]>
Commit | Line | Data |
---|---|---|
17d92e97 MW |
1 | /* |
2 | * Copyright (C) 2007 Martin Willi | |
3 | * Hochschule fuer Technik Rapperswil | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
14 | */ | |
15 | ||
16 | #include "ike_mobike.h" | |
17 | ||
18 | #include <string.h> | |
19 | ||
f6659688 | 20 | #include <hydra.h> |
17d92e97 | 21 | #include <daemon.h> |
4cb9d7a7 | 22 | #include <sa/tasks/ike_natd.h> |
17d92e97 MW |
23 | #include <encoding/payloads/notify_payload.h> |
24 | ||
85a119bc | 25 | #define COOKIE2_SIZE 16 |
a1466a3e | 26 | #define MAX_ADDITIONAL_ADDRS 8 |
17d92e97 MW |
27 | |
28 | typedef struct private_ike_mobike_t private_ike_mobike_t; | |
29 | ||
30 | /** | |
31 | * Private members of a ike_mobike_t task. | |
32 | */ | |
33 | struct private_ike_mobike_t { | |
7daf5226 | 34 | |
17d92e97 MW |
35 | /** |
36 | * Public methods and task_t interface. | |
37 | */ | |
38 | ike_mobike_t public; | |
7daf5226 | 39 | |
17d92e97 MW |
40 | /** |
41 | * Assigned IKE_SA. | |
42 | */ | |
43 | ike_sa_t *ike_sa; | |
7daf5226 | 44 | |
17d92e97 MW |
45 | /** |
46 | * Are we the initiator? | |
47 | */ | |
48 | bool initiator; | |
7daf5226 | 49 | |
17d92e97 | 50 | /** |
3bc62fe7 | 51 | * cookie2 value to verify new addresses |
17d92e97 | 52 | */ |
3bc62fe7 | 53 | chunk_t cookie2; |
7daf5226 | 54 | |
17d92e97 | 55 | /** |
3bc62fe7 | 56 | * NAT discovery reusing the IKE_NATD task |
17d92e97 | 57 | */ |
3bc62fe7 | 58 | ike_natd_t *natd; |
7daf5226 | 59 | |
4cb9d7a7 | 60 | /** |
3bc62fe7 | 61 | * use task to update addresses |
4cb9d7a7 | 62 | */ |
5474dc65 | 63 | bool update; |
7daf5226 | 64 | |
5474dc65 MW |
65 | /** |
66 | * do routability check | |
67 | */ | |
68 | bool check; | |
7daf5226 | 69 | |
4cb9d7a7 | 70 | /** |
3bc62fe7 | 71 | * include address list update |
4cb9d7a7 | 72 | */ |
3bc62fe7 | 73 | bool address; |
17d92e97 MW |
74 | }; |
75 | ||
76 | /** | |
77 | * flush the IKE_SAs list of additional addresses | |
78 | */ | |
79 | static void flush_additional_addresses(private_ike_mobike_t *this) | |
80 | { | |
81 | iterator_t *iterator; | |
82 | host_t *host; | |
7daf5226 | 83 | |
17d92e97 MW |
84 | iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa); |
85 | while (iterator->iterate(iterator, (void**)&host)) | |
86 | { | |
87 | iterator->remove(iterator); | |
88 | host->destroy(host); | |
89 | } | |
90 | iterator->destroy(iterator); | |
91 | } | |
92 | ||
93 | ||
94 | /** | |
95 | * read notifys from message and evaluate them | |
96 | */ | |
97 | static void process_payloads(private_ike_mobike_t *this, message_t *message) | |
98 | { | |
a44bb934 | 99 | enumerator_t *enumerator; |
17d92e97 MW |
100 | payload_t *payload; |
101 | bool first = TRUE; | |
7daf5226 | 102 | |
a44bb934 MW |
103 | enumerator = message->create_payload_enumerator(message); |
104 | while (enumerator->enumerate(enumerator, &payload)) | |
17d92e97 MW |
105 | { |
106 | int family = AF_INET; | |
107 | notify_payload_t *notify; | |
108 | chunk_t data; | |
109 | host_t *host; | |
7daf5226 | 110 | |
17d92e97 MW |
111 | if (payload->get_type(payload) != NOTIFY) |
