aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/sa')
-rw-r--r--src/charon/sa/connect_manager.c2
-rw-r--r--src/charon/sa/ike_sa.c42
-rw-r--r--src/charon/sa/task_manager.c12
-rw-r--r--src/charon/sa/tasks/child_create.c56
-rw-r--r--src/charon/sa/tasks/child_delete.c6
-rw-r--r--src/charon/sa/tasks/ike_auth.c44
-rw-r--r--src/charon/sa/tasks/ike_init.c26
-rw-r--r--src/charon/sa/tasks/ike_me.c6
8 files changed, 100 insertions, 94 deletions
diff --git a/src/charon/sa/connect_manager.c b/src/charon/sa/connect_manager.c
index 0f156cf2d..d087383af 100644
--- a/src/charon/sa/connect_manager.c
+++ b/src/charon/sa/connect_manager.c
@@ -1160,7 +1160,7 @@ static job_requeue_t initiate_mediated(initiate_data_t *data)
ike_sa_t *sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, waiting_sa);
if (sa->initiate_mediated(sa, pair->local, pair->remote, checklist->connect_id) != SUCCESS)
{
- SIG(IKE_UP_FAILED, "establishing the mediated connection failed");
+ SIG_IKE(UP_FAILED, "establishing the mediated connection failed");
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
}
charon->ike_sa_manager->checkin(charon->ike_sa_manager, sa);
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index 9ffc8d935..04fb55829 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -1087,8 +1087,8 @@ static status_t initiate_with_reqid(private_ike_sa_t *this, child_cfg_t *child_c
)
{
child_cfg->destroy(child_cfg);
- SIG(IKE_UP_START, "initiating IKE_SA");
- SIG(IKE_UP_FAILED, "unable to initiate to %%any");
+ SIG_IKE(UP_START, "initiating IKE_SA");
+ SIG_IKE(UP_FAILED, "unable to initiate to %%any");
return DESTROY_ME;
}
@@ -1125,7 +1125,7 @@ static status_t initiate_with_reqid(private_ike_sa_t *this, child_cfg_t *child_c
/* mediation connection */
if (this->state == IKE_ESTABLISHED)
{ /* FIXME: we should try to find a better solution to this */
- SIG(CHILD_UP_SUCCESS, "mediation connection is already up and running");
+ SIG_CHD(UP_SUCCESS, NULL, "mediation connection is already up and running");
}
DESTROY_IF(child_cfg);
}
@@ -1175,8 +1175,8 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
if (this->state == IKE_DELETING)
{
- SIG(CHILD_UP_START, "acquiring CHILD_SA on kernel request");
- SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
+ SIG_CHD(UP_START, NULL, "acquiring CHILD_SA on kernel request");
+ SIG_CHD(UP_FAILED, NULL, "acquiring CHILD_SA (reqid %d) failed: "
"IKE_SA is deleting", reqid);
return FAILED;
}
@@ -1194,8 +1194,8 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
iterator->destroy(iterator);
if (!child_sa)
{
- SIG(CHILD_UP_START, "acquiring CHILD_SA on kernel request");
- SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
+ SIG_CHD(UP_START, NULL, "acquiring CHILD_SA on kernel request");
+ SIG_CHD(UP_FAILED, NULL, "acquiring CHILD_SA (reqid %d) failed: "
"CHILD_SA not found", reqid);
return FAILED;
}
@@ -1217,7 +1217,7 @@ static status_t route(private_ike_sa_t *this, child_cfg_t *child_cfg)
host_t *me, *other;
status_t status;
- SIG(CHILD_ROUTE_START, "routing CHILD_SA");
+ SIG_CHD(ROUTE_START, NULL, "routing CHILD_SA");
/* check if not already routed*/
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
@@ -1227,7 +1227,7 @@ static status_t route(private_ike_sa_t *this, child_cfg_t *child_cfg)
streq(child_sa->get_name(child_sa), child_cfg->get_name(child_cfg)))
{
iterator->destroy(iterator);
- SIG(CHILD_ROUTE_FAILED, "CHILD_SA with such a config already routed");
+ SIG_CHD(ROUTE_FAILED, child_sa, "CHILD_SA with such a config already routed");
return FAILED;
}
}
@@ -1237,7 +1237,7 @@ static status_t route(private_ike_sa_t *this, child_cfg_t *child_cfg)
{
case IKE_DELETING:
case IKE_REKEYING:
- SIG(CHILD_ROUTE_FAILED,
+ SIG_CHD(ROUTE_FAILED, NULL,
"unable to route CHILD_SA, as its IKE_SA gets deleted");
return FAILED;
case IKE_CREATED:
@@ -1272,11 +1272,11 @@ static status_t route(private_ike_sa_t *this, child_cfg_t *child_cfg)
if (status == SUCCESS)
{
this->child_sas->insert_last(this->child_sas, child_sa);
- SIG(CHILD_ROUTE_SUCCESS, "CHILD_SA routed");
+ SIG_CHD(ROUTE_SUCCESS, child_sa, "CHILD_SA routed");
}
else
{
- SIG(CHILD_ROUTE_FAILED, "routing CHILD_SA failed");
+ SIG_CHD(ROUTE_FAILED, child_sa, "routing CHILD_SA failed");
}
return status;
}
@@ -1290,7 +1290,7 @@ static status_t unroute(private_ike_sa_t *this, u_int32_t reqid)
child_sa_t *child_sa;
bool found = FALSE;
- SIG(CHILD_UNROUTE_START, "unrouting CHILD_SA");
+ SIG_CHD(UNROUTE_START, NULL, "unrouting CHILD_SA");
/* find CHILD_SA in ROUTED state */
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
@@ -1300,7 +1300,7 @@ static status_t unroute(private_ike_sa_t *this, u_int32_t reqid)
child_sa->get_reqid(child_sa) == reqid)
{
iterator->remove(iterator);
- SIG(CHILD_UNROUTE_SUCCESS, "CHILD_SA unrouted");
+ SIG_CHD(UNROUTE_SUCCESS, child_sa, "CHILD_SA unrouted");
child_sa->destroy(child_sa);
found = TRUE;
break;
@@ -1310,7 +1310,7 @@ static status_t unroute(private_ike_sa_t *this, u_int32_t reqid)
if (!found)
{
- SIG(CHILD_UNROUTE_FAILED, "CHILD_SA to unroute not found");
+ SIG_CHD(UNROUTE_FAILED, NULL, "CHILD_SA to unroute not found");
return FAILED;
}
/* if we are not established, and we have no more routed childs, remove whole SA */
@@ -1879,10 +1879,10 @@ static status_t delete_(private_ike_sa_t *this)
this->task_manager->queue_task(this->task_manager, &ike_delete->task);
return this->task_manager->initiate(this->task_manager);
case IKE_CREATED:
- SIG(IKE_DOWN_SUCCESS, "deleting unestablished IKE_SA");
+ SIG_IKE(DOWN_SUCCESS, "deleting unestablished IKE_SA");
break;
default:
- SIG(IKE_DOWN_SUCCESS, "destroying IKE_SA in state %N "
+ SIG_IKE(DOWN_SUCCESS, "destroying IKE_SA in state %N "
"without notification", ike_sa_state_names, this->state);
break;
}
@@ -2086,19 +2086,19 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
this->keyingtry++;
if (tries == 0 || tries > this->keyingtry)
{
- SIG(IKE_UP_FAILED, "peer not responding, trying again "
+ SIG_IKE(UP_FAILED, "peer not responding, trying again "
"(%d/%d) in background ", this->keyingtry + 1, tries);
reset(this);
return this->task_manager->initiate(this->task_manager);
}
- SIG(IKE_UP_FAILED, "establishing IKE_SA failed, peer not responding");
+ SIG_IKE(UP_FAILED, "establishing IKE_SA failed, peer not responding");
break;
}
case IKE_DELETING:
- SIG(IKE_DOWN_FAILED, "proper IKE_SA delete failed, peer not responding");
+ SIG_IKE(DOWN_FAILED, "proper IKE_SA delete failed, peer not responding");
break;
case IKE_REKEYING:
- SIG(IKE_REKEY_FAILED, "rekeying IKE_SA failed, peer not responding");
+ SIG_IKE(REKEY_FAILED, "rekeying IKE_SA failed, peer not responding");
/* FALL */
default:
reestablish(this);
diff --git a/src/charon/sa/task_manager.c b/src/charon/sa/task_manager.c
index b1c755a1a..158375c91 100644
--- a/src/charon/sa/task_manager.c
+++ b/src/charon/sa/task_manager.c
@@ -159,22 +159,22 @@ static void flush(private_task_manager_t *this)
switch (task->get_type(task))
{
case IKE_AUTH:
- SIG(IKE_UP_FAILED, "establishing IKE_SA failed");
+ SIG_IKE(UP_FAILED, "establishing IKE_SA failed");
break;
case IKE_DELETE:
- SIG(IKE_DOWN_FAILED, "IKE_SA deleted");
