cleaned up apidoc
authorMartin Willi <martin@strongswan.org>
Wed, 11 Apr 2007 07:20:39 +0000 (07:20 -0000)
committerMartin Willi <martin@strongswan.org>
Wed, 11 Apr 2007 07:20:39 +0000 (07:20 -0000)
added some comments
removed configuration.[ch], as it does not make sense like it is

27 files changed:
src/charon/Makefile.am
src/charon/config/backends/backend.h
src/charon/config/backends/local_backend.h
src/charon/config/cfg_store.h
src/charon/config/child_cfg.h
src/charon/config/configuration.c [deleted file]
src/charon/config/configuration.h [deleted file]
src/charon/config/ike_cfg.h
src/charon/config/peer_cfg.h
src/charon/config/proposal.h
src/charon/control/stroke_interface.c
src/charon/control/stroke_interface.h
src/charon/daemon.c
src/charon/daemon.h
src/charon/kernel/kernel_interface.h
src/charon/network/receiver.h
src/charon/network/sender.h
src/charon/processing/event_queue.h
src/charon/processing/job_queue.h
src/charon/processing/scheduler.h
src/charon/processing/thread_pool.h
src/charon/sa/ike_sa.c
src/charon/sa/ike_sa.h
src/charon/sa/task_manager.c
src/charon/sa/task_manager.h
src/charon/sa/tasks/child_rekey.c
src/charon/sa/tasks/ike_rekey.c

index b66f237..64ebb35 100644 (file)
@@ -23,7 +23,6 @@ config/backends/backend.h \
 config/backends/local_backend.c config/backends/local_backend.h \
 config/cfg_store.c config/cfg_store.h \
 config/child_cfg.c config/child_cfg.h \
-config/configuration.c config/configuration.h \
 config/credentials/local_credential_store.c config/credentials/local_credential_store.h \
 config/ike_cfg.c config/ike_cfg.h \
 config/peer_cfg.c config/peer_cfg.h \
index a054a72..52df0a2 100644 (file)
@@ -6,7 +6,7 @@
  */
 
 /*
- * Copyright (C) 2006 Martin Willi
+ * Copyright (C) 2007 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -34,8 +34,12 @@ typedef struct backend_t backend_t;
 /**
  * @brief The interface for a configuration backend.
  *
+ * A configuration backend is registered in the cfg_store. It does the actual
+ * configuration lookup for the method it implements. See cfg_store_t for
+ * more information.
+ *
  * @b Constructors:
- * - implementations constructor, such as local_backend_create()
+ * - none, use implementations of backend_t.
  * 
  * @ingroup backends
  */
index 97c43b2..4caf4a8 100644 (file)
@@ -84,7 +84,7 @@ struct local_backend_t {
  *
  * @return local_backend instance.
  * 
- * @ingroup config
+ * @ingroup backends
  */
 local_backend_t *local_backend_create(void);
 
