]>
Commit | Line | Data |
---|---|---|
17d92e97 | 1 | /* |
03f61ba3 | 2 | * Copyright (C) 2010-2014 Tobias Brunner |
17d92e97 MW |
3 | * Copyright (C) 2007 Martin Willi |
4 | * Hochschule fuer Technik Rapperswil | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
15 | */ | |
16 | ||
17 | #include "ike_mobike.h" | |
18 | ||
19 | #include <string.h> | |
20 | ||
21 | #include <daemon.h> | |
15a682f4 | 22 | #include <sa/ikev2/tasks/ike_natd.h> |
17d92e97 MW |
23 | #include <encoding/payloads/notify_payload.h> |
24 | ||
85a119bc | 25 | #define COOKIE2_SIZE 16 |
a1466a3e | 26 | #define MAX_ADDITIONAL_ADDRS 8 |
17d92e97 MW |
27 | |
28 | typedef struct private_ike_mobike_t private_ike_mobike_t; | |
29 | ||
30 | /** | |
31 | * Private members of a ike_mobike_t task. | |
32 | */ | |
33 | struct private_ike_mobike_t { | |
7daf5226 | 34 | |
17d92e97 MW |
35 | /** |
36 | * Public methods and task_t interface. | |
37 | */ | |
38 | ike_mobike_t public; | |
7daf5226 | 39 | |
17d92e97 MW |
40 | /** |
41 | * Assigned IKE_SA. | |
42 | */ | |
43 | ike_sa_t *ike_sa; | |
7daf5226 | 44 | |
17d92e97 MW |
45 | /** |
46 | * Are we the initiator? | |
47 | */ | |
48 | bool initiator; | |
7daf5226 | 49 | |
17d92e97 | 50 | /** |
3bc62fe7 | 51 | * cookie2 value to verify new addresses |
17d92e97 | 52 | */ |
3bc62fe7 | 53 | chunk_t cookie2; |
7daf5226 | 54 | |
17d92e97 | 55 | /** |
a09972df | 56 | * NAT discovery reusing the TASK_IKE_NATD task |
17d92e97 | 57 | */ |
3bc62fe7 | 58 | ike_natd_t *natd; |
7daf5226 | 59 | |
4cb9d7a7 | 60 | /** |
3bc62fe7 | 61 | * use task to update addresses |
4cb9d7a7 | 62 | */ |
5474dc65 | 63 | bool update; |
7daf5226 | 64 | |
5474dc65 MW |
65 | /** |
66 | * do routability check | |
67 | */ | |
68 | bool check; | |
7daf5226 | 69 | |
4cb9d7a7 | 70 | /** |
3bc62fe7 | 71 | * include address list update |
4cb9d7a7 | 72 | */ |
3bc62fe7 | 73 | bool address; |
769c69fa TB |
74 | |
75 | /** | |
76 | * additional addresses got updated | |
77 | */ | |
78 | bool addresses_updated; | |
03f61ba3 TB |
79 | |
80 | /** | |
81 | * whether the pending updates counter was increased | |
82 | */ | |
83 | bool pending_update; | |
17d92e97 MW |
84 | }; |
85 | ||
17d92e97 MW |
86 | /** |
87 | * read notifys from message and evaluate them | |
88 | */ | |
89 | static void process_payloads(private_ike_mobike_t *this, message_t *message) | |
90 | { | |
a44bb934 | 91 | enumerator_t *enumerator; |
17d92e97 MW |
92 | payload_t *payload; |
93 | bool first = TRUE; | |
7daf5226 | 94 | |
a44bb934 MW |
95 | enumerator = message->create_payload_enumerator(message); |
96 | while (enumerator->enumerate(enumerator, &payload)) | |
17d92e97 MW |
97 | { |
98 | int family = AF_INET; | |
99 | notify_payload_t *notify; | |
100 | chunk_t data; | |
101 | host_t *host; | |
7daf5226 | 102 | |
3ecfc83c | 103 | if (payload->get_type(payload) != PLV2_NOTIFY) |
17d92e97 MW |
104 | { |
105 | continue; | |
106 | } | |
107 | notify = (notify_payload_t*)payload; | |
108 | switch (notify->get_notify_type(notify)) | |
109 | { | |
110 | case MOBIKE_SUPPORTED: | |
111 | { | |
78279973 | 112 | peer_cfg_t *peer_cfg; |
7daf5226 | 113 | |
78279973 | 114 | peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); |
7daf5226 | 115 | if (!this->initiator && |
