]>
Commit | Line | Data |
---|---|---|
c60c7694 | 1 | /* |
2d27c350 | 2 | * Copyright (C) 2007-2018 Tobias Brunner |
9560a316 | 3 | * Copyright (C) 2007-2010 Martin Willi |
208678e6 | 4 | * HSR Hochschule fuer Technik Rapperswil |
c60c7694 MW |
5 | * |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
15 | */ | |
16 | ||
e69f7dcd | 17 | #include "task_manager_v2.h" |
c60c7694 | 18 | |
3b138b84 MW |
19 | #include <math.h> |
20 | ||
6207fadb | 21 | #include <collections/array.h> |
c60c7694 | 22 | #include <daemon.h> |
15a682f4 MW |
23 | #include <sa/ikev2/tasks/ike_init.h> |
24 | #include <sa/ikev2/tasks/ike_natd.h> | |
25 | #include <sa/ikev2/tasks/ike_mobike.h> | |
26 | #include <sa/ikev2/tasks/ike_auth.h> | |
27 | #include <sa/ikev2/tasks/ike_auth_lifetime.h> | |
28 | #include <sa/ikev2/tasks/ike_cert_pre.h> | |
29 | #include <sa/ikev2/tasks/ike_cert_post.h> | |
30 | #include <sa/ikev2/tasks/ike_rekey.h> | |
cedb412e | 31 | #include <sa/ikev2/tasks/ike_reauth.h> |
3676023e | 32 | #include <sa/ikev2/tasks/ike_reauth_complete.h> |
0840385b | 33 | #include <sa/ikev2/tasks/ike_redirect.h> |
15a682f4 MW |
34 | #include <sa/ikev2/tasks/ike_delete.h> |
35 | #include <sa/ikev2/tasks/ike_config.h> | |
36 | #include <sa/ikev2/tasks/ike_dpd.h> | |
5ab59221 | 37 | #include <sa/ikev2/tasks/ike_mid_sync.h> |
15a682f4 | 38 | #include <sa/ikev2/tasks/ike_vendor.h> |
f1cbacc5 | 39 | #include <sa/ikev2/tasks/ike_verify_peer_cert.h> |
15a682f4 MW |
40 | #include <sa/ikev2/tasks/child_create.h> |
41 | #include <sa/ikev2/tasks/child_rekey.h> | |
42 | #include <sa/ikev2/tasks/child_delete.h> | |
c60c7694 | 43 | #include <encoding/payloads/delete_payload.h> |
68c6863b | 44 | #include <encoding/payloads/unknown_payload.h> |
e0fe7651 | 45 | #include <processing/jobs/retransmit_job.h> |
68c6863b | 46 | #include <processing/jobs/delete_ike_sa_job.h> |
208678e6 | 47 | #include <processing/jobs/initiate_tasks_job.h> |
c60c7694 | 48 | |
dc04b7c7 | 49 | #ifdef ME |
15a682f4 | 50 | #include <sa/ikev2/tasks/ike_me.h> |
d5cc1758 TB |
51 | #endif |
52 | ||
c60c7694 | 53 | typedef struct private_task_manager_t private_task_manager_t; |
208678e6 | 54 | typedef struct queued_task_t queued_task_t; |
c60c7694 MW |
55 | |
56 | /** | |
57 | * private data of the task manager | |
58 | */ | |
59 | struct private_task_manager_t { | |
7daf5226 | 60 | |
c60c7694 MW |
61 | /** |
62 | * public functions | |
63 | */ | |
e69f7dcd | 64 | task_manager_v2_t public; |
7daf5226 | 65 | |
c60c7694 MW |
66 | /** |
67 | * associated IKE_SA we are serving | |
68 | */ | |
69 | ike_sa_t *ike_sa; | |
7daf5226 | 70 | |
c60c7694 MW |
71 | /** |
72 | * Exchange we are currently handling as responder | |
73 | */ | |
74 | struct { | |
75 | /** | |
76 | * Message ID of the exchange | |
77 | */ | |
b12c53ce | 78 | uint32_t mid; |
7daf5226 | 79 | |
c60c7694 | 80 | /** |
b678d9e1 | 81 | * packet(s) for retransmission |
c60c7694 | 82 | */ |
b678d9e1 TB |
83 | array_t *packets; |
84 | ||
85 | /** | |
86 | * Helper to defragment the request | |
87 | */ | |
88 | message_t *defrag; | |
7daf5226 | 89 | |
c60c7694 | 90 | } responding; |
7daf5226 | 91 | |
c60c7694 MW |
92 | /** |
93 | * Exchange we are currently handling as initiator | |
94 | */ | |
95 | struct { | |
96 | /** | |
97 | * Message ID of the exchange | |
98 | */ | |
b12c53ce | 99 | uint32_t mid; |
7daf5226 | 100 | |
c60c7694 MW |
101 | /** |
102 | * how many times we have retransmitted so far | |
103 | */ | |
104 | u_int retransmitted; | |
105 | ||
106 | /** | |
b678d9e1 | 107 | * packet(s) for retransmission |
c60c7694 | 108 | */ |
b678d9e1 | 109 | array_t *packets; |
7daf5226 | 110 | |
c60c7694 MW |
111 | /** |
112 | * type of the initated exchange | |
113 | */ | |
114 | exchange_type_t type; | |
7daf5226 | 115 | |
10bad0fc TB |
116 | /** |
117 | * TRUE if exchange was deferred because no path was available | |
118 | */ | |
119 | bool deferred; | |
120 | ||
b678d9e1 TB |
121 | /** |
122 | * Helper to defragment the response | |
123 | */ | |
124 | message_t *defrag; | |
125 | ||
c60c7694 | 126 | } initiating; |
7daf5226 | 127 | |
c60c7694 | 128 | /** |
6207fadb | 129 | * Array of queued tasks not yet in action |
c60c7694 | 130 | */ |
6207fadb | 131 | array_t *queued_tasks; |
7daf5226 | 132 | |
c60c7694 | 133 | /** |
527b3f0c | 134 | * Array of active tasks, initiated by ourselves |
c60c7694 | 135 | */ |
6207fadb | 136 | array_t *active_tasks; |
7daf5226 | 137 | |
c60c7694 | 138 | /** |
6207fadb | 139 | * Array of tasks initiated by peer |
c60c7694 | 140 | */ |
6207fadb | 141 | array_t *passive_tasks; |
7daf5226 | 142 | |
17d92e97 | 143 | /** |
484a06bc | 144 | * the task manager has been reset |
17d92e97 MW |
145 | */ |
146 | bool reset; | |
bc6ff2fc MW |
147 | |
148 | /** | |
149 | * Number of times we retransmit messages before giving up | |
150 | */ | |
151 | u_int retransmit_tries; | |
152 | ||
153 | /** | |
154 | * Retransmission timeout | |
155 | */ | |
156 | double retransmit_timeout; | |
157 | ||
158 | /** | |
159 | * Base to calculate retransmission timeout | |
160 | */ | |
161 | double retransmit_base; | |
349f7f24 | 162 | |
389e4b8e TB |
163 | /** |
164 | * Jitter to apply to calculated retransmit timeout (in percent) | |
165 | */ | |
166 | u_int retransmit_jitter; | |
167 | ||
168 | /** | |
169 | * Limit retransmit timeout to this value | |
170 | */ | |
171 | uint32_t retransmit_limit; | |
172 | ||
349f7f24 MW |
173 | /** |
174 | * Use make-before-break instead of break-before-make reauth? | |
175 | */ | |
176 | bool make_before_break; | |
c60c7694 MW |
177 | }; |
178 | ||
208678e6 TB |
179 | /** |
180 | * Queued tasks | |
181 | */ | |
182 | struct queued_task_t { | |
183 | ||
184 | /** | |
185 | * Queued task | |
186 | */ | |
187 | task_t *task; | |
188 | ||
189 | /** | |
190 | * Time before which the task is not to be initiated | |
191 | */ | |
192 | timeval_t time; | |
193 | }; | |
194 | ||
b678d9e1 TB |
195 | /** |
196 | * Reset retransmission packet list | |
197 | */ | |
198 | static void clear_packets(array_t *array) | |
199 | { | |
200 | packet_t *packet; | |
201 | ||
202 | while (array_remove(array, ARRAY_TAIL, &packet)) | |
203 | { | |
204 | packet->destroy(packet); | |
205 | } | |
206 | } | |
207 | ||
a5c79960 MW |
208 | METHOD(task_manager_t, flush_queue, void, |
209 | private_task_manager_t *this, task_queue_t queue) | |
210 | { | |
6207fadb | 211 | array_t *array; |
a5c79960 MW |
212 | task_t *task; |
213 | ||
214 | switch (queue) | |
215 | { | |
216 | case TASK_QUEUE_ACTIVE: | |
6207fadb | 217 | array = this->active_tasks; |
a5c79960 MW |
218 | break; |
219 | case TASK_QUEUE_PASSIVE: | |
6207fadb | 220 | array = this->passive_tasks; |
a5c79960 MW |
221 | break; |
222 | case TASK_QUEUE_QUEUED: | |
6207fadb | 223 | array = this->queued_tasks; |
a5c79960 MW |
224 | break; |
225 | default: | |
226 | return; | |
227 | } | |
6207fadb | 228 | while (array_remove(array, ARRAY_TAIL, &task)) |
a5c79960 | 229 | { |
208678e6 TB |
230 | if (queue == TASK_QUEUE_QUEUED) |
231 | { | |
232 | queued_task_t *queued = (queued_task_t*)task; | |
233 | task = queued->task; | |
234 | free(queued); | |
235 | } | |
a5c79960 MW |
236 | task->destroy(task); |
237 | } | |
238 | } | |
239 | ||
b1908994 TE |
240 | METHOD(task_manager_t, flush, void, |
241 | private_task_manager_t *this) | |
0f33e826 | 242 | { |
a5c79960 MW |
243 | flush_queue(this, TASK_QUEUE_QUEUED); |
244 | flush_queue(this, TASK_QUEUE_PASSIVE); | |
245 | flush_queue(this, TASK_QUEUE_ACTIVE); | |
0f33e826 MW |
246 | } |
247 | ||
c60c7694 | 248 | /** |
208678e6 TB |
249 | * Move a task of a specific type from the queue to the active list, if it is |
250 | * not delayed. | |
c60c7694 MW |
251 | */ |
252 | static bool activate_task(private_task_manager_t *this, task_type_t type) | |
253 | { | |
e2630434 | 254 | enumerator_t *enumerator; |
208678e6 TB |
255 | queued_task_t *queued; |
256 | timeval_t now; | |
c60c7694 | 257 | bool found = FALSE; |
7daf5226 | 258 | |
208678e6 TB |
259 | time_monotonic(&now); |
260 | ||
6207fadb | 261 | enumerator = array_create_enumerator(this->queued_tasks); |
208678e6 | 262 | while (enumerator->enumerate(enumerator, (void**)&queued)) |
c60c7694 | 263 | { |
208678e6 TB |
264 | if (queued->task->get_type(queued->task) == type && |
265 | !timercmp(&now, &queued->time, <)) | |
c60c7694 MW |
266 | { |
267 | DBG2(DBG_IKE, " activating %N task", task_type_names, type); | |
6207fadb | 268 | array_remove_at(this->queued_tasks, enumerator); |
208678e6 TB |
269 | array_insert(this->active_tasks, ARRAY_TAIL, queued->task); |
270 | free(queued); | |
c60c7694 MW |
271 | found = TRUE; |
272 | break; | |
273 | } | |
274 | } | |
e2630434 | 275 | enumerator->destroy(enumerator); |
c60c7694 MW |
276 | return found; |
277 | } | |
278 | ||
b678d9e1 TB |
279 | /** |
280 | * Send packets in the given array (they get cloned). Optionally, the | |
281 | * source and destination addresses are changed before sending it. | |
282 | */ | |
283 | static void send_packets(private_task_manager_t *this, array_t *packets, | |
284 | host_t *src, host_t *dst) | |
285 | { | |
286 | packet_t *packet, *clone; | |
287 | int i; | |
288 | ||
289 | for (i = 0; i < array_count(packets); i++) | |
290 | { | |
291 | array_get(packets, i, &packet); | |
292 | clone = packet->clone(packet); | |
293 | if (src) | |
294 | { | |
295 | clone->set_source(clone, src->clone(src)); | |
296 | } | |
297 | if (dst) | |
298 | { | |
299 | clone->set_destination(clone, dst->clone(dst)); | |
300 | } | |
301 | charon->sender->send(charon->sender, clone); | |
302 | } | |
303 | } | |
304 | ||
305 | /** | |
306 | * Generates the given message and stores packet(s) in the given array | |
307 | */ | |
308 | static bool generate_message(private_task_manager_t *this, message_t *message, | |
309 | array_t **packets) | |
310 | { | |
311 | enumerator_t *fragments; | |
312 | packet_t *fragment; | |
313 | ||
314 | if (this->ike_sa->generate_message_fragmented(this->ike_sa, message, | |
315 | &fragments) != SUCCESS) | |
316 | { | |
317 | return FALSE; | |
318 | } | |
319 | while (fragments->enumerate(fragments, &fragment)) | |
320 | { | |
321 | array_insert_create(packets, ARRAY_TAIL, fragment); | |
322 | } | |
323 | fragments->destroy(fragments); | |
324 | array_compress(*packets); | |
325 | return TRUE; | |
326 | } | |
327 | ||
9560a316 | 328 | METHOD(task_manager_t, retransmit, status_t, |
