added IETF standard error handling method

6 files changed, 85 insertions, 137 deletions

diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c
index f8d3b9d0e..b5df0a5b5 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.c
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.c
@@ -311,6 +311,63 @@ err:
 	return VERIFY_ERROR;
 }
 
+METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
+	private_pa_tnc_msg_t *this)
+{
+	enumerator_t *enumerator;
+	pa_tnc_attr_t *attr;
+	bool fatal_error = FALSE;
+
+	enumerator = this->attributes->create_enumerator(this->attributes);
+	while (enumerator->enumerate(enumerator, &attr))
+	{
+		if (attr->get_vendor_id(attr) == PEN_IETF &&
+			attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
+		{
+			ietf_attr_pa_tnc_error_t *error_attr;
+			pen_t error_vendor_id;
+			pa_tnc_error_code_t error_code;
+			chunk_t msg_info, attr_info;
+			u_int32_t offset;
+
+			error_attr = (ietf_attr_pa_tnc_error_t*)attr;
+			error_vendor_id = error_attr->get_vendor_id(error_attr);
+			error_code = error_attr->get_error_code(error_attr);
+			msg_info = error_attr->get_msg_info(error_attr);
+
+			/* skip errors from non-IETF namespaces */
+			if (error_vendor_id != PEN_IETF)
+			{
+				continue;
+			}
+			DBG1(DBG_IMC, "received PA-TNC error '%N' concerning message "
+				 "0x%08x/0x%08x", pa_tnc_error_code_names, error_code,
+				 untoh32(msg_info.ptr), untoh32(msg_info.ptr + 4));
+
+			switch (error_code)
+			{
+				case PA_ERROR_INVALID_PARAMETER:
+					offset = error_attr->get_offset(error_attr);
+					DBG1(DBG_IMC, "  occurred at offset of %u bytes", offset);
+					break;
+				case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
+					attr_info = error_attr->get_attr_info(error_attr);
+					DBG1(DBG_IMC, "  unsupported attribute %#B", &attr_info);
+					break;
+				default:
+					break;
+			}
+
+			/* remove the processed IETF standard error attribute */
+			this->attributes->remove_at(this->attributes, enumerator);
+			fatal_error = TRUE;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	return fatal_error;
+}
+
 METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
 	private_pa_tnc_msg_t *this)
 {
@@ -347,6 +404,7 @@ pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
 			.add_attribute = _add_attribute,
 			.build = _build,
 			.process = _process,
+			.process_ietf_std_errors = _process_ietf_std_errors,
 			.create_attribute_enumerator = _create_attribute_enumerator,
 			.create_error_enumerator = _create_error_enumerator,
 			.destroy = _destroy,
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.h b/src/libimcv/pa_tnc/pa_tnc_msg.h
index bff954678..c3ce829d5 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.h
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.h
@@ -62,6 +62,13 @@ struct pa_tnc_msg_t {
 	status_t (*process)(pa_tnc_msg_t *this);
 
 	/**
+	 * Process and remove all IETF standard error PA-TNC attributes
+	 *
+	 * @return					TRUE if at least one error attribute processed
+	 */
+	bool (*process_ietf_std_errors)(pa_tnc_msg_t *this);
+
+	/**
 	 * Enumerates over all PA-TNC attributes
 	 *
 	 * @return				return attribute enumerator
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index 4cdf2bdb6..a54aafecd 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -270,9 +270,8 @@ static TNC_Result receive_message(TNC_IMCID imc_id,
 	pa_tnc_msg_t *pa_tnc_msg;
 	pa_tnc_attr_t *attr;
 	imc_state_t *state;
-	enumerator_t *enumerator;
 	TNC_Result result;
-	bool fatal_error = FALSE;
+	bool fatal_error;
 
 	if (!imc_scanner)
 	{
@@ -296,43 +295,8 @@ static TNC_Result receive_message(TNC_IMCID imc_id,
 		return result;
 	}
 
