projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
[strongswan.git] / src / libcharon / sa / ikev1 / tasks / informational.c
1 /*
2 * Copyright (C) 2011 Martin Willi
3 * Copyright (C) 2011 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "informational.h"
17
18 #include <daemon.h>
19 #include <sa/ikev1/tasks/isakmp_delete.h>
20 #include <sa/ikev1/tasks/quick_delete.h>
21
22 #include <encoding/payloads/delete_payload.h>
23
24 typedef struct private_informational_t private_informational_t;
25
26 /**
27 * Private members of a informational_t task.
28 */
29 struct private_informational_t {
30
31 /**
32 * Public methods and task_t interface.
33 */
34 informational_t public;
35
36 /**
37 * Assigned IKE_SA.
38 */
39 ike_sa_t *ike_sa;
40
41 /**
42 * Notify payload to send
43 */
44 notify_payload_t *notify;
45
46 /**
47 * Delete subtask
48 */
49 task_t *del;
50 };
51
52 /**
53 * Cancel active quick mode after receiving an error
54 */
55 static void cancel_quick_mode(private_informational_t *this)
56 {
57 enumerator_t *enumerator;
58 task_t *task;
59
60 enumerator = this->ike_sa->create_task_enumerator(this->ike_sa,
61 TASK_QUEUE_ACTIVE);
62 while (enumerator->enumerate(enumerator, &task))
63 {
64 if (task->get_type(task) == TASK_QUICK_MODE)
65 {
66 this->ike_sa->flush_queue(this->ike_sa, TASK_QUEUE_ACTIVE);
67 break;
68 }
69 }
70 enumerator->destroy(enumerator);
71 }
72
73 METHOD(task_t, build_i, status_t,
74 private_informational_t *this, message_t *message)
75 {
76 message->add_payload(message, &this->notify->payload_interface);
77 this->notify = NULL;
78 return SUCCESS;
79 }
80
81 METHOD(task_t, process_r, status_t,
82 private_informational_t *this, message_t *message)
83 {
84 enumerator_t *enumerator;
85 delete_payload_t *delete;
86 notify_payload_t *notify;
87 notify_type_t type;
88 payload_t *payload;
89 status_t status = SUCCESS;
90
91 enumerator = message->create_payload_enumerator(message);
92 while (enumerator->enumerate(enumerator, &payload))
93 {
94 switch (payload->get_type(payload))
95 {
96 case NOTIFY_V1:
97 notify = (notify_payload_t*)payload;
98 type = notify->get_notify_type(notify);
99
100 if (type == INITIAL_CONTACT_IKEV1)
101 {
102 this->ike_sa->set_condition(this->ike_sa,
103 COND_INIT_CONTACT_SEEN, TRUE);
104 }
105 else if (type == UNITY_LOAD_BALANCE)
106 {
107 host_t *redirect, *me;
108 chunk_t data;
109
110 data = notify->get_notification_data(notify);
111 redirect = host_create_from_chunk(AF_INET, data,
112 IKEV2_UDP_PORT);
113 if (redirect)
114 { /* treat the redirect as reauthentication */
115 DBG1(DBG_IKE, "received %N notify. redirected to %H",
116 notify_type_names, type, redirect);
117 /* Cisco boxes reject the first message from 4500 */
118 me = this->ike_sa->get_my_host(this->ike_sa);
119 me->set_port(me, CHARON_UDP_PORT);
120 this->ike_sa->set_other_host(this->ike_sa, redirect);
121 this->ike_sa->reauth(this->ike_sa);
122 enumerator->destroy(enumerator);
123 return DESTROY_ME;
124 }
125 else
126 {
127 DBG1(DBG_IKE, "received %N notify, invalid address");
128 }
129 }
130 else if (type < 16384)
131 {
132 DBG1(DBG_IKE, "received %N error notify",
133 notify_type_names, type);
134 if (this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING)
135 { /* only critical during main mode */
136 status = FAILED;
137 }
138 switch (type)
139 {
140 case INVALID_ID_INFORMATION:
141 case NO_PROPOSAL_CHOSEN:
142 cancel_quick_mode(this);
143 break;
144 default:
145 break;
146 }
147 break;
148 }
149 else
150 {
151 DBG1(DBG_IKE, "received %N notify",
152 notify_type_names, type);
153 }
154 continue;
155 case DELETE_V1:
156 if (!this->del)
157 {
158 delete = (delete_payload_t*)payload;
159 if (delete->get_protocol_id(delete) == PROTO_IKE)
160 {
161 this->del = (task_t*)isakmp_delete_create(this->ike_sa,
162 FALSE);
163 }
164 else
165 {
166 this->del = (task_t*)quick_delete_create(this->ike_sa,
167 PROTO_NONE, 0, FALSE, FALSE);
168 }
169 }
170 break;
171 default:
172 continue;
173 }
174 break;
175 }
176 enumerator->destroy(enumerator);
177
178 if (this->del && status == SUCCESS)
179 {
180 return this->del->process(this->del, message);
181 }
182 return status;
183 }
184
185 METHOD(task_t, build_r, status_t,
186 private_informational_t *this, message_t *message)
187 {
188 if (this->del)
189 {
190 return this->del->build(this->del, message);
191 }
192 return FAILED;
193 }
194
195 METHOD(task_t, process_i, status_t,
196 private_informational_t *this, message_t *message)
197 {
198 return FAILED;
199 }
200
201 METHOD(task_t, get_type, task_type_t,
202 private_informational_t *this)
203 {
204 return TASK_INFORMATIONAL;
205 }
206
207 METHOD(task_t, migrate, void,
208 private_informational_t *this, ike_sa_t *ike_sa)
209 {
210 this->ike_sa = ike_sa;
211 }
212
213 METHOD(task_t, destroy, void,
214 private_informational_t *this)
215 {
216 DESTROY_IF(this->notify);
217 DESTROY_IF(this->del);
218 free(this);
219 }
220
221 /*
222 * Described in header.
223 */
224 informational_t *informational_create(ike_sa_t *ike_sa, notify_payload_t *notify)
225 {
226 private_informational_t *this;
227
228 INIT(this,
229 .public = {
230 .task = {
231 .get_type = _get_type,
232 .migrate = _migrate,
233 .destroy = _destroy,
234 },
235 },
236 .ike_sa = ike_sa,
237 .notify = notify,
238 );
239
240 if (notify)
241 {
242 this->public.task.build = _build_i;
243 this->public.task.process = _process_i;
244 }
245 else
246 {
247 this->public.task.build = _build_r;
248 this->public.task.process = _process_r;
249 }
250
251 return &this->public;
252 }
strongSwan - IPsec VPN