X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/65c257469f746e64364e5df94f3ed8c6698a9d0a..ef0ae40ec078a7d5126612e50fbbbe09acb80a48:/ipsec-tools/racoon/isakmp_agg.c

diff --git a/ipsec-tools/racoon/isakmp_agg.c b/ipsec-tools/racoon/isakmp_agg.c
index 9a3ccfb..c2277ae 100644
--- a/ipsec-tools/racoon/isakmp_agg.c
+++ b/ipsec-tools/racoon/isakmp_agg.c
@@ -61,10 +61,6 @@
 #include "schedule.h"
 #include "debug.h"
 
-#ifdef ENABLE_HYBRID
-#include <resolv.h>
-#endif
-
 #include "fsm.h"
 #include "localconf.h"
 #include "remoteconf.h"
@@ -93,8 +89,6 @@
 
 #include "vpn_control.h"
 #include "vpn_control_var.h"
-#include "ipsecSessionTracer.h"
-#include "ipsecMessageTracer.h"
 #ifndef HAVE_OPENSSL
 #include <Security/SecDH.h>
 #endif
@@ -304,19 +298,7 @@ agg_i1send(iph1, msg)
 	fsm_set_state(&iph1->status, IKEV1_STATE_AGG_I_MSG1SENT);
 
 	error = 0;
-
-	IPSECSESSIONTRACEREVENT(iph1->parent_session,
-							IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC,
-							CONSTSTR("Initiator, Aggressive-Mode message 1"),
-							CONSTSTR(NULL));
-	
 end:
-	if (error) {
-		IPSECSESSIONTRACEREVENT(iph1->parent_session,
-								IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL,
-								CONSTSTR("Initiator, Aggressive-Mode Message 1"),
-								CONSTSTR("Failed to transmit Aggressive-Mode Message 1"));
-	}
 	if (cr)
 		vfree(cr);
 #ifdef ENABLE_FRAG
@@ -519,6 +501,7 @@ agg_i2recv(iph1, msg)
 				if (isakmp_p2ph (&natd->payload, pa->ptr) < 0) {
 					plog(ASL_LEVEL_ERR, 
 						 "failed to process NATD payload");
+					racoon_free(natd);
 					goto end;
 				}
 
@@ -578,7 +561,7 @@ agg_i2recv(iph1, msg)
 		struct natd_payload *natd = NULL;
 		int natd_verified;
 		
-		plog(ASL_LEVEL_INFO,
+		plog(ASL_LEVEL_NOTICE,
 		     "Selected NAT-T version: %s\n",
 		     vid_string_by_id(iph1->natt_options->version));
 
@@ -592,7 +575,7 @@ agg_i2recv(iph1, msg)
 			natd_verified = natt_compare_addr_hash (iph1,
 				natd->payload, natd->seq);
 
-			plog (ASL_LEVEL_INFO, "NAT-D payload #%d %s\n",
+			plog (ASL_LEVEL_NOTICE, "NAT-D payload #%d %s\n",
 				natd->seq - 1,
 				natd_verified ? "verified" : "doesn't match");
 			
@@ -602,7 +585,7 @@ agg_i2recv(iph1, msg)
 			racoon_free (natd);
 		}
 
-		plog (ASL_LEVEL_INFO, "NAT %s %s%s\n",
+		plog (ASL_LEVEL_NOTICE, "NAT %s %s%s\n",
 		      iph1->natt_flags & NAT_DETECTED ? 
 		      		"detected:" : "not detected",
 		      iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
@@ -651,10 +634,6 @@ agg_i2recv(iph1, msg)
 	/* validate authentication value */
 	ptype = oakley_validate_auth(iph1);
 	if (ptype != 0) {
-		IPSECSESSIONTRACEREVENT(iph1->parent_session,
-								IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL,
-								CONSTSTR("Initiator, Aggressive-Mode Message 2"),
-								CONSTSTR("Failed to authenticate, Aggressive-Mode Message 2"));
 		if (ptype == -1) {
 			/* message printed inner oakley_validate_auth() */
 			goto end;
@@ -662,11 +641,7 @@ agg_i2recv(iph1, msg)
 		isakmp_info_send_n1(iph1, ptype, NULL);
 		goto end;
 	}
-	IPSECSESSIONTRACEREVENT(iph1->parent_session,
-							IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_SUCC,
-							CONSTSTR("Initiator, Aggressive-Mode Message 2"),
-							CONSTSTR(NULL));
-	
+
 	if (oakley_checkcr(iph1) < 0) {
 		/* Ignore this error in order to be interoperability. */
 		;
@@ -680,20 +655,7 @@ agg_i2recv(iph1, msg)
 #endif
 
