[people/ms/strongswan.git] / src / charon / sa / tasks / ike_mobike.c

/**
 * @file ike_mobike.c
 *
 * @brief Implementation of the ike_mobike task.
 *
 */

/*
 * Copyright (C) 2007 Martin Willi
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "ike_mobike.h"

#include <string.h>

#include <daemon.h>
#include <sa/tasks/ike_natd.h>
#include <encoding/payloads/notify_payload.h>


typedef struct private_ike_mobike_t private_ike_mobike_t;

/**
 * Private members of a ike_mobike_t task.
 */
struct private_ike_mobike_t {
	
	/**
	 * Public methods and task_t interface.
	 */
	ike_mobike_t public;
	
	/**
	 * Assigned IKE_SA.
	 */
	ike_sa_t *ike_sa;
	
	/**
	 * Are we the initiator?
	 */
	bool initiator;
	
	/**
	 * local host to roam to
	 */
	host_t *me;
	
	/**
	 * remote host to roam to
	 */
	host_t *other;
	
	/**
	 * cookie2 value to verify new addresses
	 */
	chunk_t cookie2;
	
	/**
	 * NAT discovery reusing the IKE_NATD task
	 */
	ike_natd_t *natd;
};

/**
 * flush the IKE_SAs list of additional addresses
 */
static void flush_additional_addresses(private_ike_mobike_t *this)
{
	iterator_t *iterator;
	host_t *host;
	
	iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa);
	while (iterator->iterate(iterator, (void**)&host))
	{
		iterator->remove(iterator);
		host->destroy(host);
	}
	iterator->destroy(iterator);
}


/**
 * read notifys from message and evaluate them
 */
static void process_payloads(private_ike_mobike_t *this, message_t *message)
{
	iterator_t *iterator;
	payload_t *payload;
	bool first = TRUE;
	
	iterator = message->get_payload_iterator(message);
	while (iterator->iterate(iterator, (void**)&payload))
	{
		int family = AF_INET;
		notify_payload_t *notify;
		chunk_t data;
		host_t *host;
		
		if (payload->get_type(payload) != NOTIFY)
		{
			continue;
		}
		notify = (notify_payload_t*)payload;
		switch (notify->get_notify_type(notify))
		{
			case MOBIKE_SUPPORTED:
			{
				DBG2(DBG_IKE, "peer supports MOBIKE");
				this->ike_sa->enable_extension(this->ike_sa, EXT_MOBIKE);
				break;
			}
			case ADDITIONAL_IP6_ADDRESS:
			{
				family = AF_INET6;
				/* fall through */
			}
			case ADDITIONAL_IP4_ADDRESS:
			{
				if (first)
				{	/* an ADDITIONAL_*_ADDRESS means replace, so flush once */
					flush_additional_addresses(this);
					first = FALSE;
				}
				data = notify->get_notification_data(notify);
				host = host_create_from_chunk(family, data, 0);
				DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host);
				this->ike_sa->add_additional_address(this->ike_sa, host);
				break;
			}
			case NO_ADDITIONAL_ADDRESSES:
			{
				flush_additional_addresses(this);
				break;
			}
			default:
				break;
		}
	}
	iterator->destroy(iterator);
}

/**
 * Add ADDITIONAL_*_ADDRESS notifys depending on our address list
 */
static void build_address_list(private_ike_mobike_t *this, message_t *message)
{
	iterator_t *iterator;
	host_t *host, *me;
	notify_type_t type;
	bool additional = FALSE;

	me = this->ike_sa->get_my_host(this->ike_sa);
	iterator = charon->kernel_interface->create_address_iterator(
												charon->kernel_interface);
	while (iterator->iterate(iterator, (void**)&host))
	{
		if (me->ip_equals(me, host))
		{	/* "ADDITIONAL" means do not include IKE_SAs host */
			continue;
		}
		switch (host->get_family(host))
		{
			case AF_INET:
				type = ADDITIONAL_IP4_ADDRESS;
				break;
			case AF_INET6:
				type = ADDITIONAL_IP6_ADDRESS;
				break;
			default:
				continue;
		}
		message->add_notify(message, FALSE, type, host->get_address(host));
		additional = TRUE;
	}
	if (!additional)
	{
		message->add_notify(message, FALSE, NO_ADDITIONAL_ADDRESSES, chunk_empty);
	}
	iterator->destroy(iterator);
}

