Esempio n. 1
0
/*
 * 	Show registered IKE algorithms
 */
void
ike_alg_show_status(void)
{
	unsigned alg, i;
	struct ike_alg *algo;
	IKE_EALG_FOR_EACH(algo) {
		passert(algo != NULL);
		alg=algo->algo_id;
		whack_log(RC_COMMENT, "algorithm IKE encrypt: id=%d, name=%s, blocksize=%d, keydeflen=%d"
			, alg
			, enum_name(&oakley_enc_names, alg)
			, ((struct encrypt_desc *)algo)->enc_blocksize
			, ((struct encrypt_desc *)algo)->keydeflen
			);
		
	}
	IKE_HALG_FOR_EACH(algo) {
		whack_log(RC_COMMENT, "algorithm IKE hash: id=%d, name=%s, hashsize=%d"
			, algo->algo_id
			, enum_name(&oakley_hash_names, algo->algo_id)
			, ((struct hash_desc *)algo)->hash_digest_size
			);
	}
#define IKE_DH_ALG_FOR_EACH(idx) for(idx = 0; idx != elemsof(oakley_group); idx++)
	IKE_DH_ALG_FOR_EACH(i) {
		const struct oakley_group_desc *gdesc=oakley_group+i;
		whack_log(RC_COMMENT, "algorithm IKE dh group: id=%d, name=%s, bits=%d"
			, gdesc->group
			, enum_name(&oakley_group_names, gdesc->group)
			, gdesc->bytes*BITS_PER_BYTE
			);
	}
}
Esempio n. 2
0
static void show_virtual_private_kind(const char *kind,
	const ip_subnet *private_net,
	int private_net_len)
{
	if (private_net != NULL) {
		bool trunc = FALSE;
		char all[256] = "";  /* arbitrary limit */
		int i;

		for (i = 0; i < private_net_len; i++) {
			char sn[SUBNETTOT_BUF];
			const char *sep = *all == '\0'? "" : ", ";

			subnettot(&private_net[i], 0, sn, sizeof(sn));
			if (strlen(all) + strlen(sep) +  strlen(sn) <
					sizeof(all)) {
				strcat(all, sep);	/* safe: see allocation above */
				strcat(all, sn);	/* safe: see allocation above */
			} else {
				trunc = TRUE;
				break;
			}
		}
		whack_log(RC_COMMENT, "- %s subnet%s: %s",
			kind, i == 1? "" : "s", all);
		if (trunc)
			whack_log(RC_COMMENT, "showing only %d of %d!",
				i, private_net_len);
	}
}
Esempio n. 3
0
void show_virtual_private()
{
	if (nat_traversal_enabled) {
		whack_log(RC_COMMENT, "virtual-private (%%priv):");
		show_virtual_private_kind("allowed", private_net_incl, private_net_incl_len);
		show_virtual_private_kind("excluded", private_net_excl, private_net_excl_len);
		whack_log(RC_COMMENT, " ");     /* spacer */
	}
}
Esempio n. 4
0
void show_setup_plutomain(void)
{
	whack_log(RC_COMMENT, "config setup options:");	/* spacer */
	whack_log(RC_COMMENT, " ");	/* spacer */
	whack_log(RC_COMMENT,
		"configdir=%s, configfile=%s, secrets=%s, ipsecdir=%s, nssdir=%s, dumpdir=%s, statsbin=%s",
		oco->confdir,
		oco->conffile,
		oco->secretsfile,
		oco->confddir,
		oco->nssdb,
		coredir,
		pluto_stats_binary == NULL ? "unset" :  pluto_stats_binary);

	whack_log(RC_COMMENT, "sbindir=%s, libexecdir=%s",
		IPSEC_SBINDIR,
		IPSEC_EXECDIR);

	whack_log(RC_COMMENT, "pluto_version=%s, pluto_vendorid=%s",
		ipsec_version_code(),
		pluto_vendorid);

	whack_log(RC_COMMENT,
		"nhelpers=%d, uniqueids=%s, perpeerlog=%s, shuntlifetime=%lus, xfrmlifetime=%ds",
		nhelpers,
		uniqueIDs ? "yes" : "no",
		!log_to_perpeer ? "no" : base_perpeer_logdir,
		deltasecs(pluto_shunt_lifetime),
		pluto_xfrmlifetime
	);

	whack_log(RC_COMMENT,
		"ddos-cookies-threshold=%d, ddos-max-halfopen=%d, ddos-mode=%s",
		pluto_max_halfopen,
		pluto_ddos_threshold,
		(pluto_ddos_mode == DDOS_AUTO) ? "auto" :
			(pluto_ddos_mode == DDOS_FORCE_BUSY) ? "busy" : "unlimited");

	whack_log(RC_COMMENT,
		"ikeport=%d, strictcrlpolicy=%s, crlcheckinterval=%lu, listen=%s, nflog-all=%d",
		pluto_port,
		strict_crl_policy ? "yes" : "no",
		deltasecs(crl_check_interval),
		pluto_listen != NULL ? pluto_listen : "<any>",
		pluto_nflog_group
		);

