projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
merged tasking branch into trunk
[strongswan.git] / src / charon / sa / task_manager.c
1 /**
2 * @file task_manager.c
3 *
4 * @brief Implementation of task_manager_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2007 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "task_manager.h"
24
25 #include <daemon.h>
26 #include <sa/tasks/ike_init.h>
27 #include <sa/tasks/ike_natd.h>
28 #include <sa/tasks/ike_auth.h>
29 #include <sa/tasks/ike_cert.h>
30 #include <sa/tasks/ike_rekey.h>
31 #include <sa/tasks/ike_delete.h>
32 #include <sa/tasks/ike_config.h>
33 #include <sa/tasks/ike_dpd.h>
34 #include <sa/tasks/child_create.h>
35 #include <sa/tasks/child_rekey.h>
36 #include <sa/tasks/child_delete.h>
37 #include <encoding/payloads/delete_payload.h>
38 #include <queues/jobs/retransmit_job.h>
39
40 typedef struct exchange_t exchange_t;
41
42 /**
43 * An exchange in the air, used do detect and handle retransmission
44 */
45 struct exchange_t {
46
47 /**
48 * Message ID used for this transaction
49 */
50 u_int32_t mid;
51
52 /**
53 * generated packet for retransmission
54 */
55 packet_t *packet;
56 };
57
58 typedef struct private_task_manager_t private_task_manager_t;
59
60 /**
61 * private data of the task manager
62 */
63 struct private_task_manager_t {
64
65 /**
66 * public functions
67 */
68 task_manager_t public;
69
70 /**
71 * associated IKE_SA we are serving
72 */
73 ike_sa_t *ike_sa;
74
75 /**
76 * Exchange we are currently handling as responder
77 */
78 struct {
79 /**
80 * Message ID of the exchange
81 */
82 u_int32_t mid;
83
84 /**
85 * packet for retransmission
86 */
87 packet_t *packet;
88
89 } responding;
90
91 /**
92 * Exchange we are currently handling as initiator
93 */
94 struct {
95 /**
96 * Message ID of the exchange
97 */
98 u_int32_t mid;
99
100 /**
101 * how many times we have retransmitted so far
102 */
103 u_int retransmitted;
104
105 /**
106 * packet for retransmission
107 */
108 packet_t *packet;
109
110 /**
111 * type of the initated exchange
112 */
113 exchange_type_t type;
114
115 } initiating;
116
117 /**
118 * List of queued tasks not yet in action
119 */
120 linked_list_t *queued_tasks;
121
122 /**
123 * List of active tasks, initiated by ourselve
124 */
125 linked_list_t *active_tasks;
126
127 /**
128 * List of tasks initiated by peer
129 */
130 linked_list_t *passive_tasks;
131
132 /**
133 * ike_sa_init message we sent, stored here for later authentication
134 */
135 packet_t *ike_sa_init;
136 };
137
138 /**
139 * move a task of a specific type from the queue to the active list
140 */
141 static bool activate_task(private_task_manager_t *this, task_type_t type)
142 {
143 iterator_t *iterator;
144 task_t *task;
145 bool found = FALSE;
146
147 iterator = this->queued_tasks->create_iterator(this->queued_tasks, TRUE);
148 while (iterator->iterate(iterator, (void**)&task))
149 {
150 if (task->get_type(task) == type)
151 {
152 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
153 iterator->remove(iterator);
154 this->active_tasks->insert_last(this->active_tasks, task);
155 found = TRUE;
156 break;
157 }
158 }
159 iterator->destroy(iterator);
160 return found;
161 }
162
163 /**
164 * Implementation of task_manager_t.retransmit
165 */
166 static status_t retransmit(private_task_manager_t *this, u_int32_t message_id)
167 {
168 if (message_id == this->initiating.mid)
169 {
170 u_int32_t timeout;
171 job_t *job;
172
173 timeout = charon->configuration->get_retransmit_timeout(
174 charon->configuration, this->initiating.retransmitted);
175 if (timeout == 0)
176 {
177 DBG1(DBG_IKE, "giving up after %d retransmits",
178 this->initiating.retransmitted - 1);
179 return DESTROY_ME;
180 }
181
182 if (this->initiating.retransmitted)
183 {
184 DBG1(DBG_IKE, "retransmit %d of request with message ID %d",
185 this->initiating.retransmitted, message_id);
186 }
187 this->initiating.retransmitted++;
188
