begin_section(b, "child-sas");
++	b->end_section(b);
++	b->end_section(b);
++
++	this->dispatcher->raise_event(this->dispatcher,
++								  event, 0, b->finalize(b));
++
++	return TRUE;
++}
++
+ METHOD(listener_t, child_updown, bool,
+ 	private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up)
+ {
+@@ -1771,6 +1818,62 @@ METHOD(listener_t, child_rekey, bool,
+ 	return TRUE;
+ }
+ 
++METHOD(listener_t, child_state_change, bool,
++	private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state)
++{
++	char *event;
++	vici_builder_t *b;
++	time_t now;
++
++	switch (state)
++	{
++	case CHILD_INSTALLING:
++		event = "child-state-installing";
++		break;
++	case CHILD_INSTALLED:
++		event = "child-state-installed";
++		break;
++	case CHILD_UPDATING:
++		event = "child-state-updating";
++		break;
++	case CHILD_REKEYING:
++		event = "child-state-rekeying";
++		break;
++	case CHILD_REKEYED:
++		event = "child-state-rekeyed";
++		break;
++	case CHILD_DESTROYING:
++		event = "child-state-destroying";
++		break;
++	default:
++		return TRUE;
++	}
++
++	if (!this->dispatcher->has_event_listeners(this->dispatcher, event))
++	{
++		return TRUE;
++	}
++
++	now = time_monotonic(NULL);
++
++	b = vici_builder_create();
++	b->begin_section(b, ike_sa->get_name(ike_sa));
++	list_ike(this, b, ike_sa, now, state != CHILD_DESTROYING);
++	b->begin_section(b, "child-sas");
++
++	b->begin_section(b, child_sa->get_name(child_sa));
++	list_child(this, b, child_sa, now);
++	b->end_section(b);
++
++	b->end_section(b);
++	b->end_section(b);
++
++	this->dispatcher->raise_event(this->dispatcher,
++								  event, 0, b->finalize(b));
++
++	return TRUE;
++}
++
+ METHOD(vici_query_t, destroy, void,
+ 	private_vici_query_t *this)
+ {
+@@ -1790,8 +1893,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher)
+ 			.listener = {
+ 				.ike_updown = _ike_updown,
+ 				.ike_rekey = _ike_rekey,
++				.ike_state_change = _ike_state_change,
+ 				.child_updown = _child_updown,
+ 				.child_rekey = _child_rekey,
++				.child_state_change = _child_state_change,
+ 			},
+ 			.destroy = _destroy,
+ 		},
+-- 
+2.12.1
+