introduced new logging subsystem using bus:
authorMartin Willi <martin@strongswan.org>
Wed, 18 Oct 2006 11:46:13 +0000 (11:46 -0000)
committerMartin Willi <martin@strongswan.org>
Wed, 18 Oct 2006 11:46:13 +0000 (11:46 -0000)
  passive listeners can register on the bus
  active listeners wait for signals actively
  multiplexing allows multiple listeners to receive debug signals
  a lot more...

129 files changed:
src/charon/Makefile.am
src/charon/bus/bus.c
src/charon/bus/bus.h
src/charon/bus/listeners/file_logger.c
src/charon/bus/listeners/file_logger.h
src/charon/bus/listeners/stream_logger.c [deleted file]
src/charon/bus/listeners/stream_logger.h [deleted file]
src/charon/bus/listeners/sys_logger.c
src/charon/config/connections/connection.c
src/charon/config/connections/connection.h
src/charon/config/connections/connection_store.h
src/charon/config/connections/local_connection_store.c
src/charon/config/credentials/credential_store.h
src/charon/config/credentials/local_credential_store.c
src/charon/config/policies/local_policy_store.c
src/charon/config/policies/policy.c
src/charon/config/policies/policy.h
src/charon/config/policies/policy_store.h
src/charon/config/proposal.c
src/charon/config/proposal.h
src/charon/config/traffic_selector.c
src/charon/config/traffic_selector.h
src/charon/daemon.c
src/charon/daemon.h
src/charon/encoding/generator.c
src/charon/encoding/message.c
src/charon/encoding/message.h
src/charon/encoding/parser.c
src/charon/encoding/payloads/cert_payload.c
src/charon/encoding/payloads/cert_payload.h
src/charon/encoding/payloads/configuration_attribute.c
src/charon/encoding/payloads/configuration_attribute.h
src/charon/encoding/payloads/cp_payload.c
src/charon/encoding/payloads/cp_payload.h
src/charon/encoding/payloads/encodings.c
src/charon/encoding/payloads/encodings.h
src/charon/encoding/payloads/encryption_payload.c
src/charon/encoding/payloads/ike_header.c
src/charon/encoding/payloads/ike_header.h
src/charon/encoding/payloads/ke_payload.c
src/charon/encoding/payloads/nonce_payload.c
src/charon/encoding/payloads/notify_payload.c
src/charon/encoding/payloads/notify_payload.h
src/charon/encoding/payloads/payload.c
src/charon/encoding/payloads/payload.h
src/charon/encoding/payloads/proposal_substructure.c
src/charon/encoding/payloads/sa_payload.c
src/charon/encoding/payloads/traffic_selector_substructure.c
src/charon/encoding/payloads/transform_attribute.c
src/charon/encoding/payloads/transform_attribute.h
src/charon/encoding/payloads/transform_substructure.c
src/charon/encoding/payloads/ts_payload.c
src/charon/network/socket.c
src/charon/queues/jobs/acquire_job.c
src/charon/queues/jobs/delete_child_sa_job.c
src/charon/queues/jobs/delete_ike_sa_job.c
src/charon/queues/jobs/incoming_packet_job.c
src/charon/queues/jobs/initiate_job.c
src/charon/queues/jobs/job.c
src/charon/queues/jobs/job.h
src/charon/queues/jobs/rekey_child_sa_job.c
src/charon/queues/jobs/rekey_ike_sa_job.c
src/charon/queues/jobs/retransmit_request_job.c
src/charon/queues/jobs/route_job.c
src/charon/queues/jobs/send_dpd_job.c
src/charon/queues/jobs/send_keepalive_job.c
src/charon/queues/send_queue.c
src/charon/sa/authenticator.c
src/charon/sa/child_sa.c
src/charon/sa/child_sa.h
src/charon/sa/ike_sa.c
src/charon/sa/ike_sa.h
src/charon/sa/ike_sa_id.c
src/charon/sa/ike_sa_id.h
src/charon/sa/ike_sa_manager.c
src/charon/sa/ike_sa_manager.h
src/charon/sa/transactions/create_child_sa.c
src/charon/sa/transactions/dead_peer_detection.c
src/charon/sa/transactions/delete_child_sa.c
src/charon/sa/transactions/delete_ike_sa.c
src/charon/sa/transactions/ike_auth.c
src/charon/sa/transactions/ike_sa_init.c
src/charon/sa/transactions/rekey_ike_sa.c
src/charon/sa/transactions/transaction.c
src/charon/threads/kernel_interface.c
src/charon/threads/receiver.c
src/charon/threads/scheduler.c
src/charon/threads/sender.c
src/charon/threads/stroke_interface.c
src/charon/threads/stroke_interface.h
src/charon/threads/thread_pool.c
src/charon/threads/thread_pool.h
src/libstrongswan/Makefile.am
src/libstrongswan/asn1/asn1.c
src/libstrongswan/asn1/pem.c
src/libstrongswan/crypto/certinfo.c
src/libstrongswan/crypto/certinfo.h
src/libstrongswan/crypto/crl.c
src/libstrongswan/crypto/crl.h
src/libstrongswan/crypto/crypters/crypter.c
src/libstrongswan/crypto/crypters/crypter.h
src/libstrongswan/crypto/diffie_hellman.c
src/libstrongswan/crypto/diffie_hellman.h
src/libstrongswan/crypto/hashers/hasher.c
src/libstrongswan/crypto/hashers/hasher.h
src/libstrongswan/crypto/prfs/prf.c
src/libstrongswan/crypto/prfs/prf.h
src/libstrongswan/crypto/signers/signer.c
src/libstrongswan/crypto/signers/signer.h
src/libstrongswan/crypto/x509.c
src/libstrongswan/crypto/x509.h
src/libstrongswan/definitions.c
src/libstrongswan/definitions.h
src/libstrongswan/library.c
src/libstrongswan/library.h
src/libstrongswan/types.c
src/libstrongswan/types.h
src/libstrongswan/utils/identification.c
src/libstrongswan/utils/identification.h
src/libstrongswan/utils/leak_detective.c
src/libstrongswan/utils/leak_detective.h
src/libstrongswan/utils/linked_list.c
src/libstrongswan/utils/linked_list.h
src/libstrongswan/utils/logger.c [deleted file]
src/libstrongswan/utils/logger.h [deleted file]
src/libstrongswan/utils/logger_manager.c [deleted file]
src/libstrongswan/utils/logger_manager.h [deleted file]
src/libstrongswan/utils/tester.c [deleted file]
src/libstrongswan/utils/tester.h [deleted file]

index b8dc4d7..85e6264 100644 (file)
@@ -4,7 +4,6 @@ ipsec_PROGRAMS = charon
 
 charon_SOURCES = \
 bus/bus.c bus/bus.h \
-bus/listeners/stream_logger.c bus/listeners/stream_logger.h \
 bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
 bus/listeners/file_logger.c bus/listeners/file_logger.h \
 config/connections/connection.c config/connections/connection.h \
index 1e5ff98..028fd37 100644 (file)
 
 #include "bus.h"
 
+#include <pthread.h>
+
+ENUM(signal_names, SIG_ANY, SIG_MAX,
+       /** should not get printed */
+       "SIG_ANY",
+       /** debugging message types */
+       "DMN",
+       "MGR",
+       "IKE",
+       "CHD",
+       "JOB",
+       "CFG",
+       "KNL",
+       "NET",
+       "ENC",
+       "LIB",
+       /** should not get printed */
+       "SIG_DBG_MAX",
+       /** all level0 signals are AUDIT signals */
+       "AUD",
+       "AUD",
+       "AUD",
+       "AUD",
+       "AUD",
+       "AUD",
+       "AUD",
+       "AUD",
+       "AUD",
+       "AUD",
+       "AUD",
+       "AUD",
+       /** should not get printed */
+       "SIG_MAX",
+);
+
+typedef struct active_listener_t active_listener_t;
+
+/**
+ * information for a active listener
+ */
+struct active_listener_t {
+       
+       /**
+        * associated thread
+        */
+       pthread_t id;
+       
+       /**
+        * condvar to wait for a signal
+        */
+       pthread_cond_t cond;
+       
+       /**
+        * state of the thread
+        */
+       enum {
+               /** not registered, do not wait for thread */
+               UNREGISTERED,
+               /** registered, if a signal occurs, wait until it is LISTENING */
+               REGISTERED,
+               /** listening, deliver signal */
+               LISTENING,
+       } state;
+       
+       /**
+        * currently processed signals type
+        */
+       signal_t signal;
+       
+       /**
+        * verbosity level of the signal
+        */
+       level_t level;
+       
+       /**
+        * current processed signals thread number
+        */
+       int thread;
+       
+       /**
+        * currently processed signals ike_sa
+        */
+       ike_sa_t *ike_sa;
+       
+       /**
+        * currently processed signals format string
+        */
+       char *format;
+       
+       /**
+        * currently processed signals format varargs
+        */
+       va_list args;
+       
+};
+
 typedef struct private_bus_t private_bus_t;
 
 /**
@@ -39,6 +135,16 @@ struct private_bus_t {
        linked_list_t *listeners;
        
        /**
+        * List of active listeners with listener_state TRUE
+        */
+       linked_list_t *active_listeners;
+       
+       /**
+        * mutex to synchronize active listeners
+        */
+       pthread_mutex_t mutex;
+       
+       /**
         * Thread local storage for a unique, simple thread ID
         */
        pthread_key_t thread_id;
@@ -76,10 +182,96 @@ static int get_thread_number(private_bus_t *this)
  */
 static void add_listener(private_bus_t *this, bus_listener_t *listener)
 {
+       pthread_mutex_lock(&this->mutex);
        this->listeners->insert_last(this->listeners, (void*)listener);
+       pthread_mutex_unlock(&this->mutex);
+}
+
+/**
+ * Get the listener object for the calling thread
+ */
+static active_listener_t *get_active_listener(private_bus_t *this)
+{
+       active_listener_t *current, *found = NULL;
+       iterator_t *iterator;
+       
+       /* if the thread was here once before, we have a active_listener record */
+       iterator = this->active_listeners->create_iterator(this->active_listeners, TRUE);
+       while (iterator->iterate(iterator, (void**)&current))
+       {
+               if (current->id == pthread_self())
+               {
+                       found = current;
+                       break;
+               }
+       }
+       iterator->destroy(iterator);
+       
+       if (found == NULL)
+       {
+               /* create a new object for a never-seen thread */
+               found = malloc_thing(active_listener_t);
+               found->id = pthread_self();
+               pthread_cond_init(&found->cond, NULL);
+               this->active_listeners->insert_last(this->active_listeners, found);
+       }
+       
+       return found;
+}
+
+/**
+ * Implementation of bus_t.listen.
+ */
+static signal_t listen_(private_bus_t *this, level_t *level, int *thread,
+                                               ike_sa_t **ike_sa, char** format, va_list* args)
+{
+       active_listener_t *listener;
+       
+       pthread_mutex_lock(&this->mutex);
+       listener = get_active_listener(this);
+       /* go "listening", say hello to a thread which have a signal for us */
+       listener->state = LISTENING;
+       pthread_cond_broadcast(&listener->cond);
+       /* wait until it has us delivered a signal, and go back to "registered" */
+       pthread_cond_wait(&listener->cond, &this->mutex);
+       pthread_mutex_unlock(&this->mutex);
+       
+       /* return signal values */
+       *level = listener->level;
+       *thread = listener->thread;
+       *ike_sa = listener->ike_sa;
+       *format = listener->format;
+       *args = listener->args;
+       
+       return listener->signal;
 }
 
 /**
+ * Implementation of bus_t.set_listen_state.
+ */
+static void set_listen_state(private_bus_t *this, bool active)
+{
+       active_listener_t *listener;
+       
+       pthread_mutex_lock(&this->mutex);
+       
+       listener = get_active_listener(this);
+       if (active)
+       {
+               listener->state = REGISTERED;
+       }
+       else
+       {
+               listener->state = UNREGISTERED;
+               /* say hello to signal omitter; we are finished processing the signal */
+               pthread_cond_signal(&listener->cond);
+       }
+       
+       pthread_mutex_unlock(&this->mutex);
+}
+
+
+/**
  * Implementation of bus_t.set_sa.
  */
 static void set_sa(private_bus_t *this, ike_sa_t *ike_sa)
@@ -88,28 +280,83 @@ static void set_sa(private_bus_t *this, ike_sa_t *ike_sa)
 }
 
 /**
- * Implementation of bus_t.signal.
+ * Implementation of bus_t.vsignal.
  */
-static void signal_(private_bus_t *this, signal_t signal, level_t condition,
-                                       char* format, ...)
+static void vsignal(private_bus_t *this, signal_t signal, level_t level,
+                                       char* format, va_list args)
 {
        iterator_t *iterator;
        bus_listener_t *listener;
-       va_list args;
+       active_listener_t *active_listener;
        ike_sa_t *ike_sa;
        int thread;
        
        ike_sa = pthread_getspecific(this->thread_sa);
        thread = get_thread_number(this);
-       va_start(args, format);
        
+       pthread_mutex_lock(&this->mutex);
+       
+       /* do the job for all passive bus_listeners */
        iterator = this->listeners->create_iterator(this->listeners, TRUE);
        while (iterator->iterate(iterator, (void**)&listener))
        {
-               listener->signal(listener, thread, ike_sa,
-                                                signal, condition, format, args);
+               va_list args_copy;
+               
+               va_copy(args_copy, args);
+               listener->signal(listener, signal, level, thread, ike_sa, format, args_copy);
+               va_end(args_copy);
        }
        iterator->destroy(iterator);
+       
+       /* wake up all active listeners */
+       iterator = this->active_listeners->create_iterator(this->active_listeners, TRUE);
+       while (iterator->iterate(iterator, (void**)&active_listener))
+       {
+               /* wait until it is back */
+               while (active_listener->state == REGISTERED)
+               {
+                       pthread_cond_wait(&active_listener->cond, &this->mutex);
+               }
+               /* if thread is listening now, give it the signal to process */
+               if (active_listener->state == LISTENING)
+               {
+                       active_listener->level = level;
+                       active_listener->thread = thread;
+                       active_listener->ike_sa = ike_sa;
+                       active_listener->signal = signal;
+                       active_listener->format = format;
+                       va_copy(active_listener->args, args);
+                       active_listener->state = REGISTERED;
+                       pthread_cond_signal(&active_listener->cond);
+               }
+       }
+       
+       /* we must wait now until all are not in state REGISTERED,
+        * as they may still use our arguments */
+       iterator->reset(iterator);
+       while (iterator->iterate(iterator, (void**)&active_listener))
+       {
+               while (active_listener->state == REGISTERED)
+               {
+                       pthread_cond_wait(&active_listener->cond, &this->mutex);
+               }
+               va_end(active_listener->args);
+       }
+       iterator->destroy(iterator);
+       
+       pthread_mutex_unlock(&this->mutex);
+}
+
+/**
+ * Implementation of bus_t.signal.
+ */
+static void signal_(private_bus_t *this, signal_t signal, level_t level, 
+                                       char* format, ...)
+{
+       va_list args;
+       
+       va_start(args, format);
+       vsignal(this, signal, level, format, args);
        va_end(args);
 }
 
@@ -118,6 +365,14 @@ static void signal_(private_bus_t *this, signal_t signal, level_t condition,
  */
 static void destroy(private_bus_t *this)
 {
+       active_listener_t *listener;
+       while (this->active_listeners->remove_last(this->active_listeners,
+                                                                                          (void**)&listener) == SUCCESS)
+       {
+               free(listener);
+       }
+       
+       this->active_listeners->destroy(this->active_listeners);
        this->listeners->destroy(this->listeners);
        free(this);
 }
@@ -130,11 +385,16 @@ bus_t *bus_create()
        private_bus_t *this = malloc_thing(private_bus_t);
        
        this->public.add_listener = (void(*)(bus_t*,bus_listener_t*))add_listener;
+       this->public.listen = (signal_t(*)(bus_t*,level_t*,int*,ike_sa_t**,char**,va_list*))listen_;
+       this->public.set_listen_state = (void(*)(bus_t*,bool))set_listen_state;
        this->public.set_sa = (void(*)(bus_t*,ike_sa_t*))set_sa;
        this->public.signal = (void(*)(bus_t*,signal_t,level_t,char*,...))signal_;
+       this->public.vsignal = (void(*)(bus_t*,signal_t,level_t,char*,va_list))vsignal;
        this->public.destroy = (void(*)(bus_t*)) destroy;
        
        this->listeners = linked_list_create();
+       this->active_listeners = linked_list_create();
+       pthread_mutex_init(&this->mutex, NULL);
        pthread_key_create(&this->thread_id, NULL);
        pthread_key_create(&this->thread_sa, NULL);
        
index cce1f42..d04ce4c 100644 (file)
 #include <sa/child_sa.h>
 
 
-/**
- * @brief Raise a signal for an occured event.
- *
- * @param sig          signal_t signal description
- * @param level                level for the signal
- * @param format       printf() style format string
- * @param ...          printf() style agument list
- */
-#define SIG(sig, level, format, ...) charon->bus->signal(charon->bus, sig, level, format, ##__VA_ARGS__)
+typedef enum signal_t signal_t;
 
 /**
- * @brief Set the IKE_SA the calling thread is using.
+ * @brief signals ommited by the daemon.
  *
- * @param ike_sa       ike_sa to register, or NULL to unregister
- */
-#define SIG_SA(ike_sa) charon->bus->set_sa(charon->bus, ike_sa)
+ * Signaling is for different purporses. First, it allows debugging via
+ * "debugging signal messages", sencondly, it allows to follow certain
+ * mechanisms currently going on in the daemon. As we are multithreaded, 
+ * and a multiple messages are involved, it's not possible to follow
+ * one connection setup without further infrastructure. These infrastructure
+ * is provided by the bus and the signals the whole daemon ommits to the bus.
+ *
+ * @par Schema 1: Signals involved in IKE_SA/CHILD_SA initiation
+ *
+ * In the initiation of a IKE- or CHILD_SA is triggered by three possible
+ * sources: User request, a request from the other peer, or a request
+ * triggered by the kernel.
+ * Once the user requests initiation, the SIG_INITIATE signal is ommited.
+ * This signal contains the IKE_SA that got created. Any further signals
+ * have the same IKE_SA and are therefore easy to trace.
+ * If the kernel initiates, a SIG_ACQUIRE is sent over the bus.
+ * If a new IKE_SA is needed, it is set up. If it succeeds, a
+ * SIG_IKE_ESTABLISHED is ommitted. If the peer didn't accept our DH
+ * group, the initiation fails. A SIG_DH_INVALID is sent over the bus. It still
+ * contains the the old IKE_SA. Shortly afterwards, a SIG_DH_RETRY is ommited.
+ * It contains the NEW IKE_SA. This mechanism allows us to trace the setup even
+ * beyond a INVALID_KE_PAYLOUD error.
+ * If the setup fails, SIG_IKE_ESTABLISH_FAILED is sent.
+ * After a successful establishment of the IKE_SA, or if an already established
+ * IKE_SA is reused, the child establishment begins. If it is set up with
+ * the ike_auth transaction, the SIG_CHILD_ESTABLISHED signal is ommited
+ * directly after the SIG_IKE_ESTABLISHED signal, as both are set up
+ * simultaneously. The child setup may fail (in a ike_auth, or in a 
+ * create_child_sa exchange), if so, the SIG_CHID_ESTABLISH_FAILED signal
+ * is raised.
+ *
+ * @verbatim
 
-/**
- * @brief Log a debug message via the signal bus.
+          "ipsec up"  "peer msg"  "kernel acquire"
+                |         |          |
+                V         |          V
+            SIG_INITIATE  | SIG_ACQUIRE
+                       \  | /
+                        \ |/______________________________________________
+                         \/________________________________               \
+                         /\                           \    \              |
+                        |  |                          |    |              |
+                        V  V                          |    V              |
+      SIG_IKE_ESTABLISHED  SIG_IKE_ESTABLISH_FALIED   |  SIG_DH_INVALID   |
+                        \                |            |    |              |
+                         \               X            |    V              |
+                          \___________________________/  SIG_DH_RETRY     |
+                          /\                               \______________/
+                         |  |
+                         V  V
+     SIG_CHILD_ESTABLISHED  SIG_CHILD_ESTABLISH_FAILED
+                                          |
+                                          X
+   @endverbatim
+ * Other scenarios are much simpler. Termination is just indicated with
+ * a simple SIG_CHILD_TERMINATED and/or SIG_IKE_TERMINATED signal. There
+ * are other signals as SIG_CHILD_ROUTED or SIG_CHILD_UNROUTED. Rekeying is
+ * also trivial (SIG_IKE_REKEYED/SIG_CHILD_REKEYED), but may contain
+ * SIG_DH_INVALID...
  *
- * @param signal       signal_t signal description
- * @param format       printf() style format string
- * @param ...          printf() style agument list
+ * @ingroup bus
  */
-#define DBG1(sig, format, ...) charon->bus->signal(charon->bus, sig, LEV_DBG1, format, ##__VA_ARGS__)
-#define DBG2(sig, format, ...) charon->bus->signal(charon->bus, sig, LEV_DBG2, format, ##__VA_ARGS__)
-#define DBG3(sig, format, ...) charon->bus->signal(charon->bus, sig, LEV_DBG3, format, ##__VA_ARGS__)
-#define DBG4(sig, format, ...) charon->bus->signal(charon->bus, sig, LEV_DBG4, format, ##__VA_ARGS__)
-
-
-typedef enum signal_t signal_t;
-
 enum signal_t {
-       /** an IKE_SA has been established */
-       SIG_IKE_UP,
-       /** an IKE_SA has been closed */
-       SIG_IKE_DOWN,
-       /** an IKE_SA has been rekeyed */
-       SIG_IKE_REKEY,
-       /** a CHILD_SA has been installed */
-       SIG_CHILD_UP,
-       /** a CHILD_SA has been closed */
-       SIG_CHILD_DOWN,
-       /** a CHILD_SA has been rekeyed */
-       SIG_CHILD_REKEY,
-       /** a CHILD_SA has been routed */
-       SIG_CHILD_ROUTE,
-       /** a CHILD_SA has been unrouted */
-       SIG_CHILD_UNROUTE,
-       /** a remote peer has been authenticated using RSA digital signature */
-       SIG_AUTH_RSA,
-       /** a remote peer has been authenticated using preshared keys */
-       SIG_AUTH_PSK,
+       /** pseudo signal, representing any other signal */
+       SIG_ANY,
        
+       /** debugging messages printed from daemon main loop */
+       SIG_DBG_DMN,
+       /** debugging message printed from IKE_SA_MANAGER */
+       SIG_DBG_MGR,
        /** debugging message printed from an IKE_SA */
        SIG_DBG_IKE,
        /** debugging message printed from a CHILD_SA */
@@ -97,27 +118,103 @@ enum signal_t {
        SIG_DBG_NET,
        /** debugging message printed from message encoding/decoding */
        SIG_DBG_ENC,
+       /** debugging message printed from libstrongswan via logging hook */
+       SIG_DBG_LIB,
+       
+       /** number of debug signals */
+       SIG_DBG_MAX,
+       
+       /** initiation started on user request */
+       SIG_INITIATE,
+       /** acquiring on kernel request */
+       SIG_ACQUIRE,
+       
+       /** an IKE_SA has been established */
+       SIG_IKE_UP,
+       /** an IKE_SA has been closed as requested */
+       SIG_IKE_DOWN,
+       /** an IKE_SA got deleted due an error */
+       SIG_IKE_FAILED,
+       /** an IKE_SA has been rekeyed */
+       SIG_IKE_REKEY,
+       
+       /** a CHILD_SA has been established */
+       SIG_CHILD_UP,
+       /** a CHILD_SA has been closed as requested */
+       SIG_CHILD_DOWN,
+       /** a CHILD_SA got deleted due an error */
+       SIG_CHILD_FAILED,
+       /** a CHILD_SA has been rekeyed */
+       SIG_CHILD_REKEY,
+       /** a CHILD_SA has been routed */
+       SIG_CHILD_ROUTE,
+       /** a CHILD_SA has been unrouted */
+       SIG_CHILD_UNROUTE,
        
-       SIG_MAX,
+       SIG_MAX
 };
 
+/**
+ * short names of signals using 3 chars
+ */
+extern enum_name_t *signal_names;
+
 typedef enum level_t level_t;
 
+/**
+ * Signal levels used to control output verbosity.
+ */
 enum level_t {
-       /** Signal indicates something has failed */
-       LEV_FAILED,
-       /** Signal indicates something was successful */
-       LEV_SUCCESS,
-       /** Debug level 1, control flow messages */
-       LEV_DBG1,
-       /** Debug level 2, more detail informational messages */
-       LEV_DBG2,
-       /** Debug level 3, RAW data output */
-       LEV_DBG3,
-       /** Debug level 4, RAW data with sensitive (private) data */
-       LEV_DBG4,
+       /** numerical levels from 0 to 4 */
+       LEVEL_0 = 0,
+       LEVEL_1 = 1,
+       LEVEL_2 = 2,
+       LEVEL_3 = 3,
+       LEVEL_4 = 4,
+       /** absolutely silent, no signal is ommited with this level */
+       LEVEL_SILENT = -1,
+       /** alias for numberical levels */
+       LEVEL_AUDIT = LEVEL_0,
+       LEVEL_CTRL = LEVEL_1,
+       LEVEL_CTRLMORE = LEVEL_2,
+       LEVEL_RAW = LEVEL_3,
+       LEVEL_PRIVATE = LEVEL_4,
 };
 
