]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libcharon/sa/ikev1/task_manager_v1.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ikev1: Handle queued TRANSACTION messages only after processing replies
[thirdparty/strongswan.git] / src / libcharon / sa / ikev1 / task_manager_v1.c
CommitLineData
4a09d9ee 1/*
4de361d9 2 * Copyright (C) 2007-2015 Tobias Brunner
68c6863b 3 * Copyright (C) 2007-2011 Martin Willi
4a09d9ee
MW		 4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17#include "task_manager_v1.h"
18
da063ec9
MW		 19#include <math.h>
20
4a09d9ee 21#include <daemon.h>
15a682f4 22#include <sa/ikev1/tasks/main_mode.h>
830ab2ae 23#include <sa/ikev1/tasks/aggressive_mode.h>
15a682f4 24#include <sa/ikev1/tasks/quick_mode.h>
83c5fda0 25#include <sa/ikev1/tasks/quick_delete.h>
15a682f4
MW		 26#include <sa/ikev1/tasks/xauth.h>
27#include <sa/ikev1/tasks/mode_config.h>
28#include <sa/ikev1/tasks/informational.h>
29#include <sa/ikev1/tasks/isakmp_natd.h>
30#include <sa/ikev1/tasks/isakmp_vendor.h>
31#include <sa/ikev1/tasks/isakmp_cert_pre.h>
32#include <sa/ikev1/tasks/isakmp_cert_post.h>
3ed148b3 33#include <sa/ikev1/tasks/isakmp_delete.h>
3e6b7403
CO		 34#include <sa/ikev1/tasks/isakmp_dpd.h>
35
da063ec9 36#include <processing/jobs/retransmit_job.h>
68c6863b 37#include <processing/jobs/delete_ike_sa_job.h>
4b38c22c 38#include <processing/jobs/dpd_timeout_job.h>
30216000
TB		 39#include <processing/jobs/process_message_job.h>
40
127a98dc 41#include <collections/array.h>
4a09d9ee 42
fce566a8
MW		 43/**
44 * Number of old messages hashes we keep for retransmission.
45 *
46 * In Main Mode, we must ignore messages from a previous message pair if
47 * we already continued to the next. Otherwise a late retransmission
48 * could be considered as a reply to the newer request.
49 */
50#define MAX_OLD_HASHES 2
51
f5a84055
MW		 52/**
53 * First sequence number of responding packets.
54 *
55 * To distinguish retransmission jobs for initiating and responding packets,
56 * we split up the sequence counter and use the upper half for responding.
57 */
58#define RESPONDING_SEQ INT_MAX
59
4a09d9ee
MW		 60typedef struct exchange_t exchange_t;
61
62/**
63 * An exchange in the air, used do detect and handle retransmission
64 */
65struct exchange_t {
66
67 /**
68 * Message ID used for this transaction
69 */
70 u_int32_t mid;
71
72 /**
73 * generated packet for retransmission
74 */
75 packet_t *packet;
76};
77
78typedef struct private_task_manager_t private_task_manager_t;
79
80/**
81 * private data of the task manager
82 */
83struct private_task_manager_t {
84
85 /**
86 * public functions
87 */
88 task_manager_v1_t public;
89
90 /**
91 * associated IKE_SA we are serving
92 */
93 ike_sa_t *ike_sa;
94
73aaf76b
MW		 95 /**
96 * RNG to create message IDs
97 */
98 rng_t *rng;
99
4a09d9ee
MW		 100 /**
101 * Exchange we are currently handling as responder
102 */
103 struct {
f5a84055
MW		 104 /**
105 * Message ID of the last response
106 */
107 u_int32_t mid;
108
9cc8bd4f
MW		 109 /**
110 * Hash of a previously received message
111 */
112 u_int32_t hash;
113
4a09d9ee 114 /**
127a98dc 115 * packet(s) for retransmission
4a09d9ee 116 */
127a98dc 117 array_t *packets;
4a09d9ee 118
f5a84055
MW		 119 /**
120 * Sequence number of the last sent message
121 */
122 u_int32_t seqnr;
123
124 /**
125 * how many times we have retransmitted so far
126 */
127 u_int retransmitted;
128
4a09d9ee
MW		 129 } responding;
130
131 /**
132 * Exchange we are currently handling as initiator
133 */
134 struct {
135 /**
136 * Message ID of the exchange
137 */
138 u_int32_t mid;
139
fce566a8
MW		 140 /**
141 * Hashes of old responses we can ignore
142 */
143 u_int32_t old_hashes[MAX_OLD_HASHES];
144
145 /**
146 * Position in old hash array
147 */
148 int old_hash_pos;
149
9cc8bd4f 150 /**
751bd02e 151 * Sequence number of the last sent message
9cc8bd4f 152 */
751bd02e 153 u_int32_t seqnr;
9cc8bd4f 154
4a09d9ee
MW		 155 /**
156 * how many times we have retransmitted so far
157 */
158 u_int retransmitted;
159
160 /**
127a98dc 161 * packet(s) for retransmission
4a09d9ee 162 */
127a98dc 163 array_t *packets;
4a09d9ee
MW		 164
165 /**
30216000 166 * type of the initiated exchange
4a09d9ee
MW		 167 */
168 exchange_type_t type;
169
170 } initiating;
171
30216000 172 /**
70e0be07 173 * Message we are currently defragmenting, if any (only one at a time)
30216000 174 */
70e0be07 175 message_t *defrag;
30216000 176
4a09d9ee
MW		 177 /**
178 * List of queued tasks not yet in action
179 */
180 linked_list_t *queued_tasks;
181
182 /**
30216000 183 * List of active tasks, initiated by ourselves
4a09d9ee
MW		 184 */
185 linked_list_t *active_tasks;
186
187 /**
188 * List of tasks initiated by peer
189 */
190 linked_list_t *passive_tasks;
191
f91b6ac7
MW		 192 /**
193 * Queued messages not yet ready to process
194 */
195 message_t *queued;
196
4a09d9ee
MW		 197 /**
198 * Number of times we retransmit messages before giving up
199 */
200 u_int retransmit_tries;
201
202 /**
203 * Retransmission timeout
204 */
205 double retransmit_timeout;
206
207 /**
208 * Base to calculate retransmission timeout
209 */
210 double retransmit_base;
3e6b7403
CO		 211
212 /**
213 * Sequence number for sending DPD requests
214 */
2ddd45c9 215 u_int32_t dpd_send;
3e6b7403
CO		 216
217 /**
218 * Sequence number for received DPD requests
219 */
2ddd45c9 220 u_int32_t dpd_recv;
4a09d9ee
MW		 221};
222
127a98dc
TB		 223/**
224 * Reset retransmission packet list
225 */
226static void clear_packets(array_t *array)
227{
228 packet_t *packet;
229
230 while (array_remove(array, ARRAY_TAIL, &packet))
231 {
232 packet->destroy(packet);
233 }
234}
235
a5c79960
MW		 236METHOD(task_manager_t, flush_queue, void,
237 private_task_manager_t *this, task_queue_t queue)
0f61964e 238{
a5c79960 239 linked_list_t *list;
0f61964e
MW		 240 task_t *task;
241
429d95fe
MW		 242 if (this->queued)
243 {
244 this->queued->destroy(this->queued);
245 this->queued = NULL;
246 }
a5c79960
MW		 247 switch (queue)
248 {
249 case TASK_QUEUE_ACTIVE:
250 list = this->active_tasks;
17949695
MW		 251 /* cancel pending retransmits */
252 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
127a98dc 253 clear_packets(this->initiating.packets);
a5c79960
MW		 254 break;
255 case TASK_QUEUE_PASSIVE:
256 list = this->passive_tasks;
257 break;
258 case TASK_QUEUE_QUEUED:
259 list = this->queued_tasks;
260 break;
261 default:
262 return;
263 }
0f61964e
MW		 264 while (list->remove_last(list, (void**)&task) == SUCCESS)
265 {
266 task->destroy(task);
267 }
268}
269
b1908994
TE		 270METHOD(task_manager_t, flush, void,
271 private_task_manager_t *this)
4a09d9ee 272{
a5c79960
MW		 273 flush_queue(this, TASK_QUEUE_QUEUED);
274 flush_queue(this, TASK_QUEUE_PASSIVE);
275 flush_queue(this, TASK_QUEUE_ACTIVE);
4a09d9ee
MW		 276}
277
26b55dc6
MW		 278/**
279 * move a task of a specific type from the queue to the active list
280 */
281static bool activate_task(private_task_manager_t *this, task_type_t type)
282{
283 enumerator_t *enumerator;
284 task_t *task;
285 bool found = FALSE;
286
287 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
288 while (enumerator->enumerate(enumerator, (void**)&task))
289 {
290 if (task->get_type(task) == type)
291 {
292 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
293 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
294 this->active_tasks->insert_last(this->active_tasks, task);
295 found = TRUE;
296 break;
297 }
298 }
299 enumerator->destroy(enumerator);
300 return found;
301}
302
5cafefcd 303/**
127a98dc 304 * Send packets in the given array (they get cloned)
5cafefcd 305 */
127a98dc 306static void send_packets(private_task_manager_t *this, array_t *packets)
5cafefcd 307{
127a98dc 308 enumerator_t *enumerator;
5cafefcd 309 packet_t *packet;
5cafefcd 310
127a98dc
TB		 311 enumerator = array_create_enumerator(packets);
312 while (enumerator->enumerate(enumerator, &packet))
5cafefcd 313 {
127a98dc 314 charon->sender->send(charon->sender, packet->clone(packet));
5cafefcd 315 }
127a98dc 316 enumerator->destroy(enumerator);
5cafefcd
TB		 317}
318
319/**
127a98dc 320 * Generates the given message and stores packet(s) in the given array
5cafefcd 321 */
127a98dc
TB		 322static bool generate_message(private_task_manager_t *this, message_t *message,
323 array_t **packets)
5cafefcd 324{
127a98dc 325 enumerator_t *fragments;
40bab9a1 326 packet_t *fragment;
127a98dc 327
40bab9a1
TB		 328 if (this->ike_sa->generate_message_fragmented(this->ike_sa, message,
329 &fragments) != SUCCESS)
127a98dc 330 {
127a98dc
TB		 331 return FALSE;
332 }
40bab9a1 333 while (fragments->enumerate(fragments, &fragment))
127a98dc 334 {
40bab9a1 335 array_insert_create(packets, ARRAY_TAIL, fragment);
5cafefcd 336 }
127a98dc 337 fragments->destroy(fragments);
40bab9a1 338 return TRUE;
5cafefcd
TB		 339}
340
f5a84055 341/**
127a98dc 342 * Retransmit a packet (or its fragments)
f5a84055 343 */
127a98dc
TB		 344static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr,
345 u_int mid, u_int retransmitted, array_t *packets)
23f4e4b4 346{
127a98dc 347 packet_t *packet;
f5a84055 348 u_int32_t t;
23f4e4b4 349
127a98dc 350 array_get(packets, 0, &packet);
f5a84055
MW		 351 if (retransmitted > this->retransmit_tries)
352 {
353 DBG1(DBG_IKE, "giving up after %u retransmits", retransmitted - 1);
3c79b7b7 354 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, packet);
f5a84055
MW		 355 return DESTROY_ME;
356 }
357 t = (u_int32_t)(this->retransmit_timeout * 1000.0 *
358 pow(this->retransmit_base, retransmitted));
359 if (retransmitted)
360 {
361 DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u",
362 retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response",
363 mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ);
3c79b7b7 364 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet);
f5a84055 365 }
127a98dc 366 send_packets(this, packets);
f5a84055
MW		 367 lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)
368 retransmit_job_create(seqnr, this->ike_sa->get_id(this->ike_sa)), t);
369 return NEED_MORE;
370}
371
372METHOD(task_manager_t, retransmit, status_t,
373 private_task_manager_t *this, u_int32_t seqnr)
374{
375 status_t status = SUCCESS;
376
127a98dc
TB		 377 if (seqnr == this->initiating.seqnr &&
378 array_count(this->initiating.packets))
f5a84055 379 {
127a98dc
TB		 380 status = retransmit_packet(this, seqnr, this->initiating.mid,
381 this->initiating.retransmitted, this->initiating.packets);
f5a84055 382 if (status == NEED_MORE)
23f4e4b4 383 {
f5a84055
MW		 384 this->initiating.retransmitted++;
385 status = SUCCESS;
23f4e4b4 386 }
f5a84055 387 }
127a98dc
TB		 388 if (seqnr == this->responding.seqnr &&
389 array_count(this->responding.packets))
f5a84055 390 {
127a98dc
TB		 391 status = retransmit_packet(this, seqnr, this->responding.mid,
392 this->responding.retransmitted, this->responding.packets);
f5a84055 393 if (status == NEED_MORE)
23f4e4b4 394 {
f5a84055
MW		 395 this->responding.retransmitted++;
396 status = SUCCESS;
23f4e4b4 397 }
23f4e4b4 398 }
f5a84055 399 return status;
23f4e4b4
CO		 400}
401
27137790
MW		 402/**
403 * Check if we have to wait for a mode config before starting a quick mode
404 */
405static bool mode_config_expected(private_task_manager_t *this)
406{
101d26ba 407 enumerator_t *enumerator;
27137790 408 peer_cfg_t *peer_cfg;
497ce2cf 409 char *pool;
e3311e9b 410 bool local;
101d26ba 411 host_t *host;
27137790
MW		 412
413 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
497ce2cf 414 if (peer_cfg)
27137790 415 {
e3311e9b
MW		 416 if (peer_cfg->use_pull_mode(peer_cfg))
417 {
418 enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
419 if (!enumerator->enumerate(enumerator, &pool))
420 { /* no pool configured */
421 enumerator->destroy(enumerator);
422 return FALSE;
423 }
497ce2cf 424 enumerator->destroy(enumerator);
e3311e9b
MW		 425
426 local = FALSE;
497ce2cf 427 }
e3311e9b
MW		 428 else
429 {
430 enumerator = peer_cfg->create_virtual_ip_enumerator(peer_cfg);
431 if (!enumerator->enumerate(enumerator, &host))
432 { /* not requesting a vip */
433 enumerator->destroy(enumerator);
434 return FALSE;
435 }
436 enumerator->destroy(enumerator);
497ce2cf 437
e3311e9b
MW		 438 local = TRUE;
439 }
101d26ba 440 enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa,
e3311e9b 441 local);
101d26ba 442 if (!enumerator->enumerate(enumerator, &host))
e3311e9b 443 { /* expecting a VIP exchange, but no VIP assigned yet */
101d26ba 444 enumerator->destroy(enumerator);
27137790
MW		 445 return TRUE;
446 }
101d26ba 447 enumerator->destroy(enumerator);
27137790
MW		 448 }
449 return FALSE;
450}
451
4a09d9ee
MW		 452METHOD(task_manager_t, initiate, status_t,
453 private_task_manager_t *this)
454{
26b55dc6
MW		 455 enumerator_t *enumerator;
456 task_t *task;
457 message_t *message;
458 host_t *me, *other;
73aaf76b 459 exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
7ce504e1 460 bool new_mid = FALSE, expect_response = FALSE, cancelled = FALSE, keep = FALSE;
73aaf76b 461
477559ca
MW		 462 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED &&
463 this->initiating.type != INFORMATIONAL_V1)
26b55dc6
MW		 464 {
465 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
466 exchange_type_names, this->initiating.type);
467 /* do not initiate if we already have a message in the air */
468 return SUCCESS;
469 }
470
471 if (this->active_tasks->get_count(this->active_tasks) == 0)
472 {
473 DBG2(DBG_IKE, "activating new tasks");
474 switch (this->ike_sa->get_state(this->ike_sa))
475 {
476 case IKE_CREATED:
2e3c9f87 477 activate_task(this, TASK_ISAKMP_VENDOR);
824dc0ad 478 activate_task(this, TASK_ISAKMP_CERT_PRE);
a09972df 479 if (activate_task(this, TASK_MAIN_MODE))
26b55dc6
MW		 480 {
481 exchange = ID_PROT;
482 }
830ab2ae
MW		 483 else if (activate_task(this, TASK_AGGRESSIVE_MODE))
484 {
485 exchange = AGGRESSIVE;
486 }
487 activate_task(this, TASK_ISAKMP_CERT_POST);
488 activate_task(this, TASK_ISAKMP_NATD);
26b55dc6 489 break;
c5dc9d33 490 case IKE_CONNECTING:
429d95fe
MW		 491 if (activate_task(this, TASK_ISAKMP_DELETE))
492 {
493 exchange = INFORMATIONAL_V1;
494 new_mid = TRUE;
495 break;
496 }
69adeb5b 497 if (activate_task(this, TASK_XAUTH))
744c0801 498 {
c5dc9d33 499 exchange = TRANSACTION;
3e246c48 500 new_mid = TRUE;
429d95fe 501 break;
744c0801 502 }
accf4612
MW		 503 if (activate_task(this, TASK_INFORMATIONAL))
504 {
505 exchange = INFORMATIONAL_V1;
506 new_mid = TRUE;
429d95fe 507 break;
accf4612 508 }
c5dc9d33
CO		 509 break;
510 case IKE_ESTABLISHED:
156b8662
MW		 511 if (activate_task(this, TASK_MODE_CONFIG))
512 {
513 exchange = TRANSACTION;
514 new_mid = TRUE;
515 break;
516 }
27137790
MW		 517 if (!mode_config_expected(this) &&
518 activate_task(this, TASK_QUICK_MODE))
23f4e4b4 519 {
c5dc9d33 520 exchange = QUICK_MODE;
3e246c48
MW		 521 new_mid = TRUE;
522 break;
23f4e4b4 523 }
accf4612
MW		 524 if (activate_task(this, TASK_INFORMATIONAL))
525 {
526 exchange = INFORMATIONAL_V1;
527 new_mid = TRUE;
429d95fe 528 break;
accf4612 529 }
daee47ba 530 if (activate_task(this, TASK_QUICK_DELETE))
8ef2bae4
MW		 531 {
532 exchange = INFORMATIONAL_V1;
533 new_mid = TRUE;
429d95fe 534 break;
8ef2bae4 535 }
daee47ba 536 if (activate_task(this, TASK_ISAKMP_DELETE))
8ef2bae4
MW		 537 {
538 exchange = INFORMATIONAL_V1;
539 new_mid = TRUE;
429d95fe 540 break;
8ef2bae4 541 }
3e6b7403
CO		 542 if (activate_task(this, TASK_ISAKMP_DPD))
543 {
544 exchange = INFORMATIONAL_V1;
545 new_mid = TRUE;
546 break;
547 }
744c0801 548 break;
26b55dc6
MW		 549 default:
550 break;
551 }
552 }
553 else
554 {
555 DBG2(DBG_IKE, "reinitiating already active tasks");
556 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
557 while (enumerator->enumerate(enumerator, (void**)&task))
558 {
559 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
560 switch (task->get_type(task))
561 {
a09972df 562 case TASK_MAIN_MODE:
26b55dc6
MW		 563 exchange = ID_PROT;
564 break;
830ab2ae
MW		 565 case TASK_AGGRESSIVE_MODE:
566 exchange = AGGRESSIVE;
567 break;
744c0801
MW		 568 case TASK_QUICK_MODE:
569 exchange = QUICK_MODE;
570 break;
69adeb5b 571 case TASK_XAUTH:
52ac2ceb
CO		 572 exchange = TRANSACTION;
573 new_mid = TRUE;
574 break;
26b55dc6
MW		 575 default:
576 continue;
577 }
578 break;
579 }
580 enumerator->destroy(enumerator);
581 }
582
73aaf76b 583 if (exchange == EXCHANGE_TYPE_UNDEFINED)
26b55dc6
MW		 584 {
585 DBG2(DBG_IKE, "nothing to initiate");
586 /* nothing to do yet... */
587 return SUCCESS;
588 }
589
590 me = this->ike_sa->get_my_host(this->ike_sa);
591 other = this->ike_sa->get_other_host(this->ike_sa);
592
3e246c48 593 if (new_mid)
26b55dc6 594 {
1bb9c51e
TB		 595 if (!this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
596 (void*)&this->initiating.mid))
597 {
598 DBG1(DBG_IKE, "failed to allocate message ID, destroying IKE_SA");
599 flush(this);
600 return DESTROY_ME;
601 }
26b55dc6 602 }
1bb9c51e 603 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
3e246c48 604 message->set_message_id(message, this->initiating.mid);
26b55dc6
MW		 605 message->set_source(message, me->clone(me));
606 message->set_destination(message, other->clone(other));
607 message->set_exchange_type(message, exchange);
608 this->initiating.type = exchange;
609 this->initiating.retransmitted = 0;
610
611 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
612 while (enumerator->enumerate(enumerator, (void*)&task))
613 {
614 switch (task->build(task, message))
615 {
616 case SUCCESS:
617 /* task completed, remove it */
618 this->active_tasks->remove_at(this->active_tasks, enumerator);
182d55b2
MW		 619 if (task->get_type(task) == TASK_AGGRESSIVE_MODE ||
620 task->get_type(task) == TASK_QUICK_MODE)
1b82eb23
MW		 621 { /* last message of three message exchange */
622 keep = TRUE;
623 }
26b55dc6 624 task->destroy(task);
590ca1d4 625 continue;
26b55dc6 626 case NEED_MORE:
751bd02e 627 expect_response = TRUE;
26b55dc6 628 /* processed, but task needs another exchange */
590ca1d4
MW		 629 continue;
630 case ALREADY_DONE:
7ce504e1 631 cancelled = TRUE;
26b55dc6
MW		 632 break;
633 case FAILED:
634 default:
635 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
636 {
637 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
638 }
639 /* FALL */
640 case DESTROY_ME:
641 /* critical failure, destroy IKE_SA */
642 enumerator->destroy(enumerator);
643 message->destroy(message);
644 flush(this);
645 return DESTROY_ME;
646 }
590ca1d4 647 break;
26b55dc6
MW		 648 }
649 enumerator->destroy(enumerator);
650
1b82eb23
MW		 651 if (this->active_tasks->get_count(this->active_tasks) == 0 &&
652 (exchange == QUICK_MODE || exchange == AGGRESSIVE))
41fbde45
MW		 653 { /* tasks completed, no exchange active anymore */
654 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
655 }
7ce504e1 656 if (cancelled)
b64d6423
MW		 657 {
658 message->destroy(message);
659 return initiate(this);
660 }
26b55dc6 661
127a98dc
TB		 662 clear_packets(this->initiating.packets);
663 if (!generate_message(this, message, &this->initiating.packets))
26b55dc6
MW		 664 {
665 /* message generation failed. There is nothing more to do than to
666 * close the SA */
667 message->destroy(message);
668 flush(this);
669 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
670 return DESTROY_ME;
671 }
26b55dc6 672
f5a84055 673 this->initiating.seqnr++;
3babde90 674 if (expect_response)
751bd02e 675 {
f5a84055 676 message->destroy(message);
751bd02e
CO		 677 return retransmit(this, this->initiating.seqnr);
678 }
1b82eb23
MW		 679 if (keep)
680 { /* keep the packet for retransmission, the responder might request it */
127a98dc 681 send_packets(this, this->initiating.packets);
f5a84055
MW		 682 }
683 else
684 {
127a98dc
TB		 685 send_packets(this, this->initiating.packets);
686 clear_packets(this->initiating.packets);
f5a84055
MW		 687 }
688 message->destroy(message);
46505067 689
07095794 690 if (exchange == INFORMATIONAL_V1)
46505067 691 {
07095794
MW		 692 switch (this->ike_sa->get_state(this->ike_sa))
693 {
694 case IKE_CONNECTING:
695 /* close after sending an INFORMATIONAL when unestablished */
696 return FAILED;
697 case IKE_DELETING:
698 /* close after sending a DELETE */
699 return DESTROY_ME;
700 default:
701 break;
702 }
46505067 703 }
daee47ba 704 return initiate(this);
4a09d9ee
MW		 705}
706
4a09d9ee
MW		 707/**
708 * build a response depending on the "passive" task list
709 */
710static status_t build_response(private_task_manager_t *this, message_t *request)
711{
712 enumerator_t *enumerator;
713 task_t *task;
714 message_t *message;
715 host_t *me, *other;
7ce504e1 716 bool delete = FALSE, cancelled = FALSE, expect_request = FALSE;
4a09d9ee
MW		 717
718 me = request->get_destination(request);
719 other = request->get_source(request);
720
721 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
722 message->set_exchange_type(message, request->get_exchange_type(request));
723 /* send response along the path the request came in */
724 message->set_source(message, me->clone(me));
725 message->set_destination(message, other->clone(other));
1b82eb23 726 message->set_message_id(message, request->get_message_id(request));
4a09d9ee
MW		 727 message->set_request(message, FALSE);
728
f5a84055
MW		 729 this->responding.mid = request->get_message_id(request);
730 this->responding.retransmitted = 0;
731 this->responding.seqnr++;
732
4a09d9ee
MW		 733 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
734 while (enumerator->enumerate(enumerator, (void*)&task))
735 {
736 switch (task->build(task, message))
737 {
738 case SUCCESS:
739 /* task completed, remove it */
740 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
f5a84055 741 task->destroy(task);
590ca1d4 742 continue;
4a09d9ee
MW		 743 case NEED_MORE:
744 /* processed, but task needs another exchange */
346dad30
MW		 745 if (task->get_type(task) == TASK_QUICK_MODE ||
746 task->get_type(task) == TASK_AGGRESSIVE_MODE)
f5a84055
MW		 747 { /* we rely on initiator retransmission, except for
748 * three-message exchanges */
749 expect_request = TRUE;
4a09d9ee 750 }
590ca1d4
MW		 751 continue;
752 case ALREADY_DONE:
7ce504e1 753 cancelled = TRUE;
4a09d9ee 754 break;
37a22a16
TB		 755 case INVALID_ARG:
756 if (task->get_type(task) == TASK_QUICK_MODE)
757 { /* not responsible for this exchange */
758 continue;
759 }
760 /* FALL */
4a09d9ee
MW		 761 case FAILED:
762 default:
763 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
764 /* FALL */
765 case DESTROY_ME:
766 /* destroy IKE_SA, but SEND response first */
767 delete = TRUE;
768 break;
769 }
590ca1d4 770 break;
4a09d9ee
MW		 771 }
772 enumerator->destroy(enumerator);
773
127a98dc 774 clear_packets(this->responding.packets);
7ce504e1 775 if (cancelled)
b64d6423
MW		 776 {
777 message->destroy(message);
778 return initiate(this);
779 }
127a98dc 780 if (!generate_message(this, message, &this->responding.packets))
4a09d9ee 781 {
127a98dc 782 message->destroy(message);
4a09d9ee
MW		 783 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
784 return DESTROY_ME;
785 }
127a98dc 786 message->destroy(message);
4a09d9ee 787
f5a84055
MW		 788 if (expect_request && !delete)
789 {
790 return retransmit(this, this->responding.seqnr);
791 }
127a98dc 792 send_packets(this, this->responding.packets);
4a09d9ee
MW		 793 if (delete)
794 {
795 return DESTROY_ME;
796 }
797 return SUCCESS;
798}
799
fbbd439b
CO		 800/**
801 * Send a notify in a separate INFORMATIONAL exchange back to the sender.
e647c98a 802 * The notify protocol_id is set to ISAKMP
fbbd439b 803 */
b4705269
MW		 804static void send_notify(private_task_manager_t *this, message_t *request,
805 notify_type_t type)
fbbd439b
CO		 806{
807 message_t *response;
127a98dc 808 array_t *packets = NULL;
fbbd439b
CO		 809 host_t *me, *other;
810 u_int32_t mid;
811
3973ffa4 812 if (request->get_exchange_type(request) == INFORMATIONAL_V1)
fbbd439b
CO		 813 { /* don't respond to INFORMATIONAL requests to avoid a notify war */
814 DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
815 return;
816 }
1bb9c51e
TB		 817 if (!this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid))
818 {
819 DBG1(DBG_IKE, "failed to allocate message ID");
820 return;
821 }
fbbd439b
CO		 822 response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
823 response->set_exchange_type(response, INFORMATIONAL_V1);
824 response->set_request(response, TRUE);
fbbd439b 825 response->set_message_id(response, mid);
b4705269 826 response->add_payload(response, (payload_t*)
3ecfc83c 827 notify_payload_create_from_protocol_and_type(PLV1_NOTIFY,
b4705269 828 PROTO_IKE, type));
fbbd439b
CO		 829
830 me = this->ike_sa->get_my_host(this->ike_sa);
831 if (me->is_anyaddr(me))
832 {
833 me = request->get_destination(request);
834 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
835 }
836 other = this->ike_sa->get_other_host(this->ike_sa);
837 if (other->is_anyaddr(other))
838 {
839 other = request->get_source(request);
840 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
841 }
842 response->set_source(response, me->clone(me));
843 response->set_destination(response, other->clone(other));
127a98dc 844 if (generate_message(this, response, &packets))
fbbd439b 845 {
127a98dc 846 send_packets(this, packets);
fbbd439b 847 }
127a98dc
TB		 848 clear_packets(packets);
849 array_destroy(packets);
fbbd439b
CO		 850 response->destroy(response);
851}
852
24742c0f
MW		 853/**
854 * Process a DPD request/response
855 */
856static bool process_dpd(private_task_manager_t *this, message_t *message)
857{
858 notify_payload_t *notify;
859 notify_type_t type;
860 u_int32_t seq;
861 chunk_t data;
862
863 type = DPD_R_U_THERE;
864 notify = message->get_notify(message, type);
865 if (!notify)
866 {
867 type = DPD_R_U_THERE_ACK;
868 notify = message->get_notify(message, type);
869 }
870 if (!notify)
871 {
872 return FALSE;
873 }
874 data = notify->get_notification_data(notify);
875 if (data.len != 4)
876 {
877 return FALSE;
878 }
879 seq = untoh32(data.ptr);
880
881 if (type == DPD_R_U_THERE)
882 {
883 if (this->dpd_recv == 0 || seq == this->dpd_recv)
884 { /* check sequence validity */
885 this->dpd_recv = seq + 1;
886 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
887 time_monotonic(NULL));
888 }
889 /* but respond anyway */
890 this->ike_sa->queue_task(this->ike_sa,
891 &isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE_ACK, seq)->task);
892 }
893 else /* DPD_R_U_THERE_ACK */
894 {
895 if (seq == this->dpd_send - 1)
896 {
897 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
898 time_monotonic(NULL));
899 }
900 else
901 {
902 DBG1(DBG_IKE, "received invalid DPD sequence number %u "
903 "(expected %u), ignored", seq, this->dpd_send - 1);
904 }
905 }
906 return TRUE;
907}
908
4de361d9
TB		 909/**
910 * Check if we already have a quick mode task queued for the exchange with the
911 * given message ID
912 */
913static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid)
914{
915 enumerator_t *enumerator;
916 quick_mode_t *qm;
917 task_t *task;
918 bool found = FALSE;
919
920 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
921 while (enumerator->enumerate(enumerator, &task))
922 {
923 if (task->get_type(task) == TASK_QUICK_MODE)
924 {
925 qm = (quick_mode_t*)task;
926 if (qm->get_mid(qm) == mid)
927 {
928 found = TRUE;
929 break;
930 }
931 }
932 }
933 enumerator->destroy(enumerator);
934 return found;
935}
936
b0b0c913
TB		 937/**
938 * Check if we still have an aggressive mode task queued
939 */
940static bool have_aggressive_mode_task(private_task_manager_t *this)
941{
942 enumerator_t *enumerator;
943 task_t *task;
944 bool found = FALSE;
945
946 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
947 while (enumerator->enumerate(enumerator, &task))
948 {
949 if (task->get_type(task) == TASK_AGGRESSIVE_MODE)
950 {
951 found = TRUE;
952 break;
953 }
954 }
955 enumerator->destroy(enumerator);
956 return found;
957}
958
4a09d9ee
MW		 959/**
960 * handle an incoming request message
961 */
962static status_t process_request(private_task_manager_t *this,
963 message_t *message)
964{
965 enumerator_t *enumerator;
966 task_t *task = NULL;
ff6b084a 967 bool send_response = FALSE, dpd = FALSE;
4a09d9ee 968
9276f712 969 if (message->get_exchange_type(message) == INFORMATIONAL_V1 ||
4de361d9 970 message->get_exchange_type(message) == QUICK_MODE ||
9276f712 971 this->passive_tasks->get_count(this->passive_tasks) == 0)
4a09d9ee
MW		 972 { /* create tasks depending on request type, if not already some queued */
973 switch (message->get_exchange_type(message))
974 {
975 case ID_PROT:
2e3c9f87 976 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
01685247 977 this->passive_tasks->insert_last(this->passive_tasks, task);
824dc0ad 978 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
8ad5cd1f 979 this->passive_tasks->insert_last(this->passive_tasks, task);
c73c832c
MW		 980 task = (task_t *)main_mode_create(this->ike_sa, FALSE);
981 this->passive_tasks->insert_last(this->passive_tasks, task);
0aa2af5e 982 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
c64a4b4f 983 this->passive_tasks->insert_last(this->passive_tasks, task);
79d6fc7f 984 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
1cc4ec46 985 this->passive_tasks->insert_last(this->passive_tasks, task);
4a09d9ee
MW		 986 break;
987 case AGGRESSIVE:
830ab2ae
MW		 988 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
989 this->passive_tasks->insert_last(this->passive_tasks, task);
990 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
991 this->passive_tasks->insert_last(this->passive_tasks, task);
992 task = (task_t *)aggressive_mode_create(this->ike_sa, FALSE);
993 this->passive_tasks->insert_last(this->passive_tasks, task);
994 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
995 this->passive_tasks->insert_last(this->passive_tasks, task);
996 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
997 this->passive_tasks->insert_last(this->passive_tasks, task);
998 break;
4a09d9ee 999 case QUICK_MODE:
a22b9e4f
MW		 1000 if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
1001 {
1002 DBG1(DBG_IKE, "received quick mode request for "
1003 "unestablished IKE_SA, ignored");
1004 return FAILED;
1005 }
4de361d9
TB		 1006 if (have_quick_mode_task(this, message->get_message_id(message)))
1007 {
1008 break;
1009 }
744c0801
MW		 1010 task = (task_t *)quick_mode_create(this->ike_sa, NULL,
1011 NULL, NULL);
1012 this->passive_tasks->insert_last(this->passive_tasks, task);
1013 break;
4a09d9ee 1014 case INFORMATIONAL_V1:
24742c0f 1015 if (process_dpd(this, message))
2ddd45c9 1016 {
ff6b084a 1017 dpd = TRUE;
2ddd45c9
MW		 1018 }
1019 else
1020 {
1021 task = (task_t *)informational_create(this->ike_sa, NULL);
24742c0f 1022 this->passive_tasks->insert_first(this->passive_tasks, task);
2ddd45c9 1023 }
07abb470 1024 break;
c5dc9d33 1025 case TRANSACTION:
764035d5 1026 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
156b8662 1027 {
e3311e9b
MW		 1028 task = (task_t *)mode_config_create(this->ike_sa,
1029 FALSE, TRUE);
156b8662
MW		 1030 }
1031 else
1032 {
1033 task = (task_t *)xauth_create(this->ike_sa, FALSE);
1034 }
c5dc9d33
CO		 1035 this->passive_tasks->insert_last(this->passive_tasks, task);
1036 break;
4a09d9ee
MW		 1037 default:
1038 return FAILED;
1039 }
1040 }
24742c0f 1041 if (dpd)
ff6b084a 1042 {
24742c0f 1043 return initiate(this);
ff6b084a 1044 }
24742c0f
MW		 1045 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND, time_monotonic(NULL));
1046
4a09d9ee
MW		 1047 /* let the tasks process the message */
1048 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
1049 while (enumerator->enumerate(enumerator, (void*)&task))
1050 {
1051 switch (task->process(task, message))
1052 {
1053 case SUCCESS:
1054 /* task completed, remove it */
1055 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
1056 task->destroy(task);
590ca1d4 1057 continue;
4a09d9ee
MW		 1058 case NEED_MORE:
1059 /* processed, but task needs at least another call to build() */
8cb6f4f9 1060 send_response = TRUE;
590ca1d4
MW		 1061 continue;
1062 case ALREADY_DONE:
1063 send_response = FALSE;
4a09d9ee 1064 break;
37a22a16
TB		 1065 case INVALID_ARG:
1066 if (task->get_type(task) == TASK_QUICK_MODE)
1067 { /* not responsible for this exchange */
1068 continue;
1069 }
1070 /* FALL */
4a09d9ee
MW		 1071 case FAILED:
1072 default:
1073 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1074 /* FALL */
1075 case DESTROY_ME:
1076 /* critical failure, destroy IKE_SA */
1077 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
1078 enumerator->destroy(enumerator);
1079 task->destroy(task);
1080 return DESTROY_ME;
1081 }
590ca1d4 1082 break;
4a09d9ee
MW		 1083 }
1084 enumerator->destroy(enumerator);
1085
8cb6f4f9
TB		 1086 if (send_response)
1087 {
69adeb5b
MW		 1088 if (build_response(this, message) != SUCCESS)
1089 {
1090 return DESTROY_ME;
1091 }
1092 }
7b34de45
MW		 1093 else
1094 { /* We don't send a response, so don't retransmit one if we get
1095 * the same message again. */
127a98dc 1096 clear_packets(this->responding.packets);
7b34de45 1097 }
69adeb5b
MW		 1098 if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
1099 this->queued_tasks->get_count(this->queued_tasks) > 0)
1100 {
1101 /* passive tasks completed, check if an active task has been queued,
1102 * such as XAUTH or modeconfig push */
1103 return initiate(this);
8cb6f4f9
TB		 1104 }
1105 return SUCCESS;
4a09d9ee
MW		 1106}
1107
26b55dc6
MW		 1108/**
1109 * handle an incoming response message
1110 */
1111static status_t process_response(private_task_manager_t *this,
1112 message_t *message)
1113{
1114 enumerator_t *enumerator;
4e98ca18 1115 message_t *queued;
f91b6ac7 1116 status_t status;
26b55dc6
MW		 1117 task_t *task;
1118
1119 if (message->get_exchange_type(message) != this->initiating.type)
1120 {
0235914d
MW		 1121 /* Windows server sends a fourth quick mode message having an initial
1122 * contact notify. Ignore this message for compatibility. */
1123 if (this->initiating.type == EXCHANGE_TYPE_UNDEFINED &&
1124 message->get_exchange_type(message) == QUICK_MODE &&
1125 message->get_notify(message, INITIAL_CONTACT))
1126 {
1127 DBG1(DBG_IKE, "ignoring fourth Quick Mode message");
1128 return SUCCESS;
1129 }
26b55dc6
MW		 1130 DBG1(DBG_IKE, "received %N response, but expected %N",
1131 exchange_type_names, message->get_exchange_type(message),
1132 exchange_type_names, this->initiating.type);
1133 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1134 return DESTROY_ME;
1135 }
1136
1137 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
1138 while (enumerator->enumerate(enumerator, (void*)&task))
1139 {
1140 switch (task->process(task, message))
1141 {
1142 case SUCCESS:
1143 /* task completed, remove it */
1144 this->active_tasks->remove_at(this->active_tasks, enumerator);
1145 task->destroy(task);
590ca1d4 1146 continue;
26b55dc6
MW		 1147 case NEED_MORE:
1148 /* processed, but task needs another exchange */
590ca1d4
MW		 1149 continue;
1150 case ALREADY_DONE:
26b55dc6
MW		 1151 break;
1152 case FAILED:
1153 default:
1154 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1155 /* FALL */
1156 case DESTROY_ME:
1157 /* critical failure, destroy IKE_SA */
1158 this->active_tasks->remove_at(this->active_tasks, enumerator);
1159 enumerator->destroy(enumerator);
1160 task->destroy(task);
1161 return DESTROY_ME;
1162 }
590ca1d4 1163 break;
26b55dc6
MW		 1164 }
1165 enumerator->destroy(enumerator);
1166
1167 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
127a98dc 1168 clear_packets(this->initiating.packets);
26b55dc6 1169
3805880c
TB		 1170 if (this->queued && !this->active_tasks->get_count(this->active_tasks) &&
1171 this->queued->get_exchange_type(this->queued) == TRANSACTION)
f91b6ac7 1172 {
4e98ca18 1173 queued = this->queued;
f91b6ac7 1174 this->queued = NULL;
4e98ca18
MW		 1175 status = this->public.task_manager.process_message(
1176 &this->public.task_manager, queued);
1177 queued->destroy(queued);
f91b6ac7
MW		 1178 if (status == DESTROY_ME)
1179 {
1180 return status;
1181 }
1182 }
1183
26b55dc6
MW		 1184 return initiate(this);
1185}
1186
30216000
TB		 1187static status_t handle_fragment(private_task_manager_t *this, message_t *msg)
1188{
70e0be07 1189 status_t status;
30216000 1190
70e0be07 1191 if (!this->defrag)
30216000 1192 {
70e0be07
TB		 1193 this->defrag = message_create_defrag(msg);
1194 if (!this->defrag)
30216000 1195 {
70e0be07 1196 return FAILED;
30216000
TB		 1197 }
1198 }
70e0be07
TB		 1199 status = this->defrag->add_fragment(this->defrag, msg);
1200 if (status == SUCCESS)
8fc83834 1201 {
70e0be07
TB		 1202 lib->processor->queue_job(lib->processor,
1203 (job_t*)process_message_job_create(this->defrag));
1204 this->defrag = NULL;
1205 /* do not process the last fragment */
30216000
TB		 1206 status = NEED_MORE;
1207 }
1208 return status;
1209}
1210
b235e69c
TB		 1211/**
1212 * Parse the given message and verify that it is valid.
1213 */
1214static status_t parse_message(private_task_manager_t *this, message_t *msg)
1215{
1216 status_t status;
1217
1218 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
1219
1220 if (status != SUCCESS)
1221 {
1222 switch (status)
1223 {
29a5e070
TB		 1224 case NOT_SUPPORTED:
1225 DBG1(DBG_IKE, "unsupported exchange type");
b4705269 1226 send_notify(this, msg, INVALID_EXCHANGE_TYPE);
29a5e070 1227 break;
b235e69c
TB		 1228 case PARSE_ERROR:
1229 DBG1(DBG_IKE, "message parsing failed");
b4705269 1230 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1231 break;
1232 case VERIFY_ERROR:
1233 DBG1(DBG_IKE, "message verification failed");
b4705269 1234 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1235 break;
1236 case FAILED:
1237 DBG1(DBG_IKE, "integrity check failed");
b4705269 1238 send_notify(this, msg, INVALID_HASH_INFORMATION);
b235e69c
TB		 1239 break;
1240 case INVALID_STATE:
1241 DBG1(DBG_IKE, "found encrypted message, but no keys available");
b4705269 1242 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1243 default:
1244 break;
1245 }
f5ef3577 1246 DBG1(DBG_IKE, "%N %s with message ID %u processing failed",
b235e69c
TB		 1247 exchange_type_names, msg->get_exchange_type(msg),
1248 msg->get_request(msg) ? "request" : "response",
1249 msg->get_message_id(msg));
1250
418f4bc7
MW		 1251 charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_BODY, msg, status);
1252
b235e69c
TB		 1253 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1254 { /* invalid initiation attempt, close SA */
1255 return DESTROY_ME;
1256 }
1257 }
30216000 1258
3ecfc83c 1259 if (msg->get_first_payload_type(msg) == PLV1_FRAGMENT)
30216000
TB		 1260 {
1261 return handle_fragment(this, msg);
1262 }
b235e69c
TB		 1263 return status;
1264}
1265
3f56f731
TB		 1266/**
1267 * Queue the given message if possible
1268 */
1269static status_t queue_message(private_task_manager_t *this, message_t *msg)
1270{
1271 if (this->queued)
1272 {
1273 DBG1(DBG_IKE, "ignoring %N request, queue full",
1274 exchange_type_names, msg->get_exchange_type(msg));
1275 return FAILED;
1276 }
1277 this->queued = message_create_from_packet(msg->get_packet(msg));
1278 if (this->queued->parse_header(this->queued) != SUCCESS)
1279 {
1280 this->queued->destroy(this->queued);
1281 this->queued = NULL;
1282 return FAILED;
1283 }
1284 DBG1(DBG_IKE, "queueing %N request as tasks still active",
1285 exchange_type_names, msg->get_exchange_type(msg));
1286 return SUCCESS;
1287}
1288
4a09d9ee
MW		 1289METHOD(task_manager_t, process_message, status_t,
1290 private_task_manager_t *this, message_t *msg)
1291{
fce566a8 1292 u_int32_t hash, mid, i;
3d59c5c3 1293 host_t *me, *other;
68c6863b 1294 status_t status;
73aaf76b 1295
1960312c 1296 /* TODO-IKEv1: update hosts more selectively */
3d59c5c3
TB		 1297 me = msg->get_destination(msg);
1298 other = msg->get_source(msg);
68c6863b 1299 mid = msg->get_message_id(msg);
fce566a8
MW		 1300 hash = chunk_hash(msg->get_packet_data(msg));
1301 for (i = 0; i < MAX_OLD_HASHES; i++)
1302 {
1303 if (this->initiating.old_hashes[i] == hash)
1304 {
127a98dc 1305 if (array_count(this->initiating.packets) &&
f5a84055 1306 i == (this->initiating.old_hash_pos % MAX_OLD_HASHES) &&
346dad30
MW		 1307 (msg->get_exchange_type(msg) == QUICK_MODE ||
1308 msg->get_exchange_type(msg) == AGGRESSIVE))
f5a84055
MW		 1309 {
1310 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1311 "resending last request", mid);
127a98dc 1312 send_packets(this, this->initiating.packets);
f5a84055
MW		 1313 return SUCCESS;
1314 }
fce566a8
MW		 1315 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1316 "but next request already sent", mid);
1317 return SUCCESS;
1318 }
1319 }
1960312c 1320
2ddd45c9 1321 if ((mid && mid == this->initiating.mid) ||
73aaf76b 1322 (this->initiating.mid == 0 &&
1cc3e92c 1323 msg->get_exchange_type(msg) == this->initiating.type &&
dc8e9647 1324 this->active_tasks->get_count(this->active_tasks)))
4a09d9ee 1325 {
7519106d 1326 msg->set_request(msg, FALSE);
47b8f6ef 1327 charon->bus->message(charon->bus, msg, TRUE, FALSE);
b235e69c 1328 status = parse_message(this, msg);
30216000
TB		 1329 if (status == NEED_MORE)
1330 {
1331 return SUCCESS;
1332 }
1960312c
TB		 1333 if (status != SUCCESS)
1334 {
1335 return status;
1336 }
1337 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1338 time_monotonic(NULL));
3d59c5c3 1339 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
47b8f6ef 1340 charon->bus->message(charon->bus, msg, TRUE, TRUE);
73aaf76b 1341 if (process_response(this, msg) != SUCCESS)
4a09d9ee
MW		 1342 {
1343 flush(this);
1344 return DESTROY_ME;
1345 }
f5a84055 1346 this->initiating.old_hashes[(++this->initiating.old_hash_pos) %
fce566a8 1347 MAX_OLD_HASHES] = hash;
4a09d9ee
MW		 1348 }
1349 else
1350 {
7b34de45 1351 if (hash == this->responding.hash)
73aaf76b 1352 {
127a98dc 1353 if (array_count(this->responding.packets))
7b34de45
MW		 1354 {
1355 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1356 "retransmitting response", mid);
127a98dc 1357 send_packets(this, this->responding.packets);
7b34de45 1358 }
127a98dc 1359 else if (array_count(this->initiating.packets) &&
1b82eb23
MW		 1360 this->initiating.type == INFORMATIONAL_V1)
1361 {
1362 DBG1(DBG_IKE, "received retransmit of DPD request, "
1363 "retransmitting response");
127a98dc 1364 send_packets(this, this->initiating.packets);
1b82eb23 1365 }
7b34de45
MW		 1366 else
1367 {
1368 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1369 "but no response to retransmit", mid);
1370 }
3c79b7b7 1371 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
73aaf76b
MW		 1372 return SUCCESS;
1373 }
cdf75a39 1374
cf95d292 1375 /* reject Main/Aggressive Modes once established */
cdf75a39
MW		 1376 if (msg->get_exchange_type(msg) == ID_PROT ||
1377 msg->get_exchange_type(msg) == AGGRESSIVE)
1378 {
1379 if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
1380 this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING &&
3ecfc83c 1381 msg->get_first_payload_type(msg) != PLV1_FRAGMENT)
cdf75a39
MW		 1382 {
1383 DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
1384 exchange_type_names, msg->get_exchange_type(msg));
1385 return FAILED;
1386 }
1387 }
1388
b0b0c913
TB		 1389 /* drop XAuth/Mode Config/Quick Mode messages until we received the last
1390 * Aggressive Mode message */
1391 if (have_aggressive_mode_task(this) &&
1392 msg->get_exchange_type(msg) != AGGRESSIVE)
1393 {
1394 DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
1395 exchange_type_names, msg->get_exchange_type(msg));
1396 return FAILED;
1397 }
1398
3f56f731
TB		 1399 /* queue XAuth/Mode Config messages unless the Main Mode exchange we
1400 * initiated is complete */
f91b6ac7 1401 if (msg->get_exchange_type(msg) == TRANSACTION &&
0b0191e1 1402 this->active_tasks->get_count(this->active_tasks))
3f56f731
TB		 1403 {
1404 return queue_message(this, msg);
f91b6ac7
MW		 1405 }
1406
7519106d 1407 msg->set_request(msg, TRUE);
47b8f6ef 1408 charon->bus->message(charon->bus, msg, TRUE, FALSE);
b235e69c 1409 status = parse_message(this, msg);
30216000
TB		 1410 if (status == NEED_MORE)
1411 {
1412 return SUCCESS;
1413 }
1960312c
TB		 1414 if (status != SUCCESS)
1415 {
1416 return status;
1417 }
1418 /* if this IKE_SA is virgin, we check for a config */
1419 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1420 {
1421 ike_sa_id_t *ike_sa_id;
1422 ike_cfg_t *ike_cfg;
1423 job_t *job;
f5a84055 1424
79101163
MW		 1425 ike_cfg = charon->backends->get_ike_cfg(charon->backends,
1426 me, other, IKEV1);
1960312c
TB		 1427 if (ike_cfg == NULL)
1428 {
1429 /* no config found for these hosts, destroy */
4cfd0db8
TB		 1430 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1431 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
b4705269 1432 send_notify(this, msg, NO_PROPOSAL_CHOSEN);
1960312c
TB		 1433 return DESTROY_ME;
1434 }
1435 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1436 ike_cfg->destroy(ike_cfg);
1437 /* add a timeout if peer does not establish it completely */
1438 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1439 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1440 lib->scheduler->schedule_job(lib->scheduler, job,
1441 lib->settings->get_int(lib->settings,
42500c27 1442 "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
d223fe80 1443 lib->ns));
1960312c 1444 }
3d59c5c3 1445 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
47b8f6ef 1446 charon->bus->message(charon->bus, msg, TRUE, TRUE);
73aaf76b 1447 if (process_request(this, msg) != SUCCESS)
26b55dc6
MW		 1448 {
1449 flush(this);
1450 return DESTROY_ME;
1451 }
9cc8bd4f 1452 this->responding.hash = hash;
4a09d9ee
MW		 1453 }
1454 return SUCCESS;
1455}
1456
8ed976c0
MW		 1457/**
1458 * Check if a given task has been queued already
1459 */
1460static bool has_queued(private_task_manager_t *this, task_type_t type)
1461{
1462 enumerator_t *enumerator;
1463 bool found = FALSE;
1464 task_t *task;
1465
1466 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1467 while (enumerator->enumerate(enumerator, &task))
1468 {
1469 if (task->get_type(task) == type)
1470 {
1471 found = TRUE;
1472 break;
1473 }
1474 }
1475 enumerator->destroy(enumerator);
1476 return found;
1477}
1478
d4828f51
TB		 1479METHOD(task_manager_t, queue_task, void,
1480 private_task_manager_t *this, task_t *task)
1481{
1482 task_type_t type = task->get_type(task);
1483
1484 switch (type)
1485 {
1486 case TASK_MODE_CONFIG:
1487 case TASK_XAUTH:
1488 if (has_queued(this, type))
1489 {
1490 task->destroy(task);
1491 return;
1492 }
1493 break;
1494 default:
1495 break;
1496 }
1497 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1498 this->queued_tasks->insert_last(this->queued_tasks, task);
1499}
1500
a60daa07
MW		 1501METHOD(task_manager_t, queue_ike, void,
1502 private_task_manager_t *this)
1503{
830ab2ae
MW		 1504 peer_cfg_t *peer_cfg;
1505
8ed976c0
MW		 1506 if (!has_queued(this, TASK_ISAKMP_VENDOR))
1507 {
1508 queue_task(this, (task_t*)isakmp_vendor_create(this->ike_sa, TRUE));
1509 }
1510 if (!has_queued(this, TASK_ISAKMP_CERT_PRE))
1511 {
1512 queue_task(this, (task_t*)isakmp_cert_pre_create(this->ike_sa, TRUE));
1513 }
830ab2ae
MW		 1514 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1515 if (peer_cfg->use_aggressive(peer_cfg))
8ed976c0 1516 {
830ab2ae
MW		 1517 if (!has_queued(this, TASK_AGGRESSIVE_MODE))
1518 {
1519 queue_task(this, (task_t*)aggressive_mode_create(this->ike_sa, TRUE));
1520 }
1521 }
1522 else
1523 {
1524 if (!has_queued(this, TASK_MAIN_MODE))
1525 {
1526 queue_task(this, (task_t*)main_mode_create(this->ike_sa, TRUE));
