added %P printf handler for poposal_t
authorMartin Willi <martin@strongswan.org>
Thu, 12 Jun 2008 11:42:19 +0000 (11:42 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 12 Jun 2008 11:42:19 +0000 (11:42 -0000)
added some proposal selection debugging code

src/charon/config/child_cfg.c
src/charon/config/ike_cfg.c
src/charon/config/proposal.c
src/charon/config/proposal.h
src/charon/daemon.c

index 33dd73c..add831c 100644 (file)
@@ -193,6 +193,9 @@ static proposal_t* select_proposal(private_child_cfg_t*this,
                        selected = stored->select(stored, supplied);
                        if (selected)
                        {
+                               DBG2(DBG_CFG, "received proposals: %#P", proposals);
+                               DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
+                               DBG2(DBG_CFG, "selected proposal: %P", selected);
                                break;
                        }
                }
@@ -206,6 +209,11 @@ static proposal_t* select_proposal(private_child_cfg_t*this,
        }
        stored_enum->destroy(stored_enum);
        supplied_enum->destroy(supplied_enum);
+       if (selected == NULL)
+       {
+               DBG1(DBG_CFG, "received proposals: %#P", proposals);
+               DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
+       }
        return selected;
 }
 
index 36f8414..7a84575 100644 (file)
@@ -20,6 +20,8 @@
 
 #include <string.h>
 
+#include <daemon.h>
+
 
 typedef struct private_ike_cfg_t private_ike_cfg_t;
 
@@ -136,6 +138,7 @@ static proposal_t *select_proposal(private_ike_cfg_t *this,
        stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
        supplied_iter = proposals->create_iterator(proposals, TRUE);
        
+       
        /* compare all stored proposals with all supplied. Stored ones are preferred.*/
        while (stored_iter->iterate(stored_iter, (void**)&stored))
        {
@@ -149,6 +152,9 @@ static proposal_t *select_proposal(private_ike_cfg_t *this,
                                /* they match, return */
                                stored_iter->destroy(stored_iter);
                                supplied_iter->destroy(supplied_iter);
+                               DBG2(DBG_CFG, "received proposals: %#P", proposals);
+                               DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
+                               DBG2(DBG_CFG, "selected proposal: %P", selected);
                                return selected;
                        }
                }
@@ -156,6 +162,8 @@ static proposal_t *select_proposal(private_ike_cfg_t *this,
        /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
        stored_iter->destroy(stored_iter);
        supplied_iter->destroy(supplied_iter);
+       DBG1(DBG_CFG, "received proposals: %#P", proposals);
+       DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
        
        return NULL;
 }
index d203f06..043bbba 100644 (file)
@@ -47,8 +47,8 @@ ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS,
 ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
 
 ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
-       "NO_EXT_SEQ_NUMBERS",
-       "EXT_SEQ_NUMBERS",
+       "NO_EXT_SEQ",
+       "EXT_SEQ",
 );
 
 typedef struct private_proposal_t private_proposal_t;
@@ -348,79 +348,57 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
        selected = proposal_create(this->protocol);
        