/**
 * Implementation of task_t.process for initiator
 */
static status_t build_i(private_ike_mobike_t *this, message_t *message)
{
	if (message->get_exchange_type(message) == IKE_AUTH &&
		message->get_payload(message, SECURITY_ASSOCIATION))
	{
		message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty);
		build_address_list(this, message);
	}
	else if (this->me || this->other)
	{	/* address change */
		message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES, chunk_empty);
		build_address_list(this, message);
		/* TODO: NAT discovery */
		
		/* set new addresses */
		if (this->me)
		{
			this->ike_sa->set_my_host(this->ike_sa, this->me->clone(this->me));
		}
		if (this->other)
		{
			this->ike_sa->set_other_host(this->ike_sa, this->other->clone(this->other));
		}
	}
	
	return NEED_MORE;
}

/**
 * Implementation of task_t.process for responder
 */
static status_t process_r(private_ike_mobike_t *this, message_t *message)
{
	if ((message->get_exchange_type(message) == IKE_AUTH &&
		 message->get_payload(message, SECURITY_ASSOCIATION)) ||
		message->get_exchange_type(message) == INFORMATIONAL)
	{
		process_payloads(this, message);
	}
	
	return NEED_MORE;
}

/**
 * Implementation of task_t.build for responder
 */
static status_t build_r(private_ike_mobike_t *this, message_t *message)
{
	if (message->get_exchange_type(message) == IKE_AUTH &&
		message->get_payload(message, SECURITY_ASSOCIATION))
	{
		if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
		{
			message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty);
			build_address_list(this, message);
		}
		return SUCCESS;
	}
	return NEED_MORE;
}

/**
 * Implementation of task_t.process for initiator
 */
static status_t process_i(private_ike_mobike_t *this, message_t *message)
{
	if (message->get_exchange_type(message) == IKE_AUTH &&
		message->get_payload(message, SECURITY_ASSOCIATION))
	{
		process_payloads(this, message);
		return SUCCESS;
	}
	return NEED_MORE;
}

/**
 * Implementation of ike_mobike_t.roam.
 */
static void roam(private_ike_mobike_t *this, host_t *me, host_t *other)
{
	this->me = me;
	this->other = other;
}

/**
 * Implementation of task_t.get_type
 */
static task_type_t get_type(private_ike_mobike_t *this)
{
	return IKE_MOBIKE;
}

/**
 * Implementation of task_t.migrate
 */
static void migrate(private_ike_mobike_t *this, ike_sa_t *ike_sa)
{
	DESTROY_IF(this->me);
	DESTROY_IF(this->other);
	chunk_free(&this->cookie2);
	this->ike_sa = ike_sa;
	this->me = NULL;
	this->other = NULL;
	if (this->natd)
	{
		this->natd->task.migrate(&this->natd->task, ike_sa);
	}
}

/**
 * Implementation of task_t.destroy
 */
static void destroy(private_ike_mobike_t *this)
{
	DESTROY_IF(this->me);
	DESTROY_IF(this->other);
	chunk_free(&this->cookie2);
	if (this->natd)
	{
		this->natd->task.destroy(&this->natd->task);
	}
	free(this);
}

