projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Schedule a DPD timeout job that enforces the IKE message timeout policy
[strongswan.git] / src / libcharon / sa / ikev1 / task_manager_v1.c
1 /*
2 * Copyright (C) 2007-2011 Tobias Brunner
3 * Copyright (C) 2007-2011 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "task_manager_v1.h"
18
19 #include <math.h>
20
21 #include <daemon.h>
22 #include <sa/ikev1/tasks/main_mode.h>
23 #include <sa/ikev1/tasks/aggressive_mode.h>
24 #include <sa/ikev1/tasks/quick_mode.h>
25 #include <sa/ikev1/tasks/quick_delete.h>
26 #include <sa/ikev1/tasks/xauth.h>
27 #include <sa/ikev1/tasks/mode_config.h>
28 #include <sa/ikev1/tasks/informational.h>
29 #include <sa/ikev1/tasks/isakmp_natd.h>
30 #include <sa/ikev1/tasks/isakmp_vendor.h>
31 #include <sa/ikev1/tasks/isakmp_cert_pre.h>
32 #include <sa/ikev1/tasks/isakmp_cert_post.h>
33 #include <sa/ikev1/tasks/isakmp_delete.h>
34 #include <sa/ikev1/tasks/isakmp_dpd.h>
35
36 #include <processing/jobs/retransmit_job.h>
37 #include <processing/jobs/delete_ike_sa_job.h>
38 #include <processing/jobs/dpd_timeout_job.h>
39
40 /**
41 * Number of old messages hashes we keep for retransmission.
42 *
43 * In Main Mode, we must ignore messages from a previous message pair if
44 * we already continued to the next. Otherwise a late retransmission
45 * could be considered as a reply to the newer request.
46 */
47 #define MAX_OLD_HASHES 2
48
49 /**
50 * First sequence number of responding packets.
51 *
52 * To distinguish retransmission jobs for initiating and responding packets,
53 * we split up the sequence counter and use the upper half for responding.
54 */
55 #define RESPONDING_SEQ INT_MAX
56
57 typedef struct exchange_t exchange_t;
58
59 /**
60 * An exchange in the air, used do detect and handle retransmission
61 */
62 struct exchange_t {
63
64 /**
65 * Message ID used for this transaction
66 */
67 u_int32_t mid;
68
69 /**
70 * generated packet for retransmission
71 */
72 packet_t *packet;
73 };
74
75 typedef struct private_task_manager_t private_task_manager_t;
76
77 /**
78 * private data of the task manager
79 */
80 struct private_task_manager_t {
81
82 /**
83 * public functions
84 */
85 task_manager_v1_t public;
86
87 /**
88 * associated IKE_SA we are serving
89 */
90 ike_sa_t *ike_sa;
91
92 /**
93 * RNG to create message IDs
94 */
95 rng_t *rng;
96
97 /**
98 * Exchange we are currently handling as responder
99 */
100 struct {
101 /**
102 * Message ID of the last response
103 */
104 u_int32_t mid;
105
106 /**
107 * Hash of a previously received message
108 */
109 u_int32_t hash;
110
111 /**
112 * packet for retransmission
113 */
114 packet_t *packet;
115
116 /**
117 * Sequence number of the last sent message
118 */
119 u_int32_t seqnr;
120
121 /**
122 * how many times we have retransmitted so far
123 */
124 u_int retransmitted;
125
126 } responding;
127
128 /**
129 * Exchange we are currently handling as initiator
130 */
131 struct {
132 /**
133 * Message ID of the exchange
134 */
135 u_int32_t mid;
136
137 /**
138 * Hashes of old responses we can ignore
139 */
140 u_int32_t old_hashes[MAX_OLD_HASHES];
141
142 /**
143 * Position in old hash array
144 */
145 int old_hash_pos;
146
147 /**
148 * Sequence number of the last sent message
149 */
150 u_int32_t seqnr;
151
152 /**
153 * how many times we have retransmitted so far
154 */
155 u_int retransmitted;
156
157 /**
158 * packet for retransmission
159 */
160 packet_t *packet;
161
162 /**
163 * type of the initated exchange
164 */
165 exchange_type_t type;
166
167 } initiating;
168
169 /**
170 * List of queued tasks not yet in action
171 */
172 linked_list_t *queued_tasks;
173
174 /**
175 * List of active tasks, initiated by ourselve
176 */
177 linked_list_t *active_tasks;
178
179 /**
180 * List of tasks initiated by peer
181 */
182 linked_list_t *passive_tasks;
183
184 /**
185 * Queued messages not yet ready to process
186 */
187 message_t *queued;
188
189 /**
190 * Number of times we retransmit messages before giving up
191 */
192 u_int retransmit_tries;
193
194 /**
195 * Retransmission timeout
196 */
197 double retransmit_timeout;
198
199 /**
200 * Base to calculate retransmission timeout
201 */
202 double retransmit_base;
203
204 /**
205 * Sequence number for sending DPD requests
206 */
207 u_int32_t dpd_send;
208
209 /**
210 * Sequence number for received DPD requests
211 */
212 u_int32_t dpd_recv;
213 };
214
215 /**
216 * Flush a single task queue
217 */
218 static void flush_queue(private_task_manager_t *this, linked_list_t *list)
219 {
220 task_t *task;
221
222 if (this->queued)
223 {
224 this->queued->destroy(this->queued);
225 this->queued = NULL;
226 }
227 while (list->remove_last(list, (void**)&task) == SUCCESS)
228 {
229 task->destroy(task);
230 }
231 }
232
233 /**
234 * flush all tasks in the task manager
235 */
236 static void flush(private_task_manager_t *this)
237 {
238 flush_queue(this, this->queued_tasks);
239 flush_queue(this, this->passive_tasks);
240 flush_queue(this, this->active_tasks);
241 }
242
243 /**
244 * move a task of a specific type from the queue to the active list
245 */
246 static bool activate_task(private_task_manager_t *this, task_type_t type)
247 {
248 enumerator_t *enumerator;
249 task_t *task;
250 bool found = FALSE;
251
252 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
253 while (enumerator->enumerate(enumerator, (void**)&task))
254 {
255 if (task->get_type(task) == type)
256 {
257 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
258 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
259 this->active_tasks->insert_last(this->active_tasks, task);
260 found = TRUE;
261 break;
