]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/sa/ikev2/task_manager_v2.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'stroke-counters'
[thirdparty/strongswan.git] / src / libcharon / sa / ikev2 / task_manager_v2.c
1 /*
2 * Copyright (C) 2007-2011 Tobias Brunner
3 * Copyright (C) 2007-2010 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "task_manager_v2.h"
18
19 #include <math.h>
20
21 #include <daemon.h>
22 #include <sa/ikev2/tasks/ike_init.h>
23 #include <sa/ikev2/tasks/ike_natd.h>
24 #include <sa/ikev2/tasks/ike_mobike.h>
25 #include <sa/ikev2/tasks/ike_auth.h>
26 #include <sa/ikev2/tasks/ike_auth_lifetime.h>
27 #include <sa/ikev2/tasks/ike_cert_pre.h>
28 #include <sa/ikev2/tasks/ike_cert_post.h>
29 #include <sa/ikev2/tasks/ike_rekey.h>
30 #include <sa/ikev2/tasks/ike_reauth.h>
31 #include <sa/ikev2/tasks/ike_delete.h>
32 #include <sa/ikev2/tasks/ike_config.h>
33 #include <sa/ikev2/tasks/ike_dpd.h>
34 #include <sa/ikev2/tasks/ike_vendor.h>
35 #include <sa/ikev2/tasks/child_create.h>
36 #include <sa/ikev2/tasks/child_rekey.h>
37 #include <sa/ikev2/tasks/child_delete.h>
38 #include <encoding/payloads/delete_payload.h>
39 #include <encoding/payloads/unknown_payload.h>
40 #include <processing/jobs/retransmit_job.h>
41 #include <processing/jobs/delete_ike_sa_job.h>
42
43 #ifdef ME
44 #include <sa/ikev2/tasks/ike_me.h>
45 #endif
46
47 typedef struct exchange_t exchange_t;
48
49 /**
50 * An exchange in the air, used do detect and handle retransmission
51 */
52 struct exchange_t {
53
54 /**
55 * Message ID used for this transaction
56 */
57 u_int32_t mid;
58
59 /**
60 * generated packet for retransmission
61 */
62 packet_t *packet;
63 };
64
65 typedef struct private_task_manager_t private_task_manager_t;
66
67 /**
68 * private data of the task manager
69 */
70 struct private_task_manager_t {
71
72 /**
73 * public functions
74 */
75 task_manager_v2_t public;
76
77 /**
78 * associated IKE_SA we are serving
79 */
80 ike_sa_t *ike_sa;
81
82 /**
83 * Exchange we are currently handling as responder
84 */
85 struct {
86 /**
87 * Message ID of the exchange
88 */
89 u_int32_t mid;
90
91 /**
92 * packet for retransmission
93 */
94 packet_t *packet;
95
96 } responding;
97
98 /**
99 * Exchange we are currently handling as initiator
100 */
101 struct {
102 /**
103 * Message ID of the exchange
104 */
105 u_int32_t mid;
106
107 /**
108 * how many times we have retransmitted so far
109 */
110 u_int retransmitted;
111
112 /**
113 * packet for retransmission
114 */
115 packet_t *packet;
116
117 /**
118 * type of the initated exchange
119 */
120 exchange_type_t type;
121
122 } initiating;
123
124 /**
125 * List of queued tasks not yet in action
126 */
127 linked_list_t *queued_tasks;
128
129 /**
130 * List of active tasks, initiated by ourselve
131 */
132 linked_list_t *active_tasks;
133
134 /**
135 * List of tasks initiated by peer
136 */
137 linked_list_t *passive_tasks;
138
139 /**
140 * the task manager has been reset
141 */
142 bool reset;
143
144 /**
145 * Number of times we retransmit messages before giving up
146 */
147 u_int retransmit_tries;
148
149 /**
150 * Retransmission timeout
151 */
152 double retransmit_timeout;
153
154 /**
155 * Base to calculate retransmission timeout
156 */
157 double retransmit_base;
158 };
159
160 METHOD(task_manager_t, flush_queue, void,
161 private_task_manager_t *this, task_queue_t queue)
162 {
163 linked_list_t *list;
164 task_t *task;
165
166 switch (queue)
167 {
168 case TASK_QUEUE_ACTIVE:
169 list = this->active_tasks;
170 break;
171 case TASK_QUEUE_PASSIVE:
172 list = this->passive_tasks;
173 break;
174 case TASK_QUEUE_QUEUED:
175 list = this->queued_tasks;
176 break;
177 default:
178 return;
179 }
180 while (list->remove_last(list, (void**)&task) == SUCCESS)
181 {
182 task->destroy(task);
183 }
184 }
185
186 /**
187 * flush all tasks in the task manager
188 */
189 static void flush(private_task_manager_t *this)
190 {
191 flush_queue(this, TASK_QUEUE_QUEUED);
192 flush_queue(this, TASK_QUEUE_PASSIVE);
193 flush_queue(this, TASK_QUEUE_ACTIVE);
194 }
195
196 /**
197 * move a task of a specific type from the queue to the active list
198 */
199 static bool activate_task(private_task_manager_t *this, task_type_t type)
200 {
201 enumerator_t *enumerator;
202 task_t *task;
203 bool found = FALSE;
204
205 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
206 while (enumerator->enumerate(enumerator, (void**)&task))
207 {
208 if (task->get_type(task) == type)
209 {
210 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
211 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
212 this->active_tasks->insert_last(this->active_tasks, task);
213 found = TRUE;
214 break;
215 }
216 }
217 enumerator->destroy(enumerator);
218 return found;
219 }
220
221 METHOD(task_manager_t, retransmit, status_t,
222 private_task_manager_t *this, u_int32_t message_id)
223 {
224 if (this->initiating.packet && message_id == this->initiating.mid)
225 {
226 u_int32_t timeout;
227 job_t *job;
228 enumerator_t *enumerator;
229 packet_t *packet;
230 task_t *task;
231 ike_mobike_t *mobike = NULL;
232
233 /* check if we are retransmitting a MOBIKE routability check */
234 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
235 while (enumerator->enumerate(enumerator, (void*)&task))
236 {
237 if (task->get_type(task) == TASK_IKE_MOBIKE)
238 {
239 mobike = (ike_mobike_t*)task;
240 if (!mobike->is_probing(mobike))
241 {
242 mobike = NULL;
243 }
244 break;
245 }
246 }
247 enumerator->destroy(enumerator);
248
249 if (mobike == NULL)
250 {
251 if (this->initiating.retransmitted <= this->retransmit_tries)
252 {
253 timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 *
254 pow(this->retransmit_base, this->initiating.retransmitted));
255 }
256 else
257 {
258 DBG1(DBG_IKE, "giving up after %d retransmits",
259 this->initiating.retransmitted - 1);
260 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT,
261 this->initiating.packet);
262 return DESTROY_ME;
263 }
264
265 if (this->initiating.retransmitted)
266 {
267 DBG1(DBG_IKE, "retransmit %d of request with message ID %d",
268 this->initiating.retransmitted, message_id);
269 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND,
270 this->initiating.packet);
271 }
272 packet = this->initiating.packet->clone(this->initiating.packet);
273 charon->sender->send(charon->sender, packet);
274 }
275 else
276 { /* for routeability checks, we use a more aggressive behavior */
277 if (this->initiating.retransmitted <= ROUTEABILITY_CHECK_TRIES)
278 {
279 timeout = ROUTEABILITY_CHECK_INTERVAL;
280 }
281 else
282 {
283 DBG1(DBG_IKE, "giving up after %d path probings",
284 this->initiating.retransmitted - 1);
285 return DESTROY_ME;
286 }
287
288 if (this->initiating.retransmitted)
289 {
290 DBG1(DBG_IKE, "path probing attempt %d",
291 this->initiating.retransmitted);
292 }
293 mobike->transmit(mobike, this->initiating.packet);
294 }
295
296 this->initiating.retransmitted++;
297 job = (job_t*)retransmit_job_create(this->initiating.mid,
298 this->ike_sa->get_id(this->ike_sa));
299 lib->scheduler->schedule_job_ms(lib->scheduler, job, timeout);
300 }
301 return SUCCESS;
302 }
303
304 METHOD(task_manager_t, initiate, status_t,
305 private_task_manager_t *this)
306 {
307 enumerator_t *enumerator;
308 task_t *task;
309 message_t *message;
310 host_t *me, *other;
311 status_t status;
312 exchange_type_t exchange = 0;
313
314 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
315 {
316 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
317 exchange_type_names, this->initiating.type);
318 /* do not initiate if we already have a message in the air */
319 return SUCCESS;
320 }
321
322 if (this->active_tasks->get_count(this->active_tasks) == 0)
323 {
324 DBG2(DBG_IKE, "activating new tasks");
325 switch (this->ike_sa->get_state(this->ike_sa))
326 {
327 case IKE_CREATED:
328 activate_task(this, TASK_IKE_VENDOR);
329 if (activate_task(this, TASK_IKE_INIT))
330 {
331 this->initiating.mid = 0;
332 exchange = IKE_SA_INIT;
333 activate_task(this, TASK_IKE_NATD);
334 activate_task(this, TASK_IKE_CERT_PRE);
335 #ifdef ME
336 /* this task has to be activated before the TASK_IKE_AUTH
337 * task, because that task pregenerates the packet after
338 * which no payloads can be added to the message anymore.
339 */
340 activate_task(this, TASK_IKE_ME);
341 #endif /* ME */
342 activate_task(this, TASK_IKE_AUTH);
343 activate_task(this, TASK_IKE_CERT_POST);
344 activate_task(this, TASK_IKE_CONFIG);
345 activate_task(this, TASK_CHILD_CREATE);
346 activate_task(this, TASK_IKE_AUTH_LIFETIME);
347 activate_task(this, TASK_IKE_MOBIKE);
348 }
349 break;
350 case IKE_ESTABLISHED:
351 if (activate_task(this, TASK_CHILD_CREATE))
352 {
353 exchange = CREATE_CHILD_SA;
354 break;
355 }
356 if (activate_task(this, TASK_CHILD_DELETE))
357 {
358 exchange = INFORMATIONAL;
359 break;
360 }
361 if (activate_task(this, TASK_CHILD_REKEY))
362 {
363 exchange = CREATE_CHILD_SA;
364 break;
365 }
366 if (activate_task(this, TASK_IKE_DELETE))
367 {
368 exchange = INFORMATIONAL;
369 break;
370 }
371 if (activate_task(this, TASK_IKE_REKEY))
372 {
373 exchange = CREATE_CHILD_SA;
374 break;
375 }
376 if (activate_task(this, TASK_IKE_REAUTH))
377 {
378 exchange = INFORMATIONAL;
379 break;
380 }
381 if (activate_task(this, TASK_IKE_MOBIKE))
382 {
383 exchange = INFORMATIONAL;
384 break;
385 }
386 if (activate_task(this, TASK_IKE_DPD))
387 {
388 exchange = INFORMATIONAL;
389 break;
390 }
391 if (activate_task(this, TASK_IKE_AUTH_LIFETIME))
392 {
393 exchange = INFORMATIONAL;
394 break;
395 }
396 #ifdef ME
397 if (activate_task(this, TASK_IKE_ME))
398 {
399 exchange = ME_CONNECT;
400 break;
401 }
402 #endif /* ME */
403 case IKE_REKEYING:
404 if (activate_task(this, TASK_IKE_DELETE))
405 {
406 exchange = INFORMATIONAL;
407 break;
408 }
409 case IKE_DELETING:
410 default:
411 break;
412 }
413 }
414 else
415 {
416 DBG2(DBG_IKE, "reinitiating already active tasks");
417 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
418 while (enumerator->enumerate(enumerator, (void**)&task))
419 {
420 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
421 switch (task->get_type(task))
422 {
423 case TASK_IKE_INIT:
424 exchange = IKE_SA_INIT;
425 break;
426 case TASK_IKE_AUTH:
427 exchange = IKE_AUTH;
428 break;
429 case TASK_CHILD_CREATE:
430 case TASK_CHILD_REKEY:
431 case TASK_IKE_REKEY:
432 exchange = CREATE_CHILD_SA;
433 break;
434 case TASK_IKE_MOBIKE:
435 exchange = INFORMATIONAL;
436 break;
437 default:
438 continue;
439 }
440 break;
441 }
442 enumerator->destroy(enumerator);
443 }
444
445 if (exchange == 0)
446 {
447 DBG2(DBG_IKE, "nothing to initiate");
448 /* nothing to do yet... */
449 return SUCCESS;
450 }
451
452 me = this->ike_sa->get_my_host(this->ike_sa);
453 other = this->ike_sa->get_other_host(this->ike_sa);
454
455 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
456 message->set_message_id(message, this->initiating.mid);
457 message->set_source(message, me->clone(me));
458 message->set_destination(message, other->clone(other));
459 message->set_exchange_type(message, exchange);
460 this->initiating.type = exchange;
461 this->initiating.retransmitted = 0;
462
463 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
464 while (enumerator->enumerate(enumerator, (void*)&task))
465 {
466 switch (task->build(task, message))
467 {
468 case SUCCESS:
469 /* task completed, remove it */
470 this->active_tasks->remove_at(this->active_tasks, enumerator);
471 task->destroy(task);
472 break;
473 case NEED_MORE:
474 /* processed, but task needs another exchange */
475 break;
476 case FAILED:
477 default:
478 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
479 {
480 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
481 }
482 /* FALL */
483 case DESTROY_ME:
484 /* critical failure, destroy IKE_SA */
485 enumerator->destroy(enumerator);
486 message->destroy(message);
487 flush(this);
488 return DESTROY_ME;
489 }
490 }
491 enumerator->destroy(enumerator);
492
493 /* update exchange type if a task changed it */
494 this->initiating.type = message->get_exchange_type(message);
495
496 status = this->ike_sa->generate_message(this->ike_sa, message,
497 &this->initiating.packet);
498 if (status != SUCCESS)
499 {
500 /* message generation failed. There is nothing more to do than to
501 * close the SA */
502 message->destroy(message);
503 flush(this);
504 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
505 return DESTROY_ME;
506 }
507 message->destroy(message);
508
509 return retransmit(this, this->initiating.mid);
510 }
511
512 /**
513 * handle an incoming response message
514 */
515 static status_t process_response(private_task_manager_t *this,
516 message_t *message)
517 {
518 enumerator_t *enumerator;
519 task_t *task;
520
521 if (message->get_exchange_type(message) != this->initiating.type)
522 {
523 DBG1(DBG_IKE, "received %N response, but expected %N",
524 exchange_type_names, message->get_exchange_type(message),
525 exchange_type_names, this->initiating.type);
526 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
527 return DESTROY_ME;
528 }
529
530 /* catch if we get resetted while processing */
531 this->reset = FALSE;
532 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
533 while (enumerator->enumerate(enumerator, (void*)&task))
534 {
535 switch (task->process(task, message))
536 {
537 case SUCCESS:
538 /* task completed, remove it */
539 this->active_tasks->remove_at(this->active_tasks, enumerator);
540 task->destroy(task);
541 break;
542 case NEED_MORE:
543 /* processed, but task needs another exchange */
544 break;
545 case FAILED:
546 default:
547 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
548 /* FALL */
549 case DESTROY_ME:
550 /* critical failure, destroy IKE_SA */
551 this->active_tasks->remove_at(this->active_tasks, enumerator);
552 enumerator->destroy(enumerator);
553 task->destroy(task);
554 return DESTROY_ME;
555 }
556 if (this->reset)
557 { /* start all over again if we were reset */
558 this->reset = FALSE;
559 enumerator->destroy(enumerator);
560 return initiate(this);
561 }
562 }
563 enumerator->destroy(enumerator);
564
565 this->initiating.mid++;
566 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
567 this->initiating.packet->destroy(this->initiating.packet);
568 this->initiating.packet = NULL;
569
570 return initiate(this);
571 }
572
573 /**
574 * handle exchange collisions
575 */
576 static bool handle_collisions(private_task_manager_t *this, task_t *task)
577 {
578 enumerator_t *enumerator;
579 task_t *active;
580 task_type_t type;
581
582 type = task->get_type(task);
583
584 /* do we have to check */
585 if (type == TASK_IKE_REKEY || type == TASK_CHILD_REKEY ||
586 type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE ||
587 type == TASK_IKE_REAUTH)
588 {
589 /* find an exchange collision, and notify these tasks */
590 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
591 while (enumerator->enumerate(enumerator, (void**)&active))
592 {
593 switch (active->get_type(active))
594 {
595 case TASK_IKE_REKEY:
596 if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE ||
597 type == TASK_IKE_REAUTH)
598 {
599 ike_rekey_t *rekey = (ike_rekey_t*)active;
600 rekey->collide(rekey, task);
601 break;
602 }
603 continue;
604 case TASK_CHILD_REKEY:
605 if (type == TASK_CHILD_REKEY || type == TASK_CHILD_DELETE)
606 {
607 child_rekey_t *rekey = (child_rekey_t*)active;
608 rekey->collide(rekey, task);
609 break;
610 }
611 continue;
612 default:
613 continue;
614 }
615 enumerator->destroy(enumerator);
616 return TRUE;
617 }
618 enumerator->destroy(enumerator);
619 }
620 return FALSE;
621 }
622
623 /**
624 * build a response depending on the "passive" task list
625 */
626 static status_t build_response(private_task_manager_t *this, message_t *request)
627 {
628 enumerator_t *enumerator;
629 task_t *task;
630 message_t *message;
631 host_t *me, *other;
632 bool delete = FALSE, hook = FALSE;
633 ike_sa_id_t *id = NULL;
634 u_int64_t responder_spi;
635 status_t status;
636
637 me = request->get_destination(request);
638 other = request->get_source(request);
639
640 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
641 message->set_exchange_type(message, request->get_exchange_type(request));
642 /* send response along the path the request came in */
643 message->set_source(message, me->clone(me));
644 message->set_destination(message, other->clone(other));
645 message->set_message_id(message, this->responding.mid);
646 message->set_request(message, FALSE);
647
648 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
649 while (enumerator->enumerate(enumerator, (void*)&task))
650 {
651 switch (task->build(task, message))
652 {
653 case SUCCESS:
654 /* task completed, remove it */
655 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
656 if (!handle_collisions(this, task))
657 {
658 task->destroy(task);
659 }
660 break;
661 case NEED_MORE:
662 /* processed, but task needs another exchange */
663 if (handle_collisions(this, task))
664 {
665 this->passive_tasks->remove_at(this->passive_tasks,
666 enumerator);
667 }
668 break;
669 case FAILED:
670 default:
671 hook = TRUE;
672 /* FALL */
673 case DESTROY_ME:
674 /* destroy IKE_SA, but SEND response first */
675 delete = TRUE;
676 break;
677 }
678 if (delete)
679 {
680 break;
681 }
682 }
683 enumerator->destroy(enumerator);
684
685 /* RFC 5996, section 2.6 mentions that in the event of a failure during
686 * IKE_SA_INIT the responder's SPI will be 0 in the response, while it
687 * actually explicitly allows it to be non-zero. Since we use the responder
688 * SPI to create hashes in the IKE_SA manager we can only set the SPI to
689 * zero temporarily, otherwise checking the SA in would fail. */
690 if (delete && request->get_exchange_type(request) == IKE_SA_INIT)
691 {
692 id = this->ike_sa->get_id(this->ike_sa);
693 responder_spi = id->get_responder_spi(id);
694 id->set_responder_spi(id, 0);
695 }
696
697 /* message complete, send it */
698 DESTROY_IF(this->responding.packet);
699 this->responding.packet = NULL;
700 status = this->ike_sa->generate_message(this->ike_sa, message,
701 &this->responding.packet);
702 message->destroy(message);
703 if (id)
704 {
705 id->set_responder_spi(id, responder_spi);
706 }
707 if (status != SUCCESS)
708 {
709 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
710 return DESTROY_ME;
711 }
712
713 charon->sender->send(charon->sender,
714 this->responding.packet->clone(this->responding.packet));
715 if (delete)
716 {
717 if (hook)
718 {
719 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
720 }
721 return DESTROY_ME;
722 }
723 return SUCCESS;
724 }
725
726 /**
727 * handle an incoming request message
728 */
729 static status_t process_request(private_task_manager_t *this,
730 message_t *message)
731 {
732 enumerator_t *enumerator;
733 task_t *task = NULL;
734 payload_t *payload;
735 notify_payload_t *notify;
736 delete_payload_t *delete;
737
738 if (this->passive_tasks->get_count(this->passive_tasks) == 0)
739 { /* create tasks depending on request type, if not already some queued */
740 switch (message->get_exchange_type(message))
741 {
742 case IKE_SA_INIT:
743 {
744 task = (task_t*)ike_vendor_create(this->ike_sa, FALSE);
745 this->passive_tasks->insert_last(this->passive_tasks, task);
746 task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
747 this->passive_tasks->insert_last(this->passive_tasks, task);
748 task = (task_t*)ike_natd_create(this->ike_sa, FALSE);
749 this->passive_tasks->insert_last(this->passive_tasks, task);
750 task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE);
751 this->passive_tasks->insert_last(this->passive_tasks, task);
752 #ifdef ME
753 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
754 this->passive_tasks->insert_last(this->passive_tasks, task);
755 #endif /* ME */
756 task = (task_t*)ike_auth_create(this->ike_sa, FALSE);
757 this->passive_tasks->insert_last(this->passive_tasks, task);
758 task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE);
759 this->passive_tasks->insert_last(this->passive_tasks, task);
760 task = (task_t*)ike_config_create(this->ike_sa, FALSE);
761 this->passive_tasks->insert_last(this->passive_tasks, task);
762 task = (task_t*)child_create_create(this->ike_sa, NULL, FALSE,
763 NULL, NULL);
764 this->passive_tasks->insert_last(this->passive_tasks, task);
765 task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE);
766 this->passive_tasks->insert_last(this->passive_tasks, task);
767 task = (task_t*)ike_mobike_create(this->ike_sa, FALSE);
768 this->passive_tasks->insert_last(this->passive_tasks, task);
769 break;
770 }
771 case CREATE_CHILD_SA:
772 { /* FIXME: we should prevent this on mediation connections */
773 bool notify_found = FALSE, ts_found = FALSE;
774 enumerator = message->create_payload_enumerator(message);
