Dev news

Commit c70ab88363 for strongswan.org

commit c70ab8836323e3920f12d988443aba38f42cd86d
Author: Mathijs Smit <smit.mathijs@gmail.com>
Date:   Wed May 20 13:45:55 2026 +0200

    vici: Include proposals in connection listings

    Signed-off-by: Mathijs Smit <smit.mathijs@gmail.com>

diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 01c3f858ca..aeb2832d9d 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -893,7 +893,9 @@ _list-conns_ command.
 			version = <IKE version as string, IKEv1|IKEv2 or 0 for any>
 			reauth_time = <IKE_SA reauthentication interval in seconds>
 			rekey_time = <IKE_SA rekeying interval in seconds>
-
+			proposals = [
+				<list of configured IKE proposals>
+			]
 			local*, remote* = { # multiple local and remote auth sections
 				class = <authentication type>
 				eap-type = <EAP type to authenticate if when using EAP>
@@ -921,6 +923,12 @@ _list-conns_ command.
 					rekey_time = <CHILD_SA rekeying interval in seconds>
 					rekey_bytes = <CHILD_SA rekeying interval in bytes>
 					rekey_packets = <CHILD_SA rekeying interval in packets>
+					esp_proposals = [
+						<list of configured ESP proposals>
+					]
+					ah_proposals = [
+						<list of configured AH proposals>
+					]
 					local-ts = [
 						<list of local traffic selectors>
 					]
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 98a09fa4ae..a2ea5bc1f9 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -208,6 +208,28 @@ static void list_label(vici_builder_t *b, child_sa_t *child, child_cfg_t *cfg)
 	}
 }

+/**
+ * List proposals for a config
+ */
+static void list_proposals(vici_builder_t *b, linked_list_t *proposals,
+						   char *label, protocol_id_t protocol)
+{
+	enumerator_t *enumerator;
+	proposal_t *proposal;
+
+	b->begin_list(b, label);
+	enumerator = proposals->create_enumerator(proposals);
+	while (enumerator->enumerate(enumerator, &proposal))
+	{
+		if (proposal->get_protocol(proposal) == protocol)
+		{
+			b->add_li(b, "%P", proposal);
+		}
+	}
+	enumerator->destroy(enumerator);
+	b->end_list(b);
+}
+
 /**
  * List additional key exchanges
  */
@@ -1006,6 +1028,10 @@ CALLBACK(list_conns, vici_message_t*,
 		b->add_kv(b, "unique", "%N", unique_policy_names,
 				  peer_cfg->get_unique_policy(peer_cfg));

+		list = ike_cfg->get_proposals(ike_cfg, FALSE);
+		list_proposals(b, list, "proposals", PROTO_IKE);
+		list->destroy_offset(list, offsetof(proposal_t, destroy));
+
 		dpd_delay = peer_cfg->get_dpd(peer_cfg);
 		if (dpd_delay)
 		{
@@ -1052,6 +1078,11 @@ CALLBACK(list_conns, vici_message_t*,
 			b->add_kv(b, "close_action", "%N", action_names,
 					  child_cfg->get_close_action(child_cfg));

+			list = child_cfg->get_proposals(child_cfg, FALSE, FALSE);
+			list_proposals(b, list, "esp_proposals", PROTO_ESP);
+			list_proposals(b, list, "ah_proposals", PROTO_AH);
+			list->destroy_offset(list, offsetof(proposal_t, destroy));
+
 			b->begin_list(b, "local-ts");
 			list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL);
 			selectors = list->create_enumerator(list);