projects / strongswan.git / blob
? search:


5890ba5eb26f4d1b0f0b07d21523ae9ab76989b8
[strongswan.git] / src / libcharon / sa / ikev2 / task_manager_v2.c
1 /*
2 * Copyright (C) 2007-2011 Tobias Brunner
3 * Copyright (C) 2007-2010 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "task_manager_v2.h"
18
19 #include <math.h>
20
21 #include <daemon.h>
22 #include <sa/ikev2/tasks/ike_init.h>
23 #include <sa/ikev2/tasks/ike_natd.h>
24 #include <sa/ikev2/tasks/ike_mobike.h>
25 #include <sa/ikev2/tasks/ike_auth.h>
26 #include <sa/ikev2/tasks/ike_auth_lifetime.h>
27 #include <sa/ikev2/tasks/ike_cert_pre.h>
28 #include <sa/ikev2/tasks/ike_cert_post.h>
29 #include <sa/ikev2/tasks/ike_rekey.h>
30 #include <sa/ikev2/tasks/ike_reauth.h>
31 #include <sa/ikev2/tasks/ike_delete.h>
32 #include <sa/ikev2/tasks/ike_config.h>
33 #include <sa/ikev2/tasks/ike_dpd.h>
34 #include <sa/ikev2/tasks/ike_vendor.h>
35 #include <sa/ikev2/tasks/child_create.h>
36 #include <sa/ikev2/tasks/child_rekey.h>
37 #include <sa/ikev2/tasks/child_delete.h>
38 #include <encoding/payloads/delete_payload.h>
39 #include <encoding/payloads/unknown_payload.h>
40 #include <processing/jobs/retransmit_job.h>
41 #include <processing/jobs/delete_ike_sa_job.h>
42
43 #ifdef ME
44 #include <sa/ikev2/tasks/ike_me.h>
45 #endif
46
47 typedef struct exchange_t exchange_t;
48
49 /**
50 * An exchange in the air, used do detect and handle retransmission
51 */
52 struct exchange_t {
53
54 /**
55 * Message ID used for this transaction
56 */
57 u_int32_t mid;
58
59 /**
60 * generated packet for retransmission
61 */
62 packet_t *packet;
63 };
64
65 typedef struct private_task_manager_t private_task_manager_t;
66
67 /**
68 * private data of the task manager
69 */
70 struct private_task_manager_t {
71
72 /**
73 * public functions
74 */
75 task_manager_v2_t public;
76
77 /**
78 * associated IKE_SA we are serving
79 */
80 ike_sa_t *ike_sa;
81
82 /**
83 * Exchange we are currently handling as responder
84 */
85 struct {
86 /**
87 * Message ID of the exchange
88 */
89 u_int32_t mid;
90
91 /**
92 * packet for retransmission
93 */
94 packet_t *packet;
95
96 } responding;
97
98 /**
99 * Exchange we are currently handling as initiator
100 */
101 struct {
102 /**
103 * Message ID of the exchange
104 */
105 u_int32_t mid;
106
107 /**
108 * how many times we have retransmitted so far
109 */
110 u_int retransmitted;
111
112 /**
113 * packet for retransmission
114 */
115 packet_t *packet;
116
117 /**
118 * type of the initated exchange
119 */
120 exchange_type_t type;
121
122 } initiating;
123
124 /**
125 * List of queued tasks not yet in action
126 */
127 linked_list_t *queued_tasks;
128
129 /**
130 * List of active tasks, initiated by ourselve
131 */
132 linked_list_t *active_tasks;
133
134 /**
135 * List of tasks initiated by peer
136 */
137 linked_list_t *passive_tasks;
138
139 /**
140 * the task manager has been reset
141 */
142 bool reset;
143
144 /**
145 * Number of times we retransmit messages before giving up
146 */
147 u_int retransmit_tries;
148
149 /**
150 * Retransmission timeout
151 */
152 double retransmit_timeout;
153
154 /**
155 * Base to calculate retransmission timeout
156 */
157 double retransmit_base;
158 };
159
160 METHOD(task_manager_t, flush_queue, void,
161 private_task_manager_t *this, task_queue_t queue)
162 {
163 linked_list_t *list;
164 task_t *task;
165
166 switch (queue)
167 {
168 case TASK_QUEUE_ACTIVE:
169 list = this->active_tasks;
170 break;
171 case TASK_QUEUE_PASSIVE:
172 list = this->passive_tasks;
173 break;
174 case TASK_QUEUE_QUEUED:
175 list = this->queued_tasks;
176 break;
177 default:
178 return;
179 }
180 while (list->remove_last(list, (void**)&task) == SUCCESS)
181 {
182 task->destroy(task);
183 }
184 }
185
186 /**
187 * flush all tasks in the task manager
188 */
189 static void flush(private_task_manager_t *this)
190 {
191 flush_queue(this, TASK_QUEUE_QUEUED);
192 flush_queue(this, TASK_QUEUE_PASSIVE);
193 flush_queue(this, TASK_QUEUE_ACTIVE);
194 }
195
196 /**
197 * move a task of a specific type from the queue to the active list
198 */
199 static bool activate_task(private_task_manager_t *this, task_type_t type)
200 {
201 enumerator_t *enumerator;
202 task_t *task;
203 bool found = FALSE;
204
205 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
206 while (enumerator->enumerate(enumerator, (void**)&task))
207 {
208 if (task->get_type(task) == type)
209 {
210 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
211 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
212 this->active_tasks->insert_last(this->active_tasks, task);
213 found = TRUE;
214 break;
215 }
216 }
217 enumerator->destroy(enumerator);
218 return found;
219 }
220
221 METHOD(task_manager_t, retransmit, status_t,
222 private_task_manager_t *this, u_int32_t message_id)
223 {
224 if (this->initiating.packet && message_id == this->initiating.mid)
225 {
226 u_int32_t timeout;
227 job_t *job;
228 enumerator_t *enumerator;
229 packet_t *packet;
230 task_t *task;
231 ike_mobike_t *mobike = NULL;
232
