diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-07-16 11:09:38 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-07-16 11:09:38 +0200 |
| commit | 6101ee9b063032cc72f95bca3d28561c4ab61ac5 (patch) | |
| tree | 7ccb2398b9a4aa2a5e90f4d1a28261234bc84e09 | |
| parent | 152d7b373db942ed046bf33d6b3bfa2294a5c3e6 (diff) | |
| download | strongswan-6101ee9b063032cc72f95bca3d28561c4ab61ac5.tar.bz2 strongswan-6101ee9b063032cc72f95bca3d28561c4ab61ac5.tar.xz | |
added log and status output for ESN
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_list.c | 7 | ||||
| -rw-r--r-- | src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 6 |
2 files changed, 12 insertions, 1 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 0d6f73a29..e955f9c66 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -222,11 +222,14 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { u_int16_t encr_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED; u_int16_t encr_size = 0, int_size = 0; + bool esn = FALSE; proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &encr_alg, &encr_size); proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, &int_size); + proposal->get_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, + &esn, NULL); if (encr_alg != ENCR_UNDEFINED) { @@ -244,6 +247,10 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) fprintf(out, "_%u", int_size); } } + if (esn) + { + fprintf(out, "/ESN"); + } } now = time_monotonic(NULL); diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index a1c0d8407..333b2d0bd 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -254,7 +254,8 @@ struct private_kernel_netlink_ipsec_t { mutex_t *mutex; /** - * Hash table of installed policies (policy_entry_t) + * Hash table of installed policies (policy_entry_t) DBG2(DBG_KNL, " using extended sequence numbers (ESN)"); + */ hashtable_t *policies; @@ -1414,10 +1415,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t, /* bmp_len contains number uf __u32's */ replay->bmp_len = this->replay_bmp; replay->replay_window = this->replay_window; + DBG2(DBG_KNL, " using replay window of %u bytes", + this->replay_window); rthdr = XFRM_RTA_NEXT(rthdr); if (esn) { + DBG2(DBG_KNL, " using extended sequence numbers (ESN)"); sa->flags |= XFRM_STATE_ESN; } } |