]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libcharon/sa/ikev2/task_manager_v2.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'ikev1-clean' into ikev1-master
[people/ms/strongswan.git] / src / libcharon / sa / ikev2 / task_manager_v2.c
1 /*
2 * Copyright (C) 2007-2011 Tobias Brunner
3 * Copyright (C) 2007-2010 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "task_manager_v2.h"
18
19 #include <math.h>
20
21 #include <daemon.h>
22 #include <sa/ikev2/tasks/ike_init.h>
23 #include <sa/ikev2/tasks/ike_natd.h>
24 #include <sa/ikev2/tasks/ike_mobike.h>
25 #include <sa/ikev2/tasks/ike_auth.h>
26 #include <sa/ikev2/tasks/ike_auth_lifetime.h>
27 #include <sa/ikev2/tasks/ike_cert_pre.h>
28 #include <sa/ikev2/tasks/ike_cert_post.h>
29 #include <sa/ikev2/tasks/ike_rekey.h>
30 #include <sa/ikev2/tasks/ike_reauth.h>
31 #include <sa/ikev2/tasks/ike_delete.h>
32 #include <sa/ikev2/tasks/ike_config.h>
33 #include <sa/ikev2/tasks/ike_dpd.h>
34 #include <sa/ikev2/tasks/ike_vendor.h>
35 #include <sa/ikev2/tasks/child_create.h>
36 #include <sa/ikev2/tasks/child_rekey.h>
37 #include <sa/ikev2/tasks/child_delete.h>
38 #include <encoding/payloads/delete_payload.h>
39 #include <encoding/payloads/unknown_payload.h>
40 #include <processing/jobs/retransmit_job.h>
41 #include <processing/jobs/delete_ike_sa_job.h>
42
43 #ifdef ME
44 #include <sa/ikev2/tasks/ike_me.h>
45 #endif
46
47 typedef struct exchange_t exchange_t;
48
49 /**
50 * An exchange in the air, used do detect and handle retransmission
51 */
52 struct exchange_t {
53
54 /**
55 * Message ID used for this transaction
56 */
57 u_int32_t mid;
58
59 /**
60 * generated packet for retransmission
61 */
62 packet_t *packet;
63 };
64
65 typedef struct private_task_manager_t private_task_manager_t;
66
67 /**
68 * private data of the task manager
69 */
70 struct private_task_manager_t {
71
72 /**
73 * public functions
74 */
75 task_manager_v2_t public;
76
77 /**
78 * associated IKE_SA we are serving
79 */
80 ike_sa_t *ike_sa;
81
82 /**
83 * Exchange we are currently handling as responder
84 */
85 struct {
86 /**
87 * Message ID of the exchange
88 */
89 u_int32_t mid;
90
91 /**
92 * packet for retransmission
93 */
94 packet_t *packet;
95
96 } responding;
97
98 /**
99 * Exchange we are currently handling as initiator
100 */
101 struct {
102 /**
103 * Message ID of the exchange
104 */
105 u_int32_t mid;
106
107 /**
108 * how many times we have retransmitted so far
109 */
110 u_int retransmitted;
111
112 /**
113 * packet for retransmission
114 */
115 packet_t *packet;
116
117 /**
118 * type of the initated exchange
119 */
120 exchange_type_t type;
121
122 } initiating;
123
124 /**
125 * List of queued tasks not yet in action
126 */
127 linked_list_t *queued_tasks;
128
129 /**
130 * List of active tasks, initiated by ourselve
131 */
132 linked_list_t *active_tasks;
133
134 /**
135 * List of tasks initiated by peer
136 */
137 linked_list_t *passive_tasks;
138
139 /**
140 * the task manager has been reset
141 */
142 bool reset;
143
144 /**
145 * Number of times we retransmit messages before giving up
146 */
147 u_int retransmit_tries;
148
149 /**
150 * Retransmission timeout
151 */
152 double retransmit_timeout;
153
154 /**
155 * Base to calculate retransmission timeout
156 */
157 double retransmit_base;
158 };
159
160 /**
161 * flush all tasks in the task manager
162 */
163 static void flush(private_task_manager_t *this)
164 {
165 this->passive_tasks->destroy_offset(this->passive_tasks,
166 offsetof(task_t, destroy));
167 this->passive_tasks = linked_list_create();
168 this->active_tasks->destroy_offset(this->active_tasks,
169 offsetof(task_t, destroy));
170 this->active_tasks = linked_list_create();
171 this->queued_tasks->destroy_offset(this->queued_tasks,
172 offsetof(task_t, destroy));
173 this->queued_tasks = linked_list_create();
174 }
175
176 /**
177 * move a task of a specific type from the queue to the active list
178 */
179 static bool activate_task(private_task_manager_t *this, task_type_t type)
180 {
181 enumerator_t *enumerator;
182 task_t *task;
183 bool found = FALSE;
184
185 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
186 while (enumerator->enumerate(enumerator, (void**)&task))
187 {
188 if (task->get_type(task) == type)
189 {
190 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
191 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
192 this->active_tasks->insert_last(this->active_tasks, task);
193 found = TRUE;
194 break;
195 }
196 }
197 enumerator->destroy(enumerator);
198 return found;
199 }
200
201 METHOD(task_manager_t, retransmit, status_t,
202 private_task_manager_t *this, u_int32_t message_id)
203 {
204 if (this->initiating.packet && message_id == this->initiating.mid)
205 {
206 u_int32_t timeout;
207 job_t *job;
208 enumerator_t *enumerator;
209 packet_t *packet;
210 task_t *task;
211 ike_mobike_t *mobike = NULL;
212
213 /* check if we are retransmitting a MOBIKE routability check */
214 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
215 while (enumerator->enumerate(enumerator, (void*)&task))
216 {
217 if (task->get_type(task) == TASK_IKE_MOBIKE)
218 {
219 mobike = (ike_mobike_t*)task;
220 if (!mobike->is_probing(mobike))
221 {
222 mobike = NULL;
223 }
224 break;
225 }
226 }
227 enumerator->destroy(enumerator);
228
229 if (mobike == NULL)
230 {
231 if (this->initiating.retransmitted <= this->retransmit_tries)
232 {
233 timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 *
234 pow(this->retransmit_base, this->initiating.retransmitted));
235 }
236 else
237 {
238 DBG1(DBG_IKE, "giving up after %d retransmits",
239 this->initiating.retransmitted - 1);
240 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
241 {
242 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
243 }
244 return DESTROY_ME;
245 }
246
247 if (this->initiating.retransmitted)
248 {
249 DBG1(DBG_IKE, "retransmit %d of request with message ID %d",
250 this->initiating.retransmitted, message_id);
251 }
252 packet = this->initiating.packet->clone(this->initiating.packet);
253 charon->sender->send(charon->sender, packet);
254 }
255 else
256 { /* for routeability checks, we use a more aggressive behavior */
257 if (this->initiating.retransmitted <= ROUTEABILITY_CHECK_TRIES)
258 {
259 timeout = ROUTEABILITY_CHECK_INTERVAL;
260 }
261 else
262 {
263 DBG1(DBG_IKE, "giving up after %d path probings",
264 this->initiating.retransmitted - 1);
265 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
266 return DESTROY_ME;
267 }
268
269 if (this->initiating.retransmitted)
270 {
271 DBG1(DBG_IKE, "path probing attempt %d",
272 this->initiating.retransmitted);
273 }
274 mobike->transmit(mobike, this->initiating.packet);
275 }
276
277 this->initiating.retransmitted++;
278 job = (job_t*)retransmit_job_create(this->initiating.mid,
279 this->ike_sa->get_id(this->ike_sa));
280 lib->scheduler->schedule_job_ms(lib->scheduler, job, timeout);
281 }
282 return SUCCESS;
283 }
284
285 METHOD(task_manager_t, initiate, status_t,
286 private_task_manager_t *this)
287 {
288 enumerator_t *enumerator;
289 task_t *task;
290 message_t *message;
291 host_t *me, *other;
292 status_t status;
293 exchange_type_t exchange = 0;
294
295 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
296 {
297 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
298 exchange_type_names, this->initiating.type);
299 /* do not initiate if we already have a message in the air */
300 return SUCCESS;
301 }
302
303 if (this->active_tasks->get_count(this->active_tasks) == 0)
304 {
305 DBG2(DBG_IKE, "activating new tasks");
306 switch (this->ike_sa->get_state(this->ike_sa))
307 {
308 case IKE_CREATED:
309 activate_task(this, TASK_IKE_VENDOR);
310 if (activate_task(this, TASK_IKE_INIT))
311 {
312 this->initiating.mid = 0;
313 exchange = IKE_SA_INIT;
314 activate_task(this, TASK_IKE_NATD);
315 activate_task(this, TASK_IKE_CERT_PRE);
316 #ifdef ME
317 /* this task has to be activated before the TASK_IKE_AUTH
318 * task, because that task pregenerates the packet after
319 * which no payloads can be added to the message anymore.
320 */
321 activate_task(this, TASK_IKE_ME);
322 #endif /* ME */
323 activate_task(this, TASK_IKE_AUTH);
324 activate_task(this, TASK_IKE_CERT_POST);
325 activate_task(this, TASK_IKE_CONFIG);
326 activate_task(this, TASK_CHILD_CREATE);
327 activate_task(this, TASK_IKE_AUTH_LIFETIME);
328 activate_task(this, TASK_IKE_MOBIKE);
329 }
330 break;
331 case IKE_ESTABLISHED:
332 if (activate_task(this, TASK_CHILD_CREATE))
333 {
334 exchange = CREATE_CHILD_SA;
335 break;
336 }
337 if (activate_task(this, TASK_CHILD_DELETE))
338 {
339 exchange = INFORMATIONAL;
340 break;
341 }
342 if (activate_task(this, TASK_CHILD_REKEY))
343 {
344 exchange = CREATE_CHILD_SA;
345 break;
346 }
347 if (activate_task(this, TASK_IKE_DELETE))
348 {
349 exchange = INFORMATIONAL;
350 break;
351 }
352 if (activate_task(this, TASK_IKE_REKEY))
353 {
354 exchange = CREATE_CHILD_SA;
355 break;
356 }
357 if (activate_task(this, TASK_IKE_REAUTH))
358 {
359 exchange = INFORMATIONAL;
360 break;
361 }
362 if (activate_task(this, TASK_IKE_MOBIKE))
363 {
364 exchange = INFORMATIONAL;
365 break;
366 }
367 if (activate_task(this, TASK_IKE_DPD))
368 {
369 exchange = INFORMATIONAL;
370 break;
371 }
372 if (activate_task(this, TASK_IKE_AUTH_LIFETIME))
373 {
374 exchange = INFORMATIONAL;
375 break;
376 }
377 #ifdef ME
378 if (activate_task(this, TASK_IKE_ME))
379 {
380 exchange = ME_CONNECT;
381 break;
382 }
383 #endif /* ME */
384 case IKE_REKEYING:
385 if (activate_task(this, TASK_IKE_DELETE))
386 {
387 exchange = INFORMATIONAL;
388 break;
389 }
390 case IKE_DELETING:
391 default:
392 break;
393 }
394 }
395 else
396 {
397 DBG2(DBG_IKE, "reinitiating already active tasks");
398 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
399 while (enumerator->enumerate(enumerator, (void**)&task))
400 {
401 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
402 switch (task->get_type(task))
403 {
404 case TASK_IKE_INIT:
405 exchange = IKE_SA_INIT;
406 break;
407 case TASK_IKE_AUTH:
408 exchange = IKE_AUTH;
409 break;
410 case TASK_CHILD_CREATE:
411 case TASK_CHILD_REKEY:
412 case TASK_IKE_REKEY:
413 exchange = CREATE_CHILD_SA;
414 break;
415 case TASK_IKE_MOBIKE:
416 exchange = INFORMATIONAL;
417 break;
418 default:
419 continue;
420 }
421 break;
422 }
423 enumerator->destroy(enumerator);
424 }
425
426 if (exchange == 0)
427 {
428 DBG2(DBG_IKE, "nothing to initiate");
429 /* nothing to do yet... */
430 return SUCCESS;
431 }
432
433 me = this->ike_sa->get_my_host(this->ike_sa);
434 other = this->ike_sa->get_other_host(this->ike_sa);
435
436 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
437 message->set_message_id(message, this->initiating.mid);
438 message->set_source(message, me->clone(me));
439 message->set_destination(message, other->clone(other));
440 message->set_exchange_type(message, exchange);
441 this->initiating.type = exchange;
442 this->initiating.retransmitted = 0;
443
444 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
445 while (enumerator->enumerate(enumerator, (void*)&task))
446 {
447 switch (task->build(task, message))
448 {
449 case SUCCESS:
450 /* task completed, remove it */
451 this->active_tasks->remove_at(this->active_tasks, enumerator);
452 task->destroy(task);
453 break;
454 case NEED_MORE:
455 /* processed, but task needs another exchange */
456 break;
457 case FAILED:
458 default:
459 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
460 {
461 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
462 }
463 /* FALL */
464 case DESTROY_ME:
465 /* critical failure, destroy IKE_SA */
466 enumerator->destroy(enumerator);
467 message->destroy(message);
468 flush(this);
469 return DESTROY_ME;
470 }
471 }
472 enumerator->destroy(enumerator);
473
474 /* update exchange type if a task changed it */
475 this->initiating.type = message->get_exchange_type(message);
476
477 status = this->ike_sa->generate_message(this->ike_sa, message,
478 &this->initiating.packet);
479 if (status != SUCCESS)
480 {
481 /* message generation failed. There is nothing more to do than to
482 * close the SA */
483 message->destroy(message);
484 flush(this);
485 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
486 return DESTROY_ME;
487 }
488 message->destroy(message);
489
490 return retransmit(this, this->initiating.mid);
491 }
492
493 /**
494 * handle an incoming response message
495 */
496 static status_t process_response(private_task_manager_t *this,
497 message_t *message)
498 {
499 enumerator_t *enumerator;
500 task_t *task;
501
502 if (message->get_exchange_type(message) != this->initiating.type)
503 {
504 DBG1(DBG_IKE, "received %N response, but expected %N",
505 exchange_type_names, message->get_exchange_type(message),
506 exchange_type_names, this->initiating.type);
507 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
508 return DESTROY_ME;
509 }
510
511 /* catch if we get resetted while processing */
512 this->reset = FALSE;
513 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
514 while (enumerator->enumerate(enumerator, (void*)&task))
515 {
516 switch (task->process(task, message))
517 {
518 case SUCCESS:
519 /* task completed, remove it */
520 this->active_tasks->remove_at(this->active_tasks, enumerator);
521 task->destroy(task);
522 break;
523 case NEED_MORE:
524 /* processed, but task needs another exchange */
525 break;
526 case FAILED:
527 default:
528 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
529 /* FALL */
530 case DESTROY_ME:
531 /* critical failure, destroy IKE_SA */
532 this->active_tasks->remove_at(this->active_tasks, enumerator);
533 enumerator->destroy(enumerator);
534 task->destroy(task);
535 return DESTROY_ME;
536 }
537 if (this->reset)
538 { /* start all over again if we were reset */
539 this->reset = FALSE;
540 enumerator->destroy(enumerator);
541 return initiate(this);
542 }
543 }
544 enumerator->destroy(enumerator);
545
546 this->initiating.mid++;
547 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
548 this->initiating.packet->destroy(this->initiating.packet);
549 this->initiating.packet = NULL;
550
551 return initiate(this);
552 }
553
554 /**
555 * handle exchange collisions
556 */
557 static bool handle_collisions(private_task_manager_t *this, task_t *task)
558 {
559 enumerator_t *enumerator;
560 task_t *active;
561 task_type_t type;
562
563 type = task->get_type(task);
564
565 /* do we have to check */
566 if (type == TASK_IKE_REKEY || type == TASK_CHILD_REKEY ||
567 type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE ||
568 type == TASK_IKE_REAUTH)
569 {
570 /* find an exchange collision, and notify these tasks */
571 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
572 while (enumerator->enumerate(enumerator, (void**)&active))
573 {
574 switch (active->get_type(active))
575 {
576 case TASK_IKE_REKEY:
577 if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE ||
578 type == TASK_IKE_REAUTH)
579 {
580 ike_rekey_t *rekey = (ike_rekey_t*)active;
581 rekey->collide(rekey, task);
582 break;
583 }
584 continue;
585 case TASK_CHILD_REKEY:
586 if (type == TASK_CHILD_REKEY || type == TASK_CHILD_DELETE)
587 {