78279973 MW |
116 | peer_cfg && !peer_cfg->use_mobike(peer_cfg)) |
117 | { | |
118 | DBG1(DBG_IKE, "peer supports MOBIKE, but disabled in config"); | |
119 | } | |
120 | else | |
121 | { | |
122 | DBG1(DBG_IKE, "peer supports MOBIKE"); | |
123 | this->ike_sa->enable_extension(this->ike_sa, EXT_MOBIKE); | |
124 | } | |
17d92e97 MW |
125 | break; |
126 | } | |
85a119bc MW |
127 | case COOKIE2: |
128 | { | |
129 | chunk_free(&this->cookie2); | |
130 | this->cookie2 = chunk_clone(notify->get_notification_data(notify)); | |
131 | break; | |
132 | } | |
17d92e97 MW |
133 | case ADDITIONAL_IP6_ADDRESS: |
134 | { | |
135 | family = AF_INET6; | |
136 | /* fall through */ | |
137 | } | |
138 | case ADDITIONAL_IP4_ADDRESS: | |
139 | { | |
140 | if (first) | |
141 | { /* an ADDITIONAL_*_ADDRESS means replace, so flush once */ | |
94bbc602 | 142 | this->ike_sa->clear_peer_addresses(this->ike_sa); |
4cb9d7a7 | 143 | first = FALSE; |
2fe624cc | 144 | /* add the peer's current address to the list */ |
53915f14 | 145 | host = message->get_source(message); |
94bbc602 TB |
146 | this->ike_sa->add_peer_address(this->ike_sa, |
147 | host->clone(host)); | |
17d92e97 MW |
148 | } |
149 | data = notify->get_notification_data(notify); | |
150 | host = host_create_from_chunk(family, data, 0); | |
151 | DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host); | |
94bbc602 | 152 | this->ike_sa->add_peer_address(this->ike_sa, host); |
769c69fa | 153 | this->addresses_updated = TRUE; |
17d92e97 MW |
154 | break; |
155 | } | |
3bc62fe7 MW |
156 | case UPDATE_SA_ADDRESSES: |
157 | { | |
5474dc65 | 158 | this->update = TRUE; |
3bc62fe7 MW |
159 | break; |
160 | } | |
17d92e97 MW |
161 | case NO_ADDITIONAL_ADDRESSES: |
162 | { | |
94bbc602 | 163 | this->ike_sa->clear_peer_addresses(this->ike_sa); |
2fe624cc | 164 | /* add the peer's current address to the list */ |
53915f14 | 165 | host = message->get_source(message); |
94bbc602 | 166 | this->ike_sa->add_peer_address(this->ike_sa, host->clone(host)); |
769c69fa | 167 | this->addresses_updated = TRUE; |
17d92e97 MW |
168 | break; |
169 | } | |
fc2d1c42 MW |
170 | case NAT_DETECTION_SOURCE_IP: |
171 | case NAT_DETECTION_DESTINATION_IP: | |
172 | { | |
173 | /* NAT check in this MOBIKE exchange, create subtask for it */ | |
174 | if (this->natd == NULL) | |
175 | { | |
176 | this->natd = ike_natd_create(this->ike_sa, this->initiator); | |
177 | } | |
178 | break; | |
179 | } | |
17d92e97 MW |
180 | default: |
181 | break; | |
182 | } | |
183 | } | |
a44bb934 | 184 | enumerator->destroy(enumerator); |
17d92e97 MW |
185 | } |
186 | ||
187 | /** | |
188 | * Add ADDITIONAL_*_ADDRESS notifys depending on our address list | |
189 | */ | |
190 | static void build_address_list(private_ike_mobike_t *this, message_t *message) | |
191 | { | |
507f26f6 | 192 | enumerator_t *enumerator; |
17d92e97 MW |
193 | host_t *host, *me; |
194 | notify_type_t type; | |
a1466a3e | 195 | int added = 0; |
7daf5226 | 196 | |
17d92e97 | 197 | me = this->ike_sa->get_my_host(this->ike_sa); |
8394ea2a TB |
198 | enumerator = charon->kernel->create_address_enumerator(charon->kernel, |
199 | ADDR_TYPE_REGULAR); | |
507f26f6 | 200 | while (enumerator->enumerate(enumerator, (void**)&host)) |
17d92e97 MW |
201 | { |
202 | if (me->ip_equals(me, host)) | |
203 | { /* "ADDITIONAL" means do not include IKE_SAs host */ | |
204 | continue; | |
205 | } | |
206 | switch (host->get_family(host)) | |
207 | { | |
208 | case AF_INET: | |
209 | type = ADDITIONAL_IP4_ADDRESS; | |
210 | break; | |
211 | case AF_INET6: | |
212 | type = ADDITIONAL_IP6_ADDRESS; | |
213 | break; | |
214 | default: | |
215 | continue; | |
216 | } | |
217 | message->add_notify(message, FALSE, type, host->get_address(host)); | |
a1466a3e MW |
218 | if (++added >= MAX_ADDITIONAL_ADDRS) |
219 | { /* limit number of notifys, some implementations do not like too | |
220 | * many of them (f.e. strongSwan ;-) */ | |
221 | break; | |
222 | } | |
17d92e97 | 223 | } |
a1466a3e | 224 | if (!added) |
17d92e97 MW |
225 | { |
226 | message->add_notify(message, FALSE, NO_ADDITIONAL_ADDRESSES, chunk_empty); | |
227 | } | |
507f26f6 | 228 | enumerator->destroy(enumerator); |
17d92e97 MW |
229 | } |
230 | ||
85a119bc | 231 | /** |
7daf5226 | 232 | * build a cookie and add it to the message |
85a119bc | 233 | */ |
50491834 | 234 | static bool build_cookie(private_ike_mobike_t *this, message_t *message) |
85a119bc MW |
235 | { |
236 | rng_t *rng; | |
237 | ||
238 | chunk_free(&this->cookie2); | |
239 | rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); | |
50491834 | 240 | if (!rng || !rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2)) |
85a119bc | 241 | { |
50491834 TB |
242 | DESTROY_IF(rng); |
243 | return FALSE; | |
85a119bc | 244 | } |
50491834 TB |
245 | message->add_notify(message, FALSE, COOKIE2, this->cookie2); |
246 | rng->destroy(rng); | |
247 | return TRUE; | |
85a119bc MW |
248 | } |
249 | ||
3bc62fe7 MW |
250 | /** |
251 | * update addresses of associated CHILD_SAs | |
252 | */ | |
253 | static void update_children(private_ike_mobike_t *this) | |
254 | { | |
4bbce1ef | 255 | enumerator_t *enumerator; |
3bc62fe7 | 256 | child_sa_t *child_sa; |
101d26ba | 257 | linked_list_t *vips; |
38227d0e | 258 | status_t status; |
101d26ba MW |
259 | host_t *host; |
260 | ||
261 | vips = linked_list_create(); | |
262 | ||
263 | enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, TRUE); | |
264 | while (enumerator->enumerate(enumerator, &host)) | |
265 | { | |
266 | vips->insert_last(vips, host); | |
267 | } | |
268 | enumerator->destroy(enumerator); | |
7daf5226 | 269 | |
4bbce1ef TB |
270 | enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); |
271 | while (enumerator->enumerate(enumerator, (void**)&child_sa)) | |
3bc62fe7 | 272 | { |
38227d0e MW |
273 | status = child_sa->update(child_sa, |
274 | this->ike_sa->get_my_host(this->ike_sa), | |
275 | this->ike_sa->get_other_host(this->ike_sa), vips, | |
276 | this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)); | |
277 | switch (status) | |
ea625fab | 278 | { |
38227d0e MW |
279 | case NOT_SUPPORTED: |
280 | this->ike_sa->rekey_child_sa(this->ike_sa, | |
281 | child_sa->get_protocol(child_sa), | |
282 | child_sa->get_spi(child_sa, TRUE)); | |
283 | break; | |
284 | case SUCCESS: | |
285 | charon->child_sa_manager->remove(charon->child_sa_manager, | |
286 | child_sa); | |
287 | charon->child_sa_manager->add(charon->child_sa_manager, | |
288 | child_sa, this->ike_sa); | |
289 | break; | |
290 | default: | |
291 | break; | |
ea625fab | 292 | } |
3bc62fe7 | 293 | } |
4bbce1ef | 294 | enumerator->destroy(enumerator); |
101d26ba MW |
295 | |
296 | vips->destroy(vips); | |
3bc62fe7 MW |
297 | } |
298 | ||
cc2eadde | 299 | /** |
be901342 | 300 | * Apply the port of the old host, if its ip equals the new, use port otherwise. |
cc2eadde | 301 | */ |
e7ea057f | 302 | static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local) |
cc2eadde MW |
303 | { |
304 | if (host->ip_equals(host, old)) | |
305 | { | |
be901342 | 306 | port = old->get_port(old); |
cc2eadde | 307 | } |
b223d517 | 308 | else if (local && port == charon->socket->get_port(charon->socket, FALSE)) |
cc2eadde | 309 | { |
b223d517 TB |
310 | port = charon->socket->get_port(charon->socket, TRUE); |
311 | } | |
312 | else if (!local && port == IKEV2_UDP_PORT) | |
313 | { | |
314 | port = IKEV2_NATT_PORT; | |
cc2eadde | 315 | } |
be901342 | 316 | host->set_port(host, port); |
cc2eadde MW |
317 | } |
318 | ||
7840952e | 319 | METHOD(ike_mobike_t, transmit, bool, |
c817e7bb | 320 | private_ike_mobike_t *this, packet_t *packet) |
5474dc65 MW |
321 | { |
322 | host_t *me, *other, *me_old, *other_old; | |
572abc6c | 323 | enumerator_t *enumerator; |
cc2eadde | 324 | ike_cfg_t *ike_cfg; |
5474dc65 | 325 | packet_t *copy; |
c5a5bc85 | 326 | int family = AF_UNSPEC; |
7840952e | 327 | bool found = FALSE; |
7daf5226 | 328 | |
8956dcec TB |
329 | me_old = this->ike_sa->get_my_host(this->ike_sa); |
330 | other_old = this->ike_sa->get_other_host(this->ike_sa); | |
331 | ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); | |
332 | ||
5474dc65 MW |
333 | if (!this->check) |
334 | { | |
8394ea2a | 335 | me = charon->kernel->get_source_addr(charon->kernel, other_old, me_old); |
8956dcec TB |
336 | if (me) |
337 | { | |
338 | if (me->ip_equals(me, me_old)) | |
339 | { | |
72cc029e TB |
340 | copy = packet->clone(packet); |
341 | /* hosts might have been updated by a peer's MOBIKE exchange */ | |
342 | copy->set_source(copy, me_old->clone(me_old)); | |
343 | copy->set_destination(copy, other_old->clone(other_old)); | |
344 | charon->sender->send(charon->sender, copy); | |
8956dcec TB |
345 | me->destroy(me); |
346 | return TRUE; | |
347 | } | |
348 | me->destroy(me); | |
349 | } | |
350 | this->check = TRUE; | |
5474dc65 MW |
351 | } |
352 | ||
c5a5bc85 TB |
353 | switch (charon->socket->supported_families(charon->socket)) |
354 | { | |
355 | case SOCKET_FAMILY_IPV4: | |
356 | family = AF_INET; | |
357 | break; | |
358 | case SOCKET_FAMILY_IPV6: | |
359 | family = AF_INET6; | |
360 | break; | |
361 | case SOCKET_FAMILY_BOTH: | |
362 | case SOCKET_FAMILY_NONE: | |
363 | break; | |
364 | } | |
365 | ||
94bbc602 | 366 | enumerator = this->ike_sa->create_peer_address_enumerator(this->ike_sa); |
572abc6c | 367 | while (enumerator->enumerate(enumerator, (void**)&other)) |
5474dc65 | 368 | { |
c5a5bc85 TB |
369 | if (family != AF_UNSPEC && other->get_family(other) != family) |
370 | { | |
371 | continue; | |
372 | } | |
8394ea2a | 373 | me = charon->kernel->get_source_addr(charon->kernel, other, NULL); |
5474dc65 MW |
374 | if (me) |
375 | { | |
376 | /* reuse port for an active address, 4500 otherwise */ | |
