projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixed compiler warnings for endpoint_notify_t.
[strongswan.git] / src / libcharon / sa / tasks / ike_me.c
1 /*
2 * Copyright (C) 2007-2008 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "ike_me.h"
17
18 #include <string.h>
19
20 #include <hydra.h>
21 #include <daemon.h>
22 #include <config/peer_cfg.h>
23 #include <encoding/payloads/id_payload.h>
24 #include <encoding/payloads/notify_payload.h>
25 #include <encoding/payloads/endpoint_notify.h>
26 #include <processing/jobs/mediation_job.h>
27
28 #define ME_CONNECTID_LEN 4
29 #define ME_CONNECTKEY_LEN 16
30
31 typedef struct private_ike_me_t private_ike_me_t;
32
33 /**
34 * Private members of a ike_me_t task.
35 */
36 struct private_ike_me_t {
37
38 /**
39 * Public methods and task_t interface.
40 */
41 ike_me_t public;
42
43 /**
44 * Assigned IKE_SA.
45 */
46 ike_sa_t *ike_sa;
47
48 /**
49 * Are we the initiator?
50 */
51 bool initiator;
52
53 /**
54 * Is this a mediation connection?
55 */
56 bool mediation;
57
58 /**
59 * Is this the response from another peer?
60 */
61 bool response;
62
63 /**
64 * Gathered endpoints
65 */
66 linked_list_t *local_endpoints;
67
68 /**
69 * Parsed endpoints
70 */
71 linked_list_t *remote_endpoints;
72
73 /**
74 * Did the peer request a callback?
75 */
76 bool callback;
77
78 /**
79 * Did the connect fail?
80 */
81 bool failed;
82
83 /**
84 * Was there anything wrong with the payloads?
85 */
86 bool invalid_syntax;
87
88 /**
89 * The requested peer
90 */
91 identification_t *peer_id;
92 /**
93 * Received ID used for connectivity checks
94 */
95 chunk_t connect_id;
96
97 /**
98 * Received key used for connectivity checks
99 */
100 chunk_t connect_key;
101
102 /**
103 * Peer config of the mediated connection
104 */
105 peer_cfg_t *mediated_cfg;
106
107 };
108
109 /**
110 * Adds a list of endpoints as notifies to a given message
111 */
112 static void add_endpoints_to_message(message_t *message, linked_list_t *endpoints)
113 {
114 enumerator_t *enumerator;
115 endpoint_notify_t *endpoint;
116
117 enumerator = endpoints->create_enumerator(endpoints);
118 while (enumerator->enumerate(enumerator, (void**)&endpoint))
119 {
120 message->add_payload(message, (payload_t*)endpoint->build_notify(endpoint));
121 }
122 enumerator->destroy(enumerator);
123 }
124
125 /**
126 * Gathers endpoints and adds them to the current message
127 */
128 static void gather_and_add_endpoints(private_ike_me_t *this, message_t *message)
129 {
130 enumerator_t *enumerator;
131 host_t *addr, *host;
132 u_int16_t port;
133
134 /* get the port that is used to communicate with the ms */
135 host = this->ike_sa->get_my_host(this->ike_sa);
136 port = host->get_port(host);
137
138 enumerator = hydra->kernel_interface->create_address_enumerator(
139 hydra->kernel_interface, FALSE, FALSE);
140 while (enumerator->enumerate(enumerator, (void**)&addr))
141 {
142 host = addr->clone(addr);
143 host->set_port(host, port);
144
145 this->local_endpoints->insert_last(this->local_endpoints,
146 endpoint_notify_create_from_host(HOST, host, NULL));
147
148 host->destroy(host);
149 }
150 enumerator->destroy(enumerator);
151
152 host = this->ike_sa->get_server_reflexive_host(this->ike_sa);
153 if (host)
154 {
155 this->local_endpoints->insert_last(this->local_endpoints,
156 endpoint_notify_create_from_host(SERVER_REFLEXIVE, host,
157 this->ike_sa->get_my_host(this->ike_sa)));
158 }
159
160 add_endpoints_to_message(message, this->local_endpoints);
161 }
162
163 /**
164 * read notifys from message and evaluate them
165 */
166 static void process_payloads(private_ike_me_t *this, message_t *message)
167 {
168 enumerator_t *enumerator;
169 payload_t *payload;
170
171 enumerator = message->create_payload_enumerator(message);
172 while (enumerator->enumerate(enumerator, &payload))
173 {
174 if (payload->get_type(payload) != NOTIFY)
175 {
176 continue;
177 }
178
179 notify_payload_t *notify = (notify_payload_t*)payload;
180
181 switch (notify->get_notify_type(notify))
182 {
183 case ME_CONNECT_FAILED:
184 {
185 DBG2(DBG_IKE, "received ME_CONNECT_FAILED notify");
186 this->failed = TRUE;
187 break;
188 }
189 case ME_MEDIATION:
190 {
191 DBG2(DBG_IKE, "received ME_MEDIATION notify");
192 this->mediation = TRUE;
193 break;
194 }
195 case ME_ENDPOINT:
196 {
197 endpoint_notify_t *endpoint;
198 endpoint = endpoint_notify_create_from_payload(notify);
199 if (!endpoint)
200 {
201 DBG1(DBG_IKE, "received invalid ME_ENDPOINT notify");
202 break;
203 }
204 DBG1(DBG_IKE, "received %N ME_ENDPOINT %#H",
205 me_endpoint_type_names, endpoint->get_type(endpoint),
206 endpoint->get_host(endpoint));
207
208 this->remote_endpoints->insert_last(this->remote_endpoints,
209 endpoint);
210 break;
211 }
212 case ME_CALLBACK:
213 {
214 DBG2(DBG_IKE, "received ME_CALLBACK notify");
215 this->callback = TRUE;
216 break;
217 }
218 case ME_CONNECTID:
219 {
220 chunk_free(&this->connect_id);
221 this->connect_id = chunk_clone(notify->get_notification_data(notify));
222 DBG2(DBG_IKE, "received ME_CONNECTID %#B", &this->connect_id);
223 break;
224 }
225 case ME_CONNECTKEY:
226 {
227 chunk_free(&this->connect_key);
228 this->connect_key = chunk_clone(notify->get_notification_data(notify));
229 DBG4(DBG_IKE, "received ME_CONNECTKEY %#B", &this->connect_key);
230 break;
231 }
232 case ME_RESPONSE:
233 {
234 DBG2(DBG_IKE, "received ME_RESPONSE notify");
235 this->response = TRUE;
236 break;
237 }
238 default:
239 break;
240 }
241 }
242 enumerator->destroy(enumerator);
243 }
244
245 METHOD(task_t, build_i, status_t,
246 private_ike_me_t *this, message_t *message)
247 {
248 switch(message->get_exchange_type(message))
249 {
250 case IKE_SA_INIT:
251 {
252 peer_cfg_t *peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
253 if (peer_cfg->is_mediation(peer_cfg))
254 {
255 DBG2(DBG_IKE, "adding ME_MEDIATION");
256 message->add_notify(message, FALSE, ME_MEDIATION, chunk_empty);
257 }
258 else
259 {
260 return SUCCESS;
261 }
262 break;
263 }
264 case IKE_AUTH:
265 {
266 if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
267 {
268 endpoint_notify_t *endpoint;
269 endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE,
270 NULL, NULL);
271 message->add_payload(message, (payload_t*)endpoint->build_notify(endpoint));
272 endpoint->destroy(endpoint);
273 }
274 break;
275 }
276 case ME_CONNECT:
277 {
278 rng_t *rng;
279 id_payload_t *id_payload;
280 id_payload = id_payload_create_from_identification(ID_PEER,
281 this->peer_id);
282 message->add_payload(message, (payload_t*)id_payload);
283
284 rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
285 if (!rng)
286 {
287 DBG1(DBG_IKE, "unable to generate connect ID for ME_CONNECT");
288 return FAILED;
289 }
290 if (!this->response)
291 {
292 /* only the initiator creates a connect ID. the responder
293 * returns the connect ID that it received from the initiator */
294 rng->allocate_bytes(rng, ME_CONNECTID_LEN, &this->connect_id);
295 }
