diff options
26 files changed, 1300 insertions, 203 deletions
diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index 330aefcca..b8dc4d724 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -3,6 +3,10 @@ ipsec_PROGRAMS = charon charon_SOURCES = \ +bus/bus.c bus/bus.h \ +bus/listeners/stream_logger.c bus/listeners/stream_logger.h \ +bus/listeners/sys_logger.c bus/listeners/sys_logger.h \ +bus/listeners/file_logger.c bus/listeners/file_logger.h \ config/connections/connection.c config/connections/connection.h \ config/connections/local_connection_store.c config/connections/local_connection_store.h config/connections/connection_store.h \ config/policies/policy.c config/policies/policy.h \ diff --git a/src/charon/bus/bus.c b/src/charon/bus/bus.c new file mode 100644 index 000000000..1e5ff9857 --- /dev/null +++ b/src/charon/bus/bus.c @@ -0,0 +1,142 @@ +/** + * @file bus.c + * + * @brief Implementation of bus_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "bus.h" + +typedef struct private_bus_t private_bus_t; + +/** + * Private data of a bus_t object. + */ +struct private_bus_t { + /** + * Public part of a bus_t object. + */ + bus_t public; + + /** + * List of registered listeners implementing the bus_t interface + */ + linked_list_t *listeners; + + /** + * Thread local storage for a unique, simple thread ID + */ + pthread_key_t thread_id; + + /** + * Thread local storage the threads IKE_SA + */ + pthread_key_t thread_sa; + +}; + +/** + * Get a unique thread number for a calling thread. Since + * pthread_self returns large and ugly numbers, use this function + * for logging; these numbers are incremental starting at 1 + */ +static int get_thread_number(private_bus_t *this) +{ + static int current_num = 0, stored_num; + + stored_num = (int)pthread_getspecific(this->thread_id); + if (stored_num == 0) + { /* first call of current thread */ + pthread_setspecific(this->thread_id, (void*)++current_num); + return current_num; + } + else + { + return stored_num; + } +} + +/** + * Implementation of bus_t.add_listener. + */ +static void add_listener(private_bus_t *this, bus_listener_t *listener) +{ + this->listeners->insert_last(this->listeners, (void*)listener); +} + +/** + * Implementation of bus_t.set_sa. + */ +static void set_sa(private_bus_t *this, ike_sa_t *ike_sa) +{ + pthread_setspecific(this->thread_sa, ike_sa); +} + +/** + * Implementation of bus_t.signal. + */ +static void signal_(private_bus_t *this, signal_t signal, level_t condition, + char* format, ...) +{ + iterator_t *iterator; + bus_listener_t *listener; + va_list args; + ike_sa_t *ike_sa; + int thread; + + ike_sa = pthread_getspecific(this->thread_sa); + thread = get_thread_number(this); + va_start(args, format); + + iterator = this->listeners->create_iterator(this->listeners, TRUE); + while (iterator->iterate(iterator, (void**)&listener)) + { + listener->signal(listener, thread, ike_sa, + signal, condition, format, args); + } + iterator->destroy(iterator); + va_end(args); +} + +/** + * Implementation of bus_t.destroy. + */ +static void destroy(private_bus_t *this) +{ + this->listeners->destroy(this->listeners); + free(this); +} + +/* + * Described in header. + */ +bus_t *bus_create() +{ + private_bus_t *this = malloc_thing(private_bus_t); + + this->public.add_listener = (void(*)(bus_t*,bus_listener_t*))add_listener; + this->public.set_sa = (void(*)(bus_t*,ike_sa_t*))set_sa; + this->public.signal = (void(*)(bus_t*,signal_t,level_t,char*,...))signal_; + this->public.destroy = (void(*)(bus_t*)) destroy; + + this->listeners = linked_list_create(); + pthread_key_create(&this->thread_id, NULL); + pthread_key_create(&this->thread_sa, NULL); + + return &(this->public); +} diff --git a/src/charon/bus/bus.h b/src/charon/bus/bus.h new file mode 100644 index 000000000..cce1f4217 --- /dev/null +++ b/src/charon/bus/bus.h @@ -0,0 +1,232 @@ +/** + * @file bus.h + * + * @brief Interface of bus_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef BUS_H_ +#define BUS_H_ + +#include <stdarg.h> + +#include <sa/ike_sa.h> +#include <sa/child_sa.h> + + +/** + * @brief Raise a signal for an occured event. + * + * @param sig signal_t signal description + * @param level level for the signal + * @param format printf() style format string + * @param ... printf() style agument list + */ +#define SIG(sig, level, format, ...) charon->bus->signal(charon->bus, sig, level, format, ##__VA_ARGS__) + +/** + * @brief Set the IKE_SA the calling thread is using. + * + * @param ike_sa ike_sa to register, or NULL to unregister + */ +#define SIG_SA(ike_sa) charon->bus->set_sa(charon->bus, ike_sa) + +/** + * @brief Log a debug message via the signal bus. + * + * @param signal signal_t signal description + * @param format printf() style format string + * @param ... printf() style agument list + */ +#define DBG1(sig, format, ...) charon->bus->signal(charon->bus, sig, LEV_DBG1, format, ##__VA_ARGS__) +#define DBG2(sig, format, ...) charon->bus->signal(charon->bus, sig, LEV_DBG2, format, ##__VA_ARGS__) +#define DBG3(sig, format, ...) charon->bus->signal(charon->bus, sig, LEV_DBG3, format, ##__VA_ARGS__) +#define DBG4(sig, format, ...) charon->bus->signal(charon->bus, sig, LEV_DBG4, format, ##__VA_ARGS__) + + +typedef enum signal_t signal_t; + +enum signal_t { + /** an IKE_SA has been established */ + SIG_IKE_UP, + /** an IKE_SA has been closed */ + SIG_IKE_DOWN, + /** an IKE_SA has been rekeyed */ + SIG_IKE_REKEY, + /** a CHILD_SA has been installed */ + SIG_CHILD_UP, + /** a CHILD_SA has been closed */ + SIG_CHILD_DOWN, + /** a CHILD_SA has been rekeyed */ + SIG_CHILD_REKEY, + /** a CHILD_SA has been routed */ + SIG_CHILD_ROUTE, + /** a CHILD_SA has been unrouted */ + SIG_CHILD_UNROUTE, + /** a remote peer has been authenticated using RSA digital signature */ + SIG_AUTH_RSA, + /** a remote peer has been authenticated using preshared keys */ + SIG_AUTH_PSK, + + /** debugging message printed from an IKE_SA */ + SIG_DBG_IKE, + /** debugging message printed from a CHILD_SA */ + SIG_DBG_CHD, + /** debugging message printed from job processing */ + SIG_DBG_JOB, + /** debugging message printed from configuration backends */ + SIG_DBG_CFG, + /** debugging message printed from kernel interface */ + SIG_DBG_KNL, + /** debugging message printed from networking */ + SIG_DBG_NET, + /** debugging message printed from message encoding/decoding */ + SIG_DBG_ENC, + + SIG_MAX, +}; + +typedef enum level_t level_t; + +enum level_t { + /** Signal indicates something has failed */ + LEV_FAILED, + /** Signal indicates something was successful */ + LEV_SUCCESS, + /** Debug level 1, control flow messages */ + LEV_DBG1, + /** Debug level 2, more detail informational messages */ + LEV_DBG2, + /** Debug level 3, RAW data output */ + LEV_DBG3, + /** Debug level 4, RAW data with sensitive (private) data */ + LEV_DBG4, +}; + +typedef struct bus_listener_t bus_listener_t; + +/** + * @brief Interface for registering at the signal bus. + * + * To receive signals from the bus, the client implementing the + * bus_listener_t interface registers itself at the signal bus. + * + * @ingroup bus + */ +struct bus_listener_t { + + /** + * @brief Send a signal