Invoke bus_t.message hook twice, once plain and parsed, once encoded and encrypted
authorMartin Willi <martin@revosec.ch>
Thu, 19 Jan 2012 15:22:25 +0000 (16:22 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:37 +0000 (17:31 +0100)
31 files changed:
src/conftest/hooks/add_notify.c
src/conftest/hooks/add_payload.c
src/conftest/hooks/custom_proposal.c
src/conftest/hooks/force_cookie.c
src/conftest/hooks/ignore_message.c
src/conftest/hooks/ike_auth_fill.c
src/conftest/hooks/log_id.c
src/conftest/hooks/log_ke.c
src/conftest/hooks/log_proposals.c
src/conftest/hooks/log_ts.c
src/conftest/hooks/pretend_auth.c
src/conftest/hooks/rebuild_auth.c
src/conftest/hooks/set_critical.c
src/conftest/hooks/set_ike_initiator.c
src/conftest/hooks/set_ike_request.c
src/conftest/hooks/set_ike_spi.c
src/conftest/hooks/set_ike_version.c
src/conftest/hooks/set_length.c
src/conftest/hooks/set_proposal_number.c
src/conftest/hooks/set_reserved.c
src/conftest/hooks/unsort_message.c
src/libcharon/bus/bus.c
src/libcharon/bus/bus.h
src/libcharon/bus/listeners/listener.h
src/libcharon/plugins/duplicheck/duplicheck_listener.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/plugins/ha/ha_ike.c
src/libcharon/plugins/led/led_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/ikev1/task_manager_v1.c
src/libcharon/sa/ikev2/task_manager_v2.c

index a973196..e3fbbc8 100644 (file)
@@ -60,9 +60,9 @@ struct private_add_notify_t {
 
 METHOD(listener_t, message, bool,
        private_add_notify_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index 03a47cc..37484e8 100644 (file)
@@ -62,9 +62,9 @@ struct private_add_payload_t {
 
 METHOD(listener_t, message, bool,
        private_add_payload_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index 4acea18..958bc10 100644 (file)
@@ -111,9 +111,9 @@ static linked_list_t* load_proposals(private_custom_proposal_t *this,
 
 METHOD(listener_t, message, bool,
        private_custom_proposal_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index e2ccb66..1b044db 100644 (file)
@@ -32,9 +32,9 @@ struct private_force_cookie_t {
 
 METHOD(listener_t, message, bool,
        private_force_cookie_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (incoming && message->get_request(message) &&
+       if (incoming && plain && message->get_request(message) &&
                message->get_exchange_type(message) == IKE_SA_INIT)
        {
                enumerator_t *enumerator;
index 210f3ac..3cb5f20 100644 (file)
@@ -45,9 +45,9 @@ struct private_ignore_message_t {
 
 METHOD(listener_t, message, bool,
        private_ignore_message_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (incoming == this->in &&
+       if (incoming == this->in && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index 7362c19..09590d4 100644 (file)
@@ -92,9 +92,9 @@ static size_t calculate_wire_size(message_t *message, ike_sa_t *ike_sa)
 
 METHOD(listener_t, message, bool,
        private_ike_auth_fill_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index ad14cea..07dd6a4 100644 (file)
@@ -32,9 +32,9 @@ struct private_log_id_t {
 
 METHOD(listener_t, message, bool,
        private_log_id_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (incoming)
+       if (incoming && plain)
        {
                enumerator_t *enumerator;
                payload_t *payload;
index 231c0a8..7104823 100644 (file)
@@ -32,9 +32,9 @@ struct private_log_ke_t {
 
 METHOD(listener_t, message, bool,
        private_log_ke_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (incoming)
+       if (incoming && plain)
        {
                enumerator_t *enumerator;
                payload_t *payload;
index 8c330ab..347b832 100644 (file)
@@ -32,9 +32,9 @@ struct private_log_proposals_t {
 
 METHOD(listener_t, message, bool,
        private_log_proposals_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (incoming)
+       if (incoming && plain)
        {
                enumerator_t *enumerator, *proposals;
                payload_t *payload;
index fb7c89a..f212efa 100644 (file)
@@ -32,9 +32,9 @@ struct private_log_ts_t {
 
 METHOD(listener_t, message, bool,
        private_log_ts_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (incoming)
+       if (incoming && plain)
        {
                enumerator_t *enumerator;
                payload_t *payload;
index 3a7bb4f..cfc39e3 100644 (file)
@@ -311,35 +311,38 @@ static void process_auth_response(private_pretend_auth_t *this,
 