112 | { | |
113 | continue; | |
114 | } | |
115 | notify = (notify_payload_t*)payload; | |
116 | switch (notify->get_notify_type(notify)) | |
117 | { | |
118 | case MOBIKE_SUPPORTED: | |
119 | { | |
78279973 | 120 | peer_cfg_t *peer_cfg; |
7daf5226 | 121 | |
78279973 | 122 | peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); |
7daf5226 | 123 | if (!this->initiator && |
78279973 MW |
124 | peer_cfg && !peer_cfg->use_mobike(peer_cfg)) |
125 | { | |
126 | DBG1(DBG_IKE, "peer supports MOBIKE, but disabled in config"); | |
127 | } | |
128 | else | |
129 | { | |
130 | DBG1(DBG_IKE, "peer supports MOBIKE"); | |
131 | this->ike_sa->enable_extension(this->ike_sa, EXT_MOBIKE); | |
132 | } | |
17d92e97 MW |
133 | break; |
134 | } | |
85a119bc MW |
135 | case COOKIE2: |
136 | { | |
137 | chunk_free(&this->cookie2); | |
138 | this->cookie2 = chunk_clone(notify->get_notification_data(notify)); | |
139 | break; | |
140 | } | |
17d92e97 MW |
141 | case ADDITIONAL_IP6_ADDRESS: |
142 | { | |
143 | family = AF_INET6; | |
144 | /* fall through */ | |
145 | } | |
146 | case ADDITIONAL_IP4_ADDRESS: | |
147 | { | |
148 | if (first) | |
149 | { /* an ADDITIONAL_*_ADDRESS means replace, so flush once */ | |
150 | flush_additional_addresses(this); | |
4cb9d7a7 | 151 | first = FALSE; |
17d92e97 MW |
152 | } |
153 | data = notify->get_notification_data(notify); | |
154 | host = host_create_from_chunk(family, data, 0); | |
155 | DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host); | |
156 | this->ike_sa->add_additional_address(this->ike_sa, host); | |
157 | break; | |
158 | } | |
3bc62fe7 MW |
159 | case UPDATE_SA_ADDRESSES: |
160 | { | |
5474dc65 | 161 | this->update = TRUE; |
3bc62fe7 MW |
162 | break; |
163 | } | |
17d92e97 MW |
164 | case NO_ADDITIONAL_ADDRESSES: |
165 | { | |
166 | flush_additional_addresses(this); | |
167 | break; | |
168 | } | |
fc2d1c42 MW |
169 | case NAT_DETECTION_SOURCE_IP: |
170 | case NAT_DETECTION_DESTINATION_IP: | |
171 | { | |
172 | /* NAT check in this MOBIKE exchange, create subtask for it */ | |
173 | if (this->natd == NULL) | |
174 | { | |
175 | this->natd = ike_natd_create(this->ike_sa, this->initiator); | |
176 | } | |
177 | break; | |
178 | } | |
17d92e97 MW |
179 | default: |
180 | break; | |
181 | } | |
182 | } | |
a44bb934 | 183 | enumerator->destroy(enumerator); |
17d92e97 MW |
184 | } |
185 | ||
186 | /** | |
187 | * Add ADDITIONAL_*_ADDRESS notifys depending on our address list | |
188 | */ | |
189 | static void build_address_list(private_ike_mobike_t *this, message_t *message) | |
190 | { | |
507f26f6 | 191 | enumerator_t *enumerator; |
17d92e97 MW |
192 | host_t *host, *me; |
193 | notify_type_t type; | |
a1466a3e | 194 | int added = 0; |
7daf5226 | 195 | |
17d92e97 | 196 | me = this->ike_sa->get_my_host(this->ike_sa); |
f6659688 TB |
197 | enumerator = hydra->kernel_interface->create_address_enumerator( |
198 | hydra->kernel_interface, FALSE, FALSE); | |
507f26f6 | 199 | while (enumerator->enumerate(enumerator, (void**)&host)) |
17d92e97 MW |
200 | { |
201 | if (me->ip_equals(me, host)) | |