to a bus listener. + * + * A numerical identification for the thread is included, as the + * associated IKE_SA, if any. Signal specifies the type of + * the event occured, with a verbosity level. The format string specifies + * an additional informational or error message with a printf() like + * variable argument list. This is in the va_list form, as forwarding + * a "..." parameters to functions is not (cleanly) possible. + * + * @param this listener + * @param thread ID of the thread raised this signal + * @param ike_sa IKE_SA associated to the event + * @param singal kind of the signal (up, down, rekeyed, ...) + * @param level level for signal + * @param format printf() style format string + * @param args vprintf() style va_list argument list + */ + void (*signal) (bus_listener_t *this, int thread, ike_sa_t *ike_sa, + signal_t signal, level_t level, char* format, va_list args); +}; + + +typedef struct bus_t bus_t; + +/** + * @brief Signal bus which sends signals to registered listeners. + * + * The signal bus is not much more than a multiplexer. A listener interested + * in receiving event signals registers at the bus. Any signals sent to + * are delivered to all registered listeners. + * + * + * @ingroup bus + */ +struct bus_t { + + /** + * @brief Register a listener to the bus. + * + * A registered listener receives all signals which are sent to the bus. + * + * @param this bus + * @param listener listener to register. + */ + void (*add_listener) (bus_t *this, bus_listener_t *listener); + + /** + * @brief Set the IKE_SA the calling thread is using. + * + * To associate an received signal to an IKE_SA without passing it as + * parameter each time, the thread registers it's used IKE_SA each + * time it checked it out. Before checking it in, the thread unregisters + * the IKE_SA (by passing NULL). This IKE_SA is stored per-thread, so each + * thread has one IKE_SA registered (or not). + * There is a macro to simplify the call. + * @see SIG_SA() + * + * @param this bus + * @param ike_sa ike_sa to register, or NULL to unregister + */ + void (*set_sa) (bus_t *this, ike_sa_t *ike_sa); + + /** + * @brief Send a signal to the bus. + * + * A signal may belong to an IKE_SA and a CHILD_SA. If so, these + * are supplied to the signal function. The signal specifies the type of + * the event occured. The format string specifies an additional + * informational or error message with a printf() like variable argument + * list. + * Some useful macros may be available to shorten this call. + * @see SIG(), DBG1() + * + * @param this bus + * @param singal kind of the signal (up, down, rekeyed, ...) + * @param level status level of the signal to send + * @param format printf() style format string + * @param ... printf() style argument list + */ + void (*signal) (bus_t *this, signal_t signal, level_t level, char* format, ...); + + /** + * @brief Destroy the signal bus. + * + * @param this bus to destroy + */ + void (*destroy) (bus_t *this); +}; + +/** + * @brief Create the signal bus which multiplexes signals to its listeners. + * + * @return signal bus instance + * + * @ingroup bus + */ +bus_t *bus_create(); + +#endif /* BUS_H_ */ diff --git a/src/charon/bus/listeners/file_logger.c b/src/charon/bus/listeners/file_logger.c new file mode 100644 index 000000000..4a2fe4b9e --- /dev/null +++ b/src/charon/bus/listeners/file_logger.c @@ -0,0 +1,179 @@ +/** + * @file file_logger.c + * + * @brief Implementation of file_logger_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/* for fmemopen() */ +#define _GNU_SOURCE +#include <stdio.h> +#include <string.h> + +#include "file_logger.h" + +#include <bus/listeners/stream_logger.h> + + +typedef struct private_file_logger_t private_file_logger_t; + +/** + * Private data of a file_logger_t object + */ +struct private_file_logger_t { + + /** + * Public data. + */ + file_logger_t public; + + /** + * output file + */ + FILE *out; + + /** + * Internal used stream logger that does the dirty work + */ + stream_logger_t *logger; + + /** + * Memory stream used for stream_logger + */ + FILE *stream; + + /** + * Underlying buffer for stream + */ + char buffer[4096]; +}; + + +/** + * Implementation of bus_listener_t.signal. + */ +static void signal_(private_file_logger_t *this, int thread, ike_sa_t* ike_sa, + signal_t signal, level_t level, + char *format, va_list args) +{ + char line[512]; + char *prefix; + FILE *reader; + + switch (signal) + { + case SIG_IKE_UP: + case SIG_IKE_DOWN: + case SIG_IKE_REKEY: + case SIG_DBG_IKE: + prefix = "IKE"; + break; + case SIG_DBG_CHD: + prefix = "CHD"; + break; + case SIG_DBG_JOB: + prefix = "JOG"; + break; + case SIG_DBG_CFG: + prefix = "CFG"; + break; + case SIG_DBG_KNL: + prefix = "KNL"; + break; + case SIG_DBG_NET: + prefix = "NET"; + break; + case SIG_DBG_ENC: + prefix = "ENC"; + break; + default: + prefix = "???"; + break; + } + + flockfile(this->stream); + /* reset memory stream */ + rewind(this->stream); + memset(this->buffer, '\0', sizeof(this->buffer)); + /* log to memstream */ + this->logger->listener.signal(&this->logger->listener, thread, ike_sa, + signal, level, format, args); + /* flush is needed to append a '\0' */ + fflush(this->stream); + + /* create a reader stream that reads out line by line */ + reader = fmemopen(this->buffer, sizeof(this->buffer), "r"); + + while (fgets(line, sizeof(line), reader)) + { + if (line[0] == '\0') + { + /* abort on EOF */ + break; + } + else if (line[0] != '\n') + { + fprintf(this->out, "%.2d[%s] %s", thread, prefix, line); + } + } + fclose(reader); + funlockfile(this->stream); +} + +/** + * Implementation of file_logger_t.set_level. + */ +static void set_level(private_file_logger_t *this, signal_t signal, level_t max) +{ + this->logger->set_level(this->logger, signal, max); +} + +/** + * Implementation of file_logger_t.destroy. + */ +static void destroy(private_file_logger_t *this) +{ + fclose(this->stream); + this->logger->destroy(this->logger); + free(this); +} + +/* + * Described in header. + */ +file_logger_t *file_logger_create(FILE *out) +{ + private_file_logger_t *this = malloc_thing(private_file_logger_t); + + /* public functions */ + this->public.listener.signal = (void(*)(bus_listener_t*,int,ike_sa_t*,signal_t,level_t,char*,va_list))signal_; + this->public.set_level = (void(*)(file_logger_t*,signal_t,level_t))set_level; + this->public.destroy = (void(*)(file_logger_t*))destroy; + + /* private variables */ + this->out = out; + this->stream = fmemopen(this->buffer, sizeof(this->buffer), "w"); + if (this->stream == NULL) + { + /* fallback to stderr */ + this->stream = stderr; + } + this->logger = stream_logger_create(this->stream); + + return &this->public; +} diff --git a/src/charon/bus/listeners/file_logger.h b/src/charon/bus/listeners/file_logger.h new file mode 100644 index 000000000..2ca028be3 --- /dev/null +++ b/src/charon/bus/listeners/file_logger.h @@ -0,0 +1,74 @@ +/** + * @file file_logger.h + * + * @brief Interface of file_logger_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef FILE_LOGGER_H_ +#define FILE_LOGGER_H_ + +#include <bus/bus.h> + + +typedef struct file_logger_t file_logger_t; + +/** + * @brief Logger