diff options
Diffstat (limited to 'src/charon/config')
-rw-r--r-- | src/charon/config/connections/connection.c | 16 | ||||
-rw-r--r-- | src/charon/config/connections/connection.h | 4 | ||||
-rwxr-xr-x | src/charon/config/connections/connection_store.h | 44 | ||||
-rw-r--r-- | src/charon/config/connections/local_connection_store.c | 66 | ||||
-rwxr-xr-x | src/charon/config/credentials/credential_store.h | 22 | ||||
-rw-r--r-- | src/charon/config/credentials/local_credential_store.c | 229 | ||||
-rw-r--r-- | src/charon/config/policies/local_policy_store.c | 45 | ||||
-rw-r--r-- | src/charon/config/policies/policy.c | 41 | ||||
-rw-r--r-- | src/charon/config/policies/policy.h | 10 | ||||
-rwxr-xr-x | src/charon/config/policies/policy_store.h | 8 | ||||
-rw-r--r-- | src/charon/config/proposal.c | 54 | ||||
-rw-r--r-- | src/charon/config/proposal.h | 32 | ||||
-rw-r--r-- | src/charon/config/traffic_selector.c | 163 | ||||
-rw-r--r-- | src/charon/config/traffic_selector.h | 31 |
14 files changed, 305 insertions, 460 deletions
diff --git a/src/charon/config/connections/connection.c b/src/charon/config/connections/connection.c index 3d001194b..5dfc00eb2 100644 --- a/src/charon/config/connections/connection.c +++ b/src/charon/config/connections/connection.c @@ -24,19 +24,13 @@ #include <string.h> #include <config/connections/connection.h> - #include <utils/linked_list.h> -#include <utils/logger.h> -/** - * String mappings for cert_policy_t. - */ -mapping_t cert_policy_m[] = { - {CERT_ALWAYS_SEND, "CERT_ALWAYS_SEND"}, - {CERT_SEND_IF_ASKED, "CERT_SEND_IF_ASKED"}, - {CERT_NEVER_SEND, "CERT_NEVER_SEND"}, - {MAPPING_END, NULL} -}; +ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND, + "CERT_ALWAYS_SEND", + "CERT_SEND_IF_ASKED", + "CERT_NEVER_SEND" +); typedef struct private_connection_t private_connection_t; diff --git a/src/charon/config/connections/connection.h b/src/charon/config/connections/connection.h index ffe22ad13..b3c1207cc 100644 --- a/src/charon/config/connections/connection.h +++ b/src/charon/config/connections/connection.h @@ -54,11 +54,11 @@ enum cert_policy_t { }; /** - * string mappings for certpolic_t. + * enum strings for cert_policy_t * * @ingroup config */ -extern mapping_t cert_policy_m[]; +extern enum_name_t *cert_policy_names; typedef struct connection_t connection_t; diff --git a/src/charon/config/connections/connection_store.h b/src/charon/config/connections/connection_store.h index 7d42dd26f..9e6c0efe2 100755 --- a/src/charon/config/connections/connection_store.h +++ b/src/charon/config/connections/connection_store.h @@ -25,17 +25,17 @@ #include <types.h> #include <config/connections/connection.h> -#include <utils/logger.h> +#include <utils/iterator.h> typedef struct connection_store_t connection_store_t; /** * @brief The interface for a store of connection_t's. - * + * * @b Constructors: * - stroke_create() - * + * * @ingroup config */ struct connection_store_t { @@ -47,7 +47,7 @@ struct connection_store_t { * It may be used after kernel request for traffic protection. * The returned connection gets created/cloned and therefore must * be destroyed after usage. - * + * * @param this calling object * @param my_id own address of connection * @param other_id others address of connection @@ -55,14 +55,15 @@ struct connection_store_t { * - connection_t, if found * - NULL otherwise */ - connection_t *(*get_connection_by_hosts) (connection_store_t *this, host_t *my_host, host_t *other_host); + connection_t *(*get_connection_by_hosts)(connection_store_t *this, + host_t *my_host, host_t *other_host); /** * @brief Returns a connection identified by its name. - * + * * This call is usefull to get a connection identified its * name, as on an connection setup. - * + * * @param this calling object * @param name name of the connection to get * @return @@ -73,10 +74,10 @@ struct connection_store_t { /** * @brief Add a connection to the store. - * - * After a successful call, the connection is owned by the store and may + * + * After a successful call, the connection is owned by the store and may * not be manipulated nor destroyed. - * + * * @param this calling object * @param connection connection to add * @return @@ -87,10 +88,10 @@ struct connection_store_t { /** * @brief Delete a connection from the store. - * + * * Remove a connection from the connection store, identified * by the connections name. - * + * * @param this calling object * @param name name of the connection to delete * @return @@ -100,25 +101,16 @@ struct connection_store_t { status_t (*delete_connection) (connection_store_t *this, char *name); /** - * @brief Log the connections stored in the store. - * - * Depending on the implementation of the store, the store - * logs various information to the specified logger. - * If logger is NULL, the internal logger is used, if name is - * NULL, all connections are logged - * + * @brief Get an iterator for the stored connections. + * * @param this calling object - * @param logger logger to use for the log, or NULL - * @param name name of the connection, or NULL - * @return - * - SUCCESS, or - * - FAILED + * @return iterator over all stored connections */ - void (*log_connections) (connection_store_t *this, logger_t *logger, char *name); + iterator_t* (*create_iterator) (connection_store_t *this); /** * @brief Destroys a connection_store_t object. - * + * * @param this calling object */ void (*destroy) (connection_store_t *this); diff --git a/src/charon/config/connections/local_connection_store.c b/src/charon/config/connections/local_connection_store.c index af107b83b..8748fb730 100644 --- a/src/charon/config/connections/local_connection_store.c +++ b/src/charon/config/connections/local_connection_store.c @@ -24,8 +24,8 @@ #include "local_connection_store.h" +#include <daemon.h> #include <utils/linked_list.h> -#include <utils/logger_manager.h> typedef struct private_local_connection_store_t private_local_connection_store_t; @@ -49,11 +49,6 @@ struct private_local_connection_store_t { * Mutex to exclusivly access connection list */ pthread_mutex_t mutex; - - /** - * Assigned logger - */ - logger_t *logger; }; @@ -74,9 +69,8 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t connection_t *candidate; connection_t *found = NULL; - this->logger->log(this->logger, CONTROL|LEVEL1, - "looking for connection for host pair %H...%H", - my_host, other_host); + DBG2(SIG_DBG_CFG, "looking for connection for host pair %H...%H", + my_host, other_host); pthread_mutex_lock(&(this->mutex)); iterator = this->connections->create_iterator(this->connections, TRUE); @@ -106,11 +100,9 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t prio |= PRIO_ADDR_ANY; } - this->logger->log(this->logger, CONTROL|LEVEL2, - "candidate connection \"%s\": %H...