projects / strongswan.git / blob
? search:


23ef054fbef17c10a1435f4322f3bde2d667d385
[strongswan.git] / src / libcharon / sa / ikev2 / task_manager_v2.c
1 /*
2 * Copyright (C) 2007-2011 Tobias Brunner
3 * Copyright (C) 2007-2010 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "task_manager_v2.h"
18
19 #include <math.h>
20
21 #include <daemon.h>
22 #include <sa/ikev2/tasks/ike_init.h>
23 #include <sa/ikev2/tasks/ike_natd.h>
24 #include <sa/ikev2/tasks/ike_mobike.h>
25 #include <sa/ikev2/tasks/ike_auth.h>
26 #include <sa/ikev2/tasks/ike_auth_lifetime.h>
27 #include <sa/ikev2/tasks/ike_cert_pre.h>
28 #include <sa/ikev2/tasks/ike_cert_post.h>
29 #include <sa/ikev2/tasks/ike_rekey.h>
30 #include <sa/ikev2/tasks/ike_reauth.h>
31 #include <sa/ikev2/tasks/ike_delete.h>
32 #include <sa/ikev2/tasks/ike_config.h>
33 #include <sa/ikev2/tasks/ike_dpd.h>
34 #include <sa/ikev2/tasks/ike_vendor.h>
35 #include <sa/ikev2/tasks/child_create.h>
36 #include <sa/ikev2/tasks/child_rekey.h>
37 #include <sa/ikev2/tasks/child_delete.h>
38 #include <encoding/payloads/delete_payload.h>
39 #include <encoding/payloads/unknown_payload.h>
40 #include <processing/jobs/retransmit_job.h>
41 #include <processing/jobs/delete_ike_sa_job.h>
42
43 #ifdef ME
44 #include <sa/ikev2/tasks/ike_me.h>
45 #endif
46
47 typedef struct exchange_t exchange_t;
48
49 /**
50 * An exchange in the air, used do detect and handle retransmission
51 */
52 struct exchange_t {
53
54 /**
55 * Message ID used for this transaction
56 */
57 u_int32_t mid;
58
59 /**
60 * generated packet for retransmission
61 */
62 packet_t *packet;
63 };
64
65 typedef struct private_task_manager_t private_task_manager_t;
66
67 /**
68 * private data of the task manager
69 */
70 struct private_task_manager_t {
71
72 /**
73 * public functions
74 */
75 task_manager_v2_t public;
76
77 /**
78 * associated IKE_SA we are serving
79 */
80 ike_sa_t *ike_sa;
81
82 /**
83 * Exchange we are currently handling as responder
84 */
85 struct {
86 /**
87 * Message ID of the exchange
88 */
89 u_int32_t mid;
90
91 /**
92 * packet for retransmission
93 */
94 packet_t *packet;
95
96 } responding;
97
98 /**
99 * Exchange we are currently handling as initiator
100 */
101 struct {
102 /**
103 * Message ID of the exchange
104 */
105 u_int32_t mid;
106
107 /**
108 * how many times we have retransmitted so far
109 */
110 u_int retransmitted;
111
112 /**
113 * packet for retransmission
114 */
115 packet_t *packet;
116
117 /**
118 * type of the initated exchange
119 */
120 exchange_type_t type;
121
122 } initiating;
123
124 /**
125 * List of queued tasks not yet in action
126 */
127 linked_list_t *queued_tasks;
128
129 /**
130 * List of active tasks, initiated by ourselve
131 */
132 linked_list_t *active_tasks;
133
134 /**
135 * List of tasks initiated by peer
136 */
137 linked_list_t *passive_tasks;
138
139 /**
140 * the task manager has been reset
141 */
142 bool reset;
143
144 /**
145 * Number of times we retransmit messages before giving up
146 */
147 u_int retransmit_tries;
148
149 /**
150 * Retransmission timeout
151 */
152 double retransmit_timeout;
153
154 /**
155 * Base to calculate retransmission timeout
156 */
157 double retransmit_base;
158 };
159
160 /**
161 * flush all tasks in the task manager
162 */
163 static void flush(private_task_manager_t *this)
164 {
165 this->queued_tasks->destroy_offset(this->queued_tasks,
166 offsetof(task_t, destroy));
167 this->queued_tasks = linked_list_create();
168 this->passive_tasks->destroy_offset(this->passive_tasks,
169 offsetof(task_t, destroy));
170 this->passive_tasks = linked_list_create();
171 this->active_tasks->destroy_offset(this->active_tasks,
172 offsetof(task_t, destroy));
173 this->active_tasks = linked_list_create();
174 }
175
176 /**
177 * move a task of a specific type from the queue to the active list
178 */
179 static bool activate_task(private_task_manager_t *this, task_type_t type)
180 {
181 enumerator_t *enumerator;
182 task_t *task;
183 bool found = FALSE;
184
185 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
186 while (enumerator->enumerate(enumerator, (void**)&task))
187 {
188 if (task->get_type(task) == type)
189 {
190 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
191 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
192 this->active_tasks->insert_last(this->active_tasks, task);
193 found = TRUE;
194 break;
195 }
196 }
197 enumerator->destroy(enumerator);
198 return found;
199 }
200
201 METHOD(task_manager_t, retransmit, status_t,
202 private_task_manager_t *this, u_int32_t message_id)
203 {
204 if (message_id == this->initiating.mid)
205 {
206 u_int32_t timeout;
207 job_t *job;
208 enumerator_t *enumerator;
209 packet_t *packet;
210 task_t *task;
211 ike_mobike_t *mobike = NULL;
212
213 /* check if we are retransmitting a MOBIKE routability check */
214 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
215 while (enumerator->enumerate(enumerator, (void*)&task))
216 {
217 if (task->get_type(task) == TASK_IKE_MOBIKE)
218 {
