2 * Copyright (C) 2012 Martin Willi
3 * Copyright (C) 2012 revosec AG
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 #include "error_notify_listener.h"
20 typedef struct private_error_notify_listener_t private_error_notify_listener_t
;
23 * Private data of an error_notify_listener_t object.
25 struct private_error_notify_listener_t
{
28 * Public error_notify_listener_t interface.
30 error_notify_listener_t
public;
33 * Socket to send notifications over
35 error_notify_socket_t
*socket
;
38 METHOD(listener_t
, alert
, bool,
39 private_error_notify_listener_t
*this, ike_sa_t
*ike_sa
,
40 alert_t alert
, va_list args
)
42 error_notify_msg_t msg
;
46 linked_list_t
*list
, *list2
;
49 time_t not_before
, not_after
;
51 if (!this->socket
->has_listeners(this->socket
))
56 memset(&msg
, 0, sizeof(msg
));
60 case ALERT_RADIUS_NOT_RESPONDING
:
61 msg
.type
= htonl(ERROR_NOTIFY_RADIUS_NOT_RESPONDING
);
62 snprintf(msg
.str
, sizeof(msg
.str
),
63 "a RADIUS request message timed out");
65 case ALERT_LOCAL_AUTH_FAILED
:
66 msg
.type
= htonl(ERROR_NOTIFY_LOCAL_AUTH_FAILED
);
67 snprintf(msg
.str
, sizeof(msg
.str
),
68 "creating local authentication data failed");
70 case ALERT_PEER_AUTH_FAILED
:
71 msg
.type
= htonl(ERROR_NOTIFY_PEER_AUTH_FAILED
);
72 snprintf(msg
.str
, sizeof(msg
.str
), "peer authentication failed");
74 case ALERT_PARSE_ERROR_HEADER
:
75 msg
.type
= htonl(ERROR_NOTIFY_PARSE_ERROR_HEADER
);
76 message
= va_arg(args
, message_t
*);
77 snprintf(msg
.str
, sizeof(msg
.str
), "parsing IKE header from "
78 "%#H failed", message
->get_source(message
));
80 case ALERT_PARSE_ERROR_BODY
:
81 msg
.type
= htonl(ERROR_NOTIFY_PARSE_ERROR_BODY
);
82 message
= va_arg(args
, message_t
*);
83 snprintf(msg
.str
, sizeof(msg
.str
), "parsing IKE message from "
84 "%#H failed", message
->get_source(message
));
86 case ALERT_RETRANSMIT_SEND_TIMEOUT
:
87 msg
.type
= htonl(ERROR_NOTIFY_RETRANSMIT_SEND_TIMEOUT
);
88 snprintf(msg
.str
, sizeof(msg
.str
),
89 "IKE message retransmission timed out");
91 case ALERT_HALF_OPEN_TIMEOUT
:
92 msg
.type
= htonl(ERROR_NOTIFY_HALF_OPEN_TIMEOUT
);
93 snprintf(msg
.str
, sizeof(msg
.str
), "IKE_SA timed out before it "
94 "could be established");
96 case ALERT_PROPOSAL_MISMATCH_IKE
:
97 msg
.type
= htonl(ERROR_NOTIFY_PROPOSAL_MISMATCH_IKE
);
98 list
= va_arg(args
, linked_list_t
*);
99 snprintf(msg
.str
, sizeof(msg
.str
), "the received IKE_SA proposals "
100 "did not match: %#P", list
);
102 case ALERT_PROPOSAL_MISMATCH_CHILD
:
103 msg
.type
= htonl(ERROR_NOTIFY_PROPOSAL_MISMATCH_CHILD
);
104 list
= va_arg(args
, linked_list_t
*);
105 snprintf(msg
.str
, sizeof(msg
.str
), "the received CHILD_SA proposals "
106 "did not match: %#P", list
);
108 case ALERT_TS_MISMATCH
:
109 msg
.type
= htonl(ERROR_NOTIFY_TS_MISMATCH
);
110 list
= va_arg(args
, linked_list_t
*);
111 list2
= va_arg(args
, linked_list_t
*);
112 snprintf(msg
.str
, sizeof(msg
.str
), "the received traffic selectors "
113 "did not match: %#R=== %#R", list
, list2
);
115 case ALERT_INSTALL_CHILD_SA_FAILED
:
116 msg
.type
= htonl(ERROR_NOTIFY_INSTALL_CHILD_SA_FAILED
);
117 snprintf(msg
.str
, sizeof(msg
.str
), "installing IPsec SA failed");
119 case ALERT_INSTALL_CHILD_POLICY_FAILED
:
120 msg
.type
= htonl(ERROR_NOTIFY_INSTALL_CHILD_POLICY_FAILED
);
121 snprintf(msg
.str
, sizeof(msg
.str
), "installing IPsec policy failed");
123 case ALERT_UNIQUE_REPLACE
:
124 msg
.type
= htonl(ERROR_NOTIFY_UNIQUE_REPLACE
);
125 snprintf(msg
.str
, sizeof(msg
.str
),
126 "replaced old IKE_SA due to uniqueness policy");
128 case ALERT_UNIQUE_KEEP
:
129 msg
.type
= htonl(ERROR_NOTIFY_UNIQUE_KEEP
);
130 snprintf(msg
.str
, sizeof(msg
.str
), "keep existing in favor of "
131 "rejected new IKE_SA due to uniqueness policy");
133 case ALERT_VIP_FAILURE
:
134 msg
.type
= htonl(ERROR_NOTIFY_VIP_FAILURE
);
135 list
= va_arg(args
, linked_list_t
*);
136 if (list
->get_first(list
, (void**)&host
) == SUCCESS
)
138 snprintf(msg
.str
, sizeof(msg
.str
),
139 "allocating a virtual IP failed, requested was %H", host
);
143 snprintf(msg
.str
, sizeof(msg
.str
),
144 "expected a virtual IP request, but none found");
147 case ALERT_AUTHORIZATION_FAILED
:
148 msg
.type
= htonl(ERROR_NOTIFY_AUTHORIZATION_FAILED
);
149 snprintf(msg
.str
, sizeof(msg
.str
), "an authorization plugin "
150 "prevented establishment of an IKE_SA");
152 case ALERT_CERT_EXPIRED
:
153 msg
.type
= htonl(ERROR_NOTIFY_CERT_EXPIRED
);
154 cert
= va_arg(args
, certificate_t
*);
155 cert
->get_validity(cert
, NULL
, ¬_before
, ¬_after
);
156 snprintf(msg
.str
, sizeof(msg
.str
), "certificate expired: '%Y' "
157 "(valid from %T to %T)", cert
->get_subject(cert
),
158 ¬_before
, TRUE
, ¬_after
, TRUE
);
160 case ALERT_CERT_REVOKED
:
161 msg
.type
= htonl(ERROR_NOTIFY_CERT_REVOKED
);
162 cert
= va_arg(args
, certificate_t
*);
163 snprintf(msg
.str
, sizeof(msg
.str
), "certificate revoked: '%Y'",
164 cert
->get_subject(cert
));
166 case ALERT_CERT_NO_ISSUER
:
167 msg
.type
= htonl(ERROR_NOTIFY_NO_ISSUER_CERT
);
168 cert
= va_arg(args
, certificate_t
*);
169 snprintf(msg
.str
, sizeof(msg
.str
), "no trusted issuer certificate "
170 "found: '%Y'", cert
->get_issuer(cert
));
178 id
= ike_sa
->get_other_eap_id(ike_sa
);
179 if (id
->get_type(id
) != ID_ANY
)
181 snprintf(msg
.id
, sizeof(msg
.id
), "%Y", id
);
183 host
= ike_sa
->get_other_host(ike_sa
);
184 if (!host
->is_anyaddr(host
))
186 snprintf(msg
.ip
, sizeof(msg
.ip
), "%#H", host
);
188 peer_cfg
= ike_sa
->get_peer_cfg(ike_sa
);
191 snprintf(msg
.name
, sizeof(msg
.name
), "%s",
192 peer_cfg
->get_name(peer_cfg
));
196 this->socket
->notify(this->socket
, &msg
);
201 METHOD(error_notify_listener_t
, destroy
, void,
202 private_error_notify_listener_t
*this)
210 error_notify_listener_t
*error_notify_listener_create(error_notify_socket_t
*s
)
212 private_error_notify_listener_t
*this;
224 return &this->public;