e7ea057f | 377 | apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg), TRUE); |
5474dc65 | 378 | other = other->clone(other); |
e7ea057f | 379 | apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg), FALSE); |
d9d69536 | 380 | DBG1(DBG_IKE, "checking path %#H - %#H", me, other); |
5474dc65 MW |
381 | copy = packet->clone(packet); |
382 | copy->set_source(copy, me); | |
383 | copy->set_destination(copy, other); | |
384 | charon->sender->send(charon->sender, copy); | |
7840952e | 385 | found = TRUE; |
5474dc65 MW |
386 | } |
387 | } | |
572abc6c | 388 | enumerator->destroy(enumerator); |
7840952e | 389 | return found; |
5474dc65 MW |
390 | } |
391 | ||
c817e7bb TB |
392 | METHOD(task_t, build_i, status_t, |
393 | private_ike_mobike_t *this, message_t *message) | |
17d92e97 | 394 | { |
31e7dc4d TB |
395 | if (message->get_exchange_type(message) == IKE_AUTH && |
396 | message->get_message_id(message) == 1) | |
a44bb934 | 397 | { /* only in first IKE_AUTH */ |
17d92e97 MW |
398 | message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty); |
399 | build_address_list(this, message); | |
400 | } | |
c8739590 | 401 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
3bc62fe7 | 402 | { |
f0974eb2 | 403 | host_t *old, *new; |
7daf5226 MW |
404 | |
405 | /* we check if the existing address is still valid */ | |
f0974eb2 | 406 | old = message->get_source(message); |
8394ea2a | 407 | new = charon->kernel->get_source_addr(charon->kernel, |
f0974eb2 MW |
408 | message->get_destination(message), old); |
409 | if (new) | |
410 | { | |
411 | if (!new->ip_equals(new, old)) | |
412 | { | |
413 | new->set_port(new, old->get_port(old)); | |
414 | message->set_source(message, new); | |
415 | } | |
416 | else | |
417 | { | |
418 | new->destroy(new); | |
419 | } | |
420 | } | |
5474dc65 | 421 | if (this->update) |
fc2d1c42 | 422 | { |
31e7dc4d TB |
423 | message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES, |
424 | chunk_empty); | |
50491834 TB |
425 | if (!build_cookie(this, message)) |
426 | { | |
427 | return FAILED; | |
428 | } | |
5474dc65 | 429 | update_children(this); |
fc2d1c42 | 430 | } |
1dbf0ed9 | 431 | if (this->address && !this->check) |
3bc62fe7 MW |
432 | { |
433 | build_address_list(this, message); | |
434 | } | |
5474dc65 MW |
435 | if (this->natd) |
436 | { | |
437 | this->natd->task.build(&this->natd->task, message); | |
438 | } | |
4cb9d7a7 | 439 | } |
17d92e97 MW |
440 | return NEED_MORE; |
441 | } | |
442 | ||
c817e7bb TB |
443 | METHOD(task_t, process_r, status_t, |
444 | private_ike_mobike_t *this, message_t *message) | |
4cb9d7a7 | 445 | { |
31e7dc4d TB |
446 | if (message->get_exchange_type(message) == IKE_AUTH && |
447 | message->get_message_id(message) == 1) | |
a44bb934 | 448 | { /* only first IKE_AUTH */ |
4cb9d7a7 MW |
449 | process_payloads(this, message); |
450 | } | |
fc2d1c42 MW |
451 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
452 | { | |
453 | process_payloads(this, message); | |
5474dc65 | 454 | if (this->update) |
3bc62fe7 MW |
455 | { |
456 | host_t *me, *other; | |
7daf5226 | 457 | |
3bc62fe7 MW |
458 | me = message->get_destination(message); |
459 | other = message->get_source(message); | |
460 | this->ike_sa->set_my_host(this->ike_sa, me->clone(me)); | |
