]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libcharon/sa/ikev1/task_manager_v1.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'proposal-checks'
[thirdparty/strongswan.git] / src / libcharon / sa / ikev1 / task_manager_v1.c
CommitLineData
4a09d9ee 1/*
1b4e7fe1 2 * Copyright (C) 2007-2016 Tobias Brunner
68c6863b 3 * Copyright (C) 2007-2011 Martin Willi
208678e6 4 * HSR Hochschule fuer Technik Rapperswil
4a09d9ee
MW		 5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17#include "task_manager_v1.h"
18
da063ec9
MW		 19#include <math.h>
20
4a09d9ee 21#include <daemon.h>
15a682f4 22#include <sa/ikev1/tasks/main_mode.h>
830ab2ae 23#include <sa/ikev1/tasks/aggressive_mode.h>
15a682f4 24#include <sa/ikev1/tasks/quick_mode.h>
83c5fda0 25#include <sa/ikev1/tasks/quick_delete.h>
15a682f4
MW		 26#include <sa/ikev1/tasks/xauth.h>
27#include <sa/ikev1/tasks/mode_config.h>
28#include <sa/ikev1/tasks/informational.h>
29#include <sa/ikev1/tasks/isakmp_natd.h>
30#include <sa/ikev1/tasks/isakmp_vendor.h>
31#include <sa/ikev1/tasks/isakmp_cert_pre.h>
32#include <sa/ikev1/tasks/isakmp_cert_post.h>
3ed148b3 33#include <sa/ikev1/tasks/isakmp_delete.h>
3e6b7403
CO		 34#include <sa/ikev1/tasks/isakmp_dpd.h>
35
da063ec9 36#include <processing/jobs/retransmit_job.h>
68c6863b 37#include <processing/jobs/delete_ike_sa_job.h>
4b38c22c 38#include <processing/jobs/dpd_timeout_job.h>
30216000
TB		 39#include <processing/jobs/process_message_job.h>
40
127a98dc 41#include <collections/array.h>
4a09d9ee 42
fce566a8
MW		 43/**
44 * Number of old messages hashes we keep for retransmission.
45 *
46 * In Main Mode, we must ignore messages from a previous message pair if
47 * we already continued to the next. Otherwise a late retransmission
48 * could be considered as a reply to the newer request.
49 */
50#define MAX_OLD_HASHES 2
51
f5a84055
MW		 52/**
53 * First sequence number of responding packets.
54 *
55 * To distinguish retransmission jobs for initiating and responding packets,
56 * we split up the sequence counter and use the upper half for responding.
57 */
58#define RESPONDING_SEQ INT_MAX
59
4a09d9ee
MW		 60typedef struct exchange_t exchange_t;
61
62/**
63 * An exchange in the air, used do detect and handle retransmission
64 */
65struct exchange_t {
66
67 /**
68 * Message ID used for this transaction
69 */
b12c53ce 70 uint32_t mid;
4a09d9ee
MW		 71
72 /**
73 * generated packet for retransmission
74 */
75 packet_t *packet;
76};
77
78typedef struct private_task_manager_t private_task_manager_t;
79
80/**
81 * private data of the task manager
82 */
83struct private_task_manager_t {
84
85 /**
86 * public functions
87 */
88 task_manager_v1_t public;
89
90 /**
91 * associated IKE_SA we are serving
92 */
93 ike_sa_t *ike_sa;
94
73aaf76b
MW		 95 /**
96 * RNG to create message IDs
97 */
98 rng_t *rng;
99
4a09d9ee
MW		 100 /**
101 * Exchange we are currently handling as responder
102 */
103 struct {
f5a84055
MW		 104 /**
105 * Message ID of the last response
106 */
b12c53ce 107 uint32_t mid;
f5a84055 108
9cc8bd4f
MW		 109 /**
110 * Hash of a previously received message
111 */
b12c53ce 112 uint32_t hash;
9cc8bd4f 113
4a09d9ee 114 /**
127a98dc 115 * packet(s) for retransmission
4a09d9ee 116 */
127a98dc 117 array_t *packets;
4a09d9ee 118
f5a84055
MW		 119 /**
120 * Sequence number of the last sent message
121 */
b12c53ce 122 uint32_t seqnr;
f5a84055
MW		 123
124 /**
125 * how many times we have retransmitted so far
126 */
127 u_int retransmitted;
128
4a09d9ee
MW		 129 } responding;
130
131 /**
132 * Exchange we are currently handling as initiator
133 */
134 struct {
135 /**
136 * Message ID of the exchange
137 */
b12c53ce 138 uint32_t mid;
4a09d9ee 139
fce566a8
MW		 140 /**
141 * Hashes of old responses we can ignore
142 */
b12c53ce 143 uint32_t old_hashes[MAX_OLD_HASHES];
fce566a8
MW		 144
145 /**
146 * Position in old hash array
147 */
148 int old_hash_pos;
149
9cc8bd4f 150 /**
751bd02e 151 * Sequence number of the last sent message
9cc8bd4f 152 */
b12c53ce 153 uint32_t seqnr;
9cc8bd4f 154
4a09d9ee
MW		 155 /**
156 * how many times we have retransmitted so far
157 */
158 u_int retransmitted;
159
160 /**
127a98dc 161 * packet(s) for retransmission
4a09d9ee 162 */
127a98dc 163 array_t *packets;
4a09d9ee
MW		 164
165 /**
30216000 166 * type of the initiated exchange
4a09d9ee
MW		 167 */
168 exchange_type_t type;
169
170 } initiating;
171
30216000 172 /**
70e0be07 173 * Message we are currently defragmenting, if any (only one at a time)
30216000 174 */
70e0be07 175 message_t *defrag;
30216000 176
4a09d9ee
MW		 177 /**
178 * List of queued tasks not yet in action
179 */
180 linked_list_t *queued_tasks;
181
182 /**
30216000 183 * List of active tasks, initiated by ourselves
4a09d9ee
MW		 184 */
185 linked_list_t *active_tasks;
186
187 /**
188 * List of tasks initiated by peer
189 */
190 linked_list_t *passive_tasks;
191
f91b6ac7
MW		 192 /**
193 * Queued messages not yet ready to process
194 */
195 message_t *queued;
196
4a09d9ee
MW		 197 /**
198 * Number of times we retransmit messages before giving up
199 */
200 u_int retransmit_tries;
201
202 /**
203 * Retransmission timeout
204 */
205 double retransmit_timeout;
206
207 /**
208 * Base to calculate retransmission timeout
209 */
210 double retransmit_base;
3e6b7403
CO		 211
212 /**
213 * Sequence number for sending DPD requests
214 */
b12c53ce 215 uint32_t dpd_send;
3e6b7403
CO		 216
217 /**
218 * Sequence number for received DPD requests
219 */
b12c53ce 220 uint32_t dpd_recv;
4a09d9ee
MW		 221};
222
127a98dc
TB		 223/**
224 * Reset retransmission packet list
225 */
226static void clear_packets(array_t *array)
227{
228 packet_t *packet;
229
230 while (array_remove(array, ARRAY_TAIL, &packet))
231 {
232 packet->destroy(packet);
233 }
234}
235
a5c79960
MW		 236METHOD(task_manager_t, flush_queue, void,
237 private_task_manager_t *this, task_queue_t queue)
0f61964e 238{
a5c79960 239 linked_list_t *list;
0f61964e
MW		 240 task_t *task;
241
429d95fe
MW		 242 if (this->queued)
243 {
244 this->queued->destroy(this->queued);
245 this->queued = NULL;
246 }
a5c79960
MW		 247 switch (queue)
248 {
249 case TASK_QUEUE_ACTIVE:
250 list = this->active_tasks;
17949695
MW		 251 /* cancel pending retransmits */
252 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
127a98dc 253 clear_packets(this->initiating.packets);
a5c79960
MW		 254 break;
255 case TASK_QUEUE_PASSIVE:
256 list = this->passive_tasks;
257 break;
258 case TASK_QUEUE_QUEUED:
259 list = this->queued_tasks;
260 break;
261 default:
262 return;
263 }
0f61964e
MW		 264 while (list->remove_last(list, (void**)&task) == SUCCESS)
265 {
266 task->destroy(task);
267 }
268}
269
b1908994
TE		 270METHOD(task_manager_t, flush, void,
271 private_task_manager_t *this)
4a09d9ee 272{
a5c79960
MW		 273 flush_queue(this, TASK_QUEUE_QUEUED);
274 flush_queue(this, TASK_QUEUE_PASSIVE);
275 flush_queue(this, TASK_QUEUE_ACTIVE);
4a09d9ee
MW		 276}
277
26b55dc6
MW		 278/**
279 * move a task of a specific type from the queue to the active list
280 */
281static bool activate_task(private_task_manager_t *this, task_type_t type)
282{
283 enumerator_t *enumerator;
284 task_t *task;
285 bool found = FALSE;
286
287 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
288 while (enumerator->enumerate(enumerator, (void**)&task))
289 {
290 if (task->get_type(task) == type)
291 {
292 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
293 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
294 this->active_tasks->insert_last(this->active_tasks, task);
295 found = TRUE;
296 break;
297 }
298 }
299 enumerator->destroy(enumerator);
300 return found;
301}
302
5cafefcd 303/**
127a98dc 304 * Send packets in the given array (they get cloned)
5cafefcd 305 */
127a98dc 306static void send_packets(private_task_manager_t *this, array_t *packets)
5cafefcd 307{
127a98dc 308 enumerator_t *enumerator;
5cafefcd 309 packet_t *packet;
5cafefcd 310
127a98dc
