Migrated vendor_id_payload to INIT/METHOD macros
[strongswan.git] / src / libcharon / encoding / message.c
1 /*
2 * Copyright (C) 2006-2007 Tobias Brunner
3 * Copyright (C) 2005-2010 Martin Willi
4 * Copyright (C) 2010 revosec AG
5 * Copyright (C) 2006 Daniel Roethlisberger
6 * Copyright (C) 2005 Jan Hutter
7 * Hochschule fuer Technik Rapperswil
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2 of the License, or (at your
12 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 *
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
16 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * for more details.
18 */
19
20 #include <stdlib.h>
21 #include <string.h>
22
23 #include "message.h"
24
25 #include <library.h>
26 #include <daemon.h>
27 #include <sa/ike_sa_id.h>
28 #include <encoding/generator.h>
29 #include <encoding/parser.h>
30 #include <utils/linked_list.h>
31 #include <encoding/payloads/encodings.h>
32 #include <encoding/payloads/payload.h>
33 #include <encoding/payloads/encryption_payload.h>
34 #include <encoding/payloads/unknown_payload.h>
35 #include <encoding/payloads/cp_payload.h>
36
37 /**
38 * Max number of notify payloads per IKEv2 Message
39 */
40 #define MAX_NOTIFY_PAYLOADS 20
41
42 /**
43 * Max number of delete payloads per IKEv2 Message
44 */
45 #define MAX_DELETE_PAYLOADS 20
46
47 /**
48 * A payload rule defines the rules for a payload
49 * in a specific message rule. It defines if and how
50 * many times a payload must/can occur in a message
51 * and if it must be encrypted.
52 */
53 typedef struct {
54 /* Payload type */
55 payload_type_t type;
56 /* Minimal occurence of this payload. */
57 size_t min_occurence;
58 /* Max occurence of this payload. */
59 size_t max_occurence;
60 /* TRUE if payload must be encrypted */
61 bool encrypted;
62 /* If payload occurs, the message rule is fullfilled */
63 bool sufficient;
64 } payload_rule_t;
65
66 /**
67 * payload ordering structure allows us to reorder payloads according to RFC.
68 */
69 typedef struct {
70 /** payload type */
71 payload_type_t type;
72 /** notify type, if payload == NOTIFY */
73 notify_type_t notify;
74 } payload_order_t;
75
76 /**
77 * A message rule defines the kind of a message,
78 * if it has encrypted contents and a list
79 * of payload ordering rules and payload parsing rules.
80 */
81 typedef struct {
82 /** Type of message. */
83 exchange_type_t exchange_type;
84 /** Is message a request or response. */
85 bool is_request;
86 /** Message contains encrypted payloads. */
87 bool encrypted;
88 /** Number of payload rules which will follow */
89 int rule_count;
90 /** Pointer to first payload rule */
91 payload_rule_t *rules;
92 /** Number of payload order rules */
93 int order_count;
94 /** payload ordering rules */
95 payload_order_t *order;
96 } message_rule_t;
97
98 /**
99 * Message rule for IKE_SA_INIT from initiator.
100 */
101 static payload_rule_t ike_sa_init_i_rules[] = {
102 /* payload type min max encr suff */
103 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
104 {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
105 {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
106 {NONCE, 1, 1, FALSE, FALSE},
107 {VENDOR_ID, 0, 10, FALSE, FALSE},
108 };
109
110 /**
111 * payload order for IKE_SA_INIT initiator
112 */
113 static payload_order_t ike_sa_init_i_order[] = {
114 /* payload type notify type */
115 {NOTIFY, COOKIE},
116 {SECURITY_ASSOCIATION, 0},
117 {KEY_EXCHANGE, 0},
118 {NONCE, 0},
119 {NOTIFY, NAT_DETECTION_SOURCE_IP},
120 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
121 {NOTIFY, 0},
122 {VENDOR_ID, 0},
123 };
124
125 /**
126 * Message rule for IKE_SA_INIT from responder.
127 */
128 static payload_rule_t ike_sa_init_r_rules[] = {
129 /* payload type min max encr suff */
130 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE},
131 {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
132 {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
133 {NONCE, 1, 1, FALSE, FALSE},
134 {CERTIFICATE_REQUEST, 1, 1, FALSE, FALSE},
135 {VENDOR_ID, 0, 10, FALSE, FALSE},
136 };
137
138 /**
139 * payload order for IKE_SA_INIT responder
140 */
141 static payload_order_t ike_sa_init_r_order[] = {
142 /* payload type notify type */
143 {SECURITY_ASSOCIATION, 0},
144 {KEY_EXCHANGE, 0},
145 {NONCE, 0},
146 {NOTIFY, NAT_DETECTION_SOURCE_IP},
147 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
148 {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
149 {CERTIFICATE_REQUEST, 0},
150 {NOTIFY, 0},
151 {VENDOR_ID, 0},
152 };
153
154 /**
155 * Message rule for IKE_AUTH from initiator.
