switch (ike_sa->get_state(ike_sa))
{
- case SA_ESTABLISHED:
+ case IKE_ESTABLISHED:
{
/* IKE_SA is established and so is not getting destroyed */
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
#include <daemon.h>
+/**
+ * String mappings for child_sa_state_t.
+ */
+mapping_t child_sa_state_m[] = {
+ {CHILD_CREATED, "CREATED"},
+ {CHILD_INSTALLED, "INSTALLED"},
+ {CHILD_REKEYING, "REKEYING"},
+ {CHILD_DELETING, "DELETING"},
+ {MAPPING_END, NULL}
+};
+
typedef struct sa_policy_t sa_policy_t;
/**
u_int32_t hard_lifetime;
/**
+ * state of the CHILD_SA
+ */
+ child_sa_state_t state;
+
+ /**
* transaction which is rekeying this CHILD_SA
*/
void *rekeying_transaction;
}
/**
+ * Implements child_sa_t.get_state
+ */
+static child_sa_state_t get_state(private_child_sa_t *this)
+{
+ return this->state;
+}
+
+/**
+ * Implements child_sa_t.set_state
+ */
+static void set_state(private_child_sa_t *this, child_sa_state_t state)
+{
+ this->state = state;
+}
+
+/**
* Allocate SPI for a single proposal
*/
static status_t alloc_proposal(private_child_sa_t *this, proposal_t *proposal)
}
proposal->set_spi(proposal, inbound_spi);
+ this->state = CHILD_INSTALLED;
+
return SUCCESS;
}
return FAILED;
}
+ this->state = CHILD_INSTALLED;
+
return SUCCESS;
}
this->reqid);
logger->log(logger, CONTROL|LEVEL1,
- " \"%s\": rekeying: %s, last traffic (in/out): %s/%s",
- name, rekey_str, use_in_str, use_out_str);
+ " \"%s\": state: %s, rekeying: %s, last traffic (in/out): %s/%s",
+ name, mapping_find(child_sa_state_m, this->state),
+ rekey_str, use_in_str, use_out_str);
iterator = this->policies->create_iterator(this->policies, TRUE);
while (iterator->has_next(iterator))
this->public.get_use_time = (status_t (*)(child_sa_t*,bool,time_t*))get_use_time;
this->public.set_rekeying_transaction = (void (*)(child_sa_t*,void*))set_rekeying_transaction;
this->public.get_rekeying_transaction = (void* (*)(child_sa_t*))get_rekeying_transaction;
+ this->public.set_state = (void(*)(child_sa_t*,child_sa_state_t))set_state;
+ this->public.get_state = (child_sa_state_t(*)(child_sa_t*))get_state;
this->public.log_status = (void (*)(child_sa_t*, logger_t*, char*))log_status;
this->public.destroy = (void(*)(child_sa_t*))destroy;
this->use_natt = use_natt;
this->soft_lifetime = soft_lifetime;
this->hard_lifetime = hard_lifetime;
+ this->state = CHILD_CREATED;
/* reuse old reqid if we are rekeying an existing CHILD_SA */
this->reqid = rekey ? rekey : ++reqid;
this->policies = linked_list_create();
*/
#define REQID_START 2000000000
+typedef enum child_sa_state_t child_sa_state_t;
+
+/**
+ * @brief States of a CHILD_SA
+ */
+enum child_sa_state_t {
+
+ /**
+ * Just created, uninstalled CHILD_SA
+ */
+ CHILD_CREATED,
+
+ /**
+ * Installed an in-use CHILD_SA
+ */
+ CHILD_INSTALLED,
+
+ /**
+ * CHILD_SA which is rekeying
+ */
+ CHILD_REKEYING,
+
+ /**
+ * CHILD_SA in progress of delete
+ */
+ CHILD_DELETING,
+};
+
+/**
+ * String mappings for child_sa_state_t.
+ */
+extern mapping_t child_sa_state_m[];
+
typedef struct child_sa_t child_sa_t;
/**
status_t (*get_use_time) (child_sa_t *this, bool inbound, time_t *use_time);
/**
+ * @brief Get the state of the CHILD_SA.