b12c53ce | 329 | private_task_manager_t *this, uint32_t message_id) |
c60c7694 | 330 | { |
b678d9e1 TB |
331 | if (message_id == this->initiating.mid && |
332 | array_count(this->initiating.packets)) | |
c60c7694 | 333 | { |
389e4b8e | 334 | uint32_t timeout, max_jitter; |
c60c7694 | 335 | job_t *job; |
e2630434 | 336 | enumerator_t *enumerator; |
5474dc65 MW |
337 | packet_t *packet; |
338 | task_t *task; | |
f215e919 | 339 | ike_mobike_t *mobike = NULL; |
7daf5226 | 340 | |
b678d9e1 TB |
341 | array_get(this->initiating.packets, 0, &packet); |
342 | ||
f215e919 | 343 | /* check if we are retransmitting a MOBIKE routability check */ |
22949c59 | 344 | if (this->initiating.type == INFORMATIONAL) |
5474dc65 | 345 | { |
22949c59 TB |
346 | enumerator = array_create_enumerator(this->active_tasks); |
347 | while (enumerator->enumerate(enumerator, (void*)&task)) | |
5474dc65 | 348 | { |
22949c59 TB |
349 | if (task->get_type(task) == TASK_IKE_MOBIKE) |
350 | { | |
351 | mobike = (ike_mobike_t*)task; | |
352 | break; | |
353 | } | |
5474dc65 | 354 | } |
22949c59 | 355 | enumerator->destroy(enumerator); |
5474dc65 | 356 | } |
f215e919 | 357 | |
de6ab8e8 | 358 | if (!mobike || !mobike->is_probing(mobike)) |
f215e919 | 359 | { |
bc6ff2fc | 360 | if (this->initiating.retransmitted <= this->retransmit_tries) |
f215e919 | 361 | { |
b12c53ce | 362 | timeout = (uint32_t)(this->retransmit_timeout * 1000.0 * |
bc6ff2fc | 363 | pow(this->retransmit_base, this->initiating.retransmitted)); |
389e4b8e | 364 | |
00d54711 TB |
365 | if (this->retransmit_limit) |
366 | { | |
367 | timeout = min(timeout, this->retransmit_limit); | |
368 | } | |
389e4b8e TB |
369 | if (this->retransmit_jitter) |
370 | { | |
371 | max_jitter = (timeout / 100.0) * this->retransmit_jitter; | |
372 | timeout -= max_jitter * (random() / (RAND_MAX + 1.0)); | |
373 | } | |
f215e919 MW |
374 | } |
375 | else | |
376 | { | |
377 | DBG1(DBG_IKE, "giving up after %d retransmits", | |
378 | this->initiating.retransmitted - 1); | |
3c79b7b7 | 379 | charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, |
b678d9e1 | 380 | packet); |
f215e919 MW |
381 | return DESTROY_ME; |
382 | } | |
7daf5226 | 383 | |
f215e919 MW |
384 | if (this->initiating.retransmitted) |
385 | { | |
386 | DBG1(DBG_IKE, "retransmit %d of request with message ID %d", | |
387 | this->initiating.retransmitted, message_id); | |
9da65eae TE |
388 | charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet, |
389 | this->initiating.retransmitted); | |
f215e919 | 390 | } |
de6ab8e8 TB |
391 | if (!mobike) |
392 | { | |
f1aa18b2 TB |
393 | send_packets(this, this->initiating.packets, |
394 | this->ike_sa->get_my_host(this->ike_sa), | |
395 | this->ike_sa->get_other_host(this->ike_sa)); | |
de6ab8e8 | 396 | } |
acd69fc2 | 397 | else |
de6ab8e8 | 398 | { |
b678d9e1 | 399 | if (!mobike->transmit(mobike, packet)) |
acd69fc2 TB |
400 | { |
401 | DBG1(DBG_IKE, "no route found to reach peer, MOBIKE update " | |
402 | "deferred"); | |
403 | this->ike_sa->set_condition(this->ike_sa, COND_STALE, TRUE); | |
404 | this->initiating.deferred = TRUE; | |
405 | return SUCCESS; | |
406 | } | |
407 | else if (mobike->is_probing(mobike)) | |
408 | { | |
409 | timeout = ROUTEABILITY_CHECK_INTERVAL; | |
410 | } | |
de6ab8e8 | 411 | } |
f215e919 MW |
412 | } |
413 | else | |
414 | { /* for routeability checks, we use a more aggressive behavior */ | |
415 | if (this->initiating.retransmitted <= ROUTEABILITY_CHECK_TRIES) | |
416 | { | |
417 | timeout = ROUTEABILITY_CHECK_INTERVAL; | |
418 | } | |
419 | else | |
420 | { | |
421 | DBG1(DBG_IKE, "giving up after %d path probings", | |
422 | this->initiating.retransmitted - 1); | |
423 | return DESTROY_ME; | |
424 | } | |
7daf5226 | 425 | |
f215e919 MW |
426 | if (this->initiating.retransmitted) |
427 | { | |
428 | DBG1(DBG_IKE, "path probing attempt %d", | |
429 | this->initiating.retransmitted); | |
430 | } | |
b678d9e1 TB |
431 | /* TODO-FRAG: presumably these small packets are not fragmented, |
432 | * we should maybe ensure this is the case when generating them */ | |
433 | if (!mobike->transmit(mobike, packet)) | |
10bad0fc TB |
434 | { |
435 | DBG1(DBG_IKE, "no route found to reach peer, path probing " | |
436 | "deferred"); | |
437 | this->ike_sa->set_condition(this->ike_sa, COND_STALE, TRUE); | |
438 | this->initiating.deferred = TRUE; | |
439 | return SUCCESS; | |
440 | } | |
f215e919 | 441 | } |
7daf5226 | 442 | |
f215e919 | 443 | this->initiating.retransmitted++; |
c60c7694 MW |
444 | job = (job_t*)retransmit_job_create(this->initiating.mid, |
445 | this->ike_sa->get_id(this->ike_sa)); | |
bb381e26 | 446 | lib->scheduler->schedule_job_ms(lib->scheduler, job, timeout); |
c60c7694 MW |
447 | } |
448 | return SUCCESS; | |
449 | } | |
450 | ||
9560a316 MW |
451 | METHOD(task_manager_t, initiate, status_t, |
452 | private_task_manager_t *this) | |
c60c7694 | 453 | { |
e2630434 | 454 | enumerator_t *enumerator; |
c60c7694 MW |
455 | task_t *task; |
456 | message_t *message; | |
5474dc65 | 457 | host_t *me, *other; |
c60c7694 | 458 | exchange_type_t exchange = 0; |
7daf5226 | 459 | |
2540992a MW |
460 | if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED) |
461 | { | |
03ffa885 TE |
462 | DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress", |
463 | exchange_type_names, this->initiating.type); | |
2540992a | 464 | /* do not initiate if we already have a message in the air */ |
10bad0fc TB |
465 | if (this->initiating.deferred) |
466 | { /* re-initiate deferred exchange */ | |
467 | this->initiating.deferred = FALSE; | |
468 | this->initiating.retransmitted = 0; | |
469 | return retransmit(this, this->initiating.mid); | |
470 | } | |
2540992a MW |
471 | return SUCCESS; |
472 | } | |
7daf5226 | 473 | |
6207fadb | 474 | if (array_count(this->active_tasks) == 0) |
c60c7694 MW |
475 | { |
476 | DBG2(DBG_IKE, "activating new tasks"); | |
477 | switch (this->ike_sa->get_state(this->ike_sa)) | |
478 | { | |
479 | case IKE_CREATED: | |
a09972df MW |
480 | activate_task(this, TASK_IKE_VENDOR); |
481 | if (activate_task(this, TASK_IKE_INIT)) | |
c60c7694 | 482 | { |
63c47724 | 483 | this->initiating.mid = 0; |
c60c7694 | 484 | exchange = IKE_SA_INIT; |
a09972df MW |
485 | activate_task(this, TASK_IKE_NATD); |
486 | activate_task(this, TASK_IKE_CERT_PRE); | |
dc04b7c7 | 487 | #ifdef ME |
a09972df | 488 | /* this task has to be activated before the TASK_IKE_AUTH |
d5cc1758 TB |
489 | * task, because that task pregenerates the packet after |
490 | * which no payloads can be added to the message anymore. | |
491 | */ | |
a09972df | 492 | activate_task(this, TASK_IKE_ME); |
dc04b7c7 | 493 | #endif /* ME */ |
a09972df MW |
494 | activate_task(this, TASK_IKE_AUTH); |
495 | activate_task(this, TASK_IKE_CERT_POST); | |
496 | activate_task(this, TASK_IKE_CONFIG); | |
497 | activate_task(this, TASK_CHILD_CREATE); | |
498 | activate_task(this, TASK_IKE_AUTH_LIFETIME); | |
499 | activate_task(this, TASK_IKE_MOBIKE); | |
c60c7694 MW |
500 | } |
501 | break; | |
502 | case IKE_ESTABLISHED: | |
9e3ab0d1 | 503 | if (activate_task(this, TASK_IKE_MOBIKE)) |
c60c7694 | 504 | { |
9e3ab0d1 | 505 | exchange = INFORMATIONAL; |
c60c7694 MW |
506 | break; |
507 | } | |
9e3ab0d1 | 508 | if (activate_task(this, TASK_IKE_DELETE)) |
c60c7694 MW |
509 | { |
510 | exchange = INFORMATIONAL; | |
511 | break; | |
512 | } | |
0840385b TB |
513 | if (activate_task(this, TASK_IKE_REDIRECT)) |
514 | { | |
515 | exchange = INFORMATIONAL; | |
516 | break; | |
517 | } | |
9e3ab0d1 | 518 | if (activate_task(this, TASK_CHILD_DELETE)) |
c60c7694 | 519 | { |
9e3ab0d1 | 520 | exchange = INFORMATIONAL; |
c60c7694 MW |
521 | break; |
522 | } | |
9e3ab0d1 | 523 | if (activate_task(this, TASK_IKE_REAUTH)) |
c60c7694 MW |
524 | { |
525 | exchange = INFORMATIONAL; | |
526 | break; | |
527 | } | |
9e3ab0d1 | 528 | if (activate_task(this, TASK_CHILD_CREATE)) |
c60c7694 MW |
529 | { |
530 | exchange = CREATE_CHILD_SA; | |
531 | break; | |
532 | } | |
9e3ab0d1 | 533 | if (activate_task(this, TASK_CHILD_REKEY)) |
26424f03 | 534 | { |
9e3ab0d1 | 535 | exchange = CREATE_CHILD_SA; |
26424f03 MW |
536 | break; |
537 | } | |
9e3ab0d1 | 538 | if (activate_task(this, TASK_IKE_REKEY)) |
4cb9d7a7 | 539 | { |
9e3ab0d1 | 540 | exchange = CREATE_CHILD_SA; |
4cb9d7a7 MW |
541 | break; |
542 | } | |
a09972df | 543 | if (activate_task(this, TASK_IKE_DPD)) |
c60c7694 MW |
544 | { |
545 | exchange = INFORMATIONAL; | |
546 | break; | |
547 | } | |
b1f2f05c MW |
548 | if (activate_task(this, TASK_IKE_AUTH_LIFETIME)) |
549 | { | |
550 | exchange = INFORMATIONAL; | |
551 | break; | |
552 | } | |
dc04b7c7 | 553 | #ifdef ME |
a09972df | 554 | if (activate_task(this, TASK_IKE_ME)) |
d5cc1758 | 555 | { |
dc04b7c7 | 556 | exchange = ME_CONNECT; |
d5cc1758 TB |
557 | break; |
558 | } | |
dc04b7c7 | 559 | #endif /* ME */ |
3676023e MW |
560 | if (activate_task(this, TASK_IKE_REAUTH_COMPLETE)) |
561 | { | |
562 | exchange = INFORMATIONAL; | |
563 | break; | |
564 | } | |
8ce78e43 TB |
565 | if (activate_task(this, TASK_IKE_VERIFY_PEER_CERT)) |
566 | { | |
567 | exchange = INFORMATIONAL; | |
568 | break; | |
569 | } | |
c60c7694 | 570 | case IKE_REKEYING: |
bb389973 | 571 | case IKE_REKEYED: |
a09972df | 572 | if (activate_task(this, TASK_IKE_DELETE)) |
c60c7694 MW |
573 | { |
574 | exchange = INFORMATIONAL; | |
575 | break; | |
576 | } | |
577 | case IKE_DELETING: | |
578 | default: | |
579 | break; | |
580 | } | |
581 | } | |
582 | else | |
583 | { | |
584 | DBG2(DBG_IKE, "reinitiating already active tasks"); | |
6207fadb MW |
585 | enumerator = array_create_enumerator(this->active_tasks); |
586 | while (enumerator->enumerate(enumerator, &task)) | |
c60c7694 MW |
587 | { |
588 | DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task)); | |
589 | switch (task->get_type(task)) | |
590 | { | |
a09972df | 591 | case TASK_IKE_INIT: |
c60c7694 MW |
592 | exchange = IKE_SA_INIT; |
593 | break; | |
a09972df | 594 | case TASK_IKE_AUTH: |
c60c7694 MW |
595 | exchange = IKE_AUTH; |
596 | break; | |
a09972df MW |
597 | case TASK_CHILD_CREATE: |
598 | case TASK_CHILD_REKEY: | |
599 | case TASK_IKE_REKEY: | |
1fd5383e MW |
600 | exchange = CREATE_CHILD_SA; |
601 | break; | |
a09972df | 602 | case TASK_IKE_MOBIKE: |
2b3100b5 | 603 | exchange = INFORMATIONAL; |
d46f8575 | 604 | break; |
c60c7694 MW |
605 | default: |
606 | continue; | |
607 | } | |
608 | break; | |
609 | } | |
e2630434 | 610 | enumerator->destroy(enumerator); |