%H (prio=%d)", - candidate->get_name(candidate), - candidate_my_host, candidate_other_host, - prio); + DBG2(SIG_DBG_CFG, "candidate connection \"%s\": %H...%H (prio=%d)", + candidate->get_name(candidate), + candidate_my_host, candidate_other_host, prio); if (prio > best_prio) { @@ -126,11 +118,8 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t host_t *found_my_host = found->get_my_host(found); host_t *found_other_host = found->get_other_host(found); - this->logger->log(this->logger, CONTROL|LEVEL1, - "found matching connection \"%s\": %H...%H (prio=%d)", - found->get_name(found), - found_my_host, found_other_host, - best_prio); + DBG2(SIG_DBG_CFG, "found matching connection \"%s\": %H...%H (prio=%d)", + found->get_name(found), found_my_host, found_other_host, best_prio); /* give out a new reference to it */ found->get_ref(found); @@ -213,40 +202,12 @@ static status_t add_connection(private_local_connection_store_t *this, connectio } /** - * Implementation of connection_store_t.log_connections. + * Implementation of connection_store_t.create_iterator. */ -void log_connections(private_local_connection_store_t *this, logger_t *logger, char *name) +static iterator_t* create_iterator(private_local_connection_store_t *this) { - iterator_t *iterator; - connection_t *current; - - if (logger == NULL) - { - logger = this->logger; - } - - pthread_mutex_lock(&(this->mutex)); - - iterator = this->connections->create_iterator(this->connections, TRUE); - - if (iterator->get_count(iterator)) - { - logger->log(logger, CONTROL, "Templates:"); - } - while (iterator->has_next(iterator)) - { - iterator->current(iterator, (void**)¤t); - if (current->is_ikev2(current) && ( name == NULL || streq(name, current->get_name(current)))) - { - host_t *my_host = current->get_my_host(current); - host_t *other_host = current->get_other_host(current); - - logger->log(logger, CONTROL, " \"%s\": %H...%H", - current->get_name(current), my_host, other_host); - } - } - iterator->destroy(iterator); - pthread_mutex_unlock(&(this->mutex)); + return this->connections->create_iterator_locked(this->connections, + &this->mutex); } /** @@ -277,12 +238,11 @@ local_connection_store_t * local_connection_store_create(void) this->public.connection_store.get_connection_by_name = (connection_t*(*)(connection_store_t*,char*))get_connection_by_name; this->public.connection_store.delete_connection = (status_t(*)(connection_store_t*,char*))delete_connection; this->public.connection_store.add_connection = (status_t(*)(connection_store_t*,connection_t*))add_connection; - this->public.connection_store.log_connections = (void(*)(connection_store_t*,logger_t*,char*))log_connections; + this->public.connection_store.create_iterator = (iterator_t*(*)(connection_store_t*))create_iterator; this->public.connection_store.destroy = (void(*)(connection_store_t*))destroy; /* private variables */ this->connections = linked_list_create(); - this->logger = logger_manager->get_logger(logger_manager, CONFIG); pthread_mutex_init(&(this->mutex), NULL); return (&this->public); diff --git a/src/charon/config/credentials/credential_store.h b/src/charon/config/credentials/credential_store.h index a9d72b47f..c9bb158d6 100755 --- a/src/charon/config/credentials/credential_store.h +++ b/src/charon/config/credentials/credential_store.h @@ -29,7 +29,6 @@ #include <crypto/rsa/rsa_private_key.h> #include <crypto/rsa/rsa_public_key.h> #include <utils/identification.h> -#include <utils/logger.h> typedef struct credential_store_t credential_store_t; @@ -136,31 +135,28 @@ struct credential_store_t { x509_t* (*add_ca_certificate) (credential_store_t *this, x509_t *cert); /** - * @brief Lists all certificates kept in the local credential store. + * @brief Create an iterator over all end certificates. * * @param this calling object - * @param logger logger to be used - * @param utc log dates either in UTC or local time + * @return iterator */ - void (*log_certificates) (credential_store_t *this, logger_t *logger, bool utc); + iterator_t* (*create_cert_iterator) (credential_store_t *this); /** - * @brief Lists all CA certificates kept in the local credential store. + * @brief Create an iterator over all CA certificates. * * @param this calling object - * @param logger logger to be used - * @param utc log dates either in UTC or local time + * @return iterator */ - void (*log_ca_certificates) (credential_store_t *this, logger_t *logger, bool utc); + iterator_t* (*create_cacert_iterator) (credential_store_t *this); /** - * @brief Lists all CRLs kept in the local credential store. + * @brief Create an iterator over all CRLs. * * @param this calling object - * @param logger logger to be used - * @param utc log dates either in UTC or local time + * @return iterator */ - void (*log_crls) (credential_store_t *this, logger_t *logger, bool utc); + iterator_t* (*create_crl_iterator) (credential_store_t *this); /** * @brief Loads trusted CA certificates from a default directory. diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c index e69418639..be9ac6acb 100644 --- a/src/charon/config/credentials/local_credential_store.c +++ b/src/charon/config/credentials/local_credential_store.c @@ -28,7 +28,6 @@ #include <types.h> #include <utils/lexparser.h> #include <utils/linked_list.h> -#include <utils/logger_manager.h> #include <crypto/certinfo.h> #include <crypto/rsa/rsa_public_key.h> #include <crypto/x509.h> @@ -56,13 +55,6 @@ struct shared_key_t { * list of peer IDs */ linked_list_t *peers; - - /** - * @brief Destroys a shared_key_t object. - * - * @param this calling object - */ - void (*destroy) (shared_key_t *this); }; @@ -88,7 +80,6 @@ static void shared_key_destroy(shared_key_t *this) * @brief Creates a shared_key_t object. * * @param shared_key shared key value - * * @return shared_key_t object * * @ingroup config @@ -97,9 +88,6 @@ static shared_key_t *shared_key_create(chunk_t secret) { shared_key_t *this = malloc_thing(shared_key_t); - /* private functions */ - this->destroy = shared_key_destroy; - /* private data */ this->secret = chunk_clone(secret); this->peers = linked_list_create(); @@ -154,11 +142,6 @@ struct private_local_credential_store_t { * enforce strict crl policy */ bool strict; - - /** - * Assigned logger - */ - logger_t *logger; }; @@ -285,20 +268,19 @@ static rsa_public_key_t *get_trusted_public_key(private_local_credential_store_t ugh = cert->is_valid(cert, NULL); if (ugh != NULL) { - this->logger->log(this->logger, ERROR, "certificate %s"); + DBG1(SIG_DBG_CFG, "certificate %s", ugh); return NULL; } status = cert->get_status(cert); if (status == CERT_REVOKED || status == CERT_UNTRUSTED || (this->strict && status != CERT_GOOD)) { - this->logger->log(this->logger, ERROR, "certificate status: %s", - enum_name(&cert_status_names, status)); + DBG1(SIG_DBG_CFG, "certificate status: %N", cert_status_names, status); return NULL; } if (status == CERT_GOOD && cert->get_until(cert) < time(NULL)) { - this->logger->log(this->logger, ERROR, "certificate is good but crl is stale"); + DBG1(SIG_DBG_CFG, "certificate is good but crl is stale"); return NULL; } @@ -419,20 +401,20 @@ static cert_status_t verify_by_crl(private_local_credential_store_t* this, const crl = get_crl(this, issuer_cert); if (crl == NULL) { - this->logger->log(this->logger, ERROR, "crl not found"); + DBG1(SIG_DBG_CFG, "crl not found"); goto err; } - this->logger->log(this->logger, CONTROL|LEVEL1, "crl found"); + DBG2(SIG_DBG_CFG, "crl found"); - issuer_public_key = issuer_cert->get_public_key(issuer_cert); + issuer_public_key = issuer_cert->get_public_key(issuer_cert); valid_signature = crl->verify(crl, issuer_public_key); if (!valid_signature) { - this->logger->log(this->logger, ERROR, "crl signature is invalid"); + DBG1(SIG_DBG_CFG, "crl signature is invalid"); goto err; } - this->logger->log(this->logger, CONTROL|LEVEL1, "crl signature is valid"); + DBG2(SIG_DBG_CFG, "crl signature is valid"); crl->get_status(crl, certinfo); @@ -490,8 +472,8 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f *found = (cert_copy != NULL); if (*found) { - this->logger->log(this->logger, CONTROL|LEVEL1, - "end entitity certificate is already in credential store"); + DBG2(SIG_DBG_CFG, + "end entitity certificate is already in credential store"); } for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++) @@ -504,39 +486,39 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f identification_t *subject = cert->get_subject(cert); identification_t *issuer = cert->get_issuer(cert); - this->logger->log(this->logger, CONTROL|LEVEL1, "subject: '%D'", subject); - this->logger->log(this->logger, CONTROL|LEVEL1, "issuer: '%D'", issuer); + DBG2(SIG_DBG_CFG, "subject: '%D'", subject); + DBG2(SIG_DBG_CFG, "issuer: '%D'", issuer); ugh = cert->is_valid(cert, &until); if (ugh != NULL) { - this->logger->log(this->logger, ERROR, "certificate %s", ugh); + DBG1(SIG_DBG_CFG, "certificate %s", ugh); return FALSE; } - this->logger->log(this->logger, CONTROL|LEVEL1, "certificate is valid"); + DBG2(SIG_DBG_CFG, "certificate is valid"); issuer_cert = get_issuer_certificate(this, cert); if (issuer_cert == NULL) { - this->logger->log(this->logger, ERROR, "issuer certificate not found"); + DBG1(SIG_DBG_CFG, "issuer certificate not found"); return FALSE; } - this->logger->log(this->logger, CONTROL|LEVEL1, "issuer certificate found"); + DBG2(SIG_DBG_CFG, "issuer certificate found"); issuer_public_key = issuer_cert->get_public_key(issuer_cert); valid_signature = cert->verify(cert, issuer_public_key); if (!valid_signature) { - this->logger->log(this->logger, ERROR, "certificate signature is invalid"); + DBG1(SIG_DBG_CFG, "certificate signature is invalid"); return FALSE; } - this->logger->log(this->logger, CONTROL|LEVEL1, "certificate signature is valid"); + DBG2(SIG_DBG_CFG, "certificate signature is valid"); /* check if cert is a self-signed root ca */ if (pathlen > 0 && cert->is_self_signed(cert)) { - this->logger->log(this->logger, CONTROL|LEVEL1, "reached self-signed root ca"); + DBG2(SIG_DBG_CFG, "reached self-signed root ca"); /* set the definite status and trust interval of the end entity certificate */ end_cert->set_until(end_cert, until); @@ -576,10 +558,10 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f /* if status information is stale */ if (this->strict && nextUpdate < time(NULL)) { - this->logger->log(this->logger, CONTROL|LEVEL1, "certificate is good but status is stale"); + DBG2(SIG_DBG_CFG, "certificate is good but status is stale"); return FALSE; } - this->logger->log(this->logger, CONTROL|LEVEL1, "certificate is good"); + DBG2(SIG_DBG_CFG, "certificate is good"); /* with strict crl policy the public key must have the same * lifetime as the validity of the ocsp status or crl lifetime @@ -589,12 +571,11 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f break; case CERT_REVOKED: { - u_char buf[TIMETOA_BUF]; time_t revocationTime = certinfo->get_revocationTime(certinfo); - - timetoa(buf, TIMETOA_BUF, &revocationTime, TRUE); - this->logger->log(this->logger, ERROR, "certificate was revoked on %s, reason: %s", - buf, certinfo->get_revocationReason(certinfo)); + DBG1(SIG_DBG_CFG, + "certificate was revoked on %T, reason: %N", + revocationTime, crl_reason_names, + certinfo->get_revocationReason(certinfo)); /* set revocationTime */ cert->set_until(cert, revocationTime); @@ -609,7 +590,8 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f else { cert_copy->set_status(cert_copy, CERT_REVOKED); - cert_copy->set_until(cert_copy, certinfo->get_revocationTime(certinfo)); + cert_copy->set_until(cert_copy, + certinfo->get_revocationTime(certinfo)); } } return FALSE; @@ -617,7 +599,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f case CERT_UNKNOWN: case CERT_UNDEFINED: default: - this->logger->log(this->logger, CONTROL|LEVEL1, "certificate status unknown"); + DBG2(SIG_DBG_CFG, "certificate status unknown"); if (this->strict) { /* update status of end certificate in the credential store */ @@ -634,7 +616,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f /* go up one step in the trust chain */ cert = issuer_cert; } - this->logger->log(this->logger, ERROR, "maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN); + DBG1(SIG_DBG_CFG, "maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN); return FALSE; } @@ -674,80 +656,27 @@ static x509_t* add_ca_certificate(private_local_credential_store_t *this, x509_t } /** - * Implements local_credential_store_t.log_certificates + * Implements local_credential_store_t.create_cert_iterator */ -static void log_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc) +static iterator_t* create_cert_iterator(private_local_credential_store_t *this) { - iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE); - - if (iterator->get_count(iterator)) - { - logger->log(logger, CONTROL, ""); - logger->log(logger, CONTROL, "List of X.509 End Entity Certificates:"); - logger->log(logger, CONTROL, ""); - } - - while (iterator->has_next(iterator)) - { - x509_t *cert; - bool has_key; - - iterator->current(iterator, (void**)&cert); - has_key = has_rsa_private_key(this, cert->get_public_key(cert)); - cert->log_certificate(cert, logger, utc, has_key); - } - iterator->destroy(iterator); + return this->certs->create_iterator(this->certs, TRUE); } /** - * Implements local_credential_store_t.log_ca_certificates + * Implements local_credential_store_t.create_cacert_iterator */ -static void log_ca_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc) +static