- improved "stroke status" output

5 files changed, 114 insertions, 28 deletions

diff --git a/Source/charon/sa/child_sa.c b/Source/charon/sa/child_sa.c
index 28e9cdd46..c2b3c4421 100644
--- a/Source/charon/sa/child_sa.c
+++ b/Source/charon/sa/child_sa.c
@@ -20,8 +20,9 @@
  * for more details.
  */
 
-#include "child_sa.h"
+#include <netdb.h>
 
+#include "child_sa.h"
 
 #include <daemon.h>
 
@@ -464,6 +465,48 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list
 }
 
 /**
+ * Implementation of child_sa_t.log_status.
+ */
+static void log_status(private_child_sa_t *this, logger_t *logger)
+{
+	iterator_t *iterator;
+	sa_policy_t *policy;
+	struct protoent *proto;
+	char proto_buf[16] = "";
+	char *proto_name = proto_buf;
+	
+	if (logger == NULL)
+	{
+		logger = this->logger;
+	}
+	logger->log(logger, CONTROL, "  protected with ESP (%x/%x), AH (%x,%x); traffic:",
+				htons(this->my_esp_spi), htons(this->other_esp_spi), 
+				htons(this->my_ah_spi), htons(this->other_ah_spi));
+	iterator = this->policies->create_iterator(this->policies, TRUE);
+	while (iterator->has_next(iterator))
+	{
+		iterator->current(iterator, (void**)&policy);
+		if (policy->upper_proto)
+		{
+			proto = getprotobynumber(policy->upper_proto);
+			if (proto)
+			{
+				proto_name = proto->p_name;
+			}
+			else
+			{
+				snprintf(proto_buf, sizeof(proto_buf), "<%d>", policy->upper_proto);
+			}
+		}
+		logger->log(logger, CONTROL, "    %s/%d===%s===%s/%d",
+					policy->my_net->get_address(policy->my_net), policy->my_net_mask,
+					proto_name,
+					policy->other_net->get_address(policy->other_net), policy->other_net_mask);
+	}
+	iterator->destroy(iterator);
+}
+
+/**
  * Implementation of child_sa_t.destroy.
  */
 static void destroy(private_child_sa_t *this)
@@ -527,6 +570,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other)
 	this->public.add = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))add;
 	this->public.update = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))update;
 	this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*))add_policies;
+	this->public.log_status = (void (*)(child_sa_t*, logger_t*))log_status;
 	this->public.destroy = (void(*)(child_sa_t*))destroy;
 
 	/* private data */
diff --git a/Source/charon/sa/child_sa.h b/Source/charon/sa/child_sa.h
index 96978dae3..c49d85de9 100644
--- a/Source/charon/sa/child_sa.h
+++ b/Source/charon/sa/child_sa.h
@@ -27,6 +27,7 @@
 #include <types.h>
 #include <crypto/prf_plus.h>
 #include <encoding/payloads/proposal_substructure.h>
+#include <utils/logger.h>
 
 typedef struct child_sa_t child_sa_t;
 
@@ -112,6 +113,19 @@ struct child_sa_t {
 	status_t (*add_policies) (child_sa_t *this, linked_list_t *my_ts_list, linked_list_t *other_ts_list);
 	
 	/**
+	 * @brief Log the status of a child_sa to a logger.
+	 *
+	 * The status of ESP/AH SAs is logged with the supplied logger in
+	 * a human readable form.
+	 * Supplying NULL as logger uses the internal child_sa logger
+	 * to do the logging.
+	 *
+	 * @param this 		calling object
+	 * @param logger	logger to use for logging
+	 */	
+	void (*log_status) (child_sa_t *this, logger_t *logger);
+	
+	/**
 	 * @brief Destroys a child_sa.
 	 *
 	 * @param this 		calling object
diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c
index def0013fc..0360695c0 100644
--- a/Source/charon/sa/ike_sa.c
+++ b/Source/charon/sa/ike_sa.c
@@ -977,6 +977,43 @@ static void reset_message_buffers (private_ike_sa_t *this)
 }
 