c60c7694 | 611 | } |
7daf5226 | 612 | |
c60c7694 MW |
613 | if (exchange == 0) |
614 | { | |
615 | DBG2(DBG_IKE, "nothing to initiate"); | |
616 | /* nothing to do yet... */ | |
617 | return SUCCESS; | |
618 | } | |
7daf5226 | 619 | |
5474dc65 MW |
620 | me = this->ike_sa->get_my_host(this->ike_sa); |
621 | other = this->ike_sa->get_other_host(this->ike_sa); | |
7daf5226 | 622 | |
4ed52db2 | 623 | message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); |
c60c7694 | 624 | message->set_message_id(message, this->initiating.mid); |
5474dc65 MW |
625 | message->set_source(message, me->clone(me)); |
626 | message->set_destination(message, other->clone(other)); | |
c60c7694 MW |
627 | message->set_exchange_type(message, exchange); |
628 | this->initiating.type = exchange; | |
629 | this->initiating.retransmitted = 0; | |
10bad0fc | 630 | this->initiating.deferred = FALSE; |
7daf5226 | 631 | |
6207fadb MW |
632 | enumerator = array_create_enumerator(this->active_tasks); |
633 | while (enumerator->enumerate(enumerator, &task)) | |
c60c7694 | 634 | { |
f1f09810 MW |
635 | switch (task->build(task, message)) |
636 | { | |
637 | case SUCCESS: | |
638 | /* task completed, remove it */ | |
6207fadb | 639 | array_remove_at(this->active_tasks, enumerator); |
f1f09810 MW |
640 | task->destroy(task); |
641 | break; | |
642 | case NEED_MORE: | |
643 | /* processed, but task needs another exchange */ | |
644 | break; | |
645 | case FAILED: | |
646 | default: | |
bee6515a | 647 | this->initiating.type = EXCHANGE_TYPE_UNDEFINED; |
bb389973 TB |
648 | if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING && |
649 | this->ike_sa->get_state(this->ike_sa) != IKE_REKEYED) | |
977ec0c3 MW |
650 | { |
651 | charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); | |
652 | } | |
653 | /* FALL */ | |
654 | case DESTROY_ME: | |
f1f09810 | 655 | /* critical failure, destroy IKE_SA */ |
e2630434 | 656 | enumerator->destroy(enumerator); |
c60c7694 | 657 | message->destroy(message); |
0f33e826 | 658 | flush(this); |
f1f09810 MW |
659 | return DESTROY_ME; |
660 | } | |
c60c7694 | 661 | } |
e2630434 | 662 | enumerator->destroy(enumerator); |
7daf5226 | 663 | |
394eb35b MW |
664 | /* update exchange type if a task changed it */ |
665 | this->initiating.type = message->get_exchange_type(message); | |
52bd3b8e MW |
666 | if (this->initiating.type == EXCHANGE_TYPE_UNDEFINED) |
667 | { | |
668 | message->destroy(message); | |
034a4629 | 669 | return initiate(this); |
52bd3b8e | 670 | } |
7daf5226 | 671 | |
b678d9e1 | 672 | if (!generate_message(this, message, &this->initiating.packets)) |
c60c7694 | 673 | { |
f1f09810 | 674 | /* message generation failed. There is nothing more to do than to |
c60c7694 | 675 | * close the SA */ |
f1f09810 | 676 | message->destroy(message); |
0f33e826 | 677 | flush(this); |
977ec0c3 | 678 | charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); |
f1f09810 | 679 | return DESTROY_ME; |
5474dc65 | 680 | } |
f1f09810 | 681 | message->destroy(message); |
7daf5226 | 682 | |
6207fadb MW |
683 | array_compress(this->active_tasks); |
684 | array_compress(this->queued_tasks); | |
685 | ||
c60c7694 MW |
686 | return retransmit(this, this->initiating.mid); |
687 | } | |
688 | ||
689 | /** | |
690 | * handle an incoming response message | |
691 | */ | |
692 | static status_t process_response(private_task_manager_t *this, | |
693 | message_t *message) | |
694 | { | |
e2630434 | 695 | enumerator_t *enumerator; |
c60c7694 | 696 | task_t *task; |
7daf5226 | 697 | |
c60c7694 MW |
698 | if (message->get_exchange_type(message) != this->initiating.type) |
699 | { | |
700 | DBG1(DBG_IKE, "received %N response, but expected %N", | |
701 | exchange_type_names, message->get_exchange_type(message), | |
702 | exchange_type_names, this->initiating.type); | |
977ec0c3 | 703 | charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); |
c60c7694 MW |
704 | return DESTROY_ME; |
705 | } | |
7daf5226 | 706 | |
4b836193 TB |
707 | enumerator = array_create_enumerator(this->active_tasks); |
708 | while (enumerator->enumerate(enumerator, &task)) | |
709 | { | |
710 | if (!task->pre_process) | |
711 | { | |
712 | continue; | |
713 | } | |
714 | switch (task->pre_process(task, message)) | |
715 | { | |
716 | case SUCCESS: | |
717 | break; | |
718 | case FAILED: | |
719 | default: | |
720 | /* just ignore the message */ | |
721 | DBG1(DBG_IKE, "ignore invalid %N response", | |
722 | exchange_type_names, message->get_exchange_type(message)); | |
723 | enumerator->destroy(enumerator); | |
724 | return SUCCESS; | |
725 | case DESTROY_ME: | |
726 | /* critical failure, destroy IKE_SA */ | |
727 | enumerator->destroy(enumerator); | |
728 | return DESTROY_ME; | |
729 | } | |
730 | } | |
731 | enumerator->destroy(enumerator); | |
732 | ||
0ddda7ca | 733 | if (this->initiating.retransmitted > 1) |
bd71ba0f TB |
734 | { |
735 | packet_t *packet = NULL; | |
736 | array_get(this->initiating.packets, 0, &packet); | |
737 | charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet); | |
738 | } | |
739 | ||
17d92e97 MW |
740 | /* catch if we get resetted while processing */ |
741 | this->reset = FALSE; | |
6207fadb MW |
742 | enumerator = array_create_enumerator(this->active_tasks); |
743 | while (enumerator->enumerate(enumerator, &task)) | |
c60c7694 | 744 | { |
f1f09810 MW |
745 | switch (task->process(task, message)) |
746 | { | |
747 | case SUCCESS: | |
748 | /* task completed, remove it */ | |
6207fadb | 749 | array_remove_at(this->active_tasks, enumerator); |
f1f09810 MW |
750 | task->destroy(task); |
751 | break; | |
752 | case NEED_MORE: | |
753 | /* processed, but task needs another exchange */ | |
754 | break; | |
755 | case FAILED: | |
756 | default: | |
977ec0c3 MW |
757 | charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); |
758 | /* FALL */ | |
759 | case DESTROY_ME: | |
f1f09810 | 760 | /* critical failure, destroy IKE_SA */ |
6207fadb | 761 | array_remove_at(this->active_tasks, enumerator); |
e2630434 | 762 | enumerator->destroy(enumerator); |
394eb35b | 763 | task->destroy(task); |
f1f09810 MW |
764 | return DESTROY_ME; |
765 | } | |
766 | if (this->reset) | |
767 | { /* start all over again if we were reset */ | |
768 | this->reset = FALSE; | |
e2630434 | 769 | enumerator->destroy(enumerator); |
9560a316 | 770 | return initiate(this); |
484a06bc | 771 | } |
c60c7694 | 772 | } |
e2630434 | 773 | enumerator->destroy(enumerator); |
7daf5226 | 774 | |
c60c7694 | 775 | this->initiating.mid++; |
2540992a | 776 | this->initiating.type = EXCHANGE_TYPE_UNDEFINED; |
b678d9e1 | 777 | clear_packets(this->initiating.packets); |
7daf5226 | 778 | |
6207fadb MW |
779 | array_compress(this->active_tasks); |
780 | ||
9560a316 | 781 | return initiate(this); |
c60c7694 MW |
782 | } |
783 | ||
195ada0b MW |
784 | /** |
785 | * handle exchange collisions | |
786 | */ | |
3ced6b51 | 787 | static bool handle_collisions(private_task_manager_t *this, task_t *task) |
195ada0b | 788 | { |
e2630434 | 789 | enumerator_t *enumerator; |
195ada0b MW |
790 | task_t *active; |
791 | task_type_t type; | |
7daf5226 | 792 | |
195ada0b | 793 | type = task->get_type(task); |
7daf5226 | 794 | |
4315f5c8 | 795 | /* do we have to check */ |
a09972df | 796 | if (type == TASK_IKE_REKEY || type == TASK_CHILD_REKEY || |
74265761 | 797 | type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE) |
4315f5c8 | 798 | { |
f1f09810 | 799 | /* find an exchange collision, and notify these tasks */ |
6207fadb MW |
800 | enumerator = array_create_enumerator(this->active_tasks); |
801 | while (enumerator->enumerate(enumerator, &active)) | |
f1f09810 MW |
802 | { |
803 | switch (active->get_type(active)) | |
804 | { | |
a09972df | 805 | case TASK_IKE_REKEY: |
74265761 | 806 | if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE) |
f1f09810 MW |
807 | { |
808 | ike_rekey_t *rekey = (ike_rekey_t*)active; | |
809 | rekey->collide(rekey, task); | |
810 | break; | |
811 | } | |
812 | continue; | |
a09972df MW |
813 | case TASK_CHILD_REKEY: |
814 | if (type == TASK_CHILD_REKEY || type == TASK_CHILD_DELETE) | |
f1f09810 MW |
815 | { |
816 | child_rekey_t *rekey = (child_rekey_t*)active; | |
817 | rekey->collide(rekey, task); | |
818 | break; | |
819 | } | |
820 | continue; | |
821 | default: | |
822 | continue; | |
823 | } | |
e2630434 | 824 | enumerator->destroy(enumerator); |
3ced6b51 | 825 | return TRUE; |
4315f5c8 | 826 | } |
e2630434 | 827 | enumerator->destroy(enumerator); |
195ada0b | 828 | } |
3ced6b51 | 829 | return FALSE; |
195ada0b MW |
830 | } |
831 | ||
c60c7694 MW |
832 | /** |
833 | * build a response depending on the "passive" task list | |
834 | */ | |
5474dc65 | 835 | static status_t build_response(private_task_manager_t *this, message_t *request) |
c60c7694 | 836 | { |
e2630434 | 837 | enumerator_t *enumerator; |
c60c7694 MW |
838 | task_t *task; |
839 | message_t *message; | |
5474dc65 | 840 | host_t *me, *other; |
fb57904c | 841 | bool delete = FALSE, hook = FALSE, mid_sync = FALSE; |
2ec3552f | 842 | ike_sa_id_t *id = NULL; |
b12c53ce | 843 | uint64_t responder_spi = 0; |
b678d9e1 | 844 | bool result; |
7daf5226 | 845 | |
5474dc65 MW |
846 | me = request->get_destination(request); |
847 | other = request->get_source(request); | |
7daf5226 | 848 | |
4ed52db2 | 849 | message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); |
5474dc65 MW |
850 | message->set_exchange_type(message, request->get_exchange_type(request)); |
851 | /* send response along the path the request came in */ | |
852 | message->set_source(message, me->clone(me)); | |
853 | message->set_destination(message, other->clone(other)); | |
c60c7694 MW |
854 | message->set_message_id(message, this->responding.mid); |
855 | message->set_request(message, FALSE); | |
7daf5226 | 856 | |
6207fadb | 857 | enumerator = array_create_enumerator(this->passive_tasks); |
e2630434 | 858 | while (enumerator->enumerate(enumerator, (void*)&task)) |
c60c7694 | 859 | { |
fb57904c TB |
860 | if (task->get_type(task) == TASK_IKE_MID_SYNC) |
861 | { | |
862 | mid_sync = TRUE; | |
863 | } | |
f1f09810 MW |
864 | switch (task->build(task, message)) |
865 | { | |
866 | case SUCCESS: | |
867 | /* task completed, remove it */ | |
6207fadb | 868 | array_remove_at(this->passive_tasks, enumerator); |
3ced6b51 MW |
869 | if (!handle_collisions(this, task)) |
870 | { | |
871 | task->destroy(task); | |
872 | } | |
873 | break; | |
f1f09810 MW |
874 | case NEED_MORE: |
875 | /* processed, but task needs another exchange */ | |
3ced6b51 MW |
876 | if (handle_collisions(this, task)) |
877 | { | |
6207fadb | 878 | array_remove_at(this->passive_tasks, enumerator); |
3ced6b51 | 879 | } |
f1f09810 MW |
880 | break; |
881 | case FAILED: | |
882 | default: | |
b24be296 MW |
883 | hook = TRUE; |
884 | /* FALL */ | |
885 | case DESTROY_ME: | |
f1f09810 | 886 | /* destroy IKE_SA, but SEND response first */ |
1cca2070 TB |
887 | if (handle_collisions(this, task)) |
888 | { | |
889 | array_remove_at(this->passive_tasks, enumerator); | |
890 | } | |
f1f09810 MW |
891 | delete = TRUE; |
892 | break; | |
893 | } | |
894 | if (delete) | |
895 | { | |
896 | break; | |
897 | } | |
c60c7694 | 898 | } |
e2630434 | 899 | enumerator->destroy(enumerator); |
7daf5226 | 900 | |
2ec3552f TB |
901 | /* RFC 5996, section 2.6 mentions that in the event of a failure during |
902 | * IKE_SA_INIT the responder's SPI will be 0 in the response, while it | |
903 | * actually explicitly allows it to be non-zero. Since we use the responder | |
904 | * SPI to create hashes in the IKE_SA manager we can only set the SPI to | |
905 | * zero temporarily, otherwise checking the SA in would fail. */ | |
5474dc65 | 906 | if (delete && request->get_exchange_type(request) == IKE_SA_INIT) |
ddae0f96 | 907 | { |
2ec3552f TB |
908 | id = this->ike_sa->get_id(this->ike_sa); |
909 | responder_spi = id->get_responder_spi(id); | |
ddae0f96 MW |
910 | id->set_responder_spi(id, 0); |
911 | } | |
7daf5226 | 912 | |
c60c7694 | 913 | /* message complete, send it */ |
b678d9e1 TB |
914 | clear_packets(this->responding.packets); |
915 | result = generate_message(this, message, &this->responding.packets); | |
c60c7694 | 916 | message->destroy(message); |
2ec3552f TB |
917 | if (id) |
918 | { | |
919 | id->set_responder_spi(id, responder_spi); | |
920 | } | |
b678d9e1 | 921 | if (!result) |
c60c7694 | 922 | { |
977ec0c3 | 923 | charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); |
f1f09810 | 924 | return DESTROY_ME; |
c60c7694 | 925 | } |
7daf5226 | 926 | |
b678d9e1 | 927 | send_packets(this, this->responding.packets, NULL, NULL); |
c60c7694 MW |
928 | if (delete) |
929 | { | |
b24be296 MW |
930 | if (hook) |
931 | { | |
932 | charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); | |
933 | } | |
c60c7694 MW |
934 | return DESTROY_ME; |
935 | } | |
fb57904c TB |
936 | else if (mid_sync) |
937 | { | |
938 | /* we don't want to resend messages to sync MIDs if requests with the | |
939 | * previous MID arrive */ | |
940 | clear_packets(this->responding.packets); | |
c3d98d29 TB |
941 | /* avoid increasing the expected message ID after handling a message |
942 | * to sync MIDs with MID 0 */ | |
943 | return NEED_MORE; | |
fb57904c | 944 | } |
6207fadb MW |
945 | |
946 | array_compress(this->passive_tasks); | |
947 | ||
c60c7694 MW |
948 | return SUCCESS; |
949 | } | |
950 | ||
951 | /** | |
952 | * handle an incoming request message | |
953 | */ | |
954 | static status_t process_request(private_task_manager_t *this, | |
955 | message_t *message) | |
956 | { | |
a44bb934 | 957 | enumerator_t *enumerator; |
c60c7694 | 958 | task_t *task = NULL; |
c60c7694 MW |
959 | payload_t *payload; |
960 | notify_payload_t *notify; | |
4cb9d7a7 | 961 | delete_payload_t *delete; |
bb389973 | 962 | ike_sa_state_t state; |
7daf5226 | 963 | |
6207fadb | 964 | if (array_count(this->passive_tasks) == 0) |
0ce19b27 | 965 | { /* create tasks depending on request type, if not already some queued */ |
bb389973 | 966 | state = this->ike_sa->get_state(this->ike_sa); |
0ce19b27 | 967 | switch (message->get_exchange_type(message)) |
c60c7694 | 968 | { |
0ce19b27 MW |
969 | case IKE_SA_INIT: |
970 | { | |
a5a0bcaa | 971 | task = (task_t*)ike_vendor_create(this->ike_sa, FALSE); |
6207fadb | 972 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
347488bd | 973 | task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL); |
6207fadb | 974 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
0ce19b27 | 975 | task = (task_t*)ike_natd_create(this->ike_sa, FALSE); |
6207fadb | 976 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
0ce19b27 | 977 | task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE); |
6207fadb | 978 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
484a06bc | 979 | #ifdef ME |
0ce19b27 | 980 | task = (task_t*)ike_me_create(this->ike_sa, FALSE); |
6207fadb | 981 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
dc04b7c7 | 982 | #endif /* ME */ |
0ce19b27 | 983 | task = (task_t*)ike_auth_create(this->ike_sa, FALSE); |
6207fadb | 984 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
0ce19b27 | 985 | task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE); |
6207fadb | 986 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
0ce19b27 | 987 | task = (task_t*)ike_config_create(this->ike_sa, FALSE); |
6207fadb | 988 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
f669f453 MW |
989 | task = (task_t*)child_create_create(this->ike_sa, NULL, FALSE, |
990 | NULL, NULL); | |
6207fadb | 991 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
0ce19b27 | 992 | task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE); |
6207fadb | 993 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
0ce19b27 | 994 | task = (task_t*)ike_mobike_create(this->ike_sa, FALSE); |
6207fadb | 995 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
0ce19b27 MW |
996 | break; |
997 | } | |
998 | case CREATE_CHILD_SA: | |
999 | { /* FIXME: we should prevent this on mediation connections */ | |
1000 | bool notify_found = FALSE, ts_found = FALSE; | |
85030771 | 1001 | |
bb389973 TB |
1002 | if (state == IKE_CREATED || |
1003 | state == IKE_CONNECTING) | |
85030771 MW |
1004 | { |
1005 | DBG1(DBG_IKE, "received CREATE_CHILD_SA request for " | |
1006 | "unestablished IKE_SA, rejected"); | |
1007 | return FAILED; | |
1008 | } | |
1009 | ||
0ce19b27 MW |
1010 | enumerator = message->create_payload_enumerator(message); |
1011 | while (enumerator->enumerate(enumerator, &payload)) | |
c60c7694 | 1012 | { |
0ce19b27 | 1013 | switch (payload->get_type(payload)) |
c60c7694 | 1014 | { |
3ecfc83c | 1015 | case PLV2_NOTIFY: |
0ce19b27 MW |
1016 | { /* if we find a rekey notify, its CHILD_SA rekeying */ |
1017 | notify = (notify_payload_t*)payload; | |
1018 | if (notify->get_notify_type(notify) == REKEY_SA && | |
1019 | (notify->get_protocol_id(notify) == PROTO_AH || | |
1020 | notify->get_protocol_id(notify) == PROTO_ESP)) | |
1021 | { | |
1022 | notify_found = TRUE; | |
1023 | } | |
1024 | break; | |
c60c7694 | 1025 | } |
3ecfc83c MW |
1026 | case PLV2_TS_INITIATOR: |
1027 | case PLV2_TS_RESPONDER: | |
0ce19b27 MW |
1028 | { /* if we don't find a TS, its IKE rekeying */ |
1029 | ts_found = TRUE; | |
1030 | break; | |
1031 | } | |
1032 | default: | |
1033 | break; | |
c60c7694 | 1034 | } |
c60c7694 | 1035 | } |
0ce19b27 | 1036 | enumerator->destroy(enumerator); |
7daf5226 | 1037 | |
0ce19b27 | 1038 | if (ts_found) |
c60c7694 | 1039 | { |
0ce19b27 MW |
1040 | if (notify_found) |
1041 | { | |
1042 | task = (task_t*)child_rekey_create(this->ike_sa, | |
1043 | PROTO_NONE, 0); | |
1044 | } | |
1045 | else | |
1046 | { | |
f669f453 MW |
1047 | task = (task_t*)child_create_create(this->ike_sa, NULL, |
1048 | FALSE, NULL, NULL); | |
0ce19b27 | 1049 | } |
c60c7694 MW |
1050 | } |
1051 | else | |
1052 | { | |
0ce19b27 | 1053 | task = (task_t*)ike_rekey_create(this->ike_sa, FALSE); |
c60c7694 | 1054 | } |
6207fadb | 1055 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
0ce19b27 | 1056 | break; |
c60c7694 | 1057 | } |
0ce19b27 | 1058 | case INFORMATIONAL: |
c60c7694 | 1059 | { |
0ce19b27 MW |
1060 | enumerator = message->create_payload_enumerator(message); |
1061 | while (enumerator->enumerate(enumerator, &payload)) | |
c60c7694 | 1062 | { |
0ce19b27 | 1063 | switch (payload->get_type(payload)) |
4cb9d7a7 | 1064 | { |
3ecfc83c | 1065 | case PLV2_NOTIFY: |
4cb9d7a7 | 1066 | { |
0ce19b27 | 1067 | notify = (notify_payload_t*)payload; |
bb389973 TB |
1068 | if (state == IKE_REKEYED) |
1069 | { | |
1070 | DBG1(DBG_IKE, "received unexpected notify %N " | |
1071 | "for rekeyed IKE_SA, ignored", | |
1072 | notify_type_names, | |
1073 | notify->get_notify_type(notify)); | |
1074 | break; | |
1075 | } | |
0ce19b27 MW |
1076 | switch (notify->get_notify_type(notify)) |
1077 | { | |
1078 | case ADDITIONAL_IP4_ADDRESS: | |
1079 | case ADDITIONAL_IP6_ADDRESS: | |
1080 | case NO_ADDITIONAL_ADDRESSES: | |
1081 | case UPDATE_SA_ADDRESSES: | |
1082 | case NO_NATS_ALLOWED: | |
1083 | case UNACCEPTABLE_ADDRESSES: | |
1084 | case UNEXPECTED_NAT_DETECTED: | |
1085 | case COOKIE2: | |
1086 | case NAT_DETECTION_SOURCE_IP: | |
1087 | case NAT_DETECTION_DESTINATION_IP: | |
1088 | task = (task_t*)ike_mobike_create( | |
1089 | this->ike_sa, FALSE); | |
1090 | break; | |
1091 | case AUTH_LIFETIME: | |
1092 | task = (task_t*)ike_auth_lifetime_create( | |
1093 | this->ike_sa, FALSE); | |
1094 | break; | |
ca74bf7a MW |
1095 | case AUTHENTICATION_FAILED: |
1096 | /* initiator failed to authenticate us. | |
1097 | * We use ike_delete to handle this, which | |
1098 | * invokes all the required hooks. */ | |
1099 | task = (task_t*)ike_delete_create( | |
1100 | this->ike_sa, FALSE); | |
0840385b TB |
1101 | break; |
1102 | case REDIRECT: | |
1103 | task = (task_t*)ike_redirect_create( | |
1104 | this->ike_sa, NULL); | |
1105 | break; | |
5ab59221 TB |
1106 | case IKEV2_MESSAGE_ID_SYNC: |
1107 | task = (task_t*)ike_mid_sync_create( | |
1108 | this->ike_sa); | |
1109 | break; | |
0ce19b27 MW |
1110 | default: |
1111 | break; | |
1112 | } | |
1113 | break; | |
4cb9d7a7 | 1114 | } |
3ecfc83c | 1115 | case PLV2_DELETE: |
4cb9d7a7 | 1116 | { |
0ce19b27 MW |
1117 | delete = (delete_payload_t*)payload; |
1118 | if (delete->get_protocol_id(delete) == PROTO_IKE) | |
1119 | { | |
1120 | task = (task_t*)ike_delete_create(this->ike_sa, | |
1121 | FALSE); | |
1122 | } | |
1123 | else | |
1124 | { | |
1125 | task = (task_t*)child_delete_create(this->ike_sa, | |
3a925f74 | 1126 | PROTO_NONE, 0, FALSE); |
0ce19b27 MW |
1127 | } |
1128 | break; | |
4cb9d7a7 | 1129 | } |
0ce19b27 MW |
1130 | default: |
1131 | break; | |
4cb9d7a7 | 1132 | } |
0ce19b27 MW |
1133 | if (task) |
1134 | { | |
4cb9d7a7 | 1135 | break; |
0ce19b27 | 1136 | } |
c60c7694 | 1137 | } |
0ce19b27 | 1138 | enumerator->destroy(enumerator); |