iterator_t* create_cacert_iterator(private_local_credential_store_t *this) { - iterator_t *iterator = this->ca_certs->create_iterator(this->ca_certs, TRUE); - - if (iterator->get_count(iterator)) - { - logger->log(logger, CONTROL, ""); - logger->log(logger, CONTROL, "List of X.509 CA Certificates:"); - logger->log(logger, CONTROL, ""); - } - - while (iterator->has_next(iterator)) - { - x509_t *cert; - - iterator->current(iterator, (void**)&cert); - cert->log_certificate(cert, logger, utc, FALSE); - } - iterator->destroy(iterator); + return this->ca_certs->create_iterator(this->ca_certs, TRUE); } /** - * Implements local_credential_store_t.log_crls + * Implements local_credential_store_t.create_crl_iterator */ -static void log_crls(private_local_credential_store_t *this, logger_t *logger, bool utc) +static iterator_t* create_crl_iterator(private_local_credential_store_t *this) { - iterator_t *iterator = this->crls->create_iterator(this->crls, TRUE); - - pthread_mutex_lock(&(this->crls_mutex)); - if (iterator->get_count(iterator)) - { - logger->log(logger, CONTROL, ""); - logger->log(logger, CONTROL, "List of X.509 CRLs:"); - logger->log(logger, CONTROL, ""); - } - - while (iterator->has_next(iterator)) - { - crl_t *crl; - - iterator->current(iterator, (void**)&crl); - crl->log_crl(crl, logger, utc, this->strict); - } - pthread_mutex_unlock(&(this->crls_mutex)); - - iterator->destroy(iterator); + return this->crls->create_iterator_locked(this->crls, &(this->crls_mutex)); } /** @@ -760,12 +689,12 @@ static void load_ca_certificates(private_local_credential_store_t *this) DIR* dir; x509_t *cert; - this->logger->log(this->logger, CONTROL, "loading ca certificates from '%s/'", CA_CERTIFICATE_DIR); + DBG1(SIG_DBG_CFG, "loading ca certificates from '%s/'", CA_CERTIFICATE_DIR); dir = opendir(CA_CERTIFICATE_DIR); if (dir == NULL) { - this->logger->log(this->logger, ERROR, "error opening ca certs directory %s'", CA_CERTIFICATE_DIR); + DBG1(SIG_DBG_CFG, "error opening ca certs directory %s'", CA_CERTIFICATE_DIR); return; } @@ -787,9 +716,9 @@ static void load_ca_certificates(private_local_credential_store_t *this) { err_t ugh = cert->is_valid(cert, NULL); - if (ugh != NULL) + if (ugh != NULL) { - this->logger->log(this->logger, ERROR, "warning: ca certificate %s", ugh); + DBG1(SIG_DBG_CFG, "warning: ca certificate %s", ugh); } if (cert->is_ca(cert)) { @@ -797,8 +726,7 @@ static void load_ca_certificates(private_local_credential_store_t *this) } else { - this->logger->log(this->logger, ERROR, - " CA basic constraints flag not set, cert discarded"); + DBG1(SIG_DBG_CFG, " CA basic constraints flag not set, cert discarded"); cert->destroy(cert); } } @@ -810,7 +738,7 @@ static void load_ca_certificates(private_local_credential_store_t *this) /** * Add the latest crl to a linked list */ -static crl_t* add_crl(linked_list_t *crls, crl_t *crl, logger_t *logger) +static crl_t* add_crl(linked_list_t *crls, crl_t *crl) { bool found = FALSE; @@ -833,13 +761,13 @@ static crl_t* add_crl(linked_list_t *crls, crl_t *crl, logger_t *logger) { old_crl->destroy(old_crl); } - logger->log(logger, CONTROL|LEVEL1, " thisUpdate is newer - existing crl replaced"); + DBG2(SIG_DBG_CFG, " thisUpdate is newer - existing crl replaced"); } else { crl->destroy(crl); crl = current_crl; - logger->log(logger, CONTROL|LEVEL1, " thisUpdate is not newer - existing crl retained"); + DBG2(SIG_DBG_CFG, " thisUpdate is not newer - existing crl retained"); } break; } @@ -849,7 +777,7 @@ static crl_t* add_crl(linked_list_t *crls, crl_t *crl, logger_t *logger) if (!found) { crls->insert_last(crls, (void*)crl); - logger->log(logger, CONTROL|LEVEL1, " crl added"); + DBG2(SIG_DBG_CFG, " crl added"); } return crl; } @@ -864,12 +792,12 @@ static void load_crls(private_local_credential_store_t *this) DIR* dir; crl_t *crl; - this->logger->log(this->logger, CONTROL, "loading crls from '%s/'", CRL_DIR); + DBG1(SIG_DBG_CFG, "loading crls from '%s/'", CRL_DIR); dir = opendir(CRL_DIR); if (dir == NULL) { - this->logger->log(this->logger, ERROR, "error opening crl directory %s'", CRL_DIR); + DBG1(SIG_DBG_CFG, "error opening crl directory %s'", CRL_DIR); return; } @@ -893,10 +821,10 @@ static void load_crls(private_local_credential_store_t *this) if (ugh != NULL) { - this->logger->log(this->logger, ERROR, "warning: crl %s", ugh); + DBG1(SIG_DBG_CFG, "warning: crl %s", ugh); } pthread_mutex_lock(&(this->crls_mutex)); - crl = add_crl(this->crls, crl, this->logger); + crl = add_crl(this->crls, crl); pthread_mutex_unlock(&(this->crls_mutex)); } } @@ -973,7 +901,7 @@ static void load_secrets(private_local_credential_store_t *this) int line_nr = 0; chunk_t chunk, src, line; - this->logger->log(this->logger, CONTROL, "loading secrets from \"%s\"", SECRETS_FILE); + DBG1(SIG_DBG_CFG, "loading secrets from \"%s\"", SECRETS_FILE); fseek(fd, 0, SEEK_END); chunk.len = ftell(fd); @@ -996,7 +924,7 @@ static void load_secrets(private_local_credential_store_t *this) } if (!extract_token(&ids, ':', &line)) { - this->logger->log(this->logger, ERROR, "line %d: missing ':' separator", line_nr); + DBG1(SIG_DBG_CFG, "line %d: missing ':' separator", line_nr); goto error; } /* NULL terminate the ids string by replacing the : separator */ @@ -1004,7 +932,7 @@ static void load_secrets(private_local_credential_store_t *this) if (!eat_whitespace(&line) || !extract_token(&token, ' ', &line)) { - this->logger->log(this->logger, ERROR, "line %d: missing token", line_nr); + DBG1(SIG_DBG_CFG, "line %d: missing token", line_nr); goto error; } if (match("RSA", &token)) @@ -1022,13 +950,12 @@ static void load_secrets(private_local_credential_store_t *this) if (ugh != NULL) { - this->logger->log(this->logger, ERROR, "line %d: %s", line_nr, ugh); + DBG1(SIG_DBG_CFG, "line %d: %s", line_nr, ugh); goto error; } if (filename.len == 0) { - this->logger->log(this->logger, ERROR, - "line %d: empty filename", line_nr); + DBG1(SIG_DBG_CFG, "line %d: empty filename", line_nr); goto error; } if (*filename.ptr == '/') @@ -1049,8 +976,7 @@ static void load_secrets(private_local_credential_store_t *this) ugh = extract_secret(&secret, &line); if (ugh != NULL) { - this->logger->log(this->logger, ERROR, - "line %d: malformed passphrase: %s", line_nr, ugh); + DBG1(SIG_DBG_CFG, "line %d: malformed passphrase: %s", line_nr, ugh); goto error; } if (secret.len > 0) @@ -1072,23 +998,20 @@ static void load_secrets(private_local_credential_store_t *this) err_t ugh = extract_secret(&secret, &line); if (ugh != NULL) { - this->logger->log(this->logger, ERROR, - "line %d: malformed secret: %s", line_nr, ugh); + DBG1(SIG_DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh); goto error; } if (ids.len > 0) { - this->logger->log(this->logger, CONTROL, - " loading shared key for %s", ids.ptr); + DBG1(SIG_DBG_CFG, " loading shared key for %s", ids.ptr); } else { - this->logger->log(this->logger, CONTROL, - " loading shared key for %%any"); + DBG1(SIG_DBG_CFG, " loading shared key for %%any"); } - this->logger->log_chunk(this->logger, PRIVATE, " secret:", secret); + DBG4(SIG_DBG_CFG, " secret:", secret); shared_key = shared_key_create(secret); if (shared_key) @@ -1103,8 +1026,7 @@ static void load_secrets(private_local_credential_store_t *this) ugh = extract_value(&id, &ids); if (ugh != NULL) { - this->logger->log(this->logger, ERROR, - "line %d: %s", line_nr, ugh); + DBG1(SIG_DBG_CFG, "line %d: %s", line_nr, ugh); goto error; } if (id.len == 0) @@ -1118,8 +1040,7 @@ static void load_secrets(private_local_credential_store_t *this) peer_id = identification_create_from_string(id.ptr); if (peer_id == NULL) { - this->logger->log(this->logger, ERROR, - "line %d: malformed ID: %s", line_nr, id.ptr); + DBG1(SIG_DBG_CFG, "line %d: malformed ID: %s", line_nr, id.ptr); goto error; } @@ -1137,9 +1058,8 @@ static void load_secrets(private_local_credential_store_t *this) } else { - this->logger->log(this->logger, ERROR, - "line %d: token must be either RSA, PSK, or PIN", - line_nr, token.len); + DBG1(SIG_DBG_CFG, "line %d: token must be either " + "RSA, PSK, or PIN", line_nr, token.len); goto error; } } @@ -1148,7 +1068,7 @@ error: } else { - this->logger->log(this->logger, ERROR, "could not open file '%s'", SECRETS_FILE); + DBG1(SIG_DBG_CFG, "could not open file '%s'", SECRETS_FILE); } } @@ -1195,7 +1115,7 @@ static void destroy(private_local_credential_store_t *this) /* destroy shared keys list */ while (this->shared_keys->remove_last(this->shared_keys, (void**)&shared_key) == SUCCESS) { - shared_key->destroy(shared_key); + shared_key_destroy(shared_key); } this->shared_keys->destroy(this->shared_keys); @@ -1218,9 +1138,9 @@ local_credential_store_t * local_credential_store_create(bool strict) this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify; this->public.credential_store.add_end_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_end_certificate; this->public.credential_store.add_ca_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_ca_certificate; - this->public.credential_store.log_certificates = (void (*) (credential_store_t*,logger_t*,bool))log_certificates; - this->public.credential_store.log_ca_certificates = (void (*) (credential_store_t*,logger_t*,bool))log_ca_certificates; - this->public.credential_store.log_crls = (void (*) (credential_store_t*,logger_t*,bool))log_crls; + this->public.credential_store.create_cert_iterator = (iterator_t* (*) (credential_store_t*))create_cert_iterator; + this->public.credential_store.create_cacert_iterator = (iterator_t* (*) (credential_store_t*))create_cacert_iterator; + this->public.credential_store.create_crl_iterator = (iterator_t* (*) (credential_store_t*))create_crl_iterator; this->public.credential_store.load_ca_certificates = (void (*) (credential_store_t*))load_ca_certificates; this->public.credential_store.load_crls = (void (*) (credential_store_t*))load_crls; this->public.credential_store.load_secrets = (void (*) (credential_store_t*))load_secrets; @@ -1230,13 +1150,12 @@ local_credential_store_t * local_credential_store_create(bool strict) pthread_mutex_init(&(this->crls_mutex), NULL); /* private variables */ - this->shared_keys = linked_list_create(); + this->shared_keys = linked_list_create(); this->private_keys = linked_list_create(); - this->certs = linked_list_create(); - this->ca_certs = linked_list_create(); - this->crls = linked_list_create(); + this->certs = linked_list_create(); + this->ca_certs = linked_list_create(); + this->crls = linked_list_create(); this->strict = strict; - this->logger = logger_manager->get_logger(logger_manager, CONFIG); return (&this->public); } diff --git a/src/charon/config/policies/local_policy_store.c b/src/charon/config/policies/local_policy_store.c index 5253cb3fa..577b83a28 100644 --- a/src/charon/config/policies/local_policy_store.c +++ b/src/charon/config/policies/local_policy_store.c @@ -1,8 +1,8 @@ /** * @file local_policy_store.c - * + * * @brief Implementation of local_policy_store_t. - * + * */ /* @@ -24,8 +24,8 @@ #include "local_policy_store.h" +#include <daemon.h> #include <utils/linked_list.h> -#include <utils/logger_manager.h> typedef struct private_local_policy_store_t private_local_policy_store_t; @@ -49,11 +49,6 @@ struct private_local_policy_store_t { * Mutex to exclusivly access list */ pthread_mutex_t mutex; - - /** - * Assigned logger - */ - logger_t *logger; }; /** @@ -116,8 +111,7 @@ static policy_t *get_policy(private_local_policy_store_t *this, policy_t *candidate; policy_t *found = NULL; - this->logger->log(this->logger, CONTROL|LEVEL1, - "searching policy for ID pair %D...%D", my_id, other_id); + DBG2(SIG_DBG_CFG, "searching policy for ID pair %D...%D", my_id, other_id); pthread_mutex_lock(&(this->mutex)); iterator = this->policies->create_iterator(this->policies, TRUE); @@ -149,16 +143,14 @@ static policy_t *get_policy(private_local_policy_store_t *this, if (!contains_traffic_selectors(candidate, TRUE, my_ts, my_host) || !contains_traffic_selectors(candidate, FALSE, other_ts, other_host)) { - this->logger->log(this->logger, CONTROL|LEVEL2, - "candidate '%s' inacceptable due traffic selector mismatch", - candidate->get_name(candidate)); + DBG2(SIG_DBG_CFG, "candidate '%s' inacceptable due traffic " + "selector mismatch", candidate->get_name(candidate)); continue; } - this->logger->log(this->logger, CONTROL|LEVEL2, - "candidate policy '%s': %D...%D (prio=%d)", - candidate->get_name(candidate), - candidate_my_id, candidate_other_id, prio); + DBG2(SIG_DBG_CFG, "candidate policy '%s': %D...%D (prio=%d)", + candidate->get_name(candidate), + candidate_my_id, candidate_other_id, prio); if (prio > best_prio) { @@ -174,10 +166,8 @@ static policy_t *get_policy(private_local_policy_store_t *this, identification_t *found_my_id = found->get_my_id(found); identification_t *found_other_id = found->get_other_id(found); - this->logger->log(this->logger, CONTROL, - "found matching policy '%s': %D...%D (prio=%d)", - found->get_name(found), - found_my_id, found_other_id, best_prio); + DBG1(SIG_DBG_CFG, "found matching policy '%s': %D...%D (prio=%d)", + found->get_name(found), found_my_id, found_other_id, best_prio); /* give out a new reference to it */ found->get_ref(found); } @@ -193,7 +183,7 @@ static policy_t *get_policy_by_name(private_local_policy_store_t *this, char *na iterator_t *iterator; policy_t *current, *found = NULL; - this->logger->log(this->logger, CONTROL|LEVEL1, "looking for policy \"%s\"", name); + DBG2(SIG_DBG_CFG, "looking for policy '%s'", name); pthread_mutex_lock(&(this->mutex)); iterator = this->policies->create_iterator(this->policies, TRUE); @@ -246,6 +236,15 @@ static status_t delete_policy(private_local_policy_store_t *this, char *name) } /** + * Implementation of policy_store_t.create_iterator. + */ +static iterator_t* create_iterator(private_local_policy_store_t *this) +{ + return this->policies->create_iterator_locked(this->policies, + &this->mutex); +} + +/** * Implementation of policy_store_t.destroy. */ static void destroy(private_local_policy_store_t *this) @@ -273,11 +272,11 @@ local_policy_store_t *local_policy_store_create(void) this->public.policy_store.get_policy = (policy_t*(*)(policy_store_t*,identification_t*,identification_t*,linked_list_t*,linked_list_t*,host_t*,host_t*))get_policy; this->public.policy_store.get_policy_by_name = (policy_t*(*)(policy_store_t*,char*))get_policy_by_name; this->public.policy_store.delete_policy = (status_t(*)(policy_store_t*,char*))delete_policy; + this->public.policy_store.create_iterator = (iterator_t*(*)(policy_store_t*))create_iterator; this->public.policy_store.destroy = (void(*)(policy_store_t*))destroy; /* private variables */ this->policies = linked_list_create(); - this->logger = logger_manager->get_logger(logger_manager, CONFIG); pthread_mutex_init(&(this->mutex), NULL); return (&this->public); diff --git a/src/charon/config/policies/policy.c b/src/charon/config/policies/policy.c index e3a1100b9..dcae0504c 100644 --- a/src/charon/config/policies/policy.c +++ b/src/charon/config/policies/policy.c @@ -27,34 +27,23 @@ #include "policy.h" +#include <daemon.h> #include <utils/linked_list.h> #include <utils/identification.h> -#include <utils/logger_manager.h> -/** - * String mappings for auth_method_t. - */ -static const char *const auth_method_name[] = { +ENUM(auth_method_names, RSA_DIGITAL_SIGNATURE, DSS_DIGITAL_SIGNATURE, "RSA signature", "pre-shared key", "DSS signature" -}; +); -enum_names auth_method_names = - { RSA_DIGITAL_SIGNATURE, DSS_DIGITAL_SIGNATURE, auth_method_name, NULL }; -/** - * String mappings for dpd_action_t. - */ -static const char *const dpd_action_name[] = { +ENUM(dpd_action_names, DPD_NONE, DPD_RESTART, "DPD_NONE", "DPD_CLEAR", "DPD_ROUTE", "DPD_RESTART" -}; - -enum_names dpd_action_names = - { DPD_NONE, DPD_RESTART, dpd_action_name, NULL }; +); typedef struct private_policy_t private_policy_t; @@ -148,11 +137,6 @@ struct private_policy_t { * What to do with an SA when other peer seams to be dead? */ bool dpd_action; - - /** - * logger - */ - logger_t *logger; }; /** @@ -239,9 +223,7 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this, traffic_selector_t *supplied_ts, *stored_ts, *selected_ts; linked_list_t *selected = linked_list_create(); - this->logger->log(this->logger, CONTROL|LEVEL1, - "selecting traffic selectors for %s host", - stored == this->my_ts ? "local" : "remote"); + DBG2(SIG_DBG_CFG, "selecting traffic selectors"); stored_iter = stored->create_iterator(stored, TRUE); supplied_iter = supplied->create_iterator(supplied, TRUE); @@ -258,10 +240,8 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this, /* iterate over all supplied traffic selectors */ while (supplied_iter->iterate(supplied_iter, (void**)&supplied_ts)) { - this->logger->log(this->logger, CONTROL|LEVEL2, - " stored %s <=> %s received", - stored_ts->get_string(stored_ts), - supplied_ts->get_string(supplied_ts)); + DBG2(SIG_DBG_CFG, "stored %R <=> %R received", + stored_ts, supplied_ts); selected_ts = stored_ts->get_subset(stored_ts, supplied_ts); if (selected_ts) @@ -269,8 +249,8 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this, /* got a match, add to list */ selected->insert_last(selected, (void*)selected_ts); - this->logger->log(this->logger, CONTROL|LEVEL1, " got a match: %s", - selected_ts->get_string(selected_ts)); + DBG2(SIG_DBG_CFG, "found traffic selector for %s: %R", + stored == this->my_ts ? "us" : "other", selected_ts); } } stored_ts->destroy(stored_ts); @@ -554,7 +534,6 @@ policy_t *policy_create(char *name, identification_t *my_id, identification_t *o this->proposals = linked_list_create(); this->my_ts = linked_list_create(); this->other_ts = linked_list_create(); - this->logger = logger_manager->get_logger(logger_manager, CONFIG); return &this->public; } diff --git a/src/charon/config/policies/policy.h b/src/charon/config/policies/policy.h index 6d80319b4..84f5f2bc9 100644 --- a/src/charon/config/policies/policy.h +++ b/src/charon/config/policies/policy.h @@ -58,11 +58,11 @@ enum auth_method_t { }; /** - * string mappings for auth_method_t. - * + * enum names for auth_method_t. + * * @ingroup config */ -extern enum_names auth_method_names; +extern enum_name_t *auth_method_names; typedef enum dpd_action_t dpd_action_t; @@ -86,9 +86,9 @@ enum dpd_action_t { }; /** - * String mappings for dpd_action_t. + * enum names for dpd_action_t. */ -extern enum_names dpd_action_names; +extern enum_name_t *dpd_action_names; typedef struct policy_t policy_t; diff --git a/src/charon/config/policies/policy_store.h b/src/charon/config/policies/policy_store.h index 2ea57b8b4..a09263b13 100755 --- a/src/charon/config/policies/policy_store.h +++ b/src/charon/config/policies/policy_store.h @@ -101,6 +101,14 @@ struct policy_store_t { status_t (*delete_policy) (policy_store_t *this, char *name); /** + * @brief Get an iterator for the stored policies. + * + * @param this calling object + * @return iterator over all stored policies + */ + iterator_t* (*create_iterator) (policy_store_t *this); + + /** * @brief Destroys a policy_store_t object. * * @param this calling object diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c index 393f0f3aa..fac0e31c2 100644 --- a/src/charon/config/proposal.c +++ b/src/charon/config/proposal.c @@ -26,45 +26,33 @@ #include <utils/linked_list.h> #include <utils/identification.h> -#include <utils/logger.h> #include <utils/lexparser.h> #include <crypto/prfs/prf.h> #include <crypto/crypters/crypter.h> #include <crypto/signers/signer.h> -/** - * String mappings for protocol_id_t. - */ -mapping_t protocol_id_m[] = { - {PROTO_NONE, "PROTO_NONE"}, - {PROTO_IKE, "IKE"}, - {PROTO_AH, "AH"}, - {PROTO_ESP, "ESP"}, - {MAPPING_END, NULL} -}; +ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP, + "PROTO_NONE", + "IKE", + "AH", + "ESP", +); -/** - * String mappings for transform_type_t. - */ -mapping_t transform_type_m[] = { - {UNDEFINED_TRANSFORM_TYPE, "UNDEFINED_TRANSFORM_TYPE"}, - {ENCRYPTION_ALGORITHM, "ENCRYPTION_ALGORITHM"}, - {PSEUDO_RANDOM_FUNCTION, "PSEUDO_RANDOM_FUNCTION"}, - {INTEGRITY_ALGORITHM, "INTEGRITY_ALGORITHM"}, - {DIFFIE_HELLMAN_GROUP, "DIFFIE_HELLMAN_GROUP"}, - {EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"}, - {MAPPING_END, NULL} -}; +ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE, + "UNDEFINED_TRANSFORM_TYPE"); +ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE, + "ENCRYPTION_ALGORITHM", + "PSEUDO_RANDOM_FUNCTION", + "INTEGRITY_ALGORITHM", + "DIFFIE_HELLMAN_GROUP", + "EXTENDED_SEQUENCE_NUMBERS"); +ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS); -/** - * String