262 }
263 }
264 enumerator->destroy(enumerator);
265 return found;
266 }
267
268 /**
269 * Retransmit a packet, either as initiator or as responder
270 */
271 static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr,
272 u_int mid, u_int retransmitted, packet_t *packet)
273 {
274 u_int32_t t;
275
276 if (retransmitted > this->retransmit_tries)
277 {
278 DBG1(DBG_IKE, "giving up after %u retransmits", retransmitted - 1);
279 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
280 {
281 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
282 }
283 return DESTROY_ME;
284 }
285 t = (u_int32_t)(this->retransmit_timeout * 1000.0 *
286 pow(this->retransmit_base, retransmitted));
287 if (retransmitted)
288 {
289 DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u",
290 retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response",
291 mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ);
292 }
293 charon->sender->send(charon->sender, packet->clone(packet));
294 lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)
295 retransmit_job_create(seqnr, this->ike_sa->get_id(this->ike_sa)), t);
296 return NEED_MORE;
297 }
298
299 METHOD(task_manager_t, retransmit, status_t,
300 private_task_manager_t *this, u_int32_t seqnr)
301 {
302 status_t status = SUCCESS;
303
304 if (seqnr == this->initiating.seqnr && this->initiating.packet)
305 {
306 status = retransmit_packet(this, seqnr, this->initiating.mid,
307 this->initiating.retransmitted, this->initiating.packet);
308 if (status == NEED_MORE)
309 {
310 this->initiating.retransmitted++;
311 status = SUCCESS;
312 }
313 }
314 if (seqnr == this->responding.seqnr && this->responding.packet)
315 {
316 status = retransmit_packet(this, seqnr, this->responding.mid,
317 this->responding.retransmitted, this->responding.packet);
318 if (status == NEED_MORE)
319 {
320 this->responding.retransmitted++;
321 status = SUCCESS;
322 }
323 }
324 return status;
325 }
326
327 METHOD(task_manager_t, initiate, status_t,
328 private_task_manager_t *this)
329 {
330 enumerator_t *enumerator;
331 task_t *task;
332 message_t *message;
333 host_t *me, *other;
334 status_t status;
335 exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
336 bool new_mid = FALSE, expect_response = FALSE, flushed = FALSE, keep = FALSE;
337
338 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED &&
339 this->initiating.type != INFORMATIONAL_V1)
340 {
341 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
342 exchange_type_names, this->initiating.type);
343 /* do not initiate if we already have a message in the air */
344 return SUCCESS;
345 }
346
347 if (this->active_tasks->get_count(this->active_tasks) == 0)
348 {
349 DBG2(DBG_IKE, "activating new tasks");
350 switch (this->ike_sa->get_state(this->ike_sa))
351 {
352 case IKE_CREATED:
353 activate_task(this, TASK_ISAKMP_VENDOR);
354 activate_task(this, TASK_ISAKMP_CERT_PRE);
355 if (activate_task(this, TASK_MAIN_MODE))
356 {
357 exchange = ID_PROT;
358 }
359 else if (activate_task(this, TASK_AGGRESSIVE_MODE))
360 {
361 exchange = AGGRESSIVE;
362 }
363 activate_task(this, TASK_ISAKMP_CERT_POST);
364 activate_task(this, TASK_ISAKMP_NATD);
365 break;
366 case IKE_CONNECTING:
367 if (activate_task(this, TASK_ISAKMP_DELETE))
368 {
369 exchange = INFORMATIONAL_V1;
370 new_mid = TRUE;
371 break;
372 }
373 if (activate_task(this, TASK_XAUTH))
374 {
375 exchange = TRANSACTION;
376 new_mid = TRUE;
377 break;
378 }
379 if (activate_task(this, TASK_INFORMATIONAL))
380 {
381 exchange = INFORMATIONAL_V1;
382 new_mid = TRUE;
383 break;
384 }
385 break;
386 case IKE_ESTABLISHED:
387 if (activate_task(this, TASK_MODE_CONFIG))
388 {
389 exchange = TRANSACTION;
390 new_mid = TRUE;
391 break;
392 }
393 if (activate_task(this, TASK_QUICK_MODE))
394 {
395 exchange = QUICK_MODE;
396 new_mid = TRUE;
397 break;
398 }
399 if (activate_task(this, TASK_INFORMATIONAL))
400 {
401 exchange = INFORMATIONAL_V1;
402 new_mid = TRUE;
403 break;
404 }
405 if (activate_task(this, TASK_QUICK_DELETE))
406 {
407 exchange = INFORMATIONAL_V1;
408 new_mid = TRUE;
409 break;
410 }
411 if (activate_task(this, TASK_ISAKMP_DELETE))
412 {
413 exchange = INFORMATIONAL_V1;
414 new_mid = TRUE;
415 break;
416 }
417 if (activate_task(this, TASK_ISAKMP_DPD))
418 {
419 exchange = INFORMATIONAL_V1;
420 new_mid = TRUE;
421 break;
422 }
423 break;
424 default:
425 break;
426 }
427 }
428 else
429 {
430 DBG2(DBG_IKE, "reinitiating already active tasks");
431 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
432 while (enumerator->enumerate(enumerator, (void**)&task))
433 {
434 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
435 switch (task->get_type(task))
436 {
437 case TASK_MAIN_MODE:
438 exchange = ID_PROT;
439 break;
440 case TASK_AGGRESSIVE_MODE:
441 exchange = AGGRESSIVE;
442 break;
443 case TASK_QUICK_MODE:
444 exchange = QUICK_MODE;
445 break;
446 case TASK_XAUTH:
447 exchange = TRANSACTION;
448 new_mid = TRUE;
449 break;
450 default:
451 continue;
452 }
453 break;
454 }
455 enumerator->destroy(enumerator);
456 }
457
458 if (exchange == EXCHANGE_TYPE_UNDEFINED)
459 {
460 DBG2(DBG_IKE, "nothing to initiate");
461 /* nothing to do yet... */
462 return SUCCESS;
463 }
464
465 me = this->ike_sa->get_my_host(this->ike_sa);
466 other = this->ike_sa->get_other_host(this->ike_sa);
467
468 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
469 if (new_mid)
470 {
471 this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
472 (void*)&this->initiating.mid);
473 }
474 message->set_message_id(message, this->initiating.mid);
475 message->set_source(message, me->clone(me));
476 message->set_destination(message, other->clone(other));
