]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libcharon/sa/ikev1/task_manager_v1.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update copyright headers after acquisition by secunet
[thirdparty/strongswan.git] / src / libcharon / sa / ikev1 / task_manager_v1.c
CommitLineData
4a09d9ee 1/*
bbc3d2a0 2 * Copyright (C) 2007-2019 Tobias Brunner
68c6863b 3 * Copyright (C) 2007-2011 Martin Willi
19ef2aec
TB		 4 *
5 * Copyright (C) secunet Security Networks AG
4a09d9ee
MW		 6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18#include "task_manager_v1.h"
19
da063ec9
MW		 20#include <math.h>
21
4a09d9ee 22#include <daemon.h>
15a682f4 23#include <sa/ikev1/tasks/main_mode.h>
830ab2ae 24#include <sa/ikev1/tasks/aggressive_mode.h>
15a682f4 25#include <sa/ikev1/tasks/quick_mode.h>
83c5fda0 26#include <sa/ikev1/tasks/quick_delete.h>
15a682f4
MW		 27#include <sa/ikev1/tasks/xauth.h>
28#include <sa/ikev1/tasks/mode_config.h>
29#include <sa/ikev1/tasks/informational.h>
30#include <sa/ikev1/tasks/isakmp_natd.h>
31#include <sa/ikev1/tasks/isakmp_vendor.h>
32#include <sa/ikev1/tasks/isakmp_cert_pre.h>
33#include <sa/ikev1/tasks/isakmp_cert_post.h>
3ed148b3 34#include <sa/ikev1/tasks/isakmp_delete.h>
3e6b7403
CO		 35#include <sa/ikev1/tasks/isakmp_dpd.h>
36
da063ec9 37#include <processing/jobs/retransmit_job.h>
68c6863b 38#include <processing/jobs/delete_ike_sa_job.h>
4b38c22c 39#include <processing/jobs/dpd_timeout_job.h>
30216000
TB		 40#include <processing/jobs/process_message_job.h>
41
127a98dc 42#include <collections/array.h>
4a09d9ee 43
fce566a8
MW		 44/**
45 * Number of old messages hashes we keep for retransmission.
46 *
47 * In Main Mode, we must ignore messages from a previous message pair if
48 * we already continued to the next. Otherwise a late retransmission
49 * could be considered as a reply to the newer request.
50 */
51#define MAX_OLD_HASHES 2
52
f5a84055
MW		 53/**
54 * First sequence number of responding packets.
55 *
56 * To distinguish retransmission jobs for initiating and responding packets,
57 * we split up the sequence counter and use the upper half for responding.
58 */
59#define RESPONDING_SEQ INT_MAX
60
4a09d9ee
MW		 61typedef struct exchange_t exchange_t;
62
63/**
64 * An exchange in the air, used do detect and handle retransmission
65 */
66struct exchange_t {
67
68 /**
69 * Message ID used for this transaction
70 */
b12c53ce 71 uint32_t mid;
4a09d9ee
MW		 72
73 /**
74 * generated packet for retransmission
75 */
76 packet_t *packet;
77};
78
79typedef struct private_task_manager_t private_task_manager_t;
80
81/**
82 * private data of the task manager
83 */
84struct private_task_manager_t {
85
86 /**
87 * public functions
88 */
89 task_manager_v1_t public;
90
91 /**
92 * associated IKE_SA we are serving
93 */
94 ike_sa_t *ike_sa;
95
73aaf76b
MW		 96 /**
97 * RNG to create message IDs
98 */
99 rng_t *rng;
100
4a09d9ee
MW		 101 /**
102 * Exchange we are currently handling as responder
103 */
104 struct {
f5a84055
MW		 105 /**
106 * Message ID of the last response
107 */
b12c53ce 108 uint32_t mid;
f5a84055 109
9cc8bd4f
MW		 110 /**
111 * Hash of a previously received message
112 */
b12c53ce 113 uint32_t hash;
9cc8bd4f 114
4a09d9ee 115 /**
127a98dc 116 * packet(s) for retransmission
4a09d9ee 117 */
127a98dc 118 array_t *packets;
4a09d9ee 119
f5a84055
MW		 120 /**
121 * Sequence number of the last sent message
122 */
b12c53ce 123 uint32_t seqnr;
f5a84055
MW		 124
125 /**
126 * how many times we have retransmitted so far
127 */
128 u_int retransmitted;
129
4a09d9ee
MW		 130 } responding;
131
132 /**
133 * Exchange we are currently handling as initiator
134 */
135 struct {
136 /**
137 * Message ID of the exchange
138 */
b12c53ce 139 uint32_t mid;
4a09d9ee 140
fce566a8
MW		 141 /**
142 * Hashes of old responses we can ignore
143 */
b12c53ce 144 uint32_t old_hashes[MAX_OLD_HASHES];
fce566a8
MW		 145
146 /**
147 * Position in old hash array
148 */
149 int old_hash_pos;
150
9cc8bd4f 151 /**
751bd02e 152 * Sequence number of the last sent message
9cc8bd4f 153 */
b12c53ce 154 uint32_t seqnr;
9cc8bd4f 155
4a09d9ee
MW		 156 /**
157 * how many times we have retransmitted so far
158 */
159 u_int retransmitted;
160
161 /**
127a98dc 162 * packet(s) for retransmission
4a09d9ee 163 */
127a98dc 164 array_t *packets;
4a09d9ee
MW		 165
166 /**
30216000 167 * type of the initiated exchange
4a09d9ee
MW		 168 */
169 exchange_type_t type;
170
171 } initiating;
172
30216000 173 /**
70e0be07 174 * Message we are currently defragmenting, if any (only one at a time)
30216000 175 */
70e0be07 176 message_t *defrag;
30216000 177
4a09d9ee
MW		 178 /**
179 * List of queued tasks not yet in action
180 */
181 linked_list_t *queued_tasks;
182
183 /**
30216000 184 * List of active tasks, initiated by ourselves
4a09d9ee
MW		 185 */
186 linked_list_t *active_tasks;
187
188 /**
189 * List of tasks initiated by peer
190 */
191 linked_list_t *passive_tasks;
192
f91b6ac7
MW		 193 /**
194 * Queued messages not yet ready to process
195 */
196 message_t *queued;
197
4a09d9ee
MW		 198 /**
199 * Number of times we retransmit messages before giving up
200 */
201 u_int retransmit_tries;
202
72b282cf
TB		 203 /**
204 * Maximum number of tries possible with current retransmission settings
205 * before overflowing the range of uint32_t, which we use for the timeout.
206 * Note that UINT32_MAX milliseconds equal nearly 50 days, so that doesn't
207 * make much sense without retransmit_limit anyway.
208 */
209 u_int retransmit_tries_max;
210
4a09d9ee
MW		 211 /**
212 * Retransmission timeout
213 */
214 double retransmit_timeout;
215
216 /**
217 * Base to calculate retransmission timeout
218 */
219 double retransmit_base;
3e6b7403 220
389e4b8e
TB		 221 /**
222 * Jitter to apply to calculated retransmit timeout (in percent)
223 */
224 u_int retransmit_jitter;
225
226 /**
227 * Limit retransmit timeout to this value
228 */
229 uint32_t retransmit_limit;
230
3e6b7403
CO		 231 /**
232 * Sequence number for sending DPD requests
233 */
b12c53ce 234 uint32_t dpd_send;
3e6b7403
CO		 235
236 /**
237 * Sequence number for received DPD requests
238 */
b12c53ce 239 uint32_t dpd_recv;
4a09d9ee
MW		 240};
241
127a98dc
TB		 242/**
243 * Reset retransmission packet list
244 */
245static void clear_packets(array_t *array)
246{
247 packet_t *packet;
248
249 while (array_remove(array, ARRAY_TAIL, &packet))
250 {
251 packet->destroy(packet);
252 }
253}
254
a5c79960
MW		 255METHOD(task_manager_t, flush_queue, void,
256 private_task_manager_t *this, task_queue_t queue)
0f61964e 257{
a5c79960 258 linked_list_t *list;
0f61964e
MW		 259 task_t *task;
260
429d95fe
MW		 261 if (this->queued)
262 {
263 this->queued->destroy(this->queued);
264 this->queued = NULL;
265 }
a5c79960
MW		 266 switch (queue)
267 {
268 case TASK_QUEUE_ACTIVE:
269 list = this->active_tasks;
17949695
MW		 270 /* cancel pending retransmits */
271 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
127a98dc 272 clear_packets(this->initiating.packets);
a5c79960
MW		 273 break;
274 case TASK_QUEUE_PASSIVE:
275 list = this->passive_tasks;
276 break;
277 case TASK_QUEUE_QUEUED:
278 list = this->queued_tasks;
279 break;
280 default:
281 return;
282 }
0f61964e
MW		 283 while (list->remove_last(list, (void**)&task) == SUCCESS)
284 {
285 task->destroy(task);
286 }
287}
288
b1908994
TE		 289METHOD(task_manager_t, flush, void,
290 private_task_manager_t *this)
4a09d9ee 291{
a5c79960
MW		 292 flush_queue(this, TASK_QUEUE_QUEUED);
293 flush_queue(this, TASK_QUEUE_PASSIVE);
294 flush_queue(this, TASK_QUEUE_ACTIVE);
4a09d9ee
MW		 295}
296
26b55dc6
MW		 297/**
298 * move a task of a specific type from the queue to the active list
299 */
300static bool activate_task(private_task_manager_t *this, task_type_t type)
301{
302 enumerator_t *enumerator;
303 task_t *task;
304 bool found = FALSE;
305
306 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
307 while (enumerator->enumerate(enumerator, (void**)&task))
308 {
309 if (task->get_type(task) == type)
310 {
311 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
312 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
313 this->active_tasks->insert_last(this->active_tasks, task);
314 found = TRUE;
315 break;
316 }
317 }
318 enumerator->destroy(enumerator);
319 return found;
320}
321
5cafefcd 322/**
