diff options
Diffstat (limited to 'src/charon/sa/tasks')
| -rw-r--r-- | src/charon/sa/tasks/child_create.c | 56 | ||||
| -rw-r--r-- | src/charon/sa/tasks/child_delete.c | 6 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_auth.c | 44 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_init.c | 26 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_me.c | 6 |
5 files changed, 72 insertions, 66 deletions
diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c index 9d3243360..8c58b4ec8 100644 --- a/src/charon/sa/tasks/child_create.c +++ b/src/charon/sa/tasks/child_create.c @@ -199,12 +199,12 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) if (this->proposals == NULL) { - SIG(CHILD_UP_FAILED, "SA payload missing in message"); + SIG_CHD(UP_FAILED, this->child_sa, "SA payload missing in message"); return FAILED; } if (this->tsi == NULL || this->tsr == NULL) { - SIG(CHILD_UP_FAILED, "TS payloads missing in message"); + SIG_CHD(UP_FAILED, this->child_sa, "TS payloads missing in message"); return NOT_FOUND; } @@ -232,7 +232,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) no_dh); if (this->proposal == NULL) { - SIG(CHILD_UP_FAILED, "no acceptable proposal found"); + SIG_CHD(UP_FAILED, this->child_sa, "no acceptable proposal found"); return FAILED; } @@ -243,15 +243,15 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) { - SIG(CHILD_UP_FAILED, "DH group %N inacceptable, requesting %N", - diffie_hellman_group_names, this->dh_group, - diffie_hellman_group_names, group); + SIG_CHD(UP_FAILED, this->child_sa, "DH group %N inacceptable, " + "requesting %N", diffie_hellman_group_names, this->dh_group, + diffie_hellman_group_names, group); this->dh_group = group; return INVALID_ARG; } else { - SIG(CHILD_UP_FAILED, "no acceptable proposal found"); + SIG_CHD(UP_FAILED, this->child_sa, "no acceptable proposal found"); return FAILED; } } @@ -279,7 +279,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) { my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy)); - SIG(CHILD_UP_FAILED, "no acceptable traffic selectors found"); + SIG_CHD(UP_FAILED, this->child_sa, "no acceptable traffic selectors found"); return NOT_FOUND; } @@ -331,7 +331,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) { if (this->dh->get_shared_secret(this->dh, &secret) != SUCCESS) { - SIG(CHILD_UP_FAILED, "DH exchange incomplete"); + SIG_CHD(UP_FAILED, this->child_sa, "DH exchange incomplete"); return FAILED; } DBG3(DBG_IKE, "DH secret %B", &secret); @@ -352,7 +352,8 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) this->mode, this->proposal->get_protocol(this->proposal)); if (status != SUCCESS) { - SIG(CHILD_UP_FAILED, "unable to install IPsec policies (SPD) in kernel"); + SIG_CHD(UP_FAILED, this->child_sa, + "unable to install IPsec policies (SPD) in kernel"); return NOT_FOUND; } @@ -371,7 +372,8 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) if (status != SUCCESS) { - SIG(CHILD_UP_FAILED, "unable to install IPsec SA (SAD) in kernel"); + SIG_CHD(UP_FAILED, this->child_sa, + "unable to install IPsec SA (SAD) in kernel"); return FAILED; } /* add to IKE_SA, and remove from task */ @@ -588,7 +590,7 @@ static status_t build_i(private_child_create_t *this, message_t *message) break; } - SIG(CHILD_UP_START, "establishing CHILD_SA"); + SIG_CHD(UP_START, NULL, "establishing CHILD_SA"); /* reuse virtual IP if we already have one */ me = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); @@ -639,7 +641,8 @@ static status_t build_i(private_child_create_t *this, message_t *message) if (this->child_sa->alloc(this->child_sa, this->proposals) != SUCCESS) { - SIG(CHILD_UP_FAILED, "unable to allocate SPIs from kernel"); + SIG_CHD(UP_FAILED, this->child_sa, + "unable to allocate SPIs from kernel"); return FAILED; } @@ -773,14 +776,15 @@ static status_t build_r(private_child_create_t *this, message_t *message) if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) { - SIG(CHILD_UP_FAILED, "unable to create CHILD_SA while rekeying IKE_SA"); + SIG_CHD(UP_FAILED, NULL, + "unable to create CHILD_SA while rekeying IKE_SA"); message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty); return