588 child_rekey_t *rekey = (child_rekey_t*)active;
589 rekey->collide(rekey, task);
590 break;
591 }
592 continue;
593 default:
594 continue;
595 }
596 enumerator->destroy(enumerator);
597 return TRUE;
598 }
599 enumerator->destroy(enumerator);
600 }
601 return FALSE;
602 }
603
604 /**
605 * build a response depending on the "passive" task list
606 */
607 static status_t build_response(private_task_manager_t *this, message_t *request)
608 {
609 enumerator_t *enumerator;
610 task_t *task;
611 message_t *message;
612 host_t *me, *other;
613 bool delete = FALSE;
614 status_t status;
615
616 me = request->get_destination(request);
617 other = request->get_source(request);
618
619 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
620 message->set_exchange_type(message, request->get_exchange_type(request));
621 /* send response along the path the request came in */
622 message->set_source(message, me->clone(me));
623 message->set_destination(message, other->clone(other));
624 message->set_message_id(message, this->responding.mid);
625 message->set_request(message, FALSE);
626
627 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
628 while (enumerator->enumerate(enumerator, (void*)&task))
629 {
630 switch (task->build(task, message))
631 {
632 case SUCCESS:
633 /* task completed, remove it */
634 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
635 if (!handle_collisions(this, task))
636 {
637 task->destroy(task);
638 }
639 break;
640 case NEED_MORE:
641 /* processed, but task needs another exchange */
642 if (handle_collisions(this, task))
643 {
644 this->passive_tasks->remove_at(this->passive_tasks,
645 enumerator);
646 }
647 break;
648 case DESTROY_ME:
649 case FAILED:
650 default:
651 /* destroy IKE_SA, but SEND response first */
652 delete = TRUE;
653 break;
654 }
655 if (delete)
656 {
657 break;
658 }
659 }
660 enumerator->destroy(enumerator);
661
662 /* remove resonder SPI if IKE_SA_INIT failed */
663 if (delete && request->get_exchange_type(request) == IKE_SA_INIT)
664 {
665 ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa);
666 id->set_responder_spi(id, 0);
667 }
668
669 /* message complete, send it */
670 DESTROY_IF(this->responding.packet);
671 this->responding.packet = NULL;
672 status = this->ike_sa->generate_message(this->ike_sa, message,
673 &this->responding.packet);
674 message->destroy(message);
675 if (status != SUCCESS)
676 {
677 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
678 return DESTROY_ME;
679 }
680
681 charon->sender->send(charon->sender,
682 this->responding.packet->clone(this->responding.packet));
683 if (delete)
684 {
685 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
686 return DESTROY_ME;
687 }
688 return SUCCESS;
689 }
690
691 /**
692 * handle an incoming request message
693 */
694 static status_t process_request(private_task_manager_t *this,
695 message_t *message)
696 {
697 enumerator_t *enumerator;
698 task_t *task = NULL;
699 payload_t *payload;
700 notify_payload_t *notify;
701 delete_payload_t *delete;
702
703 if (this->passive_tasks->get_count(this->passive_tasks) == 0)
704 { /* create tasks depending on request type, if not already some queued */
705 switch (message->get_exchange_type(message))
706 {
707 case IKE_SA_INIT:
708 {
709 task = (task_t*)ike_vendor_create(this->ike_sa, FALSE);
710 this->passive_tasks->insert_last(this->passive_tasks, task);
711 task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
712 this->passive_tasks->insert_last(this->passive_tasks, task);
713 task = (task_t*)ike_natd_create(this->ike_sa, FALSE);
714 this->passive_tasks->insert_last(this->passive_tasks, task);
715 task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE);
716 this->passive_tasks->insert_last(this->passive_tasks, task);
717 #ifdef ME
718 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
719 this->passive_tasks->insert_last(this->passive_tasks, task);
720 #endif /* ME */
721 task = (task_t*)ike_auth_create(this->ike_sa, FALSE);
722 this->passive_tasks->insert_last(this->passive_tasks, task);
723 task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE);
724 this->passive_tasks->insert_last(this->passive_tasks, task);
725 task = (task_t*)ike_config_create(this->ike_sa, FALSE);
726 this->passive_tasks->insert_last(this->passive_tasks, task);
727 task = (task_t*)child_create_create(this->ike_sa, NULL, FALSE,
728 NULL, NULL);
729 this->passive_tasks->insert_last(this->passive_tasks, task);
730 task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE);
731 this->passive_tasks->insert_last(this->passive_tasks, task);
732 task = (task_t*)ike_mobike_create(this->ike_sa, FALSE);
733 this->passive_tasks->insert_last(this->passive_tasks, task);
734 break;
735 }
736 case CREATE_CHILD_SA:
737 { /* FIXME: we should prevent this on mediation connections */
738 bool notify_found = FALSE, ts_found = FALSE;
739 enumerator = message->create_payload_enumerator(message);
740 while (enumerator->enumerate(enumerator, &payload))
741 {
742 switch (payload->get_type(payload))
743 {
744 case NOTIFY:
745 { /* if we find a rekey notify, its CHILD_SA rekeying */
746 notify = (notify_payload_t*)payload;
747 if (notify->get_notify_type(notify) == REKEY_SA &&
748 (notify->get_protocol_id(notify) == PROTO_AH ||
749 notify->get_protocol_id(notify) == PROTO_ESP))
750 {
751 notify_found = TRUE;
752 }
753 break;
754 }
755 case TRAFFIC_SELECTOR_INITIATOR:
756 case TRAFFIC_SELECTOR_RESPONDER:
757 { /* if we don't find a TS, its IKE rekeying */
758 ts_found = TRUE;
759 break;
760 }
761 default:
762 break;
763 }
764 }
765 enumerator->destroy(enumerator);
766
767 if (ts_found)
768 {
769 if (notify_found)
770 {
771 task = (task_t*)child_rekey_create(this->ike_sa,
772 PROTO_NONE, 0);
773 }
774 else
775 {
776 task = (task_t*)child_create_create(this->ike_sa, NULL,
777 FALSE, NULL, NULL);
778 }
779 }
780 else
781 {
782 task = (task_t*)ike_rekey_create(this->ike_sa, FALSE);
783 }
784 this->passive_tasks->insert_last(this->passive_tasks, task);
785 break;
786 }
787 case INFORMATIONAL:
788 {
789 enumerator = message->create_payload_enumerator(message);
790 while (enumerator->enumerate(enumerator, &payload))
791 {
792 switch (payload->get_type(payload))
793 {
794 case NOTIFY:
795 {
796 notify = (notify_payload_t*)payload;
797 switch (notify->get_notify_type(notify))
798 {
799 case ADDITIONAL_IP4_ADDRESS:
800 case ADDITIONAL_IP6_ADDRESS:
801 case NO_ADDITIONAL_ADDRESSES:
802 case UPDATE_SA_ADDRESSES:
803 case NO_NATS_ALLOWED:
804 case UNACCEPTABLE_ADDRESSES:
805 case UNEXPECTED_NAT_DETECTED:
806 case COOKIE2:
807 case NAT_DETECTION_SOURCE_IP:
808 case NAT_DETECTION_DESTINATION_IP:
809 task = (task_t*)ike_mobike_create(
810 this->ike_sa, FALSE);
811 break;
812 case AUTH_LIFETIME:
813 task = (task_t*)ike_auth_lifetime_create(
814 this->ike_sa, FALSE);
815 break;
816 default:
817 break;
818 }
819 break;
820 }
821 case DELETE:
822 {
823 delete = (delete_payload_t*)payload;
824 if (delete->get_protocol_id(delete) == PROTO_IKE)
825 {
826 task = (task_t*)ike_delete_create(this->ike_sa,
827 FALSE);
828 }
829 else
830 {
831 task = (task_t*)child_delete_create(this->ike_sa,
832 PROTO_NONE, 0, FALSE);
833 }
834 break;
835 }
836 default:
837 break;
838 }
839 if (task)
840 {
841 break;
842 }
843 }
844 enumerator->destroy(enumerator);
845
846 if (task == NULL)
847 {
848 task = (task_t*)ike_dpd_create(FALSE);
849 }
850 this->passive_tasks->insert_last(this->passive_tasks, task);
851 break;
852 }
853 #ifdef ME
854 case ME_CONNECT:
855 {
856 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
857 this->passive_tasks->insert_last(this->passive_tasks, task);
858 }
859 #endif /* ME */
860 default:
861 break;
862 }
863 }
864
865 /* let the tasks process the message */
866 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
867 while (enumerator->enumerate(enumerator, (void*)&task))
868 {
869 switch (task->process(task, message))
870 {
871 case SUCCESS:
872 /* task completed, remove it */
873 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
874 task->destroy(task);
875 break;
876 case NEED_MORE:
877 /* processed, but task needs at least another call to build() */
878 break;
879 case FAILED:
880 default:
881 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
882 /* FALL */
883 case DESTROY_ME:
884 /* critical failure, destroy IKE_SA */
885 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
886 enumerator->destroy(enumerator);
887 task->destroy(task);
888 return DESTROY_ME;
889 }
890 }
891 enumerator->destroy(enumerator);
892
893 return build_response(this, message);
894 }
895
896 METHOD(task_manager_t, incr_mid, void,
897 private_task_manager_t *this, bool initiate)
898 {
899 if (initiate)
900 {
901 this->initiating.mid++;
902 }
903 else
904 {
905 this->responding.mid++;
906 }
907 }
908
909 /**
910 * Send a notify back to the sender
911 */
912 static void send_notify_response(private_task_manager_t *this,
913 message_t *request, notify_type_t type,
914 chunk_t data)
915 {
916 message_t *response;
917 packet_t *packet;
918 host_t *me, *other;
919
920 response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
921 response->set_exchange_type(response, request->get_exchange_type(request));
922 response->set_request(response, FALSE);
923 response->set_message_id(response, request->get_message_id(request));
924 response->add_notify(response, FALSE, type, data);
925 me = this->ike_sa->get_my_host(this->ike_sa);
926 if (me->is_anyaddr(me))
927 {
928 me = request->get_destination(request);
929 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
930 }
931 other = this->ike_sa->get_other_host(this->ike_sa);
932 if (other->is_anyaddr(other))
933 {
934 other = request->get_source(request);
935 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
936 }
937 response->set_source(response, me->clone(me));
938 response->set_destination(response, other->clone(other));
939 if (this->ike_sa->generate_message(this->ike_sa, response,
940 &packet) == SUCCESS)
941 {
942 charon->sender->send(charon->sender, packet);
943 }
944 response->destroy(response);
945 }
946
947 /**
948 * Parse the given message and verify that it is valid.
