src/libcharon/sa/ikev1/tasks/quick_delete.c

   1 /*
   2  * Copyright (C) 2011 Martin Willi
   3  * Copyright (C) 2011 revosec AG
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #include "quick_delete.h"
  17
  18 #include <daemon.h>
  19 #include <encoding/payloads/delete_payload.h>
  20
  21 typedef struct private_quick_delete_t private_quick_delete_t;
  22
  23 /**
  24  * Private members of a quick_delete_t task.
  25  */
  26 struct private_quick_delete_t {
  27
  28         /**
  29          * Public methods and task_t interface.
  30          */
  31         quick_delete_t public;
  32
  33         /**
  34          * Assigned IKE_SA.
  35          */
  36         ike_sa_t *ike_sa;
  37
  38         /**
  39          * Are we the initiator?
  40          */
  41         bool initiator;
  42
  43         /**
  44          * Protocol of CHILD_SA to delete
  45          */
  46         protocol_id_t protocol;
  47
  48         /**
  49          * Inbound SPI of CHILD_SA to delete
  50          */
  51         u_int32_t spi;
  52
  53         /**
  54          * Send delete even if SA does not exist
  55          */
  56         bool force;
  57
  58         /**
  59          * SA already expired?
  60          */
  61         bool expired;
  62 };
  63
  64 /**
  65  * Delete the specified CHILD_SA, if found
  66  */
  67 static bool delete_child(private_quick_delete_t *this,
  68                                                  protocol_id_t protocol, u_int32_t spi)
  69 {
  70         u_int64_t bytes_in, bytes_out;
  71         child_sa_t *child_sa;
  72         bool rekeyed;
  73
  74         child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, TRUE);
  75         if (!child_sa)
  76         {       /* fallback and check for outbound SA */
  77                 child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE);
  78                 if (!child_sa)
  79                 {
  80                         return FALSE;
  81                 }
  82                 this->spi = spi = child_sa->get_spi(child_sa, TRUE);
  83         }
  84
  85         rekeyed = child_sa->get_state(child_sa) == CHILD_REKEYING;
  86         child_sa->set_state(child_sa, CHILD_DELETING);
  87
  88         if (this->expired)
  89         {
  90                 DBG0(DBG_IKE, "closing expired CHILD_SA %s{%d} "
  91                          "with SPIs %.8x_i %.8x_o and TS %#R=== %#R",
  92                          child_sa->get_name(child_sa), child_sa->get_reqid(child_sa),
  93                          ntohl(child_sa->get_spi(child_sa, TRUE)),
  94                          ntohl(child_sa->get_spi(child_sa, FALSE)),
  95                          child_sa->get_traffic_selectors(child_sa, TRUE),
  96                          child_sa->get_traffic_selectors(child_sa, FALSE));
  97         }
  98         else
  99         {
 100                 child_sa->get_usestats(child_sa, TRUE, NULL, &bytes_in);
 101                 child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out);
 102
 103                 DBG0(DBG_IKE, "closing CHILD_SA %s{%d} with SPIs "
 104                          "%.8x_i (%llu bytes) %.8x_o (%llu bytes) and TS %#R=== %#R",
 105                          child_sa->get_name(child_sa), child_sa->get_reqid(child_sa),
 106                          ntohl(child_sa->get_spi(child_sa, TRUE)), bytes_in,
 107                          ntohl(child_sa->get_spi(child_sa, FALSE)), bytes_out,
 108                          child_sa->get_traffic_selectors(child_sa, TRUE),
 109                          child_sa->get_traffic_selectors(child_sa, FALSE));
 110         }
 111
 112         if (!rekeyed)
 113         {
 114                 charon->bus->child_updown(charon->bus, child_sa, FALSE);
 115         }
 116
 117         this->ike_sa->destroy_child_sa(this->ike_sa, protocol, spi);
 118
 119         /* TODO-IKEv1: handle close action? */
 120
 121         return TRUE;
 122 }
 123
 124 METHOD(task_t, build_i, status_t,
 125         private_quick_delete_t *this, message_t *message)
 126 {
 127         if (delete_child(this, this->protocol, this->spi) || this->force)
 128         {
 129                 delete_payload_t *delete_payload;
 130
 131                 DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x",
 132                          protocol_id_names, this->protocol, ntohl(this->spi));
 133
 134                 delete_payload = delete_payload_create(DELETE_V1, PROTO_ESP);
 135                 delete_payload->add_spi(delete_payload, this->spi);
 136                 message->add_payload(message, &delete_payload->payload_interface);
 137
 138                 return SUCCESS;
 139         }
 140         return ALREADY_DONE;
 141 }
 142
 143 METHOD(task_t, process_i, status_t,
 144         private_quick_delete_t *this, message_t *message)
 145 {
 146         return FAILED;
 147 }
 148
 149 METHOD(task_t, process_r, status_t,
 150         private_quick_delete_t *this, message_t *message)
 151 {
 152         enumerator_t *payloads, *spis;
 153         payload_t *payload;
 154         delete_payload_t *delete_payload;
 155         protocol_id_t protocol;
 156         u_int32_t spi;
 157
 158         payloads = message->create_payload_enumerator(message);
 159         while (payloads->enumerate(payloads, &payload))
 160         {
 161                 if (payload->get_type(payload) == DELETE_V1)
 162                 {
 163                         delete_payload = (delete_payload_t*)payload;
 164                         protocol = delete_payload->get_protocol_id(delete_payload);
 165                         if (protocol != PROTO_ESP && protocol != PROTO_AH)
 166                         {
 167                                 continue;
 168                         }
 169                         spis = delete_payload->create_spi_enumerator(delete_payload);
 170                         while (spis->enumerate(spis, &spi))
 171                         {
 172                                 DBG1(DBG_IKE, "received DELETE for %N CHILD_SA with SPI %.8x",
 173                                          protocol_id_names, protocol, ntohl(spi));
 174                                 if (!delete_child(this, protocol, spi))
 175                                 {
 176                                         DBG1(DBG_IKE, "CHILD_SA not found, ignored");
 177                                         continue;
 178                                 }
 179                         }
 180                         spis->destroy(spis);
 181                 }
 182         }
 183         payloads->destroy(payloads);
 184
 185         return SUCCESS;
 186 }
 187
 188 METHOD(task_t, build_r, status_t,
 189         private_quick_delete_t *this, message_t *message)
 190 {
 191         return FAILED;
 192 }
 193
 194 METHOD(task_t, get_type, task_type_t,
 195         private_quick_delete_t *this)
 196 {
 197         return TASK_QUICK_DELETE;
 198 }
 199
 200 METHOD(task_t, migrate, void,
 201         private_quick_delete_t *this, ike_sa_t *ike_sa)
 202 {
 203         this->ike_sa = ike_sa;
 204 }
 205
 206 METHOD(task_t, destroy, void,
 207         private_quick_delete_t *this)
 208 {
 209         free(this);
 210 }
 211
 212 /*
 213  * Described in header.
 214  */
 215 quick_delete_t *quick_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol,
 216                                                                         u_int32_t spi, bool force, bool expired)
 217 {
 218         private_quick_delete_t *this;
 219
 220         INIT(this,
 221                 .public = {
 222                         .task = {
 223                                 .get_type = _get_type,
 224                                 .migrate = _migrate,
 225                                 .destroy = _destroy,
 226                         },
 227                 },
 228                 .ike_sa = ike_sa,
 229                 .protocol = protocol,
 230                 .spi = spi,
 231                 .force = force,
 232                 .expired = expired,
 233         );
 234
 235         if (protocol != PROTO_NONE)
 236         {
 237                 this->public.task.build = _build_i;
 238                 this->public.task.process = _process_i;
 239         }
 240         else
 241         {
 242                 this->public.task.build = _build_r;
 243                 this->public.task.process = _process_r;
 244         }
 245         return &this->public;
 246 }