/*
 * Described in header.
 */
ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator)
{
	private_ike_mobike_t *this = malloc_thing(private_ike_mobike_t);

	this->public.roam = (void(*)(ike_mobike_t*, host_t *, host_t *))roam;
	this->public.task.get_type = (task_type_t(*)(task_t*))get_type;
	this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate;
	this->public.task.destroy = (void(*)(task_t*))destroy;
	
	if (initiator)
	{
		this->public.task.build = (status_t(*)(task_t*,message_t*))build_i;
		this->public.task.process = (status_t(*)(task_t*,message_t*))process_i;
	}
	else
	{
		this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
		this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
	}
	
	this->ike_sa = ike_sa;
	this->initiator = initiator;
	this->me = NULL;
	this->other = NULL;
	this->cookie2 = chunk_empty;
	this->natd = NULL;
	
	return &this->public;
}
Commit	Line	Data
17d92e97 MW	1	/**
	2	* @file ike_mobike.c
	3	*
	4	* @brief Implementation of the ike_mobike task.
	5	*
	6	*/
	7
	8	/*
	9	* Copyright (C) 2007 Martin Willi
	10	* Hochschule fuer Technik Rapperswil
	11	*
	12	* This program is free software; you can redistribute it and/or modify it
	13	* under the terms of the GNU General Public License as published by the
	14	* Free Software Foundation; either version 2 of the License, or (at your
	15	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	16	*
	17	* This program is distributed in the hope that it will be useful, but
	18	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	19	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	20	* for more details.
	21	*/
	22
	23	#include "ike_mobike.h"
	24
	25	#include <string.h>
	26
	27	#include <daemon.h>
4cb9d7a7	28	#include <sa/tasks/ike_natd.h>
17d92e97 MW	29	#include <encoding/payloads/notify_payload.h>
	30
	31
	32	typedef struct private_ike_mobike_t private_ike_mobike_t;
	33
	34	/**
	35	* Private members of a ike_mobike_t task.
	36	*/
	37	struct private_ike_mobike_t {
	38
	39	/**
	40	* Public methods and task_t interface.
	41	*/
	42	ike_mobike_t public;
	43
	44	/**
	45	* Assigned IKE_SA.
	46	*/
	47	ike_sa_t *ike_sa;
	48
	49	/**
	50	* Are we the initiator?
	51	*/
	52	bool initiator;
	53
	54	/**
	55	* local host to roam to
	56	*/
	57	host_t *me;
	58
	59	/**
	60	* remote host to roam to
	61	*/
	62	host_t *other;
4cb9d7a7 MW	63
	64	/**
	65	* cookie2 value to verify new addresses
	66	*/
	67	chunk_t cookie2;
	68
	69	/**
	70	* NAT discovery reusing the IKE_NATD task
	71	*/
	72	ike_natd_t *natd;
17d92e97 MW	73	};
	74
	75	/**
	76	* flush the IKE_SAs list of additional addresses
	77	*/
	78	static void flush_additional_addresses(private_ike_mobike_t *this)
	79	{
	80	iterator_t *iterator;
	81	host_t *host;
	82
	83	iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa);
	84	while (iterator->iterate(iterator, (void**)&host))
	85	{
	86	iterator->remove(iterator);
	87	host->destroy(host);
	88	}
	89	iterator->destroy(iterator);
	90	}
	91
	92
	93	/**
	94	* read notifys from message and evaluate them
	95	*/
	96	static void process_payloads(private_ike_mobike_t this, message_t message)
	97	{
	98	iterator_t *iterator;
	99	payload_t *payload;
	100	bool first = TRUE;
	101
	102	iterator = message->get_payload_iterator(message);
	103	while (iterator->iterate(iterator, (void**)&payload))
	104	{
	105	int family = AF_INET;
	106	notify_payload_t *notify;
