Don't requeue IKEv1 init tasks if they already exist in a second keyingtry
[strongswan.git] / src / libcharon / sa / ikev1 / task_manager_v1.c
1 /*
2 * Copyright (C) 2007-2011 Tobias Brunner
3 * Copyright (C) 2007-2011 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "task_manager_v1.h"
18
19 #include <math.h>
20
21 #include <daemon.h>
22 #include <sa/ikev1/tasks/main_mode.h>
23 #include <sa/ikev1/tasks/quick_mode.h>
24 #include <sa/ikev1/tasks/quick_delete.h>
25 #include <sa/ikev1/tasks/xauth.h>
26 #include <sa/ikev1/tasks/mode_config.h>
27 #include <sa/ikev1/tasks/informational.h>
28 #include <sa/ikev1/tasks/isakmp_natd.h>
29 #include <sa/ikev1/tasks/isakmp_vendor.h>
30 #include <sa/ikev1/tasks/isakmp_cert_pre.h>
31 #include <sa/ikev1/tasks/isakmp_cert_post.h>
32 #include <sa/ikev1/tasks/isakmp_delete.h>
33 #include <processing/jobs/retransmit_job.h>
34 #include <processing/jobs/delete_ike_sa_job.h>
35
36 /**
37 * Number of old messages hashes we keep for retransmission.
38 *
39 * In Main Mode, we must ignore messages from a previous message pair if
40 * we already continued to the next. Otherwise a late retransmission
41 * could be considered as a reply to the newer request.
42 */
43 #define MAX_OLD_HASHES 2
44
45 typedef struct exchange_t exchange_t;
46
47 /**
48 * An exchange in the air, used do detect and handle retransmission
49 */
50 struct exchange_t {
51
52 /**
53 * Message ID used for this transaction
54 */
55 u_int32_t mid;
56
57 /**
58 * generated packet for retransmission
59 */
60 packet_t *packet;
61 };
62
63 typedef struct private_task_manager_t private_task_manager_t;
64
65 /**
66 * private data of the task manager
67 */
68 struct private_task_manager_t {
69
70 /**
71 * public functions
72 */
73 task_manager_v1_t public;
74
75 /**
76 * associated IKE_SA we are serving
77 */
78 ike_sa_t *ike_sa;
79
80 /**
81 * RNG to create message IDs
82 */
83 rng_t *rng;
84
85 /**
86 * Exchange we are currently handling as responder
87 */
88 struct {
89 /**
90 * Hash of a previously received message
91 */
92 u_int32_t hash;
93
94 /**
95 * packet for retransmission
96 */
97 packet_t *packet;
98
99 } responding;
100
101 /**
102 * Exchange we are currently handling as initiator
103 */
104 struct {
105 /**
106 * Message ID of the exchange
107 */
108 u_int32_t mid;
109
110 /**
111 * Hashes of old responses we can ignore
112 */
113 u_int32_t old_hashes[MAX_OLD_HASHES];
114
115 /**
116 * Position in old hash array
117 */
118 int old_hash_pos;
119
120 /**
121 * Sequence number of the last sent message
122 */
123 u_int32_t seqnr;
124
125 /**
126 * how many times we have retransmitted so far
127 */
128 u_int retransmitted;
129
130 /**
131 * packet for retransmission
132 */
133 packet_t *packet;
134
135 /**
136 * type of the initated exchange
137 */
138 exchange_type_t type;
139
140 } initiating;
141
142 /**
143 * List of queued tasks not yet in action
144 */
145 linked_list_t *queued_tasks;
146
147 /**
148 * List of active tasks, initiated by ourselve
149 */
150 linked_list_t *active_tasks;
151
152 /**
153 * List of tasks initiated by peer
154 */
155 linked_list_t *passive_tasks;
156
157 /**
158 * Queued messages not yet ready to process
159 */
160 message_t *queued;
161
162 /**
163 * Number of times we retransmit messages before giving up
164 */
165 u_int retransmit_tries;
166
167 /**
168 * Retransmission timeout
169 */
170 double retransmit_timeout;
171
172 /**
173 * Base to calculate retransmission timeout
174 */
175 double retransmit_base;
176 };
177
178 /**
179 * Flush a single task queue
180 */
181 static void flush_queue(private_task_manager_t *this, linked_list_t *list)
182 {
183 task_t *task;
184
185 if (this->queued)
186 {
187 this->queued->destroy(this->queued);
188 this->queued = NULL;
189 }
190 while (list->remove_last(list, (void**)&task) == SUCCESS)
191 {
192 task->destroy(task);
193 }
194 }
195
196 /**
197 * flush all tasks in the task manager
198 */
199 static void flush(private_task_manager_t *this)
200 {
201 flush_queue(this, this->queued_tasks);
202 flush_queue(this, this->passive_tasks);
203 flush_queue(this, this->active_tasks);
204 }
205
206 /**
207 * move a task of a specific type from the queue to the active list
208 */
209 static bool activate_task(private_task_manager_t *this, task_type_t type)
210 {
211 enumerator_t *enumerator;
212 task_t *task;
213 bool found = FALSE;
214