+ *
+ * @param this calling object
+ */
+ child_sa_state_t (*get_state) (child_sa_t *this);
+
+ /**
+ * @brief Set the state of the CHILD_SA.
+ *
+ * @param this calling object
+ */
+ void (*set_state) (child_sa_t *this, child_sa_state_t state);
+
+ /**
* @brief Set the transaction which rekeys this CHILD_SA.
*
* Since either end may initiate CHILD_SA rekeying, we must detect
* String mappings for ike_sa_state_t.
*/
mapping_t ike_sa_state_m[] = {
- {SA_CREATED, "CREATED"},
- {SA_CONNECTING, "CONNECTING"},
- {SA_ESTABLISHED, "ESTABLISHED"},
- {SA_DELETING, "DELETING"},
+ {IKE_CREATED, "CREATED"},
+ {IKE_CONNECTING, "CONNECTING"},
+ {IKE_ESTABLISHED, "ESTABLISHED"},
+ {IKE_DELETING, "DELETING"},
{MAPPING_END, NULL}
};
/* check if we already have a pre-created transaction for this request */
if (this->transaction_in_next)
{
- u_int32_t trans_mid = this->transaction_in_next->get_message_id(this->transaction_in_next);
-
- /* check message id consistency */
- if (trans_mid == request_mid)
- {
- /* use it */
- current = this->transaction_in_next;
- }
- else
- {
- /* discard queued transaction */
- this->transaction_in_next->destroy(this->transaction_in_next);
- }
+ current = this->transaction_in_next;
this->transaction_in_next = NULL;
}
- /* create new transaction if "next" unusable */
- if (current == NULL)
+ else
{
current = transaction_create(&this->public, request);
if (current == NULL)
current->destroy(current);
this->transaction_out = NULL;
- /* if conclude() created a new transaction, we increment the message_id
- * counter, as the new transaction used the next one */
- if (new)
- {
- this->message_id_out = new->get_message_id(new) + 1;;
- }
-
/* queue new transaction */
return queue_transaction(this, new, TRUE);
}
else
{
/* check if message is trustworthy, and update connection information */
- if ((this->state == SA_CREATED && this->connection) ||
+ if ((this->state == IKE_CREATED && this->connection) ||
message->get_exchange_type(message) != IKE_SA_INIT)
{
update_hosts(this, message->get_destination(message),
connection->get_name(connection));
return DESTROY_ME;
}
- this->message_id_out = 0;
- ike_sa_init = ike_sa_init_create(&this->public, this->message_id_out++);
+ this->message_id_out = 1;
+ ike_sa_init = ike_sa_init_create(&this->public);
return queue_transaction(this, (transaction_t*)ike_sa_init, TRUE);
}
/* to long ago, initiate dead peer detection */
dead_peer_detection_t *dpd;
this->logger->log(this->logger, CONTROL, "sending DPD request");
- dpd = dead_peer_detection_create(&this->public, this->message_id_out++);
+ dpd = dead_peer_detection_create(&this->public);
status = queue_transaction(this, (transaction_t*)dpd, FALSE);
diff = 0;
}
this->logger->log(this->logger, CONTROL, "state change: %s => %s",
mapping_find(ike_sa_state_m, this->state),
mapping_find(ike_sa_state_m, state));
- if (state == SA_ESTABLISHED)
+ if (state == IKE_ESTABLISHED)
{
host_t *my_host, *other_host;
identification_t *my_id, *other_id;
return NOT_FOUND;
}
- rekey = create_child_sa_create(&this->public, this->message_id_out++);
+ rekey = create_child_sa_create(&this->public);
rekey->rekeys_child(rekey, child_sa);
return queue_transaction(this, (transaction_t*)rekey, FALSE);
}
return NOT_FOUND;
}
- del = delete_child_sa_create(&this->public, this->message_id_out++);
+ del = delete_child_sa_create(&this->public);
del->set_child_sa(del, child_sa);
return queue_transaction(this, (transaction_t*)del, FALSE);
}
static status_t delete_(private_ike_sa_t *this)
{
delete_ike_sa_t *delete_ike_sa;
- delete_ike_sa = delete_ike_sa_create(&this->public, this->message_id_out++);
+ delete_ike_sa = delete_ike_sa_create(&this->public);
return queue_transaction(this, (transaction_t*)delete_ike_sa, FALSE);
}
/**
+ * Implementation of ike_sa_t.get_next_message_id.
