]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libcharon/sa/ikev2/task_manager_v2.c
projects / people / ms / strongswan.git / blob
? search:


6ce9ba838bac56c36b65cc7a4ab66b9e4b0b7468
[people/ms/strongswan.git] / src / libcharon / sa / ikev2 / task_manager_v2.c
1 /*
2 * Copyright (C) 2007-2011 Tobias Brunner
3 * Copyright (C) 2007-2010 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "task_manager_v2.h"
18
19 #include <math.h>
20
21 #include <collections/array.h>
22 #include <daemon.h>
23 #include <sa/ikev2/tasks/ike_init.h>
24 #include <sa/ikev2/tasks/ike_natd.h>
25 #include <sa/ikev2/tasks/ike_mobike.h>
26 #include <sa/ikev2/tasks/ike_auth.h>
27 #include <sa/ikev2/tasks/ike_auth_lifetime.h>
28 #include <sa/ikev2/tasks/ike_cert_pre.h>
29 #include <sa/ikev2/tasks/ike_cert_post.h>
30 #include <sa/ikev2/tasks/ike_rekey.h>
31 #include <sa/ikev2/tasks/ike_reauth.h>
32 #include <sa/ikev2/tasks/ike_delete.h>
33 #include <sa/ikev2/tasks/ike_config.h>
34 #include <sa/ikev2/tasks/ike_dpd.h>
35 #include <sa/ikev2/tasks/ike_vendor.h>
36 #include <sa/ikev2/tasks/child_create.h>
37 #include <sa/ikev2/tasks/child_rekey.h>
38 #include <sa/ikev2/tasks/child_delete.h>
39 #include <encoding/payloads/delete_payload.h>
40 #include <encoding/payloads/unknown_payload.h>
41 #include <processing/jobs/retransmit_job.h>
42 #include <processing/jobs/delete_ike_sa_job.h>
43
44 #ifdef ME
45 #include <sa/ikev2/tasks/ike_me.h>
46 #endif
47
48 typedef struct exchange_t exchange_t;
49
50 /**
51 * An exchange in the air, used do detect and handle retransmission
52 */
53 struct exchange_t {
54
55 /**
56 * Message ID used for this transaction
57 */
58 u_int32_t mid;
59
60 /**
61 * generated packet for retransmission
62 */
63 packet_t *packet;
64 };
65
66 typedef struct private_task_manager_t private_task_manager_t;
67
68 /**
69 * private data of the task manager
70 */
71 struct private_task_manager_t {
72
73 /**
74 * public functions
75 */
76 task_manager_v2_t public;
77
78 /**
79 * associated IKE_SA we are serving
80 */
81 ike_sa_t *ike_sa;
82
83 /**
84 * Exchange we are currently handling as responder
85 */
86 struct {
87 /**
88 * Message ID of the exchange
89 */
90 u_int32_t mid;
91
92 /**
93 * packet for retransmission
94 */
95 packet_t *packet;
96
97 } responding;
98
99 /**
100 * Exchange we are currently handling as initiator
101 */
102 struct {
103 /**
104 * Message ID of the exchange
105 */
106 u_int32_t mid;
107
108 /**
109 * how many times we have retransmitted so far
110 */
111 u_int retransmitted;
112
113 /**
114 * packet for retransmission
115 */
116 packet_t *packet;
117
118 /**
119 * type of the initated exchange
120 */
121 exchange_type_t type;
122
123 } initiating;
124
125 /**
126 * Array of queued tasks not yet in action
127 */
128 array_t *queued_tasks;
129
130 /**
131 * Array of active tasks, initiated by ourselve
132 */
133 array_t *active_tasks;
134
135 /**
136 * Array of tasks initiated by peer
137 */
138 array_t *passive_tasks;
139
140 /**
141 * the task manager has been reset
142 */
143 bool reset;
144
145 /**
146 * Number of times we retransmit messages before giving up
147 */
148 u_int retransmit_tries;
149
150 /**
151 * Retransmission timeout
152 */
153 double retransmit_timeout;
154
155 /**
156 * Base to calculate retransmission timeout
157 */
158 double retransmit_base;
159 };
160
161 METHOD(task_manager_t, flush_queue, void,
162 private_task_manager_t *this, task_queue_t queue)
163 {
164 array_t *array;
165 task_t *task;
166
167 switch (queue)
168 {
169 case TASK_QUEUE_ACTIVE:
170 array = this->active_tasks;
171 break;
172 case TASK_QUEUE_PASSIVE:
173 array = this->passive_tasks;
174 break;
175 case TASK_QUEUE_QUEUED:
176 array = this->queued_tasks;
177 break;
178 default:
179 return;
180 }
181 while (array_remove(array, ARRAY_TAIL, &task))
182 {
183 task->destroy(task);
184 }
185 }
186
187 METHOD(task_manager_t, flush, void,
188 private_task_manager_t *this)
189 {
190 flush_queue(this, TASK_QUEUE_QUEUED);
191 flush_queue(this, TASK_QUEUE_PASSIVE);
192 flush_queue(this, TASK_QUEUE_ACTIVE);
193 }
194
195 /**
196 * move a task of a specific type from the queue to the active list
197 */
198 static bool activate_task(private_task_manager_t *this, task_type_t type)
199 {
200 enumerator_t *enumerator;
201 task_t *task;
202 bool found = FALSE;
203
204 enumerator = array_create_enumerator(this->queued_tasks);
205 while (enumerator->enumerate(enumerator, (void**)&task))
206 {
207 if (task->get_type(task) == type)
208 {
209 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
210 array_remove_at(this->queued_tasks, enumerator);
211 array_insert(this->active_tasks, ARRAY_TAIL, task);
212 found = TRUE;
213 break;
214 }
215 }
216 enumerator->destroy(enumerator);
217 return found;
218 }
219
220 METHOD(task_manager_t, retransmit, status_t,
221 private_task_manager_t *this, u_int32_t message_id)
222 {
223 if (this->initiating.packet && message_id == this->initiating.mid)
224 {
225 u_int32_t timeout;
226 job_t *job;
227 enumerator_t *enumerator;
228 packet_t *packet;
229 task_t *task;
230 ike_mobike_t *mobike = NULL;
231
232 /* check if we are retransmitting a MOBIKE routability check */
233 enumerator = array_create_enumerator(this->active_tasks);
234 while (enumerator->enumerate(enumerator, (void*)&task))
235 {
236 if (task->get_type(task) == TASK_IKE_MOBIKE)
237 {
238 mobike = (ike_mobike_t*)task;
239 if (!mobike->is_probing(mobike))
240 {
241 mobike = NULL;
242 }
243 break;
244 }
245 }
246 enumerator->destroy(enumerator);
247
248 if (mobike == NULL)
249 {
250 if (this->initiating.retransmitted <= this->retransmit_tries)
251 {
252 timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 *
