aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/config
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/config')
-rw-r--r--src/charon/config/connections/connection.c16
-rw-r--r--src/charon/config/connections/connection.h4
-rwxr-xr-xsrc/charon/config/connections/connection_store.h44
-rw-r--r--src/charon/config/connections/local_connection_store.c66
-rwxr-xr-xsrc/charon/config/credentials/credential_store.h22
-rw-r--r--src/charon/config/credentials/local_credential_store.c229
-rw-r--r--src/charon/config/policies/local_policy_store.c45
-rw-r--r--src/charon/config/policies/policy.c41
-rw-r--r--src/charon/config/policies/policy.h10
-rwxr-xr-xsrc/charon/config/policies/policy_store.h8
-rw-r--r--src/charon/config/proposal.c54
-rw-r--r--src/charon/config/proposal.h32
-rw-r--r--src/charon/config/traffic_selector.c163
-rw-r--r--src/charon/config/traffic_selector.h31
14 files changed, 305 insertions, 460 deletions
diff --git a/src/charon/config/connections/connection.c b/src/charon/config/connections/connection.c
index 3d001194b..5dfc00eb2 100644
--- a/src/charon/config/connections/connection.c
+++ b/src/charon/config/connections/connection.c
@@ -24,19 +24,13 @@
#include <string.h>
#include <config/connections/connection.h>
-
#include <utils/linked_list.h>
-#include <utils/logger.h>
-/**
- * String mappings for cert_policy_t.
- */
-mapping_t cert_policy_m[] = {
- {CERT_ALWAYS_SEND, "CERT_ALWAYS_SEND"},
- {CERT_SEND_IF_ASKED, "CERT_SEND_IF_ASKED"},
- {CERT_NEVER_SEND, "CERT_NEVER_SEND"},
- {MAPPING_END, NULL}
-};
+ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
+ "CERT_ALWAYS_SEND",
+ "CERT_SEND_IF_ASKED",
+ "CERT_NEVER_SEND"
+);
typedef struct private_connection_t private_connection_t;
diff --git a/src/charon/config/connections/connection.h b/src/charon/config/connections/connection.h
index ffe22ad13..b3c1207cc 100644
--- a/src/charon/config/connections/connection.h
+++ b/src/charon/config/connections/connection.h
@@ -54,11 +54,11 @@ enum cert_policy_t {
};
/**
- * string mappings for certpolic_t.
+ * enum strings for cert_policy_t
*
* @ingroup config
*/
-extern mapping_t cert_policy_m[];
+extern enum_name_t *cert_policy_names;
typedef struct connection_t connection_t;
diff --git a/src/charon/config/connections/connection_store.h b/src/charon/config/connections/connection_store.h
index 7d42dd26f..9e6c0efe2 100755
--- a/src/charon/config/connections/connection_store.h
+++ b/src/charon/config/connections/connection_store.h
@@ -25,17 +25,17 @@
#include <types.h>
#include <config/connections/connection.h>
-#include <utils/logger.h>
+#include <utils/iterator.h>
typedef struct connection_store_t connection_store_t;
/**
* @brief The interface for a store of connection_t's.
- *
+ *
* @b Constructors:
* - stroke_create()
- *
+ *
* @ingroup config
*/
struct connection_store_t {
@@ -47,7 +47,7 @@ struct connection_store_t {
* It may be used after kernel request for traffic protection.
* The returned connection gets created/cloned and therefore must
* be destroyed after usage.
- *
+ *
* @param this calling object
* @param my_id own address of connection
* @param other_id others address of connection
@@ -55,14 +55,15 @@ struct connection_store_t {
* - connection_t, if found
* - NULL otherwise
*/
- connection_t *(*get_connection_by_hosts) (connection_store_t *this, host_t *my_host, host_t *other_host);
+ connection_t *(*get_connection_by_hosts)(connection_store_t *this,
+ host_t *my_host, host_t *other_host);
/**
* @brief Returns a connection identified by its name.
- *
+ *
* This call is usefull to get a connection identified its
* name, as on an connection setup.
- *
+ *
* @param this calling object
* @param name name of the connection to get
* @return
@@ -73,10 +74,10 @@ struct connection_store_t {
/**
* @brief Add a connection to the store.
- *
- * After a successful call, the connection is owned by the store and may
+ *
+ * After a successful call, the connection is owned by the store and may
* not be manipulated nor destroyed.
- *
+ *
* @param this calling object
* @param connection connection to add
* @return
@@ -87,10 +88,10 @@ struct connection_store_t {
/**
* @brief Delete a connection from the store.
- *
+ *
* Remove a connection from the connection store, identified
* by the connections name.
- *
+ *
* @param this calling object
* @param name name of the connection to delete
* @return
@@ -100,25 +101,16 @@ struct connection_store_t {
status_t (*delete_connection) (connection_store_t *this, char *name);
/**
- * @brief Log the connections stored in the store.
- *
- * Depending on the implementation of the store, the store
- * logs various information to the specified logger.
- * If logger is NULL, the internal logger is used, if name is
- * NULL, all connections are logged
- *
+ * @brief Get an iterator for the stored connections.
+ *
* @param this calling object
- * @param logger logger to use for the log, or NULL
- * @param name name of the connection, or NULL
- * @return
- * - SUCCESS, or
- * - FAILED
+ * @return iterator over all stored connections
*/
- void (*log_connections) (connection_store_t *this, logger_t *logger, char *name);
+ iterator_t* (*create_iterator) (connection_store_t *this);
/**
* @brief Destroys a connection_store_t object.
- *
+ *
* @param this calling object
*/
void (*destroy) (connection_store_t *this);
diff --git a/src/charon/config/connections/local_connection_store.c b/src/charon/config/connections/local_connection_store.c
index af107b83b..8748fb730 100644
--- a/src/charon/config/connections/local_connection_store.c
+++ b/src/charon/config/connections/local_connection_store.c
@@ -24,8 +24,8 @@
#include "local_connection_store.h"
+#include <daemon.h>
#include <utils/linked_list.h>
-#include <utils/logger_manager.h>
typedef struct private_local_connection_store_t private_local_connection_store_t;
@@ -49,11 +49,6 @@ struct private_local_connection_store_t {
* Mutex to exclusivly access connection list
*/
pthread_mutex_t mutex;
-
- /**
- * Assigned logger
- */
- logger_t *logger;
};
@@ -74,9 +69,8 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t
connection_t *candidate;
connection_t *found = NULL;
- this->logger->log(this->logger, CONTROL|LEVEL1,
- "looking for connection for host pair %H...%H",
- my_host, other_host);
+ DBG2(SIG_DBG_CFG, "looking for connection for host pair %H...%H",
+ my_host, other_host);
pthread_mutex_lock(&(this->mutex));
iterator = this->connections->create_iterator(this->connections, TRUE);
@@ -106,11 +100,9 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t
prio |= PRIO_ADDR_ANY;
}
- this->logger->log(this->logger, CONTROL|LEVEL2,
- "candidate connection \"%s\": %H...%H (prio=%d)",
- candidate->get_name(candidate),
- candidate_my_host, candidate_other_host,
- prio);
+ DBG2(SIG_DBG_CFG, "candidate connection \"%s\": %H...%H (prio=%d)",
+ candidate->get_name(candidate),
+ candidate_my_host, candidate_other_host, prio);
if (prio > best_prio)
{
@@ -126,11 +118,8 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t
host_t *found_my_host = found->get_my_host(found);
host_t *found_other_host = found->get_other_host(found);
- this->logger->log(this->logger, CONTROL|LEVEL1,
- "found matching connection \"%s\": %H...%H (prio=%d)",
- found->get_name(found),
- found_my_host, found_other_host,
- best_prio);
+ DBG2(SIG_DBG_CFG, "found matching connection \"%s\": %H...%H (prio=%d)",
+ found->get_name(found), found_my_host, found_other_host, best_prio);
/* give out a new reference to it */
found->get_ref(found);
@@ -213,40 +202,12 @@ static status_t add_connection(private_local_connection_store_t *this, connectio
}
/**
- * Implementation of connection_store_t.log_connections.