296 rng->allocate_bytes(rng, ME_CONNECTKEY_LEN, &this->connect_key);
297 rng->destroy(rng);
298
299 message->add_notify(message, FALSE, ME_CONNECTID, this->connect_id);
300 message->add_notify(message, FALSE, ME_CONNECTKEY, this->connect_key);
301
302 if (this->response)
303 {
304 message->add_notify(message, FALSE, ME_RESPONSE, chunk_empty);
305 }
306 else
307 {
308 /* FIXME: should we make this configurable? */
309 message->add_notify(message, FALSE, ME_CALLBACK, chunk_empty);
310 }
311
312 gather_and_add_endpoints(this, message);
313
314 break;
315 }
316 default:
317 break;
318 }
319 return NEED_MORE;
320 }
321
322 METHOD(task_t, process_r, status_t,
323 private_ike_me_t *this, message_t *message)
324 {
325 switch(message->get_exchange_type(message))
326 {
327 case ME_CONNECT:
328 {
329 id_payload_t *id_payload;
330 id_payload = (id_payload_t*)message->get_payload(message, ID_PEER);
331 if (!id_payload)
332 {
333 DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload"
334 ", aborting");
335 break;
336 }
337 this->peer_id = id_payload->get_identification(id_payload);
338
339 process_payloads(this, message);
340
341 if (this->callback)
342 {
343 DBG1(DBG_IKE, "received ME_CALLBACK for '%Y'", this->peer_id);
344 break;
345 }
346
347 if (!this->connect_id.ptr)
348 {
349 DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify"
350 ", aborting");
351 this->invalid_syntax = TRUE;
352 break;
353 }
354
355 if (!this->connect_key.ptr)
356 {
357 DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY "
358 "notify, aborting");
359 this->invalid_syntax = TRUE;
360 break;
361 }
362
363 if (!this->remote_endpoints->get_count(this->remote_endpoints))
364 {
365 DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT "
366 "payloads, aborting");
367 this->invalid_syntax = TRUE;
368 break;
369 }
370
371 DBG1(DBG_IKE, "received ME_CONNECT");
372 break;
373 }
374 default:
375 break;
376 }
377 return NEED_MORE;
378 }
379
380 METHOD(task_t, build_r, status_t,
381 private_ike_me_t *this, message_t *message)
382 {
383 switch(message->get_exchange_type(message))
384 {
385 case ME_CONNECT:
386 {
387 if (this->invalid_syntax)
388 {
389 message->add_notify(message, TRUE, INVALID_SYNTAX, chunk_empty);
390 break;
391 }
392
393 if (this->callback)
394 {
395 /* we got a callback from the mediation server, initiate the
396 * queued mediated connecction */
397 charon->connect_manager->check_and_initiate(
398 charon->connect_manager,
399 this->ike_sa->get_id(this->ike_sa),
400 this->ike_sa->get_my_id(this->ike_sa), this->peer_id);
401 return SUCCESS;
402 }
403
404 if (this->response)
405 {
406 /* FIXME: handle result of set_responder_data
407 * as initiator, upon receiving a response from another peer,
408 * update the checklist and start sending checks */
409 charon->connect_manager->set_responder_data(
410 charon->connect_manager,
411 this->connect_id, this->connect_key,
412 this->remote_endpoints);
413 }
414 else
415 {
416 /* FIXME: handle result of set_initiator_data
417 * as responder, create a checklist with the initiator's data */
418 charon->connect_manager->set_initiator_data(
419 charon->connect_manager,
420 this->peer_id, this->ike_sa->get_my_id(this->ike_sa),
421 this->connect_id, this->connect_key,
422 this->remote_endpoints, FALSE);
423 if (this->ike_sa->respond(this->ike_sa, this->peer_id,
424 this->connect_id) != SUCCESS)
425 {
426 return FAILED;
427 }
428 }
429 break;
430 }
431 default:
432 break;
433 }
434 return SUCCESS;
435 }
436
