[people/ms/strongswan.git] / src / charon / sa / tasks / ike_mobike.c

/**
 * @file ike_mobike.c
 *
 * @brief Implementation of the ike_mobike task.
 *
 */

/*
 * Copyright (C) 2007 Martin Willi
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "ike_mobike.h"

#include <string.h>

#include <daemon.h>
#include <sa/tasks/ike_natd.h>
#include <encoding/payloads/notify_payload.h>


typedef struct private_ike_mobike_t private_ike_mobike_t;

/**
 * Private members of a ike_mobike_t task.
 */
struct private_ike_mobike_t {
	
	/**
	 * Public methods and task_t interface.
	 */
	ike_mobike_t public;
	
	/**
	 * Assigned IKE_SA.
	 */
	ike_sa_t *ike_sa;
	
	/**
	 * Are we the initiator?
	 */
	bool initiator;
	
	/**
	 * cookie2 value to verify new addresses
	 */
	chunk_t cookie2;
	
	/**
	 * NAT discovery reusing the IKE_NATD task
	 */
	ike_natd_t *natd;
	
	/**
	 * use task to update addresses
	 */
	bool update;
	
	/**
	 * do routability check
	 */
	bool check;
	
	/**
	 * include address list update
	 */
	bool address;
};

/**
 * flush the IKE_SAs list of additional addresses
 */
static void flush_additional_addresses(private_ike_mobike_t *this)
{
	iterator_t *iterator;
	host_t *host;
	
	iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa);
	while (iterator->iterate(iterator, (void**)&host))
	{
		iterator->remove(iterator);
		host->destroy(host);
	}
	iterator->destroy(iterator);
}


/**
 * read notifys from message and evaluate them
 */
static void process_payloads(private_ike_mobike_t *this, message_t *message)
{
	iterator_t *iterator;
	payload_t *payload;
	bool first = TRUE;
	
	iterator = message->get_payload_iterator(message);
	while (iterator->iterate(iterator, (void**)&payload))
	{
		int family = AF_INET;
		notify_payload_t *notify;
		chunk_t data;
		host_t *host;
		
		if (payload->get_type(payload) != NOTIFY)
		{
			continue;
		}
		notify = (notify_payload_t*)payload;
		switch (notify->get_notify_type(notify))
		{
			case MOBIKE_SUPPORTED:
			{
				DBG1(DBG_IKE, "peer supports MOBIKE");
				this->ike_sa->enable_extension(this->ike_sa, EXT_MOBIKE);
				break;
			}
			case ADDITIONAL_IP6_ADDRESS:
			{
				family = AF_INET6;
				/* fall through */
			}
			case ADDITIONAL_IP4_ADDRESS:
			{
				if (first)
				{	/* an ADDITIONAL_*_ADDRESS means replace, so flush once */
					flush_additional_addresses(this);
					first = FALSE;
				}
				data = notify->get_notification_data(notify);
				host = host_create_from_chunk(family, data, 0);
				DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host);
				this->ike_sa->add_additional_address(this->ike_sa, host);
				break;
			}
			case UPDATE_SA_ADDRESSES:
			{
				this->update = TRUE;
				break;
			}
			case NO_ADDITIONAL_ADDRESSES:
			{
				flush_additional_addresses(this);
				break;
			}
			case NAT_DETECTION_SOURCE_IP:
			case NAT_DETECTION_DESTINATION_IP:
			{
				/* NAT check in this MOBIKE exchange, create subtask for it */
				if (this->natd == NULL)
				{
					this->natd = ike_natd_create(this->ike_sa, this->initiator);
				}
				break;
			}
			default:
				break;
		}
	}
	iterator->destroy(iterator);
}

/**
 * Add ADDITIONAL_*_ADDRESS notifys depending on our address list
 */
static void build_address_list(private_ike_mobike_t *this, message_t *message)
{
	iterator_t *iterator;
	host_t *host, *me;
	notify_type_t type;
	bool additional = FALSE;

	me = this->ike_sa->get_my_host(this->ike_sa);
	iterator = charon->kernel_interface->create_address_iterator(
												charon->kernel_interface);
	while (iterator->iterate(iterator, (void**)&host))
	{
		if (me->ip_equals(me, host))
		{	/* "ADDITIONAL" means do not include IKE_SAs host */
			continue;
		}
		switch (host->get_family(host))
		{
			case AF_INET:
				type = ADDITIONAL_IP4_ADDRESS;
				break;
			case AF_INET6:
				type = ADDITIONAL_IP6_ADDRESS;
				break;
			default:
				continue;
		}
		message->add_notify(message, FALSE, type, host->get_address(host));
		additional = TRUE;
	}
	if (!additional)
	{
		message->add_notify(message, FALSE, NO_ADDITIONAL_ADDRESSES, chunk_empty);
	}
	iterator->destroy(iterator);
}

/**
 * update addresses of associated CHILD_SAs
 */
static void update_children(private_ike_mobike_t *this)
{
	iterator_t *iterator;
	child_sa_t *child_sa;
	
	iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
	while (iterator->iterate(iterator, (void**)&child_sa))
	{
		child_sa->update_hosts(child_sa,
						this->ike_sa->get_my_host(this->ike_sa), 
						this->ike_sa->get_other_host(this->ike_sa),
						this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY));
	}
	iterator->destroy(iterator);
}

/**
 * Implementation of ike_mobike_t.transmit
 */
static void transmit(private_ike_mobike_t *this, packet_t *packet)
{
	host_t *me, *other, *me_old, *other_old;
	iterator_t *iterator;
	packet_t *copy;
	
	if (!this->check)
	{
		return;
	}

	me_old = this->ike_sa->get_my_host(this->ike_sa);
	other_old = this->ike_sa->get_other_host(this->ike_sa);
	
	me = charon->kernel_interface->get_source_addr(
										charon->kernel_interface, other_old);
	if (me)
	{
		me->set_port(me, me->ip_equals(me, me_old) ?
					 me_old->get_port(me_old) : IKEV2_NATT_PORT);
		packet->set_source(packet, me);
	}
	
	iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa);
	while (iterator->iterate(iterator, (void**)&other))
	{
		me = charon->kernel_interface->get_source_addr(
											charon->kernel_interface, other);
		if (me)
		{
			/* reuse port for an active address, 4500 otherwise */
			me->set_port(me, me->ip_equals(me, me_old) ?
						 me_old->get_port(me_old) : IKEV2_NATT_PORT);
			other = other->clone(other);
			other->set_port(other, other->ip_equals(other, other_old) ?
							other_old->get_port(other_old) : IKEV2_NATT_PORT);
			DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
			copy = packet->clone(packet);
			copy->set_source(copy, me);
			copy->set_destination(copy, other);
			charon->sender->send(charon->sender, copy);
		}
	}
	iterator->destroy(iterator);
	me = packet->get_source(packet);
	other = packet->get_destination(packet);
	DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
}

/**
 * Implementation of task_t.process for initiator
 */
static status_t build_i(private_ike_mobike_t *this, message_t *message)
{
	if (message->get_exchange_type(message) == IKE_AUTH &&
		message->get_payload(message, SECURITY_ASSOCIATION))
	{
		message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty);
		build_address_list(this, message);
	}
	else if (message->get_exchange_type(message) == INFORMATIONAL)
	{
		if (this->update)
		{
			message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES, chunk_empty);
			update_children(this);
		}
		if (this->address)
		{
			build_address_list(this, message);
		}
		if (this->natd)
		{
			this->natd->task.build(&this->natd->task, message);
		}
	}
	return NEED_MORE;
}

/**
 * Implementation of task_t.process for responder
 */
static status_t process_r(private_ike_mobike_t *this, message_t *message)
{
	if (message->get_exchange_type(message) == IKE_AUTH &&
		message->get_payload(message, SECURITY_ASSOCIATION))
	{
		process_payloads(this, message);
	}
	else if (message->get_exchange_type(message) == INFORMATIONAL)
	{
		process_payloads(this, message);
		if (this->update)
		{
			host_t *me, *other;
			
			me = message->get_destination(message);
			other = message->get_source(message);
			this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
			this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
		}
		
		if (this->natd)
		{
			this->natd->task.process(&this->natd->task, message);
		}
	}
	return NEED_MORE;
}

/**
 * Implementation of task_t.build for responder
 */
static status_t build_r(private_ike_mobike_t *this, message_t *message)
{
	if (message->get_exchange_type(message) == IKE_AUTH &&
		message->get_payload(message, SECURITY_ASSOCIATION))
	{
		if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
		{
			message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty);
			build_address_list(this, message);
		}
		return SUCCESS;
	}
	else if (message->get_exchange_type(message) == INFORMATIONAL)
	{
		if (this->natd)
		{
			this->natd->task.build(&this->natd->task, message);
		}
		if (this->update)
		{
			update_children(this);
		}
		return SUCCESS;
	}
	return NEED_MORE;
}

/**
 * Implementation of task_t.process for initiator
 */
static status_t process_i(private_ike_mobike_t *this, message_t *message)
{
	if (message->get_exchange_type(message) == IKE_AUTH &&
		message->get_payload(message, SECURITY_ASSOCIATION))
	{
		process_payloads(this, message);
		return SUCCESS;
	}
	else if (message->get_exchange_type(message) == INFORMATIONAL)
	{
		u_int32_t updates = this->ike_sa->get_pending_updates(this->ike_sa) - 1;
		this->ike_sa->set_pending_updates(this->ike_sa, updates);
		if (updates > 0)
		{
			/* newer update queued, ignore this one */
			return SUCCESS;
		}
		process_payloads(this, message);
		if (this->natd)
		{
			this->natd->task.process(&this->natd->task, message);
		}
		if (this->update)
		{
			/* update again, as NAT state may have changed */
			update_children(this);
		}
		if (this->check)
		{
			host_t *me_new, *me_old, *other_new, *other_old;
			
			me_new = message->get_destination(message);
			other_new = message->get_source(message);
			me_old = this->ike_sa->get_my_host(this->ike_sa);
			other_old = this->ike_sa->get_other_host(this->ike_sa);
			
			if (!me_new->equals(me_new, me_old))
			{
				this->update = TRUE;
				this->ike_sa->set_my_host(this->ike_sa, me_new->clone(me_new));
			}			
			if (!other_new->equals(other_new, other_old))
			{
				this->update = TRUE;
				this->ike_sa->set_other_host(this->ike_sa, other_new->clone(other_new));
			}
			if (this->update)
			{
				/* start the update with the same task */
				this->check = FALSE;
				this->address = FALSE;
				this->natd = ike_natd_create(this->ike_sa, this->initiator);
				this->ike_sa->set_pending_updates(this->ike_sa, 1);
				return NEED_MORE;
			}
		}
		return SUCCESS;
	}
	return NEED_MORE;
}

/**
 * Implementation of ike_mobike_t.roam.
 */
static void roam(private_ike_mobike_t *this, bool address)
{
	this->check = TRUE;
	this->address = address;
	this->ike_sa->set_pending_updates(this->ike_sa, 
							this->ike_sa->get_pending_updates(this->ike_sa) + 1);
}

/**
 * Implementation of task_t.get_type
 */
static task_type_t get_type(private_ike_mobike_t *this)
{
	return IKE_MOBIKE;
}

/**
 * Implementation of task_t.migrate
 */
static void migrate(private_ike_mobike_t *this, ike_sa_t *ike_sa)
{
	chunk_free(&this->cookie2);
	this->ike_sa = ike_sa;
	if (this->natd)
	{
		this->natd->task.migrate(&this->natd->task, ike_sa);
	}
}

/**
 * Implementation of task_t.destroy
 */
static void destroy(private_ike_mobike_t *this)
{
	chunk_free(&this->cookie2);
	if (this->natd)
	{
		this->natd->task.destroy(&this->natd->task);
	}
	free(this);
}

/*
 * Described in header.
 */
ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator)
{
	private_ike_mobike_t *this = malloc_thing(private_ike_mobike_t);

	this->public.roam = (void(*)(ike_mobike_t*,bool))roam;
	this->public.transmit = (void(*)(ike_mobike_t*,packet_t*))transmit;
	this->public.task.get_type = (task_type_t(*)(task_t*))get_type;
	this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate;
	this->public.task.destroy = (void(*)(task_t*))destroy;
	
	if (initiator)
	{
		this->public.task.build = (status_t(*)(task_t*,message_t*))build_i;
		this->public.task.process = (status_t(*)(task_t*,message_t*))process_i;
	}
	else
	{
		this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
		this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
	}
	
	this->ike_sa = ike_sa;
	this->initiator = initiator;
	this->update = FALSE;
	this->check = FALSE;
	this->address = TRUE;
	this->cookie2 = chunk_empty;
	this->natd = NULL;
	
	return &this->public;
}
Commit	Line	Data
17d92e97 MW	1	/**
	2	* @file ike_mobike.c
	3	*
	4	* @brief Implementation of the ike_mobike task.
	5	*
	6	*/
	7
	8	/*
	9	* Copyright (C) 2007 Martin Willi
	10	* Hochschule fuer Technik Rapperswil
	11	*
	12	* This program is free software; you can redistribute it and/or modify it
	13	* under the terms of the GNU General Public License as published by the
	14	* Free Software Foundation; either version 2 of the License, or (at your
	15	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	16	*
	17	* This program is distributed in the hope that it will be useful, but
	18	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	19	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	20	* for more details.
	21	*/
	22
	23	#include "ike_mobike.h"
	24
	25	#include <string.h>
	26
	27	#include <daemon.h>
4cb9d7a7	28	#include <sa/tasks/ike_natd.h>
17d92e97 MW	29	#include <encoding/payloads/notify_payload.h>
	30
	31
	32	typedef struct private_ike_mobike_t private_ike_mobike_t;
	33
	34	/**
	35	* Private members of a ike_mobike_t task.
	36	*/
	37	struct private_ike_mobike_t {
	38
	39	/**
	40	* Public methods and task_t interface.
	41	*/
	42	ike_mobike_t public;
	43
	44	/**
	45	* Assigned IKE_SA.
	46	*/
	47	ike_sa_t *ike_sa;
	48
	49	/**
	50	* Are we the initiator?
	51	*/
	52	bool initiator;
	53
	54	/**
3bc62fe7	55	* cookie2 value to verify new addresses
17d92e97	56	*/
3bc62fe7	57	chunk_t cookie2;
17d92e97 MW	58
17d92e97 MW	59	/**
3bc62fe7	60	* NAT discovery reusing the IKE_NATD task
17d92e97	61	*/
3bc62fe7	62	ike_natd_t *natd;
4cb9d7a7 MW	63
4cb9d7a7 MW	64	/**
3bc62fe7	65	* use task to update addresses
4cb9d7a7	66	*/
5474dc65 MW	67	bool update;
	68
	69	/**
	70	* do routability check
	71	*/
	72	bool check;
4cb9d7a7 MW	73
4cb9d7a7 MW	74	/**
3bc62fe7	75	* include address list update
4cb9d7a7	76	*/
3bc62fe7	77	bool address;
17d92e97 MW	78	};
	79
	80	/**
	81	* flush the IKE_SAs list of additional addresses
	82	*/
	83	static void flush_additional_addresses(private_ike_mobike_t *this)
	84	{
	85	iterator_t *iterator;
	86	host_t *host;
	87
	88	iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa);
	89	while (iterator->iterate(iterator, (void**)&host))
	90	{
	91	iterator->remove(iterator);
	92	host->destroy(host);
	93	}
	94	iterator->destroy(iterator);
	95	}
	96
	97
	98	/**
	99	* read notifys from message and evaluate them
	100	*/
	101	static void process_payloads(private_ike_mobike_t this, message_t message)
	102	{
	103	iterator_t *iterator;
	104	payload_t *payload;
	105	bool first = TRUE;
	106
	107	iterator = message->get_payload_iterator(message);
	108	while (iterator->iterate(iterator, (void**)&payload))
	109	{
	110	int family = AF_INET;
	111	notify_payload_t *notify;
	112	chunk_t data;
	113	host_t *host;
	114
	115	if (payload->get_type(payload) != NOTIFY)
	116	{
	117	continue;
	118	}
	119	notify = (notify_payload_t*)payload;
	120	switch (notify->get_notify_type(notify))
	121	{
	122	case MOBIKE_SUPPORTED:
	123	{
bcac22f3	124	DBG1(DBG_IKE, "peer supports MOBIKE");
17d92e97 MW	125	this->ike_sa->enable_extension(this->ike_sa, EXT_MOBIKE);
	126	break;
	127	}
	128	case ADDITIONAL_IP6_ADDRESS:
	129	{
	130	family = AF_INET6;
	131	/* fall through */
	132	}
	133	case ADDITIONAL_IP4_ADDRESS:
	134	{
	135	if (first)
	136	{ /* an ADDITIONAL__ADDRESS means replace, so flush once /
	137	flush_additional_addresses(this);
4cb9d7a7	138	first = FALSE;
17d92e97 MW	139	}
	140	data = notify->get_notification_data(notify);
	141	host = host_create_from_chunk(family, data, 0);
	142	DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host);
	143	this->ike_sa->add_additional_address(this->ike_sa, host);
	144	break;
	145	}
3bc62fe7 MW	146	case UPDATE_SA_ADDRESSES:
3bc62fe7 MW	147	{
5474dc65	148	this->update = TRUE;
3bc62fe7 MW	149	break;
3bc62fe7 MW	150	}
17d92e97 MW	151	case NO_ADDITIONAL_ADDRESSES:
	152	{
	153	flush_additional_addresses(this);
	154	break;
	155	}
fc2d1c42 MW	156	case NAT_DETECTION_SOURCE_IP:
	157	case NAT_DETECTION_DESTINATION_IP:
	158	{
	159	/* NAT check in this MOBIKE exchange, create subtask for it */
	160	if (this->natd == NULL)
	161	{
	162	this->natd = ike_natd_create(this->ike_sa, this->initiator);
	163	}
	164	break;
	165	}
17d92e97 MW	166	default:
	167	break;
	168	}
	169	}
	170	iterator->destroy(iterator);
	171	}
	172
	173	/**
	174	* Add ADDITIONAL_*_ADDRESS notifys depending on our address list
	175	*/
	176	static void build_address_list(private_ike_mobike_t this, message_t message)
	177	{
	178	iterator_t *iterator;
	179	host_t host, me;
	180	notify_type_t type;
	181	bool additional = FALSE;
	182
	183	me = this->ike_sa->get_my_host(this->ike_sa);
	184	iterator = charon->kernel_interface->create_address_iterator(
	185	charon->kernel_interface);
	186	while (iterator->iterate(iterator, (void**)&host))
	187	{
	188	if (me->ip_equals(me, host))
	189	{ /* "ADDITIONAL" means do not include IKE_SAs host */
	190	continue;
	191	}
	192	switch (host->get_family(host))
	193	{
	194	case AF_INET:
	195	type = ADDITIONAL_IP4_ADDRESS;
	196	break;
	197	case AF_INET6:
	198	type = ADDITIONAL_IP6_ADDRESS;
	199	break;
	200	default:
	201	continue;
	202	}
	203	message->add_notify(message, FALSE, type, host->get_address(host));
	204	additional = TRUE;
	205	}
	206	if (!additional)
	207	{
	208	message->add_notify(message, FALSE, NO_ADDITIONAL_ADDRESSES, chunk_empty);
	209	}
	210	iterator->destroy(iterator);
	211	}
	212
3bc62fe7 MW	213	/**
	214	* update addresses of associated CHILD_SAs
	215	*/
	216	static void update_children(private_ike_mobike_t *this)
	217	{
	218	iterator_t *iterator;
	219	child_sa_t *child_sa;
	220
	221	iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
	222	while (iterator->iterate(iterator, (void**)&child_sa))
	223	{
	224	child_sa->update_hosts(child_sa,
	225	this->ike_sa->get_my_host(this->ike_sa),
	226	this->ike_sa->get_other_host(this->ike_sa),
	227	this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY));
	228	}
	229	iterator->destroy(iterator);
	230	}
	231
5474dc65 MW	232	/**
	233	* Implementation of ike_mobike_t.transmit
	234	*/
	235	static void transmit(private_ike_mobike_t this, packet_t packet)
	236	{
	237	host_t me, other, me_old, other_old;
	238	iterator_t *iterator;
	239	packet_t *copy;
	240
	241	if (!this->check)
	242	{
	243	return;
	244	}
	245
	246	me_old = this->ike_sa->get_my_host(this->ike_sa);
	247	other_old = this->ike_sa->get_other_host(this->ike_sa);
	248
	249	me = charon->kernel_interface->get_source_addr(
	250	charon->kernel_interface, other_old);
	251	if (me)
	252	{
	253	me->set_port(me, me->ip_equals(me, me_old) ?
	254	me_old->get_port(me_old) : IKEV2_NATT_PORT);
	255	packet->set_source(packet, me);
	256	}
	257
	258	iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa);
	259	while (iterator->iterate(iterator, (void**)&other))
	260	{
	261	me = charon->kernel_interface->get_source_addr(
	262	charon->kernel_interface, other);
	263	if (me)
	264	{
	265	/* reuse port for an active address, 4500 otherwise */
	266	me->set_port(me, me->ip_equals(me, me_old) ?
	267	me_old->get_port(me_old) : IKEV2_NATT_PORT);
	268	other = other->clone(other);
	269	other->set_port(other, other->ip_equals(other, other_old) ?
	270	other_old->get_port(other_old) : IKEV2_NATT_PORT);
d9d69536	271	DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
5474dc65 MW	272	copy = packet->clone(packet);
	273	copy->set_source(copy, me);
	274	copy->set_destination(copy, other);
	275	charon->sender->send(charon->sender, copy);
	276	}
	277	}
	278	iterator->destroy(iterator);
d9d69536 MW	279	me = packet->get_source(packet);
	280	other = packet->get_destination(packet);
	281	DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
5474dc65 MW	282	}
5474dc65 MW	283
17d92e97 MW	284	/**
	285	* Implementation of task_t.process for initiator
	286	*/
	287	static status_t build_i(private_ike_mobike_t this, message_t message)
	288	{
	289	if (message->get_exchange_type(message) == IKE_AUTH &&
	290	message->get_payload(message, SECURITY_ASSOCIATION))
4cb9d7a7	291	{
17d92e97 MW	292	message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty);
	293	build_address_list(this, message);
	294	}
c8739590	295	else if (message->get_exchange_type(message) == INFORMATIONAL)
3bc62fe7	296	{
5474dc65	297	if (this->update)
fc2d1c42	298	{
3bc62fe7	299	message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES, chunk_empty);
5474dc65	300	update_children(this);
fc2d1c42	301	}
3bc62fe7 MW	302	if (this->address)
	303	{
