On Sun, 23 Dec 2018 at 13:38, Paul Wouters <[email protected]> wrote: > > On Sun, 23 Dec 2018, Andrew Cagney wrote: > > > Do you have this commit? > > Yes. I have yesterday's tree on vpn.nohats.ca. > > Paul > > > commit 069f2ef7fc27183d94da64d778ca395171d5a843 > > Author: Andrew Cagney <[email protected]> > > Date: Tue Nov 27 21:01:17 2018 -0500 > > > > ikev2: ISAKMP_v2_{SA_INIT,AUTH} -> ISAKMP_v2_IKE_{SA_INIT,AUTH} > > > > Use names in RFC 7296. > > > > Both lswlog_enum_short() and enum_short_name() call strip_prefix() > > which discards what ever prefix (here ISAKMP_v2_) is in the enum name > > table. So, in the current code base, IKE_AUTH should be printed. > > On Sat, 22 Dec 2018 at 22:46, Paul Wouters <[email protected]> wrote: > >> > >> > >> I was hunting down this message: > >> > >> Dec 22 22:33:12.253210: "ikev2"[2] 206.248.139.105 #4: responding to AUTH > >> message (ID 1) from 206.248.139.105:7 with encrypted notification > >> INVALID_SYNTAX > >> > >> I was side tracked due to the bad name "AUTH message". I thought it was > >> talking about the AUTH payload, but it is talking about IKE_AUTH. > >> Looking further I found: > >> > >> LSWLOG_RC(RC_LOG_SERIOUS, buf) { > >> const enum isakmp_xchg_types ix = md->hdr.isa_xchg; > >> lswlogs(buf, "dropping unexpected "); > >> lswlog_enum_short(buf, &ikev2_exchange_names, ix); > >> lswlogs(buf, " message"); > >> > >> It seems lswlog_enum_short() cuts everything until the last _ so the > >> name ISAKMP_v2_IKE_AUTH becomes AUTH. > >> > >> Note there is confusion too because the Exchange Type is logged as: > >> > >> Dec 22 22:33:12.253637: | exchange type: ISAKMP_v2_AUTH (0x23)
I see this: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) and I can't find the old text in the sources: $ ./mk/find.sh ISAKMP_v2_AUTH ./programs/pluto/ikev2_child.c:137: * to the ISAKMP_v2_AUTH caller. $ ./mk/find.sh ISAKMP_v2_IKE_AUTH ./include/ietf_constants.h:793: ISAKMP_v2_IKE_AUTH = 35, ./lib/libswan/constants.c:371: "ISAKMP_v2_IKE_AUTH", > >> So we have ISAKMP_v2_AUTH, ISAKMP_v2_IKE_AUTH and AUTH referring to the > >> same thing. > >> > >> We used to have a way to print an enum stripping a prefix, but it seems > >> that functionality has been removed ? > >> > >> Anyway, can the code be updated so it logs "IKE_AUTH" instead of "AUTH" > >> for the Exchange Type message? > >> > >> Paul > >> _______________________________________________ > >> Swan-dev mailing list > >> [email protected] > >> https://lists.libreswan.org/mailman/listinfo/swan-dev > > _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