+ SIG_IKE(DOWN_FAILED, "IKE_SA deleted");
break;
case IKE_REKEY:
- SIG(IKE_REKEY_FAILED, "rekeying IKE_SA failed");
+ SIG_IKE(REKEY_FAILED, "rekeying IKE_SA failed");
break;
case CHILD_CREATE:
- SIG(CHILD_UP_FAILED, "establishing CHILD_SA failed");
+ SIG_CHD(UP_FAILED, NULL, "establishing CHILD_SA failed");
break;
case CHILD_DELETE:
- SIG(CHILD_DOWN_FAILED, "deleting CHILD_SA failed");
+ SIG_CHD(DOWN_FAILED, NULL, "deleting CHILD_SA failed");
break;
case CHILD_REKEY:
- SIG(IKE_REKEY_FAILED, "rekeying CHILD_SA failed");
+ SIG_IKE(REKEY_FAILED, "rekeying CHILD_SA failed");
break;
default:
break;
diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c
index 9d3243360..8c58b4ec8 100644
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/charon/sa/tasks/child_create.c
@@ -199,12 +199,12 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
if (this->proposals == NULL)
{
- SIG(CHILD_UP_FAILED, "SA payload missing in message");
+ SIG_CHD(UP_FAILED, this->child_sa, "SA payload missing in message");
return FAILED;
}
if (this->tsi == NULL || this->tsr == NULL)
{
- SIG(CHILD_UP_FAILED, "TS payloads missing in message");
+ SIG_CHD(UP_FAILED, this->child_sa, "TS payloads missing in message");
return NOT_FOUND;
}
@@ -232,7 +232,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
no_dh);
if (this->proposal == NULL)
{
- SIG(CHILD_UP_FAILED, "no acceptable proposal found");
+ SIG_CHD(UP_FAILED, this->child_sa, "no acceptable proposal found");
return FAILED;
}
@@ -243,15 +243,15 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
&group, NULL))
{
- SIG(CHILD_UP_FAILED, "DH group %N inacceptable, requesting %N",
- diffie_hellman_group_names, this->dh_group,
- diffie_hellman_group_names, group);
+ SIG_CHD(UP_FAILED, this->child_sa, "DH group %N inacceptable, "
+ "requesting %N", diffie_hellman_group_names, this->dh_group,
+ diffie_hellman_group_names, group);
this->dh_group = group;
return INVALID_ARG;
}
else
{
- SIG(CHILD_UP_FAILED, "no acceptable proposal found");
+ SIG_CHD(UP_FAILED, this->child_sa, "no acceptable proposal found");
return FAILED;
}
}
@@ -279,7 +279,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
{
my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
- SIG(CHILD_UP_FAILED, "no acceptable traffic selectors found");
+ SIG_CHD(UP_FAILED, this->child_sa, "no acceptable traffic selectors found");
return NOT_FOUND;
}
@@ -331,7 +331,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
{
if (this->dh->get_shared_secret(this->dh, &secret) != SUCCESS)
{
- SIG(CHILD_UP_FAILED, "DH exchange incomplete");
+ SIG_CHD(UP_FAILED, this->child_sa, "DH exchange incomplete");
return FAILED;
}
DBG3(DBG_IKE, "DH secret %B", &secret);
@@ -352,7 +352,8 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
this->mode, this->proposal->get_protocol(this->proposal));
if (status != SUCCESS)
{
- SIG(CHILD_UP_FAILED, "unable to install IPsec policies (SPD) in kernel");
+ SIG_CHD(UP_FAILED, this->child_sa,
+ "unable to install IPsec policies (SPD) in kernel");
return NOT_FOUND;
}
@@ -371,7 +372,8 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
if (status != SUCCESS)
{
- SIG(CHILD_UP_FAILED, "unable to install IPsec SA (SAD) in kernel");
+ SIG_CHD(UP_FAILED, this->child_sa,
+ "unable to install IPsec SA (SAD) in kernel");
return FAILED;
}
/* add to IKE_SA, and remove from task */
@@ -588,7 +590,7 @@ static status_t build_i(private_child_create_t *this, message_t *message)
break;
}
- SIG(CHILD_UP_START, "establishing CHILD_SA");
+ SIG_CHD(UP_START, NULL, "establishing CHILD_SA");
/* reuse virtual IP if we already have one */
me = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE);
@@ -639,7 +641,8 @@ static status_t build_i(private_child_create_t *this, message_t *message)
if (this->child_sa->alloc(this->child_sa, this->proposals) != SUCCESS)
{
- SIG(CHILD_UP_FAILED, "unable to allocate SPIs from kernel");
+ SIG_CHD(UP_FAILED, this->child_sa,
+ "unable to allocate SPIs from kernel");
return FAILED;
}
@@ -773,14 +776,15 @@ static status_t build_r(private_child_create_t *this, message_t *message)
if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING)
{
- SIG(CHILD_UP_FAILED, "unable to create CHILD_SA while rekeying IKE_SA");
+ SIG_CHD(UP_FAILED, NULL,
+ "unable to create CHILD_SA while rekeying IKE_SA");
message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty);
return SUCCESS;
}
if (this->config == NULL)
{
- SIG(CHILD_UP_FAILED, "traffic selectors %#R=== %#R inacceptable",
+ SIG_CHD(UP_FAILED, NULL, "traffic selectors %#R=== %#R inacceptable",
this->tsr, this->tsi);
message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty);
handle_child_sa_failure(this, message);
@@ -800,7 +804,7 @@ static status_t build_r(private_child_create_t *this, message_t *message)
case INTERNAL_ADDRESS_FAILURE:
case FAILED_CP_REQUIRED:
{
- SIG(CHILD_UP_FAILED, "configuration payload negotation "
+ SIG_CHD(UP_FAILED, NULL, "configuration payload negotation "
"failed, no CHILD_SA built");
iterator->destroy(iterator);
handle_child_sa_failure(this, message);
@@ -857,8 +861,8 @@ static status_t build_r(private_child_create_t *this, message_t *message)
build_payloads(this, message);
- SIG(CHILD_UP_SUCCESS, "CHILD_SA '%s' established successfully",
- this->child_sa->get_name(this->child_sa));
+ SIG_CHD(UP_SUCCESS, this->child_sa, "CHILD_SA '%s' established successfully",
+ this->child_sa->get_name(this->child_sa));
return SUCCESS;
}
@@ -910,8 +914,8 @@ static status_t process_i(private_child_create_t *this, message_t *message)
case TS_UNACCEPTABLE:
case INVALID_SELECTORS:
{
- SIG(CHILD_UP_FAILED, "received %N notify, no CHILD_SA built",
- notify_type_names, type);
+ SIG_CHD(UP_FAILED, this->child_sa, "received %N notify, "
+ "no CHILD_SA built", notify_type_names, type);
iterator->destroy(iterator);
handle_child_sa_failure(this, message);
/* an error in CHILD_SA creation is not critical */
@@ -944,8 +948,8 @@ static status_t process_i(private_child_create_t *this, message_t *message)
if (this->ipcomp == IPCOMP_NONE && this->ipcomp_received != IPCOMP_NONE)
{
- SIG(CHILD_UP_FAILED, "received an IPCOMP_SUPPORTED notify but we did not "
- "send one previously, no CHILD_SA built");
+ SIG_CHD(UP_FAILED, this->child_sa, "received an IPCOMP_SUPPORTED notify"
+ " but we did not send one previously, no CHILD_SA built");
handle_child_sa_failure(this, message);
return SUCCESS;
}
@@ -957,16 +961,16 @@ static status_t process_i(private_child_create_t *this, message_t *message)
}
else if (this->ipcomp != IPCOMP_NONE && this->ipcomp != this->ipcomp_received)
{
- SIG(CHILD_UP_FAILED, "received an IPCOMP_SUPPORTED notify for a transform "
- "we did not propose, no CHILD_SA built");
+ SIG_CHD(UP_FAILED, this->child_sa, "received an IPCOMP_SUPPORTED notify"
+ " for a transform we did not propose, no CHILD_SA built");
handle_child_sa_failure(this, message);
return SUCCESS;
}
if (select_and_install(this, no_dh) == SUCCESS)
{
- SIG(CHILD_UP_SUCCESS, "CHILD_SA '%s' established successfully",
- this->child_sa->get_name(this->child_sa));
+ SIG_CHD(UP_SUCCESS, this->child_sa, "CHILD_SA '%s' established "
+ "successfully", this->child_sa->get_name(this->child_sa));
}
else
{
diff --git a/src/charon/sa/tasks/child_delete.c b/src/charon/sa/tasks/child_delete.c
index e3022a3b0..264650cda 100644
--- a/src/charon/sa/tasks/child_delete.c
+++ b/src/charon/sa/tasks/child_delete.c
@@ -207,7 +207,7 @@ static void log_children(private_child_delete_t *this)
iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
while (iterator->iterate(iterator, (void**)&child_sa))
{
- SIG(CHILD_DOWN_START, "closing CHILD_SA %#R=== %#R",
+ SIG_CHD(DOWN_START, child_sa, "closing CHILD_SA %#R=== %#R",
child_sa->get_traffic_selectors(child_sa, TRUE),
child_sa->get_traffic_selectors(child_sa, FALSE));
}
@@ -234,7 +234,7 @@ static status_t process_i(private_child_delete_t *this, message_t *message)
this->child_sas = linked_list_create();
process_payloads(this, message);
- SIG(CHILD_DOWN_SUCCESS, "CHILD_SA closed");
+ SIG_CHD(DOWN_SUCCESS, NULL, "CHILD_SA closed");
return destroy_and_reestablish(this);
}
@@ -258,7 +258,7 @@ static status_t build_r(private_child_delete_t *this, message_t *message)
{
build_payloads(this, message);
}
- SIG(CHILD_DOWN_SUCCESS, "CHILD_SA closed");
+ SIG_CHD(DOWN_SUCCESS, NULL, "CHILD_SA closed");
return destroy_and_reestablish(this);
}
diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c
index 0a4e84469..003fd4b8d 100644
--- a/src/charon/sa/tasks/ike_auth.c
+++ b/src/charon/sa/tasks/ike_auth.c
@@ -164,7 +164,7 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message)
config = this->ike_sa->get_peer_cfg(this->ike_sa);
if (!config)
{
- SIG(IKE_UP_FAILED, "unable to authenticate, no peer config found");
+ SIG_IKE(UP_FAILED, "unable to authenticate, no peer config found");
return FAILED;
}
method = config->get_auth_method(config);
@@ -172,7 +172,7 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message)
auth = authenticator_create(this->ike_sa, method);
if (auth == NULL)
{
- SIG(IKE_UP_FAILED, "configured authentication method %N not supported",
+ SIG_IKE(UP_FAILED, "configured authentication method %N not supported",
config_auth_method_names, method);
return FAILED;
}
@@ -182,7 +182,7 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message)
auth->destroy(auth);
if (status != SUCCESS)
{
- SIG(IKE_UP_FAILED, "generating authentication data failed");
+ SIG_IKE(UP_FAILED, "generating authentication data failed");
return FAILED;
}
message->add_payload(message, (payload_t*)auth_payload);
@@ -207,7 +207,7 @@ static status_t build_id(private_ike_auth_t *this, message_t *message)
me = config->get_my_id(config);
if (me->contains_wildcards(me))
{
- SIG(IKE_UP_FAILED, "negotiation of own ID failed");
+ SIG_IKE(UP_FAILED, "negotiation of own ID failed");
return FAILED;
}
this->ike_sa->set_my_id(this->ike_sa, me->clone(me));
@@ -248,7 +248,7 @@ static status_t process_auth(private_ike_auth_t *this, message_t *message)
if (auth == NULL)
{
- SIG(IKE_UP_FAILED, "authentication method %N used by '%D' not "
+ SIG_IKE(UP_FAILED, "authentication method %N used by '%D' not "
"supported", auth_method_names, auth_method,
this->ike_sa->get_other_id(this->ike_sa));
return NOT_SUPPORTED;
@@ -258,7 +258,7 @@ static status_t process_auth(private_ike_auth_t *this, message_t *message)
auth->destroy(auth);
if (status != SUCCESS)
{
- SIG(IKE_UP_FAILED, "authentication of '%D' with %N failed",
+ SIG_IKE(UP_FAILED, "authentication of '%D' with %N failed",
this->ike_sa->get_other_id(this->ike_sa),
auth_method_names, auth_method);
return FAILED;
@@ -279,7 +279,7 @@ static status_t process_id(private_ike_auth_t *this, message_t *message)
if ((this->initiator && idr == NULL) || (!this->initiator && idi == NULL))
