From c7d30c2ad16d4855ade151dc96a9404a56a70c4e Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Tue, 24 Dec 2013 10:01:35 +0100
Subject: kernel-wfp: Show a warning for packets the kernel drops in its IPsec
 layers

---
 src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c')

diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
index d471a0010..1b73b59da 100644
--- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
+++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
@@ -1515,6 +1515,12 @@ static void event_callback(private_kernel_wfp_ipsec_t *this,
 		case FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE:
 		case FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE:
 		case FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP:
+			DBG1(DBG_KNL, "IPsec kernel drop: %R === %R, error 0x%08x, "
+				 "SPI 0x%08x, %s filterId %llu", local, remote,
+				 event->ipsecDrop->failureStatus, event->ipsecDrop->spi,
+				 event->ipsecDrop->direction ? "in" : "out",
+				 event->ipsecDrop->filterId);
+			break;
 		case FWPM_NET_EVENT_TYPE_IPSEC_DOSP_DROP:
 		default:
 			break;
-- 
cgit v1.2.3