7daf5226 | 1139 | |
0ce19b27 | 1140 | if (task == NULL) |
3bc62fe7 | 1141 | { |
0ce19b27 | 1142 | task = (task_t*)ike_dpd_create(FALSE); |
3bc62fe7 | 1143 | } |
6207fadb | 1144 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
0ce19b27 | 1145 | break; |
c60c7694 | 1146 | } |
0ce19b27 MW |
1147 | #ifdef ME |
1148 | case ME_CONNECT: | |
c60c7694 | 1149 | { |
0ce19b27 | 1150 | task = (task_t*)ike_me_create(this->ike_sa, FALSE); |
6207fadb | 1151 | array_insert(this->passive_tasks, ARRAY_TAIL, task); |
c60c7694 | 1152 | } |
dc04b7c7 | 1153 | #endif /* ME */ |
0ce19b27 MW |
1154 | default: |
1155 | break; | |
1156 | } | |
c60c7694 | 1157 | } |
7daf5226 | 1158 | |
fb7cc16d TB |
1159 | enumerator = array_create_enumerator(this->passive_tasks); |
1160 | while (enumerator->enumerate(enumerator, &task)) | |
1161 | { | |
1162 | if (!task->pre_process) | |
1163 | { | |
1164 | continue; | |
1165 | } | |
1166 | switch (task->pre_process(task, message)) | |
1167 | { | |
1168 | case SUCCESS: | |
1169 | break; | |
1170 | case FAILED: | |
1171 | default: | |
1172 | /* just ignore the message */ | |
1173 | DBG1(DBG_IKE, "ignore invalid %N request", | |
1174 | exchange_type_names, message->get_exchange_type(message)); | |
1175 | enumerator->destroy(enumerator); | |
1176 | switch (message->get_exchange_type(message)) | |
1177 | { | |
1178 | case IKE_SA_INIT: | |
1179 | /* no point in keeping the SA when it was created with | |
1180 | * an invalid IKE_SA_INIT message */ | |
1181 | return DESTROY_ME; | |
1182 | default: | |
1183 | /* remove tasks we queued for this request */ | |
1184 | flush_queue(this, TASK_QUEUE_PASSIVE); | |
1185 | /* fall-through */ | |
1186 | case IKE_AUTH: | |
1187 | return NEED_MORE; | |
1188 | } | |
1189 | case DESTROY_ME: | |
1190 | /* critical failure, destroy IKE_SA */ | |
1191 | enumerator->destroy(enumerator); | |
1192 | return DESTROY_ME; | |
1193 | } | |
1194 | } | |
1195 | enumerator->destroy(enumerator); | |
1196 | ||
c60c7694 | 1197 | /* let the tasks process the message */ |
6207fadb | 1198 | enumerator = array_create_enumerator(this->passive_tasks); |
e2630434 | 1199 | while (enumerator->enumerate(enumerator, (void*)&task)) |
c60c7694 | 1200 | { |
f1f09810 MW |
1201 | switch (task->process(task, message)) |
1202 | { | |
1203 | case SUCCESS: | |
1204 | /* task completed, remove it */ | |
6207fadb | 1205 | array_remove_at(this->passive_tasks, enumerator); |
f1f09810 MW |
1206 | task->destroy(task); |
1207 | break; | |
1208 | case NEED_MORE: | |
1209 | /* processed, but task needs at least another call to build() */ | |
1210 | break; | |
1211 | case FAILED: | |
1212 | default: | |
977ec0c3 MW |
1213 | charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); |
1214 | /* FALL */ | |
1215 | case DESTROY_ME: | |
f1f09810 | 1216 | /* critical failure, destroy IKE_SA */ |
6207fadb | 1217 | array_remove_at(this->passive_tasks, enumerator); |
e2630434 | 1218 | enumerator->destroy(enumerator); |
394eb35b | 1219 | task->destroy(task); |
f1f09810 MW |
1220 | return DESTROY_ME; |
1221 | } | |
c60c7694 | 1222 | } |
e2630434 | 1223 | enumerator->destroy(enumerator); |
7daf5226 | 1224 | |
5474dc65 | 1225 | return build_response(this, message); |
c60c7694 MW |
1226 | } |
1227 | ||
68c6863b TB |
1228 | METHOD(task_manager_t, incr_mid, void, |
1229 | private_task_manager_t *this, bool initiate) | |
1230 | { | |
1231 | if (initiate) | |
1232 | { | |
1233 | this->initiating.mid++; | |
1234 | } | |
1235 | else | |
1236 | { | |
1237 | this->responding.mid++; | |
1238 | } | |
1239 | } | |
1240 | ||
05a2be82 TB |
1241 | METHOD(task_manager_t, get_mid, uint32_t, |
1242 | private_task_manager_t *this, bool initiate) | |
1243 | { | |
1244 | return initiate ? this->initiating.mid : this->responding.mid; | |
1245 | } | |
1246 | ||
b678d9e1 TB |
1247 | /** |
1248 | * Handle the given IKE fragment, if it is one. | |
1249 | * | |
1250 | * Returns SUCCESS if the message is not a fragment, and NEED_MORE if it was | |
1251 | * handled properly. Error states are returned if the fragment was invalid or | |
1252 | * the reassembled message could not have been processed properly. | |
1253 | */ | |
1254 | static status_t handle_fragment(private_task_manager_t *this, | |
1255 | message_t **defrag, message_t *msg) | |
1256 | { | |
1257 | message_t *reassembled; | |
1258 | status_t status; | |
1259 | ||
1260 | if (!msg->get_payload(msg, PLV2_FRAGMENT)) | |
1261 | { | |
1262 | return SUCCESS; | |
1263 | } | |
1264 | if (!*defrag) | |
1265 | { | |
1266 | *defrag = message_create_defrag(msg); | |
1267 | if (!*defrag) | |
1268 | { | |
1269 | return FAILED; | |
1270 | } | |
1271 | } | |
1272 | status = (*defrag)->add_fragment(*defrag, msg); | |
1273 | if (status == SUCCESS) | |
1274 | { | |
1275 | /* reinject the reassembled message */ | |
1276 | reassembled = *defrag; | |
1277 | *defrag = NULL; | |
1278 | status = this->ike_sa->process_message(this->ike_sa, reassembled); | |
1279 | if (status == SUCCESS) | |
1280 | { | |
1281 | /* avoid processing the last fragment */ | |
1282 | status = NEED_MORE; | |
1283 | } | |
1284 | reassembled->destroy(reassembled); | |
1285 | } | |
1286 | return status; | |
1287 | } | |
1288 | ||
68c6863b TB |
1289 | /** |
1290 | * Send a notify back to the sender | |
1291 | */ | |
1292 | static void send_notify_response(private_task_manager_t *this, | |
1293 | message_t *request, notify_type_t type, | |
1294 | chunk_t data) | |
1295 | { | |
1296 | message_t *response; | |
1297 | packet_t *packet; | |
1298 | host_t *me, *other; | |
1299 | ||
1300 | response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); | |
1301 | response->set_exchange_type(response, request->get_exchange_type(request)); | |
1302 | response->set_request(response, FALSE); | |
1303 | response->set_message_id(response, request->get_message_id(request)); | |
1304 | response->add_notify(response, FALSE, type, data); | |
1305 | me = this->ike_sa->get_my_host(this->ike_sa); | |
1306 | if (me->is_anyaddr(me)) | |
1307 | { | |
1308 | me = request->get_destination(request); | |
1309 | this->ike_sa->set_my_host(this->ike_sa, me->clone(me)); | |
1310 | } | |
1311 | other = this->ike_sa->get_other_host(this->ike_sa); | |
1312 | if (other->is_anyaddr(other)) | |
1313 | { | |
1314 | other = request->get_source(request); | |
1315 | this->ike_sa->set_other_host(this->ike_sa, other->clone(other)); | |
1316 | } | |
1317 | response->set_source(response, me->clone(me)); | |
1318 | response->set_destination(response, other->clone(other)); | |
1319 | if (this->ike_sa->generate_message(this->ike_sa, response, | |
1320 | &packet) == SUCCESS) | |
1321 | { | |
1322 | charon->sender->send(charon->sender, packet); | |
1323 | } | |
1324 | response->destroy(response); | |
1325 | } | |
1326 | ||
1327 | /** | |
1328 | * Parse the given message and verify that it is valid. | |
1329 | */ | |
1330 | static status_t parse_message(private_task_manager_t *this, message_t *msg) | |
1331 | { | |
1332 | status_t status; | |
b12c53ce | 1333 | uint8_t type = 0; |
68c6863b | 1334 | |
68c6863b TB |
1335 | status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa)); |
1336 | ||
1337 | if (status == SUCCESS) | |
1338 | { /* check for unsupported critical payloads */ | |
1339 | enumerator_t *enumerator; | |
1340 | unknown_payload_t *unknown; | |
1341 | payload_t *payload; | |
1342 | ||
1343 | enumerator = msg->create_payload_enumerator(msg); | |
1344 | while (enumerator->enumerate(enumerator, &payload)) | |
1345 | { | |
15076474 | 1346 | if (payload->get_type(payload) == PL_UNKNOWN) |
68c6863b | 1347 | { |
15076474 TB |
1348 | unknown = (unknown_payload_t*)payload; |
1349 | if (unknown->is_critical(unknown)) | |
1350 | { | |
1351 | type = unknown->get_type(unknown); | |
1352 | DBG1(DBG_ENC, "payload type %N is not supported, " | |
1353 | "but its critical!", payload_type_names, type); | |
1354 | status = NOT_SUPPORTED; | |
1355 | break; | |
1356 | } | |
68c6863b TB |
1357 | } |
1358 | } | |
1359 | enumerator->destroy(enumerator); | |
1360 | } | |
1361 | ||
1362 | if (status != SUCCESS) | |
1363 | { | |
e6732003 TB |
1364 | bool is_request = msg->get_request(msg); |
1365 | ||
1366 | switch (status) | |
68c6863b | 1367 | { |
e6732003 TB |
1368 | case NOT_SUPPORTED: |
1369 | DBG1(DBG_IKE, "critical unknown payloads found"); | |
1370 | if (is_request) | |
1371 | { | |
1372 | send_notify_response(this, msg, | |
1373 | UNSUPPORTED_CRITICAL_PAYLOAD, | |
1374 | chunk_from_thing(type)); | |
1375 | incr_mid(this, FALSE); | |
1376 | } | |
1377 | break; | |
1378 | case PARSE_ERROR: | |
1379 | DBG1(DBG_IKE, "message parsing failed"); | |
1380 | if (is_request) | |
1381 | { | |
1382 | send_notify_response(this, msg, | |
1383 | INVALID_SYNTAX, chunk_empty); | |
1384 | incr_mid(this, FALSE); | |
1385 | } | |
1386 | break; | |
1387 | case VERIFY_ERROR: | |
1388 | DBG1(DBG_IKE, "message verification failed"); | |
1389 | if (is_request) | |
1390 | { | |
1391 | send_notify_response(this, msg, | |
1392 | INVALID_SYNTAX, chunk_empty); | |
1393 | incr_mid(this, FALSE); | |
1394 | } | |
1395 | break; | |
1396 | case FAILED: | |
1397 | DBG1(DBG_IKE, "integrity check failed"); | |
1398 | /* ignored */ | |
1399 | break; | |
1400 | case INVALID_STATE: | |
1401 | DBG1(DBG_IKE, "found encrypted message, but no keys available"); | |
1402 | default: | |
1403 | break; | |
68c6863b TB |
1404 | } |
1405 | DBG1(DBG_IKE, "%N %s with message ID %d processing failed", | |
1406 | exchange_type_names, msg->get_exchange_type(msg), | |
1407 | is_request ? "request" : "response", | |
1408 | msg->get_message_id(msg)); | |
1409 | ||
418f4bc7 MW |
1410 | charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_BODY, msg, status); |
1411 | ||
68c6863b TB |
1412 | if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED) |
1413 | { /* invalid initiation attempt, close SA */ | |
1414 | return DESTROY_ME; | |
1415 | } | |
1416 | } | |
1417 | return status; | |
1418 | } | |
1419 | ||
3abc104f | 1420 | /** |
cbb6885e TB |
1421 | * Check if a message with message ID 0 looks like it is used to synchronize |
1422 | * the message IDs. | |
3abc104f | 1423 | */ |
cbb6885e TB |
1424 | static bool looks_like_mid_sync(private_task_manager_t *this, message_t *msg, |
1425 | bool strict) | |
3abc104f TB |
1426 | { |
1427 | enumerator_t *enumerator; | |
1428 | notify_payload_t *notify; | |
1429 | payload_t *payload; | |
1430 | bool found = FALSE, other = FALSE; | |
