]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libcharon/sa/task_manager_v1.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Added status code to status_t
[thirdparty/strongswan.git] / src / libcharon / sa / task_manager_v1.c
CommitLineData
4a09d9ee 1/*
68c6863b
TB		 2 * Copyright (C) 2007-2011 Tobias Brunner
3 * Copyright (C) 2007-2011 Martin Willi
4a09d9ee
MW		 4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17#include "task_manager_v1.h"
18
da063ec9
MW		 19#include <math.h>
20
4a09d9ee 21#include <daemon.h>
5d1eeec2 22#include <sa/tasks/child_delete.h>
c73c832c 23#include <sa/tasks/main_mode.h>
744c0801 24#include <sa/tasks/quick_mode.h>
b03c700d 25#include <sa/tasks/xauth_request.h>
5d1eeec2 26#include <sa/tasks/ike_delete.h>
1cc4ec46 27#include <sa/tasks/ike_natd_v1.h>
a2f8fc97 28#include <sa/tasks/ike_vendor_v1.h>
0bcdb8e5 29#include <sa/tasks/ike_cert_pre_v1.h>
c64a4b4f 30#include <sa/tasks/ike_cert_post_v1.h>
5d1eeec2 31#include <encoding/payloads/delete_payload.h>
da063ec9 32#include <processing/jobs/retransmit_job.h>
68c6863b 33#include <processing/jobs/delete_ike_sa_job.h>
4a09d9ee
MW		 34
35typedef struct exchange_t exchange_t;
36
37/**
38 * An exchange in the air, used do detect and handle retransmission
39 */
40struct exchange_t {
41
42 /**
43 * Message ID used for this transaction
44 */
45 u_int32_t mid;
46
47 /**
48 * generated packet for retransmission
49 */
50 packet_t *packet;
51};
52
53typedef struct private_task_manager_t private_task_manager_t;
54
55/**
56 * private data of the task manager
57 */
58struct private_task_manager_t {
59
60 /**
61 * public functions
62 */
63 task_manager_v1_t public;
64
65 /**
66 * associated IKE_SA we are serving
67 */
68 ike_sa_t *ike_sa;
69
73aaf76b
MW		 70 /**
71 * RNG to create message IDs
72 */
73 rng_t *rng;
74
4a09d9ee
MW		 75 /**
76 * Exchange we are currently handling as responder
77 */
78 struct {
79 /**
80 * Message ID of the exchange
81 */
82 u_int32_t mid;
83
9cc8bd4f
MW		 84 /**
85 * Hash of a previously received message
86 */
87 u_int32_t hash;
88
4a09d9ee
MW		 89 /**
90 * packet for retransmission
91 */
92 packet_t *packet;
93
94 } responding;
95
96 /**
97 * Exchange we are currently handling as initiator
98 */
99 struct {
100 /**
101 * Message ID of the exchange
102 */
103 u_int32_t mid;
104
9cc8bd4f 105 /**
751bd02e 106 * Sequence number of the last sent message
9cc8bd4f 107 */
751bd02e 108 u_int32_t seqnr;
9cc8bd4f 109
4a09d9ee
MW		 110 /**
111 * how many times we have retransmitted so far
112 */
113 u_int retransmitted;
114
115 /**
116 * packet for retransmission
117 */
118 packet_t *packet;
119
120 /**
121 * type of the initated exchange
122 */
123 exchange_type_t type;
124
125 } initiating;
126
127 /**
128 * List of queued tasks not yet in action
129 */
130 linked_list_t *queued_tasks;
131
132 /**
133 * List of active tasks, initiated by ourselve
134 */
135 linked_list_t *active_tasks;
136
137 /**
138 * List of tasks initiated by peer
139 */
140 linked_list_t *passive_tasks;
141
4a09d9ee
MW		 142 /**
143 * Number of times we retransmit messages before giving up
144 */
145 u_int retransmit_tries;
146
147 /**
148 * Retransmission timeout
149 */
150 double retransmit_timeout;
151
152 /**
153 * Base to calculate retransmission timeout
154 */
155 double retransmit_base;
156};
157
158/**
159 * flush all tasks in the task manager
160 */
161static void flush(private_task_manager_t *this)
162{
163 this->queued_tasks->destroy_offset(this->queued_tasks,
