improved signal handling and emitting
authorMartin Willi <martin@strongswan.org>
Thu, 26 Oct 2006 09:46:56 +0000 (09:46 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 26 Oct 2006 09:46:56 +0000 (09:46 -0000)
46 files changed:
src/charon/bus/bus.c
src/charon/bus/bus.h
src/charon/bus/listeners/file_logger.c
src/charon/bus/listeners/sys_logger.c
src/charon/config/connections/connection.h
src/charon/config/connections/local_connection_store.c
src/charon/config/credentials/local_credential_store.c
src/charon/config/policies/local_policy_store.c
src/charon/config/policies/policy.c
src/charon/daemon.c
src/charon/encoding/generator.c
src/charon/encoding/message.c
src/charon/encoding/parser.c
src/charon/encoding/payloads/encryption_payload.c
src/charon/encoding/payloads/notify_payload.c
src/charon/encoding/payloads/proposal_substructure.c
src/charon/encoding/payloads/sa_payload.c
src/charon/encoding/payloads/transform_substructure.c
src/charon/network/socket.c
src/charon/queues/jobs/acquire_job.c
src/charon/queues/jobs/delete_child_sa_job.c
src/charon/queues/jobs/delete_ike_sa_job.c
src/charon/queues/jobs/incoming_packet_job.c
src/charon/queues/jobs/initiate_job.c
src/charon/queues/jobs/rekey_child_sa_job.c
src/charon/queues/jobs/rekey_ike_sa_job.c
src/charon/queues/jobs/retransmit_request_job.c
src/charon/queues/jobs/route_job.c
src/charon/queues/send_queue.c
src/charon/sa/authenticator.c
src/charon/sa/child_sa.c
src/charon/sa/ike_sa.c
src/charon/sa/ike_sa_manager.c
src/charon/sa/transactions/create_child_sa.c
src/charon/sa/transactions/delete_child_sa.c
src/charon/sa/transactions/delete_ike_sa.c
src/charon/sa/transactions/ike_auth.c
src/charon/sa/transactions/ike_sa_init.c
src/charon/sa/transactions/rekey_ike_sa.c
src/charon/threads/kernel_interface.c
src/charon/threads/receiver.c
src/charon/threads/scheduler.c
src/charon/threads/sender.c
src/charon/threads/stroke_interface.c
src/charon/threads/thread_pool.c
src/libstrongswan/utils/identification.c

index e207dfa..2f27476 100644 (file)
@@ -263,7 +263,7 @@ static void set_listen_state(private_bus_t *this, bool active)
        else
        {
                listener->state = UNREGISTERED;
-               /* say hello to signal omitter; we are finished processing the signal */
+               /* say hello to signal emitter; we are finished processing the signal */
                pthread_cond_signal(&listener->cond);
        }
        
index d04ce4c..e1b4f55 100644 (file)
 typedef enum signal_t signal_t;
 
 /**
- * @brief signals ommited by the daemon.
+ * @brief signals emitted by the daemon.
  *
  * Signaling is for different purporses. First, it allows debugging via
  * "debugging signal messages", sencondly, it allows to follow certain
  * mechanisms currently going on in the daemon. As we are multithreaded, 
- * and a multiple messages are involved, it's not possible to follow
+ * and of multiple transactions are involved, it's not possible to follow
  * one connection setup without further infrastructure. These infrastructure
- * is provided by the bus and the signals the whole daemon ommits to the bus.
+ * is provided by the bus and the signals the daemon emits to the bus.
  *
- * @par Schema 1: Signals involved in IKE_SA/CHILD_SA initiation
- *
- * In the initiation of a IKE- or CHILD_SA is triggered by three possible
- * sources: User request, a request from the other peer, or a request
- * triggered by the kernel.
- * Once the user requests initiation, the SIG_INITIATE signal is ommited.
- * This signal contains the IKE_SA that got created. Any further signals
- * have the same IKE_SA and are therefore easy to trace.
- * If the kernel initiates, a SIG_ACQUIRE is sent over the bus.
- * If a new IKE_SA is needed, it is set up. If it succeeds, a
- * SIG_IKE_ESTABLISHED is ommitted. If the peer didn't accept our DH
- * group, the initiation fails. A SIG_DH_INVALID is sent over the bus. It still
- * contains the the old IKE_SA. Shortly afterwards, a SIG_DH_RETRY is ommited.
- * It contains the NEW IKE_SA. This mechanism allows us to trace the setup even
- * beyond a INVALID_KE_PAYLOUD error.
- * If the setup fails, SIG_IKE_ESTABLISH_FAILED is sent.
- * After a successful establishment of the IKE_SA, or if an already established
- * IKE_SA is reused, the child establishment begins. If it is set up with
- * the ike_auth transaction, the SIG_CHILD_ESTABLISHED signal is ommited
- * directly after the SIG_IKE_ESTABLISHED signal, as both are set up
- * simultaneously. The child setup may fail (in a ike_auth, or in a 
- * create_child_sa exchange), if so, the SIG_CHID_ESTABLISH_FAILED signal
- * is raised.
- *
- * @verbatim
-
-          "ipsec up"  "peer msg"  "kernel acquire"
-                |         |          |
-                V         |          V
-            SIG_INITIATE  | SIG_ACQUIRE
-                       \  | /
-                        \ |/______________________________________________
-                         \/________________________________               \
-                         /\                           \    \              |
-                        |  |                          |    |              |
-                        V  V                          |    V              |
-      SIG_IKE_ESTABLISHED  SIG_IKE_ESTABLISH_FALIED   |  SIG_DH_INVALID   |
-                        \                |            |    |              |
-                         \               X            |    V              |
-                          \___________________________/  SIG_DH_RETRY     |
-                          /\                               \______________/
-                         |  |
-                         V  V
-     SIG_CHILD_ESTABLISHED  SIG_CHILD_ESTABLISH_FAILED
-                                          |
-                                          X
-   @endverbatim
- * Other scenarios are much simpler. Termination is just indicated with
- * a simple SIG_CHILD_TERMINATED and/or SIG_IKE_TERMINATED signal. There
- * are other signals as SIG_CHILD_ROUTED or SIG_CHILD_UNROUTED. Rekeying is
- * also trivial (SIG_IKE_REKEYED/SIG_CHILD_REKEYED), but may contain
- * SIG_DH_INVALID...
+ * There are different scenarios to follow these signals, but all have
+ * the same scheme. First, a START signal is emitted to indicate the daemon
+ * has started to 
  *
  * @ingroup bus
  */
@@ -100,56 +51,69 @@ enum signal_t {
        /** pseudo signal, representing any other signal */
        SIG_ANY,
        
-       /** debugging messages printed from daemon main loop */
-       SIG_DBG_DMN,
-       /** debugging message printed from IKE_SA_MANAGER */
-       SIG_DBG_MGR,
-       /** debugging message printed from an IKE_SA */
-       SIG_DBG_IKE,
-       /** debugging message printed from a CHILD_SA */
-       SIG_DBG_CHD,
-       /** debugging message printed from job processing */
-       SIG_DBG_JOB,
-       /** debugging message printed from configuration backends */
-       SIG_DBG_CFG,
-       /** debugging message printed from kernel interface */
-       SIG_DBG_KNL,
-       /** debugging message printed from networking */
-       SIG_DBG_NET,
-       /** debugging message printed from message encoding/decoding */
-       SIG_DBG_ENC,
-       /** debugging message printed from libstrongswan via logging hook */
-       SIG_DBG_LIB,
+       /** debugging message from daemon main loop */
+       DBG_DMN,
+       /** debugging message from IKE_SA_MANAGER */
+       DBG_MGR,
+       /** debugging message from an IKE_SA */
+       DBG_IKE,
+       /** debugging message from a CHILD_SA */
+       DBG_CHD,
+       /** debugging message from job processing */
+       DBG_JOB,
+       /** debugging message from configuration backends */
+       DBG_CFG,
+       /** debugging message from kernel interface */
+       DBG_KNL,
+       /** debugging message from networking */
+       DBG_NET,
+       /** debugging message from message encoding/decoding */
+       DBG_ENC,
+       /** debugging message from libstrongswan via logging hook */
+       DBG_LIB,
        
        /** number of debug signals */
-       SIG_DBG_MAX,
+       DBG_MAX,
+       
+       /** signals for IKE_SA establishment */
+       IKE_UP_START,
+       IKE_UP_SUCCESS,
+       IKE_UP_FAILED,
+       
+       /** signals for IKE_SA delete */
+       IKE_DOWN_START,
+       IKE_DOWN_SUCCESS,
+       IKE_DOWN_FAILED,
+       
+       /** signals for IKE_SA rekeying */
+       IKE_REKEY_START,
+       IKE_REKEY_SUCCESS,
+       IKE_REKEY_FAILED,
+       
+       /** signals for CHILD_SA establishment */
+       CHILD_UP_START,
+       CHILD_UP_SUCCESS,
+       CHILD_UP_FAILED,
+       
+       /** signals for CHILD_SA delete */
+       CHILD_DOWN_START,
+       CHILD_DOWN_SUCCESS,
+       CHILD_DOWN_FAILED,
        
-       /** initiation started on user request */
-       SIG_INITIATE,
-       /** acquiring on kernel request */
-       SIG_ACQUIRE,
+       /** signals for CHILD_SA rekeying */
+       CHILD_REKEY_START,
+       CHILD_REKEY_SUCCESS,
+       CHILD_REKEY_FAILED,
        
-       /** an IKE_SA has been established */
-       SIG_IKE_UP,
-       /** an IKE_SA has been closed as requested */
-       SIG_IKE_DOWN,
-       /** an IKE_SA got deleted due an error */
-       SIG_IKE_FAILED,
-       /** an IKE_SA has been rekeyed */
-       SIG_IKE_REKEY,
+       /** signals for CHILD_SA routing */
+       CHILD_ROUTE_START,
+       CHILD_ROUTE_SUCCESS,
+       CHILD_ROUTE_FAILED,
        
-       /** a CHILD_SA has been established */
-       SIG_CHILD_UP,
-       /** a CHILD_SA has been closed as requested */
-       SIG_CHILD_DOWN,
-       /** a CHILD_SA got deleted due an error */
-       SIG_CHILD_FAILED,
-       /** a CHILD_SA has been rekeyed */
-       SIG_CHILD_REKEY,
-       /** a CHILD_SA has been routed */
-       SIG_CHILD_ROUTE,
-       /** a CHILD_SA has been unrouted */
-       SIG_CHILD_UNROUTE,
+       /** signals for CHILD_SA routing */
+       CHILD_UNROUTE_START,
+       CHILD_UNROUTE_SUCCESS,
+       CHILD_UNROUTE_FAILED,
        
        SIG_MAX
 };
@@ -171,7 +135,7 @@ enum level_t {
        LEVEL_2 = 2,
        LEVEL_3 = 3,
        LEVEL_4 = 4,
-       /** absolutely silent, no signal is ommited with this level */
+       /** absolutely silent, no signal is emitted with this level */
        LEVEL_SILENT = -1,
        /** alias for numberical levels */
        LEVEL_AUDIT = LEVEL_0,
@@ -210,9 +174,9 @@ enum level_t {
  * type 0. This allows filtering of singals by their type.
  *
  * @param signal       signal to get the type from
- * @return                     type of the signal, between 0..(SIG_DBG_MAX-1)
+ * @return                     type of the signal, between 0..(DBG_MAX-1)
  */
-#define SIG_TYPE(sig) (sig > SIG_DBG_MAX ? SIG_ANY : sig)
+#define SIG_TYPE(sig) (sig > DBG_MAX ? SIG_ANY : sig)
 
 
 typedef struct bus_listener_t bus_listener_t;
@@ -269,7 +233,7 @@ struct bus_t {
         * @brief Register a listener to the bus.
         *
         * A registered listener receives all signals which are sent to the bus.
-        * The listener is passive; the thread which ommited the signal
+        * The listener is passive; the thread which emitted the signal
         * processes the listener routine.
         *
         * @param this          bus
@@ -283,17 +247,17 @@ struct bus_t {
         * As we are fully multithreaded, we must provide a mechanism
         * for active threads to listen to the bus. With the listen() method,
         * a thread waits until a signal occurs, and then processes it.
-        * To prevent the listen() calling thread to miss signals ommited while
+        * To prevent the listen() calling thread to miss signals emitted while
         * it processes a signal, registration is required. This is done through
         * the set_listen_state() method, see below.
         *
         * @param this          bus
         * @param level         verbosity level of the signal
-        * @param thread        receives thread number ommited the signal
+        * @param thread        receives thread number emitted the signal
         * @param ike_sa        receives the IKE_SA involved in the signal, or NULL
         * @param format        receives the format string supplied with the signal
         * @param va_list       receives the variable argument list for format
-        * @return                      the ommited signal type
+        * @return                      the emitted signal type
         */
        signal_t (*listen) (bus_t *this, level_t* level, int *thread,
                                                ike_sa_t **ike_sa, char** format, va_list* args);
@@ -303,11 +267,11 @@ struct bus_t {
         *
         * To prevent message loss for active listeners using listen(), threads
         * must register themself to the bus before starting to listen(). When
-        * a signal occurs, the ommiter waits until all threads with listen_state
+        * a signal occurs, the emitter waits until all threads with listen_state
         * TRUE are waiting in the listen() method to process the signal.
         * It is important that a thread with liste_state TRUE calls listen()
         * periodically, or sets it's listening state to FALSE; otherwise
-        * all signal omitting threads get blocked on the bus.
+        * all signal emitting threads get blocked on the bus.
         *
         * @param this          bus
         * @param active        TRUE to set to listening
index 794548b..4c9e13b 100644 (file)
@@ -46,7 +46,7 @@ struct private_file_logger_t {
        /**
         * Maximum level to log
         */
-       level_t levels[SIG_DBG_MAX];
+       level_t levels[DBG_MAX];
 };
 
 
@@ -86,7 +86,7 @@ static void set_level(private_file_logger_t *this, signal_t signal, level_t leve
        if (signal == SIG_ANY)
        {
                int i;
-               for (i = 0; i < SIG_DBG_MAX; i++)
+               for (i = 0; i < DBG_MAX; i++)
                {
                        this->levels[i] = level;
                }
index 0e3c9dc..58c59c4 100644 (file)
@@ -47,7 +47,7 @@ struct private_sys_logger_t {
        /**
         * Maximum level to log
         */
-       level_t levels[SIG_DBG_MAX];
+       level_t levels[DBG_MAX];
 };
 
 
@@ -88,7 +88,7 @@ static void set_level(private_sys_logger_t *this, signal_t signal, level_t level
        if (signal == SIG_ANY)
        {
                int i;
-               for (i = 0; i < SIG_DBG_MAX; i++)
+               for (i = 0; i < DBG_MAX; i++)
                {
                        this->levels[i] = level;
                }
index b3c1207..7605130 100644 (file)
@@ -36,7 +36,7 @@ typedef enum cert_policy_t cert_policy_t;
 /**
  * Certificate sending policy. This is also used for certificate
  * requests when using this definition for the other peer. If
- * it is CERT_NEVER_SEND, a certreq is ommited, otherwise its
+ * it is CERT_NEVER_SEND, a certreq is omitted, otherwise its
  * included.
  *
  * @ingroup config
@@ -173,7 +173,7 @@ struct connection_t {
         *
         * A certificate request contains serials of our trusted CA certificates.
         * This flag says if such a request is sent on connection setup to
-        * the peer. It should be ommited when CERT_SEND_NEVER, sended otherwise.
+        * the peer. It should be omitted when CERT_SEND_NEVER, sended otherwise.
         *
         * @param this          calling object
         * @return                      certificate request sending policy
index 4a6224f..37bf94c 100644 (file)
@@ -69,7 +69,7 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t
        connection_t *candidate;
        connection_t *found = NULL;
        
-       DBG2(SIG_DBG_CFG, "looking for connection for host pair %H...%H",
+       DBG2(DBG_CFG, "looking for connection for host pair %H...%H",
                 my_host, other_host);
        
        pthread_mutex_lock(&(this->mutex));
@@ -98,7 +98,7 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t
                                prio |= PRIO_ADDR_ANY;
                        }
 
-                       DBG2(SIG_DBG_CFG, "candidate connection \"%s\": %H...%H (prio=%d)",
+                       DBG2(DBG_CFG, "candidate connection \"%s\": %H...%H (prio=%d)",
                                 candidate->get_name(candidate),
                                 candidate_my_host, candidate_other_host, prio);
 
@@ -116,7 +116,7 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t
                host_t *found_my_host    = found->get_my_host(found);
                host_t *found_other_host = found->get_other_host(found);
                
-               DBG2(SIG_DBG_CFG, "found matching connection \"%s\": %H...%H (prio=%d)",
+               DBG2(DBG_CFG, "found matching connection \"%s\": %H...%H (prio=%d)",
                         found->get_name(found), found_my_host, found_other_host, best_prio);
                
                /* give out a new reference to it */
index bddd388..16613a3 100644 (file)
@@ -256,19 +256,19 @@ static rsa_public_key_t *get_trusted_public_key(private_local_credential_store_t
        ugh = cert->is_valid(cert, NULL);
        if (ugh != NULL)
        {
-               DBG1(SIG_DBG_CFG, "certificate %s", ugh);
+               DBG1(DBG_CFG, "certificate %s", ugh);
                return NULL;
        }
 
        status = cert->get_status(cert);
        if (status == CERT_REVOKED || status == CERT_UNTRUSTED || (this->strict && status != CERT_GOOD))
        {
-               DBG1(SIG_DBG_CFG, "certificate status: %N", cert_status_names, status);
+               DBG1(DBG_CFG, "certificate status: %N", cert_status_names, status);
                return NULL;
        }
        if (status == CERT_GOOD && cert->get_until(cert) < time(NULL))
        {
-               DBG1(SIG_DBG_CFG, "certificate is good but crl is stale");
+               DBG1(DBG_CFG, "certificate is good but crl is stale");
                return NULL;
        }
 
@@ -379,20 +379,20 @@ static cert_status_t verify_by_crl(private_local_credential_store_t* this, const
        crl = get_crl(this, issuer_cert);
        if (crl == NULL)
        {
-               DBG1(SIG_DBG_CFG, "crl not found");
+               DBG1(DBG_CFG, "crl not found");
                goto err;
        }
-       DBG2(SIG_DBG_CFG, "crl found");
+       DBG2(DBG_CFG, "crl found");
        
        issuer_public_key = issuer_cert->get_public_key(issuer_cert);
        valid_signature = crl->verify(crl, issuer_public_key);
 
        if (!valid_signature)
        {
-               DBG1(SIG_DBG_CFG, "crl signature is invalid");
+               DBG1(DBG_CFG, "crl signature is invalid");
                goto err;
        }
-       DBG2(SIG_DBG_CFG, "crl signature is valid");
+       DBG2(DBG_CFG, "crl signature is valid");
 
        crl->get_status(crl, certinfo);
 
@@ -447,7 +447,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
        *found = (cert_copy != NULL);
        if (*found)
        {
-               DBG2(SIG_DBG_CFG,
+               DBG2(DBG_CFG,
                         "end entitity certificate is already in credential store");
        }
 
@@ -461,39 +461,39 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                identification_t *subject = cert->get_subject(cert);
                identification_t *issuer  = cert->get_issuer(cert);
 
-               DBG2(SIG_DBG_CFG, "subject: '%D'", subject);
-               DBG2(SIG_DBG_CFG, "issuer:  '%D'", issuer);
+               DBG2(DBG_CFG, "subject: '%D'", subject);
+               DBG2(DBG_CFG, "issuer:  '%D'", issuer);
 
                ugh = cert->is_valid(cert, &until);
                if (ugh != NULL)
                {
-                       DBG1(SIG_DBG_CFG, "certificate %s", ugh);
+                       DBG1(DBG_CFG, "certificate %s", ugh);
                        return FALSE;
                }
-               DBG2(SIG_DBG_CFG, "certificate is valid");
+               DBG2(DBG_CFG, "certificate is valid");
 
                issuer_cert = get_issuer_certificate(this, cert);
                if (issuer_cert == NULL)
                {
-                       DBG1(SIG_DBG_CFG, "issuer certificate not found");
+                       DBG1(DBG_CFG, "issuer certificate not found");
                        return FALSE;
                }
-               DBG2(SIG_DBG_CFG, "issuer certificate found");
+               DBG2(DBG_CFG, "issuer certificate found");
 
                issuer_public_key = issuer_cert->get_public_key(issuer_cert);
                valid_signature = cert->verify(cert, issuer_public_key);
 
                if (!valid_signature)
                {
-                       DBG1(SIG_DBG_CFG, "certificate signature is invalid");
+                       DBG1(DBG_CFG, "certificate signature is invalid");
                        return FALSE;
                }
-               DBG2(SIG_DBG_CFG, "certificate signature is valid");
+               DBG2(DBG_CFG, "certificate signature is valid");
 
                /* check if cert is a self-signed root ca */
                if (pathlen > 0 && cert->is_self_signed(cert))
                {
-                       DBG2(SIG_DBG_CFG, "reached self-signed root ca");
+                       DBG2(DBG_CFG, "reached self-signed root ca");
 
                        /* set the definite status and trust interval of the end entity certificate */
                        end_cert->set_until(end_cert, until);
@@ -533,10 +533,10 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                                        /* if status information is stale */
                                        if (this->strict && nextUpdate < time(NULL))
                                        {
-                                               DBG2(SIG_DBG_CFG, "certificate is good but status is stale");
+                                               DBG2(DBG_CFG, "certificate is good but status is stale");
                                                return FALSE;
                                        }
-                                       DBG2(SIG_DBG_CFG, "certificate is good");
+                                       DBG2(DBG_CFG, "certificate is good");
 
                                        /* with strict crl policy the public key must have the same
                                         * lifetime as the validity of the ocsp status or crl lifetime
@@ -547,7 +547,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                                case CERT_REVOKED:
                                        {
                                                time_t revocationTime = certinfo->get_revocationTime(certinfo);
-                                               DBG1(SIG_DBG_CFG,
+                                               DBG1(DBG_CFG,
                                                         "certificate was revoked on %T, reason: %N",
                                                         revocationTime, crl_reason_names,
                                                         certinfo->get_revocationReason(certinfo));
@@ -574,7 +574,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                                case CERT_UNKNOWN:
                                case CERT_UNDEFINED:
                                default:
-                                       DBG2(SIG_DBG_CFG, "certificate status unknown");
+                                       DBG2(DBG_CFG, "certificate status unknown");
                                        if (this->strict)
                                        {
                                                /* update status of end certificate in the credential store */
@@ -591,7 +591,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
                /* go up one step in the trust chain */
                cert = issuer_cert;
        }
-       DBG1(SIG_DBG_CFG, "maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
+       DBG1(DBG_CFG, "maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
        return FALSE;
 }
 
@@ -664,12 +664,12 @@ static void load_ca_certificates(private_local_credential_store_t *this)
        DIR* dir;
        x509_t *cert;
        
-       DBG1(SIG_DBG_CFG, "loading ca certificates from '%s/'", CA_CERTIFICATE_DIR);
+       DBG1(DBG_CFG, "loading ca certificates from '%s/'", CA_CERTIFICATE_DIR);
 
        dir = opendir(CA_CERTIFICATE_DIR);
        if (dir == NULL)
        {
-               DBG1(SIG_DBG_CFG, "error opening ca certs directory %s'", CA_CERTIFICATE_DIR);
+               DBG1(DBG_CFG, "error opening ca certs directory %s'", CA_CERTIFICATE_DIR);
                return;
        }
 
@@ -693,7 +693,7 @@ static void load_ca_certificates(private_local_credential_store_t *this)
 
                                if (ugh != NULL)
                                {
-                                       DBG1(SIG_DBG_CFG, "warning: ca certificate %s", ugh);
+                                       DBG1(DBG_CFG, "warning: ca certificate %s", ugh);
                                }
                                if (cert->is_ca(cert))
                                {
@@ -701,7 +701,7 @@ static void load_ca_certificates(private_local_credential_store_t *this)
                                }
                                else
                                {
-                                       DBG1(SIG_DBG_CFG, "  CA basic constraints flag not set, cert discarded");
+                                       DBG1(DBG_CFG, "  CA basic constraints flag not set, cert discarded");
                                        cert->destroy(cert);
                                }
                        }
@@ -734,13 +734,13 @@ static crl_t* add_crl(linked_list_t *crls, crl_t *crl)
                                {
                                        old_crl->destroy(old_crl);
                                }
-                               DBG2(SIG_DBG_CFG, "  thisUpdate is newer - existing crl replaced");
+                               DBG2(DBG_CFG, "  thisUpdate is newer - existing crl replaced");
                        }
                        else
                        {
                                crl->destroy(crl);
                                crl = current_crl;
-                               DBG2(SIG_DBG_CFG, "  thisUpdate is not newer - existing crl retained");
+                               DBG2(DBG_CFG, "  thisUpdate is not newer - existing crl retained");
                        }
                        break;
                }
@@ -750,7 +750,7 @@ static crl_t* add_crl(linked_list_t *crls, crl_t *crl)
        if (!found)
        {
                crls->insert_last(crls, (void*)crl);
-               DBG2(SIG_DBG_CFG, "  crl added");
+               DBG2(DBG_CFG, "  crl added");
        }
        return crl;
 }
@@ -765,12 +765,12 @@ static void load_crls(private_local_credential_store_t *this)
        DIR* dir;
        crl_t *crl;
        