+/**
+ * @brief Raise a signal for an occured event.
+ *
+ * @param sig          signal_t signal description
+ * @param format       printf() style format string
+ * @param ...          printf() style agument list
+ */
+#define SIG(sig, format, ...) charon->bus->signal(charon->bus, sig, LEVEL_0, format, ##__VA_ARGS__)
+
+/**
+ * @brief Log a debug message via the signal bus.
+ *
+ * @param signal       signal_t signal description
+ * @param format       printf() style format string
+ * @param ...          printf() style agument list
+ */
+#define DBG1(sig, format, ...) charon->bus->signal(charon->bus, sig, LEVEL_1, format, ##__VA_ARGS__)
+#define DBG2(sig, format, ...) charon->bus->signal(charon->bus, sig, LEVEL_2, format, ##__VA_ARGS__)
+#define DBG3(sig, format, ...) charon->bus->signal(charon->bus, sig, LEVEL_3, format, ##__VA_ARGS__)
+#define DBG4(sig, format, ...) charon->bus->signal(charon->bus, sig, LEVEL_4, format, ##__VA_ARGS__)
+
+/**
+ * @brief Get the type of a signal.
+ *
+ * A signal may be a debugging signal with a specific context. They have
+ * a level specific for their context > 0. All audit signals use the
+ * type 0. This allows filtering of singals by their type.
+ *
+ * @param signal       signal to get the type from
+ * @return                     type of the signal, between 0..(SIG_DBG_MAX-1)
+ */
+#define SIG_TYPE(sig) (sig > SIG_DBG_MAX ? SIG_ANY : sig)
+
+
 typedef struct bus_listener_t bus_listener_t;
 
 /**
@@ -135,21 +232,21 @@ struct bus_listener_t {
         *
         * A numerical identification for the thread is included, as the
         * associated IKE_SA, if any. Signal specifies the type of
-        * the event occured, with a verbosity level. The format string specifies
+        * the event occured. The format string specifies
         * an additional informational or error message with a printf() like
         * variable argument list. This is in the va_list form, as forwarding
         * a "..." parameters to functions is not (cleanly) possible.
         *
         * @param this          listener
+        * @param singal        kind of the signal (up, down, rekeyed, ...)
+        * @param level         verbosity level of the signal
         * @param thread        ID of the thread raised this signal
         * @param ike_sa        IKE_SA associated to the event
-        * @param singal        kind of the signal (up, down, rekeyed, ...)
-        * @param level         level for signal
         * @param format        printf() style format string
         * @param args          vprintf() style va_list argument list
         */
-       void (*signal) (bus_listener_t *this, int thread, ike_sa_t *ike_sa,
-                                       signal_t signal, level_t level, char* format, va_list args);
+       void (*signal) (bus_listener_t *this, signal_t signal, level_t level,
+                                       int thread, ike_sa_t *ike_sa, char* format, va_list args);
 };
 
 
@@ -161,7 +258,8 @@ typedef struct bus_t bus_t;
  * The signal bus is not much more than a multiplexer. A listener interested
  * in receiving event signals registers at the bus. Any signals sent to
  * are delivered to all registered listeners.
- * 
+ * To deliver signals to threads, the blocking listen() call may be used
+ * to wait for a signal.
  *
  * @ingroup bus
  */
@@ -171,6 +269,8 @@ struct bus_t {
         * @brief Register a listener to the bus.
         *
         * A registered listener receives all signals which are sent to the bus.
+        * The listener is passive; the thread which ommited the signal
+        * processes the listener routine.
         *
         * @param this          bus
         * @param listener      listener to register.
@@ -178,6 +278,43 @@ struct bus_t {
        void (*add_listener) (bus_t *this, bus_listener_t *listener);
        
        /**
+        * @brief Listen actively on the bus.
+        *
+        * As we are fully multithreaded, we must provide a mechanism
+        * for active threads to listen to the bus. With the listen() method,
+        * a thread waits until a signal occurs, and then processes it.
+        * To prevent the listen() calling thread to miss signals ommited while
+        * it processes a signal, registration is required. This is done through
+        * the set_listen_state() method, see below.
+        *
+        * @param this          bus
+        * @param level         verbosity level of the signal
+        * @param thread        receives thread number ommited the signal
+        * @param ike_sa        receives the IKE_SA involved in the signal, or NULL
+        * @param format        receives the format string supplied with the signal
+        * @param va_list       receives the variable argument list for format
+        * @return                      the ommited signal type
+        */
+       signal_t (*listen) (bus_t *this, level_t* level, int *thread,
+                                               ike_sa_t **ike_sa, char** format, va_list* args);
+       
+       /**
+        * @brief Set the listening state of the calling thread.
+        *
+        * To prevent message loss for active listeners using listen(), threads
+        * must register themself to the bus before starting to listen(). When
+        * a signal occurs, the ommiter waits until all threads with listen_state
+        * TRUE are waiting in the listen() method to process the signal.
+        * It is important that a thread with liste_state TRUE calls listen()
+        * periodically, or sets it's listening state to FALSE; otherwise
+        * all signal omitting threads get blocked on the bus.
+        *
+        * @param this          bus
+        * @param active        TRUE to set to listening
+        */
+       void (*set_listen_state) (bus_t *this, bool active);
+       
+       /**
         * @brief Set the IKE_SA the calling thread is using.
         *
         * To associate an received signal to an IKE_SA without passing it as
@@ -185,8 +322,6 @@ struct bus_t {
         * time it checked it out. Before checking it in, the thread unregisters
         * the IKE_SA (by passing NULL). This IKE_SA is stored per-thread, so each
         * thread has one IKE_SA registered (or not).
-        * There is a macro to simplify the call.
-        * @see SIG_SA()
         * 
         * @param this          bus
         * @param ike_sa        ike_sa to register, or NULL to unregister
@@ -196,23 +331,34 @@ struct bus_t {
        /**
         * @brief Send a signal to the bus.
         *
-        * A signal may belong to an IKE_SA and a CHILD_SA. If so, these
-        * are supplied to the signal function. The signal specifies the type of
-        * the event occured. The format string specifies an additional
-        * informational or error message with a printf() like variable argument
-        * list.
-        * Some useful macros may be available to shorten this call.
+        * The signal specifies the type of the event occured. The format string
+        * specifies an additional informational or error message with a
+        * printf() like variable argument list.
+        * Some useful macros are available to shorten this call.
         * @see SIG(), DBG1()
         *
         * @param this          bus
         * @param singal        kind of the signal (up, down, rekeyed, ...)
-        * @param level         status level of the signal to send
+        * @param level         verbosity level of the signal
         * @param format        printf() style format string
         * @param ...           printf() style argument list
         */
        void (*signal) (bus_t *this, signal_t signal, level_t level, char* format, ...);
        
        /**
+        * @brief Send a signal to the bus using va_list arguments.
+        *
+        * Same as bus_t.signal(), but uses va_list argument list.
+        *
+        * @param this          bus
+        * @param singal        kind of the signal (up, down, rekeyed, ...)
+        * @param level         verbosity level of the signal
+        * @param format        printf() style format string
+        * @param args          va_list arguments
+        */
+       void (*vsignal) (bus_t *this, signal_t signal, level_t level, char* format, va_list args);
+       
+       /**
         * @brief Destroy the signal bus.
         *
         * @param this          bus to destroy
index 4a2fe4b..794548b 100644 (file)
  * for more details.
  */
 
-/* for fmemopen() */
-#define _GNU_SOURCE
 #include <stdio.h>
 #include <string.h>
 
 #include "file_logger.h"
 
-#include <bus/listeners/stream_logger.h>
-
 
 typedef struct private_file_logger_t private_file_logger_t;
 
@@ -48,99 +44,58 @@ struct private_file_logger_t {
        FILE *out;
        
        /**
-        * Internal used stream logger that does the dirty work
-        */
-       stream_logger_t *logger;
-       
-       /**
-        * Memory stream used for stream_logger
-        */
-       FILE *stream;
-       
-       /**
-        * Underlying buffer for stream
+        * Maximum level to log
         */
-       char buffer[4096];
+       level_t levels[SIG_DBG_MAX];
 };
 
 
 /**
  * Implementation of bus_listener_t.signal.
  */
-static void signal_(private_file_logger_t *this, int thread, ike_sa_t* ike_sa,
-                                       signal_t signal, level_t level,
-                                       char *format, va_list args)
+static void signal_(private_file_logger_t *this, signal_t signal, level_t level,
+                                       int thread, ike_sa_t* ike_sa, char *format, va_list args)
 {
-       char line[512];
-       char *prefix;
-       FILE *reader;
-       
-       switch (signal)
+       if (level <= this->levels[SIG_TYPE(signal)])
        {
-               case SIG_IKE_UP:
-               case SIG_IKE_DOWN:
-               case SIG_IKE_REKEY:
-               case SIG_DBG_IKE:
-                       prefix = "IKE";
-                       break;
-               case SIG_DBG_CHD:
-                       prefix = "CHD";
-                       break;
-               case SIG_DBG_JOB:
-                       prefix = "JOG";
-                       break;
-               case SIG_DBG_CFG:
-                       prefix = "CFG";
-                       break;
-               case SIG_DBG_KNL:
-                       prefix = "KNL";
-                       break;
-               case SIG_DBG_NET:
-                       prefix = "NET";
-                       break;
-               case SIG_DBG_ENC:
-                       prefix = "ENC";
-                       break;
-               default:
-                       prefix = "???";
-                       break;
-       }
-       
-       flockfile(this->stream);
-       /* reset memory stream */
-       rewind(this->stream);
-       memset(this->buffer, '\0', sizeof(this->buffer));
-       /* log to memstream */
-       this->logger->listener.signal(&this->logger->listener, thread, ike_sa,
-                                                                 signal, level, format, args);
-       /* flush is needed to append a '\0' */
-       fflush(this->stream);
-       
-       /* create a reader stream that reads out line by line */
-       reader = fmemopen(this->buffer, sizeof(this->buffer), "r");
-       
-       while (fgets(line, sizeof(line), reader))
-       {
-               if (line[0] == '\0')
-               {
-                       /* abort on EOF */
-                       break;
-               }
-               else if (line[0] != '\n')
+               char buffer[8192];
+               char *current = buffer, *next;
+               
+               /* write in memory buffer first */
+               vsnprintf(buffer, sizeof(buffer), format, args);
+               
+               /* prepend a prefix in front of every line */
+               while (current)
                {
-                       fprintf(this->out, "%.2d[%s] %s", thread, prefix, line);
+                       next = strchr(current, '\n');
+                       if (next)
+                       {
+                               *(next++) = '\0';
+                       }
+                       fprintf(this->out, "%.2d[%N] %s\n", thread, signal_names, signal, current);
+                       current = next;
                }
        }
-       fclose(reader);
-       funlockfile(this->stream);
 }
 
 /**
  * Implementation of file_logger_t.set_level.
  */
-static void set_level(private_file_logger_t *this, signal_t signal, level_t max)
+static void set_level(private_file_logger_t *this, signal_t signal, level_t level)
 {
-       this->logger->set_level(this->logger, signal, max);
+       if (signal == SIG_ANY)
+       {
+               int i;
+               for (i = 0; i < SIG_DBG_MAX; i++)
+               {
+                       this->levels[i] = level;
+               }
+       }
+       else
+       {
+               
+               this->levels[SIG_TYPE(signal)] = level;
+       }
 }
 
 /**
@@ -148,8 +103,6 @@ static void set_level(private_file_logger_t *this, signal_t signal, level_t max)
  */
 static void destroy(private_file_logger_t *this)
 {
-       fclose(this->stream);
-       this->logger->destroy(this->logger);
        free(this);
 }
 
@@ -161,19 +114,13 @@ file_logger_t *file_logger_create(FILE *out)
        private_file_logger_t *this = malloc_thing(private_file_logger_t);
        
        /* public functions */
-       this->public.listener.signal = (void(*)(bus_listener_t*,int,ike_sa_t*,signal_t,level_t,char*,va_list))signal_;
+       this->public.listener.signal = (void(*)(bus_listener_t*,signal_t,level_t,int,ike_sa_t*,char*,va_list))signal_;
        this->public.set_level = (void(*)(file_logger_t*,signal_t,level_t))set_level;
        this->public.destroy = (void(*)(file_logger_t*))destroy;
        
        /* private variables */
        this->out = out;
-       this->stream = fmemopen(this->buffer, sizeof(this->buffer), "w");
-       if (this->stream == NULL)
-       {
-               /* fallback to stderr */
-               this->stream = stderr;
-       }
-       this->logger = stream_logger_create(this->stream);
+       set_level(this, SIG_ANY, LEVEL_SILENT);
        
        return &this->public;
 }
index 2ca028b..919c8f0 100644 (file)
@@ -48,7 +48,7 @@ struct file_logger_t {
         *
         * @param this          stream_logger_t object
         * @param singal        type of signal
-        * @param level         max level to log
+        * @param level         max level to log (0..4)
         */
        void (*set_level) (file_logger_t *this, signal_t signal, level_t level);
        
diff --git a/src/charon/bus/listeners/stream_logger.c b/src/charon/bus/listeners/stream_logger.c
deleted file mode 100644 (file)
index 7021872..0000000
+++ /dev/null
@@ -1,141 +0,0 @@
-/**
- * @file stream_logger.c
- *
- * @brief Implementation of stream_logger_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-#include <stdio.h>
-#include <pthread.h>
-
-#include "stream_logger.h"
-
-
-typedef struct private_stream_logger_t private_stream_logger_t;
-
-/**
- * @brief Private data of a stream_logger_t object.
- */
-struct private_stream_logger_t {
-       
-       /**
-        * Public data
-        */
-       stream_logger_t public;
-       
-       /**
-        * Maximum level to log
-        */
-       level_t max;
-       
-       /**
-        * stream to write log output to
-        */
-       FILE *out;
-};
-
-/**
- * Implementation of bus_listener_t.signal.
- */
-static void signal_(private_stream_logger_t *this, int thread,
-                                       ike_sa_t* ike_sa, signal_t signal, level_t level,
-                                       char *format, va_list args)
-{
-       FILE *o = this->out;
-       
-       flockfile(o);
-       
-       if (level <= this->max)
-       {
-               /* then print the info */
-               switch (signal)
-               {
-                       case SIG_IKE_UP:
-                       {
-                               if (level == LEV_SUCCESS)
-                               {
-                                       fprintf(o, "established: %H[%D]...%H[%D]\n",
-                                                       ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa),
-                                                       ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa));
-                               }
-                               else
-                               {
-                                       fprintf(o, "establishing failed: %H[%D]...%H[%D]:\n",
-                                                       ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa),
-                                                       ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa));
-                                       fprintf(o, "  ");
-                                       vfprintf(o, format, args);
-                                       fprintf(o, "\n");
-                               }
-                               break;
-                       }
-                       case SIG_DBG_IKE:
-                       case SIG_DBG_CHD:
-                       case SIG_DBG_JOB:
-                       case SIG_DBG_CFG:
-                       case SIG_DBG_KNL:
-                       case SIG_DBG_NET:
-                       case SIG_DBG_ENC:
-                       {
-                               vfprintf(o, format, args);
-                               fprintf(o, "\n");
-                               break;
-                       }
-                       default:
-                               break;
-               }
-       }
-       
-       funlockfile(o);
-}
-
-/**
- * Implementation of stream_logger_t.set_level.
- */
-static void set_level(private_stream_logger_t *this, signal_t signal, level_t max)
-{
-       this->max = max;
-}
-
-/**
- * Implementation of stream_logger_t.destroy.
- */
-static void destroy(private_stream_logger_t *this)
-{
-       free(this);
-}
-
-/*
- * Described in header.
- */
-stream_logger_t *stream_logger_create(FILE *out)
-{
-       private_stream_logger_t *this = malloc_thing(private_stream_logger_t);
-       
-       /* public functions */
-       this->public.listener.signal = (void(*)(bus_listener_t*,int,ike_sa_t*,signal_t,level_t,char*,va_list))signal_;
-       this->public.set_level = (void(*)(stream_logger_t*,signal_t,level_t))set_level;
-       this->public.destroy = (void(*)(stream_logger_t*))destroy;
-       
-       /* private variables */
-       this->max = LEV_DBG4;
-       this->out = out;
-       
-       return &this->public;
-}
diff --git a/src/charon/bus/listeners/stream_logger.h b/src/charon/bus/listeners/stream_logger.h
deleted file mode 100644 (file)
index 62d6c5a..0000000
+++ /dev/null
@@ -1,75 +0,0 @@
-/**
- * @file stream_logger.h
- *
- * @brief Interface of stream_logger_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef STREAM_LOGGER_H_
-#define STREAM_LOGGER_H_
-
-#include <stdio.h>
-
-#include <types.h>
-#include <bus/bus.h>
-
-typedef struct stream_logger_t stream_logger_t;
-
-/**
- * @brief Logger for a file stream which implements bus_listener_t.
- * 
- * @b Constructors:
- *  - stream_logger_create()
- * 
- * @ingroup listeners
- */
-struct stream_logger_t {
-       
-       /**
-        * Implements the bus_listener_t interface.
-        */
-       bus_listener_t listener;
-       
-       /**
-        * @brief Set the loglevel for a signal type.
-        *
-        * @param this          stream_logger_t object
-        * @param singal        type of signal
-        * @param level         max level to log
-        */
-       void (*set_level) (stream_logger_t *this, signal_t signal, level_t level);
-       
-       /**
-        * @brief Destroys a stream_logger_t object.
-        *
-        * @param this          stream_logger_t object
-        */
-       void (*destroy) (stream_logger_t *this);
-};
-
-/**
- * @brief Constructor to create a stream_logger_t object.
- *
- * @param out  output stream to log to
- * @return             stream_logger_t object
- * 
- * @ingroup utils
- */
-stream_logger_t *stream_logger_create(FILE *out);
-
-#endif /* STREAM_LOGGER_H_ */
index 3577376..0e3c9dc 100644 (file)
  * for more details.
  */
 
-/* for open_memstream() */
-#define _GNU_SOURCE
 #include <stdio.h>
 #include <string.h>
 #include <pthread.h>
 
 #include "sys_logger.h"
 
-#include <bus/listeners/stream_logger.h>
-
 
 typedef struct private_sys_logger_t private_sys_logger_t;
 
@@ -49,99 +45,59 @@ struct private_sys_logger_t {
        int facility;
        
        /**
-        * Internal used stream logger that does the dirty work
-        */
-       stream_logger_t *logger;
-       
-       /**
-        * Memory stream used for stream_logger
-        */
-       FILE *stream;
-       
-       /**
-        * Underlying buffer for stream
+        * Maximum level to log
         */
-       char buffer[4096];
+       level_t levels[SIG_DBG_MAX];
 };
 
 
 /**
  * Implementation of bus_listener_t.signal.
  */
-static void signal_(private_sys_logger_t *this, int thread, ike_sa_t* ike_sa,
-                                       signal_t signal, level_t level,
-                                       char *format, va_list args)
+static void signal_(private_sys_logger_t *this, signal_t signal, level_t level,
+                                       int thread, ike_sa_t* ike_sa, char *format, va_list args)
 {
-       char line[512];
-       char *prefix;
-       FILE *reader;
-       
-       switch (signal)
+       if (level <= this->levels[SIG_TYPE(signal)])
        {
-               case SIG_IKE_UP:
-               case SIG_IKE_DOWN:
-               case SIG_IKE_REKEY:
-               case SIG_DBG_IKE:
-                       prefix = "IKE";
-                       break;
-               case SIG_DBG_CHD:
-                       prefix = "CHD";
-                       break;
-               case SIG_DBG_JOB:
-                       prefix = "JOG";
-                       break;
-               case SIG_DBG_CFG:
-                       prefix = "CFG";
-                       break;
-               case SIG_DBG_KNL:
-                       prefix = "KNL";
-                       break;
-               case SIG_DBG_NET:
-                       prefix = "NET";
-                       break;
-               case SIG_DBG_ENC:
-                       prefix = "ENC";
-                       break;
-               default:
-                       prefix = "???";
-                       break;
-       }
-       
-       flockfile(this->stream);
-       /* reset memory stream */
-       rewind(this->stream);
-       memset(this->buffer, '\0', sizeof(this->buffer));
-       /* log to memstream */
-       this->logger->listener.signal(&this->logger->listener, thread, ike_sa,
-                                                                 signal, level, format, args);
-       /* flush is needed to append a '\0' */
-       fflush(this->stream);
-       
-       /* create a reader stream that reads out line by line */
-       reader = fmemopen(this->buffer, sizeof(this->buffer), "r");
-       
-       while (fgets(line, sizeof(line), reader))
-       {
-               if (line[0] == '\0')
-               {
-                       /* abort on EOF */
-                       break;
-               }
-               else if (line[0] != '\n')
+               char buffer[8192];
+               char *current = buffer, *next;
+               
+               /* write in memory buffer first */
+               vsnprintf(buffer, sizeof(buffer), format, args);
+               
+               /* do a syslog with every line */
+               while (current)
                {
-                       syslog(this->facility|LOG_INFO, "%.2d[%s] %s", thread, prefix, line);
+                       next = strchr(current, '\n');
+                       if (next)
+                       {
+                               *(next++) = '\0';
+                       }
+                       syslog(this->facility|LOG_INFO, "%.2d[%N] %s\n",
+                                  thread, signal_names, signal, current);
+                       current = next;
                }
        }
-       fclose(reader);
-       funlockfile(this->stream);
 }
 
 /**
  * Implementation of sys_logger_t.set_level.
  */
-static void set_level(private_sys_logger_t *this, signal_t signal, level_t max)
+static void set_level(private_sys_logger_t *this, signal_t signal, level_t level)
 {
-       this->logger->set_level(this->logger, signal, max);
+       if (signal == SIG_ANY)
+       {
+               int i;
+               for (i = 0; i < SIG_DBG_MAX; i++)
+               {
+                       this->levels[i] = level;
+               }
+       }
+       else
+       {
+               
+               this->levels[SIG_TYPE(signal)] = level;
+       }
 }
 
 /**
@@ -150,8 +106,6 @@ static void set_level(private_sys_logger_t *this, signal_t signal, level_t max)
 static void destroy(private_sys_logger_t *this)
 {
        closelog();
-       fclose(this->stream);
-       this->logger->destroy(this->logger);
        free(this);
 }
 
@@ -163,19 +117,13 @@ sys_logger_t *sys_logger_create(int facility)
        private_sys_logger_t *this = malloc_thing(private_sys_logger_t);
        
        /* public functions */
-       this->public.listener.signal = (void(*)(bus_listener_t*,int,ike_sa_t*,signal_t,level_t,char*,va_list))signal_;
+       this->public.listener.signal = (void(*)(bus_listener_t*,signal_t,level_t,int,ike_sa_t*,char*,va_list))signal_;
        this->public.set_level = (void(*)(sys_logger_t*,signal_t,level_t))set_level;
        this->public.destroy = (void(*)(sys_logger_t*))destroy;
        
        /* private variables */
        this->facility = facility;
-       this->stream = fmemopen(this->buffer, sizeof(this->buffer), "w");
-       if (this->stream == NULL)
-       {
-               /* fallback to stderr */
-               this->stream = stderr;
-       }
-       this->logger = stream_logger_create(this->stream);
+       set_level(this, SIG_ANY, LEVEL_SILENT);
        
        return &this->public;
 }
index 3d00119..5dfc00e 100644 (file)
 #include <string.h>
 
 #include <config/connections/connection.h>
-
 #include <utils/linked_list.h>
-#include <utils/logger.h>
 
-/** 
- * String mappings for cert_policy_t.
- */
-mapping_t cert_policy_m[] = {
-       {CERT_ALWAYS_SEND, "CERT_ALWAYS_SEND"},
-       {CERT_SEND_IF_ASKED, "CERT_SEND_IF_ASKED"},
-       {CERT_NEVER_SEND, "CERT_NEVER_SEND"},
-       {MAPPING_END, NULL}
-};
+ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
+       "CERT_ALWAYS_SEND",
+       "CERT_SEND_IF_ASKED",
+       "CERT_NEVER_SEND"
+);
 
 typedef struct private_connection_t private_connection_t;
 
index ffe22ad..b3c1207 100644 (file)
@@ -54,11 +54,11 @@ enum cert_policy_t {
 };
 
 /**
- * string mappings for certpolic\ 1_t.
+ * enum strings for cert_policy_t
  * 
  * @ingroup config
  */
-extern mapping_t cert_policy_m[];
+extern enum_name_t *cert_policy_names;
 
 
 typedef struct connection_t connection_t;
index 7d42dd2..9e6c0ef 100755 (executable)
 
 #include <types.h>
 #include <config/connections/connection.h>
-#include <utils/logger.h>
+#include <utils/iterator.h>
 
 
 typedef struct connection_store_t connection_store_t;
 
 /**
  * @brief The interface for a store of connection_t's.
- * 
+ *
  * @b Constructors:
  *     - stroke_create()
- * 
+ *
  * @ingroup config
  */
 struct connection_store_t {
@@ -47,7 +47,7 @@ struct connection_store_t {
         * It may be used after kernel request for traffic protection.
         * The returned connection gets created/cloned and therefore must
         * be destroyed after usage.
-        * 
+        *
         * @param this                          calling object
         * @param my_id                         own address of connection
         * @param other_id                      others address of connection
@@ -55,14 +55,15 @@ struct connection_store_t {
         *                                                      - connection_t, if found
         *                                                      - NULL otherwise
         */
-       connection_t *(*get_connection_by_hosts) (connection_store_t *this, host_t *my_host, host_t *other_host);
+       connection_t *(*get_connection_by_hosts)(connection_store_t *this, 
+                                                                                        host_t *my_host, host_t *other_host);
        
        /**
         * @brief Returns a connection identified by its name.
-        * 
+        *
         * This call is usefull to get a connection identified its
         * name, as on an connection setup.
-        * 
+        *
         * @param this                          calling object
         * @param name                          name of the connection to get
         * @return              
@@ -73,10 +74,10 @@ struct connection_store_t {
        
        /**
         * @brief Add a connection to the store.
-        * 
-        * After a successful call, the connection is owned by the store and may 
+        *
+        * After a successful call, the connection is owned by the store and may
         * not be manipulated nor destroyed.
-        * 
+        *
         * @param this                          calling object
         * @param connection            connection to add
         * @return
@@ -87,10 +88,10 @@ struct connection_store_t {
        
        /**
         * @brief Delete a connection from the store.
-        * 
+        *
         * Remove a connection from the connection store, identified
         * by the connections name.
-        * 
+        *
         * @param this                          calling object
         * @param name                          name of the connection to delete
         * @return
@@ -100,25 +101,16 @@ struct connection_store_t {
        status_t (*delete_connection) (connection_store_t *this, char *name);
        
