]>
Commit | Line | Data |
---|---|---|
17d92e97 | 1 | /* |
94bbc602 | 2 | * Copyright (C) 2010-2012 Tobias Brunner |
17d92e97 MW |
3 | * Copyright (C) 2007 Martin Willi |
4 | * Hochschule fuer Technik Rapperswil | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
15 | */ | |
16 | ||
17 | #include "ike_mobike.h" | |
18 | ||
19 | #include <string.h> | |
20 | ||
f6659688 | 21 | #include <hydra.h> |
17d92e97 | 22 | #include <daemon.h> |
4cb9d7a7 | 23 | #include <sa/tasks/ike_natd.h> |
17d92e97 MW |
24 | #include <encoding/payloads/notify_payload.h> |
25 | ||
85a119bc | 26 | #define COOKIE2_SIZE 16 |
a1466a3e | 27 | #define MAX_ADDITIONAL_ADDRS 8 |
17d92e97 MW |
28 | |
29 | typedef struct private_ike_mobike_t private_ike_mobike_t; | |
30 | ||
31 | /** | |
32 | * Private members of a ike_mobike_t task. | |
33 | */ | |
34 | struct private_ike_mobike_t { | |
7daf5226 | 35 | |
17d92e97 MW |
36 | /** |
37 | * Public methods and task_t interface. | |
38 | */ | |
39 | ike_mobike_t public; | |
7daf5226 | 40 | |
17d92e97 MW |
41 | /** |
42 | * Assigned IKE_SA. | |
43 | */ | |
44 | ike_sa_t *ike_sa; | |
7daf5226 | 45 | |
17d92e97 MW |
46 | /** |
47 | * Are we the initiator? | |
48 | */ | |
49 | bool initiator; | |
7daf5226 | 50 | |
17d92e97 | 51 | /** |
3bc62fe7 | 52 | * cookie2 value to verify new addresses |
17d92e97 | 53 | */ |
3bc62fe7 | 54 | chunk_t cookie2; |
7daf5226 | 55 | |
17d92e97 | 56 | /** |
3bc62fe7 | 57 | * NAT discovery reusing the IKE_NATD task |
17d92e97 | 58 | */ |
3bc62fe7 | 59 | ike_natd_t *natd; |
7daf5226 | 60 | |
4cb9d7a7 | 61 | /** |
3bc62fe7 | 62 | * use task to update addresses |
4cb9d7a7 | 63 | */ |
5474dc65 | 64 | bool update; |
7daf5226 | 65 | |
5474dc65 MW |
66 | /** |
67 | * do routability check | |
68 | */ | |
69 | bool check; | |
7daf5226 | 70 | |
4cb9d7a7 | 71 | /** |
3bc62fe7 | 72 | * include address list update |
4cb9d7a7 | 73 | */ |
3bc62fe7 | 74 | bool address; |
769c69fa TB |
75 | |
76 | /** | |
77 | * additional addresses got updated | |
78 | */ | |
79 | bool addresses_updated; | |
17d92e97 MW |
80 | }; |
81 | ||
17d92e97 MW |
82 | /** |
83 | * read notifys from message and evaluate them | |
84 | */ | |
85 | static void process_payloads(private_ike_mobike_t *this, message_t *message) | |
86 | { | |
a44bb934 | 87 | enumerator_t *enumerator; |
17d92e97 MW |
88 | payload_t *payload; |
89 | bool first = TRUE; | |
7daf5226 | 90 | |
a44bb934 MW |
91 | enumerator = message->create_payload_enumerator(message); |
92 | while (enumerator->enumerate(enumerator, &payload)) | |
17d92e97 MW |
93 | { |
94 | int family = AF_INET; | |
95 | notify_payload_t *notify; | |
96 | chunk_t data; | |
97 | host_t *host; | |
7daf5226 | 98 | |
17d92e97 MW |
99 | if (payload->get_type(payload) != NOTIFY) |
100 | { | |
101 | continue; | |
102 | } | |
103 | notify = (notify_payload_t*)payload; | |
104 | switch (notify->get_notify_type(notify)) | |
105 | { | |
106 | case MOBIKE_SUPPORTED: | |
107 | { | |
78279973 | 108 | peer_cfg_t *peer_cfg; |
7daf5226 | 109 | |
78279973 | 110 | peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); |
7daf5226 | 111 | if (!this->initiator && |
78279973 MW |
112 | peer_cfg && !peer_cfg->use_mobike(peer_cfg)) |
113 | { | |
114 | DBG1(DBG_IKE, "peer supports MOBIKE, but disabled in config"); | |
115 | } | |
116 | else | |
117 | { | |
