display selected IKE proposal in ipsec statusall

author: Andreas Steffen <andreas.steffen@strongswan.org> 2008-06-22 11:24:33 +0000
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2008-06-22 11:24:33 +0000
commit: bc997f6583d61abff3b4db1e592fc60b8afc9110 (patch)
tree: bf41d896fedce9078e96a0283cc8a509f002efff /src
parent: ff8d906b0745c5f92c68df205e23f111cf902caa (diff)
download: strongswan-bc997f6583d61abff3b4db1e592fc60b8afc9110.tar.bz2
strongswan-bc997f6583d61abff3b4db1e592fc60b8afc9110.tar.xz
4 files changed, 87 insertions, 17 deletions
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c
index 4f0602498..bac05cf7f 100644
--- a/src/charon/plugins/stroke/stroke_list.c
+++ b/src/charon/plugins/stroke/stroke_list.c
@@ -52,7 +52,6 @@ struct private_stroke_list_t {
 static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
 {
 	ike_sa_id_t *id = ike_sa->get_id(ike_sa);
-	u_int32_t rekey, reauth;
 
 	fprintf(out, "%12s[%d]: %N, %H[%D]...%H[%D]\n",
 			ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
@@ -62,26 +61,40 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
 	
 	if (all)
 	{
+		char *ike_proposal = ike_sa->get_proposal(ike_sa);
+
 		fprintf(out, "%12s[%d]: IKE SPIs: %.16llx_i%s %.16llx_r%s",
 				ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
 				id->get_initiator_spi(id), id->is_initiator(id) ? "*" : "",
 				id->get_responder_spi(id), id->is_initiator(id) ? "" : "*");
 	
-		rekey = ike_sa->get_statistic(ike_sa, STAT_REKEY_TIME);
-		reauth = ike_sa->get_statistic(ike_sa, STAT_REAUTH_TIME);
-		if (rekey)
-		{
-			fprintf(out, ", rekeying in %V", &rekey);
-		}
-		if (reauth)
-		{
-			fprintf(out, ", reauthentication in %V", &reauth);
-		}
-		if (!rekey && !reauth)
+
+		if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED)
 		{
-			fprintf(out, ", rekeying disabled");
+			u_int32_t rekey = ike_sa->get_statistic(ike_sa, STAT_REKEY_TIME);
+			u_int32_t reauth = ike_sa->get_statistic(ike_sa, STAT_REAUTH_TIME);
+
+			if (rekey)
+			{
+				fprintf(out, ", rekeying in %V", &rekey);
+			}
+			if (reauth)
+			{
+				fprintf(out, ", reauthentication in %V", &reauth);
+			}
+			if (!rekey && !reauth)
+			{
+				fprintf(out, ", rekeying disabled");
+			}
 		}
 		fprintf(out, "\n");
+
+		if (ike_proposal)
+		{
+			fprintf(out, "%12s[%d]: IKE proposal: %s\n",
+					ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
+					ike_proposal);
+		}		
 	}
 }
 
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index 6dfc42ddc..7214a26b4 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -185,6 +185,11 @@ struct private_ike_sa_t {
 	linked_list_t *child_sas;
 	
 	/**
+	 * String describing the selected IKE proposal
+	 */
+	char *selected_proposal;
+
+	/**
 	 * crypter for inbound traffic
 	 */
 	crypter_t *crypter_in;
@@ -1728,6 +1733,23 @@ static status_t derive_keys(private_ike_sa_t *this,
 }
 
 /**
+ * Implementation of ike_sa_t.get_proposal.
+ */
+static char* get_proposal(private_ike_sa_t *this)
+{
+	return this->selected_proposal;
+}
+
+/**
+ * Implementation of ike_sa_t.set_proposal.
+ */
+static void set_proposal(private_ike_sa_t *this, char *proposal)
+{
+	free(this->selected_proposal);
+	this->selected_proposal = strdup(proposal);
+}
+
+/**
  * Implementation of ike_sa_t.add_child_sa.
  */
 static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
@@ -2395,6 +2417,7 @@ static void destroy(private_ike_sa_t *this)
 	DESTROY_IF(this->child_prf);
 	chunk_free(&this->skp_verify);
 	chunk_free(&this->skp_build);
+	free(this->selected_proposal);
 	