202 | { /* "ADDITIONAL" means do not include IKE_SAs host */ | |
203 | continue; | |
204 | } | |
205 | switch (host->get_family(host)) | |
206 | { | |
207 | case AF_INET: | |
208 | type = ADDITIONAL_IP4_ADDRESS; | |
209 | break; | |
210 | case AF_INET6: | |
211 | type = ADDITIONAL_IP6_ADDRESS; | |
212 | break; | |
213 | default: | |
214 | continue; | |
215 | } | |
216 | message->add_notify(message, FALSE, type, host->get_address(host)); | |
a1466a3e MW |
217 | if (++added >= MAX_ADDITIONAL_ADDRS) |
218 | { /* limit number of notifys, some implementations do not like too | |
219 | * many of them (f.e. strongSwan ;-) */ | |
220 | break; | |
221 | } | |
17d92e97 | 222 | } |
a1466a3e | 223 | if (!added) |
17d92e97 MW |
224 | { |
225 | message->add_notify(message, FALSE, NO_ADDITIONAL_ADDRESSES, chunk_empty); | |
226 | } | |
507f26f6 | 227 | enumerator->destroy(enumerator); |
17d92e97 MW |
228 | } |
229 | ||
85a119bc | 230 | /** |
7daf5226 | 231 | * build a cookie and add it to the message |
85a119bc MW |
232 | */ |
233 | static void build_cookie(private_ike_mobike_t *this, message_t *message) | |
234 | { | |
235 | rng_t *rng; | |
236 | ||
237 | chunk_free(&this->cookie2); | |
238 | rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); | |
239 | if (rng) | |
240 | { | |
241 | rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2); | |
242 | rng->destroy(rng); | |
243 | message->add_notify(message, FALSE, COOKIE2, this->cookie2); | |
244 | } | |
245 | } | |
246 | ||
3bc62fe7 MW |
247 | /** |
248 | * update addresses of associated CHILD_SAs | |
249 | */ | |
250 | static void update_children(private_ike_mobike_t *this) | |
251 | { | |
252 | iterator_t *iterator; | |
253 | child_sa_t *child_sa; | |
7daf5226 | 254 | |
3bc62fe7 MW |
255 | iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa); |
256 | while (iterator->iterate(iterator, (void**)&child_sa)) | |
257 | { | |
3aaf7908 | 258 | if (child_sa->update(child_sa, |
7daf5226 | 259 | this->ike_sa->get_my_host(this->ike_sa), |
ea625fab TB |
260 | this->ike_sa->get_other_host(this->ike_sa), |
261 | this->ike_sa->get_virtual_ip(this->ike_sa, TRUE), | |
262 | this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)) == NOT_SUPPORTED) | |
263 | { | |
264 | this->ike_sa->rekey_child_sa(this->ike_sa, | |
265 | child_sa->get_protocol(child_sa), | |
266 | child_sa->get_spi(child_sa, TRUE)); | |
267 | } | |
3bc62fe7 MW |
268 | } |
269 | iterator->destroy(iterator); | |
270 | } | |
271 | ||
cc2eadde | 272 | /** |
be901342 | 273 | * Apply the port of the old host, if its ip equals the new, use port otherwise. |
cc2eadde | 274 | */ |
be901342 | 275 | static void apply_port(host_t *host, host_t *old, u_int16_t port) |
cc2eadde MW |
276 | { |
277 | if (host->ip_equals(host, old)) | |
278 | { | |
be901342 | 279 | port = old->get_port(old); |
cc2eadde | 280 | } |
be901342 | 281 | else if (port == IKEV2_UDP_PORT) |
cc2eadde | 282 | { |
be901342 | 283 | port = IKEV2_NATT_PORT; |
cc2eadde | 284 | } |
be901342 | 285 | host->set_port(host, port); |
cc2eadde MW |
286 | } |
287 | ||
c817e7bb TB |
288 | METHOD(ike_mobike_t, transmit, void, |