461 | this->ike_sa->set_other_host(this->ike_sa, other->clone(other)); | |
462 | } | |
7daf5226 | 463 | |
fc2d1c42 MW |
464 | if (this->natd) |
465 | { | |
466 | this->natd->task.process(&this->natd->task, message); | |
467 | } | |
769c69fa TB |
468 | if (this->addresses_updated && this->ike_sa->has_condition(this->ike_sa, |
469 | COND_ORIGINAL_INITIATOR)) | |
470 | { | |
471 | host_t *other = message->get_source(message); | |
472 | host_t *other_old = this->ike_sa->get_other_host(this->ike_sa); | |
473 | if (!other->equals(other, other_old)) | |
474 | { | |
475 | DBG1(DBG_IKE, "remote address changed from %H to %H", other_old, | |
476 | other); | |
477 | this->ike_sa->set_other_host(this->ike_sa, other->clone(other)); | |
478 | this->update = TRUE; | |
479 | } | |
480 | } | |
fc2d1c42 | 481 | } |
17d92e97 MW |
482 | return NEED_MORE; |
483 | } | |
484 | ||
c817e7bb TB |
485 | METHOD(task_t, build_r, status_t, |
486 | private_ike_mobike_t *this, message_t *message) | |
17d92e97 MW |
487 | { |
488 | if (message->get_exchange_type(message) == IKE_AUTH && | |
b8249ff5 | 489 | this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) |
17d92e97 MW |
490 | { |
491 | if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) | |
492 | { | |
493 | message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty); | |
494 | build_address_list(this, message); | |
495 | } | |
496 | return SUCCESS; | |
497 | } | |
2b3100b5 MW |
498 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
499 | { | |
fc2d1c42 MW |
500 | if (this->natd) |
501 | { | |
502 | this->natd->task.build(&this->natd->task, message); | |
503 | } | |
85a119bc MW |
504 | if (this->cookie2.ptr) |
505 | { | |
506 | message->add_notify(message, FALSE, COOKIE2, this->cookie2); | |
507 | chunk_free(&this->cookie2); | |
508 | } | |
5474dc65 | 509 | if (this->update) |
3bc62fe7 MW |
510 | { |
511 | update_children(this); | |
512 | } | |
2b3100b5 MW |
513 | return SUCCESS; |
514 | } | |
17d92e97 MW |
515 | return NEED_MORE; |
516 | } | |
517 | ||
c817e7bb TB |
518 | METHOD(task_t, process_i, status_t, |
519 | private_ike_mobike_t *this, message_t *message) | |
17d92e97 MW |
520 | { |
521 | if (message->get_exchange_type(message) == IKE_AUTH && | |
b8249ff5 | 522 | this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) |
17d92e97 MW |
523 | { |
524 | process_payloads(this, message); | |
525 | return SUCCESS; | |
526 | } | |
2b3100b5 MW |
527 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
528 | { | |
03f61ba3 | 529 | if (this->ike_sa->get_pending_updates(this->ike_sa) > 1) |
3bc62fe7 MW |
530 | { |
531 | /* newer update queued, ignore this one */ | |
532 | return SUCCESS; | |
533 | } | |
85a119bc | 534 | if (this->cookie2.ptr) |
9d9a772e | 535 | { /* check cookie if we included one */ |
85a119bc | 536 | chunk_t cookie2; |
7daf5226 | 537 | |
85a119bc MW |
538 | cookie2 = this->cookie2; |
539 | this->cookie2 = chunk_empty; | |
540 | process_payloads(this, message); | |
161a0157 | 541 | if (!chunk_equals_const(cookie2, this->cookie2)) |
85a119bc MW |
542 | { |
543 | chunk_free(&cookie2); | |
544 | DBG1(DBG_IKE, "COOKIE2 mismatch, closing IKE_SA"); | |
545 | return FAILED; | |
546 | } | |
547 | chunk_free(&cookie2); | |
548 | } | |
549 | else | |
550 | { | |