TB		 311 enumerator = array_create_enumerator(packets);
312 while (enumerator->enumerate(enumerator, &packet))
5cafefcd 313 {
127a98dc 314 charon->sender->send(charon->sender, packet->clone(packet));
5cafefcd 315 }
127a98dc 316 enumerator->destroy(enumerator);
5cafefcd
TB		 317}
318
319/**
127a98dc 320 * Generates the given message and stores packet(s) in the given array
5cafefcd 321 */
127a98dc
TB		 322static bool generate_message(private_task_manager_t *this, message_t *message,
323 array_t **packets)
5cafefcd 324{
127a98dc 325 enumerator_t *fragments;
40bab9a1 326 packet_t *fragment;
127a98dc 327
40bab9a1
TB		 328 if (this->ike_sa->generate_message_fragmented(this->ike_sa, message,
329 &fragments) != SUCCESS)
127a98dc 330 {
127a98dc
TB		 331 return FALSE;
332 }
40bab9a1 333 while (fragments->enumerate(fragments, &fragment))
127a98dc 334 {
40bab9a1 335 array_insert_create(packets, ARRAY_TAIL, fragment);
5cafefcd 336 }
127a98dc 337 fragments->destroy(fragments);
40bab9a1 338 return TRUE;
5cafefcd
TB		 339}
340
f5a84055 341/**
127a98dc 342 * Retransmit a packet (or its fragments)
f5a84055 343 */
b12c53ce 344static status_t retransmit_packet(private_task_manager_t *this, uint32_t seqnr,
127a98dc 345 u_int mid, u_int retransmitted, array_t *packets)
23f4e4b4 346{
127a98dc 347 packet_t *packet;
b12c53ce 348 uint32_t t;
23f4e4b4 349
127a98dc 350 array_get(packets, 0, &packet);
f5a84055
MW		 351 if (retransmitted > this->retransmit_tries)
352 {
353 DBG1(DBG_IKE, "giving up after %u retransmits", retransmitted - 1);
3c79b7b7 354 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, packet);
f5a84055
MW		 355 return DESTROY_ME;
356 }
b12c53ce 357 t = (uint32_t)(this->retransmit_timeout * 1000.0 *
f5a84055
MW		 358 pow(this->retransmit_base, retransmitted));
359 if (retransmitted)
360 {
361 DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u",
362 retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response",
363 mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ);
9da65eae
TE		 364 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet,
365 retransmitted);
f5a84055 366 }
127a98dc 367 send_packets(this, packets);
f5a84055
MW		 368 lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)
369 retransmit_job_create(seqnr, this->ike_sa->get_id(this->ike_sa)), t);
370 return NEED_MORE;
371}
372
373METHOD(task_manager_t, retransmit, status_t,
b12c53ce 374 private_task_manager_t *this, uint32_t seqnr)
f5a84055
MW		 375{
376 status_t status = SUCCESS;
377
127a98dc
TB		 378 if (seqnr == this->initiating.seqnr &&
379 array_count(this->initiating.packets))
f5a84055 380 {
127a98dc
TB		 381 status = retransmit_packet(this, seqnr, this->initiating.mid,
382 this->initiating.retransmitted, this->initiating.packets);
f5a84055 383 if (status == NEED_MORE)
23f4e4b4 384 {
f5a84055
MW		 385 this->initiating.retransmitted++;
386 status = SUCCESS;
23f4e4b4 387 }
f5a84055 388 }
127a98dc
TB		 389 if (seqnr == this->responding.seqnr &&
390 array_count(this->responding.packets))
f5a84055 391 {
127a98dc
TB		 392 status = retransmit_packet(this, seqnr, this->responding.mid,
393 this->responding.retransmitted, this->responding.packets);
f5a84055 394 if (status == NEED_MORE)
23f4e4b4 395 {
f5a84055
MW		 396 this->responding.retransmitted++;
397 status = SUCCESS;
23f4e4b4 398 }
23f4e4b4 399 }
f5a84055 400 return status;
23f4e4b4
CO		 401}
402
27137790
MW		 403/**
404 * Check if we have to wait for a mode config before starting a quick mode
405 */
406static bool mode_config_expected(private_task_manager_t *this)
407{
101d26ba 408 enumerator_t *enumerator;
27137790 409 peer_cfg_t *peer_cfg;
497ce2cf 410 char *pool;
e3311e9b 411 bool local;
101d26ba 412 host_t *host;
27137790
MW		 413
414 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
497ce2cf 415 if (peer_cfg)
27137790 416 {
e3311e9b
MW		 417 if (peer_cfg->use_pull_mode(peer_cfg))
418 {
419 enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
420 if (!enumerator->enumerate(enumerator, &pool))
421 { /* no pool configured */
422 enumerator->destroy(enumerator);
423 return FALSE;
424 }
497ce2cf 425 enumerator->destroy(enumerator);
e3311e9b
MW		 426
427 local = FALSE;
497ce2cf 428 }
e3311e9b
MW		 429 else
430 {
431 enumerator = peer_cfg->create_virtual_ip_enumerator(peer_cfg);
432 if (!enumerator->enumerate(enumerator, &host))
433 { /* not requesting a vip */
434 enumerator->destroy(enumerator);
435 return FALSE;
436 }
437 enumerator->destroy(enumerator);
497ce2cf 438
e3311e9b
MW		 439 local = TRUE;
440 }
101d26ba 441 enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa,
e3311e9b 442 local);
101d26ba 443 if (!enumerator->enumerate(enumerator, &host))
e3311e9b 444 { /* expecting a VIP exchange, but no VIP assigned yet */
101d26ba 445 enumerator->destroy(enumerator);
27137790
MW		 446 return TRUE;
447 }
101d26ba 448 enumerator->destroy(enumerator);
27137790
MW		 449 }
450 return FALSE;
451}
452
4a09d9ee
MW		 453METHOD(task_manager_t, initiate, status_t,
454 private_task_manager_t *this)
455{
26b55dc6
MW		 456 enumerator_t *enumerator;
457 task_t *task;
458 message_t *message;
459 host_t *me, *other;
73aaf76b 460 exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
7ce504e1 461 bool new_mid = FALSE, expect_response = FALSE, cancelled = FALSE, keep = FALSE;
73aaf76b 462
477559ca
MW		 463 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED &&
464 this->initiating.type != INFORMATIONAL_V1)
26b55dc6
MW		 465 {
466 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
467 exchange_type_names, this->initiating.type);
468 /* do not initiate if we already have a message in the air */
469 return SUCCESS;
470 }
471
472 if (this->active_tasks->get_count(this->active_tasks) == 0)
473 {
474 DBG2(DBG_IKE, "activating new tasks");
475 switch (this->ike_sa->get_state(this->ike_sa))
476 {
477 case IKE_CREATED:
2e3c9f87 478 activate_task(this, TASK_ISAKMP_VENDOR);
824dc0ad 479 activate_task(this, TASK_ISAKMP_CERT_PRE);
a09972df 480 if (activate_task(this, TASK_MAIN_MODE))
26b55dc6
MW		 481 {
482 exchange = ID_PROT;
483 }
830ab2ae
MW		 484 else if (activate_task(this, TASK_AGGRESSIVE_MODE))
485 {
486 exchange = AGGRESSIVE;
487 }
488 activate_task(this, TASK_ISAKMP_CERT_POST);
489 activate_task(this, TASK_ISAKMP_NATD);
26b55dc6 490 break;
c5dc9d33 491 case IKE_CONNECTING:
429d95fe
MW		 492 if (activate_task(this, TASK_ISAKMP_DELETE))
493 {
494 exchange = INFORMATIONAL_V1;
495 new_mid = TRUE;
496 break;
497 }
69adeb5b 498 if (activate_task(this, TASK_XAUTH))
744c0801 499 {
c5dc9d33 500 exchange = TRANSACTION;
3e246c48 501 new_mid = TRUE;
429d95fe 502 break;
744c0801 503 }
accf4612
MW		 504 if (activate_task(this, TASK_INFORMATIONAL))
505 {
506 exchange = INFORMATIONAL_V1;
507 new_mid = TRUE;
429d95fe 508 break;
accf4612 509 }
c5dc9d33
CO		 510 break;
511 case IKE_ESTABLISHED:
156b8662
MW		 512 if (activate_task(this, TASK_MODE_CONFIG))
513 {
514 exchange = TRANSACTION;
515 new_mid = TRUE;
516 break;
517 }
2e06179f 518 if (activate_task(this, TASK_QUICK_DELETE))
23f4e4b4 519 {
612fe541 520 exchange = INFORMATIONAL_V1;
3e246c48
MW		 521 new_mid = TRUE;
522 break;
23f4e4b4 523 }
2e06179f 524 if (activate_task(this, TASK_ISAKMP_DELETE))
accf4612
MW		 525 {
526 exchange = INFORMATIONAL_V1;
527 new_mid = TRUE;
429d95fe 528 break;
accf4612 529 }
612fe541
TB		 530 if (!mode_config_expected(this) &&
531 activate_task(this, TASK_QUICK_MODE))
8ef2bae4 532 {
612fe541 533 exchange = QUICK_MODE;
8ef2bae4 534 new_mid = TRUE;
429d95fe 535 break;
8ef2bae4 536 }
612fe541 537 if (activate_task(this, TASK_INFORMATIONAL))
8ef2bae4
MW		 538 {
539 exchange = INFORMATIONAL_V1;
540 new_mid = TRUE;
429d95fe 541 break;
8ef2bae4 542 }
3e6b7403
CO		 543 if (activate_task(this, TASK_ISAKMP_DPD))
544 {
545 exchange = INFORMATIONAL_V1;
546 new_mid = TRUE;
547 break;
548 }
744c0801 549 break;
b56b8502
TB		 550 case IKE_REKEYING:
551 if (activate_task(this, TASK_ISAKMP_DELETE))
552 {
553 exchange = INFORMATIONAL_V1;
554 new_mid = TRUE;
555 break;
