aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Steffen <andreas.steffen@strongswan.org>2011-07-16 11:09:38 +0200
committerAndreas Steffen <andreas.steffen@strongswan.org>2011-07-16 11:09:38 +0200
commit6101ee9b063032cc72f95bca3d28561c4ab61ac5 (patch)
tree7ccb2398b9a4aa2a5e90f4d1a28261234bc84e09
parent152d7b373db942ed046bf33d6b3bfa2294a5c3e6 (diff)
downloadstrongswan-6101ee9b063032cc72f95bca3d28561c4ab61ac5.tar.bz2
strongswan-6101ee9b063032cc72f95bca3d28561c4ab61ac5.tar.xz
added log and status output for ESN
-rw-r--r--src/libcharon/plugins/stroke/stroke_list.c7
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c6
2 files changed, 12 insertions, 1 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index 0d6f73a29..e955f9c66 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -222,11 +222,14 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
{
u_int16_t encr_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED;
u_int16_t encr_size = 0, int_size = 0;
+ bool esn = FALSE;
proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
&encr_alg, &encr_size);
proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM,
&int_alg, &int_size);
+ proposal->get_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS,
+ &esn, NULL);
if (encr_alg != ENCR_UNDEFINED)
{
@@ -244,6 +247,10 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
fprintf(out, "_%u", int_size);
}
}
+ if (esn)
+ {
+ fprintf(out, "/ESN");
+ }
}
now = time_monotonic(NULL);
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index a1c0d8407..333b2d0bd 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -254,7 +254,8 @@ struct private_kernel_netlink_ipsec_t {
mutex_t *mutex;
/**
- * Hash table of installed policies (policy_entry_t)
+ * Hash table of installed policies (policy_entry_t) DBG2(DBG_KNL, " using extended sequence numbers (ESN)");
+
*/
hashtable_t *policies;
@@ -1414,10 +1415,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
/* bmp_len contains number uf __u32's */
replay->bmp_len = this->replay_bmp;
replay->replay_window = this->replay_window;
+ DBG2(DBG_KNL, " using replay window of %u bytes",
+ this->replay_window);
rthdr = XFRM_RTA_NEXT(rthdr);
if (esn)
{
+ DBG2(DBG_KNL, " using extended sequence numbers (ESN)");
sa->flags |= XFRM_STATE_ESN;
}
}