        /**
-        * @brief Log the connections stored in the store.
-        * 
-        * Depending on the implementation of the store, the store
-        * logs various information to the specified logger.
-        * If logger is NULL, the internal logger is used, if name is
-        * NULL, all connections are logged
-        * 
+        * @brief Get an iterator for the stored connections.
+        *
         * @param this                          calling object
-        * @param logger                        logger to use for the log, or NULL
-        * @param name                          name of the connection, or NULL
-        * @return
-        *                                                      - SUCCESS, or
-        *                                                      - FAILED
+        * @return                                      iterator over all stored connections
         */
-       void (*log_connections) (connection_store_t *this, logger_t *logger, char *name);
+       iterator_t* (*create_iterator) (connection_store_t *this);
        
        /**
         * @brief Destroys a connection_store_t object.
-        * 
+        *
         * @param this                                  calling object
         */
        void (*destroy) (connection_store_t *this);
index af107b8..8748fb7 100644 (file)
@@ -24,8 +24,8 @@
 
 #include "local_connection_store.h"
 
+#include <daemon.h>
 #include <utils/linked_list.h>
-#include <utils/logger_manager.h>
 
 
 typedef struct private_local_connection_store_t private_local_connection_store_t;
@@ -49,11 +49,6 @@ struct private_local_connection_store_t {
         * Mutex to exclusivly access connection list
         */
        pthread_mutex_t mutex;
-       
-       /**
-        * Assigned logger
-        */
-       logger_t *logger;
 };
 
 
@@ -74,9 +69,8 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t
        connection_t *candidate;
        connection_t *found = NULL;
        
-       this->logger->log(this->logger, CONTROL|LEVEL1,
-                                         "looking for connection for host pair %H...%H",
-                                         my_host, other_host);
+       DBG2(SIG_DBG_CFG, "looking for connection for host pair %H...%H",
+                my_host, other_host);
        
        pthread_mutex_lock(&(this->mutex));
        iterator = this->connections->create_iterator(this->connections, TRUE);
@@ -106,11 +100,9 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t
                                prio |= PRIO_ADDR_ANY;
                        }
 
-                       this->logger->log(this->logger, CONTROL|LEVEL2,
-                                                        "candidate connection \"%s\": %H...%H (prio=%d)",
-                                                         candidate->get_name(candidate),
-                                                         candidate_my_host, candidate_other_host,
-                                                         prio);
+                       DBG2(SIG_DBG_CFG, "candidate connection \"%s\": %H...%H (prio=%d)",
+                                candidate->get_name(candidate),
+                                candidate_my_host, candidate_other_host, prio);
 
                        if (prio > best_prio)
                        {
@@ -126,11 +118,8 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t
                host_t *found_my_host    = found->get_my_host(found);
                host_t *found_other_host = found->get_other_host(found);
                
-               this->logger->log(this->logger, CONTROL|LEVEL1,
-                                                "found matching connection \"%s\": %H...%H (prio=%d)",
-                                                 found->get_name(found),
-                                                 found_my_host, found_other_host,
-                                                 best_prio);
+               DBG2(SIG_DBG_CFG, "found matching connection \"%s\": %H...%H (prio=%d)",
+                        found->get_name(found), found_my_host, found_other_host, best_prio);
                
                /* give out a new reference to it */
                found->get_ref(found);
@@ -213,40 +202,12 @@ static status_t add_connection(private_local_connection_store_t *this, connectio
 }
 
 /**
- * Implementation of connection_store_t.log_connections.
+ * Implementation of connection_store_t.create_iterator.
  */
-void log_connections(private_local_connection_store_t *this, logger_t *logger, char *name)
+static iterator_t* create_iterator(private_local_connection_store_t *this)
 {
-       iterator_t *iterator;
-       connection_t *current;
-       
-       if (logger == NULL)
-       {
-               logger = this->logger;
-       }
-       
-       pthread_mutex_lock(&(this->mutex));
-
-       iterator = this->connections->create_iterator(this->connections, TRUE);
-
-       if (iterator->get_count(iterator))
-       {
-               logger->log(logger, CONTROL, "Templates:");
-       }
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&current);
-               if (current->is_ikev2(current) && ( name == NULL || streq(name, current->get_name(current))))
-               {
-                       host_t *my_host = current->get_my_host(current);
-                       host_t *other_host = current->get_other_host(current);
-
-                       logger->log(logger, CONTROL, "  \"%s\": %H...%H",
-                                               current->get_name(current), my_host, other_host);
-               }
-       }
-       iterator->destroy(iterator);
-       pthread_mutex_unlock(&(this->mutex));
+       return this->connections->create_iterator_locked(this->connections,
+                                                                                                        &this->mutex);
 }
 
 /**
@@ -277,12 +238,11 @@ local_connection_store_t * local_connection_store_create(void)
        this->public.connection_store.get_connection_by_name = (connection_t*(*)(connection_store_t*,char*))get_connection_by_name;
        this->public.connection_store.delete_connection = (status_t(*)(connection_store_t*,char*))delete_connection;
        this->public.connection_store.add_connection = (status_t(*)(connection_store_t*,connection_t*))add_connection;
-       this->public.connection_store.log_connections = (void(*)(connection_store_t*,logger_t*,char*))log_connections;
+       this->public.connection_store.create_iterator = (iterator_t*(*)(connection_store_t*))create_iterator;
        this->public.connection_store.destroy = (void(*)(connection_store_t*))destroy;
        
        /* private variables */
        this->connections = linked_list_create();
-       this->logger = logger_manager->get_logger(logger_manager, CONFIG);
        pthread_mutex_init(&(this->mutex), NULL);
 
        return (&this->public);
index a9d72b4..c9bb158 100755 (executable)
@@ -29,7 +29,6 @@
 #include <crypto/rsa/rsa_private_key.h>
 #include <crypto/rsa/rsa_public_key.h>
 #include <utils/identification.h>
-#include <utils/logger.h>
 
 
 typedef struct credential_store_t credential_store_t;
@@ -136,31 +135,28 @@ struct credential_store_t {
        x509_t* (*add_ca_certificate) (credential_store_t *this, x509_t *cert);
 
        /**
-        * @brief Lists all certificates kept in the local credential store.
+        * @brief Create an iterator over all end certificates.
         *
         * @param this          calling object
-        * @param logger        logger to be used
-        * @param utc           log dates either in UTC or local time
+        * @return                      iterator
         */
-       void (*log_certificates) (credential_store_t *this, logger_t *logger, bool utc);
+       iterator_t* (*create_cert_iterator) (credential_store_t *this);
 
        /**
-        * @brief Lists all CA certificates kept in the local credential store.
+        * @brief Create an iterator over all CA certificates.
         *
         * @param this          calling object
-        * @param logger        logger to be used
-        * @param utc           log dates either in UTC or local time
+        * @return                      iterator
         */
-       void (*log_ca_certificates) (credential_store_t *this, logger_t *logger, bool utc);
+       iterator_t* (*create_cacert_iterator) (credential_store_t *this);
 
        /**
-        * @brief Lists all CRLs kept in the local credential store.
+        * @brief Create an iterator over all CRLs.
         *
         * @param this          calling object
-        * @param logger        logger to be used
-        * @param utc           log dates either in UTC or local time
+        * @return                      iterator
         */
-       void (*log_crls) (credential_store_t *this, logger_t *logger, bool utc);
+       iterator_t* (*create_crl_iterator) (credential_store_t *this);
 
        /**
         * @brief Loads trusted CA certificates from a default directory.
index e694186..be9ac6a 100644 (file)
@@ -28,7 +28,6 @@
 #include <types.h>
 #include <utils/lexparser.h>
 #include <utils/linked_list.h>
-#include <utils/logger_manager.h>
 #include <crypto/certinfo.h>
 #include <crypto/rsa/rsa_public_key.h>
 #include <crypto/x509.h>
@@ -56,13 +55,6 @@ struct shared_key_t {
         * list of peer IDs
         */
        linked_list_t *peers;
-
-       /**
-        * @brief Destroys a shared_key_t object.
-        *
-        * @param this                  calling object
-        */
-       void (*destroy) (shared_key_t *this);
 };
 
 
@@ -88,7 +80,6 @@ static void shared_key_destroy(shared_key_t *this)
  * @brief Creates a shared_key_t object.
  * 
  * @param shared_key           shared key value
- * 
  * @return                                     shared_key_t object
  * 
  * @ingroup config
@@ -97,9 +88,6 @@ static shared_key_t *shared_key_create(chunk_t secret)
 {
        shared_key_t *this = malloc_thing(shared_key_t);
 
-       /* private functions */
-       this->destroy = shared_key_destroy;
-
        /* private data */
        this->secret = chunk_clone(secret);
        this->peers = linked_list_create();
@@ -154,11 +142,6 @@ struct private_local_credential_store_t {
         * enforce strict crl policy
         */
        bool strict;
-
-       /**
-        * Assigned logger
-        */
-       logger_t *logger;
 };
 
 
@@ -285,20 +268,19 @@ static rsa_public_key_t *get_trusted_public_key(private_local_credential_store_t
        ugh = cert->is_valid(cert, NULL);
        if (ugh != NULL)
        {
-               this->logger->log(this->logger, ERROR, "certificate %s");
+               DBG1(SIG_DBG_CFG, "certificate %s", ugh);
                return NULL;
        }
 
        status = cert->get_status(cert);
        if (status == CERT_REVOKED || status == CERT_UNTRUSTED || (this->strict && status != CERT_GOOD))
        {
-               this->logger->log(this->logger, ERROR, "certificate status: %s",
-                                                 enum_name(&cert_status_names, status));
+               DBG1(SIG_DBG_CFG, "certificate status: %N", cert_status_names, status);
                return NULL;
        }
        if (status == CERT_GOOD && cert->get_until(cert) < time(NULL))
        {
-               this->logger->log(this->logger, ERROR, "certificate is good but crl is stale");
+               DBG1(SIG_DBG_CFG, "certificate is good but crl is stale");
                return NULL;
        }
 
@@ -419,20 +401,20 @@ static cert_status_t verify_by_crl(private_local_credential_store_t* this, const
        crl = get_crl(this, issuer_cert);
        if (crl == NULL)
        {
-               this->logger->log(this->logger, ERROR, "crl not found");
+               DBG1(SIG_DBG_CFG, "crl not found");
                goto err;
        }
-       this->logger->log(this->logger, CONTROL|LEVEL1, "crl found");
+       DBG2(SIG_DBG_CFG, "crl found");
        
-       issuer_public_key = issuer_cert->get_public_key(issuer_cert);
+       issuer_public_key = issuer_cert->get_public_key(issuer_cert);
        valid_signature = crl->verify(crl, issuer_public_key);
 
        if (!valid_signature)
        {
-           this->logger->log(this->logger, ERROR, "crl signature is invalid");
+               DBG1(SIG_DBG_CFG, "crl signature is invalid");
                goto err;
        }
-       this->logger->log(this->logger, CONTROL|LEVEL1, "crl signature is valid");
+       DBG2(SIG_DBG_CFG, "crl signature is valid");
 
        crl->get_status(crl, certinfo);
 
@@ -490,8 +472,8 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
        *found = (cert_copy != NULL);
        if (*found)
        {
-               this->logger->log(this->logger, CONTROL|LEVEL1,
-                               "end entitity certificate is already in credential store");
+               DBG2(SIG_DBG_CFG,
+                        "end entitity certificate is already in credential store");
        }
 
        for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
@@ -504,39 +486,39 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                identification_t *subject = cert->get_subject(cert);
                identification_t *issuer  = cert->get_issuer(cert);
 
-               this->logger->log(this->logger, CONTROL|LEVEL1, "subject: '%D'", subject);
-               this->logger->log(this->logger, CONTROL|LEVEL1, "issuer:  '%D'", issuer);
+               DBG2(SIG_DBG_CFG, "subject: '%D'", subject);
+               DBG2(SIG_DBG_CFG, "issuer:  '%D'", issuer);
 
                ugh = cert->is_valid(cert, &until);
                if (ugh != NULL)
                {
-                       this->logger->log(this->logger, ERROR, "certificate %s", ugh);
+                       DBG1(SIG_DBG_CFG, "certificate %s", ugh);
                        return FALSE;
                }
-               this->logger->log(this->logger, CONTROL|LEVEL1, "certificate is valid");
+               DBG2(SIG_DBG_CFG, "certificate is valid");
 
                issuer_cert = get_issuer_certificate(this, cert);
                if (issuer_cert == NULL)
                {
-                       this->logger->log(this->logger, ERROR, "issuer certificate not found");
+                       DBG1(SIG_DBG_CFG, "issuer certificate not found");
                        return FALSE;
                }
-               this->logger->log(this->logger, CONTROL|LEVEL1, "issuer certificate found");
+               DBG2(SIG_DBG_CFG, "issuer certificate found");
 
                issuer_public_key = issuer_cert->get_public_key(issuer_cert);
                valid_signature = cert->verify(cert, issuer_public_key);
 
                if (!valid_signature)
                {
-               this->logger->log(this->logger, ERROR, "certificate signature is invalid");
+                       DBG1(SIG_DBG_CFG, "certificate signature is invalid");
                        return FALSE;
                }
-               this->logger->log(this->logger, CONTROL|LEVEL1, "certificate signature is valid");
+               DBG2(SIG_DBG_CFG, "certificate signature is valid");
 
                /* check if cert is a self-signed root ca */
                if (pathlen > 0 && cert->is_self_signed(cert))
                {
-                       this->logger->log(this->logger, CONTROL|LEVEL1, "reached self-signed root ca");
+                       DBG2(SIG_DBG_CFG, "reached self-signed root ca");
 
                        /* set the definite status and trust interval of the end entity certificate */
                        end_cert->set_until(end_cert, until);
@@ -576,10 +558,10 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                                        /* if status information is stale */
                                        if (this->strict && nextUpdate < time(NULL))
                                        {
-                                               this->logger->log(this->logger, CONTROL|LEVEL1, "certificate is good but status is stale");
+                                               DBG2(SIG_DBG_CFG, "certificate is good but status is stale");
                                                return FALSE;
                                        }
-                                       this->logger->log(this->logger, CONTROL|LEVEL1, "certificate is good");
+                                       DBG2(SIG_DBG_CFG, "certificate is good");
 
                                        /* with strict crl policy the public key must have the same
                                         * lifetime as the validity of the ocsp status or crl lifetime
@@ -589,12 +571,11 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                                        break;
                                case CERT_REVOKED:
                                        {
-                                               u_char buf[TIMETOA_BUF];
                                                time_t revocationTime = certinfo->get_revocationTime(certinfo);
-
-                                               timetoa(buf, TIMETOA_BUF, &revocationTime, TRUE);
-                                               this->logger->log(this->logger, ERROR, "certificate was revoked on %s, reason: %s",
-                                                                                 buf, certinfo->get_revocationReason(certinfo));
+                                               DBG1(SIG_DBG_CFG,
+                                                        "certificate was revoked on %T, reason: %N",
+                                                        revocationTime, crl_reason_names,
+                                                        certinfo->get_revocationReason(certinfo));
 
                                                /* set revocationTime */
                                                cert->set_until(cert, revocationTime);
@@ -609,7 +590,8 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                                                        else
                                                        {
                                                                cert_copy->set_status(cert_copy, CERT_REVOKED);
-                                                               cert_copy->set_until(cert_copy, certinfo->get_revocationTime(certinfo));
+                                                               cert_copy->set_until(cert_copy,
+                                                                               certinfo->get_revocationTime(certinfo));
                                                        }
                                                }
                                                return FALSE;
@@ -617,7 +599,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                                case CERT_UNKNOWN:
                                case CERT_UNDEFINED:
                                default:
-                                       this->logger->log(this->logger, CONTROL|LEVEL1, "certificate status unknown");
+                                       DBG2(SIG_DBG_CFG, "certificate status unknown");
                                        if (this->strict)
                                        {
                                                /* update status of end certificate in the credential store */
@@ -634,7 +616,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                /* go up one step in the trust chain */
                cert = issuer_cert;
        }
-    this->logger->log(this->logger, ERROR, "maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
+       DBG1(SIG_DBG_CFG, "maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
        return FALSE;
 }
 
@@ -674,80 +656,27 @@ static x509_t* add_ca_certificate(private_local_credential_store_t *this, x509_t
 }
 
 /**
- * Implements local_credential_store_t.log_certificates
+ * Implements local_credential_store_t.create_cert_iterator
  */
-static void log_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc)
+static iterator_t* create_cert_iterator(private_local_credential_store_t *this)
 {
-       iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
-       
-       if (iterator->get_count(iterator))
-       {
-               logger->log(logger, CONTROL, "");
-               logger->log(logger, CONTROL, "List of X.509 End Entity Certificates:");
-               logger->log(logger, CONTROL, "");
-       }
-       
-       while (iterator->has_next(iterator))
-       {
-               x509_t *cert;
-               bool has_key;
-               
-               iterator->current(iterator, (void**)&cert);
-               has_key = has_rsa_private_key(this, cert->get_public_key(cert));
-               cert->log_certificate(cert, logger, utc, has_key);
-       }
-       iterator->destroy(iterator);
+       return this->certs->create_iterator(this->certs, TRUE);
 }
 
 /**
- * Implements local_credential_store_t.log_ca_certificates
+ * Implements local_credential_store_t.create_cacert_iterator
  */
-static void log_ca_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc)
+static iterator_t* create_cacert_iterator(private_local_credential_store_t *this)
 {
-       iterator_t *iterator = this->ca_certs->create_iterator(this->ca_certs, TRUE);
-
-       if (iterator->get_count(iterator))
-       {
-               logger->log(logger, CONTROL, "");
-               logger->log(logger, CONTROL, "List of X.509 CA Certificates:");
-               logger->log(logger, CONTROL, "");
-       }
-
-       while (iterator->has_next(iterator))
-       {
-               x509_t *cert;
-
-               iterator->current(iterator, (void**)&cert);
-               cert->log_certificate(cert, logger, utc, FALSE);
-       }
-       iterator->destroy(iterator);
+       return this->ca_certs->create_iterator(this->ca_certs, TRUE);
 }
 
 /**
- * Implements local_credential_store_t.log_crls
+ * Implements local_credential_store_t.create_crl_iterator
  */
-static void log_crls(private_local_credential_store_t *this, logger_t *logger, bool utc)
+static iterator_t* create_crl_iterator(private_local_credential_store_t *this)
 {
-       iterator_t *iterator = this->crls->create_iterator(this->crls, TRUE);
-
-       pthread_mutex_lock(&(this->crls_mutex));
-       if (iterator->get_count(iterator))
-       {
-               logger->log(logger, CONTROL, "");
-               logger->log(logger, CONTROL, "List of X.509 CRLs:");
-               logger->log(logger, CONTROL, "");
-       }
-
-       while (iterator->has_next(iterator))
-       {
-               crl_t *crl;
-
-               iterator->current(iterator, (void**)&crl);
-               crl->log_crl(crl, logger, utc, this->strict);
-       }
-       pthread_mutex_unlock(&(this->crls_mutex));
-
-       iterator->destroy(iterator);
+       return this->crls->create_iterator_locked(this->crls, &(this->crls_mutex));
 }
 
 /**
@@ -760,12 +689,12 @@ static void load_ca_certificates(private_local_credential_store_t *this)
        DIR* dir;
        x509_t *cert;
        
-       this->logger->log(this->logger, CONTROL, "loading ca certificates from '%s/'", CA_CERTIFICATE_DIR);
+       DBG1(SIG_DBG_CFG, "loading ca certificates from '%s/'", CA_CERTIFICATE_DIR);
 
        dir = opendir(CA_CERTIFICATE_DIR);
        if (dir == NULL)
        {
-               this->logger->log(this->logger, ERROR, "error opening ca certs directory %s'", CA_CERTIFICATE_DIR);
+               DBG1(SIG_DBG_CFG, "error opening ca certs directory %s'", CA_CERTIFICATE_DIR);
                return;
        }
 
@@ -787,9 +716,9 @@ static void load_ca_certificates(private_local_credential_store_t *this)
                        {
                                err_t ugh = cert->is_valid(cert, NULL);
 
-                               if (ugh != NULL)        
+                               if (ugh != NULL)
                                {
-                                       this->logger->log(this->logger, ERROR, "warning: ca certificate %s", ugh);
+                                       DBG1(SIG_DBG_CFG, "warning: ca certificate %s", ugh);
                                }
                                if (cert->is_ca(cert))
                                {
@@ -797,8 +726,7 @@ static void load_ca_certificates(private_local_credential_store_t *this)
                                }
                                else
                                {
-                                       this->logger->log(this->logger, ERROR,
-                                                       "  CA basic constraints flag not set, cert discarded");
+                                       DBG1(SIG_DBG_CFG, "  CA basic constraints flag not set, cert discarded");
                                        cert->destroy(cert);
                                }
                        }
@@ -810,7 +738,7 @@ static void load_ca_certificates(private_local_credential_store_t *this)
 /**
  * Add the latest crl to a linked list
  */
-static crl_t* add_crl(linked_list_t *crls, crl_t *crl, logger_t *logger)
+static crl_t* add_crl(linked_list_t *crls, crl_t *crl)
 {
        bool found = FALSE;
 
@@ -833,13 +761,13 @@ static crl_t* add_crl(linked_list_t *crls, crl_t *crl, logger_t *logger)
                                {
                                        old_crl->destroy(old_crl);
                                }
-                               logger->log(logger, CONTROL|LEVEL1, "  thisUpdate is newer - existing crl replaced");
+                               DBG2(SIG_DBG_CFG, "  thisUpdate is newer - existing crl replaced");
                        }
                        else
                        {
                                crl->destroy(crl);
                                crl = current_crl;
-                               logger->log(logger, CONTROL|LEVEL1, "  thisUpdate is not newer - existing crl retained");
+                               DBG2(SIG_DBG_CFG, "  thisUpdate is not newer - existing crl retained");
                        }
                        break;
                }
@@ -849,7 +777,7 @@ static crl_t* add_crl(linked_list_t *crls, crl_t *crl, logger_t *logger)
        if (!found)
        {
                crls->insert_last(crls, (void*)crl);
-               logger->log(logger, CONTROL|LEVEL1, "  crl added");
+               DBG2(SIG_DBG_CFG, "  crl added");
        }
        return crl;
 }
@@ -864,12 +792,12 @@ static void load_crls(private_local_credential_store_t *this)
        DIR* dir;
        crl_t *crl;
        
-       this->logger->log(this->logger, CONTROL, "loading crls from '%s/'", CRL_DIR);
+       DBG1(SIG_DBG_CFG, "loading crls from '%s/'", CRL_DIR);
 
        dir = opendir(CRL_DIR);
        if (dir == NULL)
        {
-               this->logger->log(this->logger, ERROR, "error opening crl directory %s'", CRL_DIR);
+               DBG1(SIG_DBG_CFG, "error opening crl directory %s'", CRL_DIR);
                return;
        }
 
@@ -893,10 +821,10 @@ static void load_crls(private_local_credential_store_t *this)
 
                                if (ugh != NULL)        
                                {
-                                       this->logger->log(this->logger, ERROR, "warning: crl %s", ugh);
+                                       DBG1(SIG_DBG_CFG, "warning: crl %s", ugh);
                                }
                                pthread_mutex_lock(&(this->crls_mutex));
-                               crl = add_crl(this->crls, crl, this->logger);
+                               crl = add_crl(this->crls, crl);
                                pthread_mutex_unlock(&(this->crls_mutex));
                        }
                }
@@ -973,7 +901,7 @@ static void load_secrets(private_local_credential_store_t *this)
                int line_nr = 0;
        chunk_t chunk, src, line;
 
-               this->logger->log(this->logger, CONTROL, "loading secrets from \"%s\"", SECRETS_FILE);
+               DBG1(SIG_DBG_CFG, "loading secrets from \"%s\"", SECRETS_FILE);
 
                fseek(fd, 0, SEEK_END);
                chunk.len = ftell(fd);
@@ -996,7 +924,7 @@ static void load_secrets(private_local_credential_store_t *this)
                        }
                        if (!extract_token(&ids, ':', &line))
                        {
-                               this->logger->log(this->logger, ERROR, "line %d: missing ':' separator", line_nr);
+                               DBG1(SIG_DBG_CFG, "line %d: missing ':' separator", line_nr);
                                goto error;
                        }
                        /* NULL terminate the ids string by replacing the : separator */
@@ -1004,7 +932,7 @@ static void load_secrets(private_local_credential_store_t *this)
 
                        if (!eat_whitespace(&line) || !extract_token(&token, ' ', &line))
                        {
-                               this->logger->log(this->logger, ERROR, "line %d: missing token", line_nr);
+                               DBG1(SIG_DBG_CFG, "line %d: missing token", line_nr);
                                goto error;
                        }
                        if (match("RSA", &token))
@@ -1022,13 +950,12 @@ static void load_secrets(private_local_credential_store_t *this)
 
                                if (ugh != NULL)
                                {
-                                       this->logger->log(this->logger, ERROR, "line %d: %s", line_nr, ugh);
+                                       DBG1(SIG_DBG_CFG, "line %d: %s", line_nr, ugh);
                                        goto error;
                                }
                                if (filename.len == 0)
                                {
-                                       this->logger->log(this->logger, ERROR,
-                                               "line %d: empty filename", line_nr);
+                                       DBG1(SIG_DBG_CFG, "line %d: empty filename", line_nr);
                                        goto error;
                                }
                                if (*filename.ptr == '/')
@@ -1049,8 +976,7 @@ static void load_secrets(private_local_credential_store_t *this)
                                        ugh = extract_secret(&secret, &line);
                                        if (ugh != NULL)
                                        {
-                                               this->logger->log(this->logger, ERROR, 
-                                                                                 "line %d: malformed passphrase: %s", line_nr, ugh);
+                                               DBG1(SIG_DBG_CFG, "line %d: malformed passphrase: %s", line_nr, ugh);
                                                goto error;
                                        }
                                        if (secret.len > 0)
@@ -1072,23 +998,20 @@ static void load_secrets(private_local_credential_store_t *this)
                                err_t ugh = extract_secret(&secret, &line);
                                if (ugh != NULL)
                                {
-                                       this->logger->log(this->logger, ERROR, 
-                                                                         "line %d: malformed secret: %s", line_nr, ugh);
+                                       DBG1(SIG_DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh);
                                        goto error;
                                }
 
                                if (ids.len > 0)
                                {
-                                       this->logger->log(this->logger, CONTROL, 
-                                                                         "  loading shared key for %s", ids.ptr);
+                                       DBG1(SIG_DBG_CFG, "  loading shared key for %s", ids.ptr);
                                }
                                else
                                {
-                                       this->logger->log(this->logger, CONTROL, 
-                                                                         "  loading shared key for %%any");
+                                       DBG1(SIG_DBG_CFG, "  loading shared key for %%any");
                                }
 
-                               this->logger->log_chunk(this->logger, PRIVATE, "  secret:", secret);
+                               DBG4(SIG_DBG_CFG, "  secret:", secret);
 
                                shared_key = shared_key_create(secret);
                                if (shared_key)
@@ -1103,8 +1026,7 @@ static void load_secrets(private_local_credential_store_t *this)
                                        ugh = extract_value(&id, &ids);
                                        if (ugh != NULL)
                                        {
-                                               this->logger->log(this->logger, ERROR, 
-                                                                                 "line %d: %s", line_nr, ugh);
+                                               DBG1(SIG_DBG_CFG, "line %d: %s", line_nr, ugh);
                                                goto error;
                                        }
                                        if (id.len == 0)
@@ -1118,8 +1040,7 @@ static void load_secrets(private_local_credential_store_t *this)
                                        peer_id = identification_create_from_string(id.ptr);
                                        if (peer_id == NULL)
                                        {
-                                               this->logger->log(this->logger, ERROR, 
-                                                                                 "line %d: malformed ID: %s", line_nr, id.ptr);
+                                               DBG1(SIG_DBG_CFG, "line %d: malformed ID: %s", line_nr, id.ptr);
                                                goto error;
                                        }
                                        
@@ -1137,9 +1058,8 @@ static void load_secrets(private_local_credential_store_t *this)
                        }
                        else
                        {
-                               this->logger->log(this->logger, ERROR,
-                                        "line %d: token must be either RSA, PSK, or PIN",
-                                         line_nr, token.len);
+                               DBG1(SIG_DBG_CFG, "line %d: token must be either "
+                                        "RSA, PSK, or PIN", line_nr, token.len);
                                goto error;
                        }
                }
@@ -1148,7 +1068,7 @@ error:
        }
        else
        {
-               this->logger->log(this->logger, ERROR, "could not open file '%s'", SECRETS_FILE);
+               DBG1(SIG_DBG_CFG, "could not open file '%s'", SECRETS_FILE);
        }
 }
 
@@ -1195,7 +1115,7 @@ static void destroy(private_local_credential_store_t *this)
     /* destroy shared keys list */
        while (this->shared_keys->remove_last(this->shared_keys, (void**)&shared_key) == SUCCESS)
        {
-               shared_key->destroy(shared_key);
+               shared_key_destroy(shared_key);
        }
        this->shared_keys->destroy(this->shared_keys);
 
@@ -1218,9 +1138,9 @@ local_credential_store_t * local_credential_store_create(bool strict)
        this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify;
        this->public.credential_store.add_end_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_end_certificate;
        this->public.credential_store.add_ca_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_ca_certificate;
-       this->public.credential_store.log_certificates = (void (*) (credential_store_t*,logger_t*,bool))log_certificates;
-       this->public.credential_store.log_ca_certificates = (void (*) (credential_store_t*,logger_t*,bool))log_ca_certificates;
-       this->public.credential_store.log_crls = (void (*) (credential_store_t*,logger_t*,bool))log_crls;
+       this->public.credential_store.create_cert_iterator = (iterator_t* (*) (credential_store_t*))create_cert_iterator;
+       this->public.credential_store.create_cacert_iterator = (iterator_t* (*) (credential_store_t*))create_cacert_iterator;
+       this->public.credential_store.create_crl_iterator = (iterator_t* (*) (credential_store_t*))create_crl_iterator;
        this->public.credential_store.load_ca_certificates = (void (*) (credential_store_t*))load_ca_certificates;
        this->public.credential_store.load_crls = (void (*) (credential_store_t*))load_crls;
        this->public.credential_store.load_secrets = (void (*) (credential_store_t*))load_secrets;
@@ -1230,13 +1150,12 @@ local_credential_store_t * local_credential_store_create(bool strict)
        pthread_mutex_init(&(this->crls_mutex), NULL);
 
        /* private variables */
-       this->shared_keys  = linked_list_create();
+       this->shared_keys = linked_list_create();
        this->private_keys = linked_list_create();
-       this->certs        = linked_list_create();
-       this->ca_certs     = linked_list_create();
-       this->crls         = linked_list_create();
+       this->certs = linked_list_create();
+       this->ca_certs = linked_list_create();
+       this->crls = linked_list_create();
        this->strict = strict;
-       this->logger = logger_manager->get_logger(logger_manager, CONFIG);
 
        return (&this->public);
 }
index 5253cb3..577b83a 100644 (file)
@@ -1,8 +1,8 @@
 /**
  * @file local_policy_store.c
- * 
+ *
  * @brief Implementation of local_policy_store_t.
- *  
+ *
  */
 
 /*
@@ -24,8 +24,8 @@
 
 #include "local_policy_store.h"
 
+#include <daemon.h>
 #include <utils/linked_list.h>
-#include <utils/logger_manager.h>
 
 
 typedef struct private_local_policy_store_t private_local_policy_store_t;
@@ -49,11 +49,6 @@ struct private_local_policy_store_t {
         * Mutex to exclusivly access list
         */
        pthread_mutex_t mutex;
-       
-       /**
-        * Assigned logger
-        */
-       logger_t *logger;
 };
 
 /**
@@ -116,8 +111,7 @@ static policy_t *get_policy(private_local_policy_store_t *this,
        policy_t *candidate;
        policy_t *found = NULL;
        
-       this->logger->log(this->logger, CONTROL|LEVEL1, 
-                                         "searching policy for ID pair %D...%D", my_id, other_id);
+       DBG2(SIG_DBG_CFG, "searching policy for ID pair %D...%D", my_id, other_id);
 
        pthread_mutex_lock(&(this->mutex));
        iterator = this->policies->create_iterator(this->policies, TRUE);
@@ -149,16 +143,14 @@ static policy_t *get_policy(private_local_policy_store_t *this,
                        if (!contains_traffic_selectors(candidate, TRUE, my_ts, my_host) ||
                                !contains_traffic_selectors(candidate, FALSE, other_ts, other_host))
                        {
-                               this->logger->log(this->logger, CONTROL|LEVEL2,
-                                                                 "candidate '%s' inacceptable due traffic selector mismatch",
-                                                                 candidate->get_name(candidate));
+                               DBG2(SIG_DBG_CFG, "candidate '%s' inacceptable due traffic "
+                                        "selector mismatch", candidate->get_name(candidate));
                                continue;
                        }
 
-                       this->logger->log(this->logger, CONTROL|LEVEL2,
-                                                         "candidate policy '%s': %D...%D (prio=%d)",
-                                                         candidate->get_name(candidate),
-                                                         candidate_my_id, candidate_other_id, prio);
+                       DBG2(SIG_DBG_CFG, "candidate policy '%s': %D...%D (prio=%d)",
+                                candidate->get_name(candidate),
+                                candidate_my_id, candidate_other_id, prio);
 
                        if (prio > best_prio)
                        {
@@ -174,10 +166,8 @@ static policy_t *get_policy(private_local_policy_store_t *this,
                identification_t *found_my_id = found->get_my_id(found);
                identification_t *found_other_id = found->get_other_id(found);
                
-               this->logger->log(this->logger, CONTROL,
-                                                 "found matching policy '%s': %D...%D (prio=%d)",
-                                                 found->get_name(found),
-                                                 found_my_id, found_other_id, best_prio);
+               DBG1(SIG_DBG_CFG, "found matching policy '%s': %D...%D (prio=%d)",
+                        found->get_name(found), found_my_id, found_other_id, best_prio);
                /* give out a new reference to it */
                found->get_ref(found);
        }
@@ -193,7 +183,7 @@ static policy_t *get_policy_by_name(private_local_policy_store_t *this, char *na
        iterator_t *iterator;
        policy_t *current, *found = NULL;
        
-       this->logger->log(this->logger, CONTROL|LEVEL1, "looking for policy \"%s\"", name);
+       DBG2(SIG_DBG_CFG, "looking for policy '%s'", name);
        
        pthread_mutex_lock(&(this->mutex));
        iterator = this->policies->create_iterator(this->policies, TRUE);
@@ -246,6 +236,15 @@ static status_t delete_policy(private_local_policy_store_t *this, char *name)
 }
 
 /**
+ * Implementation of policy_store_t.create_iterator.
+ */
+static iterator_t* create_iterator(private_local_policy_store_t *this)
+{
+       return this->policies->create_iterator_locked(this->policies,
+                                                                                                 &this->mutex);
+}
+
+/**
  * Implementation of policy_store_t.destroy.
  */
 static void destroy(private_local_policy_store_t *this)
@@ -273,11 +272,11 @@ local_policy_store_t *local_policy_store_create(void)
        this->public.policy_store.get_policy = (policy_t*(*)(policy_store_t*,identification_t*,identification_t*,linked_list_t*,linked_list_t*,host_t*,host_t*))get_policy;
        this->public.policy_store.get_policy_by_name = (policy_t*(*)(policy_store_t*,char*))get_policy_by_name;
        this->public.policy_store.delete_policy = (status_t(*)(policy_store_t*,char*))delete_policy;
+       this->public.policy_store.create_iterator = (iterator_t*(*)(policy_store_t*))create_iterator;
        this->public.policy_store.destroy = (void(*)(policy_store_t*))destroy;
        
        /* private variables */
        this->policies = linked_list_create();
-       this->logger = logger_manager->get_logger(logger_manager, CONFIG);
        pthread_mutex_init(&(this->mutex), NULL);
        
        return (&this->public);
index e3a1100..dcae050 100644 (file)
 
 #include "policy.h"
 
+#include <daemon.h>
 #include <utils/linked_list.h>
 #include <utils/identification.h>
-#include <utils/logger_manager.h>
 
-/** 
- * String mappings for auth_method_t.
- */
-static const char *const auth_method_name[] = {
+ENUM(auth_method_names, RSA_DIGITAL_SIGNATURE, DSS_DIGITAL_SIGNATURE,
        "RSA signature",
        "pre-shared key",
        "DSS signature"
-};
+);
 
-enum_names auth_method_names =
-    { RSA_DIGITAL_SIGNATURE, DSS_DIGITAL_SIGNATURE, auth_method_name, NULL };
 
-/** 
- * String mappings for dpd_action_t.
- */
-static const char *const dpd_action_name[] = {
+ENUM(dpd_action_names, DPD_NONE, DPD_RESTART,
        "DPD_NONE",
        "DPD_CLEAR",
        "DPD_ROUTE",
        "DPD_RESTART"
-};
-
-enum_names dpd_action_names =
-    { DPD_NONE, DPD_RESTART, dpd_action_name, NULL };
+);
 
 typedef struct private_policy_t private_policy_t;
 
@@ -148,11 +137,6 @@ struct private_policy_t {
         * What to do with an SA when other peer seams to be dead?
         */
        bool dpd_action;
-       
-       /**
-        * logger
-        */
-       logger_t *logger;
 };
 
 /**
@@ -239,9 +223,7 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this,
        traffic_selector_t *supplied_ts, *stored_ts, *selected_ts;
        linked_list_t *selected = linked_list_create();
        
-       this->logger->log(this->logger, CONTROL|LEVEL1,
-                                         "selecting traffic selectors for %s host",
-                                         stored == this->my_ts ? "local" : "remote");
+       DBG2(SIG_DBG_CFG, "selecting traffic selectors");
        
        stored_iter = stored->create_iterator(stored, TRUE);
        supplied_iter = supplied->create_iterator(supplied, TRUE);
@@ -258,10 +240,8 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this,
                /* iterate over all supplied traffic selectors */
                while (supplied_iter->iterate(supplied_iter, (void**)&supplied_ts))
                {
-                       this->logger->log(this->logger, CONTROL|LEVEL2,
-                                                         "  stored %s <=> %s received",
-                                                         stored_ts->get_string(stored_ts), 
-                                                         supplied_ts->get_string(supplied_ts));
+                       DBG2(SIG_DBG_CFG, "stored %R <=> %R received",
+                                stored_ts, supplied_ts);
                        
                        selected_ts = stored_ts->get_subset(stored_ts, supplied_ts);
                        if (selected_ts)
@@ -269,8 +249,8 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this,
                                /* got a match, add to list */
                                selected->insert_last(selected, (void*)selected_ts);
                                
-                               this->logger->log(this->logger, CONTROL|LEVEL1, "    got a match: %s",
-                                                                 selected_ts->get_string(selected_ts));
+                               DBG2(SIG_DBG_CFG, "found traffic selector for %s: %R", 
+                                        stored == this->my_ts ? "us" : "other", selected_ts);
                        }
                }
                stored_ts->destroy(stored_ts);
@@ -554,7 +534,6 @@ policy_t *policy_create(char *name, identification_t *my_id, identification_t *o
        this->proposals = linked_list_create();
        this->my_ts = linked_list_create();
        this->other_ts = linked_list_create();
-       this->logger = logger_manager->get_logger(logger_manager, CONFIG);
 
        return &this->public;
 }
index 6d80319..84f5f2b 100644 (file)
@@ -58,11 +58,11 @@ enum auth_method_t {
 };
 
 /**
- * string mappings for auth_method_t.
- * 
+ * enum names for auth_method_t.
+ *
  * @ingroup config
  */
-extern enum_nameauth_method_names;
+extern enum_name_t *auth_method_names;
 
 
 typedef enum dpd_action_t dpd_action_t;
@@ -86,9 +86,9 @@ enum dpd_action_t {
 };
 
 /**
- * String mappings for dpd_action_t.
+ * enum names for dpd_action_t.
  */
-extern enum_namedpd_action_names;
+extern enum_name_t *dpd_action_names;
 
 
 typedef struct policy_t policy_t;
index 2ea57b8..a09263b 100755 (executable)
@@ -101,6 +101,14 @@ struct policy_store_t {
        status_t (*delete_policy) (policy_store_t *this, char *name);
        
        /**
+        * @brief Get an iterator for the stored policies.
+        *
+        * @param this                          calling object
+        * @return                                      iterator over all stored policies
+        */
+       iterator_t* (*create_iterator) (policy_store_t *this);
+       
+       /**
         * @brief Destroys a policy_store_t object.
         *
         * @param this                                  calling object
index 393f0f3..fac0e31 100644 (file)
 
 #include <utils/linked_list.h>
 #include <utils/identification.h>
-#include <utils/logger.h>
 #include <utils/lexparser.h>
 #include <crypto/prfs/prf.h>
 #include <crypto/crypters/crypter.h>
 #include <crypto/signers/signer.h>
 
 
-/** 
- * String mappings for protocol_id_t.
- */
-mapping_t protocol_id_m[] = {
-       {PROTO_NONE, "PROTO_NONE"},
-       {PROTO_IKE, "IKE"},
-       {PROTO_AH, "AH"},
-       {PROTO_ESP, "ESP"},
-       {MAPPING_END, NULL}
-};
+ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
+       "PROTO_NONE",
+       "IKE",
+       "AH",
+       "ESP",
+);
 
-/** 
- * String mappings for transform_type_t.
- */
-mapping_t transform_type_m[] = {
-       {UNDEFINED_TRANSFORM_TYPE, "UNDEFINED_TRANSFORM_TYPE"},
-       {ENCRYPTION_ALGORITHM, "ENCRYPTION_ALGORITHM"},
-       {PSEUDO_RANDOM_FUNCTION, "PSEUDO_RANDOM_FUNCTION"},
-       {INTEGRITY_ALGORITHM, "INTEGRITY_ALGORITHM"},
-       {DIFFIE_HELLMAN_GROUP, "DIFFIE_HELLMAN_GROUP"},
-       {EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"},
-       {MAPPING_END, NULL}
-};
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE, 
+       "UNDEFINED_TRANSFORM_TYPE");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
+       "ENCRYPTION_ALGORITHM",
+       "PSEUDO_RANDOM_FUNCTION",
+       "INTEGRITY_ALGORITHM",
+       "DIFFIE_HELLMAN_GROUP",
+       "EXTENDED_SEQUENCE_NUMBERS");
+ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
 
-/** 
- * String mappings for extended_sequence_numbers_t.
- */
-mapping_t extended_sequence_numbers_m[] = {
-       {NO_EXT_SEQ_NUMBERS, "NO_EXT_SEQ_NUMBERS"},
-       {EXT_SEQ_NUMBERS, "EXT_SEQ_NUMBERS"},
-       {MAPPING_END, NULL}
-};
+ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
+       "NO_EXT_SEQ_NUMBERS",
+       "EXT_SEQ_NUMBERS",
+);
 
 typedef struct private_proposal_t private_proposal_t;
 
@@ -389,7 +377,7 @@ static void clone_algo_list(linked_list_t *list, linked_list_t *clone_list)
 /**
  * Implements proposal_t.clone
  */
-static proposal_t *clone(private_proposal_t *this)
+static proposal_t *clone_(private_proposal_t *this)
 {
        private_proposal_t *clone = (private_proposal_t*)proposal_create(this->protocol);
        
@@ -523,7 +511,7 @@ proposal_t *proposal_create(protocol_id_t protocol)
        this->public.get_protocol = (protocol_id_t(*)(proposal_t*))get_protocol;
        this->public.set_spi = (void(*)(proposal_t*,u_int64_t))set_spi;
        this->public.get_spi = (u_int64_t(*)(proposal_t*))get_spi;
-       this->public.clone = (proposal_t*(*)(proposal_t*))clone;
+       this->public.clone = (proposal_t*(*)(proposal_t*))clone_;
        this->public.destroy = (void(*)(proposal_t*))destroy;
        
        this->spi = 0;
index ab58ed3..5ce19e9 100644 (file)
@@ -47,12 +47,12 @@ enum protocol_id_t {
        PROTO_ESP = 3,
 };
 
-/** 
- * String mappings for protocol_id_t.
- * 
+/**
+ * enum names for protocol_id_t
+ *
  * @ingroup config
  */
-extern mapping_t protocol_id_m[];
+extern enum_name_t *protocol_id_names;
 
 
 typedef enum transform_type_t transform_type_t;
@@ -60,7 +60,7 @@ typedef enum transform_type_t transform_type_t;
 /**
  * Type of a transform, as in IKEv2 RFC 3.3.2.
  * 
- * @ingroup payloads
+ * @ingroup config
  */
 enum transform_type_t {
        UNDEFINED_TRANSFORM_TYPE = 241,
@@ -71,12 +71,12 @@ enum transform_type_t {
        EXTENDED_SEQUENCE_NUMBERS = 5
 };
 
-/** 
- * String mappings for transform_type_t.
- * 
- * @ingroup payloads
+/**
+ * enum names for transform_type_t.
+ *
+ * @ingroup config
  */
-extern mapping_t transform_type_m[];
+extern enum_name_t *transform_type_names;
 
 
 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
@@ -84,19 +84,19 @@ typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
 /** 
  * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
  * 
- * @ingroup payloads
+ * @ingroup config
  */
 enum extended_sequence_numbers_t {
        NO_EXT_SEQ_NUMBERS = 0,
        EXT_SEQ_NUMBERS = 1
 };
 
-/** 
- * String mappings for extended_sequence_numbers_t.
- * 
- * @ingroup payloads
+/**
+ * enum strings for extended_sequence_numbers_t.
+ *
+ * @ingroup config
  */
-extern mapping_t extended_sequence_numbers_m[];
+extern enum_name_t *extended_sequence_numbers_names;
 
 
 typedef struct algorithm_t algorithm_t;
index ba68031..0181dc0 100644 (file)
 #include <string.h>
 #include <netdb.h>
 #include <stdio.h>
+#include <printf.h>
 
 #include "traffic_selector.h"
 
 #include <utils/linked_list.h>
 #include <utils/identification.h>
 
+ENUM(ts_type_name, TS_IPV4_ADDR_RANGE, TS_IPV6_ADDR_RANGE,
+       "TS_IPV4_ADDR_RANGE",
+       "TS_IPV6_ADDR_RANGE",
+);
+
 typedef struct private_traffic_selector_t private_traffic_selector_t;
 
 /**
@@ -86,11 +92,6 @@ struct private_traffic_selector_t {
         * end of port range 
         */
        u_int16_t to_port;
-       
-       /**
-        * string representation of this traffic selector
-        */
-       char *string;
 };
 
 /**
@@ -146,50 +147,43 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this)
        return (size * 8);
 }
 
-
 /**
  * internal generic constructor
  */
 static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port);
 
 /**
- * update the string representation of this traffic selector
+ * output handler in printf()
  */
-static void update_string(private_traffic_selector_t *this)
+static int print(FILE *stream, const struct printf_info *info,
+                                const void *const *args)
 {
-       char buf[256];
+       private_traffic_selector_t *this = *((private_traffic_selector_t**)(args[0]));
+       char addr_str[INET6_ADDRSTRLEN] = "";
+       u_int8_t mask;
        struct protoent *proto;
        struct servent *serv;
        char *serv_proto = NULL;
-       char proto_str[8] = "";
-       char addr_str[INET6_ADDRSTRLEN];
-       char port_str[16] = "";
-       char mask_str[8] = "";
-       char proto_port_str[32] = "";
-       bool has_proto = FALSE, has_port = FALSE;
+       bool has_proto = FALSE;
+       size_t written, total_written = 0;
+#define fprintf_sum(...) { written = fprintf(__VA_ARGS__); if (written < 0) return written; total_written += written; }
+       
+       if (this == NULL)
+       {
+               return fprintf(stream, "(null)");
+       }
        
        if (this->type == TS_IPV4_ADDR_RANGE)
        {
-               u_int8_t mask;
-               
-               /* build address string */
                inet_ntop(AF_INET, &this->from4, addr_str, sizeof(addr_str));
-               
-               /* build network mask string */
-               mask = calc_netbits(this);
-               snprintf(mask_str, sizeof(mask_str), "/%d", mask);
        }
        else
        {
-               u_int8_t mask;
-               
-               /* build address string */
                inet_ntop(AF_INET6, &this->from6, addr_str, sizeof(addr_str));
-               
-               /* build network mask string */
-               mask = calc_netbits(this);
-               snprintf(mask_str, sizeof(mask_str), "/%d", mask);
        }
+       mask = calc_netbits(this);
+       
+       fprintf_sum(stream, "%s/%d", addr_str, mask);
        
        /* build protocol string */
        if (this->protocol)
@@ -197,12 +191,12 @@ static void update_string(private_traffic_selector_t *this)
                proto = getprotobynumber(this->protocol);
                if (proto)
                {
-                       snprintf(proto_str, sizeof(proto_str), "%s", proto->p_name);
+                       fprintf_sum(stream, "[%s", proto->p_name);
                        serv_proto = proto->p_name;
                }
                else
                {
-                       snprintf(proto_str, sizeof(proto_str), "%d", this->protocol);
+                       fprintf_sum(stream, "[%d", this->protocol);
                }
                has_proto = TRUE;
        }
@@ -210,55 +204,58 @@ static void update_string(private_traffic_selector_t *this)
        /* build port string */
        if (this->from_port == this->to_port)
        {
+               if (has_proto)
+               {
+                       fprintf_sum(stream, "/");
+               }
+               else
+               {
+                       fprintf_sum(stream, "[");
+               }
                serv = getservbyport(htons(this->from_port), serv_proto);
                if (serv)
                {
-                       snprintf(port_str, sizeof(port_str), "%s", serv->s_name);
+                       fprintf_sum(stream, "%s]", serv->s_name);
                }
                else
                {
-                       snprintf(port_str, sizeof(port_str), "%d", this->from_port);
+                       fprintf_sum(stream, "%d]", this->from_port);
                }
-               has_port = TRUE;
        }
        else if (!(this->from_port == 0 && this->to_port == 0xFFFF))
        {
-               snprintf(port_str, sizeof(port_str), "%d-%d",
-                                this->from_port, this->to_port);
-               has_port = TRUE;
-       }
-       
-       /* concatenate port & proto string */
-       if (has_proto && has_port)
-       {
-               snprintf(proto_port_str, sizeof(proto_port_str), "[%s/%s]", 
-                                proto_str, port_str);
-       }
-       else if (has_proto)
-       {
-               snprintf(proto_port_str, sizeof(proto_port_str), "[%s]", proto_str);
-       }
-       else if (has_port)
-       {
-               snprintf(proto_port_str, sizeof(proto_port_str), "[%s]", port_str);
+               if (has_proto)
+               {
+                       fprintf_sum(stream, "/");
+               }
+               else
+               {
+                       fprintf_sum(stream, "[");
+               }
+               fprintf_sum(stream, "%d-%d]", this->from_port, this->to_port);
        }
        
-       /* concatenate it all */
-       snprintf(buf, sizeof(buf), "%s%s%s", addr_str, mask_str, proto_port_str);
+       return total_written;
+}
 
-       if (this->string)
+/**
+ * arginfo handler in printf()
+ */
+static int print_arginfo(const struct printf_info *info, size_t n, int *argtypes)
+{
+       if (n > 0)
        {
-               free(this->string);
+               argtypes[0] = PA_POINTER;
        }
-       this->string = strdup(buf);
+       return 1;
 }
 
 /**
- * implements traffic_selector_t.get_string
+ * register printf() handlers
  */
-static char *get_string(private_traffic_selector_t *this)
+static void __attribute__ ((constructor))print_register()
 {
-       return this->string;
+       register_printf_function(TRAFFIC_SELECTOR_PRINTF_SPEC, print, print_arginfo);
 }
 