-       DBG1(SIG_DBG_CFG, "loading crls from '%s/'", CRL_DIR);
+       DBG1(DBG_CFG, "loading crls from '%s/'", CRL_DIR);
 
        dir = opendir(CRL_DIR);
        if (dir == NULL)
        {
-               DBG1(SIG_DBG_CFG, "error opening crl directory %s'", CRL_DIR);
+               DBG1(DBG_CFG, "error opening crl directory %s'", CRL_DIR);
                return;
        }
 
@@ -794,7 +794,7 @@ static void load_crls(private_local_credential_store_t *this)
 
                                if (ugh != NULL)        
                                {
-                                       DBG1(SIG_DBG_CFG, "warning: crl %s", ugh);
+                                       DBG1(DBG_CFG, "warning: crl %s", ugh);
                                }
                                pthread_mutex_lock(&(this->crls_mutex));
                                crl = add_crl(this->crls, crl);
@@ -874,7 +874,7 @@ static void load_secrets(private_local_credential_store_t *this)
                int line_nr = 0;
        chunk_t chunk, src, line;
 
-               DBG1(SIG_DBG_CFG, "loading secrets from \"%s\"", SECRETS_FILE);
+               DBG1(DBG_CFG, "loading secrets from \"%s\"", SECRETS_FILE);
 
                fseek(fd, 0, SEEK_END);
                chunk.len = ftell(fd);
@@ -897,7 +897,7 @@ static void load_secrets(private_local_credential_store_t *this)
                        }
                        if (!extract_token(&ids, ':', &line))
                        {
-                               DBG1(SIG_DBG_CFG, "line %d: missing ':' separator", line_nr);
+                               DBG1(DBG_CFG, "line %d: missing ':' separator", line_nr);
                                goto error;
                        }
                        /* NULL terminate the ids string by replacing the : separator */
@@ -905,7 +905,7 @@ static void load_secrets(private_local_credential_store_t *this)
 
                        if (!eat_whitespace(&line) || !extract_token(&token, ' ', &line))
                        {
-                               DBG1(SIG_DBG_CFG, "line %d: missing token", line_nr);
+                               DBG1(DBG_CFG, "line %d: missing token", line_nr);
                                goto error;
                        }
                        if (match("RSA", &token))
@@ -923,12 +923,12 @@ static void load_secrets(private_local_credential_store_t *this)
 
                                if (ugh != NULL)
                                {
-                                       DBG1(SIG_DBG_CFG, "line %d: %s", line_nr, ugh);
+                                       DBG1(DBG_CFG, "line %d: %s", line_nr, ugh);
                                        goto error;
                                }
                                if (filename.len == 0)
                                {
-                                       DBG1(SIG_DBG_CFG, "line %d: empty filename", line_nr);
+                                       DBG1(DBG_CFG, "line %d: empty filename", line_nr);
                                        goto error;
                                }
                                if (*filename.ptr == '/')
@@ -949,7 +949,7 @@ static void load_secrets(private_local_credential_store_t *this)
                                        ugh = extract_secret(&secret, &line);
                                        if (ugh != NULL)
                                        {
-                                               DBG1(SIG_DBG_CFG, "line %d: malformed passphrase: %s", line_nr, ugh);
+                                               DBG1(DBG_CFG, "line %d: malformed passphrase: %s", line_nr, ugh);
                                                goto error;
                                        }
                                        if (secret.len > 0)
@@ -971,20 +971,20 @@ static void load_secrets(private_local_credential_store_t *this)
                                err_t ugh = extract_secret(&secret, &line);
                                if (ugh != NULL)
                                {
-                                       DBG1(SIG_DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh);
+                                       DBG1(DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh);
                                        goto error;
                                }
 
                                if (ids.len > 0)
                                {
-                                       DBG1(SIG_DBG_CFG, "  loading shared key for %s", ids.ptr);
+                                       DBG1(DBG_CFG, "  loading shared key for %s", ids.ptr);
                                }
                                else
                                {
-                                       DBG1(SIG_DBG_CFG, "  loading shared key for %%any");
+                                       DBG1(DBG_CFG, "  loading shared key for %%any");
                                }
 
-                               DBG4(SIG_DBG_CFG, "  secret:", secret);
+                               DBG4(DBG_CFG, "  secret:", secret);
 
                                shared_key = shared_key_create(secret);
                                if (shared_key)
@@ -999,7 +999,7 @@ static void load_secrets(private_local_credential_store_t *this)
                                        ugh = extract_value(&id, &ids);
                                        if (ugh != NULL)
                                        {
-                                               DBG1(SIG_DBG_CFG, "line %d: %s", line_nr, ugh);
+                                               DBG1(DBG_CFG, "line %d: %s", line_nr, ugh);
                                                goto error;
                                        }
                                        if (id.len == 0)
@@ -1013,7 +1013,7 @@ static void load_secrets(private_local_credential_store_t *this)
                                        peer_id = identification_create_from_string(id.ptr);
                                        if (peer_id == NULL)
                                        {
-                                               DBG1(SIG_DBG_CFG, "line %d: malformed ID: %s", line_nr, id.ptr);
+                                               DBG1(DBG_CFG, "line %d: malformed ID: %s", line_nr, id.ptr);
                                                goto error;
                                        }
                                        
@@ -1031,7 +1031,7 @@ static void load_secrets(private_local_credential_store_t *this)
                        }
                        else
                        {
-                               DBG1(SIG_DBG_CFG, "line %d: token must be either "
+                               DBG1(DBG_CFG, "line %d: token must be either "
                                         "RSA, PSK, or PIN", line_nr, token.len);
                                goto error;
                        }
@@ -1041,7 +1041,7 @@ error:
        }
        else
        {
-               DBG1(SIG_DBG_CFG, "could not open file '%s'", SECRETS_FILE);
+               DBG1(DBG_CFG, "could not open file '%s'", SECRETS_FILE);
        }
 }
 
index dd4e7eb..a4b53c5 100644 (file)
@@ -106,7 +106,7 @@ static policy_t *get_policy(private_local_policy_store_t *this,
        policy_t *candidate;
        policy_t *found = NULL;
        
-       DBG2(SIG_DBG_CFG, "searching policy for ID pair %D...%D", my_id, other_id);
+       DBG2(DBG_CFG, "searching policy for ID pair %D...%D", my_id, other_id);
 
        pthread_mutex_lock(&(this->mutex));
        iterator = this->policies->create_iterator(this->policies, TRUE);
@@ -136,12 +136,12 @@ static policy_t *get_policy(private_local_policy_store_t *this,
                        if (!contains_traffic_selectors(candidate, TRUE, my_ts, my_host) ||
                                !contains_traffic_selectors(candidate, FALSE, other_ts, other_host))
                        {
-                               DBG2(SIG_DBG_CFG, "candidate '%s' inacceptable due traffic "
+                               DBG2(DBG_CFG, "candidate '%s' inacceptable due traffic "
                                         "selector mismatch", candidate->get_name(candidate));
                                continue;
                        }
 
-                       DBG2(SIG_DBG_CFG, "candidate policy '%s': %D...%D (prio=%d)",
+                       DBG2(DBG_CFG, "candidate policy '%s': %D...%D (prio=%d)",
                                 candidate->get_name(candidate),
                                 candidate_my_id, candidate_other_id, prio);
 
@@ -159,7 +159,7 @@ static policy_t *get_policy(private_local_policy_store_t *this,
                identification_t *found_my_id = found->get_my_id(found);
                identification_t *found_other_id = found->get_other_id(found);
                
-               DBG1(SIG_DBG_CFG, "found matching policy '%s': %D...%D (prio=%d)",
+               DBG1(DBG_CFG, "found matching policy '%s': %D...%D (prio=%d)",
                         found->get_name(found), found_my_id, found_other_id, best_prio);
                /* give out a new reference to it */
                found->get_ref(found);
@@ -176,7 +176,7 @@ static policy_t *get_policy_by_name(private_local_policy_store_t *this, char *na
        iterator_t *iterator;
        policy_t *current, *found = NULL;
        
-       DBG2(SIG_DBG_CFG, "looking for policy '%s'", name);
+       DBG2(DBG_CFG, "looking for policy '%s'", name);
        
        pthread_mutex_lock(&(this->mutex));
        iterator = this->policies->create_iterator(this->policies, TRUE);
index 55f8deb..4ef0969 100644 (file)
@@ -223,7 +223,7 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this,
        traffic_selector_t *supplied_ts, *stored_ts, *selected_ts;
        linked_list_t *selected = linked_list_create();
        
-       DBG2(SIG_DBG_CFG, "selecting traffic selectors");
+       DBG2(DBG_CFG, "selecting traffic selectors");
        
        stored_iter = stored->create_iterator(stored, TRUE);
        supplied_iter = supplied->create_iterator(supplied, TRUE);
@@ -240,7 +240,7 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this,
                /* iterate over all supplied traffic selectors */
                while (supplied_iter->iterate(supplied_iter, (void**)&supplied_ts))
                {
-                       DBG2(SIG_DBG_CFG, "stored %R <=> %R received",
+                       DBG2(DBG_CFG, "stored %R <=> %R received",
                                 stored_ts, supplied_ts);
                        
                        selected_ts = stored_ts->get_subset(stored_ts, supplied_ts);
@@ -249,7 +249,7 @@ static linked_list_t *select_traffic_selectors(private_policy_t *this,
                                /* got a match, add to list */
                                selected->insert_last(selected, (void*)selected_ts);
                                
-                               DBG2(SIG_DBG_CFG, "found traffic selector for %s: %R", 
+                               DBG2(DBG_CFG, "found traffic selector for %s: %R", 
                                         stored == this->my_ts ? "us" : "other", selected_ts);
                        }
                }
index 602259b..be14866 100644 (file)
@@ -82,7 +82,7 @@ static void dbg_bus(int level, char *fmt, ...)
        va_list args;
        
        va_start(args, fmt);
-       charon->bus->vsignal(charon->bus, SIG_DBG_LIB, level, fmt, args);
+       charon->bus->vsignal(charon->bus, DBG_LIB, level, fmt, args);
        va_end(args);
 }
 
@@ -120,27 +120,27 @@ static void run(private_daemon_t *this)
                error = sigwait(&(this->signal_set), &signal_number);
                if(error)
                {
-                       DBG1(SIG_DBG_DMN, "error %d while waiting for a signal", error);
+                       DBG1(DBG_DMN, "error %d while waiting for a signal", error);
                        return;
                }
                switch (signal_number)
                {
                        case SIGHUP:
                        {
-                               DBG1(SIG_DBG_DMN, "signal of type SIGHUP received. Ignored");
+                               DBG1(DBG_DMN, "signal of type SIGHUP received. Ignored");
                                break;
                        }
                        case SIGINT:
                        {
-                               DBG1(SIG_DBG_DMN, "signal of type SIGINT received. Shutting down");
+                               DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down");
                                return;
                        }
                        case SIGTERM:
-                               DBG1(SIG_DBG_DMN, "signal of type SIGTERM received. Shutting down");
+                               DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down");
                                return;
                        default:
                        {
-                               DBG1(SIG_DBG_DMN, "unknown signal %d received. Ignored", signal_number);
+                               DBG1(DBG_DMN, "unknown signal %d received. Ignored", signal_number);
                                break;
                        }
                }
@@ -197,7 +197,7 @@ static void destroy(private_daemon_t *this)
 static void kill_daemon(private_daemon_t *this, char *reason)
 {
        /* we send SIGTERM, so the daemon can cleanly shut down */
-       DBG1(SIG_DBG_DMN, "killing daemon: %s", reason);
+       DBG1(DBG_DMN, "killing daemon: %s", reason);
        if (this->main_thread_id == pthread_self())
        {
                /* initialization failed, terminate daemon */
@@ -207,7 +207,7 @@ static void kill_daemon(private_daemon_t *this, char *reason)
        }
        else
        {
-               DBG1(SIG_DBG_DMN, "sending SIGTERM to ourself");
+               DBG1(DBG_DMN, "sending SIGTERM to ourself");
                raise(SIGTERM);
                /* thread must die, since he produced a ciritcal failure and can't continue */
                pthread_exit(NULL);
@@ -239,7 +239,7 @@ static void initialize(private_daemon_t *this, bool strict, bool syslog,
        dbg = dbg_bus;
        
        /* apply loglevels */
-       for (signal = 0; signal < SIG_DBG_MAX; signal++)
+       for (signal = 0; signal < DBG_MAX; signal++)
        {
                if (syslog)
                {
@@ -253,7 +253,7 @@ static void initialize(private_daemon_t *this, bool strict, bool syslog,
                }
        }
        
-       DBG1(SIG_DBG_DMN, "starting charon (strongSwan Version %s)", VERSION);
+       DBG1(DBG_DMN, "starting charon (strongSwan Version %s)", VERSION);
        
        this->public.configuration = configuration_create();
        this->public.socket = socket_create(IKEV2_UDP_PORT, IKEV2_NATT_PORT);
@@ -293,15 +293,15 @@ void signal_handler(int signal)
        size = backtrace(array, 20);
        strings = backtrace_symbols(array, size);
 
-       DBG1(SIG_DBG_DMN, "thread %u received %s. Dumping %d frames from stack:",
+       DBG1(DBG_DMN, "thread %u received %s. Dumping %d frames from stack:",
                 signal == SIGSEGV ? "SIGSEGV" : "SIGILL", pthread_self(), size);
 
        for (i = 0; i < size; i++)
        {
-               DBG1(SIG_DBG_DMN, "    %s", strings[i]);
+               DBG1(DBG_DMN, "    %s", strings[i]);
        }
        free (strings);
-       DBG1(SIG_DBG_DMN, "killing ourself hard after SIGSEGV");
+       DBG1(DBG_DMN, "killing ourself hard after SIGSEGV");
        raise(SIGKILL);
 }
 
@@ -392,11 +392,11 @@ int main(int argc, char *argv[])
        struct stat stb;
        linked_list_t *list;
        host_t *host;
-       level_t levels[SIG_DBG_MAX];
+       level_t levels[DBG_MAX];
        int signal;
        
        /* use CTRL loglevel for default */
-       for (signal = 0; signal < SIG_DBG_MAX; signal++)
+       for (signal = 0; signal < DBG_MAX; signal++)
        {
                levels[signal] = LEVEL_CTRL;
        }
@@ -409,16 +409,17 @@ int main(int argc, char *argv[])
                        { "version", no_argument, NULL, 'v' },
                        { "use-syslog", no_argument, NULL, 'l' },
                        { "strictcrlpolicy", no_argument, NULL, 'r' },
-                       { "debug-dmn", required_argument, &signal, SIG_DBG_DMN },
-                       { "debug-mgr", required_argument, &signal, SIG_DBG_MGR },
-                       { "debug-ike", required_argument, &signal, SIG_DBG_IKE },
-                       { "debug-chd", required_argument, &signal, SIG_DBG_CHD },
-                       { "debug-job", required_argument, &signal, SIG_DBG_JOB },
-                       { "debug-cfg", required_argument, &signal, SIG_DBG_CFG },
-                       { "debug-knl", required_argument, &signal, SIG_DBG_KNL },
-                       { "debug-net", required_argument, &signal, SIG_DBG_NET },
-                       { "debug-enc", required_argument, &signal, SIG_DBG_ENC },
-                       { "debug-lib", required_argument, &signal, SIG_DBG_LIB },
+                       /* TODO: handle "debug-all" */
+                       { "debug-dmn", required_argument, &signal, DBG_DMN },
+                       { "debug-mgr", required_argument, &signal, DBG_MGR },
+                       { "debug-ike", required_argument, &signal, DBG_IKE },
+                       { "debug-chd", required_argument, &signal, DBG_CHD },
+                       { "debug-job", required_argument, &signal, DBG_JOB },
+                       { "debug-cfg", required_argument, &signal, DBG_CFG },
+                       { "debug-knl", required_argument, &signal, DBG_KNL },
+                       { "debug-net", required_argument, &signal, DBG_NET },
+                       { "debug-enc", required_argument, &signal, DBG_ENC },
+                       { "debug-lib", required_argument, &signal, DBG_LIB },
                        { 0,0,0,0 }
                };
                
@@ -459,7 +460,7 @@ int main(int argc, char *argv[])
        /* check/setup PID file */
        if (stat(PID_FILE, &stb) == 0)
        {
-               DBG1(SIG_DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
+               DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
                destroy(private_charon);
                exit(-1);
        }
@@ -471,10 +472,10 @@ int main(int argc, char *argv[])
        }
        /* log socket info */
        list = charon->socket->create_local_address_list(charon->socket);
-       DBG1(SIG_DBG_NET, "listening on %d addresses:", list->get_count(list));
+       DBG1(DBG_NET, "listening on %d addresses:", list->get_count(list));
        while (list->remove_first(list, (void**)&host) == SUCCESS)
        {
-               DBG1(SIG_DBG_NET, "  %H", host);
+               DBG1(DBG_NET, "  %H", host);
                host->destroy(host);
        }
        list->destroy(list);
index 6eb3c5d..def14cb 100644 (file)
@@ -306,7 +306,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                                break;
 
                        default:
-                       DBG1(SIG_DBG_ENC, "U_INT Type %N is not supported",
+                       DBG1(DBG_ENC, "U_INT Type %N is not supported",
                                 encoding_type_names, int_type);
 
                        return;
@@ -314,7 +314,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
        /* U_INT Types of multiple then 8 bits must be aligned */
        if (((number_of_bits % 8) == 0) && (this->current_bit != 0))
        {
-               DBG1(SIG_DBG_ENC, "U_INT Type %N is not 8 Bit aligned",
+               DBG1(DBG_ENC, "U_INT Type %N is not 8 Bit aligned",
                         encoding_type_names, int_type);
                /* current bit has to be zero for values multiple of 8 bits */
                return;
@@ -335,7 +335,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                                u_int8_t low_val = *(this->out_position) & 0x0F;
                                /* highval is set, low_val is not changed */
                                *(this->out_position) = high_val | low_val;
-                               DBG3(SIG_DBG_ENC, "   => %d", *(this->out_position));
+                               DBG3(DBG_ENC, "   => %d", *(this->out_position));
                                /* write position is not changed, just bit position is moved */
                                this->current_bit = 4;
                        }
@@ -346,14 +346,14 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                                /* lowval of current byte in buffer has to be set to the new value*/
                                u_int low_val = *((u_int8_t *)(this->data_struct + offset)) & 0x0F;
                                *(this->out_position) = high_val | low_val;
-                               DBG3(SIG_DBG_ENC, "   => %d", *(this->out_position));
+                               DBG3(DBG_ENC, "   => %d", *(this->out_position));
                                this->out_position++;
                                this->current_bit = 0;
 
                        }
                        else
                        {
-                               DBG1(SIG_DBG_ENC, "U_INT_4 Type is not 4 Bit aligned");
+                               DBG1(DBG_ENC, "U_INT_4 Type is not 4 Bit aligned");
                                /* 4 Bit integers must have a 4 bit alignment */
                                return;
                        };
@@ -364,7 +364,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                {
                        /* 8 bit values are written as they are */
                        *this->out_position = *((u_int8_t *)(this->data_struct + offset));
-                       DBG3(SIG_DBG_ENC, "   => %d", *(this->out_position));
+                       DBG3(DBG_ENC, "   => %d", *(this->out_position));
                        this->out_position++;
                        break;
 
@@ -374,7 +374,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                        /* attribute type must not change first bit uf current byte ! */
                        if (this->current_bit != 1)
                        {
-                               DBG1(SIG_DBG_ENC, "ATTRIBUTE FORMAT flag is not set");
+                               DBG1(DBG_ENC, "ATTRIBUTE FORMAT flag is not set");
                                /* first bit has to be set! */
                                return;
                        }
@@ -386,7 +386,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                        int16_val = int16_val & 0xFF7F;
                        
                        int16_val = int16_val | attribute_format_flag;
-                       DBG3(SIG_DBG_ENC, "   => %d", int16_val);
+                       DBG3(DBG_ENC, "   => %d", int16_val);
                        /* write bytes to buffer (set bit is overwritten)*/                             
                        this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t));
                        this->current_bit = 0;
@@ -397,14 +397,14 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                case CONFIGURATION_ATTRIBUTE_LENGTH:
                {
                        u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset)));
-                       DBG3(SIG_DBG_ENC, "   => %b", (void*)&int16_val, sizeof(int16_val));
+                       DBG3(DBG_ENC, "   => %b", (void*)&int16_val, sizeof(int16_val));
                        this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t));
                        break;
                }
                case U_INT_32:
                {
                        u_int32_t int32_val = htonl(*((u_int32_t*)(this->data_struct + offset)));
-                       DBG3(SIG_DBG_ENC, "   => %b", (void*)&int32_val, sizeof(int32_val));
+                       DBG3(DBG_ENC, "   => %b", (void*)&int32_val, sizeof(int32_val));
                        this->write_bytes_to_buffer(this,&int32_val,sizeof(u_int32_t));
                        break;
                }
@@ -413,7 +413,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                        /* 64 bit integers are written as two 32 bit integers */
                        u_int32_t int32_val_low = htonl(*((u_int32_t*)(this->data_struct + offset)));
                        u_int32_t int32_val_high = htonl(*((u_int32_t*)(this->data_struct + offset) + 1));
-                       DBG3(SIG_DBG_ENC, "   => %b %b",
+                       DBG3(DBG_ENC, "   => %b %b",
                                 (void*)&int32_val_low, sizeof(int32_val_low),
                                 (void*)&int32_val_high, sizeof(int32_val_high));
                        /* TODO add support for big endian machines */
@@ -426,12 +426,12 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
                {
                        /* 64 bit are written as they come :-) */
                        this->write_bytes_to_buffer(this,(this->data_struct + offset),sizeof(u_int64_t));
-                       DBG3(SIG_DBG_ENC, "   => %b", (void*)(this->data_struct + offset), sizeof(u_int64_t));
+                       DBG3(DBG_ENC, "   => %b", (void*)(this->data_struct + offset), sizeof(u_int64_t));
                        break;
                }
                default:
                {
-                       DBG1(SIG_DBG_ENC, "U_INT Type %N is not supported",
+                       DBG1(DBG_ENC, "U_INT Type %N is not supported",
                                 encoding_type_names, int_type);
                        return;
                }
@@ -446,7 +446,7 @@ static void generate_reserved_field(private_generator_t *this,int bits)
        /* only one bit or 8 bit fields are supported */
        if ((bits != 1) && (bits != 8))
        {
-               DBG1(SIG_DBG_ENC, "reserved field of %d bits cannot be generated", bits);
+               DBG1(DBG_ENC, "reserved field of %d bits cannot be generated", bits);
                return ;
        }
        /* make sure enough space is available in buffer */
@@ -476,7 +476,7 @@ static void generate_reserved_field(private_generator_t *this,int bits)
                /* one byte processing*/
                if (this->current_bit > 0)
                {
-                       DBG1(SIG_DBG_ENC, "reserved field cannot be written cause "
+                       DBG1(DBG_ENC, "reserved field cannot be written cause "
                                 "alignement of current bit is %d", this->current_bit);
                        return;
                }
@@ -511,7 +511,7 @@ static void generate_flag (private_generator_t *this,u_int32_t offset)
        *(this->out_position) = *(this->out_position) | flag;
        
        
-       DBG3(SIG_DBG_ENC, "   => %d", *(this->out_position));
+       DBG3(DBG_ENC, "   => %d", *(this->out_position));
 
        this->current_bit++;
        if (this->current_bit >= 8)
@@ -528,14 +528,14 @@ static void generate_from_chunk (private_generator_t *this,u_int32_t offset)
 {
        if (this->current_bit != 0)
        {
-               DBG1(SIG_DBG_ENC, "can not generate a chunk at Bitpos %d", this->current_bit);
+               DBG1(DBG_ENC, "can not generate a chunk at Bitpos %d", this->current_bit);
                return ;
        }
        
        /* position in buffer */
        chunk_t *attribute_value = (chunk_t *)(this->data_struct + offset);
        
-       DBG3(SIG_DBG_ENC, "   => %B", attribute_value);
+       DBG3(DBG_ENC, "   => %B", attribute_value);
        
        /* use write_bytes_to_buffer function to do the job */
        this->write_bytes_to_buffer(this,attribute_value->ptr,attribute_value->len);
@@ -553,7 +553,7 @@ static void make_space_available (private_generator_t *this, size_t bits)
                size_t new_buffer_size = old_buffer_size + GENERATOR_DATA_BUFFER_INCREASE_VALUE;
                size_t out_position_offset = ((this->out_position) - (this->buffer));
 
-               DBG2(SIG_DBG_ENC, "increased gen buffer from %d to %d byte", 
+               DBG2(DBG_ENC, "increased gen buffer from %d to %d byte", 
                         old_buffer_size, new_buffer_size);
                
                /* Reallocate space for new buffer */
@@ -628,7 +628,7 @@ static void write_to_chunk (private_generator_t *this,chunk_t *data)
        memcpy(data->ptr,this->buffer,data_length);
        data->len = data_length;
        
-       DBG3(SIG_DBG_ENC, "generated data of this generator %B", data);
+       DBG3(DBG_ENC, "generated data of this generator %B", data);
 }
 
 /**
@@ -650,7 +650,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
        
        payload_start = this->out_position;
        
