Keep a history of received response hashes to detect late retransmissions
[strongswan.git] / src / libcharon / sa / task_manager_v1.c
1 /*
2 * Copyright (C) 2007-2011 Tobias Brunner
3 * Copyright (C) 2007-2011 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "task_manager_v1.h"
18
19 #include <math.h>
20
21 #include <daemon.h>
22 #include <sa/tasks/main_mode.h>
23 #include <sa/tasks/quick_mode.h>
24 #include <sa/tasks/xauth.h>
25 #include <sa/tasks/mode_config.h>
26 #include <sa/tasks/informational.h>
27 #include <sa/tasks/ike_natd_v1.h>
28 #include <sa/tasks/ike_vendor_v1.h>
29 #include <sa/tasks/ike_cert_pre_v1.h>
30 #include <sa/tasks/ike_cert_post_v1.h>
31 #include <processing/jobs/retransmit_job.h>
32 #include <processing/jobs/delete_ike_sa_job.h>
33
34 /**
35 * Number of old messages hashes we keep for retransmission.
36 *
37 * In Main Mode, we must ignore messages from a previous message pair if
38 * we already continued to the next. Otherwise a late retransmission
39 * could be considered as a reply to the newer request.
40 */
41 #define MAX_OLD_HASHES 2
42
43 typedef struct exchange_t exchange_t;
44
45 /**
46 * An exchange in the air, used do detect and handle retransmission
47 */
48 struct exchange_t {
49
50 /**
51 * Message ID used for this transaction
52 */
53 u_int32_t mid;
54
55 /**
56 * generated packet for retransmission
57 */
58 packet_t *packet;
59 };
60
61 typedef struct private_task_manager_t private_task_manager_t;
62
63 /**
64 * private data of the task manager
65 */
66 struct private_task_manager_t {
67
68 /**
69 * public functions
70 */
71 task_manager_v1_t public;
72
73 /**
74 * associated IKE_SA we are serving
75 */
76 ike_sa_t *ike_sa;
77
78 /**
79 * RNG to create message IDs
80 */
81 rng_t *rng;
82
83 /**
84 * Exchange we are currently handling as responder
85 */
86 struct {
87 /**
88 * Hash of a previously received message
89 */
90 u_int32_t hash;
91
92 /**
93 * packet for retransmission
94 */
95 packet_t *packet;
96
97 } responding;
98
99 /**
100 * Exchange we are currently handling as initiator
101 */
102 struct {
103 /**
104 * Message ID of the exchange
105 */
106 u_int32_t mid;
107
108 /**
109 * Hashes of old responses we can ignore
110 */
111 u_int32_t old_hashes[MAX_OLD_HASHES];
112
113 /**
114 * Position in old hash array
115 */
116 int old_hash_pos;
117
118 /**
119 * Sequence number of the last sent message
120 */
121 u_int32_t seqnr;
122
123 /**
124 * how many times we have retransmitted so far
125 */
126 u_int retransmitted;
127
128 /**
129 * packet for retransmission
130 */
131 packet_t *packet;
132
133 /**
134 * type of the initated exchange
135 */
136 exchange_type_t type;
137
138 } initiating;
139
140 /**
141 * List of queued tasks not yet in action
142 */
143 linked_list_t *queued_tasks;
144
145 /**
146 * List of active tasks, initiated by ourselve
147 */
148 linked_list_t *active_tasks;
149
150 /**
151 * List of tasks initiated by peer
152 */
153 linked_list_t *passive_tasks;
154
155 /**
156 * Queued messages not yet ready to process
157 */
158 message_t *queued;
159
160 /**
161 * Number of times we retransmit messages before giving up
162 */
163 u_int retransmit_tries;
164
165 /**
166 * Retransmission timeout
167 */
168 double retransmit_timeout;
169
170 /**
171 * Base to calculate retransmission timeout
172 */
173 double retransmit_base;
174 };
175
176 /**
177 * Flush a single task queue
178 */
179 static void flush_queue(private_task_manager_t *this, linked_list_t *list)
180 {
181 task_t *task;