SUCCESS; } if (this->config == NULL) { - SIG(CHILD_UP_FAILED, "traffic selectors %#R=== %#R inacceptable", + SIG_CHD(UP_FAILED, NULL, "traffic selectors %#R=== %#R inacceptable", this->tsr, this->tsi); message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty); handle_child_sa_failure(this, message); @@ -800,7 +804,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) case INTERNAL_ADDRESS_FAILURE: case FAILED_CP_REQUIRED: { - SIG(CHILD_UP_FAILED, "configuration payload negotation " + SIG_CHD(UP_FAILED, NULL, "configuration payload negotation " "failed, no CHILD_SA built"); iterator->destroy(iterator); handle_child_sa_failure(this, message); @@ -857,8 +861,8 @@ static status_t build_r(private_child_create_t *this, message_t *message) build_payloads(this, message); - SIG(CHILD_UP_SUCCESS, "CHILD_SA '%s' established successfully", - this->child_sa->get_name(this->child_sa)); + SIG_CHD(UP_SUCCESS, this->child_sa, "CHILD_SA '%s' established successfully", + this->child_sa->get_name(this->child_sa)); return SUCCESS; } @@ -910,8 +914,8 @@ static status_t process_i(private_child_create_t *this, message_t *message) case TS_UNACCEPTABLE: case INVALID_SELECTORS: { - SIG(CHILD_UP_FAILED, "received %N notify, no CHILD_SA built", - notify_type_names, type); + SIG_CHD(UP_FAILED, this->child_sa, "received %N notify, " + "no CHILD_SA built", notify_type_names, type); iterator->destroy(iterator); handle_child_sa_failure(this, message); /* an error in CHILD_SA creation is not critical */ @@ -944,8 +948,8 @@ static status_t process_i(private_child_create_t *this, message_t *message) if (this->ipcomp == IPCOMP_NONE && this->ipcomp_received != IPCOMP_NONE) { - SIG(CHILD_UP_FAILED, "received an IPCOMP_SUPPORTED notify but we did not " - "send one previously, no CHILD_SA built"); + SIG_CHD(UP_FAILED, this->child_sa, "received an IPCOMP_SUPPORTED notify" + " but we did not send one previously, no CHILD_SA built"); handle_child_sa_failure(this, message); return SUCCESS; } @@ -957,16 +961,16 @@ static status_t process_i(private_child_create_t *this, message_t *message) } else if (this->ipcomp != IPCOMP_NONE && this->ipcomp != this->ipcomp_received) { - SIG(CHILD_UP_FAILED, "received an IPCOMP_SUPPORTED notify for a transform " - "we did not propose, no CHILD_SA built"); + SIG_CHD(UP_FAILED, this->child_sa, "received an IPCOMP_SUPPORTED notify" + " for a transform we did not propose, no CHILD_SA built"); handle_child_sa_failure(this, message); return SUCCESS; } if (select_and_install(this, no_dh) == SUCCESS) { - SIG(CHILD_UP_SUCCESS, "CHILD_SA '%s' established successfully", - this->child_sa->get_name(this->child_sa)); + SIG_CHD(UP_SUCCESS, this->child_sa, "CHILD_SA '%s' established " + "successfully", this->child_sa->get_name(this->child_sa)); } else { diff --git a/src/charon/sa/tasks/child_delete.c b/src/charon/sa/tasks/child_delete.c index e3022a3b0..264650cda 100644 --- a/src/charon/sa/tasks/child_delete.c +++ b/src/charon/sa/tasks/child_delete.c @@ -207,7 +207,7 @@ static void log_children(private_child_delete_t *this) iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) { - SIG(CHILD_DOWN_START, "closing CHILD_SA %#R=== %#R", + SIG_CHD(DOWN_START, child_sa, "closing CHILD_SA %#R=== %#R", child_sa->get_traffic_selectors(child_sa, TRUE), child_sa->get_traffic_selectors(child_sa, FALSE)); } @@ -234,7 +234,7 @@ static status_t process_i(private_child_delete_t *this, message_t *message) this->child_sas = linked_list_create(); process_payloads(this, message); - SIG(CHILD_DOWN_SUCCESS, "CHILD_SA closed"); + SIG_CHD(DOWN_SUCCESS, NULL, "CHILD_SA closed"); return destroy_and_reestablish(this); } @@ -258,7 +258,7 @@ static status_t build_r(private_child_delete_t *this, message_t *message) { build_payloads(this, message); } - SIG(CHILD_DOWN_SUCCESS, "CHILD_SA closed"); + SIG_CHD(DOWN_SUCCESS, NULL, "CHILD_SA closed"); return destroy_and_reestablish(this); } diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c index 0a4e84469..003fd4b8d 100644 --- a/src/charon/sa/tasks/ike_auth.c +++ b/src/charon/sa/tasks/ike_auth.c @@ -164,7 +164,7 