projects / strongswan.git / blob
? search:


33dd73c449b7691611b661128affca02dfac27c3
[strongswan.git] / src / charon / config / child_cfg.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2005-2007 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 *
17 * $Id$
18 */
19
20 #include "child_cfg.h"
21
22 #include <daemon.h>
23
24 ENUM(mode_names, MODE_TRANSPORT, MODE_BEET,
25 "TRANSPORT",
26 "TUNNEL",
27 "2",
28 "3",
29 "BEET",
30 );
31
32 ENUM(action_names, ACTION_NONE, ACTION_RESTART,
33 "ACTION_NONE",
34 "ACTION_ROUTE",
35 "ACTION_RESTART",
36 );
37
38 ENUM_BEGIN(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_NONE,
39 "IPCOMP_NONE");
40 ENUM_NEXT(ipcomp_transform_names, IPCOMP_OUI, IPCOMP_LZJH, IPCOMP_NONE,
41 "IPCOMP_OUI",
42 "IPCOMP_DEFLATE",
43 "IPCOMP_LZS",
44 "IPCOMP_LZJH");
45 ENUM_END(ipcomp_transform_names, IPCOMP_LZJH);
46
47 typedef struct private_child_cfg_t private_child_cfg_t;
48
49 /**
50 * Private data of an child_cfg_t object
51 */
52 struct private_child_cfg_t {
53
54 /**
55 * Public part
56 */
57 child_cfg_t public;
58
59 /**
60 * Number of references hold by others to this child_cfg
61 */
62 refcount_t refcount;
63
64 /**
65 * Name of the child_cfg, used to query it
66 */
67 char *name;
68
69 /**
70 * list for all proposals
71 */
72 linked_list_t *proposals;
73
74 /**
75 * list for traffic selectors for my site
76 */
77 linked_list_t *my_ts;
78
79 /**
80 * list for traffic selectors for others site
81 */
82 linked_list_t *other_ts;
83
84 /**
85 * updown script
86 */
87 char *updown;
88
89 /**
90 * allow host access
91 */
92 bool hostaccess;
93
94 /**
95 * Mode to propose for a initiated CHILD: tunnel/transport
96 */
97 mode_t mode;
98
99 /**
100 * action to take on DPD
101 */
102 action_t dpd_action;
103
104 /**
105 * action to take on CHILD_SA close
106 */
107 action_t close_action;
108
109 /**
110 * Time before an SA gets invalid
111 */
112 u_int32_t lifetime;
113
114 /**
115 * Time before an SA gets rekeyed
116 */
117 u_int32_t rekeytime;
118
119 /**
120 * Time, which specifies the range of a random value
121 * substracted from rekeytime.
122 */
123 u_int32_t jitter;
124
125 /**
126 * enable IPComp
127 */
128 bool use_ipcomp;
129 };
130
131 /**
132 * Implementation of child_cfg_t.get_name
133 */
134 static char *get_name(private_child_cfg_t *this)
135 {
136 return this->name;
137 }
138
139 /**
140 * Implementation of child_cfg_t.add_proposal
141 */
142 static void add_proposal(private_child_cfg_t *this, proposal_t *proposal)
143 {
144 this->proposals->insert_last(this->proposals, proposal);
145 }
146
147 /**
148 * Implementation of child_cfg_t.get_proposals
149 */
150 static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh)
151 {
152 enumerator_t *enumerator;
153 proposal_t *current;
154 linked_list_t *proposals = linked_list_create();
155
156 enumerator = this->proposals->create_enumerator(this->proposals);
157 while (enumerator->enumerate(enumerator, &current))
158 {
159 current = current->clone(current);
160 if (strip_dh)
161 {
162 current->strip_dh(current);
163 }
164 proposals->insert_last(proposals, current);
165 }
166 enumerator->destroy(enumerator);
167
168 return proposals;
169 }
170
171 /**
172 * Implementation of child_cfg_t.get_name
173 */
174 static proposal_t* select_proposal(private_child_cfg_t*this,
175 linked_list_t *proposals, bool strip_dh)
176 {
177 enumerator_t *stored_enum, *supplied_enum;
178 proposal_t *stored, *supplied, *selected = NULL;
179
180 stored_enum = this->proposals->create_enumerator(this->proposals);
181 supplied_enum = proposals->create_enumerator(proposals);
182
183 /* compare all stored proposals with all supplied. Stored ones are preferred. */
184 while (stored_enum->enumerate(stored_enum, &stored))
185 {
186 stored = stored->clone(stored);
187 while (supplied_enum->enumerate(supplied_enum, &supplied))
188 {
189 if (strip_dh)
190 {
191 stored->strip_dh(stored);
192 }
193 selected = stored->select(stored, supplied);
194 if (selected)
195 {
196 break;
197 }
198 }
199 stored->destroy(stored);
200 if (selected)
201 {
202 break;
203 }
204 supplied_enum->destroy(supplied_enum);
205 supplied_enum = proposals->create_enumerator(proposals);
206 }
207 stored_enum->destroy(stored_enum);
208 supplied_enum->destroy(supplied_enum);
209 return selected;
210 }
211
212 /**
213 * Implementation of child_cfg_t.get_name
214 */
215 static void add_traffic_selector(private_child_cfg_t *this, bool local,
216 traffic_selector_t *ts)
217 {
218 if (local)
219 {
220 this->my_ts->insert_last(this->my_ts, ts);
221 }
222 else
223 {
224 this->other_ts->insert_last(this->other_ts, ts);
225 }
226 }
227
228 /**
229 * Implementation of child_cfg_t.get_name
230 */
231 static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool local,
232 linked_list_t *supplied,
233 host_t *host)
234 {
235 enumerator_t *e1, *e2;
236 traffic_selector_t *ts1, *ts2, *selected;
237 linked_list_t *result = linked_list_create();
238
239 if (local)
240 {
241 e1 = this->my_ts->create_enumerator(this->my_ts);
242 }
243 else
244 {
245 e1 = this->other_ts->create_enumerator(this->other_ts);
246 }
247
248 /* no list supplied, just fetch the stored traffic selectors */
249 if (supplied == NULL)
250 {
251 DBG2(DBG_CFG, "proposing traffic selectors for %s:",
252 local ? "us" : "other");
253 while (e1->enumerate(e1, &ts1))
254 {
255 /* we make a copy of the TS, this allows us to update dynamic TS' */
256 selected = ts1->clone(ts1);
257 if (host)
258 {
259 selected->set_address(selected, host);
260 }
261 DBG2(DBG_CFG, " %R (derived from %R)", selected, ts1);
262 result->insert_last(result, selected);
263 }
264 e1->destroy(e1);
265 }
266 else
267 {
268 DBG2(DBG_CFG, "selecting traffic selectors for %s:",
269 local ? "us" : "other");
270 e2 = supplied->create_enumerator(supplied);
271 /* iterate over all stored selectors */
272 while (e1->enumerate(e1, &ts1))
273 {
274 /* we make a copy of the TS, as we have to update dynamic TS' */
275 ts1 = ts1->clone(ts1);
276 if (host)
277 {
278 ts1->set_address(ts1, host);
279 }
280
281 /* iterate over all supplied traffic selectors */
282 while (e2->enumerate(e2, &ts2))
283 {
284 selected = ts1->get_subset(ts1, ts2);
285 if (selected)
286 {
287 DBG2(DBG_CFG, " config: %R, received: %R => match: %R",
288 ts1, ts2, selected);
289 result->insert_last(result, selected);
290 }
291 else
292 {
293 DBG2(DBG_CFG, " config: %R, received: %R => no match",
294 ts1, ts2, selected);
295 }
296 }
297 e2->destroy(e2);
298 e2 = supplied->create_enumerator(supplied);
299 ts1->destroy(ts1);
300 }
301 e1->destroy(e1);
302 e2->destroy(e2);
303 }
304
305 /* remove any redundant traffic selectors in the list */
306 e1 = result->create_enumerator(result);
307 e2 = result->create_enumerator(result);
308 while (e1->enumerate(e1, &ts1))
309 {
310 while (e2->enumerate(e2, &ts2))
311 {
312 if (ts1 != ts2)
313 {
314 if (ts2->is_contained_in(ts2, ts1))
315 {
316 result->remove_at(result, e2);
317 ts2->destroy(ts2);
318 e1->destroy(e1);
319 e1 = result->create_enumerator(result);
320 break;
321 }
322 if (ts1->is_contained_in(ts1, ts2))
323 {
324 result->remove_at(result, e1);
325 ts1->destroy(ts1);
326 e2->destroy(e2);
327 e2 = result->create_enumerator(result);
328 break;
329 }
330 }
331 }
332 }
333 e1->destroy(e1);
334 e2->destroy(e2);
335
336 return result;
337 }
338
339 /**
340 * Implementation of child_cfg_t.get_name
341 */
342 static char* get_updown(private_child_cfg_t *this)
343 {
344 return this->updown;
345 }
346
347 /**
348 * Implementation of child_cfg_t.get_name
349 */
350 static bool get_hostaccess(private_child_cfg_t *this)
351 {
352 return this->hostaccess;
353 }
354
355 /**
356 * Implementation of child_cfg_t.get_name
357 */
358 static u_int32_t get_lifetime(private_child_cfg_t *this, bool rekey)
359 {
360 if (rekey)
361 {
362 if (this->jitter == 0)
363 {
364 return this->rekeytime;
365 }
366 return this->rekeytime - (random() % this->jitter);
367 }
368 return this->lifetime;
369 }
370
371 /**
372 * Implementation of child_cfg_t.get_mode
373 */
374 static mode_t get_mode(private_child_cfg_t *this)
375 {
376 return this->mode;
377 }
378
379 /**
380 * Implementation of child_cfg_t.get_dpd_action
381 */
382 static action_t get_dpd_action(private_child_cfg_t *this)
383 {
384 return this->dpd_action;
385 }
386
387 /**
388 * Implementation of child_cfg_t.get_close_action
389 */
390 static action_t get_close_action(private_child_cfg_t *this)
391 {
392 return this->close_action;
393 }
394
395 /**
396 * Implementation of child_cfg_t.get_dh_group.
397 */
398 static diffie_hellman_group_t get_dh_group(private_child_cfg_t *this)
399 {
400 enumerator_t *enumerator;
401 proposal_t *proposal;
402 u_int16_t dh_group = MODP_NONE;
403
404 enumerator = this->proposals->create_enumerator(this->proposals);
405 while (enumerator->enumerate(enumerator, &proposal))
406 {
407 if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &dh_group, NULL))
408 {
409 break;
410 }
411 }
412 enumerator->destroy(enumerator);
413 return dh_group;
414 }
415
416 /**
417 * Implementation of child_cfg_t.use_ipcomp.
418 */
419 static bool use_ipcomp(private_child_cfg_t *this)
420 {
421 return this->use_ipcomp;
422 }
423
424 /**
425 * Implementation of child_cfg_t.get_name
426 */
427 static child_cfg_t* get_ref(private_child_cfg_t *this)
428 {
429 ref_get(&this->refcount);
430 return &this->public;
431 }
432
433 /**
434 * Implements child_cfg_t.destroy.
435 */
436 static void destroy(private_child_cfg_t *this)
437 {
438 if (ref_put(&this->refcount))
439 {
440 this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
441 this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy));
442 this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy));
443 if (this->updown)
444 {
445 free(this->updown);
446 }
447 free(this->name);
448 free(this);
449 }
450 }
451
452 /*
453 * Described in header-file
454 */
455 child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
456 u_int32_t rekeytime, u_int32_t jitter,
457 char *updown, bool hostaccess, mode_t mode,
458 action_t dpd_action, action_t close_action, bool ipcomp)
459 {
460 private_child_cfg_t *this = malloc_thing(private_child_cfg_t);
461
462 this->public.get_name = (char* (*) (child_cfg_t*))get_name;
463 this->public.add_traffic_selector = (void (*)(child_cfg_t*,bool,traffic_selector_t*))add_traffic_selector;
464 this->public.get_traffic_selectors = (linked_list_t*(*)(child_cfg_t*,bool,linked_list_t*,host_t*))get_traffic_selectors;
465 this->public.add_proposal = (void (*) (child_cfg_t*,proposal_t*))add_proposal;
466 this->public.get_proposals = (linked_list_t* (*) (child_cfg_t*,bool))get_proposals;
467 this->public.select_proposal = (proposal_t* (*) (child_cfg_t*,linked_list_t*,bool))select_proposal;
468 this->public.get_updown = (char* (*) (child_cfg_t*))get_updown;
469 this->public.get_hostaccess = (bool (*) (child_cfg_t*))get_hostaccess;
470 this->public.get_mode = (mode_t (*) (child_cfg_t *))get_mode;
471 this->public.get_dpd_action = (action_t (*) (child_cfg_t *))get_dpd_action;
472 this->public.get_close_action = (action_t (*) (child_cfg_t *))get_close_action;
473 this->public.get_lifetime = (u_int32_t (*) (child_cfg_t *,bool))get_lifetime;
474 this->public.get_dh_group = (diffie_hellman_group_t(*)(child_cfg_t*)) get_dh_group;
475 this->public.use_ipcomp = (bool (*) (child_cfg_t *))use_ipcomp;
476 this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref;
477 this->public.destroy = (void (*) (child_cfg_t*))destroy;
478
479 this->name = strdup(name);
480 this->lifetime = lifetime;
481 this->rekeytime = rekeytime;
482 this->jitter = jitter;
483 this->updown = updown ? strdup(updown) : NULL;
484 this->hostaccess = hostaccess;
485 this->mode = mode;
486 this->dpd_action = dpd_action;
487 this->close_action = close_action;
488 this->use_ipcomp = ipcomp;
489 this->refcount = 1;
490 this->proposals = linked_list_create();
491 this->my_ts = linked_list_create();
492 this->other_ts = linked_list_create();
493
494 return &this->public;
495 }
496
strongSwan - IPsec VPN