starter: Migrated logging to libstrongswan.

2025-10-06 00:00:47 -04:00 · 2012-05-14 11:22:57 +02:00 · 2012-05-14 11:22:57 +02:00 · 163b227386
commit 163b227386
parent bcfb6b8efc
14 changed files with 285 additions and 550 deletions
--- a/src/starter/Android.mk
+++ b/src/starter/Android.mk
@ -7,7 +7,7 @@ parser.c lexer.c ipsec-parser.h netkey.c args.h netkey.h \
 starterwhack.c starterwhack.h starterstroke.c invokepluto.c confread.c \
 starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \
 keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \
-invokecharon.h loglite.c klips.c klips.h
+invokecharon.h klips.c klips.h
 # build starter ----------------------------------------------------------------
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@ -4,7 +4,7 @@ parser.y lexer.l ipsec-parser.h netkey.c args.h netkey.h \
 starterwhack.c starterwhack.h starterstroke.c invokepluto.c confread.c \
 starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \
 keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \
-invokecharon.h loglite.c klips.c klips.h
+invokecharon.h klips.c klips.h
 INCLUDES = \
 -I${linux_headers} \
--- a/src/starter/args.c
+++ b/src/starter/args.c
@ -17,11 +17,11 @@
 #include <stdlib.h>
 #include <string.h>
-#include <freeswan.h>
+#include <library.h>
 #include <debug.h>
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
 #include "../pluto/log.h"
 #include "keywords.h"
 #include "confread.h"
@ -352,13 +352,11 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 	*assigned = FALSE;
-	DBG(DBG_CONTROLMORE,
+	DBG3(DBG_APP, "  %s=%s", kw->entry->name, kw->value);
 		DBG_log("  %s=%s", kw->entry->name, kw->value)
 	)
 	if (*seen & f)
 	{
-		plog("# duplicate '%s' option", kw->entry->name);
+		DBG1(DBG_APP, "# duplicate '%s' option", kw->entry->name);
 		return FALSE;
 	}
@ -377,7 +375,7 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 		}
 		if (!match)
 		{
-			plog("# bad value: %s=%s", kw->entry->name, kw->value);
+			DBG1(DBG_APP, "# bad value: %s=%s", kw->entry->name, kw->value);
 			return FALSE;
 		}
 	}
@ -385,14 +383,14 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 	switch (token_info[token].type)
 	{
 	case ARG_NONE:
-		plog("# option '%s' not supported yet", kw->entry->name);
+		DBG1(DBG_APP, "# option '%s' not supported yet", kw->entry->name);
 		return FALSE;
 	case ARG_ENUM:
 		{
 			if (index < 0)
 			{
-				plog("# bad enumeration value: %s=%s (%d)"
+				DBG1(DBG_APP, "# bad enumeration value: %s=%s (%d)",
-					, kw->entry->name, kw->value, index);
+					 kw->entry->name, kw->value, index);
 				return FALSE;
 			}
@ -418,7 +416,8 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 			if (*endptr != '\0')
 			{
-				plog("# bad integer value: %s=%s", kw->entry->name, kw->value);
+				DBG1(DBG_APP, "# bad integer value: %s=%s", kw->entry->name,
 					 kw->value);
 				return FALSE;
 			}
 		}
@ -435,7 +434,8 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 			{
 				if (*endptr != '\0')
 				{
-					plog("# bad integer value: %s=%s", kw->entry->name, kw->value);
+					DBG1(DBG_APP, "# bad integer value: %s=%s", kw->entry->name,
 						 kw->value);
 					return FALSE;
 				}
 			}
@ -443,7 +443,8 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 			{
 				if ((*endptr != '%') || (endptr[1] != '\0') || endptr == kw->value)
 				{
-					plog("# bad percent value: %s=%s", kw->entry->name, kw->value);
+					DBG1(DBG_APP, "# bad percent value: %s=%s", kw->entry->name,
 						 kw->value);
 					return FALSE;
 				}
 			}
@ -459,7 +460,8 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 			if (*endptr != '\0')
 			{
-				plog("# bad integer value: %s=%s", kw->entry->name, kw->value);
+				DBG1(DBG_APP, "# bad integer value: %s=%s", kw->entry->name,
 					 kw->value);
 				return FALSE;
 			}
 		}
@ -494,7 +496,8 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 					break;
 				}
 			}
-			plog("# bad duration value: %s=%s", kw->entry->name, kw->value);
+			DBG1(DBG_APP, "# bad duration value: %s=%s", kw->entry->name,
 				 kw->value);
 			return FALSE;
 		}
 	case ARG_STR:
@ -537,7 +540,8 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 					}
 					if (!match)
 					{
-						plog("# bad value: %s=%s", kw->entry->name, *lst);
+						DBG1(DBG_APP, "# bad value: %s=%s",
 							 kw->entry->name, *lst);
 						return FALSE;
 					}
 				}
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@ -20,11 +20,11 @@
 #include <string.h>
 #include <assert.h>
-#include <freeswan.h>
+#include <library.h>
 #include <debug.h>
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
 #include "../pluto/log.h"
 #include "keywords.h"
 #include "confread.h"
@ -45,7 +45,7 @@ static bool daemon_exists(char *daemon, char *path)
 	struct stat st;
 	if (stat(path, &st) != 0)
 	{
-		plog("Disabling %sstart option, '%s' not found", daemon, path);
+		DBG1(DBG_APP, "Disabling %sstart option, '%s' not found", daemon, path);
 		return FALSE;
 	}
 	return TRUE;
@ -119,15 +119,13 @@ static void default_values(starter_config_t *cfg)
 #define KW_POLICY_FLAG(sy, sn, fl) \
 		if (streq(kw->value, sy)) { conn->policy |= fl; } \
 		else if (streq(kw->value, sn)) { conn->policy &= ~fl; } \
-		else { plog("# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; }
+		else { DBG1(DBG_APP, "# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; }
 static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
 {
 	kw_list_t *kw;
-	DBG(DBG_CONTROL,
+	DBG2(DBG_APP, "Loading config setup");
 		DBG_log("Loading config setup")
    )
 	for (kw = cfgp->config_setup; kw; kw = kw->next)
 	{
@ -137,14 +135,15 @@ static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
 		if ((int)token < KW_SETUP_FIRST || token > KW_SETUP_LAST)
 		{
-			plog("# unsupported keyword '%s' in config setup", kw->entry->name);
+			DBG1(DBG_APP, "# unsupported keyword '%s' in config setup",
 				 kw->entry->name);
 			cfg->err++;
 			continue;
 		}
 		if (!assign_arg(token, KW_SETUP_FIRST, kw, (char *)cfg, &assigned))
 		{
-			plog("  bad argument value in config setup");
+			DBG1(DBG_APP, "  bad argument value in config setup");
 			cfg->err++;
 			continue;
 		}
@ -194,11 +193,11 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 			}
 			else if (!cfg->defaultroute.supported)
 			{
-				plog("%%defaultroute not supported, fallback to %%any");
+				DBG1(DBG_APP, "%%defaultroute not supported, fallback to %%any");
 			}
 			else
 			{
-				plog("# default route not known: %s=%s", name, value);
+				DBG1(DBG_APP, "# default route not known: %s=%s", name, value);
 				goto err;
 			}
 		}
@ -232,7 +231,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 			ugh = ttoaddr(value, 0, conn->addr_family, &end->addr);
 			if (ugh != NULL)
 			{
-				plog("# bad addr: %s=%s [%s]", name, value, ugh);
+				DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh);
 				if (streq(ugh, "does not look numeric and name lookup failed"))
 				{
 					end->dns_failed = TRUE;
@ -270,7 +269,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 			ugh = ttosubnet(value, len, ip_version(value), &net);
 			if (ugh != NULL)
 			{
-				plog("# bad subnet: %s=%s [%s]", name, value, ugh);
+				DBG1(DBG_APP, "# bad subnet: %s=%s [%s]", name, value, ugh);
 				goto err;
 			}
 		}
@ -278,7 +277,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 	case KW_SOURCEIP:
 		if (end->has_natip)
 		{
-			plog("# natip and sourceip cannot be defined at the same time");
+			DBG1(DBG_APP, "# natip and sourceip cannot be defined at the same time");
 			goto err;
 		}
 		if (value[0] == '%')
@ -313,7 +312,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 				ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &net);
 				if (ugh != NULL)
 				{
-					plog("# bad subnet: %s=%s [%s]", name, value, ugh);
+					DBG1(DBG_APP, "# bad subnet: %s=%s [%s]", name, value, ugh);
 					goto err;
 				 }
 				*pos = '\0';
@ -326,7 +325,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 				ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr);
 				if (ugh != NULL)
 				{
-					plog("# bad addr: %s=%s [%s]", name, value, ugh);
+					DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh);
 					goto err;
 				}
 				end->sourceip_mask = (conn->tunnel_addr_family == AF_INET) ?