1431 | ||
cbb6885e | 1432 | if (msg->get_exchange_type(msg) == INFORMATIONAL) |
3abc104f TB |
1433 | { |
1434 | enumerator = msg->create_payload_enumerator(msg); | |
1435 | while (enumerator->enumerate(enumerator, &payload)) | |
1436 | { | |
1437 | if (payload->get_type(payload) == PLV2_NOTIFY) | |
1438 | { | |
1439 | notify = (notify_payload_t*)payload; | |
1440 | switch (notify->get_notify_type(notify)) | |
1441 | { | |
1442 | case IKEV2_MESSAGE_ID_SYNC: | |
1443 | case IPSEC_REPLAY_COUNTER_SYNC: | |
1444 | found = TRUE; | |
1445 | continue; | |
1446 | default: | |
1447 | break; | |
1448 | } | |
1449 | } | |
cbb6885e TB |
1450 | if (strict) |
1451 | { | |
1452 | other = TRUE; | |
1453 | break; | |
1454 | } | |
3abc104f TB |
1455 | } |
1456 | enumerator->destroy(enumerator); | |
1457 | } | |
1458 | return found && !other; | |
1459 | } | |
68c6863b | 1460 | |
cbb6885e TB |
1461 | /** |
1462 | * Check if a message with message ID 0 looks like it is used to synchronize | |
1463 | * the message IDs and we are prepared to process it. | |
1464 | * | |
1465 | * Note: This is not called if the responder never sent a message before (i.e. | |
1466 | * we expect MID 0). | |
1467 | */ | |
1468 | static bool is_mid_sync(private_task_manager_t *this, message_t *msg) | |
1469 | { | |
1470 | if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED && | |
1471 | this->ike_sa->supports_extension(this->ike_sa, | |
1472 | EXT_IKE_MESSAGE_ID_SYNC)) | |
1473 | { | |
1474 | return looks_like_mid_sync(this, msg, TRUE); | |
1475 | } | |
1476 | return FALSE; | |
1477 | } | |
1478 | ||
9560a316 MW |
1479 | METHOD(task_manager_t, process_message, status_t, |
1480 | private_task_manager_t *this, message_t *msg) | |
c60c7694 | 1481 | { |
8ba805f4 | 1482 | host_t *me, *other; |
68c6863b | 1483 | status_t status; |
b12c53ce | 1484 | uint32_t mid; |
4dc89780 | 1485 | bool schedule_delete_job = FALSE; |
bb389973 TB |
1486 | ike_sa_state_t state; |
1487 | exchange_type_t type; | |
8ba805f4 | 1488 | |
47b8f6ef | 1489 | charon->bus->message(charon->bus, msg, TRUE, FALSE); |
68c6863b TB |
1490 | status = parse_message(this, msg); |
1491 | if (status != SUCCESS) | |
1492 | { | |
1493 | return status; | |
1494 | } | |
1495 | ||
8ba805f4 MW |
1496 | me = msg->get_destination(msg); |
1497 | other = msg->get_source(msg); | |
7daf5226 | 1498 | |
68c6863b TB |
1499 | /* if this IKE_SA is virgin, we check for a config */ |
1500 | if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL) | |
1501 | { | |
68c6863b | 1502 | ike_cfg_t *ike_cfg; |
4dc89780 | 1503 | |
79101163 MW |
1504 | ike_cfg = charon->backends->get_ike_cfg(charon->backends, |
1505 | me, other, IKEV2); | |
68c6863b TB |
1506 | if (ike_cfg == NULL) |
1507 | { | |
1508 | /* no config found for these hosts, destroy */ | |
1509 | DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N", | |
1510 | me, other, notify_type_names, NO_PROPOSAL_CHOSEN); | |
1511 | send_notify_response(this, msg, | |
1512 | NO_PROPOSAL_CHOSEN, chunk_empty); | |
1513 | return DESTROY_ME; | |
1514 | } | |
1515 | this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg); | |
1516 | ike_cfg->destroy(ike_cfg); | |
1517 | /* add a timeout if peer does not establish it completely */ | |
4dc89780 | 1518 | schedule_delete_job = TRUE; |
68c6863b TB |
1519 | } |
1520 | this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND, | |
1521 | time_monotonic(NULL)); | |
1522 | ||
1523 | mid = msg->get_message_id(msg); | |
c60c7694 MW |
1524 | if (msg->get_request(msg)) |
1525 | { | |
3abc104f | 1526 | if (mid == this->responding.mid || (mid == 0 && is_mid_sync(this, msg))) |
c60c7694 | 1527 | { |
bb389973 TB |
1528 | /* reject initial messages if not received in specific states, |
1529 | * after rekeying we only expect a DELETE in an INFORMATIONAL */ | |
1530 | type = msg->get_exchange_type(msg); | |
1531 | state = this->ike_sa->get_state(this->ike_sa); | |
1532 | if ((type == IKE_SA_INIT && state != IKE_CREATED) || | |
1533 | (type == IKE_AUTH && state != IKE_CONNECTING) || | |
1534 | (state == IKE_REKEYED && type != INFORMATIONAL)) | |
cdf75a39 | 1535 | { |
dd0ebb54 | 1536 | DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N", |
bb389973 | 1537 | exchange_type_names, type, ike_sa_state_names, state); |
dd0ebb54 | 1538 | return FAILED; |
cdf75a39 | 1539 | } |
561f94ae TB |
1540 | if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) |
1541 | { /* with MOBIKE, we do no implicit updates */ | |
1542 | this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1); | |
cd26eedc | 1543 | } |
b678d9e1 TB |
1544 | status = handle_fragment(this, &this->responding.defrag, msg); |
1545 | if (status != SUCCESS) | |
1546 | { | |
1547 | return status; | |
1548 | } | |
47b8f6ef | 1549 | charon->bus->message(charon->bus, msg, TRUE, TRUE); |
c146c3c4 MW |
1550 | if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED) |
1551 | { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */ | |
1552 | return SUCCESS; | |
1553 | } | |
fb7cc16d | 1554 | switch (process_request(this, msg)) |
c60c7694 | 1555 | { |
fb7cc16d TB |
1556 | case SUCCESS: |
1557 | this->responding.mid++; | |
1558 | break; | |
1559 | case NEED_MORE: | |
1560 | break; | |
1561 | default: | |
1562 | flush(this); | |
1563 | return DESTROY_ME; | |
c60c7694 | 1564 | } |
c60c7694 | 1565 | } |
b678d9e1 | 1566 | else if ((mid == this->responding.mid - 1) && |
cbb6885e TB |
1567 | array_count(this->responding.packets) && |
1568 | !(mid == 0 && looks_like_mid_sync(this, msg, FALSE))) | |
c60c7694 | 1569 | { |
b678d9e1 TB |
1570 | status = handle_fragment(this, &this->responding.defrag, msg); |
1571 | if (status != SUCCESS) | |
1572 | { | |
1573 | return status; | |
1574 | } | |
c60c7694 | 1575 | DBG1(DBG_IKE, "received retransmit of request with ID %d, " |
b9b8a98f | 1576 | "retransmitting response", mid); |
3c79b7b7 | 1577 | charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg); |
b678d9e1 TB |
1578 | send_packets(this, this->responding.packets, |
1579 | msg->get_destination(msg), msg->get_source(msg)); | |
c60c7694 MW |
1580 | } |
1581 | else | |
1582 | { | |
3abc104f | 1583 | DBG1(DBG_IKE, "received message ID %d, expected %d, ignored", |
c60c7694 MW |
1584 | mid, this->responding.mid); |
1585 | } | |
1586 | } | |
1587 | else | |
1588 | { | |
1589 | if (mid == this->initiating.mid) | |
1590 | { | |
cd26eedc TB |
1591 | if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED || |
1592 | this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING || | |
1593 | msg->get_exchange_type(msg) != IKE_SA_INIT) | |
1dd58b0e | 1594 | { /* only do updates based on verified messages (or initial ones) */ |
cd26eedc | 1595 | if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) |
561f94ae TB |
1596 | { /* with MOBIKE, we do no implicit updates. we force an |
1597 | * update of the local address on IKE_SA_INIT, but never | |
1598 | * for the remote address */ | |
1599 | this->ike_sa->update_hosts(this->ike_sa, me, NULL, mid == 0); | |
1600 | this->ike_sa->update_hosts(this->ike_sa, NULL, other, FALSE); | |
cd26eedc TB |
1601 | } |
1602 | } | |
b678d9e1 TB |
1603 | status = handle_fragment(this, &this->initiating.defrag, msg); |
1604 | if (status != SUCCESS) | |
1605 | { | |
1606 | return status; | |
1607 | } | |
47b8f6ef | 1608 | charon->bus->message(charon->bus, msg, TRUE, TRUE); |
c146c3c4 MW |
1609 | if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED) |
1610 | { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */ | |
1611 | return SUCCESS; | |
1612 | } | |
c60c7694 MW |
1613 | if (process_response(this, msg) != SUCCESS) |
1614 | { | |
0f33e826 | 1615 | flush(this); |
c60c7694 MW |
1616 | return DESTROY_ME; |
1617 | } | |
1618 | } | |
1619 | else | |
1620 | { | |
3abc104f | 1621 | DBG1(DBG_IKE, "received message ID %d, expected %d, ignored", |
c60c7694 MW |
1622 | mid, this->initiating.mid); |
1623 | return SUCCESS; | |
1624 | } | |
1625 | } | |
4dc89780 TB |
1626 | |
1627 | if (schedule_delete_job) | |
1628 | { | |
1629 | ike_sa_id_t *ike_sa_id; | |
1630 | job_t *job; | |
1631 | ||
1632 | ike_sa_id = this->ike_sa->get_id(this->ike_sa); | |
1633 | job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE); | |
1634 | lib->scheduler->schedule_job(lib->scheduler, job, | |
1635 | lib->settings->get_int(lib->settings, | |
1636 | "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT, | |
d223fe80 | 1637 | lib->ns)); |
4dc89780 | 1638 | } |
c60c7694 MW |
1639 | return SUCCESS; |
1640 | } | |
1641 | ||
208678e6 TB |
1642 | METHOD(task_manager_t, queue_task_delayed, void, |
1643 | private_task_manager_t *this, task_t *task, uint32_t delay) | |
c60c7694 | 1644 | { |
208678e6 TB |
1645 | queued_task_t *queued; |
1646 | timeval_t time; | |
1647 | ||
208678e6 TB |
1648 | time_monotonic(&time); |
1649 | if (delay) | |
1650 | { | |
1651 | job_t *job; | |
1652 | ||
1653 | DBG2(DBG_IKE, "queueing %N task (delayed by %us)", task_type_names, | |
1654 | task->get_type(task), delay); | |
1655 | time.tv_sec += delay; | |
1656 | ||
1657 | job = (job_t*)initiate_tasks_job_create( | |
1658 | this->ike_sa->get_id(this->ike_sa)); | |
1659 | lib->scheduler->schedule_job_tv(lib->scheduler, job, time); | |
1660 | } | |
1661 | else | |
1662 | { | |
1663 | DBG2(DBG_IKE, "queueing %N task", task_type_names, | |
1664 | task->get_type(task)); | |
1665 | } | |
1666 | INIT(queued, | |
1667 | .task = task, | |
1668 | .time = time, | |
1669 | ); | |
1670 | array_insert(this->queued_tasks, ARRAY_TAIL, queued); | |
1671 | } | |
1672 | ||
1673 | METHOD(task_manager_t, queue_task, void, | |
1674 | private_task_manager_t *this, task_t *task) | |
1675 | { | |
1676 | queue_task_delayed(this, task, 0); | |
c60c7694 MW |
1677 | } |
1678 | ||
8573b18d MW |
1679 | /** |
1680 | * Check if a given task has been queued already | |
1681 | */ | |
1682 | static bool has_queued(private_task_manager_t *this, task_type_t type) | |
a60daa07 | 1683 | { |
26eee421 | 1684 | enumerator_t *enumerator; |
8573b18d | 1685 | bool found = FALSE; |
208678e6 | 1686 | queued_task_t *queued; |
26eee421 | 1687 | |
6207fadb | 1688 | enumerator = array_create_enumerator(this->queued_tasks); |
208678e6 | 1689 | while (enumerator->enumerate(enumerator, &queued)) |
26eee421 | 1690 | { |
208678e6 | 1691 | if (queued->task->get_type(queued->task) == type) |
26eee421 | 1692 | { |
8573b18d MW |
1693 | found = TRUE; |
1694 | break; | |
26eee421 MW |