127a98dc 323 * Send packets in the given array (they get cloned)
5cafefcd 324 */
127a98dc 325static void send_packets(private_task_manager_t *this, array_t *packets)
5cafefcd 326{
127a98dc 327 enumerator_t *enumerator;
5cafefcd 328 packet_t *packet;
5cafefcd 329
127a98dc
TB		 330 enumerator = array_create_enumerator(packets);
331 while (enumerator->enumerate(enumerator, &packet))
5cafefcd 332 {
127a98dc 333 charon->sender->send(charon->sender, packet->clone(packet));
5cafefcd 334 }
127a98dc 335 enumerator->destroy(enumerator);
5cafefcd
TB		 336}
337
338/**
127a98dc 339 * Generates the given message and stores packet(s) in the given array
5cafefcd 340 */
127a98dc
TB		 341static bool generate_message(private_task_manager_t *this, message_t *message,
342 array_t **packets)
5cafefcd 343{
127a98dc 344 enumerator_t *fragments;
40bab9a1 345 packet_t *fragment;
127a98dc 346
40bab9a1
TB		 347 if (this->ike_sa->generate_message_fragmented(this->ike_sa, message,
348 &fragments) != SUCCESS)
127a98dc 349 {
127a98dc
TB		 350 return FALSE;
351 }
40bab9a1 352 while (fragments->enumerate(fragments, &fragment))
127a98dc 353 {
40bab9a1 354 array_insert_create(packets, ARRAY_TAIL, fragment);
5cafefcd 355 }
127a98dc 356 fragments->destroy(fragments);
40bab9a1 357 return TRUE;
5cafefcd
TB		 358}
359
f5a84055 360/**
127a98dc 361 * Retransmit a packet (or its fragments)
f5a84055 362 */
b12c53ce 363static status_t retransmit_packet(private_task_manager_t *this, uint32_t seqnr,
127a98dc 364 u_int mid, u_int retransmitted, array_t *packets)
23f4e4b4 365{
127a98dc 366 packet_t *packet;
72b282cf 367 uint32_t t = UINT32_MAX, max_jitter;
23f4e4b4 368
127a98dc 369 array_get(packets, 0, &packet);
f5a84055
MW		 370 if (retransmitted > this->retransmit_tries)
371 {
372 DBG1(DBG_IKE, "giving up after %u retransmits", retransmitted - 1);
3c79b7b7 373 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, packet);
f5a84055
MW		 374 return DESTROY_ME;
375 }
62367f2c 376 if (!this->retransmit_tries_max ||
72b282cf
TB		 377 retransmitted <= this->retransmit_tries_max)
378 {
379 t = (uint32_t)(this->retransmit_timeout * 1000.0 *
380 pow(this->retransmit_base, retransmitted));
381 }
00d54711
TB		 382 if (this->retransmit_limit)
383 {
384 t = min(t, this->retransmit_limit);
385 }
389e4b8e
TB		 386 if (this->retransmit_jitter)
387 {
388 max_jitter = (t / 100.0) * this->retransmit_jitter;
389 t -= max_jitter * (random() / (RAND_MAX + 1.0));
390 }
f5a84055
MW		 391 if (retransmitted)
392 {
393 DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u",
394 retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response",
395 mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ);
9da65eae
TE		 396 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet,
397 retransmitted);
f5a84055 398 }
127a98dc 399 send_packets(this, packets);
f5a84055
MW		 400 lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)
401 retransmit_job_create(seqnr, this->ike_sa->get_id(this->ike_sa)), t);
8c50bb6c 402 return SUCCESS;
f5a84055
MW		 403}
404
405METHOD(task_manager_t, retransmit, status_t,
b12c53ce 406 private_task_manager_t *this, uint32_t seqnr)
f5a84055 407{
2edc73d8 408 status_t status = INVALID_STATE;
f5a84055 409
127a98dc
TB		 410 if (seqnr == this->initiating.seqnr &&
411 array_count(this->initiating.packets))
f5a84055 412 {
127a98dc
TB		 413 status = retransmit_packet(this, seqnr, this->initiating.mid,
414 this->initiating.retransmitted, this->initiating.packets);
8c50bb6c 415 if (status == SUCCESS)
23f4e4b4 416 {
f5a84055 417 this->initiating.retransmitted++;
23f4e4b4 418 }
f5a84055 419 }
127a98dc
TB		 420 if (seqnr == this->responding.seqnr &&
421 array_count(this->responding.packets))
f5a84055 422 {
127a98dc
TB		 423 status = retransmit_packet(this, seqnr, this->responding.mid,
424 this->responding.retransmitted, this->responding.packets);
8c50bb6c 425 if (status == SUCCESS)
23f4e4b4 426 {
f5a84055 427 this->responding.retransmitted++;
23f4e4b4 428 }
23f4e4b4 429 }
f5a84055 430 return status;
23f4e4b4
CO		 431}
432
27137790
MW		 433/**
434 * Check if we have to wait for a mode config before starting a quick mode
435 */
436static bool mode_config_expected(private_task_manager_t *this)
437{
101d26ba 438 enumerator_t *enumerator;
27137790 439 peer_cfg_t *peer_cfg;
497ce2cf 440 char *pool;
e3311e9b 441 bool local;
101d26ba 442 host_t *host;
27137790
MW		 443
444 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
497ce2cf 445 if (peer_cfg)
27137790 446 {
e3311e9b
MW		 447 if (peer_cfg->use_pull_mode(peer_cfg))
448 {
449 enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
450 if (!enumerator->enumerate(enumerator, &pool))
451 { /* no pool configured */
452 enumerator->destroy(enumerator);
453 return FALSE;
454 }
497ce2cf 455 enumerator->destroy(enumerator);
e3311e9b
MW		 456
457 local = FALSE;
497ce2cf 458 }
e3311e9b
MW		 459 else
460 {
461 enumerator = peer_cfg->create_virtual_ip_enumerator(peer_cfg);
462 if (!enumerator->enumerate(enumerator, &host))
463 { /* not requesting a vip */
464 enumerator->destroy(enumerator);
465 return FALSE;
466 }
467 enumerator->destroy(enumerator);
497ce2cf 468
e3311e9b
MW		 469 local = TRUE;
470 }
101d26ba 471 enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa,
e3311e9b 472 local);
101d26ba 473 if (!enumerator->enumerate(enumerator, &host))
e3311e9b 474 { /* expecting a VIP exchange, but no VIP assigned yet */
101d26ba 475 enumerator->destroy(enumerator);
27137790
MW		 476 return TRUE;
477 }
101d26ba 478 enumerator->destroy(enumerator);
27137790
MW		 479 }
480 return FALSE;
481}
482
4a09d9ee
MW		 483METHOD(task_manager_t, initiate, status_t,
484 private_task_manager_t *this)
485{
26b55dc6
MW		 486 enumerator_t *enumerator;
487 task_t *task;
488 message_t *message;
489 host_t *me, *other;
73aaf76b 490 exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
f6aafb30 491 bool new_mid = FALSE, expect_response = FALSE, canceled = FALSE, keep = FALSE;
73aaf76b 492
477559ca
MW		 493 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED &&
494 this->initiating.type != INFORMATIONAL_V1)
26b55dc6
MW		 495 {
496 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
497 exchange_type_names, this->initiating.type);
498 /* do not initiate if we already have a message in the air */
499 return SUCCESS;
500 }
501
502 if (this->active_tasks->get_count(this->active_tasks) == 0)
503 {
504 DBG2(DBG_IKE, "activating new tasks");
505 switch (this->ike_sa->get_state(this->ike_sa))
506 {
507 case IKE_CREATED:
2e3c9f87 508 activate_task(this, TASK_ISAKMP_VENDOR);
824dc0ad 509 activate_task(this, TASK_ISAKMP_CERT_PRE);
a09972df 510 if (activate_task(this, TASK_MAIN_MODE))
26b55dc6
MW		 511 {
512 exchange = ID_PROT;
513 }
830ab2ae
MW		 514 else if (activate_task(this, TASK_AGGRESSIVE_MODE))
515 {
516 exchange = AGGRESSIVE;
517 }
518 activate_task(this, TASK_ISAKMP_CERT_POST);
519 activate_task(this, TASK_ISAKMP_NATD);
26b55dc6 520 break;
c5dc9d33 521 case IKE_CONNECTING:
429d95fe
MW		 522 if (activate_task(this, TASK_ISAKMP_DELETE))
523 {
524 exchange = INFORMATIONAL_V1;
525 new_mid = TRUE;
526 break;
527 }
69adeb5b 528 if (activate_task(this, TASK_XAUTH))
744c0801 529 {
c5dc9d33 530 exchange = TRANSACTION;
3e246c48 531 new_mid = TRUE;
429d95fe 532 break;
744c0801 533 }
accf4612
MW		 534 if (activate_task(this, TASK_INFORMATIONAL))
535 {
536 exchange = INFORMATIONAL_V1;
537 new_mid = TRUE;
429d95fe 538 break;
accf4612 539 }
c5dc9d33
CO		 540 break;
541 case IKE_ESTABLISHED:
156b8662
MW		 542 if (activate_task(this, TASK_MODE_CONFIG))
543 {
544 exchange = TRANSACTION;
545 new_mid = TRUE;
546 break;
547 }
2e06179f 548 if (activate_task(this, TASK_QUICK_DELETE))
23f4e4b4 549 {
612fe541 550 exchange = INFORMATIONAL_V1;
3e246c48
MW		 551 new_mid = TRUE;
552 break;
23f4e4b4 553 }
2e06179f 554 if (activate_task(this, TASK_ISAKMP_DELETE))
accf4612
MW		 555 {
556 exchange = INFORMATIONAL_V1;
557 new_mid = TRUE;
429d95fe 558 break;
accf4612 559 }
2e49bbcc 560 if (activate_task(this, TASK_ISAKMP_DPD))
8ef2bae4 561 {
2e49bbcc 562 exchange = INFORMATIONAL_V1;
8ef2bae4 563 new_mid = TRUE;
429d95fe 564 break;
8ef2bae4 565 }
2e49bbcc
AH		 566 if (!mode_config_expected(this) &&
567 activate_task(this, TASK_QUICK_MODE))
8ef2bae4 568 {
2e49bbcc 569 exchange = QUICK_MODE;
8ef2bae4 570 new_mid = TRUE;
429d95fe 571 break;
8ef2bae4 572 }