189 charon->send_queue->add(charon->send_queue,
190 this->initiating.packet->clone(this->initiating.packet));
191 job = (job_t*)retransmit_job_create(this->initiating.mid,
192 this->ike_sa->get_id(this->ike_sa));
193 charon->event_queue->add_relative(charon->event_queue, job, timeout);
194 }
195 return SUCCESS;
196 }
197
198 /**
199 * build a request using the active task list
200 * Implementation of task_manager_t.initiate
201 */
202 static status_t build_request(private_task_manager_t *this)
203 {
204 iterator_t *iterator;
205 task_t *task;
206 message_t *message;
207 status_t status;
208 exchange_type_t exchange = 0;
209
210 if (this->active_tasks->get_count(this->active_tasks) == 0)
211 {
212 DBG2(DBG_IKE, "activating new tasks");
213 switch (this->ike_sa->get_state(this->ike_sa))
214 {
215 case IKE_CREATED:
216 if (activate_task(this, IKE_INIT))
217 {
218 exchange = IKE_SA_INIT;
219 activate_task(this, IKE_NATD);
220 activate_task(this, IKE_CERT);
221 activate_task(this, IKE_AUTHENTICATE);
222 activate_task(this, IKE_CONFIG);
223 activate_task(this, CHILD_CREATE);
224 }
225 break;
226 case IKE_ESTABLISHED:
227 if (activate_task(this, CHILD_CREATE))
228 {
229 exchange = CREATE_CHILD_SA;
230 activate_task(this, IKE_CONFIG);
231 break;
232 }
233 if (activate_task(this, CHILD_DELETE))
234 {
235 exchange = INFORMATIONAL;
236 break;
237 }
238 if (activate_task(this, CHILD_REKEY))
239 {
240 exchange = CREATE_CHILD_SA;
241 break;
242 }
243 if (activate_task(this, IKE_DELETE))
244 {
245 exchange = INFORMATIONAL;
246 break;
247 }
248 if (activate_task(this, IKE_REKEY))
249 {
250 exchange = CREATE_CHILD_SA;
251 break;
252 }
253 if (activate_task(this, IKE_DEADPEER))
254 {
255 exchange = INFORMATIONAL;
256 break;
257 }
258 case IKE_REKEYING:
259 if (activate_task(this, IKE_DELETE))
260 {
261 exchange = INFORMATIONAL;
262 break;
263 }
264 case IKE_DELETING:
265 default:
266 break;
267 }
268 }
269 else
270 {
271 DBG2(DBG_IKE, "reinitiating already active tasks");
272 iterator = this->active_tasks->create_iterator(this->active_tasks, TRUE);
273 while (iterator->iterate(iterator, (void**)&task))
274 {
275 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
276 switch (task->get_type(task))
277 {
278 case IKE_INIT:
279 exchange = IKE_SA_INIT;
280 break;
281 case IKE_AUTHENTICATE:
282 exchange = IKE_AUTH;
283 break;
284 default:
285 continue;
286 }
287 break;
288 }
289 iterator->destroy(iterator);
290 }
291
292 if (exchange == 0)
293 {
294 DBG2(DBG_IKE, "nothing to initiate");
295 /* nothing to do yet... */
296 return SUCCESS;
297 }
298
299 message = message_create();
300 message->set_message_id(message, this->initiating.mid);
301 message->set_exchange_type(message, exchange);
302 this->initiating.type = exchange;
303 this->initiating.retransmitted = 0;
304
305 iterator = this->active_tasks->create_iterator(this->active_tasks, TRUE);
306 while (iterator->iterate(iterator, (void*)&task))
307 {
308 switch (task->build(task, message))
309 {
310 case SUCCESS:
311 /* task completed, remove it */
312 iterator->remove(iterator);
313 task->destroy(task);
314 break;
315 case NEED_MORE:
316 /* processed, but task needs another exchange */
317 break;
318 case FAILED:
319 default:
320 /* critical failure, destroy IKE_SA */
321 iterator->destroy(iterator);
322 message->destroy(message);
323 return DESTROY_ME;
324 }
325 }
326 iterator->destroy(iterator);
327
328 DESTROY_IF(this->initiating.packet);
329 status = this->ike_sa->generate_message(this->ike_sa, message,
330 &this->initiating.packet);
331 message->destroy(message);
332 if (status != SUCCESS)
333 {
334 /* message generation failed. There is nothing more to do than to
335 * close the SA */
336 return DESTROY_ME;
337 }
338
339 return retransmit(this, this->initiating.mid);
340 }
341
342 /**
343 * handle an incoming response message
344 */
345 static status_t process_response(private_task_manager_t *this,
346 message_t *message)
347 {