253 pow(this->retransmit_base, this->initiating.retransmitted));
254 }
255 else
256 {
257 DBG1(DBG_IKE, "giving up after %d retransmits",
258 this->initiating.retransmitted - 1);
259 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT,
260 this->initiating.packet);
261 return DESTROY_ME;
262 }
263
264 if (this->initiating.retransmitted)
265 {
266 DBG1(DBG_IKE, "retransmit %d of request with message ID %d",
267 this->initiating.retransmitted, message_id);
268 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND,
269 this->initiating.packet);
270 }
271 packet = this->initiating.packet->clone(this->initiating.packet);
272 charon->sender->send(charon->sender, packet);
273 }
274 else
275 { /* for routeability checks, we use a more aggressive behavior */
276 if (this->initiating.retransmitted <= ROUTEABILITY_CHECK_TRIES)
277 {
278 timeout = ROUTEABILITY_CHECK_INTERVAL;
279 }
280 else
281 {
282 DBG1(DBG_IKE, "giving up after %d path probings",
283 this->initiating.retransmitted - 1);
284 return DESTROY_ME;
285 }
286
287 if (this->initiating.retransmitted)
288 {
289 DBG1(DBG_IKE, "path probing attempt %d",
290 this->initiating.retransmitted);
291 }
292 mobike->transmit(mobike, this->initiating.packet);
293 }
294
295 this->initiating.retransmitted++;
296 job = (job_t*)retransmit_job_create(this->initiating.mid,
297 this->ike_sa->get_id(this->ike_sa));
298 lib->scheduler->schedule_job_ms(lib->scheduler, job, timeout);
299 }
300 return SUCCESS;
301 }
302
303 METHOD(task_manager_t, initiate, status_t,
304 private_task_manager_t *this)
305 {
306 enumerator_t *enumerator;
307 task_t *task;
308 message_t *message;
309 host_t *me, *other;
310 status_t status;
311 exchange_type_t exchange = 0;
312
313 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
314 {
315 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
316 exchange_type_names, this->initiating.type);
317 /* do not initiate if we already have a message in the air */
318 return SUCCESS;
319 }
320
321 if (array_count(this->active_tasks) == 0)
322 {
323 DBG2(DBG_IKE, "activating new tasks");
324 switch (this->ike_sa->get_state(this->ike_sa))
325 {
326 case IKE_CREATED:
327 activate_task(this, TASK_IKE_VENDOR);
328 if (activate_task(this, TASK_IKE_INIT))
329 {
330 this->initiating.mid = 0;
331 exchange = IKE_SA_INIT;
332 activate_task(this, TASK_IKE_NATD);
333 activate_task(this, TASK_IKE_CERT_PRE);
334 #ifdef ME
335 /* this task has to be activated before the TASK_IKE_AUTH
336 * task, because that task pregenerates the packet after
337 * which no payloads can be added to the message anymore.
338 */
339 activate_task(this, TASK_IKE_ME);
340 #endif /* ME */
341 activate_task(this, TASK_IKE_AUTH);
342 activate_task(this, TASK_IKE_CERT_POST);
343 activate_task(this, TASK_IKE_CONFIG);
344 activate_task(this, TASK_CHILD_CREATE);
345 activate_task(this, TASK_IKE_AUTH_LIFETIME);
346 activate_task(this, TASK_IKE_MOBIKE);
347 }
348 break;
349 case IKE_ESTABLISHED:
350 if (activate_task(this, TASK_CHILD_CREATE))
351 {
352 exchange = CREATE_CHILD_SA;
353 break;
354 }
355 if (activate_task(this, TASK_CHILD_DELETE))
356 {
357 exchange = INFORMATIONAL;
358 break;
359 }
360 if (activate_task(this, TASK_CHILD_REKEY))
361 {
362 exchange = CREATE_CHILD_SA;
363 break;
364 }
365 if (activate_task(this, TASK_IKE_DELETE))
366 {
367 exchange = INFORMATIONAL;
368 break;
369 }
370 if (activate_task(this, TASK_IKE_REKEY))
371 {
372 exchange = CREATE_CHILD_SA;
373 break;
374 }
375 if (activate_task(this, TASK_IKE_REAUTH))
376 {
377 exchange = INFORMATIONAL;
378 break;
379 }
380 if (activate_task(this, TASK_IKE_MOBIKE))
381 {
382 exchange = INFORMATIONAL;
383 break;
384 }
385 if (activate_task(this, TASK_IKE_DPD))
386 {
387 exchange = INFORMATIONAL;
388 break;
389 }
390 if (activate_task(this, TASK_IKE_AUTH_LIFETIME))
391 {
392 exchange = INFORMATIONAL;
393 break;
394 }
395 #ifdef ME
396 if (activate_task(this, TASK_IKE_ME))
397 {
398 exchange = ME_CONNECT;
399 break;
400 }
401 #endif /* ME */
402 case IKE_REKEYING:
403 if (activate_task(this, TASK_IKE_DELETE))
404 {
405 exchange = INFORMATIONAL;
406 break;
407 }
408 case IKE_DELETING:
409 default:
410 break;
411 }
412 }
413 else
414 {
415 DBG2(DBG_IKE, "reinitiating already active tasks");
416 enumerator = array_create_enumerator(this->active_tasks);
417 while (enumerator->enumerate(enumerator, &task))
418 {
419 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
420 switch (task->get_type(task))
421 {
422 case TASK_IKE_INIT:
423 exchange = IKE_SA_INIT;
424 break;
425 case TASK_IKE_AUTH:
426 exchange = IKE_AUTH;
427 break;
428 case TASK_CHILD_CREATE:
429 case TASK_CHILD_REKEY:
430 case TASK_IKE_REKEY:
431 exchange = CREATE_CHILD_SA;
432 break;
433 case TASK_IKE_MOBIKE:
434 exchange = INFORMATIONAL;
435 break;
436 default:
437 continue;
438 }
439 break;
440 }
441 enumerator->destroy(enumerator);
442 }
443
444 if (exchange == 0)
445 {
446 DBG2(DBG_IKE, "nothing to initiate");
447 /* nothing to do yet... */
448 return SUCCESS;
449 }
450
451 me = this->ike_sa->get_my_host(this->ike_sa);
452 other = this->ike_sa->get_other_host(this->ike_sa);
453
454 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
455 message->set_message_id(message, this->initiating.mid);
456 message->set_source(message, me->clone(me));
457 message->set_destination(message, other->clone(other));
458 message->set_exchange_type(message, exchange);
459 this->initiating.type = exchange;
460 this->initiating.retransmitted = 0;
461
462 enumerator = array_create_enumerator(this->active_tasks);
463 while (enumerator->enumerate(enumerator, &task))
464 {
465 switch (task->build(task, message))
466 {
467 case SUCCESS:
468 /* task completed, remove it */
469 array_remove_at(this->active_tasks, enumerator);