index 04a4301..be36cd3 100644 (file)
@@ -40,29 +40,22 @@ typedef struct cfg_store_t cfg_store_t;
  * access all this backends by a single call, this class wraps multiple
  * backends behind a single object.
  * Backends may be registered and unregister at runtime dynamically.
- *
- * +---------+      +---------+           +--------------+     |
- * |         |      |         |         +--------------+ |     |
- * |         |----->| config  |       +--------------+ |-+  <==|==> IPC
- * |         |      |         |------>|   backends   |-+       |
- * | daemon  |----->|         |       +--------------+         |
- * |  core   |      +---------+                                |
- * |         |                                                 |
- * |         |      +---------+           +--------------+     |
- * |         |<-----|         |         +--------------+ |     |
- * |         |      | control-|       +--------------+ |-+  <==|==> IPC
- * |         |<-----| ler     |------>| controllers  |-+       |
- * |         |      |         |       +--------------+         |
- * +---------+      +---------+                                |
- *
- * The daemon core only knows the simple and single cfg_store interface.
- * The cfg_store wraps two kind of objects, backends and trustchains.
- * If the daemon needs something, it asks the cfg_store. cfg_store
- * asks all of its backends if they can fullfil the request. 
- *
+ * @verbatim
+
+   +---------+      +-----------+         +--------------+     |
+   |         |      |           |       +--------------+ |     |
+   | daemon  |----->| cfg_store |     +--------------+ |-+  <==|==> IPC
+   |  core   |      |           |---->|   backends   |-+       |
+   |         |----->|           |     +--------------+         |
+   |         |      |           |                              |
+   +---------+      +-----------+                              |
+   
+   @endverbatim
+ * Configuration lookup is done only when acting as responder. For initating
+ * the corresponding controller is responsible to get a config to initiate.
  *
  * @b Constructors:
- * - stroke_create()
+ * - cfg_store_create()
  * 
  * @ingroup config
  */
index eab3012..6b22990 100644 (file)
@@ -36,7 +36,7 @@ typedef struct child_cfg_t child_cfg_t;
  *
  * These are equal to those defined in XFRM, so don't change.
  *
- * @ingroup child_cfg
+ * @ingroup config
  */
 enum mode_t {
        /** transport mode, no inner address */
@@ -57,14 +57,16 @@ extern enum_name_t *mode_names;
  *
  * After creation, proposals and traffic selectors may be added to the config.
  * A child_cfg object is referenced multiple times, and is not thread save.
- * Reading from the object is save, adding things is not allowed when other
+ * Reading from the object is save, adding things is not allowed while other
  * threads may access the object. 
  * A reference counter handles the number of references hold to this config.
+ *
+ * @see peer_cfg_t to get an overview over the configurations.
  * 
  * @b Constructors:
  *   - child_cfg_create()
  *
- * @ingroup child_cfg
+ * @ingroup config
  */
 struct child_cfg_t {
        
@@ -229,11 +231,10 @@ struct child_cfg_t {
  * @param mode                         mode to propose for CHILD_SA, transport, tunnel or BEET
  * @return                                     child_cfg_t object
  * 
- * @ingroup child_cfg
+ * @ingroup config
  */
 child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
-                                                                       u_int32_t rekeytime, u_int32_t jitter,
-                                                                       char *updown, bool hostaccess,
-                                                                       mode_t mode);
+                                                         u_int32_t rekeytime, u_int32_t jitter,
+                                                         char *updown, bool hostaccess, mode_t mode);
 