215 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
216 while (enumerator->enumerate(enumerator, (void**)&task))
217 {
218 if (task->get_type(task) == type)
219 {
220 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
221 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
222 this->active_tasks->insert_last(this->active_tasks, task);
223 found = TRUE;
224 break;
225 }
226 }
227 enumerator->destroy(enumerator);
228 return found;
229 }
230
231 METHOD(task_manager_t, retransmit, status_t,
232 private_task_manager_t *this, u_int32_t message_seqnr)
233 {
234 /* this.initiating packet used as marker for received response */
235 if (message_seqnr == this->initiating.seqnr && this->initiating.packet )
236 {
237 u_int32_t timeout;
238 packet_t *packet;
239 job_t *job;
240
241 if (this->initiating.retransmitted <= this->retransmit_tries)
242 {
243 timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 *
244 pow(this->retransmit_base, this->initiating.retransmitted));
245 }
246 else
247 {
248 DBG1(DBG_IKE, "giving up after %d retransmits",
249 this->initiating.retransmitted - 1);
250 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
251 {
252 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
253 }
254 return DESTROY_ME;
255 }
256
257 if (this->initiating.retransmitted)
258 {
259 DBG1(DBG_IKE, "retransmit %d of request with message ID %u seqnr (%d)",
260 this->initiating.retransmitted, this->initiating.mid, message_seqnr);
261 }
262 packet = this->initiating.packet->clone(this->initiating.packet);
263 charon->sender->send(charon->sender, packet);
264
265 this->initiating.retransmitted++;
266 job = (job_t*)retransmit_job_create(this->initiating.seqnr,
267 this->ike_sa->get_id(this->ike_sa));
268 lib->scheduler->schedule_job_ms(lib->scheduler, job, timeout);
269 }
270 return SUCCESS;
271 }
272
273 METHOD(task_manager_t, initiate, status_t,
274 private_task_manager_t *this)
275 {
276 enumerator_t *enumerator;
277 task_t *task;
278 message_t *message;
279 host_t *me, *other;
280 status_t status;
281 exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
282 bool new_mid = FALSE, expect_response = FALSE, flushed = FALSE;
283
284 if (!this->rng)
285 {
286 DBG1(DBG_IKE, "no RNG supported");
287 return FAILED;
288 }
289
290 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
291 {
292 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
293 exchange_type_names, this->initiating.type);
294 /* do not initiate if we already have a message in the air */
295 return SUCCESS;
296 }
297
298 if (this->active_tasks->get_count(this->active_tasks) == 0)
299 {
300 DBG2(DBG_IKE, "activating new tasks");
301 switch (this->ike_sa->get_state(this->ike_sa))
302 {
303 case IKE_CREATED:
304 activate_task(this, TASK_ISAKMP_VENDOR);
305 activate_task(this, TASK_ISAKMP_CERT_PRE);
306 if (activate_task(this, TASK_MAIN_MODE))
307 {
308 exchange = ID_PROT;
309 activate_task(this, TASK_ISAKMP_CERT_POST);
310 activate_task(this, TASK_ISAKMP_NATD);
311 }
312 break;
313 case IKE_CONNECTING:
314 if (activate_task(this, TASK_ISAKMP_DELETE))
315 {
316 exchange = INFORMATIONAL_V1;
317 new_mid = TRUE;
318 break;
319 }
320 if (activate_task(this, TASK_XAUTH))
321 {
322 exchange = TRANSACTION;
323 new_mid = TRUE;
324 break;
325 }
326 if (activate_task(this, TASK_INFORMATIONAL))
327 {
328 exchange = INFORMATIONAL_V1;
329 new_mid = TRUE;
330 break;
331 }
332 break;
333 case IKE_ESTABLISHED:
334 if (activate_task(this, TASK_MODE_CONFIG))
335 {
336 exchange = TRANSACTION;
337 new_mid = TRUE;
338 break;
339 }
340 if (activate_task(this, TASK_QUICK_MODE))
341 {
342 exchange = QUICK_MODE;
343 new_mid = TRUE;
344 break;
345 }
346 if (activate_task(this, TASK_INFORMATIONAL))
347 {
348 exchange = INFORMATIONAL_V1;
349 new_mid = TRUE;
350 break;
351 }
352 if (activate_task(this, TASK_ISAKMP_DELETE))
353 {
354 exchange = INFORMATIONAL_V1;
355 new_mid = TRUE;
356 break;
357 }
358 if (activate_task(this, TASK_QUICK_DELETE))
359 {
360 exchange = INFORMATIONAL_V1;
361 new_mid = TRUE;
362 break;
363 }
364 break;
365 default:
366 break;
367 }
368 }
369 else
370 {
371 DBG2(DBG_IKE, "reinitiating already active tasks");
372 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
373 while (enumerator->enumerate(enumerator, (void**)&task))
374 {
375 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
376 switch (task->get_type(task))
377 {
378 case TASK_MAIN_MODE:
379 exchange = ID_PROT;
380 break;
381 case TASK_QUICK_MODE:
382 exchange = QUICK_MODE;
383 break;
384 case TASK_XAUTH:
385 exchange = TRANSACTION;
386 new_mid = TRUE;
387 break;
388 default:
389 continue;
390 }
391 break;
392 }
393 enumerator->destroy(enumerator);
394 }
395
396 if (exchange == EXCHANGE_TYPE_UNDEFINED)
397 {
398 DBG2(DBG_IKE, "nothing to initiate");
399 /* nothing to do yet... */
400 return SUCCESS;
401 }
402
403 me = this->ike_sa->get_my_host(this->ike_sa);
404 other = this->ike_sa->get_other_host(this->ike_sa);
405
406 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
407 if (new_mid)
408 {
409 this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
410 (void*)&this->initiating.mid);
411 }
412 message->set_message_id(message, this->initiating.mid);
413 message->set_source(message, me->clone(me));
414 message->set_destination(message, other->clone(other));
415 message->set_exchange_type(message, exchange);
416 this->initiating.type = exchange;
417 this->initiating.retransmitted = 0;
418
419 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
420 while (enumerator->enumerate(enumerator, (void*)&task))
421 {
422 switch (task->build(task, message))
423 {
424 case SUCCESS:
425 /* task completed, remove it */
426 this->active_tasks->remove_at(this->active_tasks, enumerator);
427 task->destroy(task);
428 continue;
429 case NEED_MORE:
430 expect_response = TRUE;
431 /* processed, but task needs another exchange */
432 continue;
433 case ALREADY_DONE:
434 flush_queue(this, this->active_tasks);
435 flushed = TRUE;
436 break;
437 case FAILED:
438 default:
439 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
440 {
441 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
442 }
443 /* FALL */
444 case DESTROY_ME:
445 /* critical failure, destroy IKE_SA */
446 enumerator->destroy(enumerator);
447 message->destroy(message);
448 flush(this);
449 return DESTROY_ME;
450 }
451 break;
452 }
453 enumerator->destroy(enumerator);
454
455 if (this->active_tasks->get_count(this->active_tasks) == 0)
456 { /* tasks completed, no exchange active anymore */
457 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
458 }
459 if (flushed)
460 {
461 message->destroy(message);
462 return initiate(this);
463 }
464 this->initiating.seqnr++;
465
466 status = this->ike_sa->generate_message(this->ike_sa, message,
467 &this->initiating.packet);
468 if (status != SUCCESS)
469 {
470 /* message generation failed. There is nothing more to do than to
471 * close the SA */
472 message->destroy(message);
473 flush(this);
474 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
475 return DESTROY_ME;
476 }
477 message->destroy(message);
478
479 if (expect_response)
480 {
481 return retransmit(this, this->initiating.seqnr);
482 }
483 charon->sender->send(charon->sender,
484 this->initiating.packet->clone(this->initiating.packet));
485 this->initiating.packet->destroy(this->initiating.packet);
486 this->initiating.packet = NULL;
487
488 if (exchange == INFORMATIONAL_V1)
489 {
490 switch (this->ike_sa->get_state(this->ike_sa))
491 {
492 case IKE_CONNECTING:
493 /* close after sending an INFORMATIONAL when unestablished */
494 return FAILED;
495 case IKE_DELETING:
496 /* close after sending a DELETE */
497 return DESTROY_ME;
498 default:
499 break;
500 }
501 }
502 return SUCCESS;
503 }
504
505 /**
506 * handle exchange collisions
507 */
508 static bool handle_collisions(private_task_manager_t *this, task_t *task)
509 {
510 return FALSE;
511 }
512
513 /**
514 * build a response depending on the "passive" task list
515 */
516 static status_t build_response(private_task_manager_t *this, message_t *request)
517 {
518 enumerator_t *enumerator;
519 task_t *task;
520 message_t *message;
521 host_t *me, *other;
522 bool delete = FALSE, flushed = FALSE;
523 status_t status;
524
525 me = request->get_destination(request);
526 other = request->get_source(request);
527
528 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
529 message->set_exchange_type(message, request->get_exchange_type(request));
530 /* send response along the path the request came in */
531 message->set_source(message, me->clone(me));
532 message->set_destination(message, other->clone(other));
533 message->set_message_id(message, request->get_message_id(request));
534 message->set_request(message, FALSE);
535
536 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
537 while (enumerator->enumerate(enumerator, (void*)&task))
538 {
539 switch (task->build(task, message))
540 {
541 case SUCCESS:
542 /* task completed, remove it */
543 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
544 if (!handle_collisions(this, task))
545 {
546 task->destroy(task);
547 }
548 continue;
549 case NEED_MORE:
550 /* processed, but task needs another exchange */
551 if (handle_collisions(this, task))
552 {
553 this->passive_tasks->remove_at(this->passive_tasks,
554 enumerator);
555 }
556 continue;
557 case ALREADY_DONE:
558 flush_queue(this, this->passive_tasks);
559 flushed = TRUE;
560 break;
561 case FAILED:
562 default:
563 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
564 /* FALL */
565 case DESTROY_ME:
566 /* destroy IKE_SA, but SEND response first */
567 delete = TRUE;
568 break;
569 }
570 break;
571 }
572 enumerator->destroy(enumerator);
573
574 DESTROY_IF(this->responding.packet);
575 this->responding.packet = NULL;
576 if (flushed)
577 {
578 message->destroy(message);
579 return initiate(this);
580 }
581 status = this->ike_sa->generate_message(this->ike_sa, message,
582 &this->responding.packet);
583 message->destroy(message);
584 if (status != SUCCESS)
585 {
586 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
587 return DESTROY_ME;
588 }
589
590 charon->sender->send(charon->sender,
591 this->responding.packet->clone(this->responding.packet));
592 if (delete)
593 {
594 return DESTROY_ME;
595 }
596 return SUCCESS;
597 }
598
599 /**
600 * Send a notify in a separate INFORMATIONAL exchange back to the sender.
601 * The notify protocol_id is set to ISAKMP
602 */
603 static void send_notify(private_task_manager_t *this, message_t *request,
604 notify_type_t type)
605 {
606 message_t *response;
607 packet_t *packet;
608 host_t *me, *other;
609 u_int32_t mid;
610
611 if (request && request->get_exchange_type(request) == INFORMATIONAL_V1)
612 { /* don't respond to INFORMATIONAL requests to avoid a notify war */
613 DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
614 return;
615 }
616
617 response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
618 response->set_exchange_type(response, INFORMATIONAL_V1);
619 response->set_request(response, TRUE);
620 this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid);
621 response->set_message_id(response, mid);
622 response->add_payload(response, (payload_t*)
623 notify_payload_create_from_protocol_and_type(NOTIFY_V1,
624 PROTO_IKE, type));
625
626 me = this->ike_sa->get_my_host(this->ike_sa);
627 if (me->is_anyaddr(me))
628 {
629 me = request->get_destination(request);
630 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
631 }
632 other = this->ike_sa->get_other_host(this->ike_sa);
633 if (other->is_anyaddr(other))
634 {
635 other = request->get_source(request);
636 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
637 }
638 response->set_source(response, me->clone(me));
639 response->set_destination(response, other->clone(other));
640 if (this->ike_sa->generate_message(this->ike_sa, response,
641 &packet) == SUCCESS)
642 {
643 charon->sender->send(charon->sender, packet);
644 }
645 response->destroy(response);
646 }
647
648 /**
649 * handle an incoming request message
650 */
651 static status_t process_request(private_task_manager_t *this,
652 message_t *message)
653 {
654 enumerator_t *enumerator;
655 task_t *task = NULL;
656 bool send_response = FALSE;
657
658 if (this->passive_tasks->get_count(this->passive_tasks) == 0)
659 { /* create tasks depending on request type, if not already some queued */
660 switch (message->get_exchange_type(message))
661 {
662 case ID_PROT:
663 task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
664 this->passive_tasks->insert_last(this->passive_tasks, task);
665 task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
666 this->passive_tasks->insert_last(this->passive_tasks, task);
667 task = (task_t *)main_mode_create(this->ike_sa, FALSE);
668 this->passive_tasks->insert_last(this->passive_tasks, task);
669 task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
670 this->passive_tasks->insert_last(this->passive_tasks, task);
671 task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
672 this->passive_tasks->insert_last(this->passive_tasks, task);
673 break;
674 case AGGRESSIVE:
675 /* TODO-IKEv1: agressive mode */
676 return FAILED;
677 case QUICK_MODE:
678 if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
679 {
680 DBG1(DBG_IKE, "received quick mode request for "
681 "unestablished IKE_SA, ignored");
682 return FAILED;
683 }
684 task = (task_t *)quick_mode_create(this->ike_sa, NULL,
685 NULL, NULL);
686 this->passive_tasks->insert_last(this->passive_tasks, task);
687 break;
688 case INFORMATIONAL_V1:
689 task = (task_t *)informational_create(this->ike_sa, NULL);
690 this->passive_tasks->insert_last(this->passive_tasks, task);
691 break;
692 case TRANSACTION:
693 if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
694 {
695 task = (task_t *)mode_config_create(this->ike_sa, FALSE);
696 }
697 else
698 {
699 task = (task_t *)xauth_create(this->ike_sa, FALSE);
700 }
701 this->passive_tasks->insert_last(this->passive_tasks, task);
702 break;
703 default:
704 return FAILED;
705 }
706 }
707 /* let the tasks process the message */
708 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
709 while (enumerator->enumerate(enumerator, (void*)&task))
710 {
711 switch (task->process(task, message))
712 {
713 case SUCCESS:
714 /* task completed, remove it */
715 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
716 task->destroy(task);
717 continue;
718 case NEED_MORE:
719 /* processed, but task needs at least another call to build() */
720 send_response = TRUE;
721 continue;
722 case ALREADY_DONE:
723 send_response = FALSE;
724 flush_queue(this, this->passive_tasks);
725 break;
726 case FAILED:
727 default:
728 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
729 /* FALL */
730 case DESTROY_ME:
731 /* critical failure, destroy IKE_SA */
732 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
733 enumerator->destroy(enumerator);
734 task->destroy(task);
735 return DESTROY_ME;
736 }
737 break;
738 }
739 enumerator->destroy(enumerator);
740
741 if (send_response)
742 {
743 if (build_response(this, message) != SUCCESS)
744 {
745 return DESTROY_ME;
746 }
747 }
748 else
749 { /* We don't send a response, so don't retransmit one if we get
750 * the same message again. */
751 DESTROY_IF(this->responding.packet);
752 this->responding.packet = NULL;
753 }
754 if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
755 this->queued_tasks->get_count(this->queued_tasks) > 0)
756 {
757 /* passive tasks completed, check if an active task has been queued,
758 * such as XAUTH or modeconfig push */
759 return initiate(this);
760 }
761 return SUCCESS;
762 }
763
764 /**
765 * handle an incoming response message
766 */
767 static status_t process_response(private_task_manager_t *this,
768 message_t *message)
769 {
770 enumerator_t *enumerator;
771 status_t status;
772 task_t *task;
773
774 if (message->get_exchange_type(message) != this->initiating.type)
775 {
776 DBG1(DBG_IKE, "received %N response, but expected %N",
777 exchange_type_names, message->get_exchange_type(message),
778 exchange_type_names, this->initiating.type);
779 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
780 return DESTROY_ME;
781 }
782
783 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
784 while (enumerator->enumerate(enumerator, (void*)&task))
785 {
786 switch (task->process(task, message))
787 {
788 case SUCCESS:
789 /* task completed, remove it */
790 this->active_tasks->remove_at(this->active_tasks, enumerator);
791 task->destroy(task);
792 continue;
793 case NEED_MORE:
794 /* processed, but task needs another exchange */
795 continue;
796 case ALREADY_DONE:
797 flush_queue(this, this->active_tasks);
798 break;
799 case FAILED:
800 default:
801 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
802 /* FALL */
803 case DESTROY_ME:
804 /* critical failure, destroy IKE_SA */
805 this->active_tasks->remove_at(this->active_tasks, enumerator);
806 enumerator->destroy(enumerator);
807 task->destroy(task);
808 return DESTROY_ME;
809 }
810 break;
811 }
812 enumerator->destroy(enumerator);
813
814 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
815 this->initiating.packet->destroy(this->initiating.packet);
816 this->initiating.packet = NULL;
817
818 if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0)
819 {
820 status = this->public.task_manager.process_message(
821 &this->public.task_manager, this->queued);
822 this->queued->destroy(this->queued);
823 this->queued = NULL;
824 if (status == DESTROY_ME)
825 {
826 return status;
827 }
828 }
829
830 return initiate(this);
831 }
832
833 /**
834 * Parse the given message and verify that it is valid.
835 */
836 static status_t parse_message(private_task_manager_t *this, message_t *msg)
837 {
838 status_t status;
839
840 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
841
842 if (status != SUCCESS)
843 {
844 switch (status)
845 {
846 case NOT_SUPPORTED:
847 DBG1(DBG_IKE, "unsupported exchange type");
848 send_notify(this, msg, INVALID_EXCHANGE_TYPE);
849 break;
850 case PARSE_ERROR:
851 DBG1(DBG_IKE, "message parsing failed");
852 send_notify(this, msg, PAYLOAD_MALFORMED);
853 break;
854 case VERIFY_ERROR:
855 DBG1(DBG_IKE, "message verification failed");
856 send_notify(this, msg, PAYLOAD_MALFORMED);
857 break;
858 case FAILED:
859 DBG1(DBG_IKE, "integrity check failed");
860 send_notify(this, msg, INVALID_HASH_INFORMATION);
861 break;
862 case INVALID_STATE:
863 DBG1(DBG_IKE, "found encrypted message, but no keys available");
864 send_notify(this, msg, PAYLOAD_MALFORMED);
865 default:
866 break;
867 }
868 DBG1(DBG_IKE, "%N %s with message ID %u processing failed",
869 exchange_type_names, msg->get_exchange_type(msg),
870 msg->get_request(msg) ? "request" : "response",
871 msg->get_message_id(msg));
872
873 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
874 { /* invalid initiation attempt, close SA */
875 return DESTROY_ME;
876 }
877 }
878 return status;
879 }
880
881 METHOD(task_manager_t, process_message, status_t,
882 private_task_manager_t *this, message_t *msg)
883 {
884 u_int32_t hash, mid, i;
885 host_t *me, *other;
886 status_t status;
887
888 /* TODO-IKEv1: update hosts more selectively */
889 me = msg->get_destination(msg);
890 other = msg->get_source(msg);
891 mid = msg->get_message_id(msg);
892 hash = chunk_hash(msg->get_packet_data(msg));
893 for (i = 0; i < MAX_OLD_HASHES; i++)
894 {
895 if (this->initiating.old_hashes[i] == hash)
896 {
897 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
898 "but next request already sent", mid);
899 return SUCCESS;
900 }
901 }
902
903 if ((mid && mid == this->initiating.mid) ||
904 (this->initiating.mid == 0 &&
905 msg->get_exchange_type(msg) == this->initiating.type &&
906 this->active_tasks->get_count(this->active_tasks)))
907 {
908 msg->set_request(msg, FALSE);
909 status = parse_message(this, msg);
910 if (status != SUCCESS)
911 {
912 return status;
913 }
914 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
915 time_monotonic(NULL));
916 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
917 charon->bus->message(charon->bus, msg, FALSE);
918 if (process_response(this, msg) != SUCCESS)
919 {
920 flush(this);
921 return DESTROY_ME;
922 }
923 this->initiating.old_hashes[(this->initiating.old_hash_pos++) %
924 MAX_OLD_HASHES] = hash;
925 }
926 else
927 {
928 if (hash == this->responding.hash)
929 {
930 if (this->responding.packet)
931 {
932 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
933 "retransmitting response", mid);
934 charon->sender->send(charon->sender,
935 this->responding.packet->clone(this->responding.packet));
936 }
937 else
938 {
939 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
940 "but no response to retransmit", mid);
941 }
942 return SUCCESS;
943 }
944 if (msg->get_exchange_type(msg) == TRANSACTION &&
945 this->active_tasks->get_count(this->active_tasks))
946 { /* main mode not yet complete, queue XAuth/Mode config tasks */
947 if (this->queued)
948 {
949 DBG1(DBG_IKE, "ignoring additional %N request, queue full",
950 exchange_type_names, TRANSACTION);
951 return SUCCESS;
952 }
953 this->queued = message_create_from_packet(msg->get_packet(msg));
954 if (this->queued->parse_header(this->queued) != SUCCESS)
955 {
956 this->queued->destroy(this->queued);
957 this->queued = NULL;
958 return FAILED;
959 }
960 DBG1(DBG_IKE, "queueing %N request as tasks still active",
961 exchange_type_names, TRANSACTION);
962 return SUCCESS;
963 }
964
965 msg->set_request(msg, TRUE);
966 status = parse_message(this, msg);
967 if (status != SUCCESS)
968 {
969 return status;
970 }
971 /* if this IKE_SA is virgin, we check for a config */
972 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
973 {
974 ike_sa_id_t *ike_sa_id;
975 ike_cfg_t *ike_cfg;
976 job_t *job;
977 ike_cfg = charon->backends->get_ike_cfg(charon->backends, me, other);