+ * Implementation of connection_store_t.create_iterator.
*/
-void log_connections(private_local_connection_store_t *this, logger_t *logger, char *name)
+static iterator_t* create_iterator(private_local_connection_store_t *this)
{
- iterator_t *iterator;
- connection_t *current;
-
- if (logger == NULL)
- {
- logger = this->logger;
- }
-
- pthread_mutex_lock(&(this->mutex));
-
- iterator = this->connections->create_iterator(this->connections, TRUE);
-
- if (iterator->get_count(iterator))
- {
- logger->log(logger, CONTROL, "Templates:");
- }
- while (iterator->has_next(iterator))
- {
- iterator->current(iterator, (void**)&current);
- if (current->is_ikev2(current) && ( name == NULL || streq(name, current->get_name(current))))
- {
- host_t *my_host = current->get_my_host(current);
- host_t *other_host = current->get_other_host(current);
-
- logger->log(logger, CONTROL, " \"%s\": %H...%H",
- current->get_name(current), my_host, other_host);
- }
- }
- iterator->destroy(iterator);
- pthread_mutex_unlock(&(this->mutex));
+ return this->connections->create_iterator_locked(this->connections,
+ &this->mutex);
}
/**
@@ -277,12 +238,11 @@ local_connection_store_t * local_connection_store_create(void)
this->public.connection_store.get_connection_by_name = (connection_t*(*)(connection_store_t*,char*))get_connection_by_name;
this->public.connection_store.delete_connection = (status_t(*)(connection_store_t*,char*))delete_connection;
this->public.connection_store.add_connection = (status_t(*)(connection_store_t*,connection_t*))add_connection;
- this->public.connection_store.log_connections = (void(*)(connection_store_t*,logger_t*,char*))log_connections;
+ this->public.connection_store.create_iterator = (iterator_t*(*)(connection_store_t*))create_iterator;
this->public.connection_store.destroy = (void(*)(connection_store_t*))destroy;
/* private variables */
this->connections = linked_list_create();
- this->logger = logger_manager->get_logger(logger_manager, CONFIG);
pthread_mutex_init(&(this->mutex), NULL);
return (&this->public);
diff --git a/src/charon/config/credentials/credential_store.h b/src/charon/config/credentials/credential_store.h
index a9d72b47f..c9bb158d6 100755
--- a/src/charon/config/credentials/credential_store.h
+++ b/src/charon/config/credentials/credential_store.h
@@ -29,7 +29,6 @@
#include <crypto/rsa/rsa_private_key.h>
#include <crypto/rsa/rsa_public_key.h>
#include <utils/identification.h>
-#include <utils/logger.h>
typedef struct credential_store_t credential_store_t;
@@ -136,31 +135,28 @@ struct credential_store_t {
x509_t* (*add_ca_certificate) (credential_store_t *this, x509_t *cert);
/**
- * @brief Lists all certificates kept in the local credential store.
+ * @brief Create an iterator over all end certificates.
*
* @param this calling object
- * @param logger logger to be used
- * @param utc log dates either in UTC or local time
+ * @return iterator
*/
- void (*log_certificates) (credential_store_t *this, logger_t *logger, bool utc);
+ iterator_t* (*create_cert_iterator) (credential_store_t *this);
/**
- * @brief Lists all CA certificates kept in the local credential store.
+ * @brief Create an iterator over all CA certificates.
*
* @param this calling object
- * @param logger logger to be used
- * @param utc log dates either in UTC or local time
+ * @return iterator
*/
- void (*log_ca_certificates) (credential_store_t *this, logger_t *logger, bool utc);
+ iterator_t* (*create_cacert_iterator) (credential_store_t *this);
/**
- * @brief Lists all CRLs kept in the local credential store.
+ * @brief Create an iterator over all CRLs.
*
* @param this calling object
- * @param logger logger to be used
- * @param utc log dates either in UTC or local time
+ * @return iterator
*/
- void (*log_crls) (credential_store_t *this, logger_t *logger, bool utc);
+ iterator_t* (*create_crl_iterator) (credential_store_t *this);
/**
* @brief Loads trusted CA certificates from a default directory.
diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c
index e69418639..be9ac6acb 100644
--- a/src/charon/config/credentials/local_credential_store.c
+++ b/src/charon/config/credentials/local_credential_store.c
@@ -28,7 +28,6 @@
#include <types.h>
#include <utils/lexparser.h>
#include <utils/linked_list.h>
-#include <utils/logger_manager.h>
#include <crypto/certinfo.h>
#include <crypto/rsa/rsa_public_key.h>
#include <crypto/x509.h>
@@ -56,13 +55,6 @@ struct shared_key_t {
* list of peer IDs
*/
linked_list_t *peers;
-
- /**
- * @brief Destroys a shared_key_t object.
- *
- * @param this calling object
- */
- void (*destroy) (shared_key_t *this);
};
@@ -88,7 +80,6 @@ static void shared_key_destroy(shared_key_t *this)
* @brief Creates a shared_key_t object.
