Initiate quick mode rekeying with narrowed traffic selectors
[strongswan.git] / src / libcharon / sa / ikev1 / task_manager_v1.c
1 /*
2 * Copyright (C) 2007-2011 Tobias Brunner
3 * Copyright (C) 2007-2011 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "task_manager_v1.h"
18
19 #include <math.h>
20
21 #include <daemon.h>
22 #include <sa/ikev1/tasks/main_mode.h>
23 #include <sa/ikev1/tasks/aggressive_mode.h>
24 #include <sa/ikev1/tasks/quick_mode.h>
25 #include <sa/ikev1/tasks/quick_delete.h>
26 #include <sa/ikev1/tasks/xauth.h>
27 #include <sa/ikev1/tasks/mode_config.h>
28 #include <sa/ikev1/tasks/informational.h>
29 #include <sa/ikev1/tasks/isakmp_natd.h>
30 #include <sa/ikev1/tasks/isakmp_vendor.h>
31 #include <sa/ikev1/tasks/isakmp_cert_pre.h>
32 #include <sa/ikev1/tasks/isakmp_cert_post.h>
33 #include <sa/ikev1/tasks/isakmp_delete.h>
34 #include <sa/ikev1/tasks/isakmp_dpd.h>
35
36 #include <processing/jobs/retransmit_job.h>
37 #include <processing/jobs/delete_ike_sa_job.h>
38 #include <processing/jobs/dpd_timeout_job.h>
39
40 /**
41 * Number of old messages hashes we keep for retransmission.
42 *
43 * In Main Mode, we must ignore messages from a previous message pair if
44 * we already continued to the next. Otherwise a late retransmission
45 * could be considered as a reply to the newer request.
46 */
47 #define MAX_OLD_HASHES 2
48
49 /**
50 * First sequence number of responding packets.
51 *
52 * To distinguish retransmission jobs for initiating and responding packets,
53 * we split up the sequence counter and use the upper half for responding.
54 */
55 #define RESPONDING_SEQ INT_MAX
56
57 typedef struct exchange_t exchange_t;
58
59 /**
60 * An exchange in the air, used do detect and handle retransmission
61 */
62 struct exchange_t {
63
64 /**
65 * Message ID used for this transaction
66 */
67 u_int32_t mid;
68
69 /**
70 * generated packet for retransmission
71 */
72 packet_t *packet;
73 };
74
75 typedef struct private_task_manager_t private_task_manager_t;
76
77 /**
78 * private data of the task manager
79 */
80 struct private_task_manager_t {
81
82 /**
83 * public functions
84 */
85 task_manager_v1_t public;
86
87 /**
88 * associated IKE_SA we are serving
89 */
90 ike_sa_t *ike_sa;
91
92 /**
93 * RNG to create message IDs
94 */
95 rng_t *rng;
96
97 /**
98 * Exchange we are currently handling as responder
99 */
100 struct {
101 /**
102 * Message ID of the last response
103 */
104 u_int32_t mid;
105
106 /**
107 * Hash of a previously received message
108 */
109 u_int32_t hash;
110
111 /**
112 * packet for retransmission
113 */
114 packet_t *packet;
115
116 /**
117 * Sequence number of the last sent message
118 */
119 u_int32_t seqnr;
120
121 /**
122 * how many times we have retransmitted so far
123 */
124 u_int retransmitted;
125
126 } responding;
127
128 /**
129 * Exchange we are currently handling as initiator
130 */
131 struct {
132 /**
133 * Message ID of the exchange
134 */
135 u_int32_t mid;
136
137 /**
138 * Hashes of old responses we can ignore
139 */
140 u_int32_t old_hashes[MAX_OLD_HASHES];
141
142 /**
143 * Position in old hash array
144 */
145 int old_hash_pos;
146
147 /**
148 * Sequence number of the last sent message
149 */
150 u_int32_t seqnr;
151
152 /**
153 * how many times we have retransmitted so far
154 */
155 u_int retransmitted;
156
157 /**
158 * packet for retransmission
159 */
160 packet_t *packet;
161
162 /**
163 * type of the initated exchange
164 */
165 exchange_type_t type;
166
167 } initiating;
168
169 /**
170 * List of queued tasks not yet in action
171 */
172 linked_list_t *queued_tasks;
173
174 /**
175 * List of active tasks, initiated by ourselve
176 */
177 linked_list_t *active_tasks;
178
179 /**
180 * List of tasks initiated by peer
181 */
182 linked_list_t *passive_tasks;
183
184 /**
185 * Queued messages not yet ready to process
186 */
187 message_t *queued;
188
189 /**
190 * Number of times we retransmit messages before giving up
191 */
192 u_int retransmit_tries;
193
194 /**
195 * Retransmission timeout
196 */
197 double retransmit_timeout;
198
199 /**
200 * Base to calculate retransmission timeout
201 */
202 double retransmit_base;
203
204 /**
205 * Sequence number for sending DPD requests
206 */
207 u_int32_t dpd_send;
208
209 /**
210 * Sequence number for received DPD requests
211 */
212 u_int32_t dpd_recv;
213 };
214
215 METHOD(task_manager_t, flush_queue, void,
216 private_task_manager_t *this, task_queue_t queue)
217 {
218 linked_list_t *list;
219 task_t *task;
220
221 if (this->queued)
222 {
223 this->queued->destroy(this->queued);
224 this->queued = NULL;
225 }
226 switch (queue)
227 {
228 case TASK_QUEUE_ACTIVE:
229 list = this->active_tasks;
230 /* cancel pending retransmits */
231 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
232 DESTROY_IF(this->initiating.packet);
233 this->initiating.packet = NULL;
234 break;
235 case TASK_QUEUE_PASSIVE:
236 list = this->passive_tasks;
237 break;
238 case TASK_QUEUE_QUEUED:
239 list = this->queued_tasks;
240 break;
241 default:
242 return;
243 }
244 while (list->remove_last(list, (void**)&task) == SUCCESS)
245 {
246 task->destroy(task);
247 }
248 }
249
250 /**
251 * flush all tasks in the task manager
252 */
253 static void flush(private_task_manager_t *this)
254 {
255 flush_queue(this, TASK_QUEUE_QUEUED);
256 flush_queue(this, TASK_QUEUE_PASSIVE);
257 flush_queue(this, TASK_QUEUE_ACTIVE);
258 }
259
260 /**
261 * move a task of a specific type from the queue to the active list
262 */
263 static bool activate_task(private_task_manager_t *this, task_type_t type)
264 {
265 enumerator_t *enumerator;
266 task_t *task;
267 bool found = FALSE;
268
269 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
270 while (enumerator->enumerate(enumerator, (void**)&task))
