From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sun, 17 Feb 2013 18:31:56 +0000 (+0100)
Subject: Streamlined log messages in ipseckey plugin
X-Git-Tag: 5.0.3dr2~2^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65cdda5cf878ae444d176ab0bac5fe1d68707c8d;p=thirdparty%2Fstrongswan.git

Streamlined log messages in ipseckey plugin
---

diff --git a/src/libcharon/plugins/ipseckey/ipseckey.c b/src/libcharon/plugins/ipseckey/ipseckey.c
index d79d5663da..78ae2cc2ac 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey.c
@@ -118,7 +118,7 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
 
 	if (rr->get_type(rr) != RR_TYPE_IPSECKEY)
 	{
-		DBG1(DBG_CFG, "unable to create an ipseckey out of a RR "
+		DBG1(DBG_CFG, "unable to create an ipseckey out of an RR "
 					  "whose type is not IPSECKEY");
 		free(this);
 		return NULL;
@@ -143,8 +143,8 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
 		case IPSECKEY_GW_TP_IPV4:
 			if (!reader->read_data(reader, 4, &this->gateway))
 			{
-				DBG1(DBG_CFG, "ipseckey gateway field does not contain an IPv4 "
-							  "address as expected");
+				DBG1(DBG_CFG, "ipseckey gateway field does not contain an "
+							  "IPv4 address as expected");
 				reader->destroy(reader);
 				free(this);
 				return NULL;
@@ -155,8 +155,8 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
 		case IPSECKEY_GW_TP_IPV6:
 			if (!reader->read_data(reader, 16, &this->gateway))
 			{
-				DBG1(DBG_CFG, "ipseckey gateway field does not contain an IPv6 "
-							  "address as expected");
+				DBG1(DBG_CFG, "ipseckey gateway field does not contain an "
+							  "IPv6 address as expected");
 				reader->destroy(reader);
 				free(this);
 				return NULL;
@@ -171,13 +171,13 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
 			 * TODO: Currently we ignore wire encoded domain names.
 			 *
 			 */
-			while(reader->read_uint8(reader, &label) && label != 0 &&
-				  label < 192)
+			while (reader->read_uint8(reader, &label) &&
+				   label != 0 && label < 192)
 			{
-				if(!reader->read_data(reader, label, &tmp))
+				if (!reader->read_data(reader, label, &tmp))
 				{
-					DBG1(DBG_CFG, "ipseckey gateway field: Wire encoded "
-								  "domain name has the wrong format");
+					DBG1(DBG_CFG, "wrong wire encoded domain name format "
+								  "in ipseckey gateway field");
 					reader->destroy(reader);
 					free(this);
 					return NULL;
@@ -186,9 +186,7 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
 			break;
 
 		default:
-			DBG1(DBG_CFG, "ipseckey gateway field: Unable to parse the "
-						  "ipseckey gateway field. The gateway type field "
-						  "indicates an unknown gateway type");
+			DBG1(DBG_CFG, "unable to parse ipseckey gateway field");
 			reader->destroy(reader);
 			free(this);
 			return NULL;
@@ -197,8 +195,7 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr)
 	if (!reader->read_data(reader, reader->remaining(reader),
 						   &this->public_key))
 	{
-		DBG1(DBG_CFG, "ipseckey public key field: Failure while reading "
-					  "the public key");
+		DBG1(DBG_CFG, "failed to read ipseckey public key field");
 		reader->destroy(reader);
 		chunk_free(&this->gateway);
 		free(this);
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
index 53f30fedfe..e8722f12cb 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
@@ -67,8 +67,6 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 	public_key_t * key = NULL;
 	bool supported_ipseckey_found = FALSE;
 
-	DBG1(DBG_CFG, "ipseckey_cred: Enumerating over IPSECKEY certificates");
-
 	/* Get the next supported IPSECKEY using the inner enumerator. */
 	while (this->inner->enumerate(this->inner, &cur_rr) &&
 		   !supported_ipseckey_found)
@@ -79,16 +77,14 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 
 		if (!cur_ipseckey)
 		{
-			DBG1(DBG_CFG, "ipseckey_cred: Error while parsing an IPSECKEY. "
-						  "Skipping this key");
+			DBG1(DBG_CFG, "failed to parse ipseckey - skipping this key");
 			supported_ipseckey_found = FALSE;
 		}
 
 		if (cur_ipseckey &&
 			cur_ipseckey->get_algorithm(cur_ipseckey) != IPSECKEY_ALGORITHM_RSA)
 		{
-			DBG1(DBG_CFG, "ipseckey_cred: Skipping an IPSECKEY which uses an "
-						  "unsupported algorithm");
+			DBG1(DBG_CFG, "unsupported ipseckey algorithm -skipping this key");
 			cur_ipseckey->destroy(cur_ipseckey);
 			supported_ipseckey_found = FALSE;
 		}
@@ -108,8 +104,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 
 		if (!key)
 		{
-			DBG1(DBG_CFG, "ipseckey_cred: Failed to create a public key "
-						  "from the IPSECKEY");
+			DBG1(DBG_CFG, "failed to create public key from ipseckey");
 			cur_ipseckey->destroy(cur_ipseckey);
 			return FALSE;
 		}
@@ -155,18 +150,17 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 
 		if (0 >= asprintf(&fqdn, "%Y", id))
 		{
-			DBG1(DBG_CFG, "ipseckey_cred: ID is empty");
+			DBG1(DBG_CFG, "empty FQDN string");
 			return enumerator_create_empty();
 		}
 
-		DBG1(DBG_CFG, "ipseckey_cred: Performing a DNS query for the IPSECKEY "
-					  "RRs of the domain %s", fqdn);
-
+		DBG1(DBG_CFG, "performing a DNS query for IPSECKEY RRs of '%s'",
+					   fqdn);
 		response = this->res->query(this->res, fqdn, RR_CLASS_IN,
 									RR_TYPE_IPSECKEY);
 		if (!response)
 		{
-			DBG1(DBG_CFG, "ipseckey_cred: DNS query failed");
+			DBG1(DBG_CFG, "  query for IPSECKEY RRs failed");
 			free(fqdn);
 			return enumerator_create_empty();
 		}
@@ -174,8 +168,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 		if (!response->has_data(response) ||
 			!response->query_name_exist(response))
 		{
-			DBG1(DBG_CFG, "ipseckey_cred: Unable to retrieve IPSECKEY RRs "
-						  "for the domain %s from the DNS", fqdn);
+			DBG1(DBG_CFG, "  unable to retrieve IPSECKEY RRs from the DNS");
 			response->destroy(response);
 			free(fqdn);
 			return enumerator_create_empty();
@@ -183,9 +176,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 
 		if (!(response->get_security_state(response) == SECURE))
 		{
-			DBG1(DBG_CFG, "ipseckey_cred: DNSSEC security state of the "
-						  "IPSECKEY RRs of the domain %s is not SECURE "
-						  "as required", fqdn);
+			DBG1(DBG_CFG, "  DNSSEC state of IPSECKEY RRs is not secure");
 			response->destroy(response);
 			free(fqdn);
 			return enumerator_create_empty();
@@ -196,38 +187,22 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 		/** Determine the validity period of the retrieved IPSECKEYs
 		 *
 		 * We use the "Signature Inception" and "Signature Expiration" field
-		 * of the RRSIG resource record to determine the validity period of the
-		 * IPSECKEY RRs.
+		 * of the first RRSIG RR to determine the validity period of the
+		 * IPSECKEY RRs. TODO: Take multiple RRSIGs into account.
 		 */
 		rrset = response->get_rr_set(response);
 		rrsig_enum = rrset->create_rrsig_enumerator(rrset);
-		if (!rrsig_enum)
-		{
-			DBG1(DBG_CFG, "ipseckey_cred: Unable to determine the validity "
-						  "period of the RRs, because there are "
-						  "no RRSIGs present");
-			response->destroy(response);
-			return enumerator_create_empty();
-		}
-
-		/**
-		 * Currently we use the first RRSIG of the IPSECKEY RRset
-		 * to determine the validity period of the IPSECKEYs.
-		 * TODO: Take multiple RRSIGs into account.
-		 */
-		if (!rrsig_enum->enumerate(rrsig_enum, &rrsig))
+		if (!rrsig_enum || !rrsig_enum->enumerate(rrsig_enum, &rrsig))
 		{
-			DBG1(DBG_CFG, "ipseckey_cred: Unable to determine the validity "
-						  "period of the IPSECKEY RRs, because there are "
-						  "no RRSIGs present");
-			rrsig_enum->destroy(rrsig_enum);
+			DBG1(DBG_CFG, "  unable to determine the validity period of "
+						  "IPSECKEY RRs because no RRSIGs are present");
+			DESTROY_IF(rrsig_enum);
 			response->destroy(response);
 			return enumerator_create_empty();
 		}
 
 		/**
-		 * Parse the RRSIG for its validity period.
-		 * For the format of a RRSIG see RFC 4034.
+		 * Parse the RRSIG for its validity period (RFC 4034)
 		 */
 		reader = bio_reader_create(rrsig->get_rdata(rrsig));
 		reader->read_data(reader, 8, &ignore);
@@ -235,14 +210,14 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 		reader->read_uint32(reader, &nBefore);
 		reader->destroy(reader);
 
-		/** Create and return an iterator over the retrieved IPSECKEYs */
+		/*Create and return an iterator over the retrieved IPSECKEYs */
 		INIT(e,
 			.public = {
 				.enumerate = (void*)_cert_enumerator_enumerate,
 				.destroy = _cert_enumerator_destroy,
 			},
 			.inner = response->get_rr_set(response)->create_rr_enumerator(
-												response->get_rr_set(response)),
+										  response->get_rr_set(response)),
 			.response = response,
 			.notBefore = nBefore,
 			.notAfter = nAfter,