182
183 while (list->remove_last(list, (void**)&task) == SUCCESS)
184 {
185 task->destroy(task);
186 }
187 }
188
189 /**
190 * flush all tasks in the task manager
191 */
192 static void flush(private_task_manager_t *this)
193 {
194 flush_queue(this, this->queued_tasks);
195 flush_queue(this, this->passive_tasks);
196 flush_queue(this, this->active_tasks);
197 }
198
199 /**
200 * move a task of a specific type from the queue to the active list
201 */
202 static bool activate_task(private_task_manager_t *this, task_type_t type)
203 {
204 enumerator_t *enumerator;
205 task_t *task;
206 bool found = FALSE;
207
208 enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
209 while (enumerator->enumerate(enumerator, (void**)&task))
210 {
211 if (task->get_type(task) == type)
212 {
213 DBG2(DBG_IKE, " activating %N task", task_type_names, type);
214 this->queued_tasks->remove_at(this->queued_tasks, enumerator);
215 this->active_tasks->insert_last(this->active_tasks, task);
216 found = TRUE;
217 break;
218 }
219 }
220 enumerator->destroy(enumerator);
221 return found;
222 }
223
224 METHOD(task_manager_t, retransmit, status_t,
225 private_task_manager_t *this, u_int32_t message_seqnr)
226 {
227 /* this.initiating packet used as marker for received response */
228 if (message_seqnr == this->initiating.seqnr && this->initiating.packet )
229 {
230 u_int32_t timeout;
231 packet_t *packet;
232 job_t *job;
233
234 if (this->initiating.retransmitted <= this->retransmit_tries)
235 {
236 timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 *
237 pow(this->retransmit_base, this->initiating.retransmitted));
238 }
239 else
240 {
241 DBG1(DBG_IKE, "giving up after %d retransmits",
242 this->initiating.retransmitted - 1);
243 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
244 {
245 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
246 }
247 return DESTROY_ME;
248 }
249
250 if (this->initiating.retransmitted)
251 {
252 DBG1(DBG_IKE, "retransmit %d of request with message ID %u seqnr (%d)",
253 this->initiating.retransmitted, this->initiating.mid, message_seqnr);
254 }
255 packet = this->initiating.packet->clone(this->initiating.packet);
256 charon->sender->send(charon->sender, packet);
257
258 this->initiating.retransmitted++;
259 job = (job_t*)retransmit_job_create(this->initiating.seqnr,
260 this->ike_sa->get_id(this->ike_sa));
261 lib->scheduler->schedule_job_ms(lib->scheduler, job, timeout);
262 }
263 return SUCCESS;
264 }
265
266 METHOD(task_manager_t, initiate, status_t,
267 private_task_manager_t *this)
268 {
269 enumerator_t *enumerator;
270 task_t *task;
271 message_t *message;
272 host_t *me, *other;
273 status_t status;
274 exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
275 bool new_mid = FALSE;
276 bool expect_response = FALSE;
277
278 if (!this->rng)
279 {
280 DBG1(DBG_IKE, "no RNG supported");
281 return FAILED;
282 }
283
284 if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
285 {
286 DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
287 exchange_type_names, this->initiating.type);
288 /* do not initiate if we already have a message in the air */
289 return SUCCESS;
290 }
291
292 if (this->active_tasks->get_count(this->active_tasks) == 0)
293 {
294 DBG2(DBG_IKE, "activating new tasks");
295 switch (this->ike_sa->get_state(this->ike_sa))
296 {
297 case IKE_CREATED:
298 activate_task(this, TASK_VENDOR_V1);
299 activate_task(this, TASK_IKE_CERT_PRE_V1);
300 if (activate_task(this, TASK_MAIN_MODE))
301 {
