debug and logging improvements

src/charon/config/configuration.c

@@ -30,7 +30,7 @@
  * First retransmit timeout in milliseconds.
  * Timeout value is increasing in each retransmit round.
  */
-#define RETRANSMIT_TIMEOUT 3000
+#define RETRANSMIT_TIMEOUT 2500
 
 /**
  * Timeout in milliseconds after that a half open IKE_SA gets deleted.
@@ -42,7 +42,7 @@
  * 0 for infinite. The max time a half open IKE_SA is alive is set by 
  * RETRANSMIT_TIMEOUT.
  */
-#define MAX_RETRANSMIT_COUNT 0
+#define MAX_RETRANSMIT_COUNT 3
 
 
 typedef struct private_configuration_t private_configuration_t;
@@ -65,7 +65,7 @@ struct private_configuration_t {
 static status_t get_retransmit_timeout (private_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
 {
 	int new_timeout = RETRANSMIT_TIMEOUT, i;
-	if (retransmit_count > MAX_RETRANSMIT_COUNT && MAX_RETRANSMIT_COUNT != 0)
+	if (retransmit_count >= MAX_RETRANSMIT_COUNT && MAX_RETRANSMIT_COUNT != 0)
 	{
 		return FAILED;
 	}

src/charon/config/configuration.h

@@ -40,10 +40,10 @@ struct configuration_t {
 
 	/**
 	 * @brief Returns the retransmit timeout.
-	 * 
+	 *
 	 * The timeout values are managed by the configuration, so 
 	 * another backoff algorithm may be implemented here.
-	 * 
+	 *
 	 * @param this				calling object
 	 * @param retransmit_count	number of times a message was retransmitted so far
 	 * @param[out] timeout		the new retransmit timeout in milliseconds

src/charon/config/policies/policy.c

@@ -332,6 +332,10 @@ static void add_proposal(private_policy_t *this, proposal_t *proposal)
  */
 static u_int32_t get_soft_lifetime(private_policy_t *this)
 {
+	if (this->jitter == 0)
+	{
+		return this->soft_lifetime ;
+	}
 	srandom(time(NULL)+getpid());
 	return this->soft_lifetime - (random() % this->jitter);
 }

src/charon/doc/Known-bugs.txt

@@ -1,7 +1,8 @@
  Known bugs in charon
 ======================
 
-- intiating the same connection twice makes trouble
 - leak_detective gets confused from libpthread (invalid frees)
-- installing to many SAs in the kernel at the same time causes troubles. Threading issue?
+- inititate rekeying at the same time causes troubles, as the current state
+  machine can't handle it properly
+- traffic selector changes while rekeying may cause troubles
 

src/charon/doc/Todo-list.txt

@@ -50,11 +50,13 @@
 - implement 3DES to load encrypted pem files
 + ipsec.secrets parsing
 
-- trapping
+/ trapping
 + proper delete messages
 - notifys on connection setup failure
-- create child sa message/rekeying
++ create child sa message/rekeying
 
 - implement a mechanism against thread exhaustion
   when a blocked IKE_SA receives a lot of messages
 - add a crl fetch mechanism which synchronizes equal fetches
+
+- replace state machine with something more transaction oriented

src/charon/network/socket.c

@@ -191,6 +191,18 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
 			this->logger->log(this->logger, ERROR, "error reading from socket: %s", strerror(errno));
 			continue;
 		}
+		/* insert a delay to simulate small bandwith/RTT */
+#ifdef PACKET_RECV_DELAY
+		usleep(PACKET_RECV_DELAY * 1000);
+#endif
+		/* simulate packet loss of every PACKET_RECV_LOSS'th packet */
+#ifdef PACKET_RECV_LOSS
+		srandom(time(NULL) + getpid());
+		if (random() % PACKET_RECV_LOSS == 0)
+		{
+			return SUCCESS;
+		}
+#endif
 		if (bytes_read > IP_HEADER_LENGTH + UDP_HEADER_LENGTH)
 		{
 			/* read source/dest from raw IP/UDP header */
@@ -240,9 +252,19 @@ status_t sender(private_socket_t *this, packet_t *packet)
 	this->logger->log(this->logger, CONTROL, "sending packet: from %s:%d to %s:%d",
 					  src->get_address(src), src->get_port(src),
 					  dst->get_address(dst), dst->get_port(dst));
-	
+	/* insert a delay to simulate small bandwith/RTT */
+#ifdef PACKET_SEND_DELAY
+	usleep(PACKET_SEND_DELAY * 1000);
+#endif
+	/* simulate packet loss of every PACKET_LOSS'th packet */
+#ifdef PACKET_SEND_LOSS
+	srandom(time(NULL) + getpid());
+	if (random() % PACKET_SEND_LOSS == 0)
+	{
+		return SUCCESS;
+	}
+#endif
 	/* send data */
-	/* TODO: should we send via the interface we received the packet? */
 	bytes_sent = sendto(this->master_fd, data.ptr, data.len, 0, 
 						dst->get_sockaddr(dst), *(dst->get_sockaddr_len(dst)));
 

src/charon/sa/authenticator.c

@@ -350,10 +350,10 @@ static status_t compute_auth_data (private_authenticator_t *this,
 								  my_id->get_string(my_id));
 				goto end_rsa;
 			}
-			this->logger->log(this->logger, CONTROL, "matching public key found");
+			this->logger->log(this->logger, CONTROL|LEVEL2, "matching public key found");
 			
 			chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
-			this->logger->log(this->logger, CONTROL, "looking for private key with keyid %s", buf);
+			this->logger->log(this->logger, CONTROL|LEVEL1, "looking for private key with keyid %s", buf);
 
 			my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
 			my_pubkey->destroy(my_pubkey);
@@ -366,7 +366,7 @@ static status_t compute_auth_data (private_authenticator_t *this,
 								  buf);
 				goto end_rsa;
 			}
-			this->logger->log(this->logger, CONTROL, "matching private key found");
+			this->logger->log(this->logger, CONTROL|LEVEL2, "matching private key found");
 
 			octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
 			status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data);

src/charon/testing/kernel_interface_test.c

@@ -68,8 +68,6 @@ void test_kernel_interface(protected_tester_t *tester)
 	
 	status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_OUT, 0, PROTO_ESP, 1234);
 	tester->assert_true(tester, status == SUCCESS, "add policy OUT");
-	status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_OUT, 0, PROTO_ESP, 2345);
-	tester->assert_true(tester, status == SUCCESS, "add policy OUT");
 	status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_IN, 0, PROTO_ESP, 1234);
 	tester->assert_true(tester, status == SUCCESS, "add policy IN");
 	status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_FWD, 0, PROTO_ESP, 1234);