219 mobike = (ike_mobike_t*)task;
220 if (!mobike->is_probing(mobike))
221 {
222 mobike = NULL;
223 }
224 break;
225 }
226 }
227 enumerator->destroy(enumerator);
228
229 if (mobike == NULL)
230 {
231 if (this->initiating.retransmitted <= this->retransmit_tries)
232 {
233 timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 *
234 pow(this->retransmit_base, this->initiating.retransmitted));
235 }
236 else
237 {
238 DBG1(DBG_IKE, "giving up after %d retransmits",
239 this->initiating.retransmitted - 1);
240 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
241 {
242 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
243 }
244 return DESTROY_ME;
245 }
246
247 if (this->initiating.retransmitted)
248 {
249 DBG1(DBG_IKE, "retransmit %d of request with message ID %d",
250 this->initiating.retransmitted, message_id);
251 }
252 packet = this->initiating.packet->clone(this->initiating.packet);
253 charon->sender->send(charon->sender, packet);
254 }
255 else
256 { /* for routeability checks, we use a more aggressive behavior */
257 if (this->initiating.retransmitted <= ROUTEABILITY_CHECK_TRIES)
258 {
259 timeout = ROUTEABILITY_CHECK_INTERVAL;
260 }
261 else
262 {
263 DBG1(DBG_IKE, "giving up after %d path probings",
264 this->initiating.retransmitted - 1);
265 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
266 return DESTROY_ME;
267 }
268
269 if (this->initiating.retransmitted)
270 {
271 DBG1(DBG_IKE, "path probing attempt %d",
272 this->initiating.retransmitted);
273 }
274 mobike->transmit(mobike, this->initiating.packet);
275 }
276
277 this->initiating.retransmitted++;
278 job = (job_t*)retransmit_job_create(this->initiating.mid,
279 this->ike_sa->get_id(this->ike_sa));
280 lib->scheduler->schedule_job_ms(lib->scheduler, job, timeout);
281 }
282 return SUCCESS;
283 }
284
285 METHOD(task_manager_t, initiate, status_t,
286 private_task_manager_t *this)
287 {
288 enumerator_t *enumerator;
289 task_t *task;
290 message_t *message;
291 host_t *me, *other;
292 status_t status;
293 exchange_type_t exchange = 0;
294
295 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
296 {
297 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
298 exchange_type_names, this->initiating.type);
299 /* do not initiate if we already have a message in the air */
300 return SUCCESS;
301 }
302
303 if (this->active_tasks->get_count(this->active_tasks) == 0)
304 {
305 DBG2(DBG_IKE, "activating new tasks");
306 switch (this->ike_sa->get_state(this->ike_sa))
307 {
308 case IKE_CREATED:
309 activate_task(this, TASK_IKE_VENDOR);
310 if (activate_task(this, TASK_IKE_INIT))
311 {
312 this->initiating.mid = 0;
313 exchange = IKE_SA_INIT;
314 activate_task(this, TASK_IKE_NATD);
315 activate_task(this, TASK_IKE_CERT_PRE);
316 #ifdef ME
317 /* this task has to be activated before the TASK_IKE_AUTH
318 * task, because that task pregenerates the packet after
319 * which no payloads can be added to the message anymore.
320 */
321 activate_task(this, TASK_IKE_ME);
322 #endif /* ME */
323 activate_task(this, TASK_IKE_AUTH);
324 activate_task(this, TASK_IKE_CERT_POST);
325 activate_task(this, TASK_IKE_CONFIG);
326 activate_task(this, TASK_CHILD_CREATE);
327 activate_task(this, TASK_IKE_AUTH_LIFETIME);
328 activate_task(this, TASK_IKE_MOBIKE);
329 }
330 break;
331 case IKE_ESTABLISHED:
332 if (activate_task(this, TASK_CHILD_CREATE))
333 {
334 exchange = CREATE_CHILD_SA;
335 break;
336 }
337 if (activate_task(this, TASK_CHILD_DELETE))
338 {
339 exchange = INFORMATIONAL;
340 break;
341 }
342 if (activate_task(this, TASK_CHILD_REKEY))
343 {
344 exchange = CREATE_CHILD_SA;
345 break;
346 }
347 if (activate_task(this, TASK_IKE_DELETE))
348 {
349 exchange = INFORMATIONAL;
350 break;
351 }
352 if (activate_task(this, TASK_IKE_REKEY))
353 {
354 exchange = CREATE_CHILD_SA;
355 break;
356 }
357 if (activate_task(this, TASK_IKE_REAUTH))
358 {
359 exchange = INFORMATIONAL;
360 break;
361 }
362 if (activate_task(this, TASK_IKE_MOBIKE))
363 {
364 exchange = INFORMATIONAL;
365 break;
366 }
367 if (activate_task(this, TASK_IKE_DPD))
368 {
369 exchange = INFORMATIONAL;
370 break;
371 }
372 #ifdef ME
373 if (activate_task(this, TASK_IKE_ME))
374 {
375 exchange = ME_CONNECT;
376 break;
377 }
378 #endif /* ME */
379 case IKE_REKEYING:
380 if (activate_task(this, TASK_IKE_DELETE))
381 {
382 exchange = INFORMATIONAL;
383 break;
384 }
385 case IKE_DELETING:
386 default:
387 break;
388 }
389 }
390 else
391 {
392 DBG2(DBG_IKE, "reinitiating already active tasks");
393 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
394 while (enumerator->enumerate(enumerator, (void**)&task))
395 {
396 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
397 switch (task->get_type(task))
398 {
399 case TASK_IKE_INIT:
400 exchange = IKE_SA_INIT;
401 break;
402 case TASK_IKE_AUTH:
403 exchange = IKE_AUTH;
404 break;
405 case TASK_CHILD_CREATE:
406 case TASK_CHILD_REKEY:
407 case TASK_IKE_REKEY:
408 exchange = CREATE_CHILD_SA;
409 break;
410 case TASK_IKE_MOBIKE:
411 exchange = INFORMATIONAL;