+ */
+static u_int32_t get_next_message_id (private_ike_sa_t *this)
+{
+ return this->message_id_out++;
+}
+
+/**
* Implementation of ike_sa_t.is_natt_enabled.
*/
static bool is_natt_enabled (private_ike_sa_t *this)
this->ike_sa_id->get_responder_spi(this->ike_sa_id),
this->ike_sa_id->is_initiator(this->ike_sa_id) ? "initiator" : "responder");
- if (this->state == SA_ESTABLISHED)
+ if (this->state == IKE_ESTABLISHED)
{
this->logger->log(this->logger, ERROR,
"destroying an established IKE SA without knowledge from remote peer!");
this->public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message;
this->public.initiate = (status_t(*)(ike_sa_t*,connection_t*)) initiate;
this->public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id;
+ this->public.get_next_message_id = (u_int32_t(*)(ike_sa_t*)) get_next_message_id;
this->public.get_connection = (connection_t*(*)(ike_sa_t*)) get_connection;
this->public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request;
this->public.log_status = (void (*) (ike_sa_t*,logger_t*,char*))log_status;
this->transaction_in = NULL;
this->transaction_in_next = NULL;
this->transaction_out = NULL;
- this->state = SA_CREATED;
+ this->state = IKE_CREATED;
+ /* we start with message ID out, as ike_sa_init does not use this counter */
this->message_id_out = 0;
this->time_inbound = 0;
this->time_outbound = 0;
/**
* IKE_SA just got created, but is not initiating nor responding yet.
*/
- SA_CREATED,
+ IKE_CREATED,
/**
* IKE_SA gets initiated actively or passively
*/
- SA_CONNECTING,
+ IKE_CONNECTING,
/**
* IKE_SA is fully established
*/
- SA_ESTABLISHED,
+ IKE_ESTABLISHED,
/**
* IKE_SA is in progress of deletion
*/
- SA_DELETING,
+ IKE_DELETING,
};
/**
status_t (*process_message) (ike_sa_t *this, message_t *message);
/**
+ * @brief Get the next message ID for a request.
+ *
+ * @param this calling object
+ * @return the next message id
+ */
+ u_int32_t (*get_next_message_id) (ike_sa_t *this);
+
+ /**
* @brief Check if NAT traversal is enabled for this IKE_SA.
*
* @param this calling object
chunk_t nonce_r;
/**
+ * lower of the nonces of a simultaneus rekeying request
+ */
+ chunk_t nonce_s;
+
+ /**
* Negotiated traffic selectors for initiator
*/
linked_list_t *tsi;
host_t *me, *other;
/* check if we are not already rekeying */
- if (this->rekeyed_sa &&
- this->rekeyed_sa->get_rekeying_transaction(this->rekeyed_sa))
+ if (this->rekeyed_sa)
{
- this->logger->log(this->logger, ERROR,
- "rekeying a CHILD_SA which is already rekeying, aborted");
- return FAILED;
+ switch (this->rekeyed_sa->get_state(this->rekeyed_sa))
+ {
+ case CHILD_REKEYING:
+ this->logger->log(this->logger, ERROR,
+ "rekeying a CHILD_SA which is already rekeying, aborted");
+ return FAILED;
+ case CHILD_DELETING:
+ this->logger->log(this->logger, ERROR,
+ "rekeying a CHILD_SA which is deleting, aborted");
+ return FAILED;
+ default:
+ break;
+ }
+ this->rekeyed_sa->set_state(this->rekeyed_sa, CHILD_REKEYING);
}
/* check if we already have built a message (retransmission) */
request->set_destination(request, other->clone(other));
request->set_exchange_type(request, CREATE_CHILD_SA);
request->set_request(request, TRUE);
