]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/sa/ikev2/task_manager_v2.c
projects / thirdparty / strongswan.git / blob
? search:


2438616dbaa476921c0c113c182dc4384c938b8c
[thirdparty/strongswan.git] / src / libcharon / sa / ikev2 / task_manager_v2.c
1 /*
2 * Copyright (C) 2007-2018 Tobias Brunner
3 * Copyright (C) 2007-2010 Martin Willi
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "task_manager_v2.h"
18
19 #include <math.h>
20
21 #include <collections/array.h>
22 #include <daemon.h>
23 #include <sa/ikev2/tasks/ike_init.h>
24 #include <sa/ikev2/tasks/ike_natd.h>
25 #include <sa/ikev2/tasks/ike_mobike.h>
26 #include <sa/ikev2/tasks/ike_auth.h>
27 #include <sa/ikev2/tasks/ike_auth_lifetime.h>
28 #include <sa/ikev2/tasks/ike_cert_pre.h>
29 #include <sa/ikev2/tasks/ike_cert_post.h>
30 #include <sa/ikev2/tasks/ike_rekey.h>
31 #include <sa/ikev2/tasks/ike_reauth.h>
32 #include <sa/ikev2/tasks/ike_reauth_complete.h>
33 #include <sa/ikev2/tasks/ike_redirect.h>
34 #include <sa/ikev2/tasks/ike_delete.h>
35 #include <sa/ikev2/tasks/ike_config.h>
36 #include <sa/ikev2/tasks/ike_dpd.h>
37 #include <sa/ikev2/tasks/ike_mid_sync.h>
38 #include <sa/ikev2/tasks/ike_vendor.h>
39 #include <sa/ikev2/tasks/ike_verify_peer_cert.h>
40 #include <sa/ikev2/tasks/child_create.h>
41 #include <sa/ikev2/tasks/child_rekey.h>
42 #include <sa/ikev2/tasks/child_delete.h>
43 #include <encoding/payloads/delete_payload.h>
44 #include <encoding/payloads/unknown_payload.h>
45 #include <processing/jobs/retransmit_job.h>
46 #include <processing/jobs/delete_ike_sa_job.h>
47 #include <processing/jobs/initiate_tasks_job.h>
48
49 #ifdef ME
50 #include <sa/ikev2/tasks/ike_me.h>
51 #endif
52
53 typedef struct private_task_manager_t private_task_manager_t;
54 typedef struct queued_task_t queued_task_t;
55
56 /**
57 * private data of the task manager
58 */
59 struct private_task_manager_t {
60
61 /**
62 * public functions
63 */
64 task_manager_v2_t public;
65
66 /**
67 * associated IKE_SA we are serving
68 */
69 ike_sa_t *ike_sa;
70
71 /**
72 * Exchange we are currently handling as responder
73 */
74 struct {
75 /**
76 * Message ID of the exchange
77 */
78 uint32_t mid;
79
80 /**
81 * packet(s) for retransmission
82 */
83 array_t *packets;
84
85 /**
86 * Helper to defragment the request
87 */
88 message_t *defrag;
89
90 } responding;
91
92 /**
93 * Exchange we are currently handling as initiator
94 */
95 struct {
96 /**
97 * Message ID of the exchange
98 */
99 uint32_t mid;
100
101 /**
102 * how many times we have retransmitted so far
103 */
104 u_int retransmitted;
105
106 /**
107 * packet(s) for retransmission
108 */
109 array_t *packets;
110
111 /**
112 * type of the initated exchange
113 */
114 exchange_type_t type;
115
116 /**
117 * TRUE if exchange was deferred because no path was available
118 */
119 bool deferred;
120
121 /**
122 * Helper to defragment the response
123 */
124 message_t *defrag;
125
126 } initiating;
127
128 /**
129 * Array of queued tasks not yet in action
130 */
131 array_t *queued_tasks;
132
133 /**
134 * Array of active tasks, initiated by ourselves
135 */
136 array_t *active_tasks;
137
138 /**
139 * Array of tasks initiated by peer
140 */
141 array_t *passive_tasks;
142
143 /**
144 * the task manager has been reset
145 */
146 bool reset;
147
148 /**
149 * Number of times we retransmit messages before giving up
150 */
151 u_int retransmit_tries;
152
153 /**
154 * Retransmission timeout
155 */
156 double retransmit_timeout;
157
158 /**
159 * Base to calculate retransmission timeout
160 */
161 double retransmit_base;
162
163 /**
164 * Jitter to apply to calculated retransmit timeout (in percent)
165 */
166 u_int retransmit_jitter;
167
168 /**
169 * Limit retransmit timeout to this value
170 */
171 uint32_t retransmit_limit;
172
173 /**
174 * Use make-before-break instead of break-before-make reauth?
175 */
176 bool make_before_break;
177 };
178
179 /**
180 * Queued tasks
181 */
182 struct queued_task_t {
183
184 /**
185 * Queued task
186 */
187 task_t *task;
188
189 /**
190 * Time before which the task is not to be initiated
191 */
192 timeval_t time;
193 };
194
195 /**
196 * Reset retransmission packet list
197 */
198 static void clear_packets(array_t *array)
199 {
200 packet_t *packet;
201
202 while (array_remove(array, ARRAY_TAIL, &packet))
203 {
204 packet->destroy(packet);
205 }
206 }
207
208 METHOD(task_manager_t, flush_queue, void,
209 private_task_manager_t *this, task_queue_t queue)
210 {
211 array_t *array;
212 task_t *task;
213
214 switch (queue)
215 {
216 case TASK_QUEUE_ACTIVE:
217 array = this->active_tasks;
218 break;
219 case TASK_QUEUE_PASSIVE:
220 array = this->passive_tasks;
221 break;
222 case TASK_QUEUE_QUEUED:
223 array = this->queued_tasks;
224 break;
225 default:
226 return;
227 }
228 while (array_remove(array, ARRAY_TAIL, &task))
229 {
230 if (queue == TASK_QUEUE_QUEUED)
231 {
232 queued_task_t *queued = (queued_task_t*)task;
233 task = queued->task;
234 free(queued);
235 }
236 task->destroy(task);
237 }
238 }
239
240 METHOD(task_manager_t, flush, void,
241 private_task_manager_t *this)
242 {
243 flush_queue(this, TASK_QUEUE_QUEUED);
244 flush_queue(this, TASK_QUEUE_PASSIVE);
245 flush_queue(this, TASK_QUEUE_ACTIVE);
246 }
247
248 /**
249 * Move a task of a specific type from the queue to the active list, if it is
250 * not delayed.
251 */
252 static bool activate_task(private_task_manager_t *this, task_type_t type)
253 {
254 enumerator_t *enumerator;
255 queued_task_t *queued;
256 timeval_t now;
257 bool found = FALSE;
258
259 time_monotonic(&now);
260
261 enumerator = array_create_enumerator(this->queued_tasks);
262 while (enumerator->enumerate(enumerator, (void**)&queued))
263 {
264 if (queued->task->get_type(queued->task) == type &&
265 !timercmp(&now, &queued->time, <))
266 {
267 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
268 array_remove_at(this->queued_tasks, enumerator);
269 array_insert(this->active_tasks, ARRAY_TAIL, queued->task);
270 free(queued);
271 found = TRUE;
272 break;
273 }
274 }
275 enumerator->destroy(enumerator);
276 return found;
277 }
278
279 /**
280 * Send packets in the given array (they get cloned). Optionally, the
281 * source and destination addresses are changed before sending it.