289 | private_ike_mobike_t *this, packet_t *packet) | |
5474dc65 MW |
290 | { |
291 | host_t *me, *other, *me_old, *other_old; | |
292 | iterator_t *iterator; | |
cc2eadde | 293 | ike_cfg_t *ike_cfg; |
5474dc65 | 294 | packet_t *copy; |
7daf5226 | 295 | |
5474dc65 MW |
296 | if (!this->check) |
297 | { | |
298 | return; | |
299 | } | |
300 | ||
301 | me_old = this->ike_sa->get_my_host(this->ike_sa); | |
302 | other_old = this->ike_sa->get_other_host(this->ike_sa); | |
cc2eadde | 303 | ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); |
7daf5226 | 304 | |
f6659688 TB |
305 | me = hydra->kernel_interface->get_source_addr( |
306 | hydra->kernel_interface, other_old, NULL); | |
5474dc65 MW |
307 | if (me) |
308 | { | |
be901342 | 309 | apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg)); |
387a6e6c MW |
310 | DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old); |
311 | copy = packet->clone(packet); | |
312 | copy->set_source(copy, me); | |
313 | charon->sender->send(charon->sender, copy); | |
5474dc65 | 314 | } |
7daf5226 | 315 | |
5474dc65 MW |
316 | iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa); |
317 | while (iterator->iterate(iterator, (void**)&other)) | |
318 | { | |
f6659688 TB |
319 | me = hydra->kernel_interface->get_source_addr( |
320 | hydra->kernel_interface, other, NULL); | |
5474dc65 MW |
321 | if (me) |
322 | { | |
de3d65a1 MW |
323 | if (me->get_family(me) != other->get_family(other)) |
324 | { | |
325 | me->destroy(me); | |
326 | continue; | |
327 | } | |
5474dc65 | 328 | /* reuse port for an active address, 4500 otherwise */ |
be901342 | 329 | apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg)); |
5474dc65 | 330 | other = other->clone(other); |
be901342 | 331 | apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg)); |
d9d69536 | 332 | DBG1(DBG_IKE, "checking path %#H - %#H", me, other); |
5474dc65 MW |
333 | copy = packet->clone(packet); |
334 | copy->set_source(copy, me); | |
335 | copy->set_destination(copy, other); | |
336 | charon->sender->send(charon->sender, copy); | |
337 | } | |
338 | } | |
339 | iterator->destroy(iterator); | |
340 | } | |
341 | ||
c817e7bb TB |
342 | METHOD(task_t, build_i, status_t, |
343 | private_ike_mobike_t *this, message_t *message) | |
17d92e97 | 344 | { |
31e7dc4d TB |
345 | if (message->get_exchange_type(message) == IKE_AUTH && |
346 | message->get_message_id(message) == 1) | |
a44bb934 | 347 | { /* only in first IKE_AUTH */ |
17d92e97 MW |
348 | message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty); |
349 | build_address_list(this, message); | |
350 | } | |
c8739590 | 351 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
3bc62fe7 | 352 | { |
f0974eb2 | 353 | host_t *old, *new; |
7daf5226 MW |
354 | |
355 | /* we check if the existing address is still valid */ | |
f0974eb2 | 356 | old = message->get_source(message); |
f6659688 | 357 | new = hydra->kernel_interface->get_source_addr(hydra->kernel_interface, |
f0974eb2 MW |
358 | message->get_destination(message), old); |
359 | if (new) | |
360 | { | |
361 | if (!new->ip_equals(new, old)) | |
