- code cleaned up
authorJan Hutter <jhutter@hsr.ch>
Wed, 7 Dec 2005 09:03:34 +0000 (09:03 -0000)
committerJan Hutter <jhutter@hsr.ch>
Wed, 7 Dec 2005 09:03:34 +0000 (09:03 -0000)
Source/charon/sa/authenticator.c
Source/charon/sa/authenticator.h
Source/charon/sa/child_sa.h
Source/charon/sa/ike_sa.c
Source/charon/sa/ike_sa.h
Source/charon/sa/ike_sa_manager.c
Source/charon/sa/ike_sa_manager.h
Source/charon/utils/logger.c

index b86cac3..7d40c78 100644 (file)
@@ -1,7 +1,7 @@
 /**
  * @file authenticator.c
  *
- * @brief Implementation of authenticator.
+ * @brief Implementation of authenticator_t.
  *
  */
 
@@ -35,6 +35,7 @@
  */
 #define IKE_V2_KEY_PAD_LEN strlen(IKE_V2_KEY_PAD)
 
+
 typedef struct private_authenticator_t private_authenticator_t;
 
 /**
@@ -65,7 +66,7 @@ struct private_authenticator_t {
        logger_t *logger;
        
        /**
-        * Creates the octets which are signed (RSA) or MACed (shared secret) as described in section 
+        * @brief Creates the octets which are signed (RSA) or MACed (shared secret) as described in section 
         * 2.15 of draft.
         * 
         * @param this                          calling object
@@ -77,10 +78,14 @@ struct private_authenticator_t {
         * @return                                      octets as described in section 2.15. Memory gets allocated and has to get 
         *                                                      destroyed by caller.
         */
-       chunk_t (*allocate_octets) (private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator);
+       chunk_t (*allocate_octets) (private_authenticator_t *this,
+                                                               chunk_t last_message,
+                                                               chunk_t other_nonce,
+                                                               id_payload_t *my_id,
+                                                               bool initiator);
        
        /**
-        * Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
+        * @brief Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
         * 
         * @param this                          calling object
         * @param last_message          the last message
@@ -88,17 +93,28 @@ struct private_authenticator_t {
         * @param nonce                         Nonce data to include in auth data compution
         * @param id_payload            id_payload_t object representing an ID payload
         * @param initiator                     Type of peer. TRUE, if it is original initiator, FALSE otherwise
-        * @param shared_secret         shared secret as chunk_t. If shared secret is a string, the NULL termination is not included.
-        * @return                                      AUTH data as dscribed in section 2.15 for AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
+        * @param shared_secret         shared secret as chunk_t. If shared secret is a string,
+        *                                                      the NULL termination is not included.
+        * @return                                      AUTH data as dscribed in section 2.15 for 
+        *                                                      AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
         *                                                      Memory gets allocated and has to get destroyed by caller.
         */
-       chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret);
+       chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,
+                                                                                                                       chunk_t last_message,
+                                                                                                                       chunk_t nonce,
+                                                                                                                       id_payload_t *id_payload,
+                                                                                                                       bool initiator,
+                                                                                                                       chunk_t preshared_secret);
 };
 
 /**
  * Implementation of private_authenticator_t.allocate_octets.
  */
-static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator)
+static chunk_t allocate_octets(private_authenticator_t *this,
+                                                               chunk_t last_message, 
+                                                               chunk_t other_nonce,
+                                                               id_payload_t *my_id,
+                                                               bool initiator)
 {
        chunk_t id_chunk = my_id->get_data(my_id);
        u_int8_t id_with_header[4 + id_chunk.len];
@@ -148,7 +164,12 @@ static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_messag
 /**
  * Implementation of private_authenticator_t.allocate_auth_data_with_preshared_secret.
  */
-static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret)
+static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,
+                                                                                                                       chunk_t last_message,
+                                                                                                                       chunk_t nonce,
+                                                                                                                       id_payload_t *id_payload,
+                                                                                                                       bool initiator,
+                                                                                                                       chunk_t preshared_secret)
 {
        chunk_t key_pad = {ptr: IKE_V2_KEY_PAD, len:IKE_V2_KEY_PAD_LEN};
        u_int8_t key_buffer[this->prf->get_block_size(this->prf)];
@@ -174,7 +195,12 @@ static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t
 /**
  * Implementation of authenticator_t.verify_auth_data.
  */
-static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload,bool initiator)
+static status_t verify_auth_data (private_authenticator_t *this,
+                                                                       auth_payload_t *auth_payload,
+                                                                       chunk_t last_received_packet,
+                                                                       chunk_t my_nonce,
+                                                                       id_payload_t *other_id_payload,
+                                                                       bool initiator)
 {
        switch(auth_payload->get_auth_method(auth_payload))
        {
@@ -185,14 +211,21 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *
                        chunk_t preshared_secret;
                        status_t status;
                                                
-                       status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,other_id,&preshared_secret);
+                       status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,
+                                                                                                                                               other_id,
+                                                                                                                                               &preshared_secret);
                        other_id->destroy(other_id);
                        if (status != SUCCESS)
                        {
                                return status;  
                        }
                        
-                       chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,last_received_packet,my_nonce,other_id_payload,initiator,preshared_secret);
+                       chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,
+                                                                                                                                                                       last_received_packet,
+                                                                                                                                                                       my_nonce,
+                                                                                                                                                                       other_id_payload,
+                                                                                                                                                                       initiator,
+                                                                                                                                                                       preshared_secret);
                        
                        if (auth_data.len != my_auth_data.len)
                        {
@@ -219,7 +252,9 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *
                        
                        auth_data = auth_payload->get_data(auth_payload);
                        
-                       status = charon->configuration_manager->get_rsa_public_key(charon->configuration_manager, other_id, &public_key);
+                       status = charon->configuration_manager->get_rsa_public_key(charon->configuration_manager,
+                                                                                                                                               other_id,
+                                                                                                                                               &public_key);
                        other_id->destroy(other_id);
                        if (status != SUCCESS)
                        {
@@ -243,7 +278,12 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *
 /**
  * Implementation of authenticator_t.compute_auth_data.
  */
-static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload,bool initiator)
+static status_t compute_auth_data (private_authenticator_t *this,
+                                                                       auth_payload_t **auth_payload,
+                                                                       chunk_t last_sent_packet,
+                                                                       chunk_t other_nonce,
+                                                                       id_payload_t *my_id_payload,
+                                                                       bool initiator)
 {
        sa_config_t *sa_config = this->ike_sa->get_sa_config(this->ike_sa);
        
@@ -255,7 +295,9 @@ static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t
                        chunk_t preshared_secret;
                        status_t status;                
 
-                       status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,my_id,&preshared_secret);
+                       status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,
+                                                                                                                                               my_id,
+                                                                                                                                               &preshared_secret);
 
                        my_id->destroy(my_id);
                        if (status != SUCCESS)
@@ -263,7 +305,12 @@ static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t
                                return status;  
                        }
                        
-                       chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,last_sent_packet,other_nonce,my_id_payload,initiator,preshared_secret);
+                       chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,
+                                                                                                                                                               last_sent_packet,
+                                                                                                                                                               other_nonce,
+                                                                                                                                                               my_id_payload,
+                                                                                                                                                               initiator,
+                                                                                                                                                               preshared_secret);
 