118 | DBG1(DBG_IKE, "peer supports MOBIKE"); | |
119 | this->ike_sa->enable_extension(this->ike_sa, EXT_MOBIKE); | |
120 | } | |
17d92e97 MW |
121 | break; |
122 | } | |
85a119bc MW |
123 | case COOKIE2: |
124 | { | |
125 | chunk_free(&this->cookie2); | |
126 | this->cookie2 = chunk_clone(notify->get_notification_data(notify)); | |
127 | break; | |
128 | } | |
17d92e97 MW |
129 | case ADDITIONAL_IP6_ADDRESS: |
130 | { | |
131 | family = AF_INET6; | |
132 | /* fall through */ | |
133 | } | |
134 | case ADDITIONAL_IP4_ADDRESS: | |
135 | { | |
136 | if (first) | |
137 | { /* an ADDITIONAL_*_ADDRESS means replace, so flush once */ | |
94bbc602 | 138 | this->ike_sa->clear_peer_addresses(this->ike_sa); |
4cb9d7a7 | 139 | first = FALSE; |
2fe624cc TB |
140 | /* add the peer's current address to the list */ |
141 | host = this->ike_sa->get_other_host(this->ike_sa); | |
94bbc602 TB |
142 | this->ike_sa->add_peer_address(this->ike_sa, |
143 | host->clone(host)); | |
17d92e97 MW |
144 | } |
145 | data = notify->get_notification_data(notify); | |
146 | host = host_create_from_chunk(family, data, 0); | |
147 | DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host); | |
94bbc602 | 148 | this->ike_sa->add_peer_address(this->ike_sa, host); |
769c69fa | 149 | this->addresses_updated = TRUE; |
17d92e97 MW |
150 | break; |
151 | } | |
3bc62fe7 MW |
152 | case UPDATE_SA_ADDRESSES: |
153 | { | |
5474dc65 | 154 | this->update = TRUE; |
3bc62fe7 MW |
155 | break; |
156 | } | |
17d92e97 MW |
157 | case NO_ADDITIONAL_ADDRESSES: |
158 | { | |
94bbc602 | 159 | this->ike_sa->clear_peer_addresses(this->ike_sa); |
2fe624cc TB |
160 | /* add the peer's current address to the list */ |
161 | host = this->ike_sa->get_other_host(this->ike_sa); | |
94bbc602 | 162 | this->ike_sa->add_peer_address(this->ike_sa, host->clone(host)); |
769c69fa | 163 | this->addresses_updated = TRUE; |
17d92e97 MW |
164 | break; |
165 | } | |
fc2d1c42 MW |
166 | case NAT_DETECTION_SOURCE_IP: |
167 | case NAT_DETECTION_DESTINATION_IP: | |
168 | { | |
169 | /* NAT check in this MOBIKE exchange, create subtask for it */ | |
170 | if (this->natd == NULL) | |
171 | { | |
172 | this->natd = ike_natd_create(this->ike_sa, this->initiator); | |
173 | } | |
174 | break; | |
175 | } | |
17d92e97 MW |
176 | default: |
177 | break; | |
178 | } | |
179 | } | |
a44bb934 | 180 | enumerator->destroy(enumerator); |
17d92e97 MW |
181 | } |
182 | ||
183 | /** | |
184 | * Add ADDITIONAL_*_ADDRESS notifys depending on our address list | |
185 | */ | |
186 | static void build_address_list(private_ike_mobike_t *this, message_t *message) | |
187 | { | |
507f26f6 | 188 | enumerator_t *enumerator; |
17d92e97 MW |
189 | host_t *host, *me; |
190 | notify_type_t type; | |
a1466a3e | 191 | int added = 0; |
7daf5226 | 192 | |
17d92e97 | 193 | me = this->ike_sa->get_my_host(this->ike_sa); |
f6659688 TB |
194 | enumerator = hydra->kernel_interface->create_address_enumerator( |
195 | hydra->kernel_interface, FALSE, FALSE); | |
507f26f6 | 196 | while (enumerator->enumerate(enumerator, (void**)&host)) |
17d92e97 MW |
197 | { |
198 | if (me->ip_equals(me, host)) | |
199 | { /* "ADDITIONAL" means do not include IKE_SAs host */ | |
200 | continue; | |
201 | } | |
202 | switch (host->get_family(host)) | |
203 | { | |
204 | case AF_INET: | |
205 | type = ADDITIONAL_IP4_ADDRESS; | |
206 | break; | |
207 | case AF_INET6: | |
208 | type = ADDITIONAL_IP6_ADDRESS; | |
209 | break; | |
210 | default: | |
211 | continue; | |
212 | } | |
213 | message->add_notify(message, FALSE, type, host->get_address(host)); | |
a1466a3e MW |
214 | if (++added >= MAX_ADDITIONAL_ADDRS) |
215 | { /* limit number of notifys, some implementations do not like too | |
216 | * many of them (f.e. strongSwan ;-) */ | |
217 | break; | |
218 | } | |
17d92e97 | 219 | } |
a1466a3e | 220 | if (!added) |
17d92e97 MW |
221 | { |
222 | message->add_notify(message, FALSE, NO_ADDITIONAL_ADDRESSES, chunk_empty); | |
223 | } | |
507f26f6 | 224 | enumerator->destroy(enumerator); |
17d92e97 MW |
225 | } |
226 | ||
85a119bc | 227 | /** |
7daf5226 | 228 | * build a cookie and add it to the message |
85a119bc MW |
229 | */ |
230 | static void build_cookie(private_ike_mobike_t *this, message_t *message) | |
231 | { | |
232 | rng_t *rng; | |
233 | ||
234 | chunk_free(&this->cookie2); | |
235 | rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); | |
236 | if (rng) | |
237 | { | |
238 | rng->allocate_bytes(rng, COOKIE2_SIZE, &this->cookie2); | |
239 | rng->destroy(rng); | |
240 | message->add_notify(message, FALSE, COOKIE2, this->cookie2); | |
241 | } | |
242 | } | |
243 | ||
3bc62fe7 MW |
244 | /** |
245 | * update addresses of associated CHILD_SAs | |
246 | */ | |
247 | static void update_children(private_ike_mobike_t *this) | |
248 | { | |
4bbce1ef | 249 | enumerator_t *enumerator; |
3bc62fe7 | 250 | child_sa_t *child_sa; |
7daf5226 | 251 | |
4bbce1ef TB |
252 | enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); |
253 | while (enumerator->enumerate(enumerator, (void**)&child_sa)) | |
3bc62fe7 | 254 | { |
3aaf7908 | 255 | if (child_sa->update(child_sa, |
7daf5226 | 256 | this->ike_sa->get_my_host(this->ike_sa), |
ea625fab TB |
257 | this->ike_sa->get_other_host(this->ike_sa), |
258 | this->ike_sa->get_virtual_ip(this->ike_sa, TRUE), | |
259 | this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)) == NOT_SUPPORTED) | |
260 | { | |
261 | this->ike_sa->rekey_child_sa(this->ike_sa, | |
262 | child_sa->get_protocol(child_sa), | |
263 | child_sa->get_spi(child_sa, TRUE)); | |
264 | } | |
3bc62fe7 | 265 | } |
4bbce1ef | 266 | enumerator->destroy(enumerator); |
3bc62fe7 MW |
267 | } |
268 | ||
cc2eadde | 269 | /** |
be901342 | 270 | * Apply the port of the old host, if its ip equals the new, use port otherwise. |
cc2eadde | 271 | */ |
be901342 | 272 | static void apply_port(host_t *host, host_t *old, u_int16_t port) |
cc2eadde MW |
273 | { |
274 | if (host->ip_equals(host, old)) | |
275 | { | |
be901342 | 276 | port = old->get_port(old); |
cc2eadde | 277 | } |
be901342 | 278 | else if (port == IKEV2_UDP_PORT) |
cc2eadde | 279 | { |
be901342 | 280 | port = IKEV2_NATT_PORT; |
cc2eadde | 281 | } |
be901342 | 282 | host->set_port(host, port); |
cc2eadde MW |
283 | } |
284 | ||
c817e7bb TB |
285 | METHOD(ike_mobike_t, transmit, void, |
286 | private_ike_mobike_t *this, packet_t *packet) | |
5474dc65 MW |
287 | { |
288 | host_t *me, *other, *me_old, *other_old; | |
572abc6c | 289 | enumerator_t *enumerator; |
cc2eadde | 290 | ike_cfg_t *ike_cfg; |
5474dc65 | 291 | packet_t *copy; |
7daf5226 | 292 | |
5474dc65 MW |
293 | if (!this->check) |
294 | { | |
295 | return; | |
296 | } | |
297 | ||