@ -364,7 +363,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 			}
 			else
 			{
-				plog("# default route not known: %s=%s", name, value);
+				DBG1(DBG_APP, "# default route not known: %s=%s", name, value);
 				goto err;
 			}
 		}
@ -379,7 +378,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 		}
 		if (ugh != NULL)
 		{
-			plog("# bad addr: %s=%s [%s]", name, value, ugh);
+			DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh);
 			goto err;
 		}
 		break;
@ -394,7 +393,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 		ugh = ttosubnet(value, 0, ip_version(value), &net);
 		if (ugh != NULL)
 		{
-			plog("# bad subnet: %s=%s [%s]", name, value, ugh);
+			DBG1(DBG_APP, "# bad subnet: %s=%s [%s]", name, value, ugh);
 			goto err;
 		}
 		end->subnet = clone_str(value);
@ -407,7 +406,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 	case KW_NATIP:
 		if (end->sourceip)
 		{
-			plog("# natip and sourceip cannot be defined at the same time");
+			DBG1(DBG_APP, "# natip and sourceip cannot be defined at the same time");
 			goto err;
 		}
 		if (streq(value, "%defaultroute"))
@ -421,7 +420,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 			}
 			else
 			{
-				plog("# default route not known: %s=%s", name, value);
+				DBG1(DBG_APP, "# default route not known: %s=%s", name, value);
 				goto err;
 			}
 		}
@ -433,7 +432,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 			ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr);
 			if (ugh != NULL)
 			{
-				plog("# bad addr: %s=%s [%s]", name, value, ugh);
+				DBG1(DBG_APP, "# bad addr: %s=%s [%s]", name, value, ugh);
 				goto err;
 			}
 			end->sourceip = clone_str(value);
@ -447,7 +446,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 	return;
 err:
-	plog("  bad argument value in conn '%s'", conn_name);
+	DBG1(DBG_APP, "  bad argument value in conn '%s'", conn_name);
 	cfg->err++;
 }
@ -461,8 +460,8 @@ static void handle_dns_failure(const char *label, starter_end_t *end,
 	{
 		if (end->allow_any)
 		{
-			plog("# fallback to %s=%%any due to '%%' prefix or %sallowany=yes",
+			DBG1(DBG_APP, "# fallback to %s=%%any due to '%%' prefix or %sallowany=yes",
-				label, label);
+				 label, label);
 		}
 		else if (!end->host)
 		{
@ -482,7 +481,8 @@ static void handle_firewall(const char *label, starter_end_t *end,
 	{
 		if (end->updown != NULL)
 		{
-			plog("# cannot have both %sfirewall and %supdown", label, label);
+			DBG1(DBG_APP, "# cannot have both %sfirewall and %supdown", label,
 				 label);
 			cfg->err++;
 		}
 		else
@ -504,7 +504,7 @@ static bool handle_mark(char *value, mark_t *mark)
 		mark->mask = strtoul(pos+1, &endptr, 0);
 		if (*endptr != '\0')
 		{
-			plog("# invalid mark mask: %s", pos+1);
+			DBG1(DBG_APP, "# invalid mark mask: %s", pos+1);
 			return FALSE;
 		}
 	}
@ -521,7 +521,7 @@ static bool handle_mark(char *value, mark_t *mark)
 		mark->value = strtoul(value, &endptr, 0);
 		if (*endptr != '\0')
 		{
-			plog("# invalid mark value: %s", value);
+			DBG1(DBG_APP, "# invalid mark value: %s", value);
 			return FALSE;
 		}
 	}
@ -568,24 +568,22 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
 				also->next = conn->also;
 				conn->also = also;
-				DBG(DBG_CONTROL,
+				DBG2(DBG_APP, "  also=%s", kw->value);
 					DBG_log("  also=%s", kw->value)
 				)
 			}
 			continue;
 		}
 		if (token < KW_CONN_FIRST || token > KW_CONN_LAST)
 		{
-			plog("# unsupported keyword '%s' in conn '%s'"
+			DBG1(DBG_APP, "# unsupported keyword '%s' in conn '%s'",
-				, kw->entry->name, conn_name);
+				 kw->entry->name, conn_name);
 			cfg->err++;
 			continue;
 		}
 		if (!assign_arg(token, KW_CONN_FIRST, kw, (char *)conn, &assigned))
 		{
-			plog("  bad argument value in conn '%s'", conn_name);
+			DBG1(DBG_APP, "  bad argument value in conn '%s'", conn_name);
 			cfg->err++;
 			continue;
 		}
@ -623,7 +621,8 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
 			}
 			else if (strcmp(kw->value, "transport") != 0)
 			{
-				plog("# bad policy value: %s=%s", kw->entry->name, kw->value);
+				DBG1(DBG_APP, "# bad policy value: %s=%s", kw->entry->name,
 					 kw->value);
 				cfg->err++;
 			}
 			break;
@ -672,7 +671,8 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
 					}
 					else
 					{
-						plog("# bad policy value: %s=%s", kw->entry->name, kw->value);
+						DBG1(DBG_APP, "# bad policy value: %s=%s",
 							 kw->entry->name, kw->value);
 						cfg->err++;
 						break;
 					}
@ -717,7 +717,8 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
 				conn->tfc = strtoul(kw->value, &endptr, 10);
 				if (*endptr != '\0')
 				{
-					plog("# bad integer value: %s=%s", kw->entry->name, kw->value);
+					DBG1(DBG_APP, "# bad integer value: %s=%s", kw->entry->name,
 						 kw->value);
 					cfg->err++;
 				}
 			}
@ -734,7 +735,8 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
 				conn->sa_keying_tries = strtoul(kw->value, &endptr, 10);
 				if (*endptr != '\0')
 				{
-					plog("# bad integer value: %s=%s", kw->entry->name, kw->value);
+					DBG1(DBG_APP, "# bad integer value: %s=%s", kw->entry->name,
 						 kw->value);
 					cfg->err++;
 				}
 			}
@ -808,23 +810,22 @@ static void load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
 				also->next = ca->also;
 				ca->also = also;
-				DBG(DBG_CONTROL,
+				DBG2(DBG_APP, "  also=%s", kw->value);
 					DBG_log("  also=%s", kw->value)
 				)
 			}
 			continue;
 		}
 		if (token < KW_CA_FIRST || token > KW_CA_LAST)
 		{
-			plog("# unsupported keyword '%s' in ca '%s'", kw->entry->name, ca_name);
+			DBG1(DBG_APP, "# unsupported keyword '%s' in ca '%s'",
 				 kw->entry->name, ca_name);
 			cfg->err++;
 			continue;
 		}
 		if (!assign_arg(token, KW_CA_FIRST, kw, (char *)ca, &assigned))
 		{
-			plog("  bad argument value in ca '%s'", ca_name);
+			DBG1(DBG_APP, "  bad argument value in ca '%s'", ca_name);
 			cfg->err++;
 		}
 	}
@ -857,13 +858,12 @@ static void load_also_conns(starter_conn_t *conn, also_t *also,
 		if (kw == NULL)
 		{
-			plog("  conn '%s' cannot include '%s'", conn->name, also->name);
+			DBG1(DBG_APP, "  conn '%s' cannot include '%s'", conn->name,
 				 also->name);
 		}
 		else
 		{
-			DBG(DBG_CONTROL,
+			DBG2(DBG_APP, "conn '%s' includes '%s'", conn->name, also->name);
 				DBG_log("conn '%s' includes '%s'", conn->name, also->name)
 			)
 			/* only load if no error occurred in the first round */
 			if (cfg->err == 0)
 				load_conn(conn, kw, cfg);
@ -886,7 +886,7 @@ static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn,
 		{
 			if (conn->visit == c->visit)
 			{
-				plog("# detected also loop");
+				DBG1(DBG_APP, "# detected also loop");
 				cfg->err++;
 				return NULL;
 			}
@ -897,7 +897,7 @@ static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn,
 		c = c->next;
 	}
-	plog("# also '%s' not found", name);
+	DBG1(DBG_APP, "# also '%s' not found", name);
 	cfg->err++;
 	return NULL;
 }
@ -913,13 +913,12 @@ static void load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
 		if (kw == NULL)
 		{
-			plog("  ca '%s' cannot include '%s'", ca->name, also->name);
+			DBG1(DBG_APP, "  ca '%s' cannot include '%s'", ca->name,
 				 also->name);
 		}
 		else
 		{
-			DBG(DBG_CONTROL,
+			DBG2(DBG_APP, "ca '%s' includes '%s'", ca->name, also->name);
 				DBG_log("ca '%s' includes '%s'", ca->name, also->name)
 			)
 			/* only load if no error occurred in the first round */
 			if (cfg->err == 0)
 			load_ca(ca, kw, cfg);
@ -942,7 +941,7 @@ static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca,
 		{
 			if (ca->visit == c->visit)
 			{
-				plog("# detected also loop");
+				DBG1(DBG_APP, "# detected also loop");
 				cfg->err++;
 				return NULL;
 			}
@ -953,7 +952,7 @@ static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca,
 		c = c->next;
 	}
-	plog("# also '%s' not found", name);
+	DBG1(DBG_APP, "# also '%s' not found", name);
 	cfg->err++;
 	return NULL;
 }
@ -1068,9 +1067,7 @@ starter_config_t* confread_load(const char *file)
 	{
 		if (streq(sca->name, "%default"))
 		{
-			DBG(DBG_CONTROL,
+			DBG2(DBG_APP, "Loading ca %%default");
 				DBG_log("Loading ca %%default")
 			)
 			load_ca(&cfg->ca_default, sca->kw, cfg);
 		}
 	}
@ -1087,9 +1084,7 @@ starter_config_t* confread_load(const char *file)
 		if (streq(sca->name, "%default"))
 			continue;
-		DBG(DBG_CONTROL,
+		DBG2(DBG_APP, "Loading ca '%s'", sca->name);
 			DBG_log("Loading ca '%s'", sca->name)
 		)
 		ca = malloc_thing(starter_ca_t);
 		ca_default(sca->name, ca, &cfg->ca_default);
@ -1137,9 +1132,7 @@ starter_config_t* confread_load(const char *file)
 	{
 		if (streq(sconn->name, "%default"))
 		{
-			DBG(DBG_CONTROL,
+			DBG2(DBG_APP, "Loading conn %%default");
 				DBG_log("Loading conn %%default")
 			)
 			load_conn(&cfg->conn_default, sconn->kw, cfg);
 		}
 	}
@ -1158,9 +1151,7 @@ starter_config_t* confread_load(const char *file)
 		if (streq(sconn->name, "%default"))
 			continue;
-		DBG(DBG_CONTROL,
+		DBG2(DBG_APP, "Loading conn '%s'", sconn->name);
 			DBG_log("Loading conn '%s'", sconn->name)
 		)
 		conn = malloc_thing(starter_conn_t);
 		conn_default(sconn->name, conn, &cfg->conn_default);
@ -1213,8 +1204,8 @@ starter_config_t* confread_load(const char *file)
 	total_err = cfg->err + cfg->non_fatal_err;
 	if (total_err > 0)
 	{
-		plog("### %d parsing error%s (%d fatal) ###"
+		DBG1(DBG_APP, "### %d parsing error%s (%d fatal) ###",
-			, total_err, (total_err > 1)?"s":"", cfg->err);
+			 total_err, (total_err > 1)?"s":"", cfg->err);
 	}
 	return cfg;
--- a/src/starter/interfaces.c
+++ b/src/starter/interfaces.c
@ -20,9 +20,9 @@
 #include <freeswan.h>
 #include <debug.h>
 #include <constants.h>
 #include <defs.h>
 #include <log.h>
 #include "interfaces.h"
 #include "files.h"
@ -67,13 +67,13 @@ get_defaultroute(defaultroute_t *defaultroute)
 	fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE);
 	if (fd == -1)
 	{
-		plog("could not create rtnetlink socket");
+		DBG1(DBG_APP, "could not create rtnetlink socket");
 		return;
 	}
 	if (send(fd, &rtu, rtu.m.nh.nlmsg_len, 0) == -1)
 	{
-		plog("could not write to rtnetlink socket");
+		DBG1(DBG_APP, "could not write to rtnetlink socket");
 		close(fd);
 		return;
 	}
@ -81,7 +81,7 @@ get_defaultroute(defaultroute_t *defaultroute)
 	msglen = recv(fd, &rtu, sizeof(rtu), MSG_WAITALL);
 	if (msglen == -1)
 	{
-		plog("could not read from rtnetlink socket");
+		DBG1(DBG_APP, "could not read from rtnetlink socket");
 		close(fd);
 		return;
 	}
@ -98,7 +98,7 @@ get_defaultroute(defaultroute_t *defaultroute)
 		if (nh->nlmsg_type == NLMSG_ERROR)
 		{
-			plog("error from rtnetlink");
+			DBG1(DBG_APP, "error from rtnetlink");
 			return;
 		}
@ -138,7 +138,7 @@ get_defaultroute(defaultroute_t *defaultroute)
 			fd = socket(AF_INET, SOCK_DGRAM, 0);
 			if (fd < 0)
 			{
-				plog("could not open AF_INET socket");
+				DBG1(DBG_APP, "could not open AF_INET socket");
 				break;
 			}
 			memset(&req, 0, sizeof(req));
@ -146,7 +146,7 @@ get_defaultroute(defaultroute_t *defaultroute)
 			if (ioctl(fd, SIOCGIFNAME, &req) < 0 ||
 				ioctl(fd, SIOCGIFADDR, &req) < 0)
 			{
-				plog("could not read interface data, ignoring route");
+				DBG1(DBG_APP, "could not read interface data, ignoring route");
 				close(fd);
 				break;
 			}
@ -161,8 +161,8 @@ get_defaultroute(defaultroute_t *defaultroute)
 				if (ioctl(fd, SIOCGIFDSTADDR, &req) < 0 ||
 					((struct sockaddr_in*) &req.ifr_dstaddr)->sin_addr.s_addr == INADDR_ANY)
 				{
-					DBG_log("Ignoring default route to device %s because we can't get it's destination",
+					DBG2(DBG_APP, "Ignoring default route to device %s because we can't get it's destination",
-							req.ifr_name);
+						 req.ifr_name);
 					close(fd);
 					break;
 				}
@ -174,19 +174,19 @@ get_defaultroute(defaultroute_t *defaultroute)
 			close(fd);
-			DBG(DBG_CONTROL,
+			{
 				char addr[20];
 				char nexthop[20];
 				addrtot(&defaultroute->addr, 0, addr, sizeof(addr));
 				addrtot(&defaultroute->nexthop, 0, nexthop, sizeof(nexthop));
-				DBG_log(
+				DBG2(DBG_APP,
 					( !defaultroute->defined
 					? "Default route found: iface=%s, addr=%s, nexthop=%s"
 					: "Better default route: iface=%s, addr=%s, nexthop=%s"
 					), defaultroute->iface, addr, nexthop
-				)
+				);
-			);
+			}
 			best_metric = metric;
 			defaultroute->defined = TRUE;
@ -195,7 +195,7 @@ get_defaultroute(defaultroute_t *defaultroute)
 	defaultroute->supported = TRUE;
 	if (!defaultroute->defined)
-		plog("no default route - cannot cope with %%defaultroute!!!");
+		DBG1(DBG_APP, "no default route - cannot cope with %%defaultroute!!!");
 }
 #else /* !START_PLUTO */