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message) config = this->ike_sa->get_peer_cfg(this->ike_sa); if (!config) { - SIG(IKE_UP_FAILED, "unable to authenticate, no peer config found"); + SIG_IKE(UP_FAILED, "unable to authenticate, no peer config found"); return FAILED; } method = config->get_auth_method(config); @@ -172,7 +172,7 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message) auth = authenticator_create(this->ike_sa, method); if (auth == NULL) { - SIG(IKE_UP_FAILED, "configured authentication method %N not supported", + SIG_IKE(UP_FAILED, "configured authentication method %N not supported", config_auth_method_names, method); return FAILED; } @@ -182,7 +182,7 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message) auth->destroy(auth); if (status != SUCCESS) { - SIG(IKE_UP_FAILED, "generating authentication data failed"); + SIG_IKE(UP_FAILED, "generating authentication data failed"); return FAILED; } message->add_payload(message, (payload_t*)auth_payload); @@ -207,7 +207,7 @@ static status_t build_id(private_ike_auth_t *this, message_t *message) me = config->get_my_id(config); if (me->contains_wildcards(me)) { - SIG(IKE_UP_FAILED, "negotiation of own ID failed"); + SIG_IKE(UP_FAILED, "negotiation of own ID failed"); return FAILED; } this->ike_sa->set_my_id(this->ike_sa, me->clone(me)); @@ -248,7 +248,7 @@ static status_t process_auth(private_ike_auth_t *this, message_t *message) if (auth == NULL) { - SIG(IKE_UP_FAILED, "authentication method %N used by '%D' not " + SIG_IKE(UP_FAILED, "authentication method %N used by '%D' not " "supported", auth_method_names, auth_method, this->ike_sa->get_other_id(this->ike_sa)); return NOT_SUPPORTED; @@ -258,7 +258,7 @@ static status_t process_auth(private_ike_auth_t *this, message_t *message) auth->destroy(auth); if (status != SUCCESS) { - SIG(IKE_UP_FAILED, "authentication of '%D' with %N failed", + SIG_IKE(UP_FAILED, "authentication of '%D' with %N failed", this->ike_sa->get_other_id(this->ike_sa), auth_method_names, auth_method); return FAILED; @@ -279,7 +279,7 @@ static status_t process_id(private_ike_auth_t *this, message_t *message) if ((this->initiator && idr == NULL) || (!this->initiator && idi == NULL)) { - SIG(IKE_UP_FAILED, "ID payload missing in message"); + SIG_IKE(UP_FAILED, "ID payload missing in message"); return FAILED; } @@ -289,7 +289,7 @@ static status_t process_id(private_ike_auth_t *this, message_t *message) req = this->ike_sa->get_other_id(this->ike_sa); if (!id->matches(id, req)) { - SIG(IKE_UP_FAILED, "peer ID '%D' unacceptable, '%D' required", id, req); + SIG_IKE(UP_FAILED, "peer ID '%D' unacceptable, '%D' required", id, req); id->destroy(id); return FAILED; } @@ -366,7 +366,7 @@ static status_t build_auth_eap(private_ike_auth_t *this, message_t *message) if (auth->build(auth, this->my_packet->get_data(this->my_packet), this->other_nonce, &auth_payload) != SUCCESS) { - SIG(IKE_UP_FAILED, "generating authentication data failed"); + SIG_IKE(UP_FAILED, "generating authentication data failed"); if (!this->initiator) { message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); @@ -377,7 +377,7 @@ static status_t build_auth_eap(private_ike_auth_t *this, message_t *message) if (!this->initiator) { this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); - SIG(IKE_UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H", + SIG_IKE(UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_my_id(this->ike_sa), @@ -411,7 +411,7 @@ static status_t process_auth_eap(private_ike_auth_t *this, message_t *message) if (!this->peer_authenticated) { - SIG(IKE_UP_FAILED, "authentication of '%D' with %N failed", + SIG_IKE(UP_FAILED, "authentication of '%D' with %N failed", this->ike_sa->get_other_id(this->ike_sa), auth_method_names, AUTH_EAP); if (this->initiator) @@ -423,7 +423,7 @@ static status_t process_auth_eap(private_ike_auth_t *this, message_t *message) if (this->initiator) { this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); - SIG(IKE_UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H", + SIG_IKE(UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_my_id(this->ike_sa), @@ -444,7 +444,7 @@ static status_t process_eap_i(private_ike_auth_t *this, message_t *message) eap = (eap_payload_t*)message->get_payload(message, EXTENSIBLE_AUTHENTICATION); if (eap == NULL) { - SIG(IKE_UP_FAILED, "EAP payload missing"); + SIG_IKE(UP_FAILED, "EAP payload missing"); return FAILED; } switch (this->eap_auth->process(this->eap_auth, eap, &eap)) @@ -460,7 +460,7 @@ static status_t process_eap_i(private_ike_auth_t *this, message_t *message) return NEED_MORE; default: this->eap_payload = NULL; - SIG(IKE_UP_FAILED, "failed to authenticate against '%D' using EAP", + SIG_IKE(UP_FAILED, "failed to authenticate against '%D' using EAP", this->ike_sa->get_other_id(this->ike_sa)); return FAILED; } @@ -495,7 +495,7 @@ static status_t build_eap_r(private_ike_auth_t *this, message_t *message) if (this->eap_payload == NULL) { - SIG(IKE_UP_FAILED, "EAP payload missing"); + SIG_IKE(UP_FAILED, "EAP payload missing"); return FAILED; } @@ -510,7 +510,7 @@ static status_t build_eap_r(private_ike_auth_t *this, message_t *message) this->public.task.process = (status_t(*)(task_t*,message_t*))process_auth_eap; break; default: - SIG(IKE_UP_FAILED, "authentication of '%D' with %N failed", + SIG_IKE(UP_FAILED, "authentication of '%D' with %N failed", this->ike_sa->get_other_id(this->ike_sa), auth_method_names, AUTH_EAP); status = FAILED; @@ -625,7 +625,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) config = this->ike_sa->get_peer_cfg(this->ike_sa); if (config == NULL) { - SIG(IKE_UP_FAILED, "no matching config found for '%D'...'%D'", + SIG_IKE(UP_FAILED, "no matching config found for '%D'...'%D'", this->ike_sa->get_my_id(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); @@ -649,7 +649,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) if (this->peer_authenticated) { this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); - SIG(IKE_UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H", + SIG_IKE(UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_my_id(this->ike_sa), @@ -665,7 +665,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) message->add_payload(message, (payload_t*)eap_payload); if (status != NEED_MORE) { - SIG(IKE_UP_FAILED, "unable to initiate EAP authentication"); + SIG_IKE(UP_FAILED, "unable to initiate EAP authentication"); return FAILED; } @@ -725,7 +725,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) { if (type < 16383) { - SIG(IKE_UP_FAILED, "received %N notify error", + SIG_IKE(UP_FAILED, "received %N notify error", notify_type_names, type); iterator->destroy(iterator); return FAILED; @@ -757,12 +757,12 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) auth = this->ike_sa->get_other_auth(this->ike_sa); if (!auth->complies(auth, config->get_auth(config))) { - SIG(IKE_UP_FAILED, "authorization of '%D' for config %s failed", + SIG_IKE(UP_FAILED, "authorization of '%D' for config %s failed", this->ike_sa->get_other_id(this->ike_sa), config->get_name(config)); return FAILED; } this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); - SIG(IKE_UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H", + SIG_IKE(UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_my_id(this->ike_sa), diff --git a/src/charon/sa/tasks/ike_init.c b/src/charon/sa/tasks/ike_init.c index 5a94ca6c0..9c513b20f 100644 --- a/src/charon/sa/tasks/ike_init.c +++ b/src/charon/sa/tasks/ike_init.c @@ -230,14 +230,14 @@ static status_t build_i(private_ike_init_t *this, message_t *message) rng_t *rng; this->config = this->ike_sa->get_ike_cfg(this->ike_sa); - SIG(IKE_UP_START, "initiating IKE_SA '%s' to %H", + SIG_IKE(UP_START, "initiating IKE_SA '%s' to %H", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa)); this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING); if (this->retry++ >= MAX_RETRIES) { - SIG(IKE_UP_FAILED, "giving up after %d retries", MAX_RETRIES); + SIG_IKE(UP_FAILED, "giving up after %d retries", MAX_RETRIES); return FAILED; } @@ -248,7 +248,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message) this->dh = lib->crypto->create_dh(lib->crypto, this->dh_group); if (this->dh == NULL) { - SIG(IKE_UP_FAILED, "configured DH group %N