298 | me_old = this->ike_sa->get_my_host(this->ike_sa); | |
299 | other_old = this->ike_sa->get_other_host(this->ike_sa); | |
cc2eadde | 300 | ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); |
7daf5226 | 301 | |
f6659688 TB |
302 | me = hydra->kernel_interface->get_source_addr( |
303 | hydra->kernel_interface, other_old, NULL); | |
5474dc65 MW |
304 | if (me) |
305 | { | |
be901342 | 306 | apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg)); |
387a6e6c MW |
307 | DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old); |
308 | copy = packet->clone(packet); | |
309 | copy->set_source(copy, me); | |
310 | charon->sender->send(charon->sender, copy); | |
5474dc65 | 311 | } |
7daf5226 | 312 | |
94bbc602 | 313 | enumerator = this->ike_sa->create_peer_address_enumerator(this->ike_sa); |
572abc6c | 314 | while (enumerator->enumerate(enumerator, (void**)&other)) |
5474dc65 | 315 | { |
f6659688 TB |
316 | me = hydra->kernel_interface->get_source_addr( |
317 | hydra->kernel_interface, other, NULL); | |
5474dc65 MW |
318 | if (me) |
319 | { | |
de3d65a1 MW |
320 | if (me->get_family(me) != other->get_family(other)) |
321 | { | |
322 | me->destroy(me); | |
323 | continue; | |
324 | } | |
5474dc65 | 325 | /* reuse port for an active address, 4500 otherwise */ |
be901342 | 326 | apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg)); |
5474dc65 | 327 | other = other->clone(other); |
be901342 | 328 | apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg)); |
d9d69536 | 329 | DBG1(DBG_IKE, "checking path %#H - %#H", me, other); |
5474dc65 MW |
330 | copy = packet->clone(packet); |
331 | copy->set_source(copy, me); | |
332 | copy->set_destination(copy, other); | |
333 | charon->sender->send(charon->sender, copy); | |
334 | } | |
335 | } | |
572abc6c | 336 | enumerator->destroy(enumerator); |
5474dc65 MW |
337 | } |
338 | ||
c817e7bb TB |
339 | METHOD(task_t, build_i, status_t, |
340 | private_ike_mobike_t *this, message_t *message) | |
17d92e97 | 341 | { |
31e7dc4d TB |
342 | if (message->get_exchange_type(message) == IKE_AUTH && |
343 | message->get_message_id(message) == 1) | |
a44bb934 | 344 | { /* only in first IKE_AUTH */ |
17d92e97 MW |
345 | message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty); |
346 | build_address_list(this, message); | |
347 | } | |
c8739590 | 348 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
3bc62fe7 | 349 | { |
f0974eb2 | 350 | host_t *old, *new; |
7daf5226 MW |
351 | |
352 | /* we check if the existing address is still valid */ | |
f0974eb2 | 353 | old = message->get_source(message); |
f6659688 | 354 | new = hydra->kernel_interface->get_source_addr(hydra->kernel_interface, |
f0974eb2 MW |
355 | message->get_destination(message), old); |
356 | if (new) | |
357 | { | |
358 | if (!new->ip_equals(new, old)) | |
359 | { | |
360 | new->set_port(new, old->get_port(old)); | |
361 | message->set_source(message, new); | |
362 | } | |
363 | else | |
364 | { | |
365 | new->destroy(new); | |
366 | } | |
367 | } | |
5474dc65 | 368 | if (this->update) |
fc2d1c42 | 369 | { |
31e7dc4d TB |
370 | message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES, |
371 | chunk_empty); | |
85a119bc | 372 | build_cookie(this, message); |
5474dc65 | 373 | update_children(this); |
fc2d1c42 | 374 | } |
1dbf0ed9 | 375 | if (this->address && !this->check) |
3bc62fe7 MW |
376 | { |
377 | build_address_list(this, message); | |
378 | } | |
5474dc65 MW |
379 | if (this->natd) |
380 | { | |
381 | this->natd->task.build(&this->natd->task, message); | |
382 | } | |
4cb9d7a7 | 383 | } |
17d92e97 MW |
384 | return NEED_MORE; |
385 | } | |
386 | ||
c817e7bb TB |
387 | METHOD(task_t, process_r, status_t, |
388 | private_ike_mobike_t *this, message_t *message) | |
4cb9d7a7 | 389 | { |
31e7dc4d TB |
390 | if (message->get_exchange_type(message) == IKE_AUTH && |
391 | message->get_message_id(message) == 1) | |
a44bb934 | 392 | { /* only first IKE_AUTH */ |
4cb9d7a7 MW |
393 | process_payloads(this, message); |
394 | } | |
fc2d1c42 MW |
395 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
396 | { | |
397 | process_payloads(this, message); | |
5474dc65 | 398 | if (this->update) |
3bc62fe7 MW |
399 | { |
400 | host_t *me, *other; | |
7daf5226 | 401 | |
3bc62fe7 MW |
402 | me = message->get_destination(message); |
403 | other = message->get_source(message); | |
404 | this->ike_sa->set_my_host(this->ike_sa, me->clone(me)); | |
405 | this->ike_sa->set_other_host(this->ike_sa, other->clone(other)); | |
406 | } | |
7daf5226 | 407 | |
fc2d1c42 MW |
408 | if (this->natd) |
409 | { | |
410 | this->natd->task.process(&this->natd->task, message); | |
411 | } | |
769c69fa TB |
412 | if (this->addresses_updated && this->ike_sa->has_condition(this->ike_sa, |
413 | COND_ORIGINAL_INITIATOR)) | |
414 | { | |
415 | host_t *other = message->get_source(message); | |
416 | host_t *other_old = this->ike_sa->get_other_host(this->ike_sa); | |
417 | if (!other->equals(other, other_old)) | |
418 | { | |
419 | DBG1(DBG_IKE, "remote address changed from %H to %H", other_old, | |
420 | other); | |
421 | this->ike_sa->set_other_host(this->ike_sa, other->clone(other)); | |
422 | this->update = TRUE; | |
423 | } | |
424 | } | |
fc2d1c42 | 425 | } |
17d92e97 MW |
426 | return NEED_MORE; |
427 | } | |
428 | ||
c817e7bb TB |
429 | METHOD(task_t, build_r, status_t, |
430 | private_ike_mobike_t *this, message_t *message) | |
17d92e97 MW |
431 | { |
432 | if (message->get_exchange_type(message) == IKE_AUTH && | |
b8249ff5 | 433 | this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) |
17d92e97 MW |
434 | { |
435 | if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) | |
436 | { | |
437 | message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty); | |
438 | build_address_list(this, message); | |
439 | } | |
440 | return SUCCESS; | |
441 | } | |
2b3100b5 MW |
442 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
443 | { | |
fc2d1c42 MW |
444 | if (this->natd) |
445 | { | |
446 | this->natd->task.build(&this->natd->task, message); | |
447 | } | |
85a119bc MW |
448 | if (this->cookie2.ptr) |
449 | { | |
450 | message->add_notify(message, FALSE, COOKIE2, this->cookie2); | |
451 | chunk_free(&this->cookie2); | |
452 | } | |
5474dc65 | 453 | if (this->update) |
3bc62fe7 MW |
454 | { |
455 | update_children(this); | |
456 | } | |
2b3100b5 MW |
457 | return SUCCESS; |
458 | } | |
17d92e97 MW |
459 | return NEED_MORE; |
460 | } | |
461 | ||
c817e7bb TB |
462 | METHOD(task_t, process_i, status_t, |
463 | private_ike_mobike_t *this, message_t *message) | |
17d92e97 MW |
464 | { |
465 | if (message->get_exchange_type(message) == IKE_AUTH && | |