156 */
157 static payload_rule_t ike_auth_i_rules[] = {
158 /* payload type min max encr suff */
159 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
160 {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
161 {AUTHENTICATION, 0, 1, TRUE, TRUE},
162 {ID_INITIATOR, 0, 1, TRUE, FALSE},
163 {CERTIFICATE, 0, 4, TRUE, FALSE},
164 {CERTIFICATE_REQUEST, 0, 1, TRUE, FALSE},
165 {ID_RESPONDER, 0, 1, TRUE, FALSE},
166 #ifdef ME
167 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
168 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
169 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
170 #else
171 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
172 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
173 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
174 #endif /* ME */
175 {CONFIGURATION, 0, 1, TRUE, FALSE},
176 {VENDOR_ID, 0, 10, TRUE, FALSE},
177 };
178
179 /**
180 * payload order for IKE_AUTH initiator
181 */
182 static payload_order_t ike_auth_i_order[] = {
183 /* payload type notify type */
184 {ID_INITIATOR, 0},
185 {CERTIFICATE, 0},
186 {NOTIFY, INITIAL_CONTACT},
187 {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
188 {CERTIFICATE_REQUEST, 0},
189 {ID_RESPONDER, 0},
190 {AUTHENTICATION, 0},
191 {EXTENSIBLE_AUTHENTICATION, 0},
192 {CONFIGURATION, 0},
193 {NOTIFY, IPCOMP_SUPPORTED},
194 {NOTIFY, USE_TRANSPORT_MODE},
195 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
196 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
197 {SECURITY_ASSOCIATION, 0},
198 {TRAFFIC_SELECTOR_INITIATOR, 0},
199 {TRAFFIC_SELECTOR_RESPONDER, 0},
200 {NOTIFY, MOBIKE_SUPPORTED},
201 {NOTIFY, ADDITIONAL_IP4_ADDRESS},
202 {NOTIFY, ADDITIONAL_IP6_ADDRESS},
203 {NOTIFY, NO_ADDITIONAL_ADDRESSES},
204 {NOTIFY, 0},
205 {VENDOR_ID, 0},
206 };
207
208 /**
209 * Message rule for IKE_AUTH from responder.
210 */
211 static payload_rule_t ike_auth_r_rules[] = {
212 /* payload type min max encr suff */
213 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
214 {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
215 {AUTHENTICATION, 0, 1, TRUE, TRUE},
216 {CERTIFICATE, 0, 4, TRUE, FALSE},
217 {ID_RESPONDER, 0, 1, TRUE, FALSE},
218 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
219 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
220 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
221 {CONFIGURATION, 0, 1, TRUE, FALSE},
222 {VENDOR_ID, 0, 10, TRUE, FALSE},
223 };
224
225 /**
226 * payload order for IKE_AUTH responder
227 */
228 static payload_order_t ike_auth_r_order[] = {
229 /* payload type notify type */
230 {ID_RESPONDER, 0},
231 {CERTIFICATE, 0},
232 {AUTHENTICATION, 0},
233 {EXTENSIBLE_AUTHENTICATION, 0},
234 {CONFIGURATION, 0},
235 {NOTIFY, IPCOMP_SUPPORTED},
236 {NOTIFY, USE_TRANSPORT_MODE},
237 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
238 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
239 {SECURITY_ASSOCIATION, 0},
240 {TRAFFIC_SELECTOR_INITIATOR, 0},
241 {TRAFFIC_SELECTOR_RESPONDER, 0},
242 {NOTIFY, AUTH_LIFETIME},
243 {NOTIFY, MOBIKE_SUPPORTED},
244 {NOTIFY, ADDITIONAL_IP4_ADDRESS},
245 {NOTIFY, ADDITIONAL_IP6_ADDRESS},
246 {NOTIFY, NO_ADDITIONAL_ADDRESSES},
247 {NOTIFY, 0},
248 {VENDOR_ID, 0},
249 };
250
251 /**
252 * Message rule for INFORMATIONAL from initiator.
253 */
254 static payload_rule_t informational_i_rules[] = {
255 /* payload type min max encr suff */
256 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
257 {CONFIGURATION, 0, 1, TRUE, FALSE},
258 {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
259 {VENDOR_ID, 0, 10, TRUE, FALSE},
260 };
261
262 /**
263 * payload order for INFORMATIONAL initiator
264 */
265 static payload_order_t informational_i_order[] = {
266 /* payload type notify type */
267 {NOTIFY, UPDATE_SA_ADDRESSES},
268 {NOTIFY, NAT_DETECTION_SOURCE_IP},
269 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
270 {NOTIFY, COOKIE2},
271 {NOTIFY, 0},
272 {DELETE, 0},
273 {CONFIGURATION, 0},
274 };
275
276 /**
277 * Message rule for INFORMATIONAL from responder.
278 */
279 static payload_rule_t informational_r_rules[] = {
280 /* payload type min max encr suff */
281 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
282 {CONFIGURATION, 0, 1, TRUE, FALSE},
283 {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
284 {VENDOR_ID, 0, 10, TRUE, FALSE},
285 };
286
287 /**
288 * payload order for INFORMATIONAL responder
289 */
290 static payload_order_t informational_r_order[] = {
291 /* payload type notify type */
292 {NOTIFY, UPDATE_SA_ADDRESSES},
293 {NOTIFY, NAT_DETECTION_SOURCE_IP},
294 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
295 {NOTIFY, COOKIE2},
296 {NOTIFY, 0},
297 {DELETE, 0},
298 {CONFIGURATION, 0},
299 };
300
301 /**
302 * Message rule for CREATE_CHILD_SA from initiator.
303 */
304 static payload_rule_t create_child_sa_i_rules[] = {
305 /* payload type min max encr suff */
306 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
307 {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
308 {NONCE, 1, 1, TRUE, FALSE},
309 {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
310 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
311 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
312 {CONFIGURATION, 0, 1, TRUE, FALSE},
313 {VENDOR_ID, 0, 10, TRUE, FALSE},
314 };
315
316 /**
317 * payload order for CREATE_CHILD_SA from initiator.
318 */
319 static payload_order_t create_child_sa_i_order[] = {
320 /* payload type notify type */
321 {NOTIFY, REKEY_SA},
322 {NOTIFY, IPCOMP_SUPPORTED},
323 {NOTIFY, USE_TRANSPORT_MODE},
324 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
325 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
326 {SECURITY_ASSOCIATION, 0},
327 {NONCE, 0},
328 {KEY_EXCHANGE, 0},
329 {TRAFFIC_SELECTOR_INITIATOR, 0},
330 {TRAFFIC_SELECTOR_RESPONDER, 0},
331 {NOTIFY, 0},
332 };
333
334 /**
335 * Message rule for CREATE_CHILD_SA from responder.
336 */
337 static payload_rule_t create_child_sa_r_rules[] = {
338 /* payload type min max encr suff */
339 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
340 {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
341 {NONCE, 1, 1, TRUE, FALSE},
342 {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
343 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
344 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
345 {CONFIGURATION, 0, 1, TRUE, FALSE},
346 {VENDOR_ID, 0, 10, TRUE, FALSE},
347 };
348
349 /**
350 * payload order for CREATE_CHILD_SA from responder.
351 */
352 static payload_order_t create_child_sa_r_order[] = {
353 /* payload type notify type */
354 {NOTIFY, IPCOMP_SUPPORTED},
355 {NOTIFY, USE_TRANSPORT_MODE},
356 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
357 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
358 {SECURITY_ASSOCIATION, 0},
359 {NONCE, 0},
360 {KEY_EXCHANGE, 0},
361 {TRAFFIC_SELECTOR_INITIATOR, 0},
362 {TRAFFIC_SELECTOR_RESPONDER, 0},
363 {NOTIFY, ADDITIONAL_TS_POSSIBLE},
364 {NOTIFY, 0},
365 };
366
367 #ifdef ME
368 /**
369 * Message rule for ME_CONNECT from initiator.
370 */
371 static payload_rule_t me_connect_i_rules[] = {
372 /* payload type min max encr suff */
373 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
374 {ID_PEER, 1, 1, TRUE, FALSE},
375 {VENDOR_ID, 0, 10, TRUE, FALSE}
376 };
377
378 /**
379 * payload order for ME_CONNECT from initiator.
380 */
381 static payload_order_t me_connect_i_order[] = {
382 /* payload type notify type */
383 {NOTIFY, 0},
384 {ID_PEER, 0},
385 {VENDOR_ID, 0},
386 };
387
388 /**
389 * Message rule for ME_CONNECT from responder.
390 */
391 static payload_rule_t me_connect_r_rules[] = {
392 /* payload type min max encr suff */
393 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
394 {VENDOR_ID, 0, 10, TRUE, FALSE}
395 };
396
397 /**
398 * payload order for ME_CONNECT from responder.
399 */
400 static payload_order_t me_connect_r_order[] = {
401 /* payload type notify type */
402 {NOTIFY, 0},
403 {VENDOR_ID, 0},
404 };
405 #endif /* ME */
406
407 /**
408 * Message rules, defines allowed payloads.
409 */
410 static message_rule_t message_rules[] = {
411 {IKE_SA_INIT, TRUE, FALSE,
412 countof(ike_sa_init_i_rules), ike_sa_init_i_rules,
413 countof(ike_sa_init_i_order), ike_sa_init_i_order,
414 },
415 {IKE_SA_INIT, FALSE, FALSE,
416 countof(ike_sa_init_r_rules), ike_sa_init_r_rules,
417 countof(ike_sa_init_r_order), ike_sa_init_r_order,
418 },
419 {IKE_AUTH, TRUE, TRUE,
420 countof(ike_auth_i_rules), ike_auth_i_rules,
421 countof(ike_auth_i_order), ike_auth_i_order,
422 },
423 {IKE_AUTH, FALSE, TRUE,
424 countof(ike_auth_r_rules), ike_auth_r_rules,
425 countof(ike_auth_r_order), ike_auth_r_order,
426 },
427 {INFORMATIONAL, TRUE, TRUE,
428 countof(informational_i_rules), informational_i_rules,
429 countof(informational_i_order), informational_i_order,
430 },
431 {INFORMATIONAL, FALSE, TRUE,
432 countof(informational_r_rules), informational_r_rules,
433 countof(informational_r_order), informational_r_order,
434 },
435 {CREATE_CHILD_SA, TRUE, TRUE,
436 countof(create_child_sa_i_rules), create_child_sa_i_rules,
437 countof(create_child_sa_i_order), create_child_sa_i_order,
438 },
439 {CREATE_CHILD_SA, FALSE, TRUE,
440 countof(create_child_sa_r_rules), create_child_sa_r_rules,
441 countof(create_child_sa_r_order), create_child_sa_r_order,
442 },
443 #ifdef ME
444 {ME_CONNECT, TRUE, TRUE,
445 countof(me_connect_i_rules), me_connect_i_rules,
446 countof(me_connect_i_order), me_connect_i_order,
447 },
448 {ME_CONNECT, FALSE, TRUE,
449 countof(me_connect_r_rules), me_connect_r_rules,
450 countof(me_connect_r_order), me_connect_r_order,
451 },
452 #endif /* ME */
453 };
454
455
456 typedef struct private_message_t private_message_t;
457
458 /**
459 * Private data of an message_t object.
460 */
461 struct private_message_t {
462
463 /**
464 * Public part of a message_t object.
465 */
466 message_t public;
467
468 /**
469 * Minor version of message.
470 */
471 u_int8_t major_version;
472
473 /**
474 * Major version of message.
475 */
476 u_int8_t minor_version;
477
478 /**
479 * First Payload in message.
480 */
481 payload_type_t first_payload;
482
483 /**
484 * Assigned exchange type.
485 */
486 exchange_type_t exchange_type;
487
488 /**
489 * TRUE if message is a request, FALSE if a reply.
490 */
491 bool is_request;
492
493 /**
494 * Sorting of message disabled?
495 */
496 bool sort_disabled;
497
498 /**
499 * Message ID of this message.
500 */
501 u_int32_t message_id;
502
503 /**
504 * ID of assigned IKE_SA.
505 */
506 ike_sa_id_t *ike_sa_id;
507
508 /**
509 * Assigned UDP packet, stores incoming packet or last generated one.
510 */
511 packet_t *packet;
512
513 /**
514 * Linked List where payload data are stored in.
515 */
516 linked_list_t *payloads;
517
518 /**
519 * Assigned parser to parse Header and Body of this message.
520 */
521 parser_t *parser;
522
523 /**
524 * The message rule for this message instance
525 */
526 message_rule_t *rule;
527 };
528
529 /**
530 * Get the message rule that applies to this message
531 */
532 static message_rule_t* get_message_rule(private_message_t *this)
533 {
534 int i;
535
536 for (i = 0; i < countof(message_rules); i++)
537 {
538 if ((this->exchange_type == message_rules[i].exchange_type) &&
539 (this->is_request == message_rules[i].is_request))
540 {
541 return &message_rules[i];
542 }
543 }
544 return NULL;
545 }
546
547 /**
548 * Look up a payload rule
549 */
550 static payload_rule_t* get_payload_rule(private_message_t *this,
551 payload_type_t type)
552 {
553 int i;
554
555 for (i = 0; i < this->rule->rule_count;i++)
556 {
557 if (this->rule->rules[i].type == type)
558 {
559 return &this->rule->rules[i];
560 }
561 }
562 return NULL;
563 }
564
565 METHOD(message_t, set_ike_sa_id, void,
566 private_message_t *this,ike_sa_id_t *ike_sa_id)
567 {
568 DESTROY_IF(this->ike_sa_id);
569 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
570 }
571
572 METHOD(message_t, get_ike_sa_id, ike_sa_id_t*,
573 private_message_t *this)
574 {
575 return this->ike_sa_id;
576 }
577
578 METHOD(message_t, set_message_id, void,
579 private_message_t *this,u_int32_t message_id)
580 {
581 this->message_id = message_id;
582 }
583
584 METHOD(message_t, get_message_id, u_int32_t,
585 private_message_t *this)
586 {
587 return this->message_id;
588 }
589
590 METHOD(message_t, get_initiator_spi, u_int64_t,
591 private_message_t *this)
592 {
593 return (this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
594 }
595
596 METHOD(message_t, get_responder_spi, u_int64_t,
597 private_message_t *this)
598 {
599 return (this->ike_sa_id->get_responder_spi(this->ike_sa_id));
600 }
601
602 METHOD(message_t, set_major_version, void,
603 private_message_t *this, u_int8_t major_version)
604 {
605 this->major_version = major_version;
606 }
607
608 METHOD(message_t, get_major_version, u_int8_t,
609 private_message_t *this)
610 {
611 return this->major_version;
612 }
613
614 METHOD(message_t, set_minor_version, void,
615 private_message_t *this,u_int8_t minor_version)
616 {
617 this->minor_version = minor_version;
618 }
619
620 METHOD(message_t, get_minor_version, u_int8_t,
621 private_message_t *this)
622 {
623 return this->minor_version;
624 }
625
626 METHOD(message_t, set_exchange_type, void,
627 private_message_t *this, exchange_type_t exchange_type)
628 {
629 this->exchange_type = exchange_type;
630 }
631
632 METHOD(message_t, get_exchange_type, exchange_type_t,
633 private_message_t *this)
634 {
635 return this->exchange_type;
636 }
637
638 METHOD(message_t, get_first_payload_type, payload_type_t,
639 private_message_t *this)
640 {
641 return this->first_payload;
642 }
643
644 METHOD(message_t, set_request, void,
645 private_message_t *this, bool request)
646 {
647 this->is_request = request;
648 }
649
650 METHOD(message_t, get_request, bool,
651 private_message_t *this)
652 {
653 return this->is_request;
654 }
655
656 /**
657 * Is this message in an encoded form?
658 */
659 static bool is_encoded(private_message_t *this)
660 {
661 chunk_t data = this->packet->get_data(this->packet);
662
663 if (data.ptr == NULL)
664 {
665 return FALSE;
666 }
667 return TRUE;
668 }
669
670 METHOD(message_t, add_payload, void,
671 private_message_t *this, payload_t *payload)
672 {
673 payload_t *last_payload;
674
675 if (this->payloads->get_count(this->payloads) > 0)
676 {
677 this->payloads->get_last(this->payloads, (void **)&last_payload);
678 last_payload->set_next_type(last_payload, payload->get_type(payload));
679 }
680 else
681 {
682 this->first_payload = payload->get_type(payload);
683 }
684 payload->set_next_type(payload, NO_PAYLOAD);
685 this->payloads->insert_last(this->payloads, payload);
686
687 DBG2(DBG_ENC ,"added payload of type %N to message",
688 payload_type_names, payload->get_type(payload));
689 }
690
691 METHOD(message_t, add_notify, void,
692 private_message_t *this, bool flush, notify_type_t type, chunk_t data)
693 {
694 notify_payload_t *notify;
695 payload_t *payload;
696
697 if (flush)
698 {
699 while (this->payloads->remove_last(this->payloads,
700 (void**)&payload) == SUCCESS)
701 {
702 payload->destroy(payload);
703 }
704 }
705 notify = notify_payload_create();
706 notify->set_notify_type(notify, type);
707 notify->set_notification_data(notify, data);
708 add_payload(this, (payload_t*)notify);
709 }
710
711 METHOD(message_t, set_source, void,
712 private_message_t *this, host_t *host)
713 {
714 this->packet->set_source(this->packet, host);
715 }
716
717 METHOD(message_t, set_destination, void,
718 private_message_t *this, host_t *host)
719 {
720 this->packet->set_destination(this->packet, host);
721 }
722
723 METHOD(message_t, get_source, host_t*,
724 private_message_t *this)
725 {
726 return this->packet->get_source(this->packet);
727 }
728
729 METHOD(message_t, get_destination, host_t*,
730 private_message_t *this)
731 {
732 return this->packet->get_destination(this->packet);
733 }
734
735 METHOD(message_t, create_payload_enumerator, enumerator_t*,
736 private_message_t *this)
737 {
738 return this->payloads->create_enumerator(this->payloads);
739 }
740
741 METHOD(message_t, remove_payload_at, void,
742 private_message_t *this, enumerator_t *enumerator)
743 {
744 this->payloads->remove_at(this->payloads, enumerator);
745 }
746
747 METHOD(message_t, get_payload, payload_t*,
748 private_message_t *this, payload_type_t type)
749 {
750 payload_t *current, *found = NULL;
751 enumerator_t *enumerator;
752
753 enumerator = create_payload_enumerator(this);
754 while (enumerator->enumerate(enumerator, &current))
755 {
756 if (current->get_type(current) == type)
757 {
758 found = current;
759 break;
760 }
761 }
762 enumerator->destroy(enumerator);
763 return found;
764 }
765
766 METHOD(message_t, get_notify, notify_payload_t*,
767 private_message_t *this, notify_type_t type)
768 {
769 enumerator_t *enumerator;
770 notify_payload_t *notify = NULL;
771 payload_t *payload;
772
773 enumerator = create_payload_enumerator(this);
774 while (enumerator->enumerate(enumerator, &payload))
775 {
776 if (payload->get_type(payload) == NOTIFY)
777 {
778 notify = (notify_payload_t*)payload;
779 if (notify->get_notify_type(notify) == type)
780 {
781 break;
782 }
783 notify = NULL;
784 }
785 }
786 enumerator->destroy(enumerator);
787 return notify;
788 }
789
790 /**
791 * get a string representation of the message
792 */
793 static char* get_string(private_message_t *this, char *buf, int len)
794 {
795 enumerator_t *enumerator;
796 payload_t *payload;
797 int written;
798 char *pos = buf;
799
800 memset(buf, 0, len);
801 len--;
802
803 written = snprintf(pos, len, "%N %s %d [",
804 exchange_type_names, this->exchange_type,
805 this->is_request ? "request" : "response",
806 this->message_id);
807 if (written >= len || written < 0)
808 {
809 return "";
810 }
811 pos += written;
812 len -= written;
813
814 enumerator = create_payload_enumerator(this);
815 while (enumerator->enumerate(enumerator, &payload))
816 {
817 written = snprintf(pos, len, " %N", payload_type_short_names,
818 payload->get_type(payload));
819 if (written >= len || written < 0)
820 {
821 return buf;
822 }
823 pos += written;
824 len -= written;
825 if (payload->get_type(payload) == NOTIFY)
826 {
827 notify_payload_t *notify = (notify_payload_t*)payload;
828 written = snprintf(pos, len, "(%N)", notify_type_short_names,
829 notify->get_notify_type(notify));
830 if (written >= len || written < 0)
831 {
832 return buf;
833 }
834 pos += written;
835 len -= written;
836 }
837 if (payload->get_type(payload) == EXTENSIBLE_AUTHENTICATION)
838 {
839 eap_payload_t *eap = (eap_payload_t*)payload;
840 u_int32_t vendor;
841 eap_type_t type;
842 char method[64] = "";
843
844 type = eap->get_type(eap, &vendor);
845 if (type)
846 {
847 if (vendor)
848 {
849 snprintf(method, sizeof(method), "/%d-%d", type, vendor);
850 }
851 else
852 {
853 snprintf(method, sizeof(method), "/%N",
854 eap_type_short_names, type);
855 }
856 }
857 written = snprintf(pos, len, "/%N%s", eap_code_short_names,
858 eap->get_code(eap), method);
859 if (written >= len || written < 0)
860 {
861 return buf;
862 }
863 pos += written;
864 len -= written;
865 }
866 if (payload->get_type(payload) == CONFIGURATION)
867 {
868 cp_payload_t *cp = (cp_payload_t*)payload;
869 enumerator_t *attributes;
870 configuration_attribute_t *attribute;
871 bool first = TRUE;
872
873 attributes = cp->create_attribute_enumerator(cp);
874 while (attributes->enumerate(attributes, &attribute))
875 {
876 written = snprintf(pos, len, "%s%N", first ? "(" : " ",
877 configuration_attribute_type_short_names,
878 attribute->get_type(attribute));
879 if (written >= len || written < 0)
880 {
881 return buf;
882 }
883 pos += written;
884 len -= written;
885 first = FALSE;
886 }
887 attributes->destroy(attributes);
888 if (!first)
889 {
890 written = snprintf(pos, len, ")");
891 if (written >= len || written < 0)
892 {
893 return buf;
894 }
895 pos += written;
896 len -= written;
897 }
898 }
899 }
900 enumerator->destroy(enumerator);
901
902 /* remove last space */
903 snprintf(pos, len, " ]");
904 return buf;
905 }
906
907 /**
908 * reorder payloads depending on reordering rules
909 */
910 static void order_payloads(private_message_t *this)
911 {
912 linked_list_t *list;
913 payload_t *payload;
914 int i;
915
916 /* move to temp list */
917 list = linked_list_create();
918 while (this->payloads->remove_last(this->payloads,
919 (void**)&payload) == SUCCESS)
920 {
921 list->insert_first(list, payload);
922 }
923 /* for each rule, ... */
924 for (i = 0; i < this->rule->order_count; i++)
925 {
926 enumerator_t *enumerator;
927 notify_payload_t *notify;
928 payload_order_t order;
929
930 order = this->rule->order[i];
931
932 /* ... find all payload ... */
933 enumerator = list->create_enumerator(list);
934 while (enumerator->enumerate(enumerator, &payload))
935 {
936 /* ... with that type ... */
937 if (payload->get_type(payload) == order.type)
938 {
939 notify = (notify_payload_t*)payload;
940
941 /**... and check notify for type. */
942 if (order.type != NOTIFY || order.notify == 0 ||
943 order.notify == notify->get_notify_type(notify))
944 {
945 list->remove_at(list, enumerator);
946 add_payload(this, payload);
947 }
948 }
949 }
950 enumerator->destroy(enumerator);
951 }
952 /* append all payloads without a rule to the end */
953 while (list->remove_last(list, (void**)&payload) == SUCCESS)
954 {
955 /* do not complain about payloads in private use space */
956 if (payload->get_type(payload) < 128)
957 {
958 DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s",
959 payload_type_names, payload->get_type(payload),
960 exchange_type_names, this->rule->exchange_type,
961 this->rule->is_request ? "request" : "response");
962 }
963 add_payload(this, payload);
964 }
965 list->destroy(list);
966 }
967
968 /**
969 * Wrap payloads in a encryption payload
970 */
971 static encryption_payload_t* wrap_payloads(private_message_t *this)
972 {
973 encryption_payload_t *encryption;
974 linked_list_t *payloads;
975 payload_t *current;
976
977 /* copy all payloads in a temporary list */
978 payloads = linked_list_create();
979 while (this->payloads->remove_first(this->payloads,
980 (void**)&current) == SUCCESS)
981 {
982 payloads->insert_last(payloads, current);
983 }
984
985 encryption = encryption_payload_create();
986 while (payloads->remove_first(payloads, (void**)&current) == SUCCESS)
987 {
988 payload_rule_t *rule;
989 payload_type_t type;
990 bool encrypt = TRUE;
991
992 type = current->get_type(current);
993 rule = get_payload_rule(this, type);
994 if (rule)
995 {
996 encrypt = rule->encrypted;
997 }
998 if (encrypt)
999 {
1000 DBG2(DBG_ENC, "insert payload %N to encryption payload",
1001 payload_type_names, type);
1002 encryption->add_payload(encryption, current);
1003 }
1004 else
1005 {
1006 DBG2(DBG_ENC, "insert payload %N unencrypted",
1007 payload_type_names, type);
1008 add_payload(this, current);
1009 }
1010 }
1011 payloads->destroy(payloads);
1012
1013 return encryption;
1014 }
1015
1016 METHOD(message_t, disable_sort, void,
1017 private_message_t *this)
1018 {
1019 this->sort_disabled = TRUE;
1020 }
1021
1022 METHOD(message_t, generate, status_t,
1023 private_message_t *this, aead_t *aead, packet_t **packet)
1024 {
1025 generator_t *generator;
1026 ike_header_t *ike_header;
1027 payload_t *payload, *next;
1028 encryption_payload_t *encryption = NULL;
1029 enumerator_t *enumerator;
1030 chunk_t chunk;
1031 char str[256];
1032 u_int32_t *lenpos;
1033
1034 if (is_encoded(this))
1035 { /* already generated, return a new packet clone */
1036 *packet = this->packet->clone(this->packet);
1037 return SUCCESS;
1038 }
1039
1040 if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
1041 {
1042 DBG1(DBG_ENC, "exchange type is not defined");
1043 return INVALID_STATE;
1044 }
1045
1046 if (this->packet->get_source(this->packet) == NULL ||
1047 this->packet->get_destination(this->packet) == NULL)
1048 {
1049 DBG1(DBG_ENC, "source/destination not defined");
1050 return INVALID_STATE;
1051 }
1052
1053 this->rule = get_message_rule(this);
1054 if (!this->rule)
1055 {
1056 DBG1(DBG_ENC, "no message rules specified for this message type");
1057 return NOT_SUPPORTED;
1058 }
1059
1060 if (!this->sort_disabled)
1061 {
1062 order_payloads(this);
1063 }
1064
1065 DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
1066
1067 if (aead && this->rule->encrypted)
1068 {
1069 encryption = wrap_payloads(this);
1070 }
1071 else
1072 {
1073 DBG2(DBG_ENC, "not encrypting payloads");
1074 }
1075
1076 ike_header = ike_header_create();
1077 ike_header->set_maj_version(ike_header, this->major_version);
1078 ike_header->set_min_version(ike_header, this->minor_version);
1079 ike_header->set_exchange_type(ike_header, this->exchange_type);
1080 ike_header->set_message_id(ike_header, this->message_id);
1081 ike_header->set_response_flag(ike_header, !this->is_request);
1082 ike_header->set_initiator_flag(ike_header,
1083 this->ike_sa_id->is_initiator(this->ike_sa_id));
1084 ike_header->set_initiator_spi(ike_header,
1085 this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
1086 ike_header->set_responder_spi(ike_header,
1087 this->ike_sa_id->get_responder_spi(this->ike_sa_id));
1088
1089 generator = generator_create();
1090
1091 /* generate all payloads with proper next type */
1092 payload = (payload_t*)ike_header;
1093 enumerator = create_payload_enumerator(this);
1094 while (enumerator->enumerate(enumerator, &next))
1095 {
1096 payload->set_next_type(payload, next->get_type(next));
1097 generator->generate_payload(generator, payload);
1098 payload = next;
1099 }
1100 enumerator->destroy(enumerator);
1101 payload->set_next_type(payload, encryption ? ENCRYPTED : NO_PAYLOAD);
1102 generator->generate_payload(generator, payload);
1103 ike_header->destroy(ike_header);
1104
1105 if (encryption)
1106 {
1107 u_int32_t *lenpos;
1108
1109 /* build associated data (without header of encryption payload) */
1110 chunk = generator->get_chunk(generator, &lenpos);
1111 encryption->set_transform(encryption, aead);
1112 /* fill in length, including encryption payload */
1113 htoun32(lenpos, chunk.len + encryption->get_length(encryption));
1114
1115 this->payloads->insert_last(this->payloads, encryption);
1116 if (!encryption->encrypt(encryption, chunk))
1117 {
1118 generator->destroy(generator);
1119 return INVALID_STATE;
1120 }
1121 generator->generate_payload(generator, &encryption->payload_interface);
1122 }
1123 chunk = generator->get_chunk(generator, &lenpos);
1124 htoun32(lenpos, chunk.len);