2e49bbcc 573 if (activate_task(this, TASK_INFORMATIONAL))
3e6b7403
CO		 574 {
575 exchange = INFORMATIONAL_V1;
576 new_mid = TRUE;
577 break;
578 }
744c0801 579 break;
b56b8502
TB		 580 case IKE_REKEYING:
581 if (activate_task(this, TASK_ISAKMP_DELETE))
582 {
583 exchange = INFORMATIONAL_V1;
584 new_mid = TRUE;
585 break;
586 }
f15c85a4
TB		 587 if (activate_task(this, TASK_ISAKMP_DPD))
588 {
589 exchange = INFORMATIONAL_V1;
590 new_mid = TRUE;
591 break;
592 }
b56b8502 593 break;
26b55dc6
MW		 594 default:
595 break;
596 }
597 }
598 else
599 {
600 DBG2(DBG_IKE, "reinitiating already active tasks");
601 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
602 while (enumerator->enumerate(enumerator, (void**)&task))
603 {
604 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
605 switch (task->get_type(task))
606 {
a09972df 607 case TASK_MAIN_MODE:
26b55dc6
MW		 608 exchange = ID_PROT;
609 break;
830ab2ae
MW		 610 case TASK_AGGRESSIVE_MODE:
611 exchange = AGGRESSIVE;
612 break;
744c0801
MW		 613 case TASK_QUICK_MODE:
614 exchange = QUICK_MODE;
615 break;
69adeb5b 616 case TASK_XAUTH:
52ac2ceb
CO		 617 exchange = TRANSACTION;
618 new_mid = TRUE;
619 break;
26b55dc6
MW		 620 default:
621 continue;
622 }
623 break;
624 }
625 enumerator->destroy(enumerator);
626 }
627
73aaf76b 628 if (exchange == EXCHANGE_TYPE_UNDEFINED)
26b55dc6
MW		 629 {
630 DBG2(DBG_IKE, "nothing to initiate");
631 /* nothing to do yet... */
632 return SUCCESS;
633 }
634
635 me = this->ike_sa->get_my_host(this->ike_sa);
636 other = this->ike_sa->get_other_host(this->ike_sa);
637
3e246c48 638 if (new_mid)
26b55dc6 639 {
1bb9c51e
TB		 640 if (!this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
641 (void*)&this->initiating.mid))
642 {
643 DBG1(DBG_IKE, "failed to allocate message ID, destroying IKE_SA");
644 flush(this);
645 return DESTROY_ME;
646 }
26b55dc6 647 }
1bb9c51e 648 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
3e246c48 649 message->set_message_id(message, this->initiating.mid);
26b55dc6
MW		 650 message->set_source(message, me->clone(me));
651 message->set_destination(message, other->clone(other));
652 message->set_exchange_type(message, exchange);
653 this->initiating.type = exchange;
654 this->initiating.retransmitted = 0;
655
656 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
657 while (enumerator->enumerate(enumerator, (void*)&task))
658 {
659 switch (task->build(task, message))
660 {
661 case SUCCESS:
662 /* task completed, remove it */
663 this->active_tasks->remove_at(this->active_tasks, enumerator);
182d55b2
MW		 664 if (task->get_type(task) == TASK_AGGRESSIVE_MODE ||
665 task->get_type(task) == TASK_QUICK_MODE)
1b82eb23
MW		 666 { /* last message of three message exchange */
667 keep = TRUE;
668 }
26b55dc6 669 task->destroy(task);
590ca1d4 670 continue;
26b55dc6 671 case NEED_MORE:
751bd02e 672 expect_response = TRUE;
26b55dc6 673 /* processed, but task needs another exchange */
590ca1d4
MW		 674 continue;
675 case ALREADY_DONE:
f6aafb30 676 canceled = TRUE;
26b55dc6
MW		 677 break;
678 case FAILED:
679 default:
680 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
681 {
682 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
683 }
684 /* FALL */
685 case DESTROY_ME:
686 /* critical failure, destroy IKE_SA */
687 enumerator->destroy(enumerator);
688 message->destroy(message);
689 flush(this);
690 return DESTROY_ME;
691 }
590ca1d4 692 break;
26b55dc6
MW		 693 }
694 enumerator->destroy(enumerator);
695
1b82eb23
MW		 696 if (this->active_tasks->get_count(this->active_tasks) == 0 &&
697 (exchange == QUICK_MODE || exchange == AGGRESSIVE))
41fbde45
MW		 698 { /* tasks completed, no exchange active anymore */
699 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
700 }
f6aafb30 701 if (canceled)
b64d6423
MW		 702 {
703 message->destroy(message);
704 return initiate(this);
705 }
26b55dc6 706
127a98dc
TB		 707 clear_packets(this->initiating.packets);
708 if (!generate_message(this, message, &this->initiating.packets))
26b55dc6
MW		 709 {
710 /* message generation failed. There is nothing more to do than to
711 * close the SA */
712 message->destroy(message);
713 flush(this);
714 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
715 return DESTROY_ME;
716 }
26b55dc6 717
f5a84055 718 this->initiating.seqnr++;
3babde90 719 if (expect_response)
751bd02e 720 {
f5a84055 721 message->destroy(message);
751bd02e
CO		 722 return retransmit(this, this->initiating.seqnr);
723 }
8c50bb6c
TE		 724 send_packets(this, this->initiating.packets);
725 if (!keep)
f5a84055 726 {
127a98dc 727 clear_packets(this->initiating.packets);
f5a84055
MW		 728 }
729 message->destroy(message);
46505067 730
07095794 731 if (exchange == INFORMATIONAL_V1)
46505067 732 {
07095794
MW		 733 switch (this->ike_sa->get_state(this->ike_sa))
734 {
735 case IKE_CONNECTING:
736 /* close after sending an INFORMATIONAL when unestablished */
85a6fe23 737 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
07095794
MW		 738 return FAILED;
739 case IKE_DELETING:
740 /* close after sending a DELETE */
741 return DESTROY_ME;
742 default:
743 break;
744 }
46505067 745 }
daee47ba 746 return initiate(this);
4a09d9ee
MW		 747}
748
4a09d9ee
MW		 749/**
750 * build a response depending on the "passive" task list
751 */
752static status_t build_response(private_task_manager_t *this, message_t *request)
753{
754 enumerator_t *enumerator;
755 task_t *task;
756 message_t *message;
757 host_t *me, *other;
f6aafb30 758 bool delete = FALSE, canceled = FALSE, expect_request = FALSE;
4a09d9ee
MW		 759
760 me = request->get_destination(request);
761 other = request->get_source(request);
762
763 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
764 message->set_exchange_type(message, request->get_exchange_type(request));
765 /* send response along the path the request came in */
766 message->set_source(message, me->clone(me));
767 message->set_destination(message, other->clone(other));
1b82eb23 768 message->set_message_id(message, request->get_message_id(request));
4a09d9ee
MW		 769 message->set_request(message, FALSE);
770
f5a84055
MW		 771 this->responding.mid = request->get_message_id(request);
772 this->responding.retransmitted = 0;
773 this->responding.seqnr++;
774
4a09d9ee
MW		 775 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
776 while (enumerator->enumerate(enumerator, (void*)&task))
777 {
778 switch (task->build(task, message))
779 {
780 case SUCCESS:
781 /* task completed, remove it */
782 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
f5a84055 783 task->destroy(task);
590ca1d4 784 continue;
4a09d9ee
MW		 785 case NEED_MORE:
786 /* processed, but task needs another exchange */
346dad30
MW		 787 if (task->get_type(task) == TASK_QUICK_MODE ||
788 task->get_type(task) == TASK_AGGRESSIVE_MODE)
f5a84055
MW		 789 { /* we rely on initiator retransmission, except for
790 * three-message exchanges */
791 expect_request = TRUE;
4a09d9ee 792 }
590ca1d4
MW		 793 continue;
794 case ALREADY_DONE:
f6aafb30 795 canceled = TRUE;
4a09d9ee 796 break;
37a22a16
TB		 797 case INVALID_ARG:
798 if (task->get_type(task) == TASK_QUICK_MODE)
799 { /* not responsible for this exchange */
800 continue;
801 }
802 /* FALL */
4a09d9ee
MW		 803 case FAILED:
804 default:
805 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
806 /* FALL */
807 case DESTROY_ME:
808 /* destroy IKE_SA, but SEND response first */
809 delete = TRUE;
810 break;
811 }
590ca1d4 812 break;
4a09d9ee
MW		 813 }
814 enumerator->destroy(enumerator);
815
127a98dc 816 clear_packets(this->responding.packets);
f6aafb30 817 if (canceled)
b64d6423
MW		 818 {
819 message->destroy(message);
820 return initiate(this);
821 }
127a98dc 822 if (!generate_message(this, message, &this->responding.packets))
4a09d9ee 823 {
127a98dc 824 message->destroy(message);
4a09d9ee
MW		 825 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
826 return DESTROY_ME;
827 }
127a98dc 828 message->destroy(message);
4a09d9ee 829
f5a84055
MW		 830 if (expect_request && !delete)
831 {
832 return retransmit(this, this->responding.seqnr);
833 }
127a98dc 834 send_packets(this, this->responding.packets);
4a09d9ee
MW		 835 if (delete)
836 {
837 return DESTROY_ME;
838 }
839 return SUCCESS;
840}
841
fbbd439b
CO		 842/**
843 * Send a notify in a separate INFORMATIONAL exchange back to the sender.