	304	build_address_list(this, message);
	305	}
5474dc65 MW	306	if (this->natd)
	307	{
	308	this->natd->task.build(&this->natd->task, message);
	309	}
4cb9d7a7	310	}
17d92e97 MW	311	return NEED_MORE;
	312	}
	313
	314	/**
	315	* Implementation of task_t.process for responder
	316	*/
	317	static status_t process_r(private_ike_mobike_t this, message_t message)
4cb9d7a7	318	{
fc2d1c42 MW	319	if (message->get_exchange_type(message) == IKE_AUTH &&
fc2d1c42 MW	320	message->get_payload(message, SECURITY_ASSOCIATION))
4cb9d7a7 MW	321	{
	322	process_payloads(this, message);
	323	}
fc2d1c42 MW	324	else if (message->get_exchange_type(message) == INFORMATIONAL)
	325	{
	326	process_payloads(this, message);
5474dc65	327	if (this->update)
3bc62fe7 MW	328	{
	329	host_t me, other;
	330
	331	me = message->get_destination(message);
	332	other = message->get_source(message);
	333	this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
	334	this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
	335	}
	336
fc2d1c42 MW	337	if (this->natd)
	338	{
	339	this->natd->task.process(&this->natd->task, message);
	340	}
	341	}
17d92e97 MW	342	return NEED_MORE;
	343	}
	344
	345	/**
	346	* Implementation of task_t.build for responder
	347	*/
	348	static status_t build_r(private_ike_mobike_t this, message_t message)
	349	{
	350	if (message->get_exchange_type(message) == IKE_AUTH &&
	351	message->get_payload(message, SECURITY_ASSOCIATION))
	352	{
	353	if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
	354	{
	355	message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty);
	356	build_address_list(this, message);
	357	}
	358	return SUCCESS;
	359	}
2b3100b5 MW	360	else if (message->get_exchange_type(message) == INFORMATIONAL)
2b3100b5 MW	361	{
fc2d1c42 MW	362	if (this->natd)
	363	{
	364	this->natd->task.build(&this->natd->task, message);
	365	}
5474dc65	366	if (this->update)
3bc62fe7 MW	367	{
	368	update_children(this);
	369	}
2b3100b5 MW	370	return SUCCESS;
2b3100b5 MW	371	}
17d92e97 MW	372	return NEED_MORE;
	373	}
	374
	375	/**
	376	* Implementation of task_t.process for initiator
	377	*/
	378	static status_t process_i(private_ike_mobike_t this, message_t message)
	379	{
	380	if (message->get_exchange_type(message) == IKE_AUTH &&
	381	message->get_payload(message, SECURITY_ASSOCIATION))
	382	{
	383	process_payloads(this, message);
	384	return SUCCESS;
	385	}
2b3100b5 MW	386	else if (message->get_exchange_type(message) == INFORMATIONAL)
2b3100b5 MW	387	{
3bc62fe7 MW	388	u_int32_t updates = this->ike_sa->get_pending_updates(this->ike_sa) - 1;
	389	this->ike_sa->set_pending_updates(this->ike_sa, updates);
	390	if (updates > 0)
	391	{
	392	/* newer update queued, ignore this one */
	393	return SUCCESS;
	394	}
fc2d1c42 MW	395	process_payloads(this, message);
	396	if (this->natd)
	397	{
	398	this->natd->task.process(&this->natd->task, message);
	399	}
5474dc65	400	if (this->update)
3bc62fe7 MW	401	{
	402	/* update again, as NAT state may have changed */
	403	update_children(this);
	404	}
5474dc65 MW	405	if (this->check)
	406	{
	407	host_t me_new, me_old, other_new, other_old;
	408
	409	me_new = message->get_destination(message);
	410	other_new = message->get_source(message);
	411	me_old = this->ike_sa->get_my_host(this->ike_sa);
	412	other_old = this->ike_sa->get_other_host(this->ike_sa);
	413
	414	if (!me_new->equals(me_new, me_old))
	415	{
	416	this->update = TRUE;
	417	this->ike_sa->set_my_host(this->ike_sa, me_new->clone(me_new));
	418	}
	419	if (!other_new->equals(other_new, other_old))
	420	{
	421	this->update = TRUE;
	422	this->ike_sa->set_other_host(this->ike_sa, other_new->clone(other_new));
	423	}
	424	if (this->update)
	425	{
	426	/* start the update with the same task */
	427	this->check = FALSE;
	428	this->address = FALSE;
12fa4387	429	this->natd = ike_natd_create(this->ike_sa, this->initiator);
5474dc65 MW	430	this->ike_sa->set_pending_updates(this->ike_sa, 1);
	431	return NEED_MORE;
	432	}
	433	}
2b3100b5 MW	434	return SUCCESS;
2b3100b5 MW	435	}
17d92e97 MW	436	return NEED_MORE;
	437	}
	438
	439	/**
	440	* Implementation of ike_mobike_t.roam.
	441	*/
3bc62fe7	442	static void roam(private_ike_mobike_t *this, bool address)
17d92e97	443	{
5474dc65	444	this->check = TRUE;
3bc62fe7 MW	445	this->address = address;
	446	this->ike_sa->set_pending_updates(this->ike_sa,
	447	this->ike_sa->get_pending_updates(this->ike_sa) + 1);
17d92e97 MW	448	}
	449
	450	/**
	451	* Implementation of task_t.get_type
	452	*/
	453	static task_type_t get_type(private_ike_mobike_t *this)
	454	{
	455	return IKE_MOBIKE;
	456	}
	457
	458	/**
	459	* Implementation of task_t.migrate
	460	*/
	461	static void migrate(private_ike_mobike_t this, ike_sa_t ike_sa)
	462	{
4cb9d7a7	463	chunk_free(&this->cookie2);
17d92e97	464	this->ike_sa = ike_sa;
4cb9d7a7 MW	465	if (this->natd)
	466	{
	467	this->natd->task.migrate(&this->natd->task, ike_sa);
	468	}
17d92e97 MW	469	}
	470
	471	/**
	472	* Implementation of task_t.destroy
	473	*/
	474	static void destroy(private_ike_mobike_t *this)
	475	{
4cb9d7a7 MW	476	chunk_free(&this->cookie2);
	477	if (this->natd)
	478	{
	479	this->natd->task.destroy(&this->natd->task);
	480	}
17d92e97 MW	481	free(this);
	482	}
	483
	484	/*
	485	* Described in header.
	486	*/
	487	ike_mobike_t ike_mobike_create(ike_sa_t ike_sa, bool initiator)
	488	{
	489	private_ike_mobike_t *this = malloc_thing(private_ike_mobike_t);
	490
3bc62fe7	491	this->public.roam = (void()(ike_mobike_t,bool))roam;
5474dc65	492	this->public.transmit = (void()(ike_mobike_t,packet_t*))transmit;
17d92e97 MW	493	this->public.task.get_type = (task_type_t()(task_t))get_type;
	494	this->public.task.migrate = (void()(task_t,ike_sa_t*))migrate;
	495	this->public.task.destroy = (void()(task_t))destroy;
	496
	497	if (initiator)
	498	{
	499	this->public.task.build = (status_t()(task_t,message_t*))build_i;
	500	this->public.task.process = (status_t()(task_t,message_t*))process_i;
	501	}
	502	else
	503	{
	504	this->public.task.build = (status_t()(task_t,message_t*))build_r;
	505	this->public.task.process = (status_t()(task_t,message_t*))process_r;
	506	}
	507
	508	this->ike_sa = ike_sa;
	509	this->initiator = initiator;
5474dc65 MW	510	this->update = FALSE;
5474dc65 MW	511	this->check = FALSE;
3bc62fe7	512	this->address = TRUE;
4cb9d7a7 MW	513	this->cookie2 = chunk_empty;
4cb9d7a7 MW	514	this->natd = NULL;
17d92e97 MW	515
	516	return &this->public;
	517	}
	518