#include <sa/tasks/task.h>
/**
- * @brief Task of type ike_auth, authenticates an IKE_SA authenticators.
+ * @brief Task of type ike_auth, authenticates an IKE_SA using authenticators.
*
* The ike_auth task authenticates the IKE_SA using the IKE_AUTH
- * exchange.
+ * exchange. It processes and build IDi and IDr payloads and also
+ * handles AUTH payloads. The AUTH payloads are passed to authenticator_t's,
+ * which do the actual authentication process. If the ike_auth task is used
+ * with EAP authentication, it stays alive over multiple exchanges until
+ * EAP has completed.
*
* @b Constructors:
* - ike_auth_create()
*
* @param ike_sa IKE_SA this task works for
* @param initiator TRUE if thask is the initator of an exchange
- * @return ike_auth task to handle by the task_manager
+ * @return ike_auth task to handle by the task_manager
*/
ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator);
if (!this->connection->check_dh_group(this->connection,
this->dh_group))
{
- SIG(IKE_UP_FAILED, "requested DH group %N not "
- "acceptable, giving up", diffie_hellman_group_names,
+ DBG1(DBG_IKE, "requested DH group %N not acceptable, "
+ "giving up", diffie_hellman_group_names,
this->dh_group);
iterator->destroy(iterator);
return FAILED;
this->cookie = chunk_clone(notify->get_notification_data(notify));
this->ike_sa->reset(this->ike_sa);
iterator->destroy(iterator);
- SIG(IKE_UP_FAILED, "received %N notify",
- notify_type_names, type);
+ DBG1(DBG_IKE, "received %N notify", notify_type_names, type);
return NEED_MORE;
}
default: