10 files changed, 37 insertions, 17 deletions
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index c1b2bd458..ed09288dd 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -406,7 +406,7 @@ METHOD(bus_t, child_state_change, void,
 }
 
 METHOD(bus_t, message, void,
-	private_bus_t *this, message_t *message, bool incoming)
+	private_bus_t *this, message_t *message, bool incoming, bool plain)
 {
 	enumerator_t *enumerator;
 	ike_sa_t *ike_sa;
@@ -425,7 +425,7 @@ METHOD(bus_t, message, void,
 		}
 		entry->calling++;
 		keep = entry->listener->message(entry->listener, ike_sa,
-										message, incoming);
+										message, incoming, plain);
 		entry->calling--;
 		if (!keep)
 		{
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 07b334f29..a2cf41bba 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -235,10 +235,15 @@ struct bus_t {
 	/**
 	 * Message send/receive hook.
 	 *
+	 * The hook is invoked twice for each message: Once with plain, parsed data
+	 * and once encoded and encrypted.
+	 *
 	 * @param message	message to send/receive
 	 * @param incoming	TRUE for incoming messages, FALSE for outgoing
+	 * @param plain		TRUE if message is parsed and decrypted, FALSE it not
+	 * @param
 	 */
-	void (*message)(bus_t *this, message_t *message, bool incoming);
+	void (*message)(bus_t *this, message_t *message, bool incoming, bool plain);
 
 	/**
 	 * IKE_SA authorization hook.
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index efadea8c5..f04b20fdf 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -84,13 +84,17 @@ struct listener_t {
 	/**
 	 * Hook called for received/sent messages of an IKE_SA.
 	 *
+	 * The hook is invoked twice for each message: Once with plain, parsed data
+	 * and once encoded and encrypted.
+	 *
 	 * @param ike_sa	IKE_SA sending/receiving a message
 	 * @param message	message object
 	 * @param incoming	TRUE for incoming messages, FALSE for outgoing
+	 * @param plain		TRUE if message is parsed and decrypted, FALSE it not
 	 * @return			TRUE to stay registered, FALSE to unregister
 	 */
 	bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message,
-					bool incoming);
+					bool incoming, bool plain);
 
 	/**
 	 * Hook called with IKE_SA key material.
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_listener.c b/src/libcharon/plugins/duplicheck/duplicheck_listener.c
index 226b2bd4e..4f59e034f 100644
--- a/src/libcharon/plugins/duplicheck/duplicheck_listener.c
+++ b/src/libcharon/plugins/duplicheck/duplicheck_listener.c
@@ -176,9 +176,9 @@ METHOD(listener_t, ike_updown, bool,
 
 METHOD(listener_t, message_hook, bool,
 	private_duplicheck_listener_t *this, ike_sa_t *ike_sa,
-	message_t *message, bool incoming)
+	message_t *message, bool incoming, bool plain)
 {
-	if (incoming && !message->get_request(message))
+	if (incoming && plain && !message->get_request(message))
 	{
 		identification_t *id;
 		entry_t *entry;
diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c
index 8eed49778..30709c9eb 100644
--- a/src/libcharon/plugins/farp/farp_listener.c
+++ b/src/libcharon/plugins/farp/farp_listener.c
@@ -78,9 +78,9 @@ METHOD(listener_t, ike_updown, bool,
 
 METHOD(listener_t, message_hook, bool,
 	private_farp_listener_t *this, ike_sa_t *ike_sa,
-	message_t *message, bool incoming)
+	message_t *message, bool incoming, bool plain)
 {
-	if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
+	if (plain && ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
 		message->get_exchange_type(message) == IKE_AUTH &&
 		!message->get_request(message))
 	{
diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
index bee6e2a6d..b18cd6f11 100644
--- a/src/libcharon/plugins/ha/ha_ike.c
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -237,7 +237,8 @@ METHOD(listener_t, ike_state_change, bool,
 }
 
 METHOD(listener_t, message_hook, bool,
-	private_ha_ike_t *this, ike_sa_t *ike_sa, message_t *message, bool incoming)
+	private_ha_ike_t *this, ike_sa_t *ike_sa, message_t *message,
+	bool incoming, bool plain)
 {
 	if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
 	{	/* do not sync SA between nodes */
diff --git a/src/libcharon/plugins/led/led_listener.c b/src/libcharon/plugins/led/led_listener.c
index 4aae2abe5..9d6c5a63c 100644
--- a/src/libcharon/plugins/led/led_listener.c
+++ b/src/libcharon/plugins/led/led_listener.c
@@ -189,9 +189,9 @@ METHOD(listener_t, ike_state_change, bool,
 