-       DBG2(SIG_DBG_ENC, "generating payload of type %N",
+       DBG2(DBG_ENC, "generating payload of type %N",
                 payload_type_names, payload_type);
        
        /* each payload has its own encoding rules */
@@ -658,7 +658,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
 
        for (i = 0; i < rule_count;i++)
        {
-               DBG2(SIG_DBG_ENC, "  generating rule %d %N",
+               DBG2(DBG_ENC, "  generating rule %d %N",
                         i, encoding_type_names, rules[i].type);
                switch (rules[i].type)
                {
@@ -949,7 +949,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
                        {
                                if (this->attribute_format == FALSE)
                                {
-                                       DBG2(SIG_DBG_ENC, "attribute value has not fixed size");
+                                       DBG2(DBG_ENC, "attribute value has not fixed size");
                                        /* the attribute value is generated */
                                        this->generate_from_chunk(this,rules[i].offset);
                                }
@@ -995,14 +995,14 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
                                break;
                        }
                        default:
-                               DBG1(SIG_DBG_ENC, "field type %N is not supported",
+                               DBG1(DBG_ENC, "field type %N is not supported",
                                         encoding_type_names, rules[i].type);
                                return;
                }
        }
-       DBG2(SIG_DBG_ENC, "generating %N payload finished",
+       DBG2(DBG_ENC, "generating %N payload finished",
                 payload_type_names, payload_type);
-       DBG3(SIG_DBG_ENC, "generated data for this payload %b",
+       DBG3(DBG_ENC, "generated data for this payload %b",
                 payload_start, this->out_position-payload_start);
 }
 
index 4485031..d8f5efe 100644 (file)
@@ -483,7 +483,7 @@ static void add_payload(private_message_t *this, payload_t *payload)
        payload->set_next_type(payload, NO_PAYLOAD);
        this->payloads->insert_last(this->payloads, (void*)payload);
 
-       DBG2(SIG_DBG_ENC ,"added payload of type %N to message",
+       DBG2(DBG_ENC ,"added payload of type %N to message",
                 payload_type_names, payload->get_type(payload));
 }
 
@@ -619,12 +619,12 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si
        
        if (!this->message_rule->encrypted_content)
        {
-               DBG2(SIG_DBG_ENC, "message doesn't have to be encrypted");
+               DBG2(DBG_ENC, "message doesn't have to be encrypted");
                /* message contains no content to encrypt */
                return SUCCESS;
        }
        
-       DBG2(SIG_DBG_ENC, "copy all payloads to a temporary list");
+       DBG2(DBG_ENC, "copy all payloads to a temporary list");
        all_payloads = linked_list_create();
        
        /* first copy all payloads in a temporary list */
@@ -637,7 +637,7 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si
        
        encryption_payload = encryption_payload_create();
 
-       DBG2(SIG_DBG_ENC, "check each payloads if they have to get encrypted");
+       DBG2(DBG_ENC, "check each payloads if they have to get encrypted");
        while (all_payloads->get_count(all_payloads) > 0)
        {
                payload_rule_t *payload_rule;
@@ -652,30 +652,30 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si
                 * it is presumed that they don't have to be encrypted */
                if ((status == SUCCESS) && (payload_rule->encrypted))
                {
-                       DBG2(SIG_DBG_ENC, "payload %N gets encrypted",
+                       DBG2(DBG_ENC, "payload %N gets encrypted",
                                 payload_type_names, current_payload->get_type(current_payload));
                        to_encrypt = TRUE;
                }
                
                if (to_encrypt)
                {
-                       DBG2(SIG_DBG_ENC, "insert payload %N to encryption payload",
+                       DBG2(DBG_ENC, "insert payload %N to encryption payload",
                                 payload_type_names, current_payload->get_type(current_payload));
                        encryption_payload->add_payload(encryption_payload,current_payload);
                }
                else
                {
-                       DBG2(SIG_DBG_ENC, "insert payload %N unencrypted",
+                       DBG2(DBG_ENC, "insert payload %N unencrypted",
                                 payload_type_names ,current_payload->get_type(current_payload));
                        add_payload(this, (payload_t*)encryption_payload);
                }
        }
 
        status = SUCCESS;
-       DBG2(SIG_DBG_ENC, "encrypting encryption payload");
+       DBG2(DBG_ENC, "encrypting encryption payload");
        encryption_payload->set_transforms(encryption_payload, crypter,signer);
        status = encryption_payload->encrypt(encryption_payload);
-       DBG2(SIG_DBG_ENC, "add encrypted payload to payload list");
+       DBG2(DBG_ENC, "add encrypted payload to payload list");
        add_payload(this, (payload_t*)encryption_payload);
        
        all_payloads->destroy(all_payloads);
@@ -702,18 +702,18 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
                return SUCCESS;
        }
        
-       DBG1(SIG_DBG_ENC, "generating %M", this);
+       DBG1(DBG_ENC, "generating %M", this);
        
        if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
        {
-               DBG1(SIG_DBG_ENC, "exchange type is not defined");
+               DBG1(DBG_ENC, "exchange type is not defined");
                return INVALID_STATE;
        }
        
        if (this->packet->get_source(this->packet) == NULL ||
                this->packet->get_destination(this->packet) == NULL) 
        {
-               DBG1(SIG_DBG_ENC, "%s not defined",
+               DBG1(DBG_ENC, "%s not defined",
                         !this->packet->get_source(this->packet) ? "source" : "destination");
                return INVALID_STATE;
        }
@@ -722,7 +722,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
        status = set_message_rule(this);
        if (status != SUCCESS)
        {
-               DBG1(SIG_DBG_ENC, "no message rules specified for this message type");
+               DBG1(DBG_ENC, "no message rules specified for this message type");
                return NOT_SUPPORTED;
        }
        
@@ -730,7 +730,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
        status = encrypt_payloads(this, crypter, signer);
        if (status != SUCCESS)
        {
-               DBG1(SIG_DBG_ENC, "payload encryption failed");
+               DBG1(DBG_ENC, "payload encryption failed");
                return status;
        }
        
@@ -773,7 +773,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
        /* if last payload is of type encrypted, integrity checksum if necessary */
        if (payload->get_type(payload) == ENCRYPTED)
        {
-               DBG2(SIG_DBG_ENC, "build signature on whole message");
+               DBG2(DBG_ENC, "build signature on whole message");
                encryption_payload_t *encryption_payload = (encryption_payload_t*)payload;
                status = encryption_payload->build_signature(encryption_payload, packet_data);
                if (status != SUCCESS)
@@ -787,7 +787,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
        /* clone packet for caller */
        *packet = this->packet->clone(this->packet);
        
-       DBG2(SIG_DBG_ENC, "message generated successfully");
+       DBG2(DBG_ENC, "message generated successfully");
        return SUCCESS;
 }
 
@@ -815,13 +815,13 @@ static status_t parse_header(private_message_t *this)
        ike_header_t *ike_header;
        status_t status;
        
-       DBG2(SIG_DBG_ENC, "parsing header of message");
+       DBG2(DBG_ENC, "parsing header of message");
        
        this->parser->reset_context(this->parser);
        status = this->parser->parse_payload(this->parser,HEADER,(payload_t **) &ike_header);
        if (status != SUCCESS)
        {
-               DBG1(SIG_DBG_ENC, "header could not be parsed");
+               DBG1(DBG_ENC, "header could not be parsed");
                return status;
                
        }
@@ -830,7 +830,7 @@ static status_t parse_header(private_message_t *this)
        status = ike_header->payload_interface.verify(&(ike_header->payload_interface));
        if (status != SUCCESS)
        {
-               DBG1(SIG_DBG_ENC, "header verification failed");
+               DBG1(DBG_ENC, "header verification failed");
                ike_header->destroy(ike_header);
                return status;
        }
@@ -851,7 +851,7 @@ static status_t parse_header(private_message_t *this)
        this->minor_version = ike_header->get_min_version(ike_header);
        this->first_payload = ike_header->payload_interface.get_next_type(&(ike_header->payload_interface));
        
-       DBG2(SIG_DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type,
+       DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type,
                 this->is_request ? "request" : "response");
        
        ike_header->destroy(ike_header);
@@ -860,7 +860,7 @@ static status_t parse_header(private_message_t *this)
        status = set_message_rule(this);
        if (status != SUCCESS)
        {
-               DBG1(SIG_DBG_ENC, "no message rules specified for a %N %s",
+               DBG1(DBG_ENC, "no message rules specified for a %N %s",
                         exchange_type_names, this->exchange_type,
                         this->is_request ? "request" : "response");
        }
@@ -891,7 +891,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                /* needed to check */
                current_payload_type = current_payload->get_type(current_payload);
                
-               DBG2(SIG_DBG_ENC, "process payload of type %N",
+               DBG2(DBG_ENC, "process payload of type %N",
                         payload_type_names, current_payload_type);
                
                if (current_payload_type == ENCRYPTED)
@@ -901,31 +901,31 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                        
                        encryption_payload = (encryption_payload_t*)current_payload;
                        
-                       DBG2(SIG_DBG_ENC, "found an encryption payload");
+                       DBG2(DBG_ENC, "found an encryption payload");
 
                        if (payload_number != this->payloads->get_count(this->payloads))
                        {
                                /* encrypted payload is not last one */
-                               DBG1(SIG_DBG_ENC, "encrypted payload is not last payload");
+                               DBG1(DBG_ENC, "encrypted payload is not last payload");
                                iterator->destroy(iterator);
                                return VERIFY_ERROR;
                        }
                        /* decrypt */
                        encryption_payload->set_transforms(encryption_payload, crypter, signer);
-                       DBG2(SIG_DBG_ENC, "verify signature of encryption payload");
+                       DBG2(DBG_ENC, "verify signature of encryption payload");
                        status = encryption_payload->verify_signature(encryption_payload,
                                                                                this->packet->get_data(this->packet));
                        if (status != SUCCESS)
                        {
-                               DBG1(SIG_DBG_ENC, "encryption payload signature invalid");
+                               DBG1(DBG_ENC, "encryption payload signature invalid");
                                iterator->destroy(iterator);
                                return FAILED;
                        }
-                       DBG2(SIG_DBG_ENC, "decrypting content of encryption payload");
+                       DBG2(DBG_ENC, "decrypting content of encryption payload");
                        status = encryption_payload->decrypt(encryption_payload);
                        if (status != SUCCESS)
                        {
-                               DBG1(SIG_DBG_ENC, "encrypted payload could not be decrypted and parsed");
+                               DBG1(DBG_ENC, "encrypted payload could not be decrypted and parsed");
                                iterator->destroy(iterator);
                                return PARSE_ERROR;
                        }
@@ -936,7 +936,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                        /* check if there are payloads contained in the encryption payload */
                        if (encryption_payload->get_payload_count(encryption_payload) == 0)
                        {
-                               DBG2(SIG_DBG_ENC, "encrypted payload is empty");
+                               DBG2(DBG_ENC, "encrypted payload is empty");
                                /* remove the encryption payload, is not needed anymore */
                                iterator->remove(iterator);
                                /* encrypted payload contains no other payload */
@@ -966,7 +966,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                        while (encryption_payload->get_payload_count(encryption_payload) > 0)
                        {
                                encryption_payload->remove_first_payload(encryption_payload, &current_encrypted_payload);
-                               DBG2(SIG_DBG_ENC, "insert unencrypted payload of type %N at end of list",
+                               DBG2(DBG_ENC, "insert unencrypted payload of type %N at end of list",
                                         payload_type_names, current_encrypted_payload->get_type(current_encrypted_payload));
                                this->payloads->insert_last(this->payloads,current_encrypted_payload);
                        }
@@ -983,7 +983,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                        if (status != SUCCESS)
                        {
                                /* payload is not allowed */
-                               DBG1(SIG_DBG_ENC, "payload type %N not allowed",
+                               DBG1(DBG_ENC, "payload type %N not allowed",
                                                                  payload_type_names, current_payload_type);
                                iterator->destroy(iterator);
                                return VERIFY_ERROR;
@@ -993,7 +993,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
                        if (payload_rule->encrypted != current_payload_was_encrypted)
                        {
                                /* payload was not encrypted, but should have been. or vice-versa */
-                               DBG1(SIG_DBG_ENC, "payload type %N should be %s!",
+                               DBG1(DBG_ENC, "payload type %N should be %s!",
                                         payload_type_names, current_payload_type,
                                         (payload_rule->encrypted) ? "encrypted" : "not encrypted");
                                iterator->destroy(iterator);
@@ -1019,7 +1019,7 @@ static status_t verify(private_message_t *this)
        payload_t *current_payload;
        size_t total_found_payloads = 0;
        
-       DBG2(SIG_DBG_ENC, "verifying message structure");
+       DBG2(DBG_ENC, "verifying message structure");
        
        iterator = this->payloads->create_iterator(this->payloads,TRUE);
        /* check for payloads with wrong count*/
@@ -1041,7 +1041,7 @@ static status_t verify(private_message_t *this)
                                unknown_payload_t *unknown_payload = (unknown_payload_t*)current_payload;
                                if (unknown_payload->is_critical(unknown_payload))
                                {
-                                       DBG1(SIG_DBG_ENC, "%N is not supported, but its critical!",
+                                       DBG1(DBG_ENC, "%N is not supported, but its critical!",
                                                 payload_type_names, current_payload_type);
                                        iterator->destroy(iterator);
                                        return NOT_SUPPORTED;   
@@ -1051,13 +1051,13 @@ static status_t verify(private_message_t *this)
                        {
                                found_payloads++;
                                total_found_payloads++;
-                               DBG2(SIG_DBG_ENC, "found payload of type %N",
+                               DBG2(DBG_ENC, "found payload of type %N",
                                         payload_type_names, this->message_rule->payload_rules[i].payload_type);
                                
                                /* as soon as ohe payload occures more then specified, the verification fails */
                                if (found_payloads > this->message_rule->payload_rules[i].max_occurence)
                                {
-                                       DBG1(SIG_DBG_ENC, "payload of type %N more than %d times (%d) occured in current message",
+                                       DBG1(DBG_ENC, "payload of type %N more than %d times (%d) occured in current message",
                                                 payload_type_names, current_payload_type,
                                                 this->message_rule->payload_rules[i].max_occurence, found_payloads);
                                        iterator->destroy(iterator);
@@ -1068,7 +1068,7 @@ static status_t verify(private_message_t *this)
                
                if (found_payloads < this->message_rule->payload_rules[i].min_occurence)
                {
-                       DBG1(SIG_DBG_ENC, "payload of type %N not occured %d times (%d)",
+                       DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
                                 payload_type_names, this->message_rule->payload_rules[i].payload_type,
                                 this->message_rule->payload_rules[i].min_occurence, found_payloads);
                        iterator->destroy(iterator);
@@ -1094,7 +1094,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
                
        current_payload_type = this->first_payload;     
                
-       DBG2(SIG_DBG_ENC, "parsing body of message, first payload is %N",
+       DBG2(DBG_ENC, "parsing body of message, first payload is %N",
                 payload_type_names, current_payload_type);
 
        /* parse payload for payload, while there are more available */
@@ -1102,7 +1102,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
        {
                payload_t *current_payload;
                
-               DBG2(SIG_DBG_ENC, "starting parsing a %N payload", 
+               DBG2(DBG_ENC, "starting parsing a %N payload", 
                         payload_type_names, current_payload_type);
                
                /* parse current payload */
@@ -1110,32 +1110,32 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
                
                if (status != SUCCESS)
                {
-                       DBG1(SIG_DBG_ENC, "payload type %N could not be parsed",
+                       DBG1(DBG_ENC, "payload type %N could not be parsed",
                                 payload_type_names, current_payload_type);
                        return PARSE_ERROR;
                }
 
-               DBG2(SIG_DBG_ENC, "verifying payload of type %N",
+               DBG2(DBG_ENC, "verifying payload of type %N",
                         payload_type_names, current_payload_type);
                
                /* verify it, stop parsig if its invalid */
                status = current_payload->verify(current_payload);
                if (status != SUCCESS)
                {
-                       DBG1(SIG_DBG_ENC, "%N payload verification failed",
+                       DBG1(DBG_ENC, "%N payload verification failed",
                                 payload_type_names, current_payload_type);
                        current_payload->destroy(current_payload);
                        return VERIFY_ERROR;
                }
                
-               DBG2(SIG_DBG_ENC, "%N payload verified. Adding to payload list",
+               DBG2(DBG_ENC, "%N payload verified. Adding to payload list",
                         payload_type_names, current_payload_type);
                this->payloads->insert_last(this->payloads,current_payload);
                
                /* an encryption payload is the last one, so STOP here. decryption is done later */
                if (current_payload_type == ENCRYPTED)
                {
-                       DBG2(SIG_DBG_ENC, "%N payload found. Stop parsing",
+                       DBG2(DBG_ENC, "%N payload found. Stop parsing",
                                 payload_type_names, current_payload_type);
                        break;
                }
@@ -1149,7 +1149,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
                status = decrypt_payloads(this,crypter,signer);
                if (status != SUCCESS)
                {
-                       DBG1(SIG_DBG_ENC, "could not decrypt payloads");
+                       DBG1(DBG_ENC, "could not decrypt payloads");
                        return status;
                }
        }
@@ -1157,11 +1157,11 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
        status = verify(this);
        if (status != SUCCESS)
        {
-               DBG1(SIG_DBG_ENC, "verification of message failed");
+               DBG1(DBG_ENC, "verification of message failed");
                return status;
        }
        
-       DBG1(SIG_DBG_ENC, "parsed %M", this);
+       DBG1(DBG_ENC, "parsed %M", this);
        
        return SUCCESS;
 }
index efa623a..6e8bad5 100644 (file)
@@ -241,7 +241,7 @@ static status_t parse_uint4(private_parser_t *this, int rule_number, u_int8_t *o
 {
        if (this->byte_pos + sizeof(u_int8_t)  > this->input_roof)
        {
-               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+               DBG1(DBG_ENC, "  not enough input to parse rule %d %N",
                         rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
@@ -265,7 +265,7 @@ static status_t parse_uint4(private_parser_t *this, int rule_number, u_int8_t *o
                        this->byte_pos++;
                        break;
                default:
-                       DBG2(SIG_DBG_ENC, "  found rule %d %N on bitpos %d",
+                       DBG2(DBG_ENC, "  found rule %d %N on bitpos %d",
                                 rule_number, encoding_type_names,
                                 this->rules[rule_number].type, this->bit_pos);
                        return PARSE_ERROR;
@@ -273,7 +273,7 @@ static status_t parse_uint4(private_parser_t *this, int rule_number, u_int8_t *o
        
        if (output_pos != NULL)
        {
-               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
+               DBG3(DBG_ENC, "   => %d", *output_pos);
        }
        
        return SUCCESS;
@@ -286,13 +286,13 @@ static status_t parse_uint8(private_parser_t *this, int rule_number, u_int8_t *o
 {
        if (this->byte_pos + sizeof(u_int8_t)  > this->input_roof)
        {
-               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+               DBG1(DBG_ENC, "  not enough input to parse rule %d %N",
                         rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d",
+               DBG1(DBG_ENC, "  found rule %d %N on bitpos %d",
                         rule_number, encoding_type_names,
                         this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
@@ -302,7 +302,7 @@ static status_t parse_uint8(private_parser_t *this, int rule_number, u_int8_t *o
        if (output_pos != NULL)
        {
                *output_pos = *(this->byte_pos);
-               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
+               DBG3(DBG_ENC, "   => %d", *output_pos);
        }
        this->byte_pos++;
        
@@ -316,13 +316,13 @@ static status_t parse_uint15(private_parser_t *this, int rule_number, u_int16_t
 {
        if (this->byte_pos + sizeof(u_int16_t) > this->input_roof)
        {
-               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+               DBG1(DBG_ENC, "  not enough input to parse rule %d %N",
                         rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos != 1)
        {
-               DBG2(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+               DBG2(DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
                         encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
@@ -330,7 +330,7 @@ static status_t parse_uint15(private_parser_t *this, int rule_number, u_int16_t
        if (output_pos != NULL)
        {
                *output_pos = ntohs(*((u_int16_t*)this->byte_pos)) & ~0x8000;
-               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
+               DBG3(DBG_ENC, "   => %d", *output_pos);
        }
        this->byte_pos += 2;
        this->bit_pos = 0;
@@ -345,13 +345,13 @@ static status_t parse_uint16(private_parser_t *this, int rule_number, u_int16_t
 {
        if (this->byte_pos + sizeof(u_int16_t) > this->input_roof)
        {
-               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+               DBG1(DBG_ENC, "  not enough input to parse rule %d %N",
                         rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+               DBG1(DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
                         encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
@@ -360,7 +360,7 @@ static status_t parse_uint16(private_parser_t *this, int rule_number, u_int16_t
        {
                *output_pos = ntohs(*((u_int16_t*)this->byte_pos));
                
-               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
+               DBG3(DBG_ENC, "   => %d", *output_pos);
        }
        this->byte_pos += 2;
        
@@ -373,13 +373,13 @@ static status_t parse_uint32(private_parser_t *this, int rule_number, u_int32_t
 {
        if (this->byte_pos + sizeof(u_int32_t) > this->input_roof)
        {
-               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+               DBG1(DBG_ENC, "  not enough input to parse rule %d %N",
                         rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+               DBG1(DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
                         encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
@@ -388,7 +388,7 @@ static status_t parse_uint32(private_parser_t *this, int rule_number, u_int32_t
        {
                *output_pos = ntohl(*((u_int32_t*)this->byte_pos));
                
-               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
+               DBG3(DBG_ENC, "   => %d", *output_pos);
        }
        this->byte_pos += 4;
        
@@ -402,13 +402,13 @@ static status_t parse_uint64(private_parser_t *this, int rule_number, u_int64_t
 {
        if (this->byte_pos + sizeof(u_int64_t) > this->input_roof)
        {
-               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+               DBG1(DBG_ENC, "  not enough input to parse rule %d %N",
                         rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+               DBG1(DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
                         encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
@@ -419,7 +419,7 @@ static status_t parse_uint64(private_parser_t *this, int rule_number, u_int64_t
                *(output_pos + 1) = ntohl(*((u_int32_t*)this->byte_pos));
                *output_pos = ntohl(*(((u_int32_t*)this->byte_pos) + 1));
                
-               DBG3(SIG_DBG_ENC, "   => %b", (void*)output_pos, sizeof(u_int64_t));
+               DBG3(DBG_ENC, "   => %b", (void*)output_pos, sizeof(u_int64_t));
        }
        this->byte_pos += 8;
 
@@ -433,13 +433,13 @@ static status_t parse_bytes (private_parser_t *this, int rule_number, u_int8_t *
 {
        if (this->byte_pos + bytes > this->input_roof)
        {
-               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+               DBG1(DBG_ENC, "  not enough input to parse rule %d %N",
                         rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+               DBG1(DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
                         encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
@@ -449,7 +449,7 @@ static status_t parse_bytes (private_parser_t *this, int rule_number, u_int8_t *
        {
                memcpy(output_pos,this->byte_pos,bytes);
                
-               DBG3(SIG_DBG_ENC, "   => %b", (void*)output_pos, bytes);
+               DBG3(DBG_ENC, "   => %b", (void*)output_pos, bytes);
        }
        this->byte_pos += bytes;
        
@@ -463,7 +463,7 @@ static status_t parse_bit(private_parser_t *this, int rule_number, bool *output_
 {
        if (this->byte_pos + sizeof(u_int8_t) > this->input_roof)
        {
-               DBG1(SIG_DBG_ENC, "  not enough input to parse rule %d %N",
+               DBG1(DBG_ENC, "  not enough input to parse rule %d %N",
                         rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
@@ -480,7 +480,7 @@ static status_t parse_bit(private_parser_t *this, int rule_number, bool *output_
                        *output_pos = TRUE;
                }
                
-               DBG3(SIG_DBG_ENC, "   => %d", *output_pos);
+               DBG3(DBG_ENC, "   => %d", *output_pos);
        }
        this->bit_pos = (this->bit_pos + 1) % 8;
        if (this->bit_pos == 0) 
@@ -500,14 +500,14 @@ static status_t parse_list(private_parser_t *this, int rule_number, linked_list_
        
        if (length < 0)
        {
-               DBG1(SIG_DBG_ENC, "  invalid length for rule %d %N",
+               DBG1(DBG_ENC, "  invalid length for rule %d %N",
                         rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;     
        }
        
        if (this->bit_pos)
        {
-               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+               DBG1(DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
                         encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
@@ -517,14 +517,14 @@ static status_t parse_list(private_parser_t *this, int rule_number, linked_list_
                u_int8_t *pos_before = this->byte_pos;
                payload_t *payload;
                status_t status;
-               DBG2(SIG_DBG_ENC, "  %d bytes left, parsing recursively %N",
+               DBG2(DBG_ENC, "  %d bytes left, parsing recursively %N",
                         length, payload_type_names, payload_type);
                status = this->public.parse_payload((parser_t*)this, payload_type, &payload);
                if (status != SUCCESS)
                {
-                       DBG1(SIG_DBG_ENC, "  parsing of a %N substructure failed",
+                       DBG1(DBG_ENC, "  parsing of a %N substructure failed",
                                 payload_type_names, payload_type);
-                       return status;  
+                       return status;
                }
                list->insert_last(list, payload);
                length -= this->byte_pos - pos_before;
@@ -540,13 +540,13 @@ static status_t parse_chunk(private_parser_t *this, int rule_number, chunk_t *ou
 {
        if (this->byte_pos + length > this->input_roof)
        {
-               DBG1(SIG_DBG_ENC, "  not enough input (%d bytes) to parse rule %d %N",
+               DBG1(DBG_ENC, "  not enough input (%d bytes) to parse rule %d %N",
                         length, rule_number, encoding_type_names, this->rules[rule_number].type);
                return PARSE_ERROR;
        }
        if (this->bit_pos)
        {
-               DBG1(SIG_DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
+               DBG1(DBG_ENC, "  found rule %d %N on bitpos %d", rule_number,
                         encoding_type_names, this->rules[rule_number].type, this->bit_pos);
                return PARSE_ERROR;
        }
@@ -557,7 +557,7 @@ static status_t parse_chunk(private_parser_t *this, int rule_number, chunk_t *ou
                memcpy(output_pos->ptr, this->byte_pos, length);
        }
        this->byte_pos += length;
-       DBG3(SIG_DBG_ENC, "   => %b", (void*)output_pos->ptr, length);
+       DBG3(DBG_ENC, "   => %b", (void*)output_pos->ptr, length);
        
        return SUCCESS;
 }
@@ -578,15 +578,15 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
        /* create instance of the payload to parse */
        pld = payload_create(payload_type);
        
-       DBG2(SIG_DBG_ENC, "parsing %N payload, %d bytes left",
+       DBG2(DBG_ENC, "parsing %N payload, %d bytes left",
                 payload_type_names, payload_type, this->input_roof - this->byte_pos);
        
-       DBG3(SIG_DBG_ENC, "parsing payload from %b",
+       DBG3(DBG_ENC, "parsing payload from %b",
                 this->byte_pos, this->input_roof-this->byte_pos);
        
        if (pld->get_type(pld) == UNKNOWN_PAYLOAD)
        {
-               DBG1(SIG_DBG_ENC, "  payload type %d is unknown, handling as %N",
+               DBG1(DBG_ENC, "  payload type %d is unknown, handling as %N",
                         payload_type, payload_type_names, UNKNOWN_PAYLOAD);
        }
        
@@ -598,7 +598,7 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
        for (rule_number = 0; rule_number < rule_count; rule_number++)
        {
                rule = &(this->rules[rule_number]);
-               DBG2(SIG_DBG_ENC, "  parsing rule %d %N",
+               DBG2(DBG_ENC, "  parsing rule %d %N",
                         rule_number, encoding_type_names, rule->type);
                switch (rule->type)
                {
@@ -975,7 +975,7 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
                        }
                        default:
                        {
-                               DBG1(SIG_DBG_ENC, "  no rule to parse rule %d %N",
+                               DBG1(DBG_ENC, "  no rule to parse rule %d %N",
                                         rule_number, encoding_type_names, rule->type);
                                pld->destroy(pld);
                                return PARSE_ERROR;
@@ -986,7 +986,7 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
        }
        
        *payload = pld;
-       DBG2(SIG_DBG_ENC, "parsing %N payload finished",
+       DBG2(DBG_ENC, "parsing %N payload finished",
                 payload_type_names, payload_type);
        return SUCCESS;
 }
index bec94d6..908de3d 100644 (file)
@@ -291,7 +291,7 @@ static void generate(private_encryption_payload_t *this)
        else
        {
                /* no paylads? */
-               DBG2(SIG_DBG_ENC, "generating contained payloads, but none available");
+               DBG2(DBG_ENC, "generating contained payloads, but none available");
                free(this->decrypted.ptr);
                this->decrypted = CHUNK_INITIALIZER;
                iterator->destroy(iterator);
@@ -318,7 +318,7 @@ static void generate(private_encryption_payload_t *this)
        
        generator->write_to_chunk(generator, &(this->decrypted));
        generator->destroy(generator);
-       DBG2(SIG_DBG_ENC, "successfully generated content in encryption payload");
+       DBG2(DBG_ENC, "successfully generated content in encryption payload");
 }
 
 /**
@@ -333,7 +333,7 @@ static status_t encrypt(private_encryption_payload_t *this)
        
        if (this->signer == NULL || this->crypter == NULL)
        {
-               DBG1(SIG_DBG_ENC, "could not encrypt, signer/crypter not set");
+               DBG1(DBG_ENC, "could not encrypt, signer/crypter not set");
                return INVALID_STATE;
        }
        
@@ -343,8 +343,8 @@ static status_t encrypt(private_encryption_payload_t *this)
        /* build payload chunk */
        generate(this);
        
-       DBG2(SIG_DBG_ENC, "encrypting payloads");
-       DBG3(SIG_DBG_ENC, "data to encrypt %B", &this->decrypted);
+       DBG2(DBG_ENC, "encrypting payloads");
+       DBG3(DBG_ENC, "data to encrypt %B", &this->decrypted);
        
        /* build padding */
        block_size = this->crypter->get_block_size(this->crypter);
@@ -375,7 +375,7 @@ static status_t encrypt(private_encryption_payload_t *this)
                return status;
        }
        
-       DBG3(SIG_DBG_ENC, "data before encryption with padding %B", &to_crypt);
+       DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt);
        
        /* encrypt to_crypt chunk */
        free(this->encrypted.ptr);
@@ -384,11 +384,11 @@ static status_t encrypt(private_encryption_payload_t *this)
        free(to_crypt.ptr);
        if (status != SUCCESS)
        {
-               DBG2(SIG_DBG_ENC, "encryption failed");
+               DBG2(DBG_ENC, "encryption failed");
                free(iv.ptr);
                return status;
        }
-       DBG3(SIG_DBG_ENC, "data after encryption %B", &result);
+       DBG3(DBG_ENC, "data after encryption %B", &result);
        
        /* build encrypted result with iv and signature */
        this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer);
@@ -401,7 +401,7 @@ static status_t encrypt(private_encryption_payload_t *this)
        
        free(result.ptr);
        free(iv.ptr);
-       DBG3(SIG_DBG_ENC, "data after encryption with IV and (invalid) signature %B",
+       DBG3(DBG_ENC, "data after encryption with IV and (invalid) signature %B",
                 &this->encrypted);
        
        return SUCCESS;
@@ -435,7 +435,7 @@ static status_t parse(private_encryption_payload_t *this)
                status = current_payload->verify(current_payload);
                if (status != SUCCESS)
                {
-                       DBG1(SIG_DBG_ENC, "%N verification failed",
+                       DBG1(DBG_ENC, "%N verification failed",
                                 payload_type_names, current_payload->get_type(current_payload));
                        current_payload->destroy(current_payload);
                        parser->destroy(parser);
@@ -448,7 +448,7 @@ static status_t parse(private_encryption_payload_t *this)
                this->payloads->insert_last(this->payloads,current_payload);
        }
        parser->destroy(parser);
-       DBG2(SIG_DBG_ENC, "succesfully parsed content of encryption payload");
+       DBG2(DBG_ENC, "succesfully parsed content of encryption payload");
        return SUCCESS;
 }
 
@@ -461,13 +461,13 @@ static status_t decrypt(private_encryption_payload_t *this)
        u_int8_t padding_length;
        status_t status;
        
-       DBG2(SIG_DBG_ENC, "decrypting encryption payload");
-       DBG3(SIG_DBG_ENC, "data before decryption with IV and (invalid) signature %B",
+       DBG2(DBG_ENC, "decrypting encryption payload");
+       DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B",
                 &this->encrypted);
        
        if (this->signer == NULL || this->crypter == NULL)
        {
-               DBG1(SIG_DBG_ENC, "could not decrypt, no crypter/signer set");
+               DBG1(DBG_ENC, "could not decrypt, no crypter/signer set");
                return INVALID_STATE;
        }
        
@@ -485,22 +485,22 @@ static status_t decrypt(private_encryption_payload_t *this)
         */
        if (concatenated.len < iv.len)
        {
-               DBG1(SIG_DBG_ENC, "could not decrypt, invalid input");
+               DBG1(DBG_ENC, "could not decrypt, invalid input");
                return FAILED;
        }
        
        /* free previus data, if any */
        free(this->decrypted.ptr);
        
-       DBG3(SIG_DBG_ENC, "data before decryption %B", &concatenated);
+       DBG3(DBG_ENC, "data before decryption %B", &concatenated);
        
        status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted));
        if (status != SUCCESS)
        {
-               DBG1(SIG_DBG_ENC, "could not decrypt, decryption failed");
+               DBG1(DBG_ENC, "could not decrypt, decryption failed");
                return FAILED;
        }
-       DBG3(SIG_DBG_ENC, "data after decryption with padding %B", &this->decrypted);
+       DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted);
        
        
        /* get padding length, sits just bevore signature */
@@ -512,15 +512,15 @@ static status_t decrypt(private_encryption_payload_t *this)
        /* check size again */
        if (padding_length > concatenated.len || this->decrypted.len < 0)
        {
-               DBG1(SIG_DBG_ENC, "decryption failed, invalid padding length found. Invalid key?");
+               DBG1(DBG_ENC, "decryption failed, invalid padding length found. Invalid key?");
                /* decryption failed :-/ */
                return FAILED;
        }
        
        /* free padding */
        this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len);
-       DBG3(SIG_DBG_ENC, "data after decryption without padding %B", &this->decrypted);
-       DBG2(SIG_DBG_ENC, "decryption successful, trying to parse content");
+       DBG3(DBG_ENC, "data after decryption without padding %B", &this->decrypted);
+       DBG2(DBG_ENC, "decryption successful, trying to parse content");
        return parse(this);
 }
 
@@ -543,14 +543,14 @@ static status_t build_signature(private_encryption_payload_t *this, chunk_t data
        
        if (this->signer == NULL)
        {
-               DBG1(SIG_DBG_ENC, "unable to build signature, no signer set");
+               DBG1(DBG_ENC, "unable to build signature, no signer set");
                return INVALID_STATE;
        }
        
        sig.len = this->signer->get_block_size(this->signer);
        data_without_sig.len -= sig.len;
        sig.ptr = data.ptr + data_without_sig.len;
-       DBG2(SIG_DBG_ENC, "building signature");
+       DBG2(DBG_ENC, "building signature");
        this->signer->get_signature(this->signer, data_without_sig, sig.ptr);
        return SUCCESS;
 }
@@ -565,14 +565,14 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat
        
        if (this->signer == NULL)
        {
-               DBG1(SIG_DBG_ENC, "unable to verify signature, no signer set");
+               DBG1(DBG_ENC, "unable to verify signature, no signer set");
                return INVALID_STATE;
        }
        /* find signature in data chunk */
        sig.len = this->signer->get_block_size(this->signer);
        if (data.len <= sig.len)
        {
-               DBG1(SIG_DBG_ENC, "unable to verify signature, invalid input");
+               DBG1(DBG_ENC, "unable to verify signature, invalid input");
                return FAILED;
        }
        sig.ptr = data.ptr + data.len - sig.len;
@@ -584,11 +584,11 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat
        
        if (!valid)
        {
-               DBG1(SIG_DBG_ENC, "signature verification failed");
+               DBG1(DBG_ENC, "signature verification failed");
                return FAILED;
        }
        
-       DBG2(SIG_DBG_ENC, "signature verification successful");
+       DBG2(DBG_ENC, "signature verification successful");
        return SUCCESS;
 }
 
index faea602..d943b21 100644 (file)
@@ -196,13 +196,13 @@ static status_t verify(private_notify_payload_t *this)
                case PROTO_ESP:
                        if (this->spi.len != 4)
                        {
-                               DBG1(SIG_DBG_ENC, "Invalid SPI size for %N", 
+                               DBG1(DBG_ENC, "Invalid SPI size for %N", 
                                         protocol_id_names, this->protocol_id);
                                return FAILED;
                        }
                        break;
                default:
-                       DBG1(SIG_DBG_ENC, "Unknown protocol (%d)", this->protocol_id);
+                       DBG1(DBG_ENC, "Unknown protocol (%d)", this->protocol_id);
                        return FAILED;
        }
        
@@ -229,7 +229,7 @@ static status_t verify(private_notify_payload_t *this)
                                case MODP_8192_BIT:
                                        break;
                                default:
-                                       DBG1(SIG_DBG_ENC, "Bad DH group (%d)", dh_group);
+                                       DBG1(DBG_ENC, "Bad DH group (%d)", dh_group);
                                        return FAILED;
                        }
                        break;
@@ -239,7 +239,7 @@ static status_t verify(private_notify_payload_t *this)
                {
                        if (this->notification_data.len != HASH_SIZE_SHA1)
                        {
-                               DBG1(SIG_DBG_ENC, "invalid %N notify length",
+                               DBG1(DBG_ENC, "invalid %N notify length",
                                         notify_type_names, this->notify_type);
                                return FAILED;
                        }
@@ -251,7 +251,7 @@ static status_t verify(private_notify_payload_t *this)
                {
                        if (this->notification_data.len != 0)
                        {
-                               DBG1(SIG_DBG_ENC, "invalid %N notify",
+                               DBG1(DBG_ENC, "invalid %N notify",
                                         notify_type_names, this->notify_type);
                                return FAILED;
                        }
index 3351c8a..bb18c79 100644 (file)
@@ -147,13 +147,13 @@ static status_t verify(private_proposal_substructure_t *this)
        if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2))
        {
                /* must be 0 or 2 */
-               DBG1(SIG_DBG_ENC, "inconsistent next payload");
+               DBG1(DBG_ENC, "inconsistent next payload");
                return FAILED;
        }
        if (this->transforms_count != this->transforms->get_count(this->transforms))
        {
                /* must be the same! */
-               DBG1(SIG_DBG_ENC, "transform count invalid");
+               DBG1(DBG_ENC, "transform count invalid");
                return FAILED;
        }
 
@@ -163,7 +163,7 @@ static status_t verify(private_proposal_substructure_t *this)
                case PROTO_ESP:
                        if (this->spi.len != 4)
                        {
-                               DBG1(SIG_DBG_ENC, "invalid SPI length in %N proposal",
+                               DBG1(DBG_ENC, "invalid SPI length in %N proposal",
                                                                  protocol_id_names, this->protocol_id);
                                return FAILED;
                        }
@@ -171,18 +171,18 @@ static status_t verify(private_proposal_substructure_t *this)
                case PROTO_IKE:
                        if (this->spi.len != 0 && this->spi.len  != 8)
                        {
-                               DBG1(SIG_DBG_ENC, "invalid SPI length in IKE proposal");
+                               DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
                                return FAILED;
                        }
                        break;
                default:
-                       DBG1(SIG_DBG_ENC, "invalid proposal protocol (%d)", this->protocol_id);
+                       DBG1(DBG_ENC, "invalid proposal protocol (%d)", this->protocol_id);
                        return FAILED;
        }
        if ((this->protocol_id == 0) || (this->protocol_id >= 4))
        {
                /* reserved are not supported */
-               DBG1(SIG_DBG_ENC, "invalid protocol");
+               DBG1(DBG_ENC, "invalid protocol");
                return FAILED;
        }
        
@@ -192,7 +192,7 @@ static status_t verify(private_proposal_substructure_t *this)
                status = current_transform->verify(current_transform);
                if (status != SUCCESS)
                {
-                       DBG1(SIG_DBG_ENC, "TRANSFORM_SUBSTRUCTURE verification failed");
+                       DBG1(DBG_ENC, "TRANSFORM_SUBSTRUCTURE verification failed");
                        break;
                }
        }
index 751e832..7ae0f95 100644 (file)
@@ -123,14 +123,14 @@ static status_t verify(private_sa_payload_t *this)
                {
                        if (first)
                        {
-                               DBG1(SIG_DBG_ENC, "first proposal is not proposal #1");
+                               DBG1(DBG_ENC, "first proposal is not proposal #1");
                                status = FAILED;
                                break;
                        }
                        
                        if (current_number != (expected_number + 1))
                        {
-                               DBG1(SIG_DBG_ENC, "proposal number is %d, excepted %d or %d",
+                               DBG1(DBG_ENC, "proposal number is %d, excepted %d or %d",
                                         current_number, expected_number, expected_number + 1);
                                status = FAILED;
                                break;
@@ -139,7 +139,7 @@ static status_t verify(private_sa_payload_t *this)
                else if (current_number < expected_number)
                {
                        /* must not be smaller then proceeding one */
-                       DBG1(SIG_DBG_ENC, "proposal number smaller than that of previous proposal");
+                       DBG1(DBG_ENC, "proposal number smaller than that of previous proposal");
                        status = FAILED;
                        break;
                }
@@ -147,7 +147,7 @@ static status_t verify(private_sa_payload_t *this)
                status = current_proposal->payload_interface.verify(&(current_proposal->payload_interface));
                if (status != SUCCESS)
                {
-                       DBG1(SIG_DBG_ENC, "PROPOSAL_SUBSTRUCTURE verification failed");
+                       DBG1(DBG_ENC, "PROPOSAL_SUBSTRUCTURE verification failed");
                        break;
                }
                first = FALSE;
index f165507..4ad1948 100644 (file)
@@ -125,7 +125,7 @@ static status_t verify(private_transform_substructure_t *this)
        if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3))
        {
                /* must be 0 or 3 */
-               DBG1(SIG_DBG_ENC, "inconsistent next payload");
+               DBG1(DBG_ENC, "inconsistent next payload");
                return FAILED;
        }
 
@@ -141,7 +141,7 @@ static status_t verify(private_transform_substructure_t *this)
                        break;
                default:
                {
-                       DBG1(SIG_DBG_ENC, "invalid transform type: %d", this->transform_type);
+                       DBG1(DBG_ENC, "invalid transform type: %d", this->transform_type);
                        return FAILED;
                }
        }
@@ -152,7 +152,7 @@ static status_t verify(private_transform_substructure_t *this)
                status = current_attributes->verify(current_attributes);
                if (status != SUCCESS)
                {
-                       DBG1(SIG_DBG_ENC, "TRANSFORM_ATTRIBUTE verification failed");
+                       DBG1(DBG_ENC, "TRANSFORM_ATTRIBUTE verification failed");
                }
        }
        iterator->destroy(iterator);
index 52d44a1..e74af77 100644 (file)
@@ -152,7 +152,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
                FD_SET(this->recv6, &rfds);
        }
        
-       DBG2(SIG_DBG_NET, "waiting for data on raw sockets");
+       DBG2(DBG_NET, "waiting for data on raw sockets");
        
        pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
        if (select(max(this->recv4, this->recv6) + 1, &rfds, NULL, NULL, NULL) <= 0)
@@ -172,15 +172,15 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
                bytes_read = recv(this->recv4, buffer, MAX_PACKET, 0);
                if (bytes_read < 0)
                {
-                       DBG1(SIG_DBG_NET, "error reading from IPv4 socket: %m");
+                       DBG1(DBG_NET, "error reading from IPv4 socket: %m");
                        return FAILED;
                }
-               DBG3(SIG_DBG_NET, "received IPv4 packet %b", buffer, bytes_read);
+               DBG3(DBG_NET, "received IPv4 packet %b", buffer, bytes_read);
                
                /* read source/dest from raw IP/UDP header */
                if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN)
                {
-                       DBG1(SIG_DBG_NET, "received IPv4 packet too short (%d bytes)",
+                       DBG1(DBG_NET, "received IPv4 packet too short (%d bytes)",
                                 bytes_read);
                        return FAILED;
                }
@@ -198,7 +198,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
                pkt = packet_create();
                pkt->set_source(pkt, source);
                pkt->set_destination(pkt, dest);
-               DBG2(SIG_DBG_NET, "received packet: from %#H to %#H", source, dest);
+               DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
                data_offset = IP_LEN + UDP_LEN;
                /* remove non esp marker */     
                if (dest->get_port(dest) == this->natt_port)
@@ -234,14 +234,14 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
                bytes_read = recvmsg(this->recv6, &msg, 0);
                if (bytes_read < 0)
                {
-                       DBG1(SIG_DBG_NET, "error reading from IPv6 socket: %m");
+                       DBG1(DBG_NET, "error reading from IPv6 socket: %m");
                        return FAILED;
                }
-               DBG3(SIG_DBG_NET, "received IPv6 packet %b", buffer, bytes_read);
+               DBG3(DBG_NET, "received IPv6 packet %b", buffer, bytes_read);
                
                if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN)
                {
-                       DBG3(SIG_DBG_NET, "received IPv6 packet too short (%d bytes)",
+                       DBG3(DBG_NET, "received IPv6 packet too short (%d bytes)",
                                 bytes_read);
                        return FAILED;
                }
@@ -252,7 +252,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
                {
                        if (cmsgptr->cmsg_len == 0)
                        {
-                               DBG1(SIG_DBG_NET, "error reading IPv6 ancillary data");
+                               DBG1(DBG_NET, "error reading IPv6 ancillary data");
                                return FAILED;
                        }       
                        if (cmsgptr->cmsg_level == SOL_IPV6 &&
@@ -273,7 +273,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
                /* ancillary data missing? */
                if (dest == NULL)
                {
-                       DBG1(SIG_DBG_NET, "error reading IPv6 packet header");
+                       DBG1(DBG_NET, "error reading IPv6 packet header");
                        return FAILED;
                }
                
@@ -282,7 +282,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
                pkt = packet_create();
                pkt->set_source(pkt, source);
                pkt->set_destination(pkt, dest);
-               DBG2(SIG_DBG_NET, "received packet: from %#H to %#H", source, dest);
+               DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
                data_offset = UDP_LEN;
                /* remove non esp marker */     
                if (dest->get_port(dest) == this->natt_port)
@@ -320,7 +320,7 @@ status_t sender(private_socket_t *this, packet_t *packet)
        dst = packet->get_destination(packet);
        data = packet->get_data(packet);
 
-       DBG2(SIG_DBG_NET, "sending packet: from %#H to %#H", src, dst);
+       DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
        
        /* send data */
        sport = src->get_port(src);
@@ -352,7 +352,7 @@ status_t sender(private_socket_t *this, packet_t *packet)
                        /* add non esp marker to packet */
                        if (data.len > MAX_PACKET - MARKER_LEN)
                        {
-                               DBG1(SIG_DBG_NET, "unable to send packet: it's too big (%d bytes)",
+                               DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
                                         data.len);
                                return FAILED;
                        }
@@ -366,7 +366,7 @@ status_t sender(private_socket_t *this, packet_t *packet)
        }
        else
        {
-               DBG1(SIG_DBG_NET, "unable to locate a send socket for port %d", sport);
+               DBG1(DBG_NET, "unable to locate a send socket for port %d", sport);
                return FAILED;
        }
        
@@ -375,7 +375,7 @@ status_t sender(private_socket_t *this, packet_t *packet)
 
        if (bytes_sent != data.len)
        {
-               DBG1(SIG_DBG_NET, "error writing to socket: %m");
+               DBG1(DBG_NET, "error writing to socket: %m");
                return FAILED;
        }
        return SUCCESS;
@@ -533,13 +533,13 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
        skt = socket(family, SOCK_DGRAM, IPPROTO_UDP);
        if (skt < 0)
        {
-               DBG1(SIG_DBG_NET, "could not open send socket: %m");
+               DBG1(DBG_NET, "could not open send socket: %m");
                return 0;
        }
        
        if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
        {
-               DBG1(SIG_DBG_NET, "unable to set SO_REUSEADDR on send socket: %m");
+               DBG1(DBG_NET, "unable to set SO_REUSEADDR on send socket: %m");
                close(skt);
                return 0;
        }
@@ -555,7 +555,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
        
        if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
        {
-               DBG1(SIG_DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
+               DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
                close(skt);
                return 0;
        }
@@ -565,7 +565,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
        policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
        if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
        {
-               DBG1(SIG_DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
+               DBG1(DBG_NET, "unable to set IPSEC_POLICY on send socket: %m");
                close(skt);
                return 0;
        }
@@ -573,7 +573,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
        /* bind the send socket */
        if (bind(skt, (struct sockaddr *)&addr, sizeof(addr)) < 0)
        {
-               DBG1(SIG_DBG_NET, "unable to bind send socket: %m");
+               DBG1(DBG_NET, "unable to bind send socket: %m");
                close(skt);
                return 0;
        }
@@ -583,7 +583,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
                /* enable UDP decapsulation globally, only for one socket needed */
                if (setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
                {
-                       DBG1(SIG_DBG_NET, "unable to set UDP_ENCAP: %m; NAT-T may fail");
+                       DBG1(DBG_NET, "unable to set UDP_ENCAP: %m; NAT-T may fail");
                }
        }
        