302 exchange = ID_PROT;
303 activate_task(this, TASK_IKE_CERT_POST_V1);
304 activate_task(this, TASK_IKE_NATD_V1);
305 }
306 break;
307 case IKE_CONNECTING:
308 if (activate_task(this, TASK_XAUTH))
309 {
310 exchange = TRANSACTION;
311 new_mid = TRUE;
312 }
313 if (activate_task(this, TASK_INFORMATIONAL))
314 {
315 exchange = INFORMATIONAL_V1;
316 new_mid = TRUE;
317 }
318 break;
319 case IKE_ESTABLISHED:
320 if (activate_task(this, TASK_MODE_CONFIG))
321 {
322 exchange = TRANSACTION;
323 new_mid = TRUE;
324 break;
325 }
326 if (activate_task(this, TASK_QUICK_MODE))
327 {
328 exchange = QUICK_MODE;
329 new_mid = TRUE;
330 break;
331 }
332 if (activate_task(this, TASK_INFORMATIONAL))
333 {
334 exchange = INFORMATIONAL_V1;
335 new_mid = TRUE;
336 }
337 if (activate_task(this, TASK_IKE_DELETE))
338 {
339 exchange = INFORMATIONAL_V1;
340 new_mid = TRUE;
341 }
342 if (activate_task(this, TASK_CHILD_DELETE))
343 {
344 exchange = INFORMATIONAL_V1;
345 new_mid = TRUE;
346 }
347 break;
348 default:
349 break;
350 }
351 }
352 else
353 {
354 DBG2(DBG_IKE, "reinitiating already active tasks");
355 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
356 while (enumerator->enumerate(enumerator, (void**)&task))
357 {
358 DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
359 switch (task->get_type(task))
360 {
361 case TASK_MAIN_MODE:
362 exchange = ID_PROT;
363 break;
364 case TASK_QUICK_MODE:
365 exchange = QUICK_MODE;
366 break;
367 case TASK_XAUTH:
368 exchange = TRANSACTION;
369 new_mid = TRUE;
370 break;
371 default:
372 continue;
373 }
374 break;
375 }
376 enumerator->destroy(enumerator);
377 }
378
379 if (exchange == EXCHANGE_TYPE_UNDEFINED)
380 {
381 DBG2(DBG_IKE, "nothing to initiate");
382 /* nothing to do yet... */
383 return SUCCESS;
384 }
385
386 me = this->ike_sa->get_my_host(this->ike_sa);
387 other = this->ike_sa->get_other_host(this->ike_sa);
388
389 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
390 if (new_mid)
391 {
392 this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
393 (void*)&this->initiating.mid);
394 }
395 message->set_message_id(message, this->initiating.mid);
396 message->set_source(message, me->clone(me));
397 message->set_destination(message, other->clone(other));
398 message->set_exchange_type(message, exchange);
399 this->initiating.type = exchange;
400 this->initiating.retransmitted = 0;
401
402 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
403 while (enumerator->enumerate(enumerator, (void*)&task))
404 {
405 switch (task->build(task, message))
406 {
407 case SUCCESS:
408 /* task completed, remove it */
409 this->active_tasks->remove_at(this->active_tasks, enumerator);
410 task->destroy(task);
411 continue;
412 case NEED_MORE:
413 expect_response = TRUE;
414 /* processed, but task needs another exchange */
415 continue;
416 case ALREADY_DONE:
417 flush_queue(this, this->active_tasks);
418 break;
419 case FAILED:
420 default:
421 if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
422 {
423 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
424 }
425 /* FALL */
426 case DESTROY_ME:
427 /* critical failure, destroy IKE_SA */
428 enumerator->destroy(enumerator);
429 message->destroy(message);
430 flush(this);
431 return DESTROY_ME;
432 }
433 break;
434 }
435 enumerator->destroy(enumerator);
436
437 if (this->active_tasks->get_count(this->active_tasks) == 0)
438 { /* tasks completed, no exchange active anymore */
439 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
440 }
441 this->initiating.seqnr++;
