u32 sw_if_index;
} ikev2_trace_t;
-typedef struct
-{
- u16 n_keepalives;
- u16 n_rekey_req;
- u16 n_exchange_sa_req;
- u16 n_ike_auth_req;
-} ikev2_stats_t;
-
static u8 *
format_ikev2_trace (u8 * s, va_list * args)
{
ikev2_ts_t *tsr = 0;
ikev2_sa_proposal_t *proposal = 0;
ikev2_child_sa_t *child_sa;
- u32 dlen = 0;
+ u32 dlen = 0, src;
u16 plen;
- ikev2_elog_exchange ("ispi %lx rspi %lx CREATE_CHILD_SA received "
- "from ", clib_host_to_net_u64 (ike->ispi),
- clib_host_to_net_u64 (ike->rspi),
- ip_addr_v4 (&sa->raddr).as_u32,
+ if (sa->is_initiator)
+ src = ip_addr_v4 (&sa->raddr).as_u32;
+ else
+ src = ip_addr_v4 (&sa->iaddr).as_u32;
+
+ ikev2_elog_exchange ("ispi %lx rspi %lx CREATE_CHILD_SA received from",
+ clib_host_to_net_u64 (ike->ispi),
+ clib_host_to_net_u64 (ike->rspi), src,
ip_addr_version (&sa->raddr) == AF_IP4);
plaintext = ikev2_decrypt_sk_payload (sa, ike, &payload, len, &dlen);
sel_p = p;
break;
}
-
+ else
+ {
+ ikev2_elog_uint (IKEV2_LOG_ERROR, "shared key mismatch! ispi %lx",
+ sa->ispi);
+ }
}
else if (sa_auth->method == IKEV2_AUTH_METHOD_RSA_SIG)
{
sel_p = p;
break;
}
+ else
+ {
+ ikev2_elog_uint (IKEV2_LOG_ERROR,
+ "cert verification failed! ispi %lx", sa->ispi);
+ }
}
vec_free(auth);
{
ASSERT (stats != 0);
stats->n_keepalives++;
+ sa->stats.n_keepalives++;
}
}
}
/* req is retransmit */
if (sa->state == IKEV2_STATE_SA_INIT)
{
+ sa->stats.n_init_retransmit++;
tmp = (ike_header_t *) sa->last_sa_init_res_packet_data;
u32 slen = clib_net_to_host_u32 (tmp->length);
ike->ispi = tmp->ispi;
/* retransmitted req */
if (msg_id == sa->last_msg_id)
{
+ sa->stats.n_retransmit++;
ike_header_t *tmp = (ike_header_t *) sa->last_res_packet_data;
u32 slen = clib_net_to_host_u32 (tmp->length);
ike->ispi = tmp->ispi;
s->n_keepalives);
vlib_node_increment_counter (vm, node_index, IKEV2_ERROR_REKEY_REQ,
s->n_rekey_req);
- vlib_node_increment_counter (vm, node_index, IKEV2_ERROR_EXCHANGE_SA_REQ,
- s->n_exchange_sa_req);
+ vlib_node_increment_counter (vm, node_index, IKEV2_ERROR_INIT_SA_REQ,
+ s->n_sa_init_req);
vlib_node_increment_counter (vm, node_index, IKEV2_ERROR_IKE_AUTH_REQ,
- s->n_ike_auth_req);
+ s->n_sa_auth_req);
}
static_always_inline uword
if (ike_hdr_is_initiator (ike0))
{
- stats->n_exchange_sa_req++;
+ sa0->stats.n_sa_init_req++;
+ stats->n_sa_init_req++;
if (ike0->rspi == 0)
{
if (is_ip4)
}
else
{
- stats->n_ike_auth_req++;
+ sa0->stats.n_sa_auth_req++;
+ stats->n_sa_auth_req++;
ike0->flags = IKEV2_HDR_FLAG_RESPONSE;
+ sa0->last_init_msg_id = 1;
slen =
ikev2_generate_message (b0, sa0, ike0, 0, udp0, stats);
if (~0 == slen)
else
{
stats->n_rekey_req++;
+ sa0->stats.n_rekey_req++;
ike0->flags = IKEV2_HDR_FLAG_RESPONSE;
slen =
ikev2_generate_message (b0, sa0, ike0, 0, udp0, stats);
Code Review / vpp.git / blobdiff