@@ -664,14 +664,14 @@ static int open_recv_socket(private_socket_t *this, int family)
        skt = socket(family, SOCK_RAW, IPPROTO_UDP);
        if (skt < 0)
        {
-               DBG1(SIG_DBG_NET, "unable to create raw socket: %m");
+               DBG1(DBG_NET, "unable to create raw socket: %m");
                return 0;
        }
        
        if (setsockopt(skt, SOL_SOCKET, SO_ATTACH_FILTER,
                                   &ikev2_filter, sizeof(ikev2_filter)) < 0)
        {
-               DBG1(SIG_DBG_NET, "unable to attach IKEv2 filter to raw socket: %m");
+               DBG1(DBG_NET, "unable to attach IKEv2 filter to raw socket: %m");
                close(skt);
                return 0;
        }
@@ -681,7 +681,7 @@ static int open_recv_socket(private_socket_t *this, int family)
                 * 2 or 50 depending on kernel header version */
                setsockopt(skt, sol, IPV6_2292PKTINFO, &on, sizeof(on)) < 0)
        {
-               DBG1(SIG_DBG_NET, "unable to set IPV6_PKTINFO on raw socket: %m");
+               DBG1(DBG_NET, "unable to set IPV6_PKTINFO on raw socket: %m");
                close(skt);
                return 0;
        }
@@ -697,7 +697,7 @@ static int open_recv_socket(private_socket_t *this, int family)
        
        if (setsockopt(skt, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
        {
-               DBG1(SIG_DBG_NET, "unable to set IPSEC_POLICY on raw socket: %m");
+               DBG1(DBG_NET, "unable to set IPSEC_POLICY on raw socket: %m");
                close(skt);
                return 0;
        }
@@ -763,14 +763,14 @@ socket_t *socket_create(u_int16_t port, u_int16_t natt_port)
        this->recv4 = open_recv_socket(this, AF_INET);
        if (this->recv4 == 0)
        {
-               DBG1(SIG_DBG_NET, "could not open IPv4 receive socket, IPv4 disabled");
+               DBG1(DBG_NET, "could not open IPv4 receive socket, IPv4 disabled");
        }
        else
        {
                this->send4 = open_send_socket(this, AF_INET, this->port);
                if (this->send4 == 0)
                {
-                       DBG1(SIG_DBG_NET, "could not open IPv4 send socket, IPv4 disabled");
+                       DBG1(DBG_NET, "could not open IPv4 send socket, IPv4 disabled");
                        close(this->recv4);
                }
                else
@@ -778,7 +778,7 @@ socket_t *socket_create(u_int16_t port, u_int16_t natt_port)
                        this->send4_natt = open_send_socket(this, AF_INET, this->natt_port);
                        if (this->send4_natt == 0)
                        {
-                               DBG1(SIG_DBG_NET, "could not open IPv4 NAT-T send socket");
+                               DBG1(DBG_NET, "could not open IPv4 NAT-T send socket");
                        }
                }
        }
@@ -786,14 +786,14 @@ socket_t *socket_create(u_int16_t port, u_int16_t natt_port)
        this->recv6 = open_recv_socket(this, AF_INET6);
        if (this->recv6 == 0)
        {
-               DBG1(SIG_DBG_NET, "could not open IPv6 receive socket, IPv6 disabled");
+               DBG1(DBG_NET, "could not open IPv6 receive socket, IPv6 disabled");
        }
        else
        {
                this->send6 = open_send_socket(this, AF_INET6, this->port);
                if (this->send6 == 0)
                {
-                       DBG1(SIG_DBG_NET, "could not open IPv6 send socket, IPv6 disabled");
+                       DBG1(DBG_NET, "could not open IPv6 send socket, IPv6 disabled");
                        close(this->recv6);
                }
                else
@@ -801,14 +801,14 @@ socket_t *socket_create(u_int16_t port, u_int16_t natt_port)
                        this->send6_natt = open_send_socket(this, AF_INET6, this->natt_port);
                        if (this->send6_natt == 0)
                        {
-                               DBG1(SIG_DBG_NET, "could not open IPv6 NAT-T send socket");
+                               DBG1(DBG_NET, "could not open IPv6 NAT-T send socket");
                        }
                }
        }
        
        if (!(this->send4 || this->send6) || !(this->recv4 || this->recv6))
        {
-               DBG1(SIG_DBG_NET, "could not create any sockets");
+               DBG1(DBG_NET, "could not create any sockets");
                destroy(this);
                charon->kill(charon, "socket initialization failed");
        }
index a5dd43d..4deadf3 100644 (file)
@@ -61,7 +61,7 @@ static status_t execute(private_acquire_job_t *this)
                                                                                                           this->reqid);
        if (ike_sa == NULL)
        {
-               DBG2(SIG_DBG_JOB, "CHILD_SA with reqid %d not found for acquiring",
+               DBG2(DBG_JOB, "CHILD_SA with reqid %d not found for acquiring",
                         this->reqid);
                return DESTROY_ME;
        }
index bd25788..71ee3f0 100644 (file)
@@ -72,7 +72,7 @@ static status_t execute(private_delete_child_sa_job_t *this)
                                                                                                           this->reqid);
        if (ike_sa == NULL)
        {
-               DBG1(SIG_DBG_JOB, "CHILD_SA with reqid %d not found for delete",
+               DBG1(DBG_JOB, "CHILD_SA with reqid %d not found for delete",
                         this->reqid);
                return DESTROY_ME;
        }
index d8b907f..9e8173c 100644 (file)
@@ -67,7 +67,7 @@ static status_t execute(private_delete_ike_sa_job_t *this)
                if (charon->ike_sa_manager->delete(charon->ike_sa_manager, 
                        this->ike_sa_id) != SUCCESS)
                {
-                       DBG2(SIG_DBG_JOB, "IKE SA didn't exist anymore");
+                       DBG2(DBG_JOB, "IKE SA didn't exist anymore");
                }
                return DESTROY_ME;
        }
@@ -91,7 +91,7 @@ static status_t execute(private_delete_ike_sa_job_t *this)
                        default:
                        {
                                /* IKE_SA is half open and gets destroyed */
-                               DBG1(SIG_DBG_JOB, "deleting half open IKE_SA after timeout");
+                               DBG1(DBG_JOB, "deleting half open IKE_SA after timeout");
                                charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
                                return DESTROY_ME;
                        }
index c09571e..1867161 100644 (file)
@@ -87,7 +87,7 @@ static void send_notify_response(private_incoming_packet_job_t *this,
                response->destroy(response);
                return;
        }
-       DBG1(SIG_DBG_NET, "sending %N notify", notify_type_names, type);
+       DBG1(DBG_NET, "sending %N notify", notify_type_names, type);
        charon->send_queue->add(charon->send_queue, packet);
        response->destroy(response);
        return;
@@ -107,12 +107,12 @@ static status_t execute(private_incoming_packet_job_t *this)
        message = message_create_from_packet(this->packet->clone(this->packet));
        src = message->get_source(message);
        dst = message->get_destination(message);
-       DBG1(SIG_DBG_NET, "received packet: from %#H to %#H", src, dst);
+       DBG1(DBG_NET, "received packet: from %#H to %#H", src, dst);
        
        status = message->parse_header(message);
        if (status != SUCCESS)
        {
-               DBG1(SIG_DBG_NET, "received message with invalid IKE header, ignored");
+               DBG1(DBG_NET, "received message with invalid IKE header, ignored");
                message->destroy(message);
                return DESTROY_ME;
        }
@@ -120,7 +120,7 @@ static status_t execute(private_incoming_packet_job_t *this)
        if ((message->get_major_version(message) != IKE_MAJOR_VERSION) ||
                (message->get_minor_version(message) != IKE_MINOR_VERSION))
        {
-               DBG1(SIG_DBG_NET,
+               DBG1(DBG_NET,
                         "received a packet with IKE version %d.%d, not supported",
                          message->get_major_version(message),
                          message->get_minor_version(message));
@@ -138,7 +138,7 @@ static status_t execute(private_incoming_packet_job_t *this)
        ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, ike_sa_id);
        if (ike_sa == NULL)
        {
-               DBG1(SIG_DBG_NET, "received packet for IKE_SA: %J, but no such IKE_SA",
+               DBG1(DBG_NET, "received packet for IKE_SA: %J, but no such IKE_SA",
                         ike_sa_id);
                if (message->get_request(message))
                {
index 9d8edd9..52877c4 100644 (file)
@@ -75,7 +75,7 @@ static status_t execute(private_initiate_job_t *this)
        this->policy->get_ref(this->policy);
        if (ike_sa->initiate(ike_sa, this->connection, this->policy) != SUCCESS)
        {
-               DBG1(SIG_DBG_JOB, "initiation failed, going to delete IKE_SA");
+               DBG1(DBG_JOB, "initiation failed, going to delete IKE_SA");
                charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
                return DESTROY_ME;
        }
index c0b1da0..5944aa7 100644 (file)
@@ -71,7 +71,7 @@ static status_t execute(private_rekey_child_sa_job_t *this)
                                                                                                           this->reqid);
        if (ike_sa == NULL)
        {
-               DBG2(SIG_DBG_JOB, "CHILD_SA with reqid %d not found for rekeying",
+               DBG2(DBG_JOB, "CHILD_SA with reqid %d not found for rekeying",
                         this->reqid);
                return DESTROY_ME;
        }
index f165815..9016b42 100644 (file)
@@ -61,7 +61,7 @@ static status_t execute(private_rekey_ike_sa_job_t *this)
                                                                                          this->ike_sa_id);
        if (ike_sa == NULL)
        {
-               DBG2(SIG_DBG_JOB, "IKE_SA %J to rekey not found", this->ike_sa_id);
+               DBG2(DBG_JOB, "IKE_SA %J to rekey not found", this->ike_sa_id);
                return DESTROY_ME;
        }
        ike_sa->rekey(ike_sa);
index 222e808..1dee6e5 100644 (file)
@@ -65,7 +65,7 @@ static status_t execute(private_retransmit_request_job_t *this)
        ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id);
        if (ike_sa == NULL)
        {
-               DBG2(SIG_DBG_JOB, "IKE SA could not be checked out. Already deleted?");
+               DBG2(DBG_JOB, "IKE SA could not be checked out. Already deleted?");
                return DESTROY_ME;
        }
        
index a195a3e..5a12847 100644 (file)
@@ -78,14 +78,14 @@ static status_t execute(private_route_job_t *this)
        {
                if (ike_sa->route(ike_sa, this->connection, this->policy) != SUCCESS)
                {
-                       DBG1(SIG_DBG_JOB, "routing failed");
+                       DBG1(DBG_JOB, "routing failed");
                }
        }
        else
        {
                if (ike_sa->unroute(ike_sa, this->policy) == DESTROY_ME)
                {
-                       DBG1(SIG_DBG_JOB, "removing IKE_SA, as last routed CHILD_SA unrouted");
+                       DBG1(DBG_JOB, "removing IKE_SA, as last routed CHILD_SA unrouted");
                        charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
                        return DESTROY_ME;
                }
index b0c7751..a966694 100644 (file)
@@ -107,7 +107,7 @@ static void add(private_send_queue_t *this, packet_t *packet)
        
        src = packet->get_source(packet);
        dst = packet->get_destination(packet);
-       DBG1(SIG_DBG_NET, "sending packet: from %#H to %#H", src, dst);
+       DBG1(DBG_NET, "sending packet: from %#H to %#H", src, dst);
        
        pthread_mutex_lock(&this->mutex);
        this->list->insert_last(this->list, packet);
index 7a78b60..b9b9d00 100644 (file)
@@ -130,11 +130,11 @@ static chunk_t build_shared_key_signature(private_authenticator_t *this,
        this->prf->get_bytes(this->prf, key_pad, key_buffer);
        this->prf->set_key(this->prf, key);
        this->prf->allocate_bytes(this->prf, octets, &auth_data);
-       DBG3(SIG_DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", &octets);
-       DBG3(SIG_DBG_IKE, "secret %B", &secret);
-       DBG3(SIG_DBG_IKE, "keypad %B", &key_pad);
-       DBG3(SIG_DBG_IKE, "prf(secret, keypad) %B", &key);
-       DBG3(SIG_DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", &auth_data);
+       DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", &octets);
+       DBG3(DBG_IKE, "secret %B", &secret);
+       DBG3(DBG_IKE, "keypad %B", &key_pad);
+       DBG3(DBG_IKE, "prf(secret, keypad) %B", &key);
+       DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", &auth_data);
        chunk_free(&octets);
 
        return auth_data;
@@ -168,7 +168,7 @@ static status_t verify_auth_data (private_authenticator_t *this,
                                                                                                                 &shared_key);
                        if (status != SUCCESS)
                        {
-                               DBG1(SIG_DBG_IKE, "no shared key found for '%D' - '%D'",
+                               DBG1(DBG_IKE, "no shared key found for '%D' - '%D'",
                                         my_id, other_id);
                                chunk_free(&shared_key);
                                break;
@@ -195,7 +195,7 @@ static status_t verify_auth_data (private_authenticator_t *this,
 
                        if (public_key == NULL)
                        {
-                               DBG1(SIG_DBG_IKE, "no RSA public key found for '%D'", other_id);
+                               DBG1(DBG_IKE, "no RSA public key found for '%D'", other_id);
                                status = NOT_FOUND;
                                break;
                        }
@@ -215,7 +215,7 @@ static status_t verify_auth_data (private_authenticator_t *this,
        
        if (status == SUCCESS)
        {
-               DBG1(SIG_DBG_IKE, "authentication of '%D' with %N successful",
+               DBG1(DBG_IKE, "authentication of '%D' with %N successful",
                         other_id, auth_method_names, auth_method);
        }
        
@@ -233,7 +233,7 @@ static status_t compute_auth_data (private_authenticator_t *this,
                                                                   identification_t *other_id,
                                                                   bool initiator)
 {
-       DBG1(SIG_DBG_IKE, "authentication of '%D' with %N (myself)",
+       DBG1(DBG_IKE, "authentication of '%D' with %N (myself)",
                 my_id, auth_method_names, this->auth_method);
 
        switch (this->auth_method)
@@ -250,7 +250,7 @@ static status_t compute_auth_data (private_authenticator_t *this,
 
                        if (status != SUCCESS)
                        {
-                               DBG1(SIG_DBG_IKE, "no shared key found for '%D' - '%D'",
+                               DBG1(DBG_IKE, "no shared key found for '%D' - '%D'",
                                         my_id, other_id);
                                return status;  
                        }
@@ -276,28 +276,28 @@ static status_t compute_auth_data (private_authenticator_t *this,
                        rsa_public_key_t  *my_pubkey;
                        rsa_private_key_t *my_key;
 
-                       DBG2(SIG_DBG_IKE, "looking for RSA public key belonging to '%D'",
+                       DBG2(DBG_IKE, "looking for RSA public key belonging to '%D'",
                                                          my_id);
 
                        my_pubkey = charon->credentials->get_rsa_public_key(charon->credentials, my_id);
                        if (my_pubkey == NULL)
                        {
-                               DBG1(SIG_DBG_IKE, "no RSA public key found for '%D'", my_id);
+                               DBG1(DBG_IKE, "no RSA public key found for '%D'", my_id);
                                return NOT_FOUND;
                        }
-                       DBG2(SIG_DBG_IKE, "matching RSA public key found");
+                       DBG2(DBG_IKE, "matching RSA public key found");
                        
                        chunk = my_pubkey->get_keyid(my_pubkey);
-                       DBG2(SIG_DBG_IKE, "looking for RSA private key with keyid %#B", &chunk);
+                       DBG2(DBG_IKE, "looking for RSA private key with keyid %#B", &chunk);
 
                        my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
                        if (my_key == NULL)
                        {
-                               DBG1(SIG_DBG_IKE, "no RSA private key found with for %D with keyid %#B",
+                               DBG1(DBG_IKE, "no RSA private key found with for %D with keyid %#B",
                                         my_id, &chunk);
                                return NOT_FOUND;
                        }
-                       DBG2(SIG_DBG_IKE, "matching RSA private key found");
+                       DBG2(DBG_IKE, "matching RSA private key found");
 
                        octets = build_tbs_octets(this, last_sent_packet, other_nonce,
                                                                          my_id, initiator);
@@ -310,7 +310,7 @@ static status_t compute_auth_data (private_authenticator_t *this,
                                my_key->destroy(my_key);
                                return status;
                        }
-                       DBG2(SIG_DBG_IKE, "successfully signed with RSA private key");
+                       DBG2(DBG_IKE, "successfully signed with RSA private key");
                        
                        *auth_payload = auth_payload_create();
                        (*auth_payload)->set_auth_method(*auth_payload, RSA_DIGITAL_SIGNATURE);
index 8c75a2f..1caed21 100644 (file)
@@ -327,7 +327,7 @@ static void updown(private_child_sa_t *this, bool up)
 
                if (shell == NULL)
                {
-                       DBG1(SIG_DBG_CHD, "could not execute updown script '%s'", this->script);
+                       DBG1(DBG_CHD, "could not execute updown script '%s'", this->script);
                        return;
                }
                
@@ -339,7 +339,7 @@ static void updown(private_child_sa_t *this, bool up)
                        {
                                if (ferror(shell))
                                {
-                                       DBG1(SIG_DBG_CHD, "error reading output from updown script");
+                                       DBG1(DBG_CHD, "error reading output from updown script");
                                        return;
                                }
                                else
@@ -354,7 +354,7 @@ static void updown(private_child_sa_t *this, bool up)
                                {       /* trim trailing '\n' */
                                        e[-1] = '\0';
                                }
-                               DBG1(SIG_DBG_CHD, "updown: %s", resp);
+                               DBG1(DBG_CHD, "updown: %s", resp);
                        }
                }
                pclose(shell);
@@ -489,13 +489,13 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal, prf_plus
                dst = this->other.addr;
        }
        
-       DBG2(SIG_DBG_CHD, "adding %s %N SA", mine ? "inbound" : "outbound",
+       DBG2(DBG_CHD, "adding %s %N SA", mine ? "inbound" : "outbound",
                 protocol_id_names, this->protocol);
        
        /* select encryption algo */
        if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &enc_algo))
        {
-               DBG2(SIG_DBG_CHD, "  using %N for encryption",
+               DBG2(DBG_CHD, "  using %N for encryption",
                         encryption_algorithm_names, enc_algo->algorithm);
        }
        else
@@ -506,7 +506,7 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal, prf_plus
        /* select integrity algo */
        if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_algo))
        {
-               DBG2(SIG_DBG_CHD, "  using %N for integrity",
+               DBG2(DBG_CHD, "  using %N for integrity",
                         integrity_algorithm_names, int_algo->algorithm);
        }
        else
@@ -528,7 +528,7 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal, prf_plus
        
        
        /* send SA down to the kernel */
-       DBG2(SIG_DBG_CHD, "  SPI 0x%.8x, src %H dst %H", ntohl(spi), src, dst);
+       DBG2(DBG_CHD, "  SPI 0x%.8x, src %H dst %H", ntohl(spi), src, dst);
        status = charon->kernel_interface->add_sa(charon->kernel_interface,
                                                                                          src, dst,
                                                                                          spi, this->protocol,
@@ -621,7 +621,7 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list
                        
                        if (my_ts->get_type(my_ts) != other_ts->get_type(other_ts))
                        {
-                               DBG2(SIG_DBG_CHD,
+                               DBG2(DBG_CHD,
                                         "CHILD_SA policy uses two different IP families, ignored");
                                continue;
                        }
@@ -630,7 +630,7 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list
                        if (my_ts->get_protocol(my_ts) != other_ts->get_protocol(other_ts) &&
                                my_ts->get_protocol(my_ts) && other_ts->get_protocol(other_ts))
                        {
-                               DBG2(SIG_DBG_CHD,
+                               DBG2(DBG_CHD,
                                         "CHILD_SA policy uses two different protocols, ignored");
                                continue;
                        }
@@ -908,7 +908,7 @@ static status_t update_sa_hosts(private_child_sa_t *this, host_t *new_me, host_t
                spi = this->me.spi;
        }
        
-       DBG2(SIG_DBG_CHD, "updating %N SA 0x%x, from %#H..#H to %#H..%#H",
+       DBG2(DBG_CHD, "updating %N SA 0x%x, from %#H..#H to %#H..%#H",
                 protocol_id_names, this->protocol, ntohl(spi), src, dst, new_src, new_dst);
        
        status = charon->kernel_interface->update_sa(charon->kernel_interface,
index 7c77411..0446c9d 100644 (file)
@@ -431,7 +431,6 @@ static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
  */
 static void dpd_detected(private_ike_sa_t *this)
 {
-       /* check for childrens with dpdaction=hold */
        connection_t *connection = NULL;
        policy_t *policy;
        linked_list_t *my_ts, *other_ts;
@@ -439,10 +438,11 @@ static void dpd_detected(private_ike_sa_t *this)
        dpd_action_t action;
        job_t *job;
        
-       DBG2(SIG_DBG_IKE, "dead peer detected, handling CHILD_SAs dpd action");
+       DBG2(DBG_IKE, "dead peer detected, handling CHILD_SAs dpd action");
        
+       /* check for childrens with dpdaction = hold */
        while(this->child_sas->remove_first(this->child_sas,
-                                                                                       (void**)&child_sa) == SUCCESS)
+                                                                               (void**)&child_sa) == SUCCESS)
        {
                /* get the policy which belongs to this CHILD */
                my_ts = child_sa->get_my_traffic_selectors(child_sa);
@@ -453,13 +453,13 @@ static void dpd_detected(private_ike_sa_t *this)
                                                                                          this->my_host, this->other_host);
                if (policy == NULL)
                {
-                       SIG(SIG_CHILD_FAILED, "no policy for CHILD to handle DPD");
+                       DBG1(DBG_IKE, "no policy for CHILD to handle DPD");
                        continue;
                }
                
                action = policy->get_dpd_action(policy);
                /* get a connection for further actions */
-               if (connection == NULL && 
+               if (connection == NULL &&
                        (action == DPD_ROUTE || action == DPD_RESTART))
                {
                        connection = charon->connections->get_connection_by_hosts(
@@ -467,12 +467,12 @@ static void dpd_detected(private_ike_sa_t *this)
                                                                                        this->my_host, this->other_host);
                        if (connection == NULL)
                        {
-                               SIG(SIG_IKE_FAILED, "no connection found to handle DPD");
+                               SIG(IKE_UP_FAILED, "no connection found to handle DPD");
                                break;
                        }
                }
                
-               DBG1(SIG_DBG_IKE, "dpd action for %s is %N",
+               DBG1(DBG_IKE, "dpd action for %s is %N",
                         policy->get_name(policy), dpd_action_names, action);
                
                switch (action)
@@ -516,8 +516,8 @@ static status_t transmit_request(private_ike_sa_t *this)
                                                                                                                        this->retrans_sequences);
        if (timeout == 0)
        {
-               SIG(SIG_IKE_FAILED, "giving up after %d retransmits, deleting IKE_SA",
-                       transmitted - 1);
+               DBG1(DBG_IKE, "giving up after %d retransmits, deleting IKE_SA",
+                        transmitted - 1);
                dpd_detected(this);
                return DESTROY_ME;
        }
@@ -535,13 +535,13 @@ static status_t transmit_request(private_ike_sa_t *this)
                status = request->generate(request, this->crypter_out, this->signer_out, &packet);
                if (status != SUCCESS)
                {
-                       DBG1(SIG_DBG_IKE, "request generation failed. transaction discarded");
+                       DBG1(DBG_IKE, "request generation failed. transaction discarded");
                        return FAILED;
                }
        }
        else
        {
-               DBG1(SIG_DBG_IKE, "sending retransmit %d for %N request with messageID %d",
+               DBG1(DBG_IKE, "sending retransmit %d for %N request with messageID %d",
                        transmitted, exchange_type_names, request->get_exchange_type(request),
                        message_id);
                packet = request->get_packet(request);
@@ -649,7 +649,7 @@ static status_t process_request(private_ike_sa_t *this, message_t *request)
                if (last_mid == request_mid)
                {
                        /* retransmit detected */
-                       DBG1(SIG_DBG_IKE, "received retransmitted request for message "
+                       DBG1(DBG_IKE, "received retransmitted request for message "
                                 "ID %d, retransmitting response", request_mid);
                        last->get_response(last, request, &response, &this->transaction_in_next);
                        packet = response->get_packet(response);
@@ -661,14 +661,14 @@ static status_t process_request(private_ike_sa_t *this, message_t *request)
                if (last_mid > request_mid)
                {
                        /* something seriously wrong here, message id may not decrease */
-                       DBG1(SIG_DBG_IKE, "received request with message ID %d, "
+                       DBG1(DBG_IKE, "received request with message ID %d, "
                                 "excepted %d, ingored", request_mid, last_mid + 1);
                        return FAILED;
                }
                /* we allow jumps in message IDs, as long as they are incremental */
                if (last_mid + 1 < request_mid)
                {
-                       DBG1(SIG_DBG_IKE, "received request with message ID %d, excepted %d",
+                       DBG1(DBG_IKE, "received request with message ID %d, excepted %d",
                                 request_mid, last_mid + 1);
                }
        }
@@ -677,7 +677,7 @@ static status_t process_request(private_ike_sa_t *this, message_t *request)
                if (request_mid != 0)
                {
                        /* warn, but allow it */
-                       DBG1(SIG_DBG_IKE, "first received request has message ID %d, "
+                       DBG1(DBG_IKE, "first received request has message ID %d, "
                                 "excepted 0", request_mid);
                }
        }
@@ -693,7 +693,7 @@ static status_t process_request(private_ike_sa_t *this, message_t *request)
                current = transaction_create(&this->public, request);
                if (current == NULL)
                {
-                       DBG1(SIG_DBG_IKE, "no idea how to handle received message (exchange"
+                       DBG1(DBG_IKE, "no idea how to handle received message (exchange"
                                 " type %d), ignored", request->get_exchange_type(request));
                        return FAILED;
                }
@@ -703,7 +703,7 @@ static status_t process_request(private_ike_sa_t *this, message_t *request)
        status = current->get_response(current, request, &response, &this->transaction_in_next);
        if (response->generate(response, this->crypter_out, this->signer_out, &packet) != SUCCESS)
        {
-               DBG1(SIG_DBG_IKE, "response generation failed, discarding transaction");
+               DBG1(DBG_IKE, "response generation failed, discarding transaction");
                current->destroy(current);
                return FAILED;
        }
@@ -740,7 +740,7 @@ static status_t process_response(private_ike_sa_t *this, message_t *response)
        if (current == NULL ||
                current->get_message_id(current) != response->get_message_id(response))
        {
-               DBG1(SIG_DBG_IKE, "received response with message ID %d "
+               DBG1(DBG_IKE, "received response with message ID %d "
                         "not requested, ignored", response->get_message_id(response));
                return FAILED;
        }
@@ -816,32 +816,32 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
                        switch (status)
                        {
                                case NOT_SUPPORTED:
-                                       DBG1(SIG_DBG_IKE, "ciritcal unknown payloads found");
+                                       DBG1(DBG_IKE, "ciritcal unknown payloads found");
                                        if (is_request)
                                        {
                                                send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD);
                                        }
                                        break;
                                case PARSE_ERROR:
-                                       DBG1(SIG_DBG_IKE, "message parsing failed");
+                                       DBG1(DBG_IKE, "message parsing failed");
                                        if (is_request)
                                        {
                                                send_notify_response(this, message, INVALID_SYNTAX);
                                        }
                                        break;
                                case VERIFY_ERROR:
-                                       DBG1(SIG_DBG_IKE, "message verification failed");
+                                       DBG1(DBG_IKE, "message verification failed");
                                        if (is_request)
                                        {
                                                send_notify_response(this, message, INVALID_SYNTAX);
                                        }
                                        break;
                                case FAILED:
-                                       DBG1(SIG_DBG_IKE, "integrity check failed");
+                                       DBG1(DBG_IKE, "integrity check failed");
                                        /* ignored */
                                        break;
                                case INVALID_STATE:
-                                       DBG1(SIG_DBG_IKE, "found encrypted message, but no keys available");
+                                       DBG1(DBG_IKE, "found encrypted message, but no keys available");
                                        if (is_request)
                                        {
                                                send_notify_response(this, message, INVALID_SYNTAX);
@@ -850,7 +850,7 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
                                        break;
                        }
                }
-               DBG1(SIG_DBG_IKE, "%N %s with message ID %d processing failed",
+               DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
                         exchange_type_names, message->get_exchange_type(message),
                         message->get_request(message) ? "request" : "response",
                         message->get_message_id(message));
@@ -893,7 +893,7 @@ static status_t initiate(private_ike_sa_t *this,
                         */
                        ike_sa_init_t *ike_sa_init;
                        
-                       SIG(SIG_INITIATE, "initiating new IKE_SA for CHILD_SA");
+                       DBG2(DBG_IKE, "initiating new IKE_SA for CHILD_SA");
                        DESTROY_IF(this->my_host);
                        this->my_host = connection->get_my_host(connection);
                        this->my_host = this->my_host->clone(this->my_host);
@@ -905,10 +905,8 @@ static status_t initiate(private_ike_sa_t *this,
                        
                        if (this->other_host->is_anyaddr(this->other_host))
                        {
-                               SIG(SIG_IKE_FAILED,
-                                       "can not initiate a connection to %%any, aborting");
-                               SIG(SIG_CHILD_FAILED,
-                                       "unable to create an IKE_SA to instantiate policy");
+                               SIG(IKE_UP_START, "establishing new IKE_SA for CHILD_SA");
+                               SIG(IKE_UP_FAILED, "can not initiate a connection to %%any, aborting");
                                policy->destroy(policy);
                                connection->destroy(connection);
                                return DESTROY_ME;
@@ -924,9 +922,9 @@ static status_t initiate(private_ike_sa_t *this,
                {
                        /* if we are in DELETING/REKEYING, we deny set up of a policy.
                         * TODO: would it make sense to queue the transaction and adopt
-                        * it all transactions to the new IKE_SA? */
-                       SIG(SIG_CHILD_FAILED,
-                               "creating CHILD_SA discarded, as IKE_SA is in state %N",
+                        * all transactions to the new IKE_SA? */
+                       SIG(IKE_UP_START, "creating CHILD_SA in existing IKE_SA");
+                       SIG(IKE_UP_FAILED, "creating CHILD_SA discarded, as IKE_SA is in state %N",
                                ike_sa_state_names, this->state);
                        policy->destroy(policy);
                        connection->destroy(connection);
@@ -942,7 +940,7 @@ static status_t initiate(private_ike_sa_t *this,
                         */
                        create_child_sa_t *create_child;
                        
-                       SIG(SIG_INITIATE, "creating CHILD_SA in existing IKE_SA");
+                       DBG1(DBG_IKE, "creating CHILD_SA in existing IKE_SA");
                        connection->destroy(connection);
                        create_child = create_child_sa_create(&this->public);
                        create_child->set_policy(create_child, policy);
@@ -965,7 +963,8 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
        
        if (this->state == IKE_DELETING)
        {
-               SIG(SIG_CHILD_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
+               SIG(CHILD_UP_START, "acquiring CHILD_SA on kernel request");
+               SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
                        "IKE_SA is deleting", reqid);
                return FAILED;
        }
@@ -983,7 +982,8 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
        iterator->destroy(iterator);
        if (!child_sa)
        {
-               SIG(SIG_CHILD_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
+               SIG(CHILD_UP_START, "acquiring CHILD_SA on kernel request");
+               SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
                        "CHILD_SA not found", reqid);
                return FAILED;
        }
@@ -996,7 +996,8 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
                                                                                  this->my_host, this->other_host);
        if (policy == NULL)
        {
-               SIG(SIG_CHILD_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
+               SIG(CHILD_UP_START, "acquiring CHILD_SA with reqid %d", reqid);
+               SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
                        "no policy found", reqid);
                return FAILED;
        }
@@ -1007,20 +1008,21 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
                {
                        ike_sa_init_t *ike_sa_init;
                        
-                       DBG1(SIG_DBG_CHD,
-                                "acquiring CHILD_SA with reqid %d, IKE_SA setup needed", reqid);
-                       
                        connection = charon->connections->get_connection_by_hosts(
                                        charon->connections, this->my_host, this->other_host);
                        
                        if (connection == NULL)
                        {
-                               SIG(SIG_CHILD_FAILED, "acquiring CHILD_SA "
-                                       "(reqid %d) failed: no connection found for IKE_SA", reqid);
+                               SIG(CHILD_UP_START, "acquiring CHILD_SA with reqid %d", reqid);
+                               SIG(CHILD_UP_FAILED, "acquiring CHILD_SA (reqid %d) failed: "
+                                       "no connection found to establsih IKE_SA", reqid);
                                policy->destroy(policy);
                                return FAILED;
                        }
                        
+                       DBG1(DBG_IKE, "establishing IKE_SA to acquire CHILD_SA "
+                                "with reqid %d", reqid);
+                       
                        this->message_id_out = 1;
                        ike_sa_init = ike_sa_init_create(&this->public);
                        ike_sa_init->set_config(ike_sa_init, connection, policy);
@@ -1033,7 +1035,7 @@ static status_t acquire(private_ike_sa_t *this, u_int32_t reqid)
                {
                        create_child_sa_t *create_child;
                        
-                       DBG1(SIG_DBG_CHD, "acquiring CHILD_SA with reqid %d", reqid);
+                       DBG1(DBG_CHD, "acquiring CHILD_SA with reqid %d", reqid);
                        
                        create_child = create_child_sa_create(&this->public);
                        create_child->set_policy(create_child, policy);
@@ -1086,6 +1088,8 @@ static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t
        linked_list_t *my_ts, *other_ts;
        status_t status;
        
+       SIG(CHILD_ROUTE_START, "routing CHILD_SA");
+       
        /* check if not already routed*/
        iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
        while (iterator->iterate(iterator, (void**)&child_sa))
@@ -1106,8 +1110,7 @@ static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t
                                iterator->destroy(iterator);
                                my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
                                other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
-                               SIG(SIG_CHILD_FAILED, "CHILD_SA with such a policy "
-                                       "already routed");
+                               SIG(CHILD_ROUTE_FAILED, "CHILD_SA with such a policy already routed");
                                return FAILED;
                        }
                        my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
@@ -1120,7 +1123,7 @@ static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t
        {
                case IKE_CREATED:
                case IKE_CONNECTING:
-                       /* we update IKE_SA information as good as possible, 
+                       /* we update IKE_SA information as good as possible,
                         * this allows us to set up the SA later when an acquire comes in. */
                        if (this->my_id->get_type(this->my_id) == ID_ANY)
                        {
@@ -1156,8 +1159,8 @@ static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t
                         * adopted by the new IKE_SA */
                        break;
                case IKE_DELETING:
-                       SIG(SIG_CHILD_FAILED, "CHILD_SA with such a policy "
-                               "already routed");
+                       /* TODO: hanlde this case, create a new IKE_SA and route CHILD_SA */
+                       SIG(CHILD_ROUTE_FAILED, "unable to route CHILD_SA, as its IKE_SA gets deleted");
                        return FAILED;
        }
 
@@ -1173,8 +1176,7 @@ static status_t route(private_ike_sa_t *this, connection_t *connection, policy_t
        my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
        other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
        this->child_sas->insert_last(this->child_sas, child_sa);
-       SIG(SIG_CHILD_ROUTE,
-               "CHILD_SA routed: %R...%R", my_ts, other_ts);
+       SIG(CHILD_ROUTE_SUCCESS, "CHILD_SA routed");
        return status;
 }
 
@@ -1185,8 +1187,11 @@ static status_t unroute(private_ike_sa_t *this, policy_t *policy)
 {
        iterator_t *iterator;
        child_sa_t *child_sa = NULL;
+       bool found = FALSE;
        linked_list_t *my_ts, *other_ts, *my_ts_conf, *other_ts_conf;
        
+       SIG(CHILD_UNROUTE_START, "unrouting CHILD_SA");
+       
        /* find CHILD_SA in ROUTED state */
        iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
        while (iterator->iterate(iterator, (void**)&child_sa))
@@ -1203,10 +1208,11 @@ static status_t unroute(private_ike_sa_t *this, policy_t *policy)
                                ts_list_equals(other_ts, other_ts_conf))
                        {
                                iterator->remove(iterator);
-                               SIG(SIG_CHILD_UNROUTE, "CHILD_SA unrouted");
+                               SIG(CHILD_UNROUTE_SUCCESS, "CHILD_SA unrouted");
                                child_sa->destroy(child_sa);
                                my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
                                other_ts_conf->destroy_offset(other_ts_conf, offsetof(traffic_selector_t, destroy));
+                               found = TRUE;
                                break;
                        }
                        my_ts_conf->destroy_offset(my_ts_conf, offsetof(traffic_selector_t, destroy));
@@ -1214,6 +1220,12 @@ static status_t unroute(private_ike_sa_t *this, policy_t *policy)
                }
        }
        iterator->destroy(iterator);
+       
+       if (!found)
+       {
+               SIG(CHILD_UNROUTE_FAILED, "CHILD_SA to unroute not found");
+               return FAILED;
+       }
        /* if we are not established, and we have no more routed childs, remove whole SA */
        if (this->state == IKE_CREATED &&
                this->child_sas->get_count(this->child_sas) == 0)
@@ -1253,7 +1265,7 @@ static status_t send_dpd(private_ike_sa_t *this)
                {
                        /* to long ago, initiate dead peer detection */
                        dead_peer_detection_t *dpd;
-                       DBG1(SIG_DBG_IKE, "sending DPD request");
+                       DBG1(DBG_IKE, "sending DPD request");
                        dpd = dead_peer_detection_create(&this->public);
                        queue_transaction(this, (transaction_t*)dpd, FALSE);
                        diff = 0;
@@ -1293,7 +1305,7 @@ static void send_keepalive(private_ike_sa_t *this)
                data.len = 1;
                packet->set_data(packet, data);
                charon->send_queue->add(charon->send_queue, packet);
-               DBG1(SIG_DBG_IKE, "sending keep alive");
+               DBG1(DBG_IKE, "sending keep alive");
                diff = 0;
        }
        job = send_keepalive_job_create(this->ike_sa_id);
@@ -1314,7 +1326,7 @@ static ike_sa_state_t get_state(private_ike_sa_t *this)
  */
 static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
 {
-       DBG1(SIG_DBG_IKE, "state change: %N => %N",
+       DBG1(DBG_IKE, "IKE_SA state change: %N => %N",
                 ike_sa_state_names, this->state,
                 ike_sa_state_names, state);
        
@@ -1323,9 +1335,6 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
                this->time.established = time(NULL);
                /* start DPD checks */
                send_dpd(this);
-               
-               SIG(SIG_IKE_UP, "IKE_SA established: %H[%D]...%H[%D]",
-                   this->my_host, this->my_id, this->other_host, this->other_id);
        }
        
        this->state = state;
@@ -1426,19 +1435,19 @@ static status_t derive_keys(private_ike_sa_t *this,
        /* Create SAs general purpose PRF first, we may use it here */
        if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo))
        {
-               DBG1(SIG_DBG_IKE, "key derivation failed: no PSEUDO_RANDOM_FUNCTION");;
+               DBG1(DBG_IKE, "key derivation failed: no PSEUDO_RANDOM_FUNCTION");;
                return FAILED;
        }
        this->prf = prf_create(algo->algorithm);
        if (this->prf == NULL)
        {
-               DBG1(SIG_DBG_IKE, "key derivation failed: PSEUDO_RANDOM_FUNCTION "
+               DBG1(DBG_IKE, "key derivation failed: PSEUDO_RANDOM_FUNCTION "
                         "%N not supported!", pseudo_random_function_names, algo->algorithm);
                return FAILED;
        }
        
        dh->get_shared_secret(dh, &secret);
-       DBG4(SIG_DBG_IKE, "shared Diffie Hellman secret %B", &secret);
+       DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret);
        nonces = chunk_cat("cc", nonce_i, nonce_r);
        *((u_int64_t*)spi_i.ptr) = this->ike_sa_id->get_initiator_spi(this->ike_sa_id);
        *((u_int64_t*)spi_r.ptr) = this->ike_sa_id->get_responder_spi(this->ike_sa_id);
@@ -1446,14 +1455,14 @@ static status_t derive_keys(private_ike_sa_t *this,
        
        /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr) 
         *
-        * if we are rekeying, SKEYSEED built on another way 
+        * if we are rekeying, SKEYSEED is built on another way
         */
        if (child_prf == NULL) /* not rekeying */
        {
                /* SKEYSEED = prf(Ni | Nr, g^ir) */
                this->prf->set_key(this->prf, nonces);
                this->prf->allocate_bytes(this->prf, secret, &skeyseed);
-               DBG4(SIG_DBG_IKE, "SKEYSEED %B", &skeyseed);
+               DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
                this->prf->set_key(this->prf, skeyseed);
                chunk_free(&skeyseed);
                chunk_free(&secret);
@@ -1465,7 +1474,7 @@ static status_t derive_keys(private_ike_sa_t *this,
                 * use OLD SAs PRF functions for both prf_plus and prf */
                secret = chunk_cat("mc", secret, nonces);
                child_prf->allocate_bytes(child_prf, secret, &skeyseed);
-               DBG4(SIG_DBG_IKE, "SKEYSEED %B", &skeyseed);
+               DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
                old_prf->set_key(old_prf, skeyseed);
                chunk_free(&skeyseed);
                chunk_free(&secret);
@@ -1481,33 +1490,33 @@ static status_t derive_keys(private_ike_sa_t *this,
        this->child_prf = prf_create(algo->algorithm);
        key_size = this->child_prf->get_key_size(this->child_prf);
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(SIG_DBG_IKE, "Sk_d secret %B", &key);
+       DBG4(DBG_IKE, "Sk_d secret %B", &key);
        this->child_prf->set_key(this->child_prf, key);
        chunk_free(&key);
        
        /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
        if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
        {
-               DBG1(SIG_DBG_IKE, "key derivation failed: no INTEGRITY_ALGORITHM");
+               DBG1(DBG_IKE, "key derivation failed: no INTEGRITY_ALGORITHM");
                return FAILED;
        }
        signer_i = signer_create(algo->algorithm);
        signer_r = signer_create(algo->algorithm);
        if (signer_i == NULL || signer_r == NULL)
        {
-               DBG1(SIG_DBG_IKE, "key derivation failed: INTEGRITY_ALGORITHM "
+               DBG1(DBG_IKE, "key derivation failed: INTEGRITY_ALGORITHM "
                        "%N not supported!", integrity_algorithm_names ,algo->algorithm);
                return FAILED;
        }
        key_size = signer_i->get_key_size(signer_i);
        
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(SIG_DBG_IKE, "Sk_ai secret %B", &key);
+       DBG4(DBG_IKE, "Sk_ai secret %B", &key);
        signer_i->set_key(signer_i, key);
        chunk_free(&key);
        
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(SIG_DBG_IKE, "Sk_ar secret %B", &key);
+       DBG4(DBG_IKE, "Sk_ar secret %B", &key);
        signer_r->set_key(signer_r, key);
        chunk_free(&key);
        
@@ -1525,14 +1534,14 @@ static status_t derive_keys(private_ike_sa_t *this,
        /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
        if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
        {
-               DBG1(SIG_DBG_IKE, "key derivation failed: no ENCRYPTION_ALGORITHM");
+               DBG1(DBG_IKE, "key derivation failed: no ENCRYPTION_ALGORITHM");
                return FAILED;
        }
        crypter_i = crypter_create(algo->algorithm, algo->key_size / 8);
        crypter_r = crypter_create(algo->algorithm, algo->key_size / 8);
        if (crypter_i == NULL || crypter_r == NULL)
        {
-               DBG1(SIG_DBG_IKE, "key derivation failed: ENCRYPTION_ALGORITHM "
+               DBG1(DBG_IKE, "key derivation failed: ENCRYPTION_ALGORITHM "
                        "%N (key size %d) not supported!",
                        encryption_algorithm_names, algo->algorithm, algo->key_size);
                return FAILED;
@@ -1540,12 +1549,12 @@ static status_t derive_keys(private_ike_sa_t *this,
        key_size = crypter_i->get_key_size(crypter_i);
        
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(SIG_DBG_IKE, "Sk_ei secret %B", &key);
+       DBG4(DBG_IKE, "Sk_ei secret %B", &key);
        crypter_i->set_key(crypter_i, key);
        chunk_free(&key);
        
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(SIG_DBG_IKE, "Sk_er secret %B", &key);
+       DBG4(DBG_IKE, "Sk_er secret %B", &key);
        crypter_r->set_key(crypter_r, key);
        chunk_free(&key);
        
@@ -1567,12 +1576,12 @@ static status_t derive_keys(private_ike_sa_t *this,
        
        key_size = this->prf_auth_i->get_key_size(this->prf_auth_i);
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(SIG_DBG_IKE, "Sk_pi secret %B", &key);
+       DBG4(DBG_IKE, "Sk_pi secret %B", &key);
        this->prf_auth_i->set_key(this->prf_auth_i, key);
        chunk_free(&key);
        
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(SIG_DBG_IKE, "Sk_pr secret %B", &key);
+       DBG4(DBG_IKE, "Sk_pr secret %B", &key);
        this->prf_auth_r->set_key(this->prf_auth_r, key);
        chunk_free(&key);
        
@@ -1580,7 +1589,6 @@ static status_t derive_keys(private_ike_sa_t *this,
        prf_plus->destroy(prf_plus);
        
        return SUCCESS;
-       
 }
 
 /**
@@ -1738,13 +1746,13 @@ static status_t rekey(private_ike_sa_t *this)
 {
        rekey_ike_sa_t *rekey_ike_sa;
        
-       DBG1(SIG_DBG_IKE, "rekeying IKE_SA between %H[%D]..%H[%D]",
-                                         this->my_host, this->my_id,
-                                         this->other_host, this->other_id);
+       DBG1(DBG_IKE, "rekeying IKE_SA between %H[%D]..%H[%D]",
+                this->my_host, this->my_id, this->other_host, this->other_id);
        
        if (this->state != IKE_ESTABLISHED)
        {
-               SIG(SIG_IKE_FAILED, "unable to rekey IKE_SA in state %N",
+               SIG(IKE_REKEY_START, "rekeying IKE_SA");
+               SIG(IKE_REKEY_FAILED, "unable to rekey IKE_SA in state %N",
                        ike_sa_state_names, this->state);
                return FAILED;
        }
@@ -1791,6 +1799,12 @@ static status_t delete_(private_ike_sa_t *this)
        switch (this->state)
        {
                case IKE_CONNECTING:
+               {
+                       /* this may happen if a half open IKE_SA gets closed after a
+                        * timeout. We signal here UP_FAILED to complete the SIG schema */
+                       SIG(IKE_UP_FAILED, "half open IKE_SA deleted after timeout");
+                       return DESTROY_ME;
+               }
                case IKE_ESTABLISHED:
                {
                        delete_ike_sa_t *delete_ike_sa;
@@ -1807,6 +1821,9 @@ static status_t delete_(private_ike_sa_t *this)
                case IKE_DELETING:
                default:
                {
+                       SIG(IKE_DOWN_START, "closing IKE_SA");
+                       SIG(IKE_DOWN_SUCCESS, "IKE_SA closed between %H[%D]...%H[%D]",
+                               this->my_host, this->my_id, this->other_host, this->other_id);
                        return DESTROY_ME;
                }
        }
@@ -1823,7 +1840,7 @@ static u_int32_t get_next_message_id (private_ike_sa_t *this)
 /**
  * Implementation of ike_sa_t.is_natt_enabled.
  */
-static bool is_natt_enabled (private_ike_sa_t *this)
+static bool is_natt_enabled(private_ike_sa_t *this)
 {
        return this->nat_here || this->nat_there;
 }
@@ -1831,18 +1848,18 @@ static bool is_natt_enabled (private_ike_sa_t *this)
 /**
  * Implementation of ike_sa_t.enable_natt.
  */
-static void enable_natt (private_ike_sa_t *this, bool local)
+static void enable_natt(private_ike_sa_t *this, bool local)
 {
        if (local)
        {
-               DBG1(SIG_DBG_IKE, "local host is behind NAT, using NAT-T, "
+               DBG1(DBG_IKE, "local host is behind NAT, using NAT-T, "
                        "scheduled keep alives");
                this->nat_here = TRUE;
                send_keepalive(this);
        }
        else
        {
-               DBG1(SIG_DBG_IKE, "remote host is behind NAT, using NAT-T");
+               DBG1(DBG_IKE, "remote host is behind NAT, using NAT-T");
                this->nat_there = TRUE;
        }
 }
@@ -1905,9 +1922,6 @@ static void destroy(private_ike_sa_t *this)
        DESTROY_IF(this->child_prf);
        DESTROY_IF(this->prf_auth_i);
        DESTROY_IF(this->prf_auth_r);
-
-       DBG1(SIG_DBG_IKE, "IKE_SA deleted between %H[%D]...%H[%D]",
-                this->my_host, this->my_id, this->other_host, this->other_id);
        
        DESTROY_IF(this->my_host);
        DESTROY_IF(this->other_host);
@@ -1997,7 +2011,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->rekeying_transaction = NULL;
        this->state = IKE_CREATED;
        this->message_id_out = 0;
-       /* set to NOW, as when we rekey an existing IKE_SA no message is exchanged */
+       /* set to NOW, as when we rekey an existing IKE_SA no message is exchanged
+        * and inbound therefore uninitialized */
        this->time.inbound = this->time.outbound = time(NULL);
        this->time.established = 0;
        this->time.rekey = 0;
index 05e13fe..84b76cd 100644 (file)
@@ -158,7 +158,7 @@ static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike
        {
                if (current->ike_sa_id->equals(current->ike_sa_id, ike_sa_id))
                {
-                       DBG2(SIG_DBG_MGR,  "found entry by both SPIs");
+                       DBG2(DBG_MGR,  "found entry by both SPIs");
                        *entry = current;
                        status = SUCCESS;
                        break;
@@ -172,7 +172,7 @@ static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike
                                (current->ike_sa_id->is_initiator(ike_sa_id) ==
                                                  ike_sa_id->is_initiator(current->ike_sa_id)))
                        {
-                               DBG2(SIG_DBG_MGR, "found entry by initiator SPI");
+                               DBG2(DBG_MGR, "found entry by initiator SPI");
                                *entry = current;
                                status = SUCCESS;
                                break;
@@ -204,7 +204,7 @@ static status_t get_entry_by_sa(private_ike_sa_manager_t *this, ike_sa_t *ike_sa
                /* only pointers are compared */
                if (current->ike_sa == ike_sa)
                {
-                       DBG2(SIG_DBG_MGR, "found entry by pointer");
+                       DBG2(DBG_MGR, "found entry by pointer");
                        *entry = current;
                        status = SUCCESS;
                        break;
@@ -244,7 +244,7 @@ static status_t delete_entry(private_ike_sa_manager_t *this, entry_t *entry)
                                pthread_cond_wait(&(entry->condvar), &(this->mutex));
                        }
                        
-                       DBG2(SIG_DBG_MGR,  "found entry by pointer, deleting it");
+                       DBG2(DBG_MGR,  "found entry by pointer, deleting it");
                        iterator->remove(iterator);
                        entry_destroy(entry);
                        status = SUCCESS;
@@ -345,7 +345,7 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this,
                        found_other_id->matches(found_other_id, other_id, &wc))
                {
                        /* looks good, we take this one */
-                       DBG2(SIG_DBG_MGR, "found an existing IKE_SA for %H[%D]...%H[%D]",
+                       DBG2(DBG_MGR, "found an existing IKE_SA for %H[%D]...%H[%D]",
                                 my_host, other_host, my_id, other_id);
                        entry->checked_out = TRUE;
                        ike_sa = entry->ike_sa;
@@ -365,13 +365,13 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this,
                