412 break;
413 default:
414 continue;
415 }
416 break;
417 }
418 enumerator->destroy(enumerator);
419 }
420
421 if (exchange == 0)
422 {
423 DBG2(DBG_IKE, "nothing to initiate");
424 /* nothing to do yet... */
425 return SUCCESS;
426 }
427
428 me = this->ike_sa->get_my_host(this->ike_sa);
429 other = this->ike_sa->get_other_host(this->ike_sa);
430
431 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
432 message->set_message_id(message, this->initiating.mid);
433 message->set_source(message, me->clone(me));
434 message->set_destination(message, other->clone(other));
435 message->set_exchange_type(message, exchange);
436 this->initiating.type = exchange;
437 this->initiating.retransmitted = 0;
438
439 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
440 while (enumerator->enumerate(enumerator, (void*)&task))
441 {
442 switch (task->build(task, message))
443 {
444 case SUCCESS:
445 /* task completed, remove it */
446 this->active_tasks->remove_at(this->active_tasks, enumerator);
447 task->destroy(task);
448 break;
449 case NEED_MORE:
450 /* processed, but task needs another exchange */
451 break;
452 case FAILED:
453 default:
454 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
455 {
456 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
457 }
458 /* FALL */
459 case DESTROY_ME:
460 /* critical failure, destroy IKE_SA */
461 enumerator->destroy(enumerator);
462 message->destroy(message);
463 flush(this);
464 return DESTROY_ME;
465 }
466 }
467 enumerator->destroy(enumerator);
468
469 /* update exchange type if a task changed it */
470 this->initiating.type = message->get_exchange_type(message);
471
472 status = this->ike_sa->generate_message(this->ike_sa, message,
473 &this->initiating.packet);
474 if (status != SUCCESS)
475 {
476 /* message generation failed. There is nothing more to do than to
477 * close the SA */
478 message->destroy(message);
479 flush(this);
480 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
481 return DESTROY_ME;
482 }
483 message->destroy(message);
484
485 return retransmit(this, this->initiating.mid);
486 }
487
488 /**
489 * handle an incoming response message
490 */
491 static status_t process_response(private_task_manager_t *this,
492 message_t *message)
493 {
494 enumerator_t *enumerator;
495 task_t *task;
496
497 if (message->get_exchange_type(message) != this->initiating.type)
498 {
499 DBG1(DBG_IKE, "received %N response, but expected %N",
500 exchange_type_names, message->get_exchange_type(message),
501 exchange_type_names, this->initiating.type);
502 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
503 return DESTROY_ME;
504 }
505
506 /* catch if we get resetted while processing */
507 this->reset = FALSE;
508 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
509 while (enumerator->enumerate(enumerator, (void*)&task))
510 {
511 switch (task->process(task, message))
512 {
513 case SUCCESS:
514 /* task completed, remove it */
515 this->active_tasks->remove_at(this->active_tasks, enumerator);
516 task->destroy(task);
517 break;
518 case NEED_MORE:
519 /* processed, but task needs another exchange */
520 break;
521 case FAILED:
522 default:
523 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
524 /* FALL */
525 case DESTROY_ME:
526 /* critical failure, destroy IKE_SA */
527 this->active_tasks->remove_at(this->active_tasks, enumerator);
528 enumerator->destroy(enumerator);
529 task->destroy(task);
530 return DESTROY_ME;
531 }
532 if (this->reset)
533 { /* start all over again if we were reset */
534 this->reset = FALSE;
535 enumerator->destroy(enumerator);
536 return initiate(this);
537 }
538 }
539 enumerator->destroy(enumerator);
540
541 this->initiating.mid++;
542 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
543 this->initiating.packet->destroy(this->initiating.packet);
544 this->initiating.packet = NULL;
545
546 return initiate(this);
547 }
548
549 /**
550 * handle exchange collisions
551 */
552 static bool handle_collisions(private_task_manager_t *this, task_t *task)
553 {
554 enumerator_t *enumerator;
555 task_t *active;
556 task_type_t type;
557
558 type = task->get_type(task);
559
560 /* do we have to check */
561 if (type == TASK_IKE_REKEY || type == TASK_CHILD_REKEY ||
562 type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE ||
563 type == TASK_IKE_REAUTH)
564 {
565 /* find an exchange collision, and notify these tasks */
566 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
567 while (enumerator->enumerate(enumerator, (void**)&active))
568 {
569 switch (active->get_type(active))
570 {
571 case TASK_IKE_REKEY:
572 if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE ||
573 type == TASK_IKE_REAUTH)
574 {
575 ike_rekey_t *rekey = (ike_rekey_t*)active;
576 rekey->collide(rekey, task);
577 break;
578 }
579 continue;
580 case TASK_CHILD_REKEY:
581 if (type == TASK_CHILD_REKEY || type == TASK_CHILD_DELETE)
582 {
583 child_rekey_t *rekey = (child_rekey_t*)active;
584 rekey->collide(rekey, task);
585 break;
586 }
587 continue;