                        *auth_payload = auth_payload_create();
                        (*auth_payload)->set_auth_method((*auth_payload),SHARED_KEY_MESSAGE_INTEGRITY_CODE);
@@ -279,7 +326,9 @@ static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t
                        status_t status;
                        chunk_t octets, auth_data;
                        
-                       status = charon->configuration_manager->get_rsa_private_key(charon->configuration_manager, my_id, &private_key);
+                       status = charon->configuration_manager->get_rsa_private_key(charon->configuration_manager,
+                                                                                                                                               my_id,
+                                                                                                                                               &private_key);
                        my_id->destroy(my_id);
                        if (status != SUCCESS)
                        {
index 64cb1d6..0154652 100644 (file)
 #define _AUTHENTICATOR_H_
 
 #include <types.h>
+#include <sa/ike_sa.h>
+#include <network/packet.h>
 #include <encoding/payloads/auth_payload.h>
 #include <encoding/payloads/id_payload.h>
-#include <network/packet.h>
-#include <sa/ike_sa.h>
 
 
 typedef struct authenticator_t authenticator_t;
 
 /**
- * @brief Class authenticator_t. Used to authenticate a peer.
+ * @brief Class used to authenticate a peer.
  * 
  * Currently the following two AUTH methods are supported:
  *  - SHARED_KEY_MESSAGE_INTEGRITY_CODE
@@ -41,7 +41,10 @@ typedef struct authenticator_t authenticator_t;
  * 
  * This class retrieves needed data for specific AUTH methods (RSA keys, shared secrets, etc.)
  * over an internal stored protected_ike_sa_t object or directly from the configuration_manager_t over
- * the daemon_t object charon.
+ * the daemon_t object "charon".
+ * 
+ * @b Constructors:
+ *  - authenticator_create()
  * 
  * @ingroup sa
  */
@@ -55,18 +58,21 @@ struct authenticator_t {
         * - the nonce value sent to the other peer
         * - the ID payload of the other peer
         *
-        * @param this                                  authenticator_t object
+        * @param this                                  calling object
         * @param last_received_packet  binary representation of the last received IKEv2-Message
-        * @param my_nonce                              The sent nonce (without payload header)
-        * @param other_id_payload              The ID payload received from other peer
-        * @param initiator                             Type of other peer. TRUE, if it is original initiator, FALSE otherwise
+        * @param my_nonce                              the sent nonce (without payload header)
+        * @param other_id_payload              the ID payload received from other peer
+        * @param initiator                             type of other peer. TRUE, if it is original initiator, FALSE otherwise
+        * 
+        * @todo Document RSA error status types
         * 
         * @return
-        *                                                              - SUCCESS if verification could be processed (does not mean the data could be verified)
+        *                                                              - SUCCESS if verification could be processed
+        *                                                                      (does not mean the data could be verified)
         *                                                              - FAILED if verification failed
         *                                                              - NOT_SUPPORTED if AUTH method not supported
-        *                                                              - NOT_FOUND if the data for specific AUTH method could not be found (e.g. shared secret, rsa key)
-        *                                                              - TODO rsa errors!!
+        *                                                              - NOT_FOUND if the data for specific AUTH method could not be found 
+        *                                                                      (e.g. shared secret, rsa key)
         */
        status_t (*verify_auth_data) (authenticator_t *this,
                                                                        auth_payload_t *auth_payload, 
@@ -83,18 +89,19 @@ struct authenticator_t {
         * - the nonce value received from the other peer
         * - the ID payload of myself
         * 
-        * @param this                                  authenticator_t object
+        * @param this                                  calling object
         * @param[out] auth_payload             The object of typee auth_payload_t will be created at pointing location
         * @param last_sent_packet              binary representation of the last sent IKEv2-Message
-        * @param other_nonce                   The received nonce (without payload header)
-        * @param my_id_payload                 The ID payload going to send to other peer
-        * @param initiator                             Type of myself. TRUE, if I'm original initiator, FALSE otherwise
-
+        * @param other_nonce                   the received nonce (without payload header)
+        * @param my_id_payload                 the ID payload going to send to other peer
+        * @param initiator                             type of myself. TRUE, if I'm original initiator, FALSE otherwise
+        *
+        * @todo Document RSA error status types
+        * 
         * @return
         *                                                              - SUCCESS if authentication data could be computed
         *                                                              - NOT_SUPPORTED if AUTH method not supported
         *                                                              - NOT_FOUND if the data for AUTH method could not be found
-        *                                                              - TODO rsa errors!!
         */
        status_t (*compute_auth_data) (authenticator_t *this,
                                                                        auth_payload_t **auth_payload,
@@ -106,7 +113,7 @@ struct authenticator_t {
        /**
         * @brief Destroys a authenticator_t object.
         *
-        * @param this                  authenticator_t object
+        * @param this                  calling object
         */
        void (*destroy) (authenticator_t *this);
 };
@@ -116,13 +123,15 @@ struct authenticator_t {
  * 
  * @warning: The following functions of the assigned protected_ike_sa_t object 
  * must return a valid value:
- * - protected_ike_sa_t.get_sa_config
- * - protected_ike_sa_t.get_prf
- * - protected_ike_sa_t.get_logger
+ *  - protected_ike_sa_t.get_sa_config
+ *  - protected_ike_sa_t.get_prf
+ *  - protected_ike_sa_t.get_logger
  * This preconditions are not given in IKE_SA states INITIATOR_INIT or RESPONDER_INIT!
  * 
  * @param ike_sa               object of type protected_ike_sa_t
  * 
+ * @return                             authenticator_t object
+ * 
  * @ingroup sa
  */
 authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa);
index 3e8a6fe..593187d 100644 (file)
@@ -21,8 +21,8 @@
  */
 
 
-#ifndef CHILD_SA_H_
-#define CHILD_SA_H_
+#ifndef _CHILD_SA_H_
+#define _CHILD_SA_H_
 
 #include <types.h>
 #include <transforms/prf_plus.h>
@@ -70,4 +70,4 @@ struct child_sa_t {
  */
 child_sa_t * child_sa_create(protocol_id_t protocol_id, prf_plus_t *prf_plus);
 
-#endif /*CHILD_SA_H_*/
+#endif /*_CHILD_SA_H_*/
index 3a4f831..063b1ec 100644 (file)
@@ -285,7 +285,8 @@ static status_t process_message (private_ike_sa_t *this, message_t *message)
        is_request = message->get_request(message);
        exchange_type = message->get_exchange_type(message);
 
-       this->logger->log(this->logger, CONTROL, "Process %s message of exchange type %s",(is_request) ? "REQUEST" : "RESPONSE",mapping_find(exchange_type_m,exchange_type));
+       this->logger->log(this->logger, CONTROL, "Process %s message of exchange type %s",
+                                         (is_request) ? "REQUEST" : "RESPONSE",mapping_find(exchange_type_m,exchange_type));
 
        message_id = message->get_message_id(message);
 
@@ -305,7 +306,9 @@ static status_t process_message (private_ike_sa_t *this, message_t *message)
                /* In a request, the message has to be this->message_id_in (other case is already handled) */
                if (message_id != this->message_id_in)
                {
-                       this->logger->log(this->logger, ERROR | LEVEL1, "Message request with message id %d received, but %d expected",message_id,this->message_id_in);
+                       this->logger->log(this->logger, ERROR | LEVEL1,
+                                                               "Message request with message id %d received, but %d expected",
+                                                               message_id,this->message_id_in);
                        return FAILED;
                }
        }
@@ -314,7 +317,9 @@ static status_t process_message (private_ike_sa_t *this, message_t *message)
                /* In a reply, the message has to be this->message_id_out -1 cause it is the reply to the last sent message*/
                if (message_id != (this->message_id_out - 1))
                {
-                       this->logger->log(this->logger, ERROR | LEVEL1, "Message reply with message id %d received, but %d expected",message_id,this->message_id_in);
+                       this->logger->log(this->logger, ERROR | LEVEL1,
+                                                               "Message reply with message id %d received, but %d expected",
+                                                               message_id,this->message_id_in);
                        return FAILED;
                }
        }
@@ -379,7 +384,10 @@ static ike_sa_id_t* get_id(private_ike_sa_t *this)
 /**
  * Implementation of protected_ike_sa_t.compute_secrets.
  */
-static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce)
+static void compute_secrets(private_ike_sa_t *this,
+                                                       chunk_t dh_shared_secret,
+                                                       chunk_t initiator_nonce,
+                                                       chunk_t responder_nonce)
 {
        u_int8_t ei_buffer[this->crypter_initiator->get_block_size(this->crypter_initiator)];
        chunk_t ei_key = {ptr: ei_buffer, len: sizeof(ei_buffer)};
@@ -454,10 +462,14 @@ static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chun
        this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", &(er_key));
        this->crypter_responder->set_key(this->crypter_responder,er_key);
 
-       prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pi_key));
+       prf_plus->allocate_bytes(prf_plus,
+                                                               this->crypter_responder->get_block_size(this->crypter_responder),
+                                                               &(this->secrets.pi_key));
        this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", &(this->secrets.pi_key));
        
-       prf_plus->allocate_bytes(prf_plus,this->crypter_responder->get_block_size(this->crypter_responder),&(this->secrets.pr_key));
+       prf_plus->allocate_bytes(prf_plus,
+                                                               this->crypter_responder->get_block_size(this->crypter_responder),
+                                                               &(this->secrets.pr_key));
        this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", &(this->secrets.pr_key));
        
        prf_plus->destroy(prf_plus);
@@ -619,11 +631,17 @@ static chunk_t get_key_pi (private_ike_sa_t *this)
  */
 static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_proposal_t *proposal)
 {
-       this->logger->log(this->logger, CONTROL|LEVEL1, "Going to create transform objects for proposal");
-       
-       this->logger->log(this->logger, CONTROL|LEVEL1, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m,proposal->encryption_algorithm),proposal->encryption_algorithm_key_length);
-       this->logger->log(this->logger, CONTROL|LEVEL1, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m,proposal->integrity_algorithm),proposal->integrity_algorithm_key_length);
-       this->logger->log(this->logger, CONTROL|LEVEL1, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m,proposal->pseudo_random_function),proposal->pseudo_random_function_key_length);
+       this->logger->log(this->logger, CONTROL|LEVEL2, "Going to create transform objects for proposal");
+       
+       this->logger->log(this->logger, CONTROL|LEVEL2, "Encryption algorithm: %s with keylength %d",
+                                               mapping_find(encryption_algorithm_m,proposal->encryption_algorithm),
+                                               proposal->encryption_algorithm_key_length);
+       this->logger->log(this->logger, CONTROL|LEVEL2, "Integrity algorithm: %s with keylength %d",
+                                               mapping_find(integrity_algorithm_m,proposal->integrity_algorithm),
+                                               proposal->integrity_algorithm_key_length);
+       this->logger->log(this->logger, CONTROL|LEVEL2, "PRF: %s with keylength %d",
+                                               mapping_find(pseudo_random_function_m,proposal->pseudo_random_function),
+                                               proposal->pseudo_random_function_key_length);
        
        if (this->prf != NULL)
        {
@@ -632,7 +650,8 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
        this->prf = prf_create(proposal->pseudo_random_function);
        if (this->prf == NULL)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "prf not supported!");
+               this->logger->log(this->logger, ERROR|LEVEL1, "PRF %s not supported!",
+                                                       mapping_find(pseudo_random_function_m,proposal->pseudo_random_function));
                return FAILED;
        }
        
@@ -640,10 +659,11 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
        {
                this->crypter_initiator->destroy(this->crypter_initiator);
        }
-       this->crypter_initiator = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length);
+       this->crypter_initiator = crypter_create(proposal->encryption_algorithm,
+                                                                                               proposal->encryption_algorithm_key_length);
        if (this->crypter_initiator == NULL)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "encryption algorithm %s not supported!",
+               this->logger->log(this->logger, ERROR|LEVEL1, "Encryption algorithm %s not supported!",
                                                  mapping_find(encryption_algorithm_m,proposal->encryption_algorithm));
                return FAILED;
        }
@@ -652,7 +672,8 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
        {
                this->crypter_responder->destroy(this->crypter_responder);
        }
-       this->crypter_responder = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length);
+       this->crypter_responder = crypter_create(proposal->encryption_algorithm,
+                                                                                               proposal->encryption_algorithm_key_length);
        /* check must not be done again */
        
        if (this->signer_initiator != NULL)
@@ -662,7 +683,8 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_prop
        this->signer_initiator = signer_create(proposal->integrity_algorithm);
        if (this->signer_initiator == NULL)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "integrity algorithm not supported!");
+               this->logger->log(this->logger, ERROR|LEVEL1, "Integrity algorithm %s not supported!",
+                                                       mapping_find(integrity_algorithm_m,proposal->integrity_algorithm));
                return FAILED;
        }
        
@@ -742,7 +764,9 @@ static status_t send_request (private_ike_sa_t *this,message_t * message)
                return FAILED;
        }
        
-       this->logger->log(this->logger, CONTROL|LEVEL2, "Add packet to global send queue");
+       this->logger->log(this->logger, CONTROL|LEVEL3,
+                                               "Add request packet with message id %d to global send queue",
+                                               this->message_id_out);
        charon->send_queue->add(charon->send_queue, packet);
        
        if (this->last_requested_message != NULL)
@@ -751,12 +775,13 @@ static status_t send_request (private_ike_sa_t *this,message_t * message)
                this->last_requested_message->destroy(this->last_requested_message);
        }       
 
-       this->logger->log(this->logger, CONTROL|LEVEL2, "replace last requested message with new one");
+       this->logger->log(this->logger, CONTROL|LEVEL3, "Replace last requested message with new one");
        this->last_requested_message = message;
        
        retransmit_job = retransmit_request_job_create(this->message_id_out,this->ike_sa_id);
        
-       status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,retransmit_job->get_retransmit_count(retransmit_job),&timeout);
+       status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,
+                                                                                               retransmit_job->get_retransmit_count(retransmit_job),&timeout);
        
        if (status != SUCCESS)
        {
@@ -770,7 +795,9 @@ static status_t send_request (private_ike_sa_t *this,message_t * message)
        }
        
        /* message counter can now be increased */
-       this->logger->log(this->logger, CONTROL|LEVEL2, "Increase message counter for outgoing messages from %d",this->message_id_out);
+       this->logger->log(this->logger, CONTROL|LEVEL3,
+                                               "Increase message counter for outgoing messages from %d",
+                                               this->message_id_out);
        this->message_id_out++;
        return SUCCESS; 
 }
@@ -785,7 +812,7 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
        
        if (message->get_message_id(message) != this->message_id_in)
        {
-               this->logger->log(this->logger, CONTROL|LEVEL2, "Message could not be sent cause id was not as expected");
+               this->logger->log(this->logger, ERROR, "Message could not be sent cause id was not as expected");
                return FAILED;  
        }
        
@@ -796,7 +823,9 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
                return FAILED;
        }
        
-       this->logger->log(this->logger, CONTROL|LEVEL2, "Add packet to global send queue");
+       this->logger->log(this->logger, CONTROL|LEVEL3,
+                                               "Add response packet with message id %d to global send queue",
+                                               this->message_id_in);
        charon->send_queue->add(charon->send_queue, packet);
        
        if (this->last_responded_message != NULL)
@@ -805,11 +834,11 @@ static status_t send_response (private_ike_sa_t *this,message_t * message)
                this->last_responded_message->destroy(this->last_responded_message);
        }
        
-       this->logger->log(this->logger, CONTROL|LEVEL2, "replace last responded message with new one");
+       this->logger->log(this->logger, CONTROL|LEVEL3, "Replace last responded message with new one");
        this->last_responded_message = message;
 
        /* message counter can now be increased */
-       this->logger->log(this->logger, CONTROL|LEVEL2, "Increase message counter for incoming messages");
+       this->logger->log(this->logger, CONTROL|LEVEL3, "Increase message counter for incoming messages");
        this->message_id_in++;
 
        return SUCCESS;
@@ -839,6 +868,9 @@ static message_t * get_last_requested_message (private_ike_sa_t *this)
        return this->last_requested_message;
 }
 
+/**
+ * Implementation of protected_ike_sa_t.get_state.
+ */
 static ike_sa_state_t get_state (private_ike_sa_t *this)
 {
        return this->current_state->get_state(this->current_state);
@@ -869,11 +901,16 @@ static void reset_message_buffers (private_ike_sa_t *this)
        this->last_replied_message_id = -1;
 }
 
+/**
+ * Implementation of protected_ike_sa_t.create_delete_established_ike_sa_job.
+ */
 static void create_delete_established_ike_sa_job (private_ike_sa_t *this,u_int32_t timeout)
 {
        job_t *delete_job;
 
-       this->logger->log(this->logger, CONTROL | LEVEL1, "Going to create job to delete established IKE_SA in %d ms", timeout);
+       this->logger->log(this->logger, CONTROL | LEVEL1,
+                                               "Going to create job to delete established IKE_SA in %d ms",
+                                               timeout);
 
        delete_job = (job_t *) delete_established_ike_sa_job_create(this->ike_sa_id);
        charon->event_queue->add_relative(charon->event_queue,delete_job, timeout);
@@ -890,7 +927,7 @@ static void destroy (private_ike_sa_t *this)
                                          this->ike_sa_id->is_initiator(this->ike_sa_id) ? "initiator" : "responder");
 
        /* destroy child sa's */
-       this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy all child_sa's");
+       this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy all child_sa's");
        while (this->child_sas->get_count(this->child_sas) > 0)
        {
                void *child_sa;
@@ -902,86 +939,86 @@ static void destroy (private_ike_sa_t *this)
        }
        this->child_sas->destroy(this->child_sas);
 
-       this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy secrets");
+       this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy secrets");
        allocator_free(this->secrets.d_key.ptr);
        allocator_free(this->secrets.pi_key.ptr);
        allocator_free(this->secrets.pr_key.ptr);
        
        if (this->crypter_initiator != NULL)
        {
-               this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy initiator crypter_t object");
+               this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy initiator crypter_t object");
                this->crypter_initiator->destroy(this->crypter_initiator);
        }
        
        if (this->crypter_responder != NULL)
        {
-               this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy responder crypter_t object");
+               this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy responder crypter_t object");
                this->crypter_responder->destroy(this->crypter_responder);
        }
        
        if (this->signer_initiator != NULL)
        {
-               this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy initiator signer_t object");
+               this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy initiator signer_t object");
                this->signer_initiator->destroy(this->signer_initiator);
        }
 
        if (this->signer_responder != NULL)
        {
-               this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy responder signer_t object");
+               this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy responder signer_t object");
                this->signer_responder->destroy(this->signer_responder);
        }
        
        if (this->prf != NULL)
        {
-               this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy prf_t object");
+               this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy prf_t object");
                this->prf->destroy(this->prf);
        }
        
        /* destroy ike_sa_id */
-       this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy ike_sa_id object");
+       this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy ike_sa_id object");
        this->ike_sa_id->destroy(this->ike_sa_id);
 
        /* destroy stored requested message */
        if (this->last_requested_message != NULL)
        {
-               this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy last requested message");
+               this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy last requested message");
                this->last_requested_message->destroy(this->last_requested_message);
        }
        
        /* destroy stored responded messages */
        if (this->last_responded_message != NULL)
        {
-               this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy last responded message");
+               this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy last responded message");
                this->last_responded_message->destroy(this->last_responded_message);
        }
        
        /* destroy stored host_t objects */
        if (this->me.host != NULL)
        {
-               this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy my host_t object");
+               this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy my host_t object");
                this->me.host->destroy(this->me.host);
        }
        
        /* destroy stored host_t objects */
        if (this->other.host != NULL)
        {
-               this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy other host_t object");
+               this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy other host_t object");
                this->other.host->destroy(this->other.host);
        }
                
        this->randomizer->destroy(this->randomizer);
 
-       this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy current state object");
+       this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy current state object");
        this->current_state->destroy(this->current_state);
        
-       this->logger->log(this->logger, CONTROL | LEVEL2, "Destroy logger of IKE_SA");
+       this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy logger of IKE_SA");
        charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
 
        allocator_free(this);
 }
 
 /*
- * Described in Header
+ * Described in header.
  */
 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 {
@@ -1057,10 +1094,12 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        /* at creation time, IKE_SA is in a initiator state */
        if (ike_sa_id->is_initiator(ike_sa_id))
        {
+               this->logger->log(this->logger, CONTROL | LEVEL2, "Create first state_t object of type INITIATOR_INIT");
                this->current_state = (state_t *) initiator_init_create(&(this->protected));
        }
        else
        {
+               this->logger->log(this->logger, CONTROL | LEVEL2, "Create first state_t object of type RESPONDER_INIT");
                this->current_state = (state_t *) responder_init_create(&(this->protected));
        }
        return &(this->protected.public);
index 5aecb21..3c5d0fa 100644 (file)
@@ -1,7 +1,7 @@
 /**
  * @file ike_sa.h
  *
- * @brief Interface of ike_sa_id_t.
+ * @brief Interface of ike_sa_t.
  *
  */
 