556 }
557 break;
26b55dc6
MW		 558 default:
559 break;
560 }
561 }
562 else
563 {
564 DBG2(DBG_IKE, "reinitiating already active tasks");
565 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
566 while (enumerator->enumerate(enumerator, (void**)&task))
567 {
568 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
569 switch (task->get_type(task))
570 {
a09972df 571 case TASK_MAIN_MODE:
26b55dc6
MW		 572 exchange = ID_PROT;
573 break;
830ab2ae
MW		 574 case TASK_AGGRESSIVE_MODE:
575 exchange = AGGRESSIVE;
576 break;
744c0801
MW		 577 case TASK_QUICK_MODE:
578 exchange = QUICK_MODE;
579 break;
69adeb5b 580 case TASK_XAUTH:
52ac2ceb
CO		 581 exchange = TRANSACTION;
582 new_mid = TRUE;
583 break;
26b55dc6
MW		 584 default:
585 continue;
586 }
587 break;
588 }
589 enumerator->destroy(enumerator);
590 }
591
73aaf76b 592 if (exchange == EXCHANGE_TYPE_UNDEFINED)
26b55dc6
MW		 593 {
594 DBG2(DBG_IKE, "nothing to initiate");
595 /* nothing to do yet... */
596 return SUCCESS;
597 }
598
599 me = this->ike_sa->get_my_host(this->ike_sa);
600 other = this->ike_sa->get_other_host(this->ike_sa);
601
3e246c48 602 if (new_mid)
26b55dc6 603 {
1bb9c51e
TB		 604 if (!this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
605 (void*)&this->initiating.mid))
606 {
607 DBG1(DBG_IKE, "failed to allocate message ID, destroying IKE_SA");
608 flush(this);
609 return DESTROY_ME;
610 }
26b55dc6 611 }
1bb9c51e 612 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
3e246c48 613 message->set_message_id(message, this->initiating.mid);
26b55dc6
MW		 614 message->set_source(message, me->clone(me));
615 message->set_destination(message, other->clone(other));
616 message->set_exchange_type(message, exchange);
617 this->initiating.type = exchange;
618 this->initiating.retransmitted = 0;
619
620 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
621 while (enumerator->enumerate(enumerator, (void*)&task))
622 {
623 switch (task->build(task, message))
624 {
625 case SUCCESS:
626 /* task completed, remove it */
627 this->active_tasks->remove_at(this->active_tasks, enumerator);
182d55b2
MW		 628 if (task->get_type(task) == TASK_AGGRESSIVE_MODE ||
629 task->get_type(task) == TASK_QUICK_MODE)
1b82eb23
MW		 630 { /* last message of three message exchange */
631 keep = TRUE;
632 }
26b55dc6 633 task->destroy(task);
590ca1d4 634 continue;
26b55dc6 635 case NEED_MORE:
751bd02e 636 expect_response = TRUE;
26b55dc6 637 /* processed, but task needs another exchange */
590ca1d4
MW		 638 continue;
639 case ALREADY_DONE:
7ce504e1 640 cancelled = TRUE;
26b55dc6
MW		 641 break;
642 case FAILED:
643 default:
644 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
645 {
646 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
647 }
648 /* FALL */
649 case DESTROY_ME:
650 /* critical failure, destroy IKE_SA */
651 enumerator->destroy(enumerator);
652 message->destroy(message);
653 flush(this);
654 return DESTROY_ME;
655 }
590ca1d4 656 break;
26b55dc6
MW		 657 }
658 enumerator->destroy(enumerator);
659
1b82eb23
MW		 660 if (this->active_tasks->get_count(this->active_tasks) == 0 &&
661 (exchange == QUICK_MODE || exchange == AGGRESSIVE))
41fbde45
MW		 662 { /* tasks completed, no exchange active anymore */
663 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
664 }
7ce504e1 665 if (cancelled)
b64d6423
MW		 666 {
667 message->destroy(message);
668 return initiate(this);
669 }
26b55dc6 670
127a98dc
TB		 671 clear_packets(this->initiating.packets);
672 if (!generate_message(this, message, &this->initiating.packets))
26b55dc6
MW		 673 {
674 /* message generation failed. There is nothing more to do than to
675 * close the SA */
676 message->destroy(message);
677 flush(this);
678 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
679 return DESTROY_ME;
680 }
26b55dc6 681
f5a84055 682 this->initiating.seqnr++;
3babde90 683 if (expect_response)
751bd02e 684 {
f5a84055 685 message->destroy(message);
751bd02e
CO		 686 return retransmit(this, this->initiating.seqnr);
687 }
1b82eb23
MW		 688 if (keep)
689 { /* keep the packet for retransmission, the responder might request it */
127a98dc 690 send_packets(this, this->initiating.packets);
f5a84055
MW		 691 }
692 else
693 {
127a98dc
TB		 694 send_packets(this, this->initiating.packets);
695 clear_packets(this->initiating.packets);
f5a84055
MW		 696 }
697 message->destroy(message);
46505067 698
07095794 699 if (exchange == INFORMATIONAL_V1)
46505067 700 {
07095794
MW		 701 switch (this->ike_sa->get_state(this->ike_sa))
702 {
703 case IKE_CONNECTING:
704 /* close after sending an INFORMATIONAL when unestablished */
705 return FAILED;
706 case IKE_DELETING:
707 /* close after sending a DELETE */
708 return DESTROY_ME;
709 default:
710 break;
711 }
46505067 712 }
daee47ba 713 return initiate(this);
4a09d9ee
MW		 714}
715
4a09d9ee
MW		 716/**
717 * build a response depending on the "passive" task list
718 */
719static status_t build_response(private_task_manager_t *this, message_t *request)
720{
721 enumerator_t *enumerator;
722 task_t *task;
723 message_t *message;
724 host_t *me, *other;
7ce504e1 725 bool delete = FALSE, cancelled = FALSE, expect_request = FALSE;
4a09d9ee
MW		 726
727 me = request->get_destination(request);
728 other = request->get_source(request);
729
730 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
731 message->set_exchange_type(message, request->get_exchange_type(request));
732 /* send response along the path the request came in */
733 message->set_source(message, me->clone(me));
734 message->set_destination(message, other->clone(other));
1b82eb23 735 message->set_message_id(message, request->get_message_id(request));
4a09d9ee
MW		 736 message->set_request(message, FALSE);
737
f5a84055
MW		 738 this->responding.mid = request->get_message_id(request);
739 this->responding.retransmitted = 0;
740 this->responding.seqnr++;
741
4a09d9ee
MW		 742 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
743 while (enumerator->enumerate(enumerator, (void*)&task))
744 {
745 switch (task->build(task, message))
746 {
747 case SUCCESS:
748 /* task completed, remove it */
749 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
f5a84055 750 task->destroy(task);
590ca1d4 751 continue;
4a09d9ee
MW		 752 case NEED_MORE:
753 /* processed, but task needs another exchange */
346dad30
MW		 754 if (task->get_type(task) == TASK_QUICK_MODE ||
755 task->get_type(task) == TASK_AGGRESSIVE_MODE)
f5a84055
MW		 756 { /* we rely on initiator retransmission, except for
757 * three-message exchanges */
758 expect_request = TRUE;
4a09d9ee 759 }
590ca1d4
MW		 760 continue;
761 case ALREADY_DONE:
7ce504e1 762 cancelled = TRUE;
4a09d9ee 763 break;
37a22a16
TB		 764 case INVALID_ARG:
765 if (task->get_type(task) == TASK_QUICK_MODE)
766 { /* not responsible for this exchange */
767 continue;
768 }
769 /* FALL */
4a09d9ee
MW		 770 case FAILED:
771 default:
772 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
773 /* FALL */
774 case DESTROY_ME:
775 /* destroy IKE_SA, but SEND response first */
776 delete = TRUE;
777 break;
778 }
590ca1d4 779 break;
4a09d9ee
MW		 780 }
781 enumerator->destroy(enumerator);
782
127a98dc 783 clear_packets(this->responding.packets);
7ce504e1 784 if (cancelled)
b64d6423
MW		 785 {
786 message->destroy(message);
787 return initiate(this);
788 }
127a98dc 789 if (!generate_message(this, message, &this->responding.packets))
4a09d9ee 790 {
127a98dc 791 message->destroy(message);
4a09d9ee
MW		 792 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
793 return DESTROY_ME;
794 }
127a98dc 795 message->destroy(message);
4a09d9ee 796
f5a84055
MW		 797 if (expect_request && !delete)
798 {
799 return retransmit(this, this->responding.seqnr);
800 }
127a98dc 801 send_packets(this, this->responding.packets);
4a09d9ee
MW		 802 if (delete)
803 {
804 return DESTROY_ME;
805 }
806 return SUCCESS;
807}
808
fbbd439b
CO		 809/**
810 * Send a notify in a separate INFORMATIONAL exchange back to the sender.