 /**
@@ -326,7 +323,6 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
                new_ts->type = this->type;
                memcpy(new_ts->from, from, size);
                memcpy(new_ts->to, to, size);
-               update_string(new_ts);
                
                return &new_ts->public;
        }
@@ -455,22 +451,42 @@ static u_int8_t get_protocol(private_traffic_selector_t *this)
 }
 
 /**
+ * Implements traffic_selector_t.is_host.
+ */
+static bool is_host(private_traffic_selector_t *this, host_t *host)
+{
+       chunk_t addr;
+       int family = host->get_family(host);
+       
+       if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) ||
+               (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE))
+       {
+               addr = host->get_address(host);
+               if (memeq(addr.ptr, this->from, addr.len) &&
+                       memeq(addr.ptr, this->to, addr.len))
+               {
+                       return TRUE;
+               }
+       }
+       return FALSE;
+}
+
+/**
  * Implements traffic_selector_t.update_address_range.
  */
 static void update_address_range(private_traffic_selector_t *this, host_t *host)
 {
        if ((this->type == TS_IPV4_ADDR_RANGE && this->from4[0] == 0) ||
-               (this->type == TS_IPV6_ADDR_RANGE && this->from6[0] == 0 &&
-                this->from6[1] == 0 && this->from6[2] == 0 && this->from6[3] == 0))
+                       (this->type == TS_IPV6_ADDR_RANGE && this->from6[0] == 0 &&
+                       this->from6[1] == 0 && this->from6[2] == 0 && this->from6[3] == 0))
        {
                this->type = host->get_family(host) == AF_INET ?
-                                               TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE;
+                               TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE;
                
                chunk_t from = host->get_address(host);
                memcpy(this->from, from.ptr, from.len);
                memcpy(this->to, from.ptr, from.len);
        }
-       update_string(this);
 }
 
 /**
@@ -488,14 +504,12 @@ static traffic_selector_t *clone_(private_traffic_selector_t *this)
                {
                        memcpy(clone->from4, this->from4, sizeof(this->from4));
                        memcpy(clone->to4, this->to4, sizeof(this->to4));
-                       update_string(clone);
                        return &clone->public;
                }
                case TS_IPV6_ADDR_RANGE:
                {
                        memcpy(clone->from6, this->from6, sizeof(this->from6));
                        memcpy(clone->to6, this->to6, sizeof(this->to6));
-                       update_string(clone);
                        return &clone->public;
                }
                default:
@@ -511,7 +525,6 @@ static traffic_selector_t *clone_(private_traffic_selector_t *this)
  */
 static void destroy(private_traffic_selector_t *this)
 {
-       free(this->string);
        free(this);
 }
 
@@ -552,9 +565,6 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ
                        return NULL;    
                }
        }
-       
-       update_string(this);
-       
        return (&this->public);
 }
 
@@ -618,9 +628,6 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t ne
                this->from_port = port;
                this->to_port = port;
        }
-       
-       update_string(this);
-       
        return (&this->public);
 }
 
@@ -667,9 +674,6 @@ traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_ty
                        break;
                }
        }
-       
-       update_string(this);
-       
        return (&this->public);
 }
 
@@ -683,13 +687,13 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
        /* public functions */
        this->public.get_subset = (traffic_selector_t*(*)(traffic_selector_t*,traffic_selector_t*))get_subset;
        this->public.equals = (bool(*)(traffic_selector_t*,traffic_selector_t*))equals;
-       this->public.get_string = (char*(*)(traffic_selector_t*))get_string;
        this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address;
        this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address;
        this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port;
        this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port;      
-       this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type;    
+       this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type;
        this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
+       this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host;
        this->public.update_address_range = (void(*)(traffic_selector_t*,host_t*))update_address_range;
        this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_;
        this->public.destroy = (void(*)(traffic_selector_t*))destroy;
@@ -698,7 +702,6 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
        this->to_port = to_port;
        this->protocol = protocol;
        this->type = type;
-       this->string = NULL;
        
        return this;
 }
index 90437f9..ef1b832 100644 (file)
 #include <types.h>
 #include <utils/host.h>
 
+/**
+ * printf() specifier for tRaffic selectors
+ */
+#define TRAFFIC_SELECTOR_PRINTF_SPEC 'R'
+
 typedef enum ts_type_t ts_type_t;
 
 /**
@@ -56,9 +61,9 @@ enum ts_type_t {
 };
 
 /**
- * string mappings for ts_type_t
+ * enum names for ts_type_t
  */
-extern mapping_t ts_type_m[];
+extern enum_name_t *ts_type_name;
 
 
 typedef struct traffic_selector_t traffic_selector_t;
@@ -161,6 +166,18 @@ struct traffic_selector_t {
        u_int8_t (*get_protocol) (traffic_selector_t *this);
        
        /**
+        * @brief Check if the traffic selector is for a single host.
+        *
+        * Traffic selector may describe the end of *-to-host tunnel. In this
+        * case, the address range is a single address equal to the hosts
+        * peer address.
+        *
+        * @param this          calling obect
+        * @param host          host_t specifying the address range
+        */
+       bool (*is_host) (traffic_selector_t *this, host_t* host);
+       
+       /**
         * @brief Update the address of a traffic selector.
         *
         * Update the address range of a traffic selector, 
@@ -174,16 +191,6 @@ struct traffic_selector_t {
        void (*update_address_range) (traffic_selector_t *this, host_t* host);
        
        /**
-        * @brief Get a string representation of the traffic selector.
-        *
-        * String points to internal data, do not free/modify.
-        * 
-        * @param this          calling object
-        * @return                      pointer to a string.
-        */
-       char* (*get_string) (traffic_selector_t *this);
-       
-       /**
         * @brief Compare two traffic selectors for equality.
         * 
         * @param this          first to compare
index fee85dd..602259b 100644 (file)
@@ -21,7 +21,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
+
 #include <stdio.h>
 #include <signal.h>
 #include <pthread.h>
@@ -34,7 +34,7 @@
 #include <getopt.h>
 #include <errno.h>
 
-#include "daemon.h" 
+#include "daemon.h"
 
 #include <types.h>
 #include <config/credentials/local_credential_store.h>
@@ -54,11 +54,6 @@ struct private_daemon_t {
        daemon_t public;
        
        /**
-        * A logger_t object assigned for daemon things.
-        */
-       logger_t *logger;
-
-       /**
         * Signal set used for signal handling.
         */
        sigset_t signal_set;
@@ -75,6 +70,37 @@ struct private_daemon_t {
 daemon_t *charon;
 
 /**
+ * hook in library for debugging messages
+ */
+extern void (*dbg) (int level, char *fmt, ...);
+
+/**
+ * Logging hook for library logs, spreads debug message over bus
+ */
+static void dbg_bus(int level, char *fmt, ...)
+{
+       va_list args;
+       
+       va_start(args, fmt);
+       charon->bus->vsignal(charon->bus, SIG_DBG_LIB, level, fmt, args);
+       va_end(args);
+}
+
+/**
+ * Logging hook for library logs, using stderr output
+ */
+static void dbg_stderr(int level, char *fmt, ...)
+{
+       va_list args;
+       
+       va_start(args, fmt);
+       fprintf(stderr, "00[LIB] ");
+       vfprintf(stderr, fmt, args);
+       fprintf(stderr, "\n");
+       va_end(args);
+}
+
+/**
  * Run the daemon and handle unix signals
  */
 static void run(private_daemon_t *this)
@@ -94,27 +120,27 @@ static void run(private_daemon_t *this)
                error = sigwait(&(this->signal_set), &signal_number);
                if(error)
                {
-                       this->logger->log(this->logger, ERROR, "Error %d when waiting for signal", error);
+                       DBG1(SIG_DBG_DMN, "error %d while waiting for a signal", error);
                        return;
                }
                switch (signal_number)
                {
                        case SIGHUP:
                        {
-                               this->logger->log(this->logger, CONTROL, "Signal of type SIGHUP received. Do nothing");
+                               DBG1(SIG_DBG_DMN, "signal of type SIGHUP received. Ignored");
                                break;
                        }
                        case SIGINT:
                        {
-                               this->logger->log(this->logger, CONTROL, "Signal of type SIGINT received. Exit main loop");
+                               DBG1(SIG_DBG_DMN, "signal of type SIGINT received. Shutting down");
                                return;
                        }
                        case SIGTERM:
-                               this->logger->log(this->logger, CONTROL, "Signal of type SIGTERM received. Exit main loop");
+                               DBG1(SIG_DBG_DMN, "signal of type SIGTERM received. Shutting down");
                                return;
                        default:
                        {
-                               this->logger->log(this->logger, CONTROL, "Unknown signal %d received. Do nothing", signal_number);
+                               DBG1(SIG_DBG_DMN, "unknown signal %d received. Ignored", signal_number);
                                break;
                        }
                }
@@ -144,20 +170,24 @@ static void destroy(private_daemon_t *this)
        /* all child SAs should be down now, so kill kernel interface */
        DESTROY_IF(this->public.kernel_interface);
        /* destroy other infrastructure */
-       DESTROY_IF(this->public.bus);
-       DESTROY_IF(this->public.outlog);
-       DESTROY_IF(this->public.syslog);
        DESTROY_IF(this->public.job_queue);
        DESTROY_IF(this->public.event_queue);
        DESTROY_IF(this->public.configuration);
        DESTROY_IF(this->public.credentials);
        DESTROY_IF(this->public.connections);
        DESTROY_IF(this->public.policies);
+       sched_yield();
        /* we hope the sender could send the outstanding deletes, but 
-       * we shut down here at any cost */
+        * we shut down here at any cost */
        DESTROY_IF(this->public.sender);
        DESTROY_IF(this->public.send_queue);
        DESTROY_IF(this->public.socket);
+       /* before destroying bus with its listeners, rehook library logs */
+       dbg = dbg_stderr;
+       DESTROY_IF(this->public.bus);
+       DESTROY_IF(this->public.outlog);
+       DESTROY_IF(this->public.syslog);
+       DESTROY_IF(this->public.authlog);
        free(this);
 }
 
@@ -167,7 +197,7 @@ static void destroy(private_daemon_t *this)
 static void kill_daemon(private_daemon_t *this, char *reason)
 {
        /* we send SIGTERM, so the daemon can cleanly shut down */
-       this->logger->log(this->logger, CONTROL, "Killing daemon: %s", reason);
+       DBG1(SIG_DBG_DMN, "killing daemon: %s", reason);
        if (this->main_thread_id == pthread_self())
        {
                /* initialization failed, terminate daemon */
@@ -177,7 +207,7 @@ static void kill_daemon(private_daemon_t *this, char *reason)
        }
        else
        {
-               this->logger->log(this->logger, CONTROL, "sending SIGTERM to ourself", reason);
+               DBG1(SIG_DBG_DMN, "sending SIGTERM to ourself");
                raise(SIGTERM);
                /* thread must die, since he produced a ciritcal failure and can't continue */
                pthread_exit(NULL);
@@ -187,24 +217,50 @@ static void kill_daemon(private_daemon_t *this, char *reason)
 /**
  * Initialize the daemon, optional with a strict crl policy
  */
-static void initialize(private_daemon_t *this, bool strict)
+static void initialize(private_daemon_t *this, bool strict, bool syslog,
+                                          level_t levels[])
 {
        credential_store_t* credentials;
+       signal_t signal;
        
        /* for uncritical pseudo random numbers */
        srandom(time(NULL) + getpid());
        
+       /* setup bus and it's listeners first to enable log output */
+       this->public.bus = bus_create();
+       this->public.outlog = file_logger_create(stdout);
+       this->public.syslog = sys_logger_create(LOG_DAEMON);
+       this->public.authlog = sys_logger_create(LOG_AUTHPRIV);
+       this->public.bus->add_listener(this->public.bus, &this->public.syslog->listener);
+       this->public.bus->add_listener(this->public.bus, &this->public.outlog->listener);
+       this->public.bus->add_listener(this->public.bus, &this->public.authlog->listener);
+       this->public.authlog->set_level(this->public.authlog, SIG_ANY, LEVEL_AUDIT);
+       /* set up hook to log dbg message in library via charons message bus */
+       dbg = dbg_bus;
+       
+       /* apply loglevels */
+       for (signal = 0; signal < SIG_DBG_MAX; signal++)
+       {
+               if (syslog)
+               {
+                       this->public.syslog->set_level(this->public.syslog,
+                                                                                  signal, levels[signal]);
+               }
+               else
+               {
+                       this->public.outlog->set_level(this->public.outlog,
+                                                                                  signal, levels[signal]);
+               }
+       }
+       
+       DBG1(SIG_DBG_DMN, "starting charon (strongSwan Version %s)", VERSION);
+       
        this->public.configuration = configuration_create();
        this->public.socket = socket_create(IKEV2_UDP_PORT, IKEV2_NATT_PORT);
        this->public.ike_sa_manager = ike_sa_manager_create();
        this->public.job_queue = job_queue_create();
        this->public.event_queue = event_queue_create();
        this->public.send_queue = send_queue_create();
-       this->public.bus = bus_create();
-       this->public.outlog = file_logger_create(stdout);
-       this->public.bus->add_listener(this->public.bus, &this->public.outlog->listener);
-       this->public.syslog = sys_logger_create(LOG_DAEMON);
-       this->public.bus->add_listener(this->public.bus, &this->public.syslog->listener);
        this->public.connections = (connection_store_t*)local_connection_store_create();
        this->public.policies = (policy_store_t*)local_policy_store_create();
        this->public.credentials = (credential_store_t*)local_credential_store_create(strict);
@@ -233,23 +289,19 @@ void signal_handler(int signal)
        size_t size;
        char **strings;
        size_t i;
-       logger_t *logger;
 
        size = backtrace(array, 20);
        strings = backtrace_symbols(array, size);
-       logger = logger_manager->get_logger(logger_manager, DAEMON);
 
-       logger->log(logger, ERROR, 
-                               "Thread %u received %s. Dumping %d frames from stack:",
-                               signal == SIGSEGV ? "SIGSEGV" : "SIGILL",
-                               pthread_self(), size);
+       DBG1(SIG_DBG_DMN, "thread %u received %s. Dumping %d frames from stack:",
+                signal == SIGSEGV ? "SIGSEGV" : "SIGILL", pthread_self(), size);
 
        for (i = 0; i < size; i++)
        {
-               logger->log(logger, ERROR, "    %s", strings[i]);
+               DBG1(SIG_DBG_DMN, "    %s", strings[i]);
        }
        free (strings);
-       logger->log(logger, ERROR, "Killing ourself hard after SIGSEGV");
+       DBG1(SIG_DBG_DMN, "killing ourself hard after SIGSEGV");
        raise(SIGKILL);
 }
 
@@ -283,6 +335,7 @@ private_daemon_t *daemon_create(void)
        this->public.bus = NULL;
        this->public.outlog = NULL;
        this->public.syslog = NULL;
+       this->public.authlog = NULL;
        
        this->main_thread_id = pthread_self();
        
@@ -298,14 +351,8 @@ private_daemon_t *daemon_create(void)
        action.sa_handler = signal_handler;
        action.sa_mask = this->signal_set;
        action.sa_flags = 0;
-       if (sigaction(SIGSEGV, &action, NULL) == -1)
-       {
-               this->logger->log(this->logger, ERROR, "signal handler setup for SIGSEGV failed");
-       }
-       if (sigaction(SIGILL, &action, NULL) == -1)
-       {
-               this->logger->log(this->logger, ERROR, "signal handler setup for SIGILL failed");
-       }
+       sigaction(SIGSEGV, &action, NULL);
+       sigaction(SIGILL, &action, NULL);
        return this;
 }
 
@@ -315,64 +362,90 @@ private_daemon_t *daemon_create(void)
 static void usage(const char *msg)
 {
        if (msg != NULL && *msg != '\0')
+       {
                fprintf(stderr, "%s\n", msg);
-    fprintf(stderr, "Usage: charon"
-               " [--help]"
-               " [--version]"
-               " [--use-syslog]"
-               " [--strictcrlpolicy]"
-               "\n"
-       );
-    exit(msg == NULL? 0 : 1);
+       }
+       fprintf(stderr, "Usage: charon\n"
+                                       "         [--help]\n"
+                                       "         [--version]\n"
+                                       "         [--strictcrlpolicy]\n"
+                                       "         [--use-syslog]\n"
+                                       "         [--debug-<type> <level>]\n"
+                                       "           <type>:  log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib)\n"
+                                       "           <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n"
+                                       "                                    2 = controlmore, 3 = raw, 4 = private)\n"
+                                       "\n"
+                  );
+       exit(msg == NULL? 0 : 1);
 }
 
-
 /**
  * Main function, manages the daemon.
  */
 int main(int argc, char *argv[])
-{      
+{
        bool strict_crl_policy = FALSE;
+       bool use_syslog = FALSE;
 
        private_daemon_t *private_charon;
        FILE *pid_file;
        struct stat stb;
        linked_list_t *list;
        host_t *host;
+       level_t levels[SIG_DBG_MAX];
+       int signal;
+       
+       /* use CTRL loglevel for default */
+       for (signal = 0; signal < SIG_DBG_MAX; signal++)
+       {
+               levels[signal] = LEVEL_CTRL;
+       }
        
-    /* handle arguments */
-    for (;;)
-    {
-               static const struct option long_opts[] = {
+       /* handle arguments */
+       for (;;)
+       {
+               struct option long_opts[] = {
                        { "help", no_argument, NULL, 'h' },
                        { "version", no_argument, NULL, 'v' },
                        { "use-syslog", no_argument, NULL, 'l' },
                        { "strictcrlpolicy", no_argument, NULL, 'r' },
+                       { "debug-dmn", required_argument, &signal, SIG_DBG_DMN },
+                       { "debug-mgr", required_argument, &signal, SIG_DBG_MGR },
+                       { "debug-ike", required_argument, &signal, SIG_DBG_IKE },
+                       { "debug-chd", required_argument, &signal, SIG_DBG_CHD },
+                       { "debug-job", required_argument, &signal, SIG_DBG_JOB },
+                       { "debug-cfg", required_argument, &signal, SIG_DBG_CFG },
+                       { "debug-knl", required_argument, &signal, SIG_DBG_KNL },
+                       { "debug-net", required_argument, &signal, SIG_DBG_NET },
+                       { "debug-enc", required_argument, &signal, SIG_DBG_ENC },
+                       { "debug-lib", required_argument, &signal, SIG_DBG_LIB },
                        { 0,0,0,0 }
                };
-
+               
                int c = getopt_long(argc, argv, "", long_opts, NULL);
-
-               /* Note: "breaking" from case terminates loop */
                switch (c)
                {
-                       case EOF:       /* end of flags */
+                       case EOF:
                        break;
                        case 'h':
                                usage(NULL);
-                               break;  /* not actually reached */
+                               break;
                        case 'v':
                                printf("Linux strongSwan %s\n", VERSION);
                                exit(0);
                        case 'l':
-                               logger_manager->set_output(logger_manager, ALL_LOGGERS, NULL);
+                               use_syslog = TRUE;
                                continue;
                        case 'r':
                                strict_crl_policy = TRUE;
                                continue;
+                       case 0:
+                               /* option is in signal */
+                               levels[signal] = atoi(optarg);
+                               continue;
                        default:
                                usage("");
-                               break;  /* not actually reached */
+                               break;
                }
                break;
        }
@@ -380,19 +453,13 @@ int main(int argc, char *argv[])
        private_charon = daemon_create();
        charon = (daemon_t*)private_charon;
        
-       private_charon->logger = logger_manager->get_logger(logger_manager, DAEMON);
-
-       private_charon->logger->log(private_charon->logger, CONTROL, 
-                                                               "Starting Charon (strongSwan Version %s)", VERSION);
-               
        /* initialize daemon */
-       initialize(private_charon, strict_crl_policy);
+       initialize(private_charon, strict_crl_policy, use_syslog, levels);
        
        /* check/setup PID file */
        if (stat(PID_FILE, &stb) == 0)
        {
-               private_charon->logger->log(private_charon->logger, ERROR, 
-                                                                       "charon already running (\""PID_FILE"\" exists)");
+               DBG1(SIG_DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
                destroy(private_charon);
                exit(-1);
        }
@@ -404,13 +471,10 @@ int main(int argc, char *argv[])
        }
        /* log socket info */
        list = charon->socket->create_local_address_list(charon->socket);
-       private_charon->logger->log(private_charon->logger, CONTROL,
-                                                               "listening on %d addresses:",
-                                                               list->get_count(list));
+       DBG1(SIG_DBG_NET, "listening on %d addresses:", list->get_count(list));
        while (list->remove_first(list, (void**)&host) == SUCCESS)
        {
-               private_charon->logger->log(private_charon->logger, CONTROL,
-                                                                       "  %H", host);
+               DBG1(SIG_DBG_NET, "  %H", host);
                host->destroy(host);
        }
        list->destroy(list);
@@ -421,6 +485,6 @@ int main(int argc, char *argv[])
        /* normal termination, cleanup and exit */
        destroy(private_charon);
        unlink(PID_FILE);
-
+       
        return 0;
 }
index c548372..295f210 100644 (file)
@@ -1,8 +1,8 @@
 /**
  * @file daemon.h
- * 
+ *
  * @brief Interface of daemon_t.
- * 
+ *
  */
 
 /*
@@ -39,7 +39,6 @@
 #include <queues/send_queue.h>
 #include <queues/job_queue.h>
 #include <queues/event_queue.h>
-#include <utils/logger_manager.h>
 #include <config/configuration.h>
 #include <config/connections/connection_store.h>
 #include <config/policies/policy_store.h>
@@ -363,6 +362,11 @@ struct daemon_t {
        sys_logger_t *syslog;
        
        /**
+        * A bus listener logging most important events
+        */
+       sys_logger_t *authlog;
+       
+       /**
         * Kernel Interface to communicate with kernel
         */
        kernel_interface_t *kernel_interface;
index 34e87fa..392a460 100644 (file)
@@ -32,7 +32,6 @@
 #include <types.h>
 #include <daemon.h>
 #include <utils/linked_list.h>
-#include <utils/logger_manager.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/proposal_substructure.h>
 #include <encoding/payloads/transform_substructure.h>
@@ -222,24 +221,19 @@ struct private_generator_t {
         */
        u_int8_t last_spi_size;
        
-       /*
+       /**
         * Attribute format of the last generated transform attribute.
-        * 
+        *
         * Used to check if a variable value field is used or not for 
         * the transform attribute value.
         */
        bool attribute_format;
        
-       /*
+       /**
         * Depending on the value of attribute_format this field is used
         * to hold the length of the transform attribute in bytes.
         */
        u_int16_t attribute_length;
-       
-       /**
-        * Associated Logger.
-        */
-       logger_t *logger;
 };
 
 /**
@@ -312,16 +306,16 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                                break;
 
                        default:
-                       this->logger->log(this->logger, ERROR, "U_INT Type %s is not supported", 
-                                                       mapping_find(encoding_type_m,int_type));
+                       DBG1(SIG_DBG_ENC, "U_INT Type %N is not supported",
+                                encoding_type_names, int_type);
 
                        return;
        }
        /* U_INT Types of multiple then 8 bits must be aligned */
        if (((number_of_bits % 8) == 0) && (this->current_bit != 0))
        {
-               this->logger->log(this->logger, ERROR, "U_INT Type %s is not 8 Bit aligned", 
-                                                       mapping_find(encoding_type_m,int_type));
+               DBG1(SIG_DBG_ENC, "U_INT Type %N is not 8 Bit aligned",
+                        encoding_type_names, int_type);
                /* current bit has to be zero for values multiple of 8 bits */
                return;
        }
@@ -341,7 +335,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                                u_int8_t low_val = *(this->out_position) & 0x0F;
                                /* highval is set, low_val is not changed */
                                *(this->out_position) = high_val | low_val;
-                               this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *(this->out_position));
+                               DBG3(SIG_DBG_ENC, "   => %d", *(this->out_position));
                                /* write position is not changed, just bit position is moved */
                                this->current_bit = 4;
                        }
@@ -352,14 +346,14 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                                /* lowval of current byte in buffer has to be set to the new value*/
                                u_int low_val = *((u_int8_t *)(this->data_struct + offset)) & 0x0F;
                                *(this->out_position) = high_val | low_val;
-                               this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *(this->out_position));
+                               DBG3(SIG_DBG_ENC, "   => %d", *(this->out_position));
                                this->out_position++;
                                this->current_bit = 0;
 
                        }
                        else
                        {
-                               this->logger->log(this->logger, ERROR, "U_INT_4 Type is not 4 Bit aligned");
+                               DBG1(SIG_DBG_ENC, "U_INT_4 Type is not 4 Bit aligned");
                                /* 4 Bit integers must have a 4 bit alignment */
                                return;
                        };
@@ -370,7 +364,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                {
                        /* 8 bit values are written as they are */
                        *this->out_position = *((u_int8_t *)(this->data_struct + offset));
-                       this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *(this->out_position));
+                       DBG3(SIG_DBG_ENC, "   => %d", *(this->out_position));
                        this->out_position++;
                        break;
 
@@ -380,7 +374,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                        /* attribute type must not change first bit uf current byte ! */
                        if (this->current_bit != 1)
                        {
-                               this->logger->log(this->logger, ERROR, "ATTRIBUTE FORMAT flag is not set");
+                               DBG1(SIG_DBG_ENC, "ATTRIBUTE FORMAT flag is not set");
                                /* first bit has to be set! */
                                return;
                        }
@@ -392,7 +386,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                        int16_val = int16_val & 0xFF7F;
                        