e647c98a 844 * The notify protocol_id is set to ISAKMP
fbbd439b 845 */
b4705269
MW		 846static void send_notify(private_task_manager_t *this, message_t *request,
847 notify_type_t type)
fbbd439b
CO		 848{
849 message_t *response;
127a98dc 850 array_t *packets = NULL;
fbbd439b 851 host_t *me, *other;
b12c53ce 852 uint32_t mid;
fbbd439b 853
3973ffa4 854 if (request->get_exchange_type(request) == INFORMATIONAL_V1)
fbbd439b
CO		 855 { /* don't respond to INFORMATIONAL requests to avoid a notify war */
856 DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
857 return;
858 }
1bb9c51e
TB		 859 if (!this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid))
860 {
861 DBG1(DBG_IKE, "failed to allocate message ID");
862 return;
863 }
fbbd439b
CO		 864 response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
865 response->set_exchange_type(response, INFORMATIONAL_V1);
866 response->set_request(response, TRUE);
fbbd439b 867 response->set_message_id(response, mid);
b4705269 868 response->add_payload(response, (payload_t*)
3ecfc83c 869 notify_payload_create_from_protocol_and_type(PLV1_NOTIFY,
b4705269 870 PROTO_IKE, type));
fbbd439b
CO		 871
872 me = this->ike_sa->get_my_host(this->ike_sa);
873 if (me->is_anyaddr(me))
874 {
875 me = request->get_destination(request);
876 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
877 }
878 other = this->ike_sa->get_other_host(this->ike_sa);
879 if (other->is_anyaddr(other))
880 {
881 other = request->get_source(request);
882 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
883 }
884 response->set_source(response, me->clone(me));
885 response->set_destination(response, other->clone(other));
127a98dc 886 if (generate_message(this, response, &packets))
fbbd439b 887 {
127a98dc 888 send_packets(this, packets);
fbbd439b 889 }
127a98dc
TB		 890 clear_packets(packets);
891 array_destroy(packets);
fbbd439b
CO		 892 response->destroy(response);
893}
894
24742c0f
MW		 895/**
896 * Process a DPD request/response
897 */
898static bool process_dpd(private_task_manager_t *this, message_t *message)
899{
900 notify_payload_t *notify;
901 notify_type_t type;
b12c53ce 902 uint32_t seq;
24742c0f
MW		 903 chunk_t data;
904
905 type = DPD_R_U_THERE;
906 notify = message->get_notify(message, type);
907 if (!notify)
908 {
909 type = DPD_R_U_THERE_ACK;
910 notify = message->get_notify(message, type);
911 }
912 if (!notify)
913 {
914 return FALSE;
915 }
916 data = notify->get_notification_data(notify);
917 if (data.len != 4)
918 {
919 return FALSE;
920 }
921 seq = untoh32(data.ptr);
922
923 if (type == DPD_R_U_THERE)
924 {
925 if (this->dpd_recv == 0 || seq == this->dpd_recv)
926 { /* check sequence validity */
927 this->dpd_recv = seq + 1;
928 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
929 time_monotonic(NULL));
930 }
931 /* but respond anyway */
932 this->ike_sa->queue_task(this->ike_sa,
933 &isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE_ACK, seq)->task);
934 }
935 else /* DPD_R_U_THERE_ACK */
936 {
9de3140d 937 if (seq == this->dpd_send)
24742c0f 938 {
9de3140d 939 this->dpd_send++;
24742c0f
MW		 940 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
941 time_monotonic(NULL));
942 }
943 else
944 {
945 DBG1(DBG_IKE, "received invalid DPD sequence number %u "
9de3140d 946 "(expected %u), ignored", seq, this->dpd_send);
24742c0f
MW		 947 }
948 }
949 return TRUE;
950}
951
4de361d9
TB		 952/**
953 * Check if we already have a quick mode task queued for the exchange with the
954 * given message ID
955 */
b12c53ce 956static bool have_quick_mode_task(private_task_manager_t *this, uint32_t mid)
4de361d9
TB		 957{
958 enumerator_t *enumerator;
959 quick_mode_t *qm;
960 task_t *task;
961 bool found = FALSE;
962
963 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
964 while (enumerator->enumerate(enumerator, &task))
965 {
966 if (task->get_type(task) == TASK_QUICK_MODE)
967 {
968 qm = (quick_mode_t*)task;
969 if (qm->get_mid(qm) == mid)
970 {
971 found = TRUE;
972 break;
973 }
974 }
975 }
976 enumerator->destroy(enumerator);
977 return found;
978}
979
b0b0c913 980/**
1b4e7fe1 981 * Check if we still have a specific task queued
b0b0c913 982 */
1b4e7fe1 983static bool have_task_queued(private_task_manager_t *this, task_type_t type)
b0b0c913
TB		 984{
985 enumerator_t *enumerator;
986 task_t *task;
987 bool found = FALSE;
988
989 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
990 while (enumerator->enumerate(enumerator, &task))
991 {
1b4e7fe1 992 if (task->get_type(task) == type)
b0b0c913
TB		 993 {
994 found = TRUE;
995 break;
996 }
997 }
998 enumerator->destroy(enumerator);
999 return found;
1000}
1001
4a09d9ee
MW		 1002/**
1003 * handle an incoming request message
1004 */
1005static status_t process_request(private_task_manager_t *this,
1006 message_t *message)
1007{
1008 enumerator_t *enumerator;
1009 task_t *task = NULL;
ff6b084a 1010 bool send_response = FALSE, dpd = FALSE;
4a09d9ee 1011
9276f712 1012 if (message->get_exchange_type(message) == INFORMATIONAL_V1 ||
4de361d9 1013 message->get_exchange_type(message) == QUICK_MODE ||
9276f712 1014 this->passive_tasks->get_count(this->passive_tasks) == 0)
4a09d9ee
MW		 1015 { /* create tasks depending on request type, if not already some queued */
1016 switch (message->get_exchange_type(message))
1017 {
1018 case ID_PROT:
2e3c9f87 1019 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
01685247 1020 this->passive_tasks->insert_last(this->passive_tasks, task);
824dc0ad 1021 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
8ad5cd1f 1022 this->passive_tasks->insert_last(this->passive_tasks, task);
c73c832c
MW		 1023 task = (task_t *)main_mode_create(this->ike_sa, FALSE);
1024 this->passive_tasks->insert_last(this->passive_tasks, task);
0aa2af5e 1025 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
c64a4b4f 1026 this->passive_tasks->insert_last(this->passive_tasks, task);
79d6fc7f 1027 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
1cc4ec46 1028 this->passive_tasks->insert_last(this->passive_tasks, task);
4a09d9ee
MW		 1029 break;
1030 case AGGRESSIVE:
830ab2ae
MW		 1031 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
1032 this->passive_tasks->insert_last(this->passive_tasks, task);
1033 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
1034 this->passive_tasks->insert_last(this->passive_tasks, task);
1035 task = (task_t *)aggressive_mode_create(this->ike_sa, FALSE);
1036 this->passive_tasks->insert_last(this->passive_tasks, task);
1037 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
1038 this->passive_tasks->insert_last(this->passive_tasks, task);
1039 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
1040 this->passive_tasks->insert_last(this->passive_tasks, task);
1041 break;
4a09d9ee 1042 case QUICK_MODE:
a22b9e4f
MW		 1043 if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
1044 {
1045 DBG1(DBG_IKE, "received quick mode request for "
1046 "unestablished IKE_SA, ignored");
1047 return FAILED;
1048 }
4de361d9
TB		 1049 if (have_quick_mode_task(this, message->get_message_id(message)))
1050 {
1051 break;
1052 }
744c0801
MW		 1053 task = (task_t *)quick_mode_create(this->ike_sa, NULL,
1054 NULL, NULL);
1055 this->passive_tasks->insert_last(this->passive_tasks, task);
1056 break;
4a09d9ee 1057 case INFORMATIONAL_V1:
24742c0f 1058 if (process_dpd(this, message))
2ddd45c9 1059 {
ff6b084a 1060 dpd = TRUE;
2ddd45c9
MW		 1061 }
1062 else
1063 {
1064 task = (task_t *)informational_create(this->ike_sa, NULL);
24742c0f 1065 this->passive_tasks->insert_first(this->passive_tasks, task);
2ddd45c9 1066 }
07abb470 1067 break;
c5dc9d33 1068 case TRANSACTION:
764035d5 1069 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
156b8662 1070 {
e3311e9b
MW		 1071 task = (task_t *)mode_config_create(this->ike_sa,
1072 FALSE, TRUE);
156b8662
MW		 1073 }
1074 else
1075 {
1076 task = (task_t *)xauth_create(this->ike_sa, FALSE);
1077 }
c5dc9d33
CO		 1078 this->passive_tasks->insert_last(this->passive_tasks, task);
1079 break;
4a09d9ee
MW		 1080 default:
1081 return FAILED;
1082 }
1083 }
24742c0f 1084 if (dpd)
ff6b084a 1085 {
24742c0f 1086 return initiate(this);
ff6b084a 1087 }
24742c0f
MW		 1088 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND, time_monotonic(NULL));
1089
4a09d9ee
MW		 1090 /* let the tasks process the message */
1091 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
1092 while (enumerator->enumerate(enumerator, (void*)&task))
1093 {
1094 switch (task->process(task, message))
1095 {
1096 case SUCCESS:
1097 /* task completed, remove it */
1098 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
1099 task->destroy(task);
590ca1d4 1100 continue;
4a09d9ee
MW		 1101 case NEED_MORE:
1102 /* processed, but task needs at least another call to build() */
8cb6f4f9 1103 send_response = TRUE;
590ca1d4
MW		 1104 continue;
1105 case ALREADY_DONE:
1106 send_response = FALSE;
4a09d9ee 1107 break;
37a22a16
TB		 1108 case INVALID_ARG:
1109 if (task->get_type(task) == TASK_QUICK_MODE)