588 default:
589 continue;
590 }
591 enumerator->destroy(enumerator);
592 return TRUE;
593 }
594 enumerator->destroy(enumerator);
595 }
596 return FALSE;
597 }
598
599 /**
600 * build a response depending on the "passive" task list
601 */
602 static status_t build_response(private_task_manager_t *this, message_t *request)
603 {
604 enumerator_t *enumerator;
605 task_t *task;
606 message_t *message;
607 host_t *me, *other;
608 bool delete = FALSE;
609 status_t status;
610
611 me = request->get_destination(request);
612 other = request->get_source(request);
613
614 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
615 message->set_exchange_type(message, request->get_exchange_type(request));
616 /* send response along the path the request came in */
617 message->set_source(message, me->clone(me));
618 message->set_destination(message, other->clone(other));
619 message->set_message_id(message, this->responding.mid);
620 message->set_request(message, FALSE);
621
622 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
623 while (enumerator->enumerate(enumerator, (void*)&task))
624 {
625 switch (task->build(task, message))
626 {
627 case SUCCESS:
628 /* task completed, remove it */
629 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
630 if (!handle_collisions(this, task))
631 {
632 task->destroy(task);
633 }
634 break;
635 case NEED_MORE:
636 /* processed, but task needs another exchange */
637 if (handle_collisions(this, task))
638 {
639 this->passive_tasks->remove_at(this->passive_tasks,
640 enumerator);
641 }
642 break;
643 case FAILED:
644 default:
645 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
646 /* FALL */
647 case DESTROY_ME:
648 /* destroy IKE_SA, but SEND response first */
649 delete = TRUE;
650 break;
651 }
652 if (delete)
653 {
654 break;
655 }
656 }
657 enumerator->destroy(enumerator);
658
659 /* remove resonder SPI if IKE_SA_INIT failed */
660 if (delete && request->get_exchange_type(request) == IKE_SA_INIT)
661 {
662 ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa);
663 id->set_responder_spi(id, 0);
664 }
665
666 /* message complete, send it */
667 DESTROY_IF(this->responding.packet);
668 this->responding.packet = NULL;
669 status = this->ike_sa->generate_message(this->ike_sa, message,
670 &this->responding.packet);
671 message->destroy(message);
672 if (status != SUCCESS)
673 {
674 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
675 return DESTROY_ME;
676 }
677
678 charon->sender->send(charon->sender,
679 this->responding.packet->clone(this->responding.packet));
680 if (delete)
681 {
682 return DESTROY_ME;
683 }
684 return SUCCESS;
685 }
686
687 /**
688 * handle an incoming request message
689 */
690 static status_t process_request(private_task_manager_t *this,
691 message_t *message)
692 {
693 enumerator_t *enumerator;
694 task_t *task = NULL;
695 payload_t *payload;
696 notify_payload_t *notify;
697 delete_payload_t *delete;
698
699 if (this->passive_tasks->get_count(this->passive_tasks) == 0)
700 { /* create tasks depending on request type, if not already some queued */
701 switch (message->get_exchange_type(message))
702 {
703 case IKE_SA_INIT:
704 {
705 task = (task_t*)ike_vendor_create(this->ike_sa, FALSE);
706 this->passive_tasks->insert_last(this->passive_tasks, task);
707 task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
708 this->passive_tasks->insert_last(this->passive_tasks, task);
709 task = (task_t*)ike_natd_create(this->ike_sa, FALSE);
710 this->passive_tasks->insert_last(this->passive_tasks, task);
711 task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE);
712 this->passive_tasks->insert_last(this->passive_tasks, task);
713 #ifdef ME
714 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
715 this->passive_tasks->insert_last(this->passive_tasks, task);
716 #endif /* ME */
717 task = (task_t*)ike_auth_create(this->ike_sa, FALSE);
718 this->passive_tasks->insert_last(this->passive_tasks, task);
719 task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE);
720 this->passive_tasks->insert_last(this->passive_tasks, task);
721 task = (task_t*)ike_config_create(this->ike_sa, FALSE);
722 this->passive_tasks->insert_last(this->passive_tasks, task);
723 task = (task_t*)child_create_create(this->ike_sa, NULL, FALSE,
724 NULL, NULL);
725 this->passive_tasks->insert_last(this->passive_tasks, task);
726 task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE);
727 this->passive_tasks->insert_last(this->passive_tasks, task);
728 task = (task_t*)ike_mobike_create(this->ike_sa, FALSE);
729 this->passive_tasks->insert_last(this->passive_tasks, task);
730 break;
731 }
732 case CREATE_CHILD_SA:
733 { /* FIXME: we should prevent this on mediation connections */
734 bool notify_found = FALSE, ts_found = FALSE;
735 enumerator = message->create_payload_enumerator(message);
736 while (enumerator->enumerate(enumerator, &payload))
737 {
738 switch (payload->get_type(payload))
739 {
740 case NOTIFY:
741 { /* if we find a rekey notify, its CHILD_SA rekeying */
742 notify = (notify_payload_t*)payload;
743 if (notify->get_notify_type(notify) == REKEY_SA &&
744 (notify->get_protocol_id(notify) == PROTO_AH ||
745 notify->get_protocol_id(notify) == PROTO_ESP))
746 {
747 notify_found = TRUE;
748 }
749 break;
750 }
751 case TRAFFIC_SELECTOR_INITIATOR:
752 case TRAFFIC_SELECTOR_RESPONDER:
753 { /* if we don't find a TS, its IKE rekeying */
754 ts_found = TRUE;
755 break;
756 }
757 default:
758 break;
759 }
760 }
761 enumerator->destroy(enumerator);
762
763 if (ts_found)
764 {
765 if (notify_found)
766 {
767 task = (task_t*)child_rekey_create(this->ike_sa,
768 PROTO_NONE, 0);
769 }
770 else
771 {
772 task = (task_t*)child_create_create(this->ike_sa, NULL,
773 FALSE, NULL, NULL);
774 }
775 }
776 else
777 {
778 task = (task_t*)ike_rekey_create(this->ike_sa, FALSE);
779 }
780 this->passive_tasks->insert_last(this->passive_tasks, task);
781 break;
782 }
783 case INFORMATIONAL:
784 {
785 enumerator = message->create_payload_enumerator(message);
786 while (enumerator->enumerate(enumerator, &payload))
787 {
788 switch (payload->get_type(payload))
789 {
790 case NOTIFY:
791 {
792 notify = (notify_payload_t*)payload;
793 switch (notify->get_notify_type(notify))
794 {
795 case ADDITIONAL_IP4_ADDRESS:
796 case ADDITIONAL_IP6_ADDRESS:
797 case NO_ADDITIONAL_ADDRESSES:
798 case UPDATE_SA_ADDRESSES:
799 case NO_NATS_ALLOWED:
800 case UNACCEPTABLE_ADDRESSES:
801 case UNEXPECTED_NAT_DETECTED:
802 case COOKIE2:
803 case NAT_DETECTION_SOURCE_IP:
804 case NAT_DETECTION_DESTINATION_IP:
805 task = (task_t*)ike_mobike_create(
806 this->ike_sa, FALSE);
807 break;
808 case AUTH_LIFETIME:
809 task = (task_t*)ike_auth_lifetime_create(
810 this->ike_sa, FALSE);
811 break;
812 default:
813 break;
814 }
815 break;
816 }
817 case DELETE:
818 {
819 delete = (delete_payload_t*)payload;
820 if (delete->get_protocol_id(delete) == PROTO_IKE)
821 {
822 task = (task_t*)ike_delete_create(this->ike_sa,
823 FALSE);
824 }
825 else
826 {
827 task = (task_t*)child_delete_create(this->ike_sa,
828 PROTO_NONE, 0);
829 }
830 break;
831 }
832 default:
833 break;
834 }
835 if (task)
836 {
837 break;
838 }
839 }
840 enumerator->destroy(enumerator);
841
842 if (task == NULL)
843 {
844 task = (task_t*)ike_dpd_create(FALSE);
845 }
846 this->passive_tasks->insert_last(this->passive_tasks, task);
847 break;
848 }
849 #ifdef ME
850 case ME_CONNECT:
851 {
852 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
853 this->passive_tasks->insert_last(this->passive_tasks, task);
854 }
855 #endif /* ME */
856 default:
857 break;
858 }
859 }
860
861 /* let the tasks process the message */
862 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
863 while (enumerator->enumerate(enumerator, (void*)&task))
864 {
865 switch (task->process(task, message))
866 {
867 case SUCCESS:
868 /* task completed, remove it */
869 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
870 task->destroy(task);
871 break;
872 case NEED_MORE:
873 /* processed, but task needs at least another call to build() */
874 break;
875 case FAILED:
876 default:
877 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
878 /* FALL */
879 case DESTROY_ME:
880 /* critical failure, destroy IKE_SA */
881 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
882 enumerator->destroy(enumerator);
883 task->destroy(task);
884 return DESTROY_ME;
885 }
886 }
887 enumerator->destroy(enumerator);
888
889 return build_response(this, message);
890 }
891
892 METHOD(task_manager_t, incr_mid, void,
893 private_task_manager_t *this, bool initiate)
894 {
895 if (initiate)
896 {
897 this->initiating.mid++;
898 }
899 else
900 {
901 this->responding.mid++;
902 }
903 }
904
905 /**
906 * Send a notify back to the sender
907 */
908 static void send_notify_response(private_task_manager_t *this,
909 message_t *request, notify_type_t type,
910 chunk_t data)
911 {
912 message_t *response;
913 packet_t *packet;
914 host_t *me, *other;
915
916 response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
917 response->set_exchange_type(response, request->get_exchange_type(request));
918 response->set_request(response, FALSE);
919 response->set_message_id(response, request->get_message_id(request));
920 response->add_notify(response, FALSE, type, data);
921 me = this->ike_sa->get_my_host(this->ike_sa);
922 if (me->is_anyaddr(me))
923 {
924 me = request->get_destination(request);
925 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
926 }
927 other = this->ike_sa->get_other_host(this->ike_sa);
928 if (other->is_anyaddr(other))
929 {
930 other = request->get_source(request);
931 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
932 }
933 response->set_source(response, me->clone(me));
934 response->set_destination(response, other->clone(other));
935 if (this->ike_sa->generate_message(this->ike_sa, response,
936 &packet) == SUCCESS)
937 {
938 charon->sender->send(charon->sender, packet);
939 }
940 response->destroy(response);
941 }
942
943 /**
944 * Parse the given message and verify that it is valid.
945 */
946 static status_t parse_message(private_task_manager_t *this, message_t *msg)
947 {
948 status_t status;
949 u_int8_t type = 0;
950
951 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
952
953 if (status == SUCCESS)
954 { /* check for unsupported critical payloads */
955 enumerator_t *enumerator;
956 unknown_payload_t *unknown;
957 payload_t *payload;
958
959 enumerator = msg->create_payload_enumerator(msg);
960 while (enumerator->enumerate(enumerator, &payload))
961 {
962 unknown = (unknown_payload_t*)payload;
963 type = payload->get_type(payload);
964 if (!payload_is_known(type) &&
965 unknown->is_critical(unknown))
966 {
967 DBG1(DBG_ENC, "payload type %N is not supported, "
968 "but its critical!", payload_type_names, type);
969 status = NOT_SUPPORTED;
970 }
971 }
972 enumerator->destroy(enumerator);
973 }
974
975 if (status != SUCCESS)
976 {
977 bool is_request = msg->get_request(msg);
978
979 switch (status)
980 {
981 case NOT_SUPPORTED:
982 DBG1(DBG_IKE, "critical unknown payloads found");
983 if (is_request)
984 {
985 send_notify_response(this, msg,
986 UNSUPPORTED_CRITICAL_PAYLOAD,
987 chunk_from_thing(type));
988 incr_mid(this, FALSE);
989 }
990 break;
991 case PARSE_ERROR:
992 DBG1(DBG_IKE, "message parsing failed");
993 if (is_request)
994 {
995 send_notify_response(this, msg,
996 INVALID_SYNTAX, chunk_empty);
997 incr_mid(this, FALSE);
998 }
999 break;
1000 case VERIFY_ERROR:
1001 DBG1(DBG_IKE, "message verification failed");
1002 if (is_request)
1003 {
1004 send_notify_response(this, msg,
1005 INVALID_SYNTAX, chunk_empty);
1006 incr_mid(this, FALSE);
1007 }
1008 break;
1009 case FAILED:
1010 DBG1(DBG_IKE, "integrity check failed");
1011 /* ignored */
1012 break;
1013 case INVALID_STATE:
1014 DBG1(DBG_IKE, "found encrypted message, but no keys available");
1015 default:
1016 break;
1017 }
1018 DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
1019 exchange_type_names, msg->get_exchange_type(msg),
1020 is_request ? "request" : "response",
1021 msg->get_message_id(msg));
1022
1023 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1024 { /* invalid initiation attempt, close SA */
1025 return DESTROY_ME;
1026 }
1027 }
1028 return status;
1029 }
1030
1031
1032 METHOD(task_manager_t, process_message, status_t,
1033 private_task_manager_t *this, message_t *msg)
1034 {
1035 host_t *me, *other;
1036 status_t status;
1037 u_int32_t mid;
1038
1039 status = parse_message(this, msg);
1040 if (status != SUCCESS)
1041 {
1042 return status;
1043 }
1044
1045 me = msg->get_destination(msg);
1046 other = msg->get_source(msg);
1047
1048 /* if this IKE_SA is virgin, we check for a config */
1049 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1050 {
1051 ike_sa_id_t *ike_sa_id;
1052 ike_cfg_t *ike_cfg;
1053 job_t *job;
1054 ike_cfg = charon->backends->get_ike_cfg(charon->backends, me, other);
1055 if (ike_cfg == NULL)
1056 {
1057 /* no config found for these hosts, destroy */
1058 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1059 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
1060 send_notify_response(this, msg,
1061 NO_PROPOSAL_CHOSEN, chunk_empty);
1062 return DESTROY_ME;
1063 }
1064 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1065 ike_cfg->destroy(ike_cfg);
1066 /* add a timeout if peer does not establish it completely */
1067 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1068 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1069 lib->scheduler->schedule_job(lib->scheduler, job,
1070 lib->settings->get_int(lib->settings,
1071 "charon.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT));
1072 }
1073 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1074 time_monotonic(NULL));
1075
1076 mid = msg->get_message_id(msg);
1077 if (msg->get_request(msg))
1078 {
1079 if (mid == this->responding.mid)
1080 {
1081 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
1082 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
1083 msg->get_exchange_type(msg) != IKE_SA_INIT)
1084 { /* only do host updates based on verified messages */
1085 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1086 { /* with MOBIKE, we do no implicit updates */
1087 this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
1088 }
1089 }
1090 charon->bus->message(charon->bus, msg, TRUE);
1091 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1092 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1093 return SUCCESS;
1094 }
1095 if (process_request(this, msg) != SUCCESS)
1096 {
1097 flush(this);
1098 return DESTROY_ME;
1099 }
1100 this->responding.mid++;
1101 }
1102 else if ((mid == this->responding.mid - 1) && this->responding.packet)
1103 {
1104 packet_t *clone;
1105 host_t *host;
1106
1107 DBG1(DBG_IKE, "received retransmit of request with ID %d, "
1108 "retransmitting response", mid);
1109 clone = this->responding.packet->clone(this->responding.packet);
1110 host = msg->get_destination(msg);
1111 clone->set_source(clone, host->clone(host));
1112 host = msg->get_source(msg);
1113 clone->set_destination(clone, host->clone(host));
1114 charon->sender->send(charon->sender, clone);
1115 }
1116 else
1117 {
1118 DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