mappings for extended_sequence_numbers_t. - */ -mapping_t extended_sequence_numbers_m[] = { - {NO_EXT_SEQ_NUMBERS, "NO_EXT_SEQ_NUMBERS"}, - {EXT_SEQ_NUMBERS, "EXT_SEQ_NUMBERS"}, - {MAPPING_END, NULL} -}; +ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, + "NO_EXT_SEQ_NUMBERS", + "EXT_SEQ_NUMBERS", +); typedef struct private_proposal_t private_proposal_t; @@ -389,7 +377,7 @@ static void clone_algo_list(linked_list_t *list, linked_list_t *clone_list) /** * Implements proposal_t.clone */ -static proposal_t *clone(private_proposal_t *this) +static proposal_t *clone_(private_proposal_t *this) { private_proposal_t *clone = (private_proposal_t*)proposal_create(this->protocol); @@ -523,7 +511,7 @@ proposal_t *proposal_create(protocol_id_t protocol) this->public.get_protocol = (protocol_id_t(*)(proposal_t*))get_protocol; this->public.set_spi = (void(*)(proposal_t*,u_int64_t))set_spi; this->public.get_spi = (u_int64_t(*)(proposal_t*))get_spi; - this->public.clone = (proposal_t*(*)(proposal_t*))clone; + this->public.clone = (proposal_t*(*)(proposal_t*))clone_; this->public.destroy = (void(*)(proposal_t*))destroy; this->spi = 0; diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h index ab58ed3bf..5ce19e9da 100644 --- a/src/charon/config/proposal.h +++ b/src/charon/config/proposal.h @@ -47,12 +47,12 @@ enum protocol_id_t { PROTO_ESP = 3, }; -/** - * String mappings for protocol_id_t. - * +/** + * enum names for protocol_id_t + * * @ingroup config */ -extern mapping_t protocol_id_m[]; +extern enum_name_t *protocol_id_names; typedef enum transform_type_t transform_type_t; @@ -60,7 +60,7 @@ typedef enum transform_type_t transform_type_t; /** * Type of a transform, as in IKEv2 RFC 3.3.2. * - * @ingroup payloads + * @ingroup config */ enum transform_type_t { UNDEFINED_TRANSFORM_TYPE = 241, @@ -71,12 +71,12 @@ enum transform_type_t { EXTENDED_SEQUENCE_NUMBERS = 5 }; -/** - * String mappings for transform_type_t. - * - * @ingroup payloads +/** + * enum names for transform_type_t. + * + * @ingroup config */ -extern mapping_t transform_type_m[]; +extern enum_name_t *transform_type_names; typedef enum extended_sequence_numbers_t extended_sequence_numbers_t; @@ -84,19 +84,19 @@ typedef enum extended_sequence_numbers_t extended_sequence_numbers_t; /** * Extended sequence numbers, as in IKEv2 RFC 3.3.2. * - * @ingroup payloads + * @ingroup config */ enum extended_sequence_numbers_t { NO_EXT_SEQ_NUMBERS = 0, EXT_SEQ_NUMBERS = 1 }; -/** - * String mappings for extended_sequence_numbers_t. - * - * @ingroup payloads +/** + * enum strings for extended_sequence_numbers_t. + * + * @ingroup config */ -extern mapping_t extended_sequence_numbers_m[]; +extern enum_name_t *extended_sequence_numbers_names; typedef struct algorithm_t algorithm_t; diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c index ba6803156..0181dc038 100644 --- a/src/charon/config/traffic_selector.c +++ b/src/charon/config/traffic_selector.c @@ -25,12 +25,18 @@ #include <string.h> #include <netdb.h> #include <stdio.h> +#include <printf.h> #include "traffic_selector.h" #include <utils/linked_list.h> #include <utils/identification.h> +ENUM(ts_type_name, TS_IPV4_ADDR_RANGE, TS_IPV6_ADDR_RANGE, + "TS_IPV4_ADDR_RANGE", + "TS_IPV6_ADDR_RANGE", +); + typedef struct private_traffic_selector_t private_traffic_selector_t; /** @@ -86,11 +92,6 @@ struct private_traffic_selector_t { * end of port range */ u_int16_t to_port; - - /** - * string representation of this traffic selector - */ - char *string; }; /** @@ -146,50 +147,43 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this) return (size * 8); } - /** * internal generic constructor */ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port); /** - * update the string representation of this traffic selector + * output handler in printf() */ -static void update_string(private_traffic_selector_t *this) +static int print(FILE *stream, const struct printf_info *info, + const void *const *args) { - char buf[256]; + private_traffic_selector_t *this = *((private_traffic_selector_t**)(args[0])); + char addr_str[INET6_ADDRSTRLEN] = ""; + u_int8_t mask; struct protoent *proto; struct servent *serv; char *serv_proto = NULL; - char proto_str[8] = ""; - char addr_str[INET6_ADDRSTRLEN]; - char port_str[16] = ""; - char mask_str[8] = ""; - char proto_port_str[32] = ""; - bool has_proto = FALSE, has_port = FALSE; + bool has_proto = FALSE; + size_t written, total_written = 0; +#define fprintf_sum(...) { written = fprintf(__VA_ARGS__); if (written < 0) return written; total_written += written; } + + if (this == NULL) + { + return fprintf(stream, "(null)"); + } if (this->type == TS_IPV4_ADDR_RANGE) { - u_int8_t mask; - - /* build address string */ inet_ntop(AF_INET, &this->from4, addr_str, sizeof(addr_str)); - - /* build network mask string */ - mask = calc_netbits(this); - snprintf(mask_str, sizeof(mask_str), "/%d", mask); } else { - u_int8_t mask; - - /* build address string */ inet_ntop(AF_INET6, &this->from6, addr_str, sizeof(addr_str)); - - /* build network mask string */ - mask = calc_netbits(this); - snprintf(mask_str, sizeof(mask_str), "/%d", mask); } + mask = calc_netbits(this); + + fprintf_sum(stream, "%s/%d", addr_str, mask); /* build protocol string */ if (this->protocol) @@ -197,12 +191,12 @@ static void update_string(private_traffic_selector_t *this) proto = getprotobynumber(this->protocol); if (proto) { - snprintf(proto_str, sizeof(proto_str), "%s", proto->p_name); + fprintf_sum(stream, "[%s", proto->p_name); serv_proto = proto->p_name; } else { - snprintf(proto_str, sizeof(proto_str), "%d", this->protocol); + fprintf_sum(stream, "[%d", this->protocol); } has_proto = TRUE; } @@ -210,55 +204,58 @@ static void update_string(private_traffic_selector_t *this) /* build port string */ if (this->from_port == this->to_port) { + if (has_proto) + { + fprintf_sum(stream, "/"); + } + else + { + fprintf_sum(stream, "["); + } serv = getservbyport(htons(this->from_port), serv_proto); if (serv) { - snprintf(port_str, sizeof(port_str), "%s", serv->s_name); + fprintf_sum(stream, "%s]", serv->s_name); } else { - snprintf(port_str, sizeof(port_str), "%d", this->from_port); + fprintf_sum(stream, "%d]", this->from_port); } - has_port = TRUE; } else if (!