e647c98a 811 * The notify protocol_id is set to ISAKMP
fbbd439b 812 */
b4705269
MW		 813static void send_notify(private_task_manager_t *this, message_t *request,
814 notify_type_t type)
fbbd439b
CO		 815{
816 message_t *response;
127a98dc 817 array_t *packets = NULL;
fbbd439b 818 host_t *me, *other;
b12c53ce 819 uint32_t mid;
fbbd439b 820
3973ffa4 821 if (request->get_exchange_type(request) == INFORMATIONAL_V1)
fbbd439b
CO		 822 { /* don't respond to INFORMATIONAL requests to avoid a notify war */
823 DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
824 return;
825 }
1bb9c51e
TB		 826 if (!this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid))
827 {
828 DBG1(DBG_IKE, "failed to allocate message ID");
829 return;
830 }
fbbd439b
CO		 831 response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
832 response->set_exchange_type(response, INFORMATIONAL_V1);
833 response->set_request(response, TRUE);
fbbd439b 834 response->set_message_id(response, mid);
b4705269 835 response->add_payload(response, (payload_t*)
3ecfc83c 836 notify_payload_create_from_protocol_and_type(PLV1_NOTIFY,
b4705269 837 PROTO_IKE, type));
fbbd439b
CO		 838
839 me = this->ike_sa->get_my_host(this->ike_sa);
840 if (me->is_anyaddr(me))
841 {
842 me = request->get_destination(request);
843 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
844 }
845 other = this->ike_sa->get_other_host(this->ike_sa);
846 if (other->is_anyaddr(other))
847 {
848 other = request->get_source(request);
849 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
850 }
851 response->set_source(response, me->clone(me));
852 response->set_destination(response, other->clone(other));
127a98dc 853 if (generate_message(this, response, &packets))
fbbd439b 854 {
127a98dc 855 send_packets(this, packets);
fbbd439b 856 }
127a98dc
TB		 857 clear_packets(packets);
858 array_destroy(packets);
fbbd439b
CO		 859 response->destroy(response);
860}
861
24742c0f
MW		 862/**
863 * Process a DPD request/response
864 */
865static bool process_dpd(private_task_manager_t *this, message_t *message)
866{
867 notify_payload_t *notify;
868 notify_type_t type;
b12c53ce 869 uint32_t seq;
24742c0f
MW		 870 chunk_t data;
871
872 type = DPD_R_U_THERE;
873 notify = message->get_notify(message, type);
874 if (!notify)
875 {
876 type = DPD_R_U_THERE_ACK;
877 notify = message->get_notify(message, type);
878 }
879 if (!notify)
880 {
881 return FALSE;
882 }
883 data = notify->get_notification_data(notify);
884 if (data.len != 4)
885 {
886 return FALSE;
887 }
888 seq = untoh32(data.ptr);
889
890 if (type == DPD_R_U_THERE)
891 {
892 if (this->dpd_recv == 0 || seq == this->dpd_recv)
893 { /* check sequence validity */
894 this->dpd_recv = seq + 1;
895 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
896 time_monotonic(NULL));
897 }
898 /* but respond anyway */
899 this->ike_sa->queue_task(this->ike_sa,
900 &isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE_ACK, seq)->task);
901 }
902 else /* DPD_R_U_THERE_ACK */
903 {
904 if (seq == this->dpd_send - 1)
905 {
906 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
907 time_monotonic(NULL));
908 }
909 else
910 {
911 DBG1(DBG_IKE, "received invalid DPD sequence number %u "
912 "(expected %u), ignored", seq, this->dpd_send - 1);
913 }
914 }
915 return TRUE;
916}
917
4de361d9
TB		 918/**
919 * Check if we already have a quick mode task queued for the exchange with the
920 * given message ID
921 */
b12c53ce 922static bool have_quick_mode_task(private_task_manager_t *this, uint32_t mid)
4de361d9
TB		 923{
924 enumerator_t *enumerator;
925 quick_mode_t *qm;
926 task_t *task;
927 bool found = FALSE;
928
929 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
930 while (enumerator->enumerate(enumerator, &task))
931 {
932 if (task->get_type(task) == TASK_QUICK_MODE)
933 {
934 qm = (quick_mode_t*)task;
935 if (qm->get_mid(qm) == mid)
936 {
937 found = TRUE;
938 break;
939 }
940 }
941 }
942 enumerator->destroy(enumerator);
943 return found;
944}
945
b0b0c913 946/**
1b4e7fe1 947 * Check if we still have a specific task queued
b0b0c913 948 */
1b4e7fe1 949static bool have_task_queued(private_task_manager_t *this, task_type_t type)
b0b0c913
TB		 950{
951 enumerator_t *enumerator;
952 task_t *task;
953 bool found = FALSE;
954
955 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
956 while (enumerator->enumerate(enumerator, &task))
957 {
1b4e7fe1 958 if (task->get_type(task) == type)
b0b0c913
TB		 959 {
960 found = TRUE;
961 break;
962 }
963 }
964 enumerator->destroy(enumerator);
965 return found;
966}
967
4a09d9ee
MW		 968/**
969 * handle an incoming request message
970 */
971static status_t process_request(private_task_manager_t *this,
972 message_t *message)
973{
974 enumerator_t *enumerator;
975 task_t *task = NULL;
ff6b084a 976 bool send_response = FALSE, dpd = FALSE;
4a09d9ee 977
9276f712 978 if (message->get_exchange_type(message) == INFORMATIONAL_V1 ||
4de361d9 979 message->get_exchange_type(message) == QUICK_MODE ||
9276f712 980 this->passive_tasks->get_count(this->passive_tasks) == 0)
4a09d9ee
MW		 981 { /* create tasks depending on request type, if not already some queued */
982 switch (message->get_exchange_type(message))
983 {
984 case ID_PROT:
2e3c9f87 985 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
01685247 986 this->passive_tasks->insert_last(this->passive_tasks, task);
824dc0ad 987 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
8ad5cd1f 988 this->passive_tasks->insert_last(this->passive_tasks, task);
c73c832c
MW		 989 task = (task_t *)main_mode_create(this->ike_sa, FALSE);
990 this->passive_tasks->insert_last(this->passive_tasks, task);
0aa2af5e 991 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
c64a4b4f 992 this->passive_tasks->insert_last(this->passive_tasks, task);
79d6fc7f 993 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
1cc4ec46 994 this->passive_tasks->insert_last(this->passive_tasks, task);
4a09d9ee
MW		 995 break;
996 case AGGRESSIVE:
830ab2ae
MW		 997 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
998 this->passive_tasks->insert_last(this->passive_tasks, task);
999 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
1000 this->passive_tasks->insert_last(this->passive_tasks, task);
1001 task = (task_t *)aggressive_mode_create(this->ike_sa, FALSE);
1002 this->passive_tasks->insert_last(this->passive_tasks, task);
1003 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
1004 this->passive_tasks->insert_last(this->passive_tasks, task);
1005 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
1006 this->passive_tasks->insert_last(this->passive_tasks, task);
1007 break;
4a09d9ee 1008 case QUICK_MODE:
a22b9e4f
MW		 1009 if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
1010 {
1011 DBG1(DBG_IKE, "received quick mode request for "
1012 "unestablished IKE_SA, ignored");
1013 return FAILED;
1014 }
4de361d9
TB		 1015 if (have_quick_mode_task(this, message->get_message_id(message)))
1016 {
1017 break;
1018 }
744c0801
MW		 1019 task = (task_t *)quick_mode_create(this->ike_sa, NULL,
1020 NULL, NULL);
1021 this->passive_tasks->insert_last(this->passive_tasks, task);
1022 break;
4a09d9ee 1023 case INFORMATIONAL_V1:
24742c0f 1024 if (process_dpd(this, message))
2ddd45c9 1025 {
ff6b084a 1026 dpd = TRUE;
2ddd45c9
MW		 1027 }
1028 else
1029 {
1030 task = (task_t *)informational_create(this->ike_sa, NULL);
24742c0f 1031 this->passive_tasks->insert_first(this->passive_tasks, task);
2ddd45c9 1032 }
07abb470 1033 break;
c5dc9d33 1034 case TRANSACTION:
764035d5 1035 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
156b8662 1036 {
e3311e9b
MW		 1037 task = (task_t *)mode_config_create(this->ike_sa,
1038 FALSE, TRUE);
156b8662
MW		 1039 }
1040 else
1041 {
1042 task = (task_t *)xauth_create(this->ike_sa, FALSE);
1043 }
c5dc9d33
CO		 1044 this->passive_tasks->insert_last(this->passive_tasks, task);
1045 break;
4a09d9ee
MW		 1046 default:
1047 return FAILED;
1048 }
1049 }
24742c0f 1050 if (dpd)
ff6b084a 1051 {
24742c0f 1052 return initiate(this);
ff6b084a 1053 }
24742c0f
MW		 1054 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND, time_monotonic(NULL));
1055
4a09d9ee
MW		 1056 /* let the tasks process the message */
1057 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
1058 while (enumerator->enumerate(enumerator, (void*)&task))
1059 {
1060 switch (task->process(task, message))
1061 {
1062 case SUCCESS:
1063 /* task completed, remove it */