233 /* check if we are retransmitting a MOBIKE routability check */
234 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
235 while (enumerator->enumerate(enumerator, (void*)&task))
236 {
237 if (task->get_type(task) == TASK_IKE_MOBIKE)
238 {
239 mobike = (ike_mobike_t*)task;
240 if (!mobike->is_probing(mobike))
241 {
242 mobike = NULL;
243 }
244 break;
245 }
246 }
247 enumerator->destroy(enumerator);
248
249 if (mobike == NULL)
250 {
251 if (this->initiating.retransmitted <= this->retransmit_tries)
252 {
253 timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 *
254 pow(this->retransmit_base, this->initiating.retransmitted));
255 }
256 else
257 {
258 DBG1(DBG_IKE, "giving up after %d retransmits",
259 this->initiating.retransmitted - 1);
260 return DESTROY_ME;
261 }
262
263 if (this->initiating.retransmitted)
264 {
265 DBG1(DBG_IKE, "retransmit %d of request with message ID %d",
266 this->initiating.retransmitted, message_id);
267 }
268 packet = this->initiating.packet->clone(this->initiating.packet);
269 charon->sender->send(charon->sender, packet);
270 }
271 else
272 { /* for routeability checks, we use a more aggressive behavior */
273 if (this->initiating.retransmitted <= ROUTEABILITY_CHECK_TRIES)
274 {
275 timeout = ROUTEABILITY_CHECK_INTERVAL;
276 }
277 else
278 {
279 DBG1(DBG_IKE, "giving up after %d path probings",
280 this->initiating.retransmitted - 1);
281 return DESTROY_ME;
282 }
283
284 if (this->initiating.retransmitted)
285 {
286 DBG1(DBG_IKE, "path probing attempt %d",
287 this->initiating.retransmitted);
288 }
289 mobike->transmit(mobike, this->initiating.packet);
290 }
291
292 this->initiating.retransmitted++;
293 job = (job_t*)retransmit_job_create(this->initiating.mid,
294 this->ike_sa->get_id(this->ike_sa));
295 lib->scheduler->schedule_job_ms(lib->scheduler, job, timeout);
296 }
297 return SUCCESS;
298 }
299
300 METHOD(task_manager_t, initiate, status_t,
301 private_task_manager_t *this)
302 {
303 enumerator_t *enumerator;
304 task_t *task;
305 message_t *message;
306 host_t *me, *other;
307 status_t status;
308 exchange_type_t exchange = 0;
309
310 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
311 {
312 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
313 exchange_type_names, this->initiating.type);
314 /* do not initiate if we already have a message in the air */
315 return SUCCESS;
316 }
317
318 if (this->active_tasks->get_count(this->active_tasks) == 0)
319 {
320 DBG2(DBG_IKE, "activating new tasks");
321 switch (this->ike_sa->get_state(this->ike_sa))
322 {
323 case IKE_CREATED:
324 activate_task(this, TASK_IKE_VENDOR);
325 if (activate_task(this, TASK_IKE_INIT))
326 {
327 this->initiating.mid = 0;
328 exchange = IKE_SA_INIT;
329 activate_task(this, TASK_IKE_NATD);
330 activate_task(this, TASK_IKE_CERT_PRE);
331 #ifdef ME
332 /* this task has to be activated before the TASK_IKE_AUTH
333 * task, because that task pregenerates the packet after
334 * which no payloads can be added to the message anymore.
335 */
336 activate_task(this, TASK_IKE_ME);
337 #endif /* ME */
338 activate_task(this, TASK_IKE_AUTH);
339 activate_task(this, TASK_IKE_CERT_POST);
340 activate_task(this, TASK_IKE_CONFIG);
341 activate_task(this, TASK_CHILD_CREATE);
342 activate_task(this, TASK_IKE_AUTH_LIFETIME);
343 activate_task(this, TASK_IKE_MOBIKE);
344 }
345 break;
346 case IKE_ESTABLISHED:
347 if (activate_task(this, TASK_CHILD_CREATE))
348 {
349 exchange = CREATE_CHILD_SA;
350 break;
351 }
352 if (activate_task(this, TASK_CHILD_DELETE))
353 {
354 exchange = INFORMATIONAL;
355 break;
356 }
357 if (activate_task(this, TASK_CHILD_REKEY))
358 {
359 exchange = CREATE_CHILD_SA;
360 break;
361 }
362 if (activate_task(this, TASK_IKE_DELETE))
363 {
364 exchange = INFORMATIONAL;
365 break;
366 }
367 if (activate_task(this, TASK_IKE_REKEY))
368 {
369 exchange = CREATE_CHILD_SA;
370 break;
371 }
372 if (activate_task(this, TASK_IKE_REAUTH))
373 {
374 exchange = INFORMATIONAL;
375 break;
376 }
377 if (activate_task(this, TASK_IKE_MOBIKE))
378 {
379 exchange = INFORMATIONAL;
380 break;
381 }
382 if (activate_task(this, TASK_IKE_DPD))
383 {
384 exchange = INFORMATIONAL;
385 break;
386 }
387 if (activate_task(this, TASK_IKE_AUTH_LIFETIME))
388 {
389 exchange = INFORMATIONAL;
390 break;
391 }
392 #ifdef ME
393 if (activate_task(this, TASK_IKE_ME))
394 {
395 exchange = ME_CONNECT;
396 break;
397 }
398 #endif /* ME */
399 case IKE_REKEYING:
400 if (activate_task(this, TASK_IKE_DELETE))
401 {
402 exchange = INFORMATIONAL;
403 break;
404 }
405 case IKE_DELETING:
406 default:
407 break;
408 }
409 }
410 else
411 {
412 DBG2(DBG_IKE, "reinitiating already active tasks");
413 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
414 while (enumerator->enumerate(enumerator, (void**)&task))
415 {
416 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
417 switch (task->get_type(task))
418 {
419 case TASK_IKE_INIT:
420 exchange = IKE_SA_INIT;
421 break;
422 case TASK_IKE_AUTH:
423 exchange = IKE_AUTH;
424 break;
425 case TASK_CHILD_CREATE:
426 case TASK_CHILD_REKEY:
427 case TASK_IKE_REKEY:
428 exchange = CREATE_CHILD_SA;
429 break;
430 case TASK_IKE_MOBIKE:
431 exchange = INFORMATIONAL;
432 break;
433 default:
434 continue;
435 }
436 break;
437 }
438 enumerator->destroy(enumerator);
439 }
440
441 if (exchange == 0)
442 {
443 DBG2(DBG_IKE, "nothing to initiate");
444 /* nothing to do yet... */
445 return SUCCESS;
446 }
447
448 me = this->ike_sa->get_my_host(this->ike_sa);
449 other = this->ike_sa->get_other_host(this->ike_sa);
450
451 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
452 message->set_message_id(message, this->initiating.mid);
453 message->set_source(message, me->clone(me));
454 message->set_destination(message, other->clone(other));
455 message->set_exchange_type(message, exchange);
456 this->initiating.type = exchange;
457 this->initiating.retransmitted = 0;
458
459 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
460 while (enumerator->enumerate(enumerator, (void*)&task))
461 {
462 switch (task->build(task, message))
463 {
464 case SUCCESS:
465 /* task completed, remove it */
466 this->active_tasks->remove_at(this->active_tasks, enumerator);
467 task->destroy(task);
468 break;
469 case NEED_MORE:
470 /* processed, but task needs another exchange */
471 break;
472 case FAILED:
473 default:
474 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
475 {
476 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
477 }
478 /* FALL */
479 case DESTROY_ME:
480 /* critical failure, destroy IKE_SA */
481 enumerator->destroy(enumerator);
482 message->destroy(message);
483 flush(this);
484 return DESTROY_ME;
485 }
486 }
487 enumerator->destroy(enumerator);
488
489 /* update exchange type if a task changed it */
490 this->initiating.type = message->get_exchange_type(message);
491
492 status = this->ike_sa->generate_message(this->ike_sa, message,
493 &this->initiating.packet);
494 if (status != SUCCESS)
495 {
496 /* message generation failed. There is nothing more to do than to
497 * close the SA */
498 message->destroy(message);
499 flush(this);
500 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
501 return DESTROY_ME;
502 }
503 message->destroy(message);
504
505 return retransmit(this, this->initiating.mid);
506 }
507
508 /**
509 * handle an incoming response message
510 */
511 static status_t process_response(private_task_manager_t *this,
512 message_t *message)
513 {
514 enumerator_t *enumerator;
515 task_t *task;
516
517 if (message->get_exchange_type(message) != this->initiating.type)
518 {
519 DBG1(DBG_IKE, "received %N response, but expected %N",
520 exchange_type_names, message->get_exchange_type(message),
521 exchange_type_names, this->initiating.type);
522 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
523 return DESTROY_ME;
524 }
525
526 /* catch if we get resetted while processing */
527 this->reset = FALSE;
528 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
529 while (enumerator->enumerate(enumerator, (void*)&task))
530 {
531 switch (task->process(task, message))
532 {
533 case SUCCESS:
534 /* task completed, remove it */
535 this->active_tasks->remove_at(this->active_tasks, enumerator);
536 task->destroy(task);
537 break;
538 case NEED_MORE:
539 /* processed, but task needs another exchange */
540 break;
541 case FAILED:
542 default:
543 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
544 /* FALL */
545 case DESTROY_ME:
546 /* critical failure, destroy IKE_SA */
547 this->active_tasks->remove_at(this->active_tasks, enumerator);
548 enumerator->destroy(enumerator);
549 task->destroy(task);
550 return DESTROY_ME;
551 }
552 if (this->reset)
553 { /* start all over again if we were reset */
554 this->reset = FALSE;
555 enumerator->destroy(enumerator);
556 return initiate(this);
557 }
558 }
559 enumerator->destroy(enumerator);
560
561 this->initiating.mid++;
562 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
563 this->initiating.packet->destroy(this->initiating.packet);
564 this->initiating.packet = NULL;
565
566 return initiate(this);
567 }
568
569 /**
570 * handle exchange collisions
571 */
572 static bool handle_collisions(private_task_manager_t *this, task_t *task)
573 {
574 enumerator_t *enumerator;
575 task_t *active;
576 task_type_t type;
577
578 type = task->get_type(task);
579
580 /* do we have to check */
581 if (type == TASK_IKE_REKEY || type == TASK_CHILD_REKEY ||
582 type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE ||
583 type == TASK_IKE_REAUTH)
584 {
585 /* find an exchange collision, and notify these tasks */
586 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
587 while (enumerator->enumerate(enumerator, (void**)&active))
588 {
589 switch (active->get_type(active))
590 {
591 case TASK_IKE_REKEY:
592 if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE ||
593 type == TASK_IKE_REAUTH)
594 {
595 ike_rekey_t *rekey = (ike_rekey_t*)active;
596 rekey->collide(rekey, task);
597 break;
598 }
599 continue;
600 case TASK_CHILD_REKEY:
601 if (type == TASK_CHILD_REKEY || type == TASK_CHILD_DELETE)
602 {
603 child_rekey_t *rekey = (child_rekey_t*)active;
604 rekey->collide(rekey, task);