442
443 status = this->ike_sa->generate_message(this->ike_sa, message,
444 &this->initiating.packet);
445 if (status != SUCCESS)
446 {
447 /* message generation failed. There is nothing more to do than to
448 * close the SA */
449 message->destroy(message);
450 flush(this);
451 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
452 return DESTROY_ME;
453 }
454 message->destroy(message);
455
456 if (expect_response)
457 {
458 return retransmit(this, this->initiating.seqnr);
459 }
460 charon->sender->send(charon->sender,
461 this->initiating.packet->clone(this->initiating.packet));
462 this->initiating.packet->destroy(this->initiating.packet);
463 this->initiating.packet = NULL;
464
465 /* close after sending an INFORMATIONAL error but not yet established */
466 if (exchange == INFORMATIONAL_V1 &&
467 this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING)
468 {
469 return FAILED;
470 }
471 return SUCCESS;
472 }
473
474 /**
475 * handle exchange collisions
476 */
477 static bool handle_collisions(private_task_manager_t *this, task_t *task)
478 {
479 return FALSE;
480 }
481
482 /**
483 * build a response depending on the "passive" task list
484 */
485 static status_t build_response(private_task_manager_t *this, message_t *request)
486 {
487 enumerator_t *enumerator;
488 task_t *task;
489 message_t *message;
490 host_t *me, *other;
491 bool delete = FALSE;
492 status_t status;
493
494 me = request->get_destination(request);
495 other = request->get_source(request);
496
497 message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
498 message->set_exchange_type(message, request->get_exchange_type(request));
499 /* send response along the path the request came in */
500 message->set_source(message, me->clone(me));
501 message->set_destination(message, other->clone(other));
502 message->set_message_id(message, request->get_message_id(request));
503 message->set_request(message, FALSE);
504
505 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
506 while (enumerator->enumerate(enumerator, (void*)&task))
507 {
508 switch (task->build(task, message))
509 {
510 case SUCCESS:
511 /* task completed, remove it */
512 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
513 if (!handle_collisions(this, task))
514 {
515 task->destroy(task);
516 }
517 continue;
518 case NEED_MORE:
519 /* processed, but task needs another exchange */
520 if (handle_collisions(this, task))
521 {
522 this->passive_tasks->remove_at(this->passive_tasks,
523 enumerator);
524 }
525 continue;
526 case ALREADY_DONE:
527 flush_queue(this, this->passive_tasks);
528 break;
529 case FAILED:
530 default:
531 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
532 /* FALL */
533 case DESTROY_ME:
534 /* destroy IKE_SA, but SEND response first */
535 delete = TRUE;
536 break;
537 }
538 break;
539 }
540 enumerator->destroy(enumerator);
541
542 /* message complete, send it */
543 DESTROY_IF(this->responding.packet);
544 this->responding.packet = NULL;
545 status = this->ike_sa->generate_message(this->ike_sa, message,
546 &this->responding.packet);
547 message->destroy(message);
548 if (status != SUCCESS)
549 {
550 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
551 return DESTROY_ME;
552 }
553
554 charon->sender->send(charon->sender,
555 this->responding.packet->clone(this->responding.packet));
556 if (delete)
557 {
558 return DESTROY_ME;
559 }
560 return SUCCESS;
561 }
562
563 /**
564 * Send a notify in a separate INFORMATIONAL exchange back to the sender.
565 * The notify protocol_id is set to ISAKMP
566 */
567 static void send_notify(private_task_manager_t *this, message_t *request,
568 notify_type_t type)
569 {
570 message_t *response;
571 packet_t *packet;
572 host_t *me, *other;
573 u_int32_t mid;
574
575 if (request && request->get_exchange_type(request) == INFORMATIONAL_V1)
576 { /* don't respond to INFORMATIONAL requests to avoid a notify war */
577 DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
578 return;
579 }
580
581 response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
582 response->set_exchange_type(response, INFORMATIONAL_V1);
583 response->set_request(response, TRUE);
584 this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid);
585 response->set_message_id(response, mid);
586 response->add_payload(response, (payload_t*)
587 notify_payload_create_from_protocol_and_type(NOTIFY_V1,
588 PROTO_IKE, type));
589
590 me = this->ike_sa->get_my_host(this->ike_sa);
591 if (me->is_anyaddr(me))
592 {
593 me = request->get_destination(request);
594 this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
595 }
596 other = this->ike_sa->get_other_host(this->ike_sa);
597 if (other->is_anyaddr(other))
598 {
599 other = request->get_source(request);
600 this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
601 }
602 response->set_source(response, me->clone(me));
603 response->set_destination(response, other->clone(other));
604 if (this->ike_sa->generate_message(this->ike_sa, response,
605 &packet) == SUCCESS)
606 {
607 charon->sender->send(charon->sender, packet);
608 }
609 response->destroy(response);
610 }
611
612 /**
613 * handle an incoming request message
614 */
615 static status_t process_request(private_task_manager_t *this,
616 message_t *message)
617 {
618 enumerator_t *enumerator;
619 task_t *task = NULL;
620 bool send_response = FALSE;
621
622 if (this->passive_tasks->get_count(this->passive_tasks) == 0)
623 { /* create tasks depending on request type, if not already some queued */
624 switch (message->get_exchange_type(message))
625 {
626 case ID_PROT:
627 task = (task_t *)ike_vendor_v1_create(this->ike_sa, FALSE);
628 this->passive_tasks->insert_last(this->passive_tasks, task);
629 task = (task_t*)ike_cert_pre_v1_create(this->ike_sa, FALSE);
630 this->passive_tasks->insert_last(this->passive_tasks, task);
631 task = (task_t *)main_mode_create(this->ike_sa, FALSE);
632 this->passive_tasks->insert_last(this->passive_tasks, task);
633 task = (task_t*)ike_cert_post_v1_create(this->ike_sa, FALSE);
634 this->passive_tasks->insert_last(this->passive_tasks, task);
635 task = (task_t *)ike_natd_v1_create(this->ike_sa, FALSE);
636 this->passive_tasks->insert_last(this->passive_tasks, task);
637 break;
638 case AGGRESSIVE:
639 /* TODO-IKEv1: agressive mode */
640 return FAILED;
641 case QUICK_MODE:
642 if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
643 {
644 DBG1(DBG_IKE, "received quick mode request for "
645 "unestablished IKE_SA, ignored");
646 return FAILED;
647 }
648 task = (task_t *)quick_mode_create(this->ike_sa, NULL,
649 NULL, NULL);
650 this->passive_tasks->insert_last(this->passive_tasks, task);
651 break;
652 case INFORMATIONAL_V1:
653 task = (task_t *)informational_create(this->ike_sa, NULL);
654 this->passive_tasks->insert_last(this->passive_tasks, task);
655 break;
656 case TRANSACTION:
657 if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
658 {
659 task = (task_t *)mode_config_create(this->ike_sa, FALSE);
660 }
661 else
662 {
663 task = (task_t *)xauth_create(this->ike_sa, FALSE);
664 }
665 this->passive_tasks->insert_last(this->passive_tasks, task);
666 break;
667 default:
668 return FAILED;
669 }
670 }
671 /* let the tasks process the message */
672 enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
673 while (enumerator->enumerate(enumerator, (void*)&task))
674 {
675 switch (task->process(task, message))
676 {
677 case SUCCESS:
678 /* task completed, remove it */
679 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
680 task->destroy(task);
681 continue;
682 case NEED_MORE:
683 /* processed, but task needs at least another call to build() */
684 send_response = TRUE;
685 continue;
686 case ALREADY_DONE:
687 send_response = FALSE;
688 flush_queue(this, this->passive_tasks);
689 break;
690 case FAILED:
691 default:
692 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
693 /* FALL */
694 case DESTROY_ME:
695 /* critical failure, destroy IKE_SA */
696 this->passive_tasks->remove_at(this->passive_tasks, enumerator);
697 enumerator->destroy(enumerator);
698 task->destroy(task);
699 return DESTROY_ME;
700 }
701 break;
702 }
703 enumerator->destroy(enumerator);
704
705 if (send_response)
706 {
707 if (build_response(this, message) != SUCCESS)
708 {
709 return DESTROY_ME;
710 }
711 }
712 else
713 { /* We don't send a response, so don't retransmit one if we get
714 * the same message again. */
715 DESTROY_IF(this->responding.packet);
716 this->responding.packet = NULL;
717 }
718 if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
719 this->queued_tasks->get_count(this->queued_tasks) > 0)
720 {
721 /* passive tasks completed, check if an active task has been queued,
722 * such as XAUTH or modeconfig push */
723 return initiate(this);
724 }
725 return SUCCESS;
726 }
727
728 /**
729 * handle an incoming response message
730 */
731 static status_t process_response(private_task_manager_t *this,
732 message_t *message)
733 {
734 enumerator_t *enumerator;
735 status_t status;
736 task_t *task;
737
738 if (message->get_exchange_type(message) != this->initiating.type)
739 {
740 DBG1(DBG_IKE, "received %N response, but expected %N",
741 exchange_type_names, message->get_exchange_type(message),
742 exchange_type_names, this->initiating.type);
743 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
744 return DESTROY_ME;
745 }
746
747 enumerator = this->active_tasks->create_enumerator(this->active_tasks);
748 while (enumerator->enumerate(enumerator, (void*)&task))
749 {
750 switch (task->process(task, message))
751 {
752 case SUCCESS:
753 /* task completed, remove it */
754 this->active_tasks->remove_at(this->active_tasks, enumerator);
755 task->destroy(task);
756 continue;
757 case NEED_MORE:
758 /* processed, but task needs another exchange */
759 continue;
760 case ALREADY_DONE:
761 flush_queue(this, this->active_tasks);
762 break;
763 case FAILED:
764 default:
765 charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
766 /* FALL */
767 case DESTROY_ME:
768 /* critical failure, destroy IKE_SA */
769 this->active_tasks->remove_at(this->active_tasks, enumerator);
770 enumerator->destroy(enumerator);
771 task->destroy(task);
772 return DESTROY_ME;
773 }
774 break;
775 }
776 enumerator->destroy(enumerator);
777
778 this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
779 this->initiating.packet->destroy(this->initiating.packet);
780 this->initiating.packet = NULL;
781
782 if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0)
783 {
784 status = this->public.task_manager.process_message(
785 &this->public.task_manager, this->queued);
786 this->queued->destroy(this->queued);
787 this->queued = NULL;
788 if (status == DESTROY_ME)
789 {
790 return status;
791 }
792 }
793
794 return initiate(this);
795 }
796
797 /**
798 * Parse the given message and verify that it is valid.
799 */
800 static status_t parse_message(private_task_manager_t *this, message_t *msg)
801 {
802 status_t status;
803
804 status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
805
806 if (status != SUCCESS)
807 {
808 switch (status)
809 {
810 case NOT_SUPPORTED:
811 DBG1(DBG_IKE, "unsupported exchange type");
812 send_notify(this, msg, INVALID_EXCHANGE_TYPE);
813 break;
814 case PARSE_ERROR:
815 DBG1(DBG_IKE, "message parsing failed");
816 send_notify(this, msg, PAYLOAD_MALFORMED);
817 break;
818 case VERIFY_ERROR:
819 DBG1(DBG_IKE, "message verification failed");
820 send_notify(this, msg, PAYLOAD_MALFORMED);
821 break;
822 case FAILED:
823 DBG1(DBG_IKE, "integrity check failed");
824 send_notify(this, msg, INVALID_HASH_INFORMATION);
825 break;
826 case INVALID_STATE:
827 DBG1(DBG_IKE, "found encrypted message, but no keys available");
828 send_notify(this, msg, PAYLOAD_MALFORMED);
829 default:
830 break;
831 }
832 DBG1(DBG_IKE, "%N %s with message ID %u processing failed",
833 exchange_type_names, msg->get_exchange_type(msg),
834 msg->get_request(msg) ? "request" : "response",
835 msg->get_message_id(msg));
836
837 if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
838 { /* invalid initiation attempt, close SA */
839 return DESTROY_ME;
840 }
841 }
842 return status;
843 }
844
845 METHOD(task_manager_t, process_message, status_t,
846 private_task_manager_t *this, message_t *msg)
847 {
848 u_int32_t hash, mid, i;
849 host_t *me, *other;
850 status_t status;
851
852 /* TODO-IKEv1: update hosts more selectively */
853 me = msg->get_destination(msg);
854 other = msg->get_source(msg);
855 mid = msg->get_message_id(msg);
856 hash = chunk_hash(msg->get_packet_data(msg));
857 for (i = 0; i < MAX_OLD_HASHES; i++)
858 {
859 if (this->initiating.old_hashes[i] == hash)
860 {
861 DBG1(DBG_IKE, "received retransmit of response with ID %u, "
862 "but next request already sent", mid);
863 return SUCCESS;
864 }
865 }
866
867 if ((mid && mid == this->initiating.mid) ||
868 (this->initiating.mid == 0 &&
869 msg->get_exchange_type(msg) == this->initiating.type &&
870 this->active_tasks->get_count(this->active_tasks)))
871 {
872 msg->set_request(msg, FALSE);
873 status = parse_message(this, msg);
874 if (status != SUCCESS)
875 {
876 return status;
877 }
878 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
879 time_monotonic(NULL));
880 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
881 charon->bus->message(charon->bus, msg, FALSE);
882 if (process_response(this, msg) != SUCCESS)
883 {
884 flush(this);
885 return DESTROY_ME;
886 }
887 this->initiating.old_hashes[(this->initiating.old_hash_pos++) %
888 MAX_OLD_HASHES] = hash;
889 }
890 else
891 {
892 if (hash == this->responding.hash)
893 {
894 if (this->responding.packet)
895 {
896 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
897 "retransmitting response", mid);
898 charon->sender->send(charon->sender,
899 this->responding.packet->clone(this->responding.packet));
900 }
901 else
902 {
903 DBG1(DBG_IKE, "received retransmit of request with ID %u, "
904 "but no response to retransmit", mid);
905 }
906 return SUCCESS;
907 }
908 if (msg->get_exchange_type(msg) == TRANSACTION &&
909 this->active_tasks->get_count(this->active_tasks) &&
910 !this->queued)
911 { /* main mode not yet complete, queue XAuth/Mode config tasks */
912 this->queued = message_create_from_packet(msg->get_packet(msg));
913 if (this->queued->parse_header(this->queued) != SUCCESS)
914 {
915 this->queued->destroy(this->queued);
916 this->queued = NULL;
917 return FAILED;
918 }
919 DBG1(DBG_IKE, "queueing %N request as tasks still active",
920 exchange_type_names, TRANSACTION);
921 return SUCCESS;
922 }
923
924 msg->set_request(msg, TRUE);
925 status = parse_message(this, msg);
926 if (status != SUCCESS)
927 {
928 return status;
929 }
930 /* if this IKE_SA is virgin, we check for a config */
931 if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
932 {
933 ike_sa_id_t *ike_sa_id;
934 ike_cfg_t *ike_cfg;
935 job_t *job;
936 ike_cfg = charon->backends->get_ike_cfg(charon->backends, me, other);
937 if (ike_cfg == NULL)
938 {
939 /* no config found for these hosts, destroy */
940 DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
941 me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
942 send_notify(this, msg, NO_PROPOSAL_CHOSEN);
943 return DESTROY_ME;
944 }
945 this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
946 ike_cfg->destroy(ike_cfg);
947 /* add a timeout if peer does not establish it completely */
948 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