to files which implements bus_listener_t. + * + * @b Constructors: + * - file_logger_create() + * + * @ingroup listeners + */ +struct file_logger_t { + + /** + * Implements the bus_listener_t interface. + */ + bus_listener_t listener; + + /** + * @brief Set the loglevel for a signal type. + * + * @param this stream_logger_t object + * @param singal type of signal + * @param level max level to log + */ + void (*set_level) (file_logger_t *this, signal_t signal, level_t level); + + /** + * @brief Destroys a file_logger_t object. + * + * @param this file_logger_t object + */ + void (*destroy) (file_logger_t *this); +}; + +/** + * @brief Constructor to create a file_logger_t object. + * + * @param out FILE to write to + * @return file_logger_t object + * + * @ingroup listeners + */ +file_logger_t *file_logger_create(FILE *out); + + +#endif /* FILE_LOGGER_H_ */ diff --git a/src/charon/bus/listeners/stream_logger.c b/src/charon/bus/listeners/stream_logger.c new file mode 100644 index 000000000..70218728f --- /dev/null +++ b/src/charon/bus/listeners/stream_logger.c @@ -0,0 +1,141 @@ +/** + * @file stream_logger.c + * + * @brief Implementation of stream_logger_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <string.h> +#include <stdio.h> +#include <pthread.h> + +#include "stream_logger.h" + + +typedef struct private_stream_logger_t private_stream_logger_t; + +/** + * @brief Private data of a stream_logger_t object. + */ +struct private_stream_logger_t { + + /** + * Public data + */ + stream_logger_t public; + + /** + * Maximum level to log + */ + level_t max; + + /** + * stream to write log output to + */ + FILE *out; +}; + +/** + * Implementation of bus_listener_t.signal. + */ +static void signal_(private_stream_logger_t *this, int thread, + ike_sa_t* ike_sa, signal_t signal, level_t level, + char *format, va_list args) +{ + FILE *o = this->out; + + flockfile(o); + + if (level <= this->max) + { + /* then print the info */ + switch (signal) + { + case SIG_IKE_UP: + { + if (level == LEV_SUCCESS) + { + fprintf(o, "established: %H[%D]...%H[%D]\n", + ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa), + ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa)); + } + else + { + fprintf(o, "establishing failed: %H[%D]...%H[%D]:\n", + ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa), + ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa)); + fprintf(o, " "); + vfprintf(o, format, args); + fprintf(o, "\n"); + } + break; + } + case SIG_DBG_IKE: + case SIG_DBG_CHD: + case SIG_DBG_JOB: + case SIG_DBG_CFG: + case SIG_DBG_KNL: + case SIG_DBG_NET: + case SIG_DBG_ENC: + { + vfprintf(o, format, args); + fprintf(o, "\n"); + break; + } + default: + break; + } + } + + funlockfile(o); +} + +/** + * Implementation of stream_logger_t.set_level. + */ +static void set_level(private_stream_logger_t *this, signal_t signal, level_t max) +{ + this->max = max; +} + +/** + * Implementation of stream_logger_t.destroy. + */ +static void destroy(private_stream_logger_t *this) +{ + free(this); +} + +/* + * Described in header. + */ +stream_logger_t *stream_logger_create(FILE *out) +{ + private_stream_logger_t *this = malloc_thing(private_stream_logger_t); + + /* public functions */ + this->public.listener.signal = (void(*)(bus_listener_t*,int,ike_sa_t*,signal_t,level_t,char*,va_list))signal_; + this->public.set_level = (void(*)(stream_logger_t*,signal_t,level_t))set_level; + this->public.destroy = (void(*)(stream_logger_t*))destroy; + + /* private variables */ + this->max = LEV_DBG4; + this->out = out; + + return &this->public; +} diff --git a/src/charon/bus/listeners/stream_logger.h b/src/charon/bus/listeners/stream_logger.h new file mode 100644 index 000000000..62d6c5aca --- /dev/null +++ b/src/charon/bus/listeners/stream_logger.h @@ -0,0 +1,75 @@ +/** + * @file stream_logger.h + * + * @brief Interface of stream_logger_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef STREAM_LOGGER_H_ +#define STREAM_LOGGER_H_ + +#include <stdio.h> + +#include <types.h> +#include <bus/bus.h> + +typedef struct stream_logger_t stream_logger_t; + +/** + * @brief Logger for a file stream which implements bus_listener_t. + * + * @b Constructors: + * - stream_logger_create() + * + * @ingroup listeners + */ +struct stream_logger_t { + + /** + * Implements the bus_listener_t interface. + */ + bus_listener_t listener; + + /** + * @brief Set the loglevel for a signal type. + * + * @param this stream_logger_t object + * @param singal type of signal + * @param level max level to log + */ + void (*set_level) (stream_logger_t *this, signal_t signal, level_t level); + + /** + * @brief Destroys a stream_logger_t object. + * + * @param this stream_logger_t object + */ + void (*destroy) (stream_logger_t *this); +}; + +/** + * @brief Constructor to create a stream_logger_t object. + * + * @param out output stream to log to + * @return stream_logger_t object + * + * @ingroup utils + */ +stream_logger_t *stream_logger_create(FILE *out); + +#endif /* STREAM_LOGGER_H_ */ diff --git a/src/charon/bus/listeners/sys_logger.c b/src/charon/bus/listeners/sys_logger.c new file mode 100644 index 000000000..357737610 --- /dev/null +++ b/src/charon/bus/listeners/sys_logger.c @@ -0,0 +1,181 @@ +/** + * @file sys_logger.c + * + * @brief Implementation of sys_logger_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/* for open_memstream() */ +#define _GNU_SOURCE +#include <stdio.h> +#include <string.h> +#include <pthread.h> + +#include "sys_logger.h" + +#include <bus/listeners/stream_logger.h> + + +typedef struct private_sys_logger_t private_sys_logger_t; + +/** + * Private data of a sys_logger_t object + */ +struct private_sys_logger_t { + + /** + * Public data. + */ + sys_logger_t public; + + /** + * syslog facility to use + */ + int facility; + + /** + * Internal used stream logger that does the dirty work + */ + stream_logger_t *logger; + + /** + * Memory stream used for stream_logger + */ + FILE *stream; + + /** + * Underlying buffer for stream + */ + char buffer[4096]; +}; + + +/** + * Implementation of bus_listener_t.signal. + */ +static void signal_(private_sys_logger_t *this, int thread, ike_sa_t* ike_sa, + signal_t signal, level_t level, + char *format, va_list args) +{ + char line[512]; + char *prefix; + FILE *reader; + + switch (signal) + { + case SIG_IKE_UP: + case SIG_IKE_DOWN: + case SIG_IKE_REKEY: + case SIG_DBG_IKE: + prefix = "IKE"; + break; + case SIG_DBG_CHD: + prefix = "CHD"; + break; + case SIG_DBG_JOB: + prefix = "JOG"; + break; + case SIG_DBG_CFG: + prefix = "CFG"; + break; + case SIG_DBG_KNL: + prefix = "KNL"; + break; + case SIG_DBG_NET: + prefix = "NET"; + break; + case SIG_DBG_ENC: + prefix = "ENC"; + break; + default: + prefix = "???"; + break; + } + + flockfile(this->stream); + /* reset memory stream */ + rewind(this->stream); + memset(this->buffer, '\0', sizeof(this->buffer)); + /* log to memstream */ + this->logger->listener.signal(&this->logger->listener, thread, ike_sa, + signal, level, format, args); + /* flush is needed to append a '\0' */ + fflush(this->stream); + + /* create a reader stream that reads out line by line */ + reader = fmemopen(this->buffer, sizeof(this->buffer), "r"); + + while (fgets(line, sizeof(line), reader)) + { + if (line[0] == '\0') + { + /* abort on EOF */ + break; + } + else if (line[0] != '\n') + { + syslog(this->facility|LOG_INFO, "%.2d[%s] %s", thread, prefix, line); + } + } + fclose(reader); + funlockfile(this->stream); +} + +/** + * Implementation of sys_logger_t.set_level. + */ +static void set_level(private_sys_logger_t *this, signal_t signal, level_t max) +{ + this->logger->set_level(this->logger, signal, max); +} + +/** + * Implementation of sys_logger_t.destroy. + */ +static void destroy(private_sys_logger_t *this) +{ + closelog(); + fclose(this->stream); + this->logger->destroy(this->logger); + free(this); +} + +/* + * Described in header. + */ +sys_logger_t *sys_logger_create(int facility) +{ + private_sys_logger_t *this = malloc_thing(private_sys_logger_t); + + /* public functions */ + this->public.listener.signal = (void(*)(bus_listener_t*,int,ike_sa_t*,signal_t,level_t,char*,va_list))signal_; + this->public.set_level = (void(*)(sys_logger_t*,signal_t,level_t))set_level; + this->public.destroy = (void(*)(sys_logger_t*))destroy; + + /* private variables */ + this->facility = facility; + this->stream = fmemopen(this->buffer, sizeof(this->buffer), "w"); + if (this->stream == NULL) + { + /* fallback to stderr */ + this->stream = stderr; + } + this->logger = stream_logger_create(this->stream); + + return &this->public; +} diff --git a/src/charon/bus/listeners/sys_logger.h b/src/charon/bus/listeners/sys_logger.h new file mode 100644 index 000000000..ff0b9ba2c --- /dev/null +++ b/src/charon/bus/listeners/sys_logger.h @@ -0,0 +1,76 @@ +/** + * @file sys_logger.h + * + * @brief Interface of sys_logger_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef SYS_LOGGER_H_ +#define SYS_LOGGER_H_ + +#include <syslog.h> + +#include <bus/bus.h> + + +typedef struct sys_logger_t sys_logger_t; + +/** + * @brief Logger for syslog which implements bus_listener_t. + * + * @b Constructors: + * - sys_logger_create() + * + * @ingroup listeners + */ +struct sys_logger_t { + + /** + * Implements the bus_listener_t interface. + */ + bus_listener_t listener; + + /** + * @brief Set the loglevel for a signal type. + * + * @param this stream_logger_t object + * @param singal type of signal + * @param level max level to log + */ + void (*set_level) (sys_logger_t *this, signal_t signal, level_t level); + + /** + * @brief Destroys a sys_logger_t object. + * + * @param this sys_logger_t object + */ + void (*destroy) (sys_logger_t *this); +}; + +/** + * @brief Constructor to create a sys_logger_t object. + * + * @param facility syslog facility to use + * @return sys_logger_t object + * + * @ingroup listeners + */ +sys_logger_t *sys_logger_create(int facility); + + +#endif /* SYS_LOGGER_H_ */ diff --git a/src/charon/config/connections/local_connection_store.c b/src/charon/config/connections/local_connection_store.c index 72265b5f0..af107b83b 100644 --- a/src/charon/config/connections/local_connection_store.c +++ b/src/charon/config/connections/local_connection_store.c @@ -74,8 +74,9 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t connection_t *candidate; connection_t *found = NULL; - this->logger->log(this->logger, CONTROL|LEVEL1, "looking for connection for host pair %s...%s", - my_host->get_string(my_host), other_host->get_string(other_host)); + this->logger->log(this->logger, CONTROL|LEVEL1, + "looking for connection for host pair %H...%H", + my_host, other_host); pthread_mutex_lock(&(this->mutex)); iterator = this->connections->create_iterator(this->connections, TRUE); @@ -106,10 +107,9 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t } this->logger->log(this->logger, CONTROL|LEVEL2, - "candidate connection \"%s\": %s...%s (prio=%d)", + "candidate connection \"%s\": %H...%H (prio=%d)", candidate->get_name(candidate), - candidate_my_host->get_string(candidate_my_host), - candidate_other_host->get_string(candidate_other_host), + candidate_my_host, candidate_other_host, prio); if (prio > best_prio) @@ -127,10 +127,9 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t host_t *found_other_host = found->get_other_host(found); this->logger->log(this->logger, CONTROL|LEVEL1, - "found matching connection \"%s\": %s...%s (prio=%d)", + "found matching connection \"%s\": %H...%H (prio=%d)", found->get_name(found), - found_my_host->get_string(found_my_host), - found_other_host->get_string(found_other_host), + found_my_host, found_other_host, best_prio); /* give out a new reference to it */ @@ -242,10 +241,8 @@ void log_connections(private_local_connection_store_t *this, logger_t *logger, c host_t *my_host = current->get_my_host(current); host_t *other_host = current->get_other_host(current); - logger->log(logger, CONTROL, " \"%s\": %s...%s", - current->get_name(current), - my_host->get_string(my_host), - other_host->get_string(other_host)); + logger->log(logger, CONTROL, " \"%s\": %H...%H", + current->get_name(current), my_host, other_host); } } iterator->destroy(iterator); diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c index db29472eb..e69418639 100644 --- a/src/charon/config/credentials/local_credential_store.c +++ b/src/charon/config/credentials/local_credential_store.c @@ -504,8 +504,8 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f identification_t *subject = cert->get_subject(cert); identification_t *issuer = cert->get_issuer(cert); - this->logger->log(this->logger, CONTROL|LEVEL1, "subject: '%s'", subject->get_string(subject)); - this->logger->log(this->logger, CONTROL|LEVEL1, "issuer: '%s'", issuer->get_string(issuer)); + this->logger->log(this->logger, CONTROL|LEVEL1, "subject: '%D'", subject); + this->logger->log(this->logger, CONTROL|LEVEL1, "issuer: '%D'", issuer); ugh = cert->is_valid(cert, &until); if (ugh != NULL) diff --git a/src/charon/config/policies/local_policy_store.c b/src/charon/config/policies/local_policy_store.c index 1ad0aaa9d..5253cb3fa 100644 --- a/src/charon/config/policies/local_policy_store.c +++ b/src/charon/config/policies/local_policy_store.c @@ -116,8 +116,8 @@ static policy_t *get_policy(private_local_policy_store_t *this, policy_t *candidate; policy_t *found = NULL; - this->logger->log(this->logger, CONTROL|LEVEL1, "searching policy for ID pair %s...%s", - my_id->get_string(my_id), other_id->get_string(other_id)); + this->logger->log(this->logger, CONTROL|LEVEL1, + "searching policy for ID pair %D...%D", my_id, other_id); pthread_mutex_lock(&(this->mutex)); iterator = this->policies->create_iterator(this->policies, TRUE); @@ -151,19 +151,14 @@ static policy_t *get_policy(private_local_policy_store_t *this, { this->logger->log(this->logger, CONTROL|LEVEL2, "candidate '%s' inacceptable due traffic selector mismatch", - candidate->get_name(candidate), - candidate_my_id->get_string(candidate_my_id), - candidate_other_id->get_string(candidate_other_id), - prio); + candidate->get_name(candidate)); continue; } this->logger->log(this->logger, CONTROL|LEVEL2, - "candidate policy '%s': %s...%s (prio=%d)", + "candidate policy '%s': %D...