ike: Maintain per-IKE_SA CHILD_SAs in the global CHILD_SA manager
[strongswan.git] / src / libcharon / processing / jobs / delete_ike_sa_job.c
1 /*
2 * Copyright (C) 2005-2006 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "delete_ike_sa_job.h"
18
19 #include <daemon.h>
20
21 typedef struct private_delete_ike_sa_job_t private_delete_ike_sa_job_t;
22
23 /**
24 * Private data of an delete_ike_sa_job_t Object
25 */
26 struct private_delete_ike_sa_job_t {
27 /**
28 * public delete_ike_sa_job_t interface
29 */
30 delete_ike_sa_job_t public;
31
32 /**
33 * ID of the ike_sa to delete
34 */
35 ike_sa_id_t *ike_sa_id;
36
37 /**
38 * Should the IKE_SA be deleted if it is in ESTABLISHED state?
39 */
40 bool delete_if_established;
41 };
42
43
44 METHOD(job_t, destroy, void,
45 private_delete_ike_sa_job_t *this)
46 {
47 this->ike_sa_id->destroy(this->ike_sa_id);
48 free(this);
49 }
50
51 METHOD(job_t, execute, job_requeue_t,
52 private_delete_ike_sa_job_t *this)
53 {
54 ike_sa_t *ike_sa;
55
56 ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
57 this->ike_sa_id);
58 if (ike_sa)
59 {
60 if (ike_sa->get_state(ike_sa) == IKE_PASSIVE)
61 {
62 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
63 return JOB_REQUEUE_NONE;
64 }
65 if (this->delete_if_established)
66 {
67 if (ike_sa->delete(ike_sa) == DESTROY_ME)
68 {
69 charon->ike_sa_manager->checkin_and_destroy(
70 charon->ike_sa_manager, ike_sa);
71 }
72 else
73 {
74 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
75 }
76 }
77 else
78 {
79 /* destroy IKE_SA only if it did not complete connecting phase */
80 if (ike_sa->get_state(ike_sa) != IKE_CONNECTING)
81 {
82 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
83 }
84 else if (ike_sa->get_version(ike_sa) == IKEV1 &&
85 ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR))
86 { /* as initiator we waited for the peer to initiate e.g. an
87 * XAuth exchange, reauth the SA to eventually trigger DPD */
88 DBG1(DBG_JOB, "peer did not initiate expected exchange, "
89 "reestablishing IKE_SA");
90 ike_sa->reauth(ike_sa);
91 charon->ike_sa_manager->checkin_and_destroy(
92 charon->ike_sa_manager, ike_sa);
93 }
94 else
95 {
96 DBG1(DBG_JOB, "deleting half open IKE_SA after timeout");
97 charon->bus->alert(charon->bus, ALERT_HALF_OPEN_TIMEOUT);
98 charon->ike_sa_manager->checkin_and_destroy(
99 charon->ike_sa_manager, ike_sa);
100 }
101 }
102 }
103 return JOB_REQUEUE_NONE;
104 }
105
106 METHOD(job_t, get_priority, job_priority_t,
107 private_delete_ike_sa_job_t *this)
108 {
109 return JOB_PRIO_MEDIUM;
110 }
111
112 /*
113 * Described in header
114 */
115 delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id,
116 bool delete_if_established)
117 {
118 private_delete_ike_sa_job_t *this;
119
120 INIT(this,
121 .public = {
122 .job_interface = {
123 .execute = _execute,
124 .get_priority = _get_priority,
125 .destroy = _destroy,
126 },
127 },
128 .ike_sa_id = ike_sa_id->clone(ike_sa_id),
129 .delete_if_established = delete_if_established,
130 );
131
132 return &(this->public);
133 }