                /* create entry */
                new_entry = entry_create(new_ike_sa_id);
-               DBG2(SIG_DBG_MGR, "created IKE_SA: %J", new_ike_sa_id);
+               DBG2(DBG_MGR, "created IKE_SA: %J", new_ike_sa_id);
                new_ike_sa_id->destroy(new_ike_sa_id);
                
                this->ike_sa_list->insert_last(this->ike_sa_list, new_entry);
                
                /* check ike_sa out */
-               DBG2(SIG_DBG_MGR, "new IKE_SA created for IDs [%D]...[%D]", my_id, other_id);
+               DBG2(DBG_MGR, "new IKE_SA created for IDs [%D]...[%D]", my_id, other_id);
                new_entry->checked_out = TRUE;
                ike_sa = new_entry->ike_sa;
        }
@@ -390,9 +390,9 @@ static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id
        bool original_initiator;
        ike_sa_t *ike_sa = NULL;
        
-       DBG2(SIG_DBG_MGR, "checkout IKE_SA: %J", ike_sa_id);
+       DBG2(DBG_MGR, "checkout IKE_SA: %J", ike_sa_id);
        
-       DBG2(SIG_DBG_MGR,  "%d IKE_SAs in manager",
+       DBG2(DBG_MGR,  "%d IKE_SAs in manager",
                 this->ike_sa_list->get_count(this->ike_sa_list));
        
        /* each access is locked */
@@ -414,19 +414,19 @@ static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id
                {
                        if (wait_for_entry(this, entry))
                        {
-                               DBG2(SIG_DBG_MGR, "IKE_SA successfully checked out");
+                               DBG2(DBG_MGR, "IKE_SA successfully checked out");
                                /* ok, this IKE_SA is finally ours */
                                entry->checked_out = TRUE;
                                ike_sa = entry->ike_sa;
                        }
                        else
                        {
-                               DBG2(SIG_DBG_MGR, "IKE_SA found, but not allowed to check it out");
+                               DBG2(DBG_MGR, "IKE_SA found, but not allowed to check it out");
                        }
                }
                else
                {
-                       DBG2(SIG_DBG_MGR, "IKE_SA not stored in list");
+                       DBG2(DBG_MGR, "IKE_SA not stored in list");
                        /* looks like there is no such IKE_SA, better luck next time... */
                }
        }
@@ -454,7 +454,7 @@ static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id
                this->ike_sa_list->insert_last(this->ike_sa_list, new_entry);
                
                /* check ike_sa out */
-               DBG2(SIG_DBG_MGR,  "IKE_SA added to list of known IKE_SAs");
+               DBG2(DBG_MGR,  "IKE_SA added to list of known IKE_SAs");
                new_entry->checked_out = TRUE;
                ike_sa = new_entry->ike_sa;
        }
@@ -466,7 +466,7 @@ static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id
                ike_sa_id->set_initiator_spi(ike_sa_id, get_next_spi(this));
                /* create entry */
                new_entry = entry_create(ike_sa_id);
-               DBG2(SIG_DBG_MGR, "created IKE_SA: %J", ike_sa_id);
+               DBG2(DBG_MGR, "created IKE_SA: %J", ike_sa_id);
                        
                this->ike_sa_list->insert_last(this->ike_sa_list, new_entry);
                
@@ -477,7 +477,7 @@ static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id
        else
        {
                /* responder set, initiator not: here is something seriously wrong! */
-               DBG2(SIG_DBG_MGR, "invalid IKE_SA SPIs");
+               DBG2(DBG_MGR, "invalid IKE_SA SPIs");
        }
        
        pthread_mutex_unlock(&(this->mutex));
@@ -556,7 +556,7 @@ static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
        
        ike_sa_id = ike_sa->get_id(ike_sa);
        
-       DBG2(SIG_DBG_MGR, "checkin IKE_SA: %J", ike_sa_id);
+       DBG2(DBG_MGR, "checkin IKE_SA: %J", ike_sa_id);
        
        pthread_mutex_lock(&(this->mutex));
 
@@ -567,18 +567,18 @@ static status_t checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
                entry->ike_sa_id->replace_values(entry->ike_sa_id, ike_sa->get_id(ike_sa));
                /* signal waiting threads */
                entry->checked_out = FALSE;
-               DBG2(SIG_DBG_MGR, "check-in of IKE_SA successful.");
+               DBG2(DBG_MGR, "check-in of IKE_SA successful.");
                pthread_cond_signal(&(entry->condvar));
                retval = SUCCESS;
        }
        else
        {
-               DBG2(SIG_DBG_MGR, "tried to check in nonexisting IKE_SA");
+               DBG2(DBG_MGR, "tried to check in nonexisting IKE_SA");
                /* this SA is no more, this REALLY should not happen */
                retval = NOT_FOUND;
        }
        
-       DBG2(SIG_DBG_MGR, "%d IKE_SAs in manager now",
+       DBG2(DBG_MGR, "%d IKE_SAs in manager now",
                 this->ike_sa_list->get_count(this->ike_sa_list));
        pthread_mutex_unlock(&(this->mutex));
        
@@ -602,7 +602,7 @@ static status_t checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ik
        ike_sa_id_t *ike_sa_id;
        
        ike_sa_id = ike_sa->get_id(ike_sa);
-       DBG2(SIG_DBG_MGR, "checkin and destroy IKE_SA: %J", ike_sa_id);
+       DBG2(DBG_MGR, "checkin and destroy IKE_SA: %J", ike_sa_id);
 
        pthread_mutex_lock(&(this->mutex));
 
@@ -613,12 +613,12 @@ static status_t checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ik
                
                delete_entry(this, entry);
                
-               DBG2(SIG_DBG_MGR, "check-in and destroy of IKE_SA successful");
+               DBG2(DBG_MGR, "check-in and destroy of IKE_SA successful");
                retval = SUCCESS;
        }
        else
        {
-               DBG2(SIG_DBG_MGR, "tried to check-in and delete nonexisting IKE_SA");
+               DBG2(DBG_MGR, "tried to check-in and delete nonexisting IKE_SA");
                retval = NOT_FOUND;
        }
        
@@ -640,7 +640,7 @@ static status_t delete_(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id)
        entry_t *entry;
        status_t retval;
        
-       DBG2(SIG_DBG_MGR, "delete IKE_SA: %J", ike_sa_id);
+       DBG2(DBG_MGR, "delete IKE_SA: %J", ike_sa_id);
        
        pthread_mutex_lock(&(this->mutex));
        
@@ -651,7 +651,7 @@ static status_t delete_(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id)
                 */
                if (entry->ike_sa->delete(entry->ike_sa) == SUCCESS)
                {
-                       DBG2(SIG_DBG_MGR, "initiated delete for IKE_SA");
+                       DBG2(DBG_MGR, "initiated delete for IKE_SA");
                }
                /* but if the IKE SA is not in a state where the deletion is 
                 * negotiated with the other peer, we can destroy the IKE SA on our own. 
@@ -664,7 +664,7 @@ static status_t delete_(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id)
        }
        else
        {
-               DBG2(SIG_DBG_MGR, "tried to delete nonexisting IKE_SA");
+               DBG2(DBG_MGR, "tried to delete nonexisting IKE_SA");
                retval = NOT_FOUND;
        }
 
@@ -802,9 +802,9 @@ static void destroy(private_ike_sa_manager_t *this)
        entry_t *entry;
        
        pthread_mutex_lock(&(this->mutex));
-       DBG2(SIG_DBG_MGR, "going to destroy IKE_SA manager and all managed IKE_SA's");
+       DBG2(DBG_MGR, "going to destroy IKE_SA manager and all managed IKE_SA's");
        /* Step 1: drive out all waiting threads  */
-       DBG2(SIG_DBG_MGR, "set driveout flags for all stored IKE_SA's");
+       DBG2(DBG_MGR, "set driveout flags for all stored IKE_SA's");
        iterator = list->create_iterator(list, TRUE);
        while (iterator->iterate(iterator, (void**)&entry))
        {
@@ -812,7 +812,7 @@ static void destroy(private_ike_sa_manager_t *this)
                entry->driveout_new_threads = TRUE;
                entry->driveout_waiting_threads = TRUE; 
        }
-       DBG2(SIG_DBG_MGR, "wait for all threads to leave IKE_SA's");
+       DBG2(DBG_MGR, "wait for all threads to leave IKE_SA's");
        /* Step 2: wait until all are gone */
        iterator->reset(iterator);
        while (iterator->iterate(iterator, (void**)&entry))
@@ -825,7 +825,7 @@ static void destroy(private_ike_sa_manager_t *this)
                        pthread_cond_wait(&(entry->condvar), &(this->mutex));
                }
        }
-       DBG2(SIG_DBG_MGR, "delete all IKE_SA's");
+       DBG2(DBG_MGR, "delete all IKE_SA's");
        /* Step 3: initiate deletion of all IKE_SAs */
        iterator->reset(iterator);
        while (iterator->iterate(iterator, (void**)&entry))
@@ -834,7 +834,7 @@ static void destroy(private_ike_sa_manager_t *this)
        }
        iterator->destroy(iterator);
        
-       DBG2(SIG_DBG_MGR, "destroy all entries");
+       DBG2(DBG_MGR, "destroy all entries");
        /* Step 4: destroy all entries */
        list->destroy_function(list, (void*)entry_destroy);
        pthread_mutex_unlock(&(this->mutex));
index cc7b4c9..dab6bf1 100644 (file)
@@ -128,6 +128,12 @@ struct private_create_child_sa_t {
         * source of randomness
         */
        randomizer_t *randomizer;
+       
+       /**
+        * signal to emit when transaction fails. As this transaction is used
+        * for CHILD_SA creation AND rekeying, we must emit different signals.
+        */
+       signal_t failsig;
 };
 
 /**
@@ -168,6 +174,7 @@ static void set_reqid(private_create_child_sa_t *this, u_int32_t reqid)
 static void rekeys_child(private_create_child_sa_t *this, child_sa_t *child_sa)
 {
        this->rekeyed_sa = child_sa;
+       this->failsig = CHILD_REKEY_FAILED;
 }
 
 /**
@@ -198,14 +205,16 @@ static status_t get_request(private_create_child_sa_t *this, message_t **result)
        /* check if we are not already rekeying */
        if (this->rekeyed_sa)
        {
+               SIG(CHILD_REKEY_START, "rekeying CHILD_SA");
+               
                switch (this->rekeyed_sa->get_state(this->rekeyed_sa))
                {
                        case CHILD_REKEYING:
-                               DBG1(SIG_DBG_IKE,
+                               SIG(CHILD_REKEY_FAILED,
                                         "rekeying a CHILD_SA which is already rekeying, aborted");
                                return FAILED;
                        case CHILD_DELETING:
-                               DBG1(SIG_DBG_IKE,
+                               SIG(CHILD_REKEY_FAILED,
                                         "rekeying a CHILD_SA which is deleting, aborted");
                                return FAILED;
                        default:
@@ -213,6 +222,10 @@ static status_t get_request(private_create_child_sa_t *this, message_t **result)
                }
                this->rekeyed_sa->set_state(this->rekeyed_sa, CHILD_REKEYING);
        }
+       else
+       {
+               SIG(CHILD_UP_START, "creating CHILD_SA");
+       }
        
        me = this->ike_sa->get_my_host(this->ike_sa);
        other = this->ike_sa->get_other_host(this->ike_sa);
@@ -254,7 +267,7 @@ static status_t get_request(private_create_child_sa_t *this, message_t **result)
                        
                        if (this->policy == NULL)
                        {
-                               DBG1(SIG_DBG_IKE, "no policy found to rekey "
+                               SIG(IKE_REKEY_FAILED, "no policy found to rekey "
                                         "CHILD_SA with reqid %d", this->reqid);
                                return FAILED;
                        }
@@ -271,7 +284,7 @@ static status_t get_request(private_create_child_sa_t *this, message_t **result)
                this->child_sa->set_name(this->child_sa, this->policy->get_name(this->policy));
                if (this->child_sa->alloc(this->child_sa, proposals) != SUCCESS)
                {
-                       SIG(SIG_CHILD_FAILED, "could not install CHILD_SA, CHILD_SA creation aborted");
+                       SIG(this->failsig, "could not install CHILD_SA, CHILD_SA creation failed");
                        return FAILED;
                }
                sa_payload = sa_payload_create_from_proposal_list(proposals);
@@ -285,7 +298,7 @@ static status_t get_request(private_create_child_sa_t *this, message_t **result)
                if (this->randomizer->allocate_pseudo_random_bytes(this->randomizer, 
                        NONCE_SIZE, &this->nonce_i) != SUCCESS)
                {
-                       SIG(SIG_CHILD_FAILED, "could not create nonce");
+                       SIG(this->failsig, "could not create nonce, CHILD_SA creation failed");
                        return FAILED;
                }
                nonce_payload = nonce_payload_create();
@@ -340,23 +353,23 @@ static status_t process_notifys(private_create_child_sa_t *this, notify_payload_
 {
        notify_type_t notify_type = notify_payload->get_notify_type(notify_payload);
        
-       DBG2(SIG_DBG_IKE, "process notify type %N", notify_type_names, notify_type);
+       DBG2(DBG_IKE, "process notify type %N", notify_type_names, notify_type);
 
        switch (notify_type)
        {
                case SINGLE_PAIR_REQUIRED:
                {
-                       SIG(SIG_CHILD_FAILED, "received a SINGLE_PAIR_REQUIRED notify");
+                       SIG(this->failsig, "received a SINGLE_PAIR_REQUIRED notify");
                        return FAILED;
                }
                case TS_UNACCEPTABLE:
                {
-                       SIG(SIG_CHILD_FAILED, "received TS_UNACCEPTABLE notify");
+                       SIG(this->failsig, "received TS_UNACCEPTABLE notify");
                        return FAILED;
                }
                case NO_PROPOSAL_CHOSEN:
                {
-                       SIG(SIG_CHILD_FAILED, "received NO_PROPOSAL_CHOSEN notify");
+                       SIG(this->failsig, "received NO_PROPOSAL_CHOSEN notify");
                        return FAILED;
                }
                case REKEY_SA:
@@ -373,6 +386,7 @@ static status_t process_notifys(private_create_child_sa_t *this, notify_payload_
                                        this->rekeyed_sa = this->ike_sa->get_child_sa(this->ike_sa, 
                                                                                                                                  protocol, spi,
                                                                                                                                  FALSE);
+                                       this->failsig = CHILD_REKEY_FAILED;
                                        break;
                                default:
                                        break;
@@ -383,13 +397,13 @@ static status_t process_notifys(private_create_child_sa_t *this, notify_payload_
                {
                        if (notify_type < 16383)
                        {
-                               SIG(SIG_CHILD_FAILED, "received %N notify error, CHILD_SA "
+                               SIG(this->failsig, "received %N notify error, CHILD_SA "
                                         "creation failed", notify_type_names, notify_type);
-                               return FAILED;  
+                               return FAILED;
                        }
                        else
                        {
-                               DBG1(SIG_DBG_IKE, "received %N notify, ignored",
+                               DBG1(DBG_IKE, "received %N notify, ignored",
                                         notify_type_names, notify_type);
                                return SUCCESS;
                        }
@@ -515,7 +529,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
        /* check message type */
        if (request->get_exchange_type(request) != CREATE_CHILD_SA)
        {
-               SIG(SIG_CHILD_FAILED, "CREATE_CHILD_SA response of invalid type, aborted");
+               DBG1(DBG_IKE, "CREATE_CHILD_SA response of invalid type, aborted");
                return FAILED;
        }
        
@@ -525,7 +539,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
                this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
        {
                build_notify(NO_ADDITIONAL_SAS, CHUNK_INITIALIZER, response, TRUE);
-               SIG(SIG_CHILD_FAILED, "unable to create new CHILD_SAs, as rekeying in progress");
+               DBG1(DBG_IKE, "unable to create new CHILD_SAs, as rekeying in progress");
                return FAILED;
        }
        
@@ -552,7 +566,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
                                u_int8_t dh_buffer[] = {0x00, 0x00}; /* MODP_NONE */
                                chunk_t group = chunk_from_buf(dh_buffer);
                                build_notify(INVALID_KE_PAYLOAD, group, response, TRUE);
-                               SIG(SIG_CHILD_FAILED, "CREATE_CHILD_SA used PFS, sending INVALID_KE_PAYLOAD");
+                               DBG1(DBG_IKE, "CREATE_CHILD_SA used PFS, sending INVALID_KE_PAYLOAD");
                                return FAILED;
                        }
                        case NOTIFY:
@@ -567,7 +581,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
                        }
                        default:
                        {
-                               DBG1(SIG_DBG_IKE, "ignoring %N payload",
+                               DBG1(DBG_IKE, "ignoring %N payload",
                                         payload_type_names, payload->get_type(payload));
                                break;
                        }
@@ -575,11 +589,22 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
        }
        payloads->destroy(payloads);
        
+       /* after processing the notify payloads, we know if this transaction is
+        * for rekeying or for a new CHILD_SA. We can emit the signals now. */
+       if (this->rekeyed_sa)
+       {
+               SIG(CHILD_REKEY_START, "rekeying CHILD_SA");
+       }
+       else
+       {
+               SIG(CHILD_UP_START, "creating CHILD_SA");
+       }
+       
        /* check if we have all payloads */
        if (!(sa_request && nonce_request && tsi_request && tsr_request))
        {
                build_notify(INVALID_SYNTAX, CHUNK_INITIALIZER, response, TRUE);
-               SIG(SIG_CHILD_FAILED, "request message incomplete, no CHILD_SA created");
+               SIG(this->failsig, "request message incomplete, no CHILD_SA created");
                return FAILED;
        }
        
@@ -589,6 +614,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
                        NONCE_SIZE, &this->nonce_r) != SUCCESS)
                {
                        build_notify(NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER, response, TRUE);
+                       SIG(this->failsig, "nonce generation failed, no CHILD_SA created");
                        return FAILED;
                }
                nonce_response = nonce_payload_create();
@@ -619,7 +645,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
                
                if (this->policy == NULL)
                {
-                       SIG(SIG_CHILD_FAILED, "no acceptable policy found, sending TS_UNACCEPTABLE notify");
+                       SIG(this->failsig, "no acceptable policy found, sending TS_UNACCEPTABLE notify");
                        build_notify(TS_UNACCEPTABLE, CHUNK_INITIALIZER, response, TRUE);
                        return FAILED;
                }
@@ -635,21 +661,21 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
                sa_response = sa_payload_create();
                /* get proposals from request, and select one with ours */
                proposal_list = sa_request->get_proposals(sa_request);
-               DBG2(SIG_DBG_IKE, "selecting proposals:");
+               DBG2(DBG_IKE, "selecting proposals:");
                this->proposal = this->policy->select_proposal(this->policy, proposal_list);
                proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
                
                /* do we have a proposal? */
                if (this->proposal == NULL)
                {
-                       SIG(SIG_CHILD_FAILED, "CHILD_SA proposals unacceptable, sending NO_PROPOSAL_CHOSEN notify");
+                       SIG(this->failsig, "CHILD_SA proposals unacceptable, sending NO_PROPOSAL_CHOSEN notify");
                        build_notify(NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER, response, TRUE);
                        return FAILED;
                }
                /* do we have traffic selectors? */
                else if (this->tsi->get_count(this->tsi) == 0 || this->tsr->get_count(this->tsr) == 0)
                {
-                       SIG(SIG_CHILD_FAILED, "CHILD_SA traffic selectors unacceptable, sending TS_UNACCEPTABLE notify");
+                       SIG(this->failsig, "CHILD_SA traffic selectors unacceptable, sending TS_UNACCEPTABLE notify");
                        build_notify(TS_UNACCEPTABLE, CHUNK_INITIALIZER, response, TRUE);
                        return FAILED;
                }
@@ -670,7 +696,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
                        this->child_sa->set_name(this->child_sa, this->policy->get_name(this->policy));
                        if (install_child_sa(this, FALSE) != SUCCESS)
                        {
-                               SIG(SIG_CHILD_FAILED, "installing CHILD_SA failed, sending NO_PROPOSAL_CHOSEN notify");
+                               SIG(this->failsig, "installing CHILD_SA failed, sending NO_PROPOSAL_CHOSEN notify");
                                build_notify(NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER, response, TRUE);
                                return FAILED;
                        }
@@ -708,11 +734,16 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
                                other->nonce_s = chunk_clone(this->nonce_r);
                        }
                }
+               else
+               {
+                       /* we only signal when no other transaction is rekeying */
+                       SIG(CHILD_REKEY_SUCCESS, "CHILD_SA rekeyed");
+               }
                this->rekeyed_sa->set_state(this->rekeyed_sa, CHILD_REKEYING);
        }
        else
        {
-               SIG(SIG_CHILD_UP, "CHILD_SA created");
+               SIG(CHILD_UP_SUCCESS, "CHILD_SA created");
        }
        return SUCCESS;
 }
@@ -737,7 +768,7 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response,
        /* check message type */
        if (response->get_exchange_type(response) != CREATE_CHILD_SA)
        {
-               SIG(SIG_CHILD_FAILED, "CREATE_CHILD_SA response of invalid type, aborting");
+               SIG(this->failsig, "CREATE_CHILD_SA response of invalid type, aborting");
                return FAILED;
        }
        
@@ -774,7 +805,7 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response,
                        }
                        default:
                        {
-                               DBG1(SIG_DBG_IKE, "ignoring %N payload",
+                               DBG1(DBG_IKE, "ignoring %N payload",
                                         payload_type_names, payload->get_type(payload));
                                break;
                        }
@@ -784,7 +815,7 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response,
        
        if (!(sa_payload && nonce_payload && tsi_payload && tsr_payload))
        {
-               SIG(SIG_CHILD_FAILED, "response message incomplete, no CHILD_SA built");
+               SIG(this->failsig, "response message incomplete, no CHILD_SA built");
                return FAILED;
        }
        
@@ -817,16 +848,15 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response,
                        this->tsi->get_count(this->tsi) == 0 ||
                        this->tsr->get_count(this->tsr) == 0)
                {
-                       SIG(SIG_CHILD_FAILED, "CHILD_SA negotiation failed, no CHILD_SA built");
+                       SIG(this->failsig, "CHILD_SA negotiation failed, no CHILD_SA built");
                        return FAILED;
                }
                new_child = this->child_sa;
                if (install_child_sa(this, TRUE) != SUCCESS)
                {
-                       SIG(SIG_CHILD_FAILED, "installing CHILD_SA failed, no CHILD_SA built");
+                       SIG(this->failsig, "installing CHILD_SA failed, no CHILD_SA built");
                        return FAILED;
                }
-               SIG(SIG_CHILD_UP, "CHILD_SA created");
        }
        /* CHILD_SA successfully created. If the other peer initiated rekeying
         * in the meantime, we detect this by comparing the rekeying_transaction
@@ -856,14 +886,14 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response,
                        if (memcmp(this_lowest.ptr, this->nonce_s.ptr, 
                                min(this_lowest.len, this->nonce_s.len)) < 0)
                        {
-                               DBG1(SIG_DBG_IKE, "detected simultaneous CHILD_SA rekeying, deleting ours");
+                               DBG1(DBG_IKE, "detected simultaneous CHILD_SA rekeying, deleting ours");
                                this->lost = TRUE;
                        }
                        else
                        {
-                               DBG1(SIG_DBG_IKE, "detected simultaneous CHILD_SA rekeying, but ours is preferred");
+                               DBG1(DBG_IKE, "detected simultaneous CHILD_SA rekeying, but ours is preferred");
                        }
-               }       
+               }
                /* delete the old SA if we have won the rekeying nonce compare*/
                if (!this->lost)
                {
@@ -871,10 +901,13 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response,
                        delete_child_sa->set_child_sa(delete_child_sa, this->rekeyed_sa);
                        *next = (transaction_t*)delete_child_sa;
                }
+               /* we send a rekey SUCCESS signal in any case. If the other transaction 
+               * detected our transaction, it did not send a signal. We do it for it. */
+               SIG(CHILD_REKEY_SUCCESS, "CHILD_SA rekeyed");
        }
        else
        {
-               SIG(SIG_CHILD_UP, "CHILD_SA created");
+               SIG(CHILD_UP_SUCCESS, "CHILD_SA created");
        }
        if (this->lost)
        {
@@ -943,6 +976,7 @@ create_child_sa_t *create_child_sa_create(ike_sa_t *ike_sa)
        this->tsi = NULL;
        this->tsr = NULL;
        this->randomizer = randomizer_create();
+       this->failsig = CHILD_UP_FAILED;
        
        return &this->public;
 }
index 834d3e1..6fb367d 100644 (file)
@@ -128,7 +128,7 @@ static status_t get_request(private_delete_child_sa_t *this, message_t **result)
                spi = this->child_sa->get_spi(this->child_sa, TRUE);
                delete_payload = delete_payload_create(protocol);
                