-	/* analyze PA-TNC attributes */
-	enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
-	while (enumerator->enumerate(enumerator, &attr))
-	{
-		ietf_attr_pa_tnc_error_t *error_attr;
-		pa_tnc_error_code_t error_code;
-		chunk_t msg_info, attr_info;
-		u_int32_t offset;
-
-		if (attr->get_vendor_id(attr) != PEN_IETF &&
-			attr->get_type(attr) != IETF_ATTR_PA_TNC_ERROR)
-		{
-			continue;
-		}
-
-		error_attr = (ietf_attr_pa_tnc_error_t*)attr;
-		error_code = error_attr->get_error_code(error_attr);
-		msg_info = error_attr->get_msg_info(error_attr);
-		DBG1(DBG_IMC, "received PA-TNC error '%N' concerning message %#B",
-			 pa_tnc_error_code_names, error_code, &msg_info);
-
-		switch (error_code)
-		{
-			case PA_ERROR_INVALID_PARAMETER:
-				offset = error_attr->get_offset(error_attr);
-				DBG1(DBG_IMC, "  occurred at offset of %u bytes", offset);
-				break;
-			case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
-				attr_info = error_attr->get_attr_info(error_attr);
-				DBG1(DBG_IMC, "  unsupported attribute %#B", &attr_info);
-				break;
-			default:
-				break;
-		}
-		fatal_error = TRUE;
-	}
-	enumerator->destroy(enumerator);
+	/* preprocess any IETF standard error attributes */
+	fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
 	pa_tnc_msg->destroy(pa_tnc_msg);
 
 	/* if no error occurred then always return the same response */
diff --git a/src/libimcv/plugins/imc_test/imc_test.c b/src/libimcv/plugins/imc_test/imc_test.c
index 732a625d4..b7858c5e7 100644
--- a/src/libimcv/plugins/imc_test/imc_test.c
+++ b/src/libimcv/plugins/imc_test/imc_test.c
@@ -279,41 +279,15 @@ static TNC_Result receive_message(TNC_IMCID imc_id,
 		return result;
 	}
 
+	/* preprocess any IETF standard error attributes */
+	fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
+
 	/* analyze PA-TNC attributes */
 	enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
 	while (enumerator->enumerate(enumerator, &attr))
 	{
-		if (attr->get_vendor_id(attr) == PEN_IETF &&
-			attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
-		{
-			ietf_attr_pa_tnc_error_t *error_attr;
-			pa_tnc_error_code_t error_code;
-			chunk_t msg_info, attr_info;
-			u_int32_t offset;
-
-			error_attr = (ietf_attr_pa_tnc_error_t*)attr;
-			error_code = error_attr->get_error_code(error_attr);
-			msg_info = error_attr->get_msg_info(error_attr);
-
-			DBG1(DBG_IMC, "received PA-TNC error '%N' concerning message %#B",
-				 pa_tnc_error_code_names, error_code, &msg_info);
-			switch (error_code)
-			{
-				case PA_ERROR_INVALID_PARAMETER:
-					offset = error_attr->get_offset(error_attr);
-					DBG1(DBG_IMC, "  occurred at offset of %u bytes", offset);
-					break;
-				case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
-					attr_info = error_attr->get_attr_info(error_attr);
-					DBG1(DBG_IMC, "  unsupported attribute %#B", &attr_info);
-					break;
-				default:
-					break;
-			}
-			fatal_error = TRUE;
-		}
-		else if (attr->get_vendor_id(attr) == PEN_ITA &&
-				 attr->get_type(attr) == ITA_ATTR_COMMAND)
+		if (attr->get_vendor_id(attr) == PEN_ITA &&
+			attr->get_type(attr) == ITA_ATTR_COMMAND)
 		{
 			ita_attr_command_t *ita_attr;
 			char *command;
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner.c b/src/libimcv/plugins/imv_scanner/imv_scanner.c
index 0b2187a24..845511555 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner.c
@@ -189,7 +189,7 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
 	imv_state_t *state;
 	enumerator_t *enumerator;
 	TNC_Result result;
-	bool fatal_error = FALSE;
+	bool fatal_error;
 
 	if (!imv_scanner)
 	{
@@ -213,44 +213,15 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
 		return result;
 	}
 