775 while (enumerator->enumerate(enumerator, &payload))
776 {
777 switch (payload->get_type(payload))
778 {
779 case NOTIFY:
780 { /* if we find a rekey notify, its CHILD_SA rekeying */
781 notify = (notify_payload_t*)payload;
782 if (notify->get_notify_type(notify) == REKEY_SA &&
783 (notify->get_protocol_id(notify) == PROTO_AH ||
784 notify->get_protocol_id(notify) == PROTO_ESP))
785 {
786 notify_found = TRUE;
787 }
788 break;
789 }
790 case TRAFFIC_SELECTOR_INITIATOR:
791 case TRAFFIC_SELECTOR_RESPONDER:
792 { /* if we don't find a TS, its IKE rekeying */
793 ts_found = TRUE;
794 break;
795 }
796 default:
797 break;
798 }
799 }
800 enumerator->destroy(enumerator);
801
802 if (ts_found)
803 {
804 if (notify_found)
805 {
806 task = (task_t*)child_rekey_create(this->ike_sa,
807 PROTO_NONE, 0);
808 }
809 else
810 {
811 task = (task_t*)child_create_create(this->ike_sa, NULL,
812 FALSE, NULL, NULL);
813 }
814 }
815 else
816 {
817 task = (task_t*)ike_rekey_create(this->ike_sa, FALSE);
818 }
819 this->passive_tasks->insert_last(this->passive_tasks, task);
820 break;
821 }
822 case INFORMATIONAL:
823 {
824 enumerator = message->create_payload_enumerator(message);
825 while (enumerator->enumerate(enumerator, &payload))
826 {
827 switch (payload->get_type(payload))
828 {
829 case NOTIFY:
830 {
831 notify = (notify_payload_t*)payload;
832 switch (notify->get_notify_type(notify))
833 {
834 case ADDITIONAL_IP4_ADDRESS:
835 case ADDITIONAL_IP6_ADDRESS:
836 case NO_ADDITIONAL_ADDRESSES:
837 case UPDATE_SA_ADDRESSES:
838 case NO_NATS_ALLOWED:
839 case UNACCEPTABLE_ADDRESSES:
840 case UNEXPECTED_NAT_DETECTED:
841 case COOKIE2:
842 case NAT_DETECTION_SOURCE_IP:
843 case NAT_DETECTION_DESTINATION_IP:
844 task = (task_t*)ike_mobike_create(
845 this->ike_sa, FALSE);
846 break;
847 case AUTH_LIFETIME:
848 task = (task_t*)ike_auth_lifetime_create(
849 this->ike_sa, FALSE);
850 break;
851 default:
852 break;
853 }
854 break;
855 }
856 case DELETE:
857 {
858 delete = (delete_payload_t*)payload;
859 if (delete->get_protocol_id(delete) == PROTO_IKE)
860 {
861 task = (task_t*)ike_delete_create(this->ike_sa,
862 FALSE);
863 }
864 else
865 {
866 task = (task_t*)child_delete_create(this->ike_sa,
867 PROTO_NONE, 0, FALSE);
868 }
869 break;
870 }
871 default:
872 break;
873 }
874 if (task)
875 {
876 break;
877 }
878 }
879 enumerator->destroy(enumerator);
880
881 if (task == NULL)
882 {
883 task = (task_t*)ike_dpd_create(FALSE);
884 }
885 this->passive_tasks->insert_last(this->passive_tasks, task);
886 break;
887 }
888 #ifdef ME
889 case ME_CONNECT:
890 {
891 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
892 this->passive_tasks->insert_last(this->passive_tasks, task);
893 }
894 #endif /* ME */
895 default:
896 break;
897 }
898 }
899
900 /* let the tasks process the message */
901 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
902 while (enumerator->enumerate(enumerator, (void*)&task))
903 {
904 switch (task->process(task, message))
905 {
906 case SUCCESS:
907 /* task completed, remove it */
908 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
909 task->destroy(task);
910 break;
911 case NEED_MORE:
912 /* processed, but task needs at least another call to build() */
913 break;
914 case FAILED:
915 default:
916 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
917 /* FALL */
918 case DESTROY_ME:
919 /* critical failure, destroy IKE_SA */
920 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
921 enumerator->destroy(enumerator);
922 task->destroy(task);
923 return DESTROY_ME;
924 }
925 }
926 enumerator->destroy(enumerator);
927
928 return build_response(this, message);
929 }
930
931 METHOD(task_manager_t, incr_mid, void,
932 private_task_manager_t *this, bool initiate)
933 {
934 if (initiate)
935 {
936 this->initiating.mid++;
937 }
938 else
939 {
940 this->responding.mid++;
941 }
942 }
943
944 /**
945 * Send a notify back to the sender
946 */
947 static void send_notify_response(private_task_manager_t *this,
948 message_t *request, notify_type_t type,
949 chunk_t data)
950 {
951 message_t *response;
952 packet_t *packet;
953 host_t *me, *other;
954
955 response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
956 response->set_exchange_type(response, request->get_exchange_type(request));
957 response->set_request(response, FALSE);
958 response->set_message_id(response, request->get_message_id(request));
959 response->add_notify(response, FALSE, type, data);
960 me = this->ike_sa->get_my_host(this->ike_sa);
961 if (me->is_anyaddr(me))
962 {
963 me = request->get_destination(request);
964 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
965 }
966 other = this->ike_sa->get_other_host(this->ike_sa);
967 if (other->is_anyaddr(other))
968 {
969 other = request->get_source(request);
970 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
971 }
972 response->set_source(response, me->clone(me));
973 response->set_destination(response, other->clone(other));
974 if (this->ike_sa->generate_message(this->ike_sa, response,
975 &packet) == SUCCESS)
976 {
977 charon->sender->send(charon->sender, packet);
978 }
979 response->destroy(response);
980 }
981
982 /**
983 * Parse the given message and verify that it is valid.