477 message->set_exchange_type(message, exchange);
478 this->initiating.type = exchange;
479 this->initiating.retransmitted = 0;
480
481 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
482 while (enumerator->enumerate(enumerator, (void*)&task))
483 {
484 switch (task->build(task, message))
485 {
486 case SUCCESS:
487 /* task completed, remove it */
488 this->active_tasks->remove_at(this->active_tasks, enumerator);
489 if (task->get_type(task) == TASK_AGGRESSIVE_MODE ||
490 task->get_type(task) == TASK_QUICK_MODE)
491 { /* last message of three message exchange */
492 keep = TRUE;
493 }
494 task->destroy(task);
495 continue;
496 case NEED_MORE:
497 expect_response = TRUE;
498 /* processed, but task needs another exchange */
499 continue;
500 case ALREADY_DONE:
501 flush_queue(this, this->active_tasks);
502 flushed = TRUE;
503 break;
504 case FAILED:
505 default:
506 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
507 {
508 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
509 }
510 /* FALL */
511 case DESTROY_ME:
512 /* critical failure, destroy IKE_SA */
513 enumerator->destroy(enumerator);
514 message->destroy(message);
515 flush(this);
516 return DESTROY_ME;
517 }
518 break;
519 }
520 enumerator->destroy(enumerator);
521
522 if (this->active_tasks->get_count(this->active_tasks) == 0 &&
523 (exchange == QUICK_MODE || exchange == AGGRESSIVE))
524 { /* tasks completed, no exchange active anymore */
525 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
526 }
527 if (flushed)
528 {
529 message->destroy(message);
530 return initiate(this);
531 }
532
533 DESTROY_IF(this->initiating.packet);
534 status = this->ike_sa->generate_message(this->ike_sa, message,
535 &this->initiating.packet);
536 if (status != SUCCESS)
537 {
538 /* message generation failed. There is nothing more to do than to
539 * close the SA */
540 message->destroy(message);
541 flush(this);
542 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
543 return DESTROY_ME;
544 }
545
546 this->initiating.seqnr++;
547 if (expect_response )
548 {
549 message->destroy(message);
550 return retransmit(this, this->initiating.seqnr);
551 }
552 if (keep)
553 { /* keep the packet for retransmission, the responder might request it */
554 charon->sender->send(charon->sender,
555 this->initiating.packet->clone(this->initiating.packet));
556 }
557 else
558 {
559 charon->sender->send(charon->sender, this->initiating.packet);
560 this->initiating.packet = NULL;
561 }
562 message->destroy(message);
563
564 if (exchange == INFORMATIONAL_V1)
565 {
566 switch (this->ike_sa->get_state(this->ike_sa))
567 {
568 case IKE_CONNECTING:
569 /* close after sending an INFORMATIONAL when unestablished */
570 return FAILED;
571 case IKE_DELETING:
572 /* close after sending a DELETE */
573 return DESTROY_ME;
574 default:
575 break;
576 }
577 }
578 return initiate(this);
579 }
580
581 /**
582 * build a response depending on the "passive" task list
583 */
584 static status_t build_response(private_task_manager_t *this, message_t *request)
585 {
586 enumerator_t *enumerator;
587 task_t *task;
588 message_t *message;
589 host_t *me, *other;
590 bool delete = FALSE, flushed = FALSE, expect_request = FALSE;
591 status_t status;
592
593 me = request->get_destination(request);
594 other = request->get_source(request);
595
596 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
597 message->set_exchange_type(message, request->get_exchange_type(request));
598 /* send response along the path the request came in */
599 message->set_source(message, me->clone(me));
600 message->set_destination(message, other->clone(other));
601 message->set_message_id(message, request->get_message_id(request));
602 message->set_request(message, FALSE);
603
604 this->responding.mid = request->get_message_id(request);
605 this->responding.retransmitted = 0;
606 this->responding.seqnr++;
607
608 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
609 while (enumerator->enumerate(enumerator, (void*)&task))
610 {
611 switch (task->build(task, message))
612 {
613 case SUCCESS:
614 /* task completed, remove it */
615 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
616 task->destroy(task);
617 continue;
618 case NEED_MORE:
619 /* processed, but task needs another exchange */
620 if (task->get_type(task) == TASK_QUICK_MODE ||
621 task->get_type(task) == TASK_AGGRESSIVE_MODE)
622 { /* we rely on initiator retransmission, except for
623 * three-message exchanges */
624 expect_request = TRUE;
625 }
626 continue;
627 case ALREADY_DONE:
628 flush_queue(this, this->passive_tasks);
629 flushed = TRUE;
630 break;
631 case FAILED:
632 default:
633 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
634 /* FALL */
635 case DESTROY_ME:
636 /* destroy IKE_SA, but SEND response first */
637 delete = TRUE;
638 break;
639 }
640 break;
641 }
642 enumerator->destroy(enumerator);
643
644 DESTROY_IF(this->responding.packet);
645 this->responding.packet = NULL;
646 if (flushed)
647 {
648 message->destroy(message);
649 return initiate(this);
650 }
651 status = this->ike_sa->generate_message(this->ike_sa, message,
652 &this->responding.packet);
653 message->destroy(message);
654 if (status != SUCCESS)
655 {
656 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
657 return DESTROY_ME;
658 }
659
660 if (expect_request && !delete)
661 {
662 return retransmit(this, this->responding.seqnr);
663 }
664 charon->sender->send(charon->sender,
665 this->responding.packet->clone(this->responding.packet));
666 if (delete)
667 {
668 return DESTROY_ME;
669 }
670 return SUCCESS;
671 }
672
673 /**
674 * Send a notify in a separate INFORMATIONAL exchange back to the sender.
675 * The notify protocol_id is set to ISAKMP
676 */
677 static void send_notify(private_task_manager_t *this, message_t *request,
678 notify_type_t type)
679 {
680 message_t *response;
681 packet_t *packet;
682 host_t *me, *other;
683 u_int32_t mid;
684
685 if (request && request->get_exchange_type(request) == INFORMATIONAL_V1)
686 { /* don't respond to INFORMATIONAL requests to avoid a notify war */
687 DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
688 return;
689 }
690
691 response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
692 response->set_exchange_type(response, INFORMATIONAL_V1);
693 response->set_request(response, TRUE);
694 this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid);
695 response->set_message_id(response, mid);
696 response->add_payload(response, (payload_t*)
697 notify_payload_create_from_protocol_and_type(NOTIFY_V1,
698 PROTO_IKE, type));
699
700 me = this->ike_sa->get_my_host(this->ike_sa);
701 if (me->is_anyaddr(me))
702 {
703 me = request->get_destination(request);
704 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
705 }
706 other = this->ike_sa->get_other_host(this->ike_sa);
707 if (other->is_anyaddr(other))
708 {
709 other = request->get_source(request);
710 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
711 }
712 response->set_source(response, me->clone(me));
713 response->set_destination(response, other->clone(other));
714 if (this->ike_sa->generate_message(this->ike_sa, response,
715 &packet) == SUCCESS)
716 {
717 charon->sender->send(charon->sender, packet);
718 }
719 response->destroy(response);
720 }
721
722 /**
723 * handle an incoming request message
724 */
725 static status_t process_request(private_task_manager_t *this,
726 message_t *message)
727 {
728 enumerator_t *enumerator;
729 task_t *task = NULL;
730 bool send_response = FALSE, dpd = FALSE;
731 notify_payload_t *notify;
732 chunk_t data;
733
734 if (message->get_exchange_type(message) == INFORMATIONAL_V1 ||
735 this->passive_tasks->get_count(this->passive_tasks) == 0)
736 { /* create tasks depending on request type, if not already some queued */
737 switch (message->get_exchange_type(message))
738 {
739 case ID_PROT:
740 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
741 this->passive_tasks->insert_last(this->passive_tasks, task);
742 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
743 this->passive_tasks->insert_last(this->passive_tasks, task);
744 task = (task_t *)main_mode_create(this->ike_sa, FALSE);
745 this->passive_tasks->insert_last(this->passive_tasks, task);
746 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
747 this->passive_tasks->insert_last(this->passive_tasks, task);
748 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
749 this->passive_tasks->insert_last(this->passive_tasks, task);
750 break;
751 case AGGRESSIVE:
752 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
753 this->passive_tasks->insert_last(this->passive_tasks, task);
754 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
755 this->passive_tasks->insert_last(this->passive_tasks, task);
756 task = (task_t *)aggressive_mode_create(this->ike_sa, FALSE);
757 this->passive_tasks->insert_last(this->passive_tasks, task);
758 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
759 this->passive_tasks->insert_last(this->passive_tasks, task);
760 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
761 this->passive_tasks->insert_last(this->passive_tasks, task);
762 break;
763 case QUICK_MODE:
764 if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
765 {
766 DBG1(DBG_IKE, "received quick mode request for "
767 "unestablished IKE_SA, ignored");
768 return FAILED;
769 }
770 task = (task_t *)quick_mode_create(this->ike_sa, NULL,
771 NULL, NULL);
772 this->passive_tasks->insert_last(this->passive_tasks, task);
773 break;
774 case INFORMATIONAL_V1:
775 notify = message->get_notify(message, DPD_R_U_THERE);
776 if (notify)
777 {
778 data = notify->get_notification_data(notify);
779 if (this->dpd_recv == 0 && data.len == 4)
780 { /* first DPD request, initialize counter */
781 this->dpd_recv = untoh32(data.ptr);
782 }
783 task = (task_t *)isakmp_dpd_create(this->ike_sa, FALSE,
784 this->dpd_recv++);
785 dpd = TRUE;
786 }
787 else if ((notify = message->get_notify(message,
788 DPD_R_U_THERE_ACK)))
789 {
790 data = notify->get_notification_data(notify);
791 if (data.len == 4 && untoh32(data.ptr) == this->dpd_send)
792 {
793 this->dpd_send++;
794 }
795 task = (task_t *)isakmp_dpd_create(this->ike_sa, TRUE,
796 this->dpd_send - 1);
797 dpd = TRUE;
798 }
799 else
800 {
801 task = (task_t *)informational_create(this->ike_sa, NULL);
802 }
803 this->passive_tasks->insert_first(this->passive_tasks, task);
804 break;
805 case TRANSACTION:
806 if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
807 {
808 task = (task_t *)mode_config_create(this->ike_sa, FALSE);
809 }
810 else
811 {
812 task = (task_t *)xauth_create(this->ike_sa, FALSE);
813 }
814 this->passive_tasks->insert_last(this->passive_tasks, task);
815 break;
816 default:
817 return FAILED;
818 }
819 }
820 if (!dpd)
821 {
822 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
823 time_monotonic(NULL));
824 }
825 /* let the tasks process the message */
826 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
827 while (enumerator->enumerate(enumerator, (void*)&task))
828 {
829 switch (task->process(task, message))
830 {
831 case SUCCESS:
832 /* task completed, remove it */
833 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
834 task->destroy(task);
835 continue;
836 case NEED_MORE:
837 /* processed, but task needs at least another call to build() */
838 send_response = TRUE;
839 continue;
840 case ALREADY_DONE:
841 send_response = FALSE;
842 flush_queue(this, this->passive_tasks);
843 break;
844 case FAILED:
845 default:
846 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
847 /* FALL */
848 case DESTROY_ME:
849 /* critical failure, destroy IKE_SA */
850 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
851 enumerator->destroy(enumerator);
852 task->destroy(task);
853 return DESTROY_ME;
854 }
855 break;
856 }
857 enumerator->destroy(enumerator);
858
859 if (dpd && this->initiating.type == INFORMATIONAL_V1)
860 { /* got a DPD reply, cancel any retransmission */
861 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
862 DESTROY_IF(this->initiating.packet);
863 this->initiating.packet = NULL;
864 }
865 if (send_response)
866 {
867 if (build_response(this, message) != SUCCESS)
868 {
869 return DESTROY_ME;
870 }
871 }
872 else
873 { /* We don't send a response, so don't retransmit one if we get
874 * the same message again. */
875 DESTROY_IF(this->responding.packet);
876 this->responding.packet = NULL;
877 }
878 if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
879 this->queued_tasks->get_count(this->queued_tasks) > 0)
880 {
881 /* passive tasks completed, check if an active task has been queued,
882 * such as XAUTH or modeconfig push */
883 return initiate(this);
884 }
885 return SUCCESS;
886 }
887
888 /**
889 * handle an incoming response message
890 */
891 static status_t process_response(private_task_manager_t *this,
892 message_t *message)
893 {
894 enumerator_t *enumerator;
895 status_t status;
896 task_t *task;
897
898 if (message->get_exchange_type(message) != this->initiating.type)
899 {
900 DBG1(DBG_IKE, "received %N response, but expected %N",
901 exchange_type_names, message->get_exchange_type(message),
902 exchange_type_names, this->initiating.type);
903 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
904 return DESTROY_ME;
905 }
906
907 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
908 while (enumerator->enumerate(enumerator, (void*)&task))
909 {
910 switch (task->process(task, message))
911 {
912 case SUCCESS:
913 /* task completed, remove it */
914 this->active_tasks->remove_at(this->active_tasks, enumerator);
915 task->destroy(task);
916 continue;
917 case NEED_MORE:
918 /* processed, but task needs another exchange */
919 continue;
920 case ALREADY_DONE:
921 flush_queue(this, this->active_tasks);
922 break;
923 case FAILED:
924 default:
925 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
926 /* FALL */
927 case DESTROY_ME:
928 /* critical failure, destroy IKE_SA */
929 this->active_tasks->remove_at(this->active_tasks, enumerator);
930 enumerator->destroy(enumerator);
931 task->destroy(task);
932 return DESTROY_ME;
933 }
934 break;
935 }
936 enumerator->destroy(enumerator);
937
938 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
939 this->initiating.packet->destroy(this->initiating.packet);
940 this->initiating.packet = NULL;
941
942 if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0)
943 {
944 status = this->public.task_manager.process_message(
945 &this->public.task_manager, this->queued);
946 this->queued->destroy(this->queued);
947 this->queued = NULL;
948 if (status == DESTROY_ME)
949 {
950 return status;
951 }
952 }
953
954 return initiate(this);
955 }
956
957 /**
958 * Parse the given message and verify that it is valid.
959 */
960 static status_t parse_message(private_task_manager_t *this, message_t *msg)
961 {
962 status_t status;
963
964 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
965
966 if (status != SUCCESS)
967 {
968 switch (status)
969 {
970 case NOT_SUPPORTED:
971 DBG1(DBG_IKE, "unsupported exchange type");
972 send_notify(this, msg, INVALID_EXCHANGE_TYPE);
973 break;
974 case PARSE_ERROR:
975 DBG1(DBG_IKE, "message parsing failed");
976 send_notify(this, msg, PAYLOAD_MALFORMED);
977 break;
978 case VERIFY_ERROR:
979 DBG1(DBG_IKE, "message verification failed");
980 send_notify(this, msg, PAYLOAD_MALFORMED);
981 break;
982 case FAILED:
983 DBG1(DBG_IKE, "integrity check failed");
984 send_notify(this, msg, INVALID_HASH_INFORMATION);
985 break;
986 case INVALID_STATE:
987 DBG1(DBG_IKE, "found encrypted message, but no keys available");
988 send_notify(this, msg, PAYLOAD_MALFORMED);
989 default:
990 break;
991 }
992 DBG1(DBG_IKE, "%N %s with message ID %u processing failed",
993 exchange_type_names, msg->get_exchange_type(msg),
994 msg->get_request(msg) ? "request" : "response",
995 msg->get_message_id(msg));
996
997 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
998 { /* invalid initiation attempt, close SA */
999 return DESTROY_ME;
1000 }
1001 }
1002 return status;
1003 }
1004
1005 METHOD(task_manager_t, process_message, status_t,
1006 private_task_manager_t *this, message_t *msg)
1007 {
1008 u_int32_t hash, mid, i;
1009 host_t *me, *other;
1010 status_t status;
1011
1012 /* TODO-IKEv1: update hosts more selectively */
1013 me = msg->get_destination(msg);
1014 other = msg->get_source(msg);
1015 mid = msg->get_message_id(msg);
1016 hash = chunk_hash(msg->get_packet_data(msg));
1017 for (i = 0; i < MAX_OLD_HASHES; i++)
1018 {
1019 if (this->initiating.old_hashes[i] == hash)
1020 {
1021 if (this->initiating.packet &&
1022 i == (this->initiating.old_hash_pos % MAX_OLD_HASHES) &&
1023 (msg->get_exchange_type(msg) == QUICK_MODE ||
1024 msg->get_exchange_type(msg) == AGGRESSIVE))
1025 {
1026 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1027 "resending last request", mid);
1028 charon->sender->send(charon->sender,
1029 this->initiating.packet->clone(this->initiating.packet));
1030 return SUCCESS;
1031 }
1032 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1033 "but next request already sent", mid);
1034 return SUCCESS;
1035 }
1036 }
1037
1038 if ((mid && mid == this->initiating.mid) ||
1039 (this->initiating.mid == 0 &&
1040 msg->get_exchange_type(msg) == this->initiating.type &&
1041 this->active_tasks->get_count(this->active_tasks)))
1042 {
1043 msg->set_request(msg, FALSE);
1044 charon->bus->message(charon->bus, msg, TRUE, FALSE);
1045 status = parse_message(this, msg);
1046 if (status != SUCCESS)
1047 {
1048 return status;
1049 }
1050 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1051 time_monotonic(NULL));
1052 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
1053 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1054 if (process_response(this, msg) != SUCCESS)
1055 {
1056 flush(this);
1057 return DESTROY_ME;
1058 }
1059 this->initiating.old_hashes[(++this->initiating.old_hash_pos) %
1060 MAX_OLD_HASHES] = hash;
1061 }
1062 else
1063 {
1064 if (hash == this->responding.hash)
1065 {
1066 if (this->responding.packet)
1067 {
1068 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1069 "retransmitting response", mid);
1070 charon->sender->send(charon->sender,
1071 this->responding.packet->clone(this->responding.packet));
1072 }
1073 else if (this->initiating.packet &&
1074 this->initiating.type == INFORMATIONAL_V1)
1075 {
1076 DBG1(DBG_IKE, "received retransmit of DPD request, "
1077 "retransmitting response");
1078 charon->sender->send(charon->sender,
1079 this->initiating.packet->clone(this->initiating.packet));
1080 }
1081 else
1082 {
1083 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1084 "but no response to retransmit", mid);
1085 }
1086 return SUCCESS;
1087 }
1088 if (msg->get_exchange_type(msg) == TRANSACTION &&
1089 this->active_tasks->get_count(this->active_tasks))
1090 { /* main mode not yet complete, queue XAuth/Mode config tasks */
1091 if (this->queued)
1092 {
1093 DBG1(DBG_IKE, "ignoring additional %N request, queue full",
1094 exchange_type_names, TRANSACTION);
1095 return SUCCESS;
1096 }
1097 this->queued = message_create_from_packet(msg->get_packet(msg));
1098 if (this->queued->parse_header(this->queued) != SUCCESS)
1099 {
1100 this->queued->destroy(this->queued);
1101 this->queued = NULL;
1102 return FAILED;
1103 }
1104 DBG1(DBG_IKE, "queueing %N request as tasks still active",
1105 exchange_type_names, TRANSACTION);
1106 return SUCCESS;
1107 }
1108
1109 msg->set_request(msg, TRUE);
1110 charon->bus->message(charon->bus, msg, TRUE, FALSE);
1111 status = parse_message(this, msg);
1112 if (status != SUCCESS)
1113 {
1114 return status;
1115 }
1116 /* if this IKE_SA is virgin, we check for a config */
1117 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1118 {
1119 ike_sa_id_t *ike_sa_id;
1120 ike_cfg_t *ike_cfg;
1121 job_t *job;
1122
1123 ike_cfg = charon->backends->get_ike_cfg(charon->backends, me, other);
1124 if (ike_cfg == NULL)
1125 {
1126 /* no config found for these hosts, destroy */
1127 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1128 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
1129 send_notify(this, msg, NO_PROPOSAL_CHOSEN);
1130 return DESTROY_ME;
1131 }
1132 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1133 ike_cfg->destroy(ike_cfg);
1134 /* add a timeout if peer does not establish it completely */
1135 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1136 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1137 lib->scheduler->schedule_job(lib->scheduler, job,
1138 lib->settings->get_int(lib->settings,
1139 "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
1140 charon->name));
1141 }
1142 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
1143 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1144 if (process_request(this, msg) != SUCCESS)
1145 {
1146 flush(this);
1147 return DESTROY_ME;
1148 }
1149 this->responding.hash = hash;
1150 }
1151 return SUCCESS;
1152 }
1153
1154 METHOD(task_manager_t, queue_task, void,
1155 private_task_manager_t *this, task_t *task)
1156 {
1157 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1158 this->queued_tasks->insert_last(this->queued_tasks, task);
1159 }
1160
1161 /**
1162 * Check if a given task has been queued already
1163 */
1164 static bool has_queued(private_task_manager_t *this, task_type_t type)
1165 {
1166 enumerator_t *enumerator;
1167 bool found = FALSE;
1168 task_t *task;
1169
1170 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1171 while (enumerator->enumerate(enumerator, &task))
1172 {
1173 if (task->get_type(task) == type)
1174 {
1175 found = TRUE;
1176 break;
1177 }
1178 }
1179 enumerator->destroy(enumerator);
1180 return found;
1181 }
1182
1183 METHOD(task_manager_t, queue_ike, void,
1184 private_task_manager_t *this)
1185 {
1186 peer_cfg_t *peer_cfg;
1187
1188 if (!has_queued(this, TASK_ISAKMP_VENDOR))
1189 {
1190 queue_task(this, (task_t*)isakmp_vendor_create(this->ike_sa, TRUE));
1191 }
1192 if (!has_queued(this, TASK_ISAKMP_CERT_PRE))
1193 {
1194 queue_task(this, (task_t*)isakmp_cert_pre_create(this->ike_sa, TRUE));
1195 }
1196 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1197 if (peer_cfg->use_aggressive(peer_cfg))
1198 {
1199 if (!has_queued(this, TASK_AGGRESSIVE_MODE))
1200 {
1201 queue_task(this, (task_t*)aggressive_mode_create(this->ike_sa, TRUE));
1202 }
1203 }
1204 else
1205 {
1206 if (!has_queued(this, TASK_MAIN_MODE))
1207 {
1208 queue_task(this, (task_t*)main_mode_create(this->ike_sa, TRUE));
1209 }
1210 }
1211 if (!has_queued(this, TASK_ISAKMP_CERT_POST))
1212 {
1213 queue_task(this, (task_t*)isakmp_cert_post_create(this->ike_sa, TRUE));
1214 }
1215 if (!has_queued(this, TASK_ISAKMP_NATD))
1216 {
1217 queue_task(this, (task_t*)isakmp_natd_create(this->ike_sa, TRUE));
1218 }
1219 }
1220
1221 METHOD(task_manager_t, queue_ike_reauth, void,
1222 private_task_manager_t *this)
1223 {
1224 enumerator_t *enumerator;
1225 child_sa_t *child_sa;
1226 ike_sa_t *new;
1227 host_t *host;
1228
1229 new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
1230 this->ike_sa->get_version(this->ike_sa), TRUE);
1231 if (!new)
1232 { /* shouldn't happen */
1233 return;
1234 }
1235
1236 new->set_peer_cfg(new, this->ike_sa->get_peer_cfg(this->ike_sa));
1237 host = this->ike_sa->get_other_host(this->ike_sa);
1238 new->set_other_host(new, host->clone(host));
1239 host = this->ike_sa->get_my_host(this->ike_sa);
1240 new->set_my_host(new, host->clone(host));
1241 host = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE);
1242 if (host)
1243 {
1244 new->set_virtual_ip(new, TRUE, host);
1245 }
1246
1247 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1248 while (enumerator->enumerate(enumerator, &child_sa))
1249 {
1250 this->ike_sa->remove_child_sa(this->ike_sa, enumerator);
1251 new->add_child_sa(new, child_sa);
1252 }
1253 enumerator->destroy(enumerator);
1254
1255 if (!new->get_child_count(new))
1256 { /* check if a Quick Mode task is queued (UNITY_LOAD_BALANCE case) */
1257 task_t *task;
1258
1259 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1260 while (enumerator->enumerate(enumerator, &task))
1261 {
1262 if (task->get_type(task) == TASK_QUICK_MODE)
1263 {
1264 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
1265 task->migrate(task, new);
1266 new->queue_task(new, task);
1267 }
1268 }
1269 enumerator->destroy(enumerator);
1270 }
1271
1272 if (new->initiate(new, NULL, 0, NULL, NULL) != DESTROY_ME)
1273 {
1274 charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
1275 this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
1276 }
1277 else
1278 {
1279 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
1280 DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
1281 }
1282 charon->bus->set_sa(charon->bus, this->ike_sa);
1283 }
1284
1285 METHOD(task_manager_t, queue_ike_rekey, void,
1286 private_task_manager_t *this)
1287 {
1288 queue_ike_reauth(this);
1289 }
1290
1291 METHOD(task_manager_t, queue_ike_delete, void,
1292 private_task_manager_t *this)
1293 {
1294 enumerator_t *enumerator;
1295 child_sa_t *child_sa;
1296
1297 enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1298 while (enumerator->enumerate(enumerator, &child_sa))
1299 {
1300 queue_task(this, (task_t*)
1301 quick_delete_create(this->ike_sa, child_sa->get_protocol(child_sa),
1302 child_sa->get_spi(child_sa, TRUE), FALSE, FALSE));
1303 }
1304 enumerator->destroy(enumerator);
1305
1306 queue_task(this, (task_t*)isakmp_delete_create(this->ike_sa, TRUE));
1307 }
1308
1309 METHOD(task_manager_t, queue_mobike, void,
1310 private_task_manager_t *this, bool roam, bool address)
1311 {
1312 /* Not supported in IKEv1 */
1313 }
1314
1315 METHOD(task_manager_t, queue_child, void,
1316 private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
1317 traffic_selector_t *tsi, traffic_selector_t *tsr)
1318 {
1319 quick_mode_t *task;
1320
1321 task = quick_mode_create(this->ike_sa, cfg, tsi, tsr);
1322 task->use_reqid(task, reqid);
1323
1324 queue_task(this, &task->task);
1325 }
1326
1327 METHOD(task_manager_t, queue_child_rekey, void,
1328 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1329 {
1330 child_sa_t *child_sa;
1331 child_cfg_t *cfg;
1332 quick_mode_t *task;
1333
1334 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, TRUE);
1335 if (!child_sa)
1336 {
1337 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE);
1338 }
1339 if (child_sa && child_sa->get_state(child_sa) == CHILD_INSTALLED)
1340 {
1341 child_sa->set_state(child_sa, CHILD_REKEYING);
1342 cfg = child_sa->get_config(child_sa);
1343 task = quick_mode_create(this->ike_sa, cfg->get_ref(cfg), NULL, NULL);
1344 task->use_reqid(task, child_sa->get_reqid(child_sa));
1345 task->rekey(task, child_sa->get_spi(child_sa, TRUE));
1346
1347 queue_task(this, &task->task);
1348 }
1349 }
1350
1351 METHOD(task_manager_t, queue_child_delete, void,
1352 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi,
1353 bool expired)
1354 {
1355 queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol,
1356 spi, FALSE, expired));
1357 }
1358
1359 METHOD(task_manager_t, queue_dpd, void,
1360 private_task_manager_t *this)
1361 {
1362 u_int32_t t = 0, retransmit;
1363
1364 queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, TRUE,
1365 this->dpd_send++));
1366
1367 /* schedule DPD timeout job using the same timeout as a retransmitting