1110 { /* not responsible for this exchange */
1111 continue;
1112 }
1113 /* FALL */
4a09d9ee
MW		 1114 case FAILED:
1115 default:
1116 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1117 /* FALL */
1118 case DESTROY_ME:
1119 /* critical failure, destroy IKE_SA */
1120 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
1121 enumerator->destroy(enumerator);
1122 task->destroy(task);
1123 return DESTROY_ME;
1124 }
590ca1d4 1125 break;
4a09d9ee
MW		 1126 }
1127 enumerator->destroy(enumerator);
1128
8cb6f4f9
TB		 1129 if (send_response)
1130 {
69adeb5b
MW		 1131 if (build_response(this, message) != SUCCESS)
1132 {
1133 return DESTROY_ME;
1134 }
1135 }
7b34de45 1136 else
8c732b8e
TE		 1137 {
1138 if (this->responding.retransmitted > 1)
1139 {
1140 packet_t *packet = NULL;
1141 array_get(this->responding.packets, 0, &packet);
1142 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED,
1143 packet);
1144 }
1145 /* We don't send a response, so don't retransmit one if we get
7b34de45 1146 * the same message again. */
127a98dc 1147 clear_packets(this->responding.packets);
7b34de45 1148 }
25863fe1
TB		 1149 if (this->queued &&
1150 this->queued->get_exchange_type(this->queued) == INFORMATIONAL_V1)
1151 {
1152 message_t *queued;
1153 status_t status;
1154
1155 queued = this->queued;
1156 this->queued = NULL;
1157 status = this->public.task_manager.process_message(
1158 &this->public.task_manager, queued);
1159 queued->destroy(queued);
1160 if (status == DESTROY_ME)
1161 {
1162 return status;
1163 }
1164 }
69adeb5b
MW		 1165 if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
1166 this->queued_tasks->get_count(this->queued_tasks) > 0)
1167 {
1168 /* passive tasks completed, check if an active task has been queued,
1169 * such as XAUTH or modeconfig push */
1170 return initiate(this);
8cb6f4f9
TB		 1171 }
1172 return SUCCESS;
4a09d9ee
MW		 1173}
1174
26b55dc6
MW		 1175/**
1176 * handle an incoming response message
1177 */
1178static status_t process_response(private_task_manager_t *this,
1179 message_t *message)
1180{
1181 enumerator_t *enumerator;
4e98ca18 1182 message_t *queued;
f91b6ac7 1183 status_t status;
26b55dc6
MW		 1184 task_t *task;
1185
1186 if (message->get_exchange_type(message) != this->initiating.type)
1187 {
0235914d
MW		 1188 /* Windows server sends a fourth quick mode message having an initial
1189 * contact notify. Ignore this message for compatibility. */
1190 if (this->initiating.type == EXCHANGE_TYPE_UNDEFINED &&
1191 message->get_exchange_type(message) == QUICK_MODE &&
1192 message->get_notify(message, INITIAL_CONTACT))
1193 {
1194 DBG1(DBG_IKE, "ignoring fourth Quick Mode message");
1195 return SUCCESS;
1196 }
26b55dc6
MW		 1197 DBG1(DBG_IKE, "received %N response, but expected %N",
1198 exchange_type_names, message->get_exchange_type(message),
1199 exchange_type_names, this->initiating.type);
1200 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1201 return DESTROY_ME;
1202 }
1203
1204 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
1205 while (enumerator->enumerate(enumerator, (void*)&task))
1206 {
1207 switch (task->process(task, message))
1208 {
1209 case SUCCESS:
1210 /* task completed, remove it */
1211 this->active_tasks->remove_at(this->active_tasks, enumerator);
1212 task->destroy(task);
590ca1d4 1213 continue;
26b55dc6
MW		 1214 case NEED_MORE:
1215 /* processed, but task needs another exchange */
590ca1d4
MW		 1216 continue;
1217 case ALREADY_DONE:
26b55dc6
MW		 1218 break;
1219 case FAILED:
1220 default:
1221 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1222 /* FALL */
1223 case DESTROY_ME:
1224 /* critical failure, destroy IKE_SA */
1225 this->active_tasks->remove_at(this->active_tasks, enumerator);
1226 enumerator->destroy(enumerator);
1227 task->destroy(task);
1228 return DESTROY_ME;
1229 }
590ca1d4 1230 break;
26b55dc6
MW		 1231 }
1232 enumerator->destroy(enumerator);
1233
0ddda7ca 1234 if (this->initiating.retransmitted > 1)
bd71ba0f
TB		 1235 {
1236 packet_t *packet = NULL;
1237 array_get(this->initiating.packets, 0, &packet);
1238 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet);
1239 }
26b55dc6 1240 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
127a98dc 1241 clear_packets(this->initiating.packets);
26b55dc6 1242
3805880c
TB		 1243 if (this->queued && !this->active_tasks->get_count(this->active_tasks) &&
1244 this->queued->get_exchange_type(this->queued) == TRANSACTION)
f91b6ac7 1245 {
4e98ca18 1246 queued = this->queued;
f91b6ac7 1247 this->queued = NULL;
4e98ca18
MW		 1248 status = this->public.task_manager.process_message(
1249 &this->public.task_manager, queued);
1250 queued->destroy(queued);
f91b6ac7
MW		 1251 if (status == DESTROY_ME)
1252 {
1253 return status;
1254 }
1255 }
1256
26b55dc6
MW		 1257 return initiate(this);
1258}
1259
30216000
TB		 1260static status_t handle_fragment(private_task_manager_t *this, message_t *msg)
1261{
70e0be07 1262 status_t status;
30216000 1263
70e0be07 1264 if (!this->defrag)
30216000 1265 {
70e0be07
TB		 1266 this->defrag = message_create_defrag(msg);
1267 if (!this->defrag)
30216000 1268 {
70e0be07 1269 return FAILED;
30216000
TB		 1270 }
1271 }
70e0be07
TB		 1272 status = this->defrag->add_fragment(this->defrag, msg);
1273 if (status == SUCCESS)
8fc83834 1274 {
70e0be07
TB		 1275 lib->processor->queue_job(lib->processor,
1276 (job_t*)process_message_job_create(this->defrag));
1277 this->defrag = NULL;
1278 /* do not process the last fragment */
30216000
TB		 1279 status = NEED_MORE;
1280 }
1281 return status;
1282}
1283
b235e69c
TB		 1284/**
1285 * Parse the given message and verify that it is valid.
1286 */
1287static status_t parse_message(private_task_manager_t *this, message_t *msg)
1288{
1289 status_t status;
1290
1291 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
1292
1293 if (status != SUCCESS)
1294 {
1295 switch (status)
1296 {
29a5e070
TB		 1297 case NOT_SUPPORTED:
1298 DBG1(DBG_IKE, "unsupported exchange type");
b4705269 1299 send_notify(this, msg, INVALID_EXCHANGE_TYPE);
29a5e070 1300 break;
b235e69c
TB		 1301 case PARSE_ERROR:
1302 DBG1(DBG_IKE, "message parsing failed");
b4705269 1303 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1304 break;
1305 case VERIFY_ERROR:
1306 DBG1(DBG_IKE, "message verification failed");
b4705269 1307 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1308 break;
1309 case FAILED:
1310 DBG1(DBG_IKE, "integrity check failed");
b4705269 1311 send_notify(this, msg, INVALID_HASH_INFORMATION);
b235e69c
TB		 1312 break;
1313 case INVALID_STATE:
1314 DBG1(DBG_IKE, "found encrypted message, but no keys available");
b4705269 1315 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1316 default:
1317 break;
1318 }
f5ef3577 1319 DBG1(DBG_IKE, "%N %s with message ID %u processing failed",
b235e69c
TB		 1320 exchange_type_names, msg->get_exchange_type(msg),
1321 msg->get_request(msg) ? "request" : "response",
1322 msg->get_message_id(msg));
1323
418f4bc7
MW		 1324 charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_BODY, msg, status);
1325
b235e69c
TB		 1326 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1327 { /* invalid initiation attempt, close SA */
1328 return DESTROY_ME;
1329 }
1330 }
30216000 1331
3ecfc83c 1332 if (msg->get_first_payload_type(msg) == PLV1_FRAGMENT)
30216000
TB		 1333 {
1334 return handle_fragment(this, msg);
1335 }
b235e69c
TB		 1336 return status;
1337}
1338
3f56f731
TB		 1339/**
1340 * Queue the given message if possible
1341 */
1342static status_t queue_message(private_task_manager_t *this, message_t *msg)
1343{
1344 if (this->queued)
1345 {
1346 DBG1(DBG_IKE, "ignoring %N request, queue full",
1347 exchange_type_names, msg->get_exchange_type(msg));
1348 return FAILED;
1349 }
1350 this->queued = message_create_from_packet(msg->get_packet(msg));
1351 if (this->queued->parse_header(this->queued) != SUCCESS)
1352 {
1353 this->queued->destroy(this->queued);
1354 this->queued = NULL;
1355 return FAILED;
1356 }
1357 DBG1(DBG_IKE, "queueing %N request as tasks still active",
1358 exchange_type_names, msg->get_exchange_type(msg));
1359 return SUCCESS;
1360}
1361
4a09d9ee
MW		 1362METHOD(task_manager_t, process_message, status_t,
1363 private_task_manager_t *this, message_t *msg)
1364{
b12c53ce 1365 uint32_t hash, mid, i;
3d59c5c3 1366 host_t *me, *other;
68c6863b 1367 status_t status;
73aaf76b 1368
1960312c 1369 /* TODO-IKEv1: update hosts more selectively */
3d59c5c3
TB		 1370 me = msg->get_destination(msg);
1371 other = msg->get_source(msg);
68c6863b 1372 mid = msg->get_message_id(msg);
fce566a8
MW		 1373 hash = chunk_hash(msg->get_packet_data(msg));
1374 for (i = 0; i < MAX_OLD_HASHES; i++)
1375 {
1376 if (this->initiating.old_hashes[i] == hash)
1377 {
127a98dc 1378 if (array_count(this->initiating.packets) &&
f5a84055 1379 i == (this->initiating.old_hash_pos % MAX_OLD_HASHES) &&
346dad30
MW		 1380 (msg->get_exchange_type(msg) == QUICK_MODE ||
1381 msg->get_exchange_type(msg) == AGGRESSIVE))
f5a84055
