diff options
author | Martin Willi <martin@strongswan.org> | 2006-03-23 15:25:43 +0000 |
---|---|---|
committer | Martin Willi <martin@strongswan.org> | 2006-03-23 15:25:43 +0000 |
commit | dec598220b9a293c4ec75e593ab642a8945fa4fc (patch) | |
tree | a97247afbdb29e2b071933f8c9667a7ffa03cca3 /Source/charon/sa/states | |
parent | 3264ce50b912f2aba09d2d8e7ee7ed9d364d9e46 (diff) | |
download | strongswan-dec598220b9a293c4ec75e593ab642a8945fa4fc.tar.bz2 strongswan-dec598220b9a293c4ec75e593ab642a8945fa4fc.tar.xz |
- rewrite of logger_manager, uses now one instance per context
- cleanups for logger here and there
- removed critical flag check in payload verification (conformance to IKEv2)
- so thats and theres everywere... ;-)
Diffstat (limited to 'Source/charon/sa/states')
-rw-r--r-- | Source/charon/sa/states/ike_auth_requested.c | 11 | ||||
-rw-r--r-- | Source/charon/sa/states/ike_sa_established.c | 2 | ||||
-rw-r--r-- | Source/charon/sa/states/ike_sa_init_requested.c | 37 | ||||
-rw-r--r-- | Source/charon/sa/states/ike_sa_init_responded.c | 5 | ||||
-rw-r--r-- | Source/charon/sa/states/responder_init.c | 9 |
5 files changed, 25 insertions, 39 deletions
diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c index 3fedf431c..eecfaab1e 100644 --- a/Source/charon/sa/states/ike_auth_requested.c +++ b/Source/charon/sa/states/ike_auth_requested.c @@ -512,15 +512,8 @@ static status_t process_notify_payload(private_ike_auth_requested_t *this, notif { notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload); - this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s", - mapping_find(notify_message_type_m, notify_message_type), - mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload))); - - if (notify_payload->get_protocol_id(notify_payload) != IKE) - { - this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a notify for an invalid protocol. Deleting IKE_SA"); - return DELETE_ME; - } + this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s", + mapping_find(notify_message_type_m, notify_message_type)); switch (notify_message_type) { diff --git a/Source/charon/sa/states/ike_sa_established.c b/Source/charon/sa/states/ike_sa_established.c index 976ed7688..37b69c29c 100644 --- a/Source/charon/sa/states/ike_sa_established.c +++ b/Source/charon/sa/states/ike_sa_established.c @@ -151,7 +151,7 @@ static status_t process_message(private_ike_sa_established_t *this, message_t *m if (delete_request) { - if (delete_request->get_protocol_id(delete_request) == IKE) + if (delete_request->get_protocol_id(delete_request) == PROTO_IKE) { this->logger->log(this->logger, AUDIT, "DELETE request for IKE_SA received"); response->destroy(response); diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index 0c4b6b690..904dadf05 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -294,8 +294,9 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t if (status != SUCCESS) { payloads->destroy(payloads); - return status; + return status; } + break; } default: { @@ -537,11 +538,6 @@ static status_t build_sa_payload (private_ike_sa_init_requested_t *this, message return DELETE_ME; } - /* TODO: - * Huston, we've got a problem here. Since SPIs are stored in - * the proposal, and these proposals are shared across configs, - * there may be some threading issues... fix it! - */ sa_payload = sa_payload_create_from_proposal_list(proposal_list); this->logger->log(this->logger, CONTROL|LEVEL2, "Add SA payload to message"); @@ -595,15 +591,9 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no { notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload); - this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s", - mapping_find(notify_message_type_m, notify_message_type), - mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload))); - - if (notify_payload->get_protocol_id(notify_payload) != IKE) - { - this->logger->log(this->logger, ERROR | LEVEL1, "Notify reply not for IKE protocol."); - return FAILED; - } + this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s", + mapping_find(notify_message_type_m, notify_message_type)); + switch (notify_message_type) { case NO_PROPOSAL_CHOSEN: @@ -620,16 +610,24 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no { initiator_init_t *initiator_init_state; chunk_t notify_data; - diffie_hellman_group_t dh_group; + diffie_hellman_group_t dh_group, old_dh_group; connection_t *connection; + connection = this->ike_sa->get_connection(this->ike_sa); + old_dh_group = connection->get_dh_group(connection); notify_data = notify_payload->get_notification_data(notify_payload); dh_group = ntohs(*((u_int16_t*)notify_data.ptr)); - this->logger->log(this->logger, ERROR|LEVEL1, "Peer wouldn't accept DH group, it requested %s!", + /* TODO: + * We are very restrictive here: If the other didn't accept + * our DH group, and we do not accept his offer, continuation + * is cancelled... + */ + + this->logger->log(this->logger, AUDIT, "Peer didn't accept %s, it requested %s!", + mapping_find(diffie_hellman_group_m, old_dh_group), mapping_find(diffie_hellman_group_m, dh_group)); /* check if we can accept this dh group */ - connection = this->ike_sa->get_connection(this->ike_sa); if (!connection->check_dh_group(connection, dh_group)) { this->logger->log(this->logger, AUDIT, @@ -649,9 +647,6 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no this->ike_sa->set_new_state(this->ike_sa,(state_t *) initiator_init_state); /* state has NOW changed :-) */ - this->logger->log(this->logger, CONTROL|LEVEL1, "Changed state of IKE_SA from %s to %s", - mapping_find(ike_sa_state_m,INITIATOR_INIT), mapping_find(ike_sa_state_m,IKE_SA_INIT_REQUESTED)); - this->logger->log(this->logger, CONTROL|LEVEL2, "Destroy old sate object"); this->logger->log(this->logger, CONTROL|LEVEL2, "Going to retry initialization of connection"); diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index 751f13517..da3b68ce6 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -572,9 +572,8 @@ static status_t process_notify_payload(private_ike_sa_init_responded_t *this, no { notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload); - this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s", - mapping_find(notify_message_type_m, notify_message_type), - mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload))); + this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s", + mapping_find(notify_message_type_m, notify_message_type)); switch (notify_message_type) { diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c index 6db0a662c..a1d951b5f 100644 --- a/Source/charon/sa/states/responder_init.c +++ b/Source/charon/sa/states/responder_init.c @@ -344,7 +344,7 @@ static status_t build_sa_payload(private_responder_init_t *this,sa_payload_t *sa return DELETE_ME; } /* get selected DH group to force policy, this is very restrictive!? */ - this->proposal->get_algorithm(this->proposal, IKE, DIFFIE_HELLMAN_GROUP, &algo); + this->proposal->get_algorithm(this->proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, &algo); this->dh_group_number = algo->algorithm; this->logger->log(this->logger, CONTROL | LEVEL2, "SA Payload processed"); @@ -458,11 +458,10 @@ static status_t process_notify_payload(private_responder_init_t *this, notify_pa { notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload); - this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s", - mapping_find(notify_message_type_m, notify_message_type), - mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload))); + this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s", + mapping_find(notify_message_type_m, notify_message_type)); - if (notify_payload->get_protocol_id(notify_payload) != IKE) + if (notify_payload->get_protocol_id(notify_payload) != PROTO_IKE) { this->logger->log(this->logger, ERROR | LEVEL1, "Notify reply not for IKE protocol."); return FAILED; |