605 break;
606 }
607 continue;
608 default:
609 continue;
610 }
611 enumerator->destroy(enumerator);
612 return TRUE;
613 }
614 enumerator->destroy(enumerator);
615 }
616 return FALSE;
617 }
618
619 /**
620 * build a response depending on the "passive" task list
621 */
622 static status_t build_response(private_task_manager_t *this, message_t *request)
623 {
624 enumerator_t *enumerator;
625 task_t *task;
626 message_t *message;
627 host_t *me, *other;
628 bool delete = FALSE, hook = FALSE;
629 status_t status;
630
631 me = request->get_destination(request);
632 other = request->get_source(request);
633
634 message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
635 message->set_exchange_type(message, request->get_exchange_type(request));
636 /* send response along the path the request came in */
637 message->set_source(message, me->clone(me));
638 message->set_destination(message, other->clone(other));
639 message->set_message_id(message, this->responding.mid);
640 message->set_request(message, FALSE);
641
642 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
643 while (enumerator->enumerate(enumerator, (void*)&task))
644 {
645 switch (task->build(task, message))
646 {
647 case SUCCESS:
648 /* task completed, remove it */
649 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
650 if (!handle_collisions(this, task))
651 {
652 task->destroy(task);
653 }
654 break;
655 case NEED_MORE:
656 /* processed, but task needs another exchange */
657 if (handle_collisions(this, task))
658 {
659 this->passive_tasks->remove_at(this->passive_tasks,
660 enumerator);
661 }
662 break;
663 case FAILED:
664 default:
665 hook = TRUE;
666 /* FALL */
667 case DESTROY_ME:
668 /* destroy IKE_SA, but SEND response first */
669 delete = TRUE;
670 break;
671 }
672 if (delete)
673 {
674 break;
675 }
676 }
677 enumerator->destroy(enumerator);
678
679 /* remove resonder SPI if IKE_SA_INIT failed */
680 if (delete && request->get_exchange_type(request) == IKE_SA_INIT)
681 {
682 ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa);
683 id->set_responder_spi(id, 0);
684 }
685
686 /* message complete, send it */
687 DESTROY_IF(this->responding.packet);
688 this->responding.packet = NULL;
689 status = this->ike_sa->generate_message(this->ike_sa, message,
690 &this->responding.packet);
691 message->destroy(message);
692 if (status != SUCCESS)
693 {
694 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
695 return DESTROY_ME;
696 }
697
698 charon->sender->send(charon->sender,
699 this->responding.packet->clone(this->responding.packet));
700 if (delete)
701 {
702 if (hook)
703 {
704 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
705 }
706 return DESTROY_ME;
707 }
708 return SUCCESS;
709 }
710
711 /**
712 * handle an incoming request message
713 */
714 static status_t process_request(private_task_manager_t *this,
715 message_t *message)
716 {
717 enumerator_t *enumerator;
718 task_t *task = NULL;
719 payload_t *payload;
720 notify_payload_t *notify;
721 delete_payload_t *delete;
722
723 if (this->passive_tasks->get_count(this->passive_tasks) == 0)
724 { /* create tasks depending on request type, if not already some queued */
725 switch (message->get_exchange_type(message))
726 {
727 case IKE_SA_INIT:
728 {
729 task = (task_t*)ike_vendor_create(this->ike_sa, FALSE);
730 this->passive_tasks->insert_last(this->passive_tasks, task);
731 task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
732 this->passive_tasks->insert_last(this->passive_tasks, task);
733 task = (task_t*)ike_natd_create(this->ike_sa, FALSE);
734 this->passive_tasks->insert_last(this->passive_tasks, task);
735 task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE);
736 this->passive_tasks->insert_last(this->passive_tasks, task);
737 #ifdef ME
738 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
739 this->passive_tasks->insert_last(this->passive_tasks, task);
740 #endif /* ME */
741 task = (task_t*)ike_auth_create(this->ike_sa, FALSE);
742 this->passive_tasks->insert_last(this->passive_tasks, task);
743 task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE);
744 this->passive_tasks->insert_last(this->passive_tasks, task);
745 task = (task_t*)ike_config_create(this->ike_sa, FALSE);
746 this->passive_tasks->insert_last(this->passive_tasks, task);
747 task = (task_t*)child_create_create(this->ike_sa, NULL, FALSE,
748 NULL, NULL);
749 this->passive_tasks->insert_last(this->passive_tasks, task);
750 task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE);
751 this->passive_tasks->insert_last(this->passive_tasks, task);
752 task = (task_t*)ike_mobike_create(this->ike_sa, FALSE);
753 this->passive_tasks->insert_last(this->passive_tasks, task);
754 break;
755 }
756 case CREATE_CHILD_SA:
757 { /* FIXME: we should prevent this on mediation connections */
758 bool notify_found = FALSE, ts_found = FALSE;
759 enumerator = message->create_payload_enumerator(message);
760 while (enumerator->enumerate(enumerator, &payload))
761 {
762 switch (payload->get_type(payload))
763 {
764 case NOTIFY:
765 { /* if we find a rekey notify, its CHILD_SA rekeying */
766 notify = (notify_payload_t*)payload;
767 if (notify->get_notify_type(notify) == REKEY_SA &&
768 (notify->get_protocol_id(notify) == PROTO_AH ||
769 notify->get_protocol_id(notify) == PROTO_ESP))
770 {
771 notify_found = TRUE;
772 }
773 break;
774 }
775 case TRAFFIC_SELECTOR_INITIATOR:
776 case TRAFFIC_SELECTOR_RESPONDER:
777 { /* if we don't find a TS, its IKE rekeying */
778 ts_found = TRUE;
779 break;
780 }
781 default:
782 break;
783 }
784 }
785 enumerator->destroy(enumerator);
786
787 if (ts_found)
788 {
789 if (notify_found)
790 {
791 task = (task_t*)child_rekey_create(this->ike_sa,
792 PROTO_NONE, 0);
793 }
794 else
795 {
796 task = (task_t*)child_create_create(this->ike_sa, NULL,
797 FALSE, NULL, NULL);
798 }
799 }
800 else
801 {
802 task = (task_t*)ike_rekey_create(this->ike_sa, FALSE);
803 }
804 this->passive_tasks->insert_last(this->passive_tasks, task);
805 break;
806 }
807 case INFORMATIONAL:
808 {
809 enumerator = message->create_payload_enumerator(message);
810 while (enumerator->enumerate(enumerator, &payload))
811 {
812 switch (payload->get_type(payload))
813 {
814 case NOTIFY:
815 {
816 notify = (notify_payload_t*)payload;
817 switch (notify->get_notify_type(notify))
818 {
819 case ADDITIONAL_IP4_ADDRESS:
820 case ADDITIONAL_IP6_ADDRESS:
821 case NO_ADDITIONAL_ADDRESSES:
822 case UPDATE_SA_ADDRESSES:
823 case NO_NATS_ALLOWED:
824 case UNACCEPTABLE_ADDRESSES:
825 case UNEXPECTED_NAT_DETECTED:
826 case COOKIE2:
827 case NAT_DETECTION_SOURCE_IP:
828 case NAT_DETECTION_DESTINATION_IP:
829 task = (task_t*)ike_mobike_create(
830 this->ike_sa, FALSE);
831 break;
832 case AUTH_LIFETIME:
833 task = (task_t*)ike_auth_lifetime_create(
834 this->ike_sa, FALSE);
835 break;
836 default:
837 break;
838 }
839 break;
840 }
841 case DELETE:
842 {
843 delete = (delete_payload_t*)payload;
844 if (delete->get_protocol_id(delete) == PROTO_IKE)
845 {
846 task = (task_t*)ike_delete_create(this->ike_sa,
847 FALSE);
848 }
849 else
850 {
851 task = (task_t*)child_delete_create(this->ike_sa,
852 PROTO_NONE, 0, FALSE);
853 }
854 break;
855 }
856 default:
857 break;
858 }
859 if (task)
860 {
861 break;
862 }
863 }
864 enumerator->destroy(enumerator);
865
866 if (task == NULL)
867 {
868 task = (task_t*)ike_dpd_create(FALSE);
869 }
870 this->passive_tasks->insert_last(this->passive_tasks, task);
871 break;
872 }
873 #ifdef ME
874 case ME_CONNECT:
875 {
876 task = (task_t*)ike_me_create(this->ike_sa, FALSE);
877 this->passive_tasks->insert_last(this->passive_tasks, task);
878 }
879 #endif /* ME */
880 default:
881 break;
882 }
883 }
884
885 /* let the tasks process the message */
886 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
887 while (enumerator->enumerate(enumerator, (void*)&task))
888 {
889 switch (task->process(task, message))
890 {
891 case SUCCESS:
892 /* task completed, remove it */
893 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
894 task->destroy(task);
895 break;
896 case NEED_MORE:
897 /* processed, but task needs at least another call to build() */
898 break;
899 case FAILED:
900 default:
901 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
902 /* FALL */
903 case DESTROY_ME:
904 /* critical failure, destroy IKE_SA */
905 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
906 enumerator->destroy(enumerator);
907 task->destroy(task);
908 return DESTROY_ME;
909 }
910 }
911 enumerator->destroy(enumerator);
912
913 return build_response(this, message);
914 }
915
916 METHOD(task_manager_t, incr_mid, void,
917 private_task_manager_t *this, bool initiate)
918 {
919 if (initiate)
920 {
921 this->initiating.mid++;
922 }
923 else
924 {
925 this->responding.mid++;
926 }
927 }
928
929 /**
930 * Send a notify back to the sender
931 */
932 static void send_notify_response(private_task_manager_t *this,
933 message_t *request, notify_type_t type,
934 chunk_t data)
935 {
936 message_t *response;
937 packet_t *packet;
938 host_t *me, *other;
939
940 response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
941 response->set_exchange_type(response, request->get_exchange_type(request));
942 response->set_request(response, FALSE);
943 response->set_message_id(response, request->get_message_id(request));
944 response->add_notify(response, FALSE, type, data);
945 me = this->ike_sa->get_my_host(this->ike_sa);
946 if (me->is_anyaddr(me))
947 {
948 me = request->get_destination(request);
949 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
950 }
951 other = this->ike_sa->get_other_host(this->ike_sa);
952 if (other->is_anyaddr(other))
953 {
954 other = request->get_source(request);
955 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
956 }
957 response->set_source(response, me->clone(me));
958 response->set_destination(response, other->clone(other));
959 if (this->ike_sa->generate_message(this->ike_sa, response,
960 &packet) == SUCCESS)
961 {
962 charon->sender->send(charon->sender, packet);
963 }
964 response->destroy(response);
965 }
966
967 /**
968 * Parse the given message and verify that it is valid.