 #endif /* CHILD_CFG_H_ */
diff --git a/src/charon/config/configuration.c b/src/charon/config/configuration.c
deleted file mode 100755 (executable)
index 488ba9a..0000000
+++ /dev/null
@@ -1,162 +0,0 @@
-/**
- * @file configuration.c
- * 
- * @brief Implementation of configuration_t.
- * 
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-#include <math.h>
-
-#include "configuration.h"
-
-#include <library.h>
-
-/**
- * Timeout in milliseconds after that a half open IKE_SA gets deleted.
- */
-#define HALF_OPEN_IKE_SA_TIMEOUT 30000
-
-/**
- * Retransmission uses a backoff algorithm. The timeout is calculated using
- * TIMEOUT * (BASE ** try).
- * When try reaches TRIES, retransmission is given up.
- *
- * Using an initial TIMEOUT of 4s, a BASE of 1.8, and 5 TRIES gives us:
- *
- *                        | relative | absolute
- * ---------------------------------------------------------
- * 4s * (1.8 ** (0  % 5)) =    4s         4s
- * 4s * (1.8 ** (1  % 5)) =    7s        11s
- * 4s * (1.8 ** (2  % 5)) =   13s        24s
- * 4s * (1.8 ** (3  % 5)) =   23s        47s
- * 4s * (1.8 ** (4  % 5)) =   42s        89s
- * 4s * (1.8 ** (5  % 5)) =   76s       165s
- *
- * The peer is considered dead after 2min 45s when no reply comes in.
- */
-
-/**
- * First retransmit timeout in milliseconds.
- * Timeout value is increasing in each retransmit round.
- */
-#define RETRANSMIT_TIMEOUT 4000
-
-/**
- * Base which is raised to the power of the retransmission count.
- */
-#define RETRANSMIT_BASE 1.8
-
-/**
- * Number of retransmits done in a retransmit sequence
- */
-#define RETRANSMIT_TRIES 5
-
-/**
- * Keepalive interval in seconds.
- */
-#define KEEPALIVE_INTERVAL 20
-
-/**
- * retry interval in seconds.
- */
-#define RETRY_INTERVAL 30
-
-/**
- * jitter to user for retrying
- */
-#define RETRY_JITTER 20
-
-
-typedef struct private_configuration_t private_configuration_t;
-
-/**
- * Private data of an configuration_t object.
- */
-struct private_configuration_t {
-
-       /**
-        * Public part of configuration_t object.
-        */
-       configuration_t public;
-
-};
-
-/**
- * Implementation of configuration_t.get_retransmit_timeout.
- */
-static u_int32_t get_retransmit_timeout (private_configuration_t *this,
-                                                                                u_int32_t retransmit_count)
-{
-       if (retransmit_count > RETRANSMIT_TRIES)
-       {
-               /* give up */
-               return 0;
-       }
-       return (u_int32_t)
-                               (RETRANSMIT_TIMEOUT * pow(RETRANSMIT_BASE, retransmit_count));
-}
-
-/**
- * Implementation of configuration_t.get_half_open_ike_sa_timeout.
- */
-static u_int32_t get_half_open_ike_sa_timeout (private_configuration_t *this)
-{
-       return HALF_OPEN_IKE_SA_TIMEOUT;
-}
-
-/**
- * Implementation of configuration_t.get_keepalive_interval.
- */
-static u_int32_t get_keepalive_interval (private_configuration_t *this)
-{
-       return KEEPALIVE_INTERVAL;
-}
-
-/**
- * Implementation of configuration_t.get_retry_interval.
- */
-static u_int32_t get_retry_interval (private_configuration_t *this)
-{
-       return RETRY_INTERVAL - (random() % RETRY_JITTER);
-}
-
-/**
- * Implementation of configuration_t.destroy.
- */
-static void destroy(private_configuration_t *this)
-{
-       free(this);
-}
-
-/*
- * Described in header-file
- */
-configuration_t *configuration_create()
-{
-       private_configuration_t *this = malloc_thing(private_configuration_t);
-       
-       /* public functions */
-       this->public.destroy = (void(*)(configuration_t*))destroy;
-       this->public.get_retransmit_timeout = (u_int32_t (*) (configuration_t*,u_int32_t))get_retransmit_timeout;
-       this->public.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t*)) get_half_open_ike_sa_timeout;
-       this->public.get_keepalive_interval = (u_int32_t (*) (configuration_t*)) get_keepalive_interval;
-       this->public.get_retry_interval = (u_int32_t (*) (configuration_t*)) get_retry_interval;
-       
-       return (&this->public);
-}
diff --git a/src/charon/config/configuration.h b/src/charon/config/configuration.h
deleted file mode 100755 (executable)
index c120717..0000000
+++ /dev/null
@@ -1,102 +0,0 @@
-/**
- * @file configuration.h
- * 
- * @brief Interface configuration_t.
- *  
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef CONFIGURATION_H_
-#define CONFIGURATION_H_
-
-typedef struct configuration_t configuration_t;
-
-#include <library.h>
-
-/**
- * @brief The interface for various daemon related configs.
- * 
- * @b Constructors:
- *     - configuration_create()
- * 
- * @ingroup config
- */
-struct configuration_t {
-
-       /**
-        * @brief Returns the retransmit timeout.
-        *
-        * A return value of zero means the request should not be
-        * retransmitted again.
-        *
-        * @param this                          calling object
-        * @param retransmitted         number of times a message was retransmitted so far
-        * @return                                      time in milliseconds, when to do next retransmit
-        */
-       u_int32_t (*get_retransmit_timeout) (configuration_t *this, 
-                                                                                u_int32_t retransmitted);
-       
-       /**
-        * @brief Returns the timeout for an half open IKE_SA in ms.
-        *
-        * Half open means that the IKE_SA is still on a not established state
-        *
-        * @param this                          calling object
-        * @return                                      timeout in milliseconds (ms)
-        */
-       u_int32_t (*get_half_open_ike_sa_timeout) (configuration_t *this);
-
-       /**
-        * @brief Returns the keepalive interval in s.
-        * 
-        * The keepalive interval defines the idle time after which a
-        * NAT keepalive packet should be sent.
-        * 
-        * @param this                          calling object
-        * @return                                      interval in s
-        */     
-       u_int32_t (*get_keepalive_interval) (configuration_t *this);
-
-       /**
-        * @brief Returns the interval to retry a failed action again.
-        *
-        * In some situations, the protocol may be in a state where processing
-        * is not possible and an action must be retried (e.g. rekeying).
-        * 
-        * @param this                          calling object
-        * @return                                      interval in s
-        */     
-       u_int32_t (*get_retry_interval) (configuration_t *this);
-
-       /**
-        * @brief Destroys a configuration_t object.
-        * 
-        * @param this                                  calling object
-        */
-       void (*destroy) (configuration_t *this);
-};
-
-/**
- * @brief Creates a configuration backend.
- * 
- * @return static_configuration_t object
- * 
- * @ingroup config
- */
-configuration_t *configuration_create(void);
-
-#endif /*CONFIGURATION_H_*/
index f8f5a35..ccea0a5 100644 (file)
@@ -36,10 +36,12 @@ typedef struct ike_cfg_t ike_cfg_t;
 /**
  * @brief An ike_cfg_t defines the rules to set up an IKE_SA.
  *
+ * @see peer_cfg_t to get an overview over the configurations.
+ *
  * @b Constructors:
  *  - ike_cfg_create()
  *
- * @ingroup ike_cfg
+ * @ingroup config
  */
 struct ike_cfg_t {
        