b8249ff5 | 466 | this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) |
17d92e97 MW |
467 | { |
468 | process_payloads(this, message); | |
469 | return SUCCESS; | |
470 | } | |
2b3100b5 MW |
471 | else if (message->get_exchange_type(message) == INFORMATIONAL) |
472 | { | |
3bc62fe7 MW |
473 | u_int32_t updates = this->ike_sa->get_pending_updates(this->ike_sa) - 1; |
474 | this->ike_sa->set_pending_updates(this->ike_sa, updates); | |
475 | if (updates > 0) | |
476 | { | |
477 | /* newer update queued, ignore this one */ | |
478 | return SUCCESS; | |
479 | } | |
85a119bc | 480 | if (this->cookie2.ptr) |
9d9a772e | 481 | { /* check cookie if we included one */ |
85a119bc | 482 | chunk_t cookie2; |
7daf5226 | 483 | |
85a119bc MW |
484 | cookie2 = this->cookie2; |
485 | this->cookie2 = chunk_empty; | |
486 | process_payloads(this, message); | |
487 | if (!chunk_equals(cookie2, this->cookie2)) | |
488 | { | |
489 | chunk_free(&cookie2); | |
490 | DBG1(DBG_IKE, "COOKIE2 mismatch, closing IKE_SA"); | |
491 | return FAILED; | |
492 | } | |
493 | chunk_free(&cookie2); | |
494 | } | |
495 | else | |
496 | { | |
497 | process_payloads(this, message); | |
498 | } | |
fc2d1c42 MW |
499 | if (this->natd) |
500 | { | |
501 | this->natd->task.process(&this->natd->task, message); | |
9d9a772e MW |
502 | if (this->natd->has_mapping_changed(this->natd)) |
503 | { | |
504 | /* force an update if mappings have changed */ | |
505 | this->update = this->check = TRUE; | |
506 | DBG1(DBG_IKE, "detected changes in NAT mappings, " | |
507 | "initiating MOBIKE update"); | |
508 | } | |
fc2d1c42 | 509 | } |
5474dc65 | 510 | if (this->update) |
3bc62fe7 MW |
511 | { |
512 | /* update again, as NAT state may have changed */ | |
513 | update_children(this); | |
514 | } | |
5474dc65 MW |
515 | if (this->check) |
516 | { | |
517 | host_t *me_new, *me_old, *other_new, *other_old; | |
7daf5226 | 518 | |
5474dc65 MW |
519 | me_new = message->get_destination(message); |
520 | other_new = message->get_source(message); | |
521 | me_old = this->ike_sa->get_my_host(this->ike_sa); | |
522 | other_old = this->ike_sa->get_other_host(this->ike_sa); | |
7daf5226 | 523 | |
5474dc65 MW |
524 | if (!me_new->equals(me_new, me_old)) |
525 | { | |
526 | this->update = TRUE; | |
527 | this->ike_sa->set_my_host(this->ike_sa, me_new->clone(me_new)); | |
7daf5226 | 528 | } |
5474dc65 MW |
529 | if (!other_new->equals(other_new, other_old)) |
530 | { | |
531 | this->update = TRUE; | |
532 | this->ike_sa->set_other_host(this->ike_sa, other_new->clone(other_new)); | |
533 | } | |
534 | if (this->update) | |
535 | { | |
1dbf0ed9 | 536 | /* use the same task to ... */ |
c5770f86 TB |
537 | if (!this->ike_sa->has_condition(this->ike_sa, |
538 | COND_ORIGINAL_INITIATOR)) | |
1dbf0ed9 | 539 | { /*... send an updated list of addresses as responder */ |
c5770f86 | 540 | update_children(this); |
1dbf0ed9 | 541 | this->update = FALSE; |
c5770f86 | 542 | } |
1dbf0ed9 TB |
543 | else |
544 | { /* ... send the update as original initiator */ | |
545 | if (this->natd) | |
546 | { | |
547 | this->natd->task.destroy(&this->natd->task); | |
548 | } | |
549 | this->natd = ike_natd_create(this->ike_sa, this->initiator); | |
12d4186f | 550 | } |
1dbf0ed9 | 551 | this->check = FALSE; |
5474dc65 MW |
552 | this->ike_sa->set_pending_updates(this->ike_sa, 1); |
553 | return NEED_MORE; | |