282 */
283 static void send_packets(private_task_manager_t *this, array_t *packets,
284 host_t *src, host_t *dst)
285 {
286 packet_t *packet, *clone;
287 int i;
288
289 for (i = 0; i < array_count(packets); i++)
290 {
291 array_get(packets, i, &packet);
292 clone = packet->clone(packet);
293 if (src)
294 {
295 clone->set_source(clone, src->clone(src));
296 }
297 if (dst)
298 {
299 clone->set_destination(clone, dst->clone(dst));
300 }
301 charon->sender->send(charon->sender, clone);
302 }
303 }
304
305 /**
306 * Generates the given message and stores packet(s) in the given array
307 */
308 static bool generate_message(private_task_manager_t *this, message_t *message,
309 array_t **packets)
310 {
311 enumerator_t *fragments;
312 packet_t *fragment;
313
314 if (this->ike_sa->generate_message_fragmented(this->ike_sa, message,
315 &fragments) != SUCCESS)
316 {
317 return FALSE;
318 }
319 while (fragments->enumerate(fragments, &fragment))
320 {
321 array_insert_create(packets, ARRAY_TAIL, fragment);
322 }
323 fragments->destroy(fragments);
324 array_compress(*packets);
325 return TRUE;
326 }
327
328 METHOD(task_manager_t, retransmit, status_t,
329 private_task_manager_t *this, uint32_t message_id)
330 {
331 if (message_id == this->initiating.mid &&
332 array_count(this->initiating.packets))
333 {
334 uint32_t timeout, max_jitter;
335 job_t *job;
336 enumerator_t *enumerator;
337 packet_t *packet;
338 task_t *task;
339 ike_mobike_t *mobike = NULL;
340
341 array_get(this->initiating.packets, 0, &packet);
342
343 /* check if we are retransmitting a MOBIKE routability check */
344 if (this->initiating.type == INFORMATIONAL)
345 {
346 enumerator = array_create_enumerator(this->active_tasks);
347 while (enumerator->enumerate(enumerator, (void*)&task))
348 {
349 if (task->get_type(task) == TASK_IKE_MOBIKE)
350 {
351 mobike = (ike_mobike_t*)task;
352 break;
353 }
354 }
355 enumerator->destroy(enumerator);
356 }
357
358 if (!mobike || !mobike->is_probing(mobike))
359 {
360 if (this->initiating.retransmitted <= this->retransmit_tries)
361 {
362 timeout = (uint32_t)(this->retransmit_timeout * 1000.0 *
363 pow(this->retransmit_base, this->initiating.retransmitted));
364
365 if (this->retransmit_limit)
366 {
367 timeout = min(timeout, this->retransmit_limit);
368 }
369 if (this->retransmit_jitter)
370 {
371 max_jitter = (timeout / 100.0) * this->retransmit_jitter;
372 timeout -= max_jitter * (random() / (RAND_MAX + 1.0));
373 }
374 }
375 else
376 {
377 DBG1(DBG_IKE, "giving up after %d retransmits",
378 this->initiating.retransmitted - 1);
379 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT,
380 packet);
381 return DESTROY_ME;
382 }
383
384 if (this->initiating.retransmitted)
385 {
386 DBG1(DBG_IKE, "retransmit %d of request with message ID %d",
387 this->initiating.retransmitted, message_id);
388 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet,
389 this->initiating.retransmitted);
390 }
391 if (!mobike)
392 {
393 send_packets(this, this->initiating.packets,
394 this->ike_sa->get_my_host(this->ike_sa),
395 this->ike_sa->get_other_host(this->ike_sa));
396 }
397 else
398 {
399 if (!mobike->transmit(mobike, packet))
400 {
401 DBG1(DBG_IKE, "no route found to reach peer, MOBIKE update "
402 "deferred");
403 this->ike_sa->set_condition(this->ike_sa, COND_STALE, TRUE);
404 this->initiating.deferred = TRUE;
405 return SUCCESS;
406 }
407 else if (mobike->is_probing(mobike))
408 {
409 timeout = ROUTEABILITY_CHECK_INTERVAL;
410 }
411 }
412 }
413 else
414 { /* for routeability checks, we use a more aggressive behavior */
415 if (this->initiating.retransmitted <= ROUTEABILITY_CHECK_TRIES)
416 {
417 timeout = ROUTEABILITY_CHECK_INTERVAL;
418 }
419 else
420 {
421 DBG1(DBG_IKE, "giving up after %d path probings",
422 this->initiating.retransmitted - 1);
423 return DESTROY_ME;
424 }
425
426 if (this->initiating.retransmitted)
427 {
428 DBG1(DBG_IKE, "path probing attempt %d",
429 this->initiating.retransmitted);
430 }
431 /* TODO-FRAG: presumably these small packets are not fragmented,
432 * we should maybe ensure this is the case when generating them */
433 if (!mobike->transmit(mobike, packet))
434 {
435 DBG1(DBG_IKE, "no route found to reach peer, path probing "
436 "deferred");
437 this->ike_sa->set_condition(this->ike_sa, COND_STALE, TRUE);
438 this->initiating.deferred = TRUE;
439 return SUCCESS;
440 }
441 }
442
443 this->initiating.retransmitted++;
444 job = (job_t*)retransmit_job_create(this->initiating.mid,
445 this->ike_sa->get_id(this->ike_sa));
446 lib->scheduler->schedule_job_ms(lib->scheduler, job, timeout);
447 }
448 return SUCCESS;
449 }
450
451 METHOD(task_manager_t, initiate, status_t,
452 private_task_manager_t *this)
453 {
454 enumerator_t *enumerator;
455 task_t *task;
456 message_t *message;
457 host_t *me, *other;
458 exchange_type_t exchange = 0;
459
460 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
461 {
462 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
463 exchange_type_names, this->initiating.type);
464 /* do not initiate if we already have a message in the air */
465 if (this->initiating.deferred)
466 { /* re-initiate deferred exchange */
467 this->initiating.deferred = FALSE;
468 this->initiating.retransmitted = 0;
469 return retransmit(this, this->initiating.mid);
470 }
471 return SUCCESS;
472 }
473
474 if (array_count(this->active_tasks) == 0)
475 {
476 DBG2(DBG_IKE, "activating new tasks");
477 switch (this->ike_sa->get_state(this->ike_sa))
478 {
479 case IKE_CREATED:
480 activate_task(this, TASK_IKE_VENDOR);
481 if (activate_task(this, TASK_IKE_INIT))
482 {
483 this->initiating.mid = 0;
484 exchange = IKE_SA_INIT;
485 activate_task(this, TASK_IKE_NATD);
486 activate_task(this, TASK_IKE_CERT_PRE);
487 #ifdef ME
488 /* this task has to be activated before the TASK_IKE_AUTH
489 * task, because that task pregenerates the packet after
490 * which no payloads can be added to the message anymore.
491 */
492 activate_task(this, TASK_IKE_ME);
493 #endif /* ME */
494 activate_task(this, TASK_IKE_AUTH);
495 activate_task(this, TASK_IKE_CERT_POST);
496 activate_task(this, TASK_IKE_CONFIG);
497 activate_task(this, TASK_CHILD_CREATE);
498 activate_task(this, TASK_IKE_AUTH_LIFETIME);
499 activate_task(this, TASK_IKE_MOBIKE);
500 }
501 break;
502 case IKE_ESTABLISHED:
503 if (activate_task(this, TASK_IKE_MOBIKE))
504 {
505 exchange = INFORMATIONAL;
506 break;
507 }
508 if (activate_task(this, TASK_IKE_DELETE))
509 {
510 exchange = INFORMATIONAL;
511 break;
512 }
513 if (activate_task(this, TASK_IKE_REDIRECT))
514 {
515 exchange = INFORMATIONAL;
516 break;
517 }
518 if (activate_task(this, TASK_CHILD_DELETE))
519 {
520 exchange = INFORMATIONAL;
521 break;
522 }
523 if (activate_task(this, TASK_IKE_REAUTH))
524 {
525 exchange = INFORMATIONAL;
526 break;
527 }
528 if (activate_task(this, TASK_CHILD_CREATE))
529 {
530 exchange = CREATE_CHILD_SA;
531 break;
532 }
533 if (activate_task(this, TASK_CHILD_REKEY))
534 {
535 exchange = CREATE_CHILD_SA;
536 break;
537 }
538 if (activate_task(this, TASK_IKE_REKEY))
539 {
540 exchange = CREATE_CHILD_SA;
541 break;
542 }
543 if (activate_task(this, TASK_IKE_DPD))
544 {
545 exchange = INFORMATIONAL;
546 break;
547 }
548 if (activate_task(this, TASK_IKE_AUTH_LIFETIME))
549 {
550 exchange = INFORMATIONAL;
551 break;
552 }
553 #ifdef ME
554 if (activate_task(this, TASK_IKE_ME))
555 {
556 exchange = ME_CONNECT;
557 break;
558 }
559 #endif /* ME */
560 if (activate_task(this, TASK_IKE_REAUTH_COMPLETE))
561 {
562 exchange = INFORMATIONAL;
563 break;
564 }
565 if (activate_task(this, TASK_IKE_VERIFY_PEER_CERT))
566 {
567 exchange = INFORMATIONAL;
568 break;
569 }
570 case IKE_REKEYING:
571 case IKE_REKEYED:
572 if (activate_task(this, TASK_IKE_DELETE))
573 {
574 exchange = INFORMATIONAL;
575 break;
576 }
577 case IKE_DELETING:
578 default:
579 break;
580 }
581 }
582 else
583 {
584 DBG2(DBG_IKE, "reinitiating already active tasks");
585 enumerator = array_create_enumerator(this->active_tasks);
586 while (enumerator->enumerate(enumerator, &task))
587 {
588 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
589 switch (task->get_type(task))
590 {
591 case TASK_IKE_INIT:
592 exchange = IKE_SA_INIT;
593 break;
594 case TASK_IKE_AUTH:
595 exchange = IKE_AUTH;
596 break;
597 case TASK_CHILD_CREATE:
598 case TASK_CHILD_REKEY:
599 case TASK_IKE_REKEY:
600 exchange = CREATE_CHILD_SA;
601 break;
602 case TASK_IKE_MOBIKE:
603 exchange = INFORMATIONAL;
604 break;
605 default:
606 continue;
607 }
608 break;
609 }
610 enumerator->destroy(enumerator);
611 }
612
613 if (exchange == 0)
614 {
615 DBG2(DBG_IKE, "nothing to initiate");
616 /* nothing to do yet... */
617 return SUCCESS;
618 }
619
620 me = this->ike_sa->get_my_host(this->ike_sa);
621 other = this->ike_sa->get_other_host(this->ike_sa);
622
623 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
624 message->set_message_id(message, this->initiating.mid);
625 message->set_source(message, me->clone(me));
626 message->set_destination(message, other->clone(other));
627 message->set_exchange_type(message, exchange);
628 this->initiating.type = exchange;
629 this->initiating.retransmitted = 0;
630 this->initiating.deferred = FALSE;
631
632 enumerator = array_create_enumerator(this->active_tasks);
633 while (enumerator->enumerate(enumerator, &task))
634 {
635 switch (task->build(task, message))
636 {
637 case SUCCESS:
638 /* task completed, remove it */
639 array_remove_at(this->active_tasks, enumerator);
640 task->destroy(task);
641 break;
642 case NEED_MORE:
643 /* processed, but task needs another exchange */
644 break;
645 case FAILED:
646 default:
647 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
648 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING &&
649 this->ike_sa->get_state(this->ike_sa) != IKE_REKEYED)
650 {
651 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
652 }
653 /* FALL */
654 case DESTROY_ME:
655 /* critical failure, destroy IKE_SA */
656 enumerator->destroy(enumerator);
657 message->destroy(message);
658 flush(this);
659 return DESTROY_ME;
660 }
661 }
662 enumerator->destroy(enumerator);
663
664 /* update exchange type if a task changed it */
665 this->initiating.type = message->get_exchange_type(message);
666 if (this->initiating.type == EXCHANGE_TYPE_UNDEFINED)
667 {
668 message->destroy(message);
669 return initiate(this);
670 }
671
672 if (!generate_message(this, message, &this->initiating.packets))
673 {
674 /* message generation failed. There is nothing more to do than to
675 * close the SA */
676 message->destroy(message);
677 flush(this);
678 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
679 return DESTROY_ME;
680 }
681 message->destroy(message);
682
683 array_compress(this->active_tasks);
684 array_compress(this->queued_tasks);
685
686 return retransmit(this, this->initiating.mid);
687 }
688
689 /**
690 * handle an incoming response message
691 */
692 static status_t process_response(private_task_manager_t *this,
693 message_t *message)
694 {
695 enumerator_t *enumerator;
696 task_t *task;
697
698 if (message->get_exchange_type(message) != this->initiating.type)
699 {
700 DBG1(DBG_IKE, "received %N response, but expected %N",
701 exchange_type_names, message->get_exchange_type(message),
702 exchange_type_names, this->initiating.type);
703 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
704 return DESTROY_ME;
705 }
706
707 enumerator = array_create_enumerator(this->active_tasks);
708 while (enumerator->enumerate(enumerator, &task))
709 {
710 if (!task->pre_process)
711 {
712 continue;
713 }
714 switch (task->pre_process(task, message))
715 {
716 case SUCCESS:
717 break;
718 case FAILED:
719 default:
720 /* just ignore the message */
721 DBG1(DBG_IKE, "ignore invalid %N response",
722 exchange_type_names, message->get_exchange_type(message));
723 enumerator->destroy(enumerator);
724 return SUCCESS;
725 case DESTROY_ME:
726 /* critical failure, destroy IKE_SA */
727 enumerator->destroy(enumerator);
728 return DESTROY_ME;
729 }
730 }
731 enumerator->destroy(enumerator);
732
733 if (this->initiating.retransmitted > 1)
734 {
735 packet_t *packet = NULL;
736 array_get(this->initiating.packets, 0, &packet);
737 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet);
738 }
739
740 /* catch if we get resetted while processing */
741 this->reset = FALSE;
742 enumerator = array_create_enumerator(this->active_tasks);
743 while (enumerator->enumerate(enumerator, &task))
744 {
745 switch (task->process(task, message))
746 {
747 case SUCCESS:
748 /* task completed, remove it */
749 array_remove_at(this->active_tasks, enumerator);
750 task->destroy(task);
751 break;
752 case NEED_MORE:
753 /* processed, but task needs another exchange */
754 break;
755 case FAILED:
756 default:
757 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
758 /* FALL */
759 case DESTROY_ME:
760 /* critical failure, destroy IKE_SA */
761 array_remove_at(this->active_tasks, enumerator);
762 enumerator->destroy(enumerator);
763 task->destroy(task);
764 return DESTROY_ME;
765 }
766 if (this->reset)
767 { /* start all over again if we were reset */
768 this->reset = FALSE;
769 enumerator->destroy(enumerator);
770 return initiate(this);
771 }
772 }
773 enumerator->destroy(enumerator);
774
775 this->initiating.mid++;
776 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
777 clear_packets(this->initiating.packets);
778
779 array_compress(this->active_tasks);
780
781 return initiate(this);
782 }
783
784 /**
785 * handle exchange collisions
786 */
787 static bool handle_collisions(private_task_manager_t *this, task_t *task)
788 {
789 enumerator_t *enumerator;
790 task_t *active;
791 task_type_t type;
792
793 type = task->get_type(task);
794
795 /* do we have to check */
796 if (type == TASK_IKE_REKEY || type == TASK_CHILD_REKEY ||
797 type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE)
798 {
799 /* find an exchange collision, and notify these tasks */
800 enumerator = array_create_enumerator(this->active_tasks);
801 while (enumerator->enumerate(enumerator, &active))
802 {
803 switch (active->get_type(active))
804 {
805 case TASK_IKE_REKEY:
806 if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE)
807 {
808 ike_rekey_t *rekey = (ike_rekey_t*)active;
809 rekey->collide(rekey, task);
810 break;
811 }
812 continue;
813 case TASK_CHILD_REKEY:
814 if (type == TASK_CHILD_REKEY || type == TASK_CHILD_DELETE)
815 {
816 child_rekey_t *rekey = (child_rekey_t*)active;
817 rekey->collide(rekey, task);
818 break;
819 }
820 continue;
821 default:
822 continue;
823 }
824 enumerator->destroy(enumerator);
825 return TRUE;
826 }
827 enumerator->destroy(enumerator);
828 }
829 return FALSE;
830 }
831
832 /**
833 * build a response depending on the "passive" task list
834 */
835 static status_t build_response(private_task_manager_t *this, message_t *request)
836 {
837 enumerator_t *enumerator;
838 task_t *task;
839 message_t *message;
840 host_t *me, *other;
841 bool delete = FALSE, hook = FALSE, mid_sync = FALSE;
842 ike_sa_id_t *id = NULL;
843 uint64_t responder_spi = 0;
844 bool result;
845
846 me = request->get_destination(request);
847 other = request->get_source(request);
848
849 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
850 message->set_exchange_type(message, request->get_exchange_type(request));
851 /* send response along the path the request came in */
852 message->set_source(message, me->clone(me));
853 message->set_destination(message, other->clone(other));
854 message->set_message_id(message, this->responding.mid);
855 message->set_request(message, FALSE);
856
857 enumerator = array_create_enumerator(this->passive_tasks);
858 while (enumerator->enumerate(enumerator, (void*)&task))
859 {
860 if (task->get_type(task) == TASK_IKE_MID_SYNC)
861 {
862 mid_sync = TRUE;
863 }
864 switch (task->build(task, message))
865 {
866 case SUCCESS:
867 /* task completed, remove it */
868 array_remove_at(this->passive_tasks, enumerator);
869 if (!handle_collisions(this, task))
870 {
871 task->destroy(task);
872 }
873 break;
874 case NEED_MORE:
875 /* processed, but task needs another exchange */
876 if (handle_collisions(this, task))
877 {
878 array_remove_at(this->passive_tasks, enumerator);
879 }
880 break;
881 case FAILED:
882 default:
883 hook = TRUE;
884 /* FALL */
885 case DESTROY_ME:
886 /* destroy IKE_SA, but SEND response first */
887 if (handle_collisions(this, task))
888 {
889 array_remove_at(this->passive_tasks, enumerator);
890 }
891 delete = TRUE;
892 break;
893 }
894 if (delete)
895 {
896 break;
897 }
898 }
899 enumerator->destroy(enumerator);
900
901 /* RFC 5996, section 2.6 mentions that in the event of a failure during
902 * IKE_SA_INIT the responder's SPI will be 0 in the response, while it
903 * actually explicitly allows it to be non-zero. Since we use the responder
904 * SPI to create hashes in the IKE_SA manager we can only set the SPI to
905 * zero temporarily, otherwise checking the SA in would fail. */
906 if (delete && request->get_exchange_type(request) == IKE_SA_INIT)
907 {
908 id = this->ike_sa->get_id(this->ike_sa);
909 responder_spi = id->get_responder_spi(id);
910 id->set_responder_spi(id, 0);
911 }
912
913 /* message complete, send it */
914 clear_packets(this->responding.packets);
915 result = generate_message(this, message, &this->responding.packets);
916 message->destroy(message);
917 if (id)
918 {
919 id->set_responder_spi(id, responder_spi);
920 }
921 if (!result)
922 {
923 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
924 return DESTROY_ME;
925 }
926
927 send_packets(this, this->responding.packets, NULL, NULL);
928 if (delete)
929 {
930 if (hook)
931 {
932 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
933 }
934 return DESTROY_ME;
935 }
936 else if (mid_sync)
937 {
938 /* we don't want to resend messages to sync MIDs if requests with the
939 * previous MID arrive */
940 clear_packets(this->responding.packets);
941 /* avoid increasing the expected message ID after handling a message
942 * to sync MIDs with MID 0 */
943 return NEED_MORE;
944 }
945
946 array_compress(this->passive_tasks);
947
948 return SUCCESS;
949 }
950
951 /**
952 * handle an incoming request message
953 */
954 static status_t process_request(private_task_manager_t *this,
955 message_t *message)
956 {
957 enumerator_t *enumerator;
958 task_t *task = NULL;
959 payload_t *payload;
960 notify_payload_t *notify;
961 delete_payload_t *delete;
962 ike_sa_state_t state;
963
964 if (array_count(this->passive_tasks) == 0)
965 { /* create tasks depending on request type, if not already some queued */
966 state = this->ike_sa->get_state(this->ike_sa);
967 switch (message->get_exchange_type(message))
968 {
969 case IKE_SA_INIT:
970 {
971 task = (task_t*)ike_vendor_create(this->ike_sa, FALSE);
972 array_insert(this->passive_tasks, ARRAY_TAIL, task);
973 task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
974 array_insert(this->passive_tasks, ARRAY_TAIL, task);
975 task = (task_t*)ike_natd_create(this->ike_sa, FALSE);
976 array_insert(this->passive_tasks, ARRAY_TAIL, task);
977 task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE);
978 array_insert(this->passive_tasks, ARRAY_TAIL, task);
979 #ifdef ME
980 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
981 array_insert(this->passive_tasks, ARRAY_TAIL, task);
982 #endif /* ME */
983 task = (task_t*)ike_auth_create(this->ike_sa, FALSE);
984 array_insert(this->passive_tasks, ARRAY_TAIL, task);
985 task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE);
986 array_insert(this->passive_tasks, ARRAY_TAIL, task);
987 task = (task_t*)ike_config_create(this->ike_sa, FALSE);
988 array_insert(this->passive_tasks, ARRAY_TAIL, task);
989 task = (task_t*)child_create_create(this->ike_sa, NULL, FALSE,
990 NULL, NULL);
991 array_insert(this->passive_tasks, ARRAY_TAIL, task);
992 task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE);
993 array_insert(this->passive_tasks, ARRAY_TAIL, task);
994 task = (task_t*)ike_mobike_create(this->ike_sa, FALSE);
995 array_insert(this->passive_tasks, ARRAY_TAIL, task);
996 break;
997 }
998 case CREATE_CHILD_SA:
999 { /* FIXME: we should prevent this on mediation connections */
1000 bool notify_found = FALSE, ts_found = FALSE;
1001
1002 if (state == IKE_CREATED ||
1003 state == IKE_CONNECTING)
1004 {
1005 DBG1(DBG_IKE, "received CREATE_CHILD_SA request for "
1006 "unestablished IKE_SA, rejected");
1007 return FAILED;
1008 }
1009
1010 enumerator = message->create_payload_enumerator(message);
1011 while (enumerator->enumerate(enumerator, &payload))
1012 {
1013 switch (payload->get_type(payload))
1014 {
1015 case PLV2_NOTIFY:
1016 { /* if we find a rekey notify, its CHILD_SA rekeying */
1017 notify = (notify_payload_t*)payload;
1018 if (notify->get_notify_type(notify) == REKEY_SA &&
1019 (notify->get_protocol_id(notify) == PROTO_AH ||
1020 notify->get_protocol_id(notify) == PROTO_ESP))
1021 {
1022 notify_found = TRUE;
1023 }
1024 break;
1025 }
1026 case PLV2_TS_INITIATOR:
1027 case PLV2_TS_RESPONDER:
1028 { /* if we don't find a TS, its IKE rekeying */
1029 ts_found = TRUE;
1030 break;
1031 }
1032 default:
1033 break;
1034 }
1035 }
1036 enumerator->destroy(enumerator);
1037
1038 if (ts_found)
1039 {
1040 if (notify_found)
1041 {
1042 task = (task_t*)child_rekey_create(this->ike_sa,
1043 PROTO_NONE, 0);
1044 }
1045 else
1046 {
1047 task = (task_t*)child_create_create(this->ike_sa, NULL,
1048 FALSE, NULL, NULL);
1049 }
1050 }
1051 else
1052 {
1053 task = (task_t*)ike_rekey_create(this->ike_sa, FALSE);
1054 }
1055 array_insert(this->passive_tasks, ARRAY_TAIL, task);
1056 break;
1057 }
1058 case INFORMATIONAL:
1059 {
1060 enumerator = message->create_payload_enumerator(message);
1061 while (enumerator->enumerate(enumerator, &payload))
1062 {
1063 switch (payload->get_type(payload))
1064 {
1065 case PLV2_NOTIFY:
1066 {
1067 notify = (notify_payload_t*)payload;
1068 if (state == IKE_REKEYED)
1069 {
1070 DBG1(DBG_IKE, "received unexpected notify %N "
1071 "for rekeyed IKE_SA, ignored",
1072 notify_type_names,
1073 notify->get_notify_type(notify));
1074 break;
1075 }
1076 switch (notify->get_notify_type(notify))
1077 {
1078 case ADDITIONAL_IP4_ADDRESS:
1079 case ADDITIONAL_IP6_ADDRESS:
1080 case NO_ADDITIONAL_ADDRESSES:
1081 case UPDATE_SA_ADDRESSES:
1082 case NO_NATS_ALLOWED:
1083 case UNACCEPTABLE_ADDRESSES:
1084 case UNEXPECTED_NAT_DETECTED:
1085 case COOKIE2:
1086 case NAT_DETECTION_SOURCE_IP:
1087 case NAT_DETECTION_DESTINATION_IP:
1088 task = (task_t*)ike_mobike_create(
1089 this->ike_sa, FALSE);
1090 break;
1091 case AUTH_LIFETIME:
1092 task = (task_t*)ike_auth_lifetime_create(
1093 this->ike_sa, FALSE);
1094 break;
1095 case AUTHENTICATION_FAILED:
1096 /* initiator failed to authenticate us.
