debug and logging improvements
This commit is contained in:
parent
22ff6f578f
commit
fa32cd3c47
|
@ -30,7 +30,7 @@
|
|||
* First retransmit timeout in milliseconds.
|
||||
* Timeout value is increasing in each retransmit round.
|
||||
*/
|
||||
#define RETRANSMIT_TIMEOUT 3000
|
||||
#define RETRANSMIT_TIMEOUT 2500
|
||||
|
||||
/**
|
||||
* Timeout in milliseconds after that a half open IKE_SA gets deleted.
|
||||
|
@ -42,7 +42,7 @@
|
|||
* 0 for infinite. The max time a half open IKE_SA is alive is set by
|
||||
* RETRANSMIT_TIMEOUT.
|
||||
*/
|
||||
#define MAX_RETRANSMIT_COUNT 0
|
||||
#define MAX_RETRANSMIT_COUNT 3
|
||||
|
||||
|
||||
typedef struct private_configuration_t private_configuration_t;
|
||||
|
@ -65,7 +65,7 @@ struct private_configuration_t {
|
|||
static status_t get_retransmit_timeout (private_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
|
||||
{
|
||||
int new_timeout = RETRANSMIT_TIMEOUT, i;
|
||||
if (retransmit_count > MAX_RETRANSMIT_COUNT && MAX_RETRANSMIT_COUNT != 0)
|
||||
if (retransmit_count >= MAX_RETRANSMIT_COUNT && MAX_RETRANSMIT_COUNT != 0)
|
||||
{
|
||||
return FAILED;
|
||||
}
|
||||
|
|
|
@ -40,10 +40,10 @@ struct configuration_t {
|
|||
|
||||
/**
|
||||
* @brief Returns the retransmit timeout.
|
||||
*
|
||||
*
|
||||
* The timeout values are managed by the configuration, so
|
||||
* another backoff algorithm may be implemented here.
|
||||
*
|
||||
*
|
||||
* @param this calling object
|
||||
* @param retransmit_count number of times a message was retransmitted so far
|
||||
* @param[out] timeout the new retransmit timeout in milliseconds
|
||||
|
|
|
@ -332,6 +332,10 @@ static void add_proposal(private_policy_t *this, proposal_t *proposal)
|
|||
*/
|
||||
static u_int32_t get_soft_lifetime(private_policy_t *this)
|
||||
{
|
||||
if (this->jitter == 0)
|
||||
{
|
||||
return this->soft_lifetime ;
|
||||
}
|
||||
srandom(time(NULL)+getpid());
|
||||
return this->soft_lifetime - (random() % this->jitter);
|
||||
}
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
Known bugs in charon
|
||||
======================
|
||||
|
||||
- intiating the same connection twice makes trouble
|
||||
- leak_detective gets confused from libpthread (invalid frees)
|
||||
- installing to many SAs in the kernel at the same time causes troubles. Threading issue?
|
||||
- inititate rekeying at the same time causes troubles, as the current state
|
||||
machine can't handle it properly
|
||||
- traffic selector changes while rekeying may cause troubles
|
||||
|
||||
|
|
|
@ -50,11 +50,13 @@
|
|||
- implement 3DES to load encrypted pem files
|
||||
+ ipsec.secrets parsing
|
||||
|
||||
- trapping
|
||||
/ trapping
|
||||
+ proper delete messages
|
||||
- notifys on connection setup failure
|
||||
- create child sa message/rekeying
|
||||
+ create child sa message/rekeying
|
||||
|
||||
- implement a mechanism against thread exhaustion
|
||||
when a blocked IKE_SA receives a lot of messages
|
||||
- add a crl fetch mechanism which synchronizes equal fetches
|
||||
|
||||
- replace state machine with something more transaction oriented
|
||||
|
|
|
@ -191,6 +191,18 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
|
|||
this->logger->log(this->logger, ERROR, "error reading from socket: %s", strerror(errno));
|
||||
continue;
|
||||
}
|
||||
/* insert a delay to simulate small bandwith/RTT */
|
||||
#ifdef PACKET_RECV_DELAY
|
||||
usleep(PACKET_RECV_DELAY * 1000);
|
||||
#endif
|
||||
/* simulate packet loss of every PACKET_RECV_LOSS'th packet */
|
||||
#ifdef PACKET_RECV_LOSS
|
||||
srandom(time(NULL) + getpid());
|
||||
if (random() % PACKET_RECV_LOSS == 0)
|
||||
{
|
||||
return SUCCESS;
|
||||
}
|
||||
#endif
|
||||
if (bytes_read > IP_HEADER_LENGTH + UDP_HEADER_LENGTH)
|
||||
{
|
||||
/* read source/dest from raw IP/UDP header */
|
||||
|
@ -240,9 +252,19 @@ status_t sender(private_socket_t *this, packet_t *packet)
|
|||
this->logger->log(this->logger, CONTROL, "sending packet: from %s:%d to %s:%d",
|
||||
src->get_address(src), src->get_port(src),
|
||||
dst->get_address(dst), dst->get_port(dst));
|
||||
|
||||
/* insert a delay to simulate small bandwith/RTT */
|
||||
#ifdef PACKET_SEND_DELAY
|
||||
usleep(PACKET_SEND_DELAY * 1000);
|
||||
#endif
|
||||
/* simulate packet loss of every PACKET_LOSS'th packet */
|
||||
#ifdef PACKET_SEND_LOSS
|
||||
srandom(time(NULL) + getpid());
|
||||
if (random() % PACKET_SEND_LOSS == 0)
|
||||
{
|
||||
return SUCCESS;
|
||||
}
|
||||
#endif
|
||||
/* send data */
|
||||
/* TODO: should we send via the interface we received the packet? */
|
||||
bytes_sent = sendto(this->master_fd, data.ptr, data.len, 0,
|
||||
dst->get_sockaddr(dst), *(dst->get_sockaddr_len(dst)));
|
||||
|
||||
|
|
|
@ -350,10 +350,10 @@ static status_t compute_auth_data (private_authenticator_t *this,
|
|||
my_id->get_string(my_id));
|
||||
goto end_rsa;
|
||||
}
|
||||
this->logger->log(this->logger, CONTROL, "matching public key found");
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2, "matching public key found");
|
||||
|
||||
chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
|
||||
this->logger->log(this->logger, CONTROL, "looking for private key with keyid %s", buf);
|
||||
this->logger->log(this->logger, CONTROL|LEVEL1, "looking for private key with keyid %s", buf);
|
||||
|
||||
my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
|
||||
my_pubkey->destroy(my_pubkey);
|
||||
|
@ -366,7 +366,7 @@ static status_t compute_auth_data (private_authenticator_t *this,
|
|||
buf);
|
||||
goto end_rsa;
|
||||
}
|
||||
this->logger->log(this->logger, CONTROL, "matching private key found");
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2, "matching private key found");
|
||||
|
||||
octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
|
||||
status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data);
|
||||
|
|
|
@ -68,8 +68,6 @@ void test_kernel_interface(protected_tester_t *tester)
|
|||
|
||||
status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_OUT, 0, PROTO_ESP, 1234);
|
||||
tester->assert_true(tester, status == SUCCESS, "add policy OUT");
|
||||
status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_OUT, 0, PROTO_ESP, 2345);
|
||||
tester->assert_true(tester, status == SUCCESS, "add policy OUT");
|
||||
status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_IN, 0, PROTO_ESP, 1234);
|
||||
tester->assert_true(tester, status == SUCCESS, "add policy IN");
|
||||
status = kernel_interface->add_policy(kernel_interface, me, other, left, right, 24, 24, XFRM_POLICY_FWD, 0, PROTO_ESP, 1234);
|
||||
|
|
Loading…
Reference in New Issue