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@ -23,11 +23,11 @@
 #include <stdlib.h>
 #include <errno.h>
-#include <freeswan.h>
+#include <library.h>
 #include <debug.h>
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
 #include "../pluto/log.h"
 #include "confread.h"
 #include "invokecharon.h"
@ -49,19 +49,19 @@ void starter_charon_sigchild(pid_t pid, int status)
 		if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
 			status == SS_RC_DAEMON_INTEGRITY)
 		{
-			plog("charon has quit: integrity test of %s failed",
+			DBG1(DBG_APP, "charon has quit: integrity test of %s failed",
-				  (status == 64) ? "libstrongswan" : "charon");
+				 (status == 64) ? "libstrongswan" : "charon");
 			_stop_requested = 1;
 		}
 		else if (status == SS_RC_INITIALIZATION_FAILED)
 		{
-			plog("charon has quit: initialization failed");
+			DBG1(DBG_APP, "charon has quit: initialization failed");
 			_stop_requested = 1;
 		}
 		if (!_stop_requested)
 		{
-			plog("charon has died -- restart scheduled (%dsec)"
+			DBG1(DBG_APP, "charon has died -- restart scheduled (%dsec)",
-				, CHARON_RESTART_DELAY);
+				 CHARON_RESTART_DELAY);
 			alarm(CHARON_RESTART_DELAY);   // restart in 5 sec
 		}
 		unlink(CHARON_PID_FILE);
@ -91,7 +91,7 @@ int starter_stop_charon (void)
 			else if (i == 40)
 			{
 				kill(pid, SIGKILL);
-				plog("starter_stop_charon(): charon does not respond, sending KILL");
+				DBG1(DBG_APP, "starter_stop_charon(): charon does not respond, sending KILL");
 			}
 			else
 			{
@ -101,15 +101,15 @@ int starter_stop_charon (void)
 		}
 		if (_charon_pid == 0)
 		{
-			plog("charon stopped after %d ms", 200*i);
+			DBG1(DBG_APP, "charon stopped after %d ms", 200*i);
 			return 0;
 		}
-		plog("starter_stop_charon(): can't stop charon !!!");
+		DBG1(DBG_APP, "starter_stop_charon(): can't stop charon !!!");
 		return -1;
 	}
 	else
 	{
-		plog("stater_stop_charon(): charon was not started...");
+		DBG1(DBG_APP, "stater_stop_charon(): charon was not started...");
 	}
 	return -1;
 }
@ -175,7 +175,7 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 	if (_charon_pid)
 	{
-		plog("starter_start_charon(): charon already started...");
+		DBG1(DBG_APP, "starter_start_charon(): charon already started...");
 		return -1;
 	}
 	else
@ -187,7 +187,7 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 		switch (pid)
 		{
 		case -1:
-			plog("can't fork(): %s", strerror(errno));
+			DBG1(DBG_APP, "can't fork(): %s", strerror(errno));
 			return -1;
 		case 0:
 			/* child */
@ -197,7 +197,7 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 			/* disable glibc's malloc checker, conflicts with leak detective */
 			setenv("MALLOC_CHECK_", "0", 1);
 			execv(arg[0], arg);
-			plog("can't execv(%s,...): %s", arg[0], strerror(errno));
+			DBG1(DBG_APP, "can't execv(%s,...): %s", arg[0], strerror(errno));
 			exit(1);
 		default:
 			/* father */
@ -208,14 +208,15 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 				usleep(20000);
 				if (stat(CHARON_PID_FILE, &stb) == 0)
 				{
-					plog("charon (%d) started after %d ms", _charon_pid, 20*(i+1));
+					DBG1(DBG_APP, "charon (%d) started after %d ms",
 						 _charon_pid, 20*(i+1));
 					return 0;
 				}
 			}
 			if (_charon_pid)
 			{
 				/* If charon is started but with no ctl file, stop it */
-				plog("charon too long to start... - kill kill");
+				DBG1(DBG_APP, "charon too long to start... - kill kill");
 				for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
 				{
 					if (i == 0)
@ -235,7 +236,7 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 			}
 			else
 			{
-				plog("charon refused to be started");
+				DBG1(DBG_APP, "charon refused to be started");
 			}
 			return -1;
 		}
--- a/src/starter/invokepluto.c
+++ b/src/starter/invokepluto.c
@ -21,17 +21,14 @@
 #include <errno.h>
 #include <fcntl.h>
-#include <freeswan.h>
+#include <library.h>
-
+#include <debug.h>
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
 #include "../pluto/log.h"
 #include "confread.h"
 #include "invokepluto.h"
 #include "files.h"
 #include "starterwhack.h"
-#
+
 static int _pluto_pid = 0;
 static int _stop_requested;
@ -50,19 +47,19 @@ starter_pluto_sigchild(pid_t pid, int status)
 		if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
 			status == SS_RC_DAEMON_INTEGRITY)
 		{
-			plog("pluto has quit: integrity test of %s failed",
+			DBG1(DBG_APP, "pluto has quit: integrity test of %s failed",
-				  (status == 64) ? "libstrongswan" : "pluto");
+				 (status == 64) ? "libstrongswan" : "pluto");
 			_stop_requested = 1;
 		}
 		else if (status == SS_RC_INITIALIZATION_FAILED)
 		{
-			plog("pluto has quit: initialization failed");
+			DBG1(DBG_APP, "pluto has quit: initialization failed");
 			_stop_requested = 1;
 		}
 		if (!_stop_requested)
 		{
-			plog("pluto has died -- restart scheduled (%dsec)"
+			DBG1(DBG_APP, "pluto has died -- restart scheduled (%dsec)",
-				, PLUTO_RESTART_DELAY);
+				 PLUTO_RESTART_DELAY);
 			alarm(PLUTO_RESTART_DELAY);   // restart in 5 sec
 		}
 		unlink(PLUTO_PID_FILE);
@ -86,7 +83,7 @@ starter_stop_pluto (void)
 				usleep(20000); /* sleep for 20 ms */
 				if (_pluto_pid == 0)
 				{
-					plog("pluto stopped after %d ms", 20*(i+1));
+					DBG1(DBG_APP, "pluto stopped after %d ms", 20*(i+1));
 					return 0;
 				}
 			}
@ -102,7 +99,7 @@ starter_stop_pluto (void)
 			if (i == 10)
 			{
 				kill(pid, SIGKILL);
-				plog("starter_stop_pluto(): pluto does not respond, sending KILL");
+				DBG1(DBG_APP, "starter_stop_pluto(): pluto does not respond, sending KILL");
 			}
 			else
 			{
@ -112,15 +109,15 @@ starter_stop_pluto (void)
 		}
 		if (_pluto_pid == 0)
 		{
-			plog("pluto stopped after %d ms", 8000 + 100*i);
+			DBG1(DBG_APP, "pluto stopped after %d ms", 8000 + 100*i);
 			return 0;
 		}
-		plog("starter_stop_pluto(): can't stop pluto !!!");
+		DBG1(DBG_APP, "starter_stop_pluto(): can't stop pluto !!!");
 		return -1;
 	}
 	else
 	{
-		plog("stater_stop_pluto(): pluto is not started...");
+		DBG1(DBG_APP, "stater_stop_pluto(): pluto is not started...");
 	}
 	return -1;
 }
@ -241,7 +238,7 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 	if (_pluto_pid)
 	{
-		plog("starter_start_pluto(): pluto already started...");
+		DBG1(DBG_APP, "starter_start_pluto(): pluto already started...");
