static void connection_state(struct state *st, void *data) { struct log_conn_info *lc = data; if (!st || st == lc->ignore || !st->st_connection || !lc->conn) return; if (st->st_connection != lc->conn) { if (lc->conn->IPhost_pair != st->st_connection->IPhost_pair || !same_peer_ids(lc->conn, st->st_connection, NULL)) return; /* phase1 is shared with another connnection */ } /* ignore undefined states (ie., just deleted) */ if (st->st_state == STATE_UNDEFINED) return; if (IS_PHASE1(st->st_state)) { if (lc->tunnel < tun_phase1) lc->tunnel = tun_phase1; if (IS_ISAKMP_SA_ESTABLISHED(st->st_state)) { if (lc->tunnel < tun_phase1up) lc->tunnel = tun_phase1up; lc->phase1 = p1_up; } else { if (lc->phase1 < p1_init) lc->phase1 = p1_init; if (IS_ISAKMP_ENCRYPTED(st->st_state) && lc->phase1 < p1_encrypt) lc->phase1 = p1_encrypt; if (IS_ISAKMP_AUTHENTICATED(st->st_state) && lc->phase1 < p1_auth) lc->phase1 = p1_auth; } } else lc->phase1 = p1_down; /* only phase one shares across connections, so we can quit now */ if (st->st_connection != lc->conn) return; if (IS_PHASE15(st->st_state)) { if (lc->tunnel < tun_phase15) lc->tunnel = tun_phase15; } if (IS_QUICK(st->st_state)) { if (lc->tunnel < tun_phase2) lc->tunnel = tun_phase2; if (IS_IPSEC_SA_ESTABLISHED(st->st_state)) { if (lc->tunnel < tun_up) lc->tunnel = tun_up; lc->phase2 = p2_up; } else { if (lc->phase2 < p2_neg) lc->phase2 = p2_neg; } } }
bool unique_msgid(struct state *isakmp_sa, msgid_t msgid) { struct msgid_list *p; passert(msgid != MAINMODE_MSGID); passert(IS_ISAKMP_ENCRYPTED(isakmp_sa->st_state)); for (p = isakmp_sa->st_used_msgids; p != NULL; p = p->next) if (p->msgid == msgid) return FALSE; return TRUE; }
msgid_t generate_msgid(struct state *isakmp_sa) { int timeout = 100; /* only try so hard for unique msgid */ msgid_t msgid; passert(IS_ISAKMP_ENCRYPTED(isakmp_sa->st_state)); for (;; ) { get_rnd_bytes((void *) &msgid, sizeof(msgid)); if (msgid != 0 && unique_msgid(isakmp_sa, msgid)) break; if (--timeout == 0) { libreswan_log( "gave up looking for unique msgid; using 0x%08lx", (unsigned long) msgid); break; } } return msgid; }