*
* @param shared_key shared key value
- *
* @return shared_key_t object
*
* @ingroup config
@@ -97,9 +88,6 @@ static shared_key_t *shared_key_create(chunk_t secret)
{
shared_key_t *this = malloc_thing(shared_key_t);
- /* private functions */
- this->destroy = shared_key_destroy;
-
/* private data */
this->secret = chunk_clone(secret);
this->peers = linked_list_create();
@@ -154,11 +142,6 @@ struct private_local_credential_store_t {
* enforce strict crl policy
*/
bool strict;
-
- /**
- * Assigned logger
- */
- logger_t *logger;
};
@@ -285,20 +268,19 @@ static rsa_public_key_t *get_trusted_public_key(private_local_credential_store_t
ugh = cert->is_valid(cert, NULL);
if (ugh != NULL)
{
- this->logger->log(this->logger, ERROR, "certificate %s");
+ DBG1(SIG_DBG_CFG, "certificate %s", ugh);
return NULL;
}
status = cert->get_status(cert);
if (status == CERT_REVOKED || status == CERT_UNTRUSTED || (this->strict && status != CERT_GOOD))
{
- this->logger->log(this->logger, ERROR, "certificate status: %s",
- enum_name(&cert_status_names, status));
+ DBG1(SIG_DBG_CFG, "certificate status: %N", cert_status_names, status);
return NULL;
}
if (status == CERT_GOOD && cert->get_until(cert) < time(NULL))
{
- this->logger->log(this->logger, ERROR, "certificate is good but crl is stale");
+ DBG1(SIG_DBG_CFG, "certificate is good but crl is stale");
return NULL;
}
@@ -419,20 +401,20 @@ static cert_status_t verify_by_crl(private_local_credential_store_t* this, const
crl = get_crl(this, issuer_cert);
if (crl == NULL)
{
- this->logger->log(this->logger, ERROR, "crl not found");
+ DBG1(SIG_DBG_CFG, "crl not found");
goto err;
}
- this->logger->log(this->logger, CONTROL|LEVEL1, "crl found");
+ DBG2(SIG_DBG_CFG, "crl found");
- issuer_public_key = issuer_cert->get_public_key(issuer_cert);
+ issuer_public_key = issuer_cert->get_public_key(issuer_cert);
valid_signature = crl->verify(crl, issuer_public_key);
if (!valid_signature)
{
- this->logger->log(this->logger, ERROR, "crl signature is invalid");
+ DBG1(SIG_DBG_CFG, "crl signature is invalid");
goto err;
}
- this->logger->log(this->logger, CONTROL|LEVEL1, "crl signature is valid");
+ DBG2(SIG_DBG_CFG, "crl signature is valid");
crl->get_status(crl, certinfo);
@@ -490,8 +472,8 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
*found = (cert_copy != NULL);
if (*found)
{
- this->logger->log(this->logger, CONTROL|LEVEL1,
- "end entitity certificate is already in credential store");
+ DBG2(SIG_DBG_CFG,
+ "end entitity certificate is already in credential store");
}
for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
@@ -504,39 +486,39 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
identification_t *subject = cert->get_subject(cert);
identification_t *issuer = cert->get_issuer(cert);
- this->logger->log(this->logger, CONTROL|LEVEL1, "subject: '%D'", subject);
- this->logger->log(this->logger, CONTROL|LEVEL1, "issuer: '%D'", issuer);
+ DBG2(SIG_DBG_CFG, "subject: '%D'", subject);
+ DBG2(SIG_DBG_CFG, "issuer: '%D'", issuer);
ugh = cert->is_valid(cert, &until);
if (ugh != NULL)
{
- this->logger->log(this->logger, ERROR, "certificate %s", ugh);
+ DBG1(SIG_DBG_CFG, "certificate %s", ugh);
return FALSE;
}
- this->logger->log(this->logger, CONTROL|LEVEL1, "certificate is valid");
+ DBG2(SIG_DBG_CFG, "certificate is valid");
issuer_cert = get_issuer_certificate(this, cert);
if (issuer_cert == NULL)
{
- this->logger->log(this->logger, ERROR, "issuer certificate not found");
+ DBG1(SIG_DBG_CFG, "issuer certificate not found");
return FALSE;
}
- this->logger->log(this->logger, CONTROL|LEVEL1, "issuer certificate found");
+ DBG2(SIG_DBG_CFG, "issuer certificate found");
issuer_public_key = issuer_cert->get_public_key(issuer_cert);
valid_signature = cert->verify(cert, issuer_public_key);
if (!valid_signature)
{
- this->logger->log(this->logger, ERROR, "certificate signature is invalid");
+ DBG1(SIG_DBG_CFG, "certificate signature is invalid");
return FALSE;
}
- this->logger->log(this->logger, CONTROL|LEVEL1, "certificate signature is valid");
+ DBG2(SIG_DBG_CFG, "certificate signature is valid");
/* check if cert is a self-signed root ca */
if (pathlen > 0 && cert->is_self_signed(cert))
{
- this->logger->log(this->logger, CONTROL|LEVEL1, "reached self-signed root ca");
+ DBG2(SIG_DBG_CFG, "reached self-signed root ca");
/* set the definite status and trust interval of the end entity certificate */
end_cert->set_until(end_cert, until);
@@ -576,10 +558,10 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
/* if status information is stale */
if (this->strict && nextUpdate < time(NULL))
{
- this->logger->log(this->logger, CONTROL|LEVEL1, "certificate is good but status is stale");
+ DBG2(SIG_DBG_CFG, "certificate is good but status is stale");
return FALSE;
}
- this->logger->log(this->logger, CONTROL|LEVEL1, "certificate is good");
+ DBG2(SIG_DBG_CFG, "certificate is good");
/* with strict crl policy the public key must have the same
* lifetime as the validity of the ocsp status or crl lifetime
@@ -589,12 +571,11 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
break;
case CERT_REVOKED:
{
- u_char buf[TIMETOA_BUF];
time_t revocationTime = certinfo->get_revocationTime(certinfo);
-
- timetoa(buf, TIMETOA_BUF, &revocationTime, TRUE);
- this->logger->log(this->logger, ERROR, "certificate was revoked on %s, reason: %s",
- buf, certinfo->get_revocationReason(certinfo));
+ DBG1(SIG_DBG_CFG,
+ "certificate was revoked on %T, reason: %N",
+ revocationTime, crl_reason_names,
+ certinfo->get_revocationReason(certinfo));
/* set revocationTime */
cert->set_until(cert, revocationTime);
@@ -609,7 +590,8 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
else
{
cert_copy->set_status(cert_copy, CERT_REVOKED);
- cert_copy->set_until(cert_copy, certinfo->get_revocationTime(certinfo));
+ cert_copy->set_until(cert_copy,
+ certinfo->get_revocationTime(certinfo));
}
}
return FALSE;
@@ -617,7 +599,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
case CERT_UNKNOWN:
case CERT_UNDEFINED:
default:
- this->logger->log(this->logger, CONTROL|LEVEL1, "certificate status unknown");
+ DBG2(SIG_DBG_CFG, "certificate status unknown");
if (this->strict)
{
/* update status of end certificate in the credential store */
@@ -634,7 +616,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
/* go up one step in the trust chain */
cert = issuer_cert;
}
- this->logger->log(this->logger, ERROR, "maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
+ DBG1(SIG_DBG_CFG, "maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
return FALSE;
}
@@ -674,80 +656,27 @@ static x509_t* add_ca_certificate(private_local_credential_store_t *this, x509_t
}
/**
- * Implements local_credential_store_t.log_certificates
+ * Implements local_credential_store_t.create_cert_iterator
*/
-static void log_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc)
+static iterator_t* create_cert_iterator(private_local_credential_store_t *this)
{
- iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
-
- if (iterator->get_count(iterator))
- {
- logger->log(logger, CONTROL, "");
- logger->log(logger, CONTROL, "List of X.509 End Entity Certificates:");