 		return -1;
 	}
 	else
@ -256,7 +253,7 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 		switch (pid)
 		{
 		case -1:
-			plog("can't fork(): %s", strerror(errno));
+			DBG1(DBG_APP, "can't fork(): %s", strerror(errno));
 			return -1;
 		case 0:
 			/* child */
@ -267,8 +264,8 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 				/* redirect stderr to file */
 				if (f < 0)
 				{
-					plog("couldn't open stderr redirection file '%s'",
+					DBG1(DBG_APP, "couldn't open stderr redirection file '%s'",
-						  cfg->setup.plutostderrlog);
+						 cfg->setup.plutostderrlog);
 				}
 				else
 				{
@ -281,7 +278,7 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 			/* disable glibc's malloc checker, conflicts with leak detective */
 			setenv("MALLOC_CHECK_", "0", 1);
 			execv(arg[0], arg);
-			plog("can't execv(%s,...): %s", arg[0], strerror(errno));
+			DBG1(DBG_APP, "can't execv(%s,...): %s", arg[0], strerror(errno));
 			exit(1);
 		default:
 			/* father */
@ -292,7 +289,8 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 				usleep(20000);
 				if (stat(PLUTO_CTL_FILE, &stb) == 0)
 				{
-					plog("pluto (%d) started after %d ms", _pluto_pid, 20*(i+1));
+					DBG1(DBG_APP, "pluto (%d) started after %d ms",
 						 _pluto_pid, 20*(i+1));
 					if (cfg->setup.postpluto)
 					{
 						ignore_result(system(cfg->setup.postpluto));
@ -303,7 +301,7 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 			if (_pluto_pid)
 			{
 				/* If pluto is started but with no ctl file, stop it */
-				plog("pluto too long to start... - kill kill");
+				DBG1(DBG_APP, "pluto too long to start... - kill kill");
 				for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++)
 				{
 					if (i < 10)
@ -319,7 +317,7 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 			}
 			else
 			{
-				plog("pluto refused to be started");
+				DBG1(DBG_APP, "pluto refused to be started");
 			}
 			return -1;
 		}
--- a/src/starter/klips.c
+++ b/src/starter/klips.c
@ -16,16 +16,12 @@
 #include <sys/stat.h>
 #include <stdlib.h>
-#include <freeswan.h>
+#include <library.h>
-
+#include <debug.h>
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
 #include "../pluto/log.h"
 #include "files.h"
-bool
+bool starter_klips_init(void)
 starter_klips_init(void)
 {
 	struct stat stb;
@ -40,9 +36,7 @@ starter_klips_init(void)
 		/* now test again */
 		if (stat(PROC_KLIPS, &stb) != 0)
 		{
-			DBG(DBG_CONTROL,
+			DBG2(DBG_APP, "kernel appears to lack the KLIPS IPsec stack");
 				DBG_log("kernel appears to lack the KLIPS IPsec stack")
 			)
 			return FALSE;
 		}
 	}
@ -52,29 +46,25 @@ starter_klips_init(void)
 	ignore_result(system("modprobe -qv ipsec_blowfish"));
 	ignore_result(system("modprobe -qv ipsec_sha2"));
-	DBG(DBG_CONTROL,
+	DBG2(DBG_APP, "found KLIPS IPsec stack");
 		DBG_log("Found KLIPS IPsec stack")
 	)
 	return TRUE;
 }
-void
+void starter_klips_cleanup(void)
 starter_klips_cleanup(void)
 {
 	if (system("type eroute > /dev/null 2>&1") == 0)
 	{
 		ignore_result(system("spi --clear"));
 		ignore_result(system("eroute --clear"));
 	}
-		else if (system("type setkey > /dev/null 2>&1") == 0)
+	else if (system("type setkey > /dev/null 2>&1") == 0)
 	{
 		ignore_result(system("setkey -F"));
 		ignore_result(system("setkey -FP"));
 	}
 	else
 	{
-		plog("WARNING: cannot flush IPsec state/policy database");
+		DBG1(DBG_APP, "WARNING: cannot flush IPsec state/policy database");
 	}
 }
--- a/src/starter/loglite.c
+++ b/src/starter/loglite.c
@ -1,297 +0,0 @@
 /* error logging functions
 * Copyright (C) 1997 Angelos D. Keromytis.
 * Copyright (C) 1998-2001  D. Hugh Redelmeier.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <ctype.h>
 #include <stdarg.h>
 #include <syslog.h>
 #include <errno.h>
 #include <string.h>
 #include <unistd.h>
 #include <signal.h>     /* used only if MSG_NOSIGNAL not defined */
 #include <libgen.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <freeswan.h>
 #include <constants.h>
 #include <defs.h>
 #include <log.h>
 #include <whack.h>
 #ifndef LOG_AUTHPRIV
 #define LOG_AUTHPRIV LOG_AUTH
 #endif
 bool
 	log_to_stderr = FALSE,      /* should log go to stderr? */
 	log_to_syslog = TRUE;       /* should log go to syslog? */
 void
 init_log(const char *program)
 {
 	if (log_to_stderr)
 		setbuf(stderr, NULL);
 	if (log_to_syslog)
 		openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
 }
 void
 close_log(void)
 {
 	if (log_to_syslog)
 		closelog();
 }
 void
 plog(const char *message, ...)
 {
 	va_list args;
 	char m[LOG_WIDTH];  /* longer messages will be truncated */
 	va_start(args, message);
 	vsnprintf(m, sizeof(m), message, args);
 	va_end(args);
 	if (log_to_stderr)
 		fprintf(stderr, "%s\n", m);
 	if (log_to_syslog)
 		syslog(LOG_WARNING, "%s", m);
 }
 void
 loglog(int mess_no, const char *message, ...)
 {
 	va_list args;
 	char m[LOG_WIDTH];  /* longer messages will be truncated */
 	va_start(args, message);
 	vsnprintf(m, sizeof(m), message, args);
 	va_end(args);
 	if (log_to_stderr)
 		fprintf(stderr, "%s\n", m);
 	if (log_to_syslog)
 		syslog(LOG_WARNING, "%s", m);
 }
 void
 log_errno_routine(int e, const char *message, ...)
 {
 	va_list args;
 	char m[LOG_WIDTH];  /* longer messages will be truncated */
 	va_start(args, message);
 	vsnprintf(m, sizeof(m), message, args);
 	va_end(args);
 	if (log_to_stderr)
 		fprintf(stderr, "ERROR: %s. Errno %d: %s\n", m, e, strerror(e));
 	if (log_to_syslog)
 		syslog(LOG_ERR, "ERROR: %s. Errno %d: %s", m, e, strerror(e));
 }
 void
 exit_log(const char *message, ...)
 {
 	va_list args;
 	char m[LOG_WIDTH];  /* longer messages will be truncated */
 	va_start(args, message);
 	vsnprintf(m, sizeof(m), message, args);
 	va_end(args);
 	if (log_to_stderr)
 		fprintf(stderr, "FATAL ERROR: %s\n", m);
 	if (log_to_syslog)
 		syslog(LOG_ERR, "FATAL ERROR: %s", m);
 	exit(1);
 }
 void
 exit_log_errno_routine(int e, const char *message, ...)
 {
 	va_list args;
 	char m[LOG_WIDTH];  /* longer messages will be truncated */
 	va_start(args, message);
 	vsnprintf(m, sizeof(m), message, args);
 	va_end(args);
 	if (log_to_stderr)
 		fprintf(stderr, "FATAL ERROR: %s. Errno %d: %s\n", m, e, strerror(e));
 	if (log_to_syslog)
 		syslog(LOG_ERR, "FATAL ERROR: %s. Errno %d: %s", m, e, strerror(e));
 	exit(1);
 }
 void
 whack_log(int mess_no, const char *message, ...)