984 */
985 static status_t parse_message(private_task_manager_t *this, message_t *msg)
986 {
987 status_t status;
988 u_int8_t type = 0;
989
990 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
991
992 if (status == SUCCESS)
993 { /* check for unsupported critical payloads */
994 enumerator_t *enumerator;
995 unknown_payload_t *unknown;
996 payload_t *payload;
997
998 enumerator = msg->create_payload_enumerator(msg);
999 while (enumerator->enumerate(enumerator, &payload))
1000 {
1001 unknown = (unknown_payload_t*)payload;
1002 type = payload->get_type(payload);
1003 if (!payload_is_known(type) &&
1004 unknown->is_critical(unknown))
1005 {
1006 DBG1(DBG_ENC, "payload type %N is not supported, "
1007 "but its critical!", payload_type_names, type);
1008 status = NOT_SUPPORTED;
1009 break;
1010 }
1011 }
1012 enumerator->destroy(enumerator);
1013 }
1014
1015 if (status != SUCCESS)
1016 {
1017 bool is_request = msg->get_request(msg);
1018
1019 switch (status)
1020 {
1021 case NOT_SUPPORTED:
1022 DBG1(DBG_IKE, "critical unknown payloads found");
1023 if (is_request)
1024 {
1025 send_notify_response(this, msg,
1026 UNSUPPORTED_CRITICAL_PAYLOAD,
1027 chunk_from_thing(type));
1028 incr_mid(this, FALSE);
1029 }
1030 break;
1031 case PARSE_ERROR:
1032 DBG1(DBG_IKE, "message parsing failed");
1033 if (is_request)
1034 {
1035 send_notify_response(this, msg,
1036 INVALID_SYNTAX, chunk_empty);
1037 incr_mid(this, FALSE);
1038 }
1039 break;
1040 case VERIFY_ERROR:
1041 DBG1(DBG_IKE, "message verification failed");
1042 if (is_request)
1043 {
1044 send_notify_response(this, msg,
1045 INVALID_SYNTAX, chunk_empty);
1046 incr_mid(this, FALSE);
1047 }
1048 break;
1049 case FAILED:
1050 DBG1(DBG_IKE, "integrity check failed");
1051 /* ignored */
1052 break;
1053 case INVALID_STATE:
1054 DBG1(DBG_IKE, "found encrypted message, but no keys available");
1055 default:
1056 break;
1057 }
1058 DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
1059 exchange_type_names, msg->get_exchange_type(msg),
1060 is_request ? "request" : "response",
1061 msg->get_message_id(msg));
1062
1063 charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_BODY, msg, status);
1064
1065 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1066 { /* invalid initiation attempt, close SA */
1067 return DESTROY_ME;
1068 }
1069 }
1070 return status;
1071 }
1072
1073
1074 METHOD(task_manager_t, process_message, status_t,
1075 private_task_manager_t *this, message_t *msg)
1076 {
1077 host_t *me, *other;
1078 status_t status;
1079 u_int32_t mid;
1080
1081 charon->bus->message(charon->bus, msg, TRUE, FALSE);
1082 status = parse_message(this, msg);
1083 if (status != SUCCESS)
1084 {
1085 return status;
1086 }
1087
1088 me = msg->get_destination(msg);
1089 other = msg->get_source(msg);
1090
1091 /* if this IKE_SA is virgin, we check for a config */
1092 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1093 {
1094 ike_sa_id_t *ike_sa_id;
1095 ike_cfg_t *ike_cfg;
1096 job_t *job;
1097 ike_cfg = charon->backends->get_ike_cfg(charon->backends,
1098 me, other, IKEV2);
1099 if (ike_cfg == NULL)
1100 {
1101 /* no config found for these hosts, destroy */
1102 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1103 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
1104 send_notify_response(this, msg,
1105 NO_PROPOSAL_CHOSEN, chunk_empty);
1106 return DESTROY_ME;
1107 }
1108 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1109 ike_cfg->destroy(ike_cfg);
1110 /* add a timeout if peer does not establish it completely */
1111 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1112 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1113 lib->scheduler->schedule_job(lib->scheduler, job,
1114 lib->settings->get_int(lib->settings,
1115 "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
1116 charon->name));
1117 }
1118 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1119 time_monotonic(NULL));
1120
1121 mid = msg->get_message_id(msg);
1122 if (msg->get_request(msg))
1123 {
1124 if (mid == this->responding.mid)
1125 {
1126 /* reject initial messages once established */
1127 if (msg->get_exchange_type(msg) == IKE_SA_INIT ||
1128 msg->get_exchange_type(msg) == IKE_AUTH)
1129 {
1130 if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
1131 this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
1132 {
1133 DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
1134 exchange_type_names, msg->get_exchange_type(msg));
1135 return FAILED;
1136 }
1137 }
1138 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
1139 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
1140 msg->get_exchange_type(msg) != IKE_SA_INIT)
1141 { /* only do host updates based on verified messages */
1142 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1143 { /* with MOBIKE, we do no implicit updates */
1144 this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
1145 }
1146 }
1147 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1148 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1149 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1150 return SUCCESS;
1151 }
1152 if (process_request(this, msg) != SUCCESS)
1153 {
1154 flush(this);
1155 return DESTROY_ME;
1156 }
1157 this->responding.mid++;
1158 }
1159 else if ((mid == this->responding.mid - 1) && this->responding.packet)
1160 {
1161 packet_t *clone;
1162 host_t *host;
1163
1164 DBG1(DBG_IKE, "received retransmit of request with ID %d, "
1165 "retransmitting response", mid);
1166 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
1167 clone = this->responding.packet->clone(this->responding.packet);
1168 host = msg->get_destination(msg);
1169 clone->set_source(clone, host->clone(host));
1170 host = msg->get_source(msg);
1171 clone->set_destination(clone, host->clone(host));
1172 charon->sender->send(charon->sender, clone);
1173 }
1174 else
1175 {
1176 DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
1177 mid, this->responding.mid);
1178 if (msg->get_exchange_type(msg) == IKE_SA_INIT)
1179 { /* clean up IKE_SA state if IKE_SA_INIT has invalid msg ID */
1180 return DESTROY_ME;
1181 }
1182 }
1183 }
1184 else
1185 {
1186 if (mid == this->initiating.mid)
1187 {
1188 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
1189 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
1190 msg->get_exchange_type(msg) != IKE_SA_INIT)
1191 { /* only do host updates based on verified messages */
1192 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1193 { /* with MOBIKE, we do no implicit updates */
1194 this->ike_sa->update_hosts(this->ike_sa, me, other, FALSE);
1195 }
1196 }
1197 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1198 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1199 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1200 return SUCCESS;
1201 }
1202 if (process_response(this, msg) != SUCCESS)
1203 {
1204 flush(this);
1205 return DESTROY_ME;
1206 }
1207 }
1208 else
1209 {
1210 DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
1211 mid, this->initiating.mid);
1212 return SUCCESS;
1213 }
1214 }
1215 return SUCCESS;
1216 }
1217
1218 METHOD(task_manager_t, queue_task, void,
1219 private_task_manager_t *this, task_t *task)
1220 {
1221 if (task->get_type(task) == TASK_IKE_MOBIKE)
1222 { /* there is no need to queue more than one mobike task */
1223 enumerator_t *enumerator;
1224 task_t *current;
1225
1226 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1227 while (enumerator->enumerate(enumerator, (void**)&current))
1228 {
1229 if (current->get_type(current) == TASK_IKE_MOBIKE)
1230 {
1231 enumerator->destroy(enumerator);
1232 task->destroy(task);
1233 return;
1234 }
1235 }
1236 enumerator->destroy(enumerator);
1237 }
1238 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1239 this->queued_tasks->insert_last(this->queued_tasks, task);
1240 }
1241
1242 /**
1243 * Check if a given task has been queued already
1244 */
1245 static bool has_queued(private_task_manager_t *this, task_type_t type)
1246 {
1247 enumerator_t *enumerator;
1248 bool found = FALSE;
1249 task_t *task;
1250
1251 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1252 while (enumerator->enumerate(enumerator, &task))
1253 {
1254 if (task->get_type(task) == type)
1255 {
1256 found = TRUE;
1257 break;
1258 }
1259 }
1260 enumerator->destroy(enumerator);
1261 return found;
1262 }
1263
1264 METHOD(task_manager_t, queue_ike, void,
1265 private_task_manager_t *this)
1266 {
1267 if (!has_queued(this, TASK_IKE_VENDOR))
1268 {
1269 queue_task(this, (task_t*)ike_vendor_create(this->ike_sa, TRUE));
1270 }
1271 if (!has_queued(this, TASK_IKE_INIT))
1272 {
1273 queue_task(this, (task_t*)ike_init_create(this->ike_sa, TRUE, NULL));
1274 }
1275 if (!has_queued(this, TASK_IKE_NATD))
1276 {
1277 queue_task(this, (task_t*)ike_natd_create(this->ike_sa, TRUE));
1278 }
1279 if (!has_queued(this, TASK_IKE_CERT_PRE))
1280 {
1281 queue_task(this, (task_t*)ike_cert_pre_create(this->ike_sa, TRUE));
1282 }
1283 if (!has_queued(this, TASK_IKE_AUTH))
1284 {
1285 queue_task(this, (task_t*)ike_auth_create(this->ike_sa, TRUE));
1286 }
1287 if (!has_queued(this, TASK_IKE_CERT_POST))
1288 {
1289 queue_task(this, (task_t*)ike_cert_post_create(this->ike_sa, TRUE));
1290 }
1291 if (!has_queued(this, TASK_IKE_CONFIG))
1292 {
1293 queue_task(this, (task_t*)ike_config_create(this->ike_sa, TRUE));
1294 }
1295 if (!has_queued(this, TASK_IKE_AUTH_LIFETIME))
1296 {
1297 queue_task(this, (task_t*)ike_auth_lifetime_create(this->ike_sa, TRUE));
1298 }
1299 if (!has_queued(this, TASK_IKE_MOBIKE))
1300 {
1301 peer_cfg_t *peer_cfg;
1302
1303 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1304 if (peer_cfg->use_mobike(peer_cfg))
1305 {
1306 queue_task(this, (task_t*)ike_mobike_create(this->ike_sa, TRUE));
1307 }
1308 }
1309 #ifdef ME
1310 if (!has_queued(this, TASK_IKE_ME))
1311 {
1312 queue_task(this, (task_t*)ike_me_create(this->ike_sa, TRUE));
1313 }
1314 #endif /* ME */
1315 }
1316
1317 METHOD(task_manager_t, queue_ike_rekey, void,
1318 private_task_manager_t *this)
1319 {
1320 queue_task(this, (task_t*)ike_rekey_create(this->ike_sa, TRUE));
1321 }
1322
1323 METHOD(task_manager_t, queue_ike_reauth, void,
1324 private_task_manager_t *this)
1325 {
1326 queue_task(this, (task_t*)ike_reauth_create(this->ike_sa));
1327 }
1328
1329 METHOD(task_manager_t, queue_ike_delete, void,
1330 private_task_manager_t *this)
1331 {
1332 queue_task(this, (task_t*)ike_delete_create(this->ike_sa, TRUE));
1333 }
1334
1335 METHOD(task_manager_t, queue_mobike, void,
1336 private_task_manager_t *this, bool roam, bool address)
1337 {
1338 ike_mobike_t *mobike;
1339
1340 mobike = ike_mobike_create(this->ike_sa, TRUE);
1341 if (roam)
1342 {
1343 mobike->roam(mobike, address);
1344 }
1345 else
1346 {
1347 mobike->addresses(mobike);
1348 }
1349 queue_task(this, &mobike->task);
1350 }
1351
1352 METHOD(task_manager_t, queue_child, void,
1353 private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
1354 traffic_selector_t *tsi, traffic_selector_t *tsr)
1355 {
1356 child_create_t *task;
1357
1358 task = child_create_create(this->ike_sa, cfg, FALSE, tsi, tsr);
1359 if (reqid)
1360 {
1361 task->use_reqid(task, reqid);
1362 }
1363 queue_task(this, &task->task);
1364 }
1365
1366 METHOD(task_manager_t, queue_child_rekey, void,
1367 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1368 {
1369 queue_task(this, (task_t*)child_rekey_create(this->ike_sa, protocol, spi));
1370 }
1371
1372 METHOD(task_manager_t, queue_child_delete, void,
1373 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi,
1374 bool expired)
1375 {
1376 queue_task(this, (task_t*)child_delete_create(this->ike_sa,
1377 protocol, spi, expired));
1378 }
1379
1380 METHOD(task_manager_t, queue_dpd, void,
1381 private_task_manager_t *this)
1382 {
1383 ike_mobike_t *mobike;
1384
1385 if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
1386 this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
1387 {
1388 /* use mobike enabled DPD to detect NAT mapping changes */
1389 mobike = ike_mobike_create(this->ike_sa, TRUE);
1390 mobike->dpd(mobike);
1391 queue_task(this, &mobike->task);
1392 }
1393 else
1394 {
1395 queue_task(this, (task_t*)ike_dpd_create(TRUE));
1396 }
1397 }
1398
1399 METHOD(task_manager_t, adopt_tasks, void,
1400 private_task_manager_t *this, task_manager_t *other_public)
1401 {
1402 private_task_manager_t *other = (private_task_manager_t*)other_public;
1403 task_t *task;
1404
1405 /* move queued tasks from other to this */
1406 while (other->queued_tasks->remove_last(other->queued_tasks,
1407 (void**)&task) == SUCCESS)
1408 {
1409 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1410 task->migrate(task, this->ike_sa);
1411 this->queued_tasks->insert_first(this->queued_tasks, task);
1412 }
1413 }
1414
1415 METHOD(task_manager_t, busy, bool,
1416 private_task_manager_t *this)
1417 {
1418 return (this->active_tasks->get_count(this->active_tasks) > 0);
1419 }
1420
1421 METHOD(task_manager_t, reset, void,
1422 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
1423 {
1424 enumerator_t *enumerator;
1425 task_t *task;
1426
1427 /* reset message counters and retransmit packets */
1428 DESTROY_IF(this->responding.packet);
1429 DESTROY_IF(this->initiating.packet);
1430 this->responding.packet = NULL;
1431 this->initiating.packet = NULL;
1432 if (initiate != UINT_MAX)
1433 {
1434 this->initiating.mid = initiate;
1435 }
1436 if (respond != UINT_MAX)
1437 {
1438 this->responding.mid = respond;
1439 }
1440 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
1441
1442 /* reset queued tasks */
1443 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1444 while (enumerator->enumerate(enumerator, &task))
1445 {
1446 task->migrate(task, this->ike_sa);
1447 }
1448 enumerator->destroy(enumerator);
1449
1450 /* reset active tasks */
1451 while (this->active_tasks->remove_last(this->active_tasks,
1452 (void**)&task) == SUCCESS)
1453 {
1454 task->migrate(task, this->ike_sa);
1455 this->queued_tasks->insert_first(this->queued_tasks, task);
1456 }
1457
1458 this->reset = TRUE;
1459 }
1460
1461 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1462 private_task_manager_t *this, task_queue_t queue)
1463 {
1464 switch (queue)
1465 {
1466 case TASK_QUEUE_ACTIVE:
1467 return this->active_tasks->create_enumerator(this->active_tasks);
1468 case TASK_QUEUE_PASSIVE:
1469 return this->passive_tasks->create_enumerator(this->passive_tasks);
1470 case TASK_QUEUE_QUEUED:
1471 return this->queued_tasks->create_enumerator(this->queued_tasks);
1472 default:
1473 return enumerator_create_empty();
1474 }
1475 }
1476
1477 METHOD(task_manager_t, destroy, void,
1478 private_task_manager_t *this)
1479 {
1480 flush(this);
1481
1482 this->active_tasks->destroy(this->active_tasks);
1483 this->queued_tasks->destroy(this->queued_tasks);
1484 this->passive_tasks->destroy(this->passive_tasks);
1485
1486 DESTROY_IF(this->responding.packet);
1487 DESTROY_IF(this->initiating.packet);
1488 free(this);
1489 }
1490
1491 /*
1492 * see header file
1493 */
1494 task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
1495 {
1496 private_task_manager_t *this;
1497
1498 INIT(this,
1499 .public = {
1500 .task_manager = {
1501 .process_message = _process_message,
1502 .queue_task = _queue_task,
1503 .queue_ike = _queue_ike,
1504 .queue_ike_rekey = _queue_ike_rekey,
1505 .queue_ike_reauth = _queue_ike_reauth,
1506 .queue_ike_delete = _queue_ike_delete,
1507 .queue_mobike = _queue_mobike,
1508 .queue_child = _queue_child,
1509 .queue_child_rekey = _queue_child_rekey,
1510 .queue_child_delete = _queue_child_delete,
1511 .queue_dpd = _queue_dpd,
1512 .initiate = _initiate,
1513 .retransmit = _retransmit,
1514 .incr_mid = _incr_mid,
1515 .reset = _reset,
1516 .adopt_tasks = _adopt_tasks,
1517 .busy = _busy,
1518 .create_task_enumerator = _create_task_enumerator,
1519 .flush_queue = _flush_queue,
1520 .destroy = _destroy,
1521 },
1522 },
1523 .ike_sa = ike_sa,
1524 .initiating.type = EXCHANGE_TYPE_UNDEFINED,
1525 .queued_tasks = linked_list_create(),
1526 .active_tasks = linked_list_create(),
1527 .passive_tasks = linked_list_create(),
1528 .retransmit_tries = lib->settings->get_int(lib->settings,
1529 "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name),
1530 .retransmit_timeout = lib->settings->get_double(lib->settings,
1531 "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name),
1532 .retransmit_base = lib->settings->get_double(lib->settings,
1533 "%s.retransmit_base", RETRANSMIT_BASE, charon->name),
1534 );
1535
1536 return &this->public;
1537 }
Unnamed repository; edit this file 'description' to name the repository.