348 iterator_t *iterator;
349 task_t *task;
350
351 if (message->get_exchange_type(message) != this->initiating.type)
352 {
353 DBG1(DBG_IKE, "received %N response, but expected %N",
354 exchange_type_names, message->get_exchange_type(message),
355 exchange_type_names, this->initiating.type);
356 return DESTROY_ME;
357 }
358
359 iterator = this->active_tasks->create_iterator(this->active_tasks, TRUE);
360 while (iterator->iterate(iterator, (void*)&task))
361 {
362 switch (task->process(task, message))
363 {
364 case SUCCESS:
365 /* task completed, remove it */
366 iterator->remove(iterator);
367 task->destroy(task);
368 break;
369 case NEED_MORE:
370 /* processed, but task needs another exchange */
371 break;
372 case FAILED:
373 default:
374 /* critical failure, destroy IKE_SA */
375 iterator->destroy(iterator);
376 return DESTROY_ME;
377 }
378 }
379 iterator->destroy(iterator);
380
381 this->initiating.mid++;
382
383 return build_request(this);
384 }
385
386 /**
387 * build a response depending on the "passive" task list
388 */
389 static status_t build_response(private_task_manager_t *this,
390 exchange_type_t exchange)
391 {
392 iterator_t *iterator;
393 task_t *task;
394 message_t *message;
395 bool delete = FALSE;
396 status_t status;
397
398 message = message_create();
399 message->set_exchange_type(message, exchange);
400 message->set_message_id(message, this->responding.mid);
401 message->set_request(message, FALSE);
402
403 iterator = this->passive_tasks->create_iterator(this->passive_tasks, TRUE);
404 while (iterator->iterate(iterator, (void*)&task))
405 {
406 switch (task->build(task, message))
407 {
408 case SUCCESS:
409 /* task completed, remove it */
410 iterator->remove(iterator);
411 task->destroy(task);
412 break;
413 case NEED_MORE:
414 /* processed, but task needs another exchange */
415 break;
416 case FAILED:
417 default:
418 /* destroy IKE_SA, but SEND response first */
419 delete = TRUE;
420 break;
421 }
422 if (delete)
423 {
424 break;
425 }
426 }
427 iterator->destroy(iterator);
428
429 /* message complete, send it */
430 DESTROY_IF(this->responding.packet);
431 status = this->ike_sa->generate_message(this->ike_sa, message,
432 &this->responding.packet);
433 message->destroy(message);
434 if (status != SUCCESS)
435 {
436 return DESTROY_ME;
437 }
438
439 charon->send_queue->add(charon->send_queue,
440 this->responding.packet->clone(this->responding.packet));
441 if (delete)
442 {
443 return DESTROY_ME;
444 }
445 return SUCCESS;
446 }
447
448 /**
449 * handle an incoming request message
450 */
451 static status_t process_request(private_task_manager_t *this,
452 message_t *message)
453 {
454 iterator_t *iterator;
455 task_t *task = NULL;
456 exchange_type_t exchange;
457 payload_t *payload;
458 notify_payload_t *notify;
459
460 exchange = message->get_exchange_type(message);
461
462 /* create tasks depending on request type */
463 switch (exchange)
464 {
465 case IKE_SA_INIT:
466 {
467 task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
468 this->passive_tasks->insert_last(this->passive_tasks, task);
469 task = (task_t*)ike_natd_create(this->ike_sa, FALSE);
470 this->passive_tasks->insert_last(this->passive_tasks, task);
471 task = (task_t*)ike_cert_create(this->ike_sa, FALSE);
472 this->passive_tasks->insert_last(this->passive_tasks, task);
473 task = (task_t*)ike_config_create(this->ike_sa, NULL);
474 this->passive_tasks->insert_last(this->passive_tasks, task);
475 task = (task_t*)ike_auth_create(this->ike_sa, FALSE);
476 this->passive_tasks->insert_last(this->passive_tasks, task);
477 task = (task_t*)child_create_create(this->ike_sa, NULL);
478 this->passive_tasks->insert_last(this->passive_tasks, task);
479 break;
480 }
481 case CREATE_CHILD_SA:
482 {
483 bool notify_found = FALSE, ts_found = FALSE;
484 iterator = message->get_payload_iterator(message);
485 while (iterator->iterate(iterator, (void**)&payload))
486 {
487 switch (payload->get_type(payload))