 {
 	va_list args;
 	char m[LOG_WIDTH];  /* longer messages will be truncated */
 	va_start(args, message);
 	vsnprintf(m, sizeof(m), message, args);
 	va_end(args);
 	fprintf(stderr, "%s\n", m);
 }
 /* Build up a diagnostic in a static buffer.
 * Although this would be a generally useful function, it is very
 * hard to come up with a discipline that prevents different uses
 * from interfering.  It is intended that by limiting it to building
 * diagnostics, we will avoid this problem.
 * Juggling is performed to allow an argument to be a previous
 * result: the new string may safely depend on the old one.  This
 * restriction is not checked in any way: violators will produce
 * confusing results (without crashing!).
 */
 char diag_space[sizeof(diag_space)];
 err_t
 builddiag(const char *fmt, ...)
 {
 	static char diag_space[LOG_WIDTH];  /* longer messages will be truncated */
 	char t[sizeof(diag_space)]; /* build result here first */
 	va_list args;
 	va_start(args, fmt);
 	t[0] = '\0';        /* in case nothing terminates string */
 	vsnprintf(t, sizeof(t), fmt, args);
 	va_end(args);
 	strcpy(diag_space, t);
 	return diag_space;
 }
 /* Debugging message support */
 #ifdef DEBUG
 void
 switch_fail(int n, const char *file_str, unsigned long line_no)
 {
 	char buf[30];
 	snprintf(buf, sizeof(buf), "case %d unexpected", n);
 	passert_fail(buf, file_str, line_no);
 }
 void
 passert_fail(const char *pred_str, const char *file_str, unsigned long line_no)
 {
 	/* we will get a possibly unplanned prefix.  Hope it works */
 	loglog(RC_LOG_SERIOUS, "ASSERTION FAILED at %s:%lu: %s", file_str, line_no, pred_str);
 	abort();    /* exiting correctly doesn't always work */
 }
 lset_t
 	base_debugging = DBG_NONE,  /* default to reporting nothing */
 	cur_debugging =  DBG_NONE;
 void
 pexpect_log(const char *pred_str, const char *file_str, unsigned long line_no)
 {
 	/* we will get a possibly unplanned prefix.  Hope it works */
 	loglog(RC_LOG_SERIOUS, "EXPECTATION FAILED at %s:%lu: %s", file_str, line_no, pred_str);
 }
 /* log a debugging message (prefixed by "| ") */
 void
 DBG_log(const char *message, ...)
 {
 	va_list args;
 	char m[LOG_WIDTH];  /* longer messages will be truncated */
 	va_start(args, message);
 	vsnprintf(m, sizeof(m), message, args);
 	va_end(args);
 	if (log_to_stderr)
 		fprintf(stderr, "| %s\n", m);
 	if (log_to_syslog)
 		syslog(LOG_DEBUG, "| %s", m);
 }
 /* dump raw bytes in hex to stderr (for lack of any better destination) */
 void
 DBG_dump(const char *label, const void *p, size_t len)
 {
 #   define DUMP_LABEL_WIDTH 20  /* arbitrary modest boundary */
 #   define DUMP_WIDTH   (4 * (1 + 4 * 3) + 1)
 	char buf[DUMP_LABEL_WIDTH + DUMP_WIDTH];
 	char *bp;
 	const unsigned char *cp = p;
 	bp = buf;
 	if (label != NULL && label[0] != '\0')
 	{
 		/* Handle the label.  Care must be taken to avoid buffer overrun. */
 		size_t llen = strlen(label);
 		if (llen + 1 > sizeof(buf))
 		{
 			DBG_log("%s", label);
 		}
 		else
 		{
 			strcpy(buf, label);
 			if (buf[llen-1] == '\n')
 			{
 				buf[llen-1] = '\0';     /* get rid of newline */
 				DBG_log("%s", buf);
 			}
 			else if (llen < DUMP_LABEL_WIDTH)
 			{
 				bp = buf + llen;
 			}
 			else
 			{
 				DBG_log("%s", buf);
 			}
 		}
 	}
 	do {
 		int i, j;
 		for (i = 0; len!=0 && i!=4; i++)
 		{
 			*bp++ = ' ';
 			for (j = 0; len!=0 && j!=4; len--, j++)
 			{
 				static const char hexdig[] = "0123456789abcdef";
 				*bp++ = ' ';
 				*bp++ = hexdig[(*cp >> 4) & 0xF];
 				*bp++ = hexdig[*cp & 0xF];
 				cp++;
 			}
 		}
 		*bp = '\0';
 		DBG_log("%s", buf);
 		bp = buf;
 	} while (len != 0);
 #   undef DUMP_LABEL_WIDTH
 #   undef DUMP_WIDTH
 }
 #endif /* DEBUG */
--- a/src/starter/netkey.c
+++ b/src/starter/netkey.c
@ -16,17 +16,13 @@
 #include <sys/stat.h>
 #include <stdlib.h>
-#include <freeswan.h>
+#include <library.h>
 #include <hydra.h>
-
+#include <debug.h>
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
 #include "../pluto/log.h"
 #include "files.h"
-bool
+bool starter_netkey_init(void)
 starter_netkey_init(void)
 {
 	struct stat stb;
@ -41,9 +37,7 @@ starter_netkey_init(void)
 		/* now test again */
 		if (stat(PROC_NETKEY, &stb) != 0)
 		{
-			DBG(DBG_CONTROL,
+			DBG2(DBG_APP, "kernel appears to lack the native netkey IPsec stack");
 				DBG_log("kernel appears to lack the native netkey IPsec stack")
 			)
 			return FALSE;
 		}
 	}
@ -58,14 +52,11 @@ starter_netkey_init(void)
 		ignore_result(system("modprobe -qv xfrm_user"));
 	}
-	DBG(DBG_CONTROL,
+	DBG2(DBG_APP, "found netkey IPsec stack");
 		DBG_log("Found netkey IPsec stack")
 	)
 	return TRUE;
 }
-void
+void starter_netkey_cleanup(void)
 starter_netkey_cleanup(void)
 {
 	hydra->kernel_interface->flush_sas(hydra->kernel_interface);
 	hydra->kernel_interface->flush_policies(hydra->kernel_interface);
--- a/src/starter/parser.y
+++ b/src/starter/parser.y
@ -17,11 +17,12 @@
 #include <stdlib.h>
 #include <string.h>
-#include <freeswan.h>
+#include <library.h>
 #include <debug.h>
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
-#include "../pluto/log.h"
+
 #include "ipsec-parser.h"
 #define YYERROR_VERBOSE
@ -63,7 +64,7 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len);
 config_file:
 	config_file section_or_include
-	| /* NULL */                
+	| /* NULL */
 	;
 section_or_include:
@ -79,7 +80,7 @@ section_or_include:
 	| CONN STRING EOL
 	{
 		section_list_t *section = malloc_thing(section_list_t);
-		
+
 		section->name = clone_str($2);
 		section->kw = NULL;
 		section->next = NULL;
@ -223,7 +224,7 @@ config_parsed_t *parser_load_conf(const char *file)
 	if (err)
 	{
-		plog("%s", parser_errstring);
+		DBG1(DBG_APP, "%s", parser_errstring);
 		if (cfg)
 			parser_free_conf(cfg);
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@ -19,6 +19,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <signal.h>
 #include <syslog.h>
 #include <unistd.h>
 #include <sys/time.h>
 #include <time.h>
@ -34,10 +35,10 @@
 #include <hydra.h>
 #include <utils/backtrace.h>
 #include <threading/thread.h>
 #include <debug.h>
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
 #include "../pluto/log.h"
 #include "confread.h"
 #include "files.h"
@ -50,6 +51,83 @@
 #include "cmp.h"
 #include "interfaces.h"
 #ifndef LOG_AUTHPRIV
 #define LOG_AUTHPRIV LOG_AUTH
 #endif
 /* logging */
 static bool log_to_stderr = TRUE;
 static bool log_to_syslog = TRUE;
 static level_t current_loglevel = 1;
 /**
 * logging function for scepclient
 */
 static void starter_dbg(debug_t group, level_t level, char *fmt, ...)