{
- SIG(IKE_UP_FAILED, "ID payload missing in message");
+ SIG_IKE(UP_FAILED, "ID payload missing in message");
return FAILED;
}
@@ -289,7 +289,7 @@ static status_t process_id(private_ike_auth_t *this, message_t *message)
req = this->ike_sa->get_other_id(this->ike_sa);
if (!id->matches(id, req))
{
- SIG(IKE_UP_FAILED, "peer ID '%D' unacceptable, '%D' required", id, req);
+ SIG_IKE(UP_FAILED, "peer ID '%D' unacceptable, '%D' required", id, req);
id->destroy(id);
return FAILED;
}
@@ -366,7 +366,7 @@ static status_t build_auth_eap(private_ike_auth_t *this, message_t *message)
if (auth->build(auth, this->my_packet->get_data(this->my_packet),
this->other_nonce, &auth_payload) != SUCCESS)
{
- SIG(IKE_UP_FAILED, "generating authentication data failed");
+ SIG_IKE(UP_FAILED, "generating authentication data failed");
if (!this->initiator)
{
message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty);
@@ -377,7 +377,7 @@ static status_t build_auth_eap(private_ike_auth_t *this, message_t *message)
if (!this->initiator)
{
this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
- SIG(IKE_UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H",
+ SIG_IKE(UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H",
this->ike_sa->get_name(this->ike_sa),
this->ike_sa->get_my_host(this->ike_sa),
this->ike_sa->get_my_id(this->ike_sa),
@@ -411,7 +411,7 @@ static status_t process_auth_eap(private_ike_auth_t *this, message_t *message)
if (!this->peer_authenticated)
{
- SIG(IKE_UP_FAILED, "authentication of '%D' with %N failed",
+ SIG_IKE(UP_FAILED, "authentication of '%D' with %N failed",
this->ike_sa->get_other_id(this->ike_sa),
auth_method_names, AUTH_EAP);
if (this->initiator)
@@ -423,7 +423,7 @@ static status_t process_auth_eap(private_ike_auth_t *this, message_t *message)
if (this->initiator)
{
this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
- SIG(IKE_UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H",
+ SIG_IKE(UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H",
this->ike_sa->get_name(this->ike_sa),
this->ike_sa->get_my_host(this->ike_sa),
this->ike_sa->get_my_id(this->ike_sa),
@@ -444,7 +444,7 @@ static status_t process_eap_i(private_ike_auth_t *this, message_t *message)
eap = (eap_payload_t*)message->get_payload(message, EXTENSIBLE_AUTHENTICATION);
if (eap == NULL)
{
- SIG(IKE_UP_FAILED, "EAP payload missing");
+ SIG_IKE(UP_FAILED, "EAP payload missing");
return FAILED;
}
switch (this->eap_auth->process(this->eap_auth, eap, &eap))
@@ -460,7 +460,7 @@ static status_t process_eap_i(private_ike_auth_t *this, message_t *message)
return NEED_MORE;
default:
this->eap_payload = NULL;
- SIG(IKE_UP_FAILED, "failed to authenticate against '%D' using EAP",
+ SIG_IKE(UP_FAILED, "failed to authenticate against '%D' using EAP",
this->ike_sa->get_other_id(this->ike_sa));
return FAILED;
}
@@ -495,7 +495,7 @@ static status_t build_eap_r(private_ike_auth_t *this, message_t *message)
if (this->eap_payload == NULL)
{
- SIG(IKE_UP_FAILED, "EAP payload missing");
+ SIG_IKE(UP_FAILED, "EAP payload missing");
return FAILED;
}
@@ -510,7 +510,7 @@ static status_t build_eap_r(private_ike_auth_t *this, message_t *message)
this->public.task.process = (status_t(*)(task_t*,message_t*))process_auth_eap;
break;
default:
- SIG(IKE_UP_FAILED, "authentication of '%D' with %N failed",
+ SIG_IKE(UP_FAILED, "authentication of '%D' with %N failed",
this->ike_sa->get_other_id(this->ike_sa),
auth_method_names, AUTH_EAP);
status = FAILED;
@@ -625,7 +625,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message)