1368 * IKE message would have. */
1369 for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++)
1370 {
1371 t += (u_int32_t)(this->retransmit_timeout * 1000.0 *
1372 pow(this->retransmit_base, retransmit));
1373 }
1374 lib->scheduler->schedule_job_ms(lib->scheduler,
1375 (job_t*)dpd_timeout_job_create(this->ike_sa->get_id(this->ike_sa)), t);
1376 }
1377
1378 METHOD(task_manager_t, adopt_tasks, void,
1379 private_task_manager_t *this, task_manager_t *other_public)
1380 {
1381 private_task_manager_t *other = (private_task_manager_t*)other_public;
1382 task_t *task;
1383
1384 /* move queued tasks from other to this */
1385 while (other->queued_tasks->remove_last(other->queued_tasks,
1386 (void**)&task) == SUCCESS)
1387 {
1388 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1389 task->migrate(task, this->ike_sa);
1390 this->queued_tasks->insert_first(this->queued_tasks, task);
1391 }
1392 }
1393
1394 METHOD(task_manager_t, busy, bool,
1395 private_task_manager_t *this)
1396 {
1397 return (this->active_tasks->get_count(this->active_tasks) > 0);
1398 }
1399
1400 METHOD(task_manager_t, incr_mid, void,
1401 private_task_manager_t *this, bool initiate)
1402 {
1403 }
1404
1405 METHOD(task_manager_t, reset, void,
1406 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
1407 {
1408 enumerator_t *enumerator;
1409 task_t *task;
1410
1411 /* reset message counters and retransmit packets */
1412 DESTROY_IF(this->responding.packet);
1413 DESTROY_IF(this->initiating.packet);
1414 this->responding.packet = NULL;
1415 this->responding.seqnr = RESPONDING_SEQ;
1416 this->responding.retransmitted = 0;
1417 this->initiating.packet = NULL;
1418 this->initiating.mid = 0;
1419 this->initiating.seqnr = 0;
1420 this->initiating.retransmitted = 0;
1421 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
1422 if (initiate != UINT_MAX)
1423 {
1424 this->dpd_send = initiate;
1425 }
1426 if (respond != UINT_MAX)
1427 {
1428 this->dpd_recv = respond;
1429 }
1430
1431 /* reset queued tasks */
1432 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1433 while (enumerator->enumerate(enumerator, &task))
1434 {
1435 task->migrate(task, this->ike_sa);
1436 }
1437 enumerator->destroy(enumerator);
1438
1439 /* reset active tasks */
1440 while (this->active_tasks->remove_last(this->active_tasks,
1441 (void**)&task) == SUCCESS)
1442 {
1443 task->migrate(task, this->ike_sa);
1444 this->queued_tasks->insert_first(this->queued_tasks, task);
1445 }
1446 }
1447
1448 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1449 private_task_manager_t *this, task_queue_t queue)
1450 {
1451 switch (queue)
1452 {
1453 case TASK_QUEUE_ACTIVE:
1454 return this->active_tasks->create_enumerator(this->active_tasks);
1455 case TASK_QUEUE_PASSIVE:
1456 return this->passive_tasks->create_enumerator(this->passive_tasks);
1457 case TASK_QUEUE_QUEUED:
1458 return this->queued_tasks->create_enumerator(this->queued_tasks);
1459 default:
1460 return enumerator_create_empty();
1461 }
1462 }
1463
1464 METHOD(task_manager_t, destroy, void,
1465 private_task_manager_t *this)
1466 {
1467 flush(this);
1468
1469 this->active_tasks->destroy(this->active_tasks);
1470 this->queued_tasks->destroy(this->queued_tasks);
1471 this->passive_tasks->destroy(this->passive_tasks);
1472
1473 DESTROY_IF(this->queued);
1474 DESTROY_IF(this->responding.packet);
1475 DESTROY_IF(this->initiating.packet);
1476 DESTROY_IF(this->rng);
1477 free(this);
1478 }
1479
1480 /*
1481 * see header file
1482 */
1483 task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
1484 {
1485 private_task_manager_t *this;
1486
1487 INIT(this,
1488 .public = {
1489 .task_manager = {
1490 .process_message = _process_message,
1491 .queue_task = _queue_task,
1492 .queue_ike = _queue_ike,
1493 .queue_ike_rekey = _queue_ike_rekey,
1494 .queue_ike_reauth = _queue_ike_reauth,
1495 .queue_ike_delete = _queue_ike_delete,
1496 .queue_mobike = _queue_mobike,
1497 .queue_child = _queue_child,
1498 .queue_child_rekey = _queue_child_rekey,
1499 .queue_child_delete = _queue_child_delete,
1500 .queue_dpd = _queue_dpd,
1501 .initiate = _initiate,
1502 .retransmit = _retransmit,
1503 .incr_mid = _incr_mid,
1504 .reset = _reset,
1505 .adopt_tasks = _adopt_tasks,
1506 .busy = _busy,
1507 .create_task_enumerator = _create_task_enumerator,
1508 .destroy = _destroy,
1509 },
1510 },
1511 .initiating = {
1512 .type = EXCHANGE_TYPE_UNDEFINED,
1513 },
1514 .responding = {
1515 .seqnr = RESPONDING_SEQ,
1516 },
1517 .ike_sa = ike_sa,
1518 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
1519 .queued_tasks = linked_list_create(),
1520 .active_tasks = linked_list_create(),
1521 .passive_tasks = linked_list_create(),
1522 .retransmit_tries = lib->settings->get_int(lib->settings,
1523 "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name),
1524 .retransmit_timeout = lib->settings->get_double(lib->settings,
1525 "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name),
1526 .retransmit_base = lib->settings->get_double(lib->settings,
1527 "%s.retransmit_base", RETRANSMIT_BASE, charon->name),
1528 );
1529
1530 if (!this->rng)
1531 {
1532 DBG1(DBG_IKE, "no RNG found, unable to create IKE_SA");
1533 destroy(this);
1534 return NULL;
1535 }
1536
1537 this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
1538 (void*)&this->dpd_send);
1539 this->dpd_send &= 0x7FFFFFFF;
1540
1541 return &this->public;
1542 }
1543
strongSwan - IPsec VPN