further mobike improvements, regarding to NAT-T
[strongswan.git] / src / charon / sa / tasks / ike_mobike.c
1 /**
2 * @file ike_mobike.c
3 *
4 * @brief Implementation of the ike_mobike task.
5 *
6 */
7
8 /*
9 * Copyright (C) 2007 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "ike_mobike.h"
24
25 #include <string.h>
26
27 #include <daemon.h>
28 #include <sa/tasks/ike_natd.h>
29 #include <encoding/payloads/notify_payload.h>
30
31
32 typedef struct private_ike_mobike_t private_ike_mobike_t;
33
34 /**
35 * Private members of a ike_mobike_t task.
36 */
37 struct private_ike_mobike_t {
38
39 /**
40 * Public methods and task_t interface.
41 */
42 ike_mobike_t public;
43
44 /**
45 * Assigned IKE_SA.
46 */
47 ike_sa_t *ike_sa;
48
49 /**
50 * Are we the initiator?
51 */
52 bool initiator;
53
54 /**
55 * local host to roam to
56 */
57 host_t *me;
58
59 /**
60 * remote host to roam to
61 */
62 host_t *other;
63
64 /**
65 * cookie2 value to verify new addresses
66 */
67 chunk_t cookie2;
68
69 /**
70 * NAT discovery reusing the IKE_NATD task
71 */
72 ike_natd_t *natd;
73 };
74
75 /**
76 * flush the IKE_SAs list of additional addresses
77 */
78 static void flush_additional_addresses(private_ike_mobike_t *this)
79 {
80 iterator_t *iterator;
81 host_t *host;
82
83 iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa);
84 while (iterator->iterate(iterator, (void**)&host))
85 {
86 iterator->remove(iterator);
87 host->destroy(host);
88 }
89 iterator->destroy(iterator);
90 }
91
92
93 /**
94 * read notifys from message and evaluate them
95 */
96 static void process_payloads(private_ike_mobike_t *this, message_t *message)
97 {
98 iterator_t *iterator;
99 payload_t *payload;
100 bool first = TRUE;
101
102 iterator = message->get_payload_iterator(message);
103 while (iterator->iterate(iterator, (void**)&payload))
104 {
105 int family = AF_INET;
106 notify_payload_t *notify;
107 chunk_t data;
108 host_t *host;
109
110 if (payload->get_type(payload) != NOTIFY)
111 {
112 continue;
113 }
114 notify = (notify_payload_t*)payload;
115 switch (notify->get_notify_type(notify))
116 {
117 case MOBIKE_SUPPORTED:
118 {
119 DBG2(DBG_IKE, "peer supports MOBIKE");
120 this->ike_sa->enable_extension(this->ike_sa, EXT_MOBIKE);
121 break;
122 }
123 case ADDITIONAL_IP6_ADDRESS:
124 {
125 family = AF_INET6;
126 /* fall through */
127 }
128 case ADDITIONAL_IP4_ADDRESS:
129 {
130 if (first)
131 { /* an ADDITIONAL_*_ADDRESS means replace, so flush once */
132 flush_additional_addresses(this);
133 first = FALSE;
134 }
135 data = notify->get_notification_data(notify);
136 host = host_create_from_chunk(family, data, 0);
137 DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host);
138 this->ike_sa->add_additional_address(this->ike_sa, host);
139 break;
140 }
141 case NO_ADDITIONAL_ADDRESSES:
142 {
143 flush_additional_addresses(this);
144 break;
145 }
146 case NAT_DETECTION_SOURCE_IP:
147 case NAT_DETECTION_DESTINATION_IP:
148 {
149 /* NAT check in this MOBIKE exchange, create subtask for it */
150 if (this->natd == NULL)
151 {
152 this->natd = ike_natd_create(this->ike_sa, this->initiator);
153 }
154 break;
155 }
156 default:
157 break;
158 }
159 }
160 iterator->destroy(iterator);
161 }
162
163 /**
164 * Add ADDITIONAL_*_ADDRESS notifys depending on our address list
165 */
166 static void build_address_list(private_ike_mobike_t *this, message_t *message)
167 {
168 iterator_t *iterator;
169 host_t *host, *me;
170 notify_type_t type;
171 bool additional = FALSE;
172
173 me = this->ike_sa->get_my_host(this->ike_sa);
174 iterator = charon->kernel_interface->create_address_iterator(
175 charon->kernel_interface);
176 while (iterator->iterate(iterator, (void**)&host))
177 {
178 if (me->ip_equals(me, host))
179 { /* "ADDITIONAL" means do not include IKE_SAs host */
180 continue;
181 }
182 switch (host->get_family(host))
183 {
184 case AF_INET:
185 type = ADDITIONAL_IP4_ADDRESS;
186 break;
187 case AF_INET6:
188 type = ADDITIONAL_IP6_ADDRESS;
189 break;
190 default:
191 continue;
192 }
193 message->add_notify(message, FALSE, type, host->get_address(host));
194 additional = TRUE;
195 }
196 if (!additional)
197 {
198 message->add_notify(message, FALSE, NO_ADDITIONAL_ADDRESSES, chunk_empty);
199 }
200 iterator->destroy(iterator);
201 }
202
203 /**
204 * Implementation of task_t.process for initiator
205 */
206 static status_t build_i(private_ike_mobike_t *this, message_t *message)
207 {
208 if (message->get_exchange_type(message) == IKE_AUTH &&
209 message->get_payload(message, SECURITY_ASSOCIATION))
210 {
211 message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty);
212 build_address_list(this, message);
213 }
214 else if (this->me || this->other)
215 { /* address change */
216 message->add_notify(message, FALSE, UPDATE_SA_ADDRESSES, chunk_empty);
217 build_address_list(this, message);
218 /* set new addresses */
219 this->ike_sa->update_hosts(this->ike_sa, this->me, this->other);
220 if (this->natd)
221 {
222 this->natd->task.build(&this->natd->task, message);
223 }
224 }
225
226 return NEED_MORE;
227 }
228
229 /**
230 * Implementation of task_t.process for responder
231 */
232 static status_t process_r(private_ike_mobike_t *this, message_t *message)
233 {
234 if (message->get_exchange_type(message) == IKE_AUTH &&
235 message->get_payload(message, SECURITY_ASSOCIATION))
236 {
237 process_payloads(this, message);
238 }
239 else if (message->get_exchange_type(message) == INFORMATIONAL)
240 {
241 process_payloads(this, message);
242 if (this->natd)
243 {
244 this->natd->task.process(&this->natd->task, message);
245 }
246 }
247 return NEED_MORE;
248 }
249
250 /**
251 * Implementation of task_t.build for responder
252 */
253 static status_t build_r(private_ike_mobike_t *this, message_t *message)
254 {
255 if (message->get_exchange_type(message) == IKE_AUTH &&
256 message->get_payload(message, SECURITY_ASSOCIATION))
257 {
258 if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
259 {
260 message->add_notify(message, FALSE, MOBIKE_SUPPORTED, chunk_empty);
261 build_address_list(this, message);
262 }
263 return SUCCESS;
264 }
265 else if (message->get_exchange_type(message) == INFORMATIONAL)
266 {
267 if (this->natd)
268 {
269 this->natd->task.build(&this->natd->task, message);
270 }
271 return SUCCESS;
272 }
273 return NEED_MORE;
274 }
275
276 /**
277 * Implementation of task_t.process for initiator
278 */
279 static status_t process_i(private_ike_mobike_t *this, message_t *message)
280 {
281 if (message->get_exchange_type(message) == IKE_AUTH &&
282 message->get_payload(message, SECURITY_ASSOCIATION))
283 {
284 process_payloads(this, message);
285
286 return SUCCESS;
287 }
288 else if (message->get_exchange_type(message) == INFORMATIONAL)
289 {
290 process_payloads(this, message);
291 if (this->natd)
292 {
293 this->natd->task.process(&this->natd->task, message);
294 }
295 return SUCCESS;
296 }
297 return NEED_MORE;
298 }
299
300 /**
301 * Implementation of ike_mobike_t.roam.
302 */
303 static void roam(private_ike_mobike_t *this, host_t *me, host_t *other)
304 {
305 this->me = me;
306 this->other = other;
307
308 /* include NAT detection when roaming */
309 this->natd = ike_natd_create(this->ike_sa, this->initiator);
310 }
311
312 /**
313 * Implementation of task_t.get_type
314 */
315 static task_type_t get_type(private_ike_mobike_t *this)
316 {
317 return IKE_MOBIKE;
318 }
319
320 /**
321 * Implementation of task_t.migrate
322 */
323 static void migrate(private_ike_mobike_t *this, ike_sa_t *ike_sa)
324 {
325 DESTROY_IF(this->me);
326 DESTROY_IF(this->other);
327 chunk_free(&this->cookie2);
328 this->ike_sa = ike_sa;
329 this->me = NULL;
330 this->other = NULL;
331 if (this->natd)
332 {
333 this->natd->task.migrate(&this->natd->task, ike_sa);
334 }
335 }
336
337 /**
338 * Implementation of task_t.destroy
339 */
340 static void destroy(private_ike_mobike_t *this)
341 {
342 DESTROY_IF(this->me);
343 DESTROY_IF(this->other);
344 chunk_free(&this->cookie2);
345 if (this->natd)
346 {
347 this->natd->task.destroy(&this->natd->task);
348 }
349 free(this);
350 }
351
352 /*
353 * Described in header.
354 */
355 ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator)
356 {
357 private_ike_mobike_t *this = malloc_thing(private_ike_mobike_t);
358
359 this->public.roam = (void(*)(ike_mobike_t*, host_t *, host_t *))roam;
360 this->public.task.get_type = (task_type_t(*)(task_t*))get_type;
361 this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate;
362 this->public.task.destroy = (void(*)(task_t*))destroy;
363
364 if (initiator)
365 {
366 this->public.task.build = (status_t(*)(task_t*,message_t*))build_i;
367 this->public.task.process = (status_t(*)(task_t*,message_t*))process_i;
368 }
369 else
370 {
371 this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
372 this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
373 }
374
375 this->ike_sa = ike_sa;
376 this->initiator = initiator;
377 this->me = NULL;
378 this->other = NULL;
379 this->cookie2 = chunk_empty;
380 this->natd = NULL;
381
382 return &this->public;
383 }
384