 /**
+ * Implementation of protected_ike_sa_t.log_status.
+ */
+static void log_status(private_ike_sa_t *this, logger_t *logger)
+{
+	iterator_t *iterator;
+	child_sa_t *child_sa;
+	
+	host_t *my_host    = this->connection->get_my_host(this->connection);
+	host_t *other_host = this->connection->get_other_host(this->connection);
+
+	identification_t *my_id    = this->connection->get_my_id(this->connection);
+	identification_t *other_id = this->connection->get_other_id(this->connection);
+	
+	if (logger == NULL)
+	{
+		logger = this->logger;
+	}
+	logger->log(logger, CONTROL, "IKE_SA in state %s, SPIs: %lld %lld",
+				mapping_find(ike_sa_state_m, this->current_state->get_state(this->current_state)),
+				this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
+				this->ike_sa_id->get_responder_spi(this->ike_sa_id));
+	logger->log(logger, CONTROL, "%s[%s]...%s[%s]; tunnels:",
+				my_host->get_address(my_host),
+				my_id->get_string(my_id),
+				other_host->get_address(other_host),
+				other_id->get_string(other_id));
+	
+	iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
+	while (iterator->has_next(iterator))
+	{
+		iterator->current(iterator, (void**)&child_sa);
+		child_sa->log_status(child_sa, logger);
+	}
+	iterator->destroy(iterator);
+}
+
+/**
  * Implementation of protected_ike_sa_t.destroy.
  */
 static void destroy (private_ike_sa_t *this)
@@ -1075,6 +1112,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 	this->protected.public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
 	this->protected.public.get_state = (ike_sa_state_t (*) (ike_sa_t *this)) get_state;
 	this->protected.public.send_delete_ike_sa_request = (void (*)(ike_sa_t*)) send_delete_ike_sa_request;
+	this->protected.public.log_status = (void (*) (ike_sa_t*,logger_t*))log_status;
 	this->protected.public.destroy = (void(*)(ike_sa_t*))destroy;
 	
 	/* protected functions */
diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h
index 8b58bfe68..71688394a 100644
--- a/Source/charon/sa/ike_sa.h
+++ b/Source/charon/sa/ike_sa.h
@@ -37,6 +37,7 @@
 #include <crypto/signers/signer.h>
 #include <config/connections/connection.h>
 #include <config/policies/policy.h>
+#include <utils/logger.h>
 
 /**
  * Nonce size in bytes for nonces sending to other peer.
@@ -160,6 +161,18 @@ struct ike_sa_t {
 	 * @return 				state of IKE_SA
 	 */
 	ike_sa_state_t (*get_state) (ike_sa_t *this);
+	
+	/**
+	 * @brief Log the status of a the ike sa to a logger.
+	 *
+	 * The status of the IKE SA and all child SAs is logged.
+	 * Supplying NULL as logger uses the internal child_sa logger
+	 * to do the logging.
+	 *
+	 * @param this 		calling object
+	 * @param logger	logger to use for logging
+	 */	
+	void (*log_status) (ike_sa_t *this, logger_t *logger);
 
 	/**
 	 * @brief Destroys a ike_sa_t object.
diff --git a/Source/charon/threads/stroke_interface.c b/Source/charon/threads/stroke_interface.c
index 77c15283f..143dcd691 100755
--- a/Source/charon/threads/stroke_interface.c
+++ b/Source/charon/threads/stroke_interface.c
@@ -408,38 +408,15 @@ static void stroke_status(private_stroke_t *this, stroke_msg_t *msg)
 		ike_sa_id_t *ike_sa_id;
 		ike_sa_t *ike_sa;
 		iterator->current(iterator, (void**)&ike_sa_id);
-		
+		/* TODO: A log_status method (as in IKE_SA/CHILD_SA) would be better than checking
+		 * out every single IKE...
+		 */
 		status = charon->ike_sa_manager->checkout(charon->ike_sa_manager, ike_sa_id, &ike_sa);
 		if (status == SUCCESS)
 		{
-			host_t *my_host, *other_host;
-			identification_t *my_id, *other_id;
-			my_host = ike_sa->get_my_host(ike_sa);
-			other_host = ike_sa->get_other_host(ike_sa);
-			my_id = ike_sa->get_my_id(ike_sa);
-			other_id = ike_sa->get_other_id(ike_sa);
-			
-			this->stroke_logger->log(this->stroke_logger, CONTROL, "IKE_SA in state %s ",
-									 mapping_find(ike_sa_state_m, ike_sa->get_state(ike_sa)));
-			
-			this->stroke_logger->log(this->stroke_logger, CONTROL, " SPIs: %lld",
-									 ike_sa_id->get_initiator_spi(ike_sa_id));
-			this->stroke_logger->log(this->stroke_logger, CONTROL, "       %lld",
-									 ike_sa_id->get_responder_spi(ike_sa_id));
-			
-			this->stroke_logger->log(this->stroke_logger, CONTROL, " Addr: %s",
-									 my_host->get_address(my_host));
-			this->stroke_logger->log(this->stroke_logger, CONTROL, "       %s",
-									 other_host->get_address(other_host));
-			
-			this->stroke_logger->log(this->stroke_logger, CONTROL, " ID:   %s",
-									 my_id->get_string(my_id));
-			this->stroke_logger->log(this->stroke_logger, CONTROL, "       %s",
-									 other_id->get_string(other_id));
-						
+			ike_sa->log_status(ike_sa, this->stroke_logger);
 			charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 		}
-		
 		ike_sa_id->destroy(ike_sa_id);
 	}
 	iterator->destroy(iterator);