+	/* preprocess any IETF standard error attributes */
+	fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
+
 	/* analyze PA-TNC attributes */
 	enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
 	while (enumerator->enumerate(enumerator, &attr))
 	{
-		if (attr->get_vendor_id(attr) != PEN_IETF)
-		{
-			continue;
-		}
-
-		if (attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
-		{
-			ietf_attr_pa_tnc_error_t *error_attr;
-			pa_tnc_error_code_t error_code;
-			chunk_t msg_info, attr_info;
-			u_int32_t offset;
-
-			error_attr = (ietf_attr_pa_tnc_error_t*)attr;
-			error_code = error_attr->get_error_code(error_attr);
-			msg_info = error_attr->get_msg_info(error_attr);
-			DBG1(DBG_IMV, "received PA-TNC error '%N' concerning message %#B",
-				 pa_tnc_error_code_names, error_code, &msg_info);
-
-			switch (error_code)
-			{
-				case PA_ERROR_INVALID_PARAMETER:
-					offset = error_attr->get_offset(error_attr);
-					DBG1(DBG_IMV, "  occurred at offset of %u bytes", offset);
-					break;
-				case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
-					attr_info = error_attr->get_attr_info(error_attr);
-					DBG1(DBG_IMV, "  unsupported attribute %#B", &attr_info);
-					break;
-				default:
-					break;
-			}
-			fatal_error = TRUE;
-		}
-		else if (attr->get_type(attr) == IETF_ATTR_PORT_FILTER)
+		if (attr->get_vendor_id(attr) == PEN_IETF &&
+			attr->get_type(attr) == IETF_ATTR_PORT_FILTER)
 		{
 			ietf_attr_port_filter_t *attr_port_filter;
 			enumerator_t *enumerator;
diff --git a/src/libimcv/plugins/imv_test/imv_test.c b/src/libimcv/plugins/imv_test/imv_test.c
index d19c7c04c..be5aa98a6 100644
--- a/src/libimcv/plugins/imv_test/imv_test.c
+++ b/src/libimcv/plugins/imv_test/imv_test.c
@@ -140,7 +140,7 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
 	imv_test_state_t *imv_test_state;
 	enumerator_t *enumerator;
 	TNC_Result result;
-	bool fatal_error = FALSE, retry = FALSE;
+	bool fatal_error, retry = FALSE;
 
 	if (!imv_test)
 	{
@@ -164,41 +164,15 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
 		return result;
 	}
 
+	/* preprocess any IETF standard error attributes */
+	fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
+
 	/* analyze PA-TNC attributes */
 	enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
 	while (enumerator->enumerate(enumerator, &attr))
 	{
-		if (attr->get_vendor_id(attr) == PEN_IETF &&
-			attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
-		{
-			ietf_attr_pa_tnc_error_t *error_attr;
-			pa_tnc_error_code_t error_code;
-			chunk_t msg_info, attr_info;
-			u_int32_t offset;
-
-			error_attr = (ietf_attr_pa_tnc_error_t*)attr;
-			error_code = error_attr->get_error_code(error_attr);
-			msg_info = error_attr->get_msg_info(error_attr);
-
-			DBG1(DBG_IMV, "received PA-TNC error '%N' concerning message %#B",
-				 pa_tnc_error_code_names, error_code, &msg_info);
-			switch (error_code)
-			{
-				case PA_ERROR_INVALID_PARAMETER:
-					offset = error_attr->get_offset(error_attr);
-					DBG1(DBG_IMV, "  occurred at offset of %u bytes", offset);
-					break;
-				case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
-					attr_info = error_attr->get_attr_info(error_attr);
-					DBG1(DBG_IMV, "  unsupported attribute %#B", &attr_info);
-					break;
-				default:
-					break;
-			}
-			fatal_error = TRUE;
-		}
-		else if (attr->get_vendor_id(attr) == PEN_ITA &&
-				 attr->get_type(attr) == ITA_ATTR_COMMAND)
+		if (attr->get_vendor_id(attr) == PEN_ITA &&
+			attr->get_type(attr) == ITA_ATTR_COMMAND)
 		{
 			ita_attr_command_t *ita_attr;
 			char *command;