config = this->ike_sa->get_peer_cfg(this->ike_sa);
if (config == NULL)
{
- SIG(IKE_UP_FAILED, "no matching config found for '%D'...'%D'",
+ SIG_IKE(UP_FAILED, "no matching config found for '%D'...'%D'",
this->ike_sa->get_my_id(this->ike_sa),
this->ike_sa->get_other_id(this->ike_sa));
message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty);
@@ -649,7 +649,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message)
if (this->peer_authenticated)
{
this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
- SIG(IKE_UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H",
+ SIG_IKE(UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H",
this->ike_sa->get_name(this->ike_sa),
this->ike_sa->get_my_host(this->ike_sa),
this->ike_sa->get_my_id(this->ike_sa),
@@ -665,7 +665,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message)
message->add_payload(message, (payload_t*)eap_payload);
if (status != NEED_MORE)
{
- SIG(IKE_UP_FAILED, "unable to initiate EAP authentication");
+ SIG_IKE(UP_FAILED, "unable to initiate EAP authentication");
return FAILED;
}
@@ -725,7 +725,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message)
{
if (type < 16383)
{
- SIG(IKE_UP_FAILED, "received %N notify error",
+ SIG_IKE(UP_FAILED, "received %N notify error",
notify_type_names, type);
iterator->destroy(iterator);
return FAILED;
@@ -757,12 +757,12 @@ static status_t process_i(private_ike_auth_t *this, message_t *message)
auth = this->ike_sa->get_other_auth(this->ike_sa);
if (!auth->complies(auth, config->get_auth(config)))
{
- SIG(IKE_UP_FAILED, "authorization of '%D' for config %s failed",
+ SIG_IKE(UP_FAILED, "authorization of '%D' for config %s failed",
this->ike_sa->get_other_id(this->ike_sa), config->get_name(config));
return FAILED;
}
this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
- SIG(IKE_UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H",
+ SIG_IKE(UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...[%D]%H",
this->ike_sa->get_name(this->ike_sa),
this->ike_sa->get_my_host(this->ike_sa),
this->ike_sa->get_my_id(this->ike_sa),
diff --git a/src/charon/sa/tasks/ike_init.c b/src/charon/sa/tasks/ike_init.c
index 5a94ca6c0..9c513b20f 100644
--- a/src/charon/sa/tasks/ike_init.c
+++ b/src/charon/sa/tasks/ike_init.c
@@ -230,14 +230,14 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
rng_t *rng;
this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
- SIG(IKE_UP_START, "initiating IKE_SA '%s' to %H",
+ SIG_IKE(UP_START, "initiating IKE_SA '%s' to %H",
this->ike_sa->get_name(this->ike_sa),
this->ike_sa->get_other_host(this->ike_sa));
this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
if (this->retry++ >= MAX_RETRIES)
{
- SIG(IKE_UP_FAILED, "giving up after %d retries", MAX_RETRIES);
+ SIG_IKE(UP_FAILED, "giving up after %d retries", MAX_RETRIES);
return FAILED;
}
@@ -248,7 +248,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
this->dh = lib->crypto->create_dh(lib->crypto, this->dh_group);
if (this->dh == NULL)
{
- SIG(IKE_UP_FAILED, "configured DH group %N not supported",
+ SIG_IKE(UP_FAILED, "configured DH group %N not supported",
diffie_hellman_group_names, this->dh_group);
return FAILED;
}
@@ -260,7 +260,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message)
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (!rng)
{
- SIG(IKE_UP_FAILED, "error generating nonce");
+ SIG_IKE(UP_FAILED, "error generating nonce");
return FAILED;
}
rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
@@ -295,7 +295,7 @@ static status_t process_r(private_ike_init_t *this, message_t *message)
rng_t *rng;