1119 mid, this->responding.mid);
1120 }
1121 }
1122 else
1123 {
1124 if (mid == this->initiating.mid)
1125 {
1126 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
1127 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
1128 msg->get_exchange_type(msg) != IKE_SA_INIT)
1129 { /* only do host updates based on verified messages */
1130 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1131 { /* with MOBIKE, we do no implicit updates */
1132 this->ike_sa->update_hosts(this->ike_sa, me, other, FALSE);
1133 }
1134 }
1135 charon->bus->message(charon->bus, msg, TRUE);
1136 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1137 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1138 return SUCCESS;
1139 }
1140 if (process_response(this, msg) != SUCCESS)
1141 {
1142 flush(this);
1143 return DESTROY_ME;
1144 }
1145 }
1146 else
1147 {
1148 DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
1149 mid, this->initiating.mid);
1150 return SUCCESS;
1151 }
1152 }
1153 return SUCCESS;
1154 }
1155
1156 METHOD(task_manager_t, queue_task, void,
1157 private_task_manager_t *this, task_t *task)
1158 {
1159 if (task->get_type(task) == TASK_IKE_MOBIKE)
1160 { /* there is no need to queue more than one mobike task */
1161 enumerator_t *enumerator;
1162 task_t *current;
1163
1164 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1165 while (enumerator->enumerate(enumerator, (void**)&current))
1166 {
1167 if (current->get_type(current) == TASK_IKE_MOBIKE)
1168 {
1169 enumerator->destroy(enumerator);
1170 task->destroy(task);
1171 return;
1172 }
1173 }
1174 enumerator->destroy(enumerator);
1175 }
1176 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1177 this->queued_tasks->insert_last(this->queued_tasks, task);
1178 }
1179
1180 /**
1181 * Check if a given task has been queued already
1182 */
1183 static bool has_queued(private_task_manager_t *this, task_type_t type)
1184 {
1185 enumerator_t *enumerator;
1186 bool found = FALSE;
1187 task_t *task;
1188
1189 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1190 while (enumerator->enumerate(enumerator, &task))
1191 {
1192 if (task->get_type(task) == type)
1193 {
1194 found = TRUE;
1195 break;
1196 }
1197 }
1198 enumerator->destroy(enumerator);
1199 return found;
1200 }
1201
1202 METHOD(task_manager_t, queue_ike, void,
1203 private_task_manager_t *this)
1204 {
1205 if (!has_queued(this, TASK_IKE_VENDOR))
1206 {
1207 queue_task(this, (task_t*)ike_vendor_create(this->ike_sa, TRUE));
1208 }
1209 if (!has_queued(this, TASK_IKE_INIT))
1210 {
1211 queue_task(this, (task_t*)ike_init_create(this->ike_sa, TRUE, NULL));
1212 }
1213 if (!has_queued(this, TASK_IKE_NATD))
1214 {
1215 queue_task(this, (task_t*)ike_natd_create(this->ike_sa, TRUE));
1216 }
1217 if (!has_queued(this, TASK_IKE_CERT_PRE))
1218 {
1219 queue_task(this, (task_t*)ike_cert_pre_create(this->ike_sa, TRUE));
1220 }
1221 if (!has_queued(this, TASK_IKE_AUTH))
1222 {
1223 queue_task(this, (task_t*)ike_auth_create(this->ike_sa, TRUE));
1224 }
1225 if (!has_queued(this, TASK_IKE_CERT_POST))
1226 {
1227 queue_task(this, (task_t*)ike_cert_post_create(this->ike_sa, TRUE));
1228 }
1229 if (!has_queued(this, TASK_IKE_CONFIG))
1230 {
1231 queue_task(this, (task_t*)ike_config_create(this->ike_sa, TRUE));
1232 }
1233 if (!has_queued(this, TASK_IKE_AUTH_LIFETIME))
1234 {
1235 queue_task(this, (task_t*)ike_auth_lifetime_create(this->ike_sa, TRUE));
1236 }
1237 if (!has_queued(this, TASK_IKE_MOBIKE))
1238 {
1239 peer_cfg_t *peer_cfg;
1240
1241 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1242 if (peer_cfg->use_mobike(peer_cfg))
1243 {
1244 queue_task(this, (task_t*)ike_mobike_create(this->ike_sa, TRUE));
1245 }
1246 }
1247 #ifdef ME
1248 if (!has_queued(this, TASK_IKE_ME))
1249 {
1250 queue_task(this, (task_t*)ike_me_create(this->ike_sa, TRUE));
1251 }
1252 #endif /* ME */
1253 }
1254
1255 METHOD(task_manager_t, queue_ike_rekey, void,
1256 private_task_manager_t *this)
1257 {
1258 queue_task(this, (task_t*)ike_rekey_create(this->ike_sa, TRUE));
1259 }
1260
1261 METHOD(task_manager_t, queue_ike_reauth, void,
1262 private_task_manager_t *this)
1263 {
1264 queue_task(this, (task_t*)ike_reauth_create(this->ike_sa));
1265 }
1266
1267 METHOD(task_manager_t, queue_ike_delete, void,
1268 private_task_manager_t *this)
1269 {
1270 queue_task(this, (task_t*)ike_delete_create(this->ike_sa, TRUE));
1271 }
1272
1273 METHOD(task_manager_t, queue_mobike, void,
1274 private_task_manager_t *this, bool roam, bool address)
1275 {
1276 ike_mobike_t *mobike;
1277
1278 mobike = ike_mobike_create(this->ike_sa, TRUE);
1279 if (roam)
1280 {
1281 mobike->roam(mobike, address);
1282 }
1283 else
1284 {
1285 mobike->addresses(mobike);
1286 }
1287 queue_task(this, &mobike->task);
1288 }
1289
1290 METHOD(task_manager_t, queue_child, void,
1291 private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
1292 traffic_selector_t *tsi, traffic_selector_t *tsr)
1293 {
1294 child_create_t *task;
1295
1296 task = child_create_create(this->ike_sa, cfg, FALSE, tsi, tsr);
1297 if (reqid)
1298 {
1299 task->use_reqid(task, reqid);
1300 }
1301 queue_task(this, &task->task);
1302 }
1303
1304 METHOD(task_manager_t, queue_child_rekey, void,