1527 }
8ed976c0
MW		 1528 }
1529 if (!has_queued(this, TASK_ISAKMP_CERT_POST))
1530 {
1531 queue_task(this, (task_t*)isakmp_cert_post_create(this->ike_sa, TRUE));
1532 }
1533 if (!has_queued(this, TASK_ISAKMP_NATD))
1534 {
1535 queue_task(this, (task_t*)isakmp_natd_create(this->ike_sa, TRUE));
1536 }
a60daa07
MW		 1537}
1538
4f49b068 1539METHOD(task_manager_t, queue_ike_reauth, void,
dab60d64
MW		 1540 private_task_manager_t *this)
1541{
4f49b068
MW		 1542 enumerator_t *enumerator;
1543 child_sa_t *child_sa;
1544 ike_sa_t *new;
1545 host_t *host;
1546
1547 new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
1548 this->ike_sa->get_version(this->ike_sa), TRUE);
1549 if (!new)
1550 { /* shouldn't happen */
1551 return;
1552 }
1553
1554 new->set_peer_cfg(new, this->ike_sa->get_peer_cfg(this->ike_sa));
1555 host = this->ike_sa->get_other_host(this->ike_sa);
1556 new->set_other_host(new, host->clone(host));
1557 host = this->ike_sa->get_my_host(this->ike_sa);
1558 new->set_my_host(new, host->clone(host));
101d26ba
MW		 1559 enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, TRUE);
1560 while (enumerator->enumerate(enumerator, &host))
4f49b068 1561 {
101d26ba 1562 new->add_virtual_ip(new, TRUE, host);
4f49b068 1563 }
101d26ba 1564 enumerator->destroy(enumerator);
4f49b068 1565
6a9a69ae
TB		 1566 charon->bus->children_migrate(charon->bus, new->get_id(new),
1567 new->get_unique_id(new));
4f49b068
MW		 1568 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1569 while (enumerator->enumerate(enumerator, &child_sa))
1570 {
1571 this->ike_sa->remove_child_sa(this->ike_sa, enumerator);
1572 new->add_child_sa(new, child_sa);
1573 }
1574 enumerator->destroy(enumerator);
6a9a69ae
TB		 1575 charon->bus->set_sa(charon->bus, new);
1576 charon->bus->children_migrate(charon->bus, NULL, 0);
1577 charon->bus->set_sa(charon->bus, this->ike_sa);
4f49b068 1578
8254e7ec
TB		 1579 if (!new->get_child_count(new))
1580 { /* check if a Quick Mode task is queued (UNITY_LOAD_BALANCE case) */
1581 task_t *task;
1582
1583 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1584 while (enumerator->enumerate(enumerator, &task))
1585 {
1586 if (task->get_type(task) == TASK_QUICK_MODE)
1587 {
1588 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
1589 task->migrate(task, new);
1590 new->queue_task(new, task);
1591 }
1592 }
1593 enumerator->destroy(enumerator);
1594 }
1595
4f49b068
MW		 1596 if (new->initiate(new, NULL, 0, NULL, NULL) != DESTROY_ME)
1597 {
1598 charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
1b79299b 1599 this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
4f49b068
MW		 1600 }
1601 else
1602 {
1603 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
1604 DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
1605 }
1606 charon->bus->set_sa(charon->bus, this->ike_sa);
dab60d64
MW		 1607}
1608
4f49b068 1609METHOD(task_manager_t, queue_ike_rekey, void,
cedb412e
MW		 1610 private_task_manager_t *this)
1611{
4f49b068 1612 queue_ike_reauth(this);
cedb412e
MW		 1613}
1614
3ed148b3
MW		 1615METHOD(task_manager_t, queue_ike_delete, void,
1616 private_task_manager_t *this)
1617{
daee47ba
MW		 1618 enumerator_t *enumerator;
1619 child_sa_t *child_sa;
1620
1621 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1622 while (enumerator->enumerate(enumerator, &child_sa))
1623 {
1624 queue_task(this, (task_t*)
1625 quick_delete_create(this->ike_sa, child_sa->get_protocol(child_sa),
3a925f74 1626 child_sa->get_spi(child_sa, TRUE), FALSE, FALSE));
daee47ba
MW		 1627 }
1628 enumerator->destroy(enumerator);
1629
3ed148b3
MW		 1630 queue_task(this, (task_t*)isakmp_delete_create(this->ike_sa, TRUE));
1631}
1632
873df908
MW		 1633METHOD(task_manager_t, queue_mobike, void,
1634 private_task_manager_t *this, bool roam, bool address)
1635{
1636 /* Not supported in IKEv1 */
1637}
1638
fe43d9a2
MW		 1639METHOD(task_manager_t, queue_child, void,
1640 private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
1641 traffic_selector_t *tsi, traffic_selector_t *tsr)
1642{
14dc7941
MW		 1643 quick_mode_t *task;
1644
1645 task = quick_mode_create(this->ike_sa, cfg, tsi, tsr);
1646 task->use_reqid(task, reqid);
1647
1648 queue_task(this, &task->task);
fe43d9a2
MW		 1649}
1650
2d4c347a
MW		 1651/**
1652 * Check if two CHILD_SAs have the same traffic selector
1653 */
553bb787 1654static bool have_equal_ts(child_sa_t *child1, child_sa_t *child2, bool local)
2d4c347a 1655{
553bb787
MW		 1656 enumerator_t *e1, *e2;
1657 traffic_selector_t *ts1, *ts2;
1658 bool equal = FALSE;
2d4c347a 1659
553bb787
MW		 1660 e1 = child1->create_ts_enumerator(child1, local);
1661 e2 = child2->create_ts_enumerator(child2, local);
1662 if (e1->enumerate(e1, &ts1) && e2->enumerate(e2, &ts2))
2d4c347a 1663 {
553bb787 1664 equal = ts1->equals(ts1, ts2);
2d4c347a 1665 }
fafa7684 1666 e2->destroy(e2);
553bb787
MW		 1667 e1->destroy(e1);
1668
1669 return equal;
2d4c347a
MW		 1670}
1671
1e24fa46
MW		 1672/**
1673 * Check if a CHILD_SA is redundant and we should delete instead of rekey
1674 */
1675static bool is_redundant(private_task_manager_t *this, child_sa_t *child_sa)
1676{
1677 enumerator_t *enumerator;
1678 child_sa_t *current;
1679 bool redundant = FALSE;
1680
1681 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1682 while (enumerator->enumerate(enumerator, &current))
1683 {
1684 if (current->get_state(current) == CHILD_INSTALLED &&
1685 streq(current->get_name(current), child_sa->get_name(child_sa)) &&
2d4c347a
MW		 1686 have_equal_ts(current, child_sa, TRUE) &&
1687 have_equal_ts(current, child_sa, FALSE) &&
1e24fa46
MW		 1688 current->get_lifetime(current, FALSE) >
1689 child_sa->get_lifetime(child_sa, FALSE))
1690 {
1691 DBG1(DBG_IKE, "deleting redundant CHILD_SA %s{%d}",
246c969d
MW		 1692 child_sa->get_name(child_sa),
1693 child_sa->get_unique_id(child_sa));
1e24fa46
MW		 1694 redundant = TRUE;
1695 break;
1696 }
1697 }
1698 enumerator->destroy(enumerator);
1699
1700 return redundant;
1701}
1702
7a5f372c
MW		 1703/**
1704 * Get the first traffic selector of a CHILD_SA, local or remote
1705 */
1706static traffic_selector_t* get_first_ts(child_sa_t *child_sa, bool local)
1707{
1708 traffic_selector_t *ts = NULL;
553bb787 1709 enumerator_t *enumerator;
7a5f372c 1710
553bb787
MW		 1711 enumerator = child_sa->create_ts_enumerator(child_sa, local);
1712 enumerator->enumerate(enumerator, &ts);
1713 enumerator->destroy(enumerator);
1714
1715 return ts;
7a5f372c
MW		 1716}
1717
463a73cc
MW		 1718METHOD(task_manager_t, queue_child_rekey, void,
1719 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1720{
23eb447c
MW		 1721 child_sa_t *child_sa;
1722 child_cfg_t *cfg;
1723 quick_mode_t *task;
1724
1725 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, TRUE);
1726 if (!child_sa)
1727 {
1728 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE);
1729 }
1730 if (child_sa && child_sa->get_state(child_sa) == CHILD_INSTALLED)
1731 {
1e24fa46
MW		 1732 if (is_redundant(this, child_sa))
1733 {
1734 queue_task(this, (task_t*)quick_delete_create(this->ike_sa,
1735 protocol, spi, FALSE, FALSE));
1736 }
1737 else
1738 {
1739 child_sa->set_state(child_sa, CHILD_REKEYING);
1740 cfg = child_sa->get_config(child_sa);
7a5f372c
MW		 1741 task = quick_mode_create(this->ike_sa, cfg->get_ref(cfg),
1742 get_first_ts(child_sa, TRUE), get_first_ts(child_sa, FALSE));
1e24fa46 1743 task->use_reqid(task, child_sa->get_reqid(child_sa));
85b23888
MW		 1744 task->use_marks(task, child_sa->get_mark(child_sa, TRUE).value,
1745 child_sa->get_mark(child_sa, FALSE).value);
1e24fa46 1746 task->rekey(task, child_sa->get_spi(child_sa, TRUE));
23eb447c 1747
1e24fa46
MW		 1748 queue_task(this, &task->task);
1749 }
23eb447c 1750 }
463a73cc
MW		 1751}
1752
83c5fda0 1753METHOD(task_manager_t, queue_child_delete, void,
3a925f74
MW		 1754 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi,
1755 bool expired)
83c5fda0
MW		 1756{
1757 queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol,
3a925f74 1758 spi, FALSE, expired));
83c5fda0
MW		 1759}
1760
244d715d
MW		 1761METHOD(task_manager_t, queue_dpd, void,
1762 private_task_manager_t *this)
1763{
80c5b17d
AS		 1764 peer_cfg_t *peer_cfg;
1765 u_int32_t t, retransmit;
4b38c22c 1766
24742c0f 1767 queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE,
2ddd45c9 1768 this->dpd_send++));
80c5b17d 1769 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
4b38c22c 1770
80c5b17d
AS		 1771 /* compute timeout in milliseconds */
1772 t = 1000 * peer_cfg->get_dpd_timeout(peer_cfg);
1773 if (t == 0)
4b38c22c 1774 {
80c5b17d
AS		 1775 /* use the same timeout as a retransmitting IKE message would have */
1776 for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++)
1777 {
1778 t += (u_int32_t)(this->retransmit_timeout * 1000.0 *
1779 pow(this->retransmit_base, retransmit));
1780 }
4b38c22c 1781 }
80c5b17d
AS		 1782
1783 /* schedule DPD timeout job */
4b38c22c
MW		 1784 lib->scheduler->schedule_job_ms(lib->scheduler,
1785 (job_t*)dpd_timeout_job_create(this->ike_sa->get_id(this->ike_sa)), t);
244d715d
MW		 1786}
1787
4a09d9ee
MW		 1788METHOD(task_manager_t, adopt_tasks, void,
1789 private_task_manager_t *this, task_manager_t *other_public)
1790{
1791 private_task_manager_t *other = (private_task_manager_t*)other_public;
1792 task_t *task;
1793
1794 /* move queued tasks from other to this */
1795 while (other->queued_tasks->remove_last(other->queued_tasks,
1796 (void**)&task) == SUCCESS)
1797 {
1798 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1799 task->migrate(task, this->ike_sa);
1800 this->queued_tasks->insert_first(this->queued_tasks, task);
1801 }
1802}
1803
68db844f
TB		 1804/**
1805 * Migrates child-creating tasks from src to dst
1806 */
1807static void migrate_child_tasks(private_task_manager_t *this,
1808 linked_list_t *src, linked_list_t *dst)
1809{
1810 enumerator_t *enumerator;
1811 task_t *task;
1812
1813 enumerator = src->create_enumerator(src);
1814 while (enumerator->enumerate(enumerator, &task))
1815 {
1816 if (task->get_type(task) == TASK_QUICK_MODE)
1817 {
1818 src->remove_at(src, enumerator);
1819 task->migrate(task, this->ike_sa);
1820 dst->insert_last(dst, task);
1821 }
1822 }
1823 enumerator->destroy(enumerator);
1824}
1825
1826METHOD(task_manager_t, adopt_child_tasks, void,
1827 private_task_manager_t *this, task_manager_t *other_public)
1828{
1829 private_task_manager_t *other = (private_task_manager_t*)other_public;
1830
1831 /* move active child tasks from other to this */
1832 migrate_child_tasks(this, other->active_tasks, this->queued_tasks);
1833 /* do the same for queued tasks */
1834 migrate_child_tasks(this, other->queued_tasks, this->queued_tasks);
1835}
1836
4a09d9ee
MW		 1837METHOD(task_manager_t, busy, bool,
1838 private_task_manager_t *this)
1839{
1840 return (this->active_tasks->get_count(this->active_tasks) > 0);
1841}
1842
1843METHOD(task_manager_t, incr_mid, void,
1844 private_task_manager_t *this, bool initiate)
1845{
4a09d9ee
MW		 1846}
1847
1848METHOD(task_manager_t, reset, void,
1849 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
1850{
d9c1dae2
MW		 1851 enumerator_t *enumerator;
1852 task_t *task;
1853
1854 /* reset message counters and retransmit packets */
127a98dc
TB		 1855 clear_packets(this->responding.packets);
1856 clear_packets(this->initiating.packets);
f5a84055
MW		 1857 this->responding.seqnr = RESPONDING_SEQ;
1858 this->responding.retransmitted = 0;
d9c1dae2
MW		 1859 this->initiating.mid = 0;
1860 this->initiating.seqnr = 0;
1861 this->initiating.retransmitted = 0;
1862 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
70e0be07
TB		 1863 DESTROY_IF(this->defrag);
1864 this->defrag = NULL;
fd6fbf17
MW		 1865 if (initiate != UINT_MAX)
1866 {
1867 this->dpd_send = initiate;
1868 }
1869 if (respond != UINT_MAX)
1870 {
1871 this->dpd_recv = respond;
1872 }
d9c1dae2
MW		 1873
1874 /* reset queued tasks */
1875 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1876 while (enumerator->enumerate(enumerator, &task))
1877 {
1878 task->migrate(task, this->ike_sa);
1879 }
1880 enumerator->destroy(enumerator);
1881
1882 /* reset active tasks */
1883 while (this->active_tasks->remove_last(this->active_tasks,
1884 (void**)&task) == SUCCESS)
1885 {
1886 task->migrate(task, this->ike_sa);
1887 this->queued_tasks->insert_first(this->queued_tasks, task);
1888 }
4a09d9ee
MW		 1889}
1890
1891METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1892 private_task_manager_t *this, task_queue_t queue)
1893{
1894 switch (queue)
1895 {
1896 case TASK_QUEUE_ACTIVE:
1897 return this->active_tasks->create_enumerator(this->active_tasks);
1898 case TASK_QUEUE_PASSIVE:
1899 return this->passive_tasks->create_enumerator(this->passive_tasks);
1900 case TASK_QUEUE_QUEUED:
1901 return this->queued_tasks->create_enumerator(this->queued_tasks);
1902 default:
1903 return enumerator_create_empty();
1904 }
1905}
1906
1907METHOD(task_manager_t, destroy, void,
1908 private_task_manager_t *this)
1909{
1910 flush(this);
1911
1912 this->active_tasks->destroy(this->active_tasks);
1913 this->queued_tasks->destroy(this->queued_tasks);
1914 this->passive_tasks->destroy(this->passive_tasks);
70e0be07 1915 DESTROY_IF(this->defrag);
4a09d9ee 1916
f91b6ac7 1917 DESTROY_IF(this->queued);
127a98dc
TB		 1918 clear_packets(this->responding.packets);
1919 array_destroy(this->responding.packets);
1920 clear_packets(this->initiating.packets);
1921 array_destroy(this->initiating.packets);
73aaf76b 1922 DESTROY_IF(this->rng);
4a09d9ee
MW		 1923 free(this);
1924}
1925
1926/*
1927 * see header file
1928 */
1929task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
1930{
1931 private_task_manager_t *this;
1932
1933 INIT(this,
1934 .public = {
1935 .task_manager = {
1936 .process_message = _process_message,
1937 .queue_task = _queue_task,
a60daa07 1938 .queue_ike = _queue_ike,
dab60d64 1939 .queue_ike_rekey = _queue_ike_rekey,
cedb412e 1940 .queue_ike_reauth = _queue_ike_reauth,
3ed148b3 1941 .queue_ike_delete = _queue_ike_delete,
873df908 1942 .queue_mobike = _queue_mobike,
fe43d9a2 1943 .queue_child = _queue_child,
463a73cc 1944 .queue_child_rekey = _queue_child_rekey,
83c5fda0 1945 .queue_child_delete = _queue_child_delete,
244d715d 1946 .queue_dpd = _queue_dpd,
4a09d9ee
MW		 1947 .initiate = _initiate,
1948 .retransmit = _retransmit,
1949 .incr_mid = _incr_mid,
1950 .reset = _reset,
1951 .adopt_tasks = _adopt_tasks,
68db844f 1952 .adopt_child_tasks = _adopt_child_tasks,
4a09d9ee
MW		 1953 .busy = _busy,
1954 .create_task_enumerator = _create_task_enumerator,
b1908994 1955 .flush = _flush,
a5c79960 1956 .flush_queue = _flush_queue,
4a09d9ee
MW		 1957 .destroy = _destroy,
1958 },
1959 },
dcbdc914
TB		 1960 .initiating = {
1961 .type = EXCHANGE_TYPE_UNDEFINED,
1962 },
1963 .responding = {
1964 .seqnr = RESPONDING_SEQ,
1965 },
4a09d9ee 1966 .ike_sa = ike_sa,
73aaf76b 1967 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
4a09d9ee
MW		 1968 .queued_tasks = linked_list_create(),
1969 .active_tasks = linked_list_create(),
1970 .passive_tasks = linked_list_create(),
1971 .retransmit_tries = lib->settings->get_int(lib->settings,
d223fe80 1972 "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns),
4a09d9ee 1973 .retransmit_timeout = lib->settings->get_double(lib->settings,
d223fe80 1974 "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns),
4a09d9ee 1975 .retransmit_base = lib->settings->get_double(lib->settings,
d223fe80 1976 "%s.retransmit_base", RETRANSMIT_BASE, lib->ns),
4a09d9ee
MW		 1977 );
1978
3fca5bd1
MW		 1979 if (!this->rng)
1980 {
1981 DBG1(DBG_IKE, "no RNG found, unable to create IKE_SA");
1982 destroy(this);
1983 return NULL;
1984 }
1bb9c51e
TB		 1985 if (!this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
1986 (void*)&this->dpd_send))
1987 {
1988 DBG1(DBG_IKE, "failed to allocate message ID, unable to create IKE_SA");
1989 destroy(this);
1990 return NULL;
1991 }
2ddd45c9 1992 this->dpd_send &= 0x7FFFFFFF;
3e6b7403 1993
4a09d9ee
MW		 1994 return &this->public;
1995}
Unnamed repository; edit this file 'description' to name the repository.