1097 * We use ike_delete to handle this, which
1098 * invokes all the required hooks. */
1099 task = (task_t*)ike_delete_create(
1100 this->ike_sa, FALSE);
1101 break;
1102 case REDIRECT:
1103 task = (task_t*)ike_redirect_create(
1104 this->ike_sa, NULL);
1105 break;
1106 case IKEV2_MESSAGE_ID_SYNC:
1107 task = (task_t*)ike_mid_sync_create(
1108 this->ike_sa);
1109 break;
1110 default:
1111 break;
1112 }
1113 break;
1114 }
1115 case PLV2_DELETE:
1116 {
1117 delete = (delete_payload_t*)payload;
1118 if (delete->get_protocol_id(delete) == PROTO_IKE)
1119 {
1120 task = (task_t*)ike_delete_create(this->ike_sa,
1121 FALSE);
1122 }
1123 else
1124 {
1125 task = (task_t*)child_delete_create(this->ike_sa,
1126 PROTO_NONE, 0, FALSE);
1127 }
1128 break;
1129 }
1130 default:
1131 break;
1132 }
1133 if (task)
1134 {
1135 break;
1136 }
1137 }
1138 enumerator->destroy(enumerator);
1139
1140 if (task == NULL)
1141 {
1142 task = (task_t*)ike_dpd_create(FALSE);
1143 }
1144 array_insert(this->passive_tasks, ARRAY_TAIL, task);
1145 break;
1146 }
1147 #ifdef ME
1148 case ME_CONNECT:
1149 {
1150 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
1151 array_insert(this->passive_tasks, ARRAY_TAIL, task);
1152 }
1153 #endif /* ME */
1154 default:
1155 break;
1156 }
1157 }
1158
1159 enumerator = array_create_enumerator(this->passive_tasks);
1160 while (enumerator->enumerate(enumerator, &task))
1161 {
1162 if (!task->pre_process)
1163 {
1164 continue;
1165 }
1166 switch (task->pre_process(task, message))
1167 {
1168 case SUCCESS:
1169 break;
1170 case FAILED:
1171 default:
1172 /* just ignore the message */
1173 DBG1(DBG_IKE, "ignore invalid %N request",
1174 exchange_type_names, message->get_exchange_type(message));
1175 enumerator->destroy(enumerator);
1176 switch (message->get_exchange_type(message))
1177 {
1178 case IKE_SA_INIT:
1179 /* no point in keeping the SA when it was created with
1180 * an invalid IKE_SA_INIT message */
1181 return DESTROY_ME;
1182 default:
1183 /* remove tasks we queued for this request */
1184 flush_queue(this, TASK_QUEUE_PASSIVE);
1185 /* fall-through */
1186 case IKE_AUTH:
1187 return NEED_MORE;
1188 }
1189 case DESTROY_ME:
1190 /* critical failure, destroy IKE_SA */
1191 enumerator->destroy(enumerator);
1192 return DESTROY_ME;
1193 }
1194 }
1195 enumerator->destroy(enumerator);
1196
1197 /* let the tasks process the message */
1198 enumerator = array_create_enumerator(this->passive_tasks);
1199 while (enumerator->enumerate(enumerator, (void*)&task))
1200 {
1201 switch (task->process(task, message))
1202 {
1203 case SUCCESS:
1204 /* task completed, remove it */
1205 array_remove_at(this->passive_tasks, enumerator);
1206 task->destroy(task);
1207 break;
1208 case NEED_MORE:
1209 /* processed, but task needs at least another call to build() */
1210 break;
1211 case FAILED:
1212 default:
1213 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1214 /* FALL */
1215 case DESTROY_ME:
1216 /* critical failure, destroy IKE_SA */
1217 array_remove_at(this->passive_tasks, enumerator);
1218 enumerator->destroy(enumerator);
1219 task->destroy(task);
1220 return DESTROY_ME;
1221 }
1222 }
1223 enumerator->destroy(enumerator);
1224
1225 return build_response(this, message);
1226 }
1227
1228 METHOD(task_manager_t, incr_mid, void,
1229 private_task_manager_t *this, bool initiate)
1230 {
1231 if (initiate)
1232 {
1233 this->initiating.mid++;
1234 }
1235 else
1236 {
1237 this->responding.mid++;
1238 }
1239 }
1240
1241 METHOD(task_manager_t, get_mid, uint32_t,
1242 private_task_manager_t *this, bool initiate)
1243 {
1244 return initiate ? this->initiating.mid : this->responding.mid;
1245 }
1246
1247 /**
1248 * Handle the given IKE fragment, if it is one.
1249 *
1250 * Returns SUCCESS if the message is not a fragment, and NEED_MORE if it was
1251 * handled properly. Error states are returned if the fragment was invalid or
1252 * the reassembled message could not have been processed properly.
1253 */
1254 static status_t handle_fragment(private_task_manager_t *this,
1255 message_t **defrag, message_t *msg)
1256 {
1257 message_t *reassembled;
1258 status_t status;
1259
1260 if (!msg->get_payload(msg, PLV2_FRAGMENT))
1261 {
1262 return SUCCESS;
1263 }
1264 if (!*defrag)
1265 {
1266 *defrag = message_create_defrag(msg);
1267 if (!*defrag)
1268 {
1269 return FAILED;
1270 }
1271 }
1272 status = (*defrag)->add_fragment(*defrag, msg);
1273 if (status == SUCCESS)
1274 {
1275 /* reinject the reassembled message */
1276 reassembled = *defrag;
1277 *defrag = NULL;
1278 status = this->ike_sa->process_message(this->ike_sa, reassembled);
1279 if (status == SUCCESS)
1280 {
1281 /* avoid processing the last fragment */
1282 status = NEED_MORE;
1283 }
1284 reassembled->destroy(reassembled);
1285 }
1286 return status;
1287 }
1288
1289 /**
1290 * Send a notify back to the sender
1291 */
1292 static void send_notify_response(private_task_manager_t *this,
1293 message_t *request, notify_type_t type,
1294 chunk_t data)
1295 {
1296 message_t *response;
1297 packet_t *packet;
1298 host_t *me, *other;
1299
1300 response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
1301 response->set_exchange_type(response, request->get_exchange_type(request));
1302 response->set_request(response, FALSE);
1303 response->set_message_id(response, request->get_message_id(request));
1304 response->add_notify(response, FALSE, type, data);
1305 me = this->ike_sa->get_my_host(this->ike_sa);
1306 if (me->is_anyaddr(me))
1307 {
1308 me = request->get_destination(request);
1309 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
1310 }
1311 other = this->ike_sa->get_other_host(this->ike_sa);
1312 if (other->is_anyaddr(other))
1313 {
1314 other = request->get_source(request);
1315 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
1316 }
1317 response->set_source(response, me->clone(me));
1318 response->set_destination(response, other->clone(other));
1319 if (this->ike_sa->generate_message(this->ike_sa, response,
1320 &packet) == SUCCESS)
1321 {
1322 charon->sender->send(charon->sender, packet);
1323 }
1324 response->destroy(response);
1325 }
1326
1327 /**
1328 * Parse the given message and verify that it is valid.
1329 */
1330 static status_t parse_message(private_task_manager_t *this, message_t *msg)
1331 {
1332 status_t status;
1333 uint8_t type = 0;
1334
1335 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
1336
1337 if (status == SUCCESS)
1338 { /* check for unsupported critical payloads */
1339 enumerator_t *enumerator;
1340 unknown_payload_t *unknown;
1341 payload_t *payload;
1342
1343 enumerator = msg->create_payload_enumerator(msg);
1344 while (enumerator->enumerate(enumerator, &payload))
1345 {
1346 if (payload->get_type(payload) == PL_UNKNOWN)
1347 {
1348 unknown = (unknown_payload_t*)payload;
1349 if (unknown->is_critical(unknown))
1350 {
1351 type = unknown->get_type(unknown);
1352 DBG1(DBG_ENC, "payload type %N is not supported, "
1353 "but its critical!", payload_type_names, type);
1354 status = NOT_SUPPORTED;
1355 break;
1356 }
1357 }
1358 }
1359 enumerator->destroy(enumerator);
1360 }
1361
1362 if (status != SUCCESS)
1363 {
1364 bool is_request = msg->get_request(msg);
1365
1366 switch (status)
1367 {
1368 case NOT_SUPPORTED:
1369 DBG1(DBG_IKE, "critical unknown payloads found");
1370 if (is_request)
1371 {
1372 send_notify_response(this, msg,
1373 UNSUPPORTED_CRITICAL_PAYLOAD,
1374 chunk_from_thing(type));
1375 incr_mid(this, FALSE);
1376 }
1377 break;
1378 case PARSE_ERROR:
1379 DBG1(DBG_IKE, "message parsing failed");
1380 if (is_request)
1381 {
1382 send_notify_response(this, msg,
1383 INVALID_SYNTAX, chunk_empty);
1384 incr_mid(this, FALSE);
1385 }
1386 break;
1387 case VERIFY_ERROR:
1388 DBG1(DBG_IKE, "message verification failed");
1389 if (is_request)
1390 {
1391 send_notify_response(this, msg,
1392 INVALID_SYNTAX, chunk_empty);
1393 incr_mid(this, FALSE);
1394 }
1395 break;
1396 case FAILED:
1397 DBG1(DBG_IKE, "integrity check failed");
1398 /* ignored */
1399 break;
1400 case INVALID_STATE:
1401 DBG1(DBG_IKE, "found encrypted message, but no keys available");
1402 default:
1403 break;
1404 }
1405 DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
1406 exchange_type_names, msg->get_exchange_type(msg),
1407 is_request ? "request" : "response",
1408 msg->get_message_id(msg));
1409
1410 charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_BODY, msg, status);
1411
1412 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1413 { /* invalid initiation attempt, close SA */
1414 return DESTROY_ME;
1415 }
1416 }
1417 return status;
1418 }
1419
1420 /**
1421 * Check if a message with message ID 0 looks like it is used to synchronize
1422 * the message IDs.
1423 */
1424 static bool looks_like_mid_sync(private_task_manager_t *this, message_t *msg,
1425 bool strict)
1426 {
1427 enumerator_t *enumerator;
1428 notify_payload_t *notify;
1429 payload_t *payload;
1430 bool found = FALSE, other = FALSE;
1431
1432 if (msg->get_exchange_type(msg) == INFORMATIONAL)
1433 {
1434 enumerator = msg->create_payload_enumerator(msg);
1435 while (enumerator->enumerate(enumerator, &payload))
1436 {
1437 if (payload->get_type(payload) == PLV2_NOTIFY)
1438 {
1439 notify = (notify_payload_t*)payload;
1440 switch (notify->get_notify_type(notify))
1441 {
1442 case IKEV2_MESSAGE_ID_SYNC:
1443 case IPSEC_REPLAY_COUNTER_SYNC:
1444 found = TRUE;
1445 continue;
1446 default:
1447 break;
1448 }
1449 }
1450 if (strict)
1451 {
1452 other = TRUE;
1453 break;
1454 }
1455 }
1456 enumerator->destroy(enumerator);
1457 }
1458 return found && !other;
1459 }
1460
1461 /**
1462 * Check if a message with message ID 0 looks like it is used to synchronize
1463 * the message IDs and we are prepared to process it.