- request->set_message_id(request, this->message_id);
request->set_ike_sa_id(request, this->ike_sa->get_id(this->ike_sa));
*result = request;
this->message = request;
this->rekeyed_sa->set_rekeying_transaction(this->rekeyed_sa, &this->public);
}
+ this->message_id = this->ike_sa->get_next_message_id(this->ike_sa);
+ request->set_message_id(request, this->message_id);
+
return SUCCESS;
}
me = this->connection->get_my_host(this->connection);
other = this->connection->get_other_host(this->connection);
this->policy = this->ike_sa->get_policy(this->ike_sa);
+ this->message_id = request->get_message_id(request);
/* set up response */
response = message_create();
ts_response = ts_payload_create_from_traffic_selectors(FALSE, this->tsr);
response->add_payload(response, (payload_t*)ts_response);
}
- /* CHILD_SA successfully created. We set us as the rekeying transaction of
- * the rekeyed SA. If we already initiated rekeying of the same SA, we will detect
- * this later in the conclude() call. */
+ /* CHILD_SA successfully created. If another transaction is already rekeying
+ * this SA, our lower nonce must be registered for a later nonce compare. */
if (this->rekeyed_sa)
{
- this->rekeyed_sa->set_rekeying_transaction(this->rekeyed_sa, &this->public);
+ private_create_child_sa_t *other;
+
+ other = this->rekeyed_sa->get_rekeying_transaction(this->rekeyed_sa);
+ if (other)
+ {
+ /* store our lower nonce in the simultaneus transaction, it
+ * will later compare it against his nonces when it calls conclude().
+ */
+ if (memcmp(this->nonce_i.ptr, this->nonce_r.ptr,
+ min(this->nonce_i.len, this->nonce_r.len)) < 0)
+ {
+ other->nonce_s = chunk_clone(this->nonce_i);
+ }
+ else
+ {
+ other->nonce_s = chunk_clone(this->nonce_r);
+ }
+ }
+ this->rekeyed_sa->set_state(this->rekeyed_sa, CHILD_REKEYING);
}
return SUCCESS;
}
* If no simultaneous rekeying is going on, we just initiate the delete of
* the superseded SA. */
if (this->rekeyed_sa)
- {
- private_create_child_sa_t *other;
-
- other = (private_create_child_sa_t*)
- this->rekeyed_sa->get_rekeying_transaction(this->rekeyed_sa);
-
+ {
/* rekeying finished, update SA status */
this->rekeyed_sa->set_rekeying_transaction(this->rekeyed_sa, NULL);
- if (other != this)
+ if (this->nonce_s.ptr)
{ /* simlutaneous rekeying is going on, not so good */
- chunk_t this_lowest, other_lowest;
+ chunk_t this_lowest;
- /* check if this has a lower nonce than other */
+ /* first get our lowest nonce */
if (memcmp(this->nonce_i.ptr, this->nonce_r.ptr,
min(this->nonce_i.len, this->nonce_r.len)) < 0)
{
{
this_lowest = this->nonce_r;
}
- if (memcmp(other->nonce_i.ptr, other->nonce_r.ptr,
- min(other->nonce_i.len, other->nonce_r.len)) < 0)
- {
- other_lowest = other->nonce_i;
- }
- else
- {
- other_lowest = other->nonce_r;
- }
- if (memcmp(this_lowest.ptr, other_lowest.ptr,
- min(this_lowest.len, other_lowest.len)) < 0)
+ /* then compare against other lowest nonce */
+ if (memcmp(this_lowest.ptr, this->nonce_s.ptr,
+ min(this_lowest.len, this->nonce_s.len)) < 0)
{
this->logger->log(this->logger, ERROR,
- "detected simultaneous CHILD_SA rekeying, but ours is preferred");
+ "detected simultaneous CHILD_SA rekeying, deleting ours");
+ this->lost = TRUE;