470 task->destroy(task);
471 break;
472 case NEED_MORE:
473 /* processed, but task needs another exchange */
474 break;
475 case FAILED:
476 default:
477 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
478 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
479 {
480 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
481 }
482 /* FALL */
483 case DESTROY_ME:
484 /* critical failure, destroy IKE_SA */
485 enumerator->destroy(enumerator);
486 message->destroy(message);
487 flush(this);
488 return DESTROY_ME;
489 }
490 }
491 enumerator->destroy(enumerator);
492
493 /* update exchange type if a task changed it */
494 this->initiating.type = message->get_exchange_type(message);
495
496 status = this->ike_sa->generate_message(this->ike_sa, message,
497 &this->initiating.packet);
498 if (status != SUCCESS)
499 {
500 /* message generation failed. There is nothing more to do than to
501 * close the SA */
502 message->destroy(message);
503 flush(this);
504 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
505 return DESTROY_ME;
506 }
507 message->destroy(message);
508
509 array_compress(this->active_tasks);
510 array_compress(this->queued_tasks);
511
512 return retransmit(this, this->initiating.mid);
513 }
514
515 /**
516 * handle an incoming response message
517 */
518 static status_t process_response(private_task_manager_t *this,
519 message_t *message)
520 {
521 enumerator_t *enumerator;
522 task_t *task;
523
524 if (message->get_exchange_type(message) != this->initiating.type)
525 {
526 DBG1(DBG_IKE, "received %N response, but expected %N",
527 exchange_type_names, message->get_exchange_type(message),
528 exchange_type_names, this->initiating.type);
529 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
530 return DESTROY_ME;
531 }
532
533 /* catch if we get resetted while processing */
534 this->reset = FALSE;
535 enumerator = array_create_enumerator(this->active_tasks);
536 while (enumerator->enumerate(enumerator, &task))
537 {
538 switch (task->process(task, message))
539 {
540 case SUCCESS:
541 /* task completed, remove it */
542 array_remove_at(this->active_tasks, enumerator);
543 task->destroy(task);
544 break;
545 case NEED_MORE:
546 /* processed, but task needs another exchange */
547 break;
548 case FAILED:
549 default:
550 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
551 /* FALL */
552 case DESTROY_ME:
553 /* critical failure, destroy IKE_SA */
554 array_remove_at(this->active_tasks, enumerator);
555 enumerator->destroy(enumerator);
556 task->destroy(task);
557 return DESTROY_ME;
558 }
559 if (this->reset)
560 { /* start all over again if we were reset */
561 this->reset = FALSE;
562 enumerator->destroy(enumerator);
563 return initiate(this);
564 }
565 }
566 enumerator->destroy(enumerator);
567
568 this->initiating.mid++;
569 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
570 this->initiating.packet->destroy(this->initiating.packet);
571 this->initiating.packet = NULL;
572
573 array_compress(this->active_tasks);
574
575 return initiate(this);
576 }
577
578 /**
579 * handle exchange collisions
580 */
581 static bool handle_collisions(private_task_manager_t *this, task_t *task)
582 {
583 enumerator_t *enumerator;
584 task_t *active;
585 task_type_t type;
586
587 type = task->get_type(task);
588
589 /* do we have to check */
590 if (type == TASK_IKE_REKEY || type == TASK_CHILD_REKEY ||
591 type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE ||
592 type == TASK_IKE_REAUTH)
593 {
594 /* find an exchange collision, and notify these tasks */
595 enumerator = array_create_enumerator(this->active_tasks);
596 while (enumerator->enumerate(enumerator, &active))
597 {
598 switch (active->get_type(active))
599 {
600 case TASK_IKE_REKEY:
601 if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE ||
602 type == TASK_IKE_REAUTH)
603 {
604 ike_rekey_t *rekey = (ike_rekey_t*)active;
605 rekey->collide(rekey, task);
606 break;
607 }
608 continue;
609 case TASK_CHILD_REKEY:
610 if (type == TASK_CHILD_REKEY || type == TASK_CHILD_DELETE)
611 {
612 child_rekey_t *rekey = (child_rekey_t*)active;
613 rekey->collide(rekey, task);
614 break;
615 }
616 continue;
617 default:
618 continue;
619 }
620 enumerator->destroy(enumerator);
621 return TRUE;
622 }
623 enumerator->destroy(enumerator);
624 }
625 return FALSE;
626 }
627
628 /**
629 * build a response depending on the "passive" task list
630 */
631 static status_t build_response(private_task_manager_t *this, message_t *request)
632 {
633 enumerator_t *enumerator;
634 task_t *task;
635 message_t *message;
636 host_t *me, *other;
637 bool delete = FALSE, hook = FALSE;
638 ike_sa_id_t *id = NULL;
639 u_int64_t responder_spi;
640 status_t status;
641
642 me = request->get_destination(request);
643 other = request->get_source(request);
644
645 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
646 message->set_exchange_type(message, request->get_exchange_type(request));
647 /* send response along the path the request came in */
648 message->set_source(message, me->clone(me));
649 message->set_destination(message, other->clone(other));
650 message->set_message_id(message, this->responding.mid);
651 message->set_request(message, FALSE);
652
653 enumerator = array_create_enumerator(this->passive_tasks);
654 while (enumerator->enumerate(enumerator, (void*)&task))
655 {
656 switch (task->build(task, message))
657 {
658 case SUCCESS:
659 /* task completed, remove it */
660 array_remove_at(this->passive_tasks, enumerator);
661 if (!handle_collisions(this, task))
662 {
663 task->destroy(task);
664 }
665 break;
666 case NEED_MORE:
667 /* processed, but task needs another exchange */
668 if (handle_collisions(this, task))
669 {