MW		 1382 {
1383 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1384 "resending last request", mid);
127a98dc 1385 send_packets(this, this->initiating.packets);
f5a84055
MW		 1386 return SUCCESS;
1387 }
fce566a8
MW		 1388 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1389 "but next request already sent", mid);
1390 return SUCCESS;
1391 }
1392 }
1960312c 1393
2ddd45c9 1394 if ((mid && mid == this->initiating.mid) ||
73aaf76b 1395 (this->initiating.mid == 0 &&
1cc3e92c 1396 msg->get_exchange_type(msg) == this->initiating.type &&
dc8e9647 1397 this->active_tasks->get_count(this->active_tasks)))
4a09d9ee 1398 {
7519106d 1399 msg->set_request(msg, FALSE);
47b8f6ef 1400 charon->bus->message(charon->bus, msg, TRUE, FALSE);
b235e69c 1401 status = parse_message(this, msg);
30216000
TB		 1402 if (status == NEED_MORE)
1403 {
1404 return SUCCESS;
1405 }
1960312c
TB		 1406 if (status != SUCCESS)
1407 {
1408 return status;
1409 }
1410 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1411 time_monotonic(NULL));
51c7cf9a 1412 this->ike_sa->update_hosts(this->ike_sa, me, other, UPDATE_HOSTS_FORCE_ADDRS);
47b8f6ef 1413 charon->bus->message(charon->bus, msg, TRUE, TRUE);
73aaf76b 1414 if (process_response(this, msg) != SUCCESS)
4a09d9ee
MW		 1415 {
1416 flush(this);
1417 return DESTROY_ME;
1418 }
f5a84055 1419 this->initiating.old_hashes[(++this->initiating.old_hash_pos) %
fce566a8 1420 MAX_OLD_HASHES] = hash;
4a09d9ee
MW		 1421 }
1422 else
1423 {
7b34de45 1424 if (hash == this->responding.hash)
73aaf76b 1425 {
127a98dc 1426 if (array_count(this->responding.packets))
7b34de45
MW		 1427 {
1428 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1429 "retransmitting response", mid);
127a98dc 1430 send_packets(this, this->responding.packets);
7b34de45 1431 }
127a98dc 1432 else if (array_count(this->initiating.packets) &&
1b82eb23
MW		 1433 this->initiating.type == INFORMATIONAL_V1)
1434 {
1435 DBG1(DBG_IKE, "received retransmit of DPD request, "
1436 "retransmitting response");
127a98dc 1437 send_packets(this, this->initiating.packets);
1b82eb23 1438 }
7b34de45
MW		 1439 else
1440 {
1441 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1442 "but no response to retransmit", mid);
1443 }
3c79b7b7 1444 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
73aaf76b
MW		 1445 return SUCCESS;
1446 }
cdf75a39 1447
cf95d292 1448 /* reject Main/Aggressive Modes once established */
cdf75a39
MW		 1449 if (msg->get_exchange_type(msg) == ID_PROT ||
1450 msg->get_exchange_type(msg) == AGGRESSIVE)
1451 {
1452 if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
1453 this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING &&
3ecfc83c 1454 msg->get_first_payload_type(msg) != PLV1_FRAGMENT)
cdf75a39
MW		 1455 {
1456 DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
1457 exchange_type_names, msg->get_exchange_type(msg));
1458 return FAILED;
1459 }
1460 }
1461
b0b0c913 1462 /* drop XAuth/Mode Config/Quick Mode messages until we received the last
1c8dfa30
TB		 1463 * Aggressive Mode message. since Informational messages are not
1464 * retransmitted we queue them. */
1b4e7fe1 1465 if (have_task_queued(this, TASK_AGGRESSIVE_MODE))
b0b0c913 1466 {
1c8dfa30
TB		 1467 if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
1468 {
1469 return queue_message(this, msg);
1470 }
1471 else if (msg->get_exchange_type(msg) != AGGRESSIVE)
1472 {
1473 DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
1474 exchange_type_names, msg->get_exchange_type(msg));
1475 return FAILED;
1476 }
b0b0c913
TB		 1477 }
1478
3f56f731
TB		 1479 /* queue XAuth/Mode Config messages unless the Main Mode exchange we
1480 * initiated is complete */
f91b6ac7 1481 if (msg->get_exchange_type(msg) == TRANSACTION &&
0b0191e1 1482 this->active_tasks->get_count(this->active_tasks))
3f56f731
TB		 1483 {
1484 return queue_message(this, msg);
f91b6ac7
MW		 1485 }
1486
1b4e7fe1
TB		 1487 /* some peers send INITIAL_CONTACT notifies during XAuth, cache it */
1488 if (have_task_queued(this, TASK_XAUTH) &&
1489 msg->get_exchange_type(msg) == INFORMATIONAL_V1)
1490 {
1491 return queue_message(this, msg);
1492 }
1493
7519106d 1494 msg->set_request(msg, TRUE);
47b8f6ef 1495 charon->bus->message(charon->bus, msg, TRUE, FALSE);
b235e69c 1496 status = parse_message(this, msg);
30216000
TB		 1497 if (status == NEED_MORE)
1498 {
1499 return SUCCESS;
1500 }
1960312c
TB		 1501 if (status != SUCCESS)
1502 {
1503 return status;
1504 }
1505 /* if this IKE_SA is virgin, we check for a config */
1506 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1507 {
1508 ike_sa_id_t *ike_sa_id;
1509 ike_cfg_t *ike_cfg;
1510 job_t *job;
f5a84055 1511
79101163
MW		 1512 ike_cfg = charon->backends->get_ike_cfg(charon->backends,
1513 me, other, IKEV1);
1960312c
TB		 1514 if (ike_cfg == NULL)
1515 {
1516 /* no config found for these hosts, destroy */
4cfd0db8
TB		 1517 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1518 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
b4705269 1519 send_notify(this, msg, NO_PROPOSAL_CHOSEN);
1960312c
TB		 1520 return DESTROY_ME;
1521 }
1522 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1523 ike_cfg->destroy(ike_cfg);
1524 /* add a timeout if peer does not establish it completely */
1525 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1526 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1527 lib->scheduler->schedule_job(lib->scheduler, job,
1528 lib->settings->get_int(lib->settings,
42500c27 1529 "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
d223fe80 1530 lib->ns));
1960312c 1531 }
51c7cf9a 1532 this->ike_sa->update_hosts(this->ike_sa, me, other, UPDATE_HOSTS_FORCE_ADDRS);
47b8f6ef 1533 charon->bus->message(charon->bus, msg, TRUE, TRUE);
73aaf76b 1534 if (process_request(this, msg) != SUCCESS)
26b55dc6
MW		 1535 {
1536 flush(this);
1537 return DESTROY_ME;
1538 }
9cc8bd4f 1539 this->responding.hash = hash;
4a09d9ee
MW		 1540 }
1541 return SUCCESS;
1542}
1543
8ed976c0
MW		 1544/**
1545 * Check if a given task has been queued already
1546 */
1547static bool has_queued(private_task_manager_t *this, task_type_t type)
1548{
1549 enumerator_t *enumerator;
1550 bool found = FALSE;
1551 task_t *task;
1552
1553 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1554 while (enumerator->enumerate(enumerator, &task))
1555 {
1556 if (task->get_type(task) == type)
1557 {
1558 found = TRUE;
1559 break;
1560 }
1561 }
1562 enumerator->destroy(enumerator);
1563 return found;
1564}
1565
208678e6
TB		 1566METHOD(task_manager_t, queue_task_delayed, void,
1567 private_task_manager_t *this, task_t *task, uint32_t delay)
d4828f51
TB		 1568{
1569 task_type_t type = task->get_type(task);
1570
1571 switch (type)
1572 {
1573 case TASK_MODE_CONFIG:
1574 case TASK_XAUTH:
1575 if (has_queued(this, type))
1576 {
1577 task->destroy(task);
1578 return;
1579 }
1580 break;
1581 default:
1582 break;
1583 }
1584 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1585 this->queued_tasks->insert_last(this->queued_tasks, task);
1586}
1587
208678e6
TB		 1588METHOD(task_manager_t, queue_task, void,
1589 private_task_manager_t *this, task_t *task)
1590{
1591 queue_task_delayed(this, task, 0);
1592}
1593
a60daa07
MW		 1594METHOD(task_manager_t, queue_ike, void,
1595 private_task_manager_t *this)
1596{
830ab2ae
MW		 1597 peer_cfg_t *peer_cfg;
1598
8ed976c0
MW		 1599 if (!has_queued(this, TASK_ISAKMP_VENDOR))
1600 {
1601 queue_task(this, (task_t*)isakmp_vendor_create(this->ike_sa, TRUE));
1602 }
1603 if (!has_queued(this, TASK_ISAKMP_CERT_PRE))
1604 {
1605 queue_task(this, (task_t*)isakmp_cert_pre_create(this->ike_sa, TRUE));
1606 }
830ab2ae
MW		 1607 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1608 if (peer_cfg->use_aggressive(peer_cfg))
8ed976c0 1609 {
830ab2ae
MW		 1610 if (!has_queued(this, TASK_AGGRESSIVE_MODE))
1611 {
1612 queue_task(this, (task_t*)aggressive_mode_create(this->ike_sa, TRUE));
1613 }
1614 }
1615 else
1616 {
1617 if (!has_queued(this, TASK_MAIN_MODE))
1618 {
1619 queue_task(this, (task_t*)main_mode_create(this->ike_sa, TRUE));
1620 }
8ed976c0
MW		 1621 }
1622 if (!has_queued(this, TASK_ISAKMP_CERT_POST))
1623 {
1624 queue_task(this, (task_t*)isakmp_cert_post_create(this->ike_sa, TRUE));
1625 }
1626 if (!has_queued(this, TASK_ISAKMP_NATD))
1627 {
1628 queue_task(this, (task_t*)isakmp_natd_create(this->ike_sa, TRUE));
1629 }
a60daa07
MW		 1630}
1631
4f49b068 1632METHOD(task_manager_t, queue_ike_reauth, void,
dab60d64
MW		 1633 private_task_manager_t *this)
1634{
4f49b068
MW		 1635 enumerator_t *enumerator;
1636 child_sa_t *child_sa;
1637 ike_sa_t *new;
1638 host_t *host;
1639
bde5bd47 1640 new = charon->ike_sa_manager->create_new(charon->ike_sa_manager,
4f49b068
MW		 1641 this->ike_sa->get_version(this->ike_sa), TRUE);
1642 if (!new)
1643 { /* shouldn't happen */
1644 return;
1645 }
1646
1647 new->set_peer_cfg(new, this->ike_sa->get_peer_cfg(this->ike_sa));
1648 host = this->ike_sa->get_other_host(this->ike_sa);