 	error = 0;
-
-	IPSECSESSIONTRACEREVENT(iph1->parent_session,
-							IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC,
-							CONSTSTR("Initiator, Aggressive-Mode message 2"),
-							CONSTSTR(NULL));
-	
 end:
-	if (error) {
-		IPSECSESSIONTRACEREVENT(iph1->parent_session,
-								IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL,
-								CONSTSTR("Initiator, Aggressive-Mode Message 2"),
-								CONSTSTR("Failure processing Aggressive-Mode Message 2"));
-	}
-
 	if (pbuf)
 		vfree(pbuf);
 	if (satmp)
@@ -806,7 +768,7 @@ agg_i3send(iph1, msg)
 #ifdef ENABLE_NATT
 	/* generate NAT-D payloads */
 	if (NATT_AVAILABLE(iph1)) {
-		plog (ASL_LEVEL_INFO, "Adding remote and local NAT-D payloads.\n");
+		plog (ASL_LEVEL_NOTICE, "Adding remote and local NAT-D payloads.\n");
 		if ((natd[0] = natt_hash_addr (iph1, iph1->remote)) == NULL) {
 			plog(ASL_LEVEL_ERR, 
 				"NAT-D hashing failed for %s\n", saddr2str((struct sockaddr *)iph1->remote));
@@ -858,25 +820,8 @@ agg_i3send(iph1, msg)
 
 	fsm_set_state(&iph1->status, IKEV1_STATE_PHASE1_ESTABLISHED);
 
-	IPSECSESSIONTRACEREVENT(iph1->parent_session,
-							IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_SUCC,
-							CONSTSTR("Initiator, Aggressive-Mode"),
-							CONSTSTR(NULL));
-
 	error = 0;
-
-	IPSECSESSIONTRACEREVENT(iph1->parent_session,
-							IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC,
-							CONSTSTR("Initiator, Aggressive-Mode message 3"),
-							CONSTSTR(NULL));
-
 end:
-	if (error) {
-		IPSECSESSIONTRACEREVENT(iph1->parent_session,
-								IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL,
-								CONSTSTR("Initiator, Aggressive-Mode Message 3"),
-								CONSTSTR("Failed to transmit Aggressive-Mode Message 3"));
-	}
 #ifdef ENABLE_NATT
 	if (natd[0])
 		vfree(natd[0]);
@@ -1048,7 +993,7 @@ agg_r1recv(iph1, msg)
 
 #ifdef ENABLE_NATT
 	if (NATT_AVAILABLE(iph1)) {
-		plog(ASL_LEVEL_INFO,
+		plog(ASL_LEVEL_NOTICE,
 		     "Selected NAT-T version: %s\n",
 		     vid_string_by_id(iph1->natt_options->version));
 		ike_session_update_natt_version(iph1);
@@ -1071,20 +1016,7 @@ agg_r1recv(iph1, msg)
 	fsm_set_state(&iph1->status, IKEV1_STATE_AGG_R_MSG1RCVD);
 
 	error = 0;
-
-	IPSECSESSIONTRACEREVENT(iph1->parent_session,
-							IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC,
-							CONSTSTR("Responder, Aggressive-Mode message 1"),
-							CONSTSTR(NULL));
-	
 end:
-	if (error) {
-		IPSECSESSIONTRACEREVENT(iph1->parent_session,
-								IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL,
-								CONSTSTR("Responder, Aggressive-Mode Message 1"),
-								CONSTSTR("Failed to process Aggressive-Mode Message 1"));
-	}
-
 	if (pbuf)
 		vfree(pbuf);
 	if (error) {
@@ -1232,7 +1164,7 @@ agg_r2send(iph1, msg)
 		vid_natt = set_vendorid(iph1->natt_options->version);
 
 		/* generate NAT-D payloads */
-		plog (ASL_LEVEL_INFO, "Adding remote and local NAT-D payloads.\n");
+		plog (ASL_LEVEL_NOTICE, "Adding remote and local NAT-D payloads.\n");
 		if ((natd[0] = natt_hash_addr (iph1, iph1->remote)) == NULL) {
 			plog(ASL_LEVEL_ERR, 
 				"NAT-D hashing failed for %s\n", saddr2str((struct sockaddr *)iph1->remote));
@@ -1346,7 +1278,7 @@ agg_r2send(iph1, msg)
 
 #ifdef ENABLE_HYBRID
 	if (iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) {
-		plog (ASL_LEVEL_INFO, "Adding xauth VID payload.\n");
+		plog (ASL_LEVEL_NOTICE, "Adding xauth VID payload.\n");
 		if ((xauth_vid = set_vendorid(VENDORID_XAUTH)) == NULL) {
 			plog(ASL_LEVEL_ERR, 
 			    "Cannot create Xauth vendor ID\n");
@@ -1424,19 +1356,7 @@ agg_r2send(iph1, msg)
 #endif
 
 	error = 0;
-
-	IPSECSESSIONTRACEREVENT(iph1->parent_session,
-							IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC,
-							CONSTSTR("Responder, Aggressive-Mode message 2"),
-							CONSTSTR(NULL));
-	
 end:
-	if (error) {
-		IPSECSESSIONTRACEREVENT(iph1->parent_session,
-								IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL,
-								CONSTSTR("Responder, Aggressive-Mode Message 2"),
-								CONSTSTR("Failed to process Aggressive-Mode Message 2"));
-	}
 	if (cr)
 		vfree(cr);
 #ifdef ENABLE_HYBRID
@@ -1570,7 +1490,7 @@ agg_r3recv(iph1, msg0)
 				natd_verified = natt_compare_addr_hash (iph1,
 					natd_received, natd_seq++);
 				
-				plog (ASL_LEVEL_INFO, "NAT-D payload #%d %s\n",
+				plog (ASL_LEVEL_NOTICE, "NAT-D payload #%d %s\n",
 					natd_seq - 1,
 					natd_verified ? "verified" : "doesn't match");
 				
@@ -1594,7 +1514,7 @@ agg_r3recv(iph1, msg0)
 
 #ifdef ENABLE_NATT
 	if (NATT_AVAILABLE(iph1))
-		plog (ASL_LEVEL_INFO, "NAT %s %s%s\n",
+		plog (ASL_LEVEL_NOTICE, "NAT %s %s%s\n",
 		      iph1->natt_flags & NAT_DETECTED ? 
 		      		"detected:" : "not detected",
 		      iph1->natt_flags & NAT_DETECTED_ME ? "ME " : "",
@@ -1608,10 +1528,6 @@ agg_r3recv(iph1, msg0)
 	/* validate authentication value */
 	ptype = oakley_validate_auth(iph1);
 	if (ptype != 0) {
-		IPSECSESSIONTRACEREVENT(iph1->parent_session,
-								IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL,
-								CONSTSTR("Responder, Aggressive-Mode Message 3"),
-								CONSTSTR("Failed to authenticate Aggressive-Mode Message 3"));
 		if (ptype == -1) {
 			/* message printed inner oakley_validate_auth() */
 			goto end;
@@ -1619,27 +1535,10 @@ agg_r3recv(iph1, msg0)
 		isakmp_info_send_n1(iph1, ptype, NULL);
 		goto end;
 	}
-	IPSECSESSIONTRACEREVENT(iph1->parent_session,
-							IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_SUCC,
-							CONSTSTR("Responder, Aggressive-Mode Message 3"),
-							CONSTSTR(NULL));
-
 	fsm_set_state(&iph1->status, IKEV1_STATE_AGG_R_MSG3RCVD);
 
 	error = 0;
-
-	IPSECSESSIONTRACEREVENT(iph1->parent_session,
-							IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC,
-							CONSTSTR("Responder, Aggressive-Mode message 3"),
-							CONSTSTR(NULL));
-	
 end:
-	if (error) {
-		IPSECSESSIONTRACEREVENT(iph1->parent_session,
-								IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL,
-								CONSTSTR("Responder, Aggressive-Mode Message 3"),
-								CONSTSTR("Failed to process Aggressive-Mode Message 3"));
-	}
 	if (pbuf)
 		vfree(pbuf);
 	if (msg)
@@ -1681,12 +1580,6 @@ agg_rfinalize(iph1, msg)
 	iph1->flags |= ISAKMP_FLAG_E;
 
 	fsm_set_state(&iph1->status, IKEV1_STATE_PHASE1_ESTABLISHED);
-
-	IPSECSESSIONTRACEREVENT(iph1->parent_session,
-							IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_SUCC,
-							CONSTSTR("Responder, Aggressive-Mode"),
-							CONSTSTR(NULL));
-	
 	error = 0;
 
 end: