diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2008-07-23 18:46:34 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2008-07-23 18:46:34 +0000 |
| commit | f6facbe75cf25fff69952dd63a86b72e8d269a7f (patch) | |
| tree | ef5aeaa3ae55e5c93941224cc1c5db27f8d95d3f /src/charon/sa/tasks | |
| parent | a01ad993411a729544447b5f9f83f60133c84b09 (diff) | |
| download | strongswan-f6facbe75cf25fff69952dd63a86b72e8d269a7f.tar.bz2 strongswan-f6facbe75cf25fff69952dd63a86b72e8d269a7f.tar.xz | |
completed IKE_SA logging at the AUDIT level
Diffstat (limited to 'src/charon/sa/tasks')
| -rw-r--r-- | src/charon/sa/tasks/ike_delete.c | 31 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_reauth.c | 3 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_rekey.c | 17 |
3 files changed, 43 insertions, 8 deletions
diff --git a/src/charon/sa/tasks/ike_delete.c b/src/charon/sa/tasks/ike_delete.c index 67dddb01d..d68532041 100644 --- a/src/charon/sa/tasks/ike_delete.c +++ b/src/charon/sa/tasks/ike_delete.c @@ -56,13 +56,22 @@ static status_t build_i(private_ike_delete_t *this, message_t *message) { delete_payload_t *delete_payload; + SIG_IKE(DOWN_START, "deleting IKE_SA %s[%d] between %H[%D]...%H[%D]", + this->ike_sa->get_name(this->ike_sa), + this->ike_sa->get_unique_id(this->ike_sa), + this->ike_sa->get_my_host(this->ike_sa), + this->ike_sa->get_my_id(this->ike_sa), + this->ike_sa->get_other_host(this->ike_sa), + this->ike_sa->get_other_id(this->ike_sa)); + delete_payload = delete_payload_create(PROTO_IKE); message->add_payload(message, (payload_t*)delete_payload); - this->ike_sa->set_state(this->ike_sa, IKE_DELETING); + DBG1(DBG_IKE, "sending DELETE for IKE_SA %s[%d]", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_unique_id(this->ike_sa)); + return NEED_MORE; } @@ -76,18 +85,26 @@ static status_t process_i(private_ike_delete_t *this, message_t *message) } /** - * Implementation of task_t.process for initiator + * Implementation of task_t.process for responder */ static status_t process_r(private_ike_delete_t *this, message_t *message) { /* we don't even scan the payloads, as the message wouldn't have * come so far without being correct */ + DBG1(DBG_IKE, "received DELETE for IKE_SA %s[%d]", + this->ike_sa->get_name(this->ike_sa), + this->ike_sa->get_unique_id(this->ike_sa)); + SIG_IKE(DOWN_START, "deleting IKE_SA %s[%d] between %H[%D]...%H[%D]", + this->ike_sa->get_name(this->ike_sa), + this->ike_sa->get_unique_id(this->ike_sa), + this->ike_sa->get_my_host(this->ike_sa), + this->ike_sa->get_my_id(this->ike_sa), + this->ike_sa->get_other_host(this->ike_sa), + this->ike_sa->get_other_id(this->ike_sa)); + switch (this->ike_sa->get_state(this->ike_sa)) { case IKE_ESTABLISHED: - DBG1(DBG_IKE, "received DELETE for IKE_SA %s[%d]", - this->ike_sa->get_name(this->ike_sa), - this->ike_sa->get_unique_id(this->ike_sa)); this->ike_sa->set_state(this->ike_sa, IKE_DELETING); this->ike_sa->reestablish(this->ike_sa); break; @@ -106,9 +123,11 @@ static status_t process_r(private_ike_delete_t *this, message_t *message) */ static status_t build_r(private_ike_delete_t *this, message_t *message) { + SIG_IKE(DOWN_SUCCESS, "IKE_SA deleted"); + if (this->simultaneous) { - /* wait for peers response for our delete request, but set a timeout */ + /* wait for peer's response for our delete request, but set a timeout */ return SUCCESS; } /* completed, delete IKE_SA by returning FAILED */ diff --git a/src/charon/sa/tasks/ike_reauth.c b/src/charon/sa/tasks/ike_reauth.c index 849e42ea9..30de16c3f 100644 --- a/src/charon/sa/tasks/ike_reauth.c +++ b/src/charon/sa/tasks/ike_reauth.c @@ -65,7 +65,8 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) /* process delete response first */ this->ike_delete->task.process(&this->ike_delete->task, message); - + SIG_IKE(DOWN_SUCCESS, "IKE_SA deleted"); + peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); /* reauthenticate only if we have children */ diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/charon/sa/tasks/ike_rekey.c index 175ffcf08..4a13f3017 100644 --- a/src/charon/sa/tasks/ike_rekey.c +++ b/src/charon/sa/tasks/ike_rekey.c @@ -90,7 +90,7 @@ static status_t build_i(private_ike_rekey_t *this, message_t *message) } /** - * Implementation of task_t.process for initiator + * Implementation of task_t.process for responder */ static status_t process_r(private_ike_rekey_t *this, message_t *message) { @@ -152,6 +152,13 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message) this->ike_sa->set_state(this->ike_sa, IKE_REKEYING); this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED); + SIG_IKE(UP_SUCCESS, "IKE_SA %s[%d] established between %H[%D]...%H[%D]", + this->new_sa->get_name(this->new_sa), + this->new_sa->get_unique_id(this->new_sa), + this->ike_sa->get_my_host(this->ike_sa), + this->ike_sa->get_my_id(this->ike_sa), + this->ike_sa->get_other_host(this->ike_sa), + this->ike_sa->get_other_id(this->ike_sa)); return SUCCESS; } @@ -191,6 +198,14 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) } this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED); + SIG_IKE(UP_SUCCESS, "IKE_SA %s[%d] established between %H[%D]...%H[%D]", + this->new_sa->get_name(this->new_sa), + this->new_sa->get_unique_id(this->new_sa), + this->ike_sa->get_my_host(this->ike_sa), + this->ike_sa->get_my_id(this->ike_sa), + this->ike_sa->get_other_host(this->ike_sa), + this->ike_sa->get_other_id(this->ike_sa)); + to_delete = this->ike_sa->get_id(this->ike_sa); /* check for collisions */ |