1064 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
1065 task->destroy(task);
590ca1d4 1066 continue;
4a09d9ee
MW		 1067 case NEED_MORE:
1068 /* processed, but task needs at least another call to build() */
8cb6f4f9 1069 send_response = TRUE;
590ca1d4
MW		 1070 continue;
1071 case ALREADY_DONE:
1072 send_response = FALSE;
4a09d9ee 1073 break;
37a22a16
TB		 1074 case INVALID_ARG:
1075 if (task->get_type(task) == TASK_QUICK_MODE)
1076 { /* not responsible for this exchange */
1077 continue;
1078 }
1079 /* FALL */
4a09d9ee
MW		 1080 case FAILED:
1081 default:
1082 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1083 /* FALL */
1084 case DESTROY_ME:
1085 /* critical failure, destroy IKE_SA */
1086 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
1087 enumerator->destroy(enumerator);
1088 task->destroy(task);
1089 return DESTROY_ME;
1090 }
590ca1d4 1091 break;
4a09d9ee
MW		 1092 }
1093 enumerator->destroy(enumerator);
1094
8cb6f4f9
TB		 1095 if (send_response)
1096 {
69adeb5b
MW		 1097 if (build_response(this, message) != SUCCESS)
1098 {
1099 return DESTROY_ME;
1100 }
1101 }
7b34de45
MW		 1102 else
1103 { /* We don't send a response, so don't retransmit one if we get
1104 * the same message again. */
127a98dc 1105 clear_packets(this->responding.packets);
7b34de45 1106 }
25863fe1
TB		 1107 if (this->queued &&
1108 this->queued->get_exchange_type(this->queued) == INFORMATIONAL_V1)
1109 {
1110 message_t *queued;
1111 status_t status;
1112
1113 queued = this->queued;
1114 this->queued = NULL;
1115 status = this->public.task_manager.process_message(
1116 &this->public.task_manager, queued);
1117 queued->destroy(queued);
1118 if (status == DESTROY_ME)
1119 {
1120 return status;
1121 }
1122 }
69adeb5b
MW		 1123 if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
1124 this->queued_tasks->get_count(this->queued_tasks) > 0)
1125 {
1126 /* passive tasks completed, check if an active task has been queued,
1127 * such as XAUTH or modeconfig push */
1128 return initiate(this);
8cb6f4f9
TB		 1129 }
1130 return SUCCESS;
4a09d9ee
MW		 1131}
1132
26b55dc6
MW		 1133/**
1134 * handle an incoming response message
1135 */
1136static status_t process_response(private_task_manager_t *this,
1137 message_t *message)
1138{
1139 enumerator_t *enumerator;
4e98ca18 1140 message_t *queued;
f91b6ac7 1141 status_t status;
26b55dc6
MW		 1142 task_t *task;
1143
1144 if (message->get_exchange_type(message) != this->initiating.type)
1145 {
0235914d
MW		 1146 /* Windows server sends a fourth quick mode message having an initial
1147 * contact notify. Ignore this message for compatibility. */
1148 if (this->initiating.type == EXCHANGE_TYPE_UNDEFINED &&
1149 message->get_exchange_type(message) == QUICK_MODE &&
1150 message->get_notify(message, INITIAL_CONTACT))
1151 {
1152 DBG1(DBG_IKE, "ignoring fourth Quick Mode message");
1153 return SUCCESS;
1154 }
26b55dc6
MW		 1155 DBG1(DBG_IKE, "received %N response, but expected %N",
1156 exchange_type_names, message->get_exchange_type(message),
1157 exchange_type_names, this->initiating.type);
1158 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1159 return DESTROY_ME;
1160 }
1161
1162 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
1163 while (enumerator->enumerate(enumerator, (void*)&task))
1164 {
1165 switch (task->process(task, message))
1166 {
1167 case SUCCESS:
1168 /* task completed, remove it */
1169 this->active_tasks->remove_at(this->active_tasks, enumerator);
1170 task->destroy(task);
590ca1d4 1171 continue;
26b55dc6
MW		 1172 case NEED_MORE:
1173 /* processed, but task needs another exchange */
590ca1d4
MW		 1174 continue;
1175 case ALREADY_DONE:
26b55dc6
MW		 1176 break;
1177 case FAILED:
1178 default:
1179 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1180 /* FALL */
1181 case DESTROY_ME:
1182 /* critical failure, destroy IKE_SA */
1183 this->active_tasks->remove_at(this->active_tasks, enumerator);
1184 enumerator->destroy(enumerator);
1185 task->destroy(task);
1186 return DESTROY_ME;
1187 }
590ca1d4 1188 break;
26b55dc6
MW		 1189 }
1190 enumerator->destroy(enumerator);
1191
bd71ba0f
TB		 1192 if (this->initiating.retransmitted)
1193 {
1194 packet_t *packet = NULL;
1195 array_get(this->initiating.packets, 0, &packet);
1196 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet);
1197 }
26b55dc6 1198 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
127a98dc 1199 clear_packets(this->initiating.packets);
26b55dc6 1200
3805880c
TB		 1201 if (this->queued && !this->active_tasks->get_count(this->active_tasks) &&
1202 this->queued->get_exchange_type(this->queued) == TRANSACTION)
f91b6ac7 1203 {
4e98ca18 1204 queued = this->queued;
f91b6ac7 1205 this->queued = NULL;
4e98ca18
MW		 1206 status = this->public.task_manager.process_message(
1207 &this->public.task_manager, queued);
1208 queued->destroy(queued);
f91b6ac7
MW		 1209 if (status == DESTROY_ME)
1210 {
1211 return status;
1212 }
1213 }
1214
26b55dc6
MW		 1215 return initiate(this);
1216}
1217
30216000
TB		 1218static status_t handle_fragment(private_task_manager_t *this, message_t *msg)
1219{
70e0be07 1220 status_t status;
30216000 1221
70e0be07 1222 if (!this->defrag)
30216000 1223 {
70e0be07
TB		 1224 this->defrag = message_create_defrag(msg);
1225 if (!this->defrag)
30216000 1226 {
70e0be07 1227 return FAILED;
30216000
TB		 1228 }
1229 }
70e0be07
TB		 1230 status = this->defrag->add_fragment(this->defrag, msg);
1231 if (status == SUCCESS)
8fc83834 1232 {
70e0be07
TB		 1233 lib->processor->queue_job(lib->processor,
1234 (job_t*)process_message_job_create(this->defrag));
1235 this->defrag = NULL;
1236 /* do not process the last fragment */
30216000
TB		 1237 status = NEED_MORE;
1238 }
1239 return status;
1240}
1241
b235e69c
TB		 1242/**
1243 * Parse the given message and verify that it is valid.
1244 */
1245static status_t parse_message(private_task_manager_t *this, message_t *msg)
1246{
1247 status_t status;
1248
1249 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
1250
1251 if (status != SUCCESS)
1252 {
1253 switch (status)
1254 {
29a5e070
TB		 1255 case NOT_SUPPORTED:
1256 DBG1(DBG_IKE, "unsupported exchange type");
b4705269 1257 send_notify(this, msg, INVALID_EXCHANGE_TYPE);
29a5e070 1258 break;
b235e69c
TB		 1259 case PARSE_ERROR:
1260 DBG1(DBG_IKE, "message parsing failed");
b4705269 1261 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1262 break;
1263 case VERIFY_ERROR:
1264 DBG1(DBG_IKE, "message verification failed");
b4705269 1265 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1266 break;
1267 case FAILED:
1268 DBG1(DBG_IKE, "integrity check failed");
b4705269 1269 send_notify(this, msg, INVALID_HASH_INFORMATION);
b235e69c
TB		 1270 break;
1271 case INVALID_STATE:
1272 DBG1(DBG_IKE, "found encrypted message, but no keys available");
b4705269 1273 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1274 default:
1275 break;
1276 }
f5ef3577 1277 DBG1(DBG_IKE, "%N %s with message ID %u processing failed",
b235e69c
TB		 1278 exchange_type_names, msg->get_exchange_type(msg),
1279 msg->get_request(msg) ? "request" : "response",
1280 msg->get_message_id(msg));
1281
418f4bc7
MW		 1282 charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_BODY, msg, status);
1283
b235e69c
TB		 1284 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1285 { /* invalid initiation attempt, close SA */
1286 return DESTROY_ME;
1287 }
1288 }
30216000 1289
3ecfc83c 1290 if (msg->get_first_payload_type(msg) == PLV1_FRAGMENT)
30216000
TB		 1291 {
1292 return handle_fragment(this, msg);
1293 }
b235e69c
TB		 1294 return status;
1295}
1296
3f56f731
TB		 1297/**
1298 * Queue the given message if possible
1299 */
1300static status_t queue_message(private_task_manager_t *this, message_t *msg)
1301{
1302 if (this->queued)
1303 {
1304 DBG1(DBG_IKE, "ignoring %N request, queue full",
1305 exchange_type_names, msg->get_exchange_type(msg));
1306 return FAILED;
1307 }
1308 this->queued = message_create_from_packet(msg->get_packet(msg));
1309 if (this->queued->parse_header(this->queued) != SUCCESS)
1310 {
1311 this->queued->destroy(this->queued);
1312 this->queued = NULL;
1313 return FAILED;
1314 }
1315 DBG1(DBG_IKE, "queueing %N request as tasks still active",
1316 exchange_type_names, msg->get_exchange_type(msg));
1317 return SUCCESS;
1318}
1319
4a09d9ee
MW		 1320METHOD(task_manager_t, process_message, status_t,
1321 private_task_manager_t *this, message_t *msg)
1322{