%D (prio=%d)", candidate->get_name(candidate), - candidate_my_id->get_string(candidate_my_id), - candidate_other_id->get_string(candidate_other_id), - prio); + candidate_my_id, candidate_other_id, prio); if (prio > best_prio) { @@ -180,11 +175,9 @@ static policy_t *get_policy(private_local_policy_store_t *this, identification_t *found_other_id = found->get_other_id(found); this->logger->log(this->logger, CONTROL, - "found matching policy '%s': %s...%s (prio=%d)", + "found matching policy '%s': %D...%D (prio=%d)", found->get_name(found), - found_my_id->get_string(found_my_id), - found_other_id->get_string(found_other_id), - best_prio); + found_my_id, found_other_id, best_prio); /* give out a new reference to it */ found->get_ref(found); } diff --git a/src/charon/daemon.c b/src/charon/daemon.c index cad9bee2a..fee85dd05 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -67,37 +67,15 @@ struct private_daemon_t { * The thread_id of main-thread. */ pthread_t main_thread_id; - - /** - * Main loop function. - * - * @param this calling object - */ - void (*run) (private_daemon_t *this); - - /** - * Initialize the daemon. - * - * @param this calling object - * @param strict enforce a strict crl policy - */ - void (*initialize) (private_daemon_t *this, bool strict); - - /** - * Destroy the daemon. - * - * @param this calling object - */ - void (*destroy) (private_daemon_t *this); }; -/** +/** * One and only instance of the daemon. */ daemon_t *charon; /** - * Implementation of private_daemon_t.run. + * Run the daemon and handle unix signals */ static void run(private_daemon_t *this) { @@ -144,7 +122,47 @@ static void run(private_daemon_t *this) } /** - * Implementation of daemon_t.kill. + * Clean up all daemon resources + */ +static void destroy(private_daemon_t *this) +{ + /* destruction is a non trivial task, we need to follow + * a strict order to prevent threading issues! + * Kill active threads first, except the sender, as + * the killed IKE_SA want to send delete messages. + */ + /* we don't want to receive anything anymore... */ + DESTROY_IF(this->public.receiver); + /* ignore all incoming user requests */ + DESTROY_IF(this->public.stroke); + /* stop scheduing jobs */ + DESTROY_IF(this->public.scheduler); + /* stop processing jobs */ + DESTROY_IF(this->public.thread_pool); + /* shut down manager with all IKE SAs */ + DESTROY_IF(this->public.ike_sa_manager); + /* all child SAs should be down now, so kill kernel interface */ + DESTROY_IF(this->public.kernel_interface); + /* destroy other infrastructure */ + DESTROY_IF(this->public.bus); + DESTROY_IF(this->public.outlog); + DESTROY_IF(this->public.syslog); + DESTROY_IF(this->public.job_queue); + DESTROY_IF(this->public.event_queue); + DESTROY_IF(this->public.configuration); + DESTROY_IF(this->public.credentials); + DESTROY_IF(this->public.connections); + DESTROY_IF(this->public.policies); + /* we hope the sender could send the outstanding deletes, but + * we shut down here at any cost */ + DESTROY_IF(this->public.sender); + DESTROY_IF(this->public.send_queue); + DESTROY_IF(this->public.socket); + free(this); +} + +/** + * Enforce daemon shutdown, with a given reason to do so. */ static void kill_daemon(private_daemon_t *this, char *reason) { @@ -153,7 +171,7 @@ static void kill_daemon(private_daemon_t *this, char *reason) if (this->main_thread_id == pthread_self()) { /* initialization failed, terminate daemon */ - this->destroy(this); + destroy(this); unlink(PID_FILE); exit(-1); } @@ -167,7 +185,7 @@ static void kill_daemon(private_daemon_t *this, char *reason) } /** - * Implementation of private_daemon_t.initialize. + * Initialize the daemon, optional with a strict crl policy */ static void initialize(private_daemon_t *this, bool strict) { @@ -182,6 +200,11 @@ static void initialize(private_daemon_t *this, bool strict) this->public.job_queue = job_queue_create(); this->public.event_queue = event_queue_create(); this->public.send_queue = send_queue_create(); + this->public.bus = bus_create(); + this->public.outlog = file_logger_create(stdout); + this->public.bus->add_listener(this->public.bus, &this->public.outlog->listener); + this->public.syslog = sys_logger_create(LOG_DAEMON); + this->public.bus->add_listener(this->public.bus, &this->public.syslog->listener); this->public.connections = (connection_store_t*)local_connection_store_create(); this->public.policies = (policy_store_t*)local_policy_store_create(); this->public.credentials = (credential_store_t*)local_credential_store_create(strict); @@ -202,42 +225,8 @@ static void initialize(private_daemon_t *this, bool strict) } /** - * Destory all initiated objects + * Handle SIGSEGV/SIGILL signals raised by threads */ -static void destroy(private_daemon_t *this) -{ - /* destruction is a non trivial task, we need to follow - * a strict order to prevent threading issues! - * Kill active threads first, except the sender, as - * the killed IKE_SA want to send delete messages. - */ - /* we don't want to receive anything anymore... */ - DESTROY_IF(this->public.receiver); - /* ignore all incoming user requests */ - DESTROY_IF(this->public.stroke); - /* stop scheduing jobs */ - DESTROY_IF(this->public.scheduler); - /* stop processing jobs */ - DESTROY_IF(this->public.thread_pool); - /* shut down manager with all IKE SAs */ - DESTROY_IF(this->public.ike_sa_manager); - /* all child SAs should be down now, so kill kernel interface */ - DESTROY_IF(this->public.kernel_interface); - /* destroy other infrastructure */ - DESTROY_IF(this->public.job_queue); - DESTROY_IF(this->public.event_queue); - DESTROY_IF(this->public.configuration); - DESTROY_IF(this->public.credentials); - DESTROY_IF(this->public.connections); - DESTROY_IF(this->public.policies); - /* we hope the sender could send the outstanding deletes, but - * we shut down here at any cost */ - DESTROY_IF(this->public.sender); - DESTROY_IF(this->public.send_queue); - DESTROY_IF(this->public.socket); - free(this); -} - void signal_handler(int signal) { void *array[20]; @@ -265,9 +254,7 @@ void signal_handler(int signal) } /** - * @brief Create the daemon. - * - * @return created daemon_t + * Create the daemon. */ private_daemon_t *daemon_create(void) { @@ -275,9 +262,6 @@ private_daemon_t *daemon_create(void) struct sigaction action; /* assign methods */ - this->run = run; - this->destroy = destroy; - this->initialize = initialize; this->public.kill = (void (*) (daemon_t*,char*))kill_daemon; /* NULL members for clean destruction */ @@ -296,6 +280,9 @@ private_daemon_t *daemon_create(void) this->public.kernel_interface = NULL; this->public.thread_pool = NULL; this->public.stroke = NULL; + this->public.bus = NULL; + this->public.outlog = NULL; + this->public.syslog = NULL; this->main_thread_id = pthread_self(); @@ -322,6 +309,9 @@ private_daemon_t *daemon_create(void) return this; } +/** + * print command line usage and exit + */ static void usage(const char *msg) { if (msg != NULL && *msg != '\0') @@ -396,14 +386,14 @@ int main(int argc, char *argv[]) "Starting Charon (strongSwan Version %s)", VERSION); /* initialize daemon */ - private_charon->initialize(private_charon, strict_crl_policy); + initialize(private_charon, strict_crl_policy); /* check/setup PID file */ if (stat(PID_FILE, &stb) == 