1464 *
1465 * Note: This is not called if the responder never sent a message before (i.e.
1466 * we expect MID 0).
1467 */
1468 static bool is_mid_sync(private_task_manager_t *this, message_t *msg)
1469 {
1470 if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED &&
1471 this->ike_sa->supports_extension(this->ike_sa,
1472 EXT_IKE_MESSAGE_ID_SYNC))
1473 {
1474 return looks_like_mid_sync(this, msg, TRUE);
1475 }
1476 return FALSE;
1477 }
1478
1479 METHOD(task_manager_t, process_message, status_t,
1480 private_task_manager_t *this, message_t *msg)
1481 {
1482 host_t *me, *other;
1483 status_t status;
1484 uint32_t mid;
1485 bool schedule_delete_job = FALSE;
1486 ike_sa_state_t state;
1487 exchange_type_t type;
1488
1489 charon->bus->message(charon->bus, msg, TRUE, FALSE);
1490 status = parse_message(this, msg);
1491 if (status != SUCCESS)
1492 {
1493 return status;
1494 }
1495
1496 me = msg->get_destination(msg);
1497 other = msg->get_source(msg);
1498
1499 /* if this IKE_SA is virgin, we check for a config */
1500 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1501 {
1502 ike_cfg_t *ike_cfg;
1503
1504 ike_cfg = charon->backends->get_ike_cfg(charon->backends,
1505 me, other, IKEV2);
1506 if (ike_cfg == NULL)
1507 {
1508 /* no config found for these hosts, destroy */
1509 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1510 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
1511 send_notify_response(this, msg,
1512 NO_PROPOSAL_CHOSEN, chunk_empty);
1513 return DESTROY_ME;
1514 }
1515 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1516 ike_cfg->destroy(ike_cfg);
1517 /* add a timeout if peer does not establish it completely */
1518 schedule_delete_job = TRUE;
1519 }
1520 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1521 time_monotonic(NULL));
1522
1523 mid = msg->get_message_id(msg);
1524 if (msg->get_request(msg))
1525 {
1526 if (mid == this->responding.mid || (mid == 0 && is_mid_sync(this, msg)))
1527 {
1528 /* reject initial messages if not received in specific states,
1529 * after rekeying we only expect a DELETE in an INFORMATIONAL */
1530 type = msg->get_exchange_type(msg);
1531 state = this->ike_sa->get_state(this->ike_sa);
1532 if ((type == IKE_SA_INIT && state != IKE_CREATED) ||
1533 (type == IKE_AUTH && state != IKE_CONNECTING) ||
1534 (state == IKE_REKEYED && type != INFORMATIONAL))
1535 {
1536 DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N",
1537 exchange_type_names, type, ike_sa_state_names, state);
1538 return FAILED;
1539 }
1540 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1541 { /* with MOBIKE, we do no implicit updates */
1542 this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
1543 }
1544 status = handle_fragment(this, &this->responding.defrag, msg);
1545 if (status != SUCCESS)
1546 {
1547 return status;
1548 }
1549 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1550 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1551 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1552 return SUCCESS;
1553 }
1554 switch (process_request(this, msg))
1555 {
1556 case SUCCESS:
1557 this->responding.mid++;
1558 break;
1559 case NEED_MORE:
1560 break;
1561 default:
1562 flush(this);
1563 return DESTROY_ME;
1564 }
1565 }
1566 else if ((mid == this->responding.mid - 1) &&
1567 array_count(this->responding.packets) &&
1568 !(mid == 0 && looks_like_mid_sync(this, msg, FALSE)))
1569 {
1570 status = handle_fragment(this, &this->responding.defrag, msg);
1571 if (status != SUCCESS)
1572 {
1573 return status;
1574 }
1575 DBG1(DBG_IKE, "received retransmit of request with ID %d, "
1576 "retransmitting response", mid);
1577 charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
1578 send_packets(this, this->responding.packets,
1579 msg->get_destination(msg), msg->get_source(msg));
1580 }
1581 else
1582 {
1583 DBG1(DBG_IKE, "received message ID %d, expected %d, ignored",
1584 mid, this->responding.mid);
1585 }
1586 }
1587 else
1588 {
1589 if (mid == this->initiating.mid)
1590 {
1591 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
1592 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
1593 msg->get_exchange_type(msg) != IKE_SA_INIT)
1594 { /* only do updates based on verified messages (or initial ones) */
1595 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1596 { /* with MOBIKE, we do no implicit updates. we force an
1597 * update of the local address on IKE_SA_INIT, but never
1598 * for the remote address */
1599 this->ike_sa->update_hosts(this->ike_sa, me, NULL, mid == 0);
1600 this->ike_sa->update_hosts(this->ike_sa, NULL, other, FALSE);
1601 }
1602 }
1603 status = handle_fragment(this, &this->initiating.defrag, msg);
1604 if (status != SUCCESS)
1605 {
1606 return status;
1607 }
1608 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1609 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1610 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1611 return SUCCESS;
1612 }
1613 if (process_response(this, msg) != SUCCESS)
1614 {
1615 flush(this);
1616 return DESTROY_ME;
1617 }
1618 }
1619 else
1620 {
1621 DBG1(DBG_IKE, "received message ID %d, expected %d, ignored",
1622 mid, this->initiating.mid);
1623 return SUCCESS;
1624 }
1625 }
1626
1627 if (schedule_delete_job)
1628 {
1629 ike_sa_id_t *ike_sa_id;
1630 job_t *job;
1631
1632 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1633 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1634 lib->scheduler->schedule_job(lib->scheduler, job,
1635 lib->settings->get_int(lib->settings,
1636 "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
1637 lib->ns));
1638 }
1639 return SUCCESS;
1640 }
1641
1642 METHOD(task_manager_t, queue_task_delayed, void,
1643 private_task_manager_t *this, task_t *task, uint32_t delay)
1644 {
1645 queued_task_t *queued;
1646 timeval_t time;
1647
1648 time_monotonic(&time);
1649 if (delay)
1650 {
1651 job_t *job;
1652
1653 DBG2(DBG_IKE, "queueing %N task (delayed by %us)", task_type_names,
1654 task->get_type(task), delay);
1655 time.tv_sec += delay;
1656
1657 job = (job_t*)initiate_tasks_job_create(
1658 this->ike_sa->get_id(this->ike_sa));
1659 lib->scheduler->schedule_job_tv(lib->scheduler, job, time);
1660 }
1661 else
1662 {
1663 DBG2(DBG_IKE, "queueing %N task", task_type_names,
1664 task->get_type(task));
1665 }
1666 INIT(queued,
1667 .task = task,
1668 .time = time,
1669 );
1670 array_insert(this->queued_tasks, ARRAY_TAIL, queued);
1671 }
1672
1673 METHOD(task_manager_t, queue_task, void,
1674 private_task_manager_t *this, task_t *task)
1675 {
1676 queue_task_delayed(this, task, 0);
1677 }
1678
1679 /**
1680 * Check if a given task has been queued already
1681 */
1682 static bool has_queued(private_task_manager_t *this, task_type_t type)
1683 {
1684 enumerator_t *enumerator;
1685 bool found = FALSE;
1686 queued_task_t *queued;
1687
1688 enumerator = array_create_enumerator(this->queued_tasks);
1689 while (enumerator->enumerate(enumerator, &queued))
1690 {
1691 if (queued->task->get_type(queued->task) == type)
1692 {
1693 found = TRUE;
1694 break;
1695 }
1696 }
1697 enumerator->destroy(enumerator);
1698 return found;
1699 }
1700
1701 METHOD(task_manager_t, queue_ike, void,
1702 private_task_manager_t *this)
1703 {
1704 if (!has_queued(this, TASK_IKE_VENDOR))
1705 {
1706 queue_task(this, (task_t*)ike_vendor_create(this->ike_sa, TRUE));
1707 }
1708 if (!has_queued(this, TASK_IKE_INIT))
1709 {
1710 queue_task(this, (task_t*)ike_init_create(this->ike_sa, TRUE, NULL));
1711 }
1712 if (!has_queued(this, TASK_IKE_NATD))
1713 {
1714 queue_task(this, (task_t*)ike_natd_create(this->ike_sa, TRUE));
1715 }
1716 if (!has_queued(this, TASK_IKE_CERT_PRE))
1717 {
1718 queue_task(this, (task_t*)ike_cert_pre_create(this->ike_sa, TRUE));
1719 }
1720 if (!has_queued(this, TASK_IKE_AUTH))
1721 {
1722 queue_task(this, (task_t*)ike_auth_create(this->ike_sa, TRUE));
1723 }
1724 if (!has_queued(this, TASK_IKE_CERT_POST))
1725 {
1726 queue_task(this, (task_t*)ike_cert_post_create(this->ike_sa, TRUE));
1727 }
1728 if (!has_queued(this, TASK_IKE_CONFIG))
1729 {
1730 queue_task(this, (task_t*)ike_config_create(this->ike_sa, TRUE));
1731 }
1732 if (!has_queued(this, TASK_IKE_AUTH_LIFETIME))
1733 {
1734 queue_task(this, (task_t*)ike_auth_lifetime_create(this->ike_sa, TRUE));
1735 }
1736 if (!has_queued(this, TASK_IKE_MOBIKE))
1737 {
1738 peer_cfg_t *peer_cfg;
1739
1740 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1741 if (peer_cfg->use_mobike(peer_cfg))
1742 {
1743 queue_task(this, (task_t*)ike_mobike_create(this->ike_sa, TRUE));
1744 }
1745 }
1746 #ifdef ME
1747 if (!has_queued(this, TASK_IKE_ME))
1748 {
1749 queue_task(this, (task_t*)ike_me_create(this->ike_sa, TRUE));
1750 }
1751 #endif /* ME */
1752 }
1753
1754 METHOD(task_manager_t, queue_ike_rekey, void,
1755 private_task_manager_t *this)
1756 {
1757 queue_task(this, (task_t*)ike_rekey_create(this->ike_sa, TRUE));
1758 }
1759
1760 /**
1761 * Start reauthentication using make-before-break
1762 */
1763 static void trigger_mbb_reauth(private_task_manager_t *this)
1764 {
1765 enumerator_t *enumerator;
1766 child_sa_t *child_sa;
1767 child_cfg_t *cfg;
1768 peer_cfg_t *peer;
1769 ike_sa_t *new;
1770 host_t *host;
1771 queued_task_t *queued;
1772 bool children = FALSE;
1773
1774 new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
1775 this->ike_sa->get_version(this->ike_sa), TRUE);
1776 if (!new)
1777 { /* shouldn't happen */
1778 return;
1779 }
1780
1781 peer = this->ike_sa->get_peer_cfg(this->ike_sa);
1782 new->set_peer_cfg(new, peer);
1783 host = this->ike_sa->get_other_host(this->ike_sa);
1784 new->set_other_host(new, host->clone(host));
1785 host = this->ike_sa->get_my_host(this->ike_sa);
1786 new->set_my_host(new, host->clone(host));
1787 enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, TRUE);
1788 while (enumerator->enumerate(enumerator, &host))
1789 {
1790 new->add_virtual_ip(new, TRUE, host);
1791 }
1792 enumerator->destroy(enumerator);
1793
1794 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1795 while (enumerator->enumerate(enumerator, &child_sa))
1796 {
1797 cfg = child_sa->get_config(child_sa);
1798 new->queue_task(new, &child_create_create(new, cfg->get_ref(cfg),
1799 FALSE, NULL, NULL)->task);
1800 children = TRUE;
1801 }
1802 enumerator->destroy(enumerator);
1803
1804 enumerator = array_create_enumerator(this->queued_tasks);
1805 while (enumerator->enumerate(enumerator, &queued))
1806 {
1807 if (queued->task->get_type(queued->task) == TASK_CHILD_CREATE)
1808 {
1809 queued->task->migrate(queued->task, new);
1810 new->queue_task(new, queued->task);
1811 array_remove_at(this->queued_tasks, enumerator);
1812 free(queued);
1813 children = TRUE;
1814 }
1815 }
1816 enumerator->destroy(enumerator);
1817
1818 if (!children
1819 #ifdef ME
1820 /* allow reauth of mediation connections without CHILD_SAs */
1821 && !peer->is_mediation(peer)
1822 #endif /* ME */
1823 )
1824 {
1825 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
1826 DBG1(DBG_IKE, "unable to reauthenticate IKE_SA, no CHILD_SA "
1827 "to recreate");
1828 return;
1829 }
1830
1831 /* suspend online revocation checking until the SA is established */
1832 new->set_condition(new, COND_ONLINE_VALIDATION_SUSPENDED, TRUE);
1833
1834 if (new->initiate(new, NULL, 0, NULL, NULL) != DESTROY_ME)
1835 {
1836 new->queue_task(new, (task_t*)ike_verify_peer_cert_create(new));
1837 new->queue_task(new, (task_t*)ike_reauth_complete_create(new,
1838 this->ike_sa->get_id(this->ike_sa)));
1839 charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
1840 }
1841 else
1842 {
1843 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
1844 DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
1845 }
1846 charon->bus->set_sa(charon->bus, this->ike_sa);
1847 }
1848
1849 METHOD(task_manager_t, queue_ike_reauth, void,
1850 private_task_manager_t *this)
1851 {
1852 if (this->make_before_break)
1853 {
1854 return trigger_mbb_reauth(this);
1855 }
1856 queue_task(this, (task_t*)ike_reauth_create(this->ike_sa));
1857 }
1858
1859 METHOD(task_manager_t, queue_ike_delete, void,
1860 private_task_manager_t *this)
1861 {
1862 queue_task(this, (task_t*)ike_delete_create(this->ike_sa, TRUE));
1863 }
1864
1865 /**
1866 * There is no need to queue more than one mobike task, so this either returns
1867 * an already queued task or queues one if there is none yet.
1868 */
1869 static ike_mobike_t *queue_mobike_task(private_task_manager_t *this)
1870 {
1871 enumerator_t *enumerator;
1872 queued_task_t *queued;
1873 ike_mobike_t *mobike = NULL;
1874
1875 enumerator = array_create_enumerator(this->queued_tasks);
1876 while (enumerator->enumerate(enumerator, &queued))
1877 {
1878 if (queued->task->get_type(queued->task) == TASK_IKE_MOBIKE)
1879 {
1880 mobike = (ike_mobike_t*)queued->task;
1881 break;
1882 }
1883 }
1884 enumerator->destroy(enumerator);
1885
1886 if (!mobike)
1887 {
1888 mobike = ike_mobike_create(this->ike_sa, TRUE);
1889 queue_task(this, &mobike->task);
1890 }
1891 return mobike;
1892 }
1893
1894 METHOD(task_manager_t, queue_mobike, void,
1895 private_task_manager_t *this, bool roam, bool address)
1896 {
1897 ike_mobike_t *mobike;
1898
1899 mobike = queue_mobike_task(this);
1900 if (roam)
1901 {
1902 enumerator_t *enumerator;
1903 task_t *current;
1904
1905 mobike->roam(mobike, address);
1906
1907 /* enable path probing for a currently active MOBIKE task. This might
1908 * not be the case if an address appeared on a new interface while the
1909 * current address is not working but has not yet disappeared. */
1910 enumerator = array_create_enumerator(this->active_tasks);
1911 while (enumerator->enumerate(enumerator, &current))
1912 {
1913 if (current->get_type(current) == TASK_IKE_MOBIKE)
1914 {
1915 ike_mobike_t *active = (ike_mobike_t*)current;
1916 active->enable_probing(active);
1917 break;
1918 }
1919 }
1920 enumerator->destroy(enumerator);
1921 }
1922 else
1923 {
1924 mobike->addresses(mobike);
1925 }
1926 }
1927
1928 METHOD(task_manager_t, queue_dpd, void,
1929 private_task_manager_t *this)
1930 {
1931 ike_mobike_t *mobike;
1932
1933 if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
1934 this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
1935 {
1936 #ifdef ME
1937 peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1938 if (cfg->get_peer_id(cfg) ||
1939 this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
1940 #else
1941 if (this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
1942 #endif
1943 {
1944 /* use mobike enabled DPD to detect NAT mapping changes */
1945 mobike = queue_mobike_task(this);
1946 mobike->dpd(mobike);
1947 return;
1948 }
1949 }
1950 queue_task(this, (task_t*)ike_dpd_create(TRUE));
1951 }
1952
1953 METHOD(task_manager_t, queue_child, void,
1954 private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid,
1955 traffic_selector_t *tsi, traffic_selector_t *tsr)
1956 {
1957 child_create_t *task;
1958
1959 task = child_create_create(this->ike_sa, cfg, FALSE, tsi, tsr);
1960 if (reqid)
1961 {
1962 task->use_reqid(task, reqid);
1963 }
1964 queue_task(this, &task->task);
1965 }
1966
1967 METHOD(task_manager_t, queue_child_rekey, void,
1968 private_task_manager_t *this, protocol_id_t protocol, uint32_t spi)