1695 | } |
1696 | } | |
1697 | enumerator->destroy(enumerator); | |
8573b18d MW |
1698 | return found; |
1699 | } | |
26eee421 | 1700 | |
8573b18d MW |
1701 | METHOD(task_manager_t, queue_ike, void, |
1702 | private_task_manager_t *this) | |
1703 | { | |
1704 | if (!has_queued(this, TASK_IKE_VENDOR)) | |
a60daa07 | 1705 | { |
26eee421 | 1706 | queue_task(this, (task_t*)ike_vendor_create(this->ike_sa, TRUE)); |
8573b18d MW |
1707 | } |
1708 | if (!has_queued(this, TASK_IKE_INIT)) | |
1709 | { | |
26eee421 | 1710 | queue_task(this, (task_t*)ike_init_create(this->ike_sa, TRUE, NULL)); |
8573b18d MW |
1711 | } |
1712 | if (!has_queued(this, TASK_IKE_NATD)) | |
1713 | { | |
26eee421 | 1714 | queue_task(this, (task_t*)ike_natd_create(this->ike_sa, TRUE)); |
a60daa07 | 1715 | } |
8573b18d | 1716 | if (!has_queued(this, TASK_IKE_CERT_PRE)) |
26eee421 MW |
1717 | { |
1718 | queue_task(this, (task_t*)ike_cert_pre_create(this->ike_sa, TRUE)); | |
8573b18d MW |
1719 | } |
1720 | if (!has_queued(this, TASK_IKE_AUTH)) | |
1721 | { | |
26eee421 | 1722 | queue_task(this, (task_t*)ike_auth_create(this->ike_sa, TRUE)); |
8573b18d MW |
1723 | } |
1724 | if (!has_queued(this, TASK_IKE_CERT_POST)) | |
1725 | { | |
26eee421 | 1726 | queue_task(this, (task_t*)ike_cert_post_create(this->ike_sa, TRUE)); |
8573b18d MW |
1727 | } |
1728 | if (!has_queued(this, TASK_IKE_CONFIG)) | |
1729 | { | |
26eee421 | 1730 | queue_task(this, (task_t*)ike_config_create(this->ike_sa, TRUE)); |
8573b18d MW |
1731 | } |
1732 | if (!has_queued(this, TASK_IKE_AUTH_LIFETIME)) | |
1733 | { | |
26eee421 | 1734 | queue_task(this, (task_t*)ike_auth_lifetime_create(this->ike_sa, TRUE)); |
8573b18d MW |
1735 | } |
1736 | if (!has_queued(this, TASK_IKE_MOBIKE)) | |
1737 | { | |
1738 | peer_cfg_t *peer_cfg; | |
26eee421 MW |
1739 | |
1740 | peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); | |
1741 | if (peer_cfg->use_mobike(peer_cfg)) | |
1742 | { | |
1743 | queue_task(this, (task_t*)ike_mobike_create(this->ike_sa, TRUE)); | |
1744 | } | |
8573b18d | 1745 | } |
a60daa07 | 1746 | #ifdef ME |
8573b18d MW |
1747 | if (!has_queued(this, TASK_IKE_ME)) |
1748 | { | |
26eee421 | 1749 | queue_task(this, (task_t*)ike_me_create(this->ike_sa, TRUE)); |
26eee421 | 1750 | } |
8573b18d | 1751 | #endif /* ME */ |
a60daa07 MW |
1752 | } |
1753 | ||
dab60d64 MW |
1754 | METHOD(task_manager_t, queue_ike_rekey, void, |
1755 | private_task_manager_t *this) | |
1756 | { | |
1757 | queue_task(this, (task_t*)ike_rekey_create(this->ike_sa, TRUE)); | |
1758 | } | |
1759 | ||
349f7f24 MW |
1760 | /** |
1761 | * Start reauthentication using make-before-break | |
1762 | */ | |
1763 | static void trigger_mbb_reauth(private_task_manager_t *this) | |
1764 | { | |
1765 | enumerator_t *enumerator; | |
1766 | child_sa_t *child_sa; | |
1767 | child_cfg_t *cfg; | |
26bda4e9 | 1768 | peer_cfg_t *peer; |
349f7f24 MW |
1769 | ike_sa_t *new; |
1770 | host_t *host; | |
208678e6 | 1771 | queued_task_t *queued; |
26bda4e9 | 1772 | bool children = FALSE; |
349f7f24 MW |
1773 | |
1774 | new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, | |
1775 | this->ike_sa->get_version(this->ike_sa), TRUE); | |
1776 | if (!new) | |
1777 | { /* shouldn't happen */ | |
1778 | return; | |
1779 | } | |
1780 | ||
26bda4e9 TB |
1781 | peer = this->ike_sa->get_peer_cfg(this->ike_sa); |
1782 | new->set_peer_cfg(new, peer); | |
349f7f24 MW |
1783 | host = this->ike_sa->get_other_host(this->ike_sa); |
1784 | new->set_other_host(new, host->clone(host)); | |
1785 | host = this->ike_sa->get_my_host(this->ike_sa); | |
1786 | new->set_my_host(new, host->clone(host)); | |
1787 | enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, TRUE); | |
1788 | while (enumerator->enumerate(enumerator, &host)) | |
1789 | { | |
1790 | new->add_virtual_ip(new, TRUE, host); | |
1791 | } | |
1792 | enumerator->destroy(enumerator); | |
1793 | ||
1794 | enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); | |
1795 | while (enumerator->enumerate(enumerator, &child_sa)) | |
1796 | { | |
1797 | cfg = child_sa->get_config(child_sa); | |
1798 | new->queue_task(new, &child_create_create(new, cfg->get_ref(cfg), | |
1799 | FALSE, NULL, NULL)->task); | |
26bda4e9 | 1800 | children = TRUE; |
349f7f24 MW |
1801 | } |
1802 | enumerator->destroy(enumerator); | |
1803 | ||
1804 | enumerator = array_create_enumerator(this->queued_tasks); | |
208678e6 | 1805 | while (enumerator->enumerate(enumerator, &queued)) |
349f7f24 | 1806 | { |
208678e6 | 1807 | if (queued->task->get_type(queued->task) == TASK_CHILD_CREATE) |
349f7f24 | 1808 | { |
208678e6 TB |
1809 | queued->task->migrate(queued->task, new); |
1810 | new->queue_task(new, queued->task); | |
349f7f24 | 1811 | array_remove_at(this->queued_tasks, enumerator); |
208678e6 | 1812 | free(queued); |
26bda4e9 | 1813 | children = TRUE; |
349f7f24 MW |
1814 | } |
1815 | } | |
1816 | enumerator->destroy(enumerator); | |
1817 | ||
26bda4e9 TB |
1818 | if (!children |
1819 | #ifdef ME | |
1820 | /* allow reauth of mediation connections without CHILD_SAs */ | |
1821 | && !peer->is_mediation(peer) | |
1822 | #endif /* ME */ | |
1823 | ) | |
1824 | { | |
1825 | charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new); | |
1826 | DBG1(DBG_IKE, "unable to reauthenticate IKE_SA, no CHILD_SA " | |
1827 | "to recreate"); | |
1828 | return; | |
1829 | } | |
1830 | ||
f1cbacc5 TB |
1831 | /* suspend online revocation checking until the SA is established */ |
1832 | new->set_condition(new, COND_ONLINE_VALIDATION_SUSPENDED, TRUE); | |
1833 | ||
349f7f24 MW |
1834 | if (new->initiate(new, NULL, 0, NULL, NULL) != DESTROY_ME) |
1835 | { | |
f1cbacc5 | 1836 | new->queue_task(new, (task_t*)ike_verify_peer_cert_create(new)); |
3676023e MW |
1837 | new->queue_task(new, (task_t*)ike_reauth_complete_create(new, |
1838 | this->ike_sa->get_id(this->ike_sa))); | |
349f7f24 | 1839 | charon->ike_sa_manager->checkin(charon->ike_sa_manager, new); |
349f7f24 MW |
1840 | } |
1841 | else | |
1842 | { | |
1843 | charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new); | |
1844 | DBG1(DBG_IKE, "reauthenticating IKE_SA failed"); | |
1845 | } | |
1846 | charon->bus->set_sa(charon->bus, this->ike_sa); | |
1847 | } | |
1848 | ||
cedb412e MW |
1849 | METHOD(task_manager_t, queue_ike_reauth, void, |
1850 | private_task_manager_t *this) | |
1851 | { | |
349f7f24 MW |
1852 | if (this->make_before_break) |
1853 | { | |
1854 | return trigger_mbb_reauth(this); | |
1855 | } | |
cedb412e MW |
1856 | queue_task(this, (task_t*)ike_reauth_create(this->ike_sa)); |
1857 | } | |
1858 | ||
3ed148b3 MW |
1859 | METHOD(task_manager_t, queue_ike_delete, void, |
1860 | private_task_manager_t *this) | |
1861 | { | |
1862 | queue_task(this, (task_t*)ike_delete_create(this->ike_sa, TRUE)); | |
1863 | } | |
1864 | ||
2d27c350 TB |
1865 | /** |
1866 | * There is no need to queue more than one mobike task, so this either returns | |
1867 | * an already queued task or queues one if there is none yet. | |
1868 | */ | |
1869 | static ike_mobike_t *queue_mobike_task(private_task_manager_t *this) | |
1870 | { | |
1871 | enumerator_t *enumerator; | |
1872 | queued_task_t *queued; | |
1873 | ike_mobike_t *mobike = NULL; | |
1874 | ||
1875 | enumerator = array_create_enumerator(this->queued_tasks); | |
1876 | while (enumerator->enumerate(enumerator, &queued)) | |
1877 | { | |
1878 | if (queued->task->get_type(queued->task) == TASK_IKE_MOBIKE) | |
1879 | { | |
1880 | mobike = (ike_mobike_t*)queued->task; | |
1881 | break; | |
1882 | } | |
1883 | } | |
1884 | enumerator->destroy(enumerator); | |
1885 | ||
1886 | if (!mobike) | |
1887 | { | |
1888 | mobike = ike_mobike_create(this->ike_sa, TRUE); | |
1889 | queue_task(this, &mobike->task); | |
1890 | } | |
1891 | return mobike; | |
1892 | } | |
1893 | ||
873df908 MW |
1894 | METHOD(task_manager_t, queue_mobike, void, |
1895 | private_task_manager_t *this, bool roam, bool address) | |
1896 | { | |
1897 | ike_mobike_t *mobike; | |
1898 | ||
2d27c350 | 1899 | mobike = queue_mobike_task(this); |
873df908 MW |
1900 | if (roam) |
1901 | { | |
1b17f647 TB |
1902 | enumerator_t *enumerator; |
1903 | task_t *current; | |
1904 | ||
873df908 | 1905 | mobike->roam(mobike, address); |
1b17f647 TB |
1906 | |
1907 | /* enable path probing for a currently active MOBIKE task. This might | |
1908 | * not be the case if an address appeared on a new interface while the | |
1909 | * current address is not working but has not yet disappeared. */ | |
1910 | enumerator = array_create_enumerator(this->active_tasks); | |
1911 | while (enumerator->enumerate(enumerator, ¤t)) | |
1912 | { | |
1913 | if (current->get_type(current) == TASK_IKE_MOBIKE) | |
1914 | { | |
1915 | ike_mobike_t *active = (ike_mobike_t*)current; | |
1916 | active->enable_probing(active); | |
1917 | break; | |
1918 | } | |
1919 | } | |
1920 | enumerator->destroy(enumerator); | |
873df908 MW |
1921 | } |
1922 | else | |
1923 | { | |
1924 | mobike->addresses(mobike); | |
1925 | } | |
2d27c350 TB |
1926 | } |
1927 | ||
1928 | METHOD(task_manager_t, queue_dpd, void, | |
1929 | private_task_manager_t *this) | |
1930 | { | |
1931 | ike_mobike_t *mobike; | |
1932 | ||
1933 | if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) && | |
1934 | this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE)) | |
1935 | { | |
1936 | #ifdef ME | |
1937 | peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa); | |
1938 | if (cfg->get_peer_id(cfg) || | |
1939 | this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR)) | |
1940 | #else | |
1941 | if (this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR)) | |
1942 | #endif | |
1943 | { | |
1944 | /* use mobike enabled DPD to detect NAT mapping changes */ | |
1945 | mobike = queue_mobike_task(this); | |
1946 | mobike->dpd(mobike); | |
1947 | return; | |
1948 | } | |
1949 | } | |
1950 | queue_task(this, (task_t*)ike_dpd_create(TRUE)); | |
873df908 MW |
1951 | } |
1952 | ||
fe43d9a2 | 1953 | METHOD(task_manager_t, queue_child, void, |
b12c53ce | 1954 | private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid, |
fe43d9a2 MW |
1955 | traffic_selector_t *tsi, traffic_selector_t *tsr) |
1956 | { | |
1957 | child_create_t *task; | |
1958 | ||
1959 | task = child_create_create(this->ike_sa, cfg, FALSE, tsi, tsr); | |
1960 | if (reqid) | |
1961 | { | |
1962 | task->use_reqid(task, reqid); | |
1963 | } | |
1964 | queue_task(this, &task->task); | |
