aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Steffen <andreas.steffen@strongswan.org>2010-10-09 16:01:19 +0200
committerAndreas Steffen <andreas.steffen@strongswan.org>2010-10-09 16:01:19 +0200
commited08f7ce834bcce06587eb03e7def78443f9fd34 (patch)
tree2838eea673133d43a78c7fb8847389a98b79ea2d
parentdb24b600fbbea44c8b4cdfdb39afaee257ad4b04 (diff)
downloadstrongswan-ed08f7ce834bcce06587eb03e7def78443f9fd34.tar.bz2
strongswan-ed08f7ce834bcce06587eb03e7def78443f9fd34.tar.xz
use DBG_TNC for TNC debugging output
Diffstat
-rw-r--r--src/charon/charon.c3
-rw-r--r--src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c2
-rw-r--r--src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c2
-rw-r--r--src/libcharon/plugins/tnccs_11/tnccs_11.c38
-rw-r--r--src/libstrongswan/debug.c2
-rw-r--r--src/libstrongswan/debug.h2
-rwxr-xr-xtesting/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf1
13 files changed, 34 insertions, 28 deletions
diff --git a/src/charon/charon.c b/src/charon/charon.c
index c6c627cb6..fd255e919 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -283,7 +283,7 @@ static void usage(const char *msg)
" [--version]\n"
" [--use-syslog]\n"
" [--debug-<type> <level>]\n"
- " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|tls|lib)\n"
+ " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|tnc|tls|lib)\n"
" <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n"
" 2 = controlmore, 3 = raw, 4 = private)\n"
"\n"
@@ -355,6 +355,7 @@ int main(int argc, char *argv[])
{ "debug-knl", required_argument, &group, DBG_KNL },
{ "debug-net", required_argument, &group, DBG_NET },
{ "debug-enc", required_argument, &group, DBG_ENC },
+ { "debug-tnc", required_argument, &group, DBG_TNC },
{ "debug-tls", required_argument, &group, DBG_TLS },
{ "debug-lib", required_argument, &group, DBG_LIB },
{ 0,0,0,0 }
diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c b/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c
index cc1d246f0..0ce930ba3 100644
--- a/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c
+++ b/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c
@@ -48,7 +48,7 @@ plugin_t *tnc_imc_plugin_create()
if (libtnc_tncc_Initialize(tnc_config) != TNC_RESULT_SUCCESS)
{
free(this);
- DBG1(DBG_IKE, "TNC IMC initialization failed");
+ DBG1(DBG_TNC, "TNC IMC initialization failed");
return NULL;
}
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c b/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c
index 4b5c06bf8..5b3d3892d 100644
--- a/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c
+++ b/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c
@@ -45,7 +45,7 @@ plugin_t *tnc_imv_plugin_create()
if (libtnc_tncs_Initialize(tnc_config) != TNC_RESULT_SUCCESS)
{
free(this);
- DBG1(DBG_IKE, "TNC IMV initialization failed");
+ DBG1(DBG_TNC, "TNC IMV initialization failed");
return NULL;
}
diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11.c b/src/libcharon/plugins/tnccs_11/tnccs_11.c
index 3d2384cb9..704bf64ed 100644
--- a/src/libcharon/plugins/tnccs_11/tnccs_11.c
+++ b/src/libcharon/plugins/tnccs_11/tnccs_11.c
@@ -32,13 +32,13 @@ static TNC_Result buffer_batch(u_int32_t id, const char *data, size_t len)
{
if (id >= TNC_SEND_BUFFER_SIZE)
{
- DBG1(DBG_IKE, "TNCCS Batch for Connection ID %u cannot be stored in "
