added log and status output for ESN
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 16 Jul 2011 09:09:38 +0000 (11:09 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 16 Jul 2011 09:09:38 +0000 (11:09 +0200)
src/libcharon/plugins/stroke/stroke_list.c
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c

index 0d6f73a..e955f9c 100644 (file)
@@ -222,11 +222,14 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
                        {
                                u_int16_t encr_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED;
                                u_int16_t encr_size = 0, int_size = 0;
+                               bool esn = FALSE;
 
                                proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
                                                                                &encr_alg, &encr_size);
                                proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM,
                                                                                &int_alg, &int_size);
+                               proposal->get_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS,
+                                                                               &esn, NULL);
 
                                if (encr_alg != ENCR_UNDEFINED)
                                {
@@ -244,6 +247,10 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
                                                fprintf(out, "_%u", int_size);
                                        }
                                }
+                               if (esn)
+                               {
+                                       fprintf(out, "/ESN");
+                               }
                        }
 
                        now = time_monotonic(NULL);
index a1c0d84..333b2d0 100644 (file)
@@ -254,7 +254,8 @@ struct private_kernel_netlink_ipsec_t {
        mutex_t *mutex;
 
        /**
-        * Hash table of installed policies (policy_entry_t)
+        * Hash table of installed policies (policy_entry_t)                            DBG2(DBG_KNL, "  using extended sequence numbers (ESN)");
+
         */
        hashtable_t *policies;
 
@@ -1414,10 +1415,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
                        /* bmp_len contains number uf __u32's */
                        replay->bmp_len = this->replay_bmp;
                        replay->replay_window = this->replay_window;
+                       DBG2(DBG_KNL, "  using replay window of %u bytes",
+                                this->replay_window);
 
                        rthdr = XFRM_RTA_NEXT(rthdr);
                        if (esn)
                        {
+                               DBG2(DBG_KNL, "  using extended sequence numbers (ESN)");
                                sa->flags |= XFRM_STATE_ESN;
                        }
                }