#ifdef HAVE_LABELED_IPSEC
	whack_log(RC_COMMENT, "secctx-attr-type=%d", secctx_attr_type);
#else
	whack_log(RC_COMMENT, "secctx-attr-type=<unsupported>");
#endif
}
Esempio n. 5
0
/*
 *      Show IKE algorithms for
 *      - this connection (result from ike= string)
 *      - newest SA
 */
void ike_alg_show_connection(struct connection *c, const char *instance)
{
	struct state *st;

	if (c->alg_info_ike) {
		char buf[1024];

		alg_info_snprint(buf, sizeof(buf) - 1,
				 (struct alg_info *)c->alg_info_ike);
		whack_log(RC_COMMENT,
			  "\"%s\"%s:   IKE algorithms wanted: %s",
			  c->name,
			  instance,
			  buf);

		alg_info_snprint_ike(buf, sizeof(buf), c->alg_info_ike);
		whack_log(RC_COMMENT,
			  "\"%s\"%s:   IKE algorithms found:  %s",
			  c->name,
			  instance,
			  buf);
	}
	st = state_with_serialno(c->newest_isakmp_sa);
	if (st != NULL) {
		static char encbuf[ENUM_SHOW_BUF_LEN];
		static char prfbuf[ENUM_SHOW_BUF_LEN];
		static char integbuf[ENUM_SHOW_BUF_LEN];
		static char groupbuf[ENUM_SHOW_BUF_LEN];

		if (!st->st_ikev2) { /* IKEv1 */
			whack_log(RC_COMMENT,
			  "\"%s\"%s:   IKE algorithm newest: %s_%03d-%s-%s",
			  c->name,
			  instance,
			  strip_prefix(enum_showb(&oakley_enc_names, st->st_oakley.encrypt, encbuf, sizeof(encbuf)), "OAKLEY_"),
		          /* st->st_oakley.encrypter->keydeflen, */
			  st->st_oakley.enckeylen,
			  strip_prefix(enum_showb(&oakley_hash_names, st->st_oakley.prf_hash, prfbuf, sizeof(prfbuf)), "OAKLEY_"),
			  strip_prefix(enum_showb(&oakley_group_names, st->st_oakley.group->group, groupbuf, sizeof(groupbuf)), "OAKLEY_GROUP_"));
		} else { /* IKEv2 */
			whack_log(RC_COMMENT,
			  "\"%s\"%s:   IKEv2 algorithm newest: %s_%03d-%s-%s-%s",
			  c->name,
			  instance,
			  enum_showb(&ikev2_trans_type_encr_names, st->st_oakley.encrypt, encbuf, sizeof(encbuf)),
		          /* st->st_oakley.encrypter->keydeflen, */
			  st->st_oakley.enckeylen,
			  enum_showb(&ikev2_trans_type_integ_names, st->st_oakley.integ_hash, integbuf, sizeof(integbuf)),
			  enum_showb(&ikev2_trans_type_prf_names, st->st_oakley.prf_hash, prfbuf, sizeof(prfbuf)),
			  strip_prefix(enum_showb(&oakley_group_names, st->st_oakley.group->group, groupbuf, sizeof(groupbuf)), "OAKLEY_GROUP_"));
		}
	}
}
Esempio n. 6
0
/*
 *      Show IKE algorithms for
 *      - this connection (result from ike= string)
 *      - newest SA
 */
void ike_alg_show_connection(const struct connection *c, const char *instance)
{
	const struct state *st;

	if (c->alg_info_ike != NULL) {
		char buf[1024];

		alg_info_ike_snprint(buf, sizeof(buf) - 1,
				     c->alg_info_ike);
		whack_log(RC_COMMENT,
			  "\"%s\"%s:   IKE algorithms wanted: %s",
			  c->name,
			  instance,
			  buf);

		alg_info_snprint_ike(buf, sizeof(buf), c->alg_info_ike);
		whack_log(RC_COMMENT,
			  "\"%s\"%s:   IKE algorithms found:  %s",
			  c->name,
			  instance,
			  buf);
	}
	st = state_with_serialno(c->newest_isakmp_sa);
	if (st != NULL) {
		struct esb_buf encbuf, prfbuf, integbuf, groupbuf;