b12c53ce 1323 uint32_t hash, mid, i;
3d59c5c3 1324 host_t *me, *other;
68c6863b 1325 status_t status;
73aaf76b 1326
1960312c 1327 /* TODO-IKEv1: update hosts more selectively */
3d59c5c3
TB		 1328 me = msg->get_destination(msg);
1329 other = msg->get_source(msg);
68c6863b 1330 mid = msg->get_message_id(msg);
fce566a8
MW		 1331 hash = chunk_hash(msg->get_packet_data(msg));
1332 for (i = 0; i < MAX_OLD_HASHES; i++)
1333 {
1334 if (this->initiating.old_hashes[i] == hash)
1335 {
127a98dc 1336 if (array_count(this->initiating.packets) &&
f5a84055 1337 i == (this->initiating.old_hash_pos % MAX_OLD_HASHES) &&
346dad30
MW		 1338 (msg->get_exchange_type(msg) == QUICK_MODE ||
1339 msg->get_exchange_type(msg) == AGGRESSIVE))
f5a84055
MW		 1340 {
1341 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1342 "resending last request", mid);
127a98dc 1343 send_packets(this, this->initiating.packets);
f5a84055
MW		 1344 return SUCCESS;
1345 }
fce566a8
MW		 1346 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1347 "but next request already sent", mid);
1348 return SUCCESS;
1349 }
1350 }
1960312c 1351
2ddd45c9 1352 if ((mid && mid == this->initiating.mid) ||
73aaf76b 1353 (this->initiating.mid == 0 &&
1cc3e92c 1354 msg->get_exchange_type(msg) == this->initiating.type &&
dc8e9647 1355 this->active_tasks->get_count(this->active_tasks)))
4a09d9ee 1356 {
7519106d 1357 msg->set_request(msg, FALSE);
47b8f6ef 1358 charon->bus->message(charon->bus, msg, TRUE, FALSE);
b235e69c 1359 status = parse_message(this, msg);
30216000
TB		 1360 if (status == NEED_MORE)
1361 {
1362 return SUCCESS;
1363 }
1960312c
TB		 1364 if (status != SUCCESS)
1365 {
1366 return status;
1367 }
1368 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1369 time_monotonic(NULL));
3d59c5c3 1370 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
47b8f6ef 1371 charon->bus->message(charon->bus, msg, TRUE, TRUE);
73aaf76b 1372 if (process_response(this, msg) != SUCCESS)
4a09d9ee
MW		 1373 {
1374 flush(this);
1375 return DESTROY_ME;
1376 }
f5a84055 1377 this->initiating.old_hashes[(++this->initiating.old_hash_pos) %
fce566a8 1378 MAX_OLD_HASHES] = hash;
4a09d9ee
MW		 1379 }
1380 else
1381 {
7b34de45 1382 if (hash == this->responding.hash)
73aaf76b 1383 {
127a98dc 1384 if (array_count(this->responding.packets))
7b34de45
MW		 1385 {
1386 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1387 "retransmitting response", mid);
127a98dc 1388 send_packets(this, this->responding.packets);
7b34de45 1389 }
127a98dc 1390 else if (array_count(this->initiating.packets) &&
1b82eb23
MW		 1391 this->initiating.type == INFORMATIONAL_V1)
1392 {
1393 DBG1(DBG_IKE, "received retransmit of DPD request, "
1394 "retransmitting response");
127a98dc 1395 send_packets(this, this->initiating.packets);
1b82eb23 1396 }
7b34de45
MW		 1397 else
1398 {
1399 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1400 "but no response to retransmit", mid);
1401 }
3c79b7b7 1402 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
73aaf76b
MW		 1403 return SUCCESS;
1404 }
cdf75a39 1405
cf95d292 1406 /* reject Main/Aggressive Modes once established */
cdf75a39
MW		 1407 if (msg->get_exchange_type(msg) == ID_PROT ||
1408 msg->get_exchange_type(msg) == AGGRESSIVE)
1409 {
1410 if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
1411 this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING &&
3ecfc83c 1412 msg->get_first_payload_type(msg) != PLV1_FRAGMENT)
cdf75a39
MW		 1413 {
1414 DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
1415 exchange_type_names, msg->get_exchange_type(msg));
1416 return FAILED;
1417 }
1418 }
1419
b0b0c913 1420 /* drop XAuth/Mode Config/Quick Mode messages until we received the last
1c8dfa30
TB		 1421 * Aggressive Mode message. since Informational messages are not
1422 * retransmitted we queue them. */
1b4e7fe1 1423 if (have_task_queued(this, TASK_AGGRESSIVE_MODE))
b0b0c913 1424 {
1c8dfa30
TB		 1425 if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
1426 {
1427 return queue_message(this, msg);
1428 }
1429 else if (msg->get_exchange_type(msg) != AGGRESSIVE)
1430 {
1431 DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
1432 exchange_type_names, msg->get_exchange_type(msg));
1433 return FAILED;
1434 }
b0b0c913
TB		 1435 }
1436
3f56f731
TB		 1437 /* queue XAuth/Mode Config messages unless the Main Mode exchange we
1438 * initiated is complete */
f91b6ac7 1439 if (msg->get_exchange_type(msg) == TRANSACTION &&
0b0191e1 1440 this->active_tasks->get_count(this->active_tasks))
3f56f731
TB		 1441 {
1442 return queue_message(this, msg);
f91b6ac7
MW		 1443 }
1444
1b4e7fe1
TB		 1445 /* some peers send INITIAL_CONTACT notifies during XAuth, cache it */
1446 if (have_task_queued(this, TASK_XAUTH) &&
1447 msg->get_exchange_type(msg) == INFORMATIONAL_V1)
1448 {
1449 return queue_message(this, msg);
1450 }
1451
7519106d 1452 msg->set_request(msg, TRUE);
47b8f6ef 1453 charon->bus->message(charon->bus, msg, TRUE, FALSE);
b235e69c 1454 status = parse_message(this, msg);
30216000
TB		 1455 if (status == NEED_MORE)
1456 {
1457 return SUCCESS;
1458 }
1960312c
TB		 1459 if (status != SUCCESS)
1460 {
1461 return status;
1462 }
1463 /* if this IKE_SA is virgin, we check for a config */
1464 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1465 {
1466 ike_sa_id_t *ike_sa_id;
1467 ike_cfg_t *ike_cfg;
1468 job_t *job;
f5a84055 1469
79101163
MW		 1470 ike_cfg = charon->backends->get_ike_cfg(charon->backends,
1471 me, other, IKEV1);
1960312c
TB		 1472 if (ike_cfg == NULL)
1473 {
1474 /* no config found for these hosts, destroy */
4cfd0db8
TB		 1475 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1476 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
b4705269 1477 send_notify(this, msg, NO_PROPOSAL_CHOSEN);
1960312c
TB		 1478 return DESTROY_ME;
1479 }
1480 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1481 ike_cfg->destroy(ike_cfg);
1482 /* add a timeout if peer does not establish it completely */
1483 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1484 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1485 lib->scheduler->schedule_job(lib->scheduler, job,
1486 lib->settings->get_int(lib->settings,
42500c27 1487 "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
d223fe80 1488 lib->ns));
1960312c 1489 }
3d59c5c3 1490 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
47b8f6ef 1491 charon->bus->message(charon->bus, msg, TRUE, TRUE);
73aaf76b 1492 if (process_request(this, msg) != SUCCESS)
26b55dc6
MW		 1493 {
1494 flush(this);
1495 return DESTROY_ME;
1496 }
9cc8bd4f 1497 this->responding.hash = hash;
4a09d9ee
MW		 1498 }
1499 return SUCCESS;
1500}
1501
8ed976c0
MW		 1502/**
1503 * Check if a given task has been queued already
1504 */
1505static bool has_queued(private_task_manager_t *this, task_type_t type)
1506{
1507 enumerator_t *enumerator;
1508 bool found = FALSE;
1509 task_t *task;
1510
1511 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1512 while (enumerator->enumerate(enumerator, &task))
1513 {
1514 if (task->get_type(task) == type)
1515 {
1516 found = TRUE;
1517 break;
1518 }
1519 }
1520 enumerator->destroy(enumerator);
1521 return found;
1522}
1523
208678e6
TB		 1524METHOD(task_manager_t, queue_task_delayed, void,
1525 private_task_manager_t *this, task_t *task, uint32_t delay)
d4828f51
TB		 1526{
1527 task_type_t type = task->get_type(task);
1528
1529 switch (type)
1530 {
1531 case TASK_MODE_CONFIG:
1532 case TASK_XAUTH:
1533 if (has_queued(this, type))
1534 {
1535 task->destroy(task);
1536 return;
1537 }
1538 break;
1539 default:
1540 break;
1541 }
1542 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1543 this->queued_tasks->insert_last(this->queued_tasks, task);
1544}
1545
208678e6
TB		 1546METHOD(task_manager_t, queue_task, void,
1547 private_task_manager_t *this, task_t *task)
1548{
1549 queue_task_delayed(this, task, 0);
1550}
1551
a60daa07
MW		 1552METHOD(task_manager_t, queue_ike, void,
1553 private_task_manager_t *this)
1554{
830ab2ae
MW		 1555 peer_cfg_t *peer_cfg;
1556
8ed976c0
MW		 1557 if (!has_queued(this, TASK_ISAKMP_VENDOR))
1558 {
1559 queue_task(this, (task_t*)isakmp_vendor_create(this->ike_sa, TRUE));
1560 }
1561 if (!has_queued(this, TASK_ISAKMP_CERT_PRE))
1562 {
1563 queue_task(this, (task_t*)isakmp_cert_pre_create(this->ike_sa, TRUE));
1564 }
830ab2ae
MW		 1565 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1566 if (peer_cfg->use_aggressive(peer_cfg))
8ed976c0 1567 {
830ab2ae