                        int16_val = int16_val | attribute_format_flag;
-                       this->logger->log(this->logger, RAW|LEVEL2, "   => %d", int16_val);
+                       DBG3(SIG_DBG_ENC, "   => %d", int16_val);
                        /* write bytes to buffer (set bit is overwritten)*/                             
                        this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t));
                        this->current_bit = 0;
@@ -403,14 +397,14 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                case CONFIGURATION_ATTRIBUTE_LENGTH:
                {
                        u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset)));
-                       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   =>", (void*)&int16_val, sizeof(int16_val));
+                       DBG3(SIG_DBG_ENC, "   => %b", (void*)&int16_val, sizeof(int16_val));
                        this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t));
                        break;
                }
                case U_INT_32:
                {
                        u_int32_t int32_val = htonl(*((u_int32_t*)(this->data_struct + offset)));
-                       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   =>", (void*)&int32_val, sizeof(int32_val));
+                       DBG3(SIG_DBG_ENC, "   => %b", (void*)&int32_val, sizeof(int32_val));
                        this->write_bytes_to_buffer(this,&int32_val,sizeof(u_int32_t));
                        break;
                }
@@ -419,8 +413,9 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                        /* 64 bit integers are written as two 32 bit integers */
                        u_int32_t int32_val_low = htonl(*((u_int32_t*)(this->data_struct + offset)));
                        u_int32_t int32_val_high = htonl(*((u_int32_t*)(this->data_struct + offset) + 1));
-                       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   => (low)", (void*)&int32_val_low, sizeof(int32_val_low));
-                       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   => (high)", (void*)&int32_val_high, sizeof(int32_val_high));
+                       DBG3(SIG_DBG_ENC, "   => %b %b",
+                                (void*)&int32_val_low, sizeof(int32_val_low),
+                                (void*)&int32_val_high, sizeof(int32_val_high));
                        /* TODO add support for big endian machines */
                        this->write_bytes_to_buffer(this,&int32_val_high,sizeof(u_int32_t));
                        this->write_bytes_to_buffer(this,&int32_val_low,sizeof(u_int32_t));
@@ -431,12 +426,13 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                {
                        /* 64 bit are written as they come :-) */
                        this->write_bytes_to_buffer(this,(this->data_struct + offset),sizeof(u_int64_t));
-                       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   =>", (void*)(this->data_struct + offset), sizeof(u_int64_t));
+                       DBG3(SIG_DBG_ENC, "   => %b", (void*)(this->data_struct + offset), sizeof(u_int64_t));
                        break;
                }
                default:
                {
-                       this->logger->log(this->logger, ERROR, "U_INT Type %s is not supported", mapping_find(encoding_type_m,int_type));
+                       DBG1(SIG_DBG_ENC, "U_INT Type %N is not supported",
+                                encoding_type_names, int_type);
                        return;
                }
        }
@@ -450,7 +446,7 @@ static void generate_reserved_field(private_generator_t *this,int bits)
        /* only one bit or 8 bit fields are supported */
        if ((bits != 1) && (bits != 8))
        {
-               this->logger->log(this->logger, ERROR, "Reserved field of %d bits cannot be generated", bits);
+               DBG1(SIG_DBG_ENC, "reserved field of %d bits cannot be generated", bits);
                return ;
        }
        /* make sure enough space is available in buffer */
@@ -480,9 +476,8 @@ static void generate_reserved_field(private_generator_t *this,int bits)
                /* one byte processing*/
                if (this->current_bit > 0)
                {
-                       this->logger->log(this->logger, ERROR, 
-                                                               "Reserved field cannot be written cause allignement of current bit is %d",
-                                                               this->current_bit);
+                       DBG1(SIG_DBG_ENC, "reserved field cannot be written cause "
+                                "alignement of current bit is %d", this->current_bit);
                        return;
                }
                *(this->out_position) = 0x00;
@@ -516,7 +511,7 @@ static void generate_flag (private_generator_t *this,u_int32_t offset)
        *(this->out_position) = *(this->out_position) | flag;
        
        
-       this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *(this->out_position));
+       DBG3(SIG_DBG_ENC, "   => %d", *(this->out_position));
 
        this->current_bit++;
        if (this->current_bit >= 8)
@@ -533,14 +528,14 @@ static void generate_from_chunk (private_generator_t *this,u_int32_t offset)
 {
        if (this->current_bit != 0)
        {
-               this->logger->log(this->logger, ERROR, "can not generate a chunk at Bitpos %d", this->current_bit);
+               DBG1(SIG_DBG_ENC, "can not generate a chunk at Bitpos %d", this->current_bit);
                return ;
        }
        
        /* position in buffer */
        chunk_t *attribute_value = (chunk_t *)(this->data_struct + offset);
        
-       this->logger->log_chunk(this->logger, RAW|LEVEL2, "   =>", *attribute_value);
+       DBG3(SIG_DBG_ENC, "   => %B", attribute_value);
        
        /* use write_bytes_to_buffer function to do the job */
        this->write_bytes_to_buffer(this,attribute_value->ptr,attribute_value->len);
@@ -558,8 +553,8 @@ static void make_space_available (private_generator_t *this, size_t bits)
                size_t new_buffer_size = old_buffer_size + GENERATOR_DATA_BUFFER_INCREASE_VALUE;
                size_t out_position_offset = ((this->out_position) - (this->buffer));
 
-               this->logger->log(this->logger, CONTROL|LEVEL3, "increased gen buffer from %d to %d byte", 
-                                                       old_buffer_size, new_buffer_size);
+               DBG2(SIG_DBG_ENC, "increased gen buffer from %d to %d byte", 
+                        old_buffer_size, new_buffer_size);
                
                /* Reallocate space for new buffer */
                this->buffer = realloc(this->buffer,new_buffer_size);
@@ -633,7 +628,7 @@ static void write_to_chunk (private_generator_t *this,chunk_t *data)
        memcpy(data->ptr,this->buffer,data_length);
        data->len = data_length;
        
-       this->logger->log_chunk(this->logger, RAW|LEVEL3, "generated data of this generator", *data);
+       DBG3(SIG_DBG_ENC, "generated data of this generator %B", data);
 }
 
 /**
@@ -655,16 +650,16 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
        
        payload_start = this->out_position;
        
-       this->logger->log(this->logger, CONTROL|LEVEL1, "generating payload of type %s",
-                                                                                       mapping_find(payload_type_m,payload_type));
+       DBG2(SIG_DBG_ENC, "generating payload of type %N",
+                payload_type_names, payload_type);
        
        /* each payload has its own encoding rules */
        payload->get_encoding_rules(payload,&rules,&rule_count);
 
        for (i = 0; i < rule_count;i++)
        {
-               this->logger->log(this->logger, CONTROL|LEVEL2, "  generating rule %d %s",
-                                                       i, mapping_find(encoding_type_m,rules[i].type));
+               DBG2(SIG_DBG_ENC, "  generating rule %d %N",
+                        i, encoding_type_names, rules[i].type);
                switch (rules[i].type)
                {
                        /* all u int values, IKE_SPI,TS_TYPE and ATTRIBUTE_TYPE are generated in generate_u_int_type */
@@ -964,7 +959,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
                        {
                                if (this->attribute_format == FALSE)
                                {
-                                       this->logger->log(this->logger, CONTROL|LEVEL3, "attribute value has not fixed size");
+                                       DBG2(SIG_DBG_ENC, "attribute value has not fixed size");
                                        /* the attribute value is generated */
                                        this->generate_from_chunk(this,rules[i].offset);
                                }
@@ -1012,15 +1007,15 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
                                break;
                        }
                        default:
-                               this->logger->log(this->logger, ERROR, "field type %s is not supported",
-                                                                       mapping_find(encoding_type_m,rules[i].type));
+                               DBG1(SIG_DBG_ENC, "field type %N is not supported",
+                                        encoding_type_names, rules[i].type);
                                return;
                }
        }
-       this->logger->log(this->logger, CONTROL|LEVEL2, "generating %s payload finished.", 
-                                         mapping_find(payload_type_m, payload_type));
-       this->logger->log_bytes(this->logger, RAW|LEVEL3, "generated data for this payload",
-                                                       payload_start, this->out_position-payload_start);
+       DBG2(SIG_DBG_ENC, "generating %N payload finished",
+                payload_type_names, payload_type);
+       DBG3(SIG_DBG_ENC, "generated data for this payload %b",
+                payload_start, this->out_position-payload_start);
 }
 
 /**
@@ -1072,7 +1067,6 @@ generator_t *generator_create()
        this->current_bit = 0;
        this->last_payload_length_position_offset = 0;
        this->header_length_position_offset = 0;
-       this->logger = logger_manager->get_logger(logger_manager, GENERATOR);
 
        return &(this->public);
 }
index b4bede3..65e4729 100644 (file)
@@ -24,6 +24,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <printf.h>
 
 #include "message.h"
 
@@ -33,7 +34,6 @@
 #include <encoding/generator.h>
 #include <encoding/parser.h>
 #include <utils/linked_list.h>
-#include <utils/logger_manager.h>
 #include <encoding/payloads/encodings.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/encryption_payload.h>
@@ -42,7 +42,7 @@
 /**
  * Max number of notify payloads per IKEv2 Message
  */
-#define MAX_NOTIFY_PAYLOADS 10
+#define MAX_NOTIFY_PAYLOADS 20
 
 
 typedef struct payload_rule_t payload_rule_t;
@@ -66,7 +66,7 @@ struct payload_rule_t {
 
         /**
          * Max occurence of this payload.
-         */     
+         */
         size_t max_occurence;
         
         /**
@@ -295,72 +295,6 @@ struct private_message_t {
         * The message rule for this message instance
         */
        message_rule_t *message_rule;
-       
-       /**
-        * Assigned logger.
-        */
-       logger_t *logger;
-       
-       /**
-        * Sets the private message_rule member to the rule which 
-        * applies to this message. Must be called before get_payload_rule().
-        * 
-        * @param this                                  calling object
-        * @return
-        *                                                              - SUCCESS
-        *                                                              - NOT_FOUND if no message rule applies to this message.
-        */
-       status_t (*set_message_rule) (private_message_t *this);
-
-       /**
-        * Gets the payload_rule_t for a specific message_rule_t and payload type.
-        * 
-        * @param this                                  calling object
-        * @param payload_type                  payload type
-        * @param[out] payload_rule             returned payload_rule_t
-        * @return
-        *                                                              - SUCCESS
-        *                                                              - NOT_FOUND if payload not defined in current message rule
-        *                                                              - INVALID_STATE if message rule is not set via set_message_rule()
-        */     
-       status_t (*get_payload_rule) (private_message_t *this, payload_type_t payload_type, payload_rule_t **payload_rule);
-       
-       /**
-        * Encrypts all payloads which has to get encrypted.
-        * 
-        * Can also be called with messages not containing encrypted content.
-        * 
-        * @param this                  calling object
-        * @param crypter               crypter_t object
-        * @param signer                signer_t object
-        * @return
-        *                                              - SUCCESS
-        *                                              - INVALID_STATE if no crypter/signer supplied but needed
-        */
-       status_t (*encrypt_payloads) (private_message_t *this,crypter_t *crypter, signer_t* signer);
-       
-       /**
-        * Decrypts encrypted contents, and checks if a payload is encrypted if it has to be.
-        * 
-        * @param this                  calling object
-        * @param crypter               crypter_t object
-        * @param signer                signer_t object
-        * @return
-        *                                              - SUCCESS
-        *                                              - FAILED if decryption not successfull
-        *                                              - INVALID_STATE if no crypter/signer supplied but needed
-        */
-       status_t (*decrypt_payloads) (private_message_t *this,crypter_t *crypter, signer_t* signer);
-       
-       /**
-        * Verifies the message. Checks for payloads count.
-        * 
-        * @param                               calling object
-        * @return
-        *                                              - SUCCESS if message valid, or
-        *                                              - FAILED if message does not align with message rules.
-        */
-       status_t (*verify) (private_message_t *this);   
 };
 
 /**
@@ -549,8 +483,8 @@ static void add_payload(private_message_t *this, payload_t *payload)
        payload->set_next_type(payload, NO_PAYLOAD);
        this->payloads->insert_last(this->payloads, (void*)payload);
 
-       this->logger->log(this->logger, CONTROL|LEVEL1, "added payload of type %s to message", 
-                                         mapping_find(payload_type_m, payload->get_type(payload)));
+       DBG2(SIG_DBG_ENC ,"added payload of type %N to message",
+                payload_type_names, payload->get_type(payload));
 }
 
 /**
@@ -566,7 +500,6 @@ static void set_source(private_message_t *this, host_t *host)
  */
 static void set_destination(private_message_t *this, host_t *host)
 {
-
        this->packet->set_destination(this->packet, host);
 }
 
@@ -595,46 +528,159 @@ static iterator_t *get_payload_iterator(private_message_t *this)
 }
 
 /**
- * Build a string containing short names for all payload in this message
+ * output handler in printf()
  */
-static void build_payload_string(private_message_t *this, char* buffer, size_t size)
+static int print(FILE *stream, const struct printf_info *info,
+                                const void *const *args)
 {
+       private_message_t *this = *((private_message_t**)(args[0]));
        iterator_t *iterator;
        payload_t *payload;
        bool first = TRUE;
+       size_t total_written = 0;
+       size_t written;
+       
+       if (this == NULL)
+       {
+               return fprintf(stream, "(null)");
+       }
        
-       *buffer = '\0';
-       size--;
+       written = fprintf(stream, "%N %s [", 
+                                         exchange_type_names, this->exchange_type,
+                                         this->is_request ? "request" : "response");
+       if (written < 0)
+       {
+               return written;
+       }
+       total_written += written;
        
        iterator = this->payloads->create_iterator(this->payloads, TRUE);
        while (iterator->iterate(iterator, (void**)&payload))
        {
-               payload_type_t type = payload->get_type(payload);
-               char *name = mapping_find(payload_type_short_m, type);
-               size_t name_len = strlen(name);
                if (!first)
                {
-                       strncat(buffer, " ", size);
-                       if (size)
+                       written = fprintf(stream, " ");
+                       if (written < 0)
                        {
-                               size--;
+                               return written;
                        }
+                       total_written += written;
                }
                else
                {
                        first = FALSE;
                }
-               strncat(buffer, name, size);
-               if (name_len > size)
+               written = fprintf(stream, "%N", payload_type_short_names,
+                                                 payload->get_type(payload));
+               if (written < 0)
+               {
+                       return written;
+               }
+               total_written += written;
+       }
+       iterator->destroy(iterator);
+       written = fprintf(stream, "]");
+       if (written < 0)
+       {
+               return written;
+       }
+       total_written += written;
+       return total_written;
+}
+
+/**
+ * arginfo handler in printf()
+ */
+static int print_arginfo(const struct printf_info *info, size_t n, int *argtypes)
+{
+       if (n > 0)
+       {
+               argtypes[0] = PA_POINTER;
+       }
+       return 1;
+}
+
+/**
+ * register printf() handlers
+ */
+static void __attribute__ ((constructor))print_register()
+{
+       register_printf_function(MESSAGE_PRINTF_SPEC, print, print_arginfo);
+}
+
+/**
+ * Implementation of private_message_t.encrypt_payloads.
+ */
+static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, signer_t* signer)
+{
+       encryption_payload_t *encryption_payload = NULL;
+       status_t status;
+       linked_list_t *all_payloads;
+       
+       if (!this->message_rule->encrypted_content)
+       {
+               DBG2(SIG_DBG_ENC, "message doesn't have to be encrypted");
+               /* message contains no content to encrypt */
+               return SUCCESS;
+       }
+       
+       DBG2(SIG_DBG_ENC, "copy all payloads to a temporary list");
+       all_payloads = linked_list_create();
+       
+       /* first copy all payloads in a temporary list */
+       while (this->payloads->get_count(this->payloads) > 0)
+       {
+               void *current_payload;
+               this->payloads->remove_first(this->payloads,&current_payload);
+               all_payloads->insert_last(all_payloads,current_payload);
+       }
+       
+       encryption_payload = encryption_payload_create();
+
+       DBG2(SIG_DBG_ENC, "check each payloads if they have to get encrypted");
+       while (all_payloads->get_count(all_payloads) > 0)
+       {
+               payload_rule_t *payload_rule;
+               payload_t *current_payload;
+               bool to_encrypt = FALSE;
+               
+               all_payloads->remove_first(all_payloads,(void **)&current_payload);
+               
+               status = get_payload_rule(this,
+                                       current_payload->get_type(current_payload),&payload_rule);
+               /* for payload types which are not found in supported payload list, 
+                * it is presumed that they don't have to be encrypted */
+               if ((status == SUCCESS) && (payload_rule->encrypted))
+               {
+                       DBG2(SIG_DBG_ENC, "payload %N gets encrypted",
+                                payload_type_names, current_payload->get_type(current_payload));
+                       to_encrypt = TRUE;
+               }
+               
+               if (to_encrypt)
                {
-                       size = 0;
+                       DBG2(SIG_DBG_ENC, "insert payload %N to encryption payload",
+                                payload_type_names, current_payload->get_type(current_payload));
+                       encryption_payload->add_payload(encryption_payload,current_payload);
                }
                else
                {
-                       size -= name_len;
+                       DBG2(SIG_DBG_ENC, "insert payload %N unencrypted",
+                                payload_type_names ,current_payload->get_type(current_payload));
+                       add_payload(this, (payload_t*)encryption_payload);
                }
        }
-       iterator->destroy(iterator);
+
+       status = SUCCESS;
+       DBG2(SIG_DBG_ENC, "encrypting encryption payload");
+       encryption_payload->set_transforms(encryption_payload, crypter,signer);
+       status = encryption_payload->encrypt(encryption_payload);
+       DBG2(SIG_DBG_ENC, "add encrypted payload to payload list");
+       add_payload(this, (payload_t*)encryption_payload);
+       
+       all_payloads->destroy(all_payloads);
+       
+       return status;
 }
 
 /**
@@ -648,7 +694,6 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
        iterator_t *iterator;
        status_t status;
        chunk_t packet_data;
-       char payload_names[128];
        
        if (is_encoded(this))
        {
@@ -657,50 +702,41 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
                return SUCCESS;
        }
        
-       build_payload_string(this, payload_names, sizeof(payload_names));
-       this->logger->log(this->logger, CONTROL, "generating %s %s (%d) [%s]",
-                                         mapping_find(exchange_type_m,this->exchange_type),
-                                         this->is_request ? "request" : "response",
-                                         this->message_id,
-                                         payload_names);
+       DBG1(SIG_DBG_ENC, "generating %M", this);
        
        if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
        {
-               this->logger->log(this->logger, ERROR | LEVEL1, "exchange type %s is not defined",
-                                                       mapping_find(exchange_type_m,this->exchange_type));
+               DBG1(SIG_DBG_ENC, "exchange type is not defined");
                return INVALID_STATE;
        }
        
        if (this->packet->get_source(this->packet) == NULL ||
                this->packet->get_destination(this->packet) == NULL) 
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "%s not defined",
-                                                       !this->packet->get_source(this->packet) ? "source" : "destination");
+               DBG1(SIG_DBG_ENC, "%s not defined",
+                        !this->packet->get_source(this->packet) ? "source" : "destination");
                return INVALID_STATE;
        }
        
        /* set the rules for this messge */
-       status = this->set_message_rule(this);
+       status = set_message_rule(this);
        if (status != SUCCESS)
        {
-               this->logger->log(this->logger, ERROR, "no message rules specified for a %s %s",
-                                                 mapping_find(exchange_type_m,this->exchange_type),
-                                                 this->is_request ? "request" : "response");
+               DBG1(SIG_DBG_ENC, "no message rules specified for this message type");
                return NOT_SUPPORTED;
        }
        
-       
        /* going to encrypt all content which have to be encrypted */
-       status = this->encrypt_payloads(this, crypter, signer);
+       status = encrypt_payloads(this, crypter, signer);
        if (status != SUCCESS)
        {
-               this->logger->log(this->logger, ERROR | LEVEL1, "could not encrypt payloads");
+               DBG1(SIG_DBG_ENC, "payload encryption failed");
                return status;
        }
-
+       
        /* build ike header */
        ike_header = ike_header_create();
-
+       
        ike_header->set_exchange_type(ike_header, this->exchange_type);
        ike_header->set_message_id(ike_header, this->message_id);
        ike_header->set_response_flag(ike_header, !this->is_request);
@@ -738,7 +774,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
        /* if last payload is of type encrypted, integrity checksum if necessary */
        if (payload->get_type(payload) == ENCRYPTED)
        {
-               this->logger->log(this->logger, CONTROL | LEVEL1, "build signature on whole message");
+               DBG2(SIG_DBG_ENC, "build signature on whole message");
                encryption_payload_t *encryption_payload = (encryption_payload_t*)payload;
                status = encryption_payload->build_signature(encryption_payload, packet_data);
                if (status != SUCCESS)
@@ -752,8 +788,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
        /* clone packet for caller */
        *packet = this->packet->clone(this->packet);
        
-       this->logger->log(this->logger, CONTROL|LEVEL1, "message of type %s generated successfully",
-                                               mapping_find(exchange_type_m,this->exchange_type));
+       DBG2(SIG_DBG_ENC, "message generated successfully");
        return SUCCESS;
 }
 
@@ -781,14 +816,13 @@ static status_t parse_header(private_message_t *this)
        ike_header_t *ike_header;
        status_t status;
        
-       
-       this->logger->log(this->logger, CONTROL|LEVEL1, "parsing Header of message");
+       DBG2(SIG_DBG_ENC, "parsing header of message");
        
        this->parser->reset_context(this->parser);
        status = this->parser->parse_payload(this->parser,HEADER,(payload_t **) &ike_header);
        if (status != SUCCESS)
        {
-               this->logger->log(this->logger, ERROR | LEVEL1, "header could not be parsed");
+               DBG1(SIG_DBG_ENC, "header could not be parsed");
                return status;
                
        }
@@ -797,10 +831,10 @@ static status_t parse_header(private_message_t *this)
        status = ike_header->payload_interface.verify(&(ike_header->payload_interface));
        if (status != SUCCESS)
        {
-               this->logger->log(this->logger, ERROR | LEVEL1, "header verification failed");
+               DBG1(SIG_DBG_ENC, "header verification failed");
                ike_header->destroy(ike_header);
                return status;
-       }       
+       }
        
        if (this->ike_sa_id != NULL)
        {
@@ -818,190 +852,23 @@ static status_t parse_header(private_message_t *this)
        this->minor_version = ike_header->get_min_version(ike_header);
        this->first_payload = ike_header->payload_interface.get_next_type(&(ike_header->payload_interface));
        
-       this->logger->log(this->logger, CONTROL|LEVEL1, "parsed a %s %s", 
-                                               mapping_find(exchange_type_m, this->exchange_type),
-                                               this->is_request ? "request" : "response");
+       DBG2(SIG_DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type,
+                this->is_request ? "request" : "response");
        
-       ike_header->destroy(ike_header);                                        
+       ike_header->destroy(ike_header);
        
        /* get the rules for this messge */
-       status = this->set_message_rule(this);
+       status = set_message_rule(this);
        if (status != SUCCESS)
        {
-               this->logger->log(this->logger, ERROR, "no message rules specified for a %s %s",
-                                                 mapping_find(exchange_type_m,this->exchange_type),
-                                                 this->is_request ? "request" : "response");
+               DBG1(SIG_DBG_ENC, "no message rules specified for a %N %s",
+                        exchange_type_names, this->exchange_type,
+                        this->is_request ? "request" : "response");
        }
        