551 | process_payloads(this, message); | |
552 | } | |
fc2d1c42 MW |
553 | if (this->natd) |
554 | { | |
555 | this->natd->task.process(&this->natd->task, message); | |
9d9a772e MW |
556 | if (this->natd->has_mapping_changed(this->natd)) |
557 | { | |
558 | /* force an update if mappings have changed */ | |
559 | this->update = this->check = TRUE; | |
560 | DBG1(DBG_IKE, "detected changes in NAT mappings, " | |
561 | "initiating MOBIKE update"); | |
562 | } | |
fc2d1c42 | 563 | } |
5474dc65 | 564 | if (this->update) |
3bc62fe7 MW |
565 | { |
566 | /* update again, as NAT state may have changed */ | |
567 | update_children(this); | |
568 | } | |
5474dc65 MW |
569 | if (this->check) |
570 | { | |
571 | host_t *me_new, *me_old, *other_new, *other_old; | |
7daf5226 | 572 | |
5474dc65 MW |
573 | me_new = message->get_destination(message); |
574 | other_new = message->get_source(message); | |
575 | me_old = this->ike_sa->get_my_host(this->ike_sa); | |
576 | other_old = this->ike_sa->get_other_host(this->ike_sa); | |
7daf5226 | 577 | |
5474dc65 MW |
578 | if (!me_new->equals(me_new, me_old)) |
579 | { | |
580 | this->update = TRUE; | |
581 | this->ike_sa->set_my_host(this->ike_sa, me_new->clone(me_new)); | |
7daf5226 | 582 | } |
5474dc65 MW |
583 | if (!other_new->equals(other_new, other_old)) |
584 | { | |
585 | this->update = TRUE; | |
586 | this->ike_sa->set_other_host(this->ike_sa, other_new->clone(other_new)); | |
587 | } | |
588 | if (this->update) | |
589 | { | |
1dbf0ed9 | 590 | /* use the same task to ... */ |
c5770f86 TB |
591 | if (!this->ike_sa->has_condition(this->ike_sa, |
592 | COND_ORIGINAL_INITIATOR)) | |
1dbf0ed9 | 593 | { /*... send an updated list of addresses as responder */ |
c5770f86 | 594 | update_children(this); |
1dbf0ed9 | 595 | this->update = FALSE; |
c5770f86 | 596 | } |
1dbf0ed9 TB |
597 | else |
598 | { /* ... send the update as original initiator */ | |
599 | if (this->natd) | |
600 | { | |
601 | this->natd->task.destroy(&this->natd->task); | |
602 | } | |
603 | this->natd = ike_natd_create(this->ike_sa, this->initiator); | |
12d4186f | 604 | } |
1dbf0ed9 | 605 | this->check = FALSE; |
5474dc65 MW |
606 | return NEED_MORE; |
607 | } | |
608 | } | |
2b3100b5 MW |
609 | return SUCCESS; |
610 | } | |
17d92e97 MW |
611 | return NEED_MORE; |
612 | } | |
613 | ||
13876431 TB |
614 | METHOD(ike_mobike_t, addresses, void, |
615 | private_ike_mobike_t *this) | |
616 | { | |
617 | this->address = TRUE; | |
03f61ba3 TB |
618 | if (!this->pending_update) |
619 | { | |
620 | this->pending_update = TRUE; | |
621 | this->ike_sa->set_pending_updates(this->ike_sa, | |
13876431 | 622 | this->ike_sa->get_pending_updates(this->ike_sa) + 1); |
03f61ba3 | 623 | } |
13876431 TB |
624 | } |
625 | ||
c817e7bb TB |
626 | METHOD(ike_mobike_t, roam, void, |
627 | private_ike_mobike_t *this, bool address) | |
17d92e97 | 628 | { |
5474dc65 | 629 | this->check = TRUE; |
3bc62fe7 | 630 | this->address = address; |
03f61ba3 TB |
631 | if (!this->pending_update) |
632 | { | |
633 | this->pending_update = TRUE; | |
634 | this->ike_sa->set_pending_updates(this->ike_sa, | |
c817e7bb | 635 | this->ike_sa->get_pending_updates(this->ike_sa) + 1); |
03f61ba3 | 636 | } |
17d92e97 MW |
637 | } |
638 | ||
c817e7bb TB |