670 array_remove_at(this->passive_tasks, enumerator);
671 }
672 break;
673 case FAILED:
674 default:
675 hook = TRUE;
676 /* FALL */
677 case DESTROY_ME:
678 /* destroy IKE_SA, but SEND response first */
679 delete = TRUE;
680 break;
681 }
682 if (delete)
683 {
684 break;
685 }
686 }
687 enumerator->destroy(enumerator);
688
689 /* RFC 5996, section 2.6 mentions that in the event of a failure during
690 * IKE_SA_INIT the responder's SPI will be 0 in the response, while it
691 * actually explicitly allows it to be non-zero. Since we use the responder
692 * SPI to create hashes in the IKE_SA manager we can only set the SPI to
693 * zero temporarily, otherwise checking the SA in would fail. */
694 if (delete && request->get_exchange_type(request) == IKE_SA_INIT)
695 {
696 id = this->ike_sa->get_id(this->ike_sa);
697 responder_spi = id->get_responder_spi(id);
698 id->set_responder_spi(id, 0);
699 }
700
701 /* message complete, send it */
702 DESTROY_IF(this->responding.packet);
703 this->responding.packet = NULL;
704 status = this->ike_sa->generate_message(this->ike_sa, message,
705 &this->responding.packet);
706 message->destroy(message);
707 if (id)
708 {
709 id->set_responder_spi(id, responder_spi);
710 }
711 if (status != SUCCESS)
712 {
713 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
714 return DESTROY_ME;
715 }
716
717 charon->sender->send(charon->sender,
718 this->responding.packet->clone(this->responding.packet));
719 if (delete)
720 {
721 if (hook)
722 {
723 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
724 }
725 return DESTROY_ME;
726 }
727
728 array_compress(this->passive_tasks);
729
730 return SUCCESS;
731 }
732
733 /**
734 * handle an incoming request message
735 */
736 static status_t process_request(private_task_manager_t *this,
737 message_t *message)
738 {
739 enumerator_t *enumerator;
740 task_t *task = NULL;
741 payload_t *payload;
742 notify_payload_t *notify;
743 delete_payload_t *delete;
744
745 if (array_count(this->passive_tasks) == 0)
746 { /* create tasks depending on request type, if not already some queued */
747 switch (message->get_exchange_type(message))
748 {
749 case IKE_SA_INIT:
750 {
751 task = (task_t*)ike_vendor_create(this->ike_sa, FALSE);
752 array_insert(this->passive_tasks, ARRAY_TAIL, task);
753 task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
754 array_insert(this->passive_tasks, ARRAY_TAIL, task);
755 task = (task_t*)ike_natd_create(this->ike_sa, FALSE);
756 array_insert(this->passive_tasks, ARRAY_TAIL, task);
757 task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE);
758 array_insert(this->passive_tasks, ARRAY_TAIL, task);
759 #ifdef ME
760 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
761 array_insert(this->passive_tasks, ARRAY_TAIL, task);
762 #endif /* ME */
763 task = (task_t*)ike_auth_create(this->ike_sa, FALSE);
764 array_insert(this->passive_tasks, ARRAY_TAIL, task);
765 task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE);
766 array_insert(this->passive_tasks, ARRAY_TAIL, task);
767 task = (task_t*)ike_config_create(this->ike_sa, FALSE);
768 array_insert(this->passive_tasks, ARRAY_TAIL, task);
769 task = (task_t*)child_create_create(this->ike_sa, NULL, FALSE,
770 NULL, NULL);
771 array_insert(this->passive_tasks, ARRAY_TAIL, task);
772 task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE);
773 array_insert(this->passive_tasks, ARRAY_TAIL, task);
774 task = (task_t*)ike_mobike_create(this->ike_sa, FALSE);
775 array_insert(this->passive_tasks, ARRAY_TAIL, task);
776 break;
777 }
778 case CREATE_CHILD_SA:
779 { /* FIXME: we should prevent this on mediation connections */
780 bool notify_found = FALSE, ts_found = FALSE;
781 enumerator = message->create_payload_enumerator(message);
782 while (enumerator->enumerate(enumerator, &payload))
783 {
784 switch (payload->get_type(payload))
785 {
786 case NOTIFY:
787 { /* if we find a rekey notify, its CHILD_SA rekeying */
788 notify = (notify_payload_t*)payload;
789 if (notify->get_notify_type(notify) == REKEY_SA &&
790 (notify->get_protocol_id(notify) == PROTO_AH ||
791 notify->get_protocol_id(notify) == PROTO_ESP))
792 {
793 notify_found = TRUE;
794 }
795 break;
796 }
797 case TRAFFIC_SELECTOR_INITIATOR:
798 case TRAFFIC_SELECTOR_RESPONDER:
799 { /* if we don't find a TS, its IKE rekeying */
800 ts_found = TRUE;
801 break;
802 }
803 default:
804 break;
805 }
806 }
807 enumerator->destroy(enumerator);
808
809 if (ts_found)
810 {
811 if (notify_found)
812 {
813 task = (task_t*)child_rekey_create(this->ike_sa,
814 PROTO_NONE, 0);
815 }
816 else
817 {
818 task = (task_t*)child_create_create(this->ike_sa, NULL,
819 FALSE, NULL, NULL);
820 }
821 }
822 else
823 {
824 task = (task_t*)ike_rekey_create(this->ike_sa, FALSE);
825 }
826 array_insert(this->passive_tasks, ARRAY_TAIL, task);
827 break;
828 }
829 case INFORMATIONAL:
830 {
831 enumerator = message->create_payload_enumerator(message);
832 while (enumerator->enumerate(enumerator, &payload))
833 {
834 switch (payload->get_type(payload))
835 {
836 case NOTIFY:
837 {
838 notify = (notify_payload_t*)payload;
839 switch (notify->get_notify_type(notify))
840 {
841 case ADDITIONAL_IP4_ADDRESS:
842 case ADDITIONAL_IP6_ADDRESS:
843 case NO_ADDITIONAL_ADDRESSES:
844 case UPDATE_SA_ADDRESSES:
845 case NO_NATS_ALLOWED:
846 case UNACCEPTABLE_ADDRESSES:
847 case UNEXPECTED_NAT_DETECTED:
848 case COOKIE2:
849 case NAT_DETECTION_SOURCE_IP:
850 case NAT_DETECTION_DESTINATION_IP:
851 task = (task_t*)ike_mobike_create(
852 this->ike_sa, FALSE);
853 break;
854 case AUTH_LIFETIME:
855 task = (task_t*)ike_auth_lifetime_create(
856 this->ike_sa, FALSE);
857 break;
858 case AUTHENTICATION_FAILED:
859 /* initiator failed to authenticate us.
860 * We use ike_delete to handle this, which
861 * invokes all the required hooks. */
862 task = (task_t*)ike_delete_create(
863 this->ike_sa, FALSE);
864 default:
865 break;
866 }
867 break;
868 }
869 case DELETE:
870 {
871 delete = (delete_payload_t*)payload;
872 if (delete->get_protocol_id(delete) == PROTO_IKE)
873 {
874 task = (task_t*)ike_delete_create(this->ike_sa,
875 FALSE);
876 }
877 else
878 {
879 task = (task_t*)child_delete_create(this->ike_sa,
880 PROTO_NONE, 0, FALSE);
881 }
882 break;
883 }
884 default:
885 break;
886 }
887 if (task)
888 {
889 break;
890 }
891 }
892 enumerator->destroy(enumerator);
893
894 if (task == NULL)
895 {
896 task = (task_t*)ike_dpd_create(FALSE);
897 }
898 array_insert(this->passive_tasks, ARRAY_TAIL, task);
899 break;
900 }
901 #ifdef ME
902 case ME_CONNECT:
903 {
904 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
905 array_insert(this->passive_tasks, ARRAY_TAIL, task);
906 }
907 #endif /* ME */
908 default:
909 break;
910 }
911 }
912
913 /* let the tasks process the message */
914 enumerator = array_create_enumerator(this->passive_tasks);
915 while (enumerator->enumerate(enumerator, (void*)&task))
916 {
917 switch (task->process(task, message))
918 {
919 case SUCCESS:
920 /* task completed, remove it */
921 array_remove_at(this->passive_tasks, enumerator);
922 task->destroy(task);
923 break;
924 case NEED_MORE:
925 /* processed, but task needs at least another call to build() */
926 break;
927 case FAILED:
928 default:
929 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
930 /* FALL */
931 case DESTROY_ME:
932 /* critical failure, destroy IKE_SA */
933 array_remove_at(this->passive_tasks, enumerator);
934 enumerator->destroy(enumerator);
935 task->destroy(task);
936 return DESTROY_ME;
937 }
938 }
939 enumerator->destroy(enumerator);
940
941 return build_response(this, message);
942 }
943
944 METHOD(task_manager_t, incr_mid, void,
945 private_task_manager_t *this, bool initiate)
946 {
947 if (initiate)
948 {
949 this->initiating.mid++;
950 }
951 else
952 {
953 this->responding.mid++;
954 }
955 }
956
957 /**
958 * Send a notify back to the sender
959 */
960 static void send_notify_response(private_task_manager_t *this,
961 message_t *request, notify_type_t type,
962 chunk_t data)
963 {
964 message_t *response;
965 packet_t *packet;
966 host_t *me, *other;
967
968 response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
969 response->set_exchange_type(response, request->get_exchange_type(request));
970 response->set_request(response, FALSE);
971 response->set_message_id(response, request->get_message_id(request));
972 response->add_notify(response, FALSE, type, data);
973 me = this->ike_sa->get_my_host(this->ike_sa);
974 if (me->is_anyaddr(me))
975 {
976 me = request->get_destination(request);
977 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
978 }
979 other = this->ike_sa->get_other_host(this->ike_sa);
980 if (other->is_anyaddr(other))
981 {
982 other = request->get_source(request);
983 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
984 }
985 response->set_source(response, me->clone(me));
986 response->set_destination(response, other->clone(other));
987 if (this->ike_sa->generate_message(this->ike_sa, response,
988 &packet) == SUCCESS)
989 {
990 charon->sender->send(charon->sender, packet);
991 }
992 response->destroy(response);
993 }
994
995 /**
996 * Parse the given message and verify that it is valid.