164 offsetof(task_t, destroy));
165 this->queued_tasks = linked_list_create();
166 this->passive_tasks->destroy_offset(this->passive_tasks,
167 offsetof(task_t, destroy));
168 this->passive_tasks = linked_list_create();
169 this->active_tasks->destroy_offset(this->active_tasks,
170 offsetof(task_t, destroy));
171 this->active_tasks = linked_list_create();
172}
173
26b55dc6
MW		 174/**
175 * move a task of a specific type from the queue to the active list
176 */
177static bool activate_task(private_task_manager_t *this, task_type_t type)
178{
179 enumerator_t *enumerator;
180 task_t *task;
181 bool found = FALSE;
182
183 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
184 while (enumerator->enumerate(enumerator, (void**)&task))
185 {
186 if (task->get_type(task) == type)
187 {
188 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
189 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
190 this->active_tasks->insert_last(this->active_tasks, task);
191 found = TRUE;
192 break;
193 }
194 }
195 enumerator->destroy(enumerator);
196 return found;
197}
198
23f4e4b4 199METHOD(task_manager_t, retransmit, status_t,
751bd02e 200 private_task_manager_t *this, u_int32_t message_seqnr)
23f4e4b4 201{
751bd02e
CO		 202 /* this.initiating packet used as marker for received response */
203 if (message_seqnr == this->initiating.seqnr && this->initiating.packet )
23f4e4b4
CO		 204 {
205 u_int32_t timeout;
23f4e4b4 206 packet_t *packet;
da063ec9 207 job_t *job;
23f4e4b4
CO		 208
209 if (this->initiating.retransmitted <= this->retransmit_tries)
210 {
211 timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 *
212 pow(this->retransmit_base, this->initiating.retransmitted));
213 }
214 else
215 {
216 DBG1(DBG_IKE, "giving up after %d retransmits",
217 this->initiating.retransmitted - 1);
218 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
219 {
220 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
221 }
222 return DESTROY_ME;
223 }
224
225 if (this->initiating.retransmitted)
226 {
751bd02e
CO		 227 DBG1(DBG_IKE, "retransmit %d of request with message ID %d seqnr (%d)",
228 this->initiating.retransmitted, this->initiating.mid, message_seqnr);
23f4e4b4
CO		 229 }
230 packet = this->initiating.packet->clone(this->initiating.packet);
231 charon->sender->send(charon->sender, packet);
232
233 this->initiating.retransmitted++;
751bd02e 234 job = (job_t*)retransmit_job_create(this->initiating.seqnr,
23f4e4b4
CO		 235 this->ike_sa->get_id(this->ike_sa));
236 lib->scheduler->schedule_job_ms(lib->scheduler, job, timeout);
237 }
238 return SUCCESS;
239}
240
4a09d9ee
MW		 241METHOD(task_manager_t, initiate, status_t,
242 private_task_manager_t *this)
243{
26b55dc6
MW		 244 enumerator_t *enumerator;
245 task_t *task;
246 message_t *message;
247 host_t *me, *other;
248 status_t status;
73aaf76b 249 exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
3e246c48 250 bool new_mid = FALSE;
751bd02e 251 bool expect_response = FALSE;
73aaf76b
MW		 252
253 if (!this->rng)
254 {
255 DBG1(DBG_IKE, "no RNG supported");
256 return FAILED;
257 }
26b55dc6
MW		 258
259 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
260 {
261 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
262 exchange_type_names, this->initiating.type);
263 /* do not initiate if we already have a message in the air */
264 return SUCCESS;
265 }
266
267 if (this->active_tasks->get_count(this->active_tasks) == 0)
268 {
269 DBG2(DBG_IKE, "activating new tasks");
270 switch (this->ike_sa->get_state(this->ike_sa))
271 {
272 case IKE_CREATED:
a2f8fc97 273 activate_task(this, TASK_VENDOR_V1);
0bcdb8e5 274 activate_task(this, TASK_IKE_CERT_PRE_V1);
a09972df 275 if (activate_task(this, TASK_MAIN_MODE))
26b55dc6
MW		 276 {
277 exchange = ID_PROT;
c64a4b4f 278 activate_task(this, TASK_IKE_CERT_POST_V1);
1cc4ec46 279 activate_task(this, TASK_IKE_NATD_V1);
26b55dc6
MW		 280 }
281 break;
c5dc9d33
CO		 282 case IKE_CONNECTING:
283 if (activate_task(this, TASK_XAUTH_REQUEST))
744c0801 284 {
c5dc9d33 285 exchange = TRANSACTION;
3e246c48 286 new_mid = TRUE;
744c0801 287 }
c5dc9d33
CO		 288 break;
289 case IKE_ESTABLISHED:
290 if (activate_task(this, TASK_QUICK_MODE))
23f4e4b4 291 {
c5dc9d33 292 exchange = QUICK_MODE;
3e246c48
MW		 293 new_mid = TRUE;
294 break;
23f4e4b4 295 }
744c0801 296 break;
26b55dc6
MW		 297 default:
298 break;
299 }
300 }
301 else
302 {
303 DBG2(DBG_IKE, "reinitiating already active tasks");
304 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
305 while (enumerator->enumerate(enumerator, (void**)&task))
306 {
307 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
308 switch (task->get_type(task))
309 {
a09972df 310 case TASK_MAIN_MODE:
26b55dc6
MW		 311 exchange = ID_PROT;
312 break;
744c0801
MW		 313 case TASK_QUICK_MODE:
314 exchange = QUICK_MODE;
315 break;
52ac2ceb
CO		 316 case TASK_XAUTH_REQUEST:
317 exchange = TRANSACTION;
318 new_mid = TRUE;
319 break;
26b55dc6
MW		 320 default:
321 continue;
322 }
323 break;
324 }
325 enumerator->destroy(enumerator);
326 }
327
73aaf76b 328 if (exchange == EXCHANGE_TYPE_UNDEFINED)
26b55dc6
MW		 329 {
330 DBG2(DBG_IKE, "nothing to initiate");
331 /* nothing to do yet... */
332 return SUCCESS;
333 }
334
335 me = this->ike_sa->get_my_host(this->ike_sa);
336 other = this->ike_sa->get_other_host(this->ike_sa);
337
338 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
3e246c48 339 if (new_mid)
26b55dc6 340 {
73aaf76b
MW		 341 this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
342 (void*)&this->initiating.mid);
26b55dc6 343 }
3e246c48 344 message->set_message_id(message, this->initiating.mid);
26b55dc6
MW		 345 message->set_source(message, me->clone(me));
346 message->set_destination(message, other->clone(other));
347 message->set_exchange_type(message, exchange);
348 this->initiating.type = exchange;
349 this->initiating.retransmitted = 0;
350
351 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
352 while (enumerator->enumerate(enumerator, (void*)&task))
353 {
354 switch (task->build(task, message))
355 {
356 case SUCCESS:
357 /* task completed, remove it */
358 this->active_tasks->remove_at(this->active_tasks, enumerator);
359 task->destroy(task);
360 break;
361 case NEED_MORE:
751bd02e 362 expect_response = TRUE;
26b55dc6
MW		 363 /* processed, but task needs another exchange */
364 break;
365 case FAILED:
366 default:
367 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
368 {
369 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
370 }
371 /* FALL */
372 case DESTROY_ME:
373 /* critical failure, destroy IKE_SA */
374 enumerator->destroy(enumerator);
375 message->destroy(message);
376 flush(this);
377 return DESTROY_ME;
378 }
379 }
380 enumerator->destroy(enumerator);
381
382 /* update exchange type if a task changed it */
383 this->initiating.type = message->get_exchange_type(message);
751bd02e 384 this->initiating.seqnr++;
26b55dc6
MW		 385
386 status = this->ike_sa->generate_message(this->ike_sa, message,