1649 new->set_other_host(new, host->clone(host));
1650 host = this->ike_sa->get_my_host(this->ike_sa);
1651 new->set_my_host(new, host->clone(host));
101d26ba
MW		 1652 enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, TRUE);
1653 while (enumerator->enumerate(enumerator, &host))
4f49b068 1654 {
101d26ba 1655 new->add_virtual_ip(new, TRUE, host);
4f49b068 1656 }
101d26ba 1657 enumerator->destroy(enumerator);
4f49b068 1658
6a9a69ae
TB		 1659 charon->bus->children_migrate(charon->bus, new->get_id(new),
1660 new->get_unique_id(new));
4f49b068
MW		 1661 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1662 while (enumerator->enumerate(enumerator, &child_sa))
1663 {
1664 this->ike_sa->remove_child_sa(this->ike_sa, enumerator);
1665 new->add_child_sa(new, child_sa);
1666 }
1667 enumerator->destroy(enumerator);
6a9a69ae
TB		 1668 charon->bus->set_sa(charon->bus, new);
1669 charon->bus->children_migrate(charon->bus, NULL, 0);
1670 charon->bus->set_sa(charon->bus, this->ike_sa);
4f49b068 1671
8254e7ec
TB		 1672 if (!new->get_child_count(new))
1673 { /* check if a Quick Mode task is queued (UNITY_LOAD_BALANCE case) */
1674 task_t *task;
1675
1676 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1677 while (enumerator->enumerate(enumerator, &task))
1678 {
1679 if (task->get_type(task) == TASK_QUICK_MODE)
1680 {
1681 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
1682 task->migrate(task, new);
1683 new->queue_task(new, task);
1684 }
1685 }
1686 enumerator->destroy(enumerator);
1687 }
1688
7f30e1ae 1689 if (new->initiate(new, NULL, NULL) != DESTROY_ME)
4f49b068
MW		 1690 {
1691 charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
1b79299b 1692 this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
4f49b068
MW		 1693 }
1694 else
1695 {
1696 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
1697 DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
1698 }
1699 charon->bus->set_sa(charon->bus, this->ike_sa);
dab60d64
MW		 1700}
1701
4f49b068 1702METHOD(task_manager_t, queue_ike_rekey, void,
cedb412e
MW		 1703 private_task_manager_t *this)
1704{
4f49b068 1705 queue_ike_reauth(this);
cedb412e
MW		 1706}
1707
3ed148b3
MW		 1708METHOD(task_manager_t, queue_ike_delete, void,
1709 private_task_manager_t *this)
1710{
daee47ba
MW		 1711 enumerator_t *enumerator;
1712 child_sa_t *child_sa;
1713
60d0f52f
TB		 1714 /* cancel any currently active task to get the DELETE done quickly */
1715 flush_queue(this, TASK_QUEUE_ACTIVE);
1716
daee47ba
MW		 1717 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1718 while (enumerator->enumerate(enumerator, &child_sa))
1719 {
1720 queue_task(this, (task_t*)
1721 quick_delete_create(this->ike_sa, child_sa->get_protocol(child_sa),
3a925f74 1722 child_sa->get_spi(child_sa, TRUE), FALSE, FALSE));
daee47ba
MW		 1723 }
1724 enumerator->destroy(enumerator);
1725
3ed148b3
MW		 1726 queue_task(this, (task_t*)isakmp_delete_create(this->ike_sa, TRUE));
1727}
1728
873df908
MW		 1729METHOD(task_manager_t, queue_mobike, void,
1730 private_task_manager_t *this, bool roam, bool address)
1731{
1732 /* Not supported in IKEv1 */
1733}
1734
fe43d9a2 1735METHOD(task_manager_t, queue_child, void,
7f30e1ae 1736 private_task_manager_t *this, child_cfg_t *cfg, child_init_args_t *args)
fe43d9a2 1737{
14dc7941
MW		 1738 quick_mode_t *task;
1739
7f30e1ae
TB		 1740 if (args)
1741 {
1742 task = quick_mode_create(this->ike_sa, cfg, args->src, args->dst);
1743 task->use_reqid(task, args->reqid);
1744 }
1745 else
1746 {
1747 task = quick_mode_create(this->ike_sa, cfg, NULL, NULL);
1748 }
14dc7941 1749 queue_task(this, &task->task);
fe43d9a2
MW		 1750}
1751
2d4c347a
MW		 1752/**
1753 * Check if two CHILD_SAs have the same traffic selector
1754 */
553bb787 1755static bool have_equal_ts(child_sa_t *child1, child_sa_t *child2, bool local)
2d4c347a 1756{
553bb787
MW		 1757 enumerator_t *e1, *e2;
1758 traffic_selector_t *ts1, *ts2;
1759 bool equal = FALSE;
2d4c347a 1760
553bb787
MW		 1761 e1 = child1->create_ts_enumerator(child1, local);
1762 e2 = child2->create_ts_enumerator(child2, local);
1763 if (e1->enumerate(e1, &ts1) && e2->enumerate(e2, &ts2))
2d4c347a 1764 {
553bb787 1765 equal = ts1->equals(ts1, ts2);
2d4c347a 1766 }
fafa7684 1767 e2->destroy(e2);
553bb787
MW		 1768 e1->destroy(e1);
1769
1770 return equal;
2d4c347a
MW		 1771}
1772
bbc3d2a0
TB		 1773/*
1774 * Described in header
1e24fa46 1775 */
bbc3d2a0
TB		 1776bool ikev1_child_sa_is_redundant(ike_sa_t *ike_sa, child_sa_t *child_sa,
1777 bool (*cmp)(child_sa_t*,child_sa_t*))
1e24fa46
MW		 1778{
1779 enumerator_t *enumerator;
1780 child_sa_t *current;
1781 bool redundant = FALSE;
1782
bbc3d2a0 1783 enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
1e24fa46
MW		 1784 while (enumerator->enumerate(enumerator, &current))
1785 {
bbc3d2a0
TB		 1786 if (current != child_sa &&
1787 current->get_state(current) == CHILD_INSTALLED &&
1e24fa46 1788 streq(current->get_name(current), child_sa->get_name(child_sa)) &&
2d4c347a
MW		 1789 have_equal_ts(current, child_sa, TRUE) &&
1790 have_equal_ts(current, child_sa, FALSE) &&
bbc3d2a0 1791 (!cmp || cmp(child_sa, current)))
1e24fa46 1792 {
bbc3d2a0 1793 DBG1(DBG_IKE, "detected redundant CHILD_SA %s{%d}",
246c969d
MW		 1794 child_sa->get_name(child_sa),
1795 child_sa->get_unique_id(child_sa));
1e24fa46
MW		 1796 redundant = TRUE;
1797 break;
1798 }
1799 }
1800 enumerator->destroy(enumerator);
1801
1802 return redundant;
1803}
1804
bbc3d2a0
TB		 1805/**
1806 * Compare the rekey times of two CHILD_SAs, a CHILD_SA is redundant if it is
1807 * rekeyed sooner than another.
1808 */
1809static bool is_rekeyed_sooner(child_sa_t *is_redundant, child_sa_t *other)
1810{
1811 return other->get_lifetime(other, FALSE) >
1812 is_redundant->get_lifetime(is_redundant, FALSE);
1813}
1814
7a5f372c
MW		 1815/**
1816 * Get the first traffic selector of a CHILD_SA, local or remote
1817 */
1818static traffic_selector_t* get_first_ts(child_sa_t *child_sa, bool local)
1819{
1820 traffic_selector_t *ts = NULL;
553bb787 1821 enumerator_t *enumerator;
7a5f372c 1822
553bb787
MW		 1823 enumerator = child_sa->create_ts_enumerator(child_sa, local);
1824 enumerator->enumerate(enumerator, &ts);
1825 enumerator->destroy(enumerator);
1826
1827 return ts;
7a5f372c
MW		 1828}
1829
463a73cc 1830METHOD(task_manager_t, queue_child_rekey, void,
b12c53ce 1831 private_task_manager_t *this, protocol_id_t protocol, uint32_t spi)
463a73cc 1832{
23eb447c
MW		 1833 child_sa_t *child_sa;
1834 child_cfg_t *cfg;
1835 quick_mode_t *task;
1836
1837 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, TRUE);
1838 if (!child_sa)
1839 {
1840 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE);
1841 }
1842 if (child_sa && child_sa->get_state(child_sa) == CHILD_INSTALLED)
1843 {
bbc3d2a0
TB		 1844 if (ikev1_child_sa_is_redundant(this->ike_sa, child_sa,
1845 is_rekeyed_sooner))
1e24fa46 1846 {
a01eb5e4 1847 child_sa->set_state(child_sa, CHILD_REKEYED);
083208e8
TB		 1848 if (lib->settings->get_bool(lib->settings, "%s.delete_rekeyed",
1849 FALSE, lib->ns))
1850 {
1851 queue_task(this, (task_t*)quick_delete_create(this->ike_sa,
1e24fa46 1852 protocol, spi, FALSE, FALSE));
083208e8 1853 }
1e24fa46
MW		 1854 }
1855 else
1856 {
1857 child_sa->set_state(child_sa, CHILD_REKEYING);
1858 cfg = child_sa->get_config(child_sa);
7a5f372c
MW		 1859 task = quick_mode_create(this->ike_sa, cfg->get_ref(cfg),
1860 get_first_ts(child_sa, TRUE), get_first_ts(child_sa, FALSE));
1e24fa46 1861 task->use_reqid(task, child_sa->get_reqid(child_sa));
85b23888
MW		 1862 task->use_marks(task, child_sa->get_mark(child_sa, TRUE).value,
1863 child_sa->get_mark(child_sa, FALSE).value);
8ab33628
TB		 1864 task->use_if_ids(task, child_sa->get_if_id(child_sa, TRUE),
1865 child_sa->get_if_id(child_sa, FALSE));
1e24fa46 1866 task->rekey(task, child_sa->get_spi(child_sa, TRUE));
23eb447c 1867
1e24fa46
MW		 1868 queue_task(this, &task->task);
1869 }
23eb447c 1870 }
463a73cc
MW		 1871}
1872
83c5fda0 1873METHOD(task_manager_t, queue_child_delete, void,
b12c53ce 1874 private_task_manager_t *this, protocol_id_t protocol, uint32_t spi,
3a925f74 1875 bool expired)
83c5fda0
MW		 1876{
1877 queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol,
3a925f74 1878 spi, FALSE, expired));
83c5fda0
MW		 1879}
1880
244d715d
MW		 1881METHOD(task_manager_t, queue_dpd, void,
1882 private_task_manager_t *this)
1883{
80c5b17d 1884 peer_cfg_t *peer_cfg;
b12c53ce 1885 uint32_t t, retransmit;
4b38c22c 1886
24742c0f 1887 queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE,
9de3140d 1888 this->dpd_send));
80c5b17d 1889 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
4b38c22c 1890
80c5b17d
AS		 1891 /* compute timeout in milliseconds */
1892 t = 1000 * peer_cfg->get_dpd_timeout(peer_cfg);
1893 if (t == 0)
4b38c22c 1894 {
80c5b17d
AS		 1895 /* use the same timeout as a retransmitting IKE message would have */
1896 for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++)
1897 {
b12c53ce 1898 t += (uint32_t)(this->retransmit_timeout * 1000.0 *
