From: Martin Willi <martin@revosec.ch>
Date: Tue, 24 Dec 2013 09:01:35 +0000 (+0100)
Subject: kernel-wfp: Show a warning for packets the kernel drops in its IPsec layers
X-Git-Tag: 5.2.0dr6~22^2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c7d30c2ad16d4855ade151dc96a9404a56a70c4e;p=thirdparty%2Fstrongswan.git

kernel-wfp: Show a warning for packets the kernel drops in its IPsec layers
---

diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
index d471a00108..1b73b59da4 100644
--- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
+++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
@@ -1515,6 +1515,12 @@ static void event_callback(private_kernel_wfp_ipsec_t *this,
 		case FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE:
 		case FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE:
 		case FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP:
+			DBG1(DBG_KNL, "IPsec kernel drop: %R === %R, error 0x%08x, "
+				 "SPI 0x%08x, %s filterId %llu", local, remote,
+				 event->ipsecDrop->failureStatus, event->ipsecDrop->spi,
+				 event->ipsecDrop->direction ? "in" : "out",
+				 event->ipsecDrop->filterId);
+			break;
 		case FWPM_NET_EVENT_TYPE_IPSEC_DOSP_DROP:
 		default:
 			break;