]>
Commit | Line | Data |
---|---|---|
4deb8948 MW |
1 | /* |
2 | * Copyright (C) 2005-2007 Martin Willi | |
3 | * Copyright (C) 2005 Jan Hutter | |
19ef2aec TB |
4 | * |
5 | * Copyright (C) secunet Security Networks AG | |
4deb8948 MW |
6 | * |
7 | * This program is free software; you can redistribute it and/or modify it | |
8 | * under the terms of the GNU General Public License as published by the | |
9 | * Free Software Foundation; either version 2 of the License, or (at your | |
10 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
15 | * for more details. | |
16 | */ | |
17 | ||
4deb8948 MW |
18 | #include "process_message_job.h" |
19 | ||
20 | #include <daemon.h> | |
21 | ||
22 | typedef struct private_process_message_job_t private_process_message_job_t; | |
23 | ||
24 | /** | |
25 | * Private data of an process_message_job_t Object | |
26 | */ | |
27 | struct private_process_message_job_t { | |
28 | /** | |
29 | * public process_message_job_t interface | |
30 | */ | |
31 | process_message_job_t public; | |
7daf5226 | 32 | |
4deb8948 MW |
33 | /** |
34 | * Message associated with this job | |
35 | */ | |
36 | message_t *message; | |
37 | }; | |
38 | ||
76331a64 AS |
39 | METHOD(job_t, destroy, void, |
40 | private_process_message_job_t *this) | |
4deb8948 | 41 | { |
9fe1a1ca MW |
42 | this->message->destroy(this->message); |
43 | free(this); | |
4deb8948 MW |
44 | } |
45 | ||
7fec83af | 46 | METHOD(job_t, execute, job_requeue_t, |
76331a64 | 47 | private_process_message_job_t *this) |
4deb8948 MW |
48 | { |
49 | ike_sa_t *ike_sa; | |
7daf5226 | 50 | |
dc04b7c7 | 51 | #ifdef ME |
484a06bc | 52 | /* if this is an unencrypted INFORMATIONAL exchange it is likely a |
38951252 | 53 | * connectivity check. */ |
d5cc1758 | 54 | if (this->message->get_exchange_type(this->message) == INFORMATIONAL && |
3ecfc83c | 55 | this->message->get_first_payload_type(this->message) != PLV2_ENCRYPTED) |
d5cc1758 | 56 | { |
38951252 MW |
57 | /* theoretically this could also be an error message |
58 | * see RFC 4306, section 1.5. */ | |
d5cc1758 TB |
59 | DBG1(DBG_NET, "received unencrypted informational: from %#H to %#H", |
60 | this->message->get_source(this->message), | |
61 | this->message->get_destination(this->message)); | |
62 | charon->connect_manager->process_check(charon->connect_manager, this->message); | |
7fec83af | 63 | return JOB_REQUEUE_NONE; |
d5cc1758 | 64 | } |
dc04b7c7 | 65 | #endif /* ME */ |
7daf5226 | 66 | |
b9e363f8 MW |
67 | ike_sa = charon->ike_sa_manager->checkout_by_message(charon->ike_sa_manager, |
68 | this->message); | |
4deb8948 MW |
69 | if (ike_sa) |
70 | { | |
c849305a | 71 | DBG1(DBG_NET, "received packet: from %#H to %#H (%zu bytes)", |
4deb8948 | 72 | this->message->get_source(this->message), |
c849305a TB |
73 | this->message->get_destination(this->message), |
74 | this->message->get_packet_data(this->message).len); | |
4deb8948 MW |
75 | if (ike_sa->process_message(ike_sa, this->message) == DESTROY_ME) |
76 | { | |
77 | charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, | |
78 | ike_sa); | |
79 | } | |
80 | else | |
81 | { | |
82 | charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); | |
83 | } | |
84 | } | |
7fec83af | 85 | return JOB_REQUEUE_NONE; |
4deb8948 MW |
86 | } |
87 | ||
f77203bb MW |
88 | METHOD(job_t, get_priority, job_priority_t, |
89 | private_process_message_job_t *this) | |
90 | { | |
ea69c70d MW |
91 | switch (this->message->get_exchange_type(this->message)) |
92 | { | |
93 | case IKE_AUTH: | |
94 | /* IKE auth is rather expensive and often blocking, low priority */ | |
a5c07be0 TB |
95 | case AGGRESSIVE: |
96 | case ID_PROT: | |
97 | /* AM is basically IKE_SA_INIT/IKE_AUTH combined (without EAP/XAuth) | |
98 | * MM is similar, but stretched out more */ | |
ea69c70d MW |
99 | return JOB_PRIO_LOW; |
100 | case INFORMATIONAL: | |
a5c07be0 | 101 | case INFORMATIONAL_V1: |
ea69c70d MW |
102 | /* INFORMATIONALs are inexpensive, for DPD we should have low |
103 | * reaction times */ | |
104 | return JOB_PRIO_HIGH; | |
105 | case IKE_SA_INIT: | |
ea69c70d MW |
106 | /* IKE_SA_INIT is expensive, but we will drop them in the receiver |
107 | * if we are overloaded */ | |
a5c07be0 TB |
108 | case CREATE_CHILD_SA: |
109 | case QUICK_MODE: | |
110 | /* these may require DH, but if not they are relatively cheap */ | |
111 | case TRANSACTION: | |
112 | /* these are mostly cheap, however, if XAuth via RADIUS is used | |
113 | * they may block */ | |
114 | default: | |
ea69c70d MW |
115 | return JOB_PRIO_MEDIUM; |
116 | } | |
f77203bb MW |
117 | } |
118 | ||
4deb8948 MW |
119 | /* |
120 | * Described in header | |
121 | */ | |
122 | process_message_job_t *process_message_job_create(message_t *message) | |
123 | { | |
76331a64 | 124 | private_process_message_job_t *this; |
7daf5226 | 125 | |
76331a64 AS |
126 | INIT(this, |
127 | .public = { | |
128 | .job_interface = { | |
129 | .execute = _execute, | |
f77203bb | 130 | .get_priority = _get_priority, |
76331a64 AS |
131 | .destroy = _destroy, |
132 | }, | |
133 | }, | |
134 | .message = message, | |
135 | ); | |
7daf5226 | 136 | |
b866ee88 TB |
137 | if (message->get_request(message) && |
138 | message->get_exchange_type(message) == IKE_SA_INIT) | |
139 | { | |
140 | charon->ike_sa_manager->track_init(charon->ike_sa_manager, | |
141 | message->get_source(message)); | |
142 | } | |
143 | if (message->get_exchange_type(message) == ID_PROT || | |
144 | message->get_exchange_type(message) == AGGRESSIVE) | |
145 | { | |
146 | ike_sa_id_t *id = message->get_ike_sa_id(message); | |
147 | ||
148 | if (id->get_responder_spi(id) == 0) | |
149 | { | |
150 | charon->ike_sa_manager->track_init(charon->ike_sa_manager, | |
151 | message->get_source(message)); | |
152 | } | |
153 | } | |
4deb8948 MW |
154 | return &(this->public); |
155 | } |