lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 09:04:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

(ipsec) fix syslog output, eventually we should switch to the new style loggers, but for now it's better to make sure charondebug is respected.

Browse Source 
From the docs:

Starting with version 4.2.9, strongSwan provides a much more flexible configuration of the loggers. Logger configurations in strongswan.conf have a higher priority than charondebug in ipsec.conf: If you define any loggers in strongswan.conf, charondebug does not have any effect at all.
This commit is contained in:
Ad Schellevis 2016-11-22 14:25:29 +01:00
parent 504c947bb7
commit b9392f59b5
2 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/etc/inc/ipsec.inc
View File

@ -29,11 +29,24 @@
POSSIBILITY OF SUCH DAMAGE.
*/
$ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE SA", "chd" => "IKE Child SA",
"job" => "Job Processing", "cfg" => "Configuration backend", "knl" => "Kernel Interface",
"net" => "Networking", "asn" => "ASN encoding", "enc" => "Message encoding",
"imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service",
"tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSWAN Lib"
$ipsec_loglevels = array(
"asn" => "Low-level encoding/decoding (ASN.1, X.509 etc.)",
"cfg" => "Configuration management and plugins",
"chd" => "CHILD_SA/IPsec SA",
"dmn" => "Main daemon setup/cleanup/signal handling",
"enc" => "Packet encoding/decoding encryption/decryption operations",
"esp" => "libipsec library messages",
"ike" => "IKE_SA/ISAKMP SA",
"imc" => "Integrity Measurement Collector",
"imv" => "Integrity Measurement Verifier",
"job" => "Jobs queuing/processing and thread pool management",
"knl" => "IPsec/Networking kernel interface",
"lib" => "libstrongwan library messages",
"mgr" => "IKE_SA manager, handling synchronization for IKE_SA access",
"net" => "IKE network communication",
"pts" => "Platform Trust Service",
"tls" => "libtls library messages",
"tnc" => "Trusted Network Connect"
);
$p1_ealgos = array(
@ -605,20 +618,7 @@ charon {
ikesa_table_segments = 4
init_limit_half_open = 1000;
{$cnf_add_to_charon_section}
# And two loggers using syslog. The subsections define the facility to log
# to, currently one of: daemon, auth.
syslog {
identifier = charon
# default level to the LOG_DAEMON facility
daemon {
}
# very minimalistic IKE auditing logs to LOG_AUTHPRIV
auth {
default = -1
ike = 1
ike_name = yes
}
}
EOD;
$strongswan .= "\tplugins {\n";
@ -828,8 +828,8 @@ EOD;
if (isset($ipsec_loglevels)) {
foreach ($ipsec_loglevels as $lkey => $ldescr) {
if (isset($config['ipsec']["ipsec_{$lkey}"]) && is_numeric($config['ipsec']["ipsec_{$lkey}"]) &&
intval($config['ipsec']["ipsec_{$lkey}"]) >= 1 && intval($config['ipsec']["ipsec_{$lkey}"]) <= 5) {
$cfg_loglevels[] = "${lkey} " . (intval($config['ipsec']["ipsec_{$lkey}"]) - 1);
intval($config['ipsec']["ipsec_{$lkey}"]) >= -1 && intval($config['ipsec']["ipsec_{$lkey}"]) <= 4) {
$cfg_loglevels[] = "${lkey} " . $config['ipsec']["ipsec_{$lkey}"];
}
}
}

5
src/www/vpn_ipsec_settings.php
View File

@ -158,9 +158,10 @@ if (isset($input_errors) && count($input_errors) > 0) {
?>
<?=$ldescr?>
<select name="ipsec_<?=$lkey?>" id="ipsec_<?=$lkey?>">
<?php foreach (array("Silent", "Audit", "Control", "Diag", "Raw", "Highest") as $lidx => $lvalue) :
<?php foreach (array("Silent", "Basic", "Audit", "Control", "Raw", "Highest") as $lidx => $lvalue) :
$lidx -= 1;
?>
<option value="<?=$lidx?>" <?= isset($pconfig["ipsec_{$lkey}"]) && $pconfig["ipsec_{$lkey}"] == $lidx ? "selected=\"selected\"" : "";?> ?>
<option value="<?=$lidx?>" <?= (isset($pconfig["ipsec_{$lkey}"]) && $pconfig["ipsec_{$lkey}"] == $lidx) || (!isset($pconfig["ipsec_{$lkey}"]) && $lidx == "0") ? "selected=\"selected\"" : "";?> ?>
<?=$lvalue?>
</option>
<?php