further work done for simultaneous rekeying/delete
[strongswan.git] / src / charon / sa / transactions / delete_child_sa.c
1 /**
2 * @file delete_child_sa.c
3 *
4 * @brief Implementation of the delete_child_sa transaction.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "delete_child_sa.h"
24
25 #include <daemon.h>
26 #include <encoding/payloads/delete_payload.h>
27 #include <sa/transactions/create_child_sa.h>
28
29
30 typedef struct private_delete_child_sa_t private_delete_child_sa_t;
31
32 /**
33 * Private members of a delete_child_sa_t object..
34 */
35 struct private_delete_child_sa_t {
36
37 /**
38 * Public methods and transaction_t interface.
39 */
40 delete_child_sa_t public;
41
42 /**
43 * Assigned IKE_SA.
44 */
45 ike_sa_t *ike_sa;
46
47 /**
48 * Message sent by our peer, if already generated
49 */
50 message_t *message;
51
52 /**
53 * Message ID this transaction uses
54 */
55 u_int32_t message_id;
56
57 /**
58 * Times we did send the request
59 */
60 u_int32_t requested;
61
62 /**
63 * CHILD SA to delete
64 */
65 child_sa_t *child_sa;
66
67 /**
68 * Assigned logger.
69 */
70 logger_t *logger;
71 };
72
73 /**
74 * Implementation of transaction_t.get_message_id.
75 */
76 static u_int32_t get_message_id(private_delete_child_sa_t *this)
77 {
78 return this->message_id;
79 }
80
81 /**
82 * Implementation of transaction_t.requested.
83 */
84 static u_int32_t requested(private_delete_child_sa_t *this)
85 {
86 return this->requested++;
87 }
88
89 /**
90 * Implementation of delete_child_sa_t.set_child_sa.
91 */
92 static void set_child_sa(private_delete_child_sa_t *this, child_sa_t *child_sa)
93 {
94 this->child_sa = child_sa;
95 }
96
97 /**
98 * Implementation of transaction_t.get_request.
99 */
100 static status_t get_request(private_delete_child_sa_t *this, message_t **result)
101 {
102 message_t *request;
103 connection_t *connection;
104 host_t *me, *other;
105
106 /* check if we already have built a message (retransmission) */
107 if (this->message)
108 {
109 *result = this->message;
110 return SUCCESS;
111 }
112
113 connection = this->ike_sa->get_connection(this->ike_sa);
114 me = connection->get_my_host(connection);
115 other = connection->get_other_host(connection);
116
117 /* build the request */
118 request = message_create();
119 request->set_source(request, me->clone(me));
120 request->set_destination(request, other->clone(other));
121 request->set_exchange_type(request, INFORMATIONAL);
122 request->set_request(request, TRUE);
123 request->set_message_id(request, this->message_id);
124 request->set_ike_sa_id(request, this->ike_sa->get_id(this->ike_sa));
125 *result = request;
126 this->message = request;
127
128 { /* add delete payload */
129 delete_payload_t *delete_payload;
130 protocol_id_t protocol;
131 u_int32_t spi;
132
133 protocol = this->child_sa->get_protocol(this->child_sa);
134 spi = this->child_sa->get_spi(this->child_sa, TRUE);
135 delete_payload = delete_payload_create(protocol);
136
137 this->logger->log(this->logger, CONTROL,
138 "created DELETE payload for %s CHILD_SA with SPI 0x%x",
139 mapping_find(protocol_id_m, protocol), htonl(spi));
140 delete_payload->add_spi(delete_payload, spi);
141 request->add_payload(request, (payload_t*)delete_payload);
142 }
143
144 return SUCCESS;
145 }
146
147 /**
148 * process a delete payload
149 */
150 static status_t process_delete(private_delete_child_sa_t *this, delete_payload_t *delete_request, message_t *response)
151 {
152 protocol_id_t protocol;
153 u_int32_t spi;
154 iterator_t *iterator;
155 delete_payload_t *delete_response = NULL;
156
157 /* get requested CHILD */
158 protocol = delete_request->get_protocol_id(delete_request);
159 if (protocol != PROTO_ESP && protocol != PROTO_AH)
160 {
161 this->logger->log(this->logger, CONTROL,
162 "CHILD_SA delete response contained unexpected protocol");
163 return FAILED;
164 }
165
166 /* prepare response payload */
167 if (response)
168 {
169 delete_response = delete_payload_create(protocol);
170 response->add_payload(response, (payload_t*)delete_response);
171 }
172
173 iterator = delete_request->create_spi_iterator(delete_request);
174 while (iterator->iterate(iterator, (void**)&spi))
175 {
176 child_sa_t *child_sa;
177
178 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE);
179
180 if (child_sa != NULL)
181 {
182 create_child_sa_t *rekey;
183
184 this->logger->log(this->logger, CONTROL,
185 "received DELETE for %s CHILD_SA with SPI 0x%x, deleting",
186 mapping_find(protocol_id_m, protocol), ntohl(spi));
187
188 rekey = child_sa->get_rekeying_transaction(child_sa);
189 if (rekey)
190 {
191 /* we have received a delete for an SA which we are still rekeying.
192 * this means we have lost the nonce comparison, and the rekeying
193 * will fail. We set a flag in the transaction for this special case.
194 */
195 this->logger->log(this->logger, CONTROL,
196 "DELETE received while rekeying, rekeying cancelled");
197 rekey->cancel(rekey);
198 }
199 /* delete it, with inbound spi */
200 spi = child_sa->get_spi(child_sa, TRUE);
201 this->ike_sa->destroy_child_sa(this->ike_sa, protocol, spi);
202 /* add delete response to message, if we are responding */
203 if (response)
204 {
205 delete_response->add_spi(delete_response, spi);
206 }
207 }
208 else
209 {
210 this->logger->log(this->logger, ERROR,
211 "received DELETE for %s CHILD_SA with SPI 0x%x, but no such SA",
212 mapping_find(protocol_id_m, protocol), ntohl(spi));
213 }
214 }
215 iterator->destroy(iterator);
216 return SUCCESS;
217 }
218
219 /**
220 * Implementation of transaction_t.get_response.
221 */
222 static status_t get_response(private_delete_child_sa_t *this, message_t *request,
223 message_t **result, transaction_t **next)
224 {
225 host_t *me, *other;
226 message_t *response;
227 iterator_t *payloads;
228 connection_t *connection;
229
230 /* check if we already have built a response (retransmission) */
231 if (this->message)
232 {
233 *result = this->message;
234 return SUCCESS;
235 }
236
237 connection = this->ike_sa->get_connection(this->ike_sa);
238 me = connection->get_my_host(connection);
239 other = connection->get_other_host(connection);
240
241 /* set up response */
242 response = message_create();
243 response->set_source(response, me->clone(me));
244 response->set_destination(response, other->clone(other));
245 response->set_exchange_type(response, INFORMATIONAL);
246 response->set_request(response, FALSE);
247 response->set_message_id(response, this->message_id);
248 response->set_ike_sa_id(response, this->ike_sa->get_id(this->ike_sa));
249 this->message = response;
250 *result = response;
251
252 if (request->get_exchange_type(request) != INFORMATIONAL)
253 {
254 this->logger->log(this->logger, ERROR,
255 "INFORMATIONAL response of invalid type, aborting");
256 return FAILED;
257 }
258
259 /* iterate over all payloads */
260 payloads = request->get_payload_iterator(request);
261 while (payloads->has_next(payloads))
262 {
263 payload_t *payload;
264 payloads->current(payloads, (void**)&payload);
265
266 switch (payload->get_type(payload))
267 {
268 case DELETE:
269 {
270 process_delete(this, (delete_payload_t*)payload, response);
271 break;
272 }
273 default:
274 {
275 this->logger->log(this->logger, ERROR|LEVEL1, "ignoring payload %s (%d)",
276 mapping_find(payload_type_m, payload->get_type(payload)),
277 payload->get_type(payload));
278 break;
279 }
280 }
281 }
282 payloads->destroy(payloads);
283 return SUCCESS;
284 }
285
286 /**
287 * Implementation of transaction_t.conclude
288 */
289 static status_t conclude(private_delete_child_sa_t *this, message_t *response,
290 transaction_t **transaction)
291 {
292 iterator_t *payloads;
293
294 /* check message type */
295 if (response->get_exchange_type(response) != INFORMATIONAL)
296 {
297 this->logger->log(this->logger, ERROR,
298 "INFORMATIONAL response of invalid type, aborting");
299 return FAILED;
300 }
301
302 /* iterate over all payloads */
303 payloads = response->get_payload_iterator(response);
304 while (payloads->has_next(payloads))
305 {
306 payload_t *payload;
307 payloads->current(payloads, (void**)&payload);
308
309 switch (payload->get_type(payload))
310 {
311 case DELETE:
312 {
313 process_delete(this, (delete_payload_t*)payload, NULL);
314 break;
315 }
316 default:
317 {
318 this->logger->log(this->logger, ERROR|LEVEL1, "ignoring payload %s (%d)",
319 mapping_find(payload_type_m, payload->get_type(payload)),
320 payload->get_type(payload));
321 break;
322 }
323 }
324 }
325 payloads->destroy(payloads);
326 return SUCCESS;
327 }
328
329 /**
330 * implements transaction_t.destroy
331 */
332 static void destroy(private_delete_child_sa_t *this)
333 {
334 if (this->message)
335 {
336 this->message->destroy(this->message);
337 }
338 free(this);
339 }
340
341 /*
342 * Described in header.
343 */
344 delete_child_sa_t *delete_child_sa_create(ike_sa_t *ike_sa, u_int32_t message_id)
345 {
346 private_delete_child_sa_t *this = malloc_thing(private_delete_child_sa_t);
347
348 /* transaction interface functions */
349 this->public.transaction.get_request = (status_t(*)(transaction_t*,message_t**))get_request;
350 this->public.transaction.get_response = (status_t(*)(transaction_t*,message_t*,message_t**,transaction_t**))get_response;
351 this->public.transaction.conclude = (status_t(*)(transaction_t*,message_t*,transaction_t**))conclude;
352 this->public.transaction.get_message_id = (u_int32_t(*)(transaction_t*))get_message_id;
353 this->public.transaction.requested = (u_int32_t(*)(transaction_t*))requested;
354 this->public.transaction.destroy = (void(*)(transaction_t*))destroy;
355
356 /* publics */
357 this->public.set_child_sa = (void(*)(delete_child_sa_t*,child_sa_t*))set_child_sa;
358
359 /* private data */
360 this->ike_sa = ike_sa;
361 this->message_id = message_id;
362 this->message = NULL;
363 this->requested = 0;
364 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
365
366 return &this->public;
367 }