From 6b88cae0d0da46a0b1b6418a44da86af3e4527c3 Mon Sep 17 00:00:00 2001 From: Apple Date: Thu, 19 Nov 2020 01:06:57 +0000 Subject: [PATCH] ipsec-332.tar.gz --- ipsec-tools/Common/ipsecMessageTracer.h | 91 ----- ipsec-tools/racoon/cfparse.y | 18 - ipsec-tools/racoon/debug.h | 2 + ipsec-tools/racoon/grabmyaddr.c | 22 ++ ipsec-tools/racoon/ike_session.c | 7 - ipsec-tools/racoon/ike_session.h | 7 - ipsec-tools/racoon/ipsecConfigTracer.c | 99 ----- ipsec-tools/racoon/ipsecConfigTracer.h | 37 -- ipsec-tools/racoon/ipsecSessionTracer.c | 460 ------------------------ ipsec-tools/racoon/ipsecSessionTracer.h | 77 ---- ipsec-tools/racoon/isakmp.c | 68 +--- ipsec-tools/racoon/isakmp_agg.c | 106 +----- ipsec-tools/racoon/isakmp_cfg.c | 45 +-- ipsec-tools/racoon/isakmp_ident.c | 177 --------- ipsec-tools/racoon/isakmp_inf.c | 214 +---------- ipsec-tools/racoon/isakmp_quick.c | 94 ----- ipsec-tools/racoon/isakmp_xauth.c | 41 +-- ipsec-tools/racoon/pfkey_racoon.c | 14 - ipsec-tools/racoon/vpn.c | 2 - ipsec-tools/racoon_test/racoon_test.c | 7 - ipsec-tools/setkey/ipsecPolicyTracer.c | 97 ----- ipsec-tools/setkey/ipsecPolicyTracer.h | 35 -- ipsec-tools/setkey/setkey.c | 19 - ipsec.xcodeproj/project.pbxproj | 12 - 24 files changed, 44 insertions(+), 1707 deletions(-) delete mode 100644 ipsec-tools/Common/ipsecMessageTracer.h delete mode 100644 ipsec-tools/racoon/ipsecConfigTracer.c delete mode 100644 ipsec-tools/racoon/ipsecConfigTracer.h delete mode 100644 ipsec-tools/racoon/ipsecSessionTracer.c delete mode 100644 ipsec-tools/racoon/ipsecSessionTracer.h delete mode 100644 ipsec-tools/setkey/ipsecPolicyTracer.c delete mode 100644 ipsec-tools/setkey/ipsecPolicyTracer.h diff --git a/ipsec-tools/Common/ipsecMessageTracer.h b/ipsec-tools/Common/ipsecMessageTracer.h deleted file mode 100644 index 4f6c80b..0000000 --- a/ipsec-tools/Common/ipsecMessageTracer.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 2008 Apple Computer, Inc. All rights reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#ifndef _IPSECMESSAGETRACER_H -#define _IPSECMESSAGETRACER_H - -#import - -#define CONSTSTR(str) (const char *)str - -#define L2TPIPSECVPN_CONNECTION_ESTABLISHED_DOMAIN CONSTSTR("com.apple.Networking.ipsec.disconnect.l2tpipsec") -#define CISCOIPSECVPN_CONNECTION_ESTABLISHED_DOMAIN CONSTSTR("com.apple.Networking.ipsec.disconnect.ciscoipsec") -#define BTMMIPSEC_CONNECTION_ESTABLISHED_DOMAIN CONSTSTR("com.apple.Networking.ipsec.disconnect.btmm") -#define PLAINIPSEC_CONNECTION_ESTABLISHED_DOMAIN CONSTSTR("com.apple.Networking.ipsec.disconnect.plain") -#define L2TPIPSECVPN_CONNECTION_NOTESTABLISHED_DOMAIN CONSTSTR("com.apple.Networking.ipsec.connect.l2tpipsec") -#define CISCOIPSECVPN_CONNECTION_NOTESTABLISHED_DOMAIN CONSTSTR("com.apple.Networking.ipsec.connect.ciscoipsec") -#define BTMMIPSEC_CONNECTION_NOTESTABLISHED_DOMAIN CONSTSTR("com.apple.Networking.ipsec.connect.btmm") -#define PLAINIPSEC_CONNECTION_NOTESTABLISHED_DOMAIN CONSTSTR("com.apple.Networking.ipsec.connect.plain") -#define L2TPIPSECVPN_PHASE_DOMAIN CONSTSTR("com.apple.Networking.ipsec.phasestats.l2tpipsec") -#define CISCOIPSECVPN_PHASE_DOMAIN CONSTSTR("com.apple.Networking.ipsec.phasestats.ciscoipsec") -#define BTMMIPSEC_PHASE_DOMAIN CONSTSTR("com.apple.Networking.ipsec.phasestats.btmm") -#define PLAINIPSEC_PHASE_DOMAIN CONSTSTR("com.apple.Networking.ipsec.phasestats.plain") -#define PLAINIPSECDOMAIN CONSTSTR("com.apple.Networking.ipsec.main") - -#define IPSECASLDOMAIN CONSTSTR("com.apple.Networking.ipsec.asl") -#define IPSECASLKEY CONSTSTR("IPSEC") - -#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR) - -#define IPSECCONFIGTRACEREVENT(config, eventCode, message, failure_reason) - -#define IPSECPOLICYTRACEREVENT(policy, eventCode, message, failure_reason) - -#define IPSECSESSIONTRACERSTART(session) -#define IPSECSESSIONTRACEREVENT(session, eventCode, message, failure_reason) -#define IPSECSESSIONTRACERSTOP(session, is_failure, reason) -#define IPSECSESSIONTRACERESTABLISHED(session) - -#else // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR) - -#define IPSECCONFIGTRACEREVENT(config, eventCode, message, failure_reason) ipsecConfigTracerEvent(config, eventCode, message, failure_reason) - -#define IPSECPOLICYTRACEREVENT(policy, eventCode, message, failure_reason) ipsecPolicyTracerEvent(policy, eventCode, message, failure_reason) - -#define IPSECSESSIONTRACERSTART(session) ipsecSessionTracerStart(session) -#define IPSECSESSIONTRACEREVENT(session, eventCode, message, failure_reason) ipsecSessionTracerEvent(session, eventCode, message, failure_reason) -#define IPSECSESSIONTRACERSTOP(session, is_failure, reason) ipsecSessionTracerStop(session, is_failure, reason) -#define IPSECSESSIONTRACERESTABLISHED(session) ipsecSessionTracerLogEstablished(session) - -#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR) - -#if 1 -#define IPSECLOGASLMSG(format, args...) plog(ASL_LEVEL_NOTICE, format, ##args); -#else -#define IPSECLOGASLMSG(format, args...) do { \ - aslmsg m = asl_new(ASL_TYPE_MSG); \ - asl_set(m, ASL_KEY_FACILITY, IPSECASLDOMAIN); \ - asl_set(m, ASL_KEY_MSG, IPSECASLKEY); \ - asl_log(NULL, m, ASL_LEVEL_NOTICE, format, ##args); \ - asl_free(m); \ - } while(0) -#endif - -static inline double get_percentage (double numerator, double denominator) -{ - if (numerator >= denominator || denominator == 0) { - return((double)100); - } - return((numerator/denominator)*100); -} - -#endif /* _IPSECMESSAGETRACER_H */ diff --git a/ipsec-tools/racoon/cfparse.y b/ipsec-tools/racoon/cfparse.y index e387681..caf5ce0 100644 --- a/ipsec-tools/racoon/cfparse.y +++ b/ipsec-tools/racoon/cfparse.y @@ -93,8 +93,6 @@ #include "strnames.h" #include "gcmalloc.h" #include "vendorid.h" -#include "ipsecConfigTracer.h" -#include "ipsecMessageTracer.h" static int num2dhgroup[] = { 0, @@ -2280,10 +2278,6 @@ cfparse() yycf_init_buffer(); if (yycf_switch_buffer(lcconf->racoon_conf) != 0) { - IPSECCONFIGTRACEREVENT(CONSTSTR(lcconf->racoon_conf), - IPSECCONFIGEVENTCODE_PARSE_ERROR, - CONSTSTR("could not read configuration file"), - CONSTSTR("cfparse: yycf_switch_buffer erred")); plog(ASL_LEVEL_ERR, "could not read configuration file \"%s\"\n", lcconf->racoon_conf); @@ -2300,10 +2294,6 @@ cfparse() plog(ASL_LEVEL_ERR, "fatal parse failure.\n"); } - IPSECCONFIGTRACEREVENT(CONSTSTR(lcconf->racoon_conf), - IPSECCONFIGEVENTCODE_PARSE_ERROR, - CONSTSTR("fatal parse failure"), - CONSTSTR("cfparse: yyparse erred")); yycf_clean_buffer(); return -1; } @@ -2312,10 +2302,6 @@ cfparse() plog(ASL_LEVEL_ERR, "parse error is nothing, but yyerrorcount is %d.\n", yyerrorcount); - IPSECCONFIGTRACEREVENT(CONSTSTR(lcconf->racoon_conf), - IPSECCONFIGEVENTCODE_PARSE_ERROR, - CONSTSTR("ambivalent error code"), - CONSTSTR("cfparse: error == 0 && yerrorcount")); yycf_clean_buffer(); exit(1); } @@ -2337,10 +2323,6 @@ cfreparse(int sig) plog(ASL_LEVEL_DEBUG, "==== Got %s signal - re-parsing configuration.\n", sys_signame[sig]); } else { plog(ASL_LEVEL_ERR, "==== Got Unknown signal - re-parsing configuration.\n"); - IPSECCONFIGTRACEREVENT(CONSTSTR("reparse"), - IPSECCONFIGEVENTCODE_REPARSE_ERROR, - CONSTSTR("Unknown signal"), - CONSTSTR("cfreparse: triggered by unknown signal")); } plog(ASL_LEVEL_DEBUG, "==== %s sessions.\n", ignore_estab_or_assert_handles? "flush negotiating" : "flush all"); diff --git a/ipsec-tools/racoon/debug.h b/ipsec-tools/racoon/debug.h index 7fd45f2..7247492 100644 --- a/ipsec-tools/racoon/debug.h +++ b/ipsec-tools/racoon/debug.h @@ -36,4 +36,6 @@ extern int f_local; extern int vflag; +#define IPSECLOGASLMSG(format, args...) plog(ASL_LEVEL_NOTICE, format, ##args); + #endif /* _DEBUG_H */ diff --git a/ipsec-tools/racoon/grabmyaddr.c b/ipsec-tools/racoon/grabmyaddr.c index 3d584c1..db04bf2 100644 --- a/ipsec-tools/racoon/grabmyaddr.c +++ b/ipsec-tools/racoon/grabmyaddr.c @@ -79,6 +79,7 @@ static int suitable_ifaddr (const char *, const struct sockaddr *); #ifdef INET6 static int suitable_ifaddr6 (const char *, const struct sockaddr *); #endif +static bool exclude_interfaces(const char *); #ifndef HAVE_GETIFADDRS static unsigned int @@ -177,6 +178,10 @@ grab_myaddrs() ) continue; + if (exclude_interfaces(ifap->ifa_name)) { + continue; + } + if (!suitable_ifaddr(ifap->ifa_name, ifap->ifa_addr)) { plog(ASL_LEVEL_DEBUG, "unsuitable address: %s %s\n", @@ -256,6 +261,23 @@ grab_myaddrs() freeifaddrs(ifa0); } +static bool +exclude_interfaces(ifname) + const char *ifname; +{ + if (ifname == NULL) { + return false; + } + + if (strnstr(ifname, "awdl", IFNAMSIZ) != NULL) { + return true; + } else if (strnstr(ifname, "llw", IFNAMSIZ) != NULL) { + return true; + } + + return false; +} + /* * check the interface is suitable or not diff --git a/ipsec-tools/racoon/ike_session.c b/ipsec-tools/racoon/ike_session.c index cf47bef..d0da2fe 100644 --- a/ipsec-tools/racoon/ike_session.c +++ b/ipsec-tools/racoon/ike_session.c @@ -42,8 +42,6 @@ #include "schedule.h" #include "pfkey.h" #include "ipsec_doi.h" -#include "ipsecSessionTracer.h" -#include "ipsecMessageTracer.h" #include "isakmp_inf.h" #include "localconf.h" #include "remoteconf.h" @@ -96,7 +94,6 @@ new_ike_session (ike_session_id_t *id) LIST_INIT(&session->ph1tree); LIST_INIT(&session->ph2tree); LIST_INSERT_HEAD(&ike_session_tree, session, chain); - IPSECSESSIONTRACERSTART(session); } return session; } @@ -119,9 +116,6 @@ free_ike_session (ike_session_t *session) session->term_reason != ike_session_stopped_by_idle) { is_failure = FALSE; } - IPSECSESSIONTRACERSTOP(session, - is_failure, - session->term_reason); } // do MessageTracer cleanup here plog(ASL_LEVEL_NOTICE, @@ -865,7 +859,6 @@ ike_session_ph2_established (phase2_handle_t *iph2) if (!iph2->parent_session->established) { gettimeofday(&iph2->parent_session->estab_timestamp, NULL); iph2->parent_session->established = 1; - IPSECSESSIONTRACERESTABLISHED(iph2->parent_session); ike_session_start_traffic_mon(iph2->parent_session); } else if (iph2->parent_session->is_asserted) { ike_session_start_traffic_mon(iph2->parent_session); diff --git a/ipsec-tools/racoon/ike_session.h b/ipsec-tools/racoon/ike_session.h index 2aa1076..bc04ae3 100644 --- a/ipsec-tools/racoon/ike_session.h +++ b/ipsec-tools/racoon/ike_session.h @@ -31,17 +31,12 @@ #include #include #include "handler.h" -#include "ipsecSessionTracer.h" typedef struct ike_session_id { struct sockaddr_storage local; struct sockaddr_storage remote; } ike_session_id_t; -typedef struct ike_session_stats { - u_int32_t counters[IPSECSESSIONEVENTCODE_MAX]; -} ike_session_stats_t; - typedef struct ike_session_ikev1 { /* list of ph1s */ int active_ph1cnt; @@ -99,8 +94,6 @@ struct ike_session { struct timeval stop_timestamp; ike_session_ikev1_t ikev1_state; - ike_session_stats_t stats; - ike_sesssion_sastats_t traffic_monitor; schedule_ref sc_idle; schedule_ref sc_xauth; diff --git a/ipsec-tools/racoon/ipsecConfigTracer.c b/ipsec-tools/racoon/ipsecConfigTracer.c deleted file mode 100644 index ca82dce..0000000 --- a/ipsec-tools/racoon/ipsecConfigTracer.c +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright (c) 2008 Apple Computer, Inc. All rights reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#include -#include -#import -#include -#include "ipsecConfigTracer.h" -#include "ipsecMessageTracer.h" - -const char * ipsecConfigTracerFailedString = "Tracer Failed"; -const char * ipsecConfigInvalidEventString = "Invalid Event"; -const char * ipsecConfigString = "IPSEC"; - -const char * const ipsecConfigEventStrings[IPSECCONFIGEVENTCODE_MAX] = { CONSTSTR("NONE") /* index place holder */, - CONSTSTR("Configuration Reparse Error"), - CONSTSTR("Configuration Parse Error"), - CONSTSTR("Signal Error"), - }; - -const char * -ipsecConfigEventCodeToString (ipsecConfigEventCode_t eventCode) -{ - if (eventCode <= IPSECCONFIGEVENTCODE_NONE || eventCode >= IPSECCONFIGEVENTCODE_MAX) - return ipsecConfigInvalidEventString; - return(ipsecConfigEventStrings[eventCode]); -} - -static -void -ipsecConfigLogEvent (const char *event_msg, const char *failure_signature) -{ - aslmsg m; - - if (!event_msg) { - return; - } - - m = asl_new(ASL_TYPE_MSG); - asl_set(m, ASL_KEY_FACILITY, PLAINIPSECDOMAIN); - asl_set(m, ASL_KEY_MSG, ipsecConfigString); -#if 0 /* is flooding 300000+ events to MessageTracer servers */ - if (failure_signature) { - asl_set(m, "com.apple.message.domain", PLAINIPSECDOMAIN); - asl_set(m, "com.apple.message.result", "failure"); // failure - asl_set(m, "com.apple.message.signature", failure_signature); - } - asl_log(NULL, m, ASL_LEVEL_NOTICE, "%s", event_msg); -#else - if (failure_signature) { - asl_log(NULL, m, ASL_LEVEL_NOTICE, "%s (failure: %s)", event_msg, failure_signature); - } else { - asl_log(NULL, m, ASL_LEVEL_NOTICE, "%s", event_msg); - } -#endif - asl_free(m); -} - -void -ipsecConfigTracerEvent (const char *filename, ipsecConfigEventCode_t eventCode, const char *event, const char *failure_reason) -{ - char buf[1024]; - - if (filename == NULL) { - ipsecConfigLogEvent(CONSTSTR("tracer failed. (Invalid filename)."), ipsecConfigTracerFailedString); - return; - } - if (eventCode <= IPSECCONFIGEVENTCODE_NONE || eventCode >= IPSECCONFIGEVENTCODE_MAX) { - ipsecConfigLogEvent(CONSTSTR("tracer failed. (Invalid event code)."), ipsecConfigTracerFailedString); - return; - } - if (event == NULL) { - ipsecConfigLogEvent(CONSTSTR("tracer failed. (Invalid event)."), ipsecConfigTracerFailedString); - return; - } - - buf[0] = (char)0; - snprintf(buf, sizeof(buf), "%s. (%s, filename %s).", ipsecConfigEventCodeToString(eventCode), failure_reason, filename); - ipsecConfigLogEvent(CONSTSTR(buf), event); -} diff --git a/ipsec-tools/racoon/ipsecConfigTracer.h b/ipsec-tools/racoon/ipsecConfigTracer.h deleted file mode 100644 index 31492a2..0000000 --- a/ipsec-tools/racoon/ipsecConfigTracer.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2008 Apple Computer, Inc. All rights reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#ifndef _IPSECCONFIGTRACER_H -#define _IPSECCONFIGTRACER_H - -typedef enum ipsecConfigEventCode { - IPSECCONFIGEVENTCODE_NONE = 0, - IPSECCONFIGEVENTCODE_REPARSE_ERROR, - IPSECCONFIGEVENTCODE_PARSE_ERROR, - IPSECCONFIGEVENTCODE_SIGNAL_ERROR, - IPSECCONFIGEVENTCODE_MAX, -} ipsecConfigEventCode_t; - -const char * ipsecConfigEventCodeToString (ipsecConfigEventCode_t); -void ipsecConfigTracerEvent (const char *, ipsecConfigEventCode_t, const char *, const char *); - -#endif /* _IPSECCONFIGTRACER_H */ diff --git a/ipsec-tools/racoon/ipsecSessionTracer.c b/ipsec-tools/racoon/ipsecSessionTracer.c deleted file mode 100644 index 8ce74a9..0000000 --- a/ipsec-tools/racoon/ipsecSessionTracer.c +++ /dev/null @@ -1,460 +0,0 @@ -/* - * Copyright (c) 2008 Apple Computer, Inc. All rights reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#include -#include -#include -#import -#include -#include "ike_session.h" -#include "ipsecMessageTracer.h" -#include "misc.h" -#include "nattraversal.h" - -#define TRUE 1 -#define FALSE 0 -const char *ipsecSessionInvalidEventString = "Invalid Event"; -const char *ipsecSessionString = "IPSEC"; - -/* tells us the event's description */ -const char * const ipsecSessionEventStrings[IPSECSESSIONEVENTCODE_MAX] = { CONSTSTR("NONE") /* index place holder */, - CONSTSTR("IKE Packet: transmit success"), - CONSTSTR("IKE Packet: transmit failed"), - CONSTSTR("IKE Packet: receive success"), - CONSTSTR("IKE Packet: receive failed"), - CONSTSTR("IKEv1 Phase 1 Initiator: success"), - CONSTSTR("IKEv1 Phase 1 Initiator: failed"), - CONSTSTR("IKEv1 Phase 1 Initiator: dropped"), - CONSTSTR("IKEv1 Phase 1 Responder: success"), - CONSTSTR("IKEv1 Phase 1 Responder: failed"), - CONSTSTR("IKEv1 Phase 1 Responder: drop"), - CONSTSTR("IKEv1 Phase 1: maximum retransmits"), - CONSTSTR("IKEv1 Phase 1 AUTH: success"), - CONSTSTR("IKEv1 Phase 1 AUTH: failed"), - CONSTSTR("IKEv1 Dead-Peer-Detection: request transmitted"), - CONSTSTR("IKEv1 Dead-Peer-Detection: response received"), - CONSTSTR("IKEv1 Dead-Peer-Detection: request retransmitted"), - CONSTSTR("IKEv1 Dead-Peer-Detection: request received"), - CONSTSTR("IKEv1 Dead-Peer-Detection: response transmitted"), - CONSTSTR("IKEv1 Dead-Peer-Detection: response retransmitted"), - CONSTSTR("IKEv1 Dead-Peer-Detection: maximum retransmits"), - CONSTSTR("IKEv1 Config: retransmited"), - CONSTSTR("IKEv1 Mode-Config: success"), - CONSTSTR("IKEv1 Mode-Config: failed"), - CONSTSTR("IKEv1 Mode-Config: dropped"), - CONSTSTR("IKEv1 XAUTH: success"), - CONSTSTR("IKEv1 XAUTH: failed"), - CONSTSTR("IKEv1 XAUTH: dropped"), - CONSTSTR("IKEv1 Phase 2 Initiator: success"), - CONSTSTR("IKEv1 Phase 2 Initiator: failed"), - CONSTSTR("IKEv1 Phase 2 Initiator: dropped"), - CONSTSTR("IKEv1 Phase 2 Responder: success"), - CONSTSTR("IKEv1 Phase 2 Responder: fail"), - CONSTSTR("IKEv1 Phase 2 Responder: drop"), - CONSTSTR("IKEv1 Phase 2: maximum retransmits"), - CONSTSTR("IKEv1 Phase 2 AUTH: success"), - CONSTSTR("IKEv1 Phase 2 AUTH: failed"), - CONSTSTR("IKEv1 Information-Notice: transmit success"), - CONSTSTR("IKEv1 Information-Notice: transmit failed"), - CONSTSTR("IKEv1 Information-Notice: receive success"), - CONSTSTR("IKEv1 Information-Notice: receive failed"), - }; - -/* tells us if we can ignore the failure_reason passed into the event tracer */ -const int ipsecSessionEventIgnoreReason[IPSECSESSIONEVENTCODE_MAX] = {TRUE/* index place holder */, - TRUE, - TRUE, - TRUE, - TRUE, - TRUE, - FALSE, - TRUE, - TRUE, - FALSE, - TRUE, - FALSE, - TRUE, - FALSE, - TRUE, - TRUE, - TRUE, - TRUE, - TRUE, - TRUE, - FALSE, - TRUE, - TRUE, - FALSE, - FALSE, - TRUE, - FALSE, - FALSE, - TRUE, - FALSE, - TRUE, - TRUE, - FALSE, - TRUE, - FALSE, - TRUE, - FALSE, - TRUE, - TRUE, - TRUE, - TRUE, - }; - - -const char * -ipsecSessionEventCodeToString (ipsecSessionEventCode_t eventCode) -{ - if (eventCode <= IPSECSESSIONEVENTCODE_NONE || eventCode >= IPSECSESSIONEVENTCODE_MAX) - return ipsecSessionInvalidEventString; - return(ipsecSessionEventStrings[eventCode]); -} - -const char * -ipsecSessionGetConnectionDomain (ike_session_t *session) -{ - if (session) { - if (session->is_cisco_ipsec) { - if (session->established) { - return CISCOIPSECVPN_CONNECTION_ESTABLISHED_DOMAIN; - } else { - return CISCOIPSECVPN_CONNECTION_NOTESTABLISHED_DOMAIN; - } - } else if (session->is_l2tpvpn_ipsec) { - if (session->established) { - return L2TPIPSECVPN_CONNECTION_ESTABLISHED_DOMAIN; - } else { - return L2TPIPSECVPN_CONNECTION_NOTESTABLISHED_DOMAIN; - } - } else if (session->is_btmm_ipsec) { - if (session->established) { - return BTMMIPSEC_CONNECTION_ESTABLISHED_DOMAIN; - } else { - return BTMMIPSEC_CONNECTION_NOTESTABLISHED_DOMAIN; - } - } else { - if (session->established) { - return PLAINIPSEC_CONNECTION_ESTABLISHED_DOMAIN; - } else { - return PLAINIPSEC_CONNECTION_NOTESTABLISHED_DOMAIN; - } - } - } - return PLAINIPSECDOMAIN; -} - -const char * -ipsecSessionGetConnectionLessDomain (ike_session_t *session) -{ - if (session) { - if (session->is_cisco_ipsec) { - return CISCOIPSECVPN_CONNECTION_NOTESTABLISHED_DOMAIN; - } else if (session->is_l2tpvpn_ipsec) { - return L2TPIPSECVPN_CONNECTION_NOTESTABLISHED_DOMAIN; - } else if (session->is_btmm_ipsec) { - return BTMMIPSEC_CONNECTION_NOTESTABLISHED_DOMAIN; - } else { - return PLAINIPSEC_CONNECTION_NOTESTABLISHED_DOMAIN; - } - } - return PLAINIPSECDOMAIN; -} - -const char * -ipsecSessionGetPhaseDomain (ike_session_t *session) -{ - if (session) { - if (session->is_cisco_ipsec) { - return CISCOIPSECVPN_PHASE_DOMAIN; - } else if (session->is_l2tpvpn_ipsec) { - return L2TPIPSECVPN_PHASE_DOMAIN; - } else if (session->is_btmm_ipsec) { - return BTMMIPSEC_PHASE_DOMAIN; - } - } - return PLAINIPSEC_PHASE_DOMAIN; -} - -static -void -ipsecSessionLogEvent (ike_session_t *session, const char *event_msg) -{ - aslmsg m; - - if (!event_msg) { - return; - } - - m = asl_new(ASL_TYPE_MSG); - asl_set(m, ASL_KEY_FACILITY, ipsecSessionGetPhaseDomain(session)); - asl_set(m, ASL_KEY_MSG, ipsecSessionString); - asl_log(NULL, m, ASL_LEVEL_NOTICE, "%s", event_msg); - asl_free(m); -} - -void -ipsecSessionTracerStart (ike_session_t *session) -{ - if (session == NULL) { - return; - } - bzero(&session->stats, sizeof(session->stats)); - bzero(&session->stop_timestamp, sizeof(session->stop_timestamp)); - bzero(&session->estab_timestamp, sizeof(session->estab_timestamp)); - gettimeofday(&session->start_timestamp, NULL); - ipsecSessionLogEvent(session, CONSTSTR("Connecting.")); -} - -void -ipsecSessionTracerEvent (ike_session_t *session, ipsecSessionEventCode_t eventCode, const char *event, const char *failure_reason) -{ - char buf[1024]; - - if (session == NULL) { - //ipsecSessionLogEvent(session, CONSTSTR("tracer failed. (Invalid session).")); - return; - } - if (eventCode <= IPSECSESSIONEVENTCODE_NONE || eventCode >= IPSECSESSIONEVENTCODE_MAX) { - ipsecSessionLogEvent(session, CONSTSTR("tracer failed. (Invalid event code).")); - return; - } - if (event == NULL) { - ipsecSessionLogEvent(session, CONSTSTR("tracer failed. (Invalid event).")); - return; - } - - if (failure_reason) { - if (!session->term_reason && - !ipsecSessionEventIgnoreReason[eventCode]) { - session->term_reason = (char*)failure_reason; - } - } - - session->stats.counters[eventCode]++; - buf[0] = (char)0; - snprintf(buf, sizeof(buf), "%s. (%s).", ipsecSessionEventCodeToString(eventCode), event); - ipsecSessionLogEvent(session, CONSTSTR(buf)); -} - -static void -ipsecSessionTracerLogFailureRate (ike_session_t *session, const char *signature, double failure_rate) -{ - aslmsg m; - char buf[128]; - const char *domain = ipsecSessionGetPhaseDomain(session); - - if (!signature || failure_rate <= 0.001) { - return; - } - - m = asl_new(ASL_TYPE_MSG); - asl_set(m, "com.apple.message.domain", domain); - asl_set(m, ASL_KEY_FACILITY, domain); - asl_set(m, ASL_KEY_MSG, ipsecSessionString); - asl_set(m, "com.apple.message.result", "noop"); - asl_set(m, "com.apple.message.signature", signature); - snprintf(buf, sizeof(buf), "%.3f", failure_rate); - asl_set(m, "com.apple.message.value", buf); // stuff the up time into value - asl_log(NULL, m, ASL_LEVEL_NOTICE, "%s. (Failure-Rate = %s).", signature, buf); - asl_free(m); -} - -static void -ipsecSessionTracerLogStop (ike_session_t *session, int caused_by_failure, const char *reason) -{ - aslmsg m; - char nat_buf[128]; - char buf[128]; - const char *domain = (session->established)? ipsecSessionGetConnectionDomain(session) : ipsecSessionGetConnectionLessDomain(session); - - m = asl_new(ASL_TYPE_MSG); - asl_set(m, "com.apple.message.domain", domain); - asl_set(m, ASL_KEY_FACILITY, domain); - asl_set(m, ASL_KEY_MSG, ipsecSessionString); - if (caused_by_failure || - (reason && reason != ike_session_stopped_by_flush && reason != ike_session_stopped_by_vpn_disconnect)) { - asl_set(m, "com.apple.message.result", CONSTSTR("failure")); // failure - } else { - asl_set(m, "com.apple.message.result", CONSTSTR("success")); // success - } - if (reason) { - if (session->natt_flags & NAT_DETECTED_ME) { - snprintf(nat_buf, sizeof(nat_buf), "%s. NAT detected by Me", reason); - asl_set(m, "com.apple.message.signature", nat_buf); - } else if (session->natt_flags & NAT_DETECTED_PEER) { - snprintf(nat_buf, sizeof(nat_buf), "%s. NAT detected by Peer", reason); - asl_set(m, "com.apple.message.signature", nat_buf); - } else { - asl_set(m, "com.apple.message.signature", reason); - } - } else { - // reason was NULL; make sure success/failure have different signature - if (caused_by_failure) { - asl_set(m, "com.apple.message.signature", CONSTSTR("Internal/Server-side error")); - } else { - asl_set(m, "com.apple.message.signature", CONSTSTR("User/System initiated the disconnect")); - } - } - if (session->established) { - snprintf(buf, sizeof(buf), "%8.6f", timedelta(&session->estab_timestamp, &session->stop_timestamp)); - asl_set(m, "com.apple.message.value", buf); // stuff the up time into value - asl_log(NULL, m, ASL_LEVEL_NOTICE, "Disconnecting. (Connection was up for, %s seconds).", buf); - } else { - snprintf(buf, sizeof(buf), "%8.6f", timedelta(&session->start_timestamp, &session->stop_timestamp)); - asl_set(m, "com.apple.message.value2", buf); /// stuff the negoing time into value2 - asl_log(NULL, m, ASL_LEVEL_NOTICE, "Disconnecting. (Connection tried to negotiate for, %s seconds).", buf); - } - asl_free(m); -} - -void -ipsecSessionTracerStop (ike_session_t *session, int caused_by_failure, const char *reason) -{ - if (session == NULL) { - return; - } - - gettimeofday(&session->stop_timestamp, NULL); - - ipsecSessionTracerLogStop(session, caused_by_failure, reason); - - // go thru counters logging failure-rate events - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Packets Transmit Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC])); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Packets Receive Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC])); - } - //if (session->version == IKE_VERSION_1) { - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_MAX_RETRANSMIT] || - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_FAIL] || - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Phase 1 Failure-Rate Statistic"), - get_percentage((double)(session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_MAX_RETRANSMIT] + - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_FAIL] + - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_FAIL]), - (double)(session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_SUCC] + - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_SUCC]))); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Phase 1 Initiator Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_SUCC])); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Phase 1 Responder Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_SUCC])); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Phase 1 Authentication Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_SUCC])); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_DPD_MAX_RETRANSMIT]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Dead-Peer-Detection Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_DPD_MAX_RETRANSMIT], - (double)(session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_DPD_MAX_RETRANSMIT] + - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_DPD_INIT_REQ]))); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_DPD_INIT_RETRANSMIT] || - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_DPD_RESP_RETRANSMIT]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Dead-Peer-Detect Retransmit-Rate Statistic"), - get_percentage((double)(session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_DPD_INIT_RETRANSMIT] + - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_DPD_RESP_RETRANSMIT]), - (double)(session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_DPD_INIT_REQ] + - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_DPD_RESP_REQ]))); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_MODECFG_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE MODE-Config Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_MODECFG_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_MODECFG_SUCC])); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_XAUTH_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE XAUTH Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_XAUTH_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_XAUTH_SUCC])); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_MAX_RETRANSMIT] || - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_FAIL] || - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_RESP_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Phase 2 Failure-Rate Statistic"), - get_percentage((double)(session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_MAX_RETRANSMIT] + - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_FAIL] + - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_RESP_FAIL]), - (double)(session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_SUCC] + - session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_RESP_FAIL]))); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Phase 2 Initiator Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_SUCC])); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_RESP_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Phase 2 Responder Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_RESP_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_RESP_SUCC])); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_AUTH_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Phase 2 Authentication Failure-Rate Statistics"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_AUTH_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_PH2_AUTH_SUCC])); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Information-Notice Transmit Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL])); - } - if (session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_RX_FAIL]) { - ipsecSessionTracerLogFailureRate(session, - CONSTSTR("IKE Information-Notice Receive Failure-Rate Statistic"), - get_percentage((double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_RX_FAIL], (double)session->stats.counters[IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_RX_SUCC])); - } - //} -} - -void -ipsecSessionTracerLogEstablished (ike_session_t *session) -{ - aslmsg m; - const char *domain = ipsecSessionGetConnectionLessDomain(session); - - m = asl_new(ASL_TYPE_MSG); - asl_set(m, "com.apple.message.domain", domain); - asl_set(m, ASL_KEY_FACILITY, domain); - asl_set(m, ASL_KEY_MSG, ipsecSessionString); - asl_set(m, "com.apple.message.result", "success"); // success - asl_set(m, "com.apple.message.signature", "success"); - asl_log(NULL, m, ASL_LEVEL_NOTICE, "Connected."); - asl_free(m); -} diff --git a/ipsec-tools/racoon/ipsecSessionTracer.h b/ipsec-tools/racoon/ipsecSessionTracer.h deleted file mode 100644 index 4cb7421..0000000 --- a/ipsec-tools/racoon/ipsecSessionTracer.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2008 Apple Computer, Inc. All rights reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#ifndef _IPSECSESSIONTRACER_H -#define _IPSECSESSIONTRACER_H - -typedef enum ipsecSessionEventCode { - IPSECSESSIONEVENTCODE_NONE = 0, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_SUCC, - IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_FAIL, - IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_DROP, - IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_SUCC, - IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_FAIL, - IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_DROP, - IPSECSESSIONEVENTCODE_IKEV1_PH1_MAX_RETRANSMIT, - IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_SUCC, - IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL, - IPSECSESSIONEVENTCODE_IKEV1_DPD_INIT_REQ, - IPSECSESSIONEVENTCODE_IKEV1_DPD_INIT_RESP, - IPSECSESSIONEVENTCODE_IKEV1_DPD_INIT_RETRANSMIT, - IPSECSESSIONEVENTCODE_IKEV1_DPD_RESP_REQ, - IPSECSESSIONEVENTCODE_IKEV1_DPD_RESP_RESP, - IPSECSESSIONEVENTCODE_IKEV1_DPD_RESP_RETRANSMIT, - IPSECSESSIONEVENTCODE_IKEV1_DPD_MAX_RETRANSMIT, - IPSECSESSIONEVENTCODE_IKEV1_CFG_RETRANSMIT, - IPSECSESSIONEVENTCODE_IKEV1_MODECFG_SUCC, - IPSECSESSIONEVENTCODE_IKEV1_MODECFG_FAIL, - IPSECSESSIONEVENTCODE_IKEV1_MODECFG_DROP, - IPSECSESSIONEVENTCODE_IKEV1_XAUTH_SUCC, - IPSECSESSIONEVENTCODE_IKEV1_XAUTH_FAIL, - IPSECSESSIONEVENTCODE_IKEV1_XAUTH_DROP, - IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_SUCC, - IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_FAIL, - IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_DROP, - IPSECSESSIONEVENTCODE_IKEV1_PH2_RESP_SUCC, - IPSECSESSIONEVENTCODE_IKEV1_PH2_RESP_FAIL, - IPSECSESSIONEVENTCODE_IKEV1_PH2_RESP_DROP, - IPSECSESSIONEVENTCODE_IKEV1_PH2_MAX_RETRANSMIT, - IPSECSESSIONEVENTCODE_IKEV1_PH2_AUTH_SUCC, - IPSECSESSIONEVENTCODE_IKEV1_PH2_AUTH_FAIL, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_SUCC, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_RX_SUCC, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_RX_FAIL, - IPSECSESSIONEVENTCODE_MAX, -} ipsecSessionEventCode_t; - -const char * ipsecSessionEventCodeToString (ipsecSessionEventCode_t); -void ipsecSessionTracerStart (ike_session_t *); -void ipsecSessionTracerEvent (ike_session_t *, ipsecSessionEventCode_t, const char *, const char *); -void ipsecSessionTracerStop (ike_session_t *, int, const char *); -void ipsecSessionTracerLogEstablished (ike_session_t *session); - -#endif /* _IPSECSESSIONTRACER_H */ diff --git a/ipsec-tools/racoon/isakmp.c b/ipsec-tools/racoon/isakmp.c index 2e19673..52a030c 100644 --- a/ipsec-tools/racoon/isakmp.c +++ b/ipsec-tools/racoon/isakmp.c @@ -121,8 +121,6 @@ # include # include # define SOL_UDP IPPROTO_UDP -#include "ipsecSessionTracer.h" -#include "ipsecMessageTracer.h" #include "power_mgmt.h" extern caddr_t val2str (const char *, size_t); @@ -429,10 +427,6 @@ ikev1_received_packet(vchar_t *msg, struct sockaddr_storage *local, struct socka /* validity check */ if (memcmp(&isakmp->r_ck, r_ck0, sizeof(cookie_t)) == 0 && iph1->side == INITIATOR) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Malformed or unexpected cookie"), - CONSTSTR("Failed to process packet (malformed/unexpected cookie)")); plog(ASL_LEVEL_NOTICE, "Malformed cookie received or " "the initiator's cookies collide.\n"); @@ -455,20 +449,12 @@ ikev1_received_packet(vchar_t *msg, struct sockaddr_storage *local, struct socka /* copy-in new addresses */ iph1->remote = dupsaddr(remote); if (iph1->remote == NULL) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Failed to duplicate remote address"), - CONSTSTR("Failed to process Phase 1 message (can't duplicate remote address")); plog(ASL_LEVEL_ERR, "Phase 1 failed: dupsaddr failed.\n"); fatal_error(-1); } iph1->local = dupsaddr(local); if (iph1->local == NULL) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Failed to duplicate local address"), - CONSTSTR("Failed to process Phase 1 message (can't duplicate local address")); plog(ASL_LEVEL_ERR, "Phase 1 failed: dupsaddr failed.\n"); fatal_error(-1); @@ -556,10 +542,6 @@ ikev1_received_packet(vchar_t *msg, struct sockaddr_storage *local, struct socka * because of no authentication has been completed. */ if (iph1->etype != isakmp->etype) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Mismatched exchange type"), - CONSTSTR("Failed to process Phase 1 message (mismatched exchange type)")); plog(ASL_LEVEL_ERR, "Exchange type is mismatched: " "db=%s packet=%s, ignore it.\n", @@ -634,10 +616,6 @@ ikev1_received_packet(vchar_t *msg, struct sockaddr_storage *local, struct socka /* check status of phase 1 whether negotiated or not. */ if (!FSM_STATE_IS_ESTABLISHED(iph1->status)) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_DROP, - CONSTSTR("Can't start Phase 2 without valid Phase 1"), - CONSTSTR("Failed to start Phase 2 responder (no established Phase 1")); plog(ASL_LEVEL_ERR, "can't start the quick mode, " "there is no valid ISAKMP-SA, %s\n", isakmp_pindex(&iph1->index, iph1->msgid)); return; @@ -663,10 +641,6 @@ ikev1_received_packet(vchar_t *msg, struct sockaddr_storage *local, struct socka if (ISSET(isakmp->flags, ISAKMP_FLAG_E) && (iph2->ph1 == NULL || iph2->ph1->approval == NULL)) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_DROP, - CONSTSTR("Can't continue Phase 2 without valid Phase 1"), - CONSTSTR("Failed to continue Phase 2 resonder (invalid linked Phase 1")); plog(ASL_LEVEL_ERR, "can't start the quick mode, " "invalid linked ISAKMP-SA\n"); return; @@ -1840,12 +1814,7 @@ isakmp_ph1resend(iph1) /* Note: NEVER do the rem/del here, it will be done by the caller or by the _stub function */ if (iph1->retry_counter <= 0) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_MAX_RETRANSMIT, - CONSTSTR("Phase 1 Maximum Retransmits"), - CONSTSTR("Phase 1 negotiation failed (Maximum retransmits)")); - - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "Phase 1 negotiation failed due to time up. %s\n", isakmp_pindex(&iph1->index, iph1->msgid)); if (iph1->side == INITIATOR && iph1->is_rekey && iph1->parent_session && iph1->parent_session->is_client) { @@ -1859,25 +1828,12 @@ isakmp_ph1resend(iph1) } if (isakmp_send(iph1, iph1->sendbuf) < 0){ - if (iph1->rmconf->retry_counter != iph1->retry_counter) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Phase 1 Retransmit"), - CONSTSTR("Failed to retrasmit Phase1")); - } plog(ASL_LEVEL_ERR, "Phase 1 negotiation failed due to send error. %s\n", isakmp_pindex(&iph1->index, iph1->msgid)); return -1; } - if (iph1->rmconf->retry_counter != iph1->retry_counter) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Phase 1 Retransmit"), - CONSTSTR(NULL)); - } - plog(ASL_LEVEL_NOTICE, "Resend Phase 1 packet %s\n", isakmp_pindex(&iph1->index, iph1->msgid)); @@ -1921,10 +1877,6 @@ isakmp_ph2resend(iph2) } if (FSM_STATE_IS_EXPIRED(iph2->ph1->status)){ - IPSECSESSIONTRACEREVENT(iph2->ph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH2_MAX_RETRANSMIT, - CONSTSTR("Underlying Phase 1 expired"), - CONSTSTR("Failed to retransmit Phase 2 (underlying Phase 1 expired)")); plog(ASL_LEVEL_ERR, "Phase 2 negotiation failed due to Phase 1 expired. %s\n", isakmp_pindex(&iph2->ph1->index, iph2->msgid)); @@ -1932,10 +1884,6 @@ isakmp_ph2resend(iph2) } if (iph2->retry_counter <= 0) { - IPSECSESSIONTRACEREVENT(iph2->ph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH2_MAX_RETRANSMIT, - CONSTSTR("Phase 2 maximum retransmits"), - CONSTSTR("Phase 2 negotiation failed (maximum retransmits)")); plog(ASL_LEVEL_ERR, "Phase 2 negotiation failed due to time up. %s\n", isakmp_pindex(&iph2->ph1->index, iph2->msgid)); @@ -1945,24 +1893,12 @@ isakmp_ph2resend(iph2) } if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0){ - if (iph2->ph1->rmconf->retry_counter != iph2->retry_counter) { - IPSECSESSIONTRACEREVENT(iph2->ph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Phase 2 Retransmit"), - CONSTSTR("Failed to retransmit Phase2 message")); - } - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "Phase 2 negotiation failed due to send error. %s\n", isakmp_pindex(&iph2->ph1->index, iph2->msgid)); return -1; } - if (iph2->ph1->rmconf->retry_counter != iph2->retry_counter) { - IPSECSESSIONTRACEREVENT(iph2->ph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Phase 2 Retransmit"), - CONSTSTR(NULL)); - } plog(ASL_LEVEL_NOTICE, "Resend Phase 2 packet %s\n", diff --git a/ipsec-tools/racoon/isakmp_agg.c b/ipsec-tools/racoon/isakmp_agg.c index 13bf4d3..c2277ae 100644 --- a/ipsec-tools/racoon/isakmp_agg.c +++ b/ipsec-tools/racoon/isakmp_agg.c @@ -89,8 +89,6 @@ #include "vpn_control.h" #include "vpn_control_var.h" -#include "ipsecSessionTracer.h" -#include "ipsecMessageTracer.h" #ifndef HAVE_OPENSSL #include #endif @@ -300,19 +298,7 @@ agg_i1send(iph1, msg) fsm_set_state(&iph1->status, IKEV1_STATE_AGG_I_MSG1SENT); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Initiator, Aggressive-Mode message 1"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Initiator, Aggressive-Mode Message 1"), - CONSTSTR("Failed to transmit Aggressive-Mode Message 1")); - } if (cr) vfree(cr); #ifdef ENABLE_FRAG @@ -648,10 +634,6 @@ agg_i2recv(iph1, msg) /* validate authentication value */ ptype = oakley_validate_auth(iph1); if (ptype != 0) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL, - CONSTSTR("Initiator, Aggressive-Mode Message 2"), - CONSTSTR("Failed to authenticate, Aggressive-Mode Message 2")); if (ptype == -1) { /* message printed inner oakley_validate_auth() */ goto end; @@ -659,11 +641,7 @@ agg_i2recv(iph1, msg) isakmp_info_send_n1(iph1, ptype, NULL); goto end; } - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_SUCC, - CONSTSTR("Initiator, Aggressive-Mode Message 2"), - CONSTSTR(NULL)); - + if (oakley_checkcr(iph1) < 0) { /* Ignore this error in order to be interoperability. */ ; @@ -677,20 +655,7 @@ agg_i2recv(iph1, msg) #endif error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Initiator, Aggressive-Mode message 2"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Initiator, Aggressive-Mode Message 2"), - CONSTSTR("Failure processing Aggressive-Mode Message 2")); - } - if (pbuf) vfree(pbuf); if (satmp) @@ -855,25 +820,8 @@ agg_i3send(iph1, msg) fsm_set_state(&iph1->status, IKEV1_STATE_PHASE1_ESTABLISHED); - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_SUCC, - CONSTSTR("Initiator, Aggressive-Mode"), - CONSTSTR(NULL)); - error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Initiator, Aggressive-Mode message 3"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Initiator, Aggressive-Mode Message 3"), - CONSTSTR("Failed to transmit Aggressive-Mode Message 3")); - } #ifdef ENABLE_NATT if (natd[0]) vfree(natd[0]); @@ -1068,20 +1016,7 @@ agg_r1recv(iph1, msg) fsm_set_state(&iph1->status, IKEV1_STATE_AGG_R_MSG1RCVD); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Responder, Aggressive-Mode message 1"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Responder, Aggressive-Mode Message 1"), - CONSTSTR("Failed to process Aggressive-Mode Message 1")); - } - if (pbuf) vfree(pbuf); if (error) { @@ -1421,19 +1356,7 @@ agg_r2send(iph1, msg) #endif error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Responder, Aggressive-Mode message 2"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Responder, Aggressive-Mode Message 2"), - CONSTSTR("Failed to process Aggressive-Mode Message 2")); - } if (cr) vfree(cr); #ifdef ENABLE_HYBRID @@ -1605,10 +1528,6 @@ agg_r3recv(iph1, msg0) /* validate authentication value */ ptype = oakley_validate_auth(iph1); if (ptype != 0) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL, - CONSTSTR("Responder, Aggressive-Mode Message 3"), - CONSTSTR("Failed to authenticate Aggressive-Mode Message 3")); if (ptype == -1) { /* message printed inner oakley_validate_auth() */ goto end; @@ -1616,27 +1535,10 @@ agg_r3recv(iph1, msg0) isakmp_info_send_n1(iph1, ptype, NULL); goto end; } - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_SUCC, - CONSTSTR("Responder, Aggressive-Mode Message 3"), - CONSTSTR(NULL)); - fsm_set_state(&iph1->status, IKEV1_STATE_AGG_R_MSG3RCVD); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Responder, Aggressive-Mode message 3"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Responder, Aggressive-Mode Message 3"), - CONSTSTR("Failed to process Aggressive-Mode Message 3")); - } if (pbuf) vfree(pbuf); if (msg) @@ -1678,12 +1580,6 @@ agg_rfinalize(iph1, msg) iph1->flags |= ISAKMP_FLAG_E; fsm_set_state(&iph1->status, IKEV1_STATE_PHASE1_ESTABLISHED); - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_SUCC, - CONSTSTR("Responder, Aggressive-Mode"), - CONSTSTR(NULL)); - error = 0; end: diff --git a/ipsec-tools/racoon/isakmp_cfg.c b/ipsec-tools/racoon/isakmp_cfg.c index 4308558..7612caa 100644 --- a/ipsec-tools/racoon/isakmp_cfg.c +++ b/ipsec-tools/racoon/isakmp_cfg.c @@ -99,8 +99,6 @@ #include "vpn_control.h" #include "vpn_control_var.h" #include "ike_session.h" -#include "ipsecSessionTracer.h" -#include "ipsecMessageTracer.h" #include "nattraversal.h" struct isakmp_cfg_config isakmp_cfg_config; @@ -144,10 +142,6 @@ isakmp_cfg_r(iph1, msg) /* Check that the packet is long enough to have a header */ if (msg->l < sizeof(*packet)) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("MODE-Config. Unexpected short packet"), - CONSTSTR("Failed to process short MODE-Config packet")); plog(ASL_LEVEL_ERR, "Unexpected short packet\n"); return; } @@ -156,11 +150,7 @@ isakmp_cfg_r(iph1, msg) /* Is it encrypted? It should be encrypted */ if ((packet->flags & ISAKMP_FLAG_E) == 0) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("MODE-Config. User credentials sent in cleartext"), - CONSTSTR("Dropped cleattext User credentials")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "User credentials sent in cleartext!\n"); return; } @@ -177,11 +167,7 @@ isakmp_cfg_r(iph1, msg) dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive); if (dmsg == NULL) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("MODE-Config. Failed to decrypt packet"), - CONSTSTR("Failed to decrypt MODE-Config packet")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "failed to decrypt message\n"); return; } @@ -285,18 +271,7 @@ isakmp_cfg_r(iph1, msg) goto out; /* no resend scheduled */ SCHED_KILL(iph2->scr); /* turn off schedule */ ike_session_unlink_phase2(iph2); - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("MODE-Config"), - CONSTSTR(NULL)); out: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("MODE-Config"), - CONSTSTR("Failed to process Mode-Config packet")); - } vfree(dmsg); } @@ -1313,10 +1288,6 @@ isakmp_cfg_send(iph1, payload, np, flags, new_exchange, retry_count, msg) VPTRINIT(iph2->sendbuf); goto err; } - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_CFG_RETRANSMIT, - CONSTSTR("Mode-Config retransmit"), - CONSTSTR(NULL)); error = 0; goto end; } @@ -1345,19 +1316,7 @@ isakmp_cfg_send(iph1, payload, np, flags, new_exchange, retry_count, msg) error = 0; VPTRINIT(iph2->sendbuf); - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Mode-Config message"), - CONSTSTR(NULL)); - err: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Mode-Config message"), - CONSTSTR("Failed to transmit Mode-Config message")); - } ike_session_unlink_phase2(iph2); end: if (hash) diff --git a/ipsec-tools/racoon/isakmp_ident.c b/ipsec-tools/racoon/isakmp_ident.c index 6c1a293..87cbace 100644 --- a/ipsec-tools/racoon/isakmp_ident.c +++ b/ipsec-tools/racoon/isakmp_ident.c @@ -88,8 +88,6 @@ #include "vpn_control.h" #include "vpn_control_var.h" -#include "ipsecSessionTracer.h" -#include "ipsecMessageTracer.h" #ifndef HAVE_OPENSSL #include #endif @@ -228,19 +226,7 @@ ident_i1send(iph1, msg) fsm_set_state(&iph1->status, IKEV1_STATE_IDENT_I_MSG1SENT); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Initiator, Main-Mode message 1"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Initiator, Main-Mode Message 1"), - CONSTSTR("Failed to transmit Main-Mode Message 1")); - } #ifdef ENABLE_FRAG if (vid_frag) vfree(vid_frag); @@ -396,19 +382,7 @@ ident_i2recv(iph1, msg) #endif error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Initiator, Main-Mode message 2"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Initiator, Main-Mode Message 2"), - CONSTSTR("Failed to process Main-Mode Message 2")); - } if (pbuf) vfree(pbuf); if (satmp) @@ -495,19 +469,7 @@ ident_i3send(iph1, msg) fsm_set_state(&iph1->status, IKEV1_STATE_IDENT_I_MSG3SENT); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Initiator, Main-Mode message 3"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Initiator, Main-Mode Message 3"), - CONSTSTR("Failed to transmit Main-Mode Message 3")); - } return error; } @@ -671,19 +633,7 @@ ident_i4recv(iph1, msg) fsm_set_state(&iph1->status, IKEV1_STATE_IDENT_I_MSG4RCVD); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Initiator, Main-Mode message 4"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Initiator, Main-Mode Message 4"), - CONSTSTR("Failed to process Main-Mode Message 4")); - } if (pbuf) vfree(pbuf); if (error) { @@ -805,19 +755,7 @@ ident_i5send(iph1, msg0) fsm_set_state(&iph1->status, IKEV1_STATE_IDENT_I_MSG5SENT); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Initiator, Main-Mode message 5"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Initiator, Main-Mode Message 5"), - CONSTSTR("Failed to transmit Main-Mode Message 5")); - } return error; } @@ -940,10 +878,6 @@ ident_i6recv(iph1, msg0) /* validate authentication value */ type = oakley_validate_auth(iph1); if (type != 0) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL, - CONSTSTR("Initiator, Main-Mode Message 6"), - CONSTSTR("Failed to authenticate Main-Mode Message 6")); if (type == -1) { /* msg printed inner oakley_validate_auth() */ goto end; @@ -951,11 +885,6 @@ ident_i6recv(iph1, msg0) isakmp_info_send_n1(iph1, type, NULL); goto end; } - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_SUCC, - CONSTSTR("Initiator, Main-Mode Message 6"), - CONSTSTR(NULL)); - /* * XXX: Should we do compare two addresses, ph1handle's and ID @@ -973,19 +902,7 @@ ident_i6recv(iph1, msg0) fsm_set_state(&iph1->status, IKEV1_STATE_IDENT_I_MSG6RCVD); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Initiator, Main-Mode message 6"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Initiator, Main-Mode Message 6"), - CONSTSTR("Failed to transmit Main-Mode Message 6")); - } if (pbuf) vfree(pbuf); if (msg) @@ -1024,14 +941,7 @@ ident_ifinalize(iph1, msg) memcpy(iph1->ivm->iv->v, iph1->ivm->ive->v, iph1->ivm->iv->l); fsm_set_state(&iph1->status, IKEV1_STATE_PHASE1_ESTABLISHED); - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_INIT_SUCC, - CONSTSTR("Initiator, Main-Mode"), - CONSTSTR(NULL)); - error = 0; - end: return error; } @@ -1163,19 +1073,7 @@ ident_r1recv(iph1, msg) fsm_set_state(&iph1->status, IKEV1_STATE_IDENT_R_MSG1RCVD); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Responder, Main-Mode message 1"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Responder, Main-Mode Message 1"), - CONSTSTR("Failed to process Main-Mode Message 1")); - } if (pbuf) vfree(pbuf); if (error) { @@ -1310,19 +1208,7 @@ ident_r2send(iph1, msg) #endif error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Responder, Main-Mode message 2"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Responder, Main-Mode Message 2"), - CONSTSTR("Failed to transmit Main-Mode Message 2")); - } #ifdef ENABLE_NATT if (vid_natt) vfree(vid_natt); @@ -1471,19 +1357,7 @@ ident_r3recv(iph1, msg) fsm_set_state(&iph1->status, IKEV1_STATE_IDENT_R_MSG3RCVD); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Responder, Main-Mode message 3"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Responder, Main-Mode Message 3"), - CONSTSTR("Failed to process Main-Mode Message 3")); - } if (pbuf) vfree(pbuf); @@ -1604,19 +1478,7 @@ ident_r4send(iph1, msg) fsm_set_state(&iph1->status, IKEV1_STATE_IDENT_R_MSG4SENT); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Responder, Main-Mode message 4"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Responder, Main-Mode Message 4"), - CONSTSTR("Failed to transmit Main-Mode Message 4")); - } return error; } @@ -1782,10 +1644,6 @@ ident_r5recv(iph1, msg0) type = oakley_validate_auth(iph1); if (type != 0) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_FAIL, - CONSTSTR("Responder, Main-Mode Message 5"), - CONSTSTR("Failed to authenticate Main-Mode Message 5")); if (type == -1) { /* msg printed inner oakley_validate_auth() */ goto end; @@ -1793,10 +1651,6 @@ ident_r5recv(iph1, msg0) isakmp_info_send_n1(iph1, type, NULL); goto end; } - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_AUTH_SUCC, - CONSTSTR("Responder, Main-Mode Message 5"), - CONSTSTR(NULL)); if (oakley_checkcr(iph1) < 0) { /* Ignore this error in order to be interoperability. */ @@ -1815,19 +1669,7 @@ ident_r5recv(iph1, msg0) fsm_set_state(&iph1->status, IKEV1_STATE_IDENT_R_MSG5RCVD); error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Responder, Main-Mode message 5"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Responder, Main-Mode Message 5"), - CONSTSTR("Failed to process Main-Mode Message 5")); - } if (pbuf) vfree(pbuf); if (msg) @@ -1919,27 +1761,8 @@ ident_r6send(iph1, msg) memcpy(iph1->ivm->ive->v, iph1->ivm->iv->v, iph1->ivm->iv->l); fsm_set_state(&iph1->status, IKEV1_STATE_PHASE1_ESTABLISHED); - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH1_RESP_SUCC, - CONSTSTR("Responder, Main-Mode"), - CONSTSTR(NULL)); - error = 0; - - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Responder, Main-Mode message 6"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Responder, Main-Mode Message 6"), - CONSTSTR("Failed to process Main-Mode Message 6")); - } - return error; } diff --git a/ipsec-tools/racoon/isakmp_inf.c b/ipsec-tools/racoon/isakmp_inf.c index 0f1ed28..d335a55 100644 --- a/ipsec-tools/racoon/isakmp_inf.c +++ b/ipsec-tools/racoon/isakmp_inf.c @@ -103,8 +103,6 @@ #include "vpn_control_var.h" #include "vpn_control.h" #include "ike_session.h" -#include "ipsecSessionTracer.h" -#include "ipsecMessageTracer.h" /* information exchange */ static int isakmp_info_recv_n (phase1_handle_t *, struct isakmp_pl_n *, u_int32_t, int); @@ -208,10 +206,6 @@ isakmp_info_recv(phase1_handle_t *iph1, vchar_t *msg0) if (iph1->ivm == NULL) { plog(ASL_LEVEL_ERR, "iph1->ivm == NULL\n"); - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to process Information Message (no IV)")); return -1; } @@ -220,10 +214,6 @@ isakmp_info_recv(phase1_handle_t *iph1, vchar_t *msg0) if (ivm == NULL) { plog(ASL_LEVEL_ERR, "failed to compute IV\n"); - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to process Information Message (can't compute IV)")); return -1; } @@ -232,10 +222,6 @@ isakmp_info_recv(phase1_handle_t *iph1, vchar_t *msg0) if (msg == NULL) { plog(ASL_LEVEL_ERR, "failed to decrypt packet\n"); - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to decrypt Information message")); return -1; } @@ -424,18 +410,7 @@ isakmp_info_recv(phase1_handle_t *iph1, vchar_t *msg0) flag |= error; } } - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Information message"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to process Information Message")); - } if (msg != NULL) vfree(msg); if (pbuf != NULL) @@ -825,18 +800,6 @@ isakmp_info_send_d1(phase1_handle_t *iph1) error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_D, 0); vfree(payload); - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("Delete ISAKMP-SA"), - CONSTSTR("Failed to transmit Delete-ISAKMP-SA message")); - } else { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_SUCC, - CONSTSTR("Delete ISAKMP-SA"), - CONSTSTR(NULL)); - } - return error; } @@ -867,14 +830,6 @@ isakmp_info_send_d2(phase2_handle_t *iph2) iph1 = ike_session_getph1byaddr(iph2->parent_session, iph2->src, iph2->dst); } if (iph1 == NULL){ - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to transmit Information message")); - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("Delete IPSEC-SA"), - CONSTSTR("Failed to transmit Delete-IPSEC-SA message")); plog(ASL_LEVEL_NOTICE, "No ph1 handler found, could not send DELETE_SA\n"); return 0; @@ -893,15 +848,7 @@ isakmp_info_send_d2(phase2_handle_t *iph2) tlen = sizeof(*d) + pr->spisize; payload = vmalloc(tlen); if (payload == NULL) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to transmit Information message")); - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("Delete IPSEC-SA"), - CONSTSTR("Failed to transmit Delete-IPSEC-SA message")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "failed to get buffer for payload.\n"); return errno; } @@ -925,17 +872,6 @@ isakmp_info_send_d2(phase2_handle_t *iph2) error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_D, 0); vfree(payload); - if (error) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("Delete IPSEC-SA"), - CONSTSTR("Failed to transmit Delete-IPSEC-SA")); - } else { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_SUCC, - CONSTSTR("Delete IPSEC-SA"), - CONSTSTR(NULL)); - } } return error; @@ -960,11 +896,7 @@ isakmp_info_send_nx(struct isakmp *isakmp, struct sockaddr_storage *remote, stru /* search appropreate configuration */ rmconf = getrmconf(remote); if (rmconf == NULL) { - IPSECSESSIONTRACEREVENT(sess, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to transmit Information message (no remote configuration)")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "no configuration found for peer address.\n"); goto end; } @@ -972,11 +904,7 @@ isakmp_info_send_nx(struct isakmp *isakmp, struct sockaddr_storage *remote, stru /* add new entry to isakmp status table. */ iph1 = ike_session_newph1(ISAKMP_VERSION_NUMBER_IKEV1); if (iph1 == NULL) { - IPSECSESSIONTRACEREVENT(sess, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to transmit Information message (no new Phase 1)")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "failed to allocate ph1"); return -1; } @@ -1003,11 +931,7 @@ isakmp_info_send_nx(struct isakmp *isakmp, struct sockaddr_storage *remote, stru /* copy remote address */ if (copy_ph1addresses(iph1, rmconf, remote, local) < 0) { - IPSECSESSIONTRACEREVENT(sess, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to transmit Information Message (can't copy Phase 1 addresses)")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "failed to copy ph1 addresses"); error = -1; iph1 = NULL; /* deleted in copy_ph1addresses */ @@ -1019,11 +943,7 @@ isakmp_info_send_nx(struct isakmp *isakmp, struct sockaddr_storage *remote, stru tlen += data->l; payload = vmalloc(tlen); if (payload == NULL) { - IPSECSESSIONTRACEREVENT(sess, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to transmit Information Message (can't allocate payload)")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "failed to get buffer to send.\n"); error = -1; goto end; @@ -1049,19 +969,7 @@ isakmp_info_send_nx(struct isakmp *isakmp, struct sockaddr_storage *remote, stru error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0); vfree(payload); - if (error) { - IPSECSESSIONTRACEREVENT(sess, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("Without ISAKMP-SA"), - CONSTSTR("Failed to transmit Without-ISAKMP-SA message")); - } else { - IPSECSESSIONTRACEREVENT(sess, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_SUCC, - CONSTSTR("Without ISAKMP-SA"), - CONSTSTR(NULL)); - } - - end: +end: if (iph1 != NULL) ike_session_unlink_phase1(iph1); @@ -1101,11 +1009,7 @@ isakmp_info_send_n1(phase1_handle_t *iph1, int type, vchar_t *data) tlen += data->l; payload = vmalloc(tlen); if (payload == NULL) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("ISAKMP-SA"), - CONSTSTR("Failed to transmit ISAKMP-SA message (can't allocate payload)")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "failed to get buffer to send.\n"); return errno; } @@ -1128,18 +1032,6 @@ isakmp_info_send_n1(phase1_handle_t *iph1, int type, vchar_t *data) error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, iph1->flags); vfree(payload); - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("ISAKMP-SA"), - CONSTSTR("Can't transmit ISAKMP-SA message")); - } else { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_SUCC, - CONSTSTR("ISAKMP-SA"), - CONSTSTR(NULL)); - } - return error; } @@ -1167,11 +1059,7 @@ isakmp_info_send_n2(phase2_handle_t *iph2, int type, vchar_t *data) tlen += data->l; payload = vmalloc(tlen); if (payload == NULL) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("IPSEC-SA"), - CONSTSTR("Failed to transmit IPSEC-SA message (can't allocate payload)")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "failed to get buffer to send.\n"); return errno; } @@ -1190,18 +1078,6 @@ isakmp_info_send_n2(phase2_handle_t *iph2, int type, vchar_t *data) iph2->flags |= ISAKMP_FLAG_E; /* XXX Should we do FLAG_A ? */ error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, iph2->flags); vfree(payload); - if (error) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("IPSEC-SA"), - CONSTSTR("Failed to transmit IPSEC-SA message")); - } else { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_SUCC, - CONSTSTR("IPSEC-SA"), - CONSTSTR(NULL)); - } - return error; } @@ -1377,20 +1253,9 @@ isakmp_info_send_common(phase1_handle_t *iph1, vchar_t *payload, u_int32_t np, i /* XXX If Acknowledged Informational required, don't delete ph2handle */ error = 0; VPTRINIT(iph2->sendbuf); - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Information message"), - CONSTSTR(NULL)); - goto err; /* XXX */ end: - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Information message"), - CONSTSTR("Failed to transmit Information message")); - } if (hash) vfree(hash); return error; @@ -1911,11 +1776,7 @@ isakmp_info_recv_r_u (phase1_handle_t *iph1, struct isakmp_pl_ru *ru, u_int32_t tlen = sizeof(*ru_ack); payload = vmalloc(tlen); if (payload == NULL) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("R-U-THERE? ACK"), - CONSTSTR("Failed to transmit DPD response")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "failed to get buffer to send.\n"); return errno; } @@ -1935,18 +1796,6 @@ isakmp_info_recv_r_u (phase1_handle_t *iph1, struct isakmp_pl_ru *ru, u_int32_t error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, ISAKMP_FLAG_E); vfree(payload); - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("R-U-THERE? ACK"), - CONSTSTR("Failed to transmit DPD ack")); - } else { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_SUCC, - CONSTSTR("R-U-THERE? ACK"), - CONSTSTR(NULL)); - } - plog(ASL_LEVEL_NOTICE, "received a valid R-U-THERE, ACK sent\n"); /* Should we mark tunnel as active ? */ @@ -1988,17 +1837,6 @@ isakmp_info_recv_r_u_ack (phase1_handle_t *iph1, struct isakmp_pl_ru *ru, u_int3 isakmp_sched_r_u(iph1, 0); - if (iph1->side == INITIATOR) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_DPD_INIT_RESP, - CONSTSTR("Initiator DPD Response"), - CONSTSTR(NULL)); - } else { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_DPD_RESP_RESP, - CONSTSTR("Responder DPD Response"), - CONSTSTR(NULL)); - } plog(ASL_LEVEL_NOTICE, "received an R-U-THERE-ACK\n"); #ifdef ENABLE_VPNCONTROL_PORT @@ -2030,11 +1868,6 @@ isakmp_info_send_r_u(void *arg) } if (iph1->dpd_fails >= iph1->rmconf->dpd_maxfails) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_DPD_MAX_RETRANSMIT, - CONSTSTR("DPD maximum retransmits"), - CONSTSTR("maxed-out of DPD requests without receiving an ack")); - (void)vpncontrol_notify_ike_failed(VPNCTL_NTYPE_PEER_DEAD, FROM_LOCAL, iph1_get_remote_v4_address(iph1), 0, NULL); purge_remote(iph1); @@ -2050,11 +1883,7 @@ isakmp_info_send_r_u(void *arg) tlen = sizeof(*ru); payload = vmalloc(tlen); if (payload == NULL) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("R-U-THERE?"), - CONSTSTR("Failed to transmit DPD request")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "failed to get buffer for payload.\n"); return; } @@ -2079,29 +1908,6 @@ isakmp_info_send_r_u(void *arg) error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0); vfree(payload); - if (error) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_FAIL, - CONSTSTR("R-U-THERE?"), - CONSTSTR("Failed to transmit DPD request")); - } else { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_INFO_NOTICE_TX_SUCC, - CONSTSTR("R-U-THERE?"), - CONSTSTR(NULL)); - } - - if (iph1->side == INITIATOR) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - iph1->dpd_fails? IPSECSESSIONEVENTCODE_IKEV1_DPD_INIT_RETRANSMIT : IPSECSESSIONEVENTCODE_IKEV1_DPD_INIT_REQ, - CONSTSTR("Initiator DPD Request"), - CONSTSTR(NULL)); - } else { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - iph1->dpd_fails? IPSECSESSIONEVENTCODE_IKEV1_DPD_RESP_RETRANSMIT : IPSECSESSIONEVENTCODE_IKEV1_DPD_RESP_REQ, - CONSTSTR("Responder DPD Request"), - CONSTSTR(NULL)); - } plog(ASL_LEVEL_NOTICE, "DPD R-U-There sent (%d)\n", error); diff --git a/ipsec-tools/racoon/isakmp_quick.c b/ipsec-tools/racoon/isakmp_quick.c index b31a34c..12148a1 100644 --- a/ipsec-tools/racoon/isakmp_quick.c +++ b/ipsec-tools/racoon/isakmp_quick.c @@ -88,8 +88,6 @@ #include "sainfo.h" #include "strnames.h" #include "nattraversal.h" -#include "ipsecSessionTracer.h" -#include "ipsecMessageTracer.h" #ifndef HAVE_OPENSSL #include #endif @@ -356,19 +354,7 @@ quick_i1send(iph2, msg) fsm_set_state(&iph2->status, IKEV1_STATE_QUICK_I_MSG1SENT); error = 0; - - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Initiator, Quick-Mode message 1"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Initiator, Quick-Mode Message 1"), - CONSTSTR("Failed to transmit Quick-Mode Message 1")); - } if (body != NULL) vfree(body); if (hash != NULL) @@ -711,19 +697,7 @@ quick_i2recv(iph2, msg0) fsm_set_state(&iph2->status, IKEV1_STATE_QUICK_I_MSG2RCVD); error = 0; - - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Initiator, Quick-Mode message 2"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Initiator, Quick-Mode Message 2"), - CONSTSTR("Failed to process Quick-Mode Message 2 ")); - } if (hbuf) vfree(hbuf); if (pbuf) @@ -857,10 +831,6 @@ quick_i3send(iph2, msg0) goto end; } - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Initiator, Quick-Mode message 3"), - CONSTSTR(NULL)); packet_error = 0; /* compute both of KEYMATs */ @@ -897,12 +867,6 @@ quick_i3send(iph2, msg0) error = 0; end: - if (packet_error) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Initiator, Quick-Mode Message 3"), - CONSTSTR("Failed to transmit Quick-Mode Message 3")); - } if (buf != NULL) vfree(buf); if (msg != NULL) @@ -1028,10 +992,6 @@ quick_i4recv(iph2, msg0) } } - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Initiator, Quick-Mode message 4"), - CONSTSTR(NULL)); packet_error = 0; fsm_set_state(&iph2->status, IKEV1_STATE_QUICK_I_ADDSA); @@ -1062,12 +1022,6 @@ quick_i4recv(iph2, msg0) error = 0; end: - if (packet_error) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Initiator, Quick-Mode Message 4"), - CONSTSTR("Failed to process Quick-Mode Message 4")); - } if (msg != NULL) vfree(msg); if (pbuf != NULL) @@ -1427,19 +1381,7 @@ quick_r1recv(iph2, msg0) fsm_set_state(&iph2->status, IKEV1_STATE_QUICK_R_MSG1RCVD); error = 0; - - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Responder, Quick-Mode message 1"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Responder, Quick-Mode Message 1"), - CONSTSTR("Failed to process Quick-Mode Message 1")); - } if (hbuf) vfree(hbuf); if (msg) @@ -1764,19 +1706,7 @@ quick_r2send(iph2, msg) fsm_set_state(&iph2->status, IKEV1_STATE_QUICK_R_MSG2SENT); error = 0; - - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Responder, Quick-Mode message 2"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Responder, Quick-Mode Message 2"), - CONSTSTR("Failed to transmit Quick-Mode Message 2")); - } if (body != NULL) vfree(body); if (hash != NULL) @@ -1907,19 +1837,7 @@ quick_r3recv(iph2, msg0) fsm_set_state(&iph2->status, IKEV1_STATE_QUICK_R_COMMIT); error = 0; - - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_SUCC, - CONSTSTR("Responder, Quick-Mode message 3"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_RX_FAIL, - CONSTSTR("Responder, Quick-Mode Message 3"), - CONSTSTR("Failed to process Quick-Mode Message 3")); - } if (pbuf != NULL) vfree(pbuf); if (msg != NULL) @@ -2035,19 +1953,7 @@ quick_r4send(iph2, msg0) fsm_set_state(&iph2->status, IKEV1_STATE_QUICK_R_COMMIT); error = 0; - - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_SUCC, - CONSTSTR("Responder, Quick-Mode message 4"), - CONSTSTR(NULL)); - end: - if (error) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKE_PACKET_TX_FAIL, - CONSTSTR("Responder, Quick-Mode Message 4"), - CONSTSTR("Failed to transmit Quick-Mode Message 4")); - } if (buf != NULL) vfree(buf); if (myhash != NULL) diff --git a/ipsec-tools/racoon/isakmp_xauth.c b/ipsec-tools/racoon/isakmp_xauth.c index 1c005d0..bcb4657 100644 --- a/ipsec-tools/racoon/isakmp_xauth.c +++ b/ipsec-tools/racoon/isakmp_xauth.c @@ -91,9 +91,6 @@ #include "localconf.h" #include "vpn_control.h" #include "vpn_control_var.h" -#include "ipsecSessionTracer.h" -#include "ipsecMessageTracer.h" - void xauth_sendreq(iph1) @@ -759,11 +756,7 @@ isakmp_xauth_set(iph1, attr) vchar_t *mdata = NULL; if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_XAUTH) == 0) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_XAUTH_DROP, - CONSTSTR("XAUTH is not supported by peer"), - CONSTSTR("XAUTH dropped (not supported by peer)")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "Xauth mode config set but peer " "did not declare itself as Xauth capable\n"); return NULL; @@ -781,11 +774,7 @@ isakmp_xauth_set(iph1, attr) switch(AUTHMETHOD(iph1)) { case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R: if (!iph1->is_rekey) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_XAUTH_DROP, - CONSTSTR("Unexpected XAUTH Status"), - CONSTSTR("Xauth dropped (unexpected Xauth status)... not a Phase 1 rekey")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "Unexpected XAUTH_STATUS_OK... not a Phase 1 rekey\n"); return NULL; } @@ -797,11 +786,7 @@ isakmp_xauth_set(iph1, attr) case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I: break; default: - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_XAUTH_DROP, - CONSTSTR("Unexpected XAUTH Status"), - CONSTSTR("Xauth dropped (unexpected Xauth status)")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "Unexpected XAUTH_STATUS_OK\n"); return NULL; break; @@ -809,11 +794,7 @@ isakmp_xauth_set(iph1, attr) /* If we got a failure, delete iph1 */ if (ntohs(attr->lorv) != XAUTH_STATUS_OK) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_XAUTH_FAIL, - CONSTSTR("XAUTH Status is not OK"), - CONSTSTR("Xauth Failed (status not ok)")); - plog(ASL_LEVEL_ERR, + plog(ASL_LEVEL_ERR, "Xauth authentication failed\n"); vpncontrol_notify_ike_failed(VPNCTL_NTYPE_AUTHENTICATION_FAILED, FROM_LOCAL, @@ -823,10 +804,6 @@ isakmp_xauth_set(iph1, attr) IPSECLOGASLMSG("IPSec Extended Authentication Failed.\n"); } else { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_XAUTH_SUCC, - CONSTSTR("XAUTH Status is OK"), - CONSTSTR(NULL)); if (iph1->is_rekey) { xst->status = XAUTHST_OK; } @@ -855,21 +832,13 @@ isakmp_xauth_set(iph1, attr) } default: - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_XAUTH_DROP, - CONSTSTR("ignored attribute"), - CONSTSTR("Xauth dropped (ignored attribute)")); - plog(ASL_LEVEL_WARNING, + plog(ASL_LEVEL_WARNING, "Ignored attribute %s\n", s_isakmp_cfg_type(type)); return NULL; break; } if ((buffer = vmalloc(sizeof(*attr))) == NULL) { - IPSECSESSIONTRACEREVENT(iph1->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_XAUTH_DROP, - CONSTSTR("Failed to allocate attribute"), - CONSTSTR("Xauth dropped (failed to allocate attribute)")); plog(ASL_LEVEL_ERR, "Cannot allocate memory\n"); return NULL; diff --git a/ipsec-tools/racoon/pfkey_racoon.c b/ipsec-tools/racoon/pfkey_racoon.c index 6a85ced..57c2fa9 100644 --- a/ipsec-tools/racoon/pfkey_racoon.c +++ b/ipsec-tools/racoon/pfkey_racoon.c @@ -97,8 +97,6 @@ #include "vpn_control.h" #include "vpn_control_var.h" #include "ike_session.h" -#include "ipsecSessionTracer.h" -#include "ipsecMessageTracer.h" #include "power_mgmt.h" #include "session.h" @@ -1348,18 +1346,6 @@ pk_recvupdate(mhp) /* update status */ fsm_set_state(&iph2->status, IKEV1_STATE_PHASE2_ESTABLISHED); - if (iph2->side == INITIATOR) { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH2_INIT_SUCC, - CONSTSTR("Initiator, Quick-Mode"), - CONSTSTR(NULL)); - } else { - IPSECSESSIONTRACEREVENT(iph2->parent_session, - IPSECSESSIONEVENTCODE_IKEV1_PH2_RESP_SUCC, - CONSTSTR("Responder, Quick-Mode"), - CONSTSTR(NULL)); - } - ike_session_ph2_established(iph2); IPSECLOGASLMSG("IPSec Phase 2 established (Initiated by %s).\n", diff --git a/ipsec-tools/racoon/vpn.c b/ipsec-tools/racoon/vpn.c index 4f6867d..1b73d99 100644 --- a/ipsec-tools/racoon/vpn.c +++ b/ipsec-tools/racoon/vpn.c @@ -109,8 +109,6 @@ #include "vpn_control_var.h" #include "strnames.h" #include "ike_session.h" -#include "ipsecMessageTracer.h" - static int vpn_get_ph2pfs (phase1_handle_t *); diff --git a/ipsec-tools/racoon_test/racoon_test.c b/ipsec-tools/racoon_test/racoon_test.c index 778c08e..128cb78 100644 --- a/ipsec-tools/racoon_test/racoon_test.c +++ b/ipsec-tools/racoon_test/racoon_test.c @@ -219,13 +219,6 @@ check_auto_exit(void) return; } -void -ipsecSessionTracerEvent (ike_session_t *session, ipsecSessionEventCode_t eventCode, const char *event, const char *failure_reason) -{ - __builtin_unreachable(); - return; -} - static int racoon_cert_validity_test(void) { diff --git a/ipsec-tools/setkey/ipsecPolicyTracer.c b/ipsec-tools/setkey/ipsecPolicyTracer.c deleted file mode 100644 index 9b06ac5..0000000 --- a/ipsec-tools/setkey/ipsecPolicyTracer.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 2008 Apple Computer, Inc. All rights reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#include -#include -#import -#include -#include "ipsecPolicyTracer.h" -#include "ipsecMessageTracer.h" - -const char *ipsecConfigTracerFailedString = "Tracer Failed"; -const char *ipsecPolicyInvalidEventString = "Invalid Event"; -const char *ipsecPolicyString = "IPSEC"; - -const char * const ipsecPolicyEventStrings[IPSECPOLICYEVENTCODE_MAX] = { CONSTSTR("NONE") /* index place holder */, - CONSTSTR("setkey Error"), - }; - -const char * -ipsecPolicyEventCodeToString (ipsecPolicyEventCode_t eventCode) -{ - if (eventCode <= IPSECPOLICYEVENTCODE_NONE || eventCode >= IPSECPOLICYEVENTCODE_MAX) - return ipsecPolicyInvalidEventString; - return(ipsecPolicyEventStrings[eventCode]); -} - -static -void -ipsecPolicyLogEvent (const char *event_msg, const char *failure_signature) -{ - aslmsg m; - - if (!event_msg) { - return; - } - - m = asl_new(ASL_TYPE_MSG); - asl_set(m, ASL_KEY_FACILITY, PLAINIPSECDOMAIN); - asl_set(m, ASL_KEY_MSG, ipsecPolicyString); -#if 0 /* we don't want to send filenames to MessageTracer server */ - if (failure_signature) { - asl_set(m, "com.apple.message.domain", PLAINIPSECDOMAIN); - asl_set(m, "com.apple.message.result", "failure"); // failure - asl_set(m, "com.apple.message.signature", failure_signature); - } - asl_log(NULL, m, ASL_LEVEL_NOTICE, "%s", event_msg); -#else - if (failure_signature) { - asl_log(NULL, m, ASL_LEVEL_NOTICE, "%s (failure: %s)", event_msg, failure_signature); - } else { - asl_log(NULL, m, ASL_LEVEL_NOTICE, "%s", event_msg); - } -#endif - asl_free(m); -} - -void -ipsecPolicyTracerEvent (const char *filename, ipsecPolicyEventCode_t eventCode, const char *event, const char *failure_reason) -{ - char buf[1024]; - - if (filename == NULL) { - ipsecPolicyLogEvent(CONSTSTR("tracer failed. (Invalid filename)."), ipsecConfigTracerFailedString); - return; - } - if (eventCode <= IPSECPOLICYEVENTCODE_NONE || eventCode >= IPSECPOLICYEVENTCODE_MAX) { - ipsecPolicyLogEvent(CONSTSTR("tracer failed. (Invalid event code)."), ipsecConfigTracerFailedString); - return; - } - if (event == NULL) { - ipsecPolicyLogEvent(CONSTSTR("tracer failed. (Invalid event)."), ipsecConfigTracerFailedString); - return; - } - - buf[0] = (char)0; - snprintf(buf, sizeof(buf), "%s. (%s, filename %s).", ipsecPolicyEventCodeToString(eventCode), failure_reason, filename); - ipsecPolicyLogEvent(CONSTSTR(buf), event); -} diff --git a/ipsec-tools/setkey/ipsecPolicyTracer.h b/ipsec-tools/setkey/ipsecPolicyTracer.h deleted file mode 100644 index 4e9ff3b..0000000 --- a/ipsec-tools/setkey/ipsecPolicyTracer.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2008 Apple Computer, Inc. All rights reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#ifndef _IPSECPOLICYTRACER_H -#define _IPSECPOLICYTRACER_H - -typedef enum ipsecPolicyEventCode { - IPSECPOLICYEVENTCODE_NONE = 0, - IPSECPOLICYEVENTCODE_SETKEY_ERROR, - IPSECPOLICYEVENTCODE_MAX, -} ipsecPolicyEventCode_t; - -const char * ipsecPolicyEventCodeToString (ipsecPolicyEventCode_t); -void ipsecPolicyTracerEvent (const char *, ipsecPolicyEventCode_t, const char *, const char *); - -#endif /* _IPSECPOLICYTRACER_H */ diff --git a/ipsec-tools/setkey/setkey.c b/ipsec-tools/setkey/setkey.c index 972416d..8bd759a 100644 --- a/ipsec-tools/setkey/setkey.c +++ b/ipsec-tools/setkey/setkey.c @@ -71,9 +71,6 @@ //#include "package_version.h" #define extern /* so that variables in extern.h are not extern... */ #include "extern.h" -#include "ipsecPolicyTracer.h" -#include "ipsecMessageTracer.h" - void usage (/*int*/); int main (int, char **); @@ -170,10 +167,6 @@ main(argc, argv) case 'f': f_mode = MODE_SCRIPT; if ((fp = fopen(optarg, "r")) == NULL) { - IPSECPOLICYTRACEREVENT(optarg, - IPSECPOLICYEVENTCODE_SETKEY_ERROR, - CONSTSTR("could not open policy file"), - CONSTSTR("setkey -f : fopen erred")); err(1, "fopen"); /*NOTREACHED*/ } @@ -246,10 +239,6 @@ main(argc, argv) if (argc > 0) { while (argc--) if (fileproc(*argv++) < 0) { - IPSECPOLICYTRACEREVENT(argv[-1], - IPSECPOLICYEVENTCODE_SETKEY_ERROR, - CONSTSTR("could not parse policy file"), - CONSTSTR("setkey: fileproc erred")); err(1, "%s", argv[-1]); /*NOTREACHED*/ } @@ -258,10 +247,6 @@ main(argc, argv) so = pfkey_open(); if (so < 0) { - IPSECPOLICYTRACEREVENT(argv[-1], - IPSECPOLICYEVENTCODE_SETKEY_ERROR, - CONSTSTR("couldn't open pfkey socket"), - CONSTSTR("setkey: pfkey_open erred")); perror("pfkey_open"); exit(1); } @@ -283,10 +268,6 @@ main(argc, argv) break; case MODE_STDIN: if (get_supported() < 0) { - IPSECPOLICYTRACEREVENT("STDIN", - IPSECPOLICYEVENTCODE_SETKEY_ERROR, - CONSTSTR(ipsec_strerror()), - CONSTSTR("setkey: get_supported erred")); errx(1, "%s", ipsec_strerror()); /*NOTREACHED*/ } diff --git a/ipsec.xcodeproj/project.pbxproj b/ipsec.xcodeproj/project.pbxproj index 537fee7..84809d9 100644 --- a/ipsec.xcodeproj/project.pbxproj +++ b/ipsec.xcodeproj/project.pbxproj @@ -269,12 +269,6 @@ BA485FA3109C1ECA00545E19 /* power_mgmt.c in Sources */ = {isa = PBXBuildFile; fileRef = BA485FA1109C1ECA00545E19 /* power_mgmt.c */; }; BA48611C109C2BBA00545E19 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = BA48611B109C2BBA00545E19 /* IOKit.framework */; }; BA486225109C2BF500545E19 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = BA48611B109C2BBA00545E19 /* IOKit.framework */; }; - BA5B6F2A0EC19F40003774E7 /* ipsecConfigTracer.c in Sources */ = {isa = PBXBuildFile; fileRef = BA5B6F280EC19F40003774E7 /* ipsecConfigTracer.c */; }; - BA5B6F2B0EC19F40003774E7 /* ipsecSessionTracer.c in Sources */ = {isa = PBXBuildFile; fileRef = BA5B6F290EC19F40003774E7 /* ipsecSessionTracer.c */; }; - BA5B6F2C0EC19F40003774E7 /* ipsecConfigTracer.c in Sources */ = {isa = PBXBuildFile; fileRef = BA5B6F280EC19F40003774E7 /* ipsecConfigTracer.c */; }; - BA5B6F2D0EC19F40003774E7 /* ipsecSessionTracer.c in Sources */ = {isa = PBXBuildFile; fileRef = BA5B6F290EC19F40003774E7 /* ipsecSessionTracer.c */; }; - BA5B6F310EC19F80003774E7 /* ipsecPolicyTracer.c in Sources */ = {isa = PBXBuildFile; fileRef = BA5B6F300EC19F80003774E7 /* ipsecPolicyTracer.c */; }; - BA5B6F320EC19F80003774E7 /* ipsecPolicyTracer.c in Sources */ = {isa = PBXBuildFile; fileRef = BA5B6F300EC19F80003774E7 /* ipsecPolicyTracer.c */; }; BA64A934114EFE8C00F3574C /* racoon.sb in CopyFiles */ = {isa = PBXBuildFile; fileRef = BA64A933114EFE5C00F3574C /* racoon.sb */; }; BA6F109B0EA1DEC200546773 /* ike_session.c in Sources */ = {isa = PBXBuildFile; fileRef = BA6F109A0EA1DEC200546773 /* ike_session.c */; }; BA6F109C0EA1DEC200546773 /* ike_session.c in Sources */ = {isa = PBXBuildFile; fileRef = BA6F109A0EA1DEC200546773 /* ike_session.c */; }; @@ -1519,8 +1513,6 @@ 25DE2DE90A8BD40E0010A46D /* vpn_control.c in Sources */, 81CA08920CE3BC870055C0AF /* vpn.c in Sources */, BA6F109B0EA1DEC200546773 /* ike_session.c in Sources */, - BA5B6F2A0EC19F40003774E7 /* ipsecConfigTracer.c in Sources */, - BA5B6F2B0EC19F40003774E7 /* ipsecSessionTracer.c in Sources */, BA485FA2109C1ECA00545E19 /* power_mgmt.c in Sources */, 81CBCFE91447A1C20000D6E6 /* fsm.c in Sources */, BACD8C6A1496A50C0042DEA1 /* Preferences.c in Sources */, @@ -1539,7 +1531,6 @@ 25ECCDA209AD479A00883CA3 /* pfkey.c in Sources */, 25F258910988648C00D15623 /* setkey.c in Sources */, 25F258940988648C00D15623 /* token.l in Sources */, - BA5B6F310EC19F80003774E7 /* ipsecPolicyTracer.c in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -1613,8 +1604,6 @@ 812530F20D3FE9DC006BDF4F /* vpn_control.c in Sources */, 812530F30D3FE9DC006BDF4F /* vpn.c in Sources */, BA6F109C0EA1DEC200546773 /* ike_session.c in Sources */, - BA5B6F2C0EC19F40003774E7 /* ipsecConfigTracer.c in Sources */, - BA5B6F2D0EC19F40003774E7 /* ipsecSessionTracer.c in Sources */, BA485FA3109C1ECA00545E19 /* power_mgmt.c in Sources */, BACD8C6B1496A50C0042DEA1 /* Preferences.c in Sources */, 72F5C72F1607A1AE004C192F /* api_support.c in Sources */, @@ -1632,7 +1621,6 @@ 81DDFD9E0D622C1700C5CB87 /* pfkey.c in Sources */, 81DDFD9F0D622C1700C5CB87 /* setkey.c in Sources */, 81DDFDA00D622C1700C5CB87 /* token.l in Sources */, - BA5B6F320EC19F80003774E7 /* ipsecPolicyTracer.c in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; -- 2.45.2