From: Tobias Brunner Date: Tue, 29 May 2018 16:12:16 +0000 (+0200) Subject: child-cfg: Allow suppressing log messages when selecting traffic selectors X-Git-Tag: 5.7.0dr5~25^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=84cdfbc9bc9cf2a6f8dabb8ea58b72984cac954a;p=thirdparty%2Fstrongswan.git child-cfg: Allow suppressing log messages when selecting traffic selectors Although being already logged on level 2, these messages are usually just confusing if they pop up randomly in the log when e.g. querying the configs or installing traps. So after this the log messages will only be logged when actually proposing or selecting traffic selectors during IKE. --- diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 0b00599a95..d8083d4332 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -289,7 +289,7 @@ METHOD(child_cfg_t, add_traffic_selector, void, METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, private_child_cfg_t *this, bool local, linked_list_t *supplied, - linked_list_t *hosts) + linked_list_t *hosts, bool log) { enumerator_t *e1, *e2; traffic_selector_t *ts1, *ts2, *selected; @@ -334,13 +334,19 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, } e1->destroy(e1); - DBG2(DBG_CFG, "%s traffic selectors for %s:", - supplied ? "selecting" : "proposing", local ? "us" : "other"); - if (supplied == NULL) + if (log) + { + DBG2(DBG_CFG, "%s traffic selectors for %s:", + supplied ? "selecting" : "proposing", local ? "us" : "other"); + } + if (!supplied) { while (derived->remove_first(derived, (void**)&ts1) == SUCCESS) { - DBG2(DBG_CFG, " %R", ts1); + if (log) + { + DBG2(DBG_CFG, " %R", ts1); + } result->insert_last(result, ts1); } derived->destroy(derived); @@ -358,11 +364,14 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, selected = ts1->get_subset(ts1, ts2); if (selected) { - DBG2(DBG_CFG, " config: %R, received: %R => match: %R", - ts1, ts2, selected); + if (log) + { + DBG2(DBG_CFG, " config: %R, received: %R => match: %R", + ts1, ts2, selected); + } result->insert_last(result, selected); } - else + else if (log) { DBG2(DBG_CFG, " config: %R, received: %R => no match", ts1, ts2); diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index d566da3ecf..2defd03301 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -135,11 +135,13 @@ struct child_cfg_t { * @param local TRUE for TS on local side, FALSE for remote * @param supplied list with TS to select from, or NULL * @param hosts addresses to use for narrowing "dynamic" TS', host_t + * @param log FALSE to avoid logging details about the selection * @return list containing the traffic selectors */ linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local, linked_list_t *supplied, - linked_list_t *hosts); + linked_list_t *hosts, bool log); + /** * Get the updown script to run for the CHILD_SA. * diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index 29f0678584..47a994f60f 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -379,7 +379,7 @@ static int get_ts_match(child_cfg_t *cfg, bool local, int match = 0, round; /* fetch configured TS list, narrowing dynamic TS */ - cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, hosts); + cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, hosts, TRUE); /* use a round counter to rate leading TS with higher priority */ round = sup_list->get_count(sup_list); diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c index 86296443d4..e7f6185847 100644 --- a/src/libcharon/plugins/smp/smp.c +++ b/src/libcharon/plugins/smp/smp.c @@ -324,10 +324,12 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write xmlTextWriterStartElement(writer, "childconfig"); xmlTextWriterWriteElement(writer, "name", child_cfg->get_name(child_cfg)); - list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); + list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, + NULL, FALSE); write_networks(writer, "local", list); list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); - list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); + list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, + NULL, FALSE); write_networks(writer, "remote", list); list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); xmlTextWriterEndElement(writer); diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index d1bf139c2f..392eac86d7 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -580,8 +580,10 @@ METHOD(stroke_list_t, status, void, children = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (children->enumerate(children, &child_cfg)) { - my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); - other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); + my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, + NULL, NULL, FALSE); + other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, + NULL, NULL, FALSE); fprintf(out, "%12s: child: %#R === %#R %N", child_cfg->get_name(child_cfg), my_ts, other_ts, ipsec_mode_names, child_cfg->get_mode(child_cfg)); @@ -614,8 +616,10 @@ METHOD(stroke_list_t, status, void, fprintf(out, "Shunted Connections:\n"); first = FALSE; } - my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); - other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); + my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, + NULL, FALSE); + other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, + NULL, FALSE); fprintf(out, "%12s: %#R === %#R %N\n", child_cfg->get_name(child_cfg), my_ts, other_ts, ipsec_mode_names, child_cfg->get_mode(child_cfg)); diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c index 05ae8d5042..afbd6cc7ed 100644 --- a/src/libcharon/plugins/unity/unity_narrow.c +++ b/src/libcharon/plugins/unity/unity_narrow.c @@ -56,7 +56,7 @@ static void narrow_ts(child_cfg_t *cfg, traffic_selector_t *ts, received = linked_list_create(); received->insert_last(received, ts); - selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL); + selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL, FALSE); while (selected->remove_first(selected, (void**)&ts) == SUCCESS) { list->insert_last(list, ts); @@ -140,7 +140,8 @@ static void narrow_responder_post(child_cfg_t *child_cfg, linked_list_t *local) { ts->destroy(ts); } - configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); + configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL, + FALSE); while (configured->remove_first(configured, (void**)&ts) == SUCCESS) { diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c index b52ffeeb15..76aad47e6f 100644 --- a/src/libcharon/plugins/unity/unity_provider.c +++ b/src/libcharon/plugins/unity/unity_provider.c @@ -160,7 +160,8 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (enumerator->enumerate(enumerator, &child_cfg)) { - current = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); + current = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL, + FALSE); while (current->remove_first(current, (void**)&ts) == SUCCESS) { if (use_ts(ts)) diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 4385cf6061..f529902db2 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -570,7 +570,7 @@ static void raise_policy_cfg(private_vici_query_t *this, u_int id, char *ike, list_mode(b, NULL, cfg); b->begin_list(b, "local-ts"); - list = cfg->get_traffic_selectors(cfg, TRUE, NULL, NULL); + list = cfg->get_traffic_selectors(cfg, TRUE, NULL, NULL, FALSE); enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &ts)) { @@ -581,7 +581,7 @@ static void raise_policy_cfg(private_vici_query_t *this, u_int id, char *ike, b->end_list(b /* local-ts */); b->begin_list(b, "remote-ts"); - list = cfg->get_traffic_selectors(cfg, FALSE, NULL, NULL); + list = cfg->get_traffic_selectors(cfg, FALSE, NULL, NULL, FALSE); enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &ts)) { @@ -873,7 +873,8 @@ CALLBACK(list_conns, vici_message_t*, child_cfg->get_close_action(child_cfg)); b->begin_list(b, "local-ts"); - list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); + list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, + NULL, FALSE); selectors = list->create_enumerator(list); while (selectors->enumerate(selectors, &ts)) { @@ -884,7 +885,8 @@ CALLBACK(list_conns, vici_message_t*, b->end_list(b /* local-ts */); b->begin_list(b, "remote-ts"); - list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); + list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, + NULL, FALSE); selectors = list->create_enumerator(list); while (selectors->enumerate(selectors, &ts)) { diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 7eeb578f32..49717703c9 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -1723,7 +1723,7 @@ static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local) traffic_selector_t *ts; list = linked_list_create_with_items(ike, NULL); - ts_list = config->get_traffic_selectors(config, local, NULL, list); + ts_list = config->get_traffic_selectors(config, local, NULL, list, FALSE); list->destroy(list); enumerator = ts_list->create_enumerator(ts_list); diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 5e5b61e7f4..007e94d968 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -544,7 +544,7 @@ static traffic_selector_t* select_ts(private_quick_mode_t *this, bool local, hosts = get_dynamic_hosts(this->ike_sa, local); list = this->config->get_traffic_selectors(this->config, - local, supplied, hosts); + local, supplied, hosts, TRUE); hosts->destroy(hosts); if (list->get_first(list, (void**)&ts) == SUCCESS) { diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index c90af23b99..15bd62471e 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -481,12 +481,14 @@ static linked_list_t* narrow_ts(private_child_create_t *this, bool local, this->ike_sa->has_condition(this->ike_sa, cond)) { nat = get_transport_nat_ts(this, local, in); - ts = this->config->get_traffic_selectors(this->config, local, nat, hosts); + ts = this->config->get_traffic_selectors(this->config, local, nat, + hosts, TRUE); nat->destroy_offset(nat, offsetof(traffic_selector_t, destroy)); } else { - ts = this->config->get_traffic_selectors(this->config, local, in, hosts); + ts = this->config->get_traffic_selectors(this->config, local, in, + hosts, TRUE); } hosts->destroy(hosts); @@ -1075,7 +1077,7 @@ METHOD(task_t, build_i, status_t, if (list->get_count(list)) { this->tsi = this->config->get_traffic_selectors(this->config, - TRUE, NULL, list); + TRUE, NULL, list, TRUE); list->destroy_offset(list, offsetof(host_t, destroy)); } else @@ -1083,12 +1085,12 @@ METHOD(task_t, build_i, status_t, list->destroy(list); list = get_dynamic_hosts(this->ike_sa, TRUE); this->tsi = this->config->get_traffic_selectors(this->config, - TRUE, NULL, list); + TRUE, NULL, list, TRUE); list->destroy(list); } list = get_dynamic_hosts(this->ike_sa, FALSE); this->tsr = this->config->get_traffic_selectors(this->config, - FALSE, NULL, list); + FALSE, NULL, list, TRUE); list->destroy(list); if (this->packet_tsi) diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c index a83da0480f..d66e709372 100644 --- a/src/libcharon/sa/shunt_manager.c +++ b/src/libcharon/sa/shunt_manager.c @@ -117,8 +117,10 @@ static bool install_shunt_policy(child_cfg_t *child) host_any6 = host_create_any(AF_INET6); hosts = linked_list_create_with_items(host_any, host_any6, NULL); - my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts); - other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts); + my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts, + FALSE); + other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts, + FALSE); hosts->destroy(hosts); manual_prio = child->get_manual_prio(child); @@ -287,8 +289,10 @@ static void uninstall_shunt_policy(child_cfg_t *child) host_any6 = host_create_any(AF_INET6); hosts = linked_list_create_with_items(host_any, host_any6, NULL); - my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts); - other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts); + my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts, + FALSE); + other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts, + FALSE); hosts->destroy(hosts); manual_prio = child->get_manual_prio(child); diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index 979f9290aa..148df39238 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -168,7 +168,7 @@ static bool dynamic_remote_ts(child_cfg_t *child) traffic_selector_t *ts; bool found = FALSE; - other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL); + other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL, FALSE); enumerator = other_ts->create_enumerator(other_ts); while (enumerator->enumerate(enumerator, &ts)) { @@ -296,11 +296,11 @@ METHOD(trap_manager_t, install, bool, child_sa = child_sa_create(me, other, child, 0, FALSE, 0, 0); list = linked_list_create_with_items(me, NULL); - my_ts = child->get_traffic_selectors(child, TRUE, NULL, list); + my_ts = child->get_traffic_selectors(child, TRUE, NULL, list, FALSE); list->destroy_offset(list, offsetof(host_t, destroy)); list = linked_list_create_with_items(other, NULL); - other_ts = child->get_traffic_selectors(child, FALSE, NULL, list); + other_ts = child->get_traffic_selectors(child, FALSE, NULL, list, FALSE); list->destroy_offset(list, offsetof(host_t, destroy)); /* We don't know the finally negotiated protocol (ESP|AH), we install