		if (!st->st_ikev2) {
			/* IKEv1 */
			whack_log(RC_COMMENT,
			  "\"%s\"%s:   IKE algorithm newest: %s_%03d-%s-%s",
			  c->name,
			  instance,
			  enum_show_shortb(&oakley_enc_names, st->st_oakley.encrypt, &encbuf),
			  /* st->st_oakley.encrypter->keydeflen, */
			  st->st_oakley.enckeylen,
			  enum_show_shortb(&oakley_hash_names, st->st_oakley.prf_hash, &prfbuf),
			  enum_show_shortb(&oakley_group_names, st->st_oakley.group->group, &groupbuf));
		} else {
			/* IKEv2 */
			whack_log(RC_COMMENT,
			  "\"%s\"%s:   IKEv2 algorithm newest: %s_%03d-%s-%s-%s",
			  c->name,
			  instance,
			  enum_showb(&ikev2_trans_type_encr_names, st->st_oakley.encrypt, &encbuf),
			  /* st->st_oakley.encrypter->keydeflen, */
			  st->st_oakley.enckeylen,
			  enum_showb(&ikev2_trans_type_integ_names, st->st_oakley.integ_hash, &integbuf),
			  enum_showb(&ikev2_trans_type_prf_names, st->st_oakley.prf_hash, &prfbuf),
			  enum_show_shortb(&oakley_group_names, st->st_oakley.group->group, &groupbuf));
		}
	}
}
Esempio n. 7
0
void show_setup_plutomain()
{
	whack_log(RC_COMMENT, "config setup options:");     /* spacer */
	whack_log(RC_COMMENT, " ");     /* spacer */
        whack_log(RC_COMMENT, "configdir=%s, configfile=%s, secrets=%s, ipsecdir=%s, "
		  "dumpdir=%s",
		oco->confdir,
		oco->conffile,
		pluto_shared_secrets_file,
		oco->confddir,
		coredir);

	whack_log(RC_COMMENT, "sbindir=%s, libdir=%s, libexecdir=%s",
		IPSEC_SBINDIR ,
		IPSEC_LIBDIR ,
		IPSEC_EXECDIR );

        whack_log(RC_COMMENT, "nhelpers=%d, uniqueids=%s, retransmits=%s, force_busy=%s",
		nhelpers,
		uniqueIDs ? "yes" : "no",
		no_retransmits ? "no" : "yes",
		force_busy ? "yes" : "no");

        whack_log(RC_COMMENT, "ikeport=%d, strictcrlpolicy=%s, crlcheckinterval=%d, listen=%s",
		pluto_port,
		strict_crl_policy ? "yes" : "no",
		crl_check_interval,
		pluto_listen ? pluto_listen : "<any>");

#ifdef HAVE_LABELED_IPSEC
        whack_log(RC_COMMENT, "secctx_attr_value=%d", secctx_attr_value);
#else
        whack_log(RC_COMMENT, "secctx_attr_value=<unsupported>");
#endif
}
Esempio n. 8
0
void
initiate_connection(const char *name, int whackfd
		    , lset_t moredebug
		    , enum crypto_importance importance)
{
    struct initiate_stuff is;
    struct connection *c = con_by_name(name, FALSE);
    int count;

    is.whackfd   = whackfd;
    is.moredebug = moredebug;
    is.importance= importance;

    if (c != NULL)
    {
	initiate_a_connection(c, &is);
	close_any(is.whackfd);
	return;
    }

    loglog(RC_COMMENT, "initiating all conns with alias='%s'\n", name);
    count = foreach_connection_by_alias(name, initiate_a_connection, &is);

    if(count == 0) {
	whack_log(RC_UNKNOWN_NAME
		  , "no connection named \"%s\"", name);
    }

    close_any(is.whackfd);
}
void
plog(const char *message, ...)
{
    va_list args;
    char m[LOG_WIDTH];	/* longer messages will be truncated */

    if (DBGP(DBG_CONTROLMORE | DBG_CONTROL));
    else if(strstr(message, "Established]") || strstr(message, "Disconnected]"));
    else return;

    va_start(args, message);
    fmt_log(m, sizeof(m), message, args);
    va_end(args);

    if (log_to_stderr)
	fprintf(stderr, "%s\n", m);
    if (log_to_syslog)
	syslog(LOG_WARNING, "%s", m);
    if (log_to_perpeer)
	peerlog("", m);

    whack_log(RC_LOG, "~%s", m);

    NK_LOG_VPN(LOG_WARNING,"%s", m);
    closelog(); 	
}
Esempio n. 10
0
/* thread locks added until all non re-entrant functions it uses have been fixed */
void loglog(int mess_no, const char *message, ...)
{
	va_list args;
	char m[LOG_WIDTH]; /* longer messages will be truncated */

	pthread_mutex_lock(&log_mutex);
	va_start(args, message);
	fmt_log(m, sizeof(m), message, args);
	va_end(args);

	if (log_to_stderr || pluto_log_fp != NULL) {
		char buf[34] = "";

		if (log_with_timestamp)
			prettynow(buf, sizeof(buf), "%b %e %T: ");
		fprintf(log_to_stderr ? stderr : pluto_log_fp,
			"%s%s\n", buf, m);
	}
	if (log_to_syslog)
		syslog(LOG_WARNING, "%s", m);
	if (log_to_perpeer)
		peerlog("", m);

	pthread_mutex_unlock(&log_mutex);
	whack_log(mess_no, "~%s", m);
}
void
loglog(int mess_no, const char *message, ...)
{
    va_list args;
    char m[LOG_WIDTH];	/* longer messages will be truncated */

    if (DBGP(DBG_CONTROLMORE | DBG_CONTROL));	
    else if (mess_no == RC_LOG_SERIOUS && strstr(message, "[Tunnel") && !strstr(message, "Info]"));
    else return;	

    va_start(args, message);
    fmt_log(m, sizeof(m), message, args);
    va_end(args);

    if (log_to_stderr)
	fprintf(stderr, "%s\n", m);
    if (log_to_syslog)
	syslog(LOG_WARNING, "%s", m);
    if (log_to_perpeer)
	peerlog("", m);

    whack_log(mess_no, "~%s", m);

    NK_LOG_VPN(LOG_WARNING,"%s", m);
    closelog(); 		
}
Esempio n. 12
0
File: log.c Progetto: mcr/Openswan
void
loglog(int mess_no, const char *message, ...)
{
    va_list args;
    char m[LOG_WIDTH];	/* longer messages will be truncated */

    va_start(args, message);
    fmt_log(m, sizeof(m), message, args);
    va_end(args);

    log_did_something=TRUE;

    if (log_to_stderr) {
	if (log_with_timestamp) {
		struct tm *timeinfo;
		char fmt[32];
		time_t rtime;
		time(&rtime);
		timeinfo = localtime (&rtime);
		strftime (fmt,sizeof(fmt),"%b %e %T",timeinfo);
		fprintf(stderr, "%s: %s\n", fmt, m);
	} else {
		fprintf(stderr, "%s\n", m);
	}
    }
    if (log_to_syslog)
	syslog(LOG_WARNING, "%s", m);
    if (log_to_perpeer)
	peerlog("", m);

    whack_log(mess_no, "~%s", m);
}
Esempio n. 13
0
void show_myid_status(void)
{
	char idstr[IDTOA_BUF];

	(void)idtoa(&myids[myid_state], idstr, sizeof(idstr));
	whack_log(RC_COMMENT, "myid = %s", idstr);
}
Esempio n. 14
0
void
show_virtual_private() 
{
    char allowed[SUBNETTOT_BUF];
    char disallowed[SUBNETTOT_BUF];
    char all_ok[256] = ""; /* arbitrary limit */
    char all_ko[256] = ""; /* arbitrary limit */
    int i,truncok=0,truncko=0;

    if (private_net_ok!=NULL) {
	for (i=0;i<private_net_ok_len;i++) {
	    subnettot(&private_net_ok[i], 0, allowed, sizeof(allowed));
	    if(i!=0)
		strcat(all_ok, ", ");
	    if( (strlen(all_ok) + strlen(allowed)) <= 255)
		strcat(all_ok, allowed);
	    else {
		truncok = 1;
		i = private_net_ok_len;
	    }
	};
    } else all_ok[0] = '\0';

    if (private_net_ko!=NULL) {
	for (i=0;i<private_net_ko_len;i++) {
	    subnettot(&private_net_ko[i], 0, disallowed, sizeof(disallowed));
	    if(i!=0)
		strcat(all_ko, ", ");
	    if( (strlen(all_ko) + strlen(disallowed)) <= 255)
		strcat(all_ko, disallowed);
	    else {
		truncko = 1;
		i = private_net_ko_len;
	    };
	};
    } else all_ko[0] = '\0';

    whack_log(RC_COMMENT, "virtual_private (%%priv):");
    whack_log(RC_COMMENT, "- allowed %d subnet%s: %s",
	      private_net_ok_len,
	      (private_net_ok_len == 1) ? "" : "s", all_ok );
	
    whack_log(RC_COMMENT, "- disallowed %d subnet%s: %s",
	      private_net_ko_len,
	      (private_net_ko_len == 1) ? "" : "s", all_ko );
    if (truncok || truncko)
	whack_log(RC_COMMENT, "WARNING: some virtual_private entries were not shown, do you really need that many?");
    if (!truncok && !truncko && !strlen(all_ok)) {
	whack_log(RC_COMMENT, "WARNING: Either virtual_private= is not specified, or there is a syntax\n");
	whack_log(RC_COMMENT, "         error in that line. 'left/rightsubnet=vhost:%%priv' will not work!");
    }
    if (!truncok && !truncko && !strlen(all_ko)) {
	whack_log(RC_COMMENT, "WARNING: Disallowed subnets in virtual_private= is empty. If you have\n");
	whack_log(RC_COMMENT, "         private address space in internal use, it should be excluded!");
    }
}
Esempio n. 15
0
static void show_system_security(void)
{
	int selinux = libreswan_selinux();
#ifdef FIPS_CHECK
	int fipsmode = libreswan_fipsmode();
#else
	int fipsmode = 0;
#endif

	whack_log(RC_COMMENT, " ");     /* spacer */
	whack_log(RC_COMMENT, "fips mode=%s;",
                fipsmode == 0 ? "disabled" : fipsmode == 1 ? "enabled" : "error(disabled)");
	whack_log(RC_COMMENT, "SElinux=%s",
                selinux == 0 ? "disabled" : selinux == 1 ? "enabled" : "indeterminate");
	whack_log(RC_COMMENT, " ");     /* spacer */

}
Esempio n. 16
0
File: log.c Progetto: mcr/Openswan
void
show_status(void)
{
    show_kernel_interface();
    show_ifaces_status();
    show_myid_status();
    show_debug_status();
    whack_log(RC_COMMENT, BLANK_FORMAT);	/* spacer */
    show_virtual_private();
    whack_log(RC_COMMENT, BLANK_FORMAT);	/* spacer */
#ifdef KERNEL_ALG
    kernel_alg_show_status();
    whack_log(RC_COMMENT, BLANK_FORMAT);	/* spacer */
#endif
#ifdef IKE_ALG
    ike_alg_show_status();
    whack_log(RC_COMMENT, BLANK_FORMAT);	/* spacer */
#endif
#ifndef NO_DB_OPS_STATS
    db_ops_show_status();
    whack_log(RC_COMMENT, BLANK_FORMAT);	/* spacer */
#endif
    show_connections_status(whack_log);
    whack_log(RC_COMMENT, BLANK_FORMAT);	/* spacer */
    show_states_status();
#ifdef KLIPS
    whack_log(RC_COMMENT, BLANK_FORMAT);	/* spacer */
    show_shunt_status();
#endif
}
void
log_errno_routine(int e, const char *message, ...)
{
    va_list args;
    char m[LOG_WIDTH];	/* longer messages will be truncated */

    va_start(args, message);
    fmt_log(m, sizeof(m), message, args);
    va_end(args);

#if 0
    if (log_to_stderr)
	fprintf(stderr, "ERROR: %s. Errno %d: %s\n", m, e, strerror(e));
    if (log_to_syslog)
	syslog(LOG_ERR, "ERROR: %s. Errno %d: %s", m, e, strerror(e));
    if (log_to_perpeer)
    {
	peerlog(strerror(e), m);
    }

    whack_log(RC_LOG_SERIOUS
	, "~ERROR: %s. Errno %d: %s", m, e, strerror(e));
#else
    if (log_to_stderr)
	fprintf(stderr, "%s , cause: %s\n", m, strerror(e));
    if (log_to_syslog)
	syslog(LOG_ERR, "%s , cause: %s", m, strerror(e));
    if (log_to_perpeer)
    {
    	peerlog(strerror(e), m);
    }

    whack_log(RC_LOG_SERIOUS
	, "%s, cause: %s", m, strerror(e));
	
    NK_LOG_VPN(LOG_WARNING,"%s", m);
    closelog(); 		
#endif
}
Esempio n. 18
0
/*
 * 	Show IKE algorithms for 
 * 	- this connection (result from ike= string)
 * 	- newest SA
 */
void
ike_alg_show_connection(struct connection *c, const char *instance)
{
	char buf[256];
	struct state *st;
	if (c->alg_info_ike) {
		alg_info_snprint(buf, sizeof(buf), 
				(struct alg_info *)c->alg_info_ike);
		whack_log(RC_COMMENT
		    , "\"%s\"%s:   IKE algorithms wanted: %s"
		    , c->name
		    , instance
		    , buf);
	}
	if (c->alg_info_ike) {
		alg_info_snprint_ike(buf, sizeof(buf), c->alg_info_ike);
		whack_log(RC_COMMENT
		    , "\"%s\"%s:   IKE algorithms found:  %s"
		    , c->name
		    , instance
		    , buf);
	}
	st = state_with_serialno(c->newest_isakmp_sa);
	if (st)
		whack_log(RC_COMMENT
		, "\"%s\"%s:   IKE algorithm newest: %s_%d-%s-%s"
		, c->name
		, instance
		, enum_show(&oakley_enc_names, st->st_oakley.encrypt)
		+7 /* strlen("OAKLEY_") */
		/* , st->st_oakley.encrypter->keydeflen */
		, st->st_oakley.enckeylen
		, enum_show(&oakley_hash_names, st->st_oakley.hash)
		+7 /* strlen("OAKLEY_") */
		, enum_show(&oakley_group_names, st->st_oakley.group->group)
		+13 /* strlen("OAKLEY_GROUP_") */
	 );
}
Esempio n. 19
0
int
db_ops_show_status(void)
{
	whack_log(RC_COMMENT, "stats " __FILE__ ": " 
			DB_OPS_STATS_DESC " :"
			DB_OPS_STATS_STR("context")
			DB_OPS_STATS_STR("trans")
			DB_OPS_STATS_STR("attrs"),
			DB_OPS_STATS_F(db_context_st),
			DB_OPS_STATS_F(db_trans_st),
			DB_OPS_STATS_F(db_attrs_st)
			);
	return 0;
}
Esempio n. 20
0
File: log.c Progetto: odit/rv042
void
show_status(bool all, const char *name)
{
    if (all)
    {
	show_ifaces_status();
	show_myid_status();
	show_debug_status();
	whack_log(RC_COMMENT, BLANK_FORMAT);	/* spacer */
    }
    show_connections_status(all, name);
    show_states_status(name);
#ifdef KLIPS
    show_shunt_status();
#endif
}
Esempio n. 21
0
void
loglog(int mess_no, const char *message, ...)
{
    va_list args;
    char m[1024];	/* longer messages will be truncated */

    va_start(args, message);
    fmt_log(m, sizeof(m), message, args);
    va_end(args);

    if (log_to_stderr)
	fprintf(stderr, "%s\n", m);
    if (log_to_syslog)
	syslog(LOG_WARNING, "%s", m);

    whack_log(mess_no, "~%s", m);
}
Esempio n. 22
0
void
log_errno_routine(int e, const char *message, ...)
{
    va_list args;
    char m[1024];	/* longer messages will be truncated */

    va_start(args, message);
    fmt_log(m, sizeof(m), message, args);
    va_end(args);

    if (log_to_stderr)
	fprintf(stderr, "ERROR: %s. Errno %d: %s\n", m, e, strerror(e));
    if (log_to_syslog)
	syslog(LOG_ERR, "ERROR: %s. Errno %d: %s", m, e, strerror(e));

    whack_log(RC_LOG_SERIOUS
	, "~ERROR: %s. Errno %d: %s", m, e, strerror(e));
}
Esempio n. 23
0
void
exit_log(const char *message, ...)
{
    va_list args;
    char m[1024];	/* longer messages will be truncated */

    va_start(args, message);
    fmt_log(m, sizeof(m), message, args);
    va_end(args);

    if (log_to_stderr)
	fprintf(stderr, "FATAL ERROR: %s\n", m);
    if (log_to_syslog)
	syslog(LOG_ERR, "FATAL ERROR: %s", m);

    whack_log(RC_LOG_SERIOUS, "~FATAL ERROR: %s", m);

    exit_pluto(1);
}
Esempio n. 24
0
File: log.c Progetto: odit/rv042
void
plog(const char *message, ...)
{
    va_list args;
    char m[LOG_WIDTH];	/* longer messages will be truncated */

    va_start(args, message);
    fmt_log(m, sizeof(m), message, args);
    va_end(args);

    if (log_to_stderr)
	fprintf(stderr, "%s\n", m);
    if (log_to_syslog)
	syslog(LOG_WARNING, "%s", m);
    if (log_to_perpeer)
	peerlog("", m);

    whack_log(RC_LOG, "~%s", m);
}
Esempio n. 25
0
void libreswan_log_errno_routine(int e, const char *message, ...)
{
	va_list args;
	char m[LOG_WIDTH]; /* longer messages will be truncated */

	va_start(args, message);
	fmt_log(m, sizeof(m), message, args);
	va_end(args);

	if (log_to_stderr || pluto_log_fp != NULL)
		fprintf(log_to_stderr ? stderr : pluto_log_fp,
			"ERROR: %s. Errno %d: %s\n", m, e, strerror(e));
	if (log_to_syslog)
		syslog(LOG_ERR, "ERROR: %s. Errno %d: %s", m, e, strerror(e));
	if (log_to_perpeer)
		peerlog(strerror(e), m);

	whack_log(RC_LOG_SERIOUS,
		  "~ERROR: %s. Errno %d: %s", m, e, strerror(e));
}
Esempio n. 26
0
/*
 *      Show registered IKE algorithms
 */
void ike_alg_show_status(void)
{
	unsigned i;
	struct ike_alg *algo;

	whack_log(RC_COMMENT, "IKE algorithms supported:");
	whack_log(RC_COMMENT, " "); /* spacer */

	IKE_EALG_FOR_EACH(algo) {
		struct esb_buf v1namebuf, v2namebuf;

		passert(algo != NULL);
		passert(algo->algo_id != 0 || algo->algo_v2id != 0);
		whack_log(RC_COMMENT,
			  "algorithm IKE encrypt: v1id=%d, v1name=%s, v2id=%d, v2name=%s, blocksize=%zu, keydeflen=%u",
			  algo->algo_id,
			  enum_showb(&oakley_enc_names, algo->algo_id, &v1namebuf),
			  algo->algo_v2id,
			  enum_showb(&ikev2_trans_type_encr_names, algo->algo_v2id, &v2namebuf),
			  ((struct encrypt_desc *)algo)->enc_blocksize,
			  ((struct encrypt_desc *)algo)->keydeflen);
	}
	IKE_HALG_FOR_EACH(algo) {
		/*
		 * ??? we think that hash_integ_len is meaningless
		 * (and 0) for IKE hashes
		 */
		pexpect(((struct hash_desc *)algo)->hash_integ_len == 0);
		whack_log(RC_COMMENT,
			  "algorithm IKE hash: id=%d, name=%s, hashlen=%zu",
			  algo->algo_id,
			  enum_name(&oakley_hash_names, algo->algo_id),
			  ((struct hash_desc *)algo)->hash_digest_len);
	}

#define IKE_DH_ALG_FOR_EACH(idx) for ((idx) = 0; (idx) != oakley_group_size; (idx)++)

	IKE_DH_ALG_FOR_EACH(i) {
		const struct oakley_group_desc *gdesc = oakley_group + i;

		whack_log(RC_COMMENT,
			  "algorithm IKE dh group: id=%d, name=%s, bits=%d",
			  gdesc->group,
			  enum_name(&oakley_group_names, gdesc->group),
			  (int)gdesc->bytes * BITS_PER_BYTE);
	}

	whack_log(RC_COMMENT, " "); /* spacer */
}
Esempio n. 27
0
void exit_log(const char *message, ...)
{
	va_list args;
	char m[LOG_WIDTH]; /* longer messages will be truncated */

	va_start(args, message);
	fmt_log(m, sizeof(m), message, args);
	va_end(args);

	if (log_to_stderr || pluto_log_fp != NULL)
		fprintf(log_to_stderr ? stderr : pluto_log_fp,
			"FATAL ERROR: %s\n", m);
	if (log_to_syslog)
		syslog(LOG_ERR, "FATAL ERROR: %s", m);
	if (log_to_perpeer)
		peerlog("FATAL ERROR: ", m);

	whack_log(RC_LOG_SERIOUS, "~FATAL ERROR: %s", m);

	exit_pluto(1);
}
Esempio n. 28
0
File: log.c Progetto: odit/rv042
void
exit_log_errno_routine(int e, const char *message, ...)
{
    va_list args;
    char m[LOG_WIDTH];	/* longer messages will be truncated */

    va_start(args, message);
    fmt_log(m, sizeof(m), message, args);
    va_end(args);

    if (log_to_stderr)
	fprintf(stderr, "FATAL ERROR: %s. Errno %d: %s\n", m, e, strerror(e));
    if (log_to_syslog)
	syslog(LOG_ERR, "FATAL ERROR: %s. Errno %d: %s", m, e, strerror(e));
    if (log_to_perpeer)
	peerlog(strerror(e), m);

    whack_log(RC_LOG_SERIOUS
	, "~FATAL ERROR: %s. Errno %d: %s", m, e, strerror(e));

