From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 17 Feb 2017 11:40:36 +0000 (+0100)
Subject: libipsec: Log a packet's ports and protocol in case of a policy mismatch
X-Git-Tag: 5.5.2dr6~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a8f1b8f2cb737011223f0d5b92249cad8e9728d;p=thirdparty%2Fstrongswan.git

libipsec: Log a packet's ports and protocol in case of a policy mismatch
---

diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c
index af79707d19..23b8ad21e5 100644
--- a/src/libipsec/ipsec_processor.c
+++ b/src/libipsec/ipsec_processor.c
@@ -148,9 +148,10 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this)
 				policy->destroy(policy);
 				break;
 			}
-			DBG1(DBG_ESP, "discarding inbound IP packet %H == %H due to "
-				 "policy", ip_packet->get_source(ip_packet),
-				 ip_packet->get_destination(ip_packet));
+			DBG1(DBG_ESP, "discarding inbound IP packet %#H == %#H [%hhu] due "
+				 "to policy", ip_packet->get_source(ip_packet),
+				 ip_packet->get_destination(ip_packet),
+				 ip_packet->get_next_header(ip_packet));
 			/* no matching policy found, fall-through */
 		}
 		case IPPROTO_NONE:
@@ -198,8 +199,9 @@ static job_requeue_t process_outbound(private_ipsec_processor_t *this)
 	policy = ipsec->policies->find_by_packet(ipsec->policies, packet, FALSE, 0);
 	if (!policy)
 	{
-		DBG2(DBG_ESP, "no matching outbound IPsec policy for %H == %H",
-			 packet->get_source(packet), packet->get_destination(packet));
+		DBG2(DBG_ESP, "no matching outbound IPsec policy for %#H == %#H [%hhu]",
+			 packet->get_source(packet), packet->get_destination(packet),
+			 packet->get_next_header(packet));
 		packet->destroy(packet);
 		return JOB_REQUEUE_DIRECT;
 	}