- logger->log(logger, CONTROL, "");
- }
-
- while (iterator->has_next(iterator))
- {
- x509_t *cert;
- bool has_key;
-
- iterator->current(iterator, (void**)&cert);
- has_key = has_rsa_private_key(this, cert->get_public_key(cert));
- cert->log_certificate(cert, logger, utc, has_key);
- }
- iterator->destroy(iterator);
+ return this->certs->create_iterator(this->certs, TRUE);
}
/**
- * Implements local_credential_store_t.log_ca_certificates
+ * Implements local_credential_store_t.create_cacert_iterator
*/
-static void log_ca_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc)
+static iterator_t* create_cacert_iterator(private_local_credential_store_t *this)
{
- iterator_t *iterator = this->ca_certs->create_iterator(this->ca_certs, TRUE);
-
- if (iterator->get_count(iterator))
- {
- logger->log(logger, CONTROL, "");
- logger->log(logger, CONTROL, "List of X.509 CA Certificates:");
- logger->log(logger, CONTROL, "");
- }
-
- while (iterator->has_next(iterator))
- {
- x509_t *cert;
-
- iterator->current(iterator, (void**)&cert);
- cert->log_certificate(cert, logger, utc, FALSE);
- }
- iterator->destroy(iterator);
+ return this->ca_certs->create_iterator(this->ca_certs, TRUE);
}
/**
- * Implements local_credential_store_t.log_crls
+ * Implements local_credential_store_t.create_crl_iterator
*/
-static void log_crls(private_local_credential_store_t *this, logger_t *logger, bool utc)
+static iterator_t* create_crl_iterator(private_local_credential_store_t *this)
{
- iterator_t *iterator = this->crls->create_iterator(this->crls, TRUE);
-
- pthread_mutex_lock(&(this->crls_mutex));
- if (iterator->get_count(iterator))
- {
- logger->log(logger, CONTROL, "");
- logger->log(logger, CONTROL, "List of X.509 CRLs:");
- logger->log(logger, CONTROL, "");
- }
-
- while (iterator->has_next(iterator))
- {
- crl_t *crl;
-
- iterator->current(iterator, (void**)&crl);
- crl->log_crl(crl, logger, utc, this->strict);
- }
- pthread_mutex_unlock(&(this->crls_mutex));
-
- iterator->destroy(iterator);
+ return this->crls->create_iterator_locked(this->crls, &(this->crls_mutex));
}
/**
@@ -760,12 +689,12 @@ static void load_ca_certificates(private_local_credential_store_t *this)
DIR* dir;
x509_t *cert;
- this->logger->log(this->logger, CONTROL, "loading ca certificates from '%s/'", CA_CERTIFICATE_DIR);
+ DBG1(SIG_DBG_CFG, "loading ca certificates from '%s/'", CA_CERTIFICATE_DIR);
dir = opendir(CA_CERTIFICATE_DIR);
if (dir == NULL)
{
- this->logger->log(this->logger, ERROR, "error opening ca certs directory %s'", CA_CERTIFICATE_DIR);
+ DBG1(SIG_DBG_CFG, "error opening ca certs directory %s'", CA_CERTIFICATE_DIR);
return;
}
@@ -787,9 +716,9 @@ static void load_ca_certificates(private_local_credential_store_t *this)
{
err_t ugh = cert->is_valid(cert, NULL);
- if (ugh != NULL)
+ if (ugh != NULL)
{
- this->logger->log(this->logger, ERROR, "warning: ca certificate %s", ugh);
+ DBG1(SIG_DBG_CFG, "warning: ca certificate %s", ugh);
}
if (cert->is_ca(cert))
{
@@ -797,8 +726,7 @@ static void load_ca_certificates(private_local_credential_store_t *this)
}
else
{
- this->logger->log(this->logger, ERROR,
- " CA basic constraints flag not set, cert discarded");
+ DBG1(SIG_DBG_CFG, " CA basic constraints flag not set, cert discarded");
cert->destroy(cert);
}
}
@@ -810,7 +738,7 @@ static void load_ca_certificates(private_local_credential_store_t *this)
/**
* Add the latest crl to a linked list
*/
-static crl_t* add_crl(linked_list_t *crls, crl_t *crl, logger_t *logger)
+static crl_t* add_crl(linked_list_t *crls, crl_t *crl)
{
bool found = FALSE;
@@ -833,13 +761,13 @@ static crl_t* add_crl(linked_list_t *crls, crl_t *crl, logger_t *logger)
{
old_crl->destroy(old_crl);
}
- logger->log(logger, CONTROL|LEVEL1, " thisUpdate is newer - existing crl replaced");
+ DBG2(SIG_DBG_CFG, " thisUpdate is newer - existing crl replaced");
}
else
{
crl->destroy(crl);
crl = current_crl;
- logger->log(logger, CONTROL|LEVEL1, " thisUpdate is not newer - existing crl retained");
+ DBG2(SIG_DBG_CFG, " thisUpdate is not newer - existing crl retained");
}
break;
}
@@ -849,7 +777,7 @@ static crl_t* add_crl(linked_list_t *crls, crl_t *crl, logger_t *logger)
if (!found)
{
crls->insert_last(crls, (void*)crl);
- logger->log(logger, CONTROL|LEVEL1, " crl added");
+ DBG2(SIG_DBG_CFG, " crl added");
}
return crl;
}
@@ -864,12 +792,12 @@ static void load_crls(private_local_credential_store_t *this)
DIR* dir;
crl_t *crl;
- this->logger->log(this->logger, CONTROL, "loading crls from '%s/'", CRL_DIR);
+ DBG1(SIG_DBG_CFG, "loading crls from '%s/'", CRL_DIR);
dir = opendir(CRL_DIR);
if (dir == NULL)
{
- this->logger->log(this->logger, ERROR, "error opening crl directory %s'", CRL_DIR);
+ DBG1(SIG_DBG_CFG, "error opening crl directory %s'", CRL_DIR);
return;
}
@@ -893,10 +821,10 @@ static void load_crls(private_local_credential_store_t *this)
if (ugh != NULL)
{
- this->logger->log(this->logger, ERROR, "warning: crl %s", ugh);
+ DBG1(SIG_DBG_CFG, "warning: crl %s", ugh);
}
pthread_mutex_lock(&(this->crls_mutex));
- crl = add_crl(this->crls, crl, this->logger);
+ crl = add_crl(this->crls, crl);
pthread_mutex_unlock(&(this->crls_mutex));
}
}
@@ -973,7 +901,7 @@ static void load_secrets(private_local_credential_store_t *this)
int line_nr = 0;
chunk_t chunk, src, line;
- this->logger->log(this->logger, CONTROL, "loading secrets from \"%s\"", SECRETS_FILE);
+ DBG1(SIG_DBG_CFG, "loading secrets from \"%s\"", SECRETS_FILE);
fseek(fd, 0, SEEK_END);
chunk.len = ftell(fd);
@@ -996,7 +924,7 @@ static void load_secrets(private_local_credential_store_t *this)
}
if (!extract_token(&ids, ':', &line))
{
- this->logger->log(this->logger, ERROR, "line %d: missing ':' separator", line_nr);
+ DBG1(SIG_DBG_CFG, "line %d: missing ':' separator", line_nr);
goto error;
}
/* NULL terminate the ids string by replacing the : separator */
@@ -1004,7 +932,7 @@ static void load_secrets(private_local_credential_store_t *this)
if (!eat_whitespace(&line) || !extract_token(&token, ' ', &line))
{
- this->logger->log(this->logger, ERROR, "line %d: missing token", line_nr);
+ DBG1(SIG_DBG_CFG, "line %d: missing token", line_nr);
goto error;
}
if (match("RSA", &token))
@@ -1022,13 +950,12 @@ static void load_secrets(private_local_credential_store_t *this)
if (ugh != NULL)
{
- this->logger->log(this->logger, ERROR, "line %d: %s", line_nr, ugh);
+ DBG1(SIG_DBG_CFG, "line %d: %s", line_nr, ugh);
goto error;
}
if (filename.len == 0)
{
- this->logger->log(this->logger, ERROR,
- "line %d: empty filename", line_nr);
+ DBG1(SIG_DBG_CFG, "line %d: empty filename", line_nr);
goto error;
}
if (*filename.ptr == '/')
@@ -1049,8 +976,7 @@ static void load_secrets(private_local_credential_store_t *this)
ugh = extract_secret(&secret, &line);
if (ugh != NULL)
{
- this->logger->log(this->logger, ERROR,
- "line %d: malformed passphrase: %s", line_nr, ugh);
+ DBG1(SIG_DBG_CFG, "line %d: malformed passphrase: %s", line_nr, ugh);
goto error;
}
if (secret.len > 0)
@@ -1072,23 +998,20 @@ static void load_secrets(private_local_credential_store_t *this)
err_t ugh = extract_secret(&secret, &line);
if (ugh != NULL)
{
- this->logger->log(this->logger, ERROR,
- "line %d: malformed secret: %s", line_nr, ugh);
+ DBG1(SIG_DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh);
goto error;
}
if (ids.len > 0)
{
- this->logger->log(this->logger, CONTROL,
- " loading shared key for %s", ids.ptr);
+ DBG1(SIG_DBG_CFG, " loading shared key for %s", ids.ptr);
}
else
{
- this->logger->log(this->logger, CONTROL,
- " loading shared key for %%any");
+ DBG1(SIG_DBG_CFG, " loading shared key for %%any");
}
- this->logger->log_chunk(this->logger, PRIVATE, " secret:", secret);
+ DBG4(SIG_DBG_CFG, " secret:", secret);
shared_key = shared_key_create(secret);
if (shared_key)
@@ -1103,8 +1026,7 @@ static void load_secrets(private_local_credential_store_t *this)
ugh = extract_value(&id, &ids);
if (ugh != NULL)
{
- this->logger->log(this->logger, ERROR,
- "line %d: %s", line_nr, ugh);
+ DBG1(SIG_DBG_CFG, "line %d: %s", line_nr, ugh);
goto error;
}
if (id.len == 0)
@@ -1118,8 +1040,7 @@ static void load_secrets(private_local_credential_store_t *this)
peer_id = identification_create_from_string(id.ptr);
if (peer_id == NULL)
{
- this->logger->log(this->logger, ERROR,
- "line %d: malformed ID: %s", line_nr, id.ptr);
+ DBG1(SIG_DBG_CFG, "line %d: malformed ID: %s", line_nr, id.ptr);
goto error;
}
@@ -1137,9 +1058,8 @@ static void load_secrets(private_local_credential_store_t *this)
}
else
{
- this->logger->log(this->logger, ERROR,
- "line %d: token must be either RSA, PSK, or PIN",
- line_nr, token.len);
+ DBG1(SIG_DBG_CFG, "line %d: token must be either "
+ "RSA, PSK, or PIN", line_nr, token.len);
goto error;
}
}
@@ -1148,7 +1068,7 @@ error:
}
else
{
- this->logger->log(this->logger, ERROR, "could not open file '%s'", SECRETS_FILE);
+ DBG1(SIG_DBG_CFG, "could not open file '%s'", SECRETS_FILE);
}
}
@@ -1195,7 +1115,7 @@ static void destroy(private_local_credential_store_t *this)
/* destroy shared keys list */
while (this->shared_keys->remove_last(this->shared_keys, (void**)&shared_key) == SUCCESS)
{
- shared_key->destroy(shared_key);
+ shared_key_destroy(shared_key);
}
this->shared_keys->destroy(this->shared_keys);
@@ -1218,9 +1138,9 @@ local_credential_store_t * local_credential_store_create(bool strict)
this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify;
this->public.credential_store.add_end_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_end_certificate;
this->public.credential_store.add_ca_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_ca_certificate;
- this->public.credential_store.log_certificates = (void (*) (credential_store_t*,logger_t*,bool))log_certificates;
- this->public.credential_store.log_ca_certificates = (void (*) (credential_store_t*,logger_t*,bool))log_ca_certificates;
- this->public.credential_store.log_crls = (void (*) (credential_store_t*,logger_t*,bool))log_crls;
+ this->public.credential_store.create_cert_iterator = (iterator_t* (*) (credential_store_t*))create_cert_iterator;
+ this->public.credential_store.create_cacert_iterator = (iterator_t* (*) (credential_store_t*))create_cacert_iterator;
+ this->public.credential_store.create_crl_iterator = (iterator_t* (*) (credential_store_t*))create_crl_iterator;
this->public.credential_store.load_ca_certificates = (void (*) (credential_store_t*))load_ca_certificates;
this->public.credential_store.load_crls = (void (*) (credential_store_t*))load_crls;
this->public.credential_store.load_secrets = (void (*) (credential_store_t*))load_secrets;
@@ -1230,13 +1150,12 @@ local_credential_store_t * local_credential_store_create(bool strict)
pthread_mutex_init(&(this->crls_mutex), NULL);
/* private variables */
- this->shared_keys = linked_list_create();
+ this->shared_keys = linked_list_create();
this->private_keys = linked_list_create();
- this->certs = linked_list_create();
- this->ca_certs = linked_list_create();
- this->crls = linked_list_create();
+ this->certs = linked_list_create();
+ this->ca_certs = linked_list_create();
+ this->crls = linked_list_create();
this->strict = strict;
- this->logger = logger_manager->get_logger(logger_manager, CONFIG);
return (&this->public);
}
diff --git a/src/charon/config/policies/local_policy_store.c b/src/charon/config/policies/local_policy_store.c
index 5253cb3fa..577b83a28 100644
--- a/src/charon/config/policies/local_policy_store.c
+++ b/src/charon/config/policies/local_policy_store.c
@@ -1,8 +1,8 @@
/**
* @file local_policy_store.c
- *
+ *
* @brief Implementation of local_policy_store_t.
- *
+ *
*/
/*
@@ -24,8 +24,8 @@
#include "local_policy_store.h"
+#include <daemon.h>
#include <utils/linked_list.h>
-#include <utils/logger_manager.h>
typedef struct private_local_policy_store_t private_local_policy_store_t;
@@ -49,11 +49,6 @@ struct private_local_policy_store_t {
* Mutex to exclusivly access list
*/
pthread_mutex_t mutex;
-
- /**
- * Assigned logger
- */
- logger_t *logger;
};
/**
@@ -116,8 +111,7 @@ static policy_t *get_policy(private_local_policy_store_t *this,
policy_t *candidate;
policy_t *found = NULL;
- this->logger->log(this->logger, CONTROL|LEVEL1,
- "searching policy for ID pair %D...%D", my_id, other_id);
+ DBG2(SIG_DBG_CFG, "searching policy for ID pair %D...%D", my_id, other_id);
pthread_mutex_lock(&(this->mutex));
iterator = this->policies->create_iterator(this->policies, TRUE);
@@ -149,16 +143,14 @@ static policy_t *get_policy(private_local_policy_store_t *this,
if (!contains_traffic_selectors(candidate, TRUE, my_ts, my_host) ||
!contains_traffic_selectors(candidate, FALSE, other_ts, other_host))
{
- this->logger->log(this->logger, CONTROL|LEVEL2,
- "candidate '%s' inacceptable due traffic selector mismatch",
- candidate->get_name(candidate));
+ DBG2(SIG_DBG_CFG, "candidate '%s' inacceptable due traffic "
+ "selector mismatch", candidate->get_name(candidate));
continue;
}
- this->logger->log(this->logger, CONTROL|LEVEL2,
- "candidate policy '%s': %D...%D (prio=%d)",
- candidate->get_name(candidate),
- candidate_my_id, candidate_other_id, prio);
+ DBG2(SIG_DBG_CFG, "candidate policy '%s': %D...%D (prio=%d)",
+ candidate->get_name(candidate),
+ candidate_my_id, candidate_other_id, prio);
if (prio > best_prio)
{
@@ -174,10 +166,8 @@ static policy_t *get_policy(private_local_policy_store_t *this,
identification_t *found_my_id = found->get_my_id(found);
identification_t *found_other_id = found->get_other_id(found);
- this->logger->log(this->logger, CONTROL,
- "found matching policy '%s': %D...%D (prio=%d)",
- found->get_name(found),
- found_my_id, found_other_id, best_prio);
+ DBG1(SIG_DBG_CFG, "found matching policy '%s': %D...%D (prio=%d)",
+ found->get_name(found), found_my_id, found_other_id, best_prio);
/* give out a new reference to it */
found->get_ref(found);
}
@@ -193,7 +183,7 @@ static policy_t *get_policy_by_name(private_local_policy_store_t *this, char *na
iterator_t *iterator;
policy_t *current, *found = NULL;
- this->logger->log(this->logger, CONTROL|LEVEL1, "looking for policy \"%s\"", name);
+ DBG2(SIG_DBG_CFG, "looking for policy '%s'", name);
pthread_mutex_lock(&(this->mutex));
iterator = this->policies->create_iterator(this->policies, TRUE);
@@ -246,6 +236,15 @@ static status_t delete_policy(private_local_policy_store_t *this, char *name)
}
/**
+ * Implementation of policy_store_t.create_iterator.