437 METHOD(task_t, process_i, status_t,
438 private_ike_me_t *this, message_t *message)
439 {
440 switch(message->get_exchange_type(message))
441 {
442 case IKE_SA_INIT:
443 {
444 process_payloads(this, message);
445 if (!this->mediation)
446 {
447 DBG1(DBG_IKE, "server did not return a ME_MEDIATION, aborting");
448 return FAILED;
449 }
450 /* if we are on a mediation connection we switch to port 4500 even
451 * if no NAT is detected. */
452 this->ike_sa->float_ports(this->ike_sa);
453 return NEED_MORE;
454 }
455 case IKE_AUTH:
456 {
457 process_payloads(this, message);
458 /* FIXME: we should update the server reflexive endpoint somehow,
459 * if mobike notices a change */
460 endpoint_notify_t *reflexive;
461 if (this->remote_endpoints->get_first(this->remote_endpoints,
462 (void**)&reflexive) == SUCCESS &&
463 reflexive->get_type(reflexive) == SERVER_REFLEXIVE)
464 { /* FIXME: should we accept this endpoint even if we did not send
465 * a request? */
466 host_t *endpoint = reflexive->get_host(reflexive);
467 endpoint = endpoint->clone(endpoint);
468 this->ike_sa->set_server_reflexive_host(this->ike_sa, endpoint);
469 }
470 break;
471 }
472 case ME_CONNECT:
473 {
474 process_payloads(this, message);
475
476 if (this->failed)
477 {
478 DBG1(DBG_IKE, "peer '%Y' is not online", this->peer_id);
479 /* FIXME: notify the mediated connection (job?) */
480 }
481 else
482 {
483 if (this->response)
484 {
485 /* FIXME: handle result of set_responder_data. */
486 /* as responder, we update the checklist and start sending
487 * checks */
488 charon->connect_manager->set_responder_data(
489 charon->connect_manager, this->connect_id,
490 this->connect_key, this->local_endpoints);
491 }
492 else
493 {
494 /* FIXME: handle result of set_initiator_data */
495 /* as initiator, we create a checklist and set the
496 * initiator's data */
497 charon->connect_manager->set_initiator_data(
498 charon->connect_manager,
499 this->ike_sa->get_my_id(this->ike_sa),
500 this->peer_id, this->connect_id, this->connect_key,
501 this->local_endpoints, TRUE);
502 /* FIXME: also start a timer for the whole transaction
503 * (maybe within the connect_manager?) */
504 }
505 }
506 break;
507 }
508 default:
509 break;
510 }
511 return SUCCESS;
512 }
513
514 /**
515 * For mediation server
516 */
517 METHOD(task_t, build_i_ms, status_t,
518 private_ike_me_t *this, message_t *message)
519 {
520 switch(message->get_exchange_type(message))
521 {
522 case ME_CONNECT:
523 {
524 id_payload_t *id_payload;
525 id_payload = id_payload_create_from_identification(ID_PEER,
526 this->peer_id);
527 message->add_payload(message, (payload_t*)id_payload);
528
529 if (this->callback)
530 {
531 message->add_notify(message, FALSE, ME_CALLBACK, chunk_empty);
532 }
533 else
534 {
535 if (this->response)
536 {
537 message->add_notify(message, FALSE, ME_RESPONSE,
538 chunk_empty);
539 }
540 message->add_notify(message, FALSE, ME_CONNECTID,
541 this->connect_id);
542 message->add_notify(message, FALSE, ME_CONNECTKEY,
543 this->connect_key);
544 add_endpoints_to_message(message, this->remote_endpoints);
545 }
546 break;
547 }
548 default:
549 break;
550 }
551 return NEED_MORE;
552 }
553
554 /**
555 * For mediation server
556 */
557 METHOD(task_t, process_r_ms, status_t,
558 private_ike_me_t *this, message_t *message)
559 {
560 switch(message->get_exchange_type(message))
561 {
562 case IKE_SA_INIT:
563 {
564 /* FIXME: we should check for SA* and TS* payloads. if there are
565 * any, send NO_ADDITIONAL_SAS back and delete this SA */
566 process_payloads(this, message);
567 return this->mediation ? NEED_MORE : SUCCESS;
568 }
569 case IKE_AUTH:
570 {
571 /* FIXME: we should check whether the current peer_config is
572 * configured as mediation connection */
573 process_payloads(this, message);
574 break;
575 }
576 case CREATE_CHILD_SA:
577 {
578 /* FIXME: if this is not to rekey the IKE SA we have to return a
579 * NO_ADDITIONAL_SAS and then delete the SA */
580 break;
581 }
582 case ME_CONNECT:
583 {
584 id_payload_t *id_payload;
585 id_payload = (id_payload_t*)message->get_payload(message, ID_PEER);
586 if (!id_payload)
587 {
588 DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload"
589 ", aborting");
590 this->invalid_syntax = TRUE;
591 break;
592 }
593 this->peer_id = id_payload->get_identification(id_payload);
594
595 process_payloads(this, message);
596
597 if (!this->connect_id.ptr)
598 {
599 DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify"
600 ", aborting");
601 this->invalid_syntax = TRUE;
602 break;
603 }
604
605 if (!this->connect_key.ptr)
606 {
607 DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify"
608 ", aborting");
609 this->invalid_syntax = TRUE;
610 break;
611 }
612
613 if (!this->remote_endpoints->get_count(this->remote_endpoints))
614 {
615 DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT "
616 "payloads, aborting");
617 this->invalid_syntax = TRUE;
618 break;
619 }
620 break;
621 }
622 default:
623 break;
624 }
625 return NEED_MORE;
626 }
627
628 /**
629 * For mediation server
630 */
631 METHOD(task_t, build_r_ms, status_t,
632 private_ike_me_t *this, message_t *message)
633 {
634 switch(message->get_exchange_type(message))
635 {
636 case IKE_SA_INIT:
637 {
638 message->add_notify(message, FALSE, ME_MEDIATION, chunk_empty);
639 return NEED_MORE;
640 }
641 case IKE_AUTH:
642 {
643 endpoint_notify_t *endpoint;
644 if (this->remote_endpoints->get_first(this->remote_endpoints,
645 (void**)&endpoint) == SUCCESS &&
646 endpoint->get_type(endpoint) == SERVER_REFLEXIVE)
647 {
648 host_t *host = this->ike_sa->get_other_host(this->ike_sa);
649 DBG2(DBG_IKE, "received request for a server reflexive "
650 "endpoint sending: %#H", host);
651 endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE,
652 host, NULL);
653 message->add_payload(message, (payload_t*)endpoint->build_notify(endpoint));
654 endpoint->destroy(endpoint);
655 }
656 this->ike_sa->act_as_mediation_server(this->ike_sa);
657 break;
658 }
659 case ME_CONNECT:
660 {
661 if (this->invalid_syntax)
662 {
663 message->add_notify(message, TRUE, INVALID_SYNTAX, chunk_empty);
664 break;
665 }
666
667 ike_sa_id_t *peer_sa;
668 if (this->callback)
669 {
670 peer_sa = charon->mediation_manager->check_and_register(
671 charon->mediation_manager, this->peer_id,
672 this->ike_sa->get_other_id(this->ike_sa));
673 }
674 else
675 {
676 peer_sa = charon->mediation_manager->check(
677 charon->mediation_manager, this->peer_id);
678 }
679
680 if (!peer_sa)
681 {
682 /* the peer is not online */
683 message->add_notify(message, TRUE, ME_CONNECT_FAILED,
684 chunk_empty);
685 break;
686 }
687
688 job_t *job = (job_t*)mediation_job_create(this->peer_id,
689 this->ike_sa->get_other_id(this->ike_sa), this->connect_id,
690 this->connect_key, this->remote_endpoints, this->response);
691 lib->processor->queue_job(lib->processor, job);
692 break;
693 }
694 default:
695 break;
696 }
697 return SUCCESS;
698 }
699
700 /**
701 * For mediation server