387 &this->initiating.packet);
388 if (status != SUCCESS)
389 {
390 /* message generation failed. There is nothing more to do than to
391 * close the SA */
392 message->destroy(message);
393 flush(this);
394 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
395 return DESTROY_ME;
396 }
397 message->destroy(message);
398
751bd02e
CO		 399 if (expect_response)
400 {
401 return retransmit(this, this->initiating.seqnr);
402 }
403 else
404 {
405 charon->sender->send(charon->sender,
406 this->initiating.packet->clone(this->initiating.packet));
26b55dc6 407
751bd02e
CO		 408 this->initiating.packet->destroy(this->initiating.packet);
409 this->initiating.packet = NULL;
410 return SUCCESS;
411 }
4a09d9ee
MW		 412}
413
414/**
415 * handle exchange collisions
416 */
417static bool handle_collisions(private_task_manager_t *this, task_t *task)
418{
419 return FALSE;
420}
421
422/**
423 * build a response depending on the "passive" task list
424 */
425static status_t build_response(private_task_manager_t *this, message_t *request)
426{
427 enumerator_t *enumerator;
428 task_t *task;
429 message_t *message;
430 host_t *me, *other;
431 bool delete = FALSE;
432 status_t status;
433
434 me = request->get_destination(request);
435 other = request->get_source(request);
436
437 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
438 message->set_exchange_type(message, request->get_exchange_type(request));
439 /* send response along the path the request came in */
440 message->set_source(message, me->clone(me));
441 message->set_destination(message, other->clone(other));
73aaf76b 442 message->set_message_id(message, request->get_message_id(request));
4a09d9ee
MW		 443 message->set_request(message, FALSE);
444
445 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
446 while (enumerator->enumerate(enumerator, (void*)&task))
447 {
448 switch (task->build(task, message))
449 {
450 case SUCCESS:
451 /* task completed, remove it */
452 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
453 if (!handle_collisions(this, task))
454 {
455 task->destroy(task);
456 }
457 break;
458 case NEED_MORE:
459 /* processed, but task needs another exchange */
460 if (handle_collisions(this, task))
461 {
462 this->passive_tasks->remove_at(this->passive_tasks,
463 enumerator);
464 }
465 break;
466 case FAILED:
467 default:
468 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
469 /* FALL */
470 case DESTROY_ME:
471 /* destroy IKE_SA, but SEND response first */
472 delete = TRUE;
473 break;
474 }
475 if (delete)
476 {
477 break;
478 }
479 }
480 enumerator->destroy(enumerator);
481
482 /* message complete, send it */
483 DESTROY_IF(this->responding.packet);
484 this->responding.packet = NULL;
485 status = this->ike_sa->generate_message(this->ike_sa, message,
486 &this->responding.packet);
487 message->destroy(message);
488 if (status != SUCCESS)
489 {
490 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
491 return DESTROY_ME;
492 }
493
494 charon->sender->send(charon->sender,
495 this->responding.packet->clone(this->responding.packet));
496 if (delete)
497 {
498 return DESTROY_ME;
499 }
500 return SUCCESS;
501}
502
503/**
504 * handle an incoming request message
505 */
506static status_t process_request(private_task_manager_t *this,
507 message_t *message)
508{
509 enumerator_t *enumerator;
510 task_t *task = NULL;
8cb6f4f9 511 bool send_response = FALSE;
07abb470
CO		 512 payload_t *payload;
513 notify_payload_t *notify;
4a09d9ee
MW		 514
515 if (this->passive_tasks->get_count(this->passive_tasks) == 0)
516 { /* create tasks depending on request type, if not already some queued */
517 switch (message->get_exchange_type(message))
518 {
519 case ID_PROT:
a2f8fc97 520 task = (task_t *)ike_vendor_v1_create(this->ike_sa, FALSE);
01685247 521 this->passive_tasks->insert_last(this->passive_tasks, task);
0bcdb8e5 522 task = (task_t*)ike_cert_pre_v1_create(this->ike_sa, FALSE);
8ad5cd1f 523 this->passive_tasks->insert_last(this->passive_tasks, task);
c73c832c
MW		 524 task = (task_t *)main_mode_create(this->ike_sa, FALSE);
525 this->passive_tasks->insert_last(this->passive_tasks, task);
c64a4b4f
MW		 526 task = (task_t*)ike_cert_post_v1_create(this->ike_sa, FALSE);
527 this->passive_tasks->insert_last(this->passive_tasks, task);
1cc4ec46
TB		 528 task = (task_t *)ike_natd_v1_create(this->ike_sa, FALSE);
529 this->passive_tasks->insert_last(this->passive_tasks, task);
4a09d9ee
MW		 530 break;
531 case AGGRESSIVE:
532 /* TODO-IKEv1: agressive mode */
533 return FAILED;
534 case QUICK_MODE:
744c0801
MW		 535 task = (task_t *)quick_mode_create(this->ike_sa, NULL,
536 NULL, NULL);
537 this->passive_tasks->insert_last(this->passive_tasks, task);
538 break;
4a09d9ee 539 case INFORMATIONAL_V1:
07abb470
CO		 540 enumerator = message->create_payload_enumerator(message);
541 while (enumerator->enumerate(enumerator, &payload))
542 {
543 switch (payload->get_type(payload))
544 {
545 case NOTIFY_V1:
546 {
547 notify = (notify_payload_t*)payload;
548 switch (notify->get_notify_type(notify))
549 {
550 /* TODO-IKEv1: Add notification types here as needed */
551 case INITIAL_CONTACT_IKEV1:
552 break;
553 default:
554 if(notify->get_notify_type(notify) < 16384)
555 {
556 DBG1(DBG_IKE, "Received %N error notification.", notify_type_names, notify->get_notify_type(notify));
557 return FAILED;
558 }
559 break;
560 }
561 break;
562 }
563 case DELETE_V1:
564 {
5d1eeec2
CO		 565 delete_payload_t *delete;
566 delete = (delete_payload_t*)payload;
567
568 if (delete->get_protocol_id(delete) == PROTO_IKE)
569 {
570 task = (task_t*)ike_delete_create(this->ike_sa,
571 FALSE);
572 }
573 else
574 {
575 task = (task_t*)child_delete_create(this->ike_sa,
576 PROTO_NONE, 0);
577 }
07abb470
CO		 578 break;
579 }
580 default:
581 break;
582 }
583 if (task)
584 {
5d1eeec2 585 this->passive_tasks->insert_last(this->passive_tasks, task);
07abb470
CO		 586 }
587 }
588 enumerator->destroy(enumerator);
589 break;
c5dc9d33
CO		 590 case TRANSACTION:
591 task = (task_t *)xauth_request_create(this->ike_sa, FALSE);
592 this->passive_tasks->insert_last(this->passive_tasks, task);
593 break;
4a09d9ee
MW		 594 default:
595 return FAILED;
596 }
597 }
598 /* let the tasks process the message */
599 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
600 while (enumerator->enumerate(enumerator, (void*)&task))
601 {
602 switch (task->process(task, message))
603 {
604 case SUCCESS:
605 /* task completed, remove it */
606 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
607 task->destroy(task);
8cb6f4f9 608 break;
4a09d9ee
MW		 609 case NEED_MORE:
610 /* processed, but task needs at least another call to build() */
8cb6f4f9 611 send_response = TRUE;
4a09d9ee
MW		 612 break;
613 case FAILED:
614 default:
615 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
616 /* FALL */
617 case DESTROY_ME:
618 /* critical failure, destroy IKE_SA */
619 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
620 enumerator->destroy(enumerator);
621 task->destroy(task);
622 return DESTROY_ME;
623 }
624 }
625 enumerator->destroy(enumerator);
626
8cb6f4f9
TB		 627 if (send_response)
628 {
629 return build_response(this, message);
630 }
631 return SUCCESS;
4a09d9ee
MW		 632}
633
26b55dc6
MW		 634/**
635 * handle an incoming response message
636 */
637static status_t process_response(private_task_manager_t *this,
638 message_t *message)
639{
640 enumerator_t *enumerator;
641 task_t *task;
642
643 if (message->get_exchange_type(message) != this->initiating.type)
644 {
645 DBG1(DBG_IKE, "received %N response, but expected %N",
646 exchange_type_names, message->get_exchange_type(message),
647 exchange_type_names, this->initiating.type);
648 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
649 return DESTROY_ME;
650 }
651
652 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
653 while (enumerator->enumerate(enumerator, (void*)&task))
654 {
655 switch (task->process(task, message))
656 {
657 case SUCCESS:
658 /* task completed, remove it */
659 this->active_tasks->remove_at(this->active_tasks, enumerator);
660 task->destroy(task);
661 break;
662 case NEED_MORE:
663 /* processed, but task needs another exchange */
664 break;
665 case FAILED:
666 default:
667 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
668 /* FALL */
669 case DESTROY_ME:
670 /* critical failure, destroy IKE_SA */
671 this->active_tasks->remove_at(this->active_tasks, enumerator);
672 enumerator->destroy(enumerator);
673 task->destroy(task);
674 return DESTROY_ME;
675 }
676 }
677 enumerator->destroy(enumerator);
678
679 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
680 this->initiating.packet->destroy(this->initiating.packet);
681 this->initiating.packet = NULL;
682
683 return initiate(this);
684}
685
b235e69c
TB		 686/**
687 * Send a notify in a separate INFORMATIONAL exchange back to the sender.
688 */
689static void send_notify_response(private_task_manager_t *this,
690 message_t *request, notify_type_t type,
691 chunk_t data)
692{
693 message_t *response;
694 packet_t *packet;
695 host_t *me, *other;
696 u_int32_t mid;
697
6be8d33d
TB		 698 if (request->get_exchange_type(request) == INFORMATIONAL_V1)
699 { /* don't respond to INFORMATIONAL requests to avoid a notify war */
700 DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
701 return;
702 }
703
b235e69c
TB		 704 response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
705 response->set_exchange_type(response, INFORMATIONAL_V1);
706 response->set_request(response, TRUE);
707 this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid);
708 response->set_message_id(response, mid);
709 response->add_notify(response, FALSE, type, data);
710 me = this->ike_sa->get_my_host(this->ike_sa);
711 if (me->is_anyaddr(me))
712 {
713 me = request->get_destination(request);
714 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
715 }
716 other = this->ike_sa->get_other_host(this->ike_sa);
717 if (other->is_anyaddr(other))
718 {
719 other = request->get_source(request);
720 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
721 }
722 response->set_source(response, me->clone(me));
723 response->set_destination(response, other->clone(other));
724 if (this->ike_sa->generate_message(this->ike_sa, response,
725 &packet) == SUCCESS)
726 {
727 charon->sender->send(charon->sender, packet);
728 }
729 response->destroy(response);
730}
731
732/**
733 * Parse the given message and verify that it is valid.
