projects / strongswan.git / blob
? search:


b3ace7269327bfd5fb24ca9bed6f817f9bd7fb2d
[strongswan.git] / src / charon / plugins / ha_sync / ha_sync_child.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 #include "ha_sync_child.h"
19
20 typedef struct private_ha_sync_child_t private_ha_sync_child_t;
21
22 /**
23 * Private data of an ha_sync_child_t object.
24 */
25 struct private_ha_sync_child_t {
26
27 /**
28 * Public ha_sync_child_t interface.
29 */
30 ha_sync_child_t public;
31
32 /**
33 * socket we use for syncing
34 */
35 ha_sync_socket_t *socket;
36
37 /**
38 * synced and cached IKE_SA state
39 */
40 ha_sync_cache_t *cache;
41 };
42
43 /**
44 * Implementation of listener_t.child_keys
45 */
46 static bool child_keys(private_ha_sync_child_t *this, ike_sa_t *ike_sa,
47 child_sa_t *child_sa, diffie_hellman_t *dh,
48 chunk_t nonce_i, chunk_t nonce_r)
49 {
50 ha_sync_message_t *m;
51 chunk_t secret;
52 proposal_t *proposal;
53 u_int16_t alg, len;
54 linked_list_t *list;
55 enumerator_t *enumerator;
56 traffic_selector_t *ts;
57
58 if (this->cache->has_ike_sa(this->cache, ike_sa->get_id(ike_sa)))
59 { /* IKE_SA is cached, do not sync */
60 return TRUE;
61 }
62
63 m = ha_sync_message_create(HA_SYNC_CHILD_ADD);
64
65 m->add_attribute(m, HA_SYNC_IKE_ID, ike_sa->get_id(ike_sa));
66 m->add_attribute(m, HA_SYNC_INBOUND_SPI, child_sa->get_spi(child_sa, TRUE));
67 m->add_attribute(m, HA_SYNC_OUTBOUND_SPI, child_sa->get_spi(child_sa, FALSE));
68 m->add_attribute(m, HA_SYNC_INBOUND_CPI, child_sa->get_cpi(child_sa, TRUE));
69 m->add_attribute(m, HA_SYNC_OUTBOUND_CPI, child_sa->get_cpi(child_sa, FALSE));
70 m->add_attribute(m, HA_SYNC_IPSEC_MODE, child_sa->get_mode(child_sa));
71 m->add_attribute(m, HA_SYNC_IPCOMP, child_sa->get_ipcomp(child_sa));
72 m->add_attribute(m, HA_SYNC_CONFIG_NAME, child_sa->get_name(child_sa));
73
74 proposal = child_sa->get_proposal(child_sa);
75 if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len))
76 {
77 m->add_attribute(m, HA_SYNC_ALG_ENCR, alg);
78 if (len)
79 {
80 m->add_attribute(m, HA_SYNC_ALG_ENCR_LEN, len);
81 }
82 }
83 if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
84 {
85 m->add_attribute(m, HA_SYNC_ALG_INTEG, alg);
86 }
87 m->add_attribute(m, HA_SYNC_NONCE_I, nonce_i);
88 m->add_attribute(m, HA_SYNC_NONCE_R, nonce_r);
89 if (dh && dh->get_shared_secret(dh, &secret) == SUCCESS)
90 {
91 m->add_attribute(m, HA_SYNC_SECRET, secret);
92 chunk_clear(&secret);
93 }
94
95 list = child_sa->get_traffic_selectors(child_sa, TRUE);
96 enumerator = list->create_enumerator(list);
97 while (enumerator->enumerate(enumerator, &ts))
98 {
99 m->add_attribute(m, HA_SYNC_LOCAL_TS, ts);
100 }
101 enumerator->destroy(enumerator);
102 list = child_sa->get_traffic_selectors(child_sa, FALSE);
103 enumerator = list->create_enumerator(list);
104 while (enumerator->enumerate(enumerator, &ts))
105 {
106 m->add_attribute(m, HA_SYNC_REMOTE_TS, ts);
107 }
108 enumerator->destroy(enumerator);
109
110 this->socket->push(this->socket, m);
111 m->destroy(m);
112
113 return TRUE;
114 }
115
116 /**
117 * Implementation of listener_t.child_state_change
118 */
119 static bool child_state_change(private_ha_sync_child_t *this, ike_sa_t *ike_sa,
120 child_sa_t *child_sa, child_sa_state_t state)
121 {
122 if (this->cache->has_ike_sa(this->cache, ike_sa->get_id(ike_sa)))
123 { /* IKE_SA is cached, do not sync */
124 return TRUE;
125 }
126
127 if (state == CHILD_DESTROYING)
128 {
129 ha_sync_message_t *m;
130
131 m = ha_sync_message_create(HA_SYNC_CHILD_DELETE);
132
133 m->add_attribute(m, HA_SYNC_IKE_ID, ike_sa->get_id(ike_sa));
134 m->add_attribute(m, HA_SYNC_INBOUND_SPI,
135 child_sa->get_spi(child_sa, TRUE));
136 this->socket->push(this->socket, m);
137 m->destroy(m);
138 }
139 return TRUE;
140 }
141
142 /**
143 * Implementation of ha_sync_child_t.destroy.
144 */
145 static void destroy(private_ha_sync_child_t *this)
146 {
147 free(this);
148 }
149
150 /**
151 * See header
152 */
153 ha_sync_child_t *ha_sync_child_create(ha_sync_socket_t *socket,
154 ha_sync_cache_t *cache)
155 {
156 private_ha_sync_child_t *this = malloc_thing(private_ha_sync_child_t);
157
158 memset(&this->public.listener, 0, sizeof(listener_t));
159 this->public.listener.child_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r))child_keys;
160 this->public.listener.child_state_change = (bool(*)(listener_t*,ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state))child_state_change;
161 this->public.destroy = (void(*)(ha_sync_child_t*))destroy;
162
163 this->socket = socket;
164 this->cache = cache;
165
166 return &this->public;
167 }
168
strongSwan - IPsec VPN