639 | METHOD(ike_mobike_t, dpd, void, |
640 | private_ike_mobike_t *this) | |
9d9a772e MW |
641 | { |
642 | if (!this->natd) | |
643 | { | |
644 | this->natd = ike_natd_create(this->ike_sa, this->initiator); | |
645 | } | |
03f61ba3 TB |
646 | if (!this->pending_update) |
647 | { | |
648 | this->pending_update = TRUE; | |
649 | this->ike_sa->set_pending_updates(this->ike_sa, | |
c817e7bb | 650 | this->ike_sa->get_pending_updates(this->ike_sa) + 1); |
03f61ba3 | 651 | } |
9d9a772e MW |
652 | } |
653 | ||
c817e7bb TB |
654 | METHOD(ike_mobike_t, is_probing, bool, |
655 | private_ike_mobike_t *this) | |
f215e919 MW |
656 | { |
657 | return this->check; | |
658 | } | |
659 | ||
2180ace9 TB |
660 | METHOD(ike_mobike_t, enable_probing, void, |
661 | private_ike_mobike_t *this) | |
662 | { | |
663 | this->check = TRUE; | |
664 | } | |
665 | ||
c817e7bb TB |
666 | METHOD(task_t, get_type, task_type_t, |
667 | private_ike_mobike_t *this) | |
17d92e97 | 668 | { |
a09972df | 669 | return TASK_IKE_MOBIKE; |
17d92e97 MW |
670 | } |
671 | ||
c817e7bb TB |
672 | METHOD(task_t, migrate, void, |
673 | private_ike_mobike_t *this, ike_sa_t *ike_sa) | |
17d92e97 | 674 | { |
4cb9d7a7 | 675 | chunk_free(&this->cookie2); |
17d92e97 | 676 | this->ike_sa = ike_sa; |
4cb9d7a7 MW |
677 | if (this->natd) |
678 | { | |
679 | this->natd->task.migrate(&this->natd->task, ike_sa); | |
680 | } | |
40164bbe TB |
681 | if (this->pending_update) |
682 | { | |
683 | this->ike_sa->set_pending_updates(this->ike_sa, | |
684 | this->ike_sa->get_pending_updates(this->ike_sa) + 1); | |
685 | } | |
17d92e97 MW |
686 | } |
687 | ||
c817e7bb TB |
688 | METHOD(task_t, destroy, void, |
689 | private_ike_mobike_t *this) | |
17d92e97 | 690 | { |
03f61ba3 TB |
691 | if (this->pending_update) |
692 | { | |
693 | this->ike_sa->set_pending_updates(this->ike_sa, | |
694 | this->ike_sa->get_pending_updates(this->ike_sa) - 1); | |
695 | } | |
4cb9d7a7 MW |
696 | chunk_free(&this->cookie2); |
697 | if (this->natd) | |
698 | { | |
699 | this->natd->task.destroy(&this->natd->task); | |
700 | } | |
17d92e97 MW |
701 | free(this); |
702 | } | |
703 | ||
704 | /* | |
705 | * Described in header. | |
706 | */ | |
707 | ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator) | |
708 | { | |
c817e7bb TB |
709 | private_ike_mobike_t *this; |
710 | ||
711 | INIT(this, | |
712 | .public = { | |
713 | .task = { | |
714 | .get_type = _get_type, | |
715 | .migrate = _migrate, | |
716 | .destroy = _destroy, | |
717 | }, | |
13876431 | 718 | .addresses = _addresses, |
c817e7bb TB |
719 | .roam = _roam, |
720 | .dpd = _dpd, | |
721 | .transmit = _transmit, | |
722 | .is_probing = _is_probing, | |
2180ace9 | 723 | .enable_probing = _enable_probing, |
c817e7bb TB |
724 | }, |
725 | .ike_sa = ike_sa, | |
726 | .initiator = initiator, | |
c817e7bb | 727 | ); |
7daf5226 | 728 | |
17d92e97 MW |
729 | if (initiator) |
730 | { | |
c817e7bb TB |
731 | this->public.task.build = _build_i; |
732 | this->public.task.process = _process_i; | |
17d92e97 MW |
733 | } |
734 | else | |
735 | { | |
c817e7bb TB |
736 | this->public.task.build = _build_r; |
737 | this->public.task.process = _process_r; | |
17d92e97 | 738 | } |
7daf5226 | 739 | |
17d92e97 MW |
740 | return &this->public; |
741 | } |