child-cfg: Allow suppressing log messages when selecting traffic selectors
authorTobias Brunner <tobias@strongswan.org>
Tue, 29 May 2018 16:12:16 +0000 (18:12 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 28 Jun 2018 16:46:42 +0000 (18:46 +0200)
Although being already logged on level 2, these messages are usually just
confusing if they pop up randomly in the log when e.g. querying the configs
or installing traps.  So after this the log messages will only be logged when
actually proposing or selecting traffic selectors during IKE.

13 files changed:
src/libcharon/config/child_cfg.c
src/libcharon/config/child_cfg.h
src/libcharon/config/peer_cfg.c
src/libcharon/plugins/smp/smp.c
src/libcharon/plugins/stroke/stroke_list.c
src/libcharon/plugins/unity/unity_narrow.c
src/libcharon/plugins/unity/unity_provider.c
src/libcharon/plugins/vici/vici_query.c
src/libcharon/sa/child_sa.c
src/libcharon/sa/ikev1/tasks/quick_mode.c
src/libcharon/sa/ikev2/tasks/child_create.c
src/libcharon/sa/shunt_manager.c
src/libcharon/sa/trap_manager.c

index 0b00599..d8083d4 100644 (file)
@@ -289,7 +289,7 @@ METHOD(child_cfg_t, add_traffic_selector, void,
 
 METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
        private_child_cfg_t *this, bool local, linked_list_t *supplied,
-       linked_list_t *hosts)
+       linked_list_t *hosts, bool log)
 {
        enumerator_t *e1, *e2;
        traffic_selector_t *ts1, *ts2, *selected;
@@ -334,13 +334,19 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
        }
        e1->destroy(e1);
 
-       DBG2(DBG_CFG, "%s traffic selectors for %s:",
-                supplied ? "selecting" : "proposing", local ? "us" : "other");
-       if (supplied == NULL)
+       if (log)
+       {
+               DBG2(DBG_CFG, "%s traffic selectors for %s:",
+                        supplied ? "selecting" : "proposing", local ? "us" : "other");
+       }
+       if (!supplied)
        {
                while (derived->remove_first(derived, (void**)&ts1) == SUCCESS)
                {
-                       DBG2(DBG_CFG, " %R", ts1);
+                       if (log)
+                       {
+                               DBG2(DBG_CFG, " %R", ts1);
+                       }
                        result->insert_last(result, ts1);
                }
                derived->destroy(derived);
@@ -358,11 +364,14 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
                                selected = ts1->get_subset(ts1, ts2);
                                if (selected)
                                {
-                                       DBG2(DBG_CFG, " config: %R, received: %R => match: %R",
-                                                ts1, ts2, selected);
+                                       if (log)
+                                       {
+                                               DBG2(DBG_CFG, " config: %R, received: %R => match: %R",
+                                                        ts1, ts2, selected);
+                                       }
                                        result->insert_last(result, selected);
                                }
-                               else
+                               else if (log)
                                {
                                        DBG2(DBG_CFG, " config: %R, received: %R => no match",
                                                 ts1, ts2);
index d566da3..2defd03 100644 (file)
@@ -135,11 +135,13 @@ struct child_cfg_t {
         * @param local                 TRUE for TS on local side, FALSE for remote
         * @param supplied              list with TS to select from, or NULL
         * @param hosts                 addresses to use for narrowing "dynamic" TS', host_t
+        * @param log                   FALSE to avoid logging details about the selection
         * @return                              list containing the traffic selectors
         */
        linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local,
                                                                                        linked_list_t *supplied,
-                                                                                       linked_list_t *hosts);
+                                                                                       linked_list_t *hosts, bool log);
+
        /**
         * Get the updown script to run for the CHILD_SA.
         *
index 29f0678..47a994f 100644 (file)
@@ -379,7 +379,7 @@ static int get_ts_match(child_cfg_t *cfg, bool local,
        int match = 0, round;
 
        /* fetch configured TS list, narrowing dynamic TS */
-       cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, hosts);
+       cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, hosts, TRUE);
 