0) { private_charon->logger->log(private_charon->logger, ERROR, "charon already running (\""PID_FILE"\" exists)"); - private_charon->destroy(private_charon); + destroy(private_charon); exit(-1); } pid_file = fopen(PID_FILE, "w"); @@ -420,19 +410,17 @@ int main(int argc, char *argv[]) while (list->remove_first(list, (void**)&host) == SUCCESS) { private_charon->logger->log(private_charon->logger, CONTROL, - " %s", host->get_string(host)); + " %H", host); host->destroy(host); } list->destroy(list); /* run daemon */ - private_charon->run(private_charon); + run(private_charon); /* normal termination, cleanup and exit */ - private_charon->destroy(private_charon); + destroy(private_charon); unlink(PID_FILE); return 0; } - - diff --git a/src/charon/daemon.h b/src/charon/daemon.h index b3ba35fb8..c54837273 100644 --- a/src/charon/daemon.h +++ b/src/charon/daemon.h @@ -32,6 +32,9 @@ #include <threads/thread_pool.h> #include <threads/stroke_interface.h> #include <network/socket.h> +#include <bus/bus.h> +#include <bus/listeners/file_logger.h> +#include <bus/listeners/sys_logger.h> #include <sa/ike_sa_manager.h> #include <queues/send_queue.h> #include <queues/job_queue.h> @@ -176,8 +179,16 @@ */ /** + * @defgroup bus bus + * + * Signaling bus and its listeners. + * + * @ingroup charon + */ + +/** * Name of the daemon. - * + * * @ingroup charon */ #define DAEMON_NAME "charon" @@ -337,6 +348,21 @@ struct daemon_t { thread_pool_t *thread_pool; /** + * The signaling bus. + */ + bus_t *bus; + + /** + * A bus listener logging to stdout + */ + file_logger_t *outlog; + + /** + * A bus listener logging to syslog + */ + sys_logger_t *syslog; + + /** * Kernel Interface to communicate with kernel */ kernel_interface_t *kernel_interface; diff --git a/src/charon/network/socket.c b/src/charon/network/socket.c index ad8e64976..456fc6d0c 100644 --- a/src/charon/network/socket.c +++ b/src/charon/network/socket.c @@ -204,9 +204,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) pkt->set_source(pkt, source); pkt->set_destination(pkt, dest); this->logger->log(this->logger, CONTROL|LEVEL1, - "received packet: from %s[%d] to %s[%d]", - source->get_string(source), source->get_port(source), - dest->get_string(dest), dest->get_port(dest)); + "received packet: from %#H to %#H", source, dest); data_offset = IP_LEN + UDP_LEN; /* remove non esp marker */ if (dest->get_port(dest) == this->natt_port) @@ -297,9 +295,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) pkt->set_source(pkt, source); pkt->set_destination(pkt, dest); this->logger->log(this->logger, CONTROL|LEVEL1, - "received packet: from %s[%d] to %s[%d]", - source->get_string(source), source->get_port(source), - dest->get_string(dest), dest->get_port(dest)); + "received packet: from %#H to %#H", source, dest); data_offset = UDP_LEN; /* remove non esp marker */ if (dest->get_port(dest) == this->natt_port) @@ -337,9 +333,8 @@ status_t sender(private_socket_t *this, packet_t *packet) dst = packet->get_destination(packet); data = packet->get_data(packet); - this->logger->log(this->logger, CONTROL|LEVEL1, "sending packet: from %s[%d] to %s[%d]", - src->get_string(src), src->get_port(src), - dst->get_string(dst), dst->get_port(dst)); + this->logger->log(this->logger, CONTROL|LEVEL1, + "sending packet: from %#H to %#H", src, dst); /* send data */ sport = src->get_port(src); @@ -575,6 +570,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND; policy.sadb_x_policy_reserved = 0; policy.sadb_x_policy_id = 0; + policy.sadb_x_policy_priority = 0; if (setsockopt(skt, ip_proto, ipsec_policy, &policy, sizeof(policy)) < 0) { @@ -729,6 +725,7 @@ static int open_recv_socket(private_socket_t *this, int family) policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND; policy.sadb_x_policy_reserved = 0; policy.sadb_x_policy_id = 0; + policy.sadb_x_policy_priority = 0; if (setsockopt(skt, ip_proto, ipsec_policy, &policy, sizeof(policy)) < 0) { diff --git a/src/charon/queues/jobs/delete_child_sa_job.c b/src/charon/queues/jobs/delete_child_sa_job.c index dd39572de..45fc452fc 100644 --- a/src/charon/queues/jobs/delete_child_sa_job.c +++ b/src/charon/queues/jobs/delete_child_sa_job.c @@ -1,8 +1,8 @@ /** * @file delete_child_sa_job.c - * + * * @brief Implementation of delete_child_sa_job_t. - * + * */ /* @@ -32,6 +32,7 @@ typedef struct private_delete_child_sa_job_t private_delete_child_sa_job_t; */ struct private_delete_child_sa_job_t { /** + * Public delete_child_sa_job_t interface. */ delete_child_sa_job_t public; diff --git a/src/charon/queues/jobs/incoming_packet_job.c b/src/charon/queues/jobs/incoming_packet_job.c index ec8163da8..4feff15a6 100644 --- a/src/charon/queues/jobs/incoming_packet_job.c +++ b/src/charon/queues/jobs/incoming_packet_job.c @@ -113,9 +113,8 @@ static status_t execute(private_incoming_packet_job_t *this) message = message_create_from_packet(this->packet->clone(this->packet)); src = message->get_source(message); dst = message->get_destination(message); - this->logger->log(this->logger, CONTROL, "received packet: from %s[%d] to %s[%d]", - src->get_string(src), src->get_port(src), - dst->get_string(dst), dst->get_port(dst)); + this->logger->log(this->logger, CONTROL, + "received packet: from %#H to %#H", src, dst); status = message->parse_header(message); if (status != SUCCESS) diff --git a/src/charon/queues/send_queue.c b/src/charon/queues/send_queue.c index 985cf77b7..6091a172d 100644 --- a/src/charon/queues/send_queue.c +++ b/src/charon/queues/send_queue.c @@ -111,9 +111,8 @@ static void add(private_send_queue_t *this, packet_t *packet) src = packet->get_source(packet); dst = packet->get_destination(packet); - this->logger->log(this->logger, CONTROL, "sending packet: from %s[%d] to %s[%d]", - src->get_string(src), src->get_port(src), - dst->get_string(dst), dst->get_port(dst)); + this->logger->log(this->logger, CONTROL, + "sending packet: from %#H to %#H", src, dst); pthread_mutex_lock(&this->mutex); this->list->insert_last(this->list, packet); diff --git a/src/charon/sa/authenticator.c b/src/charon/sa/authenticator.c index 3dcffd09e..f605062c9 100644 --- a/src/charon/sa/authenticator.c +++ b/src/charon/sa/authenticator.c @@ -220,8 +220,9 @@ static status_t verify_auth_data (private_authenticator_t *this, &shared_key); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "no shared key found for '%s' and '%s'", - my_id->get_string(my_id), other_id->get_string(other_id)); + this->logger->log(this->logger, ERROR, + "no shared key found for '%D' - '%D'", + my_id, other_id); chunk_free(&shared_key); break; } @@ -234,7 +235,9 @@ static status_t verify_auth_data (private_authenticator_t *this, shared_key); chunk_free(&shared_key); - status = (auth_data.len == my_auth_data.len && memeq(auth_data.ptr, my_auth_data.ptr, my_auth_data.len)) + + status = (auth_data.len == my_auth_data.len && + memeq(auth_data.ptr, my_auth_data.ptr, my_auth_data.len)) ? SUCCESS : FAILED; chunk_free(&my_auth_data); break; @@ -248,8 +251,8 @@ static status_t verify_auth_data (private_authenticator_t *this, if (public_key == NULL) { - this->logger->log(this->logger, ERROR, "no RSA public key found for '%s'", - other_id->get_string(other_id)); + this->logger->log(this->logger, ERROR, + "no