 METHOD(listener_t, message_hook, bool,
 	private_led_listener_t *this, ike_sa_t *ike_sa,
-	message_t *message, bool incoming)
+	message_t *message, bool incoming, bool plain)
 {
-	if (incoming || message->get_request(message))
+	if (plain && (incoming || message->get_request(message)))
 	{
 		blink_activity(this);
 	}
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index cff7990f1..fd43cab68 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -904,6 +904,8 @@ METHOD(ike_sa_t, update_hosts, void,
 METHOD(ike_sa_t, generate_message, status_t,
 	private_ike_sa_t *this, message_t *message, packet_t **packet)
 {
+	status_t status;
+
 	if (message->is_encoded(message))
 	{	/* already done */
 		*packet = message->get_packet(message);
@@ -911,8 +913,13 @@ METHOD(ike_sa_t, generate_message, status_t,
 	}
 	this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
 	message->set_ike_sa_id(message, this->ike_sa_id);
-	charon->bus->message(charon->bus, message, FALSE);
-	return message->generate(message, this->keymat, packet);
+	charon->bus->message(charon->bus, message, FALSE, TRUE);
+	status = message->generate(message, this->keymat, packet);
+	if (status == SUCCESS)
+	{
+		charon->bus->message(charon->bus, message, FALSE, FALSE);
+	}
+	return status;
 }
 
 METHOD(ike_sa_t, set_kmaddress, void,
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 3e46266da..ac3824bc6 100755
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1045,6 +1045,7 @@ METHOD(task_manager_t, process_message, status_t,
 		 this->active_tasks->get_count(this->active_tasks)))
 	{
 		msg->set_request(msg, FALSE);
+		charon->bus->message(charon->bus, msg, TRUE, FALSE);
 		status = parse_message(this, msg);
 		if (status != SUCCESS)
 		{
@@ -1053,7 +1054,7 @@ METHOD(task_manager_t, process_message, status_t,
 		this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
 									time_monotonic(NULL));
 		this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
-		charon->bus->message(charon->bus, msg, TRUE);
+		charon->bus->message(charon->bus, msg, TRUE, TRUE);
 		if (process_response(this, msg) != SUCCESS)
 		{
 			flush(this);
@@ -1110,6 +1111,7 @@ METHOD(task_manager_t, process_message, status_t,
 		}
 
 		msg->set_request(msg, TRUE);
+		charon->bus->message(charon->bus, msg, TRUE, FALSE);
 		status = parse_message(this, msg);
 		if (status != SUCCESS)
 		{
@@ -1141,7 +1143,7 @@ METHOD(task_manager_t, process_message, status_t,
 						"charon.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT));
 		}
 		this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
-		charon->bus->message(charon->bus, msg, TRUE);
+		charon->bus->message(charon->bus, msg, TRUE, TRUE);
 		if (process_request(this, msg) != SUCCESS)
 		{
 			flush(this);
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 36252a81d..178cec6d6 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1036,6 +1036,7 @@ METHOD(task_manager_t, process_message, status_t,
 	status_t status;
 	u_int32_t mid;
 
+	charon->bus->message(charon->bus, msg, TRUE, FALSE);
 	status = parse_message(this, msg);
 	if (status != SUCCESS)
 	{
@@ -1087,7 +1088,7 @@ METHOD(task_manager_t, process_message, status_t,
 					this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
 				}
 			}
-			charon->bus->message(charon->bus, msg, TRUE);
+			charon->bus->message(charon->bus, msg, TRUE, TRUE);
 			if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
 			{	/* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
 				return SUCCESS;
@@ -1132,7 +1133,7 @@ METHOD(task_manager_t, process_message, status_t,
 					this->ike_sa->update_hosts(this->ike_sa, me, other, FALSE);
 				}
 			}
-			charon->bus->message(charon->bus, msg, TRUE);
+			charon->bus->message(charon->bus, msg, TRUE, TRUE);
 			if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
 			{	/* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
 				return SUCCESS;