index b0e3c8a..7e6b8c6 100644 (file)
@@ -69,7 +69,7 @@ extern enum_name_t *cert_policy_names;
  *
  * These values are the same as in pluto/starter, so do not modify them!
  *
- * @ingroup peer_cfg
+ * @ingroup config
  */
 enum dpd_action_t {
        /** DPD disabled */
@@ -90,10 +90,26 @@ extern enum_name_t *dpd_action_names;
 /**
  * @brief Configuration of a peer, specified by IDs.
  *
+ * The peer config defines a connection between two given IDs. It contains
+ * exactly one ike_cfg_t, which is use for initiation. Additionally, it contains
+ * multiple child_cfg_t defining which CHILD_SAs are allowed for this peer.
+ * @verbatim
+
+                           +-------------------+           +---------------+
+   +---------------+       |     peer_cfg      |         +---------------+ |
+   |    ike_cfg    |       +-------------------+         |   child_cfg   | |
+   +---------------+       | - ids             |         +---------------+ |
+   | - hosts       | 1   1 | - cas             | 1     n | - proposals   | |
+   | - proposals   |<------| - auth info       |-------->| - traffic sel | |
+   | - ...         |       | - dpd config      |         | - ...         |-+
+   +---------------+       | - ...             |         +---------------+
+                           +-------------------+
+   @endverbatim
+ *
  * @b Constructors:
  *   - peer_cfg_create()
  *
- * @ingroup peer_cfg
+ * @ingroup config
  */
 struct peer_cfg_t {
        
index abcb409..4bee08e 100644 (file)
@@ -102,6 +102,8 @@ extern enum_name_t *extended_sequence_numbers_names;
 /**
  * Struct used to store different kinds of algorithms. The internal
  * lists of algorithms contain such structures.
+ *
+ * @ingroup config
  */
 struct algorithm_t {
        /**
index 51e6c6d..8d9c94e 100755 (executable)
@@ -327,7 +327,10 @@ static void stroke_add_conn(private_stroke_interface_t *this,
        {
                my_vip = host_create_from_string(msg->add_conn.me.sourceip, 0);
        }
-       other_vip = host_create_from_string(msg->add_conn.other.sourceip, 0);
+       if (msg->add_conn.other.virtual_ip)
+       {
+               other_vip = host_create_from_string(msg->add_conn.other.sourceip, 0);
+       }
        
        if (msg->add_conn.me.tohost)
        {
@@ -448,6 +451,8 @@ static void stroke_add_conn(private_stroke_interface_t *this,
 
        if (use_existing)
        {
+               DESTROY_IF(my_vip);
+               DESTROY_IF(other_vip);
                my_host->destroy(my_host);
                my_id->destroy(my_id);
                my_ca->destroy(my_ca);
index 8ba81ad..7fab28f 100644 (file)
@@ -39,7 +39,7 @@ typedef struct stroke_t stroke_t;
  * @b Constructors:
  * - stroke_create()
  * 
- * @ingroup threads
+ * @ingroup control
  */
 struct stroke_t {
        