1305 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1306 {
1307 queue_task(this, (task_t*)child_rekey_create(this->ike_sa, protocol, spi));
1308 }
1309
1310 METHOD(task_manager_t, queue_child_delete, void,
1311 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1312 {
1313 queue_task(this, (task_t*)child_delete_create(this->ike_sa, protocol, spi));
1314 }
1315
1316 METHOD(task_manager_t, queue_dpd, void,
1317 private_task_manager_t *this)
1318 {
1319 ike_mobike_t *mobike;
1320
1321 if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
1322 this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
1323 {
1324 /* use mobike enabled DPD to detect NAT mapping changes */
1325 mobike = ike_mobike_create(this->ike_sa, TRUE);
1326 mobike->dpd(mobike);
1327 queue_task(this, &mobike->task);
1328 }
1329 else
1330 {
1331 queue_task(this, (task_t*)ike_dpd_create(TRUE));
1332 }
1333 }
1334
1335 METHOD(task_manager_t, adopt_tasks, void,
1336 private_task_manager_t *this, task_manager_t *other_public)
1337 {
1338 private_task_manager_t *other = (private_task_manager_t*)other_public;
1339 task_t *task;
1340
1341 /* move queued tasks from other to this */
1342 while (other->queued_tasks->remove_last(other->queued_tasks,
1343 (void**)&task) == SUCCESS)
1344 {
1345 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1346 task->migrate(task, this->ike_sa);
1347 this->queued_tasks->insert_first(this->queued_tasks, task);
1348 }
1349 }
1350
1351 METHOD(task_manager_t, busy, bool,
1352 private_task_manager_t *this)
1353 {
1354 return (this->active_tasks->get_count(this->active_tasks) > 0);
1355 }
1356
1357 METHOD(task_manager_t, reset, void,
1358 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
1359 {
1360 enumerator_t *enumerator;
1361 task_t *task;
1362
1363 /* reset message counters and retransmit packets */
1364 DESTROY_IF(this->responding.packet);
1365 DESTROY_IF(this->initiating.packet);
1366 this->responding.packet = NULL;
1367 this->initiating.packet = NULL;
1368 if (initiate != UINT_MAX)
1369 {
1370 this->initiating.mid = initiate;
1371 }
1372 if (respond != UINT_MAX)
1373 {
1374 this->responding.mid = respond;
1375 }
1376 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
1377
1378 /* reset queued tasks */
1379 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1380 while (enumerator->enumerate(enumerator, &task))
1381 {
1382 task->migrate(task, this->ike_sa);
1383 }
1384 enumerator->destroy(enumerator);
1385
1386 /* reset active tasks */
1387 while (this->active_tasks->remove_last(this->active_tasks,
1388 (void**)&task) == SUCCESS)
1389 {
1390 task->migrate(task, this->ike_sa);
1391 this->queued_tasks->insert_first(this->queued_tasks, task);
1392 }
1393
1394 this->reset = TRUE;
1395 }
1396
1397 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1398 private_task_manager_t *this, task_queue_t queue)
1399 {
1400 switch (queue)
1401 {
1402 case TASK_QUEUE_ACTIVE:
1403 return this->active_tasks->create_enumerator(this->active_tasks);
1404 case TASK_QUEUE_PASSIVE:
1405 return this->passive_tasks->create_enumerator(this->passive_tasks);
1406 case TASK_QUEUE_QUEUED:
1407 return this->queued_tasks->create_enumerator(this->queued_tasks);
1408 default:
1409 return enumerator_create_empty();
1410 }
1411 }
1412
1413 METHOD(task_manager_t, destroy, void,
1414 private_task_manager_t *this)
1415 {
1416 flush(this);
1417
1418 this->active_tasks->destroy(this->active_tasks);
1419 this->queued_tasks->destroy(this->queued_tasks);
1420 this->passive_tasks->destroy(this->passive_tasks);
1421
1422 DESTROY_IF(this->responding.packet);
1423 DESTROY_IF(this->initiating.packet);
1424 free(this);
1425 }
1426
1427 /*
1428 * see header file
1429 */
1430 task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
1431 {
1432 private_task_manager_t *this;
1433
1434 INIT(this,
1435 .public = {
1436 .task_manager = {
1437 .process_message = _process_message,
1438 .queue_task = _queue_task,
1439 .queue_ike = _queue_ike,
1440 .queue_ike_rekey = _queue_ike_rekey,
1441 .queue_ike_reauth = _queue_ike_reauth,
1442 .queue_ike_delete = _queue_ike_delete,
1443 .queue_mobike = _queue_mobike,
1444 .queue_child = _queue_child,
1445 .queue_child_rekey = _queue_child_rekey,
1446 .queue_child_delete = _queue_child_delete,
1447 .queue_dpd = _queue_dpd,
1448 .initiate = _initiate,
1449 .retransmit = _retransmit,
1450 .incr_mid = _incr_mid,
1451 .reset = _reset,
1452 .adopt_tasks = _adopt_tasks,
1453 .busy = _busy,
1454 .create_task_enumerator = _create_task_enumerator,
1455 .destroy = _destroy,
1456 },
1457 },
1458 .ike_sa = ike_sa,
1459 .initiating.type = EXCHANGE_TYPE_UNDEFINED,
1460 .queued_tasks = linked_list_create(),
1461 .active_tasks = linked_list_create(),
1462 .passive_tasks = linked_list_create(),
1463 .retransmit_tries = lib->settings->get_int(lib->settings,
1464 "charon.retransmit_tries", RETRANSMIT_TRIES),
1465 .retransmit_timeout = lib->settings->get_double(lib->settings,
1466 "charon.retransmit_timeout", RETRANSMIT_TIMEOUT),
1467 .retransmit_base = lib->settings->get_double(lib->settings,
1468 "charon.retransmit_base", RETRANSMIT_BASE),
1469 );
1470
1471 return &this->public;
1472 }
strongSwan - IPsec VPN