362 | { | |
363 | new->set_port(new, old->get_port(old)); | |
364 | message->set_source(message, new); | |
365 | } | |
366 | else | |
367 | { | |
368 | new->destroy(new); | |
369 | } | |
370 | } | |
5474dc65 | 371 | if (this->update) |
fc2d1c42 | 372 | { |
31e7dc4d TB |
373 | message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES, |
374 | chunk_empty); | |
85a119bc | 375 | build_cookie(this, message); |
5474dc65 | 376 | update_children(this); |
fc2d1c42 | 377 | } |
3bc62fe7 MW |
378 | if (this->address) |
379 | { | |
380 | build_address_list(this, message); | |
381 | } | |
5474dc65 MW |
382 | if (this->natd) |
383 | { | |
384 | this->natd->task.build(&this->natd->task, message); | |
385 | } | |
4cb9d7a7 | 386 | } |
17d92e97 MW |
387 | return NEED_MORE; |
388 | } | |
389 | ||
c817e7bb TB |
390 | METHOD(task_t, process_r, status_t, |
391 | private_ike_mobike_t *this, message_t *message) | |
4cb9d7a7 | 392 | { |
31e7dc4d TB |
393 | if (message->get_exchange_type(message) == IKE_AUTH && |
394 | message->get_message_id(message) == 1) | |
a44bb934 | 395 | { /* only first IKE_AUTH */ |
4cb9d7a7 MW |
396 | process_payloads(this, message); |
397 | } | |
fc2d1c42 MW |
398 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
399 | { | |
400 | process_payloads(this, message); | |
5474dc65 | 401 | if (this->update) |
3bc62fe7 MW |
402 | { |
403 | host_t *me, *other; | |
7daf5226 | 404 | |
3bc62fe7 MW |
405 | me = message->get_destination(message); |
406 | other = message->get_source(message); | |
407 | this->ike_sa->set_my_host(this->ike_sa, me->clone(me)); | |
408 | this->ike_sa->set_other_host(this->ike_sa, other->clone(other)); | |
409 | } | |
7daf5226 | 410 | |
fc2d1c42 MW |
411 | if (this->natd) |
412 | { | |
413 | this->natd->task.process(&this->natd->task, message); | |
414 | } | |
415 | } | |
17d92e97 MW |
416 | return NEED_MORE; |
417 | } | |
418 | ||
c817e7bb TB |
419 | METHOD(task_t, build_r, status_t, |
420 | private_ike_mobike_t *this, message_t *message) | |
17d92e97 MW |
421 | { |
422 | if (message->get_exchange_type(message) == IKE_AUTH && | |
b8249ff5 | 423 | this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) |
17d92e97 MW |
424 | { |
425 | if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) | |
426 | { | |
427 | message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty); | |
428 | build_address_list(this, message); | |
429 | } | |
430 | return SUCCESS; | |
431 | } | |
2b3100b5 MW |
432 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
433 | { | |
fc2d1c42 MW |
434 | if (this->natd) |
435 | { | |
436 | this->natd->task.build(&this->natd->task, message); | |
437 | } | |
85a119bc MW |
438 | if (this->cookie2.ptr) |
439 | { | |
440 | message->add_notify(message, FALSE, COOKIE2, this->cookie2); | |
441 | chunk_free(&this->cookie2); | |
442 | } | |
5474dc65 | 443 | if (this->update) |
3bc62fe7 MW |
444 | { |
445 | update_children(this); | |
446 | } | |
2b3100b5 MW |
447 | return SUCCESS; |
448 | } | |
17d92e97 MW |
449 | return NEED_MORE; |
450 | } | |
451 | ||
c817e7bb TB |
452 | METHOD(task_t, process_i, status_t, |
453 | private_ike_mobike_t *this, message_t *message) | |
17d92e97 MW |
454 | { |
455 | if (message->get_exchange_type(message) == IKE_AUTH && | |
b8249ff5 | 456 | this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) |
17d92e97 MW |
457 | { |
458 | process_payloads(this, message); | |
459 | return SUCCESS; | |
460 | } | |
2b3100b5 MW |
461 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
462 | { | |
3bc62fe7 MW |
463 | u_int32_t updates = this->ike_sa->get_pending_updates(this->ike_sa) - 1; |
464 | this->ike_sa->set_pending_updates(this->ike_sa, updates); | |
465 | if (updates > 0) | |
466 | { | |
467 | /* newer update queued, ignore this one */ | |
468 | return SUCCESS; | |
469 | } | |
85a119bc | 470 | if (this->cookie2.ptr) |
9d9a772e | 471 | { /* check cookie if we included one */ |
85a119bc | 472 | chunk_t cookie2; |
7daf5226 | 473 | |
85a119bc MW |
474 | cookie2 = this->cookie2; |
475 | this->cookie2 = chunk_empty; | |
476 | process_payloads(this, message); | |
477 | if (!chunk_equals(cookie2, this->cookie2)) | |
478 | { | |
479 | chunk_free(&cookie2); | |
480 | DBG1(DBG_IKE, "COOKIE2 mismatch, closing IKE_SA"); | |
481 | return FAILED; | |
482 | } | |
483 | chunk_free(&cookie2); | |
484 | } | |
485 | else | |
486 | { | |
487 | process_payloads(this, message); | |
488 | } | |
fc2d1c42 MW |
489 | if (this->natd) |
490 | { | |
491 | this->natd->task.process(&this->natd->task, message); | |
9d9a772e MW |
492 | if (this->natd->has_mapping_changed(this->natd)) |
493 | { | |
494 | /* force an update if mappings have changed */ | |
495 | this->update = this->check = TRUE; | |
496 | DBG1(DBG_IKE, "detected changes in NAT mappings, " | |
497 | "initiating MOBIKE update"); | |
498 | } | |
fc2d1c42 | 499 | } |
5474dc65 | 500 | if (this->update) |
3bc62fe7 MW |
501 | { |
502 | /* update again, as NAT state may have changed */ | |
503 | update_children(this); | |
504 | } | |
5474dc65 MW |
505 | if (this->check) |
506 | { | |
507 | host_t *me_new, *me_old, *other_new, *other_old; | |
7daf5226 | 508 | |
5474dc65 MW |
509 | me_new = message->get_destination(message); |
510 | other_new = message->get_source(message); | |
511 | me_old = this->ike_sa->get_my_host(this->ike_sa); | |
512 | other_old = this->ike_sa->get_other_host(this->ike_sa); | |
7daf5226 | 513 | |
5474dc65 MW |
514 | if (!me_new->equals(me_new, me_old)) |
515 | { | |
516 | this->update = TRUE; | |
517 | this->ike_sa->set_my_host(this->ike_sa, me_new->clone(me_new)); | |
7daf5226 | 518 | } |
5474dc65 MW |
519 | if (!other_new->equals(other_new, other_old)) |
520 | { | |
521 | this->update = TRUE; | |
522 | this->ike_sa->set_other_host(this->ike_sa, other_new->clone(other_new)); | |
523 | } | |
524 | if (this->update) | |
525 | { | |
526 | /* start the update with the same task */ | |
527 | this->check = FALSE; | |
528 | this->address = FALSE; | |
12d4186f MW |
529 | if (this->natd) |
530 | { | |
531 | this->natd->task.destroy(&this->natd->task); | |
532 | } | |
12fa4387 | 533 | this->natd = ike_natd_create(this->ike_sa, this->initiator); |
5474dc65 MW |
534 | this->ike_sa->set_pending_updates(this->ike_sa, 1); |
