ikev2: Return to the original host if connection fails after redirection
[strongswan.git] / src / libcharon / sa / task.h
1 /*
2 * Copyright (C) 2007-2015 Tobias Brunner
3 * Copyright (C) 2006 Martin Willi
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup task task
19 * @{ @ingroup sa
20 */
21
22 #ifndef TASK_H_
23 #define TASK_H_
24
25 #include <utils/utils.h>
26
27 typedef enum task_type_t task_type_t;
28 typedef struct task_t task_t;
29
30 #include <library.h>
31 #include <sa/ike_sa.h>
32 #include <encoding/message.h>
33
34 /**
35 * Different kinds of tasks.
36 */
37 enum task_type_t {
38 /** establish an unauthenticated IKE_SA */
39 TASK_IKE_INIT,
40 /** detect NAT situation */
41 TASK_IKE_NATD,
42 /** handle MOBIKE stuff */
43 TASK_IKE_MOBIKE,
44 /** authenticate the initiated IKE_SA */
45 TASK_IKE_AUTH,
46 /** AUTH_LIFETIME negotiation, RFC4478 */
47 TASK_IKE_AUTH_LIFETIME,
48 /** certificate processing before authentication (certreqs, cert parsing) */
49 TASK_IKE_CERT_PRE,
50 /** certificate processing after authentication (certs payload generation) */
51 TASK_IKE_CERT_POST,
52 /** Configuration payloads, virtual IP and such */
53 TASK_IKE_CONFIG,
54 /** rekey an IKE_SA */
55 TASK_IKE_REKEY,
56 /** reestablish a complete IKE_SA, break-before-make */
57 TASK_IKE_REAUTH,
58 /** completion task for make-before-break IKE_SA re-authentication */
59 TASK_IKE_REAUTH_COMPLETE,
60 /** redirect an active IKE_SA */
61 TASK_IKE_REDIRECT,
62 /** verify a peer's certificate */
63 TASK_IKE_VERIFY_PEER_CERT,
64 /** synchronize message IDs, RFC6311 */
65 TASK_IKE_MID_SYNC,
66 /** delete an IKE_SA */
67 TASK_IKE_DELETE,
68 /** liveness check */
69 TASK_IKE_DPD,
70 /** Vendor ID processing */
71 TASK_IKE_VENDOR,
72 #ifdef ME
73 /** handle ME stuff */
74 TASK_IKE_ME,
75 #endif /* ME */
76 /** establish a CHILD_SA within an IKE_SA */
77 TASK_CHILD_CREATE,
78 /** delete an established CHILD_SA */
79 TASK_CHILD_DELETE,
80 /** rekey a CHILD_SA */
81 TASK_CHILD_REKEY,
82 /** IKEv1 main mode */
83 TASK_MAIN_MODE,
84 /** IKEv1 aggressive mode */
85 TASK_AGGRESSIVE_MODE,
86 /** IKEv1 informational exchange */
87 TASK_INFORMATIONAL,
88 /** IKEv1 delete using an informational */
89 TASK_ISAKMP_DELETE,
90 /** IKEv1 XAUTH authentication */
91 TASK_XAUTH,
92 /** IKEv1 Mode Config */
93 TASK_MODE_CONFIG,
94 /** IKEv1 quick mode */
95 TASK_QUICK_MODE,
96 /** IKEv1 delete of a quick mode SA */
97 TASK_QUICK_DELETE,
98 /** IKEv1 vendor ID payload handling */
99 TASK_ISAKMP_VENDOR,
100 /** IKEv1 NAT detection */
101 TASK_ISAKMP_NATD,
102 /** IKEv1 DPD */
103 TASK_ISAKMP_DPD,
104 /** IKEv1 pre-authentication certificate handling */
105 TASK_ISAKMP_CERT_PRE,
106 /** IKEv1 post-authentication certificate handling */
107 TASK_ISAKMP_CERT_POST,
108 };
109
110 /**
111 * enum names for task_type_t.
112 */
113 extern enum_name_t *task_type_names;
114
115 /**
116 * Interface for a task, an operation handled within exchanges.
117 *
118 * A task is an elementary operation. It may be handled by a single or by
119 * multiple exchanges. An exchange may even complete multiple tasks.
120 * A task has a build() and an process() operation. The build() operation
121 * creates payloads and adds it to the message. The process() operation
122 * inspects a message and handles its payloads. An initiator of an exchange
123 * first calls build() to build the request, and processes the response message
124 * with the process() method.
125 * A responder does the opposite; it calls process() first to handle an incoming
126 * request and secondly calls build() to build an appropriate response.
127 * Both methods return either SUCCESS, NEED_MORE or FAILED. A SUCCESS indicates
128 * that the task completed, even when the task completed unsuccessfully. The
129 * manager then removes the task from the list. A NEED_MORE is returned when
130 * the task needs further build()/process() calls to complete, the manager
131 * leaves the task in the queue. A returned FAILED indicates a critical failure.
132 * The manager closes the IKE_SA whenever a task returns FAILED.
133 */
134 struct task_t {
135
136 /**
137 * Build a request or response message for this task.
138 *
139 * @param message message to add payloads to
140 * @return
141 * - FAILED if a critical error occurred
142 * - DESTROY_ME if IKE_SA has been properly deleted
143 * - NEED_MORE if another call to build/process needed
144 * - ALREADY_DONE to cancel task processing
145 * - SUCCESS if task completed
146 */
147 status_t (*build) (task_t *this, message_t *message);
148
149 /**
150 * Process a request or response message for this task.
151 *
152 * @param message message to read payloads from
153 * @return
154 * - FAILED if a critical error occurred
155 * - DESTROY_ME if IKE_SA has been properly deleted
156 * - NEED_MORE if another call to build/process needed
157 * - ALREADY_DONE to cancel task processing
158 * - SUCCESS if task completed
159 */
160 status_t (*process) (task_t *this, message_t *message);
161
162 /**
163 * Verify a message before processing it (optional to implement by tasks).
164 *
165 * @param message message to verify
166 * @return
167 * - FAILED if verification is not successful, the
168 * message will be silently discarded
169 * - DESTROY_ME if IKE_SA has to be destroyed
170 * - SUCCESS if verification is successful
171 */
172 status_t (*pre_process) (task_t *this, message_t *message);
173
174 /**
175 * Get the type of the task implementation.
176 */
177 task_type_t (*get_type) (task_t *this);
178
179 /**
180 * Migrate a task to a new IKE_SA.
181 *
182 * After migrating a task, it goes back to a state where it can be
183 * used again to initiate an exchange. This is useful when a task
184 * has to get migrated to a new IKE_SA.
185 * A special usage is when a INVALID_KE_PAYLOAD is received. A call
186 * to reset resets the task, but uses another DH group for the next
187 * try.
188 * The ike_sa is the new IKE_SA this task belongs to and operates on.
189 *
190 * @param ike_sa new IKE_SA this task works for
191 */
192 void (*migrate) (task_t *this, ike_sa_t *ike_sa);
193
194 /**
195 * Destroys a task_t object.
196 */
197 void (*destroy) (task_t *this);
198 };
199
200 #endif /** TASK_H_ @}*/