ipsec-332.100.1.tar.gz

[apple/ipsec.git] / ipsec-tools / racoon / isakmp_agg.c

diff --git a/ipsec-tools/racoon/isakmp_agg.c b/ipsec-tools/racoon/isakmp_agg.c
index 9a3ccfb1d3c1c2ba21c863906337f92fec5289db..c2277aecbf8cfad37025ef66d0c48fdfde3af9c9 100644 (file)
--- a/ipsec-tools/racoon/isakmp_agg.c
+++ b/ipsec-tools/racoon/isakmp_agg.c
@@ -61,10 +61,6 @@
 #include "schedule.h"
 #include "debug.h"
 
-#ifdef ENABLE_HYBRID
-#include <resolv.h>
-#endif
-
 #include "fsm.h"
 #include "localconf.h"
 #include "remoteconf.h"
@@ -93,8 +89,6 @@
 
 #include "vpn_control.h"
 #include "vpn_control_var.h"
-#include "ipsecSessionTracer.h"
-#include "ipsecMessageTracer.h"
 #ifndef HAVE_OPENSSL
 #include <Security/SecDH.h>
 #endif
@@ -304,19 +298,7 @@ agg_i1send(iph1, msg)
        fsm_set_state(&iph1->status, IKEV1_STATE_AGG_I_MSG1SENT);
 
        error = 0;
-
-       IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                       IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC,
-                                                       CONSTSTR("Initiator, Aggressive-Mode message 1"),
-                                                       CONSTSTR(NULL));
-       
 end:
-       if (error) {
-               IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                               IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL,
-                                                               CONSTSTR("Initiator, Aggressive-Mode Message 1"),
-                                                               CONSTSTR("Failed to transmit Aggressive-Mode Message 1"));
-       }
        if (cr)
                vfree(cr);
 #ifdef ENABLE_FRAG
@@ -519,6 +501,7 @@ agg_i2recv(iph1, msg)
                                if (isakmp_p2ph (&natd->payload, pa->ptr) < 0) {
                                        plog(ASL_LEVEL_ERR, 
                                                 "failed to process NATD payload");
+                                       racoon_free(natd);
                                        goto end;
                                }
 
@@ -578,7 +561,7 @@ agg_i2recv(iph1, msg)
                struct natd_payload *natd = NULL;
                int natd_verified;
                
-               plog(ASL_LEVEL_INFO,
+               plog(ASL_LEVEL_NOTICE,
                     "Selected NAT-T version: %s\n",
                     vid_string_by_id(iph1->natt_options->version));
 
@@ -592,7 +575,7 @@ agg_i2recv(iph1, msg)
                        natd_verified = natt_compare_addr_hash (iph1,
                                natd->payload, natd->seq);
 
-                       plog (ASL_LEVEL_INFO, "NAT-D payload #%d %s\n",
+                       plog (ASL_LEVEL_NOTICE, "NAT-D payload #%d %s\n",
                                natd->seq - 1,
                                natd_verified ? "verified" : "doesn't match");
                        
@@ -602,7 +585,7 @@ agg_i2recv(iph1, msg)
                        racoon_free (natd);
                }
 
-               plog (ASL_LEVEL_INFO, "NAT %s %s%s\n",
+               plog (ASL_LEVEL_NOTICE, "NAT %s %s%s\n",
                      iph1->natt_flags & NAT_DETECTED ? 
                                "detected:" : "not detected",
                      iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
@@ -651,10 +634,6 @@ agg_i2recv(iph1, msg)
        /* validate authentication value */
        ptype = oakley_validate_auth(iph1);
        if (ptype != 0) {
-               IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                               IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL,
-                                                               CONSTSTR("Initiator, Aggressive-Mode Message 2"),
-                                                               CONSTSTR("Failed to authenticate, Aggressive-Mode Message 2"));
                if (ptype == -1) {
                        /* message printed inner oakley_validate_auth() */
                        goto end;
@@ -662,11 +641,7 @@ agg_i2recv(iph1, msg)
                isakmp_info_send_n1(iph1, ptype, NULL);
                goto end;
        }
-       IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                       IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_SUCC,
-                                                       CONSTSTR("Initiator, Aggressive-Mode Message 2"),
-                                                       CONSTSTR(NULL));
-       
+
        if (oakley_checkcr(iph1) < 0) {
                /* Ignore this error in order to be interoperability. */
                ;
@@ -680,20 +655,7 @@ agg_i2recv(iph1, msg)
 #endif
 
        error = 0;
-
-       IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                       IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC,
-                                                       CONSTSTR("Initiator, Aggressive-Mode message 2"),
-                                                       CONSTSTR(NULL));
-       
 end:
-       if (error) {
-               IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                               IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL,
-                                                               CONSTSTR("Initiator, Aggressive-Mode Message 2"),
-                                                               CONSTSTR("Failure processing Aggressive-Mode Message 2"));
-       }
-
        if (pbuf)
                vfree(pbuf);
        if (satmp)
@@ -806,7 +768,7 @@ agg_i3send(iph1, msg)
 #ifdef ENABLE_NATT
        /* generate NAT-D payloads */
        if (NATT_AVAILABLE(iph1)) {
-               plog (ASL_LEVEL_INFO, "Adding remote and local NAT-D payloads.\n");
+               plog (ASL_LEVEL_NOTICE, "Adding remote and local NAT-D payloads.\n");
                if ((natd[0] = natt_hash_addr (iph1, iph1->remote)) == NULL) {
                        plog(ASL_LEVEL_ERR, 
                                "NAT-D hashing failed for %s\n", saddr2str((struct sockaddr *)iph1->remote));
@@ -858,25 +820,8 @@ agg_i3send(iph1, msg)
 
        fsm_set_state(&iph1->status, IKEV1_STATE_PHASE1_ESTABLISHED);
 
-       IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                       IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_SUCC,
-                                                       CONSTSTR("Initiator, Aggressive-Mode"),
-                                                       CONSTSTR(NULL));
-
        error = 0;
-
-       IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                       IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC,
-                                                       CONSTSTR("Initiator, Aggressive-Mode message 3"),
-                                                       CONSTSTR(NULL));
-
 end:
-       if (error) {
-               IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                               IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL,
-                                                               CONSTSTR("Initiator, Aggressive-Mode Message 3"),
-                                                               CONSTSTR("Failed to transmit Aggressive-Mode Message 3"));
-       }
 #ifdef ENABLE_NATT
        if (natd[0])
                vfree(natd[0]);
@@ -1048,7 +993,7 @@ agg_r1recv(iph1, msg)
 
 #ifdef ENABLE_NATT
        if (NATT_AVAILABLE(iph1)) {
-               plog(ASL_LEVEL_INFO,
+               plog(ASL_LEVEL_NOTICE,
                     "Selected NAT-T version: %s\n",
                     vid_string_by_id(iph1->natt_options->version));
                ike_session_update_natt_version(iph1);
@@ -1071,20 +1016,7 @@ agg_r1recv(iph1, msg)
        fsm_set_state(&iph1->status, IKEV1_STATE_AGG_R_MSG1RCVD);
 
        error = 0;
-
-       IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                       IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC,
-                                                       CONSTSTR("Responder, Aggressive-Mode message 1"),
-                                                       CONSTSTR(NULL));
-       
 end:
-       if (error) {
-               IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                               IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL,
-                                                               CONSTSTR("Responder, Aggressive-Mode Message 1"),
-                                                               CONSTSTR("Failed to process Aggressive-Mode Message 1"));
-       }
-
        if (pbuf)
                vfree(pbuf);
        if (error) {
@@ -1232,7 +1164,7 @@ agg_r2send(iph1, msg)
                vid_natt = set_vendorid(iph1->natt_options->version);
 
                /* generate NAT-D payloads */
-               plog (ASL_LEVEL_INFO, "Adding remote and local NAT-D payloads.\n");
+               plog (ASL_LEVEL_NOTICE, "Adding remote and local NAT-D payloads.\n");
                if ((natd[0] = natt_hash_addr (iph1, iph1->remote)) == NULL) {
                        plog(ASL_LEVEL_ERR, 
                                "NAT-D hashing failed for %s\n", saddr2str((struct sockaddr *)iph1->remote));
@@ -1346,7 +1278,7 @@ agg_r2send(iph1, msg)
 