 #include <transforms/signers/signer.h>
 
 /**
- * Nonce size in bytes of all sent nonces
+ * Nonce size in bytes for nonces sending to other peer.
+ * 
+ * @warning Nonce size MUST be between 16 and 256 bytes.
  * 
  * @ingroup sa
  */
 #define NONCE_SIZE 16
 
+
 typedef struct ike_sa_t ike_sa_t;
 
 /**
- * @brief Class ike_sa_t. An object of this type is managed by an
- * ike_sa_manager_t object and represents an IKE_SA. Message processing
- * is split up in different states. They will handle all related things
- * for their state.
+ * @brief Class ike_sa_t representing an IKE_SA. 
+ * 
+ * An object of this type is managed by an ike_sa_manager_t object 
+ * and represents an IKE_SA. Message processing is split up in different states. 
+ * They will handle all related things for the state they represent.
  * 
  * @b Constructors:
  * - ike_sa_create()
@@ -58,11 +62,14 @@ typedef struct ike_sa_t ike_sa_t;
 struct ike_sa_t {
 
        /**
-        * @brief Processes a incoming IKEv2-Message of type message_t
+        * @brief Processes a incoming IKEv2-Message of type message_t.
         *
         * @param this ike_sa_t object object
         * @param[in] message message_t object to process
-        * @return SUCCESSFUL if succeeded, FAILED otherwise
+        * @return                              
+        *                                              - SUCCESS
+        *                                              - FAILED
+        *                                              - DELETE_ME if this IKE_SA MUST be deleted
         */
        status_t (*process_message) (ike_sa_t *this,message_t *message);
 
@@ -74,7 +81,7 @@ struct ike_sa_t {
         * @return                              
         *                                              - SUCCESS if initialization started
         *                                              - FAILED if in wrong state
-        *                                              - DELETE_ME if initialization faild and SA should be deleted
+        *                                              - DELETE_ME if initialization failed and IKE_SA MUST be deleted
         */
        status_t (*initialize_connection) (ike_sa_t *this, char *name);
        
@@ -91,8 +98,10 @@ struct ike_sa_t {
 
        /**
         * @brief Get the id of the SA.
+        * 
+        * Returned ike_sa_id_t object is not getting cloned!
         *
-        * @param this                  ike_sa_t object object
+        * @param this                  calling object
         * @return                              ike_sa's ike_sa_id_t
         */
        ike_sa_id_t* (*get_id) (ike_sa_t *this);
@@ -100,7 +109,7 @@ struct ike_sa_t {
        /**
         * @brief Get the state of type of associated state object.
         *
-        * @param this                  ike_sa_t object object
+        * @param this                  calling object
         * @return                              state of IKE_SA
         */
        ike_sa_state_t (*get_state) (ike_sa_t *this);
@@ -108,7 +117,7 @@ struct ike_sa_t {
        /**
         * @brief Destroys a ike_sa_t object.
         *
-        * @param this                  ike_sa_t object
+        * @param this                  calling object
         */
        void (*destroy) (ike_sa_t *this);
 };
@@ -117,27 +126,27 @@ struct ike_sa_t {
 typedef struct protected_ike_sa_t protected_ike_sa_t;
 
 /**
- * @brief Protected data of an ike_sa_t object.
+ * @brief Protected functions of an ike_sa_t object.
  * 
- * This members should only be accessed from 
- * the varius state classes.
+ * This members are only accessed out from 
+ * the various state_t implementations.
  * 
  * @ingroup sa
  */
 struct protected_ike_sa_t {
 
        /**
-        * Public part of a ike_sa_t object
+        * Public interface of an ike_sa_t object.
         */
        ike_sa_t public;
        
        /**
-        * Builds an empty IKEv2-Message and fills in default informations.
+        * @brief Build an empty IKEv2-Message and fills in default informations.
         * 
         * Depending on the type of message (request or response), the message id is 
         * either message_id_out or message_id_in.
         * 
-        * Used in every state.
+        * Used in state_t Implementation to build an empty IKEv2-Message.
         * 
         * @param this                          calling object
         * @param type                          exchange type of new message
@@ -147,17 +156,25 @@ struct protected_ike_sa_t {
        void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
 
        /**
-        * Initiate a new connection with given configuration name
+        * @brief Compute the shared secrets needed for encryption, signing, etc.
+        * 
+        * Preconditions:
+        *  - Call of function protected_ike_sa_t.create_transforms_from_proposal
         * 
         * @param this                          calling object
         * @param dh_shared_secret      shared secret of diffie hellman exchange
         * @param initiator_nonce       nonce of initiator
         * @param responder_nonce       nonce of responder
         */
-       void (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
+       void (*compute_secrets) (protected_ike_sa_t *this,
+                                                               chunk_t dh_shared_secret,
+                                                               chunk_t initiator_nonce,
+                                                               chunk_t responder_nonce);
        
        /**
-        * Gets the internal stored logger_t object for given ike_sa_t object.
+        * @brief Get the internal stored logger_t object for given ike_sa_t object.
+        * 
+        * @warning Returned logger_t object is original one and managed by this object.
         * 
         * @param this                          calling object
         * @return                                      pointer to the internal stored logger_t object
@@ -165,9 +182,7 @@ struct protected_ike_sa_t {
        logger_t *(*get_logger) (protected_ike_sa_t *this);
        
        /**
-        * Gets the internal stored init_config_t object.
-        * 
-        * Returned value has to get checked for NULL value!
+        * @brief Get the internal stored init_config_t object.
         * 
         * @param this                          calling object
         * @return                                      pointer to the internal stored init_config_t object
@@ -175,7 +190,7 @@ struct protected_ike_sa_t {
        init_config_t *(*get_init_config) (protected_ike_sa_t *this);
        
        /**
-        * Sets the internal init_config_t object.
+        * @brief Set the internal init_config_t object.
         * 
         * @param this                          calling object
         * @param init_config           object of type init_config_t
@@ -183,9 +198,7 @@ struct protected_ike_sa_t {
        void (*set_init_config) (protected_ike_sa_t *this,init_config_t *init_config);
        
        /**
-        * Gets the internal stored sa_config_t object.
-        * 
-        * Returned value has to get checked for NULL value!
+        * @brief Get the internal stored sa_config_t object.
         * 
         * @param this                          calling object
         * @return                                      pointer to the internal stored sa_config_t object
@@ -193,7 +206,7 @@ struct protected_ike_sa_t {
        sa_config_t *(*get_sa_config) (protected_ike_sa_t *this);
        
        /**
-        * Sets the internal sa_config_t object.
+        * @brief Set the internal sa_config_t object.
         * 
         * @param this                          calling object
         * @param sa_config                     object of type sa_config_t
@@ -201,7 +214,7 @@ struct protected_ike_sa_t {
        void (*set_sa_config) (protected_ike_sa_t *this,sa_config_t *sa_config);
 
        /**
-        * Gets the internal stored host_t object for my host.
+        * @brief Get the internal stored host_t object for my host.
         * 
         * @param this                          calling object
         * @return                                      pointer to the internal stored host_t object
@@ -209,7 +222,7 @@ struct protected_ike_sa_t {
        host_t *(*get_my_host) (protected_ike_sa_t *this);
 
        /**
-        * Gets the internal stored host_t object for other host.
+        * @brief Get the internal stored host_t object for other host.
         * 
         * @param this                          calling object
         * @return                                      pointer to the internal stored host_t object
@@ -217,7 +230,7 @@ struct protected_ike_sa_t {
        host_t *(*get_other_host) (protected_ike_sa_t *this);
        
        /**
-        * Sets the internal stored host_t object for my host.
+        * @brief Set the internal stored host_t object for my host.
         * 
         * Allready existing object gets destroyed. object gets not cloned!
         * 
@@ -227,7 +240,7 @@ struct protected_ike_sa_t {
        void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
 
        /**
-        * Sets the internal stored host_t object for other host.
+        * @brief Set the internal stored host_t object for other host.
         * 
         * Allready existing object gets destroyed. object gets not cloned!
         * 
@@ -237,8 +250,8 @@ struct protected_ike_sa_t {
        void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
        
        /**
-        * Creates all needed transform objects for given ike_sa_t using 
-        * the informations stored in a ike_proposal_t object
+        * @brief Create all needed transform objects for this IKE_SA using 
+        * the informations stored in a ike_proposal_t object.
         * 
         * Allready existing objects get destroyed.
         * 
@@ -249,11 +262,11 @@ struct protected_ike_sa_t {
        status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,ike_proposal_t * proposal);
        
        /**
-        * Sends the next request message.
+        * @brief Send the next request message.
         * 
         * Also the first retransmit job is created.
         * 
-        * Stored requested message gets destroyed. object gets not cloned!
+        * Last stored requested message gets destroyed. Object gets not cloned!
         * 
         * @param this                          calling object
         * @param message                       pointer to the message which should be sent
@@ -264,9 +277,9 @@ struct protected_ike_sa_t {
        status_t (*send_request) (protected_ike_sa_t *this,message_t * message);
 
        /**
-        * Sends the next response message.
+        * @brief Send the next response message.
         * 
-        * Stored responded message gets destroyed. object gets not cloned!
+        * Last stored responded message gets destroyed. Object gets not cloned!
         * 
         * @param this                          calling object
         * @param message                       pointer to the message which should be sent
@@ -277,7 +290,7 @@ struct protected_ike_sa_t {
        status_t (*send_response) (protected_ike_sa_t *this,message_t * message);
        
        /**
-        * Gets the internal stored randomizer_t object.
+        * @brief Get the internal stored randomizer_t object.
         * 
         * @param this                          calling object
         * @return                                      pointer to the internal randomizer_t object
@@ -285,10 +298,10 @@ struct protected_ike_sa_t {
        randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
        
        /**
-        * Sets the new state_t object of the IKE_SA object.
+        * @brief Set the new state_t object of the IKE_SA object.
         * 
         * The old state_t object gets not destroyed. It's the callers duty to 
-        * make sure old state is destroyed (Normally the old state is the caller ).
+        * make sure old state is destroyed (Normally the old state is the caller).
         * 
         * @param this                          calling object
         * @param state                         pointer to the new state_t object
@@ -296,7 +309,7 @@ struct protected_ike_sa_t {
        void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
        
        /**
-        * Sets the last replied message id.
+        * @brief Set the last replied message id.
         * 
         * @param this                          calling object
         * @param message_id            message id
@@ -304,7 +317,7 @@ struct protected_ike_sa_t {
        void (*set_last_replied_message_id) (protected_ike_sa_t *this,u_int32_t message_id);
        
        /**
-        * Gets the internal stored initiator crypter_t object.
+        * @brief Get the internal stored initiator crypter_t object.
         * 
         * @param this                          calling object
         * @return                                      pointer to crypter_t object
@@ -312,7 +325,7 @@ struct protected_ike_sa_t {
        crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this);
        
        /**
-        * Gets the internal stored initiator signer object.
+        * @brief Get the internal stored initiator signer_t object.
         * 
         * @param this                          calling object
         * @return                                      pointer to signer_t object
@@ -320,7 +333,7 @@ struct protected_ike_sa_t {
        signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
        
        /**
-        * Gets the internal stored responder crypter_t object.
+        * @brief Get the internal stored responder crypter_t object.
         * 
         * @param this                          calling object
         * @return                                      pointer to crypter_t object
@@ -328,7 +341,7 @@ struct protected_ike_sa_t {
        crypter_t *(*get_crypter_responder) (protected_ike_sa_t *this);
        
        /**
-        * Gets the internal stored responder signer object.
+        * @brief Get the internal stored responder signer object.
         * 
         * @param this                          calling object
         * @return                                      pointer to signer_t object
@@ -336,7 +349,7 @@ struct protected_ike_sa_t {
        signer_t *(*get_signer_responder) (protected_ike_sa_t *this);
        
        /**
-        * Gets the internal stored prf_t object.
+        * @brief Get the internal stored prf_t object.
         * 
         * @param this                          calling object
         * @return                                      pointer to prf_t object
@@ -344,7 +357,7 @@ struct protected_ike_sa_t {
        prf_t *(*get_prf) (protected_ike_sa_t *this);
        
        /**
-        * Gets the last responded message.
+        * @brief Get the last responded message.
         *  
         * @param this                          calling object
         * @return                                      
@@ -354,7 +367,7 @@ struct protected_ike_sa_t {
        message_t *(*get_last_responded_message) (protected_ike_sa_t *this);
        
        /**
-        * Gets the last requested message.
+        * @brief Get the last requested message.
         *  
         * @param this                          calling object
         * @return                                      
@@ -364,7 +377,7 @@ struct protected_ike_sa_t {
        message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
 
        /**
-        * Gets the Shared key SK_pr.
+        * @brief Get the Shared key SK_pr.
         * 
         * Returned value is not cloned!
         * 
@@ -374,25 +387,24 @@ struct protected_ike_sa_t {
        chunk_t (*get_key_pr) (protected_ike_sa_t *this);
        
        /**
-        * Gets the Shared key SK_pi.
+        * @brief Get the Shared key SK_pi.
         * 
         * Returned value is not cloned!
         * 
         * @param this                          calling object
-        * @return                                      SK_pr key
+        * @return                                      SK_pi key
         */
        chunk_t (*get_key_pi) (protected_ike_sa_t *this);
 
        /**
-        * Resets message id counters and does destroy stored received and sent messages.
+        * @brief Resets message counters and does destroy stored received and sent messages.
         * 
         * @param this                          calling object
         */     
        void (*reset_message_buffers) (protected_ike_sa_t *this);
        
        /**
-        * Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA.
-        * 
+        * @brief Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA.
         * 
         * @param this                          calling object
         * @param timeout                       timeout after the IKE_SA gets deleted
@@ -402,17 +414,15 @@ struct protected_ike_sa_t {
 };
 