 METHOD(listener_t, message, bool,
        private_pretend_auth_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (incoming)
+       if (plain)
        {
-               if (!message->get_request(message))
+               if (incoming)
                {
-                       if (message->get_exchange_type(message) == IKE_SA_INIT)
+                       if (!message->get_request(message))
                        {
-                               process_init_response(this, ike_sa, message);
-                       }
-                       if (message->get_exchange_type(message) == IKE_AUTH &&
-                               message->get_message_id(message) == 1)
-                       {
-                               process_auth_response(this, ike_sa, message);
+                               if (message->get_exchange_type(message) == IKE_SA_INIT)
+                               {
+                                       process_init_response(this, ike_sa, message);
+                               }
+                               if (message->get_exchange_type(message) == IKE_AUTH &&
+                                       message->get_message_id(message) == 1)
+                               {
+                                       process_auth_response(this, ike_sa, message);
+                               }
                        }
                }
-       }
-       else
-       {
-               if (message->get_request(message))
+               else
                {
-                       if (message->get_exchange_type(message) == IKE_SA_INIT)
-                       {
-                               process_init_request(this, ike_sa, message);
-                       }
-                       if (message->get_exchange_type(message) == IKE_AUTH &&
-                               message->get_message_id(message) == 1)
+                       if (message->get_request(message))
                        {
-                               process_auth_request(this, ike_sa, message);
+                               if (message->get_exchange_type(message) == IKE_SA_INIT)
+                               {
+                                       process_init_request(this, ike_sa, message);
+                               }
+                               if (message->get_exchange_type(message) == IKE_AUTH &&
+                                       message->get_message_id(message) == 1)
+                               {
+                                       process_auth_request(this, ike_sa, message);
+                               }
                        }
                }
        }
index 1197eb2..8ee4e14 100644 (file)
@@ -175,34 +175,37 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
 
 METHOD(listener_t, message, bool,
        private_rebuild_auth_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming && message->get_message_id(message) == 1)
+       if (plain)
        {
-               rebuild_auth(this, ike_sa, message);
-       }
-       if (message->get_exchange_type(message) == IKE_SA_INIT)
-       {
-               if (incoming)
+               if (!incoming && message->get_message_id(message) == 1)
                {
-                       nonce_payload_t *nonce;
-
-                       nonce = (nonce_payload_t*)message->get_payload(message, NONCE);
-                       if (nonce)
-                       {
-                               free(this->nonce.ptr);
-                               this->nonce = nonce->get_nonce(nonce);
-                       }
+                       rebuild_auth(this, ike_sa, message);
                }
-               else
+               if (message->get_exchange_type(message) == IKE_SA_INIT)
                {
-                       packet_t *packet;
-
-                       if (message->generate(message, NULL, &packet) == SUCCESS)
+                       if (incoming)
+                       {
+                               nonce_payload_t *nonce;
+
+                               nonce = (nonce_payload_t*)message->get_payload(message, NONCE);
+                               if (nonce)
+                               {
+                                       free(this->nonce.ptr);
+                                       this->nonce = nonce->get_nonce(nonce);
+                               }
+                       }
+                       else
                        {
-                               free(this->ike_init.ptr);
-                               this->ike_init = chunk_clone(packet->get_data(packet));
-                               packet->destroy(packet);
+                               packet_t *packet;
+
+                               if (message->generate(message, NULL, &packet) == SUCCESS)
+                               {
+                                       free(this->ike_init.ptr);
+                                       this->ike_init = chunk_clone(packet->get_data(packet));
+                                       packet->destroy(packet);
+                               }
                        }
                }
        }
index caf2215..8ec84e1 100644 (file)
@@ -47,9 +47,9 @@ struct private_set_critical_t {
 
 METHOD(listener_t, message, bool,
        private_set_critical_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index 6ba43ea..1674f0a 100644 (file)
@@ -42,9 +42,9 @@ struct private_set_ike_initiator_t {
 
 METHOD(listener_t, message, bool,
        private_set_ike_initiator_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index baabea6..fd5b6de 100644 (file)
@@ -42,9 +42,9 @@ struct private_set_ike_request_t {
 
 METHOD(listener_t, message, bool,
        private_set_ike_request_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index 14a0da9..bda0258 100644 (file)
@@ -52,9 +52,9 @@ struct private_set_ike_spi_t {
 
 METHOD(listener_t, message, bool,
        private_set_ike_spi_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index d2de9dc..ca52879 100644 (file)
@@ -57,9 +57,9 @@ struct private_set_ike_version_t {
 
 METHOD(listener_t, message, bool,
        private_set_ike_version_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index eb72e72..c1a867a 100644 (file)
@@ -50,9 +50,9 @@ struct private_set_length_t {
 
 METHOD(listener_t, message, bool,
        private_set_length_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index 839ca1f..0cc3cfc 100644 (file)
@@ -69,9 +69,9 @@ static void copy_proposal_algs(proposal_t *from, proposal_t *to,
 
 METHOD(listener_t, message, bool,
        private_set_proposal_number_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index 77a605d..d1a4a97 100644 (file)
@@ -163,9 +163,9 @@ static void set_byte(private_set_reserved_t *this, message_t *message,
 
 METHOD(listener_t, message, bool,
        private_set_reserved_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index b37b261..1b2b302 100644 (file)
@@ -45,9 +45,9 @@ struct private_unsort_message_t {
 
 METHOD(listener_t, message, bool,
        private_unsort_message_t *this, ike_sa_t *ike_sa, message_t *message,
-       bool incoming)
+       bool incoming, bool plain)
 {
-       if (!incoming &&
+       if (!incoming && plain &&
                message->get_request(message) == this->req &&
                message->get_message_id(message) == this->id)
        {
index c1b2bd4..ed09288 100644 (file)
@@ -406,7 +406,7 @@ METHOD(bus_t, child_state_change, void,
 }
 
 METHOD(bus_t, message, void,
-       private_bus_t *this, message_t *message, bool incoming)
+       private_bus_t *this, message_t *message, bool incoming, bool plain)
 {
        enumerator_t *enumerator;
        ike_sa_t *ike_sa;
@@ -425,7 +425,7 @@ METHOD(bus_t, message, void,
                }
                entry->calling++;
                keep = entry->listener->message(entry->listener, ike_sa,
-                                                                               message, incoming);
+                                                                               message, incoming, plain);
                entry->calling--;
                if (!keep)
                {
index 07b334f..a2cf41b 100644 (file)
@@ -235,10 +235,15 @@ struct bus_t {
        /**
         * Message send/receive hook.
         *
+        * The hook is invoked twice for each message: Once with plain, parsed data
+        * and once encoded and encrypted.
+        *
         * @param message       message to send/receive
         * @param incoming      TRUE for incoming messages, FALSE for outgoing
+        * @param plain         TRUE if message is parsed and decrypted, FALSE it not
+        * @param
         */
-       void (*message)(bus_t *this, message_t *message, bool incoming);
+       void (*message)(bus_t *this, message_t *message, bool incoming, bool plain);
 
        /**
         * IKE_SA authorization hook.
index efadea8..f04b20f 100644 (file)
@@ -84,13 +84,17 @@ struct listener_t {
        /**
         * Hook called for received/sent messages of an IKE_SA.
         *
+        * The hook is invoked twice for each message: Once with plain, parsed data
+        * and once encoded and encrypted.
+        *
         * @param ike_sa        IKE_SA sending/receiving a message
         * @param message       message object
         * @param incoming      TRUE for incoming messages, FALSE for outgoing
+        * @param plain         TRUE if message is parsed and decrypted, FALSE it not
         * @return                      TRUE to stay registered, FALSE to unregister
         */
        bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message,
-                                       bool incoming);
+                                       bool incoming, bool plain);
 
        /**
         * Hook called with IKE_SA key material.
index 226b2bd..4f59e03 100644 (file)
@@ -176,9 +176,9 @@ METHOD(listener_t, ike_updown, bool,
 
 METHOD(listener_t, message_hook, bool,
        private_duplicheck_listener_t *this, ike_sa_t *ike_sa,
-       message_t *message, bool incoming)
+       message_t *message, bool incoming, bool plain)
 {
-       if (incoming && !message->get_request(message))
+       if (incoming && plain && !message->get_request(message))
        {
                identification_t *id;
                entry_t *entry;
index 8eed497..30709c9 100644 (file)
@@ -78,9 +78,9 @@ METHOD(listener_t, ike_updown, bool,
 
 METHOD(listener_t, message_hook, bool,
        private_farp_listener_t *this, ike_sa_t *ike_sa,
-       message_t *message, bool incoming)
+       message_t *message, bool incoming, bool plain)
 {
-       if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
+       if (plain && ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
                message->get_exchange_type(message) == IKE_AUTH &&
                !message->get_request(message))
        {
index bee6e2a..b18cd6f 100644 (file)
@@ -237,7 +237,8 @@ METHOD(listener_t, ike_state_change, bool,
 }
 
 METHOD(listener_t, message_hook, bool,
-       private_ha_ike_t *this, ike_sa_t *ike_sa, message_t *message, bool incoming)
+       private_ha_ike_t *this, ike_sa_t *ike_sa, message_t *message,
+       bool incoming, bool plain)
 {
        if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
        {       /* do not sync SA between nodes */
index 4aae2ab..9d6c5a6 100644 (file)
@@ -189,9 +189,9 @@ METHOD(listener_t, ike_state_change, bool,
 
 METHOD(listener_t, message_hook, bool,
        private_led_listener_t *this, ike_sa_t *ike_sa,
-       message_t *message, bool incoming)
+       message_t *message, bool incoming, bool plain)
 {
-       if (incoming || message->get_request(message))
+       if (plain && (incoming || message->get_request(message)))
        {
                blink_activity(this);
        }
index cff7990..fd43cab 100644 (file)
@@ -904,6 +904,8 @@ METHOD(ike_sa_t, update_hosts, void,
 METHOD(ike_sa_t, generate_message, status_t,
        private_ike_sa_t *this, message_t *message, packet_t **packet)
 {
+       status_t status;
+
        if (message->is_encoded(message))
        {       /* already done */
                *packet = message->get_packet(message);
@@ -911,8 +913,13 @@ METHOD(ike_sa_t, generate_message, status_t,
        }
        this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
        message->set_ike_sa_id(message, this->ike_sa_id);
-       charon->bus->message(charon->bus, message, FALSE);
-       return message->generate(message, this->keymat, packet);
+       charon->bus->message(charon->bus, message, FALSE, TRUE);
+       status = message->generate(message, this->keymat, packet);
+       if (status == SUCCESS)
+       {
+               charon->bus->message(charon->bus, message, FALSE, FALSE);
+       }
+       return status;
 }
 
 METHOD(ike_sa_t, set_kmaddress, void,
index 3e46266..ac3824b 100755 (executable)
@@ -1045,6 +1045,7 @@ METHOD(task_manager_t, process_message, status_t,
                 this->active_tasks->get_count(this->active_tasks)))
        {
                msg->set_request(msg, FALSE);
+               charon->bus->message(charon->bus, msg, TRUE, FALSE);
                status = parse_message(this, msg);
                if (status != SUCCESS)
                {
@@ -1053,7 +1054,7 @@ METHOD(task_manager_t, process_message, status_t,
                this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
                                                                        time_monotonic(NULL));
                this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
-               charon->bus->message(charon->bus, msg, TRUE);
+               charon->bus->message(charon->bus, msg, TRUE, TRUE);
                if (process_response(this, msg) != SUCCESS)
                {
                        flush(this);
@@ -1110,6 +1111,7 @@ METHOD(task_manager_t, process_message, status_t,
                }
 
                msg->set_request(msg, TRUE);
+               charon->bus->message(charon->bus, msg, TRUE, FALSE);
                status = parse_message(this, msg);
                if (status != SUCCESS)
                {
@@ -1141,7 +1143,7 @@ METHOD(task_manager_t, process_message, status_t,
                                                "charon.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT));
                }
                this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
-               charon->bus->message(charon->bus, msg, TRUE);
+               charon->bus->message(charon->bus, msg, TRUE, TRUE);
                if (process_request(this, msg) != SUCCESS)
                {
                        flush(this);
index 36252a8..178cec6 100644 (file)
@@ -1036,6 +1036,7 @@ METHOD(task_manager_t, process_message, status_t,
        status_t status;
        u_int32_t mid;
 
+       charon->bus->message(charon->bus, msg, TRUE, FALSE);
        status = parse_message(this, msg);
        if (status != SUCCESS)
        {
@@ -1087,7 +1088,7 @@ METHOD(task_manager_t, process_message, status_t,
                                        this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
                                }
                        }
-                       charon->bus->message(charon->bus, msg, TRUE);
+                       charon->bus->message(charon->bus, msg, TRUE, TRUE);
                        if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
                        {       /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
                                return SUCCESS;
@@ -1132,7 +1133,7 @@ METHOD(task_manager_t, process_message, status_t,
                                        this->ike_sa->update_hosts(this->ike_sa, me, other, FALSE);
                                }
                        }
-                       charon->bus->message(charon->bus, msg, TRUE);
+                       charon->bus->message(charon->bus, msg, TRUE, TRUE);
                        if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
                        {       /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
                                return SUCCESS;