734 */
735static status_t parse_message(private_task_manager_t *this, message_t *msg)
736{
737 status_t status;
738
739 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
740
741 if (status != SUCCESS)
742 {
743 switch (status)
744 {
29a5e070
TB		 745 case NOT_SUPPORTED:
746 DBG1(DBG_IKE, "unsupported exchange type");
747 send_notify_response(this, msg,
748 INVALID_EXCHANGE_TYPE, chunk_empty);
749 break;
b235e69c
TB		 750 case PARSE_ERROR:
751 DBG1(DBG_IKE, "message parsing failed");
752 send_notify_response(this, msg,
753 PAYLOAD_MALFORMED, chunk_empty);
754 break;
755 case VERIFY_ERROR:
756 DBG1(DBG_IKE, "message verification failed");
757 send_notify_response(this, msg,
758 PAYLOAD_MALFORMED, chunk_empty);
759 break;
760 case FAILED:
761 DBG1(DBG_IKE, "integrity check failed");
762 send_notify_response(this, msg,
37639e94 763 INVALID_HASH_INFORMATION, chunk_empty);
b235e69c
TB		 764 break;
765 case INVALID_STATE:
766 DBG1(DBG_IKE, "found encrypted message, but no keys available");
767 send_notify_response(this, msg,
768 PAYLOAD_MALFORMED, chunk_empty);
769 default:
770 break;
771 }
772 DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
773 exchange_type_names, msg->get_exchange_type(msg),
774 msg->get_request(msg) ? "request" : "response",
775 msg->get_message_id(msg));
776
777 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
778 { /* invalid initiation attempt, close SA */
779 return DESTROY_ME;
780 }
781 }
782 return status;
783}
784
4a09d9ee
MW		 785METHOD(task_manager_t, process_message, status_t,
786 private_task_manager_t *this, message_t *msg)
787{
73aaf76b 788 u_int32_t hash, mid;
3d59c5c3 789 host_t *me, *other;
68c6863b 790 status_t status;
73aaf76b 791
1960312c 792 /* TODO-IKEv1: update hosts more selectively */
3d59c5c3
TB		 793 me = msg->get_destination(msg);
794 other = msg->get_source(msg);
68c6863b 795 mid = msg->get_message_id(msg);
1960312c 796
73aaf76b
MW		 797 if ((mid && mid == this->initiating.mid) ||
798 (this->initiating.mid == 0 &&
799 this->active_tasks->get_count(this->active_tasks)))
4a09d9ee 800 {
7519106d 801 msg->set_request(msg, FALSE);
b235e69c 802 status = parse_message(this, msg);
1960312c
TB		 803 if (status != SUCCESS)
804 {
805 return status;
806 }
807 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
808 time_monotonic(NULL));
3d59c5c3 809 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
73aaf76b
MW		 810 charon->bus->message(charon->bus, msg, FALSE);
811 if (process_response(this, msg) != SUCCESS)
4a09d9ee
MW		 812 {
813 flush(this);
814 return DESTROY_ME;
815 }
816 }
817 else
818 {
9cc8bd4f
MW		 819 hash = chunk_hash(msg->get_packet_data(msg));
820 if (hash == this->responding.hash)
73aaf76b
MW		 821 {
822 DBG1(DBG_IKE, "received retransmit of request with ID %d, "
823 "retransmitting response", mid);
824 charon->sender->send(charon->sender,
825 this->responding.packet->clone(this->responding.packet));
826 return SUCCESS;
827 }
7519106d 828 msg->set_request(msg, TRUE);
b235e69c 829 status = parse_message(this, msg);
1960312c
TB		 830 if (status != SUCCESS)
831 {
832 return status;
833 }
834 /* if this IKE_SA is virgin, we check for a config */
835 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
836 {
837 ike_sa_id_t *ike_sa_id;
838 ike_cfg_t *ike_cfg;
839 job_t *job;
840 ike_cfg = charon->backends->get_ike_cfg(charon->backends, me, other);
841 if (ike_cfg == NULL)
842 {
843 /* no config found for these hosts, destroy */
4cfd0db8
TB		 844 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
845 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
846 send_notify_response(this, msg,
847 NO_PROPOSAL_CHOSEN, chunk_empty);
1960312c
TB		 848 return DESTROY_ME;
849 }
850 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
851 ike_cfg->destroy(ike_cfg);
852 /* add a timeout if peer does not establish it completely */
853 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
854 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
