- improved "stroke status" output
authorMartin Willi <martin@strongswan.org>
Wed, 26 Apr 2006 12:28:02 +0000 (12:28 -0000)
committerMartin Willi <martin@strongswan.org>
Wed, 26 Apr 2006 12:28:02 +0000 (12:28 -0000)
Source/charon/sa/child_sa.c
Source/charon/sa/child_sa.h
Source/charon/sa/ike_sa.c
Source/charon/sa/ike_sa.h
Source/charon/threads/stroke_interface.c

index 28e9cdd..c2b3c44 100644 (file)
@@ -20,8 +20,9 @@
  * for more details.
  */
 
-#include "child_sa.h"
+#include <netdb.h>
 
+#include "child_sa.h"
 
 #include <daemon.h>
 
@@ -464,6 +465,48 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list
 }
 
 /**
+ * Implementation of child_sa_t.log_status.
+ */
+static void log_status(private_child_sa_t *this, logger_t *logger)
+{
+       iterator_t *iterator;
+       sa_policy_t *policy;
+       struct protoent *proto;
+       char proto_buf[16] = "";
+       char *proto_name = proto_buf;
+       
+       if (logger == NULL)
+       {
+               logger = this->logger;
+       }
+       logger->log(logger, CONTROL, "  protected with ESP (%x/%x), AH (%x,%x); traffic:",
+                               htons(this->my_esp_spi), htons(this->other_esp_spi), 
+                               htons(this->my_ah_spi), htons(this->other_ah_spi));
+       iterator = this->policies->create_iterator(this->policies, TRUE);
+       while (iterator->has_next(iterator))
+       {
+               iterator->current(iterator, (void**)&policy);
+               if (policy->upper_proto)
+               {
+                       proto = getprotobynumber(policy->upper_proto);
+                       if (proto)
+                       {
+                               proto_name = proto->p_name;
+                       }
+                       else
+                       {
+                               snprintf(proto_buf, sizeof(proto_buf), "<%d>", policy->upper_proto);
+                       }
+               }
+               logger->log(logger, CONTROL, "    %s/%d===%s===%s/%d",
+                                       policy->my_net->get_address(policy->my_net), policy->my_net_mask,
+                                       proto_name,
+                                       policy->other_net->get_address(policy->other_net), policy->other_net_mask);
+       }
+       iterator->destroy(iterator);
+}
+
+/**
  * Implementation of child_sa_t.destroy.
  */
 static void destroy(private_child_sa_t *this)
@@ -527,6 +570,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other)
        this->public.add = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))add;
        this->public.update = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))update;
        this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*))add_policies;
+       this->public.log_status = (void (*)(child_sa_t*, logger_t*))log_status;
        this->public.destroy = (void(*)(child_sa_t*))destroy;
 
        /* private data */
index 96978da..c49d85d 100644 (file)
@@ -27,6 +27,7 @@
 #include <types.h>
 #include <crypto/prf_plus.h>
 #include <encoding/payloads/proposal_substructure.h>
+#include <utils/logger.h>
 
 typedef struct child_sa_t child_sa_t;
 
@@ -112,6 +113,19 @@ struct child_sa_t {
        status_t (*add_policies) (child_sa_t *this, linked_list_t *my_ts_list, linked_list_t *other_ts_list);
        
        /**
+        * @brief Log the status of a child_sa to a logger.
+        *
+        * The status of ESP/AH SAs is logged with the supplied logger in
+        * a human readable form.
+        * Supplying NULL as logger uses the internal child_sa logger
+        * to do the logging.
+        *
+        * @param this          calling object
+        * @param logger        logger to use for logging
+        */     
+       void (*log_status) (child_sa_t *this, logger_t *logger);
+       
+       /**
         * @brief Destroys a child_sa.
         *
         * @param this          calling object
index def0013..0360695 100644 (file)
@@ -977,6 +977,43 @@ static void reset_message_buffers (private_ike_sa_t *this)
 }
 
 /**
+ * Implementation of protected_ike_sa_t.log_status.
+ */
+static void log_status(private_ike_sa_t *this, logger_t *logger)
+{
+       iterator_t *iterator;
+       child_sa_t *child_sa;
+       
+       host_t *my_host    = this->connection->get_my_host(this->connection);
+       host_t *other_host = this->connection->get_other_host(this->connection);
+
+       identification_t *my_id    = this->connection->get_my_id(this->connection);
+       identification_t *other_id = this->connection->get_other_id(this->connection);
+       
+       if (logger == NULL)
+       {
+               logger = this->logger;
+       }
+       logger->log(logger, CONTROL, "IKE_SA in state %s, SPIs: %lld %lld",
+                               mapping_find(ike_sa_state_m, this->current_state->get_state(this->current_state)),
+                               this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
+                               this->ike_sa_id->get_responder_spi(this->ike_sa_id));
+       logger->log(logger, CONTROL, "%s[%s]...%s[%s]; tunnels:",
+                               my_host->get_address(my_host),
+                               my_id->get_string(my_id),
+                               other_host->get_address(other_host),
+                               other_id->get_string(other_id));
+       
+       iterator = this->child_sas->create_iterator(this->child_sas, TRUE);
+       while (iterator->has_next(iterator))
+       {
+               iterator->current(iterator, (void**)&child_sa);
+               child_sa->log_status(child_sa, logger);
+       }
+       iterator->destroy(iterator);
+}
+
+/**
  * Implementation of protected_ike_sa_t.destroy.
  */
 static void destroy (private_ike_sa_t *this)
@@ -1075,6 +1112,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->protected.public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
        this->protected.public.get_state = (ike_sa_state_t (*) (ike_sa_t *this)) get_state;
        this->protected.public.send_delete_ike_sa_request = (void (*)(ike_sa_t*)) send_delete_ike_sa_request;
+       this->protected.public.log_status = (void (*) (ike_sa_t*,logger_t*))log_status;
        this->protected.public.destroy = (void(*)(ike_sa_t*))destroy;
        
        /* protected functions */
index 8b58bfe..7168839 100644 (file)
@@ -37,6 +37,7 @@
 #include <crypto/signers/signer.h>
 #include <config/connections/connection.h>
 #include <config/policies/policy.h>
+#include <utils/logger.h>
 
 /**
  * Nonce size in bytes for nonces sending to other peer.
@@ -160,6 +161,18 @@ struct ike_sa_t {
         * @return                              state of IKE_SA
         */
        ike_sa_state_t (*get_state) (ike_sa_t *this);
+       
+       /**
+        * @brief Log the status of a the ike sa to a logger.
+        *
+        * The status of the IKE SA and all child SAs is logged.
+        * Supplying NULL as logger uses the internal child_sa logger
+        * to do the logging.
+        *
+        * @param this          calling object
+        * @param logger        logger to use for logging
+        */     
+       void (*log_status) (ike_sa_t *this, logger_t *logger);
 
        /**
         * @brief Destroys a ike_sa_t object.
index 77c1528..143dcd6 100755 (executable)
@@ -408,38 +408,15 @@ static void stroke_status(private_stroke_t *this, stroke_msg_t *msg)
                ike_sa_id_t *ike_sa_id;
                ike_sa_t *ike_sa;
                iterator->current(iterator, (void**)&ike_sa_id);
-               
+               /* TODO: A log_status method (as in IKE_SA/CHILD_SA) would be better than checking
+                * out every single IKE...
+                */
                status = charon->ike_sa_manager->checkout(charon->ike_sa_manager, ike_sa_id, &ike_sa);
                if (status == SUCCESS)
                {
-                       host_t *my_host, *other_host;
-                       identification_t *my_id, *other_id;
-                       my_host = ike_sa->get_my_host(ike_sa);
-                       other_host = ike_sa->get_other_host(ike_sa);
-                       my_id = ike_sa->get_my_id(ike_sa);
-                       other_id = ike_sa->get_other_id(ike_sa);
-                       
-                       this->stroke_logger->log(this->stroke_logger, CONTROL, "IKE_SA in state %s ",
-                                                                        mapping_find(ike_sa_state_m, ike_sa->get_state(ike_sa)));
-                       
-                       this->stroke_logger->log(this->stroke_logger, CONTROL, " SPIs: %lld",
-                                                                        ike_sa_id->get_initiator_spi(ike_sa_id));
-                       this->stroke_logger->log(this->stroke_logger, CONTROL, "       %lld",
-                                                                        ike_sa_id->get_responder_spi(ike_sa_id));
-                       
-                       this->stroke_logger->log(this->stroke_logger, CONTROL, " Addr: %s",
-                                                                        my_host->get_address(my_host));
-                       this->stroke_logger->log(this->stroke_logger, CONTROL, "       %s",
-                                                                        other_host->get_address(other_host));
-                       
-                       this->stroke_logger->log(this->stroke_logger, CONTROL, " ID:   %s",
-                                                                        my_id->get_string(my_id));
-                       this->stroke_logger->log(this->stroke_logger, CONTROL, "       %s",
-                                                                        other_id->get_string(other_id));
-                                               
+                       ike_sa->log_status(ike_sa, this->stroke_logger);
                        charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
                }
-               
                ike_sa_id->destroy(ike_sa_id);
        }
        iterator->destroy(iterator);