RSA public key found for '%D'", other_id); status = NOT_FOUND; break; } @@ -266,9 +269,8 @@ static status_t verify_auth_data (private_authenticator_t *this, } } - this->logger->log(this->logger, CONTROL, "authentication of '%s' with %s %s", - other_id->get_string(other_id), - enum_name(&auth_method_names, auth_method), + this->logger->log(this->logger, CONTROL, "authentication of '%D' with %s %s", + other_id, enum_name(&auth_method_names, auth_method), (status == SUCCESS)? "successful":"failed"); return status; } @@ -284,9 +286,9 @@ static status_t compute_auth_data (private_authenticator_t *this, identification_t *other_id, bool initiator) { - this->logger->log(this->logger, CONTROL, "authentication of '%s' with %s (myself)", - my_id->get_string(my_id), - enum_name(&auth_method_names, this->auth_method)); + this->logger->log(this->logger, CONTROL, + "authentication of '%D' with %s (myself)", + my_id, enum_name(&auth_method_names, this->auth_method)); switch (this->auth_method) { @@ -302,8 +304,9 @@ static status_t compute_auth_data (private_authenticator_t *this, if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "no shared key found for '%s' and '%s'", - my_id->get_string(my_id), other_id->get_string(other_id)); + this->logger->log(this->logger, ERROR, + "no shared key found for '%D' - '%D'", + my_id, other_id); return status; } @@ -330,14 +333,15 @@ static status_t compute_auth_data (private_authenticator_t *this, rsa_public_key_t *my_pubkey; rsa_private_key_t *my_key; - this->logger->log(this->logger, CONTROL|LEVEL1, "looking for RSA public key belonging to '%s'", - my_id->get_string(my_id)); + this->logger->log(this->logger, CONTROL|LEVEL1, + "looking for RSA public key belonging to '%D'", + my_id); my_pubkey = charon->credentials->get_rsa_public_key(charon->credentials, my_id); if (my_pubkey == NULL) { - this->logger->log(this->logger, ERROR, "no RSA public key found for '%s'", - my_id->get_string(my_id)); + this->logger->log(this->logger, ERROR, + "no RSA public key found for '%D'", my_id); return NOT_FOUND; } this->logger->log(this->logger, CONTROL|LEVEL2, "matching RSA public key found"); @@ -351,8 +355,9 @@ static status_t compute_auth_data (private_authenticator_t *this, char buf[BUF_LEN]; chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey)); - this->logger->log(this->logger, ERROR, "no RSA private key found with for %s with keyid %s", - my_id->get_string(my_id), buf); + this->logger->log(this->logger, ERROR, + "no RSA private key found with for %D with keyid %s", + my_id, buf); return NOT_FOUND; } this->logger->log(this->logger, CONTROL|LEVEL2, "matching RSA private key found"); diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c index 6b462c271..3a5929759 100644 --- a/src/charon/sa/child_sa.c +++ b/src/charon/sa/child_sa.c @@ -296,15 +296,15 @@ static void updown(private_child_sa_t *this, bool up) "PLUTO_CONNECTION='%s' " "PLUTO_INTERFACE='%s' " "PLUTO_REQID='%u' " - "PLUTO_ME='%s' " - "PLUTO_MY_ID='%s' " + "PLUTO_ME='%H' " + "PLUTO_MY_ID='%D' " "PLUTO_MY_CLIENT='%s/%s' " "PLUTO_MY_CLIENT_NET='%s' " "PLUTO_MY_CLIENT_MASK='%s' " "PLUTO_MY_PORT='%u' " "PLUTO_MY_PROTOCOL='%u' " - "PLUTO_PEER='%s' " - "PLUTO_PEER_ID='%s' " + "PLUTO_PEER='%H' " + "PLUTO_PEER_ID='%D' " "PLUTO_PEER_CLIENT='%s/%s' " "PLUTO_PEER_CLIENT_NET='%s' " "PLUTO_PEER_CLIENT_MASK='%s' " @@ -313,20 +313,20 @@ static void updown(private_child_sa_t *this, bool up) "%s" "%s", up ? "up" : "down", - streq(this->me.addr->get_string(this->me.addr), - my_client) ? "-host" : "-client", + /* TODO: fix it: streq(this->me.addr->get_string(this->me.addr), + my_client) ? "-host" :*/ "-client", this->me.addr->get_family(this->me.addr) == AF_INET ? "" : "-ipv6", this->name, ifname, this->reqid, - this->me.addr->get_string(this->me.addr), - this->me.id->get_string(this->me.id), + this->me.addr, + this->me.id, my_client, my_client_mask, my_client, my_client_mask, policy->my_ts->get_from_port(policy->my_ts), policy->my_ts->get_protocol(policy->my_ts), - this->other.addr->get_string(this->other.addr), - this->other.id->get_string(this->other.id), + this->other.addr, + this->other.id, other_client, other_client_mask, other_client, other_client_mask, policy->other_ts->get_from_port(policy->other_ts), @@ -548,8 +548,8 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal, prf_plus /* send SA down to the kernel */ this->logger->log(this->logger, CONTROL|LEVEL2, - " SPI 0x%.8x, src %s dst %s", - ntohl(spi), src->get_string(src), dst->get_string(dst)); + " SPI 0x%.8x, src %H dst %H", + ntohl(spi), src, dst); status = charon->kernel_interface->add_sa(charon->kernel_interface, src, dst, spi, this->protocol, @@ -937,12 +937,9 @@ static status_t update_sa_hosts(private_child_sa_t *this, host_t *new_me, host_t } this->logger->log(this->logger, CONTROL|LEVEL1, - "updating %s SA 0x%x, from %s:%d..%s:%d to %s:%d..%s:%d", + "updating %s SA 0x%x, from %#H..#H to %#H..%#H", mapping_find(protocol_id_m, this->protocol), ntohl(spi), - src->get_string(src), src->get_port(src), - dst->get_string(dst), dst->get_port(dst), - new_src->get_string(new_src), new_src->get_port(new_src), - new_dst->get_string(new_dst), new_dst->get_port(new_dst)); + src, dst, new_src, new_dst); status = charon->kernel_interface->update_sa(charon->kernel_interface, dst, spi, this->protocol, diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index 671e2b23b..0384c37dc 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -1363,11 +1363,9 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state) if (state == IKE_ESTABLISHED) { this->time.established = time(NULL); - this->logger->log(this->logger, AUDIT, "IKE_SA established: %s[%s]...%s[%s]", - this->my_host->get_string(this->my_host), - this->my_id->get_string(this->my_id), - this->other_host->get_string(this->other_host), - this->other_id->get_string(this->other_id)); + this->logger->log(this->logger, AUDIT, "IKE_SA established: %H[%D]...%H[%D]", + this->my_host, this->my_id, + this->other_host, this->other_id); /* start DPD checks */ send_dpd(this); } @@ -1784,11 +1782,9 @@ static status_t rekey(private_ike_sa_t *this) rekey_ike_sa_t *rekey_ike_sa; this->logger->log(this->logger, CONTROL, - "rekeying IKE_SA between %s[%s]..%s[%s]", - this->my_host->get_string(this->my_host), - this->my_id->get_string(this->my_id), - this->other_host->get_string(this->other_host), - this->other_id->get_string(this->other_id)); + "rekeying IKE_SA between: %H[%D]...%H[%D]", + this->my_host, this->my_id, + this->other_host, this->other_id); if (this->state != IKE_ESTABLISHED) { @@ -1869,12 +1865,9 @@ static void log_status(private_ike_sa_t *this, logger_t *logger, char *name) mapping_find(ike_sa_state_m, this->state), this->ike_sa_id->get_initiator_spi(this->ike_sa_id), this->ike_sa_id->get_responder_spi(this->ike_sa_id)); - logger->log(logger, CONTROL, " \"%s\": %s[%s]...%s[%s]", - this->name, - this->my_host->get_string(this->my_host), - this->my_id->get_string(this->my_id), - this->other_host->get_string(this->other_host), - this->other_id->get_string(this->other_id)); + logger->log(logger, CONTROL, " \"%s\": %H[%D]...%H[%D]", + this->name, this->my_host, this->my_id, + this->other_host, this->other_id); iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->has_next(iterator)) @@ -1995,11 +1988,9 @@ static void destroy(private_ike_sa_t *this) DESTROY_IF(this->prf_auth_r); this->logger->log(this->logger, AUDIT, - "IKE_SA deleted between %s[%s]...%s[%s]", - this->my_host->get_string(this->my_host), - this->my_id->get_string(this->my_id), - this->other_host->get_string(this->other_host), - this->other_id->get_string(this->other_id)); + "IKE_SA deleted between: %H[%D]...%H[%D]", + this->my_host, this->my_id, + this->other_host, this->other_id); DESTROY_IF(this->my_host); DESTROY_IF(this->other_host); diff --git a/src/charon/sa/ike_sa_manager.c b/src/charon/sa/ike_sa_manager.c index 7984aa9af..90c43da93 100644 --- a/src/charon/sa/ike_sa_manager.c +++ b/src/charon/sa/ike_sa_manager.c @@ -385,9 +385,8 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, { /* looks good, we take this one */ this->logger->log(this->logger, CONTROL|LEVEL1, - "found an existing IKE_SA for %s[%s]...%s[%s]", - my_host->get_string(my_host), other_host->get_string(other_host), - my_id->get_string(my_id), other_id->get_string(other_id)); + "found an existing IKE_SA for %H[%D]...%H[%D]", + my_host, other_host, my_id, other_id); entry->checked_out = TRUE; ike_sa = entry->ike_sa; } @@ -417,13 +416,12 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, /* check ike_sa out */ this->logger->log(this->logger, CONTROL|LEVEL1, - "new IKE_SA created for IDs %s - %s", - my_id->get_string(my_id), other_id->get_string(other_id)); + "new IKE_SA created for IDs %D - %D", my_id, other_id); new_ike_sa_entry->checked_out = TRUE; ike_sa = new_ike_sa_entry->ike_sa; } pthread_mutex_unlock(&(this->mutex)); - + SIG_SA(ike_sa); return ike_sa; } @@ -540,6 +538,8 @@ static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id } pthread_mutex_unlock(&(this->mutex)); + + SIG_SA(ike_sa); return ike_sa; } @@ -575,6 +575,7 @@ static ike_sa_t* checkout_by_child(private_ike_sa_manager_t *this, iterator->destroy(iterator); pthread_mutex_unlock(&(this->mutex)); + SIG_SA(ike_sa); return ike_sa; } @@ -679,6 +680,8 @@ static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) this->logger->log(this->logger, CONTROL|LEVEL2, "%d IKE_SAs in manager now", this->ike_sa_list->get_count(this->ike_sa_list)); pthread_mutex_unlock(&(this->mutex)); + + SIG_SA(NULL); return retval; } @@ -725,6 +728,7 @@ static status_t checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ik } pthread_mutex_unlock(&(this->mutex)); + SIG_SA(NULL); return retval; } diff --git a/src/charon/sa/transactions/ike_auth.c b/src/charon/sa/transactions/ike_auth.c index fae29426e..a31180546 100644 --- a/src/charon/sa/transactions/ike_auth.c +++ b/src/charon/sa/transactions/ike_auth.c @@ -694,8 +694,8 @@ static status_t get_response(private_ike_auth_t *this, message_t *request, if (this->policy == NULL) { this->logger->log(this->logger, AUDIT, - "no acceptable policy for IDs %s - %s found, deleting IKE_SA", - my_id->get_string(my_id), other_id->get_string(other_id)); + "no acceptable policy for IDs %D - %D found, deleting IKE_SA", + my_id, other_id); my_id->destroy(my_id); other_id->destroy(other_id); build_notify(AUTHENTICATION_FAILED, response, TRUE); @@ -939,9 +939,8 @@ static status_t conclude(private_ike_auth_t *this, message_t *response, { other_id->destroy(other_id); this->logger->log(this->logger, AUDIT, - "other peer uses unacceptable ID (%s, excepted %s), deleting IKE_SA", - other_id->get_string(other_id), - configured_other_id->get_string(configured_other_id)); + "other peer uses unacceptable ID (%D, excepted %D), deleting IKE_SA", + other_id, configured_other_id); return DESTROY_ME; } /* update other ID. It was already set, but may contain wildcards */ diff --git a/src/charon/sa/transactions/ike_sa_init.c b/src/charon/sa/transactions/ike_sa_init.c index 855e98506..ad481d6fa 100644 --- a/src/charon/sa/transactions/ike_sa_init.c +++ b/src/charon/sa/transactions/ike_sa_init.c @@ -570,8 +570,8 @@ static status_t get_response(private_ike_sa_init_t *this, response->add_payload(response, (payload_t*)notify); this->logger->log(this->logger, AUDIT, - "no connection for hosts %s...%s found, deleting IKE_SA", - me->get_string(me), other->get_string(other)); + "no connection for hosts %H...%H found, deleting IKE_SA", + me, other); return DESTROY_ME; } diff --git a/src/charon/testing/certificate_test.c b/src/charon/testing/certificate_test.c index be8a8f7cf..ceb7bef14 100644 --- a/src/charon/testing/certificate_test.c +++ b/src/charon/testing/certificate_test.c @@ -85,7 +85,7 @@ static char certificate_buffer[] = { */ void test_certificate(protected_tester_t *tester) { - chunk_t certificate = {certificate_buffer, sizeof(certificate_buffer)}; + /*chunk_t certificate = {certificate_buffer, sizeof(certificate_buffer)}; identification_t *id; x509_t *cert; @@ -95,7 +95,7 @@ void test_certificate(protected_tester_t *tester) id = cert->get_issuer(cert); tester->assert_true(tester, strcmp(id->get_string(id), "C=CH, O=Linux strongSwan, CN=maeno") == 0, "issuer"); cert->destroy(cert); - /* + cert = x509_create_from_file("scripts/complex1.der"); id = cert->get_subject(cert); printf("Subject: %s\n", id->get_string(id)); diff --git a/src/charon/threads/stroke_interface.c b/src/charon/threads/stroke_interface.c index 549b4c154..35fcff4d2 100755 --- a/src/charon/threads/stroke_interface.c +++ b/src/charon/threads/stroke_interface.c @@ -354,9 +354,9 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) { other_ca = identification_create_from_string("%any"); } - this->logger->log(this->logger, CONTROL|LEVEL2, " my ca: '%s'", my_ca->get_string(my_ca)); - this->logger->log(this->logger, CONTROL|LEVEL2, " other ca:'%s'", other_ca->get_string(other_ca)); - this->logger->log(this->logger, CONTROL|LEVEL2, " updown:'%s'", msg->add_conn.me.updown); + this->logger->log(this->logger, CONTROL|LEVEL1, " my ca: '%D'", my_ca); + this->logger->log(this->logger, CONTROL|LEVEL1, " other ca:'%D'", other_ca); + this->logger->log(this->logger, CONTROL|LEVEL1, " updown: '%s'", msg->add_conn.me.updown); connection = connection_create(msg->add_conn.name, msg->add_conn.ikev2, @@ -457,12 +457,9 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) /* add to global connection list */ charon->connections->add_connection(charon->connections, connection); - this->logger->log(this->logger, CONTROL, "added connection \"%s\": %s[%s]...%s[%s]", - msg->add_conn.name, - my_host->get_string(my_host), - my_id->get_string(my_id), - other_host->get_string(other_host), - other_id->get_string(other_id)); + this->logger->log(this->logger, CONTROL, + "added connection \"%s\": %H[%D]...%H[%D]", msg->add_conn.name, + my_host, my_id, other_host, other_id); /* add to global policy list */ charon->policies->add_policy(charon->policies, policy); return; @@ -633,7 +630,7 @@ static void stroke_status(private_stroke_t *this, stroke_msg_t *msg) while (list->remove_first(list, (void**)&host) == SUCCESS) { this->stroke_logger->log(this->stroke_logger, CONTROL|LEVEL1, - " %s", host->get_string(host)); + " %H", host); host->destroy(host); } |