969 */
970 static status_t parse_message(private_task_manager_t *this, message_t *msg)
971 {
972 status_t status;
973 u_int8_t type = 0;
974
975 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
976
977 if (status == SUCCESS)
978 { /* check for unsupported critical payloads */
979 enumerator_t *enumerator;
980 unknown_payload_t *unknown;
981 payload_t *payload;
982
983 enumerator = msg->create_payload_enumerator(msg);
984 while (enumerator->enumerate(enumerator, &payload))
985 {
986 unknown = (unknown_payload_t*)payload;
987 type = payload->get_type(payload);
988 if (!payload_is_known(type) &&
989 unknown->is_critical(unknown))
990 {
991 DBG1(DBG_ENC, "payload type %N is not supported, "
992 "but its critical!", payload_type_names, type);
993 status = NOT_SUPPORTED;
994 break;
995 }
996 }
997 enumerator->destroy(enumerator);
998 }
999
1000 if (status != SUCCESS)
1001 {
1002 bool is_request = msg->get_request(msg);
1003
1004 switch (status)
1005 {
1006 case NOT_SUPPORTED:
1007 DBG1(DBG_IKE, "critical unknown payloads found");
1008 if (is_request)
1009 {
1010 send_notify_response(this, msg,
1011 UNSUPPORTED_CRITICAL_PAYLOAD,
1012 chunk_from_thing(type));
1013 incr_mid(this, FALSE);
1014 }
1015 break;
1016 case PARSE_ERROR:
1017 DBG1(DBG_IKE, "message parsing failed");
1018 if (is_request)
1019 {
1020 send_notify_response(this, msg,
1021 INVALID_SYNTAX, chunk_empty);
1022 incr_mid(this, FALSE);
1023 }
1024 break;
1025 case VERIFY_ERROR:
1026 DBG1(DBG_IKE, "message verification failed");
1027 if (is_request)
1028 {
1029 send_notify_response(this, msg,
1030 INVALID_SYNTAX, chunk_empty);
1031 incr_mid(this, FALSE);
1032 }
1033 break;
1034 case FAILED:
1035 DBG1(DBG_IKE, "integrity check failed");
1036 /* ignored */
1037 break;
1038 case INVALID_STATE:
1039 DBG1(DBG_IKE, "found encrypted message, but no keys available");
1040 default:
1041 break;
1042 }
1043 DBG1(DBG_IKE, "%N %s with message ID %d processing failed",
1044 exchange_type_names, msg->get_exchange_type(msg),
1045 is_request ? "request" : "response",
1046 msg->get_message_id(msg));
1047
1048 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1049 { /* invalid initiation attempt, close SA */
1050 return DESTROY_ME;
1051 }
1052 }
1053 return status;
1054 }
1055
1056
1057 METHOD(task_manager_t, process_message, status_t,
1058 private_task_manager_t *this, message_t *msg)
1059 {
1060 host_t *me, *other;
1061 status_t status;
1062 u_int32_t mid;
1063
1064 charon->bus->message(charon->bus, msg, TRUE, FALSE);
1065 status = parse_message(this, msg);
1066 if (status != SUCCESS)
1067 {
1068 return status;
1069 }
1070
1071 me = msg->get_destination(msg);
1072 other = msg->get_source(msg);
1073
1074 /* if this IKE_SA is virgin, we check for a config */
1075 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1076 {
1077 ike_sa_id_t *ike_sa_id;
1078 ike_cfg_t *ike_cfg;
1079 job_t *job;
1080 ike_cfg = charon->backends->get_ike_cfg(charon->backends,
1081 me, other, IKEV2);
1082 if (ike_cfg == NULL)
1083 {
1084 /* no config found for these hosts, destroy */
1085 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1086 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
1087 send_notify_response(this, msg,
1088 NO_PROPOSAL_CHOSEN, chunk_empty);
1089 return DESTROY_ME;
1090 }
1091 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1092 ike_cfg->destroy(ike_cfg);
1093 /* add a timeout if peer does not establish it completely */
1094 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1095 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1096 lib->scheduler->schedule_job(lib->scheduler, job,
1097 lib->settings->get_int(lib->settings,
1098 "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
1099 charon->name));
1100 }
1101 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1102 time_monotonic(NULL));
1103
1104 mid = msg->get_message_id(msg);
1105 if (msg->get_request(msg))
1106 {
1107 if (mid == this->responding.mid)
1108 {
1109 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
1110 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
1111 msg->get_exchange_type(msg) != IKE_SA_INIT)
1112 { /* only do host updates based on verified messages */
1113 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1114 { /* with MOBIKE, we do no implicit updates */
1115 this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
1116 }
1117 }
1118 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1119 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1120 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1121 return SUCCESS;
1122 }
1123 if (process_request(this, msg) != SUCCESS)
1124 {
1125 flush(this);
1126 return DESTROY_ME;
1127 }
1128 this->responding.mid++;
1129 }
1130 else if ((mid == this->responding.mid - 1) && this->responding.packet)
1131 {
1132 packet_t *clone;
1133 host_t *host;
1134
1135 DBG1(DBG_IKE, "received retransmit of request with ID %d, "
1136 "retransmitting response", mid);
1137 clone = this->responding.packet->clone(this->responding.packet);
1138 host = msg->get_destination(msg);
1139 clone->set_source(clone, host->clone(host));
1140 host = msg->get_source(msg);
1141 clone->set_destination(clone, host->clone(host));
1142 charon->sender->send(charon->sender, clone);
1143 }
1144 else
1145 {