this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
- SIG(IKE_UP_START, "%H is initiating an IKE_SA",
+ SIG_IKE(UP_START, "%H is initiating an IKE_SA",
message->get_source(message));
this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
@@ -375,7 +375,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
if (this->proposal == NULL ||
this->other_nonce.len == 0 || this->my_nonce.len == 0)
{
- SIG(IKE_UP_FAILED, "received proposals inacceptable");
+ SIG_IKE(UP_FAILED, "received proposals inacceptable");
message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
return FAILED;
}
@@ -389,7 +389,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
&group, NULL))
{
- SIG(CHILD_UP_FAILED, "DH group %N inacceptable, requesting %N",
+ SIG_CHD(UP_FAILED, NULL, "DH group %N inacceptable, requesting %N",
diffie_hellman_group_names, this->dh_group,
diffie_hellman_group_names, group);
this->dh_group = group;
@@ -399,7 +399,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
}
else
{
- SIG(IKE_UP_FAILED, "no acceptable proposal found");
+ SIG_IKE(UP_FAILED, "no acceptable proposal found");
}
return FAILED;
}
@@ -429,7 +429,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
}
if (status != SUCCESS)
{
- SIG(IKE_UP_FAILED, "key derivation failed");
+ SIG_IKE(UP_FAILED, "key derivation failed");
message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
return FAILED;
}
@@ -504,7 +504,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
{
if (type < 16383)
{
- SIG(IKE_UP_FAILED, "received %N notify error",
+ SIG_IKE(UP_FAILED, "received %N notify error",
notify_type_names, type);
iterator->destroy(iterator);
return FAILED;
@@ -524,7 +524,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
if (this->proposal == NULL ||
this->other_nonce.len == 0 || this->my_nonce.len == 0)
{
- SIG(IKE_UP_FAILED, "peer's proposal selection invalid");
+ SIG_IKE(UP_FAILED, "peer's proposal selection invalid");
return FAILED;
}
@@ -532,7 +532,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
!this->proposal->has_dh_group(this->proposal, this->dh_group) ||
this->dh->get_shared_secret(this->dh, &secret) != SUCCESS)
{
- SIG(IKE_UP_FAILED, "peer's DH group selection invalid");
+ SIG_IKE(UP_FAILED, "peer's DH group selection invalid");
return FAILED;
}
@@ -561,7 +561,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
}
if (status != SUCCESS)
{
- SIG(IKE_UP_FAILED, "key derivation failed");
+ SIG_IKE(UP_FAILED, "key derivation failed");
return FAILED;
}
diff --git a/src/charon/sa/tasks/ike_me.c b/src/charon/sa/tasks/ike_me.c
index 43bafaaf3..9d0f37a45 100644
--- a/src/charon/sa/tasks/ike_me.c
+++ b/src/charon/sa/tasks/ike_me.c
@@ -461,7 +461,8 @@ static status_t process_i(private_ike_me_t *this, message_t *message)
this->ike_sa->set_server_reflexive_host(this->ike_sa, endpoint->clone(endpoint));
}
/* FIXME: what if it failed? e.g. AUTH failure */
- SIG(CHILD_UP_SUCCESS, "established mediation connection without CHILD_SA successfully");
+ SIG_CHD(UP_SUCCESS, NULL, "established mediation connection "
+ "without CHILD_SA successfully");
break;
}
@@ -641,7 +642,8 @@ static status_t build_r_ms(private_ike_me_t *this, message_t *message)
/* FIXME: we actually must delete any existing IKE_SAs with the same remote id */
this->ike_sa->act_as_mediation_server(this->ike_sa);
- SIG(CHILD_UP_SUCCESS, "established mediation connection without CHILD_SA successfully");
+ SIG_CHD(UP_SUCCESS, NULL, "established mediation connection "
+ "without CHILD_SA successfully");
break;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-20 14:33:36 +0000