-       return status;  
-}
-
-/**
- * Implementation of message_t.parse_body.
- */
-static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t *signer)
-{
-       status_t status = SUCCESS;
-       payload_type_t current_payload_type;
-       char payload_names[128];
-               
-       current_payload_type = this->first_payload;     
-               
-       this->logger->log(this->logger, CONTROL|LEVEL1, "parsing body of message, first payload is %s",
-                                         mapping_find(payload_type_m, current_payload_type));
-
-       /* parse payload for payload, while there are more available */
-       while ((current_payload_type != NO_PAYLOAD))
-       {
-               payload_t *current_payload;
-               
-               this->logger->log(this->logger, CONTROL|LEVEL2, "start parsing a %s payload", 
-                                                       mapping_find(payload_type_m, current_payload_type));
-               
-               /* parse current payload */
-               status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) &current_payload);
-               
-               if (status != SUCCESS)
-               {
-                       this->logger->log(this->logger, ERROR, "payload type %s could not be parsed",
-                                                               mapping_find(payload_type_m,current_payload_type));
-                       return PARSE_ERROR;
-               }
-
-               this->logger->log(this->logger, CONTROL|LEVEL2, "verify payload of type %s", 
-                                                       mapping_find(payload_type_m, current_payload_type));
-               
-               /* verify it, stop parsig if its invalid */
-               status = current_payload->verify(current_payload);
-               if (status != SUCCESS)
-               {
-                       this->logger->log(this->logger, ERROR, "%s payload verification failed",
-                                                               mapping_find(payload_type_m,current_payload_type));
-                       current_payload->destroy(current_payload);
-                       return VERIFY_ERROR;
-               }
-               
-               this->logger->log(this->logger, CONTROL|LEVEL2, "%s payload verified. Adding to payload list", 
-                                                       mapping_find(payload_type_m, current_payload_type));
-               this->payloads->insert_last(this->payloads,current_payload);
-               
-               /* an encryption payload is the last one, so STOP here. decryption is done later */
-               if (current_payload_type == ENCRYPTED)
-               {
-                       this->logger->log(this->logger, CONTROL|LEVEL2, "%s payload found. Stop parsing", 
-                                                               mapping_find(payload_type_m, current_payload_type));                    
-                       break;  
-               }
-               
-               /* get next payload type */
-               current_payload_type = current_payload->get_next_type(current_payload);
-       }
-
-       if (current_payload_type == ENCRYPTED)
-       {
-               status = this->decrypt_payloads(this,crypter,signer);
-               if (status != SUCCESS)
-               {
-                       this->logger->log(this->logger, ERROR, "Could not decrypt payloads");
-                       return status;
-               }
-       }
-       
-       status = this->verify(this);
-       if (status != SUCCESS)
-       {
-               this->logger->log(this->logger, ERROR, "verification of message failed");
-               return status;
-       }
-       
-       build_payload_string(this, payload_names, sizeof(payload_names));
-       this->logger->log(this->logger, CONTROL, "parsed %s %s (%d) [%s]", 
-                                       mapping_find(exchange_type_m, this->exchange_type),
-                                       this->is_request ? "request" : "response",
-                                       this->message_id,
-                                       payload_names);
-       
-       return SUCCESS;
-}
-
-/**
- * Implementation of private_message_t.verify.
- */
-static status_t verify(private_message_t *this)
-{
-       int i;
-       iterator_t *iterator;
-       size_t total_found_payloads = 0;
-       
-       this->logger->log(this->logger, CONTROL|LEVEL1, "verifying message structure");
-
-       iterator = this->payloads->create_iterator(this->payloads,TRUE);
-       /* check for payloads with wrong count*/
-       for (i = 0; i < this->message_rule->payload_rule_count;i++)
-       {
-               size_t found_payloads = 0;
-       
-               /* check all payloads for specific rule */
-               iterator->reset(iterator);
-               
-               while(iterator->has_next(iterator))
-               {
-                       payload_t *current_payload;
-                       payload_type_t current_payload_type;
-                       
-                       iterator->current(iterator,(void **)&current_payload);
-                       current_payload_type = current_payload->get_type(current_payload);
-                       
-                       if (current_payload_type == UNKNOWN_PAYLOAD)
-                       {
-                               /* unknown payloads are ignored, IF they are not critical */
-                               unknown_payload_t *unknown_payload = (unknown_payload_t*)current_payload;
-                               if (unknown_payload->is_critical(unknown_payload))
-                               {
-                                       this->logger->log(this->logger, ERROR|LEVEL1, "%s (%d) is not supported, but its critical!",
-                                                                         mapping_find(payload_type_m, current_payload_type), current_payload_type);
-                                       iterator->destroy(iterator);
-                                       return NOT_SUPPORTED;   
-                               }
-                       }
-                       else if (current_payload_type == this->message_rule->payload_rules[i].payload_type)
-                       {
-                               found_payloads++;
-                               total_found_payloads++;
-                               this->logger->log(this->logger, CONTROL|LEVEL2, "found payload of type %s",
-                                                         mapping_find(payload_type_m, this->message_rule->payload_rules[i].payload_type));
-       
-                               /* as soon as ohe payload occures more then specified, the verification fails */
-                               if (found_payloads > this->message_rule->payload_rules[i].max_occurence)
-                               {
-                                       this->logger->log(this->logger, ERROR|LEVEL1, "payload of type %s more than %d times (%d) occured in current message",
-                                                                         mapping_find(payload_type_m, current_payload_type),
-                                                                         this->message_rule->payload_rules[i].max_occurence, found_payloads);
-                                       iterator->destroy(iterator);
-                                       return VERIFY_ERROR;
-                               }
-                       }
-               }
-
-               if (found_payloads < this->message_rule->payload_rules[i].min_occurence)
-               {
-                       this->logger->log(this->logger, ERROR|LEVEL1, "payload of type %s not occured %d times (%d)",
-                                                         mapping_find(payload_type_m, this->message_rule->payload_rules[i].payload_type),
-                                                         this->message_rule->payload_rules[i].min_occurence, found_payloads);
-                       iterator->destroy(iterator);
-                       return VERIFY_ERROR;
-               }
-               if ((this->message_rule->payload_rules[i].sufficient) && (this->payloads->get_count(this->payloads) == total_found_payloads))
-               {
-                       iterator->destroy(iterator);
-                       return SUCCESS; 
-               }
-       }
-       iterator->destroy(iterator);
-       return SUCCESS;
+       return status;
 }
 
-
 /**
  * Implementation of private_message_t.decrypt_and_verify_payloads.
  */
@@ -1028,8 +895,8 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                /* needed to check */
                current_payload_type = current_payload->get_type(current_payload);
                
-               this->logger->log(this->logger, CONTROL|LEVEL2, "process payload of type %s",
-                                                       mapping_find(payload_type_m,current_payload_type));
+               DBG2(SIG_DBG_ENC, "process payload of type %N",
+                        payload_type_names, current_payload_type);
                
                if (current_payload_type == ENCRYPTED)
                {
@@ -1038,31 +905,31 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                        
                        encryption_payload = (encryption_payload_t*)current_payload;
                        
-                       this->logger->log(this->logger, CONTROL | LEVEL2, "found an encryption payload");
+                       DBG2(SIG_DBG_ENC, "found an encryption payload");
 
                        if (payload_number != this->payloads->get_count(this->payloads))
                        {
                                /* encrypted payload is not last one */
-                               this->logger->log(this->logger, ERROR, "encrypted payload is not last payload");
+                               DBG1(SIG_DBG_ENC, "encrypted payload is not last payload");
                                iterator->destroy(iterator);
                                return VERIFY_ERROR;
                        }
                        /* decrypt */
                        encryption_payload->set_transforms(encryption_payload, crypter, signer);
-                       this->logger->log(this->logger, CONTROL | LEVEL1, "verify signature of encryption payload");
-                       status = encryption_payload->verify_signature(encryption_payload, this->packet->get_data(this->packet));
+                       DBG2(SIG_DBG_ENC, "verify signature of encryption payload");
+                       status = encryption_payload->verify_signature(encryption_payload,
+                                                                               this->packet->get_data(this->packet));
                        if (status != SUCCESS)
                        {
-                               this->logger->log(this->logger, ERROR, "encryption payload signature invalid");
+                               DBG1(SIG_DBG_ENC, "encryption payload signature invalid");
                                iterator->destroy(iterator);
                                return FAILED;
                        }
-                       this->logger->log(this->logger, CONTROL | LEVEL2, "decrypt content of encryption payload");
+                       DBG2(SIG_DBG_ENC, "decrypting content of encryption payload");
                        status = encryption_payload->decrypt(encryption_payload);
                        if (status != SUCCESS)
                        {
-                               this->logger->log(this->logger, ERROR, 
-                                                                 "encrypted payload could not be decrypted and parsed");
+                               DBG1(SIG_DBG_ENC, "encrypted payload could not be decrypted and parsed");
                                iterator->destroy(iterator);
                                return PARSE_ERROR;
                        }
@@ -1073,7 +940,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                        /* check if there are payloads contained in the encryption payload */
                        if (encryption_payload->get_payload_count(encryption_payload) == 0)
                        {
-                               this->logger->log(this->logger, CONTROL|LEVEL2, "encrypted payload is empty");
+                               DBG2(SIG_DBG_ENC, "encrypted payload is empty");
                                /* remove the encryption payload, is not needed anymore */
                                iterator->remove(iterator);
                                /* encrypted payload contains no other payload */
@@ -1103,9 +970,8 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                        while (encryption_payload->get_payload_count(encryption_payload) > 0)
                        {
                                encryption_payload->remove_first_payload(encryption_payload, &current_encrypted_payload);
-                               this->logger->log(this->logger, CONTROL | LEVEL1, 
-                                                                 "insert unencrypted payload of type %s at end of list.",
-                                                                  mapping_find(payload_type_m, current_encrypted_payload->get_type(current_encrypted_payload)));
+                               DBG2(SIG_DBG_ENC, "insert unencrypted payload of type %N at end of list",
+                                        payload_type_names, current_encrypted_payload->get_type(current_encrypted_payload));
                                this->payloads->insert_last(this->payloads,current_encrypted_payload);
                        }
                        
@@ -1117,12 +983,12 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                if (current_payload_type != UNKNOWN_PAYLOAD && current_payload_type != NO_PAYLOAD)
                {
                        /* get the ruleset for found payload */
-                       status = this->get_payload_rule(this, current_payload_type, &payload_rule);
+                       status = get_payload_rule(this, current_payload_type, &payload_rule);
                        if (status != SUCCESS)
                        {
                                /* payload is not allowed */
-                               this->logger->log(this->logger, ERROR, "payload type %s not allowed",
-                                                                 mapping_find(payload_type_m,current_payload_type));
+                               DBG1(SIG_DBG_ENC, "payload type %N not allowed",
+                                                                 payload_type_names, current_payload_type);
                                iterator->destroy(iterator);
                                return VERIFY_ERROR;
                        }
@@ -1131,9 +997,9 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                        if (payload_rule->encrypted != current_payload_was_encrypted)
                        {
                                /* payload was not encrypted, but should have been. or vice-versa */
-                               this->logger->log(this->logger, ERROR, "payload type %s should be %s!", 
-                                                                       mapping_find(payload_type_m,current_payload_type),
-                                                                       (payload_rule->encrypted) ? "encrypted" : "not encrypted");
+                               DBG1(SIG_DBG_ENC, "payload type %N should be %s!",
+                                        payload_type_names, current_payload_type,
+                                        (payload_rule->encrypted) ? "encrypted" : "not encrypted");
                                iterator->destroy(iterator);
                                return VERIFY_ERROR;
                        }
@@ -1148,90 +1014,164 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
 }
 
 /**
- * Implementation of private_message_t.encrypt_payloads.
+ * Implementation of private_message_t.verify.
  */
-static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, signer_t* signer)
+static status_t verify(private_message_t *this)
 {
-       encryption_payload_t *encryption_payload = NULL;
-       status_t status;
-       linked_list_t *all_payloads;
-       
-       if (!this->message_rule->encrypted_content)
-       {
-               this->logger->log(this->logger, CONTROL | LEVEL1, "message doesn't have to be encrypted");
-               /* message contains no content to encrypt */
-               return SUCCESS;
-       }
+       int i;
+       iterator_t *iterator;
+       size_t total_found_payloads = 0;
        
-       this->logger->log(this->logger, CONTROL | LEVEL2, "copy all payloads to a temporary list");
-       all_payloads = linked_list_create();
+       DBG2(SIG_DBG_ENC, "verifying message structure");
        
-       /* first copy all payloads in a temporary list */
-       while (this->payloads->get_count(this->payloads) > 0)
+       iterator = this->payloads->create_iterator(this->payloads,TRUE);
+       /* check for payloads with wrong count*/
+       for (i = 0; i < this->message_rule->payload_rule_count;i++)
        {
-               void *current_payload;
-               this->payloads->remove_first(this->payloads,&current_payload);
-               all_payloads->insert_last(all_payloads,current_payload);
-       }
+               size_t found_payloads = 0;
        
-       encryption_payload = encryption_payload_create();
+               /* check all payloads for specific rule */
+               iterator->reset(iterator);
+               
+               while(iterator->has_next(iterator))
+               {
+                       payload_t *current_payload;
+                       payload_type_t current_payload_type;
+                       
+                       iterator->current(iterator,(void **)&current_payload);
+                       current_payload_type = current_payload->get_type(current_payload);
+                       
+                       if (current_payload_type == UNKNOWN_PAYLOAD)
+                       {
+                               /* unknown payloads are ignored, IF they are not critical */
+                               unknown_payload_t *unknown_payload = (unknown_payload_t*)current_payload;
+                               if (unknown_payload->is_critical(unknown_payload))
+                               {
+                                       DBG1(SIG_DBG_ENC, "%N is not supported, but its critical!",
+                                                payload_type_names, current_payload_type);
+                                       iterator->destroy(iterator);
+                                       return NOT_SUPPORTED;   
+                               }
+                       }
+                       else if (current_payload_type == this->message_rule->payload_rules[i].payload_type)
+                       {
+                               found_payloads++;
+                               total_found_payloads++;
+                               DBG2(SIG_DBG_ENC, "found payload of type %N",
+                                        payload_type_names, this->message_rule->payload_rules[i].payload_type);
+                               
+                               /* as soon as ohe payload occures more then specified, the verification fails */
+                               if (found_payloads > this->message_rule->payload_rules[i].max_occurence)
+                               {
+                                       DBG1(SIG_DBG_ENC, "payload of type %N more than %d times (%d) occured in current message",
+                                                payload_type_names, current_payload_type,
+                                                this->message_rule->payload_rules[i].max_occurence, found_payloads);
+                                       iterator->destroy(iterator);
+                                       return VERIFY_ERROR;
+                               }
+                       }
+               }
+               
+               if (found_payloads < this->message_rule->payload_rules[i].min_occurence)
+               {
+                       DBG1(SIG_DBG_ENC, "payload of type %N not occured %d times (%d)",
+                                payload_type_names, this->message_rule->payload_rules[i].payload_type,
+                                this->message_rule->payload_rules[i].min_occurence, found_payloads);
+                       iterator->destroy(iterator);
+                       return VERIFY_ERROR;
+               }
+               if ((this->message_rule->payload_rules[i].sufficient) && (this->payloads->get_count(this->payloads) == total_found_payloads))
+               {
+                       iterator->destroy(iterator);
+                       return SUCCESS; 
+               }
+       }
+       iterator->destroy(iterator);
+       return SUCCESS;
+}
 
-       this->logger->log(this->logger, CONTROL | LEVEL2, "check each payloads if they have to get encrypted");
-       while (all_payloads->get_count(all_payloads) > 0)
+/**
+ * Implementation of message_t.parse_body.
+ */
+static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t *signer)
+{
+       status_t status = SUCCESS;
+       payload_type_t current_payload_type;
+               
+       current_payload_type = this->first_payload;     
+               
+       DBG2(SIG_DBG_ENC, "parsing body of message, first payload is %N",
+                payload_type_names, current_payload_type);
+
+       /* parse payload for payload, while there are more available */
+       while ((current_payload_type != NO_PAYLOAD))
        {
-               payload_rule_t *payload_rule;
                payload_t *current_payload;
-               bool to_encrypt = FALSE;
                
-               all_payloads->remove_first(all_payloads,(void **)&current_payload);
-               this->logger->log(this->logger, CONTROL | LEVEL3, "get rule for payload %s", 
-                                                       mapping_find(payload_type_m,current_payload->get_type(current_payload)));
+               DBG2(SIG_DBG_ENC, "starting parsing a %N payload", 
+                        payload_type_names, current_payload_type);
                
-               status = this->get_payload_rule(this,current_payload->get_type(current_payload),&payload_rule);
-               /* for payload types which are not found in supported payload list, it is presumed 
-                * that they don't have to be encrypted */
-               if ((status == SUCCESS) && (payload_rule->encrypted))
+               /* parse current payload */
+               status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) &current_payload);
+               
+               if (status != SUCCESS)
                {
-                       this->logger->log(this->logger, CONTROL | LEVEL2, "payload %s has to get encrypted", 
-                                                         mapping_find(payload_type_m,current_payload->get_type(current_payload)));
-                       to_encrypt = TRUE;
+                       DBG1(SIG_DBG_ENC, "payload type %N could not be parsed",
+                                payload_type_names, current_payload_type);
+                       return PARSE_ERROR;
                }
-               else if (status != SUCCESS)
+
+               DBG2(SIG_DBG_ENC, "verifying payload of type %N",
+                        payload_type_names, current_payload_type);
+               
+               /* verify it, stop parsig if its invalid */
+               status = current_payload->verify(current_payload);
+               if (status != SUCCESS)
                {
-                       this->logger->log(this->logger, CONTROL | LEVEL2, "payload %s not defined for exchange type %s. Handle it anyway", 
-                                                         mapping_find(payload_type_m,current_payload->get_type(current_payload)),
-                                                         mapping_find(exchange_type_m,this->exchange_type));
+                       DBG1(SIG_DBG_ENC, "%N payload verification failed",
+                                payload_type_names, current_payload_type);
+                       current_payload->destroy(current_payload);
+                       return VERIFY_ERROR;
                }
                
-               if (to_encrypt)
+               DBG2(SIG_DBG_ENC, "%N payload verified. Adding to payload list",
+                        payload_type_names, current_payload_type);
+               this->payloads->insert_last(this->payloads,current_payload);
+               
+               /* an encryption payload is the last one, so STOP here. decryption is done later */
+               if (current_payload_type == ENCRYPTED)
                {
-                       this->logger->log(this->logger, CONTROL | LEVEL2, "insert payload %s to encryption payload", 
-                                                         mapping_find(payload_type_m,current_payload->get_type(current_payload)));
-
-                       encryption_payload->add_payload(encryption_payload,current_payload);
+                       DBG2(SIG_DBG_ENC, "%N payload found. Stop parsing",
+                                payload_type_names, current_payload_type);
+                       break;
                }
-               else
+               
+               /* get next payload type */
+               current_payload_type = current_payload->get_next_type(current_payload);
+       }
+
+       if (current_payload_type == ENCRYPTED)
+       {
+               status = decrypt_payloads(this,crypter,signer);
+               if (status != SUCCESS)
                {
-                       this->logger->log(this->logger, CONTROL | LEVEL2, "insert payload %s as payload wich does not have to be encrypted", 
-                                                         mapping_find(payload_type_m,current_payload->get_type(current_payload)));
-                       this->public.add_payload(&(this->public), (payload_t*)encryption_payload);
+                       DBG1(SIG_DBG_ENC, "could not decrypt payloads");
+                       return status;
                }
        }
-
-       status = SUCCESS;
-       this->logger->log(this->logger, CONTROL | LEVEL2, "set transforms for encryption payload ");
-       encryption_payload->set_transforms(encryption_payload,crypter,signer);
-       this->logger->log(this->logger, CONTROL | LEVEL1, "encrypt all payloads of encrypted payload");
-       status = encryption_payload->encrypt(encryption_payload);
-       this->logger->log(this->logger, CONTROL | LEVEL2, "add encrypted payload to payload list");
-       this->public.add_payload(&(this->public), (payload_t*)encryption_payload);
        
-       all_payloads->destroy(all_payloads);
+       status = verify(this);
+       if (status != SUCCESS)
+       {
+               DBG1(SIG_DBG_ENC, "verification of message failed");
+               return status;
+       }
        
-       return status;
+       DBG1(SIG_DBG_ENC, "parsed %M", this);
+       
+       return SUCCESS;
 }
 
-
 /**
  * Implementation of message_t.destroy.
  */
@@ -1297,18 +1237,11 @@ message_t *message_create_from_packet(packet_t *packet)
                
        /* private values */
        this->exchange_type = EXCHANGE_TYPE_UNDEFINED;
-       this->is_request = TRUE;
-       this->ike_sa_id = NULL;
-       this->first_payload = NO_PAYLOAD;
-       this->message_id = 0;
-
-       /* private functions */
-       this->set_message_rule = set_message_rule;
-       this->get_payload_rule = get_payload_rule;
-       this->encrypt_payloads = encrypt_payloads;
-       this->decrypt_payloads = decrypt_payloads;
-       this->verify = verify;
-
+       this->is_request = TRUE;
+       this->ike_sa_id = NULL;
+       this->first_payload = NO_PAYLOAD;
+       this->message_id = 0;
+       
        /* private values */
        if (packet == NULL)
        {
@@ -1319,10 +1252,8 @@ message_t *message_create_from_packet(packet_t *packet)
        this->payloads = linked_list_create();
        
        /* parser is created from data of packet */
-       this->parser = parser_create(this->packet->get_data(this->packet));
-               
-       this->logger = logger_manager->get_logger(logger_manager, MESSAGE);
-
+       this->parser = parser_create(this->packet->get_data(this->packet));
+       
        return (&this->public);
 }
 
index ac17102..3b91e8e 100644 (file)
 #include <crypto/crypters/crypter.h>
 #include <crypto/signers/signer.h>
 
+/**
+ * printf() specifier for message
+ */
+#define MESSAGE_PRINTF_SPEC 'M'
+
 
 typedef struct message_t message_t;
 
index e7cfb32..4215d38 100644 (file)
@@ -30,7 +30,6 @@
 #include <types.h>
 #include <definitions.h>
 #include <daemon.h>
-#include <utils/logger.h>
 #include <utils/linked_list.h>
 #include <encoding/payloads/encodings.h>
 #include <encoding/payloads/payload.h>
@@ -233,11 +232,6 @@ struct private_parser_t {
         * Set of encoding rules for this parsing session.
         */
        encoding_rule_t *rules;
-       
-       /**
-        * Assigned logger_t object.
-        */
-       logger_t *logger;
 };
 
 /**
@@ -247,9 +241,8 @@ static status_t parse_uint4(private_parser_t *this, int rule_number, u_int8_t *o
 {
        if (this->byte_pos + sizeof(u_int8_t)  > this->input_roof)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "  not enough input to parse rule %d %s", 
-                                                       rule_number, mapping_find(encoding_type_m, 
-                                                       this->rules[rule_number].type));
+               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+                        rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        switch (this->bit_pos)
@@ -272,15 +265,15 @@ static status_t parse_uint4(private_parser_t *this, int rule_number, u_int8_t *o
                        this->byte_pos++;
                        break;
                default:
-                       this->logger->log(this->logger, ERROR, "  found rule %d %s on bitpos %d", 
-                                                               rule_number, mapping_find(encoding_type_m, 
-                                                               this->rules[rule_number].type), this->bit_pos);
+                       DBG2(SIG_DBG_ENC, "  found rule %d %N on bitpos %d",
+                                rule_number, encoding_type_names,
+                                this->rules[rule_number].type, this->bit_pos);
                        return PARSE_ERROR;
        }
        
        if (output_pos != NULL)
        {
-               this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *output_pos);
+               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
        }
        
        return SUCCESS;
@@ -293,16 +286,15 @@ static status_t parse_uint8(private_parser_t *this, int rule_number, u_int8_t *o
 {
        if (this->byte_pos + sizeof(u_int8_t)  > this->input_roof)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "  not enough input to parse rule %d %s", 
-                                                       rule_number, mapping_find(encoding_type_m, 
-                                                       this->rules[rule_number].type));
+               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+                        rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               this->logger->log(this->logger, ERROR, "  found rule %d %s on bitpos %d", 
-                                                       rule_number, mapping_find(encoding_type_m, 
-                                                       this->rules[rule_number].type), this->bit_pos);
+               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d",
+                        rule_number, encoding_type_names,
+                        this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
 
@@ -310,7 +302,7 @@ static status_t parse_uint8(private_parser_t *this, int rule_number, u_int8_t *o
        if (output_pos != NULL)
        {
                *output_pos = *(this->byte_pos);
-               this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *output_pos);
+               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
        }
        this->byte_pos++;
        
@@ -324,23 +316,21 @@ static status_t parse_uint15(private_parser_t *this, int rule_number, u_int16_t
 {
        if (this->byte_pos + sizeof(u_int16_t) > this->input_roof)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "  not enough input to parse rule %d %s", 
-                                                       rule_number, mapping_find(encoding_type_m, 
-                                                       this->rules[rule_number].type));
+               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+                        rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos != 1)
        {
-               this->logger->log(this->logger, ERROR, "  found rule %d %s on bitpos %d", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type), 
-                                                       this->bit_pos);
+               DBG2(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+                        encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
        /* caller interested in result ? */
        if (output_pos != NULL)
        {
                *output_pos = ntohs(*((u_int16_t*)this->byte_pos)) & ~0x8000;
-               this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *output_pos);
+               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
        }
        this->byte_pos += 2;
        this->bit_pos = 0;
@@ -355,15 +345,14 @@ static status_t parse_uint16(private_parser_t *this, int rule_number, u_int16_t
 {
        if (this->byte_pos + sizeof(u_int16_t) > this->input_roof)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "  not enough input to parse rule %d %s", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type));
+               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+                        rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               this->logger->log(this->logger, ERROR, "  found rule %d %s on bitpos %d", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type), 
-                                                       this->bit_pos);
+               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+                        encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
        /* caller interested in result ? */
@@ -371,7 +360,7 @@ static status_t parse_uint16(private_parser_t *this, int rule_number, u_int16_t
        {
                *output_pos = ntohs(*((u_int16_t*)this->byte_pos));
                
-               this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *output_pos);
+               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
        }
        this->byte_pos += 2;
        
@@ -384,15 +373,14 @@ static status_t parse_uint32(private_parser_t *this, int rule_number, u_int32_t
 {
        if (this->byte_pos + sizeof(u_int32_t) > this->input_roof)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "  not enough input to parse rule %d %s", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type));
+               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+                        rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               this->logger->log(this->logger, ERROR, "  found rule %d %s on bitpos %d", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type), 
-                                                       this->bit_pos);
+               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+                        encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
        /* caller interested in result ? */
@@ -400,7 +388,7 @@ static status_t parse_uint32(private_parser_t *this, int rule_number, u_int32_t
        {
                *output_pos = ntohl(*((u_int32_t*)this->byte_pos));
                
-               this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *output_pos);
+               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
        }
        this->byte_pos += 4;
        
@@ -414,15 +402,14 @@ static status_t parse_uint64(private_parser_t *this, int rule_number, u_int64_t
 {
        if (this->byte_pos + sizeof(u_int64_t) > this->input_roof)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "  not enough input to parse rule %d %s", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type));
+               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+                        rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               this->logger->log(this->logger, ERROR, "  found rule %d %s on bitpos %d", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type), 
-                                                       this->bit_pos);
+               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+                        encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
        /* caller interested in result ? */
@@ -432,7 +419,7 @@ static status_t parse_uint64(private_parser_t *this, int rule_number, u_int64_t
                *(output_pos + 1) = ntohl(*((u_int32_t*)this->byte_pos));
                *output_pos = ntohl(*(((u_int32_t*)this->byte_pos) + 1));
                
-               this->logger->log_bytes(this->logger, RAW|LEVEL2, "   =>", (void*)output_pos, 8);
+               DBG3(SIG_DBG_ENC, "   => %b", (void*)output_pos, sizeof(u_int64_t));
        }
        this->byte_pos += 8;
 
@@ -446,15 +433,14 @@ static status_t parse_bytes (private_parser_t *this, int rule_number, u_int8_t *
 {
        if (this->byte_pos + bytes > this->input_roof)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "  not enough input to parse rule %d %s", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type));
+               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+                        rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               this->logger->log(this->logger, ERROR, "  found rule %d %s on bitpos %d", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type), 
-                                                       this->bit_pos);
+               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+                        encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
 
@@ -463,7 +449,7 @@ static status_t parse_bytes (private_parser_t *this, int rule_number, u_int8_t *
        {
                memcpy(output_pos,this->byte_pos,bytes);
                
-               this->logger->log_bytes(this->logger, RAW|LEVEL2, "   =>", (void*)output_pos, bytes);
+               DBG3(SIG_DBG_ENC, "   => %b", (void*)output_pos, bytes);
        }
        this->byte_pos += bytes;
        
