[thirdparty/strongswan.git] / src / libcharon / processing / jobs / process_message_job.c

/*
 * Copyright (C) 2005-2007 Martin Willi
 * Copyright (C) 2005 Jan Hutter
 *
 * Copyright (C) secunet Security Networks AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "process_message_job.h"

#include <daemon.h>

typedef struct private_process_message_job_t private_process_message_job_t;

/**
 * Private data of an process_message_job_t Object
 */
struct private_process_message_job_t {
	/**
	 * public process_message_job_t interface
	 */
	process_message_job_t public;

	/**
	 * Message associated with this job
	 */
	message_t *message;
};

METHOD(job_t, destroy, void,
	private_process_message_job_t *this)
{
	this->message->destroy(this->message);
	free(this);
}

METHOD(job_t, execute, job_requeue_t,
	private_process_message_job_t *this)
{
	ike_sa_t *ike_sa;

#ifdef ME
	/* if this is an unencrypted INFORMATIONAL exchange it is likely a
	 * connectivity check. */
	if (this->message->get_exchange_type(this->message) == INFORMATIONAL &&
		this->message->get_first_payload_type(this->message) != PLV2_ENCRYPTED)
	{
		/* theoretically this could also be an error message
		 * see RFC 4306, section 1.5. */
		DBG1(DBG_NET, "received unencrypted informational: from %#H to %#H",
			 this->message->get_source(this->message),
			 this->message->get_destination(this->message));
		charon->connect_manager->process_check(charon->connect_manager, this->message);
		return JOB_REQUEUE_NONE;
	}
#endif /* ME */

	ike_sa = charon->ike_sa_manager->checkout_by_message(charon->ike_sa_manager,
														 this->message);
	if (ike_sa)
	{
		DBG1(DBG_NET, "received packet: from %#H to %#H (%zu bytes)",
			 this->message->get_source(this->message),
			 this->message->get_destination(this->message),
			 this->message->get_packet_data(this->message).len);
		if (ike_sa->process_message(ike_sa, this->message) == DESTROY_ME)
		{
			charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
														ike_sa);
		}
		else
		{
			charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
		}
	}
	return JOB_REQUEUE_NONE;
}

METHOD(job_t, get_priority, job_priority_t,
	private_process_message_job_t *this)
{
	switch (this->message->get_exchange_type(this->message))
	{
		case IKE_AUTH:
			/* IKE auth is rather expensive and often blocking, low priority */
		case AGGRESSIVE:
		case ID_PROT:
			/* AM is basically IKE_SA_INIT/IKE_AUTH combined (without EAP/XAuth)
			 * MM is similar, but stretched out more */
			return JOB_PRIO_LOW;
		case INFORMATIONAL:
		case INFORMATIONAL_V1:
			/* INFORMATIONALs are inexpensive, for DPD we should have low
			 * reaction times */
			return JOB_PRIO_HIGH;
		case IKE_SA_INIT:
			/* IKE_SA_INIT is expensive, but we will drop them in the receiver
			 * if we are overloaded */
		case CREATE_CHILD_SA:
		case QUICK_MODE:
			/* these may require DH, but if not they are relatively cheap */
		case TRANSACTION:
			/* these are mostly cheap, however, if XAuth via RADIUS is used
			 * they may block */
		default:
			return JOB_PRIO_MEDIUM;
	}
}

/*
 * Described in header
 */
process_message_job_t *process_message_job_create(message_t *message)
{
	private_process_message_job_t *this;

	INIT(this,
		.public = {
			.job_interface = {
				.execute = _execute,
				.get_priority = _get_priority,
				.destroy = _destroy,
			},
		},
		.message = message,
	);

	if (message->get_request(message) &&
		message->get_exchange_type(message) == IKE_SA_INIT)
	{
		charon->ike_sa_manager->track_init(charon->ike_sa_manager,
										   message->get_source(message));
	}
	if (message->get_exchange_type(message) == ID_PROT ||
		message->get_exchange_type(message) == AGGRESSIVE)
	{
		ike_sa_id_t *id = message->get_ike_sa_id(message);

		if (id->get_responder_spi(id) == 0)
		{
			charon->ike_sa_manager->track_init(charon->ike_sa_manager,
											   message->get_source(message));
		}
	}
	return &(this->public);
}
Commit	Line	Data
4deb8948 MW	1	/*
	2	* Copyright (C) 2005-2007 Martin Willi
	3	* Copyright (C) 2005 Jan Hutter
19ef2aec TB	4	*
19ef2aec TB	5	* Copyright (C) secunet Security Networks AG
4deb8948 MW	6	*
	7	* This program is free software; you can redistribute it and/or modify it
	8	* under the terms of the GNU General Public License as published by the
	9	* Free Software Foundation; either version 2 of the License, or (at your
	10	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	11	*
	12	* This program is distributed in the hope that it will be useful, but
	13	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	14	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	15	* for more details.
	16	*/
	17
4deb8948 MW	18	#include "process_message_job.h"
	19
	20	#include <daemon.h>
	21
	22	typedef struct private_process_message_job_t private_process_message_job_t;
	23
	24	/**
	25	* Private data of an process_message_job_t Object
	26	*/
	27	struct private_process_message_job_t {
	28	/**
	29	* public process_message_job_t interface
	30	*/
	31	process_message_job_t public;
7daf5226	32
4deb8948 MW	33	/**
	34	* Message associated with this job
	35	*/
	36	message_t *message;
	37	};
	38
76331a64 AS	39	METHOD(job_t, destroy, void,
76331a64 AS	40	private_process_message_job_t *this)
4deb8948	41	{
9fe1a1ca MW	42	this->message->destroy(this->message);
9fe1a1ca MW	43	free(this);
4deb8948 MW	44	}
4deb8948 MW	45
7fec83af	46	METHOD(job_t, execute, job_requeue_t,
76331a64	47	private_process_message_job_t *this)
4deb8948 MW	48	{
4deb8948 MW	49	ike_sa_t *ike_sa;
7daf5226	50
dc04b7c7	51	#ifdef ME
484a06bc	52	/* if this is an unencrypted INFORMATIONAL exchange it is likely a
38951252	53	* connectivity check. */
d5cc1758	54	if (this->message->get_exchange_type(this->message) == INFORMATIONAL &&
3ecfc83c	55	this->message->get_first_payload_type(this->message) != PLV2_ENCRYPTED)
d5cc1758	56	{
38951252 MW	57	/* theoretically this could also be an error message
38951252 MW	58	* see RFC 4306, section 1.5. */
d5cc1758 TB	59	DBG1(DBG_NET, "received unencrypted informational: from %#H to %#H",
	60	this->message->get_source(this->message),
	61	this->message->get_destination(this->message));
	62	charon->connect_manager->process_check(charon->connect_manager, this->message);
7fec83af	63	return JOB_REQUEUE_NONE;
d5cc1758	64	}
dc04b7c7	65	#endif /* ME */
7daf5226	66
b9e363f8 MW	67	ike_sa = charon->ike_sa_manager->checkout_by_message(charon->ike_sa_manager,
b9e363f8 MW	68	this->message);
4deb8948 MW	69	if (ike_sa)
4deb8948 MW	70	{
c849305a	71	DBG1(DBG_NET, "received packet: from %#H to %#H (%zu bytes)",
4deb8948	72	this->message->get_source(this->message),
c849305a TB	73	this->message->get_destination(this->message),
c849305a TB	74	this->message->get_packet_data(this->message).len);
4deb8948 MW	75	if (ike_sa->process_message(ike_sa, this->message) == DESTROY_ME)
	76	{
	77	charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
	78	ike_sa);
	79	}
	80	else
	81	{
	82	charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
	83	}
	84	}
7fec83af	85	return JOB_REQUEUE_NONE;
4deb8948 MW	86	}
4deb8948 MW	87
f77203bb MW	88	METHOD(job_t, get_priority, job_priority_t,
	89	private_process_message_job_t *this)
	90	{
ea69c70d MW	91	switch (this->message->get_exchange_type(this->message))
	92	{
	93	case IKE_AUTH:
	94	/* IKE auth is rather expensive and often blocking, low priority */
a5c07be0 TB	95	case AGGRESSIVE:
	96	case ID_PROT:
	97	/* AM is basically IKE_SA_INIT/IKE_AUTH combined (without EAP/XAuth)
	98	* MM is similar, but stretched out more */
ea69c70d MW	99	return JOB_PRIO_LOW;
ea69c70d MW	100	case INFORMATIONAL:
a5c07be0	101	case INFORMATIONAL_V1:
ea69c70d MW	102	/* INFORMATIONALs are inexpensive, for DPD we should have low
	103	* reaction times */
	104	return JOB_PRIO_HIGH;
	105	case IKE_SA_INIT:
ea69c70d MW	106	/* IKE_SA_INIT is expensive, but we will drop them in the receiver
ea69c70d MW	107	* if we are overloaded */
a5c07be0 TB	108	case CREATE_CHILD_SA:
	109	case QUICK_MODE:
	110	/* these may require DH, but if not they are relatively cheap */
	111	case TRANSACTION:
	112	/* these are mostly cheap, however, if XAuth via RADIUS is used
	113	* they may block */
	114	default:
ea69c70d MW	115	return JOB_PRIO_MEDIUM;
ea69c70d MW	116	}
f77203bb MW	117	}
f77203bb MW	118
4deb8948 MW	119	/*
	120	* Described in header
	121	*/
	122	process_message_job_t process_message_job_create(message_t message)
	123	{
76331a64	124	private_process_message_job_t *this;
7daf5226	125
76331a64 AS	126	INIT(this,
	127	.public = {
	128	.job_interface = {
	129	.execute = _execute,
f77203bb	130	.get_priority = _get_priority,
76331a64 AS	131	.destroy = _destroy,
	132	},
	133	},
	134	.message = message,
	135	);
7daf5226	136
b866ee88 TB	137	if (message->get_request(message) &&
	138	message->get_exchange_type(message) == IKE_SA_INIT)
	139	{
	140	charon->ike_sa_manager->track_init(charon->ike_sa_manager,
	141	message->get_source(message));
	142	}
	143	if (message->get_exchange_type(message) == ID_PROT \|\|
	144	message->get_exchange_type(message) == AGGRESSIVE)
	145	{
	146	ike_sa_id_t *id = message->get_ike_sa_id(message);
	147
	148	if (id->get_responder_spi(id) == 0)
	149	{
	150	charon->ike_sa_manager->track_init(charon->ike_sa_manager,
	151	message->get_source(message));
	152	}
	153	}
4deb8948 MW	154	return &(this->public);
4deb8948 MW	155	}