80c5b17d
AS		 1899 pow(this->retransmit_base, retransmit));
1900 }
4b38c22c 1901 }
747b6487
TB		 1902 /* compensate for the already elapsed dpd delay */
1903 t -= 1000 * peer_cfg->get_dpd(peer_cfg);
80c5b17d
AS		 1904
1905 /* schedule DPD timeout job */
4b38c22c
MW		 1906 lib->scheduler->schedule_job_ms(lib->scheduler,
1907 (job_t*)dpd_timeout_job_create(this->ike_sa->get_id(this->ike_sa)), t);
244d715d
MW		 1908}
1909
4a09d9ee
MW		 1910METHOD(task_manager_t, adopt_tasks, void,
1911 private_task_manager_t *this, task_manager_t *other_public)
1912{
1913 private_task_manager_t *other = (private_task_manager_t*)other_public;
1914 task_t *task;
1915
1916 /* move queued tasks from other to this */
1917 while (other->queued_tasks->remove_last(other->queued_tasks,
1918 (void**)&task) == SUCCESS)
1919 {
1920 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1921 task->migrate(task, this->ike_sa);
1922 this->queued_tasks->insert_first(this->queued_tasks, task);
1923 }
1924}
1925
1926METHOD(task_manager_t, busy, bool,
1927 private_task_manager_t *this)
1928{
1929 return (this->active_tasks->get_count(this->active_tasks) > 0);
1930}
1931
1932METHOD(task_manager_t, incr_mid, void,
1933 private_task_manager_t *this, bool initiate)
1934{
4a09d9ee
MW		 1935}
1936
05a2be82
TB		 1937METHOD(task_manager_t, get_mid, uint32_t,
1938 private_task_manager_t *this, bool initiate)
1939{
1940 return initiate ? this->initiating.mid : this->responding.mid;
1941}
1942
4a09d9ee 1943METHOD(task_manager_t, reset, void,
b12c53ce 1944 private_task_manager_t *this, uint32_t initiate, uint32_t respond)
4a09d9ee 1945{
d9c1dae2
MW		 1946 enumerator_t *enumerator;
1947 task_t *task;
1948
1949 /* reset message counters and retransmit packets */
127a98dc
TB		 1950 clear_packets(this->responding.packets);
1951 clear_packets(this->initiating.packets);
f5a84055
MW		 1952 this->responding.seqnr = RESPONDING_SEQ;
1953 this->responding.retransmitted = 0;
d9c1dae2
MW		 1954 this->initiating.mid = 0;
1955 this->initiating.seqnr = 0;
1956 this->initiating.retransmitted = 0;
1957 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
70e0be07
TB		 1958 DESTROY_IF(this->defrag);
1959 this->defrag = NULL;
fd6fbf17
MW		 1960 if (initiate != UINT_MAX)
1961 {
1962 this->dpd_send = initiate;
1963 }
1964 if (respond != UINT_MAX)
1965 {
1966 this->dpd_recv = respond;
1967 }
d9c1dae2
MW		 1968
1969 /* reset queued tasks */
1970 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1971 while (enumerator->enumerate(enumerator, &task))
1972 {
1973 task->migrate(task, this->ike_sa);
1974 }
1975 enumerator->destroy(enumerator);
1976
1977 /* reset active tasks */
1978 while (this->active_tasks->remove_last(this->active_tasks,
1979 (void**)&task) == SUCCESS)
1980 {
1981 task->migrate(task, this->ike_sa);
1982 this->queued_tasks->insert_first(this->queued_tasks, task);
1983 }
4a09d9ee
MW		 1984}
1985
4505e3c0
TB		 1986/**
1987 * Data for a task queue enumerator
1988 */
1989typedef struct {
1990 enumerator_t public;
1991 task_queue_t queue;
1992 enumerator_t *inner;
1993} task_enumerator_t;
1994
1995METHOD(enumerator_t, task_enumerator_destroy, void,
1996 task_enumerator_t *this)
1997{
1998 this->inner->destroy(this->inner);
1999 free(this);
2000}
2001
2002METHOD(enumerator_t, task_enumerator_enumerate, bool,
2003 task_enumerator_t *this, va_list args)
2004{
2005 task_t **task;
2006
2007 VA_ARGS_VGET(args, task);
2008 return this->inner->enumerate(this->inner, task);
2009}
2010
4a09d9ee
MW		 2011METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
2012 private_task_manager_t *this, task_queue_t queue)
2013{
4505e3c0
TB		 2014 task_enumerator_t *enumerator;
2015
2016 INIT(enumerator,
2017 .public = {
2018 .enumerate = enumerator_enumerate_default,
2019 .venumerate = _task_enumerator_enumerate,
2020 .destroy = _task_enumerator_destroy,
2021 },
2022 .queue = queue,
2023 );
4a09d9ee
MW		 2024 switch (queue)
2025 {
2026 case TASK_QUEUE_ACTIVE:
4505e3c0
TB		 2027 enumerator->inner = this->active_tasks->create_enumerator(
2028 this->active_tasks);
2029 break;
4a09d9ee 2030 case TASK_QUEUE_PASSIVE:
4505e3c0
TB		 2031 enumerator->inner = this->passive_tasks->create_enumerator(
2032 this->passive_tasks);
2033 break;
4a09d9ee 2034 case TASK_QUEUE_QUEUED:
4505e3c0
TB		 2035 enumerator->inner = this->queued_tasks->create_enumerator(
2036 this->queued_tasks);
2037 break;
4a09d9ee 2038 default:
4505e3c0
TB		 2039 enumerator->inner = enumerator_create_empty();
2040 break;
2041 }
2042 return &enumerator->public;
2043}
2044
2045METHOD(task_manager_t, remove_task, void,
2046 private_task_manager_t *this, enumerator_t *enumerator_public)
2047{
2048 task_enumerator_t *enumerator = (task_enumerator_t*)enumerator_public;
2049
2050 switch (enumerator->queue)
2051 {
2052 case TASK_QUEUE_ACTIVE:
2053 this->active_tasks->remove_at(this->active_tasks,
2054 enumerator->inner);
2055 break;
2056 case TASK_QUEUE_PASSIVE:
2057 this->passive_tasks->remove_at(this->passive_tasks,
2058 enumerator->inner);
2059 break;
2060 case TASK_QUEUE_QUEUED:
2061 this->queued_tasks->remove_at(this->queued_tasks,
2062 enumerator->inner);
2063 break;
2064 default:
2065 break;
4a09d9ee
MW		 2066 }
2067}
2068
2069METHOD(task_manager_t, destroy, void,
2070 private_task_manager_t *this)
2071{
2072 flush(this);
2073
2074 this->active_tasks->destroy(this->active_tasks);
2075 this->queued_tasks->destroy(this->queued_tasks);
2076 this->passive_tasks->destroy(this->passive_tasks);
70e0be07 2077 DESTROY_IF(this->defrag);
4a09d9ee 2078
f91b6ac7 2079 DESTROY_IF(this->queued);
127a98dc
TB		 2080 clear_packets(this->responding.packets);
2081 array_destroy(this->responding.packets);
2082 clear_packets(this->initiating.packets);
2083 array_destroy(this->initiating.packets);
73aaf76b 2084 DESTROY_IF(this->rng);
4a09d9ee
MW		 2085 free(this);
2086}
2087
2088/*
2089 * see header file
2090 */
2091task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
2092{
2093 private_task_manager_t *this;
2094
2095 INIT(this,
2096 .public = {
2097 .task_manager = {
2098 .process_message = _process_message,
2099 .queue_task = _queue_task,
208678e6 2100 .queue_task_delayed = _queue_task_delayed,
a60daa07 2101 .queue_ike = _queue_ike,
dab60d64 2102 .queue_ike_rekey = _queue_ike_rekey,
cedb412e 2103 .queue_ike_reauth = _queue_ike_reauth,
3ed148b3 2104 .queue_ike_delete = _queue_ike_delete,
873df908 2105 .queue_mobike = _queue_mobike,
fe43d9a2 2106 .queue_child = _queue_child,
463a73cc 2107 .queue_child_rekey = _queue_child_rekey,
83c5fda0 2108 .queue_child_delete = _queue_child_delete,
244d715d 2109 .queue_dpd = _queue_dpd,
4a09d9ee
MW		 2110 .initiate = _initiate,
2111 .retransmit = _retransmit,
2112 .incr_mid = _incr_mid,
05a2be82 2113 .get_mid = _get_mid,
4a09d9ee
MW		 2114 .reset = _reset,
2115 .adopt_tasks = _adopt_tasks,
2116 .busy = _busy,
2117 .create_task_enumerator = _create_task_enumerator,
4505e3c0 2118 .remove_task = _remove_task,
b1908994 2119 .flush = _flush,
a5c79960 2120 .flush_queue = _flush_queue,
4a09d9ee
MW		 2121 .destroy = _destroy,
2122 },
2123 },
dcbdc914
TB		 2124 .initiating = {
2125 .type = EXCHANGE_TYPE_UNDEFINED,
2126 },
2127 .responding = {
2128 .seqnr = RESPONDING_SEQ,
2129 },
4a09d9ee 2130 .ike_sa = ike_sa,
73aaf76b 2131 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
4a09d9ee
MW		 2132 .queued_tasks = linked_list_create(),
2133 .active_tasks = linked_list_create(),
2134 .passive_tasks = linked_list_create(),
2135 .retransmit_tries = lib->settings->get_int(lib->settings,
389e4b8e 2136 "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns),
4a09d9ee 2137 .retransmit_timeout = lib->settings->get_double(lib->settings,
389e4b8e 2138 "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns),
4a09d9ee 2139 .retransmit_base = lib->settings->get_double(lib->settings,
389e4b8e
TB		 2140 "%s.retransmit_base", RETRANSMIT_BASE, lib->ns),
2141 .retransmit_jitter = min(lib->settings->get_int(lib->settings,
2142 "%s.retransmit_jitter", 0, lib->ns), RETRANSMIT_JITTER_MAX),
2143 .retransmit_limit = lib->settings->get_int(lib->settings,
2144 "%s.retransmit_limit", 0, lib->ns) * 1000,
4a09d9ee
MW		 2145 );
2146
3fca5bd1
MW		 2147 if (!this->rng)
2148 {
2149 DBG1(DBG_IKE, "no RNG found, unable to create IKE_SA");
2150 destroy(this);
2151 return NULL;
2152 }
1bb9c51e
TB		 2153 if (!this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
2154 (void*)&this->dpd_send))
2155 {
2156 DBG1(DBG_IKE, "failed to allocate message ID, unable to create IKE_SA");
2157 destroy(this);
2158 return NULL;
2159 }
2ddd45c9 2160 this->dpd_send &= 0x7FFFFFFF;
3e6b7403 2161
72b282cf
TB		 2162 if (this->retransmit_base > 1)
2163 { /* based on 1000 * timeout * base^try */
2164 this->retransmit_tries_max = log(UINT32_MAX/
2165 (1000.0 * this->retransmit_timeout))/
2166 log(this->retransmit_base);
2167 }
4a09d9ee
MW		 2168 return &this->public;
2169}
Unnamed repository; edit this file 'description' to name the repository.