@@ -477,8 +463,8 @@ static status_t parse_bit(private_parser_t *this, int rule_number, bool *output_
 {
        if (this->byte_pos + sizeof(u_int8_t) > this->input_roof)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "  not enough input to parse rule %d %s", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type));
+               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+                        rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        /* caller interested in result ? */
@@ -494,7 +480,7 @@ static status_t parse_bit(private_parser_t *this, int rule_number, bool *output_
                        *output_pos = TRUE;
                }
                
-               this->logger->log(this->logger, RAW|LEVEL2, "   => %d", *output_pos);
+               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
        }
        this->bit_pos = (this->bit_pos + 1) % 8;
        if (this->bit_pos == 0) 
@@ -514,15 +500,15 @@ static status_t parse_list(private_parser_t *this, int rule_number, linked_list_
        
        if (length < 0)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "  invalid length for rule %d %s", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type));
+               DBG1(SIG_DBG_ENC, "  invalid length for rule %d %N",
+                        rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;     
        }
        
        if (this->bit_pos)
        {
-               this->logger->log(this->logger, ERROR, "  found rule %d %s on bitpos %d", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type), this->bit_pos);
+               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+                        encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
        
@@ -531,13 +517,13 @@ static status_t parse_list(private_parser_t *this, int rule_number, linked_list_
                u_int8_t *pos_before = this->byte_pos;
                payload_t *payload;
                status_t status;
-               this->logger->log(this->logger, CONTROL|LEVEL1, "  %d bytes left, parsing recursivly %s", 
-                                                       length, mapping_find(payload_type_m, payload_type));
+               DBG2(SIG_DBG_ENC, "  %d bytes left, parsing recursivly %N",
+                        length, payload_type_names, payload_type);
                status = this->public.parse_payload((parser_t*)this, payload_type, &payload);
                if (status != SUCCESS)
                {
-                       this->logger->log(this->logger, ERROR, "  parsing of a %s substructure failed", 
-                                                               mapping_find(payload_type_m, payload_type));
+                       DBG1(SIG_DBG_ENC, "  parsing of a %N substructure failed",
+                                payload_type_names, payload_type);
                        return status;  
                }
                list->insert_last(list, payload);
@@ -554,14 +540,14 @@ static status_t parse_chunk(private_parser_t *this, int rule_number, chunk_t *ou
 {
        if (this->byte_pos + length > this->input_roof)
        {
-               this->logger->log(this->logger, ERROR, "  not enough input (%d bytes) to parse rule %d %s", 
-                                                       length, rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type));
+               DBG1(SIG_DBG_ENC, "  not enough input (%d bytes) to parse rule %d %N",
+                        length, rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               this->logger->log(this->logger, ERROR, "  found rule %d %s on bitpos %d", 
-                                                       rule_number, mapping_find(encoding_type_m, this->rules[rule_number].type), this->bit_pos);
+               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+                        encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
        if (output_pos != NULL)
@@ -571,7 +557,7 @@ static status_t parse_chunk(private_parser_t *this, int rule_number, chunk_t *ou
                memcpy(output_pos->ptr, this->byte_pos, length);
        }
        this->byte_pos += length;
-       this->logger->log_bytes(this->logger, RAW|LEVEL2, "   =>", (void*)output_pos->ptr, length);
+       DBG3(SIG_DBG_ENC, "   => %b", (void*)output_pos->ptr, length);
        
        return SUCCESS;
 }
@@ -592,17 +578,16 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
        /* create instance of the payload to parse */
        pld = payload_create(payload_type);
        
-       this->logger->log(this->logger, CONTROL|LEVEL1, "parsing %s payload, %d bytes left", 
-                                               mapping_find(payload_type_m, payload_type),
-                                               this->input_roof-this->byte_pos);
+       DBG2(SIG_DBG_ENC, "parsing %N payload, %d bytes left",
+                payload_type_names, payload_type, this->input_roof - this->byte_pos);
        
-       this->logger->log_bytes(this->logger, RAW|LEVEL3, "parsing payload from", this->byte_pos, 
-                                                               this->input_roof-this->byte_pos);
+       DBG3(SIG_DBG_ENC, "parsing payload from %b",
+                this->byte_pos, this->input_roof-this->byte_pos);
        
        if (pld->get_type(pld) == UNKNOWN_PAYLOAD)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1, "  payload type %d is unknown, handling as %s",
-                                                       payload_type, mapping_find(payload_type_m, UNKNOWN_PAYLOAD));
+               DBG1(SIG_DBG_ENC, "  payload type %d is unknown, handling as %N",
+                        payload_type, payload_type_names, UNKNOWN_PAYLOAD);
        }
        
        /* base pointer for output, avoids casting in every rule */
@@ -613,8 +598,8 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
        for (rule_number = 0; rule_number < rule_count; rule_number++)
        {
                rule = &(this->rules[rule_number]);
-               this->logger->log(this->logger, CONTROL|LEVEL2, "  parsing rule %d %s", 
-                                                       rule_number, mapping_find(encoding_type_m, rule->type));
+               DBG2(SIG_DBG_ENC, "  parsing rule %d %N",
+                        rule_number, encoding_type_names, rule->type);
                switch (rule->type)
                {
                        case U_INT_4:
@@ -990,7 +975,8 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
                        }
                        default:
                        {
-                               this->logger->log(this->logger, ERROR, "  no rule to parse rule %d %s (%d)", rule_number, mapping_find(encoding_type_m, rule->type), rule->type);
+                               DBG1(SIG_DBG_ENC, "  no rule to parse rule %d %N",
+                                        rule_number, encoding_type_names, rule->type);
                                pld->destroy(pld);
                                return PARSE_ERROR;
                        }
@@ -999,9 +985,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
                rule++;
        }
        
-       *payload = pld; 
-       this->logger->log(this->logger, CONTROL|LEVEL2, "parsing %s payload finished.", 
-                                         mapping_find(payload_type_m, payload_type));
+       *payload = pld;
+       DBG2(SIG_DBG_ENC, "parsing %N payload finished",
+                payload_type_names, payload_type);
        return SUCCESS;
 }
 
@@ -1038,8 +1024,6 @@ parser_t *parser_create(chunk_t data)
 {
        private_parser_t *this = malloc_thing(private_parser_t);
        
-       this->logger = logger_manager->get_logger(logger_manager, PARSER);
-       
        this->public.parse_payload = (status_t(*)(parser_t*,payload_type_t,payload_t**)) parse_payload;
        this->public.reset_context = (void(*)(parser_t*)) reset_context;
        this->public.get_remaining_byte_count = (int (*) (parser_t *))get_remaining_byte_count;
@@ -1055,7 +1039,7 @@ parser_t *parser_create(chunk_t data)
        this->parse_bit = parse_bit;
        this->parse_list = parse_list;
        this->parse_chunk = parse_chunk;
-               
+       
        this->input = data.ptr;
        this->byte_pos = data.ptr;
        this->bit_pos = 0;
@@ -1063,4 +1047,3 @@ parser_t *parser_create(chunk_t data)
        
        return (parser_t*)this;
 }
-
index 78e1fb9..f7c3755 100644 (file)
 #include "cert_payload.h"
 
 
-/** 
- * String mappings for cert_encoding_t.
- */
-static const char *const cert_encoding_name[] = {
+ENUM(cert_encoding_names, CERT_NONE, CERT_X509_HASH_AND_URL_BUNDLE, 
        "CERT_NONE",
        "CERT_PKCS7_WRAPPED_X509",
        "CERT_PGP",
@@ -43,11 +40,8 @@ static const char *const cert_encoding_name[] = {
        "CERT_X509_ATTRIBUTE",
        "CERT_RAW_RSA_KEY",
        "CERT_X509_HASH_AND_URL",
-       "CERT_X509_HASH_AND_URL_BUNDLE"
-};
-
-enum_names cert_encoding_names =
-    { CERT_NONE, CERT_X509_HASH_AND_URL_BUNDLE, cert_encoding_name, NULL };
+       "CERT_X509_HASH_AND_URL_BUNDLE",
+);
 
 typedef struct private_cert_payload_t private_cert_payload_t;
 
index 4eb8547..aaf0b85 100644 (file)
@@ -64,7 +64,7 @@ enum cert_encoding_t {
  * 
  * @ingroup payloads
  */
-extern enum_namecert_encoding_names;
+extern enum_name_t *cert_encoding_names;
 
 typedef struct cert_payload_t cert_payload_t;
 
index 88adbd6..5982214 100644 (file)
@@ -58,27 +58,23 @@ struct private_configuration_attribute_t {
        chunk_t attribute_value;
 };
 
-/** 
- * String mappings for configuration_attribute_type_t.
- */
-mapping_t configuration_attribute_type_m[] = {
-       {INTERNAL_IP4_ADDRESS, "INTERNAL_IP4_ADDRESS"},
-       {INTERNAL_IP4_NETMASK, "INTERNAL_IP4_NETMASK"},
-       {INTERNAL_IP4_DNS, "INTERNAL_IP4_DNS"},
-       {INTERNAL_IP4_NBNS, "INTERNAL_IP4_NBNS"},
-       {INTERNAL_ADDRESS_EXPIRY, "INTERNAL_ADDRESS_EXPIRY"},
-       {INTERNAL_IP4_DHCP, "INTERNAL_IP4_DHCP"},
-       {APPLICATION_VERSION, "APPLICATION_VERSION"},
-       {INTERNAL_IP6_ADDRESS, "INTERNAL_IP6_ADDRESS"},
-       {INTERNAL_IP6_DNS, "INTERNAL_IP6_DNS"},
-       {INTERNAL_IP6_NBNS, "INTERNAL_IP6_NBNS"},
-       {INTERNAL_IP6_DHCP, "INTERNAL_IP6_DHCP"},
-       {INTERNAL_IP4_SUBNET, "INTERNAL_IP4_SUBNET"},
-       {SUPPORTED_ATTRIBUTES, "SUPPORTED_ATTRIBUTES"},
-       {INTERNAL_IP6_SUBNET, "INTERNAL_IP6_SUBNET"},
-       {MAPPING_END, NULL}
-};
-
+ENUM_BEGIN(configuration_attribute_type_name, INTERNAL_IP4_ADDRESS, INTERNAL_IP6_ADDRESS,
+       "INTERNAL_IP4_ADDRESS",
+       "INTERNAL_IP4_NETMASK",
+       "INTERNAL_IP4_DNS",
+       "INTERNAL_IP4_NBNS",
+       "INTERNAL_ADDRESS_EXPIRY",
+       "INTERNAL_IP4_DHCP",
+       "APPLICATION_VERSION",
+       "INTERNAL_IP6_ADDRESS");
+ENUM_NEXT(configuration_attribute_type_name, INTERNAL_IP6_DNS, INTERNAL_IP6_SUBNET, INTERNAL_IP6_ADDRESS,
+       "INTERNAL_IP6_DNS",
+       "INTERNAL_IP6_NBNS",
+       "INTERNAL_IP6_DHCP",
+       "INTERNAL_IP4_SUBNET",
+       "SUPPORTED_ATTRIBUTES",
+       "INTERNAL_IP6_SUBNET");
+ENUM_END(configuration_attribute_type_name, INTERNAL_IP6_SUBNET);
 
 /**
  * Encoding rules to parse or generate a configuration attribute.
index 442e0cb..5cd7b22 100644 (file)
@@ -62,11 +62,11 @@ enum configuration_attribute_type_t {
 };
 
 /** 
- * String mappings for configuration_attribute_type_t.
+ * enum names for configuration_attribute_type_t.
  * 
  * @ingroup payloads
  */
-extern mapping_t configuration_attribute_type_m[];
+extern enum_name_t *configuration_attribute_type_names;
 
 typedef struct configuration_attribute_t configuration_attribute_t;
 
index ed779d9..f1297e4 100644 (file)
 #include <encoding/payloads/encodings.h>
 #include <utils/linked_list.h>
 
-
-/** 
- * String mappings for config_type_t.
- */
-mapping_t config_type_m[] = {
-       {CFG_REQUEST, "CFG_REQUEST"},
-       {CFG_REPLY, "CFG_REPLY"},
-       {CFG_SET, "CFG_SET"},
-       {CFG_ACK, "CFG_ACK"},
-       {MAPPING_END, NULL}
-};
-
+ENUM(config_type_names, CFG_REQUEST, CFG_ACK,
+       "CFG_REQUEST",
+       "CFG_REPLY",
+       "CFG_SET",
+       "CFG_ACK",
+);
 
 typedef struct private_cp_payload_t private_cp_payload_t;
 
@@ -77,13 +71,6 @@ struct private_cp_payload_t {
         * Config Type.
         */
        u_int8_t config_type;
-       
-       /**
-        * @brief Computes the length of this payload.
-        *
-        * @param this  calling private_cp_payload_t object
-        */
-       void (*compute_length) (private_cp_payload_t *this);
 };
 
 /**
@@ -190,11 +177,30 @@ static void set_next_type(private_cp_payload_t *this,payload_type_t type)
 }
 
 /**
+ * recompute the length of the payload.
+ */
+static void compute_length(private_cp_payload_t *this)
+{
+       iterator_t *iterator;
+       size_t length = CP_PAYLOAD_HEADER_LENGTH;
+       iterator = this->attributes->create_iterator(this->attributes,TRUE);
+       while (iterator->has_next(iterator))
+       {
+               payload_t *current_attribute;
+               iterator->current(iterator,(void **) &current_attribute);
+               length += current_attribute->get_length(current_attribute);
+       }
+       iterator->destroy(iterator);
+       
+       this->payload_length = length;
+}
+
+/**
  * Implementation of payload_t.get_length.
  */
 static size_t get_length(private_cp_payload_t *this)
 {
-       this->compute_length(this);
+       compute_length(this);
        return this->payload_length;
 }
 
@@ -212,7 +218,7 @@ static iterator_t *create_configuration_attribute_iterator (private_cp_payload_t
 static void add_configuration_attribute (private_cp_payload_t *this,configuration_attribute_t *attribute)
 {
        this->attributes->insert_last(this->attributes,(void *) attribute);
-       this->compute_length(this);
+       compute_length(this);
 }
 
 /**
@@ -232,25 +238,6 @@ static config_type_t get_config_type (private_cp_payload_t *this)
 }
 
 /**
- * Implementation of private_cp_payload_t.compute_length.
- */
-static void compute_length (private_cp_payload_t *this)
-{
-       iterator_t *iterator;
-       size_t length = CP_PAYLOAD_HEADER_LENGTH;
-       iterator = this->attributes->create_iterator(this->attributes,TRUE);
-       while (iterator->has_next(iterator))
-       {
-               payload_t *current_attribute;
-               iterator->current(iterator,(void **) &current_attribute);
-               length += current_attribute->get_length(current_attribute);
-       }
-       iterator->destroy(iterator);
-       
-       this->payload_length = length;
-}
-
-/**
  * Implementation of payload_t.destroy and cp_payload_t.destroy.
  */
 static status_t destroy(private_cp_payload_t *this)
@@ -292,10 +279,6 @@ cp_payload_t *cp_payload_create()
        this->public.get_config_type = (config_type_t (*) (cp_payload_t *)) get_config_type;
        this->public.destroy = (void (*) (cp_payload_t *)) destroy;
        
-       
-       /* private functions */
-       this->compute_length = compute_length;
-       
        /* set default values of the fields */
        this->critical = FALSE;
        this->next_payload = NO_PAYLOAD;
index 3fd4011..3391881 100644 (file)
@@ -52,11 +52,11 @@ enum config_type_t {
 };
 
 /**
- * string mappings for config_type_t.
- * 
+ * enum name for config_type_t.
+ *
  * @ingroup payloads
  */
-extern mapping_t config_type_m[];
+extern enum_name_t *config_type_names;
 
 
 typedef struct cp_payload_t cp_payload_t;
index 8e0f30b..9ec0a94 100644 (file)
 
 #include "encodings.h"
 
-
-mapping_t encoding_type_m[] = {
-       {U_INT_4, "U_INT_4"},
-       {U_INT_8, "U_INT_8"},
-       {U_INT_16, "U_INT_16"},
-       {U_INT_32, "U_INT_32"},
-       {U_INT_64, "U_INT_64"},
-       {IKE_SPI, "IKE_SPI"},
-       {RESERVED_BIT, "RESERVED_BIT"},
-       {RESERVED_BYTE, "RESERVED_BYTE"},
-       {FLAG, "FLAG"},
-       {PAYLOAD_LENGTH, "PAYLOAD_LENGTH"},
-       {HEADER_LENGTH, "HEADER_LENGTH"},
-       {SPI_SIZE, "SPI_SIZE"},
-       {SPI, "SPI"},
-       {KEY_EXCHANGE_DATA, "KEY_EXCHANGE_DATA"},
-       {NOTIFICATION_DATA, "NOTIFICATION_DATA"},
-       {PROPOSALS, "PROPOSALS"},
-       {TRANSFORMS, "TRANSFORMS"},
-       {TRANSFORM_ATTRIBUTES, "TRANSFORM_ATTRIBUTES"},
-       {ATTRIBUTE_FORMAT, "ATTRIBUTE_FORMAT"},
-       {ATTRIBUTE_TYPE, "ATTRIBUTE_TYPE"},
-       {ATTRIBUTE_LENGTH_OR_VALUE, "ATTRIBUTE_LENGTH_OR_VALUE"},
-       {ATTRIBUTE_VALUE, "ATTRIBUTE_VALUE"},
-       {NONCE_DATA, "NONCE_DATA"},
-       {ID_DATA, "ID_DATA"},
-       {AUTH_DATA, "AUTH_DATA"},
-       {ENCRYPTED_DATA, "ENCRYPTED_DATA"},
-       {TS_TYPE, "TS_TYPE"},
-       {ADDRESS, "ADDRESS"},
-       {TRAFFIC_SELECTORS, "TRAFFIC_SELECTORS"},
-       {CERT_DATA, "CERT_DATA"},
-       {CERTREQ_DATA, "CERTREQ_DATA"},
-       {SPIS, "SPIS"},
-       {VID_DATA, "VID_DATA"},
-       {VID_DATA, "VID_DATA"}, 
-       {CONFIGURATION_ATTRIBUTES, "CONFIGURATION_ATTRIBUTES"},
-       {CONFIGURATION_ATTRIBUTE_LENGTH, "CONFIGURATION_ATTRIBUTE_LENGTH"},
-       {CONFIGURATION_ATTRIBUTE_VALUE, "CONFIGURATION_ATTRIBUTE_VALUE"},       
-       {EAP_MESSAGE, "EAP_MESSAGE"},
-       {UNKNOWN_DATA,"UNKNOWN_DATA"},
-       {MAPPING_END, NULL}
-};
+ENUM(encoding_type_names, U_INT_4, UNKNOWN_DATA,
+       "U_INT_4",
+       "U_INT_8",
+       "U_INT_16",
+       "U_INT_32",
+       "U_INT_64",
+       "IKE_SPI",
+       "RESERVED_BIT",
+       "RESERVED_BYTE",
+       "FLAG",
+       "PAYLOAD_LENGTH",
+       "HEADER_LENGTH",
+       "SPI_SIZE",
+       "SPI",
+       "KEY_EXCHANGE_DATA",
+       "NOTIFICATION_DATA",
+       "PROPOSALS",
+       "TRANSFORMS",
+       "TRANSFORM_ATTRIBUTES",
+       "ATTRIBUTE_FORMAT",
+       "ATTRIBUTE_TYPE",
+       "ATTRIBUTE_LENGTH_OR_VALUE",
+       "ATTRIBUTE_VALUE",
+       "NONCE_DATA",
+       "ID_DATA",
+       "AUTH_DATA",
+       "ENCRYPTED_DATA",
+       "TS_TYPE",
+       "ADDRESS",
+       "TRAFFIC_SELECTORS",
+       "CERT_DATA",
+       "CERTREQ_DATA",
+       "SPIS",
+       "VID_DATA",
+       "VID_DATA",
+       "CONFIGURATION_ATTRIBUTES",
+       "CONFIGURATION_ATTRIBUTE_LENGTH",
+       "CONFIGURATION_ATTRIBUTE_VALUE",
+       "EAP_MESSAGE",
+       "UNKNOWN_DATA",
+);
index bacfb48..24dc16f 100644 (file)
@@ -499,11 +499,11 @@ enum encoding_type_t {
 };
 
 /**
- * mappings to map encoding_type_t's to strings
+ * enum name for encoding_type_t
  * 
  * @ingroup payloads
  */
-extern mapping_t encoding_type_m[];
+extern enum_name_t *encoding_type_names;
 
 
 typedef struct encoding_rule_t encoding_rule_t;
index caf34fb..d32e6c9 100644 (file)
@@ -29,7 +29,6 @@
 #include <daemon.h>
 #include <encoding/payloads/encodings.h>
 #include <utils/linked_list.h>
-#include <utils/logger.h>
 #include <encoding/generator.h>
 #include <encoding/parser.h>
 #include <utils/iterator.h>
@@ -37,8 +36,6 @@
 #include <crypto/signers/signer.h>
 
 
-
-
 typedef struct private_encryption_payload_t private_encryption_payload_t;
 
 /**
@@ -95,32 +92,6 @@ struct private_encryption_payload_t {
         * Contained payloads of this encrpytion_payload.
         */
        linked_list_t *payloads;
-       
-       /** 
-        * logger for this payload, uses MESSAGE context
-        */
-       logger_t *logger;
-       
-       /**
-        * @brief Computes the length of this payload.
-        *
-        * @param this  calling private_encryption_payload_t object
-        */
-       void (*compute_length) (private_encryption_payload_t *this);
-       
-       /**
-        * @brief Generate payloads (unencrypted) in chunk decrypted.
-        * 
-        * @param this  calling private_encryption_payload_t object
-        */
-       void (*generate) (private_encryption_payload_t *this);
-               
-       /**
-        * @brief Parse payloads from a (unencrypted) chunk.
-        * 
-        * @param this  calling private_encryption_payload_t object
-        */
-       status_t (*parse) (private_encryption_payload_t *this);
 };
 
 /**
@@ -212,11 +183,45 @@ static void set_next_type(private_encryption_payload_t *this, payload_type_t typ
 }
 
 /**
+ * (re-)compute the lenght of the whole payload
+ */
+static void compute_length(private_encryption_payload_t *this)
+{
+       iterator_t *iterator;
+       size_t block_size, length = 0;
+       iterator = this->payloads->create_iterator(this->payloads, TRUE);
+
+       /* count payload length */
+       while (iterator->has_next(iterator))
+       {
+               payload_t *current_payload;
+               iterator->current(iterator, (void **) &current_payload);
+               length += current_payload->get_length(current_payload);
+       }
+       iterator->destroy(iterator);
+       
+       if (this->crypter && this->signer)
+       {
+               /* append one byte for padding length */
+               length++;
+               /* append padding */
+               block_size = this->crypter->get_block_size(this->crypter);
+               length += block_size - length % block_size;
+               /* add iv */
+               length += block_size;
+               /* add signature */
+               length += this->signer->get_block_size(this->signer);
+       }
+       length += ENCRYPTION_PAYLOAD_HEADER_LENGTH;
+       this->payload_length = length;
+}
+
+/**
  * Implementation of payload_t.get_length.
  */
 static size_t get_length(private_encryption_payload_t *this)
 {
-       this->compute_length(this);
+       compute_length(this);
        return this->payload_length;
 }
 
@@ -245,7 +250,7 @@ static void add_payload(private_encryption_payload_t *this, payload_t *payload)
        }
        payload->set_next_type(payload, NO_PAYLOAD);
        this->payloads->insert_last(this->payloads, (void*)payload);
-       this->compute_length(this);
+       compute_length(this);
 }
 
 /**
@@ -264,6 +269,60 @@ static size_t get_payload_count(private_encryption_payload_t *this)
        return this->payloads->get_count(this->payloads);
 }
 
+/**
+ * Generate payload before encryption.
+ */
+static void generate(private_encryption_payload_t *this)
+{
+       payload_t *current_payload, *next_payload;
+       generator_t *generator;
+       iterator_t *iterator;
+       
+       /* recalculate length before generating */
+       compute_length(this);
+       
+       /* create iterator */
+       iterator = this->payloads->create_iterator(this->payloads, TRUE);
+       
+       /* get first payload */
+       if (iterator->has_next(iterator))
+       {
+               iterator->current(iterator, (void**)&current_payload);
+               this->next_payload = current_payload->get_type(current_payload);
+       }
+       else
+       {
+               /* no paylads? */
+               DBG2(SIG_DBG_ENC, "generating contained payloads, but none available");
+               free(this->decrypted.ptr);
+               this->decrypted = CHUNK_INITIALIZER;
+               iterator->destroy(iterator);
+               return;
+       }
+       
+       generator = generator_create();
+       
+       /* build all payload, except last */
+       while(iterator->has_next(iterator))
+       {
+               iterator->current(iterator, (void**)&next_payload);
+               current_payload->set_next_type(current_payload, next_payload->get_type(next_payload));
+               generator->generate_payload(generator, current_payload);
+               current_payload = next_payload;
+       }
+       iterator->destroy(iterator);
+       
+       /* build last payload */
+       current_payload->set_next_type(current_payload, NO_PAYLOAD);
+       generator->generate_payload(generator, current_payload);
+       
+       /* free already generated data */
+       free(this->decrypted.ptr);
+       
+       generator->write_to_chunk(generator, &(this->decrypted));
+       generator->destroy(generator);
+       DBG2(SIG_DBG_ENC, "successfully generated content in encryption payload");
+}
 
 /**
  * Implementation of encryption_payload_t.encrypt.
@@ -277,19 +336,18 @@ static status_t encrypt(private_encryption_payload_t *this)
        
        if (this->signer == NULL || this->crypter == NULL)
        {
-               this->logger->log(this->logger, ERROR, "could not encrypt, signer/crypter not set");
+               DBG1(SIG_DBG_ENC, "could not encrypt, signer/crypter not set");
                return INVALID_STATE;
        }
        
        /* for random data in iv and padding */
        randomizer = randomizer_create();
-
-
+       
        /* build payload chunk */
-