}
else
{
-
this->logger->log(this->logger, ERROR,
- "detected simultaneous CHILD_SA rekeying, deleting ours");
- this->lost = TRUE;
+ "detected simultaneous CHILD_SA rekeying, but ours is preferred");
}
}
/* delete the old SA if we have won the rekeying nonce compare*/
if (!this->lost)
{
- delete_child_sa = delete_child_sa_create(this->ike_sa, this->message_id + 1);
+ delete_child_sa = delete_child_sa_create(this->ike_sa);
delete_child_sa->set_child_sa(delete_child_sa, this->rekeyed_sa);
*next = (transaction_t*)delete_child_sa;
}
if (this->lost)
{
/* we have lost simlutaneous rekeying, delete the CHILD_SA we just have created */
- delete_child_sa = delete_child_sa_create(this->ike_sa, this->message_id + 1);
+ delete_child_sa = delete_child_sa_create(this->ike_sa);
delete_child_sa->set_child_sa(delete_child_sa, new_child);
*next = (transaction_t*)delete_child_sa;
}
destroy_ts_list(this->tsr);
chunk_free(&this->nonce_i);
chunk_free(&this->nonce_r);
+ chunk_free(&this->nonce_s);
this->randomizer->destroy(this->randomizer);
free(this);
}
/*
* Described in header.
*/
-create_child_sa_t *create_child_sa_create(ike_sa_t *ike_sa, u_int32_t message_id)
+create_child_sa_t *create_child_sa_create(ike_sa_t *ike_sa)
{
private_create_child_sa_t *this = malloc_thing(private_create_child_sa_t);
/* private data */
this->ike_sa = ike_sa;
- this->message_id = message_id;
+ this->message_id = 0;
this->message = NULL;
this->requested = 0;
this->rekey_spi = 0;
this->nonce_i = CHUNK_INITIALIZER;
this->nonce_r = CHUNK_INITIALIZER;
+ this->nonce_s = CHUNK_INITIALIZER;
this->child_sa = NULL;
this->rekeyed_sa = NULL;
this->lost = FALSE;
* @brief Create a new transaction which creates/rekeys CHILD_SAs.
*
* @param ike_sa assigned IKE_SA
- * @param message_id message ids used in this transaction
* @return created create_child_sa transaction
*
* @ingroup transactions
*/
-create_child_sa_t *create_child_sa_create(ike_sa_t *ike_sa, u_int32_t message_id);
+create_child_sa_t *create_child_sa_create(ike_sa_t *ike_sa);
#endif /* CREATE_CHILD_SA_H_ */
request->set_destination(request, other->clone(other));
request->set_exchange_type(request, INFORMATIONAL);
request->set_request(request, TRUE);
+ this->message_id = this->ike_sa->get_next_message_id(this->ike_sa);
request->set_message_id(request, this->message_id);
request->set_ike_sa_id(request, this->ike_sa->get_id(this->ike_sa));
/* apply for caller */
connection = this->ike_sa->get_connection(this->ike_sa);
me = connection->get_my_host(connection);
other = connection->get_other_host(connection);
+ this->message_id = request->get_message_id(request);
/* set up response */
response = message_create();
/*
* Described in header.
*/
-dead_peer_detection_t *dead_peer_detection_create(ike_sa_t *ike_sa, u_int32_t message_id)
+dead_peer_detection_t *dead_peer_detection_create(ike_sa_t *ike_sa)
{
private_dead_peer_detection_t *this = malloc_thing(private_dead_peer_detection_t);
/* private data */
this->ike_sa = ike_sa;
- this->message_id = message_id;
+ this->message_id = 0;
this->message = NULL;
this->requested = 0;
this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
* @brief Create a new transaction which detects dead peers.
*
* @param ike_sa assigned IKE_SA
- * @param message_id message ids used in this transaction
* @return created dead_peer_detection transaction
*
* @ingroup transactions
*/
-dead_peer_detection_t *dead_peer_detection_create(ike_sa_t *ike_sa, u_int32_t message_id);
+dead_peer_detection_t *dead_peer_detection_create(ike_sa_t *ike_sa);
#endif /* DEAD_PEER_DETECTION_H_ */
request->set_destination(request, other->clone(other));
request->set_exchange_type(request, INFORMATIONAL);
request->set_request(request, TRUE);
+ this->message_id = this->ike_sa->get_next_message_id(this->ike_sa);
request->set_message_id(request, this->message_id);
request->set_ike_sa_id(request, this->ike_sa->get_id(this->ike_sa));
*result = request;
request->add_payload(request, (payload_t*)delete_payload);
}
+ this->child_sa->set_state(this->child_sa, CHILD_DELETING);
+
return SUCCESS;
}
{
create_child_sa_t *rekey;
+ child_sa->set_state(child_sa, CHILD_DELETING);
+
this->logger->log(this->logger, CONTROL,
"received DELETE for %s CHILD_SA with SPI 0x%x, deleting",
mapping_find(protocol_id_m, protocol), ntohl(spi));
* this means we have lost the nonce comparison, and the rekeying
* will fail. We set a flag in the transaction for this special case.
*/
- if (!response)
- { /* only whine as initiator */
- this->logger->log(this->logger, CONTROL,
- "DELETE received while rekeying, rekeying cancelled");
- }
rekey->cancel(rekey);
}
/* delete it, with inbound spi */
connection = this->ike_sa->get_connection(this->ike_sa);
me = connection->get_my_host(connection);
other = connection->get_other_host(connection);
+ this->message_id = request->get_message_id(request);
/* set up response */
response = message_create();
/*
* Described in header.
*/
-delete_child_sa_t *delete_child_sa_create(ike_sa_t *ike_sa, u_int32_t message_id)
+delete_child_sa_t *delete_child_sa_create(ike_sa_t *ike_sa)
{
private_delete_child_sa_t *this = malloc_thing(private_delete_child_sa_t);
/* private data */
this->ike_sa = ike_sa;
- this->message_id = message_id;
+ this->message_id = 0;
this->message = NULL;
this->requested = 0;
this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
* @brief Create a new transaction which deletes a CHILD_SA.
*
* @param ike_sa assigned IKE_SA
- * @param message_id message ids used in this transaction
* @return created delete_child_sa transaction
*
* @ingroup transactions
*/
-delete_child_sa_t *delete_child_sa_create(ike_sa_t *ike_sa, u_int32_t message_id);
+delete_child_sa_t *delete_child_sa_create(ike_sa_t *ike_sa);
#endif /* DELETE_CHILD_SA_H_ */
request->set_destination(request, other->clone(other));
request->set_exchange_type(request, INFORMATIONAL);
request->set_request(request, TRUE);
+ this->message_id = this->ike_sa->get_next_message_id(this->ike_sa);
request->set_message_id(request, this->message_id);
request->set_ike_sa_id(request, this->ike_sa->get_id(this->ike_sa));
/* apply for caller */
request->add_payload(request, (payload_t*)delete_payload);
/* transit to state SA_DELETING */
- this->ike_sa->set_state(this->ike_sa, SA_DELETING);
+ this->ike_sa->set_state(this->ike_sa, IKE_DELETING);
return SUCCESS;
}
connection = this->ike_sa->get_connection(this->ike_sa);
me = connection->get_my_host(connection);
other = connection->get_other_host(connection);
+ this->message_id = request->get_message_id(request);
/* set up response */
response = message_create();
this->logger->log(this->logger, CONTROL,
"received a weird DELETE request for IKE_SA, deleting anyway");
}
- if (this->ike_sa->get_state(this->ike_sa) == SA_DELETING)
+ if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
{
/* if we are already deleting an IKE_SA, we do not destroy. We wait
* until we get the response for our initiated delete. */
return SUCCESS;
}
- this->ike_sa->set_state(this->ike_sa, SA_DELETING);
+ this->ike_sa->set_state(this->ike_sa, IKE_DELETING);
return DESTROY_ME;
}
/*
* Described in header.
*/
-delete_ike_sa_t *delete_ike_sa_create(ike_sa_t *ike_sa, u_int32_t message_id)
+delete_ike_sa_t *delete_ike_sa_create(ike_sa_t *ike_sa)
{
private_delete_ike_sa_t *this = malloc_thing(private_delete_ike_sa_t);
/* private data */
this->ike_sa = ike_sa;
- this->message_id = message_id;
+ this->message_id = 0;
this->message = NULL;
this->requested = 0;
this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
* @brief Create a new transaction which deletes the IKE_SA.
*
* @param ike_sa assigned IKE_SA
- * @param message_id message ids used in this transaction
* @return created delete_ike_sa transaction
*
* @ingroup transactions
*/
-delete_ike_sa_t *delete_ike_sa_create(ike_sa_t *ike_sa, u_int32_t message_id);
+delete_ike_sa_t *delete_ike_sa_create(ike_sa_t *ike_sa);
#endif /* DELETE_IKE_SA_H_ */
request->set_destination(request, other->clone(other));
request->set_exchange_type(request, IKE_AUTH);
request->set_request(request, TRUE);
- request->set_message_id(request, this->message_id);
request->set_ike_sa_id(request, this->ike_sa->get_id(this->ike_sa));
/* apply for caller */
*result = request;
request->add_payload(request, (payload_t*)ts_payload);
}
+ this->message_id = this->ike_sa->get_next_message_id(this->ike_sa);
+ request->set_message_id(request, this->message_id);
return SUCCESS;
}
this->connection = this->ike_sa->get_connection(this->ike_sa);
me = this->connection->get_my_host(this->connection);
other = this->connection->get_other_host(this->connection);
+ this->message_id = request->get_message_id(request);
/* set up response */
response = message_create();
response->add_payload(response, (payload_t*)ts_response);
}
/* set established state */
- this->ike_sa->set_state(this->ike_sa, SA_ESTABLISHED);
+ this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
return SUCCESS;
}
}
}
/* set new state */
- this->ike_sa->set_state(this->ike_sa, SA_ESTABLISHED);
+ this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
return SUCCESS;
}
/*
* Described in header.
*/
-ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, u_int32_t message_id)
+ike_auth_t *ike_auth_create(ike_sa_t *ike_sa)
{
private_ike_auth_t *this = malloc_thing(private_ike_auth_t);
/* private data */
this->ike_sa = ike_sa;
- this->message_id = message_id;
+ this->message_id = 0;
this->message = NULL;
this->requested = 0;
this->nonce_i = CHUNK_INITIALIZER;
* @brief Create a new transaction which processes IKE_AUTH exchanges.
*
* @param ike_sa assigned IKE_SA
- * @param message_id message ids used in this transaction
* @return created ike_auth transaction
*
* @ingroup transactions
*/
-ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, u_int32_t message_id);
+ike_auth_t *ike_auth_create(ike_sa_t *ike_sa);
#endif /* IKE_AUTH_H_ */
request->add_payload(request, (payload_t*)notify);
}
- /* set new state */
- this->ike_sa->set_state(this->ike_sa, SA_CONNECTING);
+ this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
return SUCCESS;
}
"requested DH group not acceptable, aborting");
return DESTROY_ME;
}
- retry = ike_sa_init_create(this->ike_sa, 0);
+ retry = ike_sa_init_create(this->ike_sa);
retry->use_dh_group(retry, dh_group);
*this->next = (transaction_t*)retry;
return FAILED;
me = request->get_destination(request);
other = request->get_source(request);
+ this->message_id = request->get_message_id(request);
/* set up response */
response = message_create();
response_chunk = response->get_packet_data(response);
/* create next transaction, for which we except a message */
- ike_auth = ike_auth_create(this->ike_sa, 1);
+ ike_auth = ike_auth_create(this->ike_sa);
ike_auth->set_nonces(ike_auth,
chunk_clone(this->nonce_i),
chunk_clone(this->nonce_r));
charon->event_queue->add_relative(charon->event_queue, job, timeout);
}
/* set new state */
- this->ike_sa->set_state(this->ike_sa, SA_CONNECTING);
+ this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
return SUCCESS;
}
response_chunk = response->get_packet_data(response);
/* create next transaction, for which we except a message */
- ike_auth = ike_auth_create(this->ike_sa, this->message_id + 1);
+ ike_auth = ike_auth_create(this->ike_sa);
ike_auth->set_nonces(ike_auth,
chunk_clone(this->nonce_i),
chunk_clone(this->nonce_r));
/*
* Described in header.