271 {
272 if (task->get_type(task) == type)
273 {
274 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
275 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
276 this->active_tasks->insert_last(this->active_tasks, task);
277 found = TRUE;
278 break;
279 }
280 }
281 enumerator->destroy(enumerator);
282 return found;
283 }
284
285 /**
286 * Retransmit a packet, either as initiator or as responder
287 */
288 static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr,
289 u_int mid, u_int retransmitted, packet_t *packet)
290 {
291 u_int32_t t;
292
293 if (retransmitted > this->retransmit_tries)
294 {
295 DBG1(DBG_IKE, "giving up after %u retransmits", retransmitted - 1);
296 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
297 {
298 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
299 }
300 return DESTROY_ME;
301 }
302 t = (u_int32_t)(this->retransmit_timeout * 1000.0 *
303 pow(this->retransmit_base, retransmitted));
304 if (retransmitted)
305 {
306 DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u",
307 retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response",
308 mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ);
309 }
310 charon->sender->send(charon->sender, packet->clone(packet));
311 lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)
312 retransmit_job_create(seqnr, this->ike_sa->get_id(this->ike_sa)), t);
313 return NEED_MORE;
314 }
315
316 METHOD(task_manager_t, retransmit, status_t,
317 private_task_manager_t *this, u_int32_t seqnr)
318 {
319 status_t status = SUCCESS;
320
321 if (seqnr == this->initiating.seqnr && this->initiating.packet)
322 {
323 status = retransmit_packet(this, seqnr, this->initiating.mid,
324 this->initiating.retransmitted, this->initiating.packet);
325 if (status == NEED_MORE)
326 {
327 this->initiating.retransmitted++;
328 status = SUCCESS;
329 }
330 }
331 if (seqnr == this->responding.seqnr && this->responding.packet)
332 {
333 status = retransmit_packet(this, seqnr, this->responding.mid,
334 this->responding.retransmitted, this->responding.packet);
335 if (status == NEED_MORE)
336 {
337 this->responding.retransmitted++;
338 status = SUCCESS;
339 }
340 }
341 return status;
342 }
343
344 METHOD(task_manager_t, initiate, status_t,
345 private_task_manager_t *this)
346 {
347 enumerator_t *enumerator;
348 task_t *task;
349 message_t *message;
350 host_t *me, *other;
351 status_t status;
352 exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
353 bool new_mid = FALSE, expect_response = FALSE, cancelled = FALSE, keep = FALSE;
354
355 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED &&
356 this->initiating.type != INFORMATIONAL_V1)
357 {
358 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
359 exchange_type_names, this->initiating.type);
360 /* do not initiate if we already have a message in the air */
361 return SUCCESS;
362 }
363
364 if (this->active_tasks->get_count(this->active_tasks) == 0)
365 {
366 DBG2(DBG_IKE, "activating new tasks");
367 switch (this->ike_sa->get_state(this->ike_sa))
368 {
369 case IKE_CREATED:
370 activate_task(this, TASK_ISAKMP_VENDOR);
371 activate_task(this, TASK_ISAKMP_CERT_PRE);
372 if (activate_task(this, TASK_MAIN_MODE))
373 {
374 exchange = ID_PROT;
375 }
376 else if (activate_task(this, TASK_AGGRESSIVE_MODE))
377 {
378 exchange = AGGRESSIVE;
379 }
380 activate_task(this, TASK_ISAKMP_CERT_POST);
381 activate_task(this, TASK_ISAKMP_NATD);
382 break;
383 case IKE_CONNECTING:
384 if (activate_task(this, TASK_ISAKMP_DELETE))
385 {
386 exchange = INFORMATIONAL_V1;
387 new_mid = TRUE;
388 break;
389 }
390 if (activate_task(this, TASK_XAUTH))
391 {
392 exchange = TRANSACTION;
393 new_mid = TRUE;
394 break;
395 }
396 if (activate_task(this, TASK_INFORMATIONAL))
397 {
398 exchange = INFORMATIONAL_V1;
399 new_mid = TRUE;
400 break;
401 }
402 break;
403 case IKE_ESTABLISHED:
404 if (activate_task(this, TASK_MODE_CONFIG))
405 {
406 exchange = TRANSACTION;
407 new_mid = TRUE;
408 break;
409 }
410 if (activate_task(this, TASK_QUICK_MODE))
411 {
412 exchange = QUICK_MODE;
413 new_mid = TRUE;
414 break;
415 }
416 if (activate_task(this, TASK_INFORMATIONAL))
417 {
418 exchange = INFORMATIONAL_V1;
419 new_mid = TRUE;
420 break;
421 }
422 if (activate_task(this, TASK_QUICK_DELETE))
423 {
424 exchange = INFORMATIONAL_V1;
425 new_mid = TRUE;
426 break;
427 }
428 if (activate_task(this, TASK_ISAKMP_DELETE))
429 {
430 exchange = INFORMATIONAL_V1;
431 new_mid = TRUE;
432 break;
433 }
434 if (activate_task(this, TASK_ISAKMP_DPD))
435 {
436 exchange = INFORMATIONAL_V1;
437 new_mid = TRUE;
438 break;
439 }
440 break;
441 default:
442 break;
443 }
444 }
445 else
446 {
447 DBG2(DBG_IKE, "reinitiating already active tasks");
448 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
449 while (enumerator->enumerate(enumerator, (void**)&task))
450 {
451 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
452 switch (task->get_type(task))
453 {
454 case TASK_MAIN_MODE:
455 exchange = ID_PROT;
456 break;
457 case TASK_AGGRESSIVE_MODE:
458 exchange = AGGRESSIVE;
459 break;
460 case TASK_QUICK_MODE:
461 exchange = QUICK_MODE;
462 break;
463 case TASK_XAUTH:
464 exchange = TRANSACTION;
465 new_mid = TRUE;
466 break;
467 default:
468 continue;
469 }
470 break;
471 }
472 enumerator->destroy(enumerator);
473 }
474
475 if (exchange == EXCHANGE_TYPE_UNDEFINED)
476 {
477 DBG2(DBG_IKE, "nothing to initiate");
478 /* nothing to do yet... */
479 return SUCCESS;
480 }
481
482 me = this->ike_sa->get_my_host(this->ike_sa);
483 other = this->ike_sa->get_other_host(this->ike_sa);
484
485 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
486 if (new_mid)
487 {
488 this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
489 (void*)&this->initiating.mid);
490 }
491 message->set_message_id(message, this->initiating.mid);
492 message->set_source(message, me->clone(me));
493 message->set_destination(message, other->clone(other));
494 message->set_exchange_type(message, exchange);
495 this->initiating.type = exchange;
496 this->initiating.retransmitted = 0;
497
498 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
499 while (enumerator->enumerate(enumerator, (void*)&task))
500 {
501 switch (task->build(task, message))
502 {
503 case SUCCESS:
504 /* task completed, remove it */
505 this->active_tasks->remove_at(this->active_tasks, enumerator);
506 if (task->get_type(task) == TASK_AGGRESSIVE_MODE ||
507 task->get_type(task) == TASK_QUICK_MODE)
508 { /* last message of three message exchange */
509 keep = TRUE;
510 }
511 task->destroy(task);
512 continue;
513 case NEED_MORE:
514 expect_response = TRUE;
515 /* processed, but task needs another exchange */
516 continue;
517 case ALREADY_DONE:
518 cancelled = TRUE;
519 break;
520 case FAILED:
521 default:
522 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
523 {
524 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
525 }
526 /* FALL */
527 case DESTROY_ME:
528 /* critical failure, destroy IKE_SA */
529 enumerator->destroy(enumerator);
530 message->destroy(message);
531 flush(this);
532 return DESTROY_ME;
533 }
534 break;
535 }
536 enumerator->destroy(enumerator);
537
538 if (this->active_tasks->get_count(this->active_tasks) == 0 &&
539 (exchange == QUICK_MODE || exchange == AGGRESSIVE))
540 { /* tasks completed, no exchange active anymore */
541 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
542 }
543 if (cancelled)
544 {
545 message->destroy(message);
546 return initiate(this);
547 }
548
549 DESTROY_IF(this->initiating.packet);
550 status = this->ike_sa->generate_message(this->ike_sa, message,
551 &this->initiating.packet);
552 if (status != SUCCESS)
553 {
554 /* message generation failed. There is nothing more to do than to
555 * close the SA */
556 message->destroy(message);
557 flush(this);
558 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
559 return DESTROY_ME;
560 }
561
562 this->initiating.seqnr++;
563 if (expect_response )
564 {
565 message->destroy(message);
566 return retransmit(this, this->initiating.seqnr);
567 }
568 if (keep)
569 { /* keep the packet for retransmission, the responder might request it */
570 charon->sender->send(charon->sender,
571 this->initiating.packet->clone(this->initiating.packet));
572 }
573 else
574 {
575 charon->sender->send(charon->sender, this->initiating.packet);
576 this->initiating.packet = NULL;
577 }
578 message->destroy(message);
579
580 if (exchange == INFORMATIONAL_V1)
581 {
582 switch (this->ike_sa->get_state(this->ike_sa))
583 {
584 case IKE_CONNECTING:
585 /* close after sending an INFORMATIONAL when unestablished */
586 return FAILED;
587 case IKE_DELETING:
588 /* close after sending a DELETE */
589 return DESTROY_ME;
590 default:
591 break;
592 }
593 }
594 return initiate(this);
595 }
596
597 /**
598 * build a response depending on the "passive" task list
599 */
600 static status_t build_response(private_task_manager_t *this, message_t *request)
601 {
602 enumerator_t *enumerator;
603 task_t *task;
604 message_t *message;
605 host_t *me, *other;
606 bool delete = FALSE, cancelled = FALSE, expect_request = FALSE;
607 status_t status;
608
609 me = request->get_destination(request);
610 other = request->get_source(request);
611
612 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
613 message->set_exchange_type(message, request->get_exchange_type(request));
614 /* send response along the path the request came in */
615 message->set_source(message, me->clone(me));
616 message->set_destination(message, other->clone(other));
617 message->set_message_id(message, request->get_message_id(request));
618 message->set_request(message, FALSE);
619
620 this->responding.mid = request->get_message_id(request);
621 this->responding.retransmitted = 0;
622 this->responding.seqnr++;
623
624 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
625 while (enumerator->enumerate(enumerator, (void*)&task))
626 {
627 switch (task->build(task, message))
628 {
629 case SUCCESS:
630 /* task completed, remove it */
631 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
632 task->destroy(task);
633 continue;
634 case NEED_MORE:
635 /* processed, but task needs another exchange */
636 if (task->get_type(task) == TASK_QUICK_MODE ||
637 task->get_type(task) == TASK_AGGRESSIVE_MODE)
638 { /* we rely on initiator retransmission, except for
639 * three-message exchanges */
640 expect_request = TRUE;
641 }
642 continue;
643 case ALREADY_DONE:
644 cancelled = TRUE;
645 break;
646 case FAILED:
647 default:
648 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
649 /* FALL */
650 case DESTROY_ME:
651 /* destroy IKE_SA, but SEND response first */
652 delete = TRUE;
653 break;
654 }
655 break;
656 }
657 enumerator->destroy(enumerator);
658
659 DESTROY_IF(this->responding.packet);
660 this->responding.packet = NULL;
661 if (cancelled)
662 {
663 message->destroy(message);
664 return initiate(this);
665 }
666 status = this->ike_sa->generate_message(this->ike_sa, message,
667 &this->responding.packet);
668 message->destroy(message);
669 if (status != SUCCESS)
670 {
671 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
672 return DESTROY_ME;
673 }
674
675 if (expect_request && !delete)
676 {
677 return retransmit(this, this->responding.seqnr);
678 }
679 charon->sender->send(charon->sender,
680 this->responding.packet->clone(this->responding.packet));
681 if (delete)
682 {
683 return DESTROY_ME;
684 }
685 return SUCCESS;
686 }
687
688 /**
689 * Send a notify in a separate INFORMATIONAL exchange back to the sender.
690 * The notify protocol_id is set to ISAKMP
691 */
692 static void send_notify(private_task_manager_t *this, message_t *request,
693 notify_type_t type)
694 {
695 message_t *response;
696 packet_t *packet;
697 host_t *me, *other;
698 u_int32_t mid;
699
700 if (request && request->get_exchange_type(request) == INFORMATIONAL_V1)
701 { /* don't respond to INFORMATIONAL requests to avoid a notify war */
702 DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
703 return;
704 }
705
706 response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
707 response->set_exchange_type(response, INFORMATIONAL_V1);
708 response->set_request(response, TRUE);
709 this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid);
710 response->set_message_id(response, mid);
711 response->add_payload(response, (payload_t*)
712 notify_payload_create_from_protocol_and_type(NOTIFY_V1,
713 PROTO_IKE, type));
714
715 me = this->ike_sa->get_my_host(this->ike_sa);
716 if (me->is_anyaddr(me))
717 {
718 me = request->get_destination(request);
719 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
720 }
721 other = this->ike_sa->get_other_host(this->ike_sa);
722 if (other->is_anyaddr(other))
723 {
724 other = request->get_source(request);
725 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
726 }
727 response->set_source(response, me->clone(me));
728 response->set_destination(response, other->clone(other));
729 if (this->ike_sa->generate_message(this->ike_sa, response,
730 &packet) == SUCCESS)
731 {
732 charon->sender->send(charon->sender, packet);
733 }
734 response->destroy(response);
735 }
736
737 /**
738 * Process a DPD request/response
739 */
740 static bool process_dpd(private_task_manager_t *this, message_t *message)
741 {
742 notify_payload_t *notify;
743 notify_type_t type;
744 u_int32_t seq;
745 chunk_t data;
746
747 type = DPD_R_U_THERE;
748 notify = message->get_notify(message, type);
749 if (!notify)
750 {
751 type = DPD_R_U_THERE_ACK;
752 notify = message->get_notify(message, type);
753 }
754 if (!notify)
755 {
756 return FALSE;
757 }
758 data = notify->get_notification_data(notify);
759 if (data.len != 4)
760 {
761 return FALSE;
762 }
763 seq = untoh32(data.ptr);
764
765 if (type == DPD_R_U_THERE)
766 {
767 if (this->dpd_recv == 0 || seq == this->dpd_recv)
768 { /* check sequence validity */
769 this->dpd_recv = seq + 1;
770 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
771 time_monotonic(NULL));
772 }
773 /* but respond anyway */
774 this->ike_sa->queue_task(this->ike_sa,
775 &isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE_ACK, seq)->task);
776 }
777 else /* DPD_R_U_THERE_ACK */
778 {
779 if (seq == this->dpd_send - 1)
780 {
781 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
782 time_monotonic(NULL));
783 }
784 else
785 {
786 DBG1(DBG_IKE, "received invalid DPD sequence number %u "
787 "(expected %u), ignored", seq, this->dpd_send - 1);
788 }
789 }
790 return TRUE;
791 }
792
793 /**
794 * handle an incoming request message
795 */
796 static status_t process_request(private_task_manager_t *this,
797 message_t *message)
798 {
799 enumerator_t *enumerator;
800 task_t *task = NULL;
801 bool send_response = FALSE, dpd = FALSE;
802
803 if (message->get_exchange_type(message) == INFORMATIONAL_V1 ||
804 this->passive_tasks->get_count(this->passive_tasks) == 0)
805 { /* create tasks depending on request type, if not already some queued */
806 switch (message->get_exchange_type(message))
807 {
808 case ID_PROT:
809 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
810 this->passive_tasks->insert_last(this->passive_tasks, task);
811 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
812 this->passive_tasks->insert_last(this->passive_tasks, task);
813 task = (task_t *)main_mode_create(this->ike_sa, FALSE);
814 this->passive_tasks->insert_last(this->passive_tasks, task);
815 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
816 this->passive_tasks->insert_last(this->passive_tasks, task);
817 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
818 this->passive_tasks->insert_last(this->passive_tasks, task);
819 break;
820 case AGGRESSIVE:
821 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
822 this->passive_tasks->insert_last(this->passive_tasks, task);
823 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
824 this->passive_tasks->insert_last(this->passive_tasks, task);
825 task = (task_t *)aggressive_mode_create(this->ike_sa, FALSE);
826 this->passive_tasks->insert_last(this->passive_tasks, task);
827 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
828 this->passive_tasks->insert_last(this->passive_tasks, task);
829 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
830 this->passive_tasks->insert_last(this->passive_tasks, task);
831 break;
832 case QUICK_MODE:
833 if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
834 {
835 DBG1(DBG_IKE, "received quick mode request for "
836 "unestablished IKE_SA, ignored");
837 return FAILED;
838 }
839 task = (task_t *)quick_mode_create(this->ike_sa, NULL,
840 NULL, NULL);
841 this->passive_tasks->insert_last(this->passive_tasks, task);
842 break;
843 case INFORMATIONAL_V1:
844 if (process_dpd(this, message))
845 {
846 dpd = TRUE;
847 }
848 else
849 {
850 task = (task_t *)informational_create(this->ike_sa, NULL);
851 this->passive_tasks->insert_first(this->passive_tasks, task);
852 }
853 break;
854 case TRANSACTION:
855 if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
856 {
857 task = (task_t *)mode_config_create(this->ike_sa, FALSE);
858 }
859 else
860 {
861 task = (task_t *)xauth_create(this->ike_sa, FALSE);
862 }
863 this->passive_tasks->insert_last(this->passive_tasks, task);
864 break;
865 default:
866 return FAILED;
867 }
868 }
869 if (dpd)
870 {
871 return initiate(this);
872 }
873 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND, time_monotonic(NULL));
874
875 /* let the tasks process the message */
876 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
877 while (enumerator->enumerate(enumerator, (void*)&task))
878 {
879 switch (task->process(task, message))
880 {
881 case SUCCESS:
882 /* task completed, remove it */
883 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
884 task->destroy(task);
885 continue;
886 case NEED_MORE:
887 /* processed, but task needs at least another call to build() */
888 send_response = TRUE;
889 continue;
890 case ALREADY_DONE:
891 send_response = FALSE;
892 break;
893 case FAILED:
894 default:
895 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
896 /* FALL */
897 case DESTROY_ME:
898 /* critical failure, destroy IKE_SA */
899 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
900 enumerator->destroy(enumerator);
901 task->destroy(task);
902 return DESTROY_ME;
903 }
904 break;
905 }
906 enumerator->destroy(enumerator);
907
908 if (send_response)
909 {
910 if (build_response(this, message) != SUCCESS)
911 {
912 return DESTROY_ME;
913 }
914 }
915 else
916 { /* We don't send a response, so don't retransmit one if we get
917 * the same message again. */
918 DESTROY_IF(this->responding.packet);
919 this->responding.packet = NULL;
920 }
921 if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
922 this->queued_tasks->get_count(this->queued_tasks) > 0)
923 {
924 /* passive tasks completed, check if an active task has been queued,
925 * such as XAUTH or modeconfig push */
926 return initiate(this);
927 }
928 return SUCCESS;
929 }
930
931 /**
932 * handle an incoming response message
933 */
934 static status_t process_response(private_task_manager_t *this,
935 message_t *message)
936 {
937 enumerator_t *enumerator;
938 status_t status;
939 task_t *task;
940
941 if (message->get_exchange_type(message) != this->initiating.type)
942 {
943 DBG1(DBG_IKE, "received %N response, but expected %N",
944 exchange_type_names, message->get_exchange_type(message),
945 exchange_type_names, this->initiating.type);
946 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
947 return DESTROY_ME;
948 }
949
950 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
951 while (enumerator->enumerate(enumerator, (void*)&task))
952 {
953 switch (task->process(task, message))
954 {
955 case SUCCESS:
956 /* task completed, remove it */
957 this->active_tasks->remove_at(this->active_tasks, enumerator);
958 task->destroy(task);
959 continue;
960 case NEED_MORE:
961 /* processed, but task needs another exchange */
962 continue;
963 case ALREADY_DONE:
964 break;
965 case FAILED:
966 default:
967 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
968 /* FALL */
969 case DESTROY_ME:
970 /* critical failure, destroy IKE_SA */
971 this->active_tasks->remove_at(this->active_tasks, enumerator);
972 enumerator->destroy(enumerator);
973 task->destroy(task);
974 return DESTROY_ME;
975 }
976 break;
977 }
978 enumerator->destroy(enumerator);
979
980 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
981 DESTROY_IF(this->initiating.packet);
982 this->initiating.packet = NULL;
983
984 if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0)
985 {
986 status = this->public.task_manager.process_message(
987 &this->public.task_manager, this->queued);
988 this->queued->destroy(this->queued);
989 this->queued = NULL;
990 if (status == DESTROY_ME)
991 {
992 return status;
993 }
994 }
995
996 return initiate(this);
997 }
998
999 /**
1000 * Parse the given message and verify that it is valid.
1001 */
1002 static status_t parse_message(private_task_manager_t *this, message_t *msg)
1003 {
1004 status_t status;
1005
1006 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
1007
1008 if (status != SUCCESS)
1009 {
1010 switch (status)
1011 {
1012 case NOT_SUPPORTED:
1013 DBG1(DBG_IKE, "unsupported exchange type");
1014 send_notify(this, msg, INVALID_EXCHANGE_TYPE);
1015 break;
1016 case PARSE_ERROR:
1017 DBG1(DBG_IKE, "message parsing failed");
1018 send_notify(this, msg, PAYLOAD_MALFORMED);
1019 break;
1020 case VERIFY_ERROR:
1021 DBG1(DBG_IKE, "message verification failed");
1022 send_notify(this, msg, PAYLOAD_MALFORMED);
1023 break;
1024 case FAILED:
1025 DBG1(DBG_IKE, "integrity check failed");
1026 send_notify(this, msg, INVALID_HASH_INFORMATION);
1027 break;
1028 case INVALID_STATE:
1029 DBG1(DBG_IKE, "found encrypted message, but no keys available");
1030 send_notify(this, msg, PAYLOAD_MALFORMED);
1031 default:
1032 break;
1033 }
1034 DBG1(DBG_IKE, "%N %s with message ID %u processing failed",
1035 exchange_type_names, msg->get_exchange_type(msg),
1036 msg->get_request(msg) ? "request" : "response",
1037 msg->get_message_id(msg));
1038
1039 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1040 { /* invalid initiation attempt, close SA */
1041 return DESTROY_ME;
1042 }
1043 }
1044 return status;
1045 }
1046
1047 METHOD(task_manager_t, process_message, status_t,
1048 private_task_manager_t *this, message_t *msg)
1049 {
1050 u_int32_t hash, mid, i;
1051 host_t *me, *other;
1052 status_t status;
1053
1054 /* TODO-IKEv1: update hosts more selectively */
1055 me = msg->get_destination(msg);
1056 other = msg->get_source(msg);
1057 mid = msg->get_message_id(msg);
1058 hash = chunk_hash(msg->get_packet_data(msg));
1059 for (i = 0; i < MAX_OLD_HASHES; i++)
1060 {
1061 if (this->initiating.old_hashes[i] == hash)
1062 {
1063 if (this->initiating.packet &&
1064 i == (this->initiating.old_hash_pos % MAX_OLD_HASHES) &&
1065 (msg->get_exchange_type(msg) == QUICK_MODE ||
1066 msg->get_exchange_type(msg) == AGGRESSIVE))
1067 {
1068 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1069 "resending last request", mid);
1070 charon->sender->send(charon->sender,
1071 this->initiating.packet->clone(this->initiating.packet));
1072 return SUCCESS;
1073 }
1074 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1075 "but next request already sent", mid);
1076 return SUCCESS;
1077 }
1078 }
1079
1080 if ((mid && mid == this->initiating.mid) ||
1081 (this->initiating.mid == 0 &&
1082 msg->get_exchange_type(msg) == this->initiating.type &&
1083 this->active_tasks->get_count(this->active_tasks)))
1084 {
1085 msg->set_request(msg, FALSE);
1086 charon->bus->message(charon->bus, msg, TRUE, FALSE);
1087 status = parse_message(this, msg);
1088 if (status != SUCCESS)
1089 {
1090 return status;
1091 }
1092 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1093 time_monotonic(NULL));
1094 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
1095 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1096 if (process_response(this, msg) != SUCCESS)
1097 {
1098 flush(this);
1099 return DESTROY_ME;
1100 }
1101 this->initiating.old_hashes[(++this->initiating.old_hash_pos) %
1102 MAX_OLD_HASHES] = hash;
1103 }
1104 else
1105 {
1106 if (hash == this->responding.hash)
1107 {
1108 if (this->responding.packet)
1109 {
1110 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1111 "retransmitting response", mid);
1112 charon->sender->send(charon->sender,
1113 this->responding.packet->clone(this->responding.packet));
1114 }
1115 else if (this->initiating.packet &&
1116 this->initiating.type == INFORMATIONAL_V1)
1117 {
1118 DBG1(DBG_IKE, "received retransmit of DPD request, "
1119 "retransmitting response");
1120 charon->sender->send(charon->sender,
1121 this->initiating.packet->clone(this->initiating.packet));
1122 }
1123 else
1124 {
1125 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1126 "but no response to retransmit", mid);
1127 }
1128 return SUCCESS;
1129 }
1130 if (msg->get_exchange_type(msg) == TRANSACTION &&
1131 this->active_tasks->get_count(this->active_tasks))
1132 { /* main mode not yet complete, queue XAuth/Mode config tasks */
1133 if (this->queued)
1134 {
1135 DBG1(DBG_IKE, "ignoring additional %N request, queue full",
1136 exchange_type_names, TRANSACTION);
1137 return SUCCESS;
1138 }
1139 this->queued = message_create_from_packet(msg->get_packet(msg));
1140 if (this->queued->parse_header(this->queued) != SUCCESS)
1141 {
1142 this->queued->destroy(this->queued);
1143 this->queued = NULL;
1144 return FAILED;
1145 }
1146 DBG1(DBG_IKE, "queueing %N request as tasks still active",
1147 exchange_type_names, TRANSACTION);
1148 return SUCCESS;
1149 }
1150
1151 msg->set_request(msg, TRUE);
1152 charon->bus->message(charon->bus, msg, TRUE, FALSE);
1153 status = parse_message(this, msg);
1154 if (status != SUCCESS)
1155 {
1156 return status;
1157 }
1158 /* if this IKE_SA is virgin, we check for a config */
1159 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1160 {
1161 ike_sa_id_t *ike_sa_id;
1162 ike_cfg_t *ike_cfg;
1163 job_t *job;
1164
1165 ike_cfg = charon->backends->get_ike_cfg(charon->backends, me, other);
1166 if (ike_cfg == NULL)
1167 {
1168 /* no config found for these hosts, destroy */
1169 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1170 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
1171 send_notify(this, msg, NO_PROPOSAL_CHOSEN);
1172 return DESTROY_ME;
1173 }
1174 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1175 ike_cfg->destroy(ike_cfg);
1176 /* add a timeout if peer does not establish it completely */
1177 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1178 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1179 lib->scheduler->schedule_job(lib->scheduler, job,
1180 lib->settings->get_int(lib->settings,
1181 "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
1182 charon->name));
1183 }
1184 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
1185 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1186 if (process_request(this, msg) != SUCCESS)
1187 {
1188 flush(this);
1189 return DESTROY_ME;
1190 }
1191 this->responding.hash = hash;
1192 }
1193 return SUCCESS;
1194 }
1195
1196 METHOD(task_manager_t, queue_task, void,
1197 private_task_manager_t *this, task_t *task)
1198 {
1199 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1200 this->queued_tasks->insert_last(this->queued_tasks, task);
1201 }
1202
1203 /**
1204 * Check if a given task has been queued already
1205 */
1206 static bool has_queued(private_task_manager_t *this, task_type_t type)
1207 {
1208 enumerator_t *enumerator;
1209 bool found = FALSE;
1210 task_t *task;
1211
1212 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1213 while (enumerator->enumerate(enumerator, &task))
1214 {
1215 if (task->get_type(task) == type)
1216 {
1217 found = TRUE;
1218 break;
1219 }
1220 }
1221 enumerator->destroy(enumerator);
1222 return found;
1223 }
1224
1225 METHOD(task_manager_t, queue_ike, void,
1226 private_task_manager_t *this)
1227 {
1228 peer_cfg_t *peer_cfg;
1229
1230 if (!has_queued(this, TASK_ISAKMP_VENDOR))
1231 {
1232 queue_task(this, (task_t*)isakmp_vendor_create(this->ike_sa, TRUE));
1233 }
1234 if (!has_queued(this, TASK_ISAKMP_CERT_PRE))
1235 {
1236 queue_task(this, (task_t*)isakmp_cert_pre_create(this->ike_sa, TRUE));
1237 }
1238 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1239 if (peer_cfg->use_aggressive(peer_cfg))
1240 {
1241 if (!has_queued(this, TASK_AGGRESSIVE_MODE))
1242 {
1243 queue_task(this, (task_t*)aggressive_mode_create(this->ike_sa, TRUE));
1244 }
1245 }
1246 else
1247 {
1248 if (!has_queued(this, TASK_MAIN_MODE))
1249 {
1250 queue_task(this, (task_t*)main_mode_create(this->ike_sa, TRUE));
1251 }
1252 }
1253 if (!has_queued(this, TASK_ISAKMP_CERT_POST))
1254 {
1255 queue_task(this, (task_t*)isakmp_cert_post_create(this->ike_sa, TRUE));
1256 }
1257 if (!has_queued(this, TASK_ISAKMP_NATD))
1258 {
1259 queue_task(this, (task_t*)isakmp_natd_create(this->ike_sa, TRUE));
1260 }
1261 }
1262
1263 METHOD(task_manager_t, queue_ike_reauth, void,
1264 private_task_manager_t *this)
1265 {
1266 enumerator_t *enumerator;
1267 child_sa_t *child_sa;
1268 ike_sa_t *new;
1269 host_t *host;
1270
1271 new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
1272 this->ike_sa->get_version(this->ike_sa), TRUE);
1273 if (!new)
1274 { /* shouldn't happen */
1275 return;
1276 }
1277
1278 new->set_peer_cfg(new, this->ike_sa->get_peer_cfg(this->ike_sa));
1279 host = this->ike_sa->get_other_host(this->ike_sa);
1280 new->set_other_host(new, host->clone(host));
1281 host = this->ike_sa->get_my_host(this->ike_sa);
1282 new->set_my_host(new, host->clone(host));
1283 host = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE);
1284 if (host)
1285 {
1286 new->set_virtual_ip(new, TRUE, host);
1287 }
1288
1289 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1290 while (enumerator->enumerate(enumerator, &child_sa))
1291 {
1292 this->ike_sa->remove_child_sa(this->ike_sa, enumerator);
1293 new->add_child_sa(new, child_sa);
1294 }
1295 enumerator->destroy(enumerator);
1296
1297 if (!new->get_child_count(new))
1298 { /* check if a Quick Mode task is queued (UNITY_LOAD_BALANCE case) */
1299 task_t *task;
1300
1301 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1302 while (enumerator->enumerate(enumerator, &task))
1303 {
1304 if (task->get_type(task) == TASK_QUICK_MODE)
1305 {
1306 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
1307 task->migrate(task, new);
1308 new->queue_task(new, task);
1309 }
1310 }
1311 enumerator->destroy(enumerator);
1312 }
1313
1314 if (new->initiate(new, NULL, 0, NULL, NULL) != DESTROY_ME)
1315 {
1316 charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
1317 this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
1318 }
1319 else
1320 {
1321 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
1322 DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
1323 }
1324 charon->bus->set_sa(charon->bus, this->ike_sa);
1325 }
1326
1327 METHOD(task_manager_t, queue_ike_rekey, void,
1328 private_task_manager_t *this)
1329 {
1330 queue_ike_reauth(this);
1331 }
1332
1333 METHOD(task_manager_t, queue_ike_delete, void,
1334 private_task_manager_t *this)
1335 {
1336 enumerator_t *enumerator;
1337 child_sa_t *child_sa;
1338
1339 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1340 while (enumerator->enumerate(enumerator, &child_sa))
1341 {
1342 queue_task(this, (task_t*)
1343 quick_delete_create(this->ike_sa, child_sa->get_protocol(child_sa),
1344 child_sa->get_spi(child_sa, TRUE), FALSE, FALSE));
1345 }
1346 enumerator->destroy(enumerator);
1347
1348 queue_task(this, (task_t*)isakmp_delete_create(this->ike_sa, TRUE));
1349 }
1350
1351 METHOD(task_manager_t, queue_mobike, void,
1352 private_task_manager_t *this, bool roam, bool address)
1353 {
1354 /* Not supported in IKEv1 */
1355 }
1356
1357 METHOD(task_manager_t, queue_child, void,
1358 private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
1359 traffic_selector_t *tsi, traffic_selector_t *tsr)
1360 {
1361 quick_mode_t *task;
1362
1363 task = quick_mode_create(this->ike_sa, cfg, tsi, tsr);
1364 task->use_reqid(task, reqid);
1365
1366 queue_task(this, &task->task);
1367 }
1368
1369 /**
1370 * Check if a CHILD_SA is redundant and we should delete instead of rekey
1371 */
1372 static bool is_redundant(private_task_manager_t *this, child_sa_t *child_sa)
1373 {
1374 enumerator_t *enumerator;
1375 child_sa_t *current;
1376 bool redundant = FALSE;
1377
1378 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1379 while (enumerator->enumerate(enumerator, &current))
1380 {
1381 if (current->get_state(current) == CHILD_INSTALLED &&
1382 streq(current->get_name(current), child_sa->get_name(child_sa)) &&
1383 current->get_lifetime(current, FALSE) >
1384 child_sa->get_lifetime(child_sa, FALSE))
1385 {
1386 DBG1(DBG_IKE, "deleting redundant CHILD_SA %s{%d}",
1387 child_sa->get_name(child_sa), child_sa->get_reqid(child_sa));
1388 redundant = TRUE;
1389 break;
1390 }
1391 }
1392 enumerator->destroy(enumerator);
1393
1394 return redundant;
1395 }
1396
1397 /**
1398 * Get the first traffic selector of a CHILD_SA, local or remote
1399 */
1400 static traffic_selector_t* get_first_ts(child_sa_t *child_sa, bool local)
1401 {
1402 traffic_selector_t *ts = NULL;
1403 linked_list_t *list;
1404
1405 list = child_sa->get_traffic_selectors(child_sa, local);
1406 if (list->get_first(list, (void**)&ts) == SUCCESS)
1407 {
1408 return ts;
1409 }
1410 return NULL;
1411 }
1412
1413 METHOD(task_manager_t, queue_child_rekey, void,
1414 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1415 {
1416 child_sa_t *child_sa;
1417 child_cfg_t *cfg;
1418 quick_mode_t *task;
1419
1420 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, TRUE);
1421 if (!child_sa)
1422 {
1423 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE);
1424 }
1425 if (child_sa && child_sa->get_state(child_sa) == CHILD_INSTALLED)
1426 {
1427 if (is_redundant(this, child_sa))
1428 {
1429 queue_task(this, (task_t*)quick_delete_create(this->ike_sa,
1430 protocol, spi, FALSE, FALSE));
1431 }
1432 else
1433 {
1434 child_sa->set_state(child_sa, CHILD_REKEYING);
1435 cfg = child_sa->get_config(child_sa);
1436 task = quick_mode_create(this->ike_sa, cfg->get_ref(cfg),
1437 get_first_ts(child_sa, TRUE), get_first_ts(child_sa, FALSE));
1438 task->use_reqid(task, child_sa->get_reqid(child_sa));
1439 task->rekey(task, child_sa->get_spi(child_sa, TRUE));
1440
1441 queue_task(this, &task->task);
1442 }
1443 }
1444 }
1445
1446 METHOD(task_manager_t, queue_child_delete, void,
1447 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi,
1448 bool expired)
1449 {
1450 queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol,
1451 spi, FALSE, expired));
1452 }
1453
1454 METHOD(task_manager_t, queue_dpd, void,
1455 private_task_manager_t *this)
1456 {
1457 peer_cfg_t *peer_cfg;
1458 u_int32_t t, retransmit;
1459
1460 queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE,
1461 this->dpd_send++));
1462 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1463
1464 /* compute timeout in milliseconds */
1465 t = 1000 * peer_cfg->get_dpd_timeout(peer_cfg);
1466 if (t == 0)
1467 {
1468 /* use the same timeout as a retransmitting IKE message would have */
1469 for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++)
1470 {
1471 t += (u_int32_t)(this->retransmit_timeout * 1000.0 *
1472 pow(this->retransmit_base, retransmit));
1473 }
1474 }
1475
1476 /* schedule DPD timeout job */
1477 lib->scheduler->schedule_job_ms(lib->scheduler,
1478 (job_t*)dpd_timeout_job_create(this->ike_sa->get_id(this->ike_sa)), t);
1479 }
1480
1481 METHOD(task_manager_t, adopt_tasks, void,
1482 private_task_manager_t *this, task_manager_t *other_public)
1483 {
1484 private_task_manager_t *other = (private_task_manager_t*)other_public;
1485 task_t *task;
1486
1487 /* move queued tasks from other to this */
1488 while (other->queued_tasks->remove_last(other->queued_tasks,
1489 (void**)&task) == SUCCESS)
1490 {
1491 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1492 task->migrate(task, this->ike_sa);
1493 this->queued_tasks->insert_first(this->queued_tasks, task);
1494 }
1495 }
1496
1497 METHOD(task_manager_t, busy, bool,
1498 private_task_manager_t *this)
1499 {
1500 return (this->active_tasks->get_count(this->active_tasks) > 0);
1501 }
1502
1503 METHOD(task_manager_t, incr_mid, void,
1504 private_task_manager_t *this, bool initiate)
1505 {
1506 }
1507
1508 METHOD(task_manager_t, reset, void,
1509 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
1510 {
1511 enumerator_t *enumerator;
1512 task_t *task;
1513
1514 /* reset message counters and retransmit packets */
1515 DESTROY_IF(this->responding.packet);
1516 DESTROY_IF(this->initiating.packet);
1517 this->responding.packet = NULL;
1518 this->responding.seqnr = RESPONDING_SEQ;
1519 this->responding.retransmitted = 0;
1520 this->initiating.packet = NULL;
1521 this->initiating.mid = 0;
1522 this->initiating.seqnr = 0;
1523 this->initiating.retransmitted = 0;
1524 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
1525 if (initiate != UINT_MAX)
1526 {
1527 this->dpd_send = initiate;
1528 }
1529 if (respond != UINT_MAX)
1530 {
1531 this->dpd_recv = respond;
1532 }
1533
1534 /* reset queued tasks */
1535 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1536 while (enumerator->enumerate(enumerator, &task))
1537 {
1538 task->migrate(task, this->ike_sa);
1539 }
1540 enumerator->destroy(enumerator);
1541
1542 /* reset active tasks */
1543 while (this->active_tasks->remove_last(this->active_tasks,
1544 (void**)&task) == SUCCESS)
1545 {
1546 task->migrate(task, this->ike_sa);
1547 this->queued_tasks->insert_first(this->queued_tasks, task);
1548 }
1549 }
1550
1551 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1552 private_task_manager_t *this, task_queue_t queue)
1553 {
1554 switch (queue)
1555 {
1556 case TASK_QUEUE_ACTIVE:
1557 return this->active_tasks->create_enumerator(this->active_tasks);
1558 case TASK_QUEUE_PASSIVE:
1559 return this->passive_tasks->create_enumerator(this->passive_tasks);
1560 case TASK_QUEUE_QUEUED:
1561 return this->queued_tasks->create_enumerator(this->queued_tasks);
1562 default:
1563 return enumerator_create_empty();
1564 }
1565 }
1566
1567 METHOD(task_manager_t, destroy, void,
1568 private_task_manager_t *this)
1569 {
1570 flush(this);
1571
1572 this->active_tasks->destroy(this->active_tasks);
1573 this->queued_tasks->destroy(this->queued_tasks);
1574 this->passive_tasks->destroy(this->passive_tasks);
1575
1576 DESTROY_IF(this->queued);
1577 DESTROY_IF(this->responding.packet);
1578 DESTROY_IF(this->initiating.packet);
1579 DESTROY_IF(this->rng);
1580 free(this);
1581 }
1582
1583 /*
1584 * see header file
1585 */
1586 task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
1587 {
1588 private_task_manager_t *this;
1589
1590 INIT(this,
1591 .public = {
1592 .task_manager = {
1593 .process_message = _process_message,
1594 .queue_task = _queue_task,
1595 .queue_ike = _queue_ike,
1596 .queue_ike_rekey = _queue_ike_rekey,
1597 .queue_ike_reauth = _queue_ike_reauth,
1598 .queue_ike_delete = _queue_ike_delete,
1599 .queue_mobike = _queue_mobike,
1600 .queue_child = _queue_child,
1601 .queue_child_rekey = _queue_child_rekey,
1602 .queue_child_delete = _queue_child_delete,
1603 .queue_dpd = _queue_dpd,
1604 .initiate = _initiate,
1605 .retransmit = _retransmit,
1606 .incr_mid = _incr_mid,
1607 .reset = _reset,
1608 .adopt_tasks = _adopt_tasks,
1609 .busy = _busy,
1610 .create_task_enumerator = _create_task_enumerator,
1611 .flush_queue = _flush_queue,
1612 .destroy = _destroy,
1613 },
1614 },
1615 .initiating = {
1616 .type = EXCHANGE_TYPE_UNDEFINED,
1617 },
1618 .responding = {
1619 .seqnr = RESPONDING_SEQ,
1620 },
1621 .ike_sa = ike_sa,
1622 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
1623 .queued_tasks = linked_list_create(),
1624 .active_tasks = linked_list_create(),
1625 .passive_tasks = linked_list_create(),
1626 .retransmit_tries = lib->settings->get_int(lib->settings,
1627 "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name),
1628 .retransmit_timeout = lib->settings->get_double(lib->settings,
1629 "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name),
1630 .retransmit_base = lib->settings->get_double(lib->settings,
1631 "%s.retransmit_base", RETRANSMIT_BASE, charon->name),
1632 );
1633
1634 if (!this->rng)
1635 {
1636 DBG1(DBG_IKE, "no RNG found, unable to create IKE_SA");
1637 destroy(this);
1638 return NULL;
1639 }
1640
1641 this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
1642 (void*)&this->dpd_send);
1643 this->dpd_send &= 0x7FFFFFFF;
1644
1645 return &this->public;
1646 }
1647