949 */
950 static status_t parse_message(private_task_manager_t *this, message_t *msg)
951 {
952 status_t status;
953 u_int8_t type = 0;
954
955 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
956
957 if (status == SUCCESS)
958 { /* check for unsupported critical payloads */
959 enumerator_t *enumerator;
960 unknown_payload_t *unknown;
961 payload_t *payload;
962
963 enumerator = msg->create_payload_enumerator(msg);
964 while (enumerator->enumerate(enumerator, &payload))
965 {
966 unknown = (unknown_payload_t*)payload;
967 type = payload->get_type(payload);
968 if (!payload_is_known(type) &&
969 unknown->is_critical(unknown))
970 {
971 DBG1(DBG_ENC, "payload type %N is not supported, "
972 "but its critical!", payload_type_names, type);
973 status = NOT_SUPPORTED;
974 }
975 }
976 enumerator->destroy(enumerator);
977 }
978
979 if (status != SUCCESS)
980 {
981 bool is_request = msg->get_request(msg);
982
983 switch (status)
984 {
985 case NOT_SUPPORTED:
986 DBG1(DBG_IKE, "critical unknown payloads found");
987 if (is_request)
988 {
989 send_notify_response(this, msg,
990 UNSUPPORTED_CRITICAL_PAYLOAD,
991 chunk_from_thing(type));
992 incr_mid(this, FALSE);
993 }
994 break;
995 case PARSE_ERROR:
996 DBG1(DBG_IKE, "message parsing failed");
997 if (is_request)
998 {
999 send_notify_response(this, msg,
1000 INVALID_SYNTAX, chunk_empty);
1001 incr_mid(this, FALSE);
1002 }
1003 break;
1004 case VERIFY_ERROR:
1005 DBG1(DBG_IKE, "message verification failed");
1006 if (is_request)
1007 {
1008 send_notify_response(this, msg,
1009 INVALID_SYNTAX, chunk_empty);
1010 incr_mid(this, FALSE);
1011 }
1012 break;
1013 case FAILED:
1014 DBG1(DBG_IKE, "integrity check failed");
1015 /* ignored */
1016 break;
1017 case INVALID_STATE:
1018 DBG1(DBG_IKE, "found encrypted message, but no keys available");
1019 default:
1020 break;
1021 }
1022 DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
1023 exchange_type_names, msg->get_exchange_type(msg),
1024 is_request ? "request" : "response",
1025 msg->get_message_id(msg));
1026
1027 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1028 { /* invalid initiation attempt, close SA */
1029 return DESTROY_ME;
1030 }
1031 }
1032 return status;
1033 }
1034
1035
1036 METHOD(task_manager_t, process_message, status_t,
1037 private_task_manager_t *this, message_t *msg)
1038 {
1039 host_t *me, *other;
1040 status_t status;
1041 u_int32_t mid;
1042
1043 charon->bus->message(charon->bus, msg, TRUE, FALSE);
1044 status = parse_message(this, msg);
1045 if (status != SUCCESS)
1046 {
1047 return status;
1048 }
1049
1050 me = msg->get_destination(msg);
1051 other = msg->get_source(msg);
1052
1053 /* if this IKE_SA is virgin, we check for a config */
1054 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1055 {
1056 ike_sa_id_t *ike_sa_id;
1057 ike_cfg_t *ike_cfg;
1058 job_t *job;
1059 ike_cfg = charon->backends->get_ike_cfg(charon->backends, me, other);
1060 if (ike_cfg == NULL)
1061 {
1062 /* no config found for these hosts, destroy */
1063 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1064 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
1065 send_notify_response(this, msg,
1066 NO_PROPOSAL_CHOSEN, chunk_empty);
1067 return DESTROY_ME;
1068 }
1069 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1070 ike_cfg->destroy(ike_cfg);
1071 /* add a timeout if peer does not establish it completely */
1072 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1073 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1074 lib->scheduler->schedule_job(lib->scheduler, job,
1075 lib->settings->get_int(lib->settings,
1076 "charon.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT));
1077 }
1078 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1079 time_monotonic(NULL));
1080
1081 mid = msg->get_message_id(msg);
1082 if (msg->get_request(msg))
1083 {
1084 if (mid == this->responding.mid)
1085 {
1086 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
1087 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
1088 msg->get_exchange_type(msg) != IKE_SA_INIT)
1089 { /* only do host updates based on verified messages */
1090 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1091 { /* with MOBIKE, we do no implicit updates */
1092 this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
1093 }
1094 }
1095 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1096 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1097 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1098 return SUCCESS;
1099 }
1100 if (process_request(this, msg) != SUCCESS)
1101 {
1102 flush(this);
1103 return DESTROY_ME;
1104 }
1105 this->responding.mid++;
1106 }
1107 else if ((mid == this->responding.mid - 1) && this->responding.packet)
1108 {
1109 packet_t *clone;
1110 host_t *host;
1111
1112 DBG1(DBG_IKE, "received retransmit of request with ID %d, "
1113 "retransmitting response", mid);
1114 clone = this->responding.packet->clone(this->responding.packet);
1115 host = msg->get_destination(msg);
1116 clone->set_source(clone, host->clone(host));
1117 host = msg->get_source(msg);
1118 clone->set_destination(clone, host->clone(host));
1119 charon->sender->send(charon->sender, clone);
1120 }
1121 else
1122 {
1123 DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
1124 mid, this->responding.mid);
1125 }
1126 }
1127 else
1128 {
1129 if (mid == this->initiating.mid)
1130 {
1131 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
1132 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
1133 msg->get_exchange_type(msg) != IKE_SA_INIT)
1134 { /* only do host updates based on verified messages */
1135 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1136 { /* with MOBIKE, we do no implicit updates */
1137 this->ike_sa->update_hosts(this->ike_sa, me, other, FALSE);
1138 }
1139 }
1140 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1141 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1142 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1143 return SUCCESS;
1144 }
1145 if (process_response(this, msg) != SUCCESS)
1146 {
1147 flush(this);
1148 return DESTROY_ME;
1149 }
1150 }
1151 else
1152 {
1153 DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
1154 mid, this->initiating.mid);
1155 return SUCCESS;
1156 }
1157 }
1158 return SUCCESS;
1159 }
1160
1161 METHOD(task_manager_t, queue_task, void,
1162 private_task_manager_t *this, task_t *task)
1163 {
1164 if (task->get_type(task) == TASK_IKE_MOBIKE)
1165 { /* there is no need to queue more than one mobike task */
1166 enumerator_t *enumerator;
1167 task_t *current;
1168
1169 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1170 while (enumerator->enumerate(enumerator, (void**)&current))
1171 {
1172 if (current->get_type(current) == TASK_IKE_MOBIKE)
1173 {
1174 enumerator->destroy(enumerator);
1175 task->destroy(task);
1176 return;
1177 }
1178 }
1179 enumerator->destroy(enumerator);
1180 }
1181 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1182 this->queued_tasks->insert_last(this->queued_tasks, task);
1183 }
1184
1185 /**
1186 * Check if a given task has been queued already
1187 */
1188 static bool has_queued(private_task_manager_t *this, task_type_t type)
1189 {
1190 enumerator_t *enumerator;
1191 bool found = FALSE;
1192 task_t *task;
1193
1194 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1195 while (enumerator->enumerate(enumerator, &task))
1196 {
1197 if (task->get_type(task) == type)
1198 {
1199 found = TRUE;
1200 break;
1201 }
1202 }
1203 enumerator->destroy(enumerator);
1204 return found;
1205 }
1206
1207 METHOD(task_manager_t, queue_ike, void,
1208 private_task_manager_t *this)
1209 {
1210 if (!has_queued(this, TASK_IKE_VENDOR))
1211 {
1212 queue_task(this, (task_t*)ike_vendor_create(this->ike_sa, TRUE));
1213 }
1214 if (!has_queued(this, TASK_IKE_INIT))
1215 {
1216 queue_task(this, (task_t*)ike_init_create(this->ike_sa, TRUE, NULL));
1217 }
1218 if (!has_queued(this, TASK_IKE_NATD))
1219 {
1220 queue_task(this, (task_t*)ike_natd_create(this->ike_sa, TRUE));
1221 }
1222 if (!has_queued(this, TASK_IKE_CERT_PRE))
1223 {
1224 queue_task(this, (task_t*)ike_cert_pre_create(this->ike_sa, TRUE));
1225 }
1226 if (!has_queued(this, TASK_IKE_AUTH))
1227 {
1228 queue_task(this, (task_t*)ike_auth_create(this->ike_sa, TRUE));
1229 }
1230 if (!has_queued(this, TASK_IKE_CERT_POST))
1231 {
1232 queue_task(this, (task_t*)ike_cert_post_create(this->ike_sa, TRUE));
1233 }
1234 if (!has_queued(this, TASK_IKE_CONFIG))
1235 {
1236 queue_task(this, (task_t*)ike_config_create(this->ike_sa, TRUE));
1237 }
1238 if (!has_queued(this, TASK_IKE_AUTH_LIFETIME))
1239 {
1240 queue_task(this, (task_t*)ike_auth_lifetime_create(this->ike_sa, TRUE));
1241 }
1242 if (!has_queued(this, TASK_IKE_MOBIKE))
1243 {
1244 peer_cfg_t *peer_cfg;
1245
1246 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1247 if (peer_cfg->use_mobike(peer_cfg))
1248 {
1249 queue_task(this, (task_t*)ike_mobike_create(this->ike_sa, TRUE));
1250 }
1251 }
1252 #ifdef ME
1253 if (!has_queued(this, TASK_IKE_ME))
1254 {
1255 queue_task(this, (task_t*)ike_me_create(this->ike_sa, TRUE));
1256 }
1257 #endif /* ME */
1258 }
1259
1260 METHOD(task_manager_t, queue_ike_rekey, void,
1261 private_task_manager_t *this)
1262 {
1263 queue_task(this, (task_t*)ike_rekey_create(this->ike_sa, TRUE));
1264 }
1265
1266 METHOD(task_manager_t, queue_ike_reauth, void,
1267 private_task_manager_t *this)
1268 {
1269 queue_task(this, (task_t*)ike_reauth_create(this->ike_sa));
1270 }
1271
1272 METHOD(task_manager_t, queue_ike_delete, void,
1273 private_task_manager_t *this)
1274 {
1275 queue_task(this, (task_t*)ike_delete_create(this->ike_sa, TRUE));
1276 }
1277
1278 METHOD(task_manager_t, queue_mobike, void,
1279 private_task_manager_t *this, bool roam, bool address)
1280 {
1281 ike_mobike_t *mobike;
1282
1283 mobike = ike_mobike_create(this->ike_sa, TRUE);
1284 if (roam)
1285 {
1286 mobike->roam(mobike, address);
1287 }
1288 else
1289 {
1290 mobike->addresses(mobike);
1291 }
1292 queue_task(this, &mobike->task);
1293 }
1294
1295 METHOD(task_manager_t, queue_child, void,
1296 private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
1297 traffic_selector_t *tsi, traffic_selector_t *tsr)
1298 {
1299 child_create_t *task;
1300
1301 task = child_create_create(this->ike_sa, cfg, FALSE, tsi, tsr);
1302 if (reqid)
1303 {
1304 task->use_reqid(task, reqid);
1305 }
1306 queue_task(this, &task->task);
1307 }
1308
1309 METHOD(task_manager_t, queue_child_rekey, void,