1125 this->packet->set_data(this->packet, chunk_clone(chunk));
1126 generator->destroy(generator);
1127
1128 *packet = this->packet->clone(this->packet);
1129 return SUCCESS;
1130 }
1131
1132 METHOD(message_t, get_packet, packet_t*,
1133 private_message_t *this)
1134 {
1135 if (this->packet == NULL)
1136 {
1137 return NULL;
1138 }
1139 return this->packet->clone(this->packet);
1140 }
1141
1142 METHOD(message_t, get_packet_data, chunk_t,
1143 private_message_t *this)
1144 {
1145 if (this->packet == NULL)
1146 {
1147 return chunk_empty;
1148 }
1149 return chunk_clone(this->packet->get_data(this->packet));
1150 }
1151
1152 METHOD(message_t, parse_header, status_t,
1153 private_message_t *this)
1154 {
1155 ike_header_t *ike_header;
1156 status_t status;
1157
1158 DBG2(DBG_ENC, "parsing header of message");
1159
1160 this->parser->reset_context(this->parser);
1161 status = this->parser->parse_payload(this->parser, HEADER,
1162 (payload_t**)&ike_header);
1163 if (status != SUCCESS)
1164 {
1165 DBG1(DBG_ENC, "header could not be parsed");
1166 return status;
1167
1168 }
1169
1170 status = ike_header->payload_interface.verify(
1171 &ike_header->payload_interface);
1172 if (status != SUCCESS)
1173 {
1174 DBG1(DBG_ENC, "header verification failed");
1175 ike_header->destroy(ike_header);
1176 return status;
1177 }
1178
1179 DESTROY_IF(this->ike_sa_id);
1180 this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header),
1181 ike_header->get_responder_spi(ike_header),
1182 ike_header->get_initiator_flag(ike_header));
1183
1184 this->exchange_type = ike_header->get_exchange_type(ike_header);
1185 this->message_id = ike_header->get_message_id(ike_header);
1186 this->is_request = !ike_header->get_response_flag(ike_header);
1187 this->major_version = ike_header->get_maj_version(ike_header);
1188 this->minor_version = ike_header->get_min_version(ike_header);
1189 this->first_payload = ike_header->payload_interface.get_next_type(
1190 &ike_header->payload_interface);
1191
1192 DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type,
1193 this->is_request ? "request" : "response");
1194
1195 ike_header->destroy(ike_header);
1196
1197 this->rule = get_message_rule(this);
1198 if (!this->rule)
1199 {
1200 DBG1(DBG_ENC, "no message rules specified for a %N %s",
1201 exchange_type_names, this->exchange_type,
1202 this->is_request ? "request" : "response");
1203 }
1204 return status;
1205 }
1206
1207 /**
1208 * Decrypt payload from the encryption payload
1209 */
1210 static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
1211 {
1212 bool was_encrypted = FALSE;
1213 payload_t *payload, *previous = NULL;
1214 enumerator_t *enumerator;
1215 payload_rule_t *rule;
1216 payload_type_t type;
1217 status_t status = SUCCESS;
1218
1219 enumerator = this->payloads->create_enumerator(this->payloads);
1220 while (enumerator->enumerate(enumerator, &payload))
1221 {
1222 type = payload->get_type(payload);
1223
1224 DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type);
1225
1226 if (type == ENCRYPTED)
1227 {
1228 encryption_payload_t *encryption;
1229 payload_t *encrypted;
1230 chunk_t chunk;
1231
1232 encryption = (encryption_payload_t*)payload;
1233
1234 DBG2(DBG_ENC, "found an encryption payload");
1235
1236 if (enumerator->enumerate(enumerator, &payload))
1237 {
1238 DBG1(DBG_ENC, "encrypted payload is not last payload");
1239 status = VERIFY_ERROR;
1240 break;
1241 }
1242 encryption->set_transform(encryption, aead);
1243 chunk = this->packet->get_data(this->packet);
1244 if (chunk.len < encryption->get_length(encryption))
1245 {
1246 DBG1(DBG_ENC, "invalid payload length");
1247 status = VERIFY_ERROR;
1248 break;
1249 }
1250 chunk.len -= encryption->get_length(encryption);
1251 status = encryption->decrypt(encryption, chunk);
1252 if (status != SUCCESS)
1253 {
1254 break;
1255 }
1256
1257 was_encrypted = TRUE;
1258 this->payloads->remove_at(this->payloads, enumerator);
1259
1260 while ((encrypted = encryption->remove_payload(encryption)))
1261 {
1262 type = encrypted->get_type(encrypted);
1263 if (previous)
1264 {
1265 previous->set_next_type(previous, type);
1266 }
1267 else
1268 {
1269 this->first_payload = type;
1270 }
1271 DBG2(DBG_ENC, "insert decrypted payload of type "
1272 "%N at end of list", payload_type_names, type);
1273 this->payloads->insert_last(this->payloads, encrypted);
1274 previous = encrypted;
1275 }
1276 encryption->destroy(encryption);
1277 }
1278 if (payload_is_known(type) && !was_encrypted)
1279 {
1280 rule = get_payload_rule(this, type);
1281 if (!rule || rule->encrypted)
1282 {
1283 DBG1(DBG_ENC, "payload type %N was not encrypted",
1284 payload_type_names, type);
1285 status = FAILED;
1286 break;
1287 }
1288 }
1289 previous = payload;
1290 }
1291 enumerator->destroy(enumerator);
1292 return status;
1293 }
1294
1295 /**
1296 * Verify a message and all payload according to message/payload rules
1297 */
1298 static status_t verify(private_message_t *this)
1299 {
1300 bool complete = FALSE;
1301 int i;
1302
1303 DBG2(DBG_ENC, "verifying message structure");
1304
1305 /* check for payloads with wrong count*/
1306 for (i = 0; i < this->rule->rule_count; i++)
1307 {
1308 enumerator_t *enumerator;
1309 payload_t *payload;
1310 payload_rule_t *rule;
1311 int found = 0;
1312
1313 rule = &this->rule->rules[i];
1314 enumerator = create_payload_enumerator(this);
1315 while (enumerator->enumerate(enumerator, &payload))
1316 {
1317 payload_type_t type;
1318
1319 type = payload->get_type(payload);
1320 if (type == rule->type)
1321 {
1322 found++;
1323 DBG2(DBG_ENC, "found payload of type %N",
1324 payload_type_names, type);
1325 if (found > rule->max_occurence)
1326 {
1327 DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
1328 "occured in current message", payload_type_names,
1329 type, rule->max_occurence, found);
1330 enumerator->destroy(enumerator);
1331 return VERIFY_ERROR;
1332 }
1333 }
1334 }
1335 enumerator->destroy(enumerator);
1336
1337 if (!complete && found < rule->min_occurence)
1338 {
1339 DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
1340 payload_type_names, rule->type, rule->min_occurence, found);
1341 return VERIFY_ERROR;
1342 }
1343 if (found && rule->sufficient)
1344 {
1345 complete = TRUE;
1346 }
1347 }
1348 return SUCCESS;
1349 }
1350
1351 METHOD(message_t, parse_body, status_t,
1352 private_message_t *this, aead_t *aead)
1353 {
1354 status_t status = SUCCESS;
1355 payload_t *payload;
1356 payload_type_t type;
1357 char str[256];
1358
1359 type = this->first_payload;
1360
1361 DBG2(DBG_ENC, "parsing body of message, first payload is %N",
1362 payload_type_names, type);
1363
1364 while (type != NO_PAYLOAD)
1365 {
1366 DBG2(DBG_ENC, "starting parsing a %N payload",
1367 payload_type_names, type);
1368
1369 status = this->parser->parse_payload(this->parser, type, &payload);
1370 if (status != SUCCESS)
1371 {
1372 DBG1(DBG_ENC, "payload type %N could not be parsed",
1373 payload_type_names, type);
1374 return this->exchange_type == IKE_SA_INIT ? PARSE_ERROR : FAILED;
1375 }
1376
1377 DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, type);
1378 status = payload->verify(payload);
1379 if (status != SUCCESS)
1380 {
1381 DBG1(DBG_ENC, "%N payload verification failed",
1382 payload_type_names, type);
1383 payload->destroy(payload);
1384 return this->exchange_type == IKE_SA_INIT ? VERIFY_ERROR : FAILED;
1385 }
1386
1387 DBG2(DBG_ENC, "%N payload verified. Adding to payload list",
1388 payload_type_names, type);
1389 this->payloads->insert_last(this->payloads, payload);
1390
1391 /* an encryption payload is the last one, so STOP here. decryption is
1392 * done later */
1393 if (type == ENCRYPTED)
1394 {
1395 DBG2(DBG_ENC, "%N payload found. Stop parsing",
1396 payload_type_names, type);
1397 break;
1398 }
1399 type = payload->get_next_type(payload);
1400 }
1401
1402 status = decrypt_payloads(this, aead);
1403 if (status != SUCCESS)
1404 {
1405 DBG1(DBG_ENC, "could not decrypt payloads");
1406 return status;
1407 }
1408
1409 status = verify(this);
1410 if (status != SUCCESS)
1411 {
1412 return status;
1413 }
1414
1415 DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str)));
1416
1417 return SUCCESS;
1418 }
1419
1420 METHOD(message_t, destroy, void,
1421 private_message_t *this)
1422 {
1423 DESTROY_IF(this->ike_sa_id);
1424 this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
1425 this->packet->destroy(this->packet);
1426 this->parser->destroy(this->parser);
1427 free(this);
1428 }
1429
1430 /*
1431 * Described in Header-File
1432 */
1433 message_t *message_create_from_packet(packet_t *packet)
1434 {
1435 private_message_t *this;
1436
1437 INIT(this,
1438 .public = {
1439 .set_major_version = _set_major_version,
1440 .get_major_version = _get_major_version,
1441 .set_minor_version = _set_minor_version,
1442 .get_minor_version = _get_minor_version,
1443 .set_message_id = _set_message_id,
1444 .get_message_id = _get_message_id,
1445 .get_initiator_spi = _get_initiator_spi,
1446 .get_responder_spi = _get_responder_spi,
1447 .set_ike_sa_id = _set_ike_sa_id,
1448 .get_ike_sa_id = _get_ike_sa_id,
1449 .set_exchange_type = _set_exchange_type,
1450 .get_exchange_type = _get_exchange_type,
1451 .get_first_payload_type = _get_first_payload_type,
1452 .set_request = _set_request,
1453 .get_request = _get_request,
1454 .add_payload = _add_payload,
1455 .add_notify = _add_notify,
1456 .disable_sort = _disable_sort,
1457 .generate = _generate,
1458 .set_source = _set_source,
1459 .get_source = _get_source,
1460 .set_destination = _set_destination,
1461 .get_destination = _get_destination,
1462 .create_payload_enumerator = _create_payload_enumerator,
1463 .remove_payload_at = _remove_payload_at,
1464 .get_payload = _get_payload,
1465 .get_notify = _get_notify,
1466 .parse_header = _parse_header,
1467 .parse_body = _parse_body,
1468 .get_packet = _get_packet,
1469 .get_packet_data = _get_packet_data,
1470 .destroy = _destroy,
1471 },
1472 .major_version = IKE_MAJOR_VERSION,
1473 .minor_version = IKE_MINOR_VERSION,
1474 .exchange_type = EXCHANGE_TYPE_UNDEFINED,
1475 .is_request = TRUE,
1476 .first_payload = NO_PAYLOAD,
1477 .packet = packet,
1478 .payloads = linked_list_create(),
1479 .parser = parser_create(packet->get_data(packet)),
1480 );
1481
1482 return (&this->public);
1483 }
1484
1485 /*
1486 * Described in Header.
1487 */
1488 message_t *message_create()
1489 {
1490 return message_create_from_packet(packet_create());
1491 }
1492