[Swan-dev] lswlog_enum_short() badness

Andrew Cagney andrew.cagney at gmail.com
Mon Dec 24 00:33:58 UTC 2018 

On Sun, 23 Dec 2018 at 13:38, Paul Wouters <paul at nohats.ca> wrote:
>
> On Sun, 23 Dec 2018, Andrew Cagney wrote:
>
> > Do you have this commit?
>
> Yes. I have yesterday's tree on vpn.nohats.ca.
>
> Paul
>
> > commit 069f2ef7fc27183d94da64d778ca395171d5a843
> > Author: Andrew Cagney <cagney at gnu.org>
> > Date:   Tue Nov 27 21:01:17 2018 -0500
> >
> >    ikev2: ISAKMP_v2_{SA_INIT,AUTH} -> ISAKMP_v2_IKE_{SA_INIT,AUTH}
> >
> >    Use names in RFC 7296.
> >
> > Both lswlog_enum_short() and enum_short_name() call strip_prefix()
> > which discards what ever prefix (here ISAKMP_v2_) is in the enum name
> > table.  So, in the current code base, IKE_AUTH should be printed.
> > On Sat, 22 Dec 2018 at 22:46, Paul Wouters <paul at nohats.ca> wrote:
> >>
> >>
> >> I was hunting down this message:
> >>
> >> Dec 22 22:33:12.253210: "ikev2"[2] 206.248.139.105 #4: responding to AUTH message (ID 1) from 206.248.139.105:7 with encrypted notification INVALID_SYNTAX
> >>
> >> I was side tracked due to the bad name "AUTH message". I thought it was
> >> talking about the AUTH payload, but it is talking about IKE_AUTH.
> >> Looking further I found:
> >>
> >>          LSWLOG_RC(RC_LOG_SERIOUS, buf) {
> >>                  const enum isakmp_xchg_types ix = md->hdr.isa_xchg;
> >>                  lswlogs(buf, "dropping unexpected ");
> >>                  lswlog_enum_short(buf, &ikev2_exchange_names, ix);
> >>                  lswlogs(buf, " message");
> >>
> >> It seems lswlog_enum_short() cuts everything until the last _ so the
> >> name ISAKMP_v2_IKE_AUTH becomes AUTH.
> >>
> >> Note there is confusion too because the Exchange Type is logged as:
> >>
> >> Dec 22 22:33:12.253637: |    exchange type: ISAKMP_v2_AUTH (0x23)

I see this:

|    exchange type: ISAKMP_v2_IKE_AUTH (0x23)

and I can't find the old text in the sources:

$ ./mk/find.sh ISAKMP_v2_AUTH
./programs/pluto/ikev2_child.c:137:              * to the ISAKMP_v2_AUTH caller.

$ ./mk/find.sh ISAKMP_v2_IKE_AUTH
./include/ietf_constants.h:793: ISAKMP_v2_IKE_AUTH = 35,
./lib/libswan/constants.c:371:  "ISAKMP_v2_IKE_AUTH",


> >> So we have ISAKMP_v2_AUTH, ISAKMP_v2_IKE_AUTH and AUTH referring to the
> >> same thing.
> >>
> >> We used to have a way to print an enum stripping a prefix, but it seems
> >> that functionality has been removed ?
> >>
> >> Anyway, can the code be updated so it logs "IKE_AUTH" instead of "AUTH"
> >> for the Exchange Type message?
> >>
> >> Paul
> >> _______________________________________________
> >> Swan-dev mailing list
> >> Swan-dev at lists.libreswan.org
> >> https://lists.libreswan.org/mailman/listinfo/swan-dev
> >

More information about the Swan-dev mailing list