 {
 	char buffer[8192];
 	char *current = buffer, *next;
 	va_list args;
 	if (level <= current_loglevel)
 	{
 		if (log_to_stderr)
 		{
 			va_start(args, fmt);
 			vfprintf(stderr, fmt, args);
 			va_end(args);
 			fprintf(stderr, "\n");
 		}
 		if (log_to_syslog)
 		{
 			/* write in memory buffer first */
 			va_start(args, fmt);
 			vsnprintf(buffer, sizeof(buffer), fmt, args);
 			va_end(args);
 			/* do a syslog with every line */
 			while (current)
 			{
 				next = strchr(current, '\n');
 				if (next)
 				{
 					*(next++) = '\0';
 				}
 				syslog(LOG_INFO, "%s\n", current);
 				current = next;
 			}
 		}
 	}
 }
 /**
 * Initialize logging to stderr/syslog
 */
 static void init_log(const char *program)
 {
 	dbg = starter_dbg;
 	if (log_to_stderr)
 	{
 		setbuf(stderr, NULL);
 	}
 	if (log_to_syslog)
 	{
 		openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
 	}
 }
 /**
 * Deinitialize logging to syslog
 */
 static void close_log()
 {
 	if (log_to_syslog)
 	{
 		closelog();
 	}
 }
 /**
 * Return codes defined by Linux Standard Base Core Specification 3.1
 * in section 20.2. Init Script Actions
@ -97,17 +175,13 @@ static void signal_handler(int signal)
 				}
 				if (WIFSIGNALED(status))
 				{
-					DBG(DBG_CONTROL,
+					DBG2(DBG_APP, "child %d%s has been killed by sig %d\n",
-						DBG_log("child %d%s has been killed by sig %d\n",
+						 pid, name?name:"", WTERMSIG(status));
 								pid, name?name:"", WTERMSIG(status))
 					   )
 				}
 				else if (WIFSTOPPED(status))
 				{
-					DBG(DBG_CONTROL,
+					DBG2(DBG_APP, "child %d%s has been stopped by sig %d\n",
-						DBG_log("child %d%s has been stopped by sig %d\n",
+						 pid, name?name:"", WSTOPSIG(status));
 								pid, name?name:"", WSTOPSIG(status))
 					   )
 				}
 				else if (WIFEXITED(status))
 				{
@ -116,16 +190,12 @@ static void signal_handler(int signal)
 					{
 						_action_ =  FLAG_ACTION_QUIT;
 					}
-					DBG(DBG_CONTROL,
+					DBG2(DBG_APP, "child %d%s has quit (exit code %d)\n",
-						DBG_log("child %d%s has quit (exit code %d)\n",
+						 pid, name?name:"", exit_status);
 								pid, name?name:"", exit_status)
 					   )
 				}
 				else
 				{
-					DBG(DBG_CONTROL,
+					DBG2(DBG_APP, "child %d%s has quit", pid, name?name:"");
 						DBG_log("child %d%s has quit", pid, name?name:"")
 					   )
 				}
 				if (pid == starter_pluto_pid())
 				{
@ -160,7 +230,7 @@ static void signal_handler(int signal)
 			break;
 		default:
-			plog("fsig(): unknown signal %d -- investigate", signal);
+			DBG1(DBG_APP, "fsig(): unknown signal %d -- investigate", signal);
 			break;
 	}
 }
@ -172,12 +242,12 @@ static void fatal_signal_handler(int signal)
 {
 	backtrace_t *backtrace;
-	plog("thread %u received %d", thread_current_id(), signal);
+	DBG1(DBG_APP, "thread %u received %d", thread_current_id(), signal);
 	backtrace = backtrace_create(2);
 	backtrace->log(backtrace, stderr, TRUE);
 	backtrace->destroy(backtrace);
-	plog("killing ourself, received critical signal");
+	DBG1(DBG_APP, "killing ourself, received critical signal");
 	abort();
 }
@ -263,7 +333,7 @@ static bool check_pid(char *pid_file)
 				return TRUE;
 			}
 		}
-		plog("removing pidfile '%s', process not running", pid_file);
+		DBG1(DBG_APP, "removing pidfile '%s', process not running", pid_file);
 		unlink(pid_file);
 	}
 	return FALSE;
@ -295,10 +365,6 @@ int main (int argc, char **argv)
 	bool attach_gdb = FALSE;
 	bool load_warning = FALSE;
 	/* global variables defined in log.h */
 	log_to_stderr = TRUE;
 	base_debugging = DBG_NONE;
 	library_init(NULL);
 	atexit(library_deinit);
@ -310,15 +376,15 @@ int main (int argc, char **argv)
 	{
 		if (streq(argv[i], "--debug"))
 		{
-			base_debugging |= DBG_CONTROL;
+			current_loglevel = 2;
 		}
 		else if (streq(argv[i], "--debug-more"))
 		{
-			base_debugging |= DBG_CONTROLMORE;
+			current_loglevel = 3;
 		}
 		else if (streq(argv[i], "--debug-all"))
 		{
-			base_debugging |= DBG_ALL;
+			current_loglevel = 4;
 		}
 		else if (streq(argv[i], "--nofork"))
 		{
@ -341,11 +407,9 @@ int main (int argc, char **argv)
 		}
 	}
 	/* Init */
 	init_log("ipsec_starter");
 	cur_debugging = base_debugging;
-	plog("Starting strongSwan "VERSION" IPsec [starter]...");
+	DBG1(DBG_APP, "Starting strongSwan "VERSION" IPsec [starter]...");
 #ifdef LOAD_WARNING
 	load_warning = TRUE;
@ -356,22 +420,22 @@ int main (int argc, char **argv)
 		if (lib->settings->get_str(lib->settings, "charon.load", NULL) ||
 			lib->settings->get_str(lib->settings, "pluto.load", NULL))
 		{
-			plog("!! Your strongswan.conf contains manual plugin load options for");
+			DBG1(DBG_APP, "!! Your strongswan.conf contains manual plugin load options for");
-			plog("!! pluto and/or charon. This is recommended for experts only, see");
+			DBG1(DBG_APP, "!! pluto and/or charon. This is recommended for experts only, see");
-			plog("!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad");
+			DBG1(DBG_APP, "!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad");
 		}
 	}
 	/* verify that we can start */
 	if (getuid() != 0)
 	{
-		plog("permission denied (must be superuser)");
+		DBG1(DBG_APP, "permission denied (must be superuser)");
 		exit(LSB_RC_NOT_ALLOWED);
 	}
 	if (check_pid(PLUTO_PID_FILE))
 	{
-		plog("pluto is already running (%s exists) -- skipping pluto start",
+		DBG1(DBG_APP, "pluto is already running (%s exists) -- skipping pluto start",
 			 PLUTO_PID_FILE);
 	}
 	else
@ -380,7 +444,7 @@ int main (int argc, char **argv)
 	}
 	if (check_pid(CHARON_PID_FILE))
 	{
-		plog("charon is already running (%s exists) -- skipping charon start",
+		DBG1(DBG_APP, "charon is already running (%s exists) -- skipping charon start",
 			 CHARON_PID_FILE);
 	}
 	else
@ -389,20 +453,20 @@ int main (int argc, char **argv)
 	}
 	if (stat(DEV_RANDOM, &stb) != 0)
 	{
-		plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
+		DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
 		exit(LSB_RC_FAILURE);
 	}
 	if (stat(DEV_URANDOM, &stb)!= 0)
 	{
-		plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
+		DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
 		exit(LSB_RC_FAILURE);
 	}
 	cfg = confread_load(CONFIG_FILE);
 	if (cfg == NULL || cfg->err > 0)
 	{
-		plog("unable to start strongSwan -- fatal errors in config");
+		DBG1(DBG_APP, "unable to start strongSwan -- fatal errors in config");
 		if (cfg)
 		{
 			confread_free(cfg);
@ -413,11 +477,11 @@ int main (int argc, char **argv)
 	/* determine if we have a native netkey IPsec stack */
 	if (!starter_netkey_init())
 	{
-		plog("no netkey IPsec stack detected");
+		DBG1(DBG_APP, "no netkey IPsec stack detected");
 		if (!starter_klips_init())
 		{
-			plog("no KLIPS IPsec stack detected");
+			DBG1(DBG_APP, "no KLIPS IPsec stack detected");
-			plog("no known IPsec stack detected, ignoring!");
+			DBG1(DBG_APP, "no known IPsec stack detected, ignoring!");
 		}
 	}
@ -425,7 +489,7 @@ int main (int argc, char **argv)
 	if (check_pid(STARTER_PID_FILE))
 	{
-		plog("starter is already running (%s exists) -- no fork done",
+		DBG1(DBG_APP, "starter is already running (%s exists) -- no fork done",
 			 STARTER_PID_FILE);
 		confread_free(cfg);
 		exit(LSB_RC_SUCCESS);
@ -463,7 +527,7 @@ int main (int argc, char **argv)
 			}
 			break;
 			case -1:
-				plog("can't fork: %s", strerror(errno));
+				DBG1(DBG_APP, "can't fork: %s", strerror(errno));
 				break;
 			default:
 				confread_free(cfg);
@ -540,7 +604,7 @@ int main (int argc, char **argv)
 			starter_netkey_cleanup();
 			confread_free(cfg);
 			unlink(STARTER_PID_FILE);
-			plog("ipsec starter stopped");
+			DBG1(DBG_APP, "ipsec starter stopped");
 			lib->plugins->unload(lib->plugins);
 			close_log();
 			exit(LSB_RC_SUCCESS);
@ -592,9 +656,7 @@ int main (int argc, char **argv)
 		 */
 		if (_action_ & FLAG_ACTION_UPDATE)
 		{
-			DBG(DBG_CONTROL,
+			DBG2(DBG_APP, "Reloading config...");
 				DBG_log("Reloading config...")
 			   );
 			new_cfg = confread_load(CONFIG_FILE);
 			if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0))
@ -608,7 +670,7 @@ int main (int argc, char **argv)
 				if (!starter_cmp_pluto(cfg, new_cfg))
 				{
-					plog("Pluto has changed");
+					DBG1(DBG_APP, "Pluto has changed");
 					if (starter_pluto_pid())
 						starter_stop_pluto();
 					_action_ &= ~FLAG_ACTION_LISTEN;
@ -690,7 +752,7 @@ int main (int argc, char **argv)
 			}
 			else
 			{
-				plog("can't reload config file due to errors -- keeping old one");
+				DBG1(DBG_APP, "can't reload config file due to errors -- keeping old one");
 				if (new_cfg)
 				{
 					confread_free(new_cfg);
@ -707,9 +769,7 @@ int main (int argc, char **argv)
 		{
 			if (cfg->setup.plutostart && !starter_pluto_pid())
 			{
-				DBG(DBG_CONTROL,
+				DBG2(DBG_APP, "Attempting to start pluto...");
 					DBG_log("Attempting to start pluto...")
 				   );
 				if (starter_start_pluto(cfg, no_fork, attach_gdb) == 0)
 				{
@ -743,9 +803,7 @@ int main (int argc, char **argv)
 		{
 			if (cfg->setup.charonstart && !starter_charon_pid())
 			{
-				DBG(DBG_CONTROL,
+				DBG2(DBG_APP, "Attempting to start charon...");
 					DBG_log("Attempting to start charon...")
 				   );
 				if (starter_start_charon(cfg, no_fork, attach_gdb))
 				{
 					/* schedule next try */
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@ -26,11 +26,11 @@
 #include <credentials/auth_cfg.h>
-#include <freeswan.h>
+#include <library.h>
 #include <debug.h>
 #include <constants.h>
 #include <defs.h>
 #include <log.h>
 #include <stroke_msg.h>
@ -73,12 +73,12 @@ static int send_stroke_msg (stroke_msg_t *msg)
 	if (sock < 0)
 	{
-		plog("socket() failed: %s", strerror(errno));
+		DBG1(DBG_APP, "socket() failed: %s", strerror(errno));
 		return -1;
 	}
 	if (connect(sock, (struct sockaddr *)&ctl_addr, offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
 	{
-		plog("connect(charon_ctl) failed: %s", strerror(errno));
+		DBG1(DBG_APP, "connect(charon_ctl) failed: %s", strerror(errno));
 		close(sock);
 		return -1;
 	}
@ -86,18 +86,18 @@ static int send_stroke_msg (stroke_msg_t *msg)
 	/* send message */
 	if (write(sock, msg, msg->length) != msg->length)
 	{
-		plog("write(charon_ctl) failed: %s", strerror(errno));
+		DBG1(DBG_APP, "write(charon_ctl) failed: %s", strerror(errno));
 		close(sock);
 		return -1;
 	}
 	while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0)
 	{
 		buffer[byte_count] = '\0';
-		plog("%s", buffer);
+		DBG1(DBG_APP, "%s", buffer);
 	}
 	if (byte_count < 0)
 	{
-		plog("read() failed: %s", strerror(errno));
+		DBG1(DBG_APP, "read() failed: %s", strerror(errno));
 	}
 	close(sock);
--- a/src/starter/starterwhack.c
+++ b/src/starter/starterwhack.c
@ -20,11 +20,11 @@
 #include <string.h>
 #include <errno.h>
-#include <freeswan.h>
+#include <library.h>
 #include <debug.h>
 #include <constants.h>
 #include <defs.h>
 #include <log.h>
 #include <whack.h>
 #include "starterwhack.h"
@ -96,7 +96,7 @@ static int send_whack_msg (whack_message_t *msg)
 	||  !pack_str(&msg->xauth_identity, &str_next, &str_roof)
 	||  (str_roof - str_next < msg->keyval.len))
 	{
-		plog("send_wack_msg(): can't pack strings");
+		DBG1(DBG_APP, "send_wack_msg(): can't pack strings");
 		return -1;
 	}
 	if (msg->keyval.ptr)
@ -111,13 +111,13 @@ static int send_whack_msg (whack_message_t *msg)
 	sock = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (sock < 0)
 	{
-		plog("socket() failed: %s", strerror(errno));
+		DBG1(DBG_APP, "socket() failed: %s", strerror(errno));
 		return -1;
 	}
 	if (connect(sock, (struct sockaddr *)&ctl_addr,
 		offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
 	{
-		plog("connect(pluto_ctl) failed: %s", strerror(errno));
+		DBG1(DBG_APP, "connect(pluto_ctl) failed: %s", strerror(errno));
 		close(sock);
 		return -1;
 	}
@ -125,7 +125,7 @@ static int send_whack_msg (whack_message_t *msg)
 	/* send message */
 	if (write(sock, msg, len) != len)
 	{
-		plog("write(pluto_ctl) failed: %s", strerror(errno));
+		DBG1(DBG_APP, "write(pluto_ctl) failed: %s", strerror(errno));
 		close(sock);
 		return -1;
 	}
@ -248,7 +248,7 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
 		err = atobytes(end->rsakey, 0, keyspace, sizeof(keyspace), &msg.keyval.len);
 		if (err)
 		{
-			plog("conn %s/%s: rsakey malformed [%s]", name, lr, err);
+			DBG1(DBG_APP, "conn %s/%s: rsakey malformed [%s]", name, lr, err);
 			return 1;
 		}
 		if (end->id)
@ -316,9 +316,7 @@ int starter_whack_add_conn(starter_conn_t *conn)
 				   , msg.pfsgroup ? msg.pfsgroup : "");
 		msg.esp = esp_buf;
-		DBG(DBG_CONTROL,
+		DBG2(DBG_APP, "Setting --esp=%s", msg.esp);
 			DBG_log("Setting --esp=%s", msg.esp)
 		)
 	}
 	msg.dpd_delay   = conn->dpd_delay;
 	msg.dpd_timeout = conn->dpd_timeout;