*/
u_int key_size;
};
+
+ENUM(policy_dir_names, POLICY_IN, POLICY_FWD,
+ "in",
+ "out",
+ "fwd"
+);
+
#define END_OF_LIST -1
/**
return;
}
DBG2(DBG_KNL, "received a XFRM_MSG_ACQUIRE");
- DBG1(DBG_KNL, "creating acquire job for CHILD_SA with {reqid %d}", reqid);
+ DBG1(DBG_KNL, "creating acquire job for CHILD_SA with reqid {%d}", reqid);
job = (job_t*)acquire_job_create(reqid);
charon->processor->queue_job(charon->processor, job);
}
if (protocol != PROTO_ESP && protocol != PROTO_AH)
{
- DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA 0x%x {reqid %d} which is "
- "not a CHILD_SA", ntohl(spi), reqid);
+ DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and reqid {%d} "
+ "which is not a CHILD_SA", ntohl(spi), reqid);
return;
}
- DBG1(DBG_KNL, "creating %s job for %N CHILD_SA 0x%x {reqid %d}",
+ DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}",
expire->hard ? "delete" : "rekey", protocol_id_names,
protocol, ntohl(spi), reqid);
if (expire->hard)
protocol_id_t protocol, u_int32_t reqid,
u_int32_t *spi)
{
- DBG2(DBG_KNL, "getting SPI for reqid %d", reqid);
+ DBG2(DBG_KNL, "getting SPI for reqid {%d}", reqid);
if (get_spi_internal(this, src, dst, proto_ike2kernel(protocol),
0xc0000000, 0xcFFFFFFF, reqid, spi) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to get SPI for reqid %d", reqid);
+ DBG1(DBG_KNL, "unable to get SPI for reqid {%d}", reqid);
return FAILED;
}
- DBG2(DBG_KNL, "got SPI 0x%x for reqid %d", *spi, reqid);
+ DBG2(DBG_KNL, "got SPI %.8x for reqid {%d}", ntohl(*spi), reqid);
return SUCCESS;
}
u_int32_t reqid, u_int16_t *cpi)
{
u_int32_t received_spi = 0;
- DBG2(DBG_KNL, "getting CPI for reqid %d", reqid);
+ DBG2(DBG_KNL, "getting CPI for reqid {%d}", reqid);
if (get_spi_internal(this, src, dst,
IPPROTO_COMP, 0x100, 0xEFFF, reqid, &received_spi) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to get CPI for reqid %d", reqid);
+ DBG1(DBG_KNL, "unable to get CPI for reqid {%d}", reqid);
return FAILED;
}
*cpi = htons((u_int16_t)ntohl(received_spi));
- DBG2(DBG_KNL, "got CPI 0x%x for reqid %d", *cpi, reqid);
+ DBG2(DBG_KNL, "got CPI %.4x for reqid {%d}", ntohs(*cpi), reqid);
return SUCCESS;
}
memset(&request, 0, sizeof(request));
- DBG2(DBG_KNL, "adding SAD entry with SPI 0x%x and reqid %d", spi, reqid);
+ DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%d}", ntohl(spi), reqid);
hdr = (struct nlmsghdr*)request;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
if (netlink_send_ack(this, this->socket_xfrm, hdr) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to add SAD entry with SPI 0x%x", spi);
+ DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi));
return FAILED;
}
return SUCCESS;
memset(&request, 0, sizeof(request));
- DBG2(DBG_KNL, "querying replay state from SAD entry with SPI 0x%x", spi);
+ DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x", ntohl(spi));
hdr = (struct nlmsghdr*)request;
hdr->nlmsg_flags = NLM_F_REQUEST;
if (out_aevent == NULL)
{
- DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI 0x%x", spi);
+ DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x",
+ ntohl(spi));
free(out);
return FAILED;
}
rta = RTA_NEXT(rta, rtasize);
}
- DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI 0x%x", spi);
+ DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x",
+ ntohl(spi));
free(out);
return FAILED;
}
memset(&request, 0, sizeof(request));
- DBG2(DBG_KNL, "querying SAD entry with SPI 0x%x for update", spi);
+ DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi));
/* query the exisiting SA first */
hdr = (struct nlmsghdr*)request;
}
if (out_sa == NULL)
{
- DBG1(DBG_KNL, "unable to update SAD entry with SPI 0x%x", spi);
+ DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi));
free(out);
return FAILED;
}
/* delete the old SA */
if (this->public.del_sa(&this->public, dst, spi, protocol) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to delete old SAD entry with SPI 0x%x", spi);
+ DBG1(DBG_KNL, "unable to delete old SAD entry with SPI %.8x", ntohl(spi));
free(out);
return FAILED;
}
- DBG2(DBG_KNL, "updating SAD entry with SPI 0x%x from %#H..%#H to %#H..%#H",
- spi, src, dst, new_src, new_dst);
+ DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H",
+ ntohl(spi), src, dst, new_src, new_dst);
/* copy over the SA from out to request */
hdr = (struct nlmsghdr*)request;
if (netlink_send_ack(this, this->socket_xfrm, hdr) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to update SAD entry with SPI 0x%x", spi);
+ DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi));
free(out);
return FAILED;
}
struct xfrm_usersa_info *sa = NULL;
size_t len;
- DBG2(DBG_KNL, "querying SAD entry with SPI 0x%x", spi);
+ DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi));
memset(&request, 0, sizeof(request));
hdr = (struct nlmsghdr*)request;
if (sa == NULL)
{
- DBG1(DBG_KNL, "unable to query SAD entry with SPI 0x%x", spi);
+ DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
free(out);
return FAILED;
}
memset(&request, 0, sizeof(request));
- DBG2(DBG_KNL, "deleting SAD entry with SPI 0x%x", spi);
+ DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi));
hdr = (struct nlmsghdr*)request;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
if (netlink_send_ack(this, this->socket_xfrm, hdr) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to delete SAD entry with SPI 0x%x", spi);
+ DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi));
return FAILED;
}
- DBG2(DBG_KNL, "deleted SAD entry with SPI 0x%x", spi);
+ DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi));
return SUCCESS;
}
{
/* use existing policy */
current->refcount++;
- DBG2(DBG_KNL, "policy %R===%R already exists, increasing "
- "refcount", src_ts, dst_ts);
+ DBG2(DBG_KNL, "policy %R === %R %N already exists, increasing "
+ "refcount", src_ts, dst_ts,
+ policy_dir_names, direction);
free(policy);
policy = current;
found = TRUE;
policy->refcount = 1;
}
- DBG2(DBG_KNL, "adding policy %R===%R", src_ts, dst_ts);
+ DBG2(DBG_KNL, "adding policy %R === %R %N", src_ts, dst_ts,
+ policy_dir_names, direction);
memset(&request, 0, sizeof(request));
hdr = (struct nlmsghdr*)request;
if (netlink_send_ack(this, this->socket_xfrm, hdr) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to add policy %R===%R", src_ts, dst_ts);
+ DBG1(DBG_KNL, "unable to add policy %R === %R %N", src_ts, dst_ts,
+ policy_dir_names, direction);
return FAILED;
}
memset(&request, 0, sizeof(request));
- DBG2(DBG_KNL, "querying policy %R===%R", src_ts, dst_ts);
+ DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts,
+ policy_dir_names, direction);
hdr = (struct nlmsghdr*)request;
hdr->nlmsg_flags = NLM_F_REQUEST;
if (policy == NULL)
{
- DBG2(DBG_KNL, "unable to query policy %R===%R", src_ts, dst_ts);
+ DBG2(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts,
+ policy_dir_names, direction);
free(out);
return FAILED;
}
struct xfrm_userpolicy_id *policy_id;
iterator_t *iterator;
- DBG2(DBG_KNL, "deleting policy %R===%R", src_ts, dst_ts);
+ DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts,
+ policy_dir_names, direction);
/* create a policy */
memset(&policy, 0, sizeof(policy_entry_t));
iterator->destroy(iterator);
if (!to_delete)
{
- DBG1(DBG_KNL, "deleting policy %R===%R failed, not found", src_ts, dst_ts);
+ DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found", src_ts,
+ dst_ts, policy_dir_names, direction);
return NOT_FOUND;
}
if (netlink_send_ack(this, this->socket_xfrm, hdr) != SUCCESS)
{
- DBG1(DBG_KNL, "unable to delete policy %R===%R", src_ts, dst_ts);
+ DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts,
+ policy_dir_names, direction);
return FAILED;
}
if (manage_srcroute(this, RTM_DELROUTE, 0, route) != SUCCESS)
{
DBG1(DBG_KNL, "error uninstalling route installed with "
- "policy %R===%R", src_ts, dst_ts);
+ "policy %R === %R %N", src_ts, dst_ts,
+ policy_dir_names, direction);
}
route_entry_destroy(route);
}