@@ -58,7 +58,7 @@ struct stroke_t {
  * @param backend      backend to store received configurations
  * @return                     stroke_t object
  * 
- * @ingroup threads
+ * @ingroup control
  */
 stroke_t *stroke_create(local_backend_t *backend);
 
index ef07d65..9640f1c 100644 (file)
@@ -176,7 +176,6 @@ static void destroy(private_daemon_t *this)
        /* destroy other infrastructure */
        DESTROY_IF(this->public.job_queue);
        DESTROY_IF(this->public.event_queue);
-       DESTROY_IF(this->public.configuration);
        DESTROY_IF(this->public.credentials);
        DESTROY_IF(this->public.cfg_store);
        DESTROY_IF(this->public.local_backend);
@@ -258,7 +257,6 @@ static void initialize(private_daemon_t *this, bool strict, bool syslog,
        
        DBG1(DBG_DMN, "starting charon (strongSwan Version %s)", VERSION);
        
-       this->public.configuration = configuration_create();
        this->public.socket = socket_create(IKEV2_UDP_PORT, IKEV2_NATT_PORT);
        this->public.ike_sa_manager = ike_sa_manager_create();
        this->public.job_queue = job_queue_create();
@@ -334,7 +332,6 @@ private_daemon_t *daemon_create(void)
        this->public.ike_sa_manager = NULL;
        this->public.job_queue = NULL;
        this->public.event_queue = NULL;
-       this->public.configuration = NULL;
        this->public.credentials = NULL;
        this->public.cfg_store = NULL;
        this->public.local_backend = NULL;
index 6ba6768..ebc3873 100644 (file)
@@ -97,6 +97,14 @@ typedef struct daemon_t daemon_t;
  */
 
 /**
+ * @defgroup bus bus
+ *
+ * Signaling bus and its listeners.
+ *
+ * @ingroup charon
+ */
+
+/**
  * @defgroup config config
  *
  * Classes implementing configuration related things.
@@ -105,6 +113,30 @@ typedef struct daemon_t daemon_t;
  */
 
 /**
+ * @defgroup backends backends
+ *
+ * Classes implementing configuration backends.
+ *
+ * @ingroup config
+ */
+
+/**
+ * @defgroup credentials credentials
+ *
+ * Trust chain verification and certificate store.
+ *
+ * @ingroup config
+ */
+
+/**
+ * @defgroup control control
+ *
+ * Classes which control the daemon using IPC mechanisms.
+ *
+ * @ingroup charon
+ */
+
+/**
  * @defgroup encoding encoding
  *
  * Classes used to encode and decode IKEv2 messages.
@@ -121,52 +153,49 @@ typedef struct daemon_t daemon_t;
  */
 
 /**
- * @defgroup network network
+ * @defgroup kernel kernel
  *
- * Classes for network relevant stuff.
+ * Classes to configure and query the kernel.
  *
  * @ingroup charon
  */
 
 /**
- * @defgroup queues queues
+ * @defgroup network network
  *
- * Different kind of queues
- * (thread save lists).
+ * Classes for sending and receiving UDP packets over the network.
  *
  * @ingroup charon
  */
 
 /**
- * @defgroup jobs jobs
+ * @defgroup processing processing
  *
- * Jobs used in job queue and event queue.
+ * Queueing, scheduling and processing of jobs
  *
- * @ingroup queues
+ * @ingroup charon
  */
 
 /**
- * @defgroup sa sa
+ * @defgroup jobs jobs
  *
- * Security associations for IKE and IPSec,
- * and some helper classes.
+ * Jobs to queue, schedule and process.
  *
- * @ingroup charon
+ * @ingroup processing
  */
 
 /**
- * @defgroup tasks tasks
+ * @defgroup sa sa
  *
- * Tasks process and build message payloads. They are used to create
- * and process multiple exchanges.
+ * Security associations for IKE and IPSec, and its helper classes.
  *
- * @ingroup sa
+ * @ingroup charon
  */
 
 /**
  * @defgroup authenticators authenticators
  *
- * Authenticator classes to prove identity of peer.
+ * Authenticator classes to prove identity of peer.
  *
  * @ingroup sa
  */
@@ -174,25 +203,18 @@ typedef struct daemon_t daemon_t;
 /**
  * @defgroup eap eap
  *
- * EAP authentication module interface and it's implementations.
+ * EAP module loader, interface and it's implementations.
  *
  * @ingroup authenticators
  */
-
 /**
- * @defgroup threads threads
- *
- * Threaded classes, which will do their job alone.
- *
- * @ingroup charon
- */
-
-/**
- * @defgroup bus bus
+ * @defgroup tasks tasks
  *
- * Signaling bus and its listeners.
+ * Tasks process and build message payloads. They are used to create
+ * and process multiple exchanges.
  *
- * @ingroup charon
+ * @ingroup sa
  */
 
 /**
@@ -316,11 +338,6 @@ struct daemon_t {
        ike_sa_manager_t *ike_sa_manager;
        
        /**
-        * A configuration_t instance.
-        */
-       configuration_t *configuration;
-       
-       /**
         * A connection_store_t instance.
         */
        cfg_store_t *cfg_store;
index 34b06f5..2a3eaff 100644 (file)
@@ -35,6 +35,8 @@ typedef struct kernel_interface_t kernel_interface_t;
 
 /**
  * Configuration for NAT-T
+ *
+ * @ingroup kernel
  */
 struct natt_conf_t {
        /** source port to use for UDP-encapsulated packets */
@@ -47,6 +49,8 @@ struct natt_conf_t {
  * Direction of a policy. These are equal to those
  * defined in xfrm.h, but we want to stay implementation
  * neutral here.
+ *
+ * @ingroup kernel
  */
 enum policy_dir_t {
        /** Policy for inbound traffic */
@@ -71,7 +75,7 @@ enum policy_dir_t {
  * @b Constructors:
  *  - kernel_interface_create()
  *
- * @ingroup threads
+ * @ingroup kernel
  */
 struct kernel_interface_t {
 
@@ -324,7 +328,7 @@ struct kernel_interface_t {
 /**
  * @brief Creates an object of type kernel_interface_t.
  * 
- * @ingroup threads
+ * @ingroup kernel
  */
 kernel_interface_t *kernel_interface_create(void);
 
index 68d9136..1bfa7b7 100644 (file)
@@ -54,7 +54,7 @@ typedef struct receiver_t receiver_t;
  * @b Constructors:
  *  - receiver_create()
  * 
- * @ingroup threads
+ * @ingroup network
  */
 struct receiver_t {
        
@@ -74,7 +74,7 @@ struct receiver_t {
  * 
  * @return     receiver_t object
  * 
- * @ingroup threads
+ * @ingroup network
  */
 receiver_t * receiver_create(void);
 
index 4f42f6f..6f2a068 100644 (file)
@@ -35,7 +35,7 @@ typedef struct sender_t sender_t;
  * @b Constructors:
  *  - sender_create()
  * 
- * @ingroup threads
+ * @ingroup network
  */
 struct sender_t {
        
@@ -67,7 +67,7 @@ struct sender_t {
  * 
  * @return             created sender object
  * 
- * @ingroup threads
+ * @ingroup network
  */
 sender_t * sender_create(void);
 
index 3258b25..c85286b 100644 (file)
@@ -45,7 +45,7 @@ typedef struct event_queue_t event_queue_t;
  * @b Constructors:
  * - event_queue_create()
  * 
- * @ingroup queues
+ * @ingroup processing
  */
 struct event_queue_t {
 
@@ -111,7 +111,7 @@ struct event_queue_t {
  *
  * @returns event_queue_t object
  * 
- * @ingroup queues
+ * @ingroup processing
  */
 event_queue_t *event_queue_create(void);
                  
index 26e1492..9b58588 100644 (file)
@@ -40,7 +40,7 @@ typedef struct job_queue_t job_queue_t;
  * @b Constructors:
  * - job_queue_create()
  * 
- * @ingroup queues
+ * @ingroup processing
  */
 struct job_queue_t {
 
@@ -93,7 +93,7 @@ struct job_queue_t {
  *
  * @return job_queue_t object
  * 
- * @ingroup queues
+ * @ingroup processing
  */
 job_queue_t *job_queue_create(void);
 
index daecce3..bea93e7 100644 (file)
@@ -39,7 +39,7 @@ typedef struct scheduler_t scheduler_t;
  * @b Constructors:
  *  - scheduler_create()
  *
- * @ingroup threads
+ * @ingroup processing
  */
 struct scheduler_t {   
 
@@ -61,7 +61,7 @@ struct scheduler_t {
  *                             - scheduler_t object
  *                             - NULL if thread could not be started
  * 
- * @ingroup threads
+ * @ingroup processing
  */
 scheduler_t * scheduler_create(void);
 
index 8e1989b..09a6312 100644 (file)
@@ -41,7 +41,7 @@ typedef struct thread_pool_t thread_pool_t;
  *
  * @todo Add support for dynamic thread handling
  * 
- * @ingroup threads
+ * @ingroup processing
  */
 struct thread_pool_t {
        
@@ -79,7 +79,7 @@ struct thread_pool_t {
  *                                                     - thread_pool_t object if one ore more threads could be started, or
  *                                                     - NULL if no threads could be created
  *
- * @ingroup threads
+ * @ingroup processing
  */
 thread_pool_t *thread_pool_create(size_t pool_size);
 
index b1fced8..db445f8 100644 (file)
@@ -436,15 +436,14 @@ static status_t send_dpd(private_ike_sa_t *this)
 static void send_keepalive(private_ike_sa_t *this)
 {
        send_keepalive_job_t *job;
-       time_t last_out, now, diff, interval;
+       time_t last_out, now, diff;
        
        last_out = get_use_time(this, FALSE);
        now = time(NULL);
        
        diff = now - last_out;
-       interval = charon->configuration->get_keepalive_interval(charon->configuration);
        
-       if (diff >= interval)
+       if (diff >= KEEPALIVE_INTERVAL)
        {
                packet_t *packet;
                chunk_t data;
@@ -462,7 +461,7 @@ static void send_keepalive(private_ike_sa_t *this)
        }
        job = send_keepalive_job_create(this->ike_sa_id);
        charon->event_queue->add_relative(charon->event_queue, (job_t*)job,
-                                                                         (interval - diff) * 1000);
+                                                                         (KEEPALIVE_INTERVAL - diff) * 1000);
 }
 
 /**
@@ -526,9 +525,8 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
                {
                        /* delete may fail if a packet gets lost, so set a timeout */
                        job_t *job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE);
-                       charon->event_queue->add_relative(charon->event_queue, job,
-                                                 charon->configuration->get_half_open_ike_sa_timeout(
-                                                                                                               charon->configuration));
+                       charon->event_queue->add_relative(charon->event_queue, job, 
+                                                                                         HALF_OPEN_IKE_SA_TIMEOUT);
                        break;
                }
                default:
@@ -747,10 +745,9 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
                        /* add a timeout if peer does not establish it completely */
                        job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, FALSE);
                        charon->event_queue->add_relative(charon->event_queue, job,
-                                                 charon->configuration->get_half_open_ike_sa_timeout(
-                                                                                                               charon->configuration));
+                                                                                         HALF_OPEN_IKE_SA_TIMEOUT);
                }
-       
+               
                /* check if message is trustworthy, and update host information */
                if (this->state == IKE_CREATED ||
                        message->get_exchange_type(message) != IKE_SA_INIT)
index c386f92..7f51fb2 100644 (file)
@@ -34,7 +34,6 @@ typedef struct ike_sa_t ike_sa_t;
 #include <sa/ike_sa_id.h>
 #include <sa/child_sa.h>
 #include <sa/tasks/task.h>
-#include <config/configuration.h>
 #include <utils/randomizer.h>
 #include <crypto/prfs/prf.h>
 #include <crypto/crypters/crypter.h>
@@ -43,6 +42,35 @@ typedef struct ike_sa_t ike_sa_t;
 #include <config/ike_cfg.h>
 
 /**
+ * Timeout in milliseconds after that a half open IKE_SA gets deleted.
+ *
+ * @ingroup sa
+ */
+#define HALF_OPEN_IKE_SA_TIMEOUT 30000
+
+/**
+ * Interval to send keepalives when NATed, in seconds.
+ *
+ * @ingroup sa
+ */
+#define KEEPALIVE_INTERVAL 20
+
+/**
+ * After which time rekeying should be retried if it failed, in seconds.
+ *
+ * @ingroup sa
+ */
+#define RETRY_INTERVAL 30
+
+/**
+ * Jitter to subtract from RETRY_INTERVAL to randomize rekey retry.
+ *
+ * @ingroup sa
+ */
+#define RETRY_JITTER 20
+
+
+/**
  * @brief State of an IKE_SA.
  *
  * An IKE_SA passes various states in its lifetime. A newly created
index cbdc678..9633ba7 100644 (file)
@@ -22,6 +22,8 @@
 