	107	chunk_t data;
	108	host_t *host;
	109
	110	if (payload->get_type(payload) != NOTIFY)
	111	{
	112	continue;
	113	}
	114	notify = (notify_payload_t*)payload;
	115	switch (notify->get_notify_type(notify))
	116	{
	117	case MOBIKE_SUPPORTED:
	118	{
	119	DBG2(DBG_IKE, "peer supports MOBIKE");
	120	this->ike_sa->enable_extension(this->ike_sa, EXT_MOBIKE);
	121	break;
	122	}
	123	case ADDITIONAL_IP6_ADDRESS:
	124	{
	125	family = AF_INET6;
	126	/* fall through */
	127	}
	128	case ADDITIONAL_IP4_ADDRESS:
	129	{
	130	if (first)
	131	{ /* an ADDITIONAL__ADDRESS means replace, so flush once /
	132	flush_additional_addresses(this);
4cb9d7a7	133	first = FALSE;
17d92e97 MW	134	}
	135	data = notify->get_notification_data(notify);
	136	host = host_create_from_chunk(family, data, 0);
	137	DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host);
	138	this->ike_sa->add_additional_address(this->ike_sa, host);
	139	break;
	140	}
	141	case NO_ADDITIONAL_ADDRESSES:
	142	{
	143	flush_additional_addresses(this);
	144	break;
	145	}
	146	default:
	147	break;
	148	}
	149	}
	150	iterator->destroy(iterator);
	151	}
	152
	153	/**
	154	* Add ADDITIONAL_*_ADDRESS notifys depending on our address list
	155	*/
	156	static void build_address_list(private_ike_mobike_t this, message_t message)
	157	{
	158	iterator_t *iterator;
	159	host_t host, me;
	160	notify_type_t type;
	161	bool additional = FALSE;
	162
	163	me = this->ike_sa->get_my_host(this->ike_sa);
	164	iterator = charon->kernel_interface->create_address_iterator(
	165	charon->kernel_interface);
	166	while (iterator->iterate(iterator, (void**)&host))
	167	{
	168	if (me->ip_equals(me, host))
	169	{ /* "ADDITIONAL" means do not include IKE_SAs host */
	170	continue;
	171	}
	172	switch (host->get_family(host))
	173	{
	174	case AF_INET:
	175	type = ADDITIONAL_IP4_ADDRESS;
	176	break;
	177	case AF_INET6:
	178	type = ADDITIONAL_IP6_ADDRESS;
	179	break;
	180	default:
	181	continue;
	182	}
	183	message->add_notify(message, FALSE, type, host->get_address(host));
	184	additional = TRUE;
	185	}
	186	if (!additional)
	187	{
	188	message->add_notify(message, FALSE, NO_ADDITIONAL_ADDRESSES, chunk_empty);
	189	}
	190	iterator->destroy(iterator);
	191	}
	192
	193	/**
	194	* Implementation of task_t.process for initiator
	195	*/
	196	static status_t build_i(private_ike_mobike_t this, message_t message)
	197	{
198	if (message->get_exchange_type(message) == IKE_AUTH &&
199	message->get_payload(message, SECURITY_ASSOCIATION))
4cb9d7a7	200	{
17d92e97 MW	201	message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty);
	202	build_address_list(this, message);
	203	}
4cb9d7a7 MW	204	else if (this->me \|\| this->other)
	205	{ /* address change */
	206	message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES, chunk_empty);
	207	build_address_list(this, message);
	208	/* TODO: NAT discovery */
	209
	210	/* set new addresses */
	211	if (this->me)
	212	{
	213	this->ike_sa->set_my_host(this->ike_sa, this->me->clone(this->me));
	214	}
	215	if (this->other)
	216	{
	217	this->ike_sa->set_other_host(this->ike_sa, this->other->clone(this->other));
	218	}
	219	}
17d92e97 MW	220
	221	return NEED_MORE;
	222	}
	223
	224	/**
	225	* Implementation of task_t.process for responder
	226	*/
	227	static status_t process_r(private_ike_mobike_t this, message_t message)
4cb9d7a7 MW	228	{
	229	if ((message->get_exchange_type(message) == IKE_AUTH &&
