- rewrite of logger_manager, uses now one instance per context

- cleanups for logger here and there
- removed critical flag check in payload verification (conformance to IKEv2)
- so thats and theres everywere... ;-)

5 files changed, 25 insertions, 39 deletions

diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c
index 3fedf431c..eecfaab1e 100644
--- a/Source/charon/sa/states/ike_auth_requested.c
+++ b/Source/charon/sa/states/ike_auth_requested.c
@@ -512,15 +512,8 @@ static status_t process_notify_payload(private_ike_auth_requested_t *this, notif
 {
 	notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload);
 	
-	this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s",
-							  mapping_find(notify_message_type_m, notify_message_type),
-							  mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload)));
-							  
-	if (notify_payload->get_protocol_id(notify_payload) != IKE)
-	{
-		this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a notify for an invalid protocol. Deleting IKE_SA");
-		return DELETE_ME;
-	}
+	this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s",
+							  mapping_find(notify_message_type_m, notify_message_type));
 	
 	switch (notify_message_type)
 	{
diff --git a/Source/charon/sa/states/ike_sa_established.c b/Source/charon/sa/states/ike_sa_established.c
index 976ed7688..37b69c29c 100644
--- a/Source/charon/sa/states/ike_sa_established.c
+++ b/Source/charon/sa/states/ike_sa_established.c
@@ -151,7 +151,7 @@ static status_t process_message(private_ike_sa_established_t *this, message_t *m
 	
 	if (delete_request)
 	{	
-		if (delete_request->get_protocol_id(delete_request) == IKE)
+		if (delete_request->get_protocol_id(delete_request) == PROTO_IKE)
 		{
 			this->logger->log(this->logger, AUDIT, "DELETE request for IKE_SA received");
 			response->destroy(response);
diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index 0c4b6b690..904dadf05 100644
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -294,8 +294,9 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 				if (status != SUCCESS)
 				{
 					payloads->destroy(payloads);
-					return status;	
+					return status;
 				}
+				break;
 			}
 			default:
 			{
@@ -537,11 +538,6 @@ static status_t build_sa_payload (private_ike_sa_init_requested_t *this, message
 		return DELETE_ME;
 	}
 	
-	/* TODO:
-	 * Huston, we've got a problem here. Since SPIs are stored in
-	 * the proposal, and these proposals are shared across configs,
-	 * there may be some threading issues... fix it!
-	 */
 	sa_payload = sa_payload_create_from_proposal_list(proposal_list);
 
 	this->logger->log(this->logger, CONTROL|LEVEL2, "Add SA payload to message");
@@ -595,15 +591,9 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no
 {
 	notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload);
 	
-	this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s",
-						  mapping_find(notify_message_type_m, notify_message_type),
-						  mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload)));
-								  
-	if (notify_payload->get_protocol_id(notify_payload) != IKE)
-	{
-		this->logger->log(this->logger, ERROR | LEVEL1, "Notify reply not for IKE protocol.");
-		return FAILED;	
-	}
+	this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s",
+					  mapping_find(notify_message_type_m, notify_message_type));
+	
 	switch (notify_message_type)
 	{
 		case NO_PROPOSAL_CHOSEN:
@@ -620,16 +610,24 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no
 		{
 			initiator_init_t *initiator_init_state;
 			chunk_t notify_data;
-			diffie_hellman_group_t dh_group;
+			diffie_hellman_group_t dh_group, old_dh_group;
 			connection_t *connection;
 			
+			connection = this->ike_sa->get_connection(this->ike_sa);
+			old_dh_group = connection->get_dh_group(connection);
 			notify_data = notify_payload->get_notification_data(notify_payload);
 			dh_group = ntohs(*((u_int16_t*)notify_data.ptr));
 			
-			this->logger->log(this->logger, ERROR|LEVEL1, "Peer wouldn't accept DH group, it requested %s!",
+			/* TODO:
+			 * We are very restrictive here: If the other didn't accept
+			 * our DH group, and we do not accept his offer, continuation
+			 * is cancelled...
+			 */
+			
+			this->logger->log(this->logger, AUDIT, "Peer didn't accept %s, it requested %s!",
+							  mapping_find(diffie_hellman_group_m, old_dh_group),
 							  mapping_find(diffie_hellman_group_m, dh_group));
 			/* check if we can accept this dh group */
-			connection = this->ike_sa->get_connection(this->ike_sa);
 			if (!connection->check_dh_group(connection, dh_group))
 			{
 				this->logger->log(this->logger, AUDIT, 
@@ -649,9 +647,6 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no
 			this->ike_sa->set_new_state(this->ike_sa,(state_t *) initiator_init_state);
 
 			/* state has NOW changed :-) */
-			this->logger->log(this->logger, CONTROL|LEVEL1, "Changed state of IKE_SA from %s to %s", 
-								mapping_find(ike_sa_state_m,INITIATOR_INIT), mapping_find(ike_sa_state_m,IKE_SA_INIT_REQUESTED));
-
 			this->logger->log(this->logger, CONTROL|LEVEL2, "Destroy old sate object");
 			this->logger->log(this->logger, CONTROL|LEVEL2, "Going to retry initialization of connection");
 			
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index 751f13517..da3b68ce6 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -572,9 +572,8 @@ static status_t process_notify_payload(private_ike_sa_init_responded_t *this, no
 {
 	notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload);
 	
-	this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s",
-					  mapping_find(notify_message_type_m, notify_message_type),
-					  mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload)));
+	this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s",
+					  mapping_find(notify_message_type_m, notify_message_type));
 					  
 	switch (notify_message_type)
 	{
diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c
index 6db0a662c..a1d951b5f 100644
--- a/Source/charon/sa/states/responder_init.c
+++ b/Source/charon/sa/states/responder_init.c
@@ -344,7 +344,7 @@ static status_t build_sa_payload(private_responder_init_t *this,sa_payload_t *sa
 		return DELETE_ME;
 	}
 	/* get selected DH group to force policy, this is very restrictive!? */
-	this->proposal->get_algorithm(this->proposal, IKE, DIFFIE_HELLMAN_GROUP, &algo);
+	this->proposal->get_algorithm(this->proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, &algo);
 	this->dh_group_number = algo->algorithm;
 	
 	this->logger->log(this->logger, CONTROL | LEVEL2, "SA Payload processed");
@@ -458,11 +458,10 @@ static status_t process_notify_payload(private_responder_init_t *this, notify_pa
 {
 	notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload);
 	
-	this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s",
-						  mapping_find(notify_message_type_m, notify_message_type),
-						  mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload)));
+	this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s",
+						  mapping_find(notify_message_type_m, notify_message_type));
 								  
-	if (notify_payload->get_protocol_id(notify_payload) != IKE)
+	if (notify_payload->get_protocol_id(notify_payload) != PROTO_IKE)
 	{
 		this->logger->log(this->logger, ERROR | LEVEL1, "Notify reply not for IKE protocol.");
 		return FAILED;