1965 | } | |
1966 | ||
463a73cc | 1967 | METHOD(task_manager_t, queue_child_rekey, void, |
b12c53ce | 1968 | private_task_manager_t *this, protocol_id_t protocol, uint32_t spi) |
463a73cc MW |
1969 | { |
1970 | queue_task(this, (task_t*)child_rekey_create(this->ike_sa, protocol, spi)); | |
1971 | } | |
1972 | ||
83c5fda0 | 1973 | METHOD(task_manager_t, queue_child_delete, void, |
b12c53ce | 1974 | private_task_manager_t *this, protocol_id_t protocol, uint32_t spi, |
3a925f74 | 1975 | bool expired) |
83c5fda0 | 1976 | { |
3a925f74 MW |
1977 | queue_task(this, (task_t*)child_delete_create(this->ike_sa, |
1978 | protocol, spi, expired)); | |
83c5fda0 MW |
1979 | } |
1980 | ||
9560a316 MW |
1981 | METHOD(task_manager_t, adopt_tasks, void, |
1982 | private_task_manager_t *this, task_manager_t *other_public) | |
c60c7694 | 1983 | { |
9560a316 | 1984 | private_task_manager_t *other = (private_task_manager_t*)other_public; |
208678e6 TB |
1985 | queued_task_t *queued; |
1986 | timeval_t now; | |
1987 | ||
1988 | time_monotonic(&now); | |
7daf5226 | 1989 | |
c60c7694 | 1990 | /* move queued tasks from other to this */ |
208678e6 | 1991 | while (array_remove(other->queued_tasks, ARRAY_TAIL, &queued)) |
c60c7694 | 1992 | { |
208678e6 TB |
1993 | DBG2(DBG_IKE, "migrating %N task", task_type_names, |
1994 | queued->task->get_type(queued->task)); | |
1995 | queued->task->migrate(queued->task, this->ike_sa); | |
1996 | /* don't delay tasks on the new IKE_SA */ | |
1997 | queued->time = now; | |
1998 | array_insert(this->queued_tasks, ARRAY_HEAD, queued); | |
c60c7694 | 1999 | } |
c60c7694 MW |
2000 | } |
2001 | ||
68db844f | 2002 | /** |
208678e6 | 2003 | * Migrates child-creating tasks from other to this |
68db844f TB |
2004 | */ |
2005 | static void migrate_child_tasks(private_task_manager_t *this, | |
208678e6 TB |
2006 | private_task_manager_t *other, |
2007 | task_queue_t queue) | |
68db844f TB |
2008 | { |
2009 | enumerator_t *enumerator; | |
208678e6 | 2010 | array_t *array; |
68db844f TB |
2011 | task_t *task; |
2012 | ||
208678e6 TB |
2013 | switch (queue) |
2014 | { | |
2015 | case TASK_QUEUE_ACTIVE: | |
2016 | array = other->active_tasks; | |
2017 | break; | |
2018 | case TASK_QUEUE_QUEUED: | |
2019 | array = other->queued_tasks; | |
2020 | break; | |
2021 | default: | |
2022 | return; | |
2023 | } | |
2024 | ||
2025 | enumerator = array_create_enumerator(array); | |
68db844f TB |
2026 | while (enumerator->enumerate(enumerator, &task)) |
2027 | { | |
208678e6 TB |
2028 | queued_task_t *queued = NULL; |
2029 | ||
2030 | if (queue == TASK_QUEUE_QUEUED) | |
2031 | { | |
2032 | queued = (queued_task_t*)task; | |
2033 | task = queued->task; | |
2034 | } | |
68db844f TB |
2035 | if (task->get_type(task) == TASK_CHILD_CREATE) |
2036 | { | |
208678e6 | 2037 | array_remove_at(array, enumerator); |
68db844f | 2038 | task->migrate(task, this->ike_sa); |
208678e6 TB |
2039 | queue_task(this, task); |
2040 | free(queued); | |
68db844f TB |
2041 | } |
2042 | } | |
2043 | enumerator->destroy(enumerator); | |
2044 | } | |
2045 | ||
2046 | METHOD(task_manager_t, adopt_child_tasks, void, | |
2047 | private_task_manager_t *this, task_manager_t *other_public) | |
2048 | { | |
2049 | private_task_manager_t *other = (private_task_manager_t*)other_public; | |
2050 | ||
2051 | /* move active child tasks from other to this */ | |
208678e6 | 2052 | migrate_child_tasks(this, other, TASK_QUEUE_ACTIVE); |
68db844f | 2053 | /* do the same for queued tasks */ |
208678e6 | 2054 | migrate_child_tasks(this, other, TASK_QUEUE_QUEUED); |
68db844f TB |
2055 | } |
2056 | ||
9560a316 MW |
2057 | METHOD(task_manager_t, busy, bool, |
2058 | private_task_manager_t *this) | |
c60c7694 | 2059 | { |
6207fadb | 2060 | return array_count(this->active_tasks) > 0; |
c60c7694 MW |
2061 | } |
2062 | ||
9560a316 | 2063 | METHOD(task_manager_t, reset, void, |
b12c53ce | 2064 | private_task_manager_t *this, uint32_t initiate, uint32_t respond) |
c60c7694 | 2065 | { |
31d0efd7 | 2066 | enumerator_t *enumerator; |
208678e6 | 2067 | queued_task_t *queued; |
c60c7694 | 2068 | task_t *task; |
208678e6 | 2069 | timeval_t now; |
7daf5226 | 2070 | |
c60c7694 | 2071 | /* reset message counters and retransmit packets */ |
b678d9e1 TB |
2072 | clear_packets(this->responding.packets); |
2073 | clear_packets(this->initiating.packets); | |
2074 | DESTROY_IF(this->responding.defrag); | |
2075 | DESTROY_IF(this->initiating.defrag); | |
2076 | this->responding.defrag = NULL; | |
2077 | this->initiating.defrag = NULL; | |
b09ca747 MW |
2078 | if (initiate != UINT_MAX) |
2079 | { | |
2080 | this->initiating.mid = initiate; | |
2081 | } | |
2082 | if (respond != UINT_MAX) | |
2083 | { | |
2084 | this->responding.mid = respond; | |
2085 | } | |
1edf116c | 2086 | this->initiating.type = EXCHANGE_TYPE_UNDEFINED; |
7daf5226 | 2087 | |
208678e6 | 2088 | time_monotonic(&now); |
7f1eb895 | 2089 | /* reset queued tasks */ |
6207fadb | 2090 | enumerator = array_create_enumerator(this->queued_tasks); |
208678e6 | 2091 | while (enumerator->enumerate(enumerator, &queued)) |
7f1eb895 | 2092 | { |
208678e6 TB |
2093 | queued->time = now; |
2094 | queued->task->migrate(queued->task, this->ike_sa); | |
7f1eb895 | 2095 | } |
31d0efd7 TE |
2096 | enumerator->destroy(enumerator); |
2097 | ||
c60c7694 | 2098 | /* reset active tasks */ |
6207fadb | 2099 | while (array_remove(this->active_tasks, ARRAY_TAIL, &task)) |
c60c7694 MW |
2100 | { |
2101 | task->migrate(task, this->ike_sa); | |
208678e6 TB |
2102 | INIT(queued, |
2103 | .task = task, | |
2104 | .time = now, | |
2105 | ); | |
2106 | array_insert(this->queued_tasks, ARRAY_HEAD, queued); | |
c60c7694 | 2107 | } |
7daf5226 | 2108 | |
17d92e97 | 2109 | this->reset = TRUE; |
c60c7694 MW |
2110 | } |
2111 | ||
525cc46c TB |
2112 | CALLBACK(filter_queued, bool, |
2113 | void *unused, enumerator_t *orig, va_list args) | |
208678e6 | 2114 | { |
525cc46c TB |
2115 | queued_task_t *queued; |
2116 | task_t **task; | |
2117 | ||
2118 | VA_ARGS_VGET(args, task); | |
2119 | ||
2120 | if (orig->enumerate(orig, &queued)) | |
2121 | { | |
2122 | *task = queued->task; | |
2123 | return TRUE; | |
2124 | } | |
2125 | return FALSE; | |
208678e6 TB |
2126 | } |
2127 | ||
665c18bd MW |
2128 | METHOD(task_manager_t, create_task_enumerator, enumerator_t*, |
2129 | private_task_manager_t *this, task_queue_t queue) | |
2130 | { | |
2131 | switch (queue) | |
2132 | { | |
2133 | case TASK_QUEUE_ACTIVE: | |
6207fadb | 2134 | return array_create_enumerator(this->active_tasks); |
665c18bd | 2135 | case TASK_QUEUE_PASSIVE: |
6207fadb | 2136 | return array_create_enumerator(this->passive_tasks); |
665c18bd | 2137 | case TASK_QUEUE_QUEUED: |
208678e6 TB |
2138 | return enumerator_create_filter( |
2139 | array_create_enumerator(this->queued_tasks), | |
525cc46c | 2140 | filter_queued, NULL, NULL); |
665c18bd MW |
2141 | default: |
2142 | return enumerator_create_empty(); | |
2143 | } | |
2144 | } | |
2145 | ||
9560a316 MW |
2146 | METHOD(task_manager_t, destroy, void, |
2147 | private_task_manager_t *this) | |
c60c7694 | 2148 | { |
0f33e826 | 2149 | flush(this); |
7daf5226 | 2150 | |
6207fadb MW |
2151 | array_destroy(this->active_tasks); |
2152 | array_destroy(this->queued_tasks); | |
2153 | array_destroy(this->passive_tasks); | |
7daf5226 | 2154 | |
b678d9e1 TB |
2155 | clear_packets(this->responding.packets); |
2156 | array_destroy(this->responding.packets); | |
2157 | clear_packets(this->initiating.packets); | |
2158 | array_destroy(this->initiating.packets); | |
2159 | DESTROY_IF(this->responding.defrag); | |
2160 | DESTROY_IF(this->initiating.defrag); | |
c60c7694 MW |
2161 | free(this); |
2162 | } | |
2163 | ||
2164 | /* | |
2165 | * see header file | |
2166 | */ | |
e69f7dcd | 2167 | task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa) |
c60c7694 | 2168 | { |
9560a316 MW |
2169 | private_task_manager_t *this; |
2170 | ||
2171 | INIT(this, | |
2172 | .public = { | |
e69f7dcd MW |
2173 | .task_manager = { |
2174 | .process_message = _process_message, | |
2175 | .queue_task = _queue_task, | |
208678e6 | 2176 | .queue_task_delayed = _queue_task_delayed, |
a60daa07 | 2177 | .queue_ike = _queue_ike, |
dab60d64 | 2178 | .queue_ike_rekey = _queue_ike_rekey, |
cedb412e | 2179 | .queue_ike_reauth = _queue_ike_reauth, |
3ed148b3 | 2180 | .queue_ike_delete = _queue_ike_delete, |
873df908 | 2181 | .queue_mobike = _queue_mobike, |
fe43d9a2 | 2182 | .queue_child = _queue_child, |
463a73cc | 2183 | .queue_child_rekey = _queue_child_rekey, |
83c5fda0 | 2184 | .queue_child_delete = _queue_child_delete, |
244d715d | 2185 | .queue_dpd = _queue_dpd, |
e69f7dcd MW |
2186 | .initiate = _initiate, |
2187 | .retransmit = _retransmit, | |
2188 | .incr_mid = _incr_mid, | |
05a2be82 | 2189 | .get_mid = _get_mid, |
e69f7dcd MW |
2190 | .reset = _reset, |
2191 | .adopt_tasks = _adopt_tasks, | |
68db844f | 2192 | .adopt_child_tasks = _adopt_child_tasks, |
e69f7dcd MW |
2193 | .busy = _busy, |
2194 | .create_task_enumerator = _create_task_enumerator, | |
b1908994 | 2195 | .flush = _flush, |
a5c79960 | 2196 | .flush_queue = _flush_queue, |
e69f7dcd MW |
2197 | .destroy = _destroy, |
2198 | }, | |
9560a316 MW |
2199 | }, |
2200 | .ike_sa = ike_sa, | |
2201 | .initiating.type = EXCHANGE_TYPE_UNDEFINED, | |
6207fadb MW |
2202 | .queued_tasks = array_create(0, 0), |
2203 | .active_tasks = array_create(0, 0), | |
2204 | .passive_tasks = array_create(0, 0), | |
9560a316 | 2205 | .retransmit_tries = lib->settings->get_int(lib->settings, |
d223fe80 | 2206 | "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns), |
9560a316 | 2207 | .retransmit_timeout = lib->settings->get_double(lib->settings, |
d223fe80 | 2208 | "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns), |
9560a316 | 2209 | .retransmit_base = lib->settings->get_double(lib->settings, |
d223fe80 | 2210 | "%s.retransmit_base", RETRANSMIT_BASE, lib->ns), |
389e4b8e TB |
2211 | .retransmit_jitter = min(lib->settings->get_int(lib->settings, |
2212 | "%s.retransmit_jitter", 0, lib->ns), RETRANSMIT_JITTER_MAX), | |
2213 | .retransmit_limit = lib->settings->get_int(lib->settings, | |
2214 | "%s.retransmit_limit", 0, lib->ns) * 1000, | |
349f7f24 MW |
2215 | .make_before_break = lib->settings->get_bool(lib->settings, |
2216 | "%s.make_before_break", FALSE, lib->ns), | |
9560a316 | 2217 | ); |
bc6ff2fc | 2218 | |
c60c7694 MW |
2219 | return &this->public; |
2220 | } |