        /* select encryption algorithm */
-       if (select_algo(this->encryption_algos, other->encryption_algos, &add, &algo, &key_size))
+       if (select_algo(this->encryption_algos, other->encryption_algos,
+                                       &add, &algo, &key_size))
        {
                if (add)
                {
-                       selected->add_algorithm(selected, ENCRYPTION_ALGORITHM, algo, key_size);
+                       selected->add_algorithm(selected, ENCRYPTION_ALGORITHM,
+                                                                       algo, key_size);
                }
        }
        else
        {
-               enumerator_t *e;
-               algorithm_t *alg;
-
                selected->destroy(selected);
-               DBG2(DBG_CFG, "  no acceptable ENCRYPTION_ALGORITHM found");
-               DBG2(DBG_CFG, "  list of received ENCRYPTION_ALGORITHM proposals:");
-               e = other->encryption_algos->create_enumerator(other->encryption_algos);
-               while (e->enumerate(e, &alg))
-               {
-                       DBG2(DBG_CFG, "  %N-%d", encryption_algorithm_names,
-                                                                        alg->algorithm, alg->key_size);
-               }
-               e->destroy(e);
+               DBG2(DBG_CFG, "  no acceptable %N found",
+                        transform_type_names, ENCRYPTION_ALGORITHM);
                return NULL;
        }
        /* select integrity algorithm */
        if (!is_authenticated_encryption(algo))
        {
-               if (select_algo(this->integrity_algos, other->integrity_algos, &add, &algo, &key_size))
+               if (select_algo(this->integrity_algos, other->integrity_algos,  
+                                               &add, &algo, &key_size))
                {
                        if (add)
                        {
-                               selected->add_algorithm(selected, INTEGRITY_ALGORITHM, algo, key_size);
+                               selected->add_algorithm(selected, INTEGRITY_ALGORITHM,
+                                                                               algo, key_size);
                        }
                }
                else
                {
-                       enumerator_t *e;
-                       algorithm_t *alg;
-
                        selected->destroy(selected);
-                       DBG2(DBG_CFG, "  no acceptable INTEGRITY_ALGORITHM found");
-                       DBG2(DBG_CFG, "  list of received INTEGRITY_ALGORITHM proposals:");
-                       e = other->integrity_algos->create_enumerator(other->integrity_algos);
-                       while (e->enumerate(e, &alg))
-                       {
-                               DBG2(DBG_CFG, "  %N", integrity_algorithm_names, alg->algorithm);
-                       }
-                       e->destroy(e);
+                       DBG2(DBG_CFG, "  no acceptable %N found",
+                                transform_type_names, INTEGRITY_ALGORITHM);
                        return NULL;
                }
        }
        /* select prf algorithm */
-       if (select_algo(this->prf_algos, other->prf_algos, &add, &algo, &key_size))
+       if (select_algo(this->prf_algos, other->prf_algos,
+                                       &add, &algo, &key_size))
        {
                if (add)
                {
-                       selected->add_algorithm(selected, PSEUDO_RANDOM_FUNCTION, algo, key_size);
+                       selected->add_algorithm(selected, PSEUDO_RANDOM_FUNCTION,
+                                                                       algo, key_size);
                }
        }
        else
        {
-               enumerator_t *e;
-               algorithm_t *alg;
-
                selected->destroy(selected);
-               DBG2(DBG_CFG, "  no acceptable PSEUDO_RANDOM_FUNCTION found");
-               DBG2(DBG_CFG, "  list of received PSEUDO_RANDOM_FUNCTION proposals:");
-               e = other->prf_algos->create_enumerator(other->prf_algos);
-               while (e->enumerate(e, &alg))
-               {
-                       DBG2(DBG_CFG, "  %N", pseudo_random_function_names, alg->algorithm);
-               }
-               e->destroy(e);
+               DBG2(DBG_CFG, "  no acceptable %N found",
+                        transform_type_names, PSEUDO_RANDOM_FUNCTION);
                return NULL;
        }
        /* select a DH-group */
@@ -433,18 +411,9 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
        }
        else
        {
-               enumerator_t *e;
-               algorithm_t *alg;
-
                selected->destroy(selected);
-               DBG2(DBG_CFG, "  no acceptable DIFFIE_HELLMAN_GROUP found");
-               DBG2(DBG_CFG, "  list of received DIFFIE_HELLMAN_GROUP proposals:");
-               e = other->dh_groups->create_enumerator(other->dh_groups);
-               while (e->enumerate(e, &alg))
-               {
-                       DBG2(DBG_CFG, "  %N", diffie_hellman_group_names, alg->algorithm);
-               }
-               e->destroy(e);
+               DBG2(DBG_CFG, "  no acceptable %N found",
+                        transform_type_names, DIFFIE_HELLMAN_GROUP);
                return NULL;
        }
        /* select if we use ESNs */
@@ -458,7 +427,8 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
        else
        {
                selected->destroy(selected);
-               DBG2(DBG_CFG, "  no acceptable EXTENDED_SEQUENCE_NUMBERS found");
+               DBG2(DBG_CFG, "  no acceptable %N found",
+                        transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
                return NULL;
        }
        DBG2(DBG_CFG, "  proposal matches");
@@ -605,7 +575,8 @@ static void check_proposal(private_proposal_t *this)
        {
                /* if all encryption algorithms in the proposal are authenticated encryption
                 * algorithms we MUST NOT propose any integrity algorithms */
-               while (this->integrity_algos->remove_last(this->integrity_algos, (void**)&alg) == SUCCESS)
+               while (this->integrity_algos->remove_last(this->integrity_algos,
+                                                                                                 (void**)&alg) == SUCCESS)
                {
                        free(alg);
                }
@@ -646,15 +617,18 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
                                {
                                        case   8: /* octets */
                                        case  64: /* bits */
-                                               add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, key_size);
+                                               add_algorithm(this, ENCRYPTION_ALGORITHM,
+                                                                         ENCR_AES_CCM_ICV8, key_size);
                                                break;
                                        case  12: /* octets */
                                        case  96: /* bits */
-                                               add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, key_size);
+                                               add_algorithm(this, ENCRYPTION_ALGORITHM,
+                                                                         ENCR_AES_CCM_ICV12, key_size);
                                                break;
                                        case  16: /* octets */
                                        case 128: /* bits */
-                                               add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, key_size);
+                                               add_algorithm(this, ENCRYPTION_ALGORITHM,
+                                                                         ENCR_AES_CCM_ICV16, key_size);
                                                break;
                                        default:
                                                /* invalid ICV size */
@@ -675,15 +649,18 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
                                {
                                        case   8: /* octets */
                                        case  64: /* bits */
-                                               add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, key_size);
+                                               add_algorithm(this, ENCRYPTION_ALGORITHM,
+                                                                         ENCR_AES_GCM_ICV8, key_size);
                                                break;
                                        case  12: /* octets */
                                        case  96: /* bits */
-                                               add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, key_size);
+                                               add_algorithm(this, ENCRYPTION_ALGORITHM,
+                                                                         ENCR_AES_GCM_ICV12, key_size);
                                                break;
                                        case  16: /* octets */
                                        case 128: /* bits */
-                                               add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, key_size);
+                                               add_algorithm(this, ENCRYPTION_ALGORITHM,
+                                                                         ENCR_AES_GCM_ICV16, key_size);
                                                break;
                                        default:
                                                /* invalid ICV size */
@@ -814,6 +791,109 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
 }
 