+ DBG1(DBG_TNC, "TNCCS Batch for Connection ID %u cannot be stored in "
"send buffer with size %d", id, TNC_SEND_BUFFER_SIZE);
return TNC_RESULT_FATAL;
}
if (tnc_send_buffer[id].ptr)
{
- DBG1(DBG_IKE, "send buffer slot for Connection ID %u is already "
+ DBG1(DBG_TNC, "send buffer slot for Connection ID %u is already "
"occupied", id);
return TNC_RESULT_FATAL;
}
@@ -55,7 +55,7 @@ static bool retrieve_batch(u_int32_t id, chunk_t *batch)
{
if (id >= TNC_SEND_BUFFER_SIZE)
{
- DBG1(DBG_IKE, "TNCCS Batch for Connection ID %u cannot be retrieved from "
+ DBG1(DBG_TNC, "TNCCS Batch for Connection ID %u cannot be retrieved from "
"send buffer with size %d", id, TNC_SEND_BUFFER_SIZE);
return FALSE;
}
@@ -128,30 +128,30 @@ METHOD(tls_t, process, status_t,
this->tncs_connection = libtnc_tncs_CreateConnection(NULL);
if (!this->tncs_connection)
{
- DBG1(DBG_IKE, "TNCS CreateConnection failed");
+ DBG1(DBG_TNC, "TNCS CreateConnection failed");
return FAILED;
}
- DBG1(DBG_IKE, "assigned TNCS Connection ID %u",
+ DBG1(DBG_TNC, "assigned TNCS Connection ID %u",
this->tncs_connection->connectionID);
if (libtnc_tncs_BeginSession(this->tncs_connection) != TNC_RESULT_SUCCESS)
{
- DBG1(DBG_IKE, "TNCS BeginSession failed");
+ DBG1(DBG_TNC, "TNCS BeginSession failed");
return FAILED;
}
}
conn_id = this->is_server ? this->tncs_connection->connectionID
: this->tncc_connection->connectionID;
- DBG1(DBG_IKE, "received TNCCS Batch (%u bytes) for Connection ID %u:",
+ DBG1(DBG_TNC, "received TNCCS Batch (%u bytes) for Connection ID %u",
buflen, conn_id);
- DBG1(DBG_IKE, "%.*s", buflen, buf);
+ DBG3(DBG_TNC, "%.*s", buflen, buf);
if (this->is_server)
{
if (libtnc_tncs_ReceiveBatch(this->tncs_connection, buf, buflen) !=
TNC_RESULT_SUCCESS)
{
- DBG1(DBG_IKE, "TNCS ReceiveBatch failed");
+ DBG1(DBG_TNC, "TNCS ReceiveBatch failed");
return FAILED;
}
}
@@ -160,7 +160,7 @@ METHOD(tls_t, process, status_t,
if (libtnc_tncc_ReceiveBatch(this->tncc_connection, buf, buflen) !=
TNC_RESULT_SUCCESS)
{
- DBG1(DBG_IKE, "TNCC ReceiveBatch failed");
+ DBG1(DBG_TNC, "TNCC ReceiveBatch failed");
return FAILED;
}
}
@@ -179,14 +179,14 @@ METHOD(tls_t, build, status_t,
this->tncc_connection = libtnc_tncc_CreateConnection(NULL);
if (!this->tncc_connection)
{
- DBG1(DBG_IKE, "TNCC CreateConnection failed");
+ DBG1(DBG_TNC, "TNCC CreateConnection failed");
return FAILED;
}
- DBG1(DBG_IKE, "assigned TNCC Connection ID %u",
+ DBG1(DBG_TNC, "assigned TNCC Connection ID %u",
this->tncc_connection->connectionID);
if (libtnc_tncc_BeginSession(this->tncc_connection) != TNC_RESULT_SUCCESS)
{
- DBG1(DBG_IKE, "TNCC BeginSession failed");
+ DBG1(DBG_TNC, "TNCC BeginSession failed");
return FAILED;
}
}
@@ -207,9 +207,9 @@ METHOD(tls_t, build, status_t,
if (batch.len)
{
- DBG1(DBG_IKE, "sending TNCCS Batch (%d bytes) for Connection ID %u:",
+ DBG1(DBG_TNC, "sending TNCCS Batch (%d bytes) for Connection ID %u",
batch.len, conn_id);
- DBG1(DBG_IKE, "%.*s", batch.len, batch.ptr);
+ DBG3(DBG_TNC, "%.*s", batch.len, batch.ptr);
memcpy(buf, batch.ptr, len);
free_batch(conn_id);
return ALREADY_DONE;
@@ -248,17 +248,17 @@ METHOD(tls_t, is_complete, bool,
switch (rec)
{
case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
- DBG1(DBG_IKE, "TNC recommendation is allow");
+ DBG1(DBG_TNC, "TNC recommendation is allow");