        /* use a round counter to rate leading TS with higher priority */
        round = sup_list->get_count(sup_list);
index 8629644..e7f6185 100644 (file)
@@ -324,10 +324,12 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write
                        xmlTextWriterStartElement(writer, "childconfig");
                        xmlTextWriterWriteElement(writer, "name",
                                                                          child_cfg->get_name(child_cfg));
-                       list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+                       list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
+                                                                                                       NULL, FALSE);
                        write_networks(writer, "local", list);
                        list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
-                       list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+                       list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
+                                                                                                       NULL, FALSE);
                        write_networks(writer, "remote", list);
                        list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
                        xmlTextWriterEndElement(writer);
index d1bf139..392eac8 100644 (file)
@@ -580,8 +580,10 @@ METHOD(stroke_list_t, status, void,
                        children = peer_cfg->create_child_cfg_enumerator(peer_cfg);
                        while (children->enumerate(children, &child_cfg))
                        {
-                               my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
-                               other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+                               my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE,
+                                                                                                                NULL, NULL, FALSE);
+                               other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE,
+                                                                                                                       NULL, NULL, FALSE);
                                fprintf(out, "%12s:   child:  %#R === %#R %N",
                                                child_cfg->get_name(child_cfg), my_ts, other_ts,
                                                ipsec_mode_names, child_cfg->get_mode(child_cfg));
@@ -614,8 +616,10 @@ METHOD(stroke_list_t, status, void,
                        fprintf(out, "Shunted Connections:\n");
                        first = FALSE;
                }
-               my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
-               other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+               my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
+                                                                                                NULL, FALSE);
+               other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
+                                                                                                       NULL, FALSE);
                fprintf(out, "%12s:  %#R === %#R %N\n",
                                child_cfg->get_name(child_cfg), my_ts, other_ts,
                                ipsec_mode_names, child_cfg->get_mode(child_cfg));
index 05ae8d5..afbd6cc 100644 (file)
@@ -56,7 +56,7 @@ static void narrow_ts(child_cfg_t *cfg, traffic_selector_t *ts,
 
        received = linked_list_create();
        received->insert_last(received, ts);
-       selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL);
+       selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL, FALSE);
        while (selected->remove_first(selected, (void**)&ts) == SUCCESS)
        {
                list->insert_last(list, ts);
@@ -140,7 +140,8 @@ static void narrow_responder_post(child_cfg_t *child_cfg, linked_list_t *local)
        {
                ts->destroy(ts);
        }
-       configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+       configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL,
+                                                                                                 FALSE);
 
        while (configured->remove_first(configured, (void**)&ts) == SUCCESS)
        {
index b52ffee..76aad47 100644 (file)
@@ -160,7 +160,8 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
        enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
        while (enumerator->enumerate(enumerator, &child_cfg))
        {
-               current = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+               current = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL,
+                                                                                                  FALSE);
                while (current->remove_first(current, (void**)&ts) == SUCCESS)
                {
                        if (use_ts(ts))
index 4385cf6..f529902 100644 (file)
@@ -570,7 +570,7 @@ static void raise_policy_cfg(private_vici_query_t *this, u_int id, char *ike,
        list_mode(b, NULL, cfg);
 
        b->begin_list(b, "local-ts");
-       list = cfg->get_traffic_selectors(cfg, TRUE, NULL, NULL);
+       list = cfg->get_traffic_selectors(cfg, TRUE, NULL, NULL, FALSE);
        enumerator = list->create_enumerator(list);
        while (enumerator->enumerate(enumerator, &ts))
        {
@@ -581,7 +581,7 @@ static void raise_policy_cfg(private_vici_query_t *this, u_int id, char *ike,
        b->end_list(b /* local-ts */);
 
        b->begin_list(b, "remote-ts");
-       list = cfg->get_traffic_selectors(cfg, FALSE, NULL, NULL);
+       list = cfg->get_traffic_selectors(cfg, FALSE, NULL, NULL, FALSE);
        enumerator = list->create_enumerator(list);
        while (enumerator->enumerate(enumerator, &ts))
        {
@@ -873,7 +873,8 @@ CALLBACK(list_conns, vici_message_t*,
                                          child_cfg->get_close_action(child_cfg));
 
                        b->begin_list(b, "local-ts");
-                       list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+                       list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
+                                                                                                       NULL, FALSE);
                        selectors = list->create_enumerator(list);
                        while (selectors->enumerate(selectors, &ts))
                        {
@@ -884,7 +885,8 @@ CALLBACK(list_conns, vici_message_t*,
                        b->end_list(b /* local-ts */);
 
                        b->begin_list(b, "remote-ts");
-                       list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+                       list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
+                                                                                                       NULL, FALSE);
                        selectors = list->create_enumerator(list);
                        while (selectors->enumerate(selectors, &ts))
                        {
index 7eeb578..4971770 100644 (file)
@@ -1723,7 +1723,7 @@ static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local)
        traffic_selector_t *ts;
 
        list = linked_list_create_with_items(ike, NULL);
-       ts_list = config->get_traffic_selectors(config, local, NULL, list);
+       ts_list = config->get_traffic_selectors(config, local, NULL, list, FALSE);
        list->destroy(list);
 
        enumerator = ts_list->create_enumerator(ts_list);
index 5e5b61e..007e94d 100644 (file)
@@ -544,7 +544,7 @@ static traffic_selector_t* select_ts(private_quick_mode_t *this, bool local,
 