 /**
+ * print all algorithms of a kind to stream
+ */
+static int print_alg(private_proposal_t *this, FILE *stream, u_int kind,
+                                        void *names, bool *first)
+{
+       enumerator_t *enumerator;
+       size_t written = 0;
+       u_int16_t alg, size;
+       
+       enumerator = create_enumerator(this, kind);
+       while (enumerator->enumerate(enumerator, &alg, &size))
+       {
+               if (*first)
+               {
+                       written += fprintf(stream, "%N", names, alg);
+                       *first = FALSE;
+               }
+               else
+               {
+                       written += fprintf(stream, "/%N", names, alg);
+               }
+               if (size)
+               {
+                       written += fprintf(stream, "-%d", size);
+               }
+       }
+       enumerator->destroy(enumerator);
+       return written;
+}
+
+/**
+ * output handler in printf()
+ */
+static int print(FILE *stream, const struct printf_info *info,
+                                const void *const *args)
+{
+       private_proposal_t *this = *((private_proposal_t**)(args[0]));
+       linked_list_t *list = *((linked_list_t**)(args[0]));
+       enumerator_t *enumerator;
+       size_t written = 0;
+       bool first = TRUE;
+       
+       if (this == NULL)
+       {
+               return fprintf(stream, "(null)");
+       }
+       
+       if (info->alt)
+       {
+               enumerator = list->create_enumerator(list);
+               while (enumerator->enumerate(enumerator, &this))
+               {       /* call recursivly */
+                       if (first)
+                       {
+                               written += fprintf(stream, "%P", this);
+                               first = FALSE;
+                       }
+                       else
+                       {
+                               written += fprintf(stream, ", %P", this);
+                       }
+               }
+               enumerator->destroy(enumerator);
+               return written;
+       }
+       
+       written = fprintf(stream, "%N:", protocol_id_names, this->protocol);
+       written += print_alg(this, stream, ENCRYPTION_ALGORITHM,
+                                                encryption_algorithm_names, &first);
+       written += print_alg(this, stream, INTEGRITY_ALGORITHM,
+                                                integrity_algorithm_names, &first);
+       written += print_alg(this, stream, PSEUDO_RANDOM_FUNCTION,
+                                                pseudo_random_function_names, &first);
+       written += print_alg(this, stream, DIFFIE_HELLMAN_GROUP,
+                                                diffie_hellman_group_names, &first);
+       written += print_alg(this, stream, EXTENDED_SEQUENCE_NUMBERS,
+                                                extended_sequence_numbers_names, &first);
+       return written;
+}
+
+/**
+ * arginfo handler for printf() proposal
+ */
+static int arginfo(const struct printf_info *info, size_t n, int *argtypes)
+{
+       if (n > 0)
+       {
+               argtypes[0] = PA_POINTER;
+       }
+       return 1;
+}
+
+/**
+ * return printf hook functions for a proposal
+ */
+printf_hook_functions_t proposal_get_printf_hooks()
+{
+       printf_hook_functions_t hooks = {print, arginfo};
+       
+       return hooks;
+}
+
+/**
  * Implements proposal_t.destroy.
  */
 static void destroy(private_proposal_t *this)
@@ -873,18 +953,18 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
                        add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_AES_CBC,         256);
                        add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_3DES,              0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_AES_XCBC_96,       0);
-                       add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA2_256_128,     0);
+                       add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA2_256_128, 0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA1_96,      0);
                        add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_MD5_96,       0);
-                       add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA2_384_192,     0);
-                       add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA2_512_256,     0);
+                       add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA2_384_192, 0);
+                       add_algorithm(this, INTEGRITY_ALGORITHM,    AUTH_HMAC_SHA2_512_256, 0);
                        add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC,        0);
                        add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256,      0);
                        add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1,          0);
                        add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5,           0);
                        add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384,      0);
                        add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512,      0);
-                       add_algorithm(this, DIFFIE_HELLMAN_GROUP,   MODP_2048_BIT,                  0);
+                       add_algorithm(this, DIFFIE_HELLMAN_GROUP,   MODP_2048_BIT,          0);
                        add_algorithm(this, DIFFIE_HELLMAN_GROUP,   MODP_1536_BIT,          0);
                        add_algorithm(this, DIFFIE_HELLMAN_GROUP,   MODP_1024_BIT,          0);
                        add_algorithm(this, DIFFIE_HELLMAN_GROUP,   MODP_4096_BIT,          0);
index 8a05a0c..08e8b8c 100644 (file)
@@ -232,4 +232,14 @@ proposal_t *proposal_create_default(protocol_id_t protocol);
  */
 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs);
 
+/**
+ * Get printf hooks for a proposal.
+ *
+ * Arguments are: 
+ *    proposal_t *proposal
+ * With the #-specifier, arguments are:
+ *    linked_list_t *list containing proposal_t*
+ */
+printf_hook_functions_t proposal_get_printf_hooks();
+
 #endif /* PROPOSAL_H_ @} */
index ad46c2e..1ab8810 100644 (file)
@@ -43,6 +43,7 @@
 
 #include <library.h>
 #include <config/traffic_selector.h>
+#include <config/proposal.h>
 
 /* on some distros, a capset definition is missing */
 #ifdef NO_CAPSET_DEFINED
@@ -559,6 +560,8 @@ int main(int argc, char *argv[])
        library_init(STRONGSWAN_CONF);
        lib->printf_hook->add_handler(lib->printf_hook, 'R',
                                                                  traffic_selector_get_printf_hooks());
+       lib->printf_hook->add_handler(lib->printf_hook, 'P',
+                                                                 proposal_get_printf_hooks());
        private_charon = daemon_create();
        charon = (daemon_t*)private_charon;