-               DBG1(SIG_DBG_IKE, "created DELETE payload for %N CHILD_SA with SPI 0x%x",
+               DBG1(DBG_IKE, "created DELETE payload for %N CHILD_SA with SPI 0x%x",
                         protocol_id_names, protocol, htonl(spi));
                delete_payload->add_spi(delete_payload, spi);
                request->add_payload(request, (payload_t*)delete_payload);
@@ -153,7 +153,7 @@ static status_t process_delete(private_delete_child_sa_t *this, delete_payload_t
        protocol = delete_request->get_protocol_id(delete_request);
        if (protocol != PROTO_ESP && protocol != PROTO_AH)
        {
-               DBG1(SIG_DBG_IKE, "CHILD_SA delete response contained unexpected protocol");
+               DBG1(DBG_IKE, "CHILD_SA delete response contained unexpected protocol");
                return FAILED;
        }
        
@@ -177,7 +177,7 @@ static status_t process_delete(private_delete_child_sa_t *this, delete_payload_t
                        
                        child_sa->set_state(child_sa, CHILD_DELETING);
                        
-                       DBG1(SIG_DBG_IKE, "received DELETE for %N CHILD_SA with SPI 0x%x, deleting",
+                       DBG1(DBG_IKE, "received DELETE for %N CHILD_SA with SPI 0x%x, deleting",
                                 protocol_id_names, protocol, ntohl(spi));
                        
                        rekey = child_sa->get_rekeying_transaction(child_sa);
@@ -200,7 +200,7 @@ static status_t process_delete(private_delete_child_sa_t *this, delete_payload_t
                }
                else
                {
-                       DBG1(SIG_DBG_IKE, "received DELETE for %N CHILD_SA with SPI 0x%x, but no such SA",
+                       DBG1(DBG_IKE, "received DELETE for %N CHILD_SA with SPI 0x%x, but no such SA",
                                 protocol_id_names, protocol, ntohl(spi));
                }
        }
@@ -243,7 +243,7 @@ static status_t get_response(private_delete_child_sa_t *this, message_t *request
        
        if (request->get_exchange_type(request) != INFORMATIONAL)
        {
-               DBG1(SIG_DBG_IKE, "INFORMATIONAL response of invalid type, aborting");
+               DBG1(DBG_IKE, "INFORMATIONAL response of invalid type, aborting");
                return FAILED;
        }
        
@@ -253,7 +253,7 @@ static status_t get_response(private_delete_child_sa_t *this, message_t *request
        if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING ||
                this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
        {
-               DBG1(SIG_DBG_IKE, "unable to delete CHILD_SA, as rekeying in progress");
+               DBG1(DBG_IKE, "unable to delete CHILD_SA, as rekeying in progress");
                return FAILED;
        }
        
@@ -270,7 +270,7 @@ static status_t get_response(private_delete_child_sa_t *this, message_t *request
                        }
                        default:
                        {
-                               DBG2(SIG_DBG_IKE, "ignoring payload %N",
+                               DBG2(DBG_IKE, "ignoring payload %N",
                                         payload_type_names, payload->get_type(payload));
                                break;
                        }
@@ -292,7 +292,7 @@ static status_t conclude(private_delete_child_sa_t *this, message_t *response,
        /* check message type */
        if (response->get_exchange_type(response) != INFORMATIONAL)
        {
-               DBG1(SIG_DBG_IKE, "INFORMATIONAL response of invalid type, aborting");
+               DBG1(DBG_IKE, "INFORMATIONAL response of invalid type, aborting");
                return FAILED;
        }
        
@@ -309,7 +309,7 @@ static status_t conclude(private_delete_child_sa_t *this, message_t *response,
                        }
                        default:
                        {
-                               DBG1(SIG_DBG_IKE, "ignoring payload %N",
+                               DBG1(DBG_IKE, "ignoring payload %N",
                                         payload_type_names, payload->get_type(payload));
                                break;
                        }
index 37158d3..af1da3a 100644 (file)
@@ -155,7 +155,7 @@ static status_t get_response(private_delete_ike_sa_t *this, message_t *request,
        /* check message type */
        if (request->get_exchange_type(request) != INFORMATIONAL)
        {
-               DBG1(SIG_DBG_IKE, "INFORMATIONAL response of invalid type, deleting IKE_SA");
+               DBG1(DBG_IKE, "INFORMATIONAL response of invalid type, deleting IKE_SA");
                return DESTROY_ME;
        }
        
@@ -172,7 +172,7 @@ static status_t get_response(private_delete_ike_sa_t *this, message_t *request,
                        }
                        default:
                        {
-                               DBG1(SIG_DBG_IKE, "ignoring payload %N",
+                               DBG1(DBG_IKE, "ignoring payload %N",
                                         payload_type_names, payload->get_type(payload));
                                break;
                        }
@@ -183,12 +183,12 @@ static status_t get_response(private_delete_ike_sa_t *this, message_t *request,
        if (delete_request && 
                delete_request->get_protocol_id(delete_request) == PROTO_IKE)
        {
-               DBG1(SIG_DBG_IKE, "DELETE request for IKE_SA received, deleting IKE_SA");
+               DBG1(DBG_IKE, "DELETE request for IKE_SA received, deleting IKE_SA");
        }
        else
        {
                /* should not happen, as we preparsed this at transaction construction */
-               DBG1(SIG_DBG_IKE, "received a weird DELETE request for IKE_SA, deleting anyway");
+               DBG1(DBG_IKE, "received a weird DELETE request for IKE_SA, deleting anyway");
        }
        if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
        {
@@ -210,7 +210,7 @@ static status_t conclude(private_delete_ike_sa_t *this, message_t *response,
        /* check message type */
        if (response->get_exchange_type(response) != INFORMATIONAL)
        {
-               DBG1(SIG_DBG_IKE, "INFORMATIONAL response of invalid type, deleting IKE_SA");
+               DBG1(DBG_IKE, "INFORMATIONAL response of invalid type, deleting IKE_SA");
                return DESTROY_ME;
        }
        /* this is only an acknowledge. We can't do anything here, but delete
index 0d8c371..ec54dd6 100644 (file)
@@ -240,7 +240,7 @@ static status_t get_request(private_ike_auth_t *this, message_t **result)
                }
                else
                {
-                       DBG1(SIG_DBG_IKE, "could not find my certificate, certificate payload omitted");
+                       DBG1(DBG_IKE, "could not find my certificate, certificate payload omitted");
                }
        }
        
@@ -271,7 +271,8 @@ static status_t get_request(private_ike_auth_t *this, message_t **result)
                authenticator->destroy(authenticator);
                if (status != SUCCESS)
                {
-                       SIG(SIG_IKE_FAILED, "could not generate AUTH data, deleting IKE_SA");
+                       SIG(IKE_UP_FAILED, "could not generate AUTH data, deleting IKE_SA");
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                        return DESTROY_ME;
                }
                request->add_payload(request, (payload_t*)auth_payload);
@@ -295,7 +296,8 @@ static status_t get_request(private_ike_auth_t *this, message_t **result)
                this->child_sa->set_name(this->child_sa, this->policy->get_name(this->policy));
                if (this->child_sa->alloc(this->child_sa, proposal_list) != SUCCESS)
                {
-                       SIG(SIG_IKE_FAILED, "could not install CHILD_SA, deleting IKE_SA");
+                       SIG(IKE_UP_FAILED, "could not install CHILD_SA, deleting IKE_SA");
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                        return DESTROY_ME;
                }
                sa_payload = sa_payload_create_from_proposal_list(proposal_list);
@@ -337,26 +339,26 @@ static status_t process_notifies(private_ike_auth_t *this, notify_payload_t *not
 {
        notify_type_t notify_type = notify_payload->get_notify_type(notify_payload);
        
-       DBG2(SIG_DBG_IKE, "process notify type %N", notify_type_names, notify_type);
+       DBG2(DBG_IKE, "process notify type %N", notify_type_names, notify_type);
        
        switch (notify_type)
        {
                /* these notifies are not critical. no child_sa is built, but IKE stays alive */
                case SINGLE_PAIR_REQUIRED:
                {
-                       DBG1(SIG_DBG_IKE, "received a SINGLE_PAIR_REQUIRED notify");
+                       SIG(CHILD_UP_FAILED, "received a SINGLE_PAIR_REQUIRED notify");
                        this->build_child = FALSE;
                        return SUCCESS;
                }
                case TS_UNACCEPTABLE:
                {
-                       DBG1(SIG_DBG_IKE, "received TS_UNACCEPTABLE notify");
+                       SIG(CHILD_UP_FAILED, "received TS_UNACCEPTABLE notify");
                        this->build_child = FALSE;
                        return SUCCESS;
                }
                case NO_PROPOSAL_CHOSEN:
                {
-                       DBG1(SIG_DBG_IKE, "received NO_PROPOSAL_CHOSEN notify");
+                       SIG(CHILD_UP_FAILED, "received NO_PROPOSAL_CHOSEN notify");
                        this->build_child = FALSE;
                        return SUCCESS;
                }
@@ -364,13 +366,13 @@ static status_t process_notifies(private_ike_auth_t *this, notify_payload_t *not
                {
                        if (notify_type < 16383)
                        {
-                               SIG(SIG_IKE_FAILED, "received %N notify error, deleting IKE_SA",
+                               SIG(IKE_UP_FAILED, "received %N notify error, deleting IKE_SA",
                                        notify_type_names, notify_type);
                                return DESTROY_ME;      
                        }
                        else
                        {
-                               DBG1(SIG_DBG_IKE, "received %N notify, ignored",
+                               DBG1(DBG_IKE, "received %N notify, ignored",
                                         notify_type_names, notify_type);
                                return SUCCESS;
                        }
@@ -414,7 +416,7 @@ static void import_certificate(private_ike_auth_t *this, cert_payload_t *cert_pa
        encoding = cert_payload->get_cert_encoding(cert_payload);
        if (encoding != CERT_X509_SIGNATURE)
        {
-               DBG1(SIG_DBG_IKE, "certificate payload %N not supported, ignored",
+               DBG1(DBG_IKE, "certificate payload %N not supported, ignored",
                         cert_encoding_names, encoding);
                return;
        }
@@ -423,7 +425,7 @@ static void import_certificate(private_ike_auth_t *this, cert_payload_t *cert_pa
        {
                if (charon->credentials->verify(charon->credentials, cert, &found))
                {
-                       DBG2(SIG_DBG_IKE, "received end entity certificate is trusted, added to store");
+                       DBG2(DBG_IKE, "received end entity certificate is trusted, added to store");
                        if (!found)
                        {
                                charon->credentials->add_end_certificate(charon->credentials, cert);
@@ -435,13 +437,13 @@ static void import_certificate(private_ike_auth_t *this, cert_payload_t *cert_pa
                }
                else
                {
-                       DBG1(SIG_DBG_IKE, "received end entity certificate is not trusted, discarded");
+                       DBG1(DBG_IKE, "received end entity certificate is not trusted, discarded");
                        cert->destroy(cert);
                }
        }
        else
        {
-               DBG1(SIG_DBG_IKE, "parsing of received certificate failed, discarded");
+               DBG1(DBG_IKE, "parsing of received certificate failed, discarded");
        }
 }
 
@@ -521,6 +523,8 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                return SUCCESS;
        }
        
+       SIG(CHILD_UP_START, "setting up CHILD_SA along with IKE_AUTH");
+       
        me = this->ike_sa->get_my_host(this->ike_sa);
        other = this->ike_sa->get_other_host(this->ike_sa);
        this->message_id = request->get_message_id(request);
@@ -539,7 +543,8 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
        /* check message type */
        if (request->get_exchange_type(request) != IKE_AUTH)
        {
-               SIG(SIG_IKE_FAILED, "IKE_AUTH response of invalid type, deleting IKE_SA");
+               SIG(IKE_UP_FAILED, "IKE_AUTH response of invalid type, deleting IKE_SA");
+               SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                return DESTROY_ME;
        }
        
@@ -582,13 +587,14 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                                if (status == DESTROY_ME)
                                {
                                        payloads->destroy(payloads);
+                                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                                        return DESTROY_ME;
                                }
                                break;
                        }
                        default:
                        {
-                               DBG1(SIG_DBG_IKE, "ignoring %N payload",
+                               DBG1(DBG_IKE, "ignoring %N payload",
                                         payload_type_names, payload->get_type(payload));
                                break;
                        }
@@ -600,7 +606,8 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
        if (!(idi_request && auth_request && sa_request && tsi_request && tsr_request))
        {
                build_notify(INVALID_SYNTAX, response, TRUE);
-               SIG(SIG_IKE_FAILED, "request message incomplete, deleting IKE_SA");
+               SIG(IKE_UP_FAILED, "request message incomplete, deleting IKE_SA");
+               SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                return DESTROY_ME;
        }
        
@@ -638,8 +645,9 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                 * traffic selectors. Then we would create a IKE_SA without a CHILD_SA. */
                if (this->policy == NULL)
                {
-                       SIG(SIG_IKE_FAILED, "no acceptable policy for IDs %D - %D found, "
+                       SIG(IKE_UP_FAILED, "no acceptable policy for IDs %D - %D found, "
                                "deleting IKE_SA", my_id, other_id);
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                        my_id->destroy(my_id);
                        other_id->destroy(other_id);
                        build_notify(AUTHENTICATION_FAILED, response, TRUE);
@@ -670,7 +678,7 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                }
                else
                {
-                       DBG1(SIG_DBG_IKE, "could not find my certificate, cert payload omitted");
+                       DBG1(DBG_IKE, "could not find my certificate, cert payload omitted");
                }
        }
        
@@ -695,7 +703,8 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                                                                                                 TRUE);
                if (status != SUCCESS)
                {
-                       SIG(SIG_IKE_FAILED, "authentication failed, deleting IKE_SA");
+                       SIG(IKE_UP_FAILED, "authentication failed, deleting IKE_SA");
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                        build_notify(AUTHENTICATION_FAILED, response, TRUE);
                        authenticator->destroy(authenticator);
                        return DESTROY_ME;
@@ -709,13 +718,17 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                authenticator->destroy(authenticator);
                if (status != SUCCESS)
                {
-                       SIG(SIG_IKE_FAILED, "authentication data generation failed, deleting IKE_SA");
+                       SIG(IKE_UP_FAILED, "authentication data generation failed, deleting IKE_SA");
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                        build_notify(AUTHENTICATION_FAILED, response, TRUE);
                        return DESTROY_ME;
                }
                response->add_payload(response, (payload_t*)auth_response);
        }
        
+       SIG(IKE_UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...%H[%D]",
+               this->ike_sa->get_name(this->ike_sa), me, my_id, other, other_id);
+       
        {       /* process SA payload */
                linked_list_t *proposal_list;
                sa_payload_t *sa_response;
@@ -728,22 +741,22 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                
                /* get proposals from request, and select one with ours */
                proposal_list = sa_request->get_proposals(sa_request);
-               DBG2(SIG_DBG_IKE, "selecting proposals:");
+               DBG2(DBG_IKE, "selecting proposals:");
                this->proposal = this->policy->select_proposal(this->policy, proposal_list);
                proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
 
                /* do we have a proposal? */
                if (this->proposal == NULL)
                {
-                       SIG(SIG_CHILD_FAILED, "CHILD_SA proposals unacceptable, no CHILD_SA created");
-                       DBG1(SIG_DBG_IKE, "adding NO_PROPOSAL_CHOSEN notify to response");
+                       SIG(CHILD_UP_FAILED, "CHILD_SA proposals unacceptable, no CHILD_SA created");
+                       DBG1(DBG_IKE, "adding NO_PROPOSAL_CHOSEN notify to response");
                        build_notify(NO_PROPOSAL_CHOSEN, response, FALSE);
                }
                /* do we have traffic selectors? */
                else if (this->tsi->get_count(this->tsi) == 0 || this->tsr->get_count(this->tsr) == 0)
                {
-                       SIG(SIG_CHILD_FAILED, "CHILD_SA traffic selectors unacceptable, no CHILD_SA created");
-                       DBG1(SIG_DBG_IKE, "adding TS_UNACCEPTABLE notify to response");
+                       SIG(CHILD_UP_FAILED, "CHILD_SA traffic selectors unacceptable, no CHILD_SA created");
+                       DBG1(DBG_IKE, "adding TS_UNACCEPTABLE notify to response");
                        build_notify(TS_UNACCEPTABLE, response, FALSE);
                }
                else
@@ -760,15 +773,15 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                        this->child_sa->set_name(this->child_sa, this->policy->get_name(this->policy));
                        if (install_child_sa(this, FALSE) != SUCCESS)
                        {
-                               SIG(SIG_IKE_FAILED, "installing CHILD_SA failed, no CHILD_SA created");
-                               DBG1(SIG_DBG_IKE, "adding NO_PROPOSAL_CHOSEN notify to response");
+                               SIG(CHILD_UP_FAILED, "installing CHILD_SA failed, no CHILD_SA created");
+                               DBG1(DBG_IKE, "adding NO_PROPOSAL_CHOSEN notify to response");
                                build_notify(NO_PROPOSAL_CHOSEN, response, FALSE);
                        }
                        else
                        {
                                /* add proposal to sa payload */
                                sa_response->add_proposal(sa_response, this->proposal);
-                               SIG(SIG_CHILD_UP, "CHILD_SA created");
+                               SIG(CHILD_UP_SUCCESS, "CHILD_SA created");
                        }
                }
                response->add_payload(response, (payload_t*)sa_response);
@@ -794,7 +807,7 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
        iterator_t *payloads;
        payload_t *payload;
        host_t *me, *other;
-       identification_t *other_id;
+       identification_t *other_id, *my_id;
        ts_payload_t *tsi_payload = NULL;
        ts_payload_t *tsr_payload = NULL;
        id_payload_t *idr_payload = NULL;
@@ -806,7 +819,8 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
        /* check message type */
        if (response->get_exchange_type(response) != IKE_AUTH)
        {
-               SIG(SIG_IKE_FAILED, "IKE_AUTH response of invalid type, deleting IKE_SA");
+               SIG(IKE_UP_FAILED, "IKE_AUTH response of invalid type, deleting IKE_SA");
+               SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                return DESTROY_ME;
        }
        
@@ -843,11 +857,12 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
                                if (status == FAILED)
                                {
                                        payloads->destroy(payloads);
-                                       /* we return SUCCESS, returned FAILED means do next transaction */
+                                       /* we return SUCCESS, as transaction completet */
                                        return SUCCESS;
                                }
                                if (status == DESTROY_ME)
                                {
+                                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                                        payloads->destroy(payloads);
                                        return status;
                                }
@@ -855,7 +870,7 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
                        }
                        default:
                        {
-                               DBG1(SIG_DBG_IKE, "ignoring payload %N",
+                               DBG1(DBG_IKE, "ignoring payload %N",
                                         payload_type_names, payload->get_type(payload));
                                break;
                        }
@@ -865,7 +880,8 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
        
        if (!(idr_payload && auth_payload && sa_payload && tsi_payload && tsr_payload))
        {
-               SIG(SIG_IKE_FAILED, "response message incomplete, deleting IKE_SA");
+               SIG(IKE_UP_FAILED, "response message incomplete, deleting IKE_SA");
+               SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                return DESTROY_ME;
        }
        
@@ -879,8 +895,9 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
                if (!other_id->matches(other_id, configured_other_id, &wildcards))
                {
                        other_id->destroy(other_id);
-                       SIG(SIG_IKE_FAILED, "other peer uses unacceptable ID (%D, excepted "
+                       SIG(IKE_UP_FAILED, "other peer uses unacceptable ID (%D, excepted "
                                "%D), deleting IKE_SA", other_id, configured_other_id);
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                        return DESTROY_ME;
                }
                /* update other ID. It was already set, but may contain wildcards */
@@ -895,7 +912,6 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
        {       /* authenticate peer */
                authenticator_t *authenticator;
                auth_method_t auth_method;
-               identification_t *my_id;
                status_t status;
                
                auth_method = this->policy->get_auth_method(this->policy);
@@ -912,12 +928,16 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
                authenticator->destroy(authenticator);
                if (status != SUCCESS)
                {
-                       SIG(SIG_IKE_FAILED, "authentication of '%D' with %N failed, "
-                               "deleting IKE_SA", other_id, auth_method_names, auth_method);
+                       SIG(IKE_UP_FAILED, "authentication of '%D' with %N failed, "
+                                       "deleting IKE_SA", other_id, auth_method_names, auth_method);
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                        return DESTROY_ME;      
                }
        }
        
+       SIG(IKE_UP_SUCCESS, "IKE_SA '%s' established between %H[%D]...%H[%D]",
+               this->ike_sa->get_name(this->ike_sa), me, my_id, other, other_id);
+       
        {       /* process traffic selectors for us */
                linked_list_t *ts_received = tsi_payload->get_traffic_selectors(tsi_payload);
                this->tsi = this->policy->select_my_traffic_selectors(this->policy, ts_received, me);
@@ -944,17 +964,19 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
                        this->tsr->get_count(this->tsr) == 0 ||
                        !this->build_child)
                {
-                       SIG(SIG_CHILD_FAILED, "CHILD_SA negotiation failed, no CHILD_SA built");
+                       SIG(CHILD_UP_FAILED, "CHILD_SA negotiation failed, no CHILD_SA built");
                }
                else
                {
                        if (install_child_sa(this, TRUE) != SUCCESS)
                        {
-                               SIG(SIG_CHILD_FAILED, "installing CHILD_SA failed, no CHILD_SA built");
+                               SIG(CHILD_UP_FAILED, "installing CHILD_SA failed, no CHILD_SA built");
+                               /* TODO: we should send a DELETE for that CHILD to stay
+                                * synchronous with the peer */
                        }
                        else
                        {
-                               SIG(SIG_CHILD_UP, "CHILD_SA created");
+                               SIG(CHILD_UP_SUCCESS, "CHILD_SA created");
                        }
                }
        }
index 02b32c3..89d0c33 100644 (file)
@@ -232,8 +232,8 @@ static chunk_t generate_natd_hash(private_ike_sa_init_t *this,
        /*  natd_hash = SHA1( spi_i | spi_r | address | port ) */
        natd_chunk = chunk_cat("cccc", spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk);
        this->nat_hasher->allocate_hash(this->nat_hasher, natd_chunk, &natd_hash);
-       DBG3(SIG_DBG_IKE, "natd_chunk %B", &natd_chunk);
-       DBG3(SIG_DBG_IKE, "natd_hash %B", &natd_hash);
+       DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk);
+       DBG3(DBG_IKE, "natd_hash %B", &natd_hash);
        
        chunk_free(&natd_chunk);
        return natd_hash;
@@ -280,7 +280,7 @@ static status_t get_request(private_ike_sa_init_t *this, message_t **result)
        other = this->connection->get_other_host(this->connection);
        
        /* we already set up the IDs. Mine is already fully qualified, other
-       * will be updated in the ike_auth transaction */
+        * will be updated in the ike_auth transaction */
        my_id = this->policy->get_my_id(this->policy);
        other_id = this->policy->get_other_id(this->policy);
        this->ike_sa->set_my_id(this->ike_sa, my_id->clone(my_id));
@@ -292,6 +292,12 @@ static status_t get_request(private_ike_sa_init_t *this, message_t **result)
                this->ike_sa->set_name(this->ike_sa, name);
        }
        
+       /* setting up a IKE_SA implicitly requires setup of a CHILD_SA */
+       SIG(IKE_UP_START, "initiating IKE_SA '%s' between %H[%D]...%H[%D]",
+               this->connection->get_name(this->connection), me, my_id, other, other_id);
+       SIG(CHILD_UP_START, "establishing CHILD_SA '%s' along with IKE_SA",
+               this->policy->get_name(this->policy));
+       
        /* build the request */
        request = message_create();
        request->set_source(request, me->clone(me));
@@ -314,8 +320,10 @@ static status_t get_request(private_ike_sa_init_t *this, message_t **result)
                this->diffie_hellman = diffie_hellman_create(dh_group);
                if (this->diffie_hellman == NULL)
                {
-                       SIG(SIG_IKE_FAILED, "DH group %N not supported, aborting",
+                       SIG(IKE_UP_FAILED, "DH group %N not supported, aborting",
                                diffie_hellman_group_names, dh_group);
+                       SIG(CHILD_UP_FAILED,
+                               "initiating CHILD_SA failed, unable to create IKE_SA");
                        return DESTROY_ME;
                }
        }
@@ -345,7 +353,9 @@ static status_t get_request(private_ike_sa_init_t *this, message_t **result)
                if (this->randomizer->allocate_pseudo_random_bytes(this->randomizer, 
                        NONCE_SIZE, &this->nonce_i) != SUCCESS)
                {
-                       SIG(SIG_IKE_FAILED, "could not generate nonce, aborting");
+                       SIG(IKE_UP_FAILED, "could not generate nonce, aborting");
+                       SIG(CHILD_UP_FAILED,
+                               "initiating CHILD_SA failed, unable to create IKE_SA");
                        return DESTROY_ME;
                }
                nonce_payload = nonce_payload_create();
@@ -388,19 +398,19 @@ static status_t process_notifys(private_ike_sa_init_t *this, notify_payload_t *n
        chunk_t notification_data;
        notify_type_t notify_type = notify_payload->get_notify_type(notify_payload);
        
-       DBG2(SIG_DBG_IKE, "process notify type %N", notify_type_names, notify_type);
+       DBG2(DBG_IKE, "process notify type %N", notify_type_names, notify_type);
 
        switch (notify_type)
        {
                case NO_PROPOSAL_CHOSEN:
                {
-                       SIG(SIG_IKE_FAILED,</