488 {
489 case NOTIFY:
490 {
491 /* if we find a rekey notify, its CHILD_SA rekeying */
492 notify = (notify_payload_t*)payload;
493 if (notify->get_notify_type(notify) == REKEY_SA &&
494 (notify->get_protocol_id(notify) == PROTO_AH ||
495 notify->get_protocol_id(notify) == PROTO_ESP))
496 {
497 notify_found = TRUE;
498 }
499 break;
500 }
501 case TRAFFIC_SELECTOR_INITIATOR:
502 case TRAFFIC_SELECTOR_RESPONDER:
503 {
504 /* if we don't find a TS, its IKE rekeying */
505 ts_found = TRUE;
506 break;
507 }
508 default:
509 break;
510 }
511 }
512 iterator->destroy(iterator);
513
514 if (ts_found)
515 {
516 if (notify_found)
517 {
518 task = (task_t*)child_rekey_create(this->ike_sa, NULL);
519 }
520 else
521 {
522 task = (task_t*)child_create_create(this->ike_sa, NULL);
523 }
524 }
525 else
526 {
527 task = (task_t*)ike_rekey_create(this->ike_sa, FALSE);
528 }
529 this->passive_tasks->insert_last(this->passive_tasks, task);
530
531 break;
532 }
533 case INFORMATIONAL:
534 {
535 delete_payload_t *delete;
536
537 delete = (delete_payload_t*)message->get_payload(message, DELETE);
538 if (delete)
539 {
540 if (delete->get_protocol_id(delete) == PROTO_IKE)
541 {
542 task = (task_t*)ike_delete_create(this->ike_sa, FALSE);
543 this->passive_tasks->insert_last(this->passive_tasks, task);
544 }
545 else
546 {
547 task = (task_t*)child_delete_create(this->ike_sa, NULL);
548 this->passive_tasks->insert_last(this->passive_tasks, task);
549 }
550 }
551 else
552 {
553 task = (task_t*)ike_dpd_create(FALSE);
554 this->passive_tasks->insert_last(this->passive_tasks, task);
555 }
556 break;
557 }
558 default:
559 break;
560 }
561
562 /* let the tasks process the message */
563 iterator = this->passive_tasks->create_iterator(this->passive_tasks, TRUE);
564 while (iterator->iterate(iterator, (void*)&task))
565 {
566 switch (task->process(task, message))
567 {
568 case SUCCESS:
569 /* task completed, remove it */
570 iterator->remove(iterator);
571 task->destroy(task);
572 break;
573 case NEED_MORE:
574 /* processed, but task needs at least another call to build() */
575 break;
576 case FAILED:
577 default:
578 /* critical failure, destroy IKE_SA */
579 iterator->destroy(iterator);
580 return DESTROY_ME;
581 }
582 }
583 iterator->destroy(iterator);
584
585 return build_response(this, exchange);
586 }
587
588 /**
589 * Implementation of task_manager_t.process_message
590 */
591 static status_t process_message(private_task_manager_t *this, message_t *msg)
592 {
593 u_int32_t mid = msg->get_message_id(msg);
594
595 if (msg->get_request(msg))
596 {
597 if (mid == this->responding.mid)
598 {
599 if (process_request(this, msg) != SUCCESS)
600 {
601 return DESTROY_ME;
602 }
603 this->responding.mid++;
604 }
605 else if ((mid == this->responding.mid - 1) && this->responding.packet)
606 {
607 DBG1(DBG_IKE, "received retransmit of request with ID %d, "
608 "retransmitting response", mid);
609 charon->send_queue->add(charon->send_queue,
610 this->responding.packet->clone(
611 this->responding.packet));
612 }
613 else
614 {
615 DBG1(DBG_IKE, "received message ID %d, excepted %d. Ignored",
616 mid, this->responding.mid);
617 }
618 }
619 else
620 {
621 if (mid == this->initiating.mid)
622 {
623 if (process_response(this, msg) != SUCCESS)
624 {
625 return DESTROY_ME;
626 }
627 }
628 else
629 {
630 DBG1(DBG_IKE, "received message ID %d, excepted %d. Ignored",
631 mid, this->initiating.mid);
632 return SUCCESS;
633 }
634 }
635 return SUCCESS;
636 }
637
638 /**
639 * Implementation of task_manager_t.queue_task
640 */
641 static void queue_task(private_task_manager_t *this, task_t *task)
642 {
643 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
644 this->queued_tasks->insert_last(this->queued_tasks, task);
645 }
646
647 /**
648 * Implementation of task_manager_t.adopt_tasks
649 */
650 static void adopt_tasks(private_task_manager_t *this, private_task_manager_t *other)
651 {
652 task_t *task;
653
654 /* move queued tasks from other to this */
655 while (other->queued_tasks->remove_last(other->queued_tasks,
656 (void**)&task) == SUCCESS)
657 {
658 task->migrate(task, this->ike_sa);
659 this->queued_tasks->insert_first(this->queued_tasks, task);
660 }
661
662 /* reset active tasks and move them to others queued tasks */
663 while (other->active_tasks->remove_last(other->active_tasks,
664 (void**)&task) == SUCCESS)
665 {
666 task->migrate(task, this->ike_sa);
667 this->queued_tasks->insert_first(this->queued_tasks, task);
668 }
669 }
670
671 /**
672 * Implementation of task_manager_t.busy
673 */
674 static bool busy(private_task_manager_t *this)
675 {
676 return (this->active_tasks->get_count(this->active_tasks) > 0);
677 }
678
679 /**
680 * Implementation of task_manager_t.reset
681 */
682 static void reset(private_task_manager_t *this)
683 {
684 task_t *task;
685
686 /* reset message counters and retransmit packets */
687 DESTROY_IF(this->responding.packet);
688 DESTROY_IF(this->initiating.packet);
689 DESTROY_IF(this->ike_sa_init);
690 this->responding.packet = NULL;
691 this->initiating.packet = NULL;
692 this->ike_sa_init = NULL;
693 this->responding.mid = 0;
694 this->initiating.mid = -1;
695
696 /* reset active tasks */
697 while (this->active_tasks->remove_last(this->active_tasks,
698 (void**)&task) == SUCCESS)
699 {
700 task->migrate(task, this->ike_sa);
701 this->queued_tasks->insert_first(this->queued_tasks, task);
702 }
703 }
704
705 /**
706 * Implementation of task_manager_t.destroy
707 */
708 static void destroy(private_task_manager_t *this)
709 {
710 task_t *task;
711
712 this->queued_tasks->destroy_offset(this->queued_tasks,
713 offsetof(task_t, destroy));
714 this->passive_tasks->destroy_offset(this->passive_tasks,
715 offsetof(task_t, destroy));
716
717 /* emmit outstanding signals for tasks */
718 while (this->active_tasks->remove_last(this->active_tasks,
719 (void**)&task) == SUCCESS)
720 {
721 switch (task->get_type(task))
722 {
723 case IKE_AUTH:
724 SIG(IKE_UP_FAILED, "establishing IKE_SA failed");
725 break;
726 case IKE_DELETE:
727 SIG(IKE_DOWN_FAILED, "deleteing IKE_SA properly failed");
728 break;
729 case IKE_REKEY:
730 SIG(IKE_REKEY_FAILED, "rekeying IKE_SA failed");
731 break;
732 case CHILD_CREATE:
733 SIG(CHILD_UP_FAILED, "establishing CHILD_SA failed");
734 break;
735 case CHILD_DELETE:
736 SIG(CHILD_DOWN_FAILED, "deleting CHILD_SA failed");
737 break;
738 case CHILD_REKEY:
739 SIG(IKE_REKEY_FAILED, "rekeying CHILD_SA failed");
740 break;
741 default:
742 break;
743 }
744 task->destroy(task);
745 }
746 this->active_tasks->destroy(this->active_tasks);
747 DESTROY_IF(this->responding.packet);
748 DESTROY_IF(this->initiating.packet);
749 DESTROY_IF(this->ike_sa_init);
750 free(this);
751 }
752
753 /*
754 * see header file
755 */
756 task_manager_t *task_manager_create(ike_sa_t *ike_sa)
757 {
758 private_task_manager_t *this = malloc_thing(private_task_manager_t);
759
760 this->public.process_message = (status_t(*)(task_manager_t*,message_t*))process_message;
761 this->public.queue_task = (void(*)(task_manager_t*,task_t*))queue_task;
762 this->public.initiate = (status_t(*)(task_manager_t*))build_request;
763 this->public.retransmit = (status_t(*)(task_manager_t*,u_int32_t))retransmit;
764 this->public.reset = (void(*)(task_manager_t*))reset;
765 this->public.adopt_tasks = (void(*)(task_manager_t*,task_manager_t*))adopt_tasks;
766 this->public.busy = (bool(*)(task_manager_t*))busy;
767 this->public.destroy = (void(*)(task_manager_t*))destroy;
768
769 this->ike_sa = ike_sa;
770 this->responding.packet = NULL;
771 this->initiating.packet = NULL;
772 this->responding.mid = 0;
773 this->initiating.mid = 0;
774 this->queued_tasks = linked_list_create();
775 this->active_tasks = linked_list_create();
776 this->passive_tasks = linked_list_create();
777 this->ike_sa_init = NULL;
778
779 return &this->public;
780 }
strongSwan - IPsec VPN