1310 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1311 {
1312 queue_task(this, (task_t*)child_rekey_create(this->ike_sa, protocol, spi));
1313 }
1314
1315 METHOD(task_manager_t, queue_child_delete, void,
1316 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi,
1317 bool expired)
1318 {
1319 queue_task(this, (task_t*)child_delete_create(this->ike_sa,
1320 protocol, spi, expired));
1321 }
1322
1323 METHOD(task_manager_t, queue_dpd, void,
1324 private_task_manager_t *this)
1325 {
1326 ike_mobike_t *mobike;
1327
1328 if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
1329 this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
1330 {
1331 /* use mobike enabled DPD to detect NAT mapping changes */
1332 mobike = ike_mobike_create(this->ike_sa, TRUE);
1333 mobike->dpd(mobike);
1334 queue_task(this, &mobike->task);
1335 }
1336 else
1337 {
1338 queue_task(this, (task_t*)ike_dpd_create(TRUE));
1339 }
1340 }
1341
1342 METHOD(task_manager_t, adopt_tasks, void,
1343 private_task_manager_t *this, task_manager_t *other_public)
1344 {
1345 private_task_manager_t *other = (private_task_manager_t*)other_public;
1346 task_t *task;
1347
1348 /* move queued tasks from other to this */
1349 while (other->queued_tasks->remove_last(other->queued_tasks,
1350 (void**)&task) == SUCCESS)
1351 {
1352 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1353 task->migrate(task, this->ike_sa);
1354 this->queued_tasks->insert_first(this->queued_tasks, task);
1355 }
1356 }
1357
1358 METHOD(task_manager_t, busy, bool,
1359 private_task_manager_t *this)
1360 {
1361 return (this->active_tasks->get_count(this->active_tasks) > 0);
1362 }
1363
1364 METHOD(task_manager_t, reset, void,
1365 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
1366 {
1367 enumerator_t *enumerator;
1368 task_t *task;
1369
1370 /* reset message counters and retransmit packets */
1371 DESTROY_IF(this->responding.packet);
1372 DESTROY_IF(this->initiating.packet);
1373 this->responding.packet = NULL;
1374 this->initiating.packet = NULL;
1375 if (initiate != UINT_MAX)
1376 {
1377 this->initiating.mid = initiate;
1378 }
1379 if (respond != UINT_MAX)
1380 {
1381 this->responding.mid = respond;
1382 }
1383 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
1384
1385 /* reset queued tasks */
1386 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1387 while (enumerator->enumerate(enumerator, &task))
1388 {
1389 task->migrate(task, this->ike_sa);
1390 }
1391 enumerator->destroy(enumerator);
1392
1393 /* reset active tasks */
1394 while (this->active_tasks->remove_last(this->active_tasks,
1395 (void**)&task) == SUCCESS)
1396 {
1397 task->migrate(task, this->ike_sa);
1398 this->queued_tasks->insert_first(this->queued_tasks, task);
1399 }
1400
1401 this->reset = TRUE;
1402 }
1403
1404 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1405 private_task_manager_t *this, task_queue_t queue)
1406 {
1407 switch (queue)
1408 {
1409 case TASK_QUEUE_ACTIVE:
1410 return this->active_tasks->create_enumerator(this->active_tasks);
1411 case TASK_QUEUE_PASSIVE:
1412 return this->passive_tasks->create_enumerator(this->passive_tasks);
1413 case TASK_QUEUE_QUEUED:
1414 return this->queued_tasks->create_enumerator(this->queued_tasks);
1415 default:
1416 return enumerator_create_empty();
1417 }
1418 }
1419
1420 METHOD(task_manager_t, destroy, void,
1421 private_task_manager_t *this)
1422 {
1423 flush(this);
1424
1425 this->active_tasks->destroy(this->active_tasks);
1426 this->queued_tasks->destroy(this->queued_tasks);
1427 this->passive_tasks->destroy(this->passive_tasks);
1428
1429 DESTROY_IF(this->responding.packet);
1430 DESTROY_IF(this->initiating.packet);
1431 free(this);
1432 }
1433
1434 /*
1435 * see header file
1436 */
1437 task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
1438 {
1439 private_task_manager_t *this;
1440
1441 INIT(this,
1442 .public = {
1443 .task_manager = {
1444 .process_message = _process_message,
1445 .queue_task = _queue_task,
1446 .queue_ike = _queue_ike,
1447 .queue_ike_rekey = _queue_ike_rekey,
1448 .queue_ike_reauth = _queue_ike_reauth,
1449 .queue_ike_delete = _queue_ike_delete,
1450 .queue_mobike = _queue_mobike,
1451 .queue_child = _queue_child,
1452 .queue_child_rekey = _queue_child_rekey,
1453 .queue_child_delete = _queue_child_delete,
1454 .queue_dpd = _queue_dpd,
1455 .initiate = _initiate,
1456 .retransmit = _retransmit,
1457 .incr_mid = _incr_mid,
1458 .reset = _reset,
1459 .adopt_tasks = _adopt_tasks,
1460 .busy = _busy,
1461 .create_task_enumerator = _create_task_enumerator,
1462 .destroy = _destroy,
1463 },
1464 },
1465 .ike_sa = ike_sa,
1466 .initiating.type = EXCHANGE_TYPE_UNDEFINED,
1467 .queued_tasks = linked_list_create(),
1468 .active_tasks = linked_list_create(),
1469 .passive_tasks = linked_list_create(),
1470 .retransmit_tries = lib->settings->get_int(lib->settings,
1471 "charon.retransmit_tries", RETRANSMIT_TRIES),
1472 .retransmit_timeout = lib->settings->get_double(lib->settings,
1473 "charon.retransmit_timeout", RETRANSMIT_TIMEOUT),
1474 .retransmit_base = lib->settings->get_double(lib->settings,
1475 "charon.retransmit_base", RETRANSMIT_BASE),
1476 );
1477
1478 return &this->public;
1479 }
Michael's strongswan development tree