*/
-ike_sa_init_t *ike_sa_init_create(ike_sa_t *ike_sa, u_int32_t message_id)
+ike_sa_init_t *ike_sa_init_create(ike_sa_t *ike_sa)
{
private_ike_sa_init_t *this = malloc_thing(private_ike_sa_init_t);
/* private data */
this->ike_sa = ike_sa;
- this->message_id = message_id;
+ this->message_id = 0;
this->message = NULL;
this->requested = 0;
this->diffie_hellman = NULL;
* @brief Create a new transaction which processes IKE_SA_INIT exchanges.
*
* @param ike_sa assigned IKE_SA
- * @param message_id message ids used in this transaction
* @return created ike_sa_init transaction
*
* @ingroup transactions
*/
-ike_sa_init_t *ike_sa_init_create(ike_sa_t *ike_sa, u_int32_t message_id);
+ike_sa_init_t *ike_sa_init_create(ike_sa_t *ike_sa);
#endif /* IKE_SA_INIT_H_ */
payload_t *current;
notify_payload_t *notify;
transaction_t *transaction = NULL;
- u_int32_t message_id;
if (!request->get_request(request))
{
return NULL;
}
- message_id = request->get_message_id(request);
switch (request->get_exchange_type(request))
{
case IKE_SA_INIT:
{
- if (ike_sa->get_state(ike_sa) == SA_CREATED)
+ if (ike_sa->get_state(ike_sa) == IKE_CREATED)
{
- transaction = (transaction_t*)ike_sa_init_create(ike_sa, message_id);
+ transaction = (transaction_t*)ike_sa_init_create(ike_sa);
}
break;
}
}
case CREATE_CHILD_SA:
{
- if (ike_sa->get_state(ike_sa) != SA_ESTABLISHED)
+ if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED)
{
break;
}
switch (notify->get_protocol_id(notify))
{
case PROTO_IKE:
- /* TODO: transaction = rekey_ike_sa_create(ike_sa, message_id); */
+ /* TODO: transaction = rekey_ike_sa_create(ike_sa); */
break;
case PROTO_AH:
case PROTO_ESP:
/* we do not handle rekeying of CHILD_SAs in a special
* transaction, as the procedure is nearly equal
* to create a new CHILD_SA. */
- transaction = (transaction_t*)create_child_sa_create(ike_sa, message_id);
+ transaction = (transaction_t*)create_child_sa_create(ike_sa);
break;
default:
break;
/* we have not found a REKEY_SA notify for IKE. This means
* we create a new CHILD_SA, or rekey an existing one.
* Both cases are handled with the create_child_sa transaction. */
- transaction = (transaction_t*)create_child_sa_create(ike_sa, message_id);
+ transaction = (transaction_t*)create_child_sa_create(ike_sa);
}
break;
}
case INFORMATIONAL:
{
- if (ike_sa->get_state(ike_sa) == SA_CREATED)
+ if (ike_sa->get_state(ike_sa) == IKE_CREATED)
{
break;
}
{
case PROTO_IKE:
transaction = (transaction_t*)
- delete_ike_sa_create(ike_sa, message_id);
+ delete_ike_sa_create(ike_sa);
break;
case PROTO_AH:
case PROTO_ESP:
transaction = (transaction_t*)
- delete_child_sa_create(ike_sa, message_id);
+ delete_child_sa_create(ike_sa);
break;
default:
break;
if (payload_count == 0)
{
transaction = (transaction_t*)
- dead_peer_detection_create(ike_sa, message_id);
+ dead_peer_detection_create(ike_sa);
}
break;
}
projects / strongswan.git / commitdiff