'[Ipsec-tools-devel] General error events'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec-tools-devel
Subject:    [Ipsec-tools-devel] General error events
From:       Alexander Sbitnev <alexander.sbitnev () gmail ! com>
Date:       2013-11-20 9:28:03
Message-ID: 528C80A3.4000506 () gmail ! com
[Download RAW message or body]

   Is there any interest in adding error event for racoon management 
interfaces?
Current event list contains no events to indicate errors happening 
during Phase 1 and 2 processing:

#define EVT_RACOON_QUIT            0x0001

#define EVT_PHASE1_UP            0x0100
#define EVT_PHASE1_DOWN            0x0101
#define EVT_PHASE1_NO_RESPONSE        0x0102
#define EVT_PHASE1_NO_PROPOSAL        0x0103
#define EVT_PHASE1_AUTH_FAILED        0x0104
#define EVT_PHASE1_DPD_TIMEOUT        0x0105
#define EVT_PHASE1_PEER_DELETED        0x0106
#define EVT_PHASE1_MODE_CFG        0x0107
#define EVT_PHASE1_XAUTH_SUCCESS    0x0108
#define EVT_PHASE1_XAUTH_FAILED        0x0109

#define EVT_PHASE2_NO_PHASE1        0x0200
#define EVT_PHASE2_UP            0x0201
#define EVT_PHASE2_DOWN            0x0202
#define EVT_PHASE2_NO_RESPONSE        0x0203


For example in case of rsa signature auth and if private key can't be 
read there is no event generation.
Only bunch of debug messages in log:
2013-11-20 12:14:06: ERROR: oakley.c:1808:oakley_getsign(): failed to 
get private key.
2013-11-20 12:14:06: [192.168.100.1] ERROR: isakmp.c:847:ph1_main(): 
failed to process ph1 packet (side: 0, status: 6).
2013-11-20 12:14:06: [192.168.100.1] ERROR: isakmp.c:613:isakmp_main(): 
phase1 negotiation failed.
2013-11-20 12:14:06: DEBUG: isakmp_cfg.c:2071:isakmp_cfg_setenv(): 
Starting a script.
2013-11-20 12:14:06: DEBUG: oakley.c:3023:oakley_delivm(): IV freed

Only errors caused by interaction with peer are reported through events. 
Not even EVT_PHASE1_DOWN.
I am advocating for addition of generic errors events for both phases. 
Something like EVT_PHASE1_ERROR and EVT_PHASE2_ERROR.
Is there any chances for my changes to get in source tree? Or maybe I 
shouldn't be bothering with creating of patch?
Not much activity here for last year.

------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic