diff options
59 files changed, 460 insertions, 761 deletions
diff --git a/Source/charon/config/connection.c b/Source/charon/config/connection.c index e0b29ac2f..24f16a044 100644 --- a/Source/charon/config/connection.c +++ b/Source/charon/config/connection.c @@ -205,7 +205,7 @@ static diffie_hellman_group_t get_dh_group(private_connection_t *this) while (iterator->has_next(iterator)) { iterator->current(iterator, (void**)&proposal); - proposal->get_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, &algo); + proposal->get_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, &algo); if (algo) { iterator->destroy(iterator); @@ -229,7 +229,7 @@ static bool check_dh_group(private_connection_t *this, diffie_hellman_group_t dh while (prop_iter->has_next(prop_iter)) { prop_iter->current(prop_iter, (void**)&proposal); - alg_iter = proposal->create_algorithm_iterator(proposal, IKE, DIFFIE_HELLMAN_GROUP); + alg_iter = proposal->create_algorithm_iterator(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP); while (alg_iter->has_next(alg_iter)) { alg_iter->current(alg_iter, (void**)&algo); diff --git a/Source/charon/config/proposal.c b/Source/charon/config/proposal.c index e5a8a64cc..760d58061 100644 --- a/Source/charon/config/proposal.c +++ b/Source/charon/config/proposal.c @@ -32,10 +32,10 @@ * String mappings for protocol_id_t. */ mapping_t protocol_id_m[] = { - {UNDEFINED_PROTOCOL_ID, "UNDEFINED_PROTOCOL_ID"}, - {IKE, "IKE"}, - {AH, "AH"}, - {ESP, "ESP"}, + {PROTO_NONE, "PROTO_NONE"}, + {PROTO_IKE, "PROTO_IKE"}, + {PROTO_AH, "PROTO_AH"}, + {PROTO_ESP, "PROTO_ESP"}, {MAPPING_END, NULL} }; @@ -159,7 +159,7 @@ static protocol_proposal_t *get_protocol_proposal(private_proposal_t *this, prot proto_proposal->prf_algos = linked_list_create(); proto_proposal->dh_groups = linked_list_create(); proto_proposal->esns = linked_list_create(); - if (proto == IKE) + if (proto == PROTO_IKE) { proto_proposal->spi.len = 8; } @@ -446,15 +446,15 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t iterator->destroy(iterator); /* apply spis from "other" */ - spi = other->public.get_spi(&(other->public), AH); + spi = other->public.get_spi(&(other->public), PROTO_AH); if (spi) { - selected->set_spi(selected, AH, spi); + selected->set_spi(selected, PROTO_AH, spi); } - spi = other->public.get_spi(&(other->public), ESP); + spi = other->public.get_spi(&(other->public), PROTO_ESP); if (spi) { - selected->set_spi(selected, ESP, spi); + selected->set_spi(selected, PROTO_ESP, spi); } /* everything matched, return new proposal */ @@ -477,8 +477,8 @@ static void get_protocols(private_proposal_t *this, protocol_id_t ids[2]) iterator_t *iterator = this->protocol_proposals->create_iterator(this->protocol_proposals, TRUE); u_int i = 0; - ids[0] = UNDEFINED_PROTOCOL_ID; - ids[1] = UNDEFINED_PROTOCOL_ID; + ids[0] = PROTO_NONE; + ids[1] = PROTO_NONE; while (iterator->has_next(iterator)) { protocol_proposal_t *proto_prop; @@ -501,7 +501,7 @@ static void set_spi(private_proposal_t *this, protocol_id_t proto, u_int64_t spi protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE); if (proto_proposal) { - if (proto == AH || proto == ESP) + if (proto == PROTO_AH || proto == PROTO_ESP) { *((u_int32_t*)proto_proposal->spi.ptr) = (u_int32_t)spi; } @@ -520,7 +520,7 @@ static u_int64_t get_spi(private_proposal_t *this, protocol_id_t proto) protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE); if (proto_proposal) { - if (proto == AH || proto == ESP) + if (proto == PROTO_AH || proto == PROTO_ESP) { return (u_int64_t)*((u_int32_t*)proto_proposal->spi.ptr); } diff --git a/Source/charon/config/proposal.h b/Source/charon/config/proposal.h index e2a4856e9..9c75406cc 100644 --- a/Source/charon/config/proposal.h +++ b/Source/charon/config/proposal.h @@ -41,10 +41,10 @@ typedef enum protocol_id_t protocol_id_t; * @ingroup config */ enum protocol_id_t { - UNDEFINED_PROTOCOL_ID = 201, - IKE = 1, - AH = 2, - ESP = 3, + PROTO_NONE = 0, + PROTO_IKE = 1, + PROTO_AH = 2, + PROTO_ESP = 3, }; /** diff --git a/Source/charon/daemon.c b/Source/charon/daemon.c index 6455dc205..1bc8057f0 100644 --- a/Source/charon/daemon.c +++ b/Source/charon/daemon.c @@ -262,7 +262,7 @@ private_daemon_t *daemon_create() /* first build a logger */ this->public.logger_manager = logger_manager_create(DEFAULT_LOGLEVEL); - this->logger = (this->public.logger_manager)->create_logger(this->public.logger_manager, DAEMON, NULL); + this->logger = (this->public.logger_manager)->get_logger(this->public.logger_manager, DAEMON); /* NULL members for clean destruction */ this->public.socket = NULL; diff --git a/Source/charon/doc/Architecture.txt b/Source/charon/doc/Architecture.txt index 360f83ffb..fb7c28a41 100644 --- a/Source/charon/doc/Architecture.txt +++ b/Source/charon/doc/Architecture.txt @@ -51,6 +51,9 @@ Therefore plutos behavior is changed to discard any IKEv2 traffic silently. IKEv2 keying daemon: charon ============================= + Threading modell +------------------ + All IKEv2 stuff is handled in charon. It uses a newer and more flexible architecture than pluto. Charon uses a thread-pool, which allows parallel execution SA-management. Beside the thread-pool, there are some special purpose @@ -60,14 +63,14 @@ threads which do their job for the common health of the daemon. ¦ E Q ¦ ¦ v u ¦---+ +------+ +------+ ¦ e e ¦ ¦ ¦ ¦ ¦ IKE- ¦ - ¦ n u ¦ +----------+ ¦ ¦--¦ SA ¦ - ¦ t e ¦ ¦ ¦ ¦ I M ¦ +------+ - +------------+ ¦ - ¦ ¦ Sceduler ¦ ¦ K A ¦ - ¦ receiver ¦ +------+ ¦ ¦ ¦ E N ¦ +------+ - +----+-------+ +----------+ ¦ - A ¦ ¦ IKE- ¦ - ¦ ¦ +------+ ¦ ¦ S G ¦--¦ SA ¦ - +-------+--+ +-----¦ J Q ¦---+ +------------+ ¦ A E ¦ +------+ - -¦ socket ¦ ¦ o u ¦ ¦ ¦ ¦ - R ¦ + ¦ n u ¦ +-----------+ ¦ ¦--¦ SA ¦ + ¦ t e ¦ ¦ ¦ ¦ I M ¦ +------+ + +------------+ ¦ - ¦ ¦ Scheduler ¦ ¦ K a ¦ + ¦ receiver ¦ +------+ ¦ ¦ ¦ E n ¦ +------+ + +----+-------+ +-----------+ ¦ - a ¦ ¦ IKE- ¦ + ¦ ¦ +------+ ¦ ¦ S g ¦--¦ SA ¦ + +-------+--+ +-----¦ J Q ¦---+ +------------+ ¦ A e ¦ +------+ + -¦ socket ¦ ¦ o u ¦ ¦ ¦ ¦ - r ¦ +-------+--+ ¦ b e ¦ ¦ Thread- ¦ ¦ ¦ ¦ ¦ - u ¦ ¦ Pool ¦ ¦ ¦ +----+-------+ ¦ e ¦------¦ ¦---¦ ¦ @@ -77,18 +80,16 @@ threads which do their job for the common health of the daemon. ¦ ¦ S Q ¦ ¦ ¦ e u ¦ ¦ ¦ n e ¦ - ¦ ¦ d u ¦ - ¦ ¦ - e ¦ - ¦ +--+---+ - ¦ ¦ - +---------------+ + +------------¦ d u ¦ + ¦ - e ¦ + +--+---+ The thread-pool is the heart of the architecture. It processes jobs from a (fully synchronized) job-queue. Mostly, a job is associated with a specific IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA. This makes it unnecesary to use further synchronisation methods once a IKE SA is checked out. The (rather complex) synchronization of IKE SAs is completely -don in the IKE SA manager. +done in the IKE SA manager. The sceduler is responsible for event firing. It waits until a event in the (fully synchronized) event-queue is ready for processing and pushes the event down to the job-queue. A thread form the pool will pick it up as quick as @@ -101,6 +102,11 @@ There are even more threads, not drawn in the upper scheme. The stroke thread is responsible for reading and processessing commands from another process. The kernel interface thread handles communication from and to the kernel via a netlink socket. It waits for kernel events and processes them appropriately. + + + configuration backends +------------------------ + The configuration architecture for charon is complex, but is flexible and extensible. All configuration stuff is split up in multiple parts: @@ -110,13 +116,13 @@ policy Defines the rules to apply ontop of a connection. A policy is defined between two IDs. Proposals and traffic selectors allow fine grained configuration of the CHILD SAs (AH and ESP) to set up. -credential A credential something used for authentication, such as a +credential A credential is something used for authentication, such as a preshared key, a RSA private or public key, certificate, ... configuration The configuration itself handles daemon related configuration stuff, such as interface binding or logging settings. These configuration types are defined as interfaces, and are currently -implemented only in the stroke class. Through the modular design, parts can be +implemented only in the stroke class. Through the modular design, parts could be replaced with more powerful backends, such as a RADIUS server for the credentials, a SQL database for the connections, policy definitions on an LDAP -server, and so on...
\ No newline at end of file +server, and so on... diff --git a/Source/charon/encoding/generator.c b/Source/charon/encoding/generator.c index 7b65223bf..0d7394a10 100644 --- a/Source/charon/encoding/generator.c +++ b/Source/charon/encoding/generator.c @@ -1029,7 +1029,6 @@ static void generate_payload (private_generator_t *this,payload_t *payload) static status_t destroy(private_generator_t *this) { allocator_free(this->buffer); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); allocator_free(this); return SUCCESS; } @@ -1073,7 +1072,7 @@ generator_t *generator_create() this->current_bit = 0; this->last_payload_length_position_offset = 0; this->header_length_position_offset = 0; - this->logger = charon->logger_manager->create_logger(charon->logger_manager,GENERATOR,NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, GENERATOR); return &(this->public); } diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c index b79020a24..360e44a71 100644 --- a/Source/charon/encoding/message.c +++ b/Source/charon/encoding/message.c @@ -746,7 +746,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t current_payload_type = this->first_payload; - this->logger->log(this->logger, CONTROL|LEVEL1, "Parsing body of message, first payload %s", + this->logger->log(this->logger, CONTROL|LEVEL1, "Parsing body of message, first payload is %s", mapping_find(payload_type_m, current_payload_type)); /* parse payload for payload, while there are more available */ @@ -754,7 +754,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t { payload_t *current_payload; - this->logger->log(this->logger, CONTROL|LEVEL2, "Start parsing payload of type %s", + this->logger->log(this->logger, CONTROL|LEVEL2, "Start parsing a %s payload", mapping_find(payload_type_m, current_payload_type)); /* parse current payload */ @@ -774,21 +774,21 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t status = current_payload->verify(current_payload); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "Payload type %s verification failed", + this->logger->log(this->logger, ERROR, "%s payload verification failed", mapping_find(payload_type_m,current_payload_type)); current_payload->destroy(current_payload); status = VERIFY_ERROR; return status; } - this->logger->log(this->logger, CONTROL|LEVEL2, "Payload verified. Adding to payload list", + this->logger->log(this->logger, CONTROL|LEVEL2, "%s payload verified. Adding to payload list", mapping_find(payload_type_m, current_payload_type)); this->payloads->insert_last(this->payloads,current_payload); /* an encryption payload is the last one, so STOP here. decryption is done later */ if (current_payload_type == ENCRYPTED) { - this->logger->log(this->logger, CONTROL|LEVEL2, "Payload of type encrypted found. Stop parsing", + this->logger->log(this->logger, CONTROL|LEVEL2, "%s payload found. Stop parsing", mapping_find(payload_type_m, current_payload_type)); break; } @@ -1153,7 +1153,6 @@ static void destroy (private_message_t *this) iterator->destroy(iterator); this->payloads->destroy(this->payloads); this->parser->destroy(this->parser); - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); allocator_free(this); } @@ -1218,7 +1217,7 @@ message_t *message_create_from_packet(packet_t *packet) /* parser is created from data of packet */ this->parser = parser_create(this->packet->get_data(this->packet)); - this->logger = charon->logger_manager->create_logger(charon->logger_manager, MESSAGE, NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, MESSAGE); return (&this->public); } @@ -1246,7 +1245,7 @@ message_t *message_create_notify_reply(host_t *source, host_t *destination, exch message->set_message_id(message,0); message->set_ike_sa_id(message, ike_sa_id); - payload = notify_payload_create_from_protocol_and_type(IKE,notify_type); + payload = notify_payload_create_from_protocol_and_type(PROTO_IKE, notify_type); message->add_payload(message,(payload_t *) payload); return message; diff --git a/Source/charon/encoding/parser.c b/Source/charon/encoding/parser.c index f161391bd..769a815df 100644 --- a/Source/charon/encoding/parser.c +++ b/Source/charon/encoding/parser.c @@ -1027,7 +1027,6 @@ static void reset_context (private_parser_t *this) */ static void destroy(private_parser_t *this) { - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); allocator_free(this); } @@ -1038,7 +1037,7 @@ parser_t *parser_create(chunk_t data) { private_parser_t *this = allocator_alloc_thing(private_parser_t); - this->logger = charon->logger_manager->create_logger(charon->logger_manager, PARSER, NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, PARSER); this->public.parse_payload = (status_t(*)(parser_t*,payload_type_t,payload_t**)) parse_payload; this->public.reset_context = (void(*)(parser_t*)) reset_context; diff --git a/Source/charon/encoding/payloads/auth_payload.c b/Source/charon/encoding/payloads/auth_payload.c index 73e5abd5d..8adb6fd6d 100644 --- a/Source/charon/encoding/payloads/auth_payload.c +++ b/Source/charon/encoding/payloads/auth_payload.c @@ -116,11 +116,6 @@ encoding_rule_t auth_payload_encodings[] = { */ static status_t verify(private_auth_payload_t *this) { - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } if ((this->auth_method == 0) || ((this->auth_method >= 4) && (this->auth_method <= 200))) { diff --git a/Source/charon/encoding/payloads/cert_payload.c b/Source/charon/encoding/payloads/cert_payload.c index 10256cf8e..a361f1345 100644 --- a/Source/charon/encoding/payloads/cert_payload.c +++ b/Source/charon/encoding/payloads/cert_payload.c @@ -129,11 +129,6 @@ encoding_rule_t cert_payload_encodings[] = { */ static status_t verify(private_cert_payload_t *this) { - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } if ((this->cert_encoding == 0) || ((this->cert_encoding >= 14) && (this->cert_encoding <= 200))) { diff --git a/Source/charon/encoding/payloads/certreq_payload.c b/Source/charon/encoding/payloads/certreq_payload.c index 8058ff08f..b7372a7a2 100644 --- a/Source/charon/encoding/payloads/certreq_payload.c +++ b/Source/charon/encoding/payloads/certreq_payload.c @@ -109,11 +109,6 @@ encoding_rule_t certreq_payload_encodings[] = { */ static status_t verify(private_certreq_payload_t *this) { - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } if ((this->cert_encoding == 0) || ((this->cert_encoding >= 14) && (this->cert_encoding <= 200))) { diff --git a/Source/charon/encoding/payloads/cp_payload.c b/Source/charon/encoding/payloads/cp_payload.c index cca06d1b1..e9d8af77e 100644 --- a/Source/charon/encoding/payloads/cp_payload.c +++ b/Source/charon/encoding/payloads/cp_payload.c @@ -139,12 +139,6 @@ static status_t verify(private_cp_payload_t *this) { status_t status = SUCCESS; iterator_t *iterator; - - if (this->critical) - { - /* critical bit set! */ - return FAILED; - } iterator = this->attributes->create_iterator(this->attributes,TRUE); diff --git a/Source/charon/encoding/payloads/delete_payload.c b/Source/charon/encoding/payloads/delete_payload.c index 21f064e51..59d877945 100644 --- a/Source/charon/encoding/payloads/delete_payload.c +++ b/Source/charon/encoding/payloads/delete_payload.c @@ -121,11 +121,6 @@ encoding_rule_t delete_payload_encodings[] = { */ static status_t verify(private_delete_payload_t *this) { - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } if ((this->protocol_id == 0) || (this->protocol_id > 3)) { @@ -136,7 +131,7 @@ static status_t verify(private_delete_payload_t *this) { return FAILED; } - if ((this->protocol_id == IKE) && (this->spis.len != 0)) + if ((this->protocol_id == PROTO_IKE) && (this->spis.len != 0)) { /* IKE deletion has no spi assigned! */ return FAILED; @@ -318,7 +313,7 @@ delete_payload_t *delete_payload_create() this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length =DELETE_PAYLOAD_HEADER_LENGTH; - this->protocol_id = UNDEFINED_PROTOCOL_ID; + this->protocol_id = PROTO_NONE; this->spi_size = 0; this->spi_count = 0; this->spis = CHUNK_INITIALIZER; diff --git a/Source/charon/encoding/payloads/eap_payload.c b/Source/charon/encoding/payloads/eap_payload.c index f6f8426e0..2bd8d5ee0 100644 --- a/Source/charon/encoding/payloads/eap_payload.c +++ b/Source/charon/encoding/payloads/eap_payload.c @@ -101,11 +101,6 @@ encoding_rule_t eap_payload_encodings[] = { */ static status_t verify(private_eap_payload_t *this) { - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } return SUCCESS; } diff --git a/Source/charon/encoding/payloads/encryption_payload.c b/Source/charon/encoding/payloads/encryption_payload.c index e642bb318..da48c8349 100644 --- a/Source/charon/encoding/payloads/encryption_payload.c +++ b/Source/charon/encoding/payloads/encryption_payload.c @@ -638,7 +638,6 @@ static void destroy(private_encryption_payload_t *this) current_payload->destroy(current_payload); } this->payloads->destroy(this->payloads); - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); allocator_free(this->encrypted.ptr); allocator_free(this->decrypted.ptr); allocator_free(this); @@ -677,10 +676,10 @@ encryption_payload_t *encryption_payload_create() this->compute_length = compute_length; this->generate = generate; this->parse = parse; - this->logger = charon->logger_manager->create_logger(charon->logger_manager, ENCRYPTION_PAYLOAD, NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, ENCRYPTION_PAYLOAD); /* set default values of the fields */ - this->critical = TRUE; + this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length = ENCRYPTION_PAYLOAD_HEADER_LENGTH; this->encrypted = CHUNK_INITIALIZER; diff --git a/Source/charon/encoding/payloads/id_payload.c b/Source/charon/encoding/payloads/id_payload.c index c720c7119..df37a06f5 100644 --- a/Source/charon/encoding/payloads/id_payload.c +++ b/Source/charon/encoding/payloads/id_payload.c @@ -119,11 +119,6 @@ encoding_rule_t id_payload_encodings[] = { */ static status_t verify(private_id_payload_t *this) { - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } if ((this->id_type == 0) || (this->id_type == 4) || ((this->id_type >= 6) && (this->id_type <= 8)) || diff --git a/Source/charon/encoding/payloads/ke_payload.c b/Source/charon/encoding/payloads/ke_payload.c index f1ba922ca..5cbf99b25 100644 --- a/Source/charon/encoding/payloads/ke_payload.c +++ b/Source/charon/encoding/payloads/ke_payload.c @@ -123,12 +123,6 @@ encoding_rule_t ke_payload_encodings[] = { */ static status_t verify(private_ke_payload_t *this) { - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } - /* dh group is not verified in here */ return SUCCESS; } diff --git a/Source/charon/encoding/payloads/nonce_payload.c b/Source/charon/encoding/payloads/nonce_payload.c index 63f1adddd..aa71f8bf6 100644 --- a/Source/charon/encoding/payloads/nonce_payload.c +++ b/Source/charon/encoding/payloads/nonce_payload.c @@ -111,11 +111,6 @@ encoding_rule_t nonce_payload_encodings[] = { */ static status_t verify(private_nonce_payload_t *this) { - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } if ((this->nonce.len < 16) || ((this->nonce.len > 256))) { /* nonce length is wrong */ diff --git a/Source/charon/encoding/payloads/notify_payload.c b/Source/charon/encoding/payloads/notify_payload.c index ee4b44e9e..b26f89b39 100644 --- a/Source/charon/encoding/payloads/notify_payload.c +++ b/Source/charon/encoding/payloads/notify_payload.c @@ -25,6 +25,7 @@ #include "notify_payload.h" +#include <daemon.h> #include <encoding/payloads/encodings.h> #include <utils/allocator.h> @@ -105,6 +106,11 @@ struct private_notify_payload_t { chunk_t notification_data; /** + * Assigned logger + */ + logger_t *logger; + + /** * @brief Computes the length of this payload. * * @param this calling private_ke_payload_t object @@ -169,11 +175,6 @@ encoding_rule_t notify_payload_encodings[] = { */ static status_t verify(private_notify_payload_t *this) { - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } if (this->protocol_id > 3) { /* reserved for future use */ @@ -191,9 +192,20 @@ static status_t verify(private_notify_payload_t *this) return FAILED; } dh_group = ntohs(*((u_int16_t*)this->notification_data.ptr)); - if (dh_group < MODP_1024_BIT || dh_group > MODP_8192_BIT) + switch (dh_group) { - return FAILED; + case MODP_768_BIT: + case MODP_1024_BIT: + case MODP_1536_BIT: + case MODP_2048_BIT: + case MODP_3072_BIT: + case MODP_4096_BIT: + case MODP_6144_BIT: + case MODP_8192_BIT: + break; + default: + this->logger->log(this->logger, ERROR, "Bad DH group (%d)", dh_group); + return FAILED; } } return SUCCESS; @@ -402,7 +414,7 @@ notify_payload_t *notify_payload_create() this->compute_length = compute_length; /* set default values of the fields */ - this->critical = NOTIFY_PAYLOAD_CRITICAL_FLAG; + this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length = NOTIFY_PAYLOAD_HEADER_LENGTH; this->protocol_id = 0; @@ -412,6 +424,7 @@ notify_payload_t *notify_payload_create() this->spi_size = 0; this->notification_data.ptr = NULL; this->notification_data.len = 0; + this->logger = charon->logger_manager->get_logger(charon->logger_manager, PAYLOAD); return (&(this->public)); } diff --git a/Source/charon/encoding/payloads/notify_payload.h b/Source/charon/encoding/payloads/notify_payload.h index 148a8833f..093f99144 100644 --- a/Source/charon/encoding/payloads/notify_payload.h +++ b/Source/charon/encoding/payloads/notify_payload.h @@ -30,13 +30,6 @@ #include <utils/linked_list.h> /** - * Critical flag must not be set. - * - * @ingroup payloads - */ -#define NOTIFY_PAYLOAD_CRITICAL_FLAG FALSE; - -/** * Notify payload length in bytes without any spi and notification data. * * @ingroup payloads diff --git a/Source/charon/encoding/payloads/proposal_substructure.c b/Source/charon/encoding/payloads/proposal_substructure.c index 922dde40d..4ee2e91f4 100644 --- a/Source/charon/encoding/payloads/proposal_substructure.c +++ b/Source/charon/encoding/payloads/proposal_substructure.c @@ -620,7 +620,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * iterator->destroy(iterator); /* take over general infos */ - this->spi_size = proto == IKE ? 8 : 4; + this->spi_size = proto == PROTO_IKE ? 8 : 4; this->spi.len = this->spi_size; this->spi.ptr = allocator_alloc(this->spi_size); *((u_int32_t*)this->spi.ptr) = proposal->get_spi(proposal, proto); diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c index 3a40d41b2..91049dd65 100644 --- a/Source/charon/encoding/payloads/sa_payload.c +++ b/Source/charon/encoding/payloads/sa_payload.c @@ -118,12 +118,6 @@ static status_t verify(private_sa_payload_t *this) status_t status = SUCCESS; iterator_t *iterator; bool first = TRUE; - - if (this->critical) - { - /* critical bit set! */ - return FAILED; - } /* check proposal numbering */ iterator = this->proposals->create_iterator(this->proposals,TRUE); @@ -269,7 +263,7 @@ static void add_proposal(private_sa_payload_t *this, proposal_t *proposal) proposal->get_protocols(proposal, proto); for (i = 0; i<2; i++) { - if (proto[i] != UNDEFINED_PROTOCOL_ID) + if (proto[i] != PROTO_NONE) { substructure = proposal_substructure_create_from_proposal(proposal, proto[i]); add_proposal_substructure(this, substructure); @@ -356,7 +350,7 @@ sa_payload_t *sa_payload_create() this->compute_length = compute_length; /* set default values of the fields */ - this->critical = SA_PAYLOAD_CRITICAL_FLAG; + this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length = SA_PAYLOAD_HEADER_LENGTH; diff --git a/Source/charon/encoding/payloads/sa_payload.h b/Source/charon/encoding/payloads/sa_payload.h index d7120ec4b..45095c030 100644 --- a/Source/charon/encoding/payloads/sa_payload.h +++ b/Source/charon/encoding/payloads/sa_payload.h @@ -29,13 +29,6 @@ #include <utils/linked_list.h> /** - * Critical flag must not be set. - * - * @ingroup payloads - */ -#define SA_PAYLOAD_CRITICAL_FLAG FALSE; - -/** * SA_PAYLOAD length in bytes without any proposal substructure. * * @ingroup payloads diff --git a/Source/charon/encoding/payloads/ts_payload.c b/Source/charon/encoding/payloads/ts_payload.c index 4bc6ccbc8..33a0cdab8 100644 --- a/Source/charon/encoding/payloads/ts_payload.c +++ b/Source/charon/encoding/payloads/ts_payload.c @@ -130,11 +130,6 @@ static status_t verify(private_ts_payload_t *this) iterator_t *iterator; status_t status = SUCCESS; - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } if (this->number_of_traffic_selectors != (this->traffic_selectors->get_count(this->traffic_selectors))) { /* must be the same */ diff --git a/Source/charon/encoding/payloads/vendor_id_payload.c b/Source/charon/encoding/payloads/vendor_id_payload.c index b598f604b..28f07608b 100644 --- a/Source/charon/encoding/payloads/vendor_id_payload.c +++ b/Source/charon/encoding/payloads/vendor_id_payload.c @@ -102,12 +102,6 @@ encoding_rule_t vendor_id_payload_encodings[] = { */ static status_t verify(private_vendor_id_payload_t *this) { - if (this->critical) - { - /* critical bit is set! */ - return FAILED; - } - return SUCCESS; } diff --git a/Source/charon/network/host.c b/Source/charon/network/host.c index 7d120886e..245df8b05 100644 --- a/Source/charon/network/host.c +++ b/Source/charon/network/host.c @@ -208,11 +208,30 @@ static private_host_t *clone(private_host_t *this) return new; } +/** + * Impelements host_t.ip_equals + */ +static bool ip_equals(private_host_t *this, private_host_t *other) +{ + switch (this->family) + { + /* IPv4 */ + case AF_INET: + { + if ((this->address4.sin_family == other->address4.sin_family) && + (this->address4.sin_addr.s_addr == other->address4.sin_addr.s_addr)) + { + return TRUE; + } + } + } + return FALSE; +} /** * Impelements host_t.equals */ -static bool ip_is_equal(private_host_t *this, private_host_t *other) +static bool equals(private_host_t *this, private_host_t *other) { switch (this->family) { @@ -220,7 +239,8 @@ static bool ip_is_equal(private_host_t *this, private_host_t *other) case AF_INET: { if ((this->address4.sin_family == other->address4.sin_family) && - (this->address4.sin_addr.s_addr == other->address4.sin_addr.s_addr)) + (this->address4.sin_addr.s_addr == other->address4.sin_addr.s_addr) && + (this->address4.sin_port == other->address4.sin_port)) { return TRUE; } @@ -253,7 +273,8 @@ static private_host_t *host_create_empty() this->public.get_address = (char* (*) (host_t *))get_address; this->public.get_address_as_chunk = (chunk_t (*) (host_t *)) get_address_as_chunk; this->public.get_port = (u_int16_t (*) (host_t *))get_port; - this->public.ip_is_equal = (bool (*) (host_t *,host_t *)) ip_is_equal; + this->public.ip_equals = (bool (*) (host_t *,host_t *)) ip_equals; + this->public.equals = (bool (*) (host_t *,host_t *)) equals; this->public.is_default_route = (bool (*) (host_t *)) is_default_route; this->public.destroy = (void (*) (host_t*))destroy; diff --git a/Source/charon/network/host.h b/Source/charon/network/host.h index c5293bcdf..d81efffa6 100644 --- a/Source/charon/network/host.h +++ b/Source/charon/network/host.h @@ -155,7 +155,16 @@ struct host_t { * @param other the other to compare * @return TRUE if addresses are equal. */ - bool (*ip_is_equal) (host_t *this, host_t *other); + bool (*ip_equals) (host_t *this, host_t *other); + + /** + * @brief Compare two hosts, with port. + * + * @param this object to compare + * @param other the other to compare + * @return TRUE if addresses and ports are equal. + */ + bool (*equals) (host_t *this, host_t *other); /** * @brief Destroy this host object diff --git a/Source/charon/network/socket.c b/Source/charon/network/socket.c index 0b6610972..c7a7ab11b 100644 --- a/Source/charon/network/socket.c +++ b/Source/charon/network/socket.c @@ -97,6 +97,11 @@ struct interface_t { * Associated socket */ int socket_fd; + + /** + * Host with listening address + */ + host_t *address; }; typedef struct private_socket_t private_socket_t; @@ -366,8 +371,9 @@ static status_t build_interface_list(private_socket_t *this, u_int16_t port) memcpy(interface->name, buf[i].ifr_name, IFNAMSIZ); interface->name[IFNAMSIZ-1] = '\0'; interface->socket_fd = skt; + interface->address = host_create_from_sockaddr((struct sockaddr*)current); this->logger->log(this->logger, CONTROL, "listening on %s (%s)", - interface->name, inet_ntoa(current->sin_addr)); + interface->name, interface->address->get_address(interface->address)); this->interfaces->insert_last(this->interfaces, (void*)interface); } @@ -380,18 +386,47 @@ static status_t build_interface_list(private_socket_t *this, u_int16_t port) } /** + * implementation of socket_t.is_listening_on + */ +static bool is_listening_on(private_socket_t *this, host_t *host) +{ + iterator_t *iterator; + + /* listening on 0.0.0.0 is always TRUE */ + if (host->is_default_route(host)) + { + return TRUE; + } + + /* compare host with all interfaces */ + iterator = this->interfaces->create_iterator(this->interfaces, TRUE); + while (iterator->has_next(iterator)) + { + interface_t *interface; + iterator->current(iterator, (void**)&interface); + if (host->equals(host, interface->address)) + { + iterator->destroy(iterator); + return TRUE; + } + } + iterator->destroy(iterator); + return FALSE; +} + +/** * implementation of socket_t.destroy */ -void destroy(private_socket_t *this) +static void destroy(private_socket_t *this) { interface_t *interface; while (this->interfaces->remove_last(this->interfaces, (void**)&interface) == SUCCESS) { + interface->address->destroy(interface->address); close(interface->socket_fd); allocator_free(interface); } this->interfaces->destroy(this->interfaces); - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); close(this->master_fd); allocator_free(this); } @@ -406,9 +441,10 @@ socket_t *socket_create(u_int16_t port) /* public functions */ this->public.send = (status_t(*)(socket_t*, packet_t*))sender; this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver; + this->public.is_listening_on = (bool (*)(socket_t*,host_t*))is_listening_on; this->public.destroy = (void(*)(socket_t*)) destroy; - this->logger = charon->logger_manager->create_logger(charon->logger_manager, SOCKET, NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, SOCKET); this->interfaces = linked_list_create(); if (build_interface_list(this, port) != SUCCESS) diff --git a/Source/charon/network/socket.h b/Source/charon/network/socket.h index 7e43ffab5..498e7700a 100644 --- a/Source/charon/network/socket.h +++ b/Source/charon/network/socket.h @@ -93,6 +93,15 @@ struct socket_t { status_t (*send) (socket_t *sock, packet_t *packet); /** + * @brief Check if socket listens on an address. + * + * @param sock socket_t object to work on + * @param host address to check + * @return TRUE if listening on host, FALSE otherwise + */ + bool (*is_listening_on) (socket_t *sock, host_t *host); + + /** * @brief Destroy sockets. * * close sockets and destroy socket_t object diff --git a/Source/charon/sa/authenticator.c b/Source/charon/sa/authenticator.c index 8b96246ac..92dee5c62 100644 --- a/Source/charon/sa/authenticator.c +++ b/Source/charon/sa/authenticator.c @@ -125,9 +125,6 @@ static chunk_t allocate_octets(private_authenticator_t *this, chunk_t octets; id_with_header[0] = my_id->get_id_type(my_id); - /* TODO: - * Reserved bytes are not in any case zero. - */ id_with_header[1] = 0x00; id_with_header[2] = 0x00; id_with_header[3] = 0x00; @@ -213,11 +210,11 @@ static status_t verify_auth_data (private_authenticator_t *this, } chunk_t my_auth_data = this->build_preshared_secret_signature(this, - last_received_packet, - my_nonce, - other_id_payload, - initiator, - preshared_secret); + last_received_packet, + my_nonce, + other_id_payload, + initiator, + preshared_secret); allocator_free_chunk(&preshared_secret); if (auth_data.len != my_auth_data.len) @@ -251,8 +248,8 @@ static status_t verify_auth_data (private_authenticator_t *this, auth_data = auth_payload->get_data(auth_payload); status = charon->credentials->get_rsa_public_key(charon->credentials, - other_id, - &public_key); + other_id, + &public_key); if (status != SUCCESS) { other_id->destroy(other_id); @@ -393,5 +390,5 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa) this->prf = this->ike_sa->get_prf(this->ike_sa); this->logger = this->ike_sa->get_logger(this->ike_sa); - return &(this->public); + return &(this->public); } diff --git a/Source/charon/sa/child_sa.c b/Source/charon/sa/child_sa.c index 64257b34b..7f19f87e6 100644 --- a/Source/charon/sa/child_sa.c +++ b/Source/charon/sa/child_sa.c @@ -142,7 +142,7 @@ static status_t alloc(private_child_sa_t *this, linked_list_t *proposals) { switch (protocols[i]) { - case AH: + case PROTO_AH: /* do we already have an spi for AH?*/ if (this->my_ah_spi == 0) { @@ -150,13 +150,13 @@ static status_t alloc(private_child_sa_t *this, linked_list_t *proposals) status = charon->kernel_interface->get_spi( charon->kernel_interface, this->me, this->other, - AH, FALSE, + PROTO_AH, FALSE, &(this->my_ah_spi)); } /* update proposal */ - proposal->set_spi(proposal, AH, (u_int64_t)this->my_ah_spi); + proposal->set_spi(proposal, PROTO_AH, (u_int64_t)this->my_ah_spi); break; - case ESP: + case PROTO_ESP: /* do we already have an spi for ESP?*/ if (this->my_esp_spi == 0) { @@ -164,11 +164,11 @@ static status_t alloc(private_child_sa_t *this, linked_list_t *proposals) status = charon->kernel_interface->get_spi( charon->kernel_interface, this->me, this->other, - ESP, FALSE, + PROTO_ESP, FALSE, &(this->my_esp_spi)); } /* update proposal */ - proposal->set_spi(proposal, ESP, (u_int64_t)this->my_esp_spi); + proposal->set_spi(proposal, PROTO_ESP, (u_int64_t)this->my_esp_spi); break; default: break; @@ -216,14 +216,14 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal, prf_plus /* derive keys in order as protocols appear */ for (i = 0; i<2; i++) { - if (protocols[i] != UNDEFINED_PROTOCOL_ID) + if (protocols[i] != PROTO_NONE) { /* now we have to decide which spi to use. Use self allocated, if "mine", * or the one in the proposal, if not "mine" (others). */ if (mine) { - if (protocols[i] == AH) + if (protocols[i] == PROTO_AH) { spi = this->my_ah_spi; } @@ -235,7 +235,7 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal, prf_plus else /* use proposals spi */ { spi = proposal->get_spi(proposal, protocols[i]); - if (protocols[i] == AH) + if (protocols[i] == PROTO_AH) { this->other_ah_spi = spi; } @@ -499,19 +499,17 @@ static void destroy(private_child_sa_t *this) if (this->my_ah_spi) { charon->kernel_interface->del_sa(charon->kernel_interface, - this->other, this->my_ah_spi, AH); + this->other, this->my_ah_spi, PROTO_AH); charon->kernel_interface->del_sa(charon->kernel_interface, - this->me, this->other_ah_spi, AH); + this->me, this->other_ah_spi, PROTO_AH); } if (this->my_esp_spi) { charon->kernel_interface->del_sa(charon->kernel_interface, - this->other, this->my_esp_spi, ESP); + this->other, this->my_esp_spi, PROTO_ESP); charon->kernel_interface->del_sa(charon->kernel_interface, - this->me, this->other_esp_spi, ESP); + this->me, this->other_esp_spi, PROTO_ESP); } - - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); allocator_free(this); } @@ -531,7 +529,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other) this->public.destroy = (void(*)(child_sa_t*))destroy; /* private data */ - this->logger = charon->logger_manager->create_logger(charon->logger_manager, CHILD_SA, NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, CHILD_SA); this->me = me; this->other = other; this->my_ah_spi = 0; diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c index c990e1dac..622ea3402 100644 --- a/Source/charon/sa/ike_sa.c +++ b/Source/charon/sa/ike_sa.c @@ -321,7 +321,7 @@ static void send_delete_ike_sa_request (private_ike_sa_t *this) this->protected.build_message(&(this->protected), INFORMATIONAL, TRUE, &informational_request); delete_payload = delete_payload_create(); - delete_payload->set_protocol_id(delete_payload,IKE); + delete_payload->set_protocol_id(delete_payload, PROTO_IKE); informational_request->add_payload(informational_request,(payload_t *)delete_payload); @@ -502,7 +502,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d { this->prf->destroy(this->prf); } - proposal->get_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, &algo); + proposal->get_algorithm(proposal, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, &algo); if (algo == NULL) { this->logger->log(this->logger, ERROR|LEVEL2, "No PRF algoithm selected!?"); @@ -568,7 +568,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d /* SK_ai/SK_ar used for integrity protection */ - proposal->get_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, &algo); + proposal->get_algorithm(proposal, PROTO_IKE, INTEGRITY_ALGORITHM, &algo); if (algo == NULL) { this->logger->log(this->logger, ERROR|LEVEL2, "No integrity algoithm selected?!"); @@ -606,7 +606,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d /* SK_ei/SK_er used for encryption */ - proposal->get_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, &algo); + proposal->get_algorithm(proposal, PROTO_IKE, ENCRYPTION_ALGORITHM, &algo); if (algo == NULL) { this->logger->log(this->logger, ERROR|LEVEL2, "No encryption algoithm selected!?"); @@ -644,7 +644,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d allocator_free_chunk(&key); /* SK_pi/SK_pr used for authentication */ - proposal->get_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, &algo); + proposal->get_algorithm(proposal, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, &algo); if (this->prf_auth_i != NULL) { this->prf_auth_i->destroy(this->prf_auth_i); @@ -861,7 +861,7 @@ static void send_notify(private_ike_sa_t *this, exchange_type_t exchange_type, n this->logger->log(this->logger, CONTROL|LEVEL2, "Going to build message with notify payload"); /* set up the reply */ this->protected.build_message(&(this->protected), exchange_type, FALSE, &response); - payload = notify_payload_create_from_protocol_and_type(IKE,type); + payload = notify_payload_create_from_protocol_and_type(PROTO_IKE, type); if ((data.ptr != NULL) && (data.len > 0)) { this->logger->log(this->logger, CONTROL|LEVEL2, "Add Data to notify payload"); @@ -1023,7 +1023,6 @@ static void destroy (private_ike_sa_t *this) this->ike_sa_id->destroy(this->ike_sa_id); this->randomizer->destroy(this->randomizer); this->current_state->destroy(this->current_state); - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); allocator_free(this); } @@ -1076,7 +1075,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->resend_last_reply = resend_last_reply; /* initialize private fields */ - this->logger = charon->logger_manager->create_logger(charon->logger_manager, IKE_SA, NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA); this->ike_sa_id = ike_sa_id->clone(ike_sa_id); this->child_sas = linked_list_create(); diff --git a/Source/charon/sa/ike_sa_manager.c b/Source/charon/sa/ike_sa_manager.c index 0eec8ea5d..ebb306a49 100644 --- a/Source/charon/sa/ike_sa_manager.c +++ b/Source/charon/sa/ike_sa_manager.c @@ -667,9 +667,6 @@ static void destroy(private_ike_sa_manager_t *this) this->logger->log(this->logger,CONTROL | LEVEL2,"IKE_SA's deleted"); pthread_mutex_unlock(&(this->mutex)); - /* destroy logger at end */ - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); - allocator_free(this); } @@ -695,7 +692,7 @@ ike_sa_manager_t *ike_sa_manager_create() this->delete_entry = delete_entry; /* initialize private variables */ - this->logger = charon->logger_manager->create_logger(charon->logger_manager,IKE_SA_MANAGER,NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA_MANAGER); this->ike_sa_list = linked_list_create(); diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c index 3fedf431c..eecfaab1e 100644 --- a/Source/charon/sa/states/ike_auth_requested.c +++ b/Source/charon/sa/states/ike_auth_requested.c @@ -512,15 +512,8 @@ static status_t process_notify_payload(private_ike_auth_requested_t *this, notif { notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload); - this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s", - mapping_find(notify_message_type_m, notify_message_type), - mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload))); - - if (notify_payload->get_protocol_id(notify_payload) != IKE) - { - this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a notify for an invalid protocol. Deleting IKE_SA"); - return DELETE_ME; - } + this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s", + mapping_find(notify_message_type_m, notify_message_type)); switch (notify_message_type) { diff --git a/Source/charon/sa/states/ike_sa_established.c b/Source/charon/sa/states/ike_sa_established.c index 976ed7688..37b69c29c 100644 --- a/Source/charon/sa/states/ike_sa_established.c +++ b/Source/charon/sa/states/ike_sa_established.c @@ -151,7 +151,7 @@ static status_t process_message(private_ike_sa_established_t *this, message_t *m if (delete_request) { - if (delete_request->get_protocol_id(delete_request) == IKE) + if (delete_request->get_protocol_id(delete_request) == PROTO_IKE) { this->logger->log(this->logger, AUDIT, "DELETE request for IKE_SA received"); response->destroy(response); diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index 0c4b6b690..904dadf05 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -294,8 +294,9 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t if (status != SUCCESS) { payloads->destroy(payloads); - return status; + return status; } + break; } default: { @@ -537,11 +538,6 @@ static status_t build_sa_payload (private_ike_sa_init_requested_t *this, message return DELETE_ME; } - /* TODO: - * Huston, we've got a problem here. Since SPIs are stored in - * the proposal, and these proposals are shared across configs, - * there may be some threading issues... fix it! - */ sa_payload = sa_payload_create_from_proposal_list(proposal_list); this->logger->log(this->logger, CONTROL|LEVEL2, "Add SA payload to message"); @@ -595,15 +591,9 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no { notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload); - this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s", - mapping_find(notify_message_type_m, notify_message_type), - mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload))); - - if (notify_payload->get_protocol_id(notify_payload) != IKE) - { - this->logger->log(this->logger, ERROR | LEVEL1, "Notify reply not for IKE protocol."); - return FAILED; - } + this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s", + mapping_find(notify_message_type_m, notify_message_type)); + switch (notify_message_type) { case NO_PROPOSAL_CHOSEN: @@ -620,16 +610,24 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no { initiator_init_t *initiator_init_state; chunk_t notify_data; - diffie_hellman_group_t dh_group; + diffie_hellman_group_t dh_group, old_dh_group; connection_t *connection; + connection = this->ike_sa->get_connection(this->ike_sa); + old_dh_group = connection->get_dh_group(connection); notify_data = notify_payload->get_notification_data(notify_payload); dh_group = ntohs(*((u_int16_t*)notify_data.ptr)); - this->logger->log(this->logger, ERROR|LEVEL1, "Peer wouldn't accept DH group, it requested %s!", + /* TODO: + * We are very restrictive here: If the other didn't accept + * our DH group, and we do not accept his offer, continuation + * is cancelled... + */ + + this->logger->log(this->logger, AUDIT, "Peer didn't accept %s, it requested %s!", + mapping_find(diffie_hellman_group_m, old_dh_group), mapping_find(diffie_hellman_group_m, dh_group)); /* check if we can accept this dh group */ - connection = this->ike_sa->get_connection(this->ike_sa); if (!connection->check_dh_group(connection, dh_group)) { this->logger->log(this->logger, AUDIT, @@ -649,9 +647,6 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no this->ike_sa->set_new_state(this->ike_sa,(state_t *) initiator_init_state); /* state has NOW changed :-) */ - this->logger->log(this->logger, CONTROL|LEVEL1, "Changed state of IKE_SA from %s to %s", - mapping_find(ike_sa_state_m,INITIATOR_INIT), mapping_find(ike_sa_state_m,IKE_SA_INIT_REQUESTED)); - this->logger->log(this->logger, CONTROL|LEVEL2, "Destroy old sate object"); this->logger->log(this->logger, CONTROL|LEVEL2, "Going to retry initialization of connection"); diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index 751f13517..da3b68ce6 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -572,9 +572,8 @@ static status_t process_notify_payload(private_ike_sa_init_responded_t *this, no { notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload); - this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s", - mapping_find(notify_message_type_m, notify_message_type), - mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload))); + this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s", + mapping_find(notify_message_type_m, notify_message_type)); switch (notify_message_type) { diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c index 6db0a662c..a1d951b5f 100644 --- a/Source/charon/sa/states/responder_init.c +++ b/Source/charon/sa/states/responder_init.c @@ -344,7 +344,7 @@ static status_t build_sa_payload(private_responder_init_t *this,sa_payload_t *sa return DELETE_ME; } /* get selected DH group to force policy, this is very restrictive!? */ - this->proposal->get_algorithm(this->proposal, IKE, DIFFIE_HELLMAN_GROUP, &algo); + this->proposal->get_algorithm(this->proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, &algo); this->dh_group_number = algo->algorithm; this->logger->log(this->logger, CONTROL | LEVEL2, "SA Payload processed"); @@ -458,11 +458,10 @@ static status_t process_notify_payload(private_responder_init_t *this, notify_pa { notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload); - this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s", - mapping_find(notify_message_type_m, notify_message_type), - mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload))); + this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s", + mapping_find(notify_message_type_m, notify_message_type)); - if (notify_payload->get_protocol_id(notify_payload) != IKE) + if (notify_payload->get_protocol_id(notify_payload) != PROTO_IKE) { this->logger->log(this->logger, ERROR | LEVEL1, "Notify reply not for IKE protocol."); return FAILED; diff --git a/Source/charon/stroke.c b/Source/charon/stroke.c index 8f5f32497..6f4ceb879 100644 --- a/Source/charon/stroke.c +++ b/Source/charon/stroke.c @@ -77,10 +77,10 @@ static int send_stroke_msg (stroke_msg_t *msg) } static int add_connection(char *name, - char *my_id, char *other_id, - char *my_addr, char *other_addr, - char *my_net, char *other_net, - u_int8_t my_netmask, u_int8_t other_netmask) + char *my_id, char *other_id, + char *my_addr, char *other_addr, + char *my_net, char *other_net, + u_int8_t my_netmask, u_int8_t other_netmask) { stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); int res; diff --git a/Source/charon/testcases/aes_cbc_crypter_test.c b/Source/charon/testcases/aes_cbc_crypter_test.c index 3208e847b..1ea2983cd 100644 --- a/Source/charon/testcases/aes_cbc_crypter_test.c +++ b/Source/charon/testcases/aes_cbc_crypter_test.c @@ -53,7 +53,7 @@ void test_aes_cbc_crypter(protected_tester_t *tester) chunk_t decrypted1; logger_t *logger; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"AES CBC"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); crypter = (crypter_t *) aes_cbc_crypter_create(16); tester->assert_true(tester, (crypter != NULL), "create call test"); @@ -198,7 +198,5 @@ void test_aes_cbc_crypter(protected_tester_t *tester) allocator_free_chunk(&decrypted3); crypter->destroy(crypter); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } diff --git a/Source/charon/testcases/diffie_hellman_test.c b/Source/charon/testcases/diffie_hellman_test.c index e1e54af41..7a7462268 100644 --- a/Source/charon/testcases/diffie_hellman_test.c +++ b/Source/charon/testcases/diffie_hellman_test.c @@ -39,7 +39,7 @@ void test_diffie_hellman(protected_tester_t *tester) chunk_t my_public_value, other_public_value; chunk_t my_secret, other_secret; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Diffie Hellman"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); my_diffie_hellman = diffie_hellman_create(MODP_1024_BIT); @@ -60,18 +60,17 @@ void test_diffie_hellman(protected_tester_t *tester) allocator_free(my_public_value.ptr); allocator_free(other_public_value.ptr); - tester->assert_true(tester,( my_diffie_hellman->get_shared_secret(my_diffie_hellman,&my_secret) == SUCCESS), "get_shared_secret call check"); + tester->assert_true(tester,(my_diffie_hellman->get_shared_secret(my_diffie_hellman,&my_secret) == SUCCESS), "get_shared_secret call check"); logger->log_chunk(logger,RAW,"My shared secret",my_secret); - tester->assert_true(tester,( other_diffie_hellman->get_shared_secret(other_diffie_hellman,&other_secret) == SUCCESS), "get_shared_secret call check"); + tester->assert_true(tester,(other_diffie_hellman->get_shared_secret(other_diffie_hellman,&other_secret) == SUCCESS), "get_shared_secret call check"); logger->log_chunk(logger,RAW,"Other shared secret",other_secret); - tester->assert_true(tester,( memcmp(my_secret.ptr,other_secret.ptr,other_secret.len) == 0), "shared secret same value check"); + tester->assert_true(tester,(memcmp(my_secret.ptr,other_secret.ptr,other_secret.len) == 0), "shared secret same value check"); allocator_free(my_secret.ptr); allocator_free(other_secret.ptr); my_diffie_hellman->destroy(my_diffie_hellman); other_diffie_hellman->destroy(other_diffie_hellman); - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } diff --git a/Source/charon/testcases/encryption_payload_test.c b/Source/charon/testcases/encryption_payload_test.c index 8f6a0c5c7..45572374b 100644 --- a/Source/charon/testcases/encryption_payload_test.c +++ b/Source/charon/testcases/encryption_payload_test.c @@ -60,7 +60,7 @@ void test_encryption_payload(protected_tester_t *tester) key.ptr = key_bytes; key.len = sizeof(key_bytes); - logger = charon->logger_manager->create_logger(charon->logger_manager, TESTER, NULL); + logger = charon->logger_manager->get_logger(charon->logger_manager, TESTER); nonce.ptr = "test text und so..."; nonce.len = strlen(nonce.ptr) +1; diff --git a/Source/charon/testcases/generator_test.c b/Source/charon/testcases/generator_test.c index e23540112..df999ccc9 100644 --- a/Source/charon/testcases/generator_test.c +++ b/Source/charon/testcases/generator_test.c @@ -58,7 +58,7 @@ void test_generator_with_header_payload(protected_tester_t *tester) chunk_t generated_data; logger_t *logger; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"header payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager, TESTER); header_data = ike_header_create(); header_data->set_initiator_spi(header_data,1); @@ -129,7 +129,6 @@ void test_generator_with_header_payload(protected_tester_t *tester) header_data->destroy(header_data); - charon->logger_manager->destroy_logger(charon->logger_manager,logger); generator->destroy(generator); } @@ -143,7 +142,7 @@ void test_generator_with_transform_attribute(protected_tester_t *tester) chunk_t generated_data; logger_t *logger; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"transform_attribute payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager, TESTER); /* test empty attribute */ @@ -222,9 +221,6 @@ void test_generator_with_transform_attribute(protected_tester_t *tester) allocator_free_chunk(&generated_data); attribute->destroy(attribute); generator->destroy(generator); - - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } @@ -241,7 +237,7 @@ void test_generator_with_transform_substructure(protected_tester_t *tester) chunk_t generated_data; logger_t *logger; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"transform substr."); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -293,9 +289,6 @@ void test_generator_with_transform_substructure(protected_tester_t *tester) allocator_free_chunk(&generated_data); transform->destroy(transform); generator->destroy(generator); - - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } @@ -312,7 +305,7 @@ void test_generator_with_proposal_substructure(protected_tester_t *tester) chunk_t generated_data; logger_t *logger; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"transform substr."); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -409,9 +402,6 @@ void test_generator_with_proposal_substructure(protected_tester_t *tester) allocator_free_chunk(&generated_data); proposal->destroy(proposal); generator->destroy(generator); - - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } /* @@ -432,7 +422,7 @@ void test_generator_with_sa_payload(protected_tester_t *tester) chunk_t generated_data; logger_t *logger; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with SA Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -756,9 +746,6 @@ void test_generator_with_sa_payload(protected_tester_t *tester) allocator_free_chunk(&generated_data); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); - } /* @@ -772,7 +759,7 @@ void test_generator_with_ke_payload(protected_tester_t *tester) chunk_t generated_data; chunk_t key_exchange_data; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with KE Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -811,8 +798,6 @@ void test_generator_with_ke_payload(protected_tester_t *tester) ke_payload->destroy(ke_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } @@ -827,7 +812,7 @@ void test_generator_with_notify_payload(protected_tester_t *tester) chunk_t generated_data; chunk_t spi,notification_data; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with Notify Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -871,9 +856,6 @@ void test_generator_with_notify_payload(protected_tester_t *tester) notify_payload->destroy(notify_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); - } /* @@ -887,7 +869,7 @@ void test_generator_with_nonce_payload(protected_tester_t *tester) chunk_t generated_data; chunk_t nonce; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with Nonce Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -925,9 +907,6 @@ void test_generator_with_nonce_payload(protected_tester_t *tester) nonce_payload->destroy(nonce_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); - } /* @@ -941,7 +920,7 @@ void test_generator_with_id_payload(protected_tester_t *tester) chunk_t generated_data; chunk_t id; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with ID Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -979,8 +958,6 @@ void test_generator_with_id_payload(protected_tester_t *tester) id_payload->destroy(id_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } /* @@ -994,7 +971,7 @@ void test_generator_with_auth_payload(protected_tester_t *tester) chunk_t generated_data; chunk_t auth; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with AUTH Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -1032,8 +1009,6 @@ void test_generator_with_auth_payload(protected_tester_t *tester) auth_payload->destroy(auth_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } /* @@ -1048,7 +1023,7 @@ void test_generator_with_ts_payload(protected_tester_t *tester) logger_t *logger; chunk_t generated_data; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with TS Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -1116,8 +1091,6 @@ void test_generator_with_ts_payload(protected_tester_t *tester) ts_payload->destroy(ts_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } /* @@ -1131,7 +1104,7 @@ void test_generator_with_cert_payload(protected_tester_t *tester) chunk_t generated_data; chunk_t cert; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with CERT Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -1168,8 +1141,6 @@ void test_generator_with_cert_payload(protected_tester_t *tester) cert_payload->destroy(cert_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } /* @@ -1183,7 +1154,7 @@ void test_generator_with_certreq_payload(protected_tester_t *tester) chunk_t generated_data; chunk_t certreq; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with CERTREQ Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -1220,8 +1191,6 @@ void test_generator_with_certreq_payload(protected_tester_t *tester) certreq_payload->destroy(certreq_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } /* @@ -1235,7 +1204,7 @@ void test_generator_with_delete_payload(protected_tester_t *tester) chunk_t generated_data; chunk_t spis; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with DELETE Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -1274,8 +1243,6 @@ void test_generator_with_delete_payload(protected_tester_t *tester) delete_payload->destroy(delete_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } /* @@ -1289,7 +1256,7 @@ void test_generator_with_vendor_id_payload(protected_tester_t *tester) chunk_t generated_data; chunk_t data; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with VENDOR ID Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -1323,8 +1290,6 @@ void test_generator_with_vendor_id_payload(protected_tester_t *tester) vendor_id_payload->destroy(vendor_id_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } /* @@ -1339,7 +1304,7 @@ void test_generator_with_cp_payload(protected_tester_t *tester) chunk_t generated_data; logger_t *logger; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"CP Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); @@ -1396,9 +1361,6 @@ void test_generator_with_cp_payload(protected_tester_t *tester) allocator_free_chunk(&generated_data); configuration->destroy(configuration); generator->destroy(generator); - - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } /* @@ -1412,7 +1374,7 @@ void test_generator_with_eap_payload(protected_tester_t *tester) chunk_t generated_data; chunk_t message; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with EAP Payload"); + logger = charon->logger_manager->get_logger(charon->logger_manager,TESTER); /* create generator */ generator = generator_create(); diff --git a/Source/charon/testcases/hmac_signer_test.c b/Source/charon/testcases/hmac_signer_test.c index e5c4bac43..6fd74c123 100644 --- a/Source/charon/testcases/hmac_signer_test.c +++ b/Source/charon/testcases/hmac_signer_test.c @@ -56,7 +56,7 @@ void test_hmac_md5_signer(protected_tester_t *tester) logger_t *logger; bool valid; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"HMAC MD5 96"); + logger = charon->logger_manager->get_logger(charon->logger_manager, TESTER); signer_t *signer = (signer_t *) signer_create(AUTH_HMAC_MD5_96); tester->assert_true(tester, (signer != NULL), "signer create call check"); @@ -104,12 +104,8 @@ void test_hmac_md5_signer(protected_tester_t *tester) valid = signer->verify_signature(signer, data[i],wrong_reference[i]); tester->assert_true(tester, (valid == FALSE), "Signature not valid check"); - } - - - + } signer->destroy(signer); - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } @@ -138,7 +134,7 @@ void test_hmac_sha1_signer(protected_tester_t *tester) logger_t *logger; bool valid; - logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"HMAC SHA1 96"); + logger = charon->logger_manager->get_logger(charon->logger_manager, TESTER); signer_t *signer = (signer_t *) signer_create(AUTH_HMAC_SHA1_96); tester->assert_true(tester, (signer != NULL), "signer create call check"); diff --git a/Source/charon/testcases/policy_test.c b/Source/charon/testcases/policy_test.c index d02c419f0..da906ee9c 100644 --- a/Source/charon/testcases/policy_test.c +++ b/Source/charon/testcases/policy_test.c @@ -44,7 +44,7 @@ void test_policy(protected_tester_t *tester) logger_t *logger; identification_t *alice, *bob; - logger = charon->logger_manager->create_logger(charon->logger_manager, TESTER, NULL); + logger = charon->logger_manager->get_logger(charon->logger_manager, TESTER); logger->disable_level(logger, FULL); alice = identification_create_from_string(ID_IPV4_ADDR, "152.96.193.131"); diff --git a/Source/charon/testcases/rsa_test.c b/Source/charon/testcases/rsa_test.c index 75df88a04..31b6a249e 100644 --- a/Source/charon/testcases/rsa_test.c +++ b/Source/charon/testcases/rsa_test.c @@ -53,7 +53,7 @@ void test_rsa(protected_tester_t *tester) data.ptr = test_data; data.len = sizeof(test_data); - logger = charon->logger_manager->create_logger(charon->logger_manager, TESTER, NULL); + logger = charon->logger_manager->get_logger(charon->logger_manager, TESTER); logger->disable_level(logger, FULL); private_key = rsa_private_key_create(); diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c index aa8f372e4..1d44cf5d8 100644 --- a/Source/charon/testcases/testcases.c +++ b/Source/charon/testcases/testcases.c @@ -249,9 +249,9 @@ int main() daemon_create(); - charon->logger_manager->disable_logger_level(charon->logger_manager,TESTER,FULL); - charon->logger_manager->enable_logger_level(charon->logger_manager,CHILD_SA,FULL); - /* charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW); */ + charon->logger_manager->disable_log_level(charon->logger_manager,TESTER,FULL); + charon->logger_manager->enable_log_level(charon->logger_manager,CHILD_SA,FULL); + /* charon->logger_manager->enable_log_level(charon->logger_manager,TESTER,RAW); */ tester_t *tester = tester_create(test_output, FALSE); diff --git a/Source/charon/threads/kernel_interface.c b/Source/charon/threads/kernel_interface.c index c42a09129..87238d079 100644 --- a/Source/charon/threads/kernel_interface.c +++ b/Source/charon/threads/kernel_interface.c @@ -216,7 +216,7 @@ static status_t get_spi(private_kernel_interface_t *this, request.spi.info.id.daddr = dest->get_xfrm_addr(dest); request.spi.info.mode = TRUE; /* tunnel mode */ request.spi.info.reqid = reqid; - request.spi.info.id.proto = (protocol == ESP) ? KERNEL_ESP : KERNEL_AH; + request.spi.info.id.proto = (protocol == PROTO_ESP) ? KERNEL_ESP : KERNEL_AH; request.spi.info.family = PF_INET; request.spi.min = 0xc0000000; request.spi.max = 0xcFFFFFFF; @@ -270,7 +270,7 @@ static status_t add_sa( private_kernel_interface_t *this, request.sa.id.daddr = other->get_xfrm_addr(other); request.sa.id.spi = spi; - request.sa.id.proto = (protocol == ESP) ? KERNEL_ESP : KERNEL_AH; + request.sa.id.proto = (protocol == PROTO_ESP) ? KERNEL_ESP : KERNEL_AH; request.sa.family = me->get_family(me); request.sa.mode = TRUE; /* tunnel mode */ request.sa.replay_window = 32; @@ -348,7 +348,7 @@ static status_t del_sa( private_kernel_interface_t *this, request.sa_id.daddr = dst->get_xfrm_addr(dst); request.sa_id.spi = spi; - request.sa_id.proto = (protocol == ESP) ? KERNEL_ESP : KERNEL_AH; + request.sa_id.proto = (protocol == PROTO_ESP) ? KERNEL_ESP : KERNEL_AH; request.sa_id.family = dst->get_family(dst); request.hdr.nlmsg_len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(request.sa_id))); @@ -686,6 +686,6 @@ kernel_interface_t *kernel_interface_create() charon->kill(charon, "Unable to create netlink thread"); } - charon->logger_manager->enable_logger_level(charon->logger_manager, TESTER, FULL); + charon->logger_manager->enable_log_level(charon->logger_manager, TESTER, FULL); return (&this->public); } diff --git a/Source/charon/threads/receiver.c b/Source/charon/threads/receiver.c index 3b22c822c..9058ecbc4 100644 --- a/Source/charon/threads/receiver.c +++ b/Source/charon/threads/receiver.c @@ -102,8 +102,6 @@ static void destroy(private_receiver_t *this) pthread_join(this->assigned_thread, NULL); this->logger->log(this->logger, CONTROL | LEVEL1, "Receiver thread terminated"); - - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); allocator_free(this); } @@ -118,12 +116,11 @@ receiver_t * receiver_create() this->public.destroy = (void(*)(receiver_t*)) destroy; this->receive_packets = receive_packets; - this->logger = charon->logger_manager->create_logger(charon->logger_manager, RECEIVER, NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, RECEIVER); if (pthread_create(&(this->assigned_thread), NULL, (void*(*)(void*))this->receive_packets, this) != 0) { this->logger->log(this->logger, ERROR, "Receiver thread could not be started"); - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); allocator_free(this); charon->kill(charon, "Unable to create receiver thread"); } diff --git a/Source/charon/threads/scheduler.c b/Source/charon/threads/scheduler.c index 8205cfd45..8750cdae9 100644 --- a/Source/charon/threads/scheduler.c +++ b/Source/charon/threads/scheduler.c @@ -96,9 +96,7 @@ static void destroy(private_scheduler_t *this) pthread_cancel(this->assigned_thread); pthread_join(this->assigned_thread, NULL); - this->logger->log(this->logger, CONTROL | LEVEL1, "Scheduler thread terminated"); - - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); + this->logger->log(this->logger, CONTROL | LEVEL1, "Scheduler thread terminated"); allocator_free(this); } @@ -113,13 +111,12 @@ scheduler_t * scheduler_create() this->public.destroy = (void(*)(scheduler_t*)) destroy; this->get_events = get_events; - this->logger = charon->logger_manager->create_logger(charon->logger_manager, SCHEDULER, NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, SCHEDULER); if (pthread_create(&(this->assigned_thread), NULL, (void*(*)(void*))this->get_events, this) != 0) { /* thread could not be created */ this->logger->log(this->logger, ERROR, "Scheduler thread could not be created!"); - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); allocator_free(this); charon->kill(charon, "Unable to create scheduler thread"); } diff --git a/Source/charon/threads/sender.c b/Source/charon/threads/sender.c index 82aa2b2e3..90d9e409c 100644 --- a/Source/charon/threads/sender.c +++ b/Source/charon/threads/sender.c @@ -99,9 +99,7 @@ static void destroy(private_sender_t *this) pthread_cancel(this->assigned_thread); pthread_join(this->assigned_thread, NULL); - this->logger->log(this->logger, CONTROL | LEVEL1, "Sender thread terminated"); - - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); + this->logger->log(this->logger, CONTROL | LEVEL1, "Sender thread terminated"); allocator_free(this); } @@ -116,7 +114,7 @@ sender_t * sender_create() this->send_packets = send_packets; this->public.destroy = (void(*)(sender_t*)) destroy; - this->logger = charon->logger_manager->create_logger(charon->logger_manager, SENDER, NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, SENDER); if (pthread_create(&(this->assigned_thread), NULL, (void*(*)(void*))this->send_packets, this) != 0) { diff --git a/Source/charon/threads/stroke.c b/Source/charon/threads/stroke.c index 1bc94c85d..40b3cecee 100755 --- a/Source/charon/threads/stroke.c +++ b/Source/charon/threads/stroke.c @@ -224,7 +224,7 @@ static void stroke_receive(private_stroke_t *this) continue; } - this->logger->log_bytes(this->logger, CONTROL, "stroke message", (void*)msg, msg_length); + this->logger->log_bytes(this->logger, RAW, "stroke message", (void*)msg, msg_length); switch (msg->type) { @@ -327,35 +327,70 @@ static void stroke_receive(private_stroke_t *this) break; } - this->logger->log(this->logger, CONTROL, "my ID %s, others ID %s", - my_id->get_string(my_id), - other_id->get_string(other_id)); + my_ts = traffic_selector_create_from_subnet(my_subnet, *msg->add_conn.me.subnet ? msg->add_conn.me.subnet_mask : 32); + my_subnet->destroy(my_subnet); + other_ts = traffic_selector_create_from_subnet(other_subnet, *msg->add_conn.other.subnet ? msg->add_conn.other.subnet_mask : 32); + other_subnet->destroy(other_subnet); + + if (charon->socket->is_listening_on(charon->socket, other_host)) + { + this->logger->log(this->logger, CONTROL|LEVEL1, "left is other host, switching"); + + host_t *tmp_host = my_host; + identification_t *tmp_id = my_id; + traffic_selector_t *tmp_ts = my_ts; + + my_host = other_host; + other_host = tmp_host; + my_id = other_id; + other_id = tmp_id; + my_ts = other_ts; + other_ts = tmp_ts; + } + else if (charon->socket->is_listening_on(charon->socket, my_host)) + { + this->logger->log(this->logger, CONTROL|LEVEL1, "left is own host, not switching"); + } + else + { + this->logger->log(this->logger, ERROR, "left nor right host is our, aborting"); + + my_host->destroy(my_host); + other_host->destroy(other_host); + my_id->destroy(my_id); + other_id->destroy(other_id); + my_ts->destroy(my_ts); + other_ts->destroy(other_ts); + break; + } connection = connection_create(my_host, other_host, my_id->clone(my_id), other_id->clone(other_id), SHARED_KEY_MESSAGE_INTEGRITY_CODE); proposal = proposal_create(1); - proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0); - proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + proposal->add_algorithm(proposal, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + proposal->add_algorithm(proposal, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); + proposal->add_algorithm(proposal, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0); + proposal->add_algorithm(proposal, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0); + proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0); + proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0); + proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0); connection->add_proposal(connection, proposal); policy = policy_create(my_id, other_id); proposal = proposal_create(1); - proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + proposal->add_algorithm(proposal, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + proposal->add_algorithm(proposal, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); policy->add_proposal(policy, proposal); - - my_ts = traffic_selector_create_from_subnet(my_subnet, *msg->add_conn.me.subnet ? msg->add_conn.me.subnet_mask : 32); - my_subnet->destroy(my_subnet); policy->add_my_traffic_selector(policy, my_ts); - other_ts = traffic_selector_create_from_subnet(other_subnet, *msg->add_conn.other.subnet ? msg->add_conn.other.subnet_mask : 32); - other_subnet->destroy(other_subnet); policy->add_other_traffic_selector(policy, other_ts); this->configurations->insert_last(this->configurations, configuration_entry_create(msg->add_conn.name, connection, policy)); - this->logger->log(this->logger, CONTROL, "connection \"%s\" added (%d in store)", + this->logger->log(this->logger, CONTROL|LEVEL1, "connection \"%s\" added (%d in store)", msg->add_conn.name, this->configurations->get_count(this->configurations)); break; @@ -395,7 +430,7 @@ static connection_t *get_connection_by_hosts(connection_store_t *store, host_t * config_other_host = entry->connection->get_other_host(entry->connection); /* first check if ip is equal */ - if(config_other_host->ip_is_equal(config_other_host, other_host)) + if(config_other_host->ip_equals(config_other_host, other_host)) { this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s", config_other_host->get_address(config_other_host)); @@ -406,7 +441,7 @@ static connection_t *get_connection_by_hosts(connection_store_t *store, host_t * break; } /* check now if host informations are the same */ - else if (config_my_host->ip_is_equal(config_my_host,my_host)) + else if (config_my_host->ip_equals(config_my_host,my_host)) { found = entry->connection->clone(entry->connection); break; @@ -425,7 +460,7 @@ static connection_t *get_connection_by_hosts(connection_store_t *store, host_t * break; } /* check now if host informations are the same */ - else if (config_my_host->ip_is_equal(config_my_host,my_host)) + else if (config_my_host->ip_equals(config_my_host,my_host)) { found = entry->connection->clone(entry->connection); break; @@ -562,7 +597,7 @@ static policy_t *get_policy(policy_store_t *store,identification_t *my_id, ident */ static status_t get_shared_secret(credential_store_t *this, identification_t *identification, chunk_t *preshared_secret) { - char *secret = "schluessel"; + char *secret = "schluessel\n"; preshared_secret->ptr = secret; preshared_secret->len = strlen(secret) + 1; @@ -613,7 +648,6 @@ static void destroy(private_stroke_t *this) } this->rsa_public_keys->destroy(this->rsa_public_keys); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); close(this->socket); unlink(socket_addr.sun_path); allocator_free(this); @@ -653,14 +687,13 @@ stroke_t *stroke_create() this->stroke_receive = stroke_receive; this->get_connection_by_name = get_connection_by_name; - this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIG,NULL); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, CONFIG); /* set up unix socket */ this->socket = socket(AF_UNIX, SOCK_STREAM, 0); if (this->socket == -1) { this->logger->log(this->logger, ERROR, "could not create whack socket"); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); allocator_free(this); return NULL; } @@ -669,7 +702,6 @@ stroke_t *stroke_create() if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0) { this->logger->log(this->logger, ERROR, "could not bind stroke socket: %s", strerror(errno)); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); close(this->socket); allocator_free(this); return NULL; @@ -679,7 +711,6 @@ stroke_t *stroke_create() if (listen(this->socket, 0) < 0) { this->logger->log(this->logger, ERROR, "could not listen on stroke socket: %s", strerror(errno)); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); close(this->socket); unlink(socket_addr.sun_path); allocator_free(this); @@ -690,7 +721,6 @@ stroke_t *stroke_create() if (pthread_create(&(this->assigned_thread), NULL, (void*(*)(void*))this->stroke_receive, this) != 0) { this->logger->log(this->logger, ERROR, "Could not spawn stroke thread"); - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); close(this->socket); unlink(socket_addr.sun_path); allocator_free(this); diff --git a/Source/charon/threads/thread_pool.c b/Source/charon/threads/thread_pool.c index f3e2fd8e6..1f1584ec3 100644 --- a/Source/charon/threads/thread_pool.c +++ b/Source/charon/threads/thread_pool.c @@ -296,11 +296,7 @@ static void process_incoming_packet_job(private_thread_pool_t *this, incoming_pa this->create_delete_half_open_ike_sa_job(this,ike_sa_id,charon->configuration->get_half_open_ike_sa_timeout(charon->configuration)); } - status = ike_sa->process_message(ike_sa, message); - if ((status != SUCCESS) && (status != DELETE_ME)) - { - this->worker_logger->log(this->worker_logger, ERROR, "Message could not be processed by IKE SA"); - } + status = ike_sa->process_message(ike_sa, message); this->worker_logger->log(this->worker_logger, CONTROL|LEVEL3, "%s IKE SA %lld:%lld, role %s", (status == DELETE_ME) ? "Checkin and delete" : "Checkin", @@ -558,8 +554,6 @@ static void destroy(private_thread_pool_t *this) } /* free mem */ - charon->logger_manager->destroy_logger(charon->logger_manager, this->pool_logger); - charon->logger_manager->destroy_logger(charon->logger_manager, this->worker_logger); allocator_free(this->threads); allocator_free(this); } @@ -589,9 +583,9 @@ thread_pool_t *thread_pool_create(size_t pool_size) this->threads = allocator_alloc(sizeof(pthread_t) * pool_size); - this->pool_logger = charon->logger_manager->create_logger(charon->logger_manager,THREAD_POOL,NULL); + this->pool_logger = charon->logger_manager->get_logger(charon->logger_manager, THREAD_POOL); - this->worker_logger = charon->logger_manager->create_logger(charon->logger_manager,WORKER,NULL); + this->worker_logger = charon->logger_manager->get_logger(charon->logger_manager, WORKER); /* try to create as many threads as possible, up tu pool_size */ for (current = 0; current < pool_size; current++) @@ -606,8 +600,6 @@ thread_pool_t *thread_pool_create(size_t pool_size) if (current == 0) { this->pool_logger->log(this->pool_logger, ERROR, "Could not create any thread"); - charon->logger_manager->destroy_logger(charon->logger_manager, this->pool_logger); - charon->logger_manager->destroy_logger(charon->logger_manager, this->worker_logger); allocator_free(this->threads); allocator_free(this); return NULL; diff --git a/Source/charon/transforms/diffie_hellman.h b/Source/charon/transforms/diffie_hellman.h index 9a3608aea..48a165557 100644 --- a/Source/charon/transforms/diffie_hellman.h +++ b/Source/charon/transforms/diffie_hellman.h @@ -35,8 +35,6 @@ typedef enum diffie_hellman_group_t diffie_hellman_group_t; * * See IKEv2 RFC 3.3.2 and RFC 3526. * - * @warning Use of big modulus sizes can be cpu consuming. - * * @ingroup transforms */ enum diffie_hellman_group_t { diff --git a/Source/charon/transforms/rsa/rsa_private_key.c b/Source/charon/transforms/rsa/rsa_private_key.c index f6522ab17..34a217c6a 100644 --- a/Source/charon/transforms/rsa/rsa_private_key.c +++ b/Source/charon/transforms/rsa/rsa_private_key.c @@ -39,6 +39,21 @@ extern u_int8_t sha256_oid[19]; extern u_int8_t sha384_oid[19]; extern u_int8_t sha512_oid[19]; +/* +asn1_module_t rsa_private_key_module = { + {ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_INTEGER, 0, offsetof(private_rsa_private_key, version), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, n), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, e), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, d), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, p), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, q), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp1), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp2), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, coeff), 0}, + {ASN1_END, 0, 0, 0}, +};*/ + /** * Public exponent to use for key generation. */ @@ -57,6 +72,11 @@ struct private_rsa_private_key_t { rsa_private_key_t public; /** + * Version of key, as encoded in PKCS#1 + */ + u_int version; + + /** * Is the key already set ? */ bool is_key_set; diff --git a/Source/charon/utils/logger.c b/Source/charon/utils/logger.c index 3e2c93860..51efa2b8c 100644 --- a/Source/charon/utils/logger.c +++ b/Source/charon/utils/logger.c @@ -51,7 +51,7 @@ struct private_logger_t { /** * Detail-level of logger. */ - logger_level_t level; + log_level_t level; /** * Name of logger. */ @@ -72,13 +72,13 @@ struct private_logger_t { * * @warning: buffer must be at least have MAX_LOG size. */ - void (*prepend_prefix) (private_logger_t *this, logger_level_t loglevel, char *string, char *buffer); + void (*prepend_prefix) (private_logger_t *this, log_level_t loglevel, char *string, char *buffer); }; /** * Implementation of private_logger_t.prepend_prefix. */ -static void prepend_prefix(private_logger_t *this, logger_level_t loglevel, char *string, char *buffer) +static void prepend_prefix(private_logger_t *this, log_level_t loglevel, char *string, char *buffer) { char log_type, log_details; if (loglevel & CONTROL) @@ -138,7 +138,7 @@ static void prepend_prefix(private_logger_t *this, logger_level_t loglevel, char * * Yes, logg is wrong written :-). */ -static void logg(private_logger_t *this, logger_level_t loglevel, char *format, ...) +static void logg(private_logger_t *this, log_level_t loglevel, char *format, ...) { if ((this->level & loglevel) == loglevel) { @@ -170,7 +170,7 @@ static void logg(private_logger_t *this, logger_level_t loglevel, char *format, /** * Implementation of logger_t.log_bytes. */ -static void log_bytes(private_logger_t *this, logger_level_t loglevel, char *label, char *bytes, size_t len) +static void log_bytes(private_logger_t *this, log_level_t loglevel, char *label, char *bytes, size_t len) { static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; @@ -272,7 +272,7 @@ static void log_bytes(private_logger_t *this, logger_level_t loglevel, char *lab /** * Implementation of logger_t.log_chunk. */ -static void log_chunk(logger_t *this, logger_level_t loglevel, char *label, chunk_t chunk) +static void log_chunk(logger_t *this, log_level_t loglevel, char *label, chunk_t chunk) { this->log_bytes(this, loglevel, label, chunk.ptr, chunk.len); } @@ -280,7 +280,7 @@ static void log_chunk(logger_t *this, logger_level_t loglevel, char *label, chun /** * Implementation of logger_t.enable_level. */ -static void enable_level(private_logger_t *this, logger_level_t log_level) +static void enable_level(private_logger_t *this, log_level_t log_level) { this->level |= log_level; } @@ -288,12 +288,20 @@ static void enable_level(private_logger_t *this, logger_level_t log_level) /** * Implementation of logger_t.disable_level. */ -static void disable_level(private_logger_t *this, logger_level_t log_level) +static void disable_level(private_logger_t *this, log_level_t log_level) { this->level &= ~log_level; } /** + * Implementation of logger_t.get_level. + */ +static log_level_t get_level(private_logger_t *this) +{ + return this->level; +} + +/** * Implementation of logger_t.destroy. */ static void destroy(private_logger_t *this) @@ -305,16 +313,17 @@ static void destroy(private_logger_t *this) /* * Described in header. */ -logger_t *logger_create(char *logger_name, logger_level_t log_level, bool log_thread_id, FILE * output) +logger_t *logger_create(char *logger_name, log_level_t log_level, bool log_thread_id, FILE * output) { private_logger_t *this = allocator_alloc_thing(private_logger_t); /* public functions */ - this->public.log = (void(*)(logger_t*,logger_level_t,char*,...))logg; - this->public.log_bytes = (void(*)(logger_t*, logger_level_t, char*,char*,size_t))log_bytes; + this->public.log = (void(*)(logger_t*,log_level_t,char*,...))logg; + this->public.log_bytes = (void(*)(logger_t*, log_level_t, char*,char*,size_t))log_bytes; this->public.log_chunk = log_chunk; - this->public.enable_level = (void(*)(logger_t*,logger_level_t))enable_level; - this->public.disable_level = (void(*)(logger_t*,logger_level_t))disable_level; + this->public.enable_level = (void(*)(logger_t*,log_level_t))enable_level; + this->public.disable_level = (void(*)(logger_t*,log_level_t))disable_level; + this->public.get_level = (log_level_t(*)(logger_t*))get_level; this->public.destroy = (void(*)(logger_t*))destroy; /* private functions */ diff --git a/Source/charon/utils/logger.h b/Source/charon/utils/logger.h index 52c21e6ef..bdf5e180e 100644 --- a/Source/charon/utils/logger.h +++ b/Source/charon/utils/logger.h @@ -28,7 +28,7 @@ #include <types.h> -typedef enum logger_level_t logger_level_t; +typedef enum log_level_t log_level_t; /** * @brief Log Levels supported by the logger object. @@ -43,7 +43,7 @@ typedef enum logger_level_t logger_level_t; * * @ingroup utils */ -enum logger_level_t { +enum log_level_t { /** * Control flow. */ @@ -107,11 +107,11 @@ struct logger_t { * the log is done. * * @param this logger_t object - * @param loglevel or'ed set of logger_level_t's + * @param loglevel or'ed set of log_level_t's * @param format printf like format string * @param ... printf like parameters */ - void (*log) (logger_t *this, logger_level_t log_level, char *format, ...); + void (*log) (logger_t *this, log_level_t log_level, char *format, ...); /** * @brief Log some bytes, useful for debugging. @@ -120,12 +120,12 @@ struct logger_t { * the log is done. * * @param this logger_t object - * @param loglevel or'ed set of logger_level_t's + * @param loglevel or'ed set of log_level_t's * @param label a labeling name, logged with the bytes * @param bytes pointer to the bytes to dump * @param len number of bytes to dump */ - void (*log_bytes) (logger_t *this, logger_level_t loglevel, char *label, char *bytes, size_t len); + void (*log_bytes) (logger_t *this, log_level_t loglevel, char *label, char *bytes, size_t len); /** * @brief Log a chunk, useful for debugging. @@ -134,27 +134,35 @@ struct logger_t { * the log is done. * * @param this logger_t object - * @param loglevel or'ed set of logger_level_t's + * @param loglevel or'ed set of log_level_t's * @param label a labeling name, logged with the bytes * @param chunk chunk to log */ - void (*log_chunk) (logger_t *this, logger_level_t loglevel, char *label, chunk_t chunk); + void (*log_chunk) (logger_t *this, log_level_t loglevel, char *label, chunk_t chunk); /** * @brief Enables a loglevel for the current logger_t object. * - * @param this logger_t object - * @param log_level loglevel to enable + * @param this logger_t object + * @param log_level loglevel to enable */ - void (*enable_level) (logger_t *this, logger_level_t log_level); + void (*enable_level) (logger_t *this, log_level_t log_level); /** * @brief Disables a loglevel for the current logger_t object. * - * @param this logger_t object - * @param log_level loglevel to enable + * @param this logger_t object + * @param log_level loglevel to enable + */ + void (*disable_level) (logger_t *this, log_level_t log_level); + + /** + * @brief Get the currently used loglevel. + * + * @param this logger_t object + * @return currently used loglevel */ - void (*disable_level) (logger_t *this, logger_level_t log_level); + log_level_t (*get_level) (logger_t *this); /** * @brief Destroys a logger_t object. @@ -175,7 +183,7 @@ struct logger_t { * * @ingroup utils */ -logger_t *logger_create(char *logger_name, logger_level_t log_level, bool log_thread_id, FILE * output); +logger_t *logger_create(char *logger_name, log_level_t log_level, bool log_thread_id, FILE * output); #endif /*LOGGER_H_*/ diff --git a/Source/charon/utils/logger_manager.c b/Source/charon/utils/logger_manager.c index fe8ae9bc5..ad7a03164 100644 --- a/Source/charon/utils/logger_manager.c +++ b/Source/charon/utils/logger_manager.c @@ -33,28 +33,49 @@ */ mapping_t logger_context_t_mappings[] = { {PARSER, "PARSER"}, - {GENERATOR, "GENRAT"}, + {GENERATOR, "GENERATOR"}, {IKE_SA, "IKE_SA"}, - {IKE_SA_MANAGER, "ISAMGR"}, - {CHILD_SA, "CHLDSA"}, - {MESSAGE, "MESSAG"}, - {THREAD_POOL, "THPOOL"}, + {IKE_SA_MANAGER, "IKE_SA_MANAGER"}, + {CHILD_SA, "CHILD_SA"}, + {MESSAGE, "MESSAGE"}, + {THREAD_POOL, "THREAD_POOL"}, {WORKER, "WORKER"}, - {SCHEDULER, "SCHEDU"}, + {SCHEDULER, "SCHEDULER"}, {SENDER, "SENDER"}, - {RECEIVER, "RECEVR"}, + {RECEIVER, "RECEIVER"}, {SOCKET, "SOCKET"}, {TESTER, "TESTER"}, {DAEMON, "DAEMON"}, {CONFIG, "CONFIG"}, - {ENCRYPTION_PAYLOAD, "ENCPLD"}, + {ENCRYPTION_PAYLOAD, "ENCRYPTION_PAYLOAD"}, + {PAYLOAD, "PAYLOAD"}, {MAPPING_END, NULL}, }; -/** - * Maximum length of a logger name in bytes. - */ -#define MAX_LOGGER_NAME 45 +struct { + char *name; + log_level_t level; + bool log_thread_ids; + FILE *output; +} logger_defaults[] = { + { "PARSR", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* PARSER */ + { "GNRAT", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* GENERATOR */ + { "IKESA", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* IKE_SA */ + { "SAMGR", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* IKE_SA_MANAGER */ + { "CHDSA", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* CHILD_SA */ + { "MESSG", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* MESSAGE */ + { "TPOOL", ERROR|CONTROL|AUDIT|LEVEL0, FALSE, NULL}, /* THREAD_POOL */ + { "WORKR", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* WORKER */ + { "SCHED", ERROR|CONTROL|AUDIT|LEVEL0, FALSE, NULL}, /* SCHEDULER */ + { "SENDR", ERROR|CONTROL|AUDIT|LEVEL0, FALSE, NULL}, /* SENDER */ + { "RECVR", ERROR|CONTROL|AUDIT|LEVEL0, FALSE, NULL}, /* RECEIVER */ + { "SOCKT", ERROR|CONTROL|AUDIT|LEVEL0, FALSE, NULL}, /* SOCKET */ + { "TESTR", ERROR|CONTROL|AUDIT|LEVEL0, FALSE, NULL}, /* TESTER */ + { "DAEMN", ERROR|CONTROL|AUDIT|LEVEL0, FALSE, NULL}, /* DAEMON */ + { "CONFG", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* CONFIG */ + { "ENCPL", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* ENCRYPTION_PAYLOAD */ + { "PAYLD", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* PAYLOAD */ +}; typedef struct private_logger_manager_t private_logger_manager_t; @@ -69,372 +90,78 @@ struct private_logger_manager_t { logger_manager_t public; /** - * List of managed loggers. - */ - linked_list_t *loggers; - - /** - * Log Levels. - */ - linked_list_t *logger_levels; - - /** - * Used to manage logger list. - */ - pthread_mutex_t mutex; - - /** - * Default logger level for a created logger used - * if no specific logger_level is set. + * Array of loggers, one for each context */ - logger_level_t default_log_level; - - /** - * Sets set logger_level of a specific context. - * - * @param this calling object - * @param context context to set level - * @param logger_level logger_level to set - * @param enable enable specific level or disable it - */ - void (*set_logger_level) (private_logger_manager_t *this, - logger_context_t context, - logger_level_t logger_level, - bool enable); + logger_t *loggers[LOGGER_CONTEXT_ROOF]; }; - -typedef struct logger_levels_entry_t logger_levels_entry_t; - -/** - * Entry in the logger_levels linked list. - * - * This entry specifies the current log level for - * logger_t objects in specific context. - */ -struct logger_levels_entry_t { - /** - * Logger context. - */ - logger_context_t context; - - /** - * Logger level of logger context. - */ - logger_level_t level; -}; - - -typedef struct loggers_entry_t loggers_entry_t; - -/** - * Entry in the loggers linked list. - * - * @todo Replace loggers_entry_t with logger_t and add get_context() function to logger_t class. - */ -struct loggers_entry_t { - /** - * Logger context. - */ - logger_context_t context; - /** - * Assigned logger - */ - logger_t *logger; -}; - -/** - * Implementation of logger_manager_t.create_logger. - */ -static logger_t *create_logger(private_logger_manager_t *this, logger_context_t context, char * name) -{ - - char * context_name; - bool log_thread_ids = TRUE; - FILE * output = NULL; - char buffer[MAX_LOGGER_NAME]; - loggers_entry_t *entry; - logger_t *logger; - logger_level_t logger_level = 0; - - context_name = mapping_find(logger_context_t_mappings,context); - - /* output to stdout, since we are debugging all days */ - output = LOG_OUTPUT; - - /* defaults */ - log_thread_ids = FALSE; - logger_level = this->public.get_logger_level(&(this->public), context); - - switch(context) - { - case TESTER: - output = stdout; - break; - case IKE_SA_MANAGER: - log_thread_ids = TRUE; - break; - case IKE_SA: - log_thread_ids = TRUE; - break; - case CHILD_SA: - log_thread_ids = TRUE; - break; - case CONFIG: - log_thread_ids = TRUE; - break; - case MESSAGE: - log_thread_ids = TRUE; - break; - case ENCRYPTION_PAYLOAD: - log_thread_ids = TRUE; - break; - case GENERATOR: - log_thread_ids = TRUE; - break; - case PARSER: - log_thread_ids = TRUE; - break; - case WORKER: - log_thread_ids = TRUE; - break; - case THREAD_POOL: - break; - case SCHEDULER: - break; - case SENDER: - break; - case RECEIVER: - break; - case SOCKET: - break; - case DAEMON: - break; - } - - /* logger manager is thread save */ - pthread_mutex_lock(&(this->mutex)); - if (name != NULL) - { - snprintf(buffer, MAX_LOGGER_NAME, "%s - %s",context_name,name); - /* create logger with default log_level */ - logger = logger_create(buffer,logger_level,log_thread_ids,output); - } - else - { - logger = logger_create(context_name,logger_level,log_thread_ids,output); - } - - - entry = allocator_alloc_thing(loggers_entry_t); - - entry->context = context; - entry->logger = logger; - - this->loggers->insert_last(this->loggers,entry); - - pthread_mutex_unlock(&(this->mutex)); - return logger; - -} - /** - * Implementation of logger_manager_t.get_logger_level. + * Implementation of logger_manager_t.get_logger. */ -static logger_level_t get_logger_level (private_logger_manager_t *this, logger_context_t context) +static logger_t *get_logger(private_logger_manager_t *this, logger_context_t context) { - iterator_t *iterator; - /* set logger_level to default logger_level */ - logger_level_t logger_level = this->default_log_level; - - pthread_mutex_lock(&(this->mutex)); - - iterator = this->logger_levels->create_iterator(this->logger_levels,TRUE); - /* check for existing logger_level entry */ - while (iterator->has_next(iterator)) - { - logger_levels_entry_t * entry; - iterator->current(iterator,(void **)&entry); - if (entry->context == context) - { - logger_level = entry->level; - break; - } - } - iterator->destroy(iterator); - - pthread_mutex_unlock(&(this->mutex)); - return logger_level; + return this->loggers[context]; } /** - * Implementation of logger_manager_t.destroy_logger. + * Implementation of logger_manager_t.get_log_level. */ -static void destroy_logger(private_logger_manager_t *this,logger_t *logger) +static log_level_t get_log_level (private_logger_manager_t *this, logger_context_t context) { - iterator_t *iterator; - - pthread_mutex_lock(&(this->mutex)); - - iterator = this->loggers->create_iterator(this->loggers,TRUE); - while (iterator->has_next(iterator)) - { - loggers_entry_t * entry; - iterator->current(iterator,(void **)&entry); - if (entry->logger == logger) - { - iterator->remove(iterator); - allocator_free(entry); - logger->destroy(logger); - break; - } - } - iterator->destroy(iterator); - pthread_mutex_unlock(&(this->mutex)); + return this->loggers[context]->get_level(this->loggers[context]); } /** - * Implementation of private_logger_manager_t.set_logger_level. + * Implementation of private_logger_manager_t.enable_log_level. */ -static void set_logger_level(private_logger_manager_t *this, logger_context_t context,logger_level_t logger_level,bool enable) +static void enable_log_level(private_logger_manager_t *this, logger_context_t context, log_level_t level) { - iterator_t *iterator; - bool found = FALSE; - - pthread_mutex_lock(&(this->mutex)); - iterator = this->logger_levels->create_iterator(this->logger_levels,TRUE); - - /* find existing logger_level entry */ - while (iterator->has_next(iterator)) - { - logger_levels_entry_t * entry; - iterator->current(iterator,(void **)&entry); - if (entry->context == context) - { - if (enable) - { - entry->level |= logger_level; - } - else - { - entry->level &= ~logger_level; - } - found = TRUE; - break; - } - } - iterator->destroy(iterator); - - if (!found) - { - /* logger_levels entry not existing for current context */ - logger_levels_entry_t *entry = allocator_alloc_thing(logger_levels_entry_t); - - entry->context = context; - entry->level = (enable) ? logger_level : (this->default_log_level & (~logger_level)); - - this->logger_levels->insert_last(this->logger_levels,entry); - } - - iterator = this->loggers->create_iterator(this->loggers,TRUE); - while (iterator->has_next(iterator)) - { - loggers_entry_t * entry; - iterator->current(iterator,(void **)&entry); - - if (entry->context == context) - { - if (enable) - { - entry->logger->enable_level(entry->logger,logger_level); - } - else - { - entry->logger->disable_level(entry->logger,logger_level); - } - - } - } - iterator->destroy(iterator); - - pthread_mutex_unlock(&(this->mutex)); + this->loggers[context]->enable_level(this->loggers[context], level); } /** - * Implementation of logger_manager_t.enable_logger_level. + * Implementation of private_logger_manager_t.disable_log_level. */ -static void enable_logger_level(private_logger_manager_t *this, logger_context_t context,logger_level_t logger_level) +static void disable_log_level(private_logger_manager_t *this, logger_context_t context, log_level_t level) { - return set_logger_level(this,context,logger_level,TRUE); + this->loggers[context]->disable_level(this->loggers[context], level); } -/** - * Implementation of logger_manager_t.disable_logger_level. - */ -static void disable_logger_level(private_logger_manager_t *this, logger_context_t context,logger_level_t logger_level) -{ - return set_logger_level(this,context,logger_level,FALSE); -} /** * Implementation of logger_manager_t.destroy. */ static void destroy(private_logger_manager_t *this) { - - while (this->loggers->get_count(this->loggers) > 0) - { - loggers_entry_t *current_entry; - - this->loggers->remove_first(this->loggers,(void **)¤t_entry); - - /* destroy logger object */ - current_entry->logger->destroy(current_entry->logger); - - /* entry can be destroyed */ - allocator_free(current_entry); - } - - while (this->logger_levels->get_count(this->logger_levels) > 0) + int i; + for (i = 0; i < LOGGER_CONTEXT_ROOF; i++) { - logger_levels_entry_t *current_entry; - - this->logger_levels->remove_first(this->logger_levels,(void **)¤t_entry); - - /* entry can be destroyed */ - allocator_free(current_entry); + this->loggers[i]->destroy(this->loggers[i]); } - - this->loggers->destroy(this->loggers); - this->logger_levels->destroy(this->logger_levels); - pthread_mutex_destroy(&(this->mutex)); - allocator_free(this); } /* * Described in header. */ -logger_manager_t *logger_manager_create(logger_level_t default_log_level) +logger_manager_t *logger_manager_create(log_level_t default_log_level) { private_logger_manager_t *this = allocator_alloc_thing(private_logger_manager_t); + int i; - this->public.create_logger = (logger_t *(*)(logger_manager_t*,logger_context_t context, char *))create_logger; - this->public.destroy_logger = (void(*)(logger_manager_t*,logger_t *logger))destroy_logger; + this->public.get_logger = (logger_t *(*)(logger_manager_t*,logger_context_t context))get_logger; + this->public.get_log_level = (log_level_t (*)(logger_manager_t *, logger_context_t)) get_log_level; + this->public.enable_log_level = (void (*)(logger_manager_t *, logger_context_t, log_level_t)) enable_log_level; + this->public.disable_log_level = (void (*)(logger_manager_t *, logger_context_t, log_level_t)) disable_log_level; this->public.destroy = (void(*)(logger_manager_t*))destroy; - this->public.get_logger_level = (logger_level_t (*)(logger_manager_t *, logger_context_t)) get_logger_level; - this->public.enable_logger_level = (void (*)(logger_manager_t *, logger_context_t,logger_level_t)) enable_logger_level; - this->public.disable_logger_level = (void (*)(logger_manager_t *, logger_context_t,logger_level_t)) disable_logger_level; - this->set_logger_level = (void (*)(private_logger_manager_t *, logger_context_t,logger_level_t,bool)) set_logger_level; - /* private variables */ - this->loggers = linked_list_create(); - this->logger_levels = linked_list_create(); - this->default_log_level = default_log_level; + for (i = 0; i < LOGGER_CONTEXT_ROOF; i++) + { + this->loggers[i] = logger_create(logger_defaults[i].name, logger_defaults[i].level, + logger_defaults[i].log_thread_ids, logger_defaults[i].output); + } - pthread_mutex_init(&(this->mutex), NULL); - - return (logger_manager_t*)this; + return &this->public; } diff --git a/Source/charon/utils/logger_manager.h b/Source/charon/utils/logger_manager.h index f160c0c37..475fdc919 100644 --- a/Source/charon/utils/logger_manager.h +++ b/Source/charon/utils/logger_manager.h @@ -36,7 +36,7 @@ typedef enum logger_context_t logger_context_t; * @ingroup utils */ enum logger_context_t { - PARSER, + PARSER = 0, GENERATOR, IKE_SA, IKE_SA_MANAGER, @@ -52,6 +52,8 @@ enum logger_context_t { DAEMON, CONFIG, ENCRYPTION_PAYLOAD, + PAYLOAD, + LOGGER_CONTEXT_ROOF, }; @@ -69,23 +71,12 @@ typedef struct logger_manager_t logger_manager_t; * * @see logger_t * - * @todo We currently give out a new instance for every logger requested. - * This is unnecessary. One logger for each class would be sufficient. - * - * @todo We could remove logger naming (additional to classes), since we have - * never used it (and probably never will). - * * @ingroup utils */ struct logger_manager_t { /** * @brief Gets a logger_t object for a specific logger context. - * - * @warning Objects of type logger_t which are not destroyed over function - * #logger_manager_t.destroy_logger are destroyed in logger_managers - * destroy function. Don't use logger_t's own destroy function with - * managed logger_t objects. * * @param this logger_manager_t object * @param context logger_context to use the logger for @@ -93,37 +84,25 @@ struct logger_manager_t { * and has not to be specified (so NULL is allowed) * @return logger_t object */ - logger_t *(*create_logger) (logger_manager_t *this, logger_context_t context, char *name); - - /** - * @brief Destroys a logger_t object which is not used anymore. - * - * Objects of type logger_t which are not destroyed over function - * #logger_manager_t.destroy_logger are destroyed in logger_managers - * destroy function. - * - * @param this logger_manager_t object - * @param logger pointer to the logger which has to be destroyed - */ - void (*destroy_logger) (logger_manager_t *this,logger_t *logger); + logger_t *(*get_logger) (logger_manager_t *this, logger_context_t context); /** - * Returns the set logger_level of a specific context or 0. + * Returns the set log_level of a specific context or 0. * * @param this calling object * @param context context to check level - * @return logger_level for the given logger_context + * @return log_level for the given logger_context */ - logger_level_t (*get_logger_level) (logger_manager_t *this, logger_context_t context); + log_level_t (*get_log_level) (logger_manager_t *this, logger_context_t context); /** * Enables a logger level of a specific context. * * @param this calling object * @param context context to set level - * @param logger_level logger level to eanble + * @param log_level logger level to eanble */ - void (*enable_logger_level) (logger_manager_t *this, logger_context_t context,logger_level_t logger_level); + void (*enable_log_level) (logger_manager_t *this, logger_context_t context,log_level_t log_level); /** @@ -131,9 +110,9 @@ struct logger_manager_t { * * @param this calling object * @param context context to set level - * @param logger_level logger level to disable + * @param log_level logger level to disable */ - void (*disable_logger_level) (logger_manager_t *this, logger_context_t context,logger_level_t logger_level); + void (*disable_log_level) (logger_manager_t *this, logger_context_t context,log_level_t log_level); /** @@ -154,7 +133,7 @@ struct logger_manager_t { * * @ingroup utils */ -logger_manager_t *logger_manager_create(logger_level_t default_log_level); +logger_manager_t *logger_manager_create(log_level_t default_log_level); #endif /*LOGGER_MANAGER_H_*/ |