+ */
+static iterator_t* create_iterator(private_local_policy_store_t *this)
+{
+ return this->policies->create_iterator_locked(this->policies,
+ &this->mutex);
+}
+
+/**
* Implementation of policy_store_t.destroy.
*/
static void destroy(private_local_policy_store_t *this)
@@ -273,11 +272,11 @@ local_policy_store_t *local_policy_store_create(void)
this->public.policy_store.get_policy = (policy_t*(*)(policy_store_t*,identification_t*,identification_t*,linked_list_t*,linked_list_t*,host_t*,host_t*))get_policy;
this->public.policy_store.get_policy_by_name = (policy_t*(*)(policy_store_t*,char*))get_policy_by_name;
this->public.policy_store.delete_policy = (status_t(*)(policy_store_t*,char*))delete_policy;
+ this->public.policy_store.create_iterator = (iterator_t*(*)(policy_store_t*))create_iterator;
this->public.policy_store.destroy = (void(*)(policy_store_t*))destroy;
/* private variables */
this->policies = linked_list_create();
- this->logger = logger_manager->get_logger(logger_manager, CONFIG);
pthread_mutex_init(&(this->mutex), NULL);
return (&this->public);
diff --git a/src/charon/config/policies/policy.c b/src/charon/config/policies/policy.c
index e3a1100b9..dcae0504c 100644
--- a/src/charon/config/policies/policy.c
+++ b/src/charon/config/policies/policy.c
@@ -27,34 +27,23 @@
#include "policy.h"
+#include <daemon.h>
#include <utils/linked_list.h>
#include <utils/identification.h>
-#include <utils/logger_manager.h>
-/**
- * String mappings for auth_method_t.
- */
-static const char *const auth_method_name[] = {
+ENUM(auth_method_names, RSA_DIGITAL_SIGNATURE, DSS_DIGITAL_SIGNATURE,
"RSA signature",
"pre-shared key",
"DSS signature"
-};
+);
-enum_names auth_method_names =
- { RSA_DIGITAL_SIGNATURE, DSS_DIGITAL_SIGNATURE, auth_method_name, NULL };
-/**
- * String mappings for dpd_action_t.
- */
-static const char *const dpd_action_name[] = {
+ENUM(dpd_action_names, DPD_NONE, DPD_RESTART,
"DPD_NONE",
"DPD_CLEAR",
"DPD_ROUTE",
"DPD_RESTART"
-};
-
-enum_names dpd_action_names =
- { DPD_NONE, DPD_RESTART, dpd_action_name, NULL };
+);
typedef struct private_policy_t private_policy_t;
@@ -148,11 +137,6 @@ struct private_policy_t {
* What to do with an SA when other peer seams to be dead?
*/
bool dpd_action;
-
- /**
- * logger
- */
- logger_t *logger;
};
/**
@@ -239,9 +223,7 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this,
traffic_selector_t *supplied_ts, *stored_ts, *selected_ts;
linked_list_t *selected = linked_list_create();
- this->logger->log(this->logger, CONTROL|LEVEL1,
- "selecting traffic selectors for %s host",
- stored == this->my_ts ? "local" : "remote");
+ DBG2(SIG_DBG_CFG, "selecting traffic selectors");
stored_iter = stored->create_iterator(stored, TRUE);
supplied_iter = supplied->create_iterator(supplied, TRUE);
@@ -258,10 +240,8 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this,
/* iterate over all supplied traffic selectors */
while (supplied_iter->iterate(supplied_iter, (void**)&supplied_ts))
{
- this->logger->log(this->logger, CONTROL|LEVEL2,
- " stored %s <=> %s received",
- stored_ts->get_string(stored_ts),
- supplied_ts->get_string(supplied_ts));
+ DBG2(SIG_DBG_CFG, "stored %R <=> %R received",
+ stored_ts, supplied_ts);
selected_ts = stored_ts->get_subset(stored_ts, supplied_ts);
if (selected_ts)
@@ -269,8 +249,8 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this,
/* got a match, add to list */
selected->insert_last(selected, (void*)selected_ts);
- this->logger->log(this->logger, CONTROL|LEVEL1, " got a match: %s",
- selected_ts->get_string(selected_ts));
+ DBG2(SIG_DBG_CFG, "found traffic selector for %s: %R",
+ stored == this->my_ts ? "us" : "other", selected_ts);
}
}
stored_ts->destroy(stored_ts);
@@ -554,7 +534,6 @@ policy_t *policy_create(char *name, identification_t *my_id, identification_t *o
this->proposals = linked_list_create();
this->my_ts = linked_list_create();
this->other_ts = linked_list_create();
- this->logger = logger_manager->get_logger(logger_manager, CONFIG);
return &this->public;
}
diff --git a/src/charon/config/policies/policy.h b/src/charon/config/policies/policy.h
index 6d80319b4..84f5f2bc9 100644
--- a/src/charon/config/policies/policy.h
+++ b/src/charon/config/policies/policy.h
@@ -58,11 +58,11 @@ enum auth_method_t {
};
/**
- * string mappings for auth_method_t.
- *
+ * enum names for auth_method_t.
+ *
* @ingroup config
*/
-extern enum_names auth_method_names;
+extern enum_name_t *auth_method_names;
typedef enum dpd_action_t dpd_action_t;
@@ -86,9 +86,9 @@ enum dpd_action_t {
};
/**
- * String mappings for dpd_action_t.
+ * enum names for dpd_action_t.
*/
-extern enum_names dpd_action_names;
+extern enum_name_t *dpd_action_names;
typedef struct policy_t policy_t;
diff --git a/src/charon/config/policies/policy_store.h b/src/charon/config/policies/policy_store.h
index 2ea57b8b4..a09263b13 100755
--- a/src/charon/config/policies/policy_store.h
+++ b/src/charon/config/policies/policy_store.h
@@ -101,6 +101,14 @@ struct policy_store_t {
status_t (*delete_policy) (policy_store_t *this, char *name);
/**
+ * @brief Get an iterator for the stored policies.
+ *
+ * @param this calling object
+ * @return iterator over all stored policies
+ */
+ iterator_t* (*create_iterator) (policy_store_t *this);
+
+ /**
* @brief Destroys a policy_store_t object.
*
* @param this calling object
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c
index 393f0f3aa..fac0e31c2 100644
--- a/src/charon/config/proposal.c
+++ b/src/charon/config/proposal.c
@@ -26,45 +26,33 @@
#include <utils/linked_list.h>
#include <utils/identification.h>
-#include <utils/logger.h>
#include <utils/lexparser.h>
#include <crypto/prfs/prf.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
-/**
- * String mappings for protocol_id_t.
- */
-mapping_t protocol_id_m[] = {
- {PROTO_NONE, "PROTO_NONE"},
- {PROTO_IKE, "IKE"},
- {PROTO_AH, "AH"},
- {PROTO_ESP, "ESP"},
- {MAPPING_END, NULL}
-};
+ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
+ "PROTO_NONE",
+ "IKE",
+ "AH",
+ "ESP",
+);
-/**
- * String mappings for transform_type_t.
- */
-mapping_t transform_type_m[] = {
- {UNDEFINED_TRANSFORM_TYPE, "UNDEFINED_TRANSFORM_TYPE"},
- {ENCRYPTION_ALGORITHM, "ENCRYPTION_ALGORITHM"},
- {PSEUDO_RANDOM_FUNCTION, "PSEUDO_RANDOM_FUNCTION"},
- {INTEGRITY_ALGORITHM, "INTEGRITY_ALGORITHM"},
- {DIFFIE_HELLMAN_GROUP, "DIFFIE_HELLMAN_GROUP"},
- {EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"},
- {MAPPING_END, NULL}
-};
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE,
+ "UNDEFINED_TRANSFORM_TYPE");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
+ "ENCRYPTION_ALGORITHM",
+ "PSEUDO_RANDOM_FUNCTION",
+ "INTEGRITY_ALGORITHM",
+ "DIFFIE_HELLMAN_GROUP",
+ "EXTENDED_SEQUENCE_NUMBERS");
+ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
-/**
- * String mappings for extended_sequence_numbers_t.
