debug and logging improvements
authorMartin Willi <martin@strongswan.org>
Tue, 13 Jun 2006 10:01:04 +0000 (10:01 -0000)
committerMartin Willi <martin@strongswan.org>
Tue, 13 Jun 2006 10:01:04 +0000 (10:01 -0000)
src/charon/config/configuration.c
src/charon/config/configuration.h
src/charon/config/policies/policy.c
src/charon/doc/Known-bugs.txt
src/charon/doc/Todo-list.txt
src/charon/network/socket.c
src/charon/sa/authenticator.c
src/charon/testing/kernel_interface_test.c

index eac1bd4..34c040b 100755 (executable)
@@ -30,7 +30,7 @@
  * First retransmit timeout in milliseconds.
  * Timeout value is increasing in each retransmit round.
  */
-#define RETRANSMIT_TIMEOUT 3000
+#define RETRANSMIT_TIMEOUT 2500
 
 /**
  * Timeout in milliseconds after that a half open IKE_SA gets deleted.
@@ -42,7 +42,7 @@
  * 0 for infinite. The max time a half open IKE_SA is alive is set by 
  * RETRANSMIT_TIMEOUT.
  */
-#define MAX_RETRANSMIT_COUNT 0
+#define MAX_RETRANSMIT_COUNT 3
 
 
 typedef struct private_configuration_t private_configuration_t;
@@ -65,7 +65,7 @@ struct private_configuration_t {
 static status_t get_retransmit_timeout (private_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
 {
        int new_timeout = RETRANSMIT_TIMEOUT, i;
-       if (retransmit_count > MAX_RETRANSMIT_COUNT && MAX_RETRANSMIT_COUNT != 0)
+       if (retransmit_count >= MAX_RETRANSMIT_COUNT && MAX_RETRANSMIT_COUNT != 0)
        {
                return FAILED;
        }
index 3696215..066475a 100755 (executable)
@@ -40,10 +40,10 @@ struct configuration_t {
 
        /**
         * @brief Returns the retransmit timeout.
-        * 
+        *
         * The timeout values are managed by the configuration, so 
         * another backoff algorithm may be implemented here.
-        * 
+        *
         * @param this                          calling object
         * @param retransmit_count      number of times a message was retransmitted so far
         * @param[out] timeout          the new retransmit timeout in milliseconds
index 22c63c5..ac8ae89 100644 (file)
@@ -332,6 +332,10 @@ static void add_proposal(private_policy_t *this, proposal_t *proposal)
  */
 static u_int32_t get_soft_lifetime(private_policy_t *this)
 {
+       if (this->jitter == 0)
+       {
+               return this->soft_lifetime ;
+       }
        srandom(time(NULL)+getpid());
        return this->soft_lifetime - (random() % this->jitter);
 }
index 7fdf258..7eda41f 100644 (file)
@@ -1,7 +1,8 @@
  Known bugs in charon
 ======================
 
-- intiating the same connection twice makes trouble
 - leak_detective gets confused from libpthread (invalid frees)
-- installing to many SAs in the kernel at the same time causes troubles. Threading issue?
+- inititate rekeying at the same time causes troubles, as the current state
+  machine can't handle it properly
+- traffic selector changes while rekeying may cause troubles
 
index 77618de..8508d24 100644 (file)
 - implement 3DES to load encrypted pem files
 + ipsec.secrets parsing
 
-- trapping
+/ trapping
 + proper delete messages
 - notifys on connection setup failure
-- create child sa message/rekeying
++ create child sa message/rekeying
 
 - implement a mechanism against thread exhaustion
   when a blocked IKE_SA receives a lot of messages
 - add a crl fetch mechanism which synchronizes equal fetches
+
+- replace state machine with something more transaction oriented
index c42c9cd..89e21a2 100644 (file)
@@ -191,6 +191,18 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
                        this->logger->log(this->logger, ERROR, "error reading from socket: %s", strerror(errno));
                        continue;
                }
+               /* insert a delay to simulate small bandwith/RTT */
+#ifdef PACKET_RECV_DELAY
+               usleep(PACKET_RECV_DELAY * 1000);
+#endif
+               /* simulate packet loss of every PACKET_RECV_LOSS'th packet */
+#ifdef PACKET_RECV_LOSS
+               srandom(time(NULL) + getpid());
+               if (random() % PACKET_RECV_LOSS == 0)
+               {
+                       return SUCCESS;
+               }
+#endif
                if (bytes_read > IP_HEADER_LENGTH + UDP_HEADER_LENGTH)
                {
                        /* read source/dest from raw IP/UDP header */
@@ -240,9 +252,19 @@ status_t sender(private_socket_t *this, packet_t *packet)
        this->logger->log(this->logger, CONTROL, "sending packet: from %s:%d to %s:%d",
                                          src->get_address(src), src->get_port(src),
                                          dst->get_address(dst), dst->get_port(dst));
-       
+       /* insert a delay to simulate small bandwith/RTT */
+#ifdef PACKET_SEND_DELAY
+       usleep(PACKET_SEND_DELAY * 1000);
+#endif
+       /* simulate packet loss of every PACKET_LOSS'th packet */
+#ifdef PACKET_SEND_LOSS
+       srandom(time(NULL) + getpid());
+       if (random() % PACKET_SEND_LOSS == 0)
+       {
+               return SUCCESS;
+       }
+#endif
        /* send data */
-       /* TODO: should we send via the interface we received the packet? */
        bytes_sent = sendto(this->master_fd, data.ptr, data.len, 0, 
                                                dst->get_sockaddr(dst), *(dst->get_sockaddr_len(dst)));
 
index 81dee0b..161d87e 100644 (file)
@@ -350,10 +350,10 @@ static status_t compute_auth_data (private_authenticator_t *this,
                                                                  my_id->get_string(my_id));
                                goto end_rsa;
                        }
-                       this->logger->log(this->logger, CONTROL, "matching public key found");
+                       this->logger->log(this->logger, CONTROL|LEVEL2, "matching public key found");
                        
                        chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
-                       this->logger->log(this->logger, CONTROL, "looking for private key with keyid %s", buf);
+                       this->logger->log(this->logger, CONTROL|LEVEL1, "looking for private key with keyid %s", buf);
 
                        my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
                        my_pubkey->destroy(my_pubkey);
@@ -366,7 +366,7 @@ static status_t compute_auth_data (private_authenticator_t *this,
                                                                  buf);
                                goto end_rsa;
                        }
-                       this->logger->log(this->logger, CONTROL, "matching private key found");
+                       this->logger->log(this->logger, CONTROL|LEVEL2, "matching private key found");
 
                        octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
                        status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data);
index 96b3aa6..04c0d40 100644 (file)
@@ -68,8 +68,6 @@ void test_kernel_interface(protected_tester_t *tester)
        
        status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_OUT, 0, PROTO_ESP, 1234);
        tester->assert_true(tester, status == SUCCESS, "add policy OUT");
-       status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_OUT, 0, PROTO_ESP, 2345);
-       tester->assert_true(tester, status == SUCCESS, "add policy OUT");
        status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_IN, 0, PROTO_ESP, 1234);
        tester->assert_true(tester, status == SUCCESS, "add policy IN");
        status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_FWD, 0, PROTO_ESP, 1234);