On Wed, Sep 25, 2019 at 10:45:50PM +0200, Tobias Heider wrote:
> ok?
>
> @@ -4084,8 +4094,8 @@ ikev2_send_informational(struct iked *en
> case IKEV2_N_NO_PROPOSAL_CHOSEN:
> break;
> default:
> - log_debug("%s: unsupported notification %s", __func__,
> - print_map(msg->msg_error, ikev2_n_map));
> + log_info("%s: unsupported notification %s", SPI_SA(sa,
> + __func__), print_map(msg->msg_error, ikev2_n_map));
> goto done;
> }
>
Are you sure that sa != NULL? A few lines below this is checked.
if (sa != NULL && msg->msg_e) {
> @@ -4510,20 +4525,22 @@ ikev2_sa_responder_dh(struct iked_kex *k
> if (kex->kex_dhgroup == NULL) {
> if ((xform = config_findtransform(proposals,
> IKEV2_XFORMTYPE_DH, proto)) == NULL) {
> - log_debug("%s: did not find dh transform", __func__);
> + log_info("%s: did not find dh transform",
> + SPI_SA(msg->msg_sa, __func__));
> return (-1);
> }
> if ((kex->kex_dhgroup =
> group_get(xform->xform_id)) == NULL) {
> - log_debug("%s: invalid dh %d", __func__,
> - xform->xform_id);
> + log_debug("%s: invalid dh %d",
> + SPI_SA(msg->msg_sa, __func__), xform->xform_id);
> return (-1);
> }
> }
>
> /* Look for dhgroup mismatch during an IKE SA negotiation */
> if (msg->msg_dhgroup != kex->kex_dhgroup->id) {
> - log_debug("%s: want dh %s, KE has %s", __func__,
> + log_info("%s: want dh %s, KE has %s",
> + SPI_SA(msg->msg_sa, __func__),
> print_map(kex->kex_dhgroup->id, ikev2_xformdh_map),
> print_map(msg->msg_dhgroup, ikev2_xformdh_map));
> msg->msg_error = IKEV2_N_INVALID_KE_PAYLOAD;
Would it make sense to put struct iked_sa *sa = msg->msg_sa;
into ikev2_sa_responder_dh() like in all other functions?
otherwise OK bluhm@
