diff options
author | Martin Willi <martin@strongswan.org> | 2006-04-26 12:28:02 +0000 |
---|---|---|
committer | Martin Willi <martin@strongswan.org> | 2006-04-26 12:28:02 +0000 |
commit | b92eef2868d989b3fe820c5b0dfa7380cf8deb35 (patch) | |
tree | f8ef103a429525cdaf2fbf0d0b1b75724847f282 | |
parent | a2553ef8adc7f3c9c66432f213a49673fd6840c3 (diff) | |
download | strongswan-b92eef2868d989b3fe820c5b0dfa7380cf8deb35.tar.bz2 strongswan-b92eef2868d989b3fe820c5b0dfa7380cf8deb35.tar.xz |
- improved "stroke status" output
-rw-r--r-- | Source/charon/sa/child_sa.c | 46 | ||||
-rw-r--r-- | Source/charon/sa/child_sa.h | 14 | ||||
-rw-r--r-- | Source/charon/sa/ike_sa.c | 38 | ||||
-rw-r--r-- | Source/charon/sa/ike_sa.h | 13 | ||||
-rwxr-xr-x | Source/charon/threads/stroke_interface.c | 31 |
5 files changed, 114 insertions, 28 deletions
diff --git a/Source/charon/sa/child_sa.c b/Source/charon/sa/child_sa.c index 28e9cdd46..c2b3c4421 100644 --- a/Source/charon/sa/child_sa.c +++ b/Source/charon/sa/child_sa.c @@ -20,8 +20,9 @@ * for more details. */ -#include "child_sa.h" +#include <netdb.h> +#include "child_sa.h" #include <daemon.h> @@ -464,6 +465,48 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list } /** + * Implementation of child_sa_t.log_status. + */ +static void log_status(private_child_sa_t *this, logger_t *logger) +{ + iterator_t *iterator; + sa_policy_t *policy; + struct protoent *proto; + char proto_buf[16] = ""; + char *proto_name = proto_buf; + + if (logger == NULL) + { + logger = this->logger; + } + logger->log(logger, CONTROL, " protected with ESP (%x/%x), AH (%x,%x); traffic:", + htons(this->my_esp_spi), htons(this->other_esp_spi), + htons(this->my_ah_spi), htons(this->other_ah_spi)); + iterator = this->policies->create_iterator(this->policies, TRUE); + while (iterator->has_next(iterator)) + { + iterator->current(iterator, (void**)&policy); + if (policy->upper_proto) + { + proto = getprotobynumber(policy->upper_proto); + if (proto) + { + proto_name = proto->p_name; + } + else + { + snprintf(proto_buf, sizeof(proto_buf), "<%d>", policy->upper_proto); + } + } + logger->log(logger, CONTROL, " %s/%d===%s===%s/%d", + policy->my_net->get_address(policy->my_net), policy->my_net_mask, + proto_name, + policy->other_net->get_address(policy->other_net), policy->other_net_mask); + } + iterator->destroy(iterator); +} + +/** * Implementation of child_sa_t.destroy. */ static void destroy(private_child_sa_t *this) @@ -527,6 +570,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other) this->public.add = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))add; this->public.update = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))update; this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*))add_policies; + this->public.log_status = (void (*)(child_sa_t*, logger_t*))log_status; this->public.destroy = (void(*)(child_sa_t*))destroy; /* private data */ diff --git a/Source/charon/sa/child_sa.h b/Source/charon/sa/child_sa.h index 96978dae3..c49d85de9 100644 --- a/Source/charon/sa/child_sa.h +++ b/Source/charon/sa/child_sa.h @@ -27,6 +27,7 @@ #include <types.h> #include <crypto/prf_plus.h> #include <encoding/payloads/proposal_substructure.h> +#include <utils/logger.h> typedef struct child_sa_t child_sa_t; @@ -112,6 +113,19 @@ struct child_sa_t { status_t (*add_policies) (child_sa_t *this, linked_list_t *my_ts_list, linked_list_t *other_ts_list); /** + * @brief Log the status of a child_sa to a logger. + * + * The status of ESP/AH SAs is logged with the supplied logger in + * a human readable form. + * Supplying NULL as logger uses the internal child_sa logger + * to do the logging. + * + * @param this calling object + * @param logger logger to use for logging + */ + void (*log_status) (child_sa_t *this, logger_t *logger); + + /** * @brief Destroys a child_sa. * * @param this calling object diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c index def0013fc..0360695c0 100644 --- a/Source/charon/sa/ike_sa.c +++ b/Source/charon/sa/ike_sa.c @@ -977,6 +977,43 @@ static void reset_message_buffers (private_ike_sa_t *this) } /** + * Implementation of protected_ike_sa_t.log_status. + */ +static void log_status(private_ike_sa_t *this, logger_t *logger) +{ + iterator_t *iterator; + child_sa_t *child_sa; + + host_t *my_host = this->connection->get_my_host(this->connection); + host_t *other_host = this->connection->get_other_host(this->connection); + + identification_t *my_id = this->connection->get_my_id(this->connection); + identification_t *other_id = this->connection->get_other_id(this->connection); + + if (logger == NULL) + { + logger = this->logger; + } + logger->log(logger, CONTROL, "IKE_SA in state %s, SPIs: %lld %lld", + mapping_find(ike_sa_state_m, this->current_state->get_state(this->current_state)), + this->ike_sa_id->get_initiator_spi(this->ike_sa_id), + this->ike_sa_id->get_responder_spi(this->ike_sa_id)); + logger->log(logger, CONTROL, "%s[%s]...%s[%s]; tunnels:", + my_host->get_address(my_host), + my_id->get_string(my_id), + other_host->get_address(other_host), + other_id->get_string(other_id)); + + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); + while (iterator->has_next(iterator)) + { + iterator->current(iterator, (void**)&child_sa); + child_sa->log_status(child_sa, logger); + } + iterator->destroy(iterator); +} + +/** * Implementation of protected_ike_sa_t.destroy. */ static void destroy (private_ike_sa_t *this) @@ -1075,6 +1112,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->protected.public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request; this->protected.public.get_state = (ike_sa_state_t (*) (ike_sa_t *this)) get_state; this->protected.public.send_delete_ike_sa_request = (void (*)(ike_sa_t*)) send_delete_ike_sa_request; + this->protected.public.log_status = (void (*) (ike_sa_t*,logger_t*))log_status; this->protected.public.destroy = (void(*)(ike_sa_t*))destroy; /* protected functions */ diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h index 8b58bfe68..71688394a 100644 --- a/Source/charon/sa/ike_sa.h +++ b/Source/charon/sa/ike_sa.h @@ -37,6 +37,7 @@ #include <crypto/signers/signer.h> #include <config/connections/connection.h> #include <config/policies/policy.h> +#include <utils/logger.h> /** * Nonce size in bytes for nonces sending to other peer. @@ -160,6 +161,18 @@ struct ike_sa_t { * @return state of IKE_SA */ ike_sa_state_t (*get_state) (ike_sa_t *this); + + /** + * @brief Log the status of a the ike sa to a logger. + * + * The status of the IKE SA and all child SAs is logged. + * Supplying NULL as logger uses the internal child_sa logger + * to do the logging. + * + * @param this calling object + * @param logger logger to use for logging + */ + void (*log_status) (ike_sa_t *this, logger_t *logger); /** * @brief Destroys a ike_sa_t object. diff --git a/Source/charon/threads/stroke_interface.c b/Source/charon/threads/stroke_interface.c index 77c15283f..143dcd691 100755 --- a/Source/charon/threads/stroke_interface.c +++ b/Source/charon/threads/stroke_interface.c @@ -408,38 +408,15 @@ static void stroke_status(private_stroke_t *this, stroke_msg_t *msg) ike_sa_id_t *ike_sa_id; ike_sa_t *ike_sa; iterator->current(iterator, (void**)&ike_sa_id); - + /* TODO: A log_status method (as in IKE_SA/CHILD_SA) would be better than checking + * out every single IKE... + */ status = charon->ike_sa_manager->checkout(charon->ike_sa_manager, ike_sa_id, &ike_sa); if (status == SUCCESS) { - host_t *my_host, *other_host; - identification_t *my_id, *other_id; - my_host = ike_sa->get_my_host(ike_sa); - other_host = ike_sa->get_other_host(ike_sa); - my_id = ike_sa->get_my_id(ike_sa); - other_id = ike_sa->get_other_id(ike_sa); - - this->stroke_logger->log(this->stroke_logger, CONTROL, "IKE_SA in state %s ", - mapping_find(ike_sa_state_m, ike_sa->get_state(ike_sa))); - - this->stroke_logger->log(this->stroke_logger, CONTROL, " SPIs: %lld", - ike_sa_id->get_initiator_spi(ike_sa_id)); - this->stroke_logger->log(this->stroke_logger, CONTROL, " %lld", - ike_sa_id->get_responder_spi(ike_sa_id)); - - this->stroke_logger->log(this->stroke_logger, CONTROL, " Addr: %s", - my_host->get_address(my_host)); - this->stroke_logger->log(this->stroke_logger, CONTROL, " %s", - other_host->get_address(other_host)); - - this->stroke_logger->log(this->stroke_logger, CONTROL, " ID: %s", - my_id->get_string(my_id)); - this->stroke_logger->log(this->stroke_logger, CONTROL, " %s", - other_id->get_string(other_id)); - + ike_sa->log_status(ike_sa, this->stroke_logger); charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } - ike_sa_id->destroy(ike_sa_id); } iterator->destroy(iterator); |