        hosts = get_dynamic_hosts(this->ike_sa, local);
        list = this->config->get_traffic_selectors(this->config,
-                                                                                          local, supplied, hosts);
+                                                                                          local, supplied, hosts, TRUE);
        hosts->destroy(hosts);
        if (list->get_first(list, (void**)&ts) == SUCCESS)
        {
index c90af23..15bd624 100644 (file)
@@ -481,12 +481,14 @@ static linked_list_t* narrow_ts(private_child_create_t *this, bool local,
                this->ike_sa->has_condition(this->ike_sa, cond))
        {
                nat = get_transport_nat_ts(this, local, in);
-               ts = this->config->get_traffic_selectors(this->config, local, nat, hosts);
+               ts = this->config->get_traffic_selectors(this->config, local, nat,
+                                                                                                hosts, TRUE);
                nat->destroy_offset(nat, offsetof(traffic_selector_t, destroy));
        }
        else
        {
-               ts = this->config->get_traffic_selectors(this->config, local, in, hosts);
+               ts = this->config->get_traffic_selectors(this->config, local, in,
+                                                                                                hosts, TRUE);
        }
 
        hosts->destroy(hosts);
@@ -1075,7 +1077,7 @@ METHOD(task_t, build_i, status_t,
        if (list->get_count(list))
        {
                this->tsi = this->config->get_traffic_selectors(this->config,
-                                                                                                               TRUE, NULL, list);
+                                                                                                               TRUE, NULL, list, TRUE);
                list->destroy_offset(list, offsetof(host_t, destroy));
        }
        else
@@ -1083,12 +1085,12 @@ METHOD(task_t, build_i, status_t,
                list->destroy(list);
                list = get_dynamic_hosts(this->ike_sa, TRUE);
                this->tsi = this->config->get_traffic_selectors(this->config,
-                                                                                                               TRUE, NULL, list);
+                                                                                                               TRUE, NULL, list, TRUE);
                list->destroy(list);
        }
        list = get_dynamic_hosts(this->ike_sa, FALSE);
        this->tsr = this->config->get_traffic_selectors(this->config,
-                                                                                                       FALSE, NULL, list);
+                                                                                                       FALSE, NULL, list, TRUE);
        list->destroy(list);
 
        if (this->packet_tsi)
index a83da04..d66e709 100644 (file)
@@ -117,8 +117,10 @@ static bool install_shunt_policy(child_cfg_t *child)
        host_any6 = host_create_any(AF_INET6);
 
        hosts = linked_list_create_with_items(host_any, host_any6, NULL);
-       my_ts_list =    child->get_traffic_selectors(child, TRUE,  NULL, hosts);
-       other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts);
+       my_ts_list =    child->get_traffic_selectors(child, TRUE,  NULL, hosts,
+                                                                                                FALSE);
+       other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts,
+                                                                                                FALSE);
        hosts->destroy(hosts);
 
        manual_prio = child->get_manual_prio(child);
@@ -287,8 +289,10 @@ static void uninstall_shunt_policy(child_cfg_t *child)
        host_any6 = host_create_any(AF_INET6);
 
        hosts = linked_list_create_with_items(host_any, host_any6, NULL);
-       my_ts_list =    child->get_traffic_selectors(child, TRUE,  NULL, hosts);
-       other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts);
+       my_ts_list =    child->get_traffic_selectors(child, TRUE,  NULL, hosts,
+                                                                                                FALSE);
+       other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts,
+                                                                                                FALSE);
        hosts->destroy(hosts);
 
        manual_prio = child->get_manual_prio(child);
index 979f929..148df39 100644 (file)
@@ -168,7 +168,7 @@ static bool dynamic_remote_ts(child_cfg_t *child)
        traffic_selector_t *ts;
        bool found = FALSE;
 
-       other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL);
+       other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL, FALSE);
        enumerator = other_ts->create_enumerator(other_ts);
        while (enumerator->enumerate(enumerator, &ts))
        {
@@ -296,11 +296,11 @@ METHOD(trap_manager_t, install, bool,
        child_sa = child_sa_create(me, other, child, 0, FALSE, 0, 0);
 
        list = linked_list_create_with_items(me, NULL);
-       my_ts = child->get_traffic_selectors(child, TRUE, NULL, list);
+       my_ts = child->get_traffic_selectors(child, TRUE, NULL, list, FALSE);
        list->destroy_offset(list, offsetof(host_t, destroy));
 
        list = linked_list_create_with_items(other, NULL);
-       other_ts = child->get_traffic_selectors(child, FALSE, NULL, list);
+       other_ts = child->get_traffic_selectors(child, FALSE, NULL, list, FALSE);
        list->destroy_offset(list, offsetof(host_t, destroy));
 
        /* We don't know the finally negotiated protocol (ESP|AH), we install