	230	message->get_payload(message, SECURITY_ASSOCIATION)) \|\|
	231	message->get_exchange_type(message) == INFORMATIONAL)
	232	{
	233	process_payloads(this, message);
	234	}
17d92e97 MW	235
	236	return NEED_MORE;
	237	}
	238
	239	/**
	240	* Implementation of task_t.build for responder
	241	*/
	242	static status_t build_r(private_ike_mobike_t this, message_t message)
	243	{
	244	if (message->get_exchange_type(message) == IKE_AUTH &&
	245	message->get_payload(message, SECURITY_ASSOCIATION))
	246	{
	247	if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
	248	{
	249	message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty);
	250	build_address_list(this, message);
	251	}
	252	return SUCCESS;
	253	}
	254	return NEED_MORE;
	255	}
	256
	257	/**
	258	* Implementation of task_t.process for initiator
	259	*/
	260	static status_t process_i(private_ike_mobike_t this, message_t message)
	261	{
	262	if (message->get_exchange_type(message) == IKE_AUTH &&
	263	message->get_payload(message, SECURITY_ASSOCIATION))
	264	{
	265	process_payloads(this, message);
	266	return SUCCESS;
	267	}
	268	return NEED_MORE;
	269	}
	270
	271	/**
	272	* Implementation of ike_mobike_t.roam.
	273	*/
	274	static void roam(private_ike_mobike_t this, host_t me, host_t *other)
	275	{
	276	this->me = me;
	277	this->other = other;
	278	}
	279
	280	/**
	281	* Implementation of task_t.get_type
	282	*/
	283	static task_type_t get_type(private_ike_mobike_t *this)
	284	{
	285	return IKE_MOBIKE;
	286	}
	287
	288	/**
	289	* Implementation of task_t.migrate
	290	*/
	291	static void migrate(private_ike_mobike_t this, ike_sa_t ike_sa)
	292	{
	293	DESTROY_IF(this->me);
	294	DESTROY_IF(this->other);
4cb9d7a7	295	chunk_free(&this->cookie2);
17d92e97 MW	296	this->ike_sa = ike_sa;
	297	this->me = NULL;
	298	this->other = NULL;
4cb9d7a7 MW	299	if (this->natd)
	300	{
	301	this->natd->task.migrate(&this->natd->task, ike_sa);
	302	}
17d92e97 MW	303	}
	304
	305	/**
	306	* Implementation of task_t.destroy
	307	*/
	308	static void destroy(private_ike_mobike_t *this)
	309	{
	310	DESTROY_IF(this->me);
	311	DESTROY_IF(this->other);
4cb9d7a7 MW	312	chunk_free(&this->cookie2);
	313	if (this->natd)
	314	{
	315	this->natd->task.destroy(&this->natd->task);
	316	}
17d92e97 MW	317	free(this);
	318	}
	319
	320	/*
	321	* Described in header.
	322	*/
	323	ike_mobike_t ike_mobike_create(ike_sa_t ike_sa, bool initiator)
	324	{
	325	private_ike_mobike_t *this = malloc_thing(private_ike_mobike_t);
	326
	327	this->public.roam = (void()(ike_mobike_t, host_t , host_t ))roam;
	328	this->public.task.get_type = (task_type_t()(task_t))get_type;
	329	this->public.task.migrate = (void()(task_t,ike_sa_t*))migrate;
	330	this->public.task.destroy = (void()(task_t))destroy;
	331
	332	if (initiator)
	333	{
	334	this->public.task.build = (status_t()(task_t,message_t*))build_i;
	335	this->public.task.process = (status_t()(task_t,message_t*))process_i;
	336	}
	337	else
	338	{
	339	this->public.task.build = (status_t()(task_t,message_t*))build_r;
	340	this->public.task.process = (status_t()(task_t,message_t*))process_r;
	341	}
	342
	343	this->ike_sa = ike_sa;
	344	this->initiator = initiator;
	345	this->me = NULL;
	346	this->other = NULL;
4cb9d7a7 MW	347	this->cookie2 = chunk_empty;
4cb9d7a7 MW	348	this->natd = NULL;
17d92e97 MW	349
	350	return &this->public;
	351	}
	352