 
-
 /**
- * Creates an ike_sa_t object with a specific ike_sa_id_t object
+ * @brief Creates an ike_sa_t object with a specific ID.
+ * 
+ * @warning the Content of internal ike_sa_id_t object can change over time
+ *                     e.g. when a IKE_SA_INIT has been finished.
  *
  * @param[in] ike_sa_id        ike_sa_id_t object to associate with new IKE_SA.
  *                                                     The object is internal getting cloned
  *                                                     and so has to be destroyed by the caller.
- *
- * @warning the Content of internal ike_sa_id_t object can change over time
- *                     e.g. when a IKE_SA_INIT has been finished.
- *
  * @return                                     ike_sa_t object
  * 
  * @ingroup sa
index 78a467d..0eec8ea 100644 (file)
@@ -39,41 +39,48 @@ typedef struct ike_sa_entry_t ike_sa_entry_t;
  */
 struct ike_sa_entry_t {
        /**
-        * destructor, also destroys ike_sa
+        * Destructor, also destroys associated ike_sa_t object.
         */
        status_t (*destroy) (ike_sa_entry_t *this);
+       
        /**
-        * Number of threads waiting for this ike_sa
+        * Number of threads waiting for this ike_sa_t object.
         */
        int waiting_threads;
+       
        /**
-        * condvar where threads can wait until it's free again
+        * Condvar where threads can wait until ike_sa_t object is free for use again.
         */
        pthread_cond_t condvar;
+       
        /**
-        * is this ike_sa currently checked out?
+        * Is this ike_sa currently checked out?
         */
        bool checked_out;
+       
        /**
         * Does this SA drives out new threads?
         */
        bool driveout_new_threads;
+       
        /**
         * Does this SA drives out waiting threads?
         */
        bool driveout_waiting_threads;
+       
        /**
-        * identifiaction of ike_sa (SPIs)
+        * Identifiaction of an IKE_SA (SPIs).
         */
        ike_sa_id_t *ike_sa_id;
+       
        /**
-        * the contained ike_sa
+        * The contained ike_sa_t object.
         */
        ike_sa_t *ike_sa;
 };
 
 /**
- * Implements ike_sa_entry_t.destroy.
+ * Implementation of ike_sa_entry_t.destroy.
  */
 static status_t ike_sa_entry_destroy(ike_sa_entry_t *this)
 {
@@ -85,12 +92,12 @@ static status_t ike_sa_entry_destroy(ike_sa_entry_t *this)
 }
 
 /**
- * @brief creates a new entry for the ike_sa list
+ * @brief Creates a new entry for the ike_sa_t list.
  *
  * This constructor additionaly creates a new and empty SA.
  *
- * @param ike_sa_id            the associated ike_sa_id_t, will be cloned
- * @return                             created entry, with ike_sa and ike_sa_id
+ * @param ike_sa_id            The associated ike_sa_id_t, will be cloned
+ * @return                             ike_sa_entry_t object
  */
 static ike_sa_entry_t *ike_sa_entry_create(ike_sa_id_t *ike_sa_id)
 {
@@ -116,36 +123,37 @@ static ike_sa_entry_t *ike_sa_entry_create(ike_sa_id_t *ike_sa_id)
        return this;
 }
 
+
 typedef struct private_ike_sa_manager_t private_ike_sa_manager_t;
 
 /**
- * Additional private members to ike_sa_manager_t
+ * Additional private members of ike_sa_manager_t.
  */
 struct private_ike_sa_manager_t {
        /**
-        * Public members
+        * Public interface of ike_sa_manager_t.
         */
         ike_sa_manager_t public;
 
        /**
-        * @brief get next spi
-        *
-        * we give out SPIs incremental.
+        * @brief Get next spi.
         *
+        * We give out SPIs incremental starting at 1.
+        * 
         * @param this                  the ike_sa_manager
         * @return                              the next spi
         */
        u_int64_t (*get_next_spi) (private_ike_sa_manager_t *this);
 
        /**
-        * @brief find the ike_sa_entry in the list by SPIs.
+        * @brief Find the ike_sa_entry_t object in the list by SPIs.
         *
         * This function simply iterates over the linked list. A hash-table
         * would be more efficient when storing a lot of IKE_SAs...
         *
-        * @param this                  the ike_sa_manager containing the list
+        * @param this                  calling object
         * @param ike_sa_id             id of the ike_sa, containing SPIs
-        * @param entry[out]    pointer to set to the found entry
+        * @param[out] entry    pointer to set to the found entry
         * @return                              
         *                                              - SUCCESS when found,
         *                                              - NOT_FOUND when no such ike_sa_id in list
@@ -153,14 +161,14 @@ struct private_ike_sa_manager_t {
         status_t (*get_entry_by_id) (private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, ike_sa_entry_t **entry);
 
         /**
-        * @brief find the ike_sa_entry in the list by pointer to SA.
+        * @brief Find the ike_sa_entry_t in the list by pointer to SA.
         *
         * This function simply iterates over the linked list. A hash-table
         * would be more efficient when storing a lot of IKE_SAs...
         *
-        * @param this                  the ike_sa_manager containing the list
-        * @param ike_sa                        pointer to the ike_sa
-        * @param entry[out]            pointer to set to the found entry
+        * @param this                  calling object
+        * @param ike_sa                pointer to the ike_sa
+        * @param[out] entry    pointer to set to the found entry
         * @return                              
         *                                              - SUCCESS when found,
         *                                              - NOT_FOUND when no such ike_sa_id in list
@@ -168,9 +176,9 @@ struct private_ike_sa_manager_t {
         status_t (*get_entry_by_sa) (private_ike_sa_manager_t *this, ike_sa_t *ike_sa, ike_sa_entry_t **entry);
         
         /**
-         * @brief delete an entry from the linked list
+         * @brief Felete an entry from the linked list.
          *
-         * @param this         the ike_sa_manager containing the list
+         * @param this                 calling object
          * @param entry                entry to delete
          * @return                             
          *                                     - SUCCESS when found,
@@ -179,28 +187,28 @@ struct private_ike_sa_manager_t {
         status_t (*delete_entry) (private_ike_sa_manager_t *this, ike_sa_entry_t *entry);
 
         /**
-         * lock for exclusivly accessing the manager
+         * Lock for exclusivly accessing the manager.
          */
         pthread_mutex_t mutex;
 
         /**
-         * Logger used for this IKE SA Manager
+         * Logger used for this IKE SA Manager.
          */
         logger_t *logger;
 
         /**
-         * Linked list with entries for the ike_sa
+         * Linked list with entries for the ike_sa_t objects.
          */
         linked_list_t *ike_sa_list;
         
         /**
-         * Next SPI, needed for incremental creation of SPIs
+         * Next SPI, needed for incremental creation of SPIs.
          */
         u_int64_t next_spi;
 };
 
 /**
- * Implements private_ike_sa_manager_t.get_entry_by_id.
+ * Implementation of private_ike_sa_manager_t.get_entry_by_id.
  */
 static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, ike_sa_entry_t **entry)
 {
@@ -256,7 +264,7 @@ static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike
 }
 
 /**
- * Implements private_ike_sa_manager_t.get_entry_by_sa.
+ * Implementation of private_ike_sa_manager_t.get_entry_by_sa.
  */
 static status_t get_entry_by_sa(private_ike_sa_manager_t *this, ike_sa_t *ike_sa, ike_sa_entry_t **entry)
 {
@@ -288,7 +296,7 @@ static status_t get_entry_by_sa(private_ike_sa_manager_t *this, ike_sa_t *ike_sa
 }
 