535 | return NEED_MORE; | |
536 | } | |
537 | } | |
2b3100b5 MW |
538 | return SUCCESS; |
539 | } | |
17d92e97 MW |
540 | return NEED_MORE; |
541 | } | |
542 | ||
c817e7bb TB |
543 | METHOD(ike_mobike_t, roam, void, |
544 | private_ike_mobike_t *this, bool address) | |
17d92e97 | 545 | { |
5474dc65 | 546 | this->check = TRUE; |
3bc62fe7 | 547 | this->address = address; |
7daf5226 | 548 | this->ike_sa->set_pending_updates(this->ike_sa, |
c817e7bb | 549 | this->ike_sa->get_pending_updates(this->ike_sa) + 1); |
17d92e97 MW |
550 | } |
551 | ||
c817e7bb TB |
552 | METHOD(ike_mobike_t, dpd, void, |
553 | private_ike_mobike_t *this) | |
9d9a772e MW |
554 | { |
555 | if (!this->natd) | |
556 | { | |
557 | this->natd = ike_natd_create(this->ike_sa, this->initiator); | |
558 | } | |
559 | this->address = FALSE; | |
7daf5226 | 560 | this->ike_sa->set_pending_updates(this->ike_sa, |
c817e7bb | 561 | this->ike_sa->get_pending_updates(this->ike_sa) + 1); |
9d9a772e MW |
562 | } |
563 | ||
c817e7bb TB |
564 | METHOD(ike_mobike_t, is_probing, bool, |
565 | private_ike_mobike_t *this) | |
f215e919 MW |
566 | { |
567 | return this->check; | |
568 | } | |
569 | ||
c817e7bb TB |
570 | METHOD(task_t, get_type, task_type_t, |
571 | private_ike_mobike_t *this) | |
17d92e97 MW |
572 | { |
573 | return IKE_MOBIKE; | |
574 | } | |
575 | ||
c817e7bb TB |
576 | METHOD(task_t, migrate, void, |
577 | private_ike_mobike_t *this, ike_sa_t *ike_sa) | |
17d92e97 | 578 | { |
4cb9d7a7 | 579 | chunk_free(&this->cookie2); |
17d92e97 | 580 | this->ike_sa = ike_sa; |
4cb9d7a7 MW |
581 | if (this->natd) |
582 | { | |
583 | this->natd->task.migrate(&this->natd->task, ike_sa); | |
584 | } | |
17d92e97 MW |
585 | } |
586 | ||
c817e7bb TB |
587 | METHOD(task_t, destroy, void, |
588 | private_ike_mobike_t *this) | |
17d92e97 | 589 | { |
4cb9d7a7 MW |
590 | chunk_free(&this->cookie2); |
591 | if (this->natd) | |
592 | { | |
593 | this->natd->task.destroy(&this->natd->task); | |
594 | } | |
17d92e97 MW |
595 | free(this); |
596 | } | |
597 | ||
598 | /* | |
599 | * Described in header. | |
600 | */ | |
601 | ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator) | |
602 | { | |
c817e7bb TB |
603 | private_ike_mobike_t *this; |
604 | ||
605 | INIT(this, | |
606 | .public = { | |
607 | .task = { | |
608 | .get_type = _get_type, | |
609 | .migrate = _migrate, | |
610 | .destroy = _destroy, | |
611 | }, | |
612 | .roam = _roam, | |
613 | .dpd = _dpd, | |
614 | .transmit = _transmit, | |
615 | .is_probing = _is_probing, | |
616 | }, | |
617 | .ike_sa = ike_sa, | |
618 | .initiator = initiator, | |
619 | .address = TRUE, | |
620 | ); | |
7daf5226 | 621 | |
17d92e97 MW |
622 | if (initiator) |
623 | { | |
c817e7bb TB |
624 | this->public.task.build = _build_i; |
625 | this->public.task.process = _process_i; | |
17d92e97 MW |
626 | } |
627 | else | |
628 | { | |
c817e7bb TB |
629 | this->public.task.build = _build_r; |
630 | this->public.task.process = _process_r; | |
17d92e97 | 631 | } |
7daf5226 | 632 | |
17d92e97 MW |
633 | return &this->public; |
634 | } | |
635 |