group = "allow";
break;
case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
- DBG1(DBG_IKE, "TNC recommendation is isolate");
+ DBG1(DBG_TNC, "TNC recommendation is isolate");
group = "isolate";
break;
case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
default:
- DBG1(DBG_IKE, "TNC recommendation is none");
+ DBG1(DBG_TNC, "TNC recommendation is none");
return FALSE;
}
ike_sa = charon->bus->get_sa(charon->bus);
@@ -267,7 +267,7 @@ METHOD(tls_t, is_complete, bool,
auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
id = identification_create_from_string(group);
auth->add(auth, AUTH_RULE_GROUP, id);
- DBG1(DBG_IKE, "added group membership '%s'", group);
+ DBG1(DBG_TNC, "added group membership '%s' based on TNC recommendation", group);
}
return TRUE;
}
diff --git a/src/libstrongswan/debug.c b/src/libstrongswan/debug.c
index deb048bc0..6ded70248 100644
--- a/src/libstrongswan/debug.c
+++ b/src/libstrongswan/debug.c
@@ -27,6 +27,7 @@ ENUM(debug_names, DBG_DMN, DBG_LIB,
"KNL",
"NET",
"ENC",
+ "TNC",
"TLS",
"LIB",
);
@@ -41,6 +42,7 @@ ENUM(debug_lower_names, DBG_DMN, DBG_LIB,
"knl",
"net",
"enc",
+ "tnc",
"tls",
"lib",
);
diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h
index e23ceed73..d3399bff6 100644
--- a/src/libstrongswan/debug.h
+++ b/src/libstrongswan/debug.h
@@ -50,6 +50,8 @@ enum debug_t {
DBG_NET,
/** message encoding/decoding */
DBG_ENC,
+ /** trusted network connect */
+ DBG_TNC,
/** libtls */
DBG_TLS,
/** libstrongswan */
diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.conf
index 97a2e02c9..9cf2b43c4 100755
--- a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.conf
@@ -2,7 +2,7 @@
config setup
plutostart=no
- charondebug="tls 2"
+ charondebug="tls 2, tnc 3"
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.conf
index d388060be..998e6c2e5 100755
--- a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.conf
@@ -2,7 +2,7 @@
config setup
plutostart=no
- charondebug="tls 2"
+ charondebug="tls 2, tnc 3"
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf
index 97a2e02c9..9cf2b43c4 100755
--- a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf
@@ -2,7 +2,7 @@
config setup
plutostart=no
- charondebug="tls 2"
+ charondebug="tls 2, tnc 3"
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf
index d388060be..998e6c2e5 100755
--- a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf
@@ -2,7 +2,7 @@
config setup
plutostart=no
- charondebug="tls 2"
+ charondebug="tls 2, tnc 3"
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf
index 4676fac66..834c9037c 100755
--- a/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf
@@ -2,7 +2,7 @@
config setup
plutostart=no
- charondebug="tls 2"
+ charondebug="tls 2, tnc 3"
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf
index 49a18ef02..836965aac 100755
--- a/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf
@@ -2,7 +2,7 @@
config setup
plutostart=no
- charondebug="tls 2"
+ charondebug="tls 2, tnc 3"
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf
index e9517cde7..50514c99f 100755
--- a/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf
@@ -3,6 +3,7 @@
config setup
strictcrlpolicy=no
plutostart=no
+ charondebug="tls 2, tnc 3"
conn %default
ikelifetime=60m
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 04:52:01 +0000