949 job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
950 lib->scheduler->schedule_job(lib->scheduler, job,
951 lib->settings->get_int(lib->settings,
952 "charon.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT));
953 }
954 this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
955 time_monotonic(NULL));
956 this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
957 charon->bus->message(charon->bus, msg, TRUE);
958 if (process_request(this, msg) != SUCCESS)
959 {
960 flush(this);
961 return DESTROY_ME;
962 }
963 this->responding.hash = hash;
964 }
965 return SUCCESS;
966 }
967
968 METHOD(task_manager_t, queue_task, void,
969 private_task_manager_t *this, task_t *task)
970 {
971 DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
972 this->queued_tasks->insert_last(this->queued_tasks, task);
973 }
974
975 METHOD(task_manager_t, adopt_tasks, void,
976 private_task_manager_t *this, task_manager_t *other_public)
977 {
978 private_task_manager_t *other = (private_task_manager_t*)other_public;
979 task_t *task;
980
981 /* move queued tasks from other to this */
982 while (other->queued_tasks->remove_last(other->queued_tasks,
983 (void**)&task) == SUCCESS)
984 {
985 DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
986 task->migrate(task, this->ike_sa);
987 this->queued_tasks->insert_first(this->queued_tasks, task);
988 }
989 }
990
991 METHOD(task_manager_t, busy, bool,
992 private_task_manager_t *this)
993 {
994 return (this->active_tasks->get_count(this->active_tasks) > 0);
995 }
996
997 METHOD(task_manager_t, incr_mid, void,
998 private_task_manager_t *this, bool initiate)
999 {
1000 }
1001
1002 METHOD(task_manager_t, reset, void,
1003 private_task_manager_t *this, u_int32_t initiate, u_int32_t respond)
1004 {
1005 }
1006
1007 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
1008 private_task_manager_t *this, task_queue_t queue)
1009 {
1010 switch (queue)
1011 {
1012 case TASK_QUEUE_ACTIVE:
1013 return this->active_tasks->create_enumerator(this->active_tasks);
1014 case TASK_QUEUE_PASSIVE:
1015 return this->passive_tasks->create_enumerator(this->passive_tasks);
1016 case TASK_QUEUE_QUEUED:
1017 return this->queued_tasks->create_enumerator(this->queued_tasks);
1018 default:
1019 return enumerator_create_empty();
1020 }
1021 }
1022
1023 METHOD(task_manager_t, destroy, void,
1024 private_task_manager_t *this)
1025 {
1026 flush(this);
1027
1028 this->active_tasks->destroy(this->active_tasks);
1029 this->queued_tasks->destroy(this->queued_tasks);
1030 this->passive_tasks->destroy(this->passive_tasks);
1031
1032 DESTROY_IF(this->queued);
1033 DESTROY_IF(this->responding.packet);
1034 DESTROY_IF(this->initiating.packet);
1035 DESTROY_IF(this->rng);
1036 free(this);
1037 }
1038
1039 /*
1040 * see header file
1041 */
1042 task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
1043 {
1044 private_task_manager_t *this;
1045
1046 INIT(this,
1047 .public = {
1048 .task_manager = {
1049 .process_message = _process_message,
1050 .queue_task = _queue_task,
1051 .initiate = _initiate,
1052 .retransmit = _retransmit,
1053 .incr_mid = _incr_mid,
1054 .reset = _reset,
1055 .adopt_tasks = _adopt_tasks,
1056 .busy = _busy,
1057 .create_task_enumerator = _create_task_enumerator,
1058 .destroy = _destroy,
1059 },
1060 },
1061 .ike_sa = ike_sa,
1062 .initiating.type = EXCHANGE_TYPE_UNDEFINED,
1063 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
1064 .queued_tasks = linked_list_create(),
1065 .active_tasks = linked_list_create(),
1066 .passive_tasks = linked_list_create(),
1067 .retransmit_tries = lib->settings->get_int(lib->settings,
1068 "charon.retransmit_tries", RETRANSMIT_TRIES),
1069 .retransmit_timeout = lib->settings->get_double(lib->settings,
1070 "charon.retransmit_timeout", RETRANSMIT_TIMEOUT),
1071 .retransmit_base = lib->settings->get_double(lib->settings,
1072 "charon.retransmit_base", RETRANSMIT_BASE),
1073 );
1074
1075 return &this->public;
1076 }