702 */
703 METHOD(task_t, process_i_ms, status_t,
704 private_ike_me_t *this, message_t *message)
705 {
706 /* FIXME: theoretically we should be prepared to receive a ME_CONNECT_FAILED
707 * here if the responding peer is not able to proceed. in this case we shall
708 * notify the initiating peer with a ME_CONNECT request containing only a
709 * ME_CONNECT_FAILED */
710 return SUCCESS;
711 }
712
713 METHOD(ike_me_t, me_connect, void,
714 private_ike_me_t *this, identification_t *peer_id)
715 {
716 this->peer_id = peer_id->clone(peer_id);
717 }
718
719 METHOD(ike_me_t, me_respond, void,
720 private_ike_me_t *this, identification_t *peer_id, chunk_t connect_id)
721 {
722 this->peer_id = peer_id->clone(peer_id);
723 this->connect_id = chunk_clone(connect_id);
724 this->response = TRUE;
725 }
726
727 METHOD(ike_me_t, me_callback, void,
728 private_ike_me_t *this, identification_t *peer_id)
729 {
730 this->peer_id = peer_id->clone(peer_id);
731 this->callback = TRUE;
732 }
733
734 METHOD(ike_me_t, relay, void,
735 private_ike_me_t *this, identification_t *requester, chunk_t connect_id,
736 chunk_t connect_key, linked_list_t *endpoints, bool response)
737 {
738 this->peer_id = requester->clone(requester);
739 this->connect_id = chunk_clone(connect_id);
740 this->connect_key = chunk_clone(connect_key);
741
742 this->remote_endpoints->destroy_offset(this->remote_endpoints,
743 offsetof(endpoint_notify_t, destroy));
744 this->remote_endpoints = endpoints->clone_offset(endpoints,
745 offsetof(endpoint_notify_t, clone));
746
747 this->response = response;
748 }
749
750 METHOD(task_t, get_type, task_type_t,
751 private_ike_me_t *this)
752 {
753 return IKE_ME;
754 }
755
756 METHOD(task_t, migrate, void,
757 private_ike_me_t *this, ike_sa_t *ike_sa)
758 {
759 this->ike_sa = ike_sa;
760 }
761
762 METHOD(tast_t, destroy, void,
763 private_ike_me_t *this)
764 {
765 DESTROY_IF(this->peer_id);
766
767 chunk_free(&this->connect_id);
768 chunk_free(&this->connect_key);
769
770 this->local_endpoints->destroy_offset(this->local_endpoints,
771 offsetof(endpoint_notify_t, destroy));
772 this->remote_endpoints->destroy_offset(this->remote_endpoints,
773 offsetof(endpoint_notify_t, destroy));
774
775 DESTROY_IF(this->mediated_cfg);
776 free(this);
777 }
778
779 /*
780 * Described in header.
781 */
782 ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator)
783 {
784 private_ike_me_t *this;
785
786 INIT(this,
787 .public = {
788 .task = {
789 .get_type = _get_type,
790 .migrate = _migrate,
791 .destroy = _destroy,
792 },
793 .connect = _me_connect,
794 .respond = _me_respond,
795 .callback = _me_callback,
796 .relay = _relay,
797 },
798 .ike_sa = ike_sa,
799 .initiator = initiator,
800 .local_endpoints = linked_list_create(),
801 .remote_endpoints = linked_list_create(),
802 );
803
804 if (ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR))
805 {
806 if (initiator)
807 {
808 this->public.task.build = _build_i;
809 this->public.task.process = (status_t(*)(task_t*,message_t*))process_i;
810 }
811 else
812 {
813 this->public.task.build = _build_r;
814 this->public.task.process = _process_r;
815 }
816 }
817 else
818 {
819 /* mediation server */
820 if (initiator)
821 {
822 this->public.task.build = _build_i_ms;
823 this->public.task.process = _process_i_ms;
824 }
825 else
826 {
827 this->public.task.build = _build_r_ms;
828 this->public.task.process = _process_r_ms;
829 }
830 }
831
832 return &this->public;
833 }
strongSwan - IPsec VPN