 	if (this->my_virtual_ip)
 	{
@@ -2495,6 +2518,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 	this->public.get_skp_verify = (chunk_t (*)(ike_sa_t *)) get_skp_verify;
 	this->public.get_skp_build = (chunk_t (*)(ike_sa_t *)) get_skp_build;
 	this->public.derive_keys = (status_t (*)(ike_sa_t *,proposal_t*,chunk_t,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
+	this->public.get_proposal = (char* (*)(ike_sa_t*)) get_proposal;
+	this->public.set_proposal = (void (*)(ike_sa_t*,char*)) set_proposal;
 	this->public.add_child_sa = (void (*)(ike_sa_t*,child_sa_t*)) add_child_sa;
 	this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
 	this->public.create_child_sa_iterator = (iterator_t* (*)(ike_sa_t*)) create_child_sa_iterator;
@@ -2534,6 +2559,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 	this->other_id = identification_create_from_encoding(ID_ANY, chunk_empty);
 	this->extensions = 0;
 	this->conditions = 0;
+	this->selected_proposal = NULL;
 	this->crypter_in = NULL;
 	this->crypter_out = NULL;
 	this->signer_in = NULL;
diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h
index 4f760b532..be50fe935 100644
--- a/src/charon/sa/ike_sa.h
+++ b/src/charon/sa/ike_sa.h
@@ -704,6 +704,21 @@ struct ike_sa_t {
 							bool initiator, prf_t *child_prf, prf_t *old_prf);
 	
 	/**
+	 * Get the selected IKE proposal string
+	 *
+	 * @return				string describing the selected IKE proposal
+	 */
+	char* (*get_proposal)(ike_sa_t *this);			
+
+	/**
+	 * Set the selected IKE proposal string for status information purposes
+	 * (the "%P" printf format handler is used)
+     *
+	 * @param proposal		string describing the selected IKE proposal
+	 */
+	void (*set_proposal)(ike_sa_t *this, char *proposal);			
+
+	/**
 	 * Get a multi purpose prf for the negotiated PRF function.
 	 * 
 	 * @return				pointer to prf_t object
diff --git a/src/charon/sa/tasks/ike_init.c b/src/charon/sa/tasks/ike_init.c
index 0bf8523c4..333404ed8 100644
--- a/src/charon/sa/tasks/ike_init.c
+++ b/src/charon/sa/tasks/ike_init.c
@@ -424,9 +424,16 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
 		message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
 		return FAILED;
 	}
-	
-	build_payloads(this, message);
 
+	/* Keep the selected IKE proposal for status information purposes */
+	{
+		char buf[BUF_LEN];
+
+		snprintf(buf, BUF_LEN, "%P", this->proposal);
+		this->ike_sa->set_proposal(this->ike_sa, buf+4);
+	}
+
+	build_payloads(this, message);
 	return SUCCESS;
 }
 
@@ -508,7 +515,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
 	if (this->proposal == NULL ||
 		this->other_nonce.len == 0 || this->my_nonce.len == 0)
 	{
-		SIG(IKE_UP_FAILED, "peers proposal selection invalid");
+		SIG(IKE_UP_FAILED, "peer's proposal selection invalid");
 		return FAILED;
 	}
 	
@@ -516,7 +523,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
 		!this->proposal->has_dh_group(this->proposal, this->dh_group) ||
 		this->dh->get_shared_secret(this->dh, &secret) != SUCCESS)
 	{
-		SIG(IKE_UP_FAILED, "peers DH group selection invalid");
+		SIG(IKE_UP_FAILED, "peer's DH group selection invalid");
 		return FAILED;
 	}
 	
@@ -548,6 +555,15 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
 		SIG(IKE_UP_FAILED, "key derivation failed");
 		return FAILED;
 	}
+
+	/* Keep the selected IKE proposal for status information purposes */
+	{
+		char buf[BUF_LEN];
+
+		snprintf(buf, BUF_LEN, "%P", this->proposal);
+		this->ike_sa->set_proposal(this->ike_sa, buf+4);
+	}
+
 	return SUCCESS;
 }
author	Andreas Steffen <andreas.steffen@strongswan.org>	2008-06-22 11:24:33 +0000
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2008-06-22 11:24:33 +0000
commit	bc997f6583d61abff3b4db1e592fc60b8afc9110 (patch)
tree	bf41d896fedce9078e96a0283cc8a509f002efff /src
parent	ff8d906b0745c5f92c68df205e23f111cf902caa (diff)
download	strongswan-bc997f6583d61abff3b4db1e592fc60b8afc9110.tar.bz2 strongswan-bc997f6583d61abff3b4db1e592fc60b8afc9110.tar.xz