997 */
998 static status_t parse_message(private_task_manager_t *this, message_t *msg)
999 {
1000 status_t status;
1001 u_int8_t type = 0;
1002
1003 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
1004
1005 if (status == SUCCESS)
1006 { /* check for unsupported critical payloads */
1007 enumerator_t *enumerator;
1008 unknown_payload_t *unknown;
1009 payload_t *payload;
1010
1011 enumerator = msg->create_payload_enumerator(msg);
1012 while (enumerator->enumerate(enumerator, &payload))
1013 {
1014 unknown = (unknown_payload_t*)payload;
1015 type = payload->get_type(payload);
1016 if (!payload_is_known(type) &&
1017 unknown->is_critical(unknown))
1018 {
1019 DBG1(DBG_ENC, "payload type %N is not supported, "
1020 "but its critical!", payload_type_names, type);
1021 status = NOT_SUPPORTED;
1022 break;
1023 }
1024 }
1025 enumerator->destroy(enumerator);
1026 }
1027
1028 if (status != SUCCESS)
1029 {
1030 bool is_request = msg->get_request(msg);
1031
1032 switch (status)
1033 {
1034 case NOT_SUPPORTED:
1035 DBG1(DBG_IKE, "critical unknown payloads found");
1036 if (is_request)
1037 {
1038 send_notify_response(this, msg,
1039 UNSUPPORTED_CRITICAL_PAYLOAD,
1040 chunk_from_thing(type));
1041 incr_mid(this, FALSE);
1042 }
1043 break;
1044 case PARSE_ERROR:
1045 DBG1(DBG_IKE, "message parsing failed");
1046 if (is_request)
1047 {
1048 send_notify_response(this, msg,
1049 INVALID_SYNTAX, chunk_empty);
1050 incr_mid(this, FALSE);
1051 }
1052 break;
1053 case VERIFY_ERROR:
1054 DBG1(DBG_IKE, "message verification failed");
1055 if (is_request)
1056 {
1057 send_notify_response(this, msg,
1058 INVALID_SYNTAX, chunk_empty);
1059 incr_mid(this, FALSE);
1060 }
1061 break;
1062 case FAILED:
1063 DBG1(DBG_IKE, "integrity check failed");
1064 /* ignored */
1065 break;
1066 case INVALID_STATE:
1067 DBG1(DBG_IKE, "found encrypted message, but no keys available");
1068 default:
1069 break;
1070 }
1071 DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
1072 exchange_type_names, msg->get_exchange_type(msg),
1073 is_request ? "request" : "response",
1074 msg->get_message_id(msg));
1075
1076 charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_BODY, msg, status);
1077
1078 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1079 { /* invalid initiation attempt, close SA */
1080 return DESTROY_ME;
1081 }
1082 }
1083 return status;
1084 }
1085
1086
1087 METHOD(task_manager_t, process_message, status_t,
1088 private_task_manager_t *this, message_t *msg)
1089 {
1090 host_t *me, *other;
1091 status_t status;
1092 u_int32_t mid;
1093 bool schedule_delete_job = FALSE;
1094
1095 charon->bus->message(charon->bus, msg, TRUE, FALSE);
1096 status = parse_message(this, msg);
1097 if (status != SUCCESS)
1098 {
1099 return status;
1100 }
1101
1102 me = msg->get_destination(msg);
1103 other = msg->get_source(msg);
1104
1105 /* if this IKE_SA is virgin, we check for a config */
1106 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1107 {
1108 ike_cfg_t *ike_cfg;
1109
1110 ike_cfg = charon->backends->get_ike_cfg(charon->backends,
1111 me, other, IKEV2);
1112 if (ike_cfg == NULL)
1113 {
1114 /* no config found for these hosts, destroy */
1115 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1116 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
1117 send_notify_response(this, msg,
1118 NO_PROPOSAL_CHOSEN, chunk_empty);
1119 return DESTROY_ME;
1120 }
1121 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1122 ike_cfg->destroy(ike_cfg);
1123 /* add a timeout if peer does not establish it completely */
1124 schedule_delete_job = TRUE;
1125 }
1126 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1127 time_monotonic(NULL));
1128
1129 mid = msg->get_message_id(msg);
1130 if (msg->get_request(msg))
1131 {
1132 if (mid == this->responding.mid)
1133 {
1134 /* reject initial messages once established */
1135 if (msg->get_exchange_type(msg) == IKE_SA_INIT ||
1136 msg->get_exchange_type(msg) == IKE_AUTH)
1137 {
1138 if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
1139 this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
1140 {
1141 DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
1142 exchange_type_names, msg->get_exchange_type(msg));
1143 return FAILED;
1144 }
1145 }
1146 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1147 { /* with MOBIKE, we do no implicit updates */
1148 this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
1149 }
1150 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1151 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1152 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1153 return SUCCESS;
1154 }
1155 if (process_request(this, msg) != SUCCESS)
1156 {
1157 flush(this);
1158 return DESTROY_ME;
1159 }
1160 this->responding.mid++;
1161 }
1162 else if ((mid == this->responding.mid - 1) && this->responding.packet)
1163 {
1164 packet_t *clone;
1165 host_t *host;
1166
1167 DBG1(DBG_IKE, "received retransmit of request with ID %d, "
1168 "retransmitting response", mid);
1169 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
1170 clone = this->responding.packet->clone(this->responding.packet);
1171 host = msg->get_destination(msg);
1172 clone->set_source(clone, host->clone(host));
1173 host = msg->get_source(msg);
1174 clone->set_destination(clone, host->clone(host));
1175 charon->sender->send(charon->sender, clone);
1176 }
1177 else
1178 {
1179 DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
1180 mid, this->responding.mid);
1181 if (msg->get_exchange_type(msg) == IKE_SA_INIT)
1182 { /* clean up IKE_SA state if IKE_SA_INIT has invalid msg ID */
1183 return DESTROY_ME;
1184 }
1185 }
1186 }
1187 else
1188 {
1189 if (mid == this->initiating.mid)
1190 {
1191 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
1192 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
1193 msg->get_exchange_type(msg) != IKE_SA_INIT)
1194 { /* only do updates based on verified messages (or initial ones) */
1195 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1196 { /* with MOBIKE, we do no implicit updates. we force an
1197 * update of the local address on IKE_SA_INIT, but never
1198 * for the remote address */
1199 this->ike_sa->update_hosts(this->ike_sa, me, NULL, mid == 0);
1200 this->ike_sa->update_hosts(this->ike_sa, NULL, other, FALSE);
1201 }
1202 }
1203 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1204 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1205 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1206 return SUCCESS;
1207 }
1208 if (process_response(this, msg) != SUCCESS)
1209 {
1210 flush(this);
1211 return DESTROY_ME;
1212 }
1213 }
1214 else
1215 {
1216 DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
1217 mid, this->initiating.mid);
1218 return SUCCESS;
1219 }
1220 }
1221
1222 if (schedule_delete_job)
1223 {
1224 ike_sa_id_t *ike_sa_id;
1225 job_t *job;
1226
1227 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1228 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1229 lib->scheduler->schedule_job(lib->scheduler, job,
1230 lib->settings->get_int(lib->settings,
1231 "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
1232 charon->name));
1233 }
1234 return SUCCESS;
1235 }
1236
1237 METHOD(task_manager_t, queue_task, void,
1238 private_task_manager_t *this, task_t *task)
1239 {
1240 if (task->get_type(task) == TASK_IKE_MOBIKE)
1241 { /* there is no need to queue more than one mobike task */
1242 enumerator_t *enumerator;
1243 task_t *current;
1244
1245 enumerator = array_create_enumerator(this->queued_tasks);
1246 while (enumerator->enumerate(enumerator, &current))
1247 {
1248 if (current->get_type(current) == TASK_IKE_MOBIKE)
1249 {
1250 enumerator->destroy(enumerator);
1251 task->destroy(task);
1252 return;
1253 }
1254 }
1255 enumerator->destroy(enumerator);
1256 }
1257 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1258 array_insert(this->queued_tasks, ARRAY_TAIL, task);
1259 }
1260
1261 /**
1262 * Check if a given task has been queued already
1263 */
1264 static bool has_queued(private_task_manager_t *this, task_type_t type)
1265 {
1266 enumerator_t *enumerator;
1267 bool found = FALSE;
1268 task_t *task;
1269
1270 enumerator = array_create_enumerator(this->queued_tasks);
1271 while (enumerator->enumerate(enumerator, &task))
1272 {
1273 if (task->get_type(task) == type)
1274 {
1275 found = TRUE;
1276 break;
1277 }
1278 }
1279 enumerator->destroy(enumerator);
1280 return found;
1281 }
1282
1283 METHOD(task_manager_t, queue_ike, void,
1284 private_task_manager_t *this)
1285 {
1286 if (!has_queued(this, TASK_IKE_VENDOR))
1287 {
1288 queue_task(this, (task_t*)ike_vendor_create(this->ike_sa, TRUE));
1289 }
1290 if (!has_queued(this, TASK_IKE_INIT))
1291 {
1292 queue_task(this, (task_t*)ike_init_create(this->ike_sa, TRUE, NULL));
1293 }
1294 if (!has_queued(this, TASK_IKE_NATD))
1295 {
1296 queue_task(this, (task_t*)ike_natd_create(this->ike_sa, TRUE));
1297 }
1298 if (!has_queued(this, TASK_IKE_CERT_PRE))
1299 {
1300 queue_task(this, (task_t*)ike_cert_pre_create(this->ike_sa, TRUE));
1301 }
1302 if (!has_queued(this, TASK_IKE_AUTH))
1303 {
1304 queue_task(this, (task_t*)ike_auth_create(this->ike_sa, TRUE));
1305 }
1306 if (!has_queued(this, TASK_IKE_CERT_POST))
1307 {
1308 queue_task(this, (task_t*)ike_cert_post_create(this->ike_sa, TRUE));
1309 }
1310 if (!has_queued(this, TASK_IKE_CONFIG))
1311 {
1312 queue_task(this, (task_t*)ike_config_create(this->ike_sa, TRUE));
1313 }
1314 if (!has_queued(this, TASK_IKE_AUTH_LIFETIME))
1315 {
1316 queue_task(this, (task_t*)ike_auth_lifetime_create(this->ike_sa, TRUE));
1317 }
1318 if (!has_queued(this, TASK_IKE_MOBIKE))
1319 {
1320 peer_cfg_t *peer_cfg;
1321
1322 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1323 if (peer_cfg->use_mobike(peer_cfg))
1324 {
1325 queue_task(this, (task_t*)ike_mobike_create(this->ike_sa, TRUE));
1326 }
1327 }
1328 #ifdef ME
1329 if (!has_queued(this, TASK_IKE_ME))
1330 {
1331 queue_task(this, (task_t*)ike_me_create(this->ike_sa, TRUE));
1332 }
1333 #endif /* ME */
1334 }
1335
1336 METHOD(task_manager_t, queue_ike_rekey, void,
1337 private_task_manager_t *this)
1338 {
1339 queue_task(this, (task_t*)ike_rekey_create(this->ike_sa, TRUE));
1340 }
1341
1342 METHOD(task_manager_t, queue_ike_reauth, void,
1343 private_task_manager_t *this)
1344 {
1345 queue_task(this, (task_t*)ike_reauth_create(this->ike_sa));
1346 }
1347
1348 METHOD(task_manager_t, queue_ike_delete, void,
1349 private_task_manager_t *this)
1350 {
1351 queue_task(this, (task_t*)ike_delete_create(this->ike_sa, TRUE));
1352 }
1353
1354 METHOD(task_manager_t, queue_mobike, void,
1355 private_task_manager_t *this, bool roam, bool address)
1356 {
1357 ike_mobike_t *mobike;
1358
1359 mobike = ike_mobike_create(this->ike_sa, TRUE);
1360 if (roam)
1361 {
1362 mobike->roam(mobike, address);
1363 }
1364 else
1365 {
1366 mobike->addresses(mobike);
1367 }
1368 queue_task(this, &mobike->task);
1369 }
1370
1371 METHOD(task_manager_t, queue_child, void,
1372 private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
1373 traffic_selector_t *tsi, traffic_selector_t *tsr)
1374 {
1375 child_create_t *task;
1376
1377 task = child_create_create(this->ike_sa, cfg, FALSE, tsi, tsr);
1378 if (reqid)
1379 {
1380 task->use_reqid(task, reqid);
1381 }
1382 queue_task(this, &task->task);
1383 }
1384
1385 METHOD(task_manager_t, queue_child_rekey, void,
1386 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1387 {
1388 queue_task(this, (task_t*)child_rekey_create(this->ike_sa, protocol, spi));
1389 }
1390
1391 METHOD(task_manager_t, queue_child_delete, void,
1392 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi,
1393 bool expired)
1394 {
1395 queue_task(this, (task_t*)child_delete_create(this->ike_sa,
1396 protocol, spi, expired));
1397 }
1398
1399 METHOD(task_manager_t, queue_dpd, void,
1400 private_task_manager_t *this)
1401 {
1402 ike_mobike_t *mobike;
1403
1404 if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
1405 this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
1406 {
1407 /* use mobike enabled DPD to detect NAT mapping changes */
1408 mobike = ike_mobike_create(this->ike_sa, TRUE);
1409 mobike->dpd(mobike);
1410 queue_task(this, &mobike->task);
1411 }
1412 else
1413 {
1414 queue_task(this, (task_t*)ike_dpd_create(TRUE));
1415 }
1416 }
1417
1418 METHOD(task_manager_t, adopt_tasks, void,
1419 private_task_manager_t *this, task_manager_t *other_public)
1420 {
1421 private_task_manager_t *other = (private_task_manager_t*)other_public;
1422 task_t *task;
1423
1424 /* move queued tasks from other to this */
1425 while (array_remove(other->queued_tasks, ARRAY_TAIL, &task))
1426 {
1427 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1428 task->migrate(task, this->ike_sa);
1429 array_insert(this->queued_tasks, ARRAY_HEAD, task);
1430 }
1431 }
1432
1433 /**
1434 * Migrates child-creating tasks from src to dst
1435 */
1436 static void migrate_child_tasks(private_task_manager_t *this,
1437 array_t *src, array_t *dst)
1438 {
1439 enumerator_t *enumerator;
1440 task_t *task;
1441
1442 enumerator = array_create_enumerator(src);
1443 while (enumerator->enumerate(enumerator, &task))
1444 {
1445 if (task->get_type(task) == TASK_CHILD_CREATE)
1446 {
1447 array_remove_at(src, enumerator);
1448 task->migrate(task, this->ike_sa);
1449 array_insert(dst, ARRAY_TAIL, task);
1450 }
1451 }
1452 enumerator->destroy(enumerator);
1453 }
1454
1455 METHOD(task_manager_t, adopt_child_tasks, void,
1456 private_task_manager_t *this, task_manager_t *other_public)
1457 {
1458 private_task_manager_t *other = (private_task_manager_t*)other_public;
1459
1460 /* move active child tasks from other to this */
1461 migrate_child_tasks(this, other->active_tasks, this->queued_tasks);
1462 /* do the same for queued tasks */
1463 migrate_child_tasks(this, other->queued_tasks, this->queued_tasks);
1464 }
1465
1466 METHOD(task_manager_t, busy, bool,
1467 private_task_manager_t *this)
1468 {
1469 return array_count(this->active_tasks) > 0;
1470 }
1471
1472 METHOD(task_manager_t, reset, void,
1473 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
1474 {
1475 enumerator_t *enumerator;
1476 task_t *task;
1477
1478 /* reset message counters and retransmit packets */
1479 DESTROY_IF(this->responding.packet);
1480 DESTROY_IF(this->initiating.packet);
1481 this->responding.packet = NULL;
1482 this->initiating.packet = NULL;
1483 if (initiate != UINT_MAX)
1484 {
1485 this->initiating.mid = initiate;
1486 }
1487 if (respond != UINT_MAX)
1488 {
1489 this->responding.mid = respond;
1490 }
1491 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
1492
1493 /* reset queued tasks */
1494 enumerator = array_create_enumerator(this->queued_tasks);
1495 while (enumerator->enumerate(enumerator, &task))
1496 {
1497 task->migrate(task, this->ike_sa);
1498 }
1499 enumerator->destroy(enumerator);
1500
1501 /* reset active tasks */
1502 while (array_remove(this->active_tasks, ARRAY_TAIL, &task))
1503 {
1504 task->migrate(task, this->ike_sa);
1505 array_insert(this->queued_tasks, ARRAY_HEAD, task);
1506 }
1507
1508 this->reset = TRUE;
1509 }
1510
1511 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1512 private_task_manager_t *this, task_queue_t queue)
1513 {
1514 switch (queue)
1515 {
1516 case TASK_QUEUE_ACTIVE:
1517 return array_create_enumerator(this->active_tasks);
1518 case TASK_QUEUE_PASSIVE:
1519 return array_create_enumerator(this->passive_tasks);
1520 case TASK_QUEUE_QUEUED:
1521 return array_create_enumerator(this->queued_tasks);
1522 default:
1523 return enumerator_create_empty();
1524 }
1525 }
1526
1527 METHOD(task_manager_t, destroy, void,
1528 private_task_manager_t *this)
1529 {
1530 flush(this);
1531
1532 array_destroy(this->active_tasks);
1533 array_destroy(this->queued_tasks);
1534 array_destroy(this->passive_tasks);
1535
1536 DESTROY_IF(this->responding.packet);
1537 DESTROY_IF(this->initiating.packet);
1538 free(this);
1539 }
1540
1541 /*
1542 * see header file
1543 */
1544 task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
1545 {
1546 private_task_manager_t *this;
1547
1548 INIT(this,
1549 .public = {
1550 .task_manager = {
1551 .process_message = _process_message,
1552 .queue_task = _queue_task,
1553 .queue_ike = _queue_ike,
1554 .queue_ike_rekey = _queue_ike_rekey,
1555 .queue_ike_reauth = _queue_ike_reauth,
1556 .queue_ike_delete = _queue_ike_delete,
1557 .queue_mobike = _queue_mobike,
1558 .queue_child = _queue_child,
1559 .queue_child_rekey = _queue_child_rekey,
1560 .queue_child_delete = _queue_child_delete,
1561 .queue_dpd = _queue_dpd,
1562 .initiate = _initiate,
1563 .retransmit = _retransmit,
1564 .incr_mid = _incr_mid,
1565 .reset = _reset,
1566 .adopt_tasks = _adopt_tasks,
1567 .adopt_child_tasks = _adopt_child_tasks,
1568 .busy = _busy,
1569 .create_task_enumerator = _create_task_enumerator,
1570 .flush = _flush,
1571 .flush_queue = _flush_queue,
1572 .destroy = _destroy,
1573 },
1574 },
1575 .ike_sa = ike_sa,
1576 .initiating.type = EXCHANGE_TYPE_UNDEFINED,
1577 .queued_tasks = array_create(0, 0),
1578 .active_tasks = array_create(0, 0),
1579 .passive_tasks = array_create(0, 0),
1580 .retransmit_tries = lib->settings->get_int(lib->settings,
1581 "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name),
1582 .retransmit_timeout = lib->settings->get_double(lib->settings,
1583 "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name),
1584 .retransmit_base = lib->settings->get_double(lib->settings,
1585 "%s.retransmit_base", RETRANSMIT_BASE, charon->name),
1586 );
1587
1588 return &this->public;
1589 }
Michael's strongswan development tree