978 if (ike_cfg == NULL)
979 {
980 /* no config found for these hosts, destroy */
981 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
982 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
983 send_notify(this, msg, NO_PROPOSAL_CHOSEN);
984 return DESTROY_ME;
985 }
986 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
987 ike_cfg->destroy(ike_cfg);
988 /* add a timeout if peer does not establish it completely */
989 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
990 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
991 lib->scheduler->schedule_job(lib->scheduler, job,
992 lib->settings->get_int(lib->settings,
993 "charon.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT));
994 }
995 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
996 time_monotonic(NULL));
997 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
998 charon->bus->message(charon->bus, msg, TRUE);
999 if (process_request(this, msg) != SUCCESS)
1000 {
1001 flush(this);
1002 return DESTROY_ME;
1003 }
1004 this->responding.hash = hash;
1005 }
1006 return SUCCESS;
1007 }
1008
1009 METHOD(task_manager_t, queue_task, void,
1010 private_task_manager_t *this, task_t *task)
1011 {
1012 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1013 this->queued_tasks->insert_last(this->queued_tasks, task);
1014 }
1015
1016 /**
1017 * Check if a given task has been queued already
1018 */
1019 static bool has_queued(private_task_manager_t *this, task_type_t type)
1020 {
1021 enumerator_t *enumerator;
1022 bool found = FALSE;
1023 task_t *task;
1024
1025 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1026 while (enumerator->enumerate(enumerator, &task))
1027 {
1028 if (task->get_type(task) == type)
1029 {
1030 found = TRUE;
1031 break;
1032 }
1033 }
1034 enumerator->destroy(enumerator);
1035 return found;
1036 }
1037
1038 METHOD(task_manager_t, queue_ike, void,
1039 private_task_manager_t *this)
1040 {
1041 if (!has_queued(this, TASK_ISAKMP_VENDOR))
1042 {
1043 queue_task(this, (task_t*)isakmp_vendor_create(this->ike_sa, TRUE));
1044 }
1045 if (!has_queued(this, TASK_ISAKMP_CERT_PRE))
1046 {
1047 queue_task(this, (task_t*)isakmp_cert_pre_create(this->ike_sa, TRUE));
1048 }
1049 if (!has_queued(this, TASK_MAIN_MODE))
1050 {
1051 queue_task(this, (task_t*)main_mode_create(this->ike_sa, TRUE));
1052 }
1053 if (!has_queued(this, TASK_ISAKMP_CERT_POST))
1054 {
1055 queue_task(this, (task_t*)isakmp_cert_post_create(this->ike_sa, TRUE));
1056 }
1057 if (!has_queued(this, TASK_ISAKMP_NATD))
1058 {
1059 queue_task(this, (task_t*)isakmp_natd_create(this->ike_sa, TRUE));
1060 }
1061 }
1062
1063 METHOD(task_manager_t, queue_ike_rekey, void,
1064 private_task_manager_t *this)
1065 {
1066 /* TODO-IKEv1: IKE_SA rekeying */
1067 }
1068
1069 METHOD(task_manager_t, queue_ike_reauth, void,
1070 private_task_manager_t *this)
1071 {
1072 /* TODO-IKEv1: IKE_SA reauth */
1073 }
1074
1075 METHOD(task_manager_t, queue_ike_delete, void,
1076 private_task_manager_t *this)
1077 {
1078 queue_task(this, (task_t*)isakmp_delete_create(this->ike_sa, TRUE));
1079 }
1080
1081 METHOD(task_manager_t, queue_mobike, void,
1082 private_task_manager_t *this, bool roam, bool address)
1083 {
1084 /* Not supported in IKEv1 */
1085 }
1086
1087 METHOD(task_manager_t, queue_child, void,
1088 private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
1089 traffic_selector_t *tsi, traffic_selector_t *tsr)
1090 {
1091 queue_task(this, (task_t*)quick_mode_create(this->ike_sa, cfg, tsi, tsr));
1092 }
1093
1094 METHOD(task_manager_t, queue_child_rekey, void,
1095 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1096 {
1097 /* TODO-IKEv1: CHILD rekeying */
1098 }
1099
1100 METHOD(task_manager_t, queue_child_delete, void,
1101 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1102 {
1103 queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol,
1104 spi, FALSE));
1105 }
1106
1107 METHOD(task_manager_t, queue_dpd, void,
1108 private_task_manager_t *this)
1109 {
1110 /* TODO-IKEv1: DPD checking */
1111 }
1112
1113 METHOD(task_manager_t, adopt_tasks, void,
1114 private_task_manager_t *this, task_manager_t *other_public)
1115 {
1116 private_task_manager_t *other = (private_task_manager_t*)other_public;
1117 task_t *task;
1118
1119 /* move queued tasks from other to this */
1120 while (other->queued_tasks->remove_last(other->queued_tasks,
1121 (void**)&task) == SUCCESS)
1122 {
1123 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1124 task->migrate(task, this->ike_sa);
1125 this->queued_tasks->insert_first(this->queued_tasks, task);
1126 }
1127 }
1128
1129 METHOD(task_manager_t, busy, bool,
1130 private_task_manager_t *this)
1131 {
1132 return (this->active_tasks->get_count(this->active_tasks) > 0);
1133 }
1134
1135 METHOD(task_manager_t, incr_mid, void,
1136 private_task_manager_t *this, bool initiate)
1137 {
1138 }
1139
1140 METHOD(task_manager_t, reset, void,
1141 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
1142 {
1143 enumerator_t *enumerator;
1144 task_t *task;
1145
1146 /* reset message counters and retransmit packets */
1147 DESTROY_IF(this->responding.packet);
1148 DESTROY_IF(this->initiating.packet);
1149 this->responding.packet = NULL;
1150 this->initiating.packet = NULL;
1151 this->initiating.mid = 0;
1152 this->initiating.seqnr = 0;
1153 this->initiating.retransmitted = 0;
1154 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
1155
1156 /* reset queued tasks */
1157 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1158 while (enumerator->enumerate(enumerator, &task))
1159 {
1160 task->migrate(task, this->ike_sa);
1161 }
1162 enumerator->destroy(enumerator);
1163
1164 /* reset active tasks */
1165 while (this->active_tasks->remove_last(this->active_tasks,
1166 (void**)&task) == SUCCESS)
1167 {
1168 task->migrate(task, this->ike_sa);
1169 this->queued_tasks->insert_first(this->queued_tasks, task);
1170 }
1171 }
1172
1173 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1174 private_task_manager_t *this, task_queue_t queue)
1175 {
1176 switch (queue)
1177 {
1178 case TASK_QUEUE_ACTIVE:
1179 return this->active_tasks->create_enumerator(this->active_tasks);
1180 case TASK_QUEUE_PASSIVE:
1181 return this->passive_tasks->create_enumerator(this->passive_tasks);
1182 case TASK_QUEUE_QUEUED:
1183 return this->queued_tasks->create_enumerator(this->queued_tasks);
1184 default:
1185 return enumerator_create_empty();
1186 }
1187 }
1188
1189 METHOD(task_manager_t, destroy, void,
1190 private_task_manager_t *this)
1191 {
1192 flush(this);
1193
1194 this->active_tasks->destroy(this->active_tasks);
1195 this->queued_tasks->destroy(this->queued_tasks);
1196 this->passive_tasks->destroy(this->passive_tasks);
1197
1198 DESTROY_IF(this->queued);
1199 DESTROY_IF(this->responding.packet);
1200 DESTROY_IF(this->initiating.packet);
1201 DESTROY_IF(this->rng);
1202 free(this);
1203 }
1204
1205 /*
1206 * see header file
1207 */
1208 task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
1209 {
1210 private_task_manager_t *this;
1211
1212 INIT(this,
1213 .public = {
1214 .task_manager = {
1215 .process_message = _process_message,
1216 .queue_task = _queue_task,
1217 .queue_ike = _queue_ike,
1218 .queue_ike_rekey = _queue_ike_rekey,
1219 .queue_ike_reauth = _queue_ike_reauth,
1220 .queue_ike_delete = _queue_ike_delete,
1221 .queue_mobike = _queue_mobike,
1222 .queue_child = _queue_child,
1223 .queue_child_rekey = _queue_child_rekey,
1224 .queue_child_delete = _queue_child_delete,
1225 .queue_dpd = _queue_dpd,
1226 .initiate = _initiate,
1227 .retransmit = _retransmit,
1228 .incr_mid = _incr_mid,
1229 .reset = _reset,
1230 .adopt_tasks = _adopt_tasks,
1231 .busy = _busy,
1232 .create_task_enumerator = _create_task_enumerator,
1233 .destroy = _destroy,
1234 },
1235 },
1236 .ike_sa = ike_sa,
1237 .initiating.type = EXCHANGE_TYPE_UNDEFINED,
1238 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
1239 .queued_tasks = linked_list_create(),
1240 .active_tasks = linked_list_create(),
1241 .passive_tasks = linked_list_create(),
1242 .retransmit_tries = lib->settings->get_int(lib->settings,
1243 "charon.retransmit_tries", RETRANSMIT_TRIES),
1244 .retransmit_timeout = lib->settings->get_double(lib->settings,
1245 "charon.retransmit_timeout", RETRANSMIT_TIMEOUT),
1246 .retransmit_base = lib->settings->get_double(lib->settings,
1247 "charon.retransmit_base", RETRANSMIT_BASE),
1248 );
1249
1250 return &this->public;
1251 }