554 | } | |
555 | } | |
2b3100b5 MW |
556 | return SUCCESS; |
557 | } | |
17d92e97 MW |
558 | return NEED_MORE; |
559 | } | |
560 | ||
13876431 TB |
561 | METHOD(ike_mobike_t, addresses, void, |
562 | private_ike_mobike_t *this) | |
563 | { | |
564 | this->address = TRUE; | |
565 | this->ike_sa->set_pending_updates(this->ike_sa, | |
566 | this->ike_sa->get_pending_updates(this->ike_sa) + 1); | |
567 | } | |
568 | ||
c817e7bb TB |
569 | METHOD(ike_mobike_t, roam, void, |
570 | private_ike_mobike_t *this, bool address) | |
17d92e97 | 571 | { |
5474dc65 | 572 | this->check = TRUE; |
3bc62fe7 | 573 | this->address = address; |
7daf5226 | 574 | this->ike_sa->set_pending_updates(this->ike_sa, |
c817e7bb | 575 | this->ike_sa->get_pending_updates(this->ike_sa) + 1); |
17d92e97 MW |
576 | } |
577 | ||
c817e7bb TB |
578 | METHOD(ike_mobike_t, dpd, void, |
579 | private_ike_mobike_t *this) | |
9d9a772e MW |
580 | { |
581 | if (!this->natd) | |
582 | { | |
583 | this->natd = ike_natd_create(this->ike_sa, this->initiator); | |
584 | } | |
7daf5226 | 585 | this->ike_sa->set_pending_updates(this->ike_sa, |
c817e7bb | 586 | this->ike_sa->get_pending_updates(this->ike_sa) + 1); |
9d9a772e MW |
587 | } |
588 | ||
c817e7bb TB |
589 | METHOD(ike_mobike_t, is_probing, bool, |
590 | private_ike_mobike_t *this) | |
f215e919 MW |
591 | { |
592 | return this->check; | |
593 | } | |
594 | ||
c817e7bb TB |
595 | METHOD(task_t, get_type, task_type_t, |
596 | private_ike_mobike_t *this) | |
17d92e97 MW |
597 | { |
598 | return IKE_MOBIKE; | |
599 | } | |
600 | ||
c817e7bb TB |
601 | METHOD(task_t, migrate, void, |
602 | private_ike_mobike_t *this, ike_sa_t *ike_sa) | |
17d92e97 | 603 | { |
4cb9d7a7 | 604 | chunk_free(&this->cookie2); |
17d92e97 | 605 | this->ike_sa = ike_sa; |
4cb9d7a7 MW |
606 | if (this->natd) |
607 | { | |
608 | this->natd->task.migrate(&this->natd->task, ike_sa); | |
609 | } | |
17d92e97 MW |
610 | } |
611 | ||
c817e7bb TB |
612 | METHOD(task_t, destroy, void, |
613 | private_ike_mobike_t *this) | |
17d92e97 | 614 | { |
4cb9d7a7 MW |
615 | chunk_free(&this->cookie2); |
616 | if (this->natd) | |
617 | { | |
618 | this->natd->task.destroy(&this->natd->task); | |
619 | } | |
17d92e97 MW |
620 | free(this); |
621 | } | |
622 | ||
623 | /* | |
624 | * Described in header. | |
625 | */ | |
626 | ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator) | |
627 | { | |
c817e7bb TB |
628 | private_ike_mobike_t *this; |
629 | ||
630 | INIT(this, | |
631 | .public = { | |
632 | .task = { | |
633 | .get_type = _get_type, | |
634 | .migrate = _migrate, | |
635 | .destroy = _destroy, | |
636 | }, | |
13876431 | 637 | .addresses = _addresses, |
c817e7bb TB |
638 | .roam = _roam, |
639 | .dpd = _dpd, | |
640 | .transmit = _transmit, | |
641 | .is_probing = _is_probing, | |
642 | }, | |
643 | .ike_sa = ike_sa, | |
644 | .initiator = initiator, | |
c817e7bb | 645 | ); |
7daf5226 | 646 | |
17d92e97 MW |
647 | if (initiator) |
648 | { | |
c817e7bb TB |
649 | this->public.task.build = _build_i; |
650 | this->public.task.process = _process_i; | |
17d92e97 MW |
651 | } |
652 | else | |
653 | { | |
c817e7bb TB |
654 | this->public.task.build = _build_r; |
655 | this->public.task.process = _process_r; | |
17d92e97 | 656 | } |
7daf5226 | 657 | |
17d92e97 MW |
658 | return &this->public; |
659 | } | |
660 |