- */
-mapping_t extended_sequence_numbers_m[] = {
- {NO_EXT_SEQ_NUMBERS, "NO_EXT_SEQ_NUMBERS"},
- {EXT_SEQ_NUMBERS, "EXT_SEQ_NUMBERS"},
- {MAPPING_END, NULL}
-};
+ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
+ "NO_EXT_SEQ_NUMBERS",
+ "EXT_SEQ_NUMBERS",
+);
typedef struct private_proposal_t private_proposal_t;
@@ -389,7 +377,7 @@ static void clone_algo_list(linked_list_t *list, linked_list_t *clone_list)
/**
* Implements proposal_t.clone
*/
-static proposal_t *clone(private_proposal_t *this)
+static proposal_t *clone_(private_proposal_t *this)
{
private_proposal_t *clone = (private_proposal_t*)proposal_create(this->protocol);
@@ -523,7 +511,7 @@ proposal_t *proposal_create(protocol_id_t protocol)
this->public.get_protocol = (protocol_id_t(*)(proposal_t*))get_protocol;
this->public.set_spi = (void(*)(proposal_t*,u_int64_t))set_spi;
this->public.get_spi = (u_int64_t(*)(proposal_t*))get_spi;
- this->public.clone = (proposal_t*(*)(proposal_t*))clone;
+ this->public.clone = (proposal_t*(*)(proposal_t*))clone_;
this->public.destroy = (void(*)(proposal_t*))destroy;
this->spi = 0;
diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h
index ab58ed3bf..5ce19e9da 100644
--- a/src/charon/config/proposal.h
+++ b/src/charon/config/proposal.h
@@ -47,12 +47,12 @@ enum protocol_id_t {
PROTO_ESP = 3,
};
-/**
- * String mappings for protocol_id_t.
- *
+/**
+ * enum names for protocol_id_t
+ *
* @ingroup config
*/
-extern mapping_t protocol_id_m[];
+extern enum_name_t *protocol_id_names;
typedef enum transform_type_t transform_type_t;
@@ -60,7 +60,7 @@ typedef enum transform_type_t transform_type_t;
/**
* Type of a transform, as in IKEv2 RFC 3.3.2.
*
- * @ingroup payloads
+ * @ingroup config
*/
enum transform_type_t {
UNDEFINED_TRANSFORM_TYPE = 241,
@@ -71,12 +71,12 @@ enum transform_type_t {
EXTENDED_SEQUENCE_NUMBERS = 5
};
-/**
- * String mappings for transform_type_t.
- *
- * @ingroup payloads
+/**
+ * enum names for transform_type_t.
+ *
+ * @ingroup config
*/
-extern mapping_t transform_type_m[];
+extern enum_name_t *transform_type_names;
typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
@@ -84,19 +84,19 @@ typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
/**
* Extended sequence numbers, as in IKEv2 RFC 3.3.2.
*
- * @ingroup payloads
+ * @ingroup config
*/
enum extended_sequence_numbers_t {
NO_EXT_SEQ_NUMBERS = 0,
EXT_SEQ_NUMBERS = 1
};
-/**
- * String mappings for extended_sequence_numbers_t.
- *
- * @ingroup payloads
+/**
+ * enum strings for extended_sequence_numbers_t.
+ *
+ * @ingroup config
*/
-extern mapping_t extended_sequence_numbers_m[];
+extern enum_name_t *extended_sequence_numbers_names;
typedef struct algorithm_t algorithm_t;
diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c
index ba6803156..0181dc038 100644
--- a/src/charon/config/traffic_selector.c
+++ b/src/charon/config/traffic_selector.c
@@ -25,12 +25,18 @@
#include <string.h>
#include <netdb.h>
#include <stdio.h>
+#include <printf.h>
#include "traffic_selector.h"
#include <utils/linked_list.h>
#include <utils/identification.h>
+ENUM(ts_type_name, TS_IPV4_ADDR_RANGE, TS_IPV6_ADDR_RANGE,
+ "TS_IPV4_ADDR_RANGE",
+ "TS_IPV6_ADDR_RANGE",
+);
+
typedef struct private_traffic_selector_t private_traffic_selector_t;
/**
@@ -86,11 +92,6 @@ struct private_traffic_selector_t {
* end of port range
*/
u_int16_t to_port;
-
- /**
- * string representation of this traffic selector
- */
- char *string;
};
/**
@@ -146,50 +147,43 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this)
return (size * 8);
}
-
/**
* internal generic constructor
*/
static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port);
/**
- * update the string representation of this traffic selector
+ * output handler in printf()
*/
-static void update_string(private_traffic_selector_t *this)
+static int print(FILE *stream, const struct printf_info *info,
+ const void *const *args)
{
- char buf[256];
+ private_traffic_selector_t *this = *((private_traffic_selector_t**)(args[0]));
+ char addr_str[INET6_ADDRSTRLEN] = "";
+ u_int8_t mask;
struct protoent *proto;
struct servent *serv;
char *serv_proto = NULL;
- char proto_str[8] = "";
- char addr_str[INET6_ADDRSTRLEN];
- char port_str[16] = "";
- char mask_str[8] = "";
- char proto_port_str[32] = "";
- bool has_proto = FALSE, has_port = FALSE;
+ bool has_proto = FALSE;
+ size_t written, total_written = 0;
+#define fprintf_sum(...) { written = fprintf(__VA_ARGS__); if (written < 0) return written; total_written += written; }
+
+ if (this == NULL)
+ {
+ return fprintf(stream, "(null)");
+ }
if (this->type == TS_IPV4_ADDR_RANGE)
{
- u_int8_t mask;
-
- /* build address string */
inet_ntop(AF_INET, &this->from4, addr_str, sizeof(addr_str));
-
- /* build network mask string */
- mask = calc_netbits(this);
- snprintf(mask_str, sizeof(mask_str), "/%d", mask);
}
else
{
- u_int8_t mask;
-
- /* build address string */
inet_ntop(AF_INET6, &this->from6, addr_str, sizeof(addr_str));
-
- /* build network mask string */
- mask = calc_netbits(this);
- snprintf(mask_str, sizeof(mask_str), "/%d", mask);
}
+ mask = calc_netbits(this);
+
+ fprintf_sum(stream, "%s/%d", addr_str, mask);
/* build protocol string */
if (this->protocol)
@@ -197,12 +191,12 @@ static void update_string(private_traffic_selector_t *this)
proto = getprotobynumber(this->protocol);
if (proto)
{
- snprintf(proto_str, sizeof(proto_str), "%s", proto->p_name);
+ fprintf_sum(stream, "[%s", proto->p_name);
serv_proto = proto->p_name;
}
else
{
- snprintf(proto_str, sizeof(proto_str), "%d", this->protocol);
+ fprintf_sum(stream, "[%d", this->protocol);
}
has_proto = TRUE;
}
@@ -210,55 +204,58 @@ static void update_string(private_traffic_selector_t *this)
/* build port string */
if (this->from_port == this->to_port)
{
+ if (has_proto)
+ {
+ fprintf_sum(stream, "/");
+ }
+ else
+ {
+ fprintf_sum(stream, "[");
+ }
serv = getservbyport(htons(this->from_port), serv_proto);
if (serv)
{
- snprintf(port_str, sizeof(port_str), "%s", serv->s_name);
+ fprintf_sum(stream, "%s]", serv->s_name);
}
else
{
- snprintf(port_str, sizeof(port_str), "%d", this->from_port);
+ fprintf_sum(stream, "%d]", this->from_port);
}
- has_port = TRUE;
}
else if (!(this->from_port == 0 && this->to_port == 0xFFFF))
{
- snprintf(port_str, sizeof(port_str), "%d-%d",
- this->from_port, this->to_port);
- has_port = TRUE;
- }
-
- /* concatenate port & proto string */
- if (has_proto && has_port)
- {
- snprintf(proto_port_str, sizeof(proto_port_str), "[%s/%s]",
- proto_str, port_str);
- }
- else if (has_proto)
- {
- snprintf(proto_port_str, sizeof(proto_port_str), "[%s]", proto_str);
- }
- else if (has_port)
- {
- snprintf(proto_port_str, sizeof(proto_port_str), "[%s]", port_str);
+ if (has_proto)
+ {
+ fprintf_sum(stream, "/");
+ }
+ else
+ {
+ fprintf_sum(stream, "[");
+ }
+ fprintf_sum(stream, "%d-%d]", this->from_port, this->to_port);
}
- /* concatenate it all */
- snprintf(buf, sizeof(buf), "%s%s%s", addr_str, mask_str, proto_port_str);
+ return total_written;
+}
- if (this->string)
+/**
+ * arginfo handler in printf()
+ */
+static int print_arginfo(const struct printf_info *info, size_t n, int *argtypes)
+{
+ if (n > 0)
{
- free(this->string);
+ argtypes[0] = PA_POINTER;
}
- this->string = strdup(buf);
+ return 1;
}
/**
- * implements traffic_selector_t.get_string
+ * register printf() handlers
*/
-static char *get_string(private_traffic_selector_t *this)
+static void __attribute__ ((constructor))print_register()
{
- return this->string;
+ register_printf_function(TRAFFIC_SELECTOR_PRINTF_SPEC, print, print_arginfo);
}
/**
@@ -326,7 +323,6 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
new_ts->type = this->type;
memcpy(new_ts->from, from, size);
memcpy(new_ts->to, to, size);
- update_string(new_ts);
return &new_ts->public;
}
@@ -455,22 +451,42 @@ static u_int8_t get_protocol(private_traffic_selector_t *this)
}
/**
+ * Implements traffic_selector_t.is_host.
+ */
+static bool is_host(private_traffic_selector_t *this, host_t *host)
+{
+ chunk_t addr;
+ int family = host->get_family(host);
+
+ if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) ||
+ (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE))
+ {
+ addr = host->get_address(host);
+ if (memeq(addr.ptr, this->from, addr.len) &&
+ memeq(addr.ptr, this->to, addr.len))
+ {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
* Implements traffic_selector_t.update_address_range.
*/
static void update_address_range(private_traffic_selector_t *this, host_t *host)
{
if ((this->type == TS_IPV4_ADDR_RANGE && this->from4[0] == 0) ||
- (this->type == TS_IPV6_ADDR_RANGE && this->from6[0] == 0 &&
- this->from6[1] == 0 && this->from6[2] == 0 && this->from6[3] == 0))
+ (this->type == TS_IPV6_ADDR_RANGE && this->from6[0] == 0 &&
+ this->from6[1] == 0 && this->from6[2] == 0 && this->from6[3] == 0))
{
this->type = host->get_family(host) == AF_INET ?
- TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE;
+ TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE;
chunk_t from = host->get_address(host);
memcpy(this->from, from.ptr, from.len);
memcpy(this->to, from.ptr, from.len);
}
- update_string(this);
}
/**
@@ -488,14 +504,12 @@ static traffic_selector_t *clone_(private_traffic_selector_t *this)
{
memcpy(clone->from4, this->from4, sizeof(this->from4));
memcpy(clone->to4, this->to4, sizeof(this->to4));
- update_string(clone);
return &clone->public;
}
case TS_IPV6_ADDR_RANGE:
{
memcpy(clone->from6, this->from6, sizeof(this->from6));
memcpy(clone->to6, this->to6, sizeof(this->to6));
- update_string(clone);
return &clone->public;
}
default:
@@ -511,7 +525,6 @@ static traffic_selector_t *clone_(private_traffic_selector_t *this)
*/
static void destroy(private_traffic_selector_t *this)
{
- free(this->string);
free(this);
}
@@ -552,9 +565,6 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ
return NULL;
}
}
-
- update_string(this);
-
return (&this->public);
}
@@ -618,9 +628,6 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t ne
this->from_port = port;
this->to_port = port;
}
-
- update_string(this);
-
return (&this->public);
}
@@ -667,9 +674,6 @@ traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_ty
break;
}
}
-
- update_string(this);
-
return (&this->public);
}
@@ -683,13 +687,13 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
/* public functions */
this->public.get_subset = (traffic_selector_t*(*)(traffic_selector_t*,traffic_selector_t*))get_subset;
this->public.equals = (bool(*)(traffic_selector_t*,traffic_selector_t*))equals;
- this->public.get_string = (char*(*)(traffic_selector_t*))get_string;
this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address;
this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address;
this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port;
this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port;
- this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type;
+ this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type;
this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
+ this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host;
this->public.update_address_range = (void(*)(traffic_selector_t*,host_t*))update_address_range;
this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_;
this->public.destroy = (void(*)(traffic_selector_t*))destroy;
@@ -698,7 +702,6 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
this->to_port = to_port;
this->protocol = protocol;
this->type = type;
- this->string = NULL;
return this;
}
diff --git a/src/charon/config/traffic_selector.h b/src/charon/config/traffic_selector.h
index 90437f92f..ef1b83275 100644
--- a/src/charon/config/traffic_selector.h
+++ b/src/charon/config/traffic_selector.h
@@ -27,6 +27,11 @@
#include <types.h>
#include <utils/host.h>
+/**
+ * printf() specifier for tRaffic selectors
+ */
+#define TRAFFIC_SELECTOR_PRINTF_SPEC 'R'
+
typedef enum ts_type_t ts_type_t;
/**
@@ -56,9 +61,9 @@ enum ts_type_t {
};
/**
- * string mappings for ts_type_t
+ * enum names for ts_type_t
*/
-extern mapping_t ts_type_m[];
+extern enum_name_t *ts_type_name;
typedef struct traffic_selector_t traffic_selector_t;
@@ -161,6 +166,18 @@ struct traffic_selector_t {
u_int8_t (*get_protocol) (traffic_selector_t *this);
/**
+ * @brief Check if the traffic selector is for a single host.
+ *
+ * Traffic selector may describe the end of *-to-host tunnel. In this
+ * case, the address range is a single address equal to the hosts
+ * peer address.
+ *
+ * @param this calling obect
+ * @param host host_t specifying the address range
+ */
+ bool (*is_host) (traffic_selector_t *this, host_t* host);
+
+ /**
* @brief Update the address of a traffic selector.
*
* Update the address range of a traffic selector,
@@ -174,16 +191,6 @@ struct traffic_selector_t {
void (*update_address_range) (traffic_selector_t *this, host_t* host);
/**
- * @brief Get a string representation of the traffic selector.
- *
- * String points to internal data, do not free/modify.
- *
- * @param this calling object
- * @return pointer to a string.
- */
- char* (*get_string) (traffic_selector_t *this);
-
- /**
* @brief Compare two traffic selectors for equality.
*
* @param this first to compare
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 16:59:43 +0000