not supported", + SIG_IKE(UP_FAILED, "configured DH group %N not supported", diffie_hellman_group_names, this->dh_group); return FAILED; } @@ -260,7 +260,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message) rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { - SIG(IKE_UP_FAILED, "error generating nonce"); + SIG_IKE(UP_FAILED, "error generating nonce"); return FAILED; } rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce); @@ -295,7 +295,7 @@ static status_t process_r(private_ike_init_t *this, message_t *message) rng_t *rng; this->config = this->ike_sa->get_ike_cfg(this->ike_sa); - SIG(IKE_UP_START, "%H is initiating an IKE_SA", + SIG_IKE(UP_START, "%H is initiating an IKE_SA", message->get_source(message)); this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING); @@ -375,7 +375,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message) if (this->proposal == NULL || this->other_nonce.len == 0 || this->my_nonce.len == 0) { - SIG(IKE_UP_FAILED, "received proposals inacceptable"); + SIG_IKE(UP_FAILED, "received proposals inacceptable"); message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return FAILED; } @@ -389,7 +389,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message) if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) { - SIG(CHILD_UP_FAILED, "DH group %N inacceptable, requesting %N", + SIG_CHD(UP_FAILED, NULL, "DH group %N inacceptable, requesting %N", diffie_hellman_group_names, this->dh_group, diffie_hellman_group_names, group); this->dh_group = group; @@ -399,7 +399,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message) } else { - SIG(IKE_UP_FAILED, "no acceptable proposal found"); + SIG_IKE(UP_FAILED, "no acceptable proposal found"); } return FAILED; } @@ -429,7 +429,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message) } if (status != SUCCESS) { - SIG(IKE_UP_FAILED, "key derivation failed"); + SIG_IKE(UP_FAILED, "key derivation failed"); message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return FAILED; } @@ -504,7 +504,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) { if (type < 16383) { - SIG(IKE_UP_FAILED, "received %N notify error", + SIG_IKE(UP_FAILED, "received %N notify error", notify_type_names, type); iterator->destroy(iterator); return FAILED; @@ -524,7 +524,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) if (this->proposal == NULL || this->other_nonce.len == 0 || this->my_nonce.len == 0) { - SIG(IKE_UP_FAILED, "peer's proposal selection invalid"); + SIG_IKE(UP_FAILED, "peer's proposal selection invalid"); return FAILED; } @@ -532,7 +532,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) !this->proposal->has_dh_group(this->proposal, this->dh_group) || this->dh->get_shared_secret(this->dh, &secret) != SUCCESS) { - SIG(IKE_UP_FAILED, "peer's DH group selection invalid"); + SIG_IKE(UP_FAILED, "peer's DH group selection invalid"); return FAILED; } @@ -561,7 +561,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) } if (status != SUCCESS) { - SIG(IKE_UP_FAILED, "key derivation failed"); + SIG_IKE(UP_FAILED, "key derivation failed"); return FAILED; } diff --git a/src/charon/sa/tasks/ike_me.c b/src/charon/sa/tasks/ike_me.c index 43bafaaf3..9d0f37a45 100644 --- a/src/charon/sa/tasks/ike_me.c +++ b/src/charon/sa/tasks/ike_me.c @@ -461,7 +461,8 @@ static status_t process_i(private_ike_me_t *this, message_t *message) this->ike_sa->set_server_reflexive_host(this->ike_sa, endpoint->clone(endpoint)); } /* FIXME: what if it failed? e.g. AUTH failure */ - SIG(CHILD_UP_SUCCESS, "established mediation connection without CHILD_SA successfully"); + SIG_CHD(UP_SUCCESS, NULL, "established mediation connection " + "without CHILD_SA successfully"); break; } @@ -641,7 +642,8 @@ static status_t build_r_ms(private_ike_me_t *this, message_t *message) /* FIXME: we actually must delete any existing IKE_SAs with the same remote id */ this->ike_sa->act_as_mediation_server(this->ike_sa); - SIG(CHILD_UP_SUCCESS, "established mediation connection without CHILD_SA successfully"); + SIG_CHD(UP_SUCCESS, NULL, "established mediation connection " + "without CHILD_SA successfully"); break; } |