1146 DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
1147 mid, this->responding.mid);
1148 }
1149 }
1150 else
1151 {
1152 if (mid == this->initiating.mid)
1153 {
1154 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
1155 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
1156 msg->get_exchange_type(msg) != IKE_SA_INIT)
1157 { /* only do host updates based on verified messages */
1158 if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
1159 { /* with MOBIKE, we do no implicit updates */
1160 this->ike_sa->update_hosts(this->ike_sa, me, other, FALSE);
1161 }
1162 }
1163 charon->bus->message(charon->bus, msg, TRUE, TRUE);
1164 if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
1165 { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
1166 return SUCCESS;
1167 }
1168 if (process_response(this, msg) != SUCCESS)
1169 {
1170 flush(this);
1171 return DESTROY_ME;
1172 }
1173 }
1174 else
1175 {
1176 DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
1177 mid, this->initiating.mid);
1178 return SUCCESS;
1179 }
1180 }
1181 return SUCCESS;
1182 }
1183
1184 METHOD(task_manager_t, queue_task, void,
1185 private_task_manager_t *this, task_t *task)
1186 {
1187 if (task->get_type(task) == TASK_IKE_MOBIKE)
1188 { /* there is no need to queue more than one mobike task */
1189 enumerator_t *enumerator;
1190 task_t *current;
1191
1192 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1193 while (enumerator->enumerate(enumerator, (void**)&current))
1194 {
1195 if (current->get_type(current) == TASK_IKE_MOBIKE)
1196 {
1197 enumerator->destroy(enumerator);
1198 task->destroy(task);
1199 return;
1200 }
1201 }
1202 enumerator->destroy(enumerator);
1203 }
1204 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1205 this->queued_tasks->insert_last(this->queued_tasks, task);
1206 }
1207
1208 /**
1209 * Check if a given task has been queued already
1210 */
1211 static bool has_queued(private_task_manager_t *this, task_type_t type)
1212 {
1213 enumerator_t *enumerator;
1214 bool found = FALSE;
1215 task_t *task;
1216
1217 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1218 while (enumerator->enumerate(enumerator, &task))
1219 {
1220 if (task->get_type(task) == type)
1221 {
1222 found = TRUE;
1223 break;
1224 }
1225 }
1226 enumerator->destroy(enumerator);
1227 return found;
1228 }
1229
1230 METHOD(task_manager_t, queue_ike, void,
1231 private_task_manager_t *this)
1232 {
1233 if (!has_queued(this, TASK_IKE_VENDOR))
1234 {
1235 queue_task(this, (task_t*)ike_vendor_create(this->ike_sa, TRUE));
1236 }
1237 if (!has_queued(this, TASK_IKE_INIT))
1238 {
1239 queue_task(this, (task_t*)ike_init_create(this->ike_sa, TRUE, NULL));
1240 }
1241 if (!has_queued(this, TASK_IKE_NATD))
1242 {
1243 queue_task(this, (task_t*)ike_natd_create(this->ike_sa, TRUE));
1244 }
1245 if (!has_queued(this, TASK_IKE_CERT_PRE))
1246 {
1247 queue_task(this, (task_t*)ike_cert_pre_create(this->ike_sa, TRUE));
1248 }
1249 if (!has_queued(this, TASK_IKE_AUTH))
1250 {
1251 queue_task(this, (task_t*)ike_auth_create(this->ike_sa, TRUE));
1252 }
1253 if (!has_queued(this, TASK_IKE_CERT_POST))
1254 {
1255 queue_task(this, (task_t*)ike_cert_post_create(this->ike_sa, TRUE));
1256 }
1257 if (!has_queued(this, TASK_IKE_CONFIG))
1258 {
1259 queue_task(this, (task_t*)ike_config_create(this->ike_sa, TRUE));
1260 }
1261 if (!has_queued(this, TASK_IKE_AUTH_LIFETIME))
1262 {
1263 queue_task(this, (task_t*)ike_auth_lifetime_create(this->ike_sa, TRUE));
1264 }
1265 if (!has_queued(this, TASK_IKE_MOBIKE))
1266 {
1267 peer_cfg_t *peer_cfg;
1268
1269 peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1270 if (peer_cfg->use_mobike(peer_cfg))
1271 {
1272 queue_task(this, (task_t*)ike_mobike_create(this->ike_sa, TRUE));
1273 }
1274 }
1275 #ifdef ME
1276 if (!has_queued(this, TASK_IKE_ME))
1277 {
1278 queue_task(this, (task_t*)ike_me_create(this->ike_sa, TRUE));
1279 }
1280 #endif /* ME */
1281 }
1282
1283 METHOD(task_manager_t, queue_ike_rekey, void,
1284 private_task_manager_t *this)
1285 {
1286 queue_task(this, (task_t*)ike_rekey_create(this->ike_sa, TRUE));
1287 }
1288
1289 METHOD(task_manager_t, queue_ike_reauth, void,
1290 private_task_manager_t *this)
1291 {
1292 queue_task(this, (task_t*)ike_reauth_create(this->ike_sa));
1293 }
1294
1295 METHOD(task_manager_t, queue_ike_delete, void,
1296 private_task_manager_t *this)
1297 {
1298 queue_task(this, (task_t*)ike_delete_create(this->ike_sa, TRUE));
1299 }
1300
1301 METHOD(task_manager_t, queue_mobike, void,
1302 private_task_manager_t *this, bool roam, bool address)
1303 {
1304 ike_mobike_t *mobike;
1305
1306 mobike = ike_mobike_create(this->ike_sa, TRUE);
1307 if (roam)
1308 {
1309 mobike->roam(mobike, address);
1310 }
1311 else
1312 {
1313 mobike->addresses(mobike);
1314 }
1315 queue_task(this, &mobike->task);
1316 }
1317
1318 METHOD(task_manager_t, queue_child, void,
1319 private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid,
1320 traffic_selector_t *tsi, traffic_selector_t *tsr)
1321 {
1322 child_create_t *task;
1323
1324 task = child_create_create(this->ike_sa, cfg, FALSE, tsi, tsr);
1325 if (reqid)
1326 {
1327 task->use_reqid(task, reqid);
1328 }
1329 queue_task(this, &task->task);
1330 }
1331
1332 METHOD(task_manager_t, queue_child_rekey, void,