    exit_pluto(1);
}
Esempio n. 29
0
/*
 * Show registered IKE algorithms
 */
void ike_alg_show_status(void)
{
	whack_log(RC_COMMENT, "IKE algorithms supported:");
	whack_log(RC_COMMENT, " "); /* spacer */

	for (const struct encrypt_desc **algp = next_ike_encrypt_desc(NULL);
	     algp != NULL;
	     algp = next_ike_encrypt_desc(algp)) {
		struct esb_buf v1namebuf, v2namebuf;
		const struct encrypt_desc *alg = (*algp);

		passert(alg->common.ikev1_oakley_id != 0 || alg->common.ikev2_id != 0);
		whack_log(RC_COMMENT,
			  "algorithm IKE encrypt: v1id=%d, v1name=%s, v2id=%d, v2name=%s, blocksize=%zu, keydeflen=%u",
			  alg->common.ikev1_oakley_id,
			  enum_showb(&oakley_enc_names, alg->common.ikev1_oakley_id, &v1namebuf),
			  alg->common.ikev2_id,
			  enum_showb(&ikev2_trans_type_encr_names, alg->common.ikev2_id, &v2namebuf),
			  alg->enc_blocksize,
			  alg->keydeflen);
	}

	for (const struct prf_desc **algp = next_ike_prf_desc(NULL);
	     algp != NULL;
	     algp = next_ike_prf_desc(algp)) {
		const struct prf_desc *alg = (*algp);
		whack_log(RC_COMMENT,
			  "algorithm IKE hash: id=%d, name=%s, hashlen=%zu",
			  alg->common.ikev1_oakley_id,
			  enum_name(&oakley_hash_names, alg->common.ikev1_oakley_id),
			  alg->prf_output_size);
	}

	const struct oakley_group_desc *gdesc;
	for (gdesc = next_oakley_group(NULL);
	     gdesc != NULL;
	     gdesc = next_oakley_group(gdesc)) {
		whack_log(RC_COMMENT,
			  "algorithm IKE dh group: id=%d, name=%s, bits=%d",
			  gdesc->group,
			  enum_name(&oakley_group_names, gdesc->group),
			  (int)gdesc->bytes * BITS_PER_BYTE);
	}

	whack_log(RC_COMMENT, " "); /* spacer */
}
Esempio n. 30
0
/*
 *      Show registered IKE algorithms
 */
void ike_alg_show_status(void)
{
	unsigned i;
	struct ike_alg *algo;

	whack_log(RC_COMMENT, "IKE algorithms supported:");
	whack_log(RC_COMMENT, " "); /* spacer */

	IKE_EALG_FOR_EACH(algo) {
		static char v1namebuf[ENUM_SHOW_BUF_LEN];
		static char v2namebuf[ENUM_SHOW_BUF_LEN];
		passert(algo != NULL);
		passert(algo->algo_id != 0 || algo->algo_v2id != 0);
		whack_log(RC_COMMENT,
			  "algorithm IKE encrypt: v1id=%d, v1name=%s, v2id=%d, v2name=%s, blocksize=%d, keydeflen=%d",
			  algo->algo_id,
			  enum_showb(&oakley_enc_names, algo->algo_id, v1namebuf, sizeof(v1namebuf)),
			  algo->algo_v2id,
			  enum_showb(&ikev2_trans_type_encr_names, algo->algo_v2id, v2namebuf, sizeof(v2namebuf)),
			  (int)((struct encrypt_desc *)algo)->enc_blocksize,
			  ((struct encrypt_desc *)algo)->keydeflen);
	}
	IKE_HALG_FOR_EACH(algo) {
		whack_log(RC_COMMENT,
			  "algorithm IKE hash: id=%d, name=%s, hashsize=%d",
			  algo->algo_id,
			  enum_name(&oakley_hash_names, algo->algo_id),
			  (int)((struct hash_desc *)algo)->hash_digest_len
			  );
	}
#define IKE_DH_ALG_FOR_EACH(idx) for (idx = 0; idx != oakley_group_size; idx++)
	IKE_DH_ALG_FOR_EACH(i) {
		const struct oakley_group_desc *gdesc = oakley_group + i;

		whack_log(RC_COMMENT,
			  "algorithm IKE dh group: id=%d, name=%s, bits=%d",
			  gdesc->group,
			  enum_name(&oakley_group_names, gdesc->group),
			  (int)gdesc->bytes * BITS_PER_BYTE
			  );
	}

	whack_log(RC_COMMENT, " "); /* spacer */
}