Allow creation of message_t objects for IKEv1 packets.
authorTobias Brunner <tobias@strongswan.org>
Wed, 16 Nov 2011 11:06:55 +0000 (12:06 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Mar 2012 16:30:40 +0000 (17:30 +0100)
src/conftest/hooks/force_cookie.c
src/conftest/hooks/unencrypted_notify.c
src/libcharon/encoding/message.c
src/libcharon/encoding/message.h
src/libcharon/network/receiver.c
src/libcharon/sa/connect_manager.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/task_manager.c

index e34f828..e2ccb66 100644 (file)
@@ -68,7 +68,7 @@ METHOD(listener_t, message, bool,
                        chunk_t data = chunk_from_thing("COOKIE test data");
 
                        DBG1(DBG_CFG, "sending COOKIE: %#B", &data);
-                       response = message_create();
+                       response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
                        dst = message->get_source(message);
                        src = message->get_destination(message);
                        response->set_source(response, src->clone(src));
index 80bdc64..507f30c 100644 (file)
@@ -95,7 +95,7 @@ METHOD(listener_t, ike_updown, bool,
 
                DBG1(DBG_CFG, "injecting unencrypted INFORMATIONAL message");
 
-               message = message_create();
+               message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
                message->set_message_id(message, this->id);
                message->set_ike_sa_id(message, ike_sa->get_id(ike_sa));
                message->set_exchange_type(message, INFORMATIONAL);
index 58b7df5..71ff4b0 100644 (file)
@@ -687,6 +687,11 @@ struct private_message_t {
        bool is_request;
 
        /**
+        * The message is encrypted (IKEv1)
+        */
+       bool is_encrypted;
+
+       /**
         * Higher version supported?
         */
        bool version_flag;
@@ -694,7 +699,7 @@ struct private_message_t {
        /**
         * Reserved bits in IKE header
         */
-       bool reserved[5];
+       bool reserved[2];
 
        /**
         * Sorting of message disabled?
@@ -1422,13 +1427,15 @@ METHOD(message_t, parse_header, status_t,
        }
 
        DESTROY_IF(this->ike_sa_id);
-       this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header),
+       this->ike_sa_id = ike_sa_id_create(
+                                                                       ike_header->get_initiator_spi(ike_header),
                                                                        ike_header->get_responder_spi(ike_header),
                                                                        ike_header->get_initiator_flag(ike_header));
 
        this->exchange_type = ike_header->get_exchange_type(ike_header);
        this->message_id = ike_header->get_message_id(ike_header);
        this->is_request = !ike_header->get_response_flag(ike_header);
+       this->is_encrypted = ike_header->get_encryption_flag(ike_header);
        this->major_version = ike_header->get_maj_version(ike_header);
        this->minor_version = ike_header->get_min_version(ike_header);
        this->first_payload = ike_header->payload_interface.get_next_type(
@@ -1442,19 +1449,12 @@ METHOD(message_t, parse_header, status_t,
                        this->reserved[i] = *reserved;
                }
        }
-       DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type,
-                this->is_request ? "request" : "response");
-
        ike_header->destroy(ike_header);
 
-       this->rule = get_message_rule(this);
-       if (!this->rule)
-       {
-               DBG1(DBG_ENC, "no message rules specified for a %N %s",
-                        exchange_type_names, this->exchange_type,
-                        this->is_request ? "request" : "response");
-       }
-       return status;
+       DBG2(DBG_ENC, "parsed a %N %s header", exchange_type_names,
+                this->exchange_type, this->major_version == IKEV1_MAJOR_VERSION ?
+                "message" : (this->is_request ? "request" : "response"));
+       return SUCCESS;
 }
 
 /**
@@ -1640,6 +1640,15 @@ METHOD(message_t, parse_body, status_t,
        DBG2(DBG_ENC, "parsing body of message, first payload is %N",
                 payload_type_names, type);
 
+       this->rule = get_message_rule(this);
+       if (!this->rule)
+       {
+               DBG1(DBG_ENC, "no message rules specified for a %N %s",
+                        exchange_type_names, this->exchange_type,
+                        this->is_request ? "request" : "response");
+               return PARSE_ERROR;
+       }
+
        while (type != NO_PAYLOAD)
        {
                DBG2(DBG_ENC, "starting parsing a %N payload",
@@ -1707,7 +1716,7 @@ METHOD(message_t, destroy, void,
 }
 
 /*
- * Described in Header-File
+ * Described in header.
  */
 message_t *message_create_from_packet(packet_t *packet)
 {
@@ -1752,8 +1761,6 @@ message_t *message_create_from_packet(packet_t *packet)
                        .get_packet_data = _get_packet_data,
                        .destroy = _destroy,
                },
-               .major_version = IKEV2_MAJOR_VERSION,
-               .minor_version = IKEV2_MINOR_VERSION,
                .exchange_type = EXCHANGE_TYPE_UNDEFINED,
                .is_request = TRUE,
                .first_payload = NO_PAYLOAD,
@@ -1762,14 +1769,19 @@ message_t *message_create_from_packet(packet_t *packet)
                .parser = parser_create(packet->get_data(packet)),
        );
 
-       return (&this->public);
+       return &this->public;
 }
 
 /*
- * Described in Header.
+ * Described in header.
  */
-message_t *message_create()
+message_t *message_create(int major, int minor)
 {
-       return message_create_from_packet(packet_create());
+       message_t *this = message_create_from_packet(packet_create());
+
+       this->set_major_version(this, major);
+       this->set_minor_version(this, minor);
+
+       return this;
 }
 
index 0e78ea4..20f3c16 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2007 Tobias Brunner
+ * Copyright (C) 2006-2011 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
@@ -182,7 +182,7 @@ struct message_t {
         * all payloads to encrypt are added to the encryption payload, which is
         * always the last one.
         *
-        * @param payload               payload to append
+        * @param payload               payload to append
         */
        void (*add_payload) (message_t *this, payload_t *payload);
 
@@ -208,14 +208,14 @@ struct message_t {
        /**
         * Parses header of message.
         *
-        * Begins parisng of a message created via message_create_from_packet().
+        * Begins parsing of a message created via message_create_from_packet().
         * The parsing context is stored, so a subsequent call to parse_body()
         * will continue the parsing process.
         *
         * @return
-        *                                      - SUCCESS if header could be parsed
+        *                                      - SUCCESS if header could be parsed
         *                                      - PARSE_ERROR if corrupted/invalid data found
-        *                                      - FAILED if consistence check of header failed
+        *                                      - FAILED if consistency check of header failed
         */
        status_t (*parse_header) (message_t *this);
 
@@ -230,11 +230,11 @@ struct message_t {
         *
         * @param aead          aead transform to verify/decrypt message
         * @return
-        *                                      - SUCCESS if parsing successful
+        *                                      - SUCCESS if parsing successful
         *                                      - PARSE_ERROR if message parsing failed
-        *                                      - VERIFY_ERROR if message verification failed (bad syntax)
-        *                                      - FAILED if integrity check failed
-        *                                      - INVALID_STATE if aead not supplied, but needed
+        *                                      - VERIFY_ERROR if message verification failed (bad syntax)
+        *                                      - FAILED if integrity check failed
+        *                                      - INVALID_STATE if aead not supplied, but needed
         */
        status_t (*parse_body) (message_t *this, aead_t *aead);
 
@@ -250,10 +250,10 @@ struct message_t {
         * @param aead          aead transform to encrypt/sign message
         * @param packet        copy of generated packet
         * @return
-        *                                      - SUCCESS if packet could be generated
-        *                                      - INVALID_STATE if exchange type is currently not set
-        *                                      - NOT_FOUND if no rules found for message generation
-        *                                      - INVALID_STATE if aead not supplied but needed.
+        *                                      - SUCCESS if packet could be generated
+        *                                      - INVALID_STATE if exchange type is currently not set
+        *                                      - NOT_FOUND if no rules found for message generation
+        *                                      - INVALID_STATE if aead not supplied but needed.
         */
        status_t (*generate) (message_t *this, aead_t *aead, packet_t **packet);
 
@@ -278,7 +278,7 @@ struct message_t {
         * Sets the source host informations.
         *
         * @warning host_t object is not getting cloned and gets destroyed by
-        *                      message_t.destroy or next call of message_t.set_source.
+        *                      message_t.destroy or next call of message_t.set_source.
         *
         * @param host          host_t object representing source host
         */
@@ -298,7 +298,7 @@ struct message_t {
         * Sets the destination host informations.
         *
         * @warning host_t object is not getting cloned and gets destroyed by
-        *                      message_t.destroy or next call of message_t.set_destination.
+        *                      message_t.destroy or next call of message_t.set_destination.
         *
         * @param host          host_t object representing destination host
         */
@@ -357,26 +357,27 @@ struct message_t {
 };
 
 /**
- * Creates an message_t object from a incoming UDP Packet.
+ * Creates a message_t object from an incoming UDP packet.
  *
  * The given packet gets owned by the message. The message is uninitialized,
  * call parse_header() to populate header fields.
  *
  * @param packet               packet_t object which is assigned to message
- * @return                             message_t object
+ * @return                             message_t object
  */
-message_t * message_create_from_packet(packet_t *packet);
-
+message_t *message_create_from_packet(packet_t *packet);
 
 /**
- * Creates an empty message_t object.
+ * Creates an empty message_t object for a specific major/minor version.
  *
  * - exchange_type is set to NOT_SET
  * - original_initiator is set to TRUE
  * - is_request is set to TRUE
  *
- * @return message_t object
+ * @param major                        major IKE version of this message
+ * @param minor                        minor IKE version of this message
+ * @return                             message_t object
  */
-message_t * message_create(void);
+message_t *message_create(int major, int minor);
 
 #endif /** MESSAGE_H_ @}*/
index 3e75d9b..2f02490 100644 (file)
@@ -144,7 +144,7 @@ static void send_notify(message_t *request, notify_type_t type, chunk_t data)
                packet_t *packet;
                ike_sa_id_t *ike_sa_id;
 
-               response = message_create();
+               response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
                dst = request->get_source(request);
                src = request->get_destination(request);
                response->set_source(response, src->clone(src));
index 7b6ca43..31947aa 100644 (file)
@@ -1028,7 +1028,7 @@ static void queue_retransmission(private_connect_manager_t *this, check_list_t *
 static void send_check(private_connect_manager_t *this, check_list_t *checklist,
                check_t *check, endpoint_pair_t *pair, bool request)
 {
-       message_t *message = message_create();
+       message_t *message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
        message->set_message_id(message, check->mid);
        message->set_exchange_type(message, INFORMATIONAL);
        message->set_request(message, request);
index 75868ab..29ce3ce 100644 (file)
@@ -926,7 +926,7 @@ static void send_notify_response(private_ike_sa_t *this, message_t *request,
        message_t *response;
        packet_t *packet;
 
-       response = message_create();
+       response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
        response->set_exchange_type(response, request->get_exchange_type(request));
        response->set_request(response, FALSE);
        response->set_message_id(response, request->get_message_id(request));
index 473bf34..8a4e81a 100644 (file)
@@ -425,7 +425,7 @@ METHOD(task_manager_t, initiate, status_t,
        me = this->ike_sa->get_my_host(this->ike_sa);
        other = this->ike_sa->get_other_host(this->ike_sa);
 
-       message = message_create();
+       message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
        message->set_message_id(message, this->initiating.mid);
        message->set_source(message, me->clone(me));
        message->set_destination(message, other->clone(other));
@@ -607,7 +607,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
        me = request->get_destination(request);
        other = request->get_source(request);
 
-       message = message_create();
+       message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
        message->set_exchange_type(message, request->get_exchange_type(request));
        /* send response along the path the request came in */
        message->set_source(message, me->clone(me));