1333 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi)
1334 {
1335 queue_task(this, (task_t*)child_rekey_create(this->ike_sa, protocol, spi));
1336 }
1337
1338 METHOD(task_manager_t, queue_child_delete, void,
1339 private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi,
1340 bool expired)
1341 {
1342 queue_task(this, (task_t*)child_delete_create(this->ike_sa,
1343 protocol, spi, expired));
1344 }
1345
1346 METHOD(task_manager_t, queue_dpd, void,
1347 private_task_manager_t *this)
1348 {
1349 ike_mobike_t *mobike;
1350
1351 if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
1352 this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
1353 {
1354 /* use mobike enabled DPD to detect NAT mapping changes */
1355 mobike = ike_mobike_create(this->ike_sa, TRUE);
1356 mobike->dpd(mobike);
1357 queue_task(this, &mobike->task);
1358 }
1359 else
1360 {
1361 queue_task(this, (task_t*)ike_dpd_create(TRUE));
1362 }
1363 }
1364
1365 METHOD(task_manager_t, adopt_tasks, void,
1366 private_task_manager_t *this, task_manager_t *other_public)
1367 {
1368 private_task_manager_t *other = (private_task_manager_t*)other_public;
1369 task_t *task;
1370
1371 /* move queued tasks from other to this */
1372 while (other->queued_tasks->remove_last(other->queued_tasks,
1373 (void**)&task) == SUCCESS)
1374 {
1375 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1376 task->migrate(task, this->ike_sa);
1377 this->queued_tasks->insert_first(this->queued_tasks, task);
1378 }
1379 }
1380
1381 METHOD(task_manager_t, busy, bool,
1382 private_task_manager_t *this)
1383 {
1384 return (this->active_tasks->get_count(this->active_tasks) > 0);
1385 }
1386
1387 METHOD(task_manager_t, reset, void,
1388 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
1389 {
1390 enumerator_t *enumerator;
1391 task_t *task;
1392
1393 /* reset message counters and retransmit packets */
1394 DESTROY_IF(this->responding.packet);
1395 DESTROY_IF(this->initiating.packet);
1396 this->responding.packet = NULL;
1397 this->initiating.packet = NULL;
1398 if (initiate != UINT_MAX)
1399 {
1400 this->initiating.mid = initiate;
1401 }
1402 if (respond != UINT_MAX)
1403 {
1404 this->responding.mid = respond;
1405 }
1406 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
1407
1408 /* reset queued tasks */
1409 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1410 while (enumerator->enumerate(enumerator, &task))
1411 {
1412 task->migrate(task, this->ike_sa);
1413 }
1414 enumerator->destroy(enumerator);
1415
1416 /* reset active tasks */
1417 while (this->active_tasks->remove_last(this->active_tasks,
1418 (void**)&task) == SUCCESS)
1419 {
1420 task->migrate(task, this->ike_sa);
1421 this->queued_tasks->insert_first(this->queued_tasks, task);
1422 }
1423
1424 this->reset = TRUE;
1425 }
1426
1427 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1428 private_task_manager_t *this, task_queue_t queue)
1429 {
1430 switch (queue)
1431 {
1432 case TASK_QUEUE_ACTIVE:
1433 return this->active_tasks->create_enumerator(this->active_tasks);
1434 case TASK_QUEUE_PASSIVE:
1435 return this->passive_tasks->create_enumerator(this->passive_tasks);
1436 case TASK_QUEUE_QUEUED:
1437 return this->queued_tasks->create_enumerator(this->queued_tasks);
1438 default:
1439 return enumerator_create_empty();
1440 }
1441 }
1442
1443 METHOD(task_manager_t, destroy, void,
1444 private_task_manager_t *this)
1445 {
1446 flush(this);
1447
1448 this->active_tasks->destroy(this->active_tasks);
1449 this->queued_tasks->destroy(this->queued_tasks);
1450 this->passive_tasks->destroy(this->passive_tasks);
1451
1452 DESTROY_IF(this->responding.packet);
1453 DESTROY_IF(this->initiating.packet);
1454 free(this);
1455 }
1456
1457 /*
1458 * see header file
1459 */
1460 task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
1461 {
1462 private_task_manager_t *this;
1463
1464 INIT(this,
1465 .public = {
1466 .task_manager = {
1467 .process_message = _process_message,
1468 .queue_task = _queue_task,
1469 .queue_ike = _queue_ike,
1470 .queue_ike_rekey = _queue_ike_rekey,
1471 .queue_ike_reauth = _queue_ike_reauth,
1472 .queue_ike_delete = _queue_ike_delete,
1473 .queue_mobike = _queue_mobike,
1474 .queue_child = _queue_child,
1475 .queue_child_rekey = _queue_child_rekey,
1476 .queue_child_delete = _queue_child_delete,
1477 .queue_dpd = _queue_dpd,
1478 .initiate = _initiate,
1479 .retransmit = _retransmit,
1480 .incr_mid = _incr_mid,
1481 .reset = _reset,
1482 .adopt_tasks = _adopt_tasks,
1483 .busy = _busy,
1484 .create_task_enumerator = _create_task_enumerator,
1485 .flush_queue = _flush_queue,
1486 .destroy = _destroy,
1487 },
1488 },
1489 .ike_sa = ike_sa,
1490 .initiating.type = EXCHANGE_TYPE_UNDEFINED,
1491 .queued_tasks = linked_list_create(),
1492 .active_tasks = linked_list_create(),
1493 .passive_tasks = linked_list_create(),
1494 .retransmit_tries = lib->settings->get_int(lib->settings,
1495 "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name),
1496 .retransmit_timeout = lib->settings->get_double(lib->settings,
1497 "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name),
1498 .retransmit_base = lib->settings->get_double(lib->settings,
1499 "%s.retransmit_base", RETRANSMIT_BASE, charon->name),
1500 );
1501
1502 return &this->public;
1503 }
strongSwan - IPsec VPN