 #ifdef ENABLE_HYBRID
        if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) {
-               plog (ASL_LEVEL_INFO, "Adding xauth VID payload.\n");
+               plog (ASL_LEVEL_NOTICE, "Adding xauth VID payload.\n");
                if ((xauth_vid = set_vendorid(VENDORID_XAUTH)) == NULL) {
                        plog(ASL_LEVEL_ERR, 
                            "Cannot create Xauth vendor ID\n");
@@ -1424,19 +1356,7 @@ agg_r2send(iph1, msg)
 #endif
 
        error = 0;
-
-       IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                       IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC,
-                                                       CONSTSTR("Responder, Aggressive-Mode message 2"),
-                                                       CONSTSTR(NULL));
-       
 end:
-       if (error) {
-               IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                               IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL,
-                                                               CONSTSTR("Responder, Aggressive-Mode Message 2"),
-                                                               CONSTSTR("Failed to process Aggressive-Mode Message 2"));
-       }
        if (cr)
                vfree(cr);
 #ifdef ENABLE_HYBRID
@@ -1570,7 +1490,7 @@ agg_r3recv(iph1, msg0)
                                natd_verified = natt_compare_addr_hash (iph1,
                                        natd_received, natd_seq++);
                                
-                               plog (ASL_LEVEL_INFO, "NAT-D payload #%d %s\n",
+                               plog (ASL_LEVEL_NOTICE, "NAT-D payload #%d %s\n",
                                        natd_seq - 1,
                                        natd_verified ? "verified" : "doesn't match");
                                
@@ -1594,7 +1514,7 @@ agg_r3recv(iph1, msg0)
 
 #ifdef ENABLE_NATT
        if (NATT_AVAILABLE(iph1))
-               plog (ASL_LEVEL_INFO, "NAT %s %s%s\n",
+               plog (ASL_LEVEL_NOTICE, "NAT %s %s%s\n",
                      iph1->natt_flags & NAT_DETECTED ? 
                                "detected:" : "not detected",
                      iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
@@ -1608,10 +1528,6 @@ agg_r3recv(iph1, msg0)
        /* validate authentication value */
        ptype = oakley_validate_auth(iph1);
        if (ptype != 0) {
-               IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                               IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL,
-                                                               CONSTSTR("Responder, Aggressive-Mode Message 3"),
-                                                               CONSTSTR("Failed to authenticate Aggressive-Mode Message 3"));
                if (ptype == -1) {
                        /* message printed inner oakley_validate_auth() */
                        goto end;
@@ -1619,27 +1535,10 @@ agg_r3recv(iph1, msg0)
                isakmp_info_send_n1(iph1, ptype, NULL);
                goto end;
        }
-       IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                       IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_SUCC,
-                                                       CONSTSTR("Responder, Aggressive-Mode Message 3"),
-                                                       CONSTSTR(NULL));
-
        fsm_set_state(&iph1->status, IKEV1_STATE_AGG_R_MSG3RCVD);
 
        error = 0;
-
-       IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                       IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC,
-                                                       CONSTSTR("Responder, Aggressive-Mode message 3"),
-                                                       CONSTSTR(NULL));
-       
 end:
-       if (error) {
-               IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                               IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL,
-                                                               CONSTSTR("Responder, Aggressive-Mode Message 3"),
-                                                               CONSTSTR("Failed to process Aggressive-Mode Message 3"));
-       }
        if (pbuf)
                vfree(pbuf);
        if (msg)
@@ -1681,12 +1580,6 @@ agg_rfinalize(iph1, msg)
        iph1->flags |= ISAKMP_FLAG_E;
 
        fsm_set_state(&iph1->status, IKEV1_STATE_PHASE1_ESTABLISHED);
-
-       IPSECSESSIONTRACEREVENT(iph1->parent_session,
-                                                       IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_SUCC,
-                                                       CONSTSTR("Responder, Aggressive-Mode"),
-                                                       CONSTSTR(NULL));
-       
        error = 0;
 
 end: