]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libcharon/sa/ikev1/task_manager_v1.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ike: Only track actually sent retransmits as outbound packets
[thirdparty/strongswan.git] / src / libcharon / sa / ikev1 / task_manager_v1.c
CommitLineData
4a09d9ee 1/*
bbc3d2a0 2 * Copyright (C) 2007-2019 Tobias Brunner
68c6863b 3 * Copyright (C) 2007-2011 Martin Willi
208678e6 4 * HSR Hochschule fuer Technik Rapperswil
4a09d9ee
MW		 5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17#include "task_manager_v1.h"
18
da063ec9
MW		 19#include <math.h>
20
4a09d9ee 21#include <daemon.h>
15a682f4 22#include <sa/ikev1/tasks/main_mode.h>
830ab2ae 23#include <sa/ikev1/tasks/aggressive_mode.h>
15a682f4 24#include <sa/ikev1/tasks/quick_mode.h>
83c5fda0 25#include <sa/ikev1/tasks/quick_delete.h>
15a682f4
MW		 26#include <sa/ikev1/tasks/xauth.h>
27#include <sa/ikev1/tasks/mode_config.h>
28#include <sa/ikev1/tasks/informational.h>
29#include <sa/ikev1/tasks/isakmp_natd.h>
30#include <sa/ikev1/tasks/isakmp_vendor.h>
31#include <sa/ikev1/tasks/isakmp_cert_pre.h>
32#include <sa/ikev1/tasks/isakmp_cert_post.h>
3ed148b3 33#include <sa/ikev1/tasks/isakmp_delete.h>
3e6b7403
CO		 34#include <sa/ikev1/tasks/isakmp_dpd.h>
35
da063ec9 36#include <processing/jobs/retransmit_job.h>
68c6863b 37#include <processing/jobs/delete_ike_sa_job.h>
4b38c22c 38#include <processing/jobs/dpd_timeout_job.h>
30216000
TB		 39#include <processing/jobs/process_message_job.h>
40
127a98dc 41#include <collections/array.h>
4a09d9ee 42
fce566a8
MW		 43/**
44 * Number of old messages hashes we keep for retransmission.
45 *
46 * In Main Mode, we must ignore messages from a previous message pair if
47 * we already continued to the next. Otherwise a late retransmission
48 * could be considered as a reply to the newer request.
49 */
50#define MAX_OLD_HASHES 2
51
f5a84055
MW		 52/**
53 * First sequence number of responding packets.
54 *
55 * To distinguish retransmission jobs for initiating and responding packets,
56 * we split up the sequence counter and use the upper half for responding.
57 */
58#define RESPONDING_SEQ INT_MAX
59
4a09d9ee
MW		 60typedef struct exchange_t exchange_t;
61
62/**
63 * An exchange in the air, used do detect and handle retransmission
64 */
65struct exchange_t {
66
67 /**
68 * Message ID used for this transaction
69 */
b12c53ce 70 uint32_t mid;
4a09d9ee
MW		 71
72 /**
73 * generated packet for retransmission
74 */
75 packet_t *packet;
76};
77
78typedef struct private_task_manager_t private_task_manager_t;
79
80/**
81 * private data of the task manager
82 */
83struct private_task_manager_t {
84
85 /**
86 * public functions
87 */
88 task_manager_v1_t public;
89
90 /**
91 * associated IKE_SA we are serving
92 */
93 ike_sa_t *ike_sa;
94
73aaf76b
MW		 95 /**
96 * RNG to create message IDs
97 */
98 rng_t *rng;
99
4a09d9ee
MW		 100 /**
101 * Exchange we are currently handling as responder
102 */
103 struct {
f5a84055
MW		 104 /**
105 * Message ID of the last response
106 */
b12c53ce 107 uint32_t mid;
f5a84055 108
9cc8bd4f
MW		 109 /**
110 * Hash of a previously received message
111 */
b12c53ce 112 uint32_t hash;
9cc8bd4f 113
4a09d9ee 114 /**
127a98dc 115 * packet(s) for retransmission
4a09d9ee 116 */
127a98dc 117 array_t *packets;
4a09d9ee 118
f5a84055
MW		 119 /**
120 * Sequence number of the last sent message
121 */
b12c53ce 122 uint32_t seqnr;
f5a84055
MW		 123
124 /**
125 * how many times we have retransmitted so far
126 */
127 u_int retransmitted;
128
4a09d9ee
MW		 129 } responding;
130
131 /**
132 * Exchange we are currently handling as initiator
133 */
134 struct {
135 /**
136 * Message ID of the exchange
137 */
b12c53ce 138 uint32_t mid;
4a09d9ee 139
fce566a8
MW		 140 /**
141 * Hashes of old responses we can ignore
142 */
b12c53ce 143 uint32_t old_hashes[MAX_OLD_HASHES];
fce566a8
MW		 144
145 /**
146 * Position in old hash array
147 */
148 int old_hash_pos;
149
9cc8bd4f 150 /**
751bd02e 151 * Sequence number of the last sent message
9cc8bd4f 152 */
b12c53ce 153 uint32_t seqnr;
9cc8bd4f 154
4a09d9ee
MW		 155 /**
156 * how many times we have retransmitted so far
157 */
158 u_int retransmitted;
159
160 /**
127a98dc 161 * packet(s) for retransmission
4a09d9ee 162 */
127a98dc 163 array_t *packets;
4a09d9ee
MW		 164
165 /**
30216000 166 * type of the initiated exchange
4a09d9ee
MW		 167 */
168 exchange_type_t type;
169
170 } initiating;
171
30216000 172 /**
70e0be07 173 * Message we are currently defragmenting, if any (only one at a time)
30216000 174 */
70e0be07 175 message_t *defrag;
30216000 176
4a09d9ee
MW		 177 /**
178 * List of queued tasks not yet in action
179 */
180 linked_list_t *queued_tasks;
181
182 /**
30216000 183 * List of active tasks, initiated by ourselves
4a09d9ee
MW		 184 */
185 linked_list_t *active_tasks;
186
187 /**
188 * List of tasks initiated by peer
189 */
190 linked_list_t *passive_tasks;
191
f91b6ac7
MW		 192 /**
193 * Queued messages not yet ready to process
194 */
195 message_t *queued;
196
4a09d9ee
MW		 197 /**
198 * Number of times we retransmit messages before giving up
199 */
200 u_int retransmit_tries;
201
72b282cf
TB		 202 /**
203 * Maximum number of tries possible with current retransmission settings
204 * before overflowing the range of uint32_t, which we use for the timeout.
205 * Note that UINT32_MAX milliseconds equal nearly 50 days, so that doesn't
206 * make much sense without retransmit_limit anyway.
207 */
208 u_int retransmit_tries_max;
209
4a09d9ee
MW		 210 /**
211 * Retransmission timeout
212 */
213 double retransmit_timeout;
214
215 /**
216 * Base to calculate retransmission timeout
217 */
218 double retransmit_base;
3e6b7403 219
389e4b8e
TB		 220 /**
221 * Jitter to apply to calculated retransmit timeout (in percent)
222 */
223 u_int retransmit_jitter;
224
225 /**
226 * Limit retransmit timeout to this value
227 */
228 uint32_t retransmit_limit;
229
3e6b7403
CO		 230 /**
231 * Sequence number for sending DPD requests
232 */
b12c53ce 233 uint32_t dpd_send;
3e6b7403
CO		 234
235 /**
236 * Sequence number for received DPD requests
237 */
b12c53ce 238 uint32_t dpd_recv;
4a09d9ee
MW		 239};
240
127a98dc
TB		 241/**
242 * Reset retransmission packet list
243 */
244static void clear_packets(array_t *array)
245{
246 packet_t *packet;
247
248 while (array_remove(array, ARRAY_TAIL, &packet))
249 {
250 packet->destroy(packet);
251 }
252}
253
a5c79960
MW		 254METHOD(task_manager_t, flush_queue, void,
255 private_task_manager_t *this, task_queue_t queue)
0f61964e 256{
a5c79960 257 linked_list_t *list;
0f61964e
MW		 258 task_t *task;
259
429d95fe
MW		 260 if (this->queued)
261 {
262 this->queued->destroy(this->queued);
263 this->queued = NULL;
264 }
a5c79960
MW		 265 switch (queue)
266 {
267 case TASK_QUEUE_ACTIVE:
268 list = this->active_tasks;
17949695
MW		 269 /* cancel pending retransmits */
270 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
127a98dc 271 clear_packets(this->initiating.packets);
a5c79960
MW		 272 break;
273 case TASK_QUEUE_PASSIVE:
274 list = this->passive_tasks;
275 break;
276 case TASK_QUEUE_QUEUED:
277 list = this->queued_tasks;
278 break;
279 default:
280 return;
281 }
0f61964e
MW		 282 while (list->remove_last(list, (void**)&task) == SUCCESS)
283 {
284 task->destroy(task);
285 }
286}
287
b1908994
TE		 288METHOD(task_manager_t, flush, void,
289 private_task_manager_t *this)
4a09d9ee 290{
a5c79960
MW		 291 flush_queue(this, TASK_QUEUE_QUEUED);
292 flush_queue(this, TASK_QUEUE_PASSIVE);
293 flush_queue(this, TASK_QUEUE_ACTIVE);
4a09d9ee
MW		 294}
295
26b55dc6
MW		 296/**
297 * move a task of a specific type from the queue to the active list
298 */
299static bool activate_task(private_task_manager_t *this, task_type_t type)
300{
301 enumerator_t *enumerator;
302 task_t *task;
303 bool found = FALSE;
304
305 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
306 while (enumerator->enumerate(enumerator, (void**)&task))
307 {
308 if (task->get_type(task) == type)
309 {
310 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
311 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
312 this->active_tasks->insert_last(this->active_tasks, task);
313 found = TRUE;
314 break;
315 }
316 }
317 enumerator->destroy(enumerator);
318 return found;
319}
320
5cafefcd 321/**
127a98dc 322 * Send packets in the given array (they get cloned)
5cafefcd 323 */
127a98dc 324static void send_packets(private_task_manager_t *this, array_t *packets)
5cafefcd 325{
127a98dc 326 enumerator_t *enumerator;
5cafefcd 327 packet_t *packet;
5cafefcd 328
127a98dc
TB		 329 enumerator = array_create_enumerator(packets);
330 while (enumerator->enumerate(enumerator, &packet))
5cafefcd 331 {
127a98dc 332 charon->sender->send(charon->sender, packet->clone(packet));
5cafefcd 333 }
127a98dc 334 enumerator->destroy(enumerator);
5cafefcd
TB		 335}
336
337/**
127a98dc 338 * Generates the given message and stores packet(s) in the given array
5cafefcd 339 */
127a98dc
TB		 340static bool generate_message(private_task_manager_t *this, message_t *message,
341 array_t **packets)
5cafefcd 342{
127a98dc 343 enumerator_t *fragments;
40bab9a1 344 packet_t *fragment;
127a98dc 345
40bab9a1
TB		 346 if (this->ike_sa->generate_message_fragmented(this->ike_sa, message,
347 &fragments) != SUCCESS)
127a98dc 348 {
127a98dc
TB		 349 return FALSE;
350 }
40bab9a1 351 while (fragments->enumerate(fragments, &fragment))
127a98dc 352 {
40bab9a1 353 array_insert_create(packets, ARRAY_TAIL, fragment);
5cafefcd 354 }
127a98dc 355 fragments->destroy(fragments);
40bab9a1 356 return TRUE;
5cafefcd
TB		 357}
358
f5a84055 359/**
127a98dc 360 * Retransmit a packet (or its fragments)
f5a84055 361 */
b12c53ce 362static status_t retransmit_packet(private_task_manager_t *this, uint32_t seqnr,
127a98dc 363 u_int mid, u_int retransmitted, array_t *packets)
23f4e4b4 364{
127a98dc 365 packet_t *packet;
72b282cf 366 uint32_t t = UINT32_MAX, max_jitter;
23f4e4b4 367
127a98dc 368 array_get(packets, 0, &packet);
f5a84055
MW		 369 if (retransmitted > this->retransmit_tries)
370 {
371 DBG1(DBG_IKE, "giving up after %u retransmits", retransmitted - 1);
3c79b7b7 372 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, packet);
f5a84055
MW		 373 return DESTROY_ME;
374 }
72b282cf
TB		 375 if (this->retransmit_tries_max &&
376 retransmitted <= this->retransmit_tries_max)
377 {
378 t = (uint32_t)(this->retransmit_timeout * 1000.0 *
379 pow(this->retransmit_base, retransmitted));
380 }
00d54711
TB		 381 if (this->retransmit_limit)
382 {
383 t = min(t, this->retransmit_limit);
384 }
389e4b8e
TB		 385 if (this->retransmit_jitter)
386 {
387 max_jitter = (t / 100.0) * this->retransmit_jitter;
388 t -= max_jitter * (random() / (RAND_MAX + 1.0));
389 }
f5a84055
MW		 390 if (retransmitted)
391 {
392 DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u",
393 retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response",
394 mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ);
9da65eae
TE		 395 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet,
396 retransmitted);
f5a84055 397 }
127a98dc 398 send_packets(this, packets);
f5a84055
MW		 399 lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)
400 retransmit_job_create(seqnr, this->ike_sa->get_id(this->ike_sa)), t);
8c50bb6c 401 return SUCCESS;
f5a84055
MW		 402}
403
404METHOD(task_manager_t, retransmit, status_t,
b12c53ce 405 private_task_manager_t *this, uint32_t seqnr)
f5a84055 406{
2edc73d8 407 status_t status = INVALID_STATE;
f5a84055 408
127a98dc
TB		 409 if (seqnr == this->initiating.seqnr &&
410 array_count(this->initiating.packets))
f5a84055 411 {
127a98dc
TB		 412 status = retransmit_packet(this, seqnr, this->initiating.mid,
413 this->initiating.retransmitted, this->initiating.packets);
8c50bb6c 414 if (status == SUCCESS)
23f4e4b4 415 {
f5a84055 416 this->initiating.retransmitted++;
23f4e4b4 417 }
f5a84055 418 }
127a98dc
TB		 419 if (seqnr == this->responding.seqnr &&
420 array_count(this->responding.packets))
f5a84055 421 {
127a98dc
TB		 422 status = retransmit_packet(this, seqnr, this->responding.mid,
423 this->responding.retransmitted, this->responding.packets);
8c50bb6c 424 if (status == SUCCESS)
23f4e4b4 425 {
f5a84055 426 this->responding.retransmitted++;
23f4e4b4 427 }
23f4e4b4 428 }
f5a84055 429 return status;
23f4e4b4
CO		 430}
431
27137790
MW		 432/**
433 * Check if we have to wait for a mode config before starting a quick mode
434 */
435static bool mode_config_expected(private_task_manager_t *this)
436{
101d26ba 437 enumerator_t *enumerator;
27137790 438 peer_cfg_t *peer_cfg;
497ce2cf 439 char *pool;
e3311e9b 440 bool local;
101d26ba 441 host_t *host;
27137790
MW		 442
443 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
497ce2cf 444 if (peer_cfg)
27137790 445 {
e3311e9b
MW		 446 if (peer_cfg->use_pull_mode(peer_cfg))
447 {
448 enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
449 if (!enumerator->enumerate(enumerator, &pool))
450 { /* no pool configured */
451 enumerator->destroy(enumerator);
452 return FALSE;
453 }
497ce2cf 454 enumerator->destroy(enumerator);
e3311e9b
MW		 455
456 local = FALSE;
497ce2cf 457 }
e3311e9b
MW		 458 else
459 {
460 enumerator = peer_cfg->create_virtual_ip_enumerator(peer_cfg);
461 if (!enumerator->enumerate(enumerator, &host))
462 { /* not requesting a vip */
463 enumerator->destroy(enumerator);
464 return FALSE;
465 }
466 enumerator->destroy(enumerator);
497ce2cf 467
e3311e9b
MW		 468 local = TRUE;
469 }
101d26ba 470 enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa,
e3311e9b 471 local);
101d26ba 472 if (!enumerator->enumerate(enumerator, &host))
e3311e9b 473 { /* expecting a VIP exchange, but no VIP assigned yet */
101d26ba 474 enumerator->destroy(enumerator);
27137790
MW		 475 return TRUE;
476 }
101d26ba 477 enumerator->destroy(enumerator);
27137790
MW		 478 }
479 return FALSE;
480}
481
4a09d9ee
MW		 482METHOD(task_manager_t, initiate, status_t,
483 private_task_manager_t *this)
484{
26b55dc6
MW		 485 enumerator_t *enumerator;
486 task_t *task;
487 message_t *message;
488 host_t *me, *other;
73aaf76b 489 exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
7ce504e1 490 bool new_mid = FALSE, expect_response = FALSE, cancelled = FALSE, keep = FALSE;
73aaf76b 491
477559ca
MW		 492 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED &&
493 this->initiating.type != INFORMATIONAL_V1)
26b55dc6
MW		 494 {
495 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
496 exchange_type_names, this->initiating.type);
497 /* do not initiate if we already have a message in the air */
498 return SUCCESS;
499 }
500
501 if (this->active_tasks->get_count(this->active_tasks) == 0)
502 {
503 DBG2(DBG_IKE, "activating new tasks");
504 switch (this->ike_sa->get_state(this->ike_sa))
505 {
506 case IKE_CREATED:
2e3c9f87 507 activate_task(this, TASK_ISAKMP_VENDOR);
824dc0ad 508 activate_task(this, TASK_ISAKMP_CERT_PRE);
a09972df 509 if (activate_task(this, TASK_MAIN_MODE))
26b55dc6
MW		 510 {
511 exchange = ID_PROT;
512 }
830ab2ae
MW		 513 else if (activate_task(this, TASK_AGGRESSIVE_MODE))
514 {
515 exchange = AGGRESSIVE;
516 }
517 activate_task(this, TASK_ISAKMP_CERT_POST);
518 activate_task(this, TASK_ISAKMP_NATD);
26b55dc6 519 break;
c5dc9d33 520 case IKE_CONNECTING:
429d95fe
MW		 521 if (activate_task(this, TASK_ISAKMP_DELETE))
522 {
523 exchange = INFORMATIONAL_V1;
524 new_mid = TRUE;
525 break;
526 }
69adeb5b 527 if (activate_task(this, TASK_XAUTH))
744c0801 528 {
c5dc9d33 529 exchange = TRANSACTION;
3e246c48 530 new_mid = TRUE;
429d95fe 531 break;
744c0801 532 }
accf4612
MW		 533 if (activate_task(this, TASK_INFORMATIONAL))
534 {
535 exchange = INFORMATIONAL_V1;
536 new_mid = TRUE;
429d95fe 537 break;
accf4612 538 }
c5dc9d33
CO		 539 break;
540 case IKE_ESTABLISHED:
156b8662
MW		 541 if (activate_task(this, TASK_MODE_CONFIG))
542 {
543 exchange = TRANSACTION;
544 new_mid = TRUE;
545 break;
546 }
2e06179f 547 if (activate_task(this, TASK_QUICK_DELETE))
23f4e4b4 548 {
612fe541 549 exchange = INFORMATIONAL_V1;
3e246c48
MW		 550 new_mid = TRUE;
551 break;
23f4e4b4 552 }
2e06179f 553 if (activate_task(this, TASK_ISAKMP_DELETE))
accf4612
MW		 554 {
555 exchange = INFORMATIONAL_V1;
556 new_mid = TRUE;
429d95fe 557 break;
accf4612 558 }
2e49bbcc 559 if (activate_task(this, TASK_ISAKMP_DPD))
8ef2bae4 560 {
2e49bbcc 561 exchange = INFORMATIONAL_V1;
8ef2bae4 562 new_mid = TRUE;
429d95fe 563 break;
8ef2bae4 564 }
2e49bbcc
AH		 565 if (!mode_config_expected(this) &&
566 activate_task(this, TASK_QUICK_MODE))
8ef2bae4 567 {
2e49bbcc 568 exchange = QUICK_MODE;
8ef2bae4 569 new_mid = TRUE;
429d95fe 570 break;
8ef2bae4 571 }
2e49bbcc 572 if (activate_task(this, TASK_INFORMATIONAL))
3e6b7403
CO		 573 {
574 exchange = INFORMATIONAL_V1;
575 new_mid = TRUE;
576 break;
577 }
744c0801 578 break;
b56b8502
TB		 579 case IKE_REKEYING:
580 if (activate_task(this, TASK_ISAKMP_DELETE))
581 {
582 exchange = INFORMATIONAL_V1;
583 new_mid = TRUE;
584 break;
585 }
f15c85a4
TB		 586 if (activate_task(this, TASK_ISAKMP_DPD))
587 {
588 exchange = INFORMATIONAL_V1;
589 new_mid = TRUE;
590 break;
591 }
b56b8502 592 break;
26b55dc6
MW		 593 default:
594 break;
595 }
596 }
597 else
598 {
599 DBG2(DBG_IKE, "reinitiating already active tasks");
600 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
601 while (enumerator->enumerate(enumerator, (void**)&task))
602 {
603 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
604 switch (task->get_type(task))
605 {
a09972df 606 case TASK_MAIN_MODE:
26b55dc6
MW		 607 exchange = ID_PROT;
608 break;
830ab2ae
MW		 609 case TASK_AGGRESSIVE_MODE:
610 exchange = AGGRESSIVE;
611 break;
744c0801
MW		 612 case TASK_QUICK_MODE:
613 exchange = QUICK_MODE;
614 break;
69adeb5b 615 case TASK_XAUTH:
52ac2ceb
CO		 616 exchange = TRANSACTION;
617 new_mid = TRUE;
618 break;
26b55dc6
MW		 619 default:
620 continue;
621 }
622 break;
623 }
624 enumerator->destroy(enumerator);
625 }
626
73aaf76b 627 if (exchange == EXCHANGE_TYPE_UNDEFINED)
26b55dc6
MW		 628 {
629 DBG2(DBG_IKE, "nothing to initiate");
630 /* nothing to do yet... */
631 return SUCCESS;
632 }
633
634 me = this->ike_sa->get_my_host(this->ike_sa);
635 other = this->ike_sa->get_other_host(this->ike_sa);
636
3e246c48 637 if (new_mid)
26b55dc6 638 {
1bb9c51e
TB		 639 if (!this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
640 (void*)&this->initiating.mid))
641 {
642 DBG1(DBG_IKE, "failed to allocate message ID, destroying IKE_SA");
643 flush(this);
644 return DESTROY_ME;
645 }
26b55dc6 646 }
1bb9c51e 647 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
3e246c48 648 message->set_message_id(message, this->initiating.mid);
26b55dc6
MW		 649 message->set_source(message, me->clone(me));
650 message->set_destination(message, other->clone(other));
651 message->set_exchange_type(message, exchange);
652 this->initiating.type = exchange;
653 this->initiating.retransmitted = 0;
654
655 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
656 while (enumerator->enumerate(enumerator, (void*)&task))
657 {
658 switch (task->build(task, message))
659 {
660 case SUCCESS:
661 /* task completed, remove it */
662 this->active_tasks->remove_at(this->active_tasks, enumerator);
182d55b2
MW		 663 if (task->get_type(task) == TASK_AGGRESSIVE_MODE ||
664 task->get_type(task) == TASK_QUICK_MODE)
1b82eb23
MW		 665 { /* last message of three message exchange */
666 keep = TRUE;
667 }
26b55dc6 668 task->destroy(task);
590ca1d4 669 continue;
26b55dc6 670 case NEED_MORE:
751bd02e 671 expect_response = TRUE;
26b55dc6 672 /* processed, but task needs another exchange */
590ca1d4
MW		 673 continue;
674 case ALREADY_DONE:
7ce504e1 675 cancelled = TRUE;
26b55dc6
MW		 676 break;
677 case FAILED:
678 default:
679 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
680 {
681 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
682 }
683 /* FALL */
684 case DESTROY_ME:
685 /* critical failure, destroy IKE_SA */
686 enumerator->destroy(enumerator);
687 message->destroy(message);
688 flush(this);
689 return DESTROY_ME;
690 }
590ca1d4 691 break;
26b55dc6
MW		 692 }
693 enumerator->destroy(enumerator);
694
1b82eb23
MW		 695 if (this->active_tasks->get_count(this->active_tasks) == 0 &&
696 (exchange == QUICK_MODE || exchange == AGGRESSIVE))
41fbde45
MW		 697 { /* tasks completed, no exchange active anymore */
698 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
699 }
7ce504e1 700 if (cancelled)
b64d6423
MW		 701 {
702 message->destroy(message);
703 return initiate(this);
704 }
26b55dc6 705
127a98dc
TB		 706 clear_packets(this->initiating.packets);
707 if (!generate_message(this, message, &this->initiating.packets))
26b55dc6
MW		 708 {
709 /* message generation failed. There is nothing more to do than to
710 * close the SA */
711 message->destroy(message);
712 flush(this);
713 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
714 return DESTROY_ME;
715 }
26b55dc6 716
f5a84055 717 this->initiating.seqnr++;
3babde90 718 if (expect_response)
751bd02e 719 {
f5a84055 720 message->destroy(message);
751bd02e
CO		 721 return retransmit(this, this->initiating.seqnr);
722 }
8c50bb6c
TE		 723 send_packets(this, this->initiating.packets);
724 if (!keep)
f5a84055 725 {
127a98dc 726 clear_packets(this->initiating.packets);
f5a84055
MW		 727 }
728 message->destroy(message);
46505067 729
07095794 730 if (exchange == INFORMATIONAL_V1)
46505067 731 {
07095794
MW		 732 switch (this->ike_sa->get_state(this->ike_sa))
733 {
734 case IKE_CONNECTING:
735 /* close after sending an INFORMATIONAL when unestablished */
85a6fe23 736 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
07095794
MW		 737 return FAILED;
738 case IKE_DELETING:
739 /* close after sending a DELETE */
740 return DESTROY_ME;
741 default:
742 break;
743 }
46505067 744 }
daee47ba 745 return initiate(this);
4a09d9ee
MW		 746}
747
4a09d9ee
MW		 748/**
749 * build a response depending on the "passive" task list
750 */
751static status_t build_response(private_task_manager_t *this, message_t *request)
752{
753 enumerator_t *enumerator;
754 task_t *task;
755 message_t *message;
756 host_t *me, *other;
7ce504e1 757 bool delete = FALSE, cancelled = FALSE, expect_request = FALSE;
4a09d9ee
MW		 758
759 me = request->get_destination(request);
760 other = request->get_source(request);
761
762 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
763 message->set_exchange_type(message, request->get_exchange_type(request));
764 /* send response along the path the request came in */
765 message->set_source(message, me->clone(me));
766 message->set_destination(message, other->clone(other));
1b82eb23 767 message->set_message_id(message, request->get_message_id(request));
4a09d9ee
MW		 768 message->set_request(message, FALSE);
769
f5a84055
MW		 770 this->responding.mid = request->get_message_id(request);
771 this->responding.retransmitted = 0;
772 this->responding.seqnr++;
773
4a09d9ee
MW		 774 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
775 while (enumerator->enumerate(enumerator, (void*)&task))
776 {
777 switch (task->build(task, message))
778 {
779 case SUCCESS:
780 /* task completed, remove it */
781 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
f5a84055 782 task->destroy(task);
590ca1d4 783 continue;
4a09d9ee
MW		 784 case NEED_MORE:
785 /* processed, but task needs another exchange */
346dad30
MW		 786 if (task->get_type(task) == TASK_QUICK_MODE ||
787 task->get_type(task) == TASK_AGGRESSIVE_MODE)
f5a84055
MW		 788 { /* we rely on initiator retransmission, except for
789 * three-message exchanges */
790 expect_request = TRUE;
4a09d9ee 791 }
590ca1d4
MW		 792 continue;
793 case ALREADY_DONE:
7ce504e1 794 cancelled = TRUE;
4a09d9ee 795 break;
37a22a16
TB		 796 case INVALID_ARG:
797 if (task->get_type(task) == TASK_QUICK_MODE)
798 { /* not responsible for this exchange */
799 continue;
800 }
801 /* FALL */
4a09d9ee
MW		 802 case FAILED:
803 default:
804 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
805 /* FALL */
806 case DESTROY_ME:
807 /* destroy IKE_SA, but SEND response first */
808 delete = TRUE;
809 break;
810 }
590ca1d4 811 break;
4a09d9ee
MW		 812 }
813 enumerator->destroy(enumerator);
814
127a98dc 815 clear_packets(this->responding.packets);
7ce504e1 816 if (cancelled)
b64d6423
MW		 817 {
818 message->destroy(message);
819 return initiate(this);
820 }
127a98dc 821 if (!generate_message(this, message, &this->responding.packets))
4a09d9ee 822 {
127a98dc 823 message->destroy(message);
4a09d9ee
MW		 824 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
825 return DESTROY_ME;
826 }
127a98dc 827 message->destroy(message);
4a09d9ee 828
f5a84055
MW		 829 if (expect_request && !delete)
830 {
831 return retransmit(this, this->responding.seqnr);
832 }
127a98dc 833 send_packets(this, this->responding.packets);
4a09d9ee
MW		 834 if (delete)
835 {
836 return DESTROY_ME;
837 }
838 return SUCCESS;
839}
840
fbbd439b
CO		 841/**
842 * Send a notify in a separate INFORMATIONAL exchange back to the sender.
e647c98a 843 * The notify protocol_id is set to ISAKMP
fbbd439b 844 */
b4705269
MW		 845static void send_notify(private_task_manager_t *this, message_t *request,
846 notify_type_t type)
fbbd439b
CO		 847{
848 message_t *response;
127a98dc 849 array_t *packets = NULL;
fbbd439b 850 host_t *me, *other;
b12c53ce 851 uint32_t mid;
fbbd439b 852
3973ffa4 853 if (request->get_exchange_type(request) == INFORMATIONAL_V1)
fbbd439b
CO		 854 { /* don't respond to INFORMATIONAL requests to avoid a notify war */
855 DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
856 return;
857 }
1bb9c51e
TB		 858 if (!this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid))
859 {
860 DBG1(DBG_IKE, "failed to allocate message ID");
861 return;
862 }
fbbd439b
CO		 863 response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
864 response->set_exchange_type(response, INFORMATIONAL_V1);
865 response->set_request(response, TRUE);
fbbd439b 866 response->set_message_id(response, mid);
b4705269 867 response->add_payload(response, (payload_t*)
3ecfc83c 868 notify_payload_create_from_protocol_and_type(PLV1_NOTIFY,
b4705269 869 PROTO_IKE, type));
fbbd439b
CO		 870
871 me = this->ike_sa->get_my_host(this->ike_sa);
872 if (me->is_anyaddr(me))
873 {
874 me = request->get_destination(request);
875 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
876 }
877 other = this->ike_sa->get_other_host(this->ike_sa);
878 if (other->is_anyaddr(other))
879 {
880 other = request->get_source(request);
881 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
882 }
883 response->set_source(response, me->clone(me));
884 response->set_destination(response, other->clone(other));
127a98dc 885 if (generate_message(this, response, &packets))
fbbd439b 886 {
127a98dc 887 send_packets(this, packets);
fbbd439b 888 }
127a98dc
TB		 889 clear_packets(packets);
890 array_destroy(packets);
fbbd439b
CO		 891 response->destroy(response);
892}
893
24742c0f
MW		 894/**
895 * Process a DPD request/response
896 */
897static bool process_dpd(private_task_manager_t *this, message_t *message)
898{
899 notify_payload_t *notify;
900 notify_type_t type;
b12c53ce 901 uint32_t seq;
24742c0f
MW		 902 chunk_t data;
903
904 type = DPD_R_U_THERE;
905 notify = message->get_notify(message, type);
906 if (!notify)
907 {
908 type = DPD_R_U_THERE_ACK;
909 notify = message->get_notify(message, type);
910 }
911 if (!notify)
912 {
913 return FALSE;
914 }
915 data = notify->get_notification_data(notify);
916 if (data.len != 4)
917 {
918 return FALSE;
919 }
920 seq = untoh32(data.ptr);
921
922 if (type == DPD_R_U_THERE)
923 {
924 if (this->dpd_recv == 0 || seq == this->dpd_recv)
925 { /* check sequence validity */
926 this->dpd_recv = seq + 1;
927 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
928 time_monotonic(NULL));
929 }
930 /* but respond anyway */
931 this->ike_sa->queue_task(this->ike_sa,
932 &isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE_ACK, seq)->task);
933 }
934 else /* DPD_R_U_THERE_ACK */
935 {
9de3140d 936 if (seq == this->dpd_send)
24742c0f 937 {
9de3140d 938 this->dpd_send++;
24742c0f
MW		 939 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
940 time_monotonic(NULL));
941 }
942 else
943 {
944 DBG1(DBG_IKE, "received invalid DPD sequence number %u "
9de3140d 945 "(expected %u), ignored", seq, this->dpd_send);
24742c0f
MW		 946 }
947 }
948 return TRUE;
949}
950
4de361d9
TB		 951/**
952 * Check if we already have a quick mode task queued for the exchange with the
953 * given message ID
954 */
b12c53ce 955static bool have_quick_mode_task(private_task_manager_t *this, uint32_t mid)
4de361d9
TB		 956{
957 enumerator_t *enumerator;
958 quick_mode_t *qm;
959 task_t *task;
960 bool found = FALSE;
961
962 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
963 while (enumerator->enumerate(enumerator, &task))
964 {
965 if (task->get_type(task) == TASK_QUICK_MODE)
966 {
967 qm = (quick_mode_t*)task;
968 if (qm->get_mid(qm) == mid)
969 {
970 found = TRUE;
971 break;
972 }
973 }
974 }
975 enumerator->destroy(enumerator);
976 return found;
977}
978
b0b0c913 979/**
1b4e7fe1 980 * Check if we still have a specific task queued
b0b0c913 981 */
1b4e7fe1 982static bool have_task_queued(private_task_manager_t *this, task_type_t type)
b0b0c913
TB		 983{
984 enumerator_t *enumerator;
985 task_t *task;
986 bool found = FALSE;
987
988 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
989 while (enumerator->enumerate(enumerator, &task))
990 {
1b4e7fe1 991 if (task->get_type(task) == type)
b0b0c913
TB		 992 {
993 found = TRUE;
994 break;
995 }
996 }
997 enumerator->destroy(enumerator);
998 return found;
999}
1000
4a09d9ee
MW		 1001/**
1002 * handle an incoming request message
1003 */
1004static status_t process_request(private_task_manager_t *this,
1005 message_t *message)
1006{
1007 enumerator_t *enumerator;
1008 task_t *task = NULL;
ff6b084a 1009 bool send_response = FALSE, dpd = FALSE;
4a09d9ee 1010
9276f712 1011 if (message->get_exchange_type(message) == INFORMATIONAL_V1 ||
4de361d9 1012 message->get_exchange_type(message) == QUICK_MODE ||
9276f712 1013 this->passive_tasks->get_count(this->passive_tasks) == 0)
4a09d9ee
MW		 1014 { /* create tasks depending on request type, if not already some queued */
1015 switch (message->get_exchange_type(message))
1016 {
1017 case ID_PROT:
2e3c9f87 1018 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
01685247 1019 this->passive_tasks->insert_last(this->passive_tasks, task);
824dc0ad 1020 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
8ad5cd1f 1021 this->passive_tasks->insert_last(this->passive_tasks, task);
c73c832c
MW		 1022 task = (task_t *)main_mode_create(this->ike_sa, FALSE);
1023 this->passive_tasks->insert_last(this->passive_tasks, task);
0aa2af5e 1024 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
c64a4b4f 1025 this->passive_tasks->insert_last(this->passive_tasks, task);
79d6fc7f 1026 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
1cc4ec46 1027 this->passive_tasks->insert_last(this->passive_tasks, task);
4a09d9ee
MW		 1028 break;
1029 case AGGRESSIVE:
830ab2ae
MW		 1030 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
1031 this->passive_tasks->insert_last(this->passive_tasks, task);
1032 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
1033 this->passive_tasks->insert_last(this->passive_tasks, task);
1034 task = (task_t *)aggressive_mode_create(this->ike_sa, FALSE);
1035 this->passive_tasks->insert_last(this->passive_tasks, task);
1036 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
1037 this->passive_tasks->insert_last(this->passive_tasks, task);
1038 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
1039 this->passive_tasks->insert_last(this->passive_tasks, task);
1040 break;
4a09d9ee 1041 case QUICK_MODE:
a22b9e4f
MW		 1042 if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
1043 {
1044 DBG1(DBG_IKE, "received quick mode request for "
1045 "unestablished IKE_SA, ignored");
1046 return FAILED;
1047 }
4de361d9
TB		 1048 if (have_quick_mode_task(this, message->get_message_id(message)))
1049 {
1050 break;
1051 }
744c0801
MW		 1052 task = (task_t *)quick_mode_create(this->ike_sa, NULL,
1053 NULL, NULL);
1054 this->passive_tasks->insert_last(this->passive_tasks, task);
1055 break;
4a09d9ee 1056 case INFORMATIONAL_V1:
24742c0f 1057 if (process_dpd(this, message))
2ddd45c9 1058 {
ff6b084a 1059 dpd = TRUE;
2ddd45c9
MW		 1060 }
1061 else
1062 {
1063 task = (task_t *)informational_create(this->ike_sa, NULL);
24742c0f 1064 this->passive_tasks->insert_first(this->passive_tasks, task);
2ddd45c9 1065 }
07abb470 1066 break;
c5dc9d33 1067 case TRANSACTION:
764035d5 1068 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
156b8662 1069 {
e3311e9b
MW		 1070 task = (task_t *)mode_config_create(this->ike_sa,
1071 FALSE, TRUE);
156b8662
MW		 1072 }
1073 else
1074 {
1075 task = (task_t *)xauth_create(this->ike_sa, FALSE);
1076 }
c5dc9d33
CO		 1077 this->passive_tasks->insert_last(this->passive_tasks, task);
1078 break;
4a09d9ee
MW		 1079 default:
1080 return FAILED;
1081 }
1082 }
24742c0f 1083 if (dpd)
ff6b084a 1084 {
24742c0f 1085 return initiate(this);
ff6b084a 1086 }
24742c0f
MW		 1087 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND, time_monotonic(NULL));
1088
4a09d9ee
MW		 1089 /* let the tasks process the message */
1090 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
1091 while (enumerator->enumerate(enumerator, (void*)&task))
1092 {
1093 switch (task->process(task, message))
1094 {
1095 case SUCCESS:
1096 /* task completed, remove it */
1097 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
1098 task->destroy(task);
590ca1d4 1099 continue;
4a09d9ee
MW		 1100 case NEED_MORE:
1101 /* processed, but task needs at least another call to build() */
8cb6f4f9 1102 send_response = TRUE;
590ca1d4
MW		 1103 continue;
1104 case ALREADY_DONE:
1105 send_response = FALSE;
4a09d9ee 1106 break;
37a22a16
TB		 1107 case INVALID_ARG:
1108 if (task->get_type(task) == TASK_QUICK_MODE)
1109 { /* not responsible for this exchange */
1110 continue;
1111 }
1112 /* FALL */
4a09d9ee
MW		 1113 case FAILED:
1114 default:
1115 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1116 /* FALL */
1117 case DESTROY_ME:
1118 /* critical failure, destroy IKE_SA */
1119 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
1120 enumerator->destroy(enumerator);
1121 task->destroy(task);
1122 return DESTROY_ME;
1123 }
590ca1d4 1124 break;
4a09d9ee
MW		 1125 }
1126 enumerator->destroy(enumerator);
1127
8cb6f4f9
TB		 1128 if (send_response)
1129 {
69adeb5b
MW		 1130 if (build_response(this, message) != SUCCESS)
1131 {
1132 return DESTROY_ME;
1133 }
1134 }
7b34de45 1135 else
8c732b8e
TE		 1136 {
1137 if (this->responding.retransmitted > 1)
1138 {
1139 packet_t *packet = NULL;
1140 array_get(this->responding.packets, 0, &packet);
1141 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED,
1142 packet);
1143 }
1144 /* We don't send a response, so don't retransmit one if we get
7b34de45 1145 * the same message again. */
127a98dc 1146 clear_packets(this->responding.packets);
7b34de45 1147 }
25863fe1
TB		 1148 if (this->queued &&
1149 this->queued->get_exchange_type(this->queued) == INFORMATIONAL_V1)
1150 {
1151 message_t *queued;
1152 status_t status;
1153
1154 queued = this->queued;
1155 this->queued = NULL;
1156 status = this->public.task_manager.process_message(
1157 &this->public.task_manager, queued);
1158 queued->destroy(queued);
1159 if (status == DESTROY_ME)
1160 {
1161 return status;
1162 }
1163 }
69adeb5b
MW		 1164 if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
1165 this->queued_tasks->get_count(this->queued_tasks) > 0)
1166 {
1167 /* passive tasks completed, check if an active task has been queued,
1168 * such as XAUTH or modeconfig push */
1169 return initiate(this);
8cb6f4f9
TB		 1170 }
1171 return SUCCESS;
4a09d9ee
MW		 1172}
1173
26b55dc6
MW		 1174/**
1175 * handle an incoming response message
1176 */
1177static status_t process_response(private_task_manager_t *this,
1178 message_t *message)
1179{
1180 enumerator_t *enumerator;
4e98ca18 1181 message_t *queued;
f91b6ac7 1182 status_t status;
26b55dc6
MW		 1183 task_t *task;
1184
1185 if (message->get_exchange_type(message) != this->initiating.type)
1186 {
0235914d
MW		 1187 /* Windows server sends a fourth quick mode message having an initial
1188 * contact notify. Ignore this message for compatibility. */
1189 if (this->initiating.type == EXCHANGE_TYPE_UNDEFINED &&
1190 message->get_exchange_type(message) == QUICK_MODE &&
1191 message->get_notify(message, INITIAL_CONTACT))
1192 {
1193 DBG1(DBG_IKE, "ignoring fourth Quick Mode message");
1194 return SUCCESS;
1195 }
26b55dc6
MW		 1196 DBG1(DBG_IKE, "received %N response, but expected %N",
1197 exchange_type_names, message->get_exchange_type(message),
1198 exchange_type_names, this->initiating.type);
1199 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1200 return DESTROY_ME;
1201 }
1202
1203 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
1204 while (enumerator->enumerate(enumerator, (void*)&task))
1205 {
1206 switch (task->process(task, message))
1207 {
1208 case SUCCESS:
1209 /* task completed, remove it */
1210 this->active_tasks->remove_at(this->active_tasks, enumerator);
1211 task->destroy(task);
590ca1d4 1212 continue;
26b55dc6
MW		 1213 case NEED_MORE:
1214 /* processed, but task needs another exchange */
590ca1d4
MW		 1215 continue;
1216 case ALREADY_DONE:
26b55dc6
MW		 1217 break;
1218 case FAILED:
1219 default:
1220 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1221 /* FALL */
1222 case DESTROY_ME:
1223 /* critical failure, destroy IKE_SA */
1224 this->active_tasks->remove_at(this->active_tasks, enumerator);
1225 enumerator->destroy(enumerator);
1226 task->destroy(task);
1227 return DESTROY_ME;
1228 }
590ca1d4 1229 break;
26b55dc6
MW		 1230 }
1231 enumerator->destroy(enumerator);
1232
0ddda7ca 1233 if (this->initiating.retransmitted > 1)
bd71ba0f
TB		 1234 {
1235 packet_t *packet = NULL;
1236 array_get(this->initiating.packets, 0, &packet);
1237 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet);
1238 }
26b55dc6 1239 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
127a98dc 1240 clear_packets(this->initiating.packets);
26b55dc6 1241
3805880c
TB		 1242 if (this->queued && !this->active_tasks->get_count(this->active_tasks) &&
1243 this->queued->get_exchange_type(this->queued) == TRANSACTION)
f91b6ac7 1244 {
4e98ca18 1245 queued = this->queued;
f91b6ac7 1246 this->queued = NULL;
4e98ca18
MW		 1247 status = this->public.task_manager.process_message(
1248 &this->public.task_manager, queued);
1249 queued->destroy(queued);
f91b6ac7
MW		 1250 if (status == DESTROY_ME)
1251 {
1252 return status;
1253 }
1254 }
1255
26b55dc6
MW		 1256 return initiate(this);
1257}
1258
30216000
TB		 1259static status_t handle_fragment(private_task_manager_t *this, message_t *msg)
1260{
70e0be07 1261 status_t status;
30216000 1262
70e0be07 1263 if (!this->defrag)
30216000 1264 {
70e0be07
TB		 1265 this->defrag = message_create_defrag(msg);
1266 if (!this->defrag)
30216000 1267 {
70e0be07 1268 return FAILED;
30216000
TB		 1269 }
1270 }
70e0be07
TB		 1271 status = this->defrag->add_fragment(this->defrag, msg);
1272 if (status == SUCCESS)
8fc83834 1273 {
70e0be07
TB		 1274 lib->processor->queue_job(lib->processor,
1275 (job_t*)process_message_job_create(this->defrag));
1276 this->defrag = NULL;
1277 /* do not process the last fragment */
30216000
TB		 1278 status = NEED_MORE;
1279 }
1280 return status;
1281}
1282
b235e69c
TB		 1283/**
1284 * Parse the given message and verify that it is valid.
1285 */
1286static status_t parse_message(private_task_manager_t *this, message_t *msg)
1287{
1288 status_t status;
1289
1290 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
1291
1292 if (status != SUCCESS)
1293 {
1294 switch (status)
1295 {
29a5e070
TB		 1296 case NOT_SUPPORTED:
1297 DBG1(DBG_IKE, "unsupported exchange type");
b4705269 1298 send_notify(this, msg, INVALID_EXCHANGE_TYPE);
29a5e070 1299 break;
b235e69c
TB		 1300 case PARSE_ERROR:
1301 DBG1(DBG_IKE, "message parsing failed");
b4705269 1302 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1303 break;
1304 case VERIFY_ERROR:
1305 DBG1(DBG_IKE, "message verification failed");
b4705269 1306 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1307 break;
1308 case FAILED:
1309 DBG1(DBG_IKE, "integrity check failed");
b4705269 1310 send_notify(this, msg, INVALID_HASH_INFORMATION);
b235e69c
TB		 1311 break;
1312 case INVALID_STATE:
1313 DBG1(DBG_IKE, "found encrypted message, but no keys available");
b4705269 1314 send_notify(this, msg, PAYLOAD_MALFORMED);
b235e69c
TB		 1315 default:
1316 break;
1317 }
f5ef3577 1318 DBG1(DBG_IKE, "%N %s with message ID %u processing failed",
b235e69c
TB		 1319 exchange_type_names, msg->get_exchange_type(msg),
1320 msg->get_request(msg) ? "request" : "response",
1321 msg->get_message_id(msg));
1322
418f4bc7
MW		 1323 charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_BODY, msg, status);
1324
b235e69c
TB		 1325 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1326 { /* invalid initiation attempt, close SA */
1327 return DESTROY_ME;
1328 }
1329 }
30216000 1330
3ecfc83c 1331 if (msg->get_first_payload_type(msg) == PLV1_FRAGMENT)
30216000
TB		 1332 {
1333 return handle_fragment(this, msg);
1334 }
b235e69c
TB		 1335 return status;
1336}
1337
3f56f731
TB		 1338/**
1339 * Queue the given message if possible
1340 */
1341static status_t queue_message(private_task_manager_t *this, message_t *msg)
1342{
1343 if (this->queued)
1344 {
1345 DBG1(DBG_IKE, "ignoring %N request, queue full",
1346 exchange_type_names, msg->get_exchange_type(msg));
1347 return FAILED;
1348 }
1349 this->queued = message_create_from_packet(msg->get_packet(msg));
1350 if (this->queued->parse_header(this->queued) != SUCCESS)
1351 {
1352 this->queued->destroy(this->queued);
1353 this->queued = NULL;
1354 return FAILED;
1355 }
1356 DBG1(DBG_IKE, "queueing %N request as tasks still active",
1357 exchange_type_names, msg->get_exchange_type(msg));
1358 return SUCCESS;
1359}
1360
4a09d9ee
MW		 1361METHOD(task_manager_t, process_message, status_t,
1362 private_task_manager_t *this, message_t *msg)
1363{
b12c53ce 1364 uint32_t hash, mid, i;
3d59c5c3 1365 host_t *me, *other;
68c6863b 1366 status_t status;
73aaf76b 1367
1960312c 1368 /* TODO-IKEv1: update hosts more selectively */
3d59c5c3
TB		 1369 me = msg->get_destination(msg);
1370 other = msg->get_source(msg);
68c6863b 1371 mid = msg->get_message_id(msg);
fce566a8
MW		 1372 hash = chunk_hash(msg->get_packet_data(msg));
1373 for (i = 0; i < MAX_OLD_HASHES; i++)
1374 {
1375 if (this->initiating.old_hashes[i] == hash)
1376 {
127a98dc 1377 if (array_count(this->initiating.packets) &&
f5a84055 1378 i == (this->initiating.old_hash_pos % MAX_OLD_HASHES) &&
346dad30
MW		 1379 (msg->get_exchange_type(msg) == QUICK_MODE ||
1380 msg->get_exchange_type(msg) == AGGRESSIVE))
f5a84055
MW		 1381 {
1382 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1383 "resending last request", mid);
127a98dc 1384 send_packets(this, this->initiating.packets);
f5a84055
MW		 1385 return SUCCESS;
1386 }
fce566a8
MW		 1387 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1388 "but next request already sent", mid);
1389 return SUCCESS;
1390 }
1391 }
1960312c 1392
2ddd45c9 1393 if ((mid && mid == this->initiating.mid) ||
73aaf76b 1394 (this->initiating.mid == 0 &&
1cc3e92c 1395 msg->get_exchange_type(msg) == this->initiating.type &&
dc8e9647 1396 this->active_tasks->get_count(this->active_tasks)))
4a09d9ee 1397 {
7519106d 1398 msg->set_request(msg, FALSE);
47b8f6ef 1399 charon->bus->message(charon->bus, msg, TRUE, FALSE);
b235e69c 1400 status = parse_message(this, msg);
30216000
TB		 1401 if (status == NEED_MORE)
1402 {
1403 return SUCCESS;
1404 }
1960312c
TB		 1405 if (status != SUCCESS)
1406 {
1407 return status;
1408 }
1409 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1410 time_monotonic(NULL));
3d59c5c3 1411 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
47b8f6ef 1412 charon->bus->message(charon->bus, msg, TRUE, TRUE);
73aaf76b 1413 if (process_response(this, msg) != SUCCESS)
4a09d9ee
MW		 1414 {
1415 flush(this);
1416 return DESTROY_ME;
1417 }
f5a84055 1418 this->initiating.old_hashes[(++this->initiating.old_hash_pos) %
fce566a8 1419 MAX_OLD_HASHES] = hash;
4a09d9ee
MW		 1420 }
1421 else
1422 {
7b34de45 1423 if (hash == this->responding.hash)
73aaf76b 1424 {
127a98dc 1425 if (array_count(this->responding.packets))
7b34de45
MW		 1426 {
1427 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1428 "retransmitting response", mid);
127a98dc 1429 send_packets(this, this->responding.packets);
7b34de45 1430 }
127a98dc 1431 else if (array_count(this->initiating.packets) &&
1b82eb23
MW		 1432 this->initiating.type == INFORMATIONAL_V1)
1433 {
1434 DBG1(DBG_IKE, "received retransmit of DPD request, "
1435 "retransmitting response");
127a98dc 1436 send_packets(this, this->initiating.packets);
1b82eb23 1437 }
7b34de45
MW		 1438 else
1439 {
1440 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1441 "but no response to retransmit", mid);
1442 }
3c79b7b7 1443 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
73aaf76b
MW		 1444 return SUCCESS;
1445 }
cdf75a39 1446
cf95d292 1447 /* reject Main/Aggressive Modes once established */
cdf75a39
MW		 1448 if (msg->get_exchange_type(msg) == ID_PROT ||
1449 msg->get_exchange_type(msg) == AGGRESSIVE)
1450 {
1451 if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
1452 this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING &&
3ecfc83c 1453 msg->get_first_payload_type(msg) != PLV1_FRAGMENT)
cdf75a39
MW		 1454 {
1455 DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
1456 exchange_type_names, msg->get_exchange_type(msg));
1457 return FAILED;
1458 }
1459 }
1460
b0b0c913 1461 /* drop XAuth/Mode Config/Quick Mode messages until we received the last
1c8dfa30
TB		 1462 * Aggressive Mode message. since Informational messages are not
1463 * retransmitted we queue them. */
1b4e7fe1 1464 if (have_task_queued(this, TASK_AGGRESSIVE_MODE))
b0b0c913 1465 {
1c8dfa30
TB		 1466 if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
1467 {
1468 return queue_message(this, msg);
1469 }
1470 else if (msg->get_exchange_type(msg) != AGGRESSIVE)
1471 {
1472 DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
1473 exchange_type_names, msg->get_exchange_type(msg));
1474 return FAILED;
1475 }
b0b0c913
TB		 1476 }
1477
3f56f731
TB		 1478 /* queue XAuth/Mode Config messages unless the Main Mode exchange we
1479 * initiated is complete */
f91b6ac7 1480 if (msg->get_exchange_type(msg) == TRANSACTION &&
0b0191e1 1481 this->active_tasks->get_count(this->active_tasks))
3f56f731
TB		 1482 {
1483 return queue_message(this, msg);
f91b6ac7
MW		 1484 }
1485
1b4e7fe1
TB		 1486 /* some peers send INITIAL_CONTACT notifies during XAuth, cache it */
1487 if (have_task_queued(this, TASK_XAUTH) &&
1488 msg->get_exchange_type(msg) == INFORMATIONAL_V1)
1489 {
1490 return queue_message(this, msg);
1491 }
1492
7519106d 1493 msg->set_request(msg, TRUE);
47b8f6ef 1494 charon->bus->message(charon->bus, msg, TRUE, FALSE);
b235e69c 1495 status = parse_message(this, msg);
30216000
TB		 1496 if (status == NEED_MORE)
1497 {
1498 return SUCCESS;
1499 }
1960312c
TB		 1500 if (status != SUCCESS)
1501 {
1502 return status;
1503 }
1504 /* if this IKE_SA is virgin, we check for a config */
1505 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1506 {
1507 ike_sa_id_t *ike_sa_id;
1508 ike_cfg_t *ike_cfg;
1509 job_t *job;
f5a84055 1510
79101163
MW		 1511 ike_cfg = charon->backends->get_ike_cfg(charon->backends,
1512 me, other, IKEV1);
1960312c
TB		 1513 if (ike_cfg == NULL)
1514 {
1515 /* no config found for these hosts, destroy */
4cfd0db8
TB		 1516 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1517 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
b4705269 1518 send_notify(this, msg, NO_PROPOSAL_CHOSEN);
1960312c
TB		 1519 return DESTROY_ME;
1520 }
1521 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1522 ike_cfg->destroy(ike_cfg);
1523 /* add a timeout if peer does not establish it completely */
1524 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1525 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1526 lib->scheduler->schedule_job(lib->scheduler, job,
1527 lib->settings->get_int(lib->settings,
42500c27 1528 "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
d223fe80 1529 lib->ns));
1960312c 1530 }
3d59c5c3 1531 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
47b8f6ef 1532 charon->bus->message(charon->bus, msg, TRUE, TRUE);
73aaf76b 1533 if (process_request(this, msg) != SUCCESS)
26b55dc6
MW		 1534 {
1535 flush(this);
1536 return DESTROY_ME;
1537 }
9cc8bd4f 1538 this->responding.hash = hash;
4a09d9ee
MW		 1539 }
1540 return SUCCESS;
1541}
1542
8ed976c0
MW		 1543/**
1544 * Check if a given task has been queued already
1545 */
1546static bool has_queued(private_task_manager_t *this, task_type_t type)
1547{
1548 enumerator_t *enumerator;
1549 bool found = FALSE;
1550 task_t *task;
1551
1552 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1553 while (enumerator->enumerate(enumerator, &task))
1554 {
1555 if (task->get_type(task) == type)
1556 {
1557 found = TRUE;
1558 break;
1559 }
1560 }
1561 enumerator->destroy(enumerator);
1562 return found;
1563}
1564
208678e6
TB		 1565METHOD(task_manager_t, queue_task_delayed, void,
1566 private_task_manager_t *this, task_t *task, uint32_t delay)
d4828f51
TB		 1567{
1568 task_type_t type = task->get_type(task);
1569
1570 switch (type)
1571 {
1572 case TASK_MODE_CONFIG:
1573 case TASK_XAUTH:
1574 if (has_queued(this, type))
1575 {
1576 task->destroy(task);
1577 return;
1578 }
1579 break;
1580 default:
1581 break;
1582 }
1583 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1584 this->queued_tasks->insert_last(this->queued_tasks, task);
1585}
1586
208678e6
TB		 1587METHOD(task_manager_t, queue_task, void,
1588 private_task_manager_t *this, task_t *task)
1589{
1590 queue_task_delayed(this, task, 0);
1591}
1592
a60daa07
MW		 1593METHOD(task_manager_t, queue_ike, void,
1594 private_task_manager_t *this)
1595{
830ab2ae
MW		 1596 peer_cfg_t *peer_cfg;
1597
8ed976c0
MW		 1598 if (!has_queued(this, TASK_ISAKMP_VENDOR))
1599 {
1600 queue_task(this, (task_t*)isakmp_vendor_create(this->ike_sa, TRUE));
1601 }
1602 if (!has_queued(this, TASK_ISAKMP_CERT_PRE))
1603 {
1604 queue_task(this, (task_t*)isakmp_cert_pre_create(this->ike_sa, TRUE));
1605 }
830ab2ae
MW		 1606 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1607 if (peer_cfg->use_aggressive(peer_cfg))
8ed976c0 1608 {
830ab2ae
MW		 1609 if (!has_queued(this, TASK_AGGRESSIVE_MODE))
1610 {
1611 queue_task(this, (task_t*)aggressive_mode_create(this->ike_sa, TRUE));
1612 }
1613 }
1614 else
1615 {
1616 if (!has_queued(this, TASK_MAIN_MODE))
1617 {
1618 queue_task(this, (task_t*)main_mode_create(this->ike_sa, TRUE));
1619 }
8ed976c0
MW		 1620 }
1621 if (!has_queued(this, TASK_ISAKMP_CERT_POST))
1622 {
1623 queue_task(this, (task_t*)isakmp_cert_post_create(this->ike_sa, TRUE));
1624 }
1625 if (!has_queued(this, TASK_ISAKMP_NATD))
1626 {
1627 queue_task(this, (task_t*)isakmp_natd_create(this->ike_sa, TRUE));
1628 }
a60daa07
MW		 1629}
1630
4f49b068 1631METHOD(task_manager_t, queue_ike_reauth, void,
dab60d64
MW		 1632 private_task_manager_t *this)
1633{
4f49b068
MW		 1634 enumerator_t *enumerator;
1635 child_sa_t *child_sa;
1636 ike_sa_t *new;
1637 host_t *host;
1638
1639 new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
1640 this->ike_sa->get_version(this->ike_sa), TRUE);
1641 if (!new)
1642 { /* shouldn't happen */
1643 return;
1644 }
1645
1646 new->set_peer_cfg(new, this->ike_sa->get_peer_cfg(this->ike_sa));
1647 host = this->ike_sa->get_other_host(this->ike_sa);
1648 new->set_other_host(new, host->clone(host));
1649 host = this->ike_sa->get_my_host(this->ike_sa);
1650 new->set_my_host(new, host->clone(host));
101d26ba
MW		 1651 enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, TRUE);
1652 while (enumerator->enumerate(enumerator, &host))
4f49b068 1653 {
101d26ba 1654 new->add_virtual_ip(new, TRUE, host);
4f49b068 1655 }
101d26ba 1656 enumerator->destroy(enumerator);
4f49b068 1657
6a9a69ae
TB		 1658 charon->bus->children_migrate(charon->bus, new->get_id(new),
1659 new->get_unique_id(new));
4f49b068
MW		 1660 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1661 while (enumerator->enumerate(enumerator, &child_sa))
1662 {
1663 this->ike_sa->remove_child_sa(this->ike_sa, enumerator);
1664 new->add_child_sa(new, child_sa);
1665 }
1666 enumerator->destroy(enumerator);
6a9a69ae
TB		 1667 charon->bus->set_sa(charon->bus, new);
1668 charon->bus->children_migrate(charon->bus, NULL, 0);
1669 charon->bus->set_sa(charon->bus, this->ike_sa);
4f49b068 1670
8254e7ec
TB		 1671 if (!new->get_child_count(new))
1672 { /* check if a Quick Mode task is queued (UNITY_LOAD_BALANCE case) */
1673 task_t *task;
1674
1675 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1676 while (enumerator->enumerate(enumerator, &task))
1677 {
1678 if (task->get_type(task) == TASK_QUICK_MODE)
1679 {
1680 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
1681 task->migrate(task, new);
1682 new->queue_task(new, task);
1683 }
1684 }
1685 enumerator->destroy(enumerator);
1686 }
1687
4f49b068
MW		 1688 if (new->initiate(new, NULL, 0, NULL, NULL) != DESTROY_ME)
1689 {
1690 charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
1b79299b 1691 this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
4f49b068
MW		 1692 }
1693 else
1694 {
1695 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
1696 DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
1697 }
1698 charon->bus->set_sa(charon->bus, this->ike_sa);
dab60d64
MW		 1699}
1700
4f49b068 1701METHOD(task_manager_t, queue_ike_rekey, void,
cedb412e
MW		 1702 private_task_manager_t *this)
1703{
4f49b068 1704 queue_ike_reauth(this);
cedb412e
MW		 1705}
1706
3ed148b3
MW		 1707METHOD(task_manager_t, queue_ike_delete, void,
1708 private_task_manager_t *this)
1709{
daee47ba
MW		 1710 enumerator_t *enumerator;
1711 child_sa_t *child_sa;
1712
60d0f52f
TB		 1713 /* cancel any currently active task to get the DELETE done quickly */
1714 flush_queue(this, TASK_QUEUE_ACTIVE);
1715
daee47ba
MW		 1716 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1717 while (enumerator->enumerate(enumerator, &child_sa))
1718 {
1719 queue_task(this, (task_t*)
1720 quick_delete_create(this->ike_sa, child_sa->get_protocol(child_sa),
3a925f74 1721 child_sa->get_spi(child_sa, TRUE), FALSE, FALSE));
daee47ba
MW		 1722 }
1723 enumerator->destroy(enumerator);
1724
3ed148b3
MW		 1725 queue_task(this, (task_t*)isakmp_delete_create(this->ike_sa, TRUE));
1726}
1727
873df908
MW		 1728METHOD(task_manager_t, queue_mobike, void,
1729 private_task_manager_t *this, bool roam, bool address)
1730{
1731 /* Not supported in IKEv1 */
1732}
1733
fe43d9a2 1734METHOD(task_manager_t, queue_child, void,
b12c53ce 1735 private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid,
fe43d9a2
MW		 1736 traffic_selector_t *tsi, traffic_selector_t *tsr)
1737{
14dc7941
MW		 1738 quick_mode_t *task;
1739
1740 task = quick_mode_create(this->ike_sa, cfg, tsi, tsr);
1741 task->use_reqid(task, reqid);
1742
1743 queue_task(this, &task->task);
fe43d9a2
MW		 1744}
1745
2d4c347a
MW		 1746/**
1747 * Check if two CHILD_SAs have the same traffic selector
1748 */
553bb787 1749static bool have_equal_ts(child_sa_t *child1, child_sa_t *child2, bool local)
2d4c347a 1750{
553bb787
MW		 1751 enumerator_t *e1, *e2;
1752 traffic_selector_t *ts1, *ts2;
1753 bool equal = FALSE;
2d4c347a 1754
553bb787
MW		 1755 e1 = child1->create_ts_enumerator(child1, local);
1756 e2 = child2->create_ts_enumerator(child2, local);
1757 if (e1->enumerate(e1, &ts1) && e2->enumerate(e2, &ts2))
2d4c347a 1758 {
553bb787 1759 equal = ts1->equals(ts1, ts2);
2d4c347a 1760 }
fafa7684 1761 e2->destroy(e2);
553bb787
MW		 1762 e1->destroy(e1);
1763
1764 return equal;
2d4c347a
MW		 1765}
1766
bbc3d2a0
TB		 1767/*
1768 * Described in header
1e24fa46 1769 */
bbc3d2a0
TB		 1770bool ikev1_child_sa_is_redundant(ike_sa_t *ike_sa, child_sa_t *child_sa,
1771 bool (*cmp)(child_sa_t*,child_sa_t*))
1e24fa46
MW		 1772{
1773 enumerator_t *enumerator;
1774 child_sa_t *current;
1775 bool redundant = FALSE;
1776
bbc3d2a0 1777 enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
1e24fa46
MW		 1778 while (enumerator->enumerate(enumerator, &current))
1779 {
bbc3d2a0
TB		 1780 if (current != child_sa &&
1781 current->get_state(current) == CHILD_INSTALLED &&
1e24fa46 1782 streq(current->get_name(current), child_sa->get_name(child_sa)) &&
2d4c347a
MW		 1783 have_equal_ts(current, child_sa, TRUE) &&
1784 have_equal_ts(current, child_sa, FALSE) &&
bbc3d2a0 1785 (!cmp || cmp(child_sa, current)))
1e24fa46 1786 {
bbc3d2a0 1787 DBG1(DBG_IKE, "detected redundant CHILD_SA %s{%d}",
246c969d
MW		 1788 child_sa->get_name(child_sa),
1789 child_sa->get_unique_id(child_sa));
1e24fa46
MW		 1790 redundant = TRUE;
1791 break;
1792 }
1793 }
1794 enumerator->destroy(enumerator);
1795
1796 return redundant;
1797}
1798
bbc3d2a0
TB		 1799/**
1800 * Compare the rekey times of two CHILD_SAs, a CHILD_SA is redundant if it is
1801 * rekeyed sooner than another.
1802 */
1803static bool is_rekeyed_sooner(child_sa_t *is_redundant, child_sa_t *other)
1804{
1805 return other->get_lifetime(other, FALSE) >
1806 is_redundant->get_lifetime(is_redundant, FALSE);
1807}
1808
7a5f372c
MW		 1809/**
1810 * Get the first traffic selector of a CHILD_SA, local or remote
1811 */
1812static traffic_selector_t* get_first_ts(child_sa_t *child_sa, bool local)
1813{
1814 traffic_selector_t *ts = NULL;
553bb787 1815 enumerator_t *enumerator;
7a5f372c 1816
553bb787
MW		 1817 enumerator = child_sa->create_ts_enumerator(child_sa, local);
1818 enumerator->enumerate(enumerator, &ts);
1819 enumerator->destroy(enumerator);
1820
1821 return ts;
7a5f372c
MW		 1822}
1823
463a73cc 1824METHOD(task_manager_t, queue_child_rekey, void,
b12c53ce 1825 private_task_manager_t *this, protocol_id_t protocol, uint32_t spi)
463a73cc 1826{
23eb447c
MW		 1827 child_sa_t *child_sa;
1828 child_cfg_t *cfg;
1829 quick_mode_t *task;
1830
1831 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, TRUE);
1832 if (!child_sa)
1833 {
1834 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE);
1835 }
1836 if (child_sa && child_sa->get_state(child_sa) == CHILD_INSTALLED)
1837 {
bbc3d2a0
TB		 1838 if (ikev1_child_sa_is_redundant(this->ike_sa, child_sa,
1839 is_rekeyed_sooner))
1e24fa46 1840 {
a01eb5e4 1841 child_sa->set_state(child_sa, CHILD_REKEYED);
083208e8
TB		 1842 if (lib->settings->get_bool(lib->settings, "%s.delete_rekeyed",
1843 FALSE, lib->ns))
1844 {
1845 queue_task(this, (task_t*)quick_delete_create(this->ike_sa,
1e24fa46 1846 protocol, spi, FALSE, FALSE));
083208e8 1847 }
1e24fa46
MW		 1848 }
1849 else
1850 {
1851 child_sa->set_state(child_sa, CHILD_REKEYING);
1852 cfg = child_sa->get_config(child_sa);
7a5f372c
MW		 1853 task = quick_mode_create(this->ike_sa, cfg->get_ref(cfg),
1854 get_first_ts(child_sa, TRUE), get_first_ts(child_sa, FALSE));
1e24fa46 1855 task->use_reqid(task, child_sa->get_reqid(child_sa));
85b23888
MW		 1856 task->use_marks(task, child_sa->get_mark(child_sa, TRUE).value,
1857 child_sa->get_mark(child_sa, FALSE).value);
8ab33628
TB		 1858 task->use_if_ids(task, child_sa->get_if_id(child_sa, TRUE),
1859 child_sa->get_if_id(child_sa, FALSE));
1e24fa46 1860 task->rekey(task, child_sa->get_spi(child_sa, TRUE));
23eb447c 1861
1e24fa46
MW		 1862 queue_task(this, &task->task);
1863 }
23eb447c 1864 }
463a73cc
MW		 1865}
1866
83c5fda0 1867METHOD(task_manager_t, queue_child_delete, void,
b12c53ce 1868 private_task_manager_t *this, protocol_id_t protocol, uint32_t spi,
3a925f74 1869 bool expired)
83c5fda0
MW		 1870{
1871 queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol,
3a925f74 1872 spi, FALSE, expired));
83c5fda0
MW		 1873}
1874
244d715d
MW		 1875METHOD(task_manager_t, queue_dpd, void,
1876 private_task_manager_t *this)
1877{
80c5b17d 1878 peer_cfg_t *peer_cfg;
b12c53ce 1879 uint32_t t, retransmit;
4b38c22c 1880
24742c0f 1881 queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE,
9de3140d 1882 this->dpd_send));
80c5b17d 1883 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
4b38c22c 1884
80c5b17d
AS		 1885 /* compute timeout in milliseconds */
1886 t = 1000 * peer_cfg->get_dpd_timeout(peer_cfg);
1887 if (t == 0)
4b38c22c 1888 {
80c5b17d
AS		 1889 /* use the same timeout as a retransmitting IKE message would have */
1890 for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++)
1891 {
b12c53ce 1892 t += (uint32_t)(this->retransmit_timeout * 1000.0 *
80c5b17d
AS		 1893 pow(this->retransmit_base, retransmit));
1894 }
4b38c22c 1895 }
747b6487
TB		 1896 /* compensate for the already elapsed dpd delay */
1897 t -= 1000 * peer_cfg->get_dpd(peer_cfg);
80c5b17d
AS		 1898
1899 /* schedule DPD timeout job */
4b38c22c
MW		 1900 lib->scheduler->schedule_job_ms(lib->scheduler,
1901 (job_t*)dpd_timeout_job_create(this->ike_sa->get_id(this->ike_sa)), t);
244d715d
MW		 1902}
1903
4a09d9ee
MW		 1904METHOD(task_manager_t, adopt_tasks, void,
1905 private_task_manager_t *this, task_manager_t *other_public)
1906{
1907 private_task_manager_t *other = (private_task_manager_t*)other_public;
1908 task_t *task;
1909
1910 /* move queued tasks from other to this */
1911 while (other->queued_tasks->remove_last(other->queued_tasks,
1912 (void**)&task) == SUCCESS)
1913 {
1914 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1915 task->migrate(task, this->ike_sa);
1916 this->queued_tasks->insert_first(this->queued_tasks, task);
1917 }
1918}
1919
1920METHOD(task_manager_t, busy, bool,
1921 private_task_manager_t *this)
1922{
1923 return (this->active_tasks->get_count(this->active_tasks) > 0);
1924}
1925
1926METHOD(task_manager_t, incr_mid, void,
1927 private_task_manager_t *this, bool initiate)
1928{
4a09d9ee
MW		 1929}
1930
05a2be82
TB		 1931METHOD(task_manager_t, get_mid, uint32_t,
1932 private_task_manager_t *this, bool initiate)
1933{
1934 return initiate ? this->initiating.mid : this->responding.mid;
1935}
1936
4a09d9ee 1937METHOD(task_manager_t, reset, void,
b12c53ce 1938 private_task_manager_t *this, uint32_t initiate, uint32_t respond)
4a09d9ee 1939{
d9c1dae2
MW		 1940 enumerator_t *enumerator;
1941 task_t *task;
1942
1943 /* reset message counters and retransmit packets */
127a98dc
TB		 1944 clear_packets(this->responding.packets);
1945 clear_packets(this->initiating.packets);
f5a84055
MW		 1946 this->responding.seqnr = RESPONDING_SEQ;
1947 this->responding.retransmitted = 0;
d9c1dae2
MW		 1948 this->initiating.mid = 0;
1949 this->initiating.seqnr = 0;
1950 this->initiating.retransmitted = 0;
1951 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
70e0be07
TB		 1952 DESTROY_IF(this->defrag);
1953 this->defrag = NULL;
fd6fbf17
MW		 1954 if (initiate != UINT_MAX)
1955 {
1956 this->dpd_send = initiate;
1957 }
1958 if (respond != UINT_MAX)
1959 {
1960 this->dpd_recv = respond;
1961 }
d9c1dae2
MW		 1962
1963 /* reset queued tasks */
1964 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1965 while (enumerator->enumerate(enumerator, &task))
1966 {
1967 task->migrate(task, this->ike_sa);
1968 }
1969 enumerator->destroy(enumerator);
1970
1971 /* reset active tasks */
1972 while (this->active_tasks->remove_last(this->active_tasks,
1973 (void**)&task) == SUCCESS)
1974 {
1975 task->migrate(task, this->ike_sa);
1976 this->queued_tasks->insert_first(this->queued_tasks, task);
1977 }
4a09d9ee
MW		 1978}
1979
4505e3c0
TB		 1980/**
1981 * Data for a task queue enumerator
1982 */
1983typedef struct {
1984 enumerator_t public;
1985 task_queue_t queue;
1986 enumerator_t *inner;
1987} task_enumerator_t;
1988
1989METHOD(enumerator_t, task_enumerator_destroy, void,
1990 task_enumerator_t *this)
1991{
1992 this->inner->destroy(this->inner);
1993 free(this);
1994}
1995
1996METHOD(enumerator_t, task_enumerator_enumerate, bool,
1997 task_enumerator_t *this, va_list args)
1998{
1999 task_t **task;
2000
2001 VA_ARGS_VGET(args, task);
2002 return this->inner->enumerate(this->inner, task);
2003}
2004
4a09d9ee
MW		 2005METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
2006 private_task_manager_t *this, task_queue_t queue)
2007{
4505e3c0
TB		 2008 task_enumerator_t *enumerator;
2009
2010 INIT(enumerator,
2011 .public = {
2012 .enumerate = enumerator_enumerate_default,
2013 .venumerate = _task_enumerator_enumerate,
2014 .destroy = _task_enumerator_destroy,
2015 },
2016 .queue = queue,
2017 );
4a09d9ee
MW		 2018 switch (queue)
2019 {
2020 case TASK_QUEUE_ACTIVE:
4505e3c0
TB		 2021 enumerator->inner = this->active_tasks->create_enumerator(
2022 this->active_tasks);
2023 break;
4a09d9ee 2024 case TASK_QUEUE_PASSIVE:
4505e3c0
TB		 2025 enumerator->inner = this->passive_tasks->create_enumerator(
2026 this->passive_tasks);
2027 break;
4a09d9ee 2028 case TASK_QUEUE_QUEUED:
4505e3c0
TB		 2029 enumerator->inner = this->queued_tasks->create_enumerator(
2030 this->queued_tasks);
2031 break;
4a09d9ee 2032 default:
4505e3c0
TB		 2033 enumerator->inner = enumerator_create_empty();
2034 break;
2035 }
2036 return &enumerator->public;
2037}
2038
2039METHOD(task_manager_t, remove_task, void,
2040 private_task_manager_t *this, enumerator_t *enumerator_public)
2041{
2042 task_enumerator_t *enumerator = (task_enumerator_t*)enumerator_public;
2043
2044 switch (enumerator->queue)
2045 {
2046 case TASK_QUEUE_ACTIVE:
2047 this->active_tasks->remove_at(this->active_tasks,
2048 enumerator->inner);
2049 break;
2050 case TASK_QUEUE_PASSIVE:
2051 this->passive_tasks->remove_at(this->passive_tasks,
2052 enumerator->inner);
2053 break;
2054 case TASK_QUEUE_QUEUED:
2055 this->queued_tasks->remove_at(this->queued_tasks,
2056 enumerator->inner);
2057 break;
2058 default:
2059 break;
4a09d9ee
MW		 2060 }
2061}
2062
2063METHOD(task_manager_t, destroy, void,
2064 private_task_manager_t *this)
2065{
2066 flush(this);
2067
2068 this->active_tasks->destroy(this->active_tasks);
2069 this->queued_tasks->destroy(this->queued_tasks);
2070 this->passive_tasks->destroy(this->passive_tasks);
70e0be07 2071 DESTROY_IF(this->defrag);
4a09d9ee 2072
f91b6ac7 2073 DESTROY_IF(this->queued);
127a98dc
TB		 2074 clear_packets(this->responding.packets);
2075 array_destroy(this->responding.packets);
2076 clear_packets(this->initiating.packets);
2077 array_destroy(this->initiating.packets);
73aaf76b 2078 DESTROY_IF(this->rng);
4a09d9ee
MW		 2079 free(this);
2080}
2081
2082/*
2083 * see header file
2084 */
2085task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
2086{
2087 private_task_manager_t *this;
2088
2089 INIT(this,
2090 .public = {
2091 .task_manager = {
2092 .process_message = _process_message,
2093 .queue_task = _queue_task,
208678e6 2094 .queue_task_delayed = _queue_task_delayed,
a60daa07 2095 .queue_ike = _queue_ike,
dab60d64 2096 .queue_ike_rekey = _queue_ike_rekey,
cedb412e 2097 .queue_ike_reauth = _queue_ike_reauth,
3ed148b3 2098 .queue_ike_delete = _queue_ike_delete,
873df908 2099 .queue_mobike = _queue_mobike,
fe43d9a2 2100 .queue_child = _queue_child,
463a73cc 2101 .queue_child_rekey = _queue_child_rekey,
83c5fda0 2102 .queue_child_delete = _queue_child_delete,
244d715d 2103 .queue_dpd = _queue_dpd,
4a09d9ee
MW		 2104 .initiate = _initiate,
2105 .retransmit = _retransmit,
2106 .incr_mid = _incr_mid,
05a2be82 2107 .get_mid = _get_mid,
4a09d9ee
MW		 2108 .reset = _reset,
2109 .adopt_tasks = _adopt_tasks,
2110 .busy = _busy,
2111 .create_task_enumerator = _create_task_enumerator,
4505e3c0 2112 .remove_task = _remove_task,
b1908994 2113 .flush = _flush,
a5c79960 2114 .flush_queue = _flush_queue,
4a09d9ee
MW		 2115 .destroy = _destroy,
2116 },
2117 },
dcbdc914
TB		 2118 .initiating = {
2119 .type = EXCHANGE_TYPE_UNDEFINED,
2120 },
2121 .responding = {
2122 .seqnr = RESPONDING_SEQ,
2123 },
4a09d9ee 2124 .ike_sa = ike_sa,
73aaf76b 2125 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
4a09d9ee
MW		 2126 .queued_tasks = linked_list_create(),
2127 .active_tasks = linked_list_create(),
2128 .passive_tasks = linked_list_create(),
2129 .retransmit_tries = lib->settings->get_int(lib->settings,
389e4b8e 2130 "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns),
4a09d9ee 2131 .retransmit_timeout = lib->settings->get_double(lib->settings,
389e4b8e 2132 "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns),
4a09d9ee 2133 .retransmit_base = lib->settings->get_double(lib->settings,
389e4b8e
TB		 2134 "%s.retransmit_base", RETRANSMIT_BASE, lib->ns),
2135 .retransmit_jitter = min(lib->settings->get_int(lib->settings,
2136 "%s.retransmit_jitter", 0, lib->ns), RETRANSMIT_JITTER_MAX),
2137 .retransmit_limit = lib->settings->get_int(lib->settings,
2138 "%s.retransmit_limit", 0, lib->ns) * 1000,
4a09d9ee
MW		 2139 );
2140
3fca5bd1
MW		 2141 if (!this->rng)
2142 {
2143 DBG1(DBG_IKE, "no RNG found, unable to create IKE_SA");
2144 destroy(this);
2145 return NULL;
2146 }
1bb9c51e
TB		 2147 if (!this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
2148 (void*)&this->dpd_send))
2149 {
2150 DBG1(DBG_IKE, "failed to allocate message ID, unable to create IKE_SA");
2151 destroy(this);
2152 return NULL;
2153 }
2ddd45c9 2154 this->dpd_send &= 0x7FFFFFFF;
3e6b7403 2155
72b282cf
TB		 2156 if (this->retransmit_base > 1)
2157 { /* based on 1000 * timeout * base^try */
2158 this->retransmit_tries_max = log(UINT32_MAX/
2159 (1000.0 * this->retransmit_timeout))/
2160 log(this->retransmit_base);
2161 }
4a09d9ee
MW		 2162 return &this->public;
2163}
Unnamed repository; edit this file 'description' to name the repository.