855 lib->scheduler->schedule_job(lib->scheduler, job,
856 lib->settings->get_int(lib->settings,
857 "charon.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT));
858 }
859 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
860 time_monotonic(NULL));
3d59c5c3 861 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
73aaf76b
MW		 862 charon->bus->message(charon->bus, msg, TRUE);
863 if (process_request(this, msg) != SUCCESS)
26b55dc6
MW		 864 {
865 flush(this);
866 return DESTROY_ME;
867 }
73aaf76b 868
73aaf76b 869 this->responding.mid = mid;
9cc8bd4f 870 this->responding.hash = hash;
4a09d9ee
MW		 871 }
872 return SUCCESS;
873}
874
875METHOD(task_manager_t, queue_task, void,
876 private_task_manager_t *this, task_t *task)
877{
878 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
879 this->queued_tasks->insert_last(this->queued_tasks, task);
880}
881
882METHOD(task_manager_t, adopt_tasks, void,
883 private_task_manager_t *this, task_manager_t *other_public)
884{
885 private_task_manager_t *other = (private_task_manager_t*)other_public;
886 task_t *task;
887
888 /* move queued tasks from other to this */
889 while (other->queued_tasks->remove_last(other->queued_tasks,
890 (void**)&task) == SUCCESS)
891 {
892 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
893 task->migrate(task, this->ike_sa);
894 this->queued_tasks->insert_first(this->queued_tasks, task);
895 }
896}
897
898METHOD(task_manager_t, busy, bool,
899 private_task_manager_t *this)
900{
901 return (this->active_tasks->get_count(this->active_tasks) > 0);
902}
903
904METHOD(task_manager_t, incr_mid, void,
905 private_task_manager_t *this, bool initiate)
906{
4a09d9ee
MW		 907}
908
909METHOD(task_manager_t, reset, void,
910 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
911{
4a09d9ee
MW		 912}
913
914METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
915 private_task_manager_t *this, task_queue_t queue)
916{
917 switch (queue)
918 {
919 case TASK_QUEUE_ACTIVE:
920 return this->active_tasks->create_enumerator(this->active_tasks);
921 case TASK_QUEUE_PASSIVE:
922 return this->passive_tasks->create_enumerator(this->passive_tasks);
923 case TASK_QUEUE_QUEUED:
924 return this->queued_tasks->create_enumerator(this->queued_tasks);
925 default:
926 return enumerator_create_empty();
927 }
928}
929
930METHOD(task_manager_t, destroy, void,
931 private_task_manager_t *this)
932{
933 flush(this);
934
935 this->active_tasks->destroy(this->active_tasks);
936 this->queued_tasks->destroy(this->queued_tasks);
937 this->passive_tasks->destroy(this->passive_tasks);
938
939 DESTROY_IF(this->responding.packet);
940 DESTROY_IF(this->initiating.packet);
73aaf76b 941 DESTROY_IF(this->rng);
4a09d9ee
MW		 942 free(this);
943}
944
945/*
946 * see header file
947 */
948task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
949{
950 private_task_manager_t *this;
951
952 INIT(this,
953 .public = {
954 .task_manager = {
955 .process_message = _process_message,
956 .queue_task = _queue_task,
957 .initiate = _initiate,
958 .retransmit = _retransmit,
959 .incr_mid = _incr_mid,
960 .reset = _reset,
961 .adopt_tasks = _adopt_tasks,
962 .busy = _busy,
963 .create_task_enumerator = _create_task_enumerator,
964 .destroy = _destroy,
965 },
966 },
967 .ike_sa = ike_sa,
968 .initiating.type = EXCHANGE_TYPE_UNDEFINED,
73aaf76b 969 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
4a09d9ee
MW		 970 .queued_tasks = linked_list_create(),
971 .active_tasks = linked_list_create(),
972 .passive_tasks = linked_list_create(),
973 .retransmit_tries = lib->settings->get_int(lib->settings,
974 "charon.retransmit_tries", RETRANSMIT_TRIES),
975 .retransmit_timeout = lib->settings->get_double(lib->settings,
976 "charon.retransmit_timeout", RETRANSMIT_TIMEOUT),
977 .retransmit_base = lib->settings->get_double(lib->settings,
978 "charon.retransmit_base", RETRANSMIT_BASE),
979 );
980
981 return &this->public;
982}
Unnamed repository; edit this file 'description' to name the repository.