1969 {
1970 queue_task(this, (task_t*)child_rekey_create(this->ike_sa, protocol, spi));
1971 }
1972
1973 METHOD(task_manager_t, queue_child_delete, void,
1974 private_task_manager_t *this, protocol_id_t protocol, uint32_t spi,
1975 bool expired)
1976 {
1977 queue_task(this, (task_t*)child_delete_create(this->ike_sa,
1978 protocol, spi, expired));
1979 }
1980
1981 METHOD(task_manager_t, adopt_tasks, void,
1982 private_task_manager_t *this, task_manager_t *other_public)
1983 {
1984 private_task_manager_t *other = (private_task_manager_t*)other_public;
1985 queued_task_t *queued;
1986 timeval_t now;
1987
1988 time_monotonic(&now);
1989
1990 /* move queued tasks from other to this */
1991 while (array_remove(other->queued_tasks, ARRAY_TAIL, &queued))
1992 {
1993 DBG2(DBG_IKE, "migrating %N task", task_type_names,
1994 queued->task->get_type(queued->task));
1995 queued->task->migrate(queued->task, this->ike_sa);
1996 /* don't delay tasks on the new IKE_SA */
1997 queued->time = now;
1998 array_insert(this->queued_tasks, ARRAY_HEAD, queued);
1999 }
2000 }
2001
2002 /**
2003 * Migrates child-creating tasks from other to this
2004 */
2005 static void migrate_child_tasks(private_task_manager_t *this,
2006 private_task_manager_t *other,
2007 task_queue_t queue)
2008 {
2009 enumerator_t *enumerator;
2010 array_t *array;
2011 task_t *task;
2012
2013 switch (queue)
2014 {
2015 case TASK_QUEUE_ACTIVE:
2016 array = other->active_tasks;
2017 break;
2018 case TASK_QUEUE_QUEUED:
2019 array = other->queued_tasks;
2020 break;
2021 default:
2022 return;
2023 }
2024
2025 enumerator = array_create_enumerator(array);
2026 while (enumerator->enumerate(enumerator, &task))
2027 {
2028 queued_task_t *queued = NULL;
2029
2030 if (queue == TASK_QUEUE_QUEUED)
2031 {
2032 queued = (queued_task_t*)task;
2033 task = queued->task;
2034 }
2035 if (task->get_type(task) == TASK_CHILD_CREATE)
2036 {
2037 array_remove_at(array, enumerator);
2038 task->migrate(task, this->ike_sa);
2039 queue_task(this, task);
2040 free(queued);
2041 }
2042 }
2043 enumerator->destroy(enumerator);
2044 }
2045
2046 METHOD(task_manager_t, adopt_child_tasks, void,
2047 private_task_manager_t *this, task_manager_t *other_public)
2048 {
2049 private_task_manager_t *other = (private_task_manager_t*)other_public;
2050
2051 /* move active child tasks from other to this */
2052 migrate_child_tasks(this, other, TASK_QUEUE_ACTIVE);
2053 /* do the same for queued tasks */
2054 migrate_child_tasks(this, other, TASK_QUEUE_QUEUED);
2055 }
2056
2057 METHOD(task_manager_t, busy, bool,
2058 private_task_manager_t *this)
2059 {
2060 return array_count(this->active_tasks) > 0;
2061 }
2062
2063 METHOD(task_manager_t, reset, void,
2064 private_task_manager_t *this, uint32_t initiate, uint32_t respond)
2065 {
2066 enumerator_t *enumerator;
2067 queued_task_t *queued;
2068 task_t *task;
2069 timeval_t now;
2070
2071 /* reset message counters and retransmit packets */
2072 clear_packets(this->responding.packets);
2073 clear_packets(this->initiating.packets);
2074 DESTROY_IF(this->responding.defrag);
2075 DESTROY_IF(this->initiating.defrag);
2076 this->responding.defrag = NULL;
2077 this->initiating.defrag = NULL;
2078 if (initiate != UINT_MAX)
2079 {
2080 this->initiating.mid = initiate;
2081 }
2082 if (respond != UINT_MAX)
2083 {
2084 this->responding.mid = respond;
2085 }
2086 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
2087
2088 time_monotonic(&now);
2089 /* reset queued tasks */
2090 enumerator = array_create_enumerator(this->queued_tasks);
2091 while (enumerator->enumerate(enumerator, &queued))
2092 {
2093 queued->time = now;
2094 queued->task->migrate(queued->task, this->ike_sa);
2095 }
2096 enumerator->destroy(enumerator);
2097
2098 /* reset active tasks */
2099 while (array_remove(this->active_tasks, ARRAY_TAIL, &task))
2100 {
2101 task->migrate(task, this->ike_sa);
2102 INIT(queued,
2103 .task = task,
2104 .time = now,
2105 );
2106 array_insert(this->queued_tasks, ARRAY_HEAD, queued);
2107 }
2108
2109 this->reset = TRUE;
2110 }
2111
2112 CALLBACK(filter_queued, bool,
2113 void *unused, enumerator_t *orig, va_list args)
2114 {
2115 queued_task_t *queued;
2116 task_t **task;
2117
2118 VA_ARGS_VGET(args, task);
2119
2120 if (orig->enumerate(orig, &queued))
2121 {
2122 *task = queued->task;
2123 return TRUE;
2124 }
2125 return FALSE;
2126 }
2127
2128 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
2129 private_task_manager_t *this, task_queue_t queue)
2130 {
2131 switch (queue)
2132 {
2133 case TASK_QUEUE_ACTIVE:
2134 return array_create_enumerator(this->active_tasks);
2135 case TASK_QUEUE_PASSIVE:
2136 return array_create_enumerator(this->passive_tasks);
2137 case TASK_QUEUE_QUEUED:
2138 return enumerator_create_filter(
2139 array_create_enumerator(this->queued_tasks),
2140 filter_queued, NULL, NULL);
2141 default:
2142 return enumerator_create_empty();
2143 }
2144 }
2145
2146 METHOD(task_manager_t, destroy, void,
2147 private_task_manager_t *this)
2148 {
2149 flush(this);
2150
2151 array_destroy(this->active_tasks);
2152 array_destroy(this->queued_tasks);
2153 array_destroy(this->passive_tasks);
2154
2155 clear_packets(this->responding.packets);
2156 array_destroy(this->responding.packets);
2157 clear_packets(this->initiating.packets);
2158 array_destroy(this->initiating.packets);
2159 DESTROY_IF(this->responding.defrag);
2160 DESTROY_IF(this->initiating.defrag);
2161 free(this);
2162 }
2163
2164 /*
2165 * see header file
2166 */
2167 task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
2168 {
2169 private_task_manager_t *this;
2170
2171 INIT(this,
2172 .public = {
2173 .task_manager = {
2174 .process_message = _process_message,
2175 .queue_task = _queue_task,
2176 .queue_task_delayed = _queue_task_delayed,
2177 .queue_ike = _queue_ike,
2178 .queue_ike_rekey = _queue_ike_rekey,
2179 .queue_ike_reauth = _queue_ike_reauth,
2180 .queue_ike_delete = _queue_ike_delete,
2181 .queue_mobike = _queue_mobike,
2182 .queue_child = _queue_child,
2183 .queue_child_rekey = _queue_child_rekey,
2184 .queue_child_delete = _queue_child_delete,
2185 .queue_dpd = _queue_dpd,
2186 .initiate = _initiate,
2187 .retransmit = _retransmit,
2188 .incr_mid = _incr_mid,
2189 .get_mid = _get_mid,
2190 .reset = _reset,
2191 .adopt_tasks = _adopt_tasks,
2192 .adopt_child_tasks = _adopt_child_tasks,
2193 .busy = _busy,
2194 .create_task_enumerator = _create_task_enumerator,
2195 .flush = _flush,
2196 .flush_queue = _flush_queue,
2197 .destroy = _destroy,
2198 },
2199 },
2200 .ike_sa = ike_sa,
2201 .initiating.type = EXCHANGE_TYPE_UNDEFINED,
2202 .queued_tasks = array_create(0, 0),
2203 .active_tasks = array_create(0, 0),
2204 .passive_tasks = array_create(0, 0),
2205 .retransmit_tries = lib->settings->get_int(lib->settings,
2206 "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns),
2207 .retransmit_timeout = lib->settings->get_double(lib->settings,
2208 "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns),
2209 .retransmit_base = lib->settings->get_double(lib->settings,
2210 "%s.retransmit_base", RETRANSMIT_BASE, lib->ns),
2211 .retransmit_jitter = min(lib->settings->get_int(lib->settings,
2212 "%s.retransmit_jitter", 0, lib->ns), RETRANSMIT_JITTER_MAX),
2213 .retransmit_limit = lib->settings->get_int(lib->settings,
2214 "%s.retransmit_limit", 0, lib->ns) * 1000,
2215 .make_before_break = lib->settings->get_bool(lib->settings,
2216 "%s.make_before_break", FALSE, lib->ns),
2217 );
2218
2219 return &this->public;
2220 }
Unnamed repository; edit this file 'description' to name the repository.