MW		 1568 if (!has_queued(this, TASK_AGGRESSIVE_MODE))
1569 {
1570 queue_task(this, (task_t*)aggressive_mode_create(this->ike_sa, TRUE));
1571 }
1572 }
1573 else
1574 {
1575 if (!has_queued(this, TASK_MAIN_MODE))
1576 {
1577 queue_task(this, (task_t*)main_mode_create(this->ike_sa, TRUE));
1578 }
8ed976c0
MW		 1579 }
1580 if (!has_queued(this, TASK_ISAKMP_CERT_POST))
1581 {
1582 queue_task(this, (task_t*)isakmp_cert_post_create(this->ike_sa, TRUE));
1583 }
1584 if (!has_queued(this, TASK_ISAKMP_NATD))
1585 {
1586 queue_task(this, (task_t*)isakmp_natd_create(this->ike_sa, TRUE));
1587 }
a60daa07
MW		 1588}
1589
4f49b068 1590METHOD(task_manager_t, queue_ike_reauth, void,
dab60d64
MW		 1591 private_task_manager_t *this)
1592{
4f49b068
MW		 1593 enumerator_t *enumerator;
1594 child_sa_t *child_sa;
1595 ike_sa_t *new;
1596 host_t *host;
1597
1598 new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
1599 this->ike_sa->get_version(this->ike_sa), TRUE);
1600 if (!new)
1601 { /* shouldn't happen */
1602 return;
1603 }
1604
1605 new->set_peer_cfg(new, this->ike_sa->get_peer_cfg(this->ike_sa));
1606 host = this->ike_sa->get_other_host(this->ike_sa);
1607 new->set_other_host(new, host->clone(host));
1608 host = this->ike_sa->get_my_host(this->ike_sa);
1609 new->set_my_host(new, host->clone(host));
101d26ba
MW		 1610 enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, TRUE);
1611 while (enumerator->enumerate(enumerator, &host))
4f49b068 1612 {
101d26ba 1613 new->add_virtual_ip(new, TRUE, host);
4f49b068 1614 }
101d26ba 1615 enumerator->destroy(enumerator);
4f49b068 1616
6a9a69ae
TB		 1617 charon->bus->children_migrate(charon->bus, new->get_id(new),
1618 new->get_unique_id(new));
4f49b068
MW		 1619 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1620 while (enumerator->enumerate(enumerator, &child_sa))
1621 {
1622 this->ike_sa->remove_child_sa(this->ike_sa, enumerator);
1623 new->add_child_sa(new, child_sa);
1624 }
1625 enumerator->destroy(enumerator);
6a9a69ae
TB		 1626 charon->bus->set_sa(charon->bus, new);
1627 charon->bus->children_migrate(charon->bus, NULL, 0);
1628 charon->bus->set_sa(charon->bus, this->ike_sa);
4f49b068 1629
8254e7ec
TB		 1630 if (!new->get_child_count(new))
1631 { /* check if a Quick Mode task is queued (UNITY_LOAD_BALANCE case) */
1632 task_t *task;
1633
1634 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1635 while (enumerator->enumerate(enumerator, &task))
1636 {
1637 if (task->get_type(task) == TASK_QUICK_MODE)
1638 {
1639 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
1640 task->migrate(task, new);
1641 new->queue_task(new, task);
1642 }
1643 }
1644 enumerator->destroy(enumerator);
1645 }
1646
4f49b068
MW		 1647 if (new->initiate(new, NULL, 0, NULL, NULL) != DESTROY_ME)
1648 {
1649 charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
1b79299b 1650 this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
4f49b068
MW		 1651 }
1652 else
1653 {
1654 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
1655 DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
1656 }
1657 charon->bus->set_sa(charon->bus, this->ike_sa);
dab60d64
MW		 1658}
1659
4f49b068 1660METHOD(task_manager_t, queue_ike_rekey, void,
cedb412e
MW		 1661 private_task_manager_t *this)
1662{
4f49b068 1663 queue_ike_reauth(this);
cedb412e
MW		 1664}
1665
3ed148b3
MW		 1666METHOD(task_manager_t, queue_ike_delete, void,
1667 private_task_manager_t *this)
1668{
daee47ba
MW		 1669 enumerator_t *enumerator;
1670 child_sa_t *child_sa;
1671
60d0f52f
TB		 1672 /* cancel any currently active task to get the DELETE done quickly */
1673 flush_queue(this, TASK_QUEUE_ACTIVE);
1674
daee47ba
MW		 1675 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1676 while (enumerator->enumerate(enumerator, &child_sa))
1677 {
1678 queue_task(this, (task_t*)
1679 quick_delete_create(this->ike_sa, child_sa->get_protocol(child_sa),
3a925f74 1680 child_sa->get_spi(child_sa, TRUE), FALSE, FALSE));
daee47ba
MW		 1681 }
1682 enumerator->destroy(enumerator);
1683
3ed148b3
MW		 1684 queue_task(this, (task_t*)isakmp_delete_create(this->ike_sa, TRUE));
1685}
1686
873df908
MW		 1687METHOD(task_manager_t, queue_mobike, void,
1688 private_task_manager_t *this, bool roam, bool address)
1689{
1690 /* Not supported in IKEv1 */
1691}
1692
fe43d9a2 1693METHOD(task_manager_t, queue_child, void,
b12c53ce 1694 private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid,
fe43d9a2
MW		 1695 traffic_selector_t *tsi, traffic_selector_t *tsr)
1696{
14dc7941
MW		 1697 quick_mode_t *task;
1698
1699 task = quick_mode_create(this->ike_sa, cfg, tsi, tsr);
1700 task->use_reqid(task, reqid);
1701
1702 queue_task(this, &task->task);
fe43d9a2
MW		 1703}
1704
2d4c347a
MW		 1705/**
1706 * Check if two CHILD_SAs have the same traffic selector
1707 */
553bb787 1708static bool have_equal_ts(child_sa_t *child1, child_sa_t *child2, bool local)
2d4c347a 1709{
553bb787
MW		 1710 enumerator_t *e1, *e2;
1711 traffic_selector_t *ts1, *ts2;
1712 bool equal = FALSE;
2d4c347a 1713
553bb787
MW		 1714 e1 = child1->create_ts_enumerator(child1, local);
1715 e2 = child2->create_ts_enumerator(child2, local);
1716 if (e1->enumerate(e1, &ts1) && e2->enumerate(e2, &ts2))
2d4c347a 1717 {
553bb787 1718 equal = ts1->equals(ts1, ts2);
2d4c347a 1719 }
fafa7684 1720 e2->destroy(e2);
553bb787
MW		 1721 e1->destroy(e1);
1722
1723 return equal;
2d4c347a
MW		 1724}
1725
1e24fa46
MW		 1726/**
1727 * Check if a CHILD_SA is redundant and we should delete instead of rekey
1728 */
1729static bool is_redundant(private_task_manager_t *this, child_sa_t *child_sa)
1730{
1731 enumerator_t *enumerator;
1732 child_sa_t *current;
1733 bool redundant = FALSE;
1734
1735 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1736 while (enumerator->enumerate(enumerator, &current))
1737 {
1738 if (current->get_state(current) == CHILD_INSTALLED &&
1739 streq(current->get_name(current), child_sa->get_name(child_sa)) &&
2d4c347a
MW		 1740 have_equal_ts(current, child_sa, TRUE) &&
1741 have_equal_ts(current, child_sa, FALSE) &&
1e24fa46
MW		 1742 current->get_lifetime(current, FALSE) >
1743 child_sa->get_lifetime(child_sa, FALSE))
1744 {
1745 DBG1(DBG_IKE, "deleting redundant CHILD_SA %s{%d}",
246c969d
MW		 1746 child_sa->get_name(child_sa),
1747 child_sa->get_unique_id(child_sa));
1e24fa46
MW		 1748 redundant = TRUE;
1749 break;
1750 }
1751 }
1752 enumerator->destroy(enumerator);
1753
1754 return redundant;
1755}
1756
7a5f372c
MW		 1757/**
1758 * Get the first traffic selector of a CHILD_SA, local or remote
1759 */
1760static traffic_selector_t* get_first_ts(child_sa_t *child_sa, bool local)
1761{
1762 traffic_selector_t *ts = NULL;
553bb787 1763 enumerator_t *enumerator;
7a5f372c 1764
553bb787
MW		 1765 enumerator = child_sa->create_ts_enumerator(child_sa, local);
1766 enumerator->enumerate(enumerator, &ts);
1767 enumerator->destroy(enumerator);
1768
1769 return ts;
7a5f372c
MW		 1770}
1771
463a73cc 1772METHOD(task_manager_t, queue_child_rekey, void,
b12c53ce 1773 private_task_manager_t *this, protocol_id_t protocol, uint32_t spi)
463a73cc 1774{
23eb447c
MW		 1775 child_sa_t *child_sa;
1776 child_cfg_t *cfg;
1777 quick_mode_t *task;
1778
1779 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, TRUE);
1780 if (!child_sa)
1781 {
1782 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE);
1783 }
1784 if (child_sa && child_sa->get_state(child_sa) == CHILD_INSTALLED)
1785 {
1e24fa46
MW		 1786 if (is_redundant(this, child_sa))
1787 {
a01eb5e4 1788 child_sa->set_state(child_sa, CHILD_REKEYED);
1e24fa46
MW		 1789 queue_task(this, (task_t*)quick_delete_create(this->ike_sa,
1790 protocol, spi, FALSE, FALSE));
1791 }
1792 else
1793 {
1794 child_sa->set_state(child_sa, CHILD_REKEYING);
1795 cfg = child_sa->get_config(child_sa);
7a5f372c
MW		 1796 task = quick_mode_create(this->ike_sa, cfg->get_ref(cfg),
1797 get_first_ts(child_sa, TRUE), get_first_ts(child_sa, FALSE));
1e24fa46 1798 task->use_reqid(task, child_sa->get_reqid(child_sa));
85b23888
MW		 1799 task->use_marks(task, child_sa->get_mark(child_sa, TRUE).value,
1800 child_sa->get_mark(child_sa, FALSE).value);
1e24fa46 1801 task->rekey(task, child_sa->get_spi(child_sa, TRUE));
23eb447c 1802
1e24fa46
MW		 1803 queue_task(this, &task->task);
1804 }
23eb447c 1805 }
463a73cc
MW		 1806}
1807
83c5fda0 1808METHOD(task_manager_t, queue_child_delete, void,
b12c53ce 1809 private_task_manager_t *this, protocol_id_t protocol, uint32_t spi,
