completed IKE_SA logging at the AUDIT level
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 23 Jul 2008 18:46:34 +0000 (18:46 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 23 Jul 2008 18:46:34 +0000 (18:46 -0000)
src/charon/sa/tasks/ike_delete.c
src/charon/sa/tasks/ike_reauth.c
src/charon/sa/tasks/ike_rekey.c

index 67dddb0..d685320 100644 (file)
@@ -56,13 +56,22 @@ static status_t build_i(private_ike_delete_t *this, message_t *message)
 {
        delete_payload_t *delete_payload;
 
 {
        delete_payload_t *delete_payload;
 
+       SIG_IKE(DOWN_START, "deleting IKE_SA %s[%d] between %H[%D]...%H[%D]",
+                       this->ike_sa->get_name(this->ike_sa),
+                       this->ike_sa->get_unique_id(this->ike_sa),
+                       this->ike_sa->get_my_host(this->ike_sa),
+                       this->ike_sa->get_my_id(this->ike_sa),
+                       this->ike_sa->get_other_host(this->ike_sa),
+                       this->ike_sa->get_other_id(this->ike_sa));
+
        delete_payload = delete_payload_create(PROTO_IKE);
        message->add_payload(message, (payload_t*)delete_payload);
        delete_payload = delete_payload_create(PROTO_IKE);
        message->add_payload(message, (payload_t*)delete_payload);
-       
        this->ike_sa->set_state(this->ike_sa, IKE_DELETING);
        this->ike_sa->set_state(this->ike_sa, IKE_DELETING);
+
        DBG1(DBG_IKE, "sending DELETE for IKE_SA %s[%d]",
                        this->ike_sa->get_name(this->ike_sa),
                        this->ike_sa->get_unique_id(this->ike_sa));
        DBG1(DBG_IKE, "sending DELETE for IKE_SA %s[%d]",
                        this->ike_sa->get_name(this->ike_sa),
                        this->ike_sa->get_unique_id(this->ike_sa));
+
        return NEED_MORE;
 }
 
        return NEED_MORE;
 }
 
@@ -76,18 +85,26 @@ static status_t process_i(private_ike_delete_t *this, message_t *message)
 }
 
 /**
 }
 
 /**
- * Implementation of task_t.process for initiator
+ * Implementation of task_t.process for responder
  */
 static status_t process_r(private_ike_delete_t *this, message_t *message)
 {
        /* we don't even scan the payloads, as the message wouldn't have
         * come so far without being correct */
  */
 static status_t process_r(private_ike_delete_t *this, message_t *message)
 {
        /* we don't even scan the payloads, as the message wouldn't have
         * come so far without being correct */
+       DBG1(DBG_IKE, "received DELETE for IKE_SA %s[%d]",
+                       this->ike_sa->get_name(this->ike_sa),
+                       this->ike_sa->get_unique_id(this->ike_sa));
+       SIG_IKE(DOWN_START, "deleting IKE_SA %s[%d] between %H[%D]...%H[%D]",
+                       this->ike_sa->get_name(this->ike_sa),
+                       this->ike_sa->get_unique_id(this->ike_sa),
+                       this->ike_sa->get_my_host(this->ike_sa),
+                       this->ike_sa->get_my_id(this->ike_sa),
+                       this->ike_sa->get_other_host(this->ike_sa),
+                       this->ike_sa->get_other_id(this->ike_sa));
+
        switch (this->ike_sa->get_state(this->ike_sa))
        {
                case IKE_ESTABLISHED:
        switch (this->ike_sa->get_state(this->ike_sa))
        {
                case IKE_ESTABLISHED:
-                       DBG1(DBG_IKE, "received DELETE for IKE_SA %s[%d]",
-                                       this->ike_sa->get_name(this->ike_sa),
-                                       this->ike_sa->get_unique_id(this->ike_sa));
                        this->ike_sa->set_state(this->ike_sa, IKE_DELETING);
                        this->ike_sa->reestablish(this->ike_sa);
                        break;
                        this->ike_sa->set_state(this->ike_sa, IKE_DELETING);
                        this->ike_sa->reestablish(this->ike_sa);
                        break;
@@ -106,9 +123,11 @@ static status_t process_r(private_ike_delete_t *this, message_t *message)
  */
 static status_t build_r(private_ike_delete_t *this, message_t *message)
 {
  */
 static status_t build_r(private_ike_delete_t *this, message_t *message)
 {
+       SIG_IKE(DOWN_SUCCESS, "IKE_SA deleted");
+
        if (this->simultaneous)
        {
        if (this->simultaneous)
        {
-               /* wait for peers response for our delete request, but set a timeout */
+               /* wait for peer's response for our delete request, but set a timeout */
                return SUCCESS;
        }
        /* completed, delete IKE_SA by returning FAILED */
                return SUCCESS;
        }
        /* completed, delete IKE_SA by returning FAILED */
index 849e42e..30de16c 100644 (file)
@@ -65,7 +65,8 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
        
        /* process delete response first */
        this->ike_delete->task.process(&this->ike_delete->task, message);
        
        /* process delete response first */
        this->ike_delete->task.process(&this->ike_delete->task, message);
-       
+       SIG_IKE(DOWN_SUCCESS, "IKE_SA deleted");
+
        peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
        
        /* reauthenticate only if we have children */
        peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
        
        /* reauthenticate only if we have children */
index 175ffcf..4a13f30 100644 (file)
@@ -90,7 +90,7 @@ static status_t build_i(private_ike_rekey_t *this, message_t *message)
 }
 
 /**
 }
 
 /**
- * Implementation of task_t.process for initiator
+ * Implementation of task_t.process for responder
  */
 static status_t process_r(private_ike_rekey_t *this, message_t *message)
 {
  */
 static status_t process_r(private_ike_rekey_t *this, message_t *message)
 {
@@ -152,6 +152,13 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message)
        
        this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
        this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED);
        
        this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
        this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED);
+       SIG_IKE(UP_SUCCESS, "IKE_SA %s[%d] established between %H[%D]...%H[%D]",
+               this->new_sa->get_name(this->new_sa),
+               this->new_sa->get_unique_id(this->new_sa),
+               this->ike_sa->get_my_host(this->ike_sa),
+               this->ike_sa->get_my_id(this->ike_sa),
+               this->ike_sa->get_other_host(this->ike_sa),
+               this->ike_sa->get_other_id(this->ike_sa));
        
        return SUCCESS;
 }
        
        return SUCCESS;
 }
@@ -191,6 +198,14 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
        }
 
        this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED);
        }
 
        this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED);
+       SIG_IKE(UP_SUCCESS, "IKE_SA %s[%d] established between %H[%D]...%H[%D]",
+               this->new_sa->get_name(this->new_sa),
+               this->new_sa->get_unique_id(this->new_sa),
+               this->ike_sa->get_my_host(this->ike_sa),
+               this->ike_sa->get_my_id(this->ike_sa),
+               this->ike_sa->get_other_host(this->ike_sa),
+               this->ike_sa->get_other_id(this->ike_sa));
+
        to_delete = this->ike_sa->get_id(this->ike_sa);
        
        /* check for collisions */
        to_delete = this->ike_sa->get_id(this->ike_sa);
        
        /* check for collisions */