 #include "task_manager.h"
 
+#include <math.h>
+
 #include <daemon.h>
 #include <sa/tasks/ike_init.h>
 #include <sa/tasks/ike_natd.h>
@@ -210,9 +212,12 @@ static status_t retransmit(private_task_manager_t *this, u_int32_t message_id)
                u_int32_t timeout;
                job_t *job;
 
-               timeout = charon->configuration->get_retransmit_timeout(
-                                               charon->configuration, this->initiating.retransmitted);
-               if (timeout == 0)
+               if (this->initiating.retransmitted <= RETRANSMIT_TRIES)
+               {
+                       timeout = (u_int32_t)(RETRANSMIT_TIMEOUT *
+                                               pow(RETRANSMIT_BASE, this->initiating.retransmitted));
+               }
+               else
                {
                        DBG1(DBG_IKE, "giving up after %d retransmits",
                                 this->initiating.retransmitted - 1);
index c766d4a..fb34aab 100644 (file)
@@ -31,6 +31,28 @@ typedef struct task_manager_t task_manager_t;
 #include <sa/tasks/task.h>
 
 /**
+ * First retransmit timeout in milliseconds.
+ *
+ * @ingroup sa
+ */
+#define RETRANSMIT_TIMEOUT 4000
+
+/**
+ * Base which is raised to the power of the retransmission try.
+ *
+ * @ingroup sa
+ */
+#define RETRANSMIT_BASE 1.8
+
+/**
+ * Number of retransmits done before giving up.
+ *
+ * @ingroup sa
+ */
+#define RETRANSMIT_TRIES 5
+
+
+/**
  * @brief The task manager, juggles task and handles message exchanges.
  *
  * On incoming requests, the task manager creates new tasks on demand and
@@ -43,6 +65,24 @@ typedef struct task_manager_t task_manager_t;
  * For the initial IKE_SA setup, several tasks are queued: One for the
  * unauthenticated IKE_SA setup, one for authentication, one for CHILD_SA setup
  * and maybe one for virtual IP assignement.
+ * The task manager is also responsible for retransmission. It uses a backoff 
+ * algorithm. The timeout is calculated using
+ * RETRANSMIT_TIMEOUT * (RETRANSMIT_BASE ** try).
+ * When try reaches RETRANSMIT_TRIES, retransmission is given up.
+ *
+ * Using an initial TIMEOUT of 4s, a BASE of 1.8, and 5 TRIES gives us:
+ * @verbatim
+                   | relative | absolute
+   ---------------------------------------------------------
+   4s * (1.8 ** 0) =    4s         4s
+   4s * (1.8 ** 1) =    7s        11s
+   4s * (1.8 ** 2) =   13s        24s
+   4s * (1.8 ** 3) =   23s        47s
+   4s * (1.8 ** 4) =   42s        89s
+   4s * (1.8 ** 5) =   76s       165s
+   @endberbatim
+ * The peer is considered dead after 2min 45s when no reply comes in.
  *
  * @b Constructors:
  *  - task_manager_create()
index af0e4d3..1621357 100644 (file)
@@ -192,8 +192,8 @@ static status_t process_i(private_child_rekey_t *this, message_t *message)
                          this->collision->get_type(this->collision) == CHILD_DELETE))
                {
                        job_t *job;
-                       u_int32_t retry = charon->configuration->get_retry_interval(
-                                                               charon->configuration);
+                       u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
+                       
                        job = (job_t*)rekey_child_sa_job_create(
                                                                this->child_sa->get_reqid(this->child_sa),
                                                                this->child_sa->get_protocol(this->child_sa),
index 04dd229..3c3eae5 100644 (file)
@@ -169,8 +169,7 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
                        this->collision->get_type(this->collision) == IKE_DELETE))
                {
                        job_t *job;
-                       u_int32_t retry = charon->configuration->get_retry_interval(
-                                                                       charon->configuration);
+                       u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
                        job = (job_t*)rekey_ike_sa_job_create(
                                                                        this->ike_sa->get_id(this->ike_sa), FALSE);
                        DBG1(DBG_IKE, "IKE_SA rekeying failed, "