(this->from_port == 0 && this->to_port == 0xFFFF)) { - snprintf(port_str, sizeof(port_str), "%d-%d", - this->from_port, this->to_port); - has_port = TRUE; - } - - /* concatenate port & proto string */ - if (has_proto && has_port) - { - snprintf(proto_port_str, sizeof(proto_port_str), "[%s/%s]", - proto_str, port_str); - } - else if (has_proto) - { - snprintf(proto_port_str, sizeof(proto_port_str), "[%s]", proto_str); - } - else if (has_port) - { - snprintf(proto_port_str, sizeof(proto_port_str), "[%s]", port_str); + if (has_proto) + { + fprintf_sum(stream, "/"); + } + else + { + fprintf_sum(stream, "["); + } + fprintf_sum(stream, "%d-%d]", this->from_port, this->to_port); } - /* concatenate it all */ - snprintf(buf, sizeof(buf), "%s%s%s", addr_str, mask_str, proto_port_str); + return total_written; +} - if (this->string) +/** + * arginfo handler in printf() + */ +static int print_arginfo(const struct printf_info *info, size_t n, int *argtypes) +{ + if (n > 0) { - free(this->string); + argtypes[0] = PA_POINTER; } - this->string = strdup(buf); + return 1; } /** - * implements traffic_selector_t.get_string + * register printf() handlers */ -static char *get_string(private_traffic_selector_t *this) +static void __attribute__ ((constructor))print_register() { - return this->string; + register_printf_function(TRAFFIC_SELECTOR_PRINTF_SPEC, print, print_arginfo); } /** @@ -326,7 +323,6 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_ new_ts->type = this->type; memcpy(new_ts->from, from, size); memcpy(new_ts->to, to, size); - update_string(new_ts); return &new_ts->public; } @@ -455,22 +451,42 @@ static u_int8_t get_protocol(private_traffic_selector_t *this) } /** + * Implements traffic_selector_t.is_host. + */ +static bool is_host(private_traffic_selector_t *this, host_t *host) +{ + chunk_t addr; + int family = host->get_family(host); + + if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) || + (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE)) + { + addr = host->get_address(host); + if (memeq(addr.ptr, this->from, addr.len) && + memeq(addr.ptr, this->to, addr.len)) + { + return TRUE; + } + } + return FALSE; +} + +/** * Implements traffic_selector_t.update_address_range. */ static void update_address_range(private_traffic_selector_t *this, host_t *host) { if ((this->type == TS_IPV4_ADDR_RANGE && this->from4[0] == 0) || - (this->type == TS_IPV6_ADDR_RANGE && this->from6[0] == 0 && - this->from6[1] == 0 && this->from6[2] == 0 && this->from6[3] == 0)) + (this->type == TS_IPV6_ADDR_RANGE && this->from6[0] == 0 && + this->from6[1] == 0 && this->from6[2] == 0 && this->from6[3] == 0)) { this->type = host->get_family(host) == AF_INET ? - TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE; + TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE; chunk_t from = host->get_address(host); memcpy(this->from, from.ptr, from.len); memcpy(this->to, from.ptr, from.len); } - update_string(this); } /** @@ -488,14 +504,12 @@ static traffic_selector_t *clone_(private_traffic_selector_t *this) { memcpy(clone->from4, this->from4, sizeof(this->from4)); memcpy(clone->to4, this->to4, sizeof(this->to4)); - update_string(clone); return &clone->public; } case TS_IPV6_ADDR_RANGE: { memcpy(clone->from6, this->from6, sizeof(this->from6)); memcpy(clone->to6, this->to6, sizeof(this->to6)); - update_string(clone); return &clone->public; } default: @@ -511,7 +525,6 @@ static traffic_selector_t *clone_(private_traffic_selector_t *this) */ static void destroy(private_traffic_selector_t *this) { - free(this->string); free(this); } @@ -552,9 +565,6 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ return NULL; } } - - update_string(this); - return (&this->public); } @@ -618,9 +628,6 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t ne this->from_port = port; this->to_port = port; } - - update_string(this); - return (&this->public); } @@ -667,9 +674,6 @@ traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_ty break; } } - - update_string(this); - return (&this->public); } @@ -683,13 +687,13 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts /* public functions */ this->public.get_subset = (traffic_selector_t*(*)(traffic_selector_t*,traffic_selector_t*))get_subset; this->public.equals = (bool(*)(traffic_selector_t*,traffic_selector_t*))equals; - this->public.get_string = (char*(*)(traffic_selector_t*))get_string; this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address; this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address; this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port; this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port; - this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type; + this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type; this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol; + this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host; this->public.update_address_range = (void(*)(traffic_selector_t*,host_t*))update_address_range; this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_; this->public.destroy = (void(*)(traffic_selector_t*))destroy; @@ -698,7 +702,6 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts this->to_port = to_port; this->protocol = protocol; this->type = type; - this->string = NULL; return this; } diff --git a/src/charon/config/traffic_selector.h b/src/charon/config/traffic_selector.h index 90437f92f..ef1b83275 100644 --- a/src/charon/config/traffic_selector.h +++ b/src/charon/config/traffic_selector.h @@ -27,6 +27,11 @@ #include <types.h> #include <utils/host.h> +/** + * printf() specifier for tRaffic selectors + */ +#define TRAFFIC_SELECTOR_PRINTF_SPEC 'R' + typedef enum ts_type_t ts_type_t; /** @@ -56,9 +61,9 @@ enum ts_type_t { }; /** - * string mappings for ts_type_t + * enum names for ts_type_t */ -extern mapping_t ts_type_m[]; +extern enum_name_t *ts_type_name; typedef struct traffic_selector_t traffic_selector_t; @@ -161,6 +166,18 @@ struct traffic_selector_t { u_int8_t (*get_protocol) (traffic_selector_t *this); /** + * @brief Check if the traffic selector is for a single host. + * + * Traffic selector may describe the end of *-to-host tunnel. In this + * case, the address range is a single address equal to the hosts + * peer address. + * + * @param this calling obect + * @param host host_t specifying the address range + */ + bool (*is_host) (traffic_selector_t *this, host_t* host); + + /** * @brief Update the address of a traffic selector. * * Update the address range of a traffic selector, @@ -174,16 +191,6 @@ struct traffic_selector_t { void (*update_address_range) (traffic_selector_t *this, host_t* host); /** - * @brief Get a string representation of the traffic selector. - * - * String points to internal data, do not free/modify. - * - * @param this calling object - * @return pointer to a string. - */ - char* (*get_string) (traffic_selector_t *this); - - /** * @brief Compare two traffic selectors for equality. * * @param this first to compare |