3a925f74 1810 bool expired)
83c5fda0
MW		 1811{
1812 queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol,
3a925f74 1813 spi, FALSE, expired));
83c5fda0
MW		 1814}
1815
244d715d
MW		 1816METHOD(task_manager_t, queue_dpd, void,
1817 private_task_manager_t *this)
1818{
80c5b17d 1819 peer_cfg_t *peer_cfg;
b12c53ce 1820 uint32_t t, retransmit;
4b38c22c 1821
24742c0f 1822 queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE,
2ddd45c9 1823 this->dpd_send++));
80c5b17d 1824 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
4b38c22c 1825
80c5b17d
AS		 1826 /* compute timeout in milliseconds */
1827 t = 1000 * peer_cfg->get_dpd_timeout(peer_cfg);
1828 if (t == 0)
4b38c22c 1829 {
80c5b17d
AS		 1830 /* use the same timeout as a retransmitting IKE message would have */
1831 for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++)
1832 {
b12c53ce 1833 t += (uint32_t)(this->retransmit_timeout * 1000.0 *
80c5b17d
AS		 1834 pow(this->retransmit_base, retransmit));
1835 }
4b38c22c 1836 }
747b6487
TB		 1837 /* compensate for the already elapsed dpd delay */
1838 t -= 1000 * peer_cfg->get_dpd(peer_cfg);
80c5b17d
AS		 1839
1840 /* schedule DPD timeout job */
4b38c22c
MW		 1841 lib->scheduler->schedule_job_ms(lib->scheduler,
1842 (job_t*)dpd_timeout_job_create(this->ike_sa->get_id(this->ike_sa)), t);
244d715d
MW		 1843}
1844
4a09d9ee
MW		 1845METHOD(task_manager_t, adopt_tasks, void,
1846 private_task_manager_t *this, task_manager_t *other_public)
1847{
1848 private_task_manager_t *other = (private_task_manager_t*)other_public;
1849 task_t *task;
1850
1851 /* move queued tasks from other to this */
1852 while (other->queued_tasks->remove_last(other->queued_tasks,
1853 (void**)&task) == SUCCESS)
1854 {
1855 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1856 task->migrate(task, this->ike_sa);
1857 this->queued_tasks->insert_first(this->queued_tasks, task);
1858 }
1859}
1860
68db844f
TB		 1861/**
1862 * Migrates child-creating tasks from src to dst
1863 */
1864static void migrate_child_tasks(private_task_manager_t *this,
1865 linked_list_t *src, linked_list_t *dst)
1866{
1867 enumerator_t *enumerator;
1868 task_t *task;
1869
1870 enumerator = src->create_enumerator(src);
1871 while (enumerator->enumerate(enumerator, &task))
1872 {
1873 if (task->get_type(task) == TASK_QUICK_MODE)
1874 {
1875 src->remove_at(src, enumerator);
1876 task->migrate(task, this->ike_sa);
1877 dst->insert_last(dst, task);
1878 }
1879 }
1880 enumerator->destroy(enumerator);
1881}
1882
1883METHOD(task_manager_t, adopt_child_tasks, void,
1884 private_task_manager_t *this, task_manager_t *other_public)
1885{
1886 private_task_manager_t *other = (private_task_manager_t*)other_public;
1887
1888 /* move active child tasks from other to this */
1889 migrate_child_tasks(this, other->active_tasks, this->queued_tasks);
1890 /* do the same for queued tasks */
1891 migrate_child_tasks(this, other->queued_tasks, this->queued_tasks);
1892}
1893
4a09d9ee
MW		 1894METHOD(task_manager_t, busy, bool,
1895 private_task_manager_t *this)
1896{
1897 return (this->active_tasks->get_count(this->active_tasks) > 0);
1898}
1899
1900METHOD(task_manager_t, incr_mid, void,
1901 private_task_manager_t *this, bool initiate)
1902{
4a09d9ee
MW		 1903}
1904
1905METHOD(task_manager_t, reset, void,
b12c53ce 1906 private_task_manager_t *this, uint32_t initiate, uint32_t respond)
4a09d9ee 1907{
d9c1dae2
MW		 1908 enumerator_t *enumerator;
1909 task_t *task;
1910
1911 /* reset message counters and retransmit packets */
127a98dc
TB		 1912 clear_packets(this->responding.packets);
1913 clear_packets(this->initiating.packets);
f5a84055
MW		 1914 this->responding.seqnr = RESPONDING_SEQ;
1915 this->responding.retransmitted = 0;
d9c1dae2
MW		 1916 this->initiating.mid = 0;
1917 this->initiating.seqnr = 0;
1918 this->initiating.retransmitted = 0;
1919 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
70e0be07
TB		 1920 DESTROY_IF(this->defrag);
1921 this->defrag = NULL;
fd6fbf17
MW		 1922 if (initiate != UINT_MAX)
1923 {
1924 this->dpd_send = initiate;
1925 }
1926 if (respond != UINT_MAX)
1927 {
1928 this->dpd_recv = respond;
1929 }
d9c1dae2
MW		 1930
1931 /* reset queued tasks */
1932 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1933 while (enumerator->enumerate(enumerator, &task))
1934 {
1935 task->migrate(task, this->ike_sa);
1936 }
1937 enumerator->destroy(enumerator);
1938
1939 /* reset active tasks */
1940 while (this->active_tasks->remove_last(this->active_tasks,
1941 (void**)&task) == SUCCESS)
1942 {
1943 task->migrate(task, this->ike_sa);
1944 this->queued_tasks->insert_first(this->queued_tasks, task);
1945 }
4a09d9ee
MW		 1946}
1947
1948METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1949 private_task_manager_t *this, task_queue_t queue)
1950{
1951 switch (queue)
1952 {
1953 case TASK_QUEUE_ACTIVE:
1954 return this->active_tasks->create_enumerator(this->active_tasks);
1955 case TASK_QUEUE_PASSIVE:
1956 return this->passive_tasks->create_enumerator(this->passive_tasks);
1957 case TASK_QUEUE_QUEUED:
1958 return this->queued_tasks->create_enumerator(this->queued_tasks);
1959 default:
1960 return enumerator_create_empty();
1961 }
1962}
1963
1964METHOD(task_manager_t, destroy, void,
1965 private_task_manager_t *this)
1966{
1967 flush(this);
1968
1969 this->active_tasks->destroy(this->active_tasks);
1970 this->queued_tasks->destroy(this->queued_tasks);
1971 this->passive_tasks->destroy(this->passive_tasks);
70e0be07 1972 DESTROY_IF(this->defrag);
4a09d9ee 1973
f91b6ac7 1974 DESTROY_IF(this->queued);
127a98dc
TB		 1975 clear_packets(this->responding.packets);
1976 array_destroy(this->responding.packets);
1977 clear_packets(this->initiating.packets);
1978 array_destroy(this->initiating.packets);
73aaf76b 1979 DESTROY_IF(this->rng);
4a09d9ee
MW		 1980 free(this);
1981}
1982
1983/*
1984 * see header file
1985 */
1986task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
1987{
1988 private_task_manager_t *this;
1989
1990 INIT(this,
1991 .public = {
1992 .task_manager = {
1993 .process_message = _process_message,
1994 .queue_task = _queue_task,
208678e6 1995 .queue_task_delayed = _queue_task_delayed,
a60daa07 1996 .queue_ike = _queue_ike,
dab60d64 1997 .queue_ike_rekey = _queue_ike_rekey,
cedb412e 1998 .queue_ike_reauth = _queue_ike_reauth,
3ed148b3 1999 .queue_ike_delete = _queue_ike_delete,
873df908 2000 .queue_mobike = _queue_mobike,
fe43d9a2 2001 .queue_child = _queue_child,
463a73cc 2002 .queue_child_rekey = _queue_child_rekey,
83c5fda0 2003 .queue_child_delete = _queue_child_delete,
244d715d 2004 .queue_dpd = _queue_dpd,
4a09d9ee
MW		 2005 .initiate = _initiate,
2006 .retransmit = _retransmit,
2007 .incr_mid = _incr_mid,
2008 .reset = _reset,
2009 .adopt_tasks = _adopt_tasks,
68db844f 2010 .adopt_child_tasks = _adopt_child_tasks,
4a09d9ee
MW		 2011 .busy = _busy,
2012 .create_task_enumerator = _create_task_enumerator,
b1908994 2013 .flush = _flush,
a5c79960 2014 .flush_queue = _flush_queue,
4a09d9ee
MW		 2015 .destroy = _destroy,
2016 },
2017 },
dcbdc914
TB		 2018 .initiating = {
2019 .type = EXCHANGE_TYPE_UNDEFINED,
2020 },
2021 .responding = {
2022 .seqnr = RESPONDING_SEQ,
2023 },
4a09d9ee 2024 .ike_sa = ike_sa,
73aaf76b 2025 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
4a09d9ee
MW		 2026 .queued_tasks = linked_list_create(),
2027 .active_tasks = linked_list_create(),
2028 .passive_tasks = linked_list_create(),
2029 .retransmit_tries = lib->settings->get_int(lib->settings,
d223fe80 2030 "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns),
4a09d9ee 2031 .retransmit_timeout = lib->settings->get_double(lib->settings,
d223fe80 2032 "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns),
4a09d9ee 2033 .retransmit_base = lib->settings->get_double(lib->settings,
d223fe80 2034 "%s.retransmit_base", RETRANSMIT_BASE, lib->ns),
4a09d9ee
MW		 2035 );
2036
3fca5bd1
MW		 2037 if (!this->rng)
2038 {
2039 DBG1(DBG_IKE, "no RNG found, unable to create IKE_SA");
2040 destroy(this);
2041 return NULL;
2042 }
1bb9c51e
TB		 2043 if (!this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
2044 (void*)&this->dpd_send))
2045 {
2046 DBG1(DBG_IKE, "failed to allocate message ID, unable to create IKE_SA");
2047 destroy(this);
2048 return NULL;
2049 }
2ddd45c9 2050 this->dpd_send &= 0x7FFFFFFF;
3e6b7403 2051
4a09d9ee
MW		 2052 return &this->public;
2053}
Unnamed repository; edit this file 'description' to name the repository.