 /**
- * Implements private_ike_sa_manager_s.delete_entry.
+ * Implementation of private_ike_sa_manager_s.delete_entry.
  */
 static status_t delete_entry(private_ike_sa_manager_t *this, ike_sa_entry_t *entry)
 {
@@ -319,7 +327,7 @@ static status_t delete_entry(private_ike_sa_manager_t *this, ike_sa_entry_t *ent
 
 
 /**
- * Implements private_ike_sa_manager_t.get_next_spi.
+ * Implementation of private_ike_sa_manager_t.get_next_spi.
  */
 static u_int64_t get_next_spi(private_ike_sa_manager_t *this)
 {
@@ -333,7 +341,7 @@ static u_int64_t get_next_spi(private_ike_sa_manager_t *this)
 }
 
 /**
- * Implementation of ike_sa_manager.create_and_checkout.
+ * Implementation of of ike_sa_manager.create_and_checkout.
  */
 static void create_and_checkout(private_ike_sa_manager_t *this,ike_sa_t **ike_sa)
 {
@@ -363,7 +371,7 @@ static void create_and_checkout(private_ike_sa_manager_t *this,ike_sa_t **ike_sa
 }
 
 /**
- * Implementation of ike_sa_manager.checkout.
+ * Implementation of of ike_sa_manager.checkout.
  */
 static status_t checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, ike_sa_t **ike_sa)
 {
@@ -482,7 +490,7 @@ static status_t checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id,
 }
 
 /**
- * Implements ike_sa_manager_t.checkin.
+ * Implementation of ike_sa_manager_t.checkin.
  */
 static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
 {
@@ -519,7 +527,7 @@ static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
 
 
 /**
- * Implements ike_sa_manager_t.checkin_and_delete.
+ * Implementation of ike_sa_manager_t.checkin_and_delete.
  */
 static status_t checkin_and_delete(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
 {
@@ -564,7 +572,7 @@ static status_t checkin_and_delete(private_ike_sa_manager_t *this, ike_sa_t *ike
 }
 
 /**
- * Implements ike_sa_manager_t.delete.
+ * Implementation of ike_sa_manager_t.delete.
  */
 static status_t delete(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id)
 {
@@ -607,7 +615,7 @@ static status_t delete(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id)
 }
 
 /**
- * Implements ike_sa_manager_t.destroy.
+ * Implementation of ike_sa_manager_t.destroy.
  */
 static void destroy(private_ike_sa_manager_t *this)
 {
@@ -666,7 +674,7 @@ static void destroy(private_ike_sa_manager_t *this)
 }
 
 /*
- * Described in header
+ * Described in header.
  */
 ike_sa_manager_t *ike_sa_manager_create()
 {
index 0d99155..292271b 100644 (file)
@@ -20,8 +20,8 @@
  * for more details.
  */
 
-#ifndef IKE_SA_MANAGER_H_
-#define IKE_SA_MANAGER_H_
+#ifndef _IKE_SA_MANAGER_H_
+#define _IKE_SA_MANAGER_H_
 
 #include <types.h>
 #include <sa/ike_sa.h>
@@ -30,7 +30,7 @@
 typedef struct ike_sa_manager_t ike_sa_manager_t;
 
 /**
- * @brief The IKE_SA-Manager manages the IKE_SAs ;-).
+ * @brief The IKE_SA-Manager is responsible for managing all initiated and responded IKE_SA's.
  *
  * To avoid access from multiple threads, IKE_SAs must be checked out from
  * the manager, and checked in after usage. 
@@ -39,6 +39,8 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
  * @todo checking of double-checkouts from the same threads would be nice.
  * This could be done by comparing thread-ids via pthread_self()...
  * 
+ * @todo Managing of ike_sa_t objects in a hash table instead of linked list.
+ * 
  * @b Constructors:
  * - ike_sa_manager_create()
  * 
@@ -46,7 +48,7 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
  */
 struct ike_sa_manager_t {
        /**
-        * @brief Checkout an IKE_SA, create it when necesarry
+        * @brief Checkout an IKE_SA, create it when necesarry.
         * 
         * Checks out a SA by its ID. An SA will be created, when:
         * - Responder SPI is not set (when received an IKE_SA_INIT from initiator)
@@ -69,19 +71,16 @@ struct ike_sa_manager_t {
        /**
         * @brief Create and checkout an IKE_SA as original initator.
         * 
-        * Creates and checks out a SA as initiator. An SA will be created, when:
+        * Creates and checks out a SA as initiator.
         * Management of SPIs is the managers job, he will set it.
         * 
-        * @warning checking out two times without checking in will
-        * result in a deadlock!
-        * 
         * @param ike_sa_manager        the manager object
         * @param ike_sa[out]           checked out SA
         */
        void (*create_and_checkout) (ike_sa_manager_t* ike_sa_manager,ike_sa_t **ike_sa);
  
        /**
-        * @brief Checkin the SA after usage
+        * @brief Checkin the SA after usage.
         * 
         * @warning the SA pointer MUST NOT be used after checkin! 
         * The SA must be checked out again!
@@ -95,7 +94,7 @@ struct ike_sa_manager_t {
         */
        status_t (*checkin) (ike_sa_manager_t* ike_sa_manager, ike_sa_t *ike_sa);
        /**
-        * @brief delete a SA, wich was not checked out
+        * @brief Delete a SA, which was not checked out.
         * 
         * @warning do not use this when the SA is already checked out, this will
         * deadlock!
@@ -109,7 +108,7 @@ struct ike_sa_manager_t {
        status_t (*delete) (ike_sa_manager_t* ike_sa_manager, ike_sa_id_t *ike_sa_id);
        
        /**
-        * @brief delete a checked out SA
+        * @brief Delete a checked out SA.
         *
         * @param ike_sa_manager        the manager object
         * @param ike_sa                        SA to delete
@@ -120,9 +119,9 @@ struct ike_sa_manager_t {
        status_t (*checkin_and_delete) (ike_sa_manager_t* ike_sa_manager, ike_sa_t *ike_sa);
        
        /**
-        * @brief Destroys the manager with all associated SAs
+        * @brief Destroys the manager with all associated SAs.
         * 
-        * Threads will be driven out, so all SAs can be deleted cleanly
+        * Threads will be driven out, so all SAs can be deleted cleanly.
         * 
         * @param ike_sa_manager the manager object
         */
@@ -130,12 +129,12 @@ struct ike_sa_manager_t {
 };
 
 /**
- * @brief Create a manager
+ * @brief Create a manager.
  * 
- * @returns ike_sa_manager_t object
+ * @returns    ike_sa_manager_t object
  * 
  * @ingroup sa
  */
 ike_sa_manager_t *ike_sa_manager_create();
 
-#endif /*IKE_SA_MANAGER_H_*/
+#endif /*_IKE_SA_MANAGER_H_*/
index b05d4b0..748a765 100644 (file)
@@ -97,6 +97,10 @@ static void prepend_prefix(private_logger_t *this, logger_level_t loglevel, char
        {
                log_type = '?';
        }
+       else if (loglevel & AUDIT)
+       {
+               log_type = '>';
+       }
        else
        {
                log_type = '-';