Added a force_hookie hook that requests a COOKIE independent of our COOKIE mechanism
authorMartin Willi <martin@revosec.ch>
Thu, 11 Nov 2010 14:38:52 +0000 (15:38 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:45:45 +0000 (16:45 +0100)
src/conftest/Makefile.am
src/conftest/hooks/force_cookie.c [new file with mode: 0644]

index 0742610..f18646f 100644 (file)
@@ -5,7 +5,7 @@ AM_CFLAGS = -rdynamic
 conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \
        hooks/hook.h hooks/ike_auth_fill.c hooks/unsort_message.c \
        hooks/add_notify.c hooks/unencrypted_notify.c hooks/ignore_message.c \
-       hooks/add_payload.c hooks/set_critical.c
+       hooks/add_payload.c hooks/set_critical.c hooks/force_cookie.c
 
 INCLUDES = \
        -I$(top_srcdir)/src/libstrongswan \
diff --git a/src/conftest/hooks/force_cookie.c b/src/conftest/hooks/force_cookie.c
new file mode 100644 (file)
index 0000000..e34f828
--- /dev/null
@@ -0,0 +1,117 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "hook.h"
+
+#include <encoding/payloads/unknown_payload.h>
+
+typedef struct private_force_cookie_t private_force_cookie_t;
+
+/**
+ * Private data of an force_cookie_t object.
+ */
+struct private_force_cookie_t {
+
+       /**
+        * Implements the hook_t interface.
+        */
+       hook_t hook;
+};
+
+METHOD(listener_t, message, bool,
+       private_force_cookie_t *this, ike_sa_t *ike_sa, message_t *message,
+       bool incoming)
+{
+       if (incoming && message->get_request(message) &&
+               message->get_exchange_type(message) == IKE_SA_INIT)
+       {
+               enumerator_t *enumerator;
+               bool has_cookie = FALSE;
+               payload_t *payload;
+
+               enumerator = message->create_payload_enumerator(message);
+               while (enumerator->enumerate(enumerator, &payload))
+               {
+                       if (payload->get_type(payload) == NOTIFY)
+                       {
+                               notify_payload_t *notify = (notify_payload_t*)payload;
+                               chunk_t data;
+
+                               if (notify->get_notify_type(notify) == COOKIE)
+                               {
+                                       data = notify->get_notification_data(notify);
+                                       DBG1(DBG_CFG, "received COOKIE: %#B", &data);
+                                       has_cookie = TRUE;
+                                       break;
+                               }
+                       }
+               }
+               enumerator->destroy(enumerator);
+               if (!has_cookie)
+               {
+                       message_t *response;
+                       host_t *src, *dst;
+                       packet_t *packet;
+                       ike_sa_id_t *ike_sa_id;
+                       chunk_t data = chunk_from_thing("COOKIE test data");
+
+                       DBG1(DBG_CFG, "sending COOKIE: %#B", &data);
+                       response = message_create();
+                       dst = message->get_source(message);
+                       src = message->get_destination(message);
+                       response->set_source(response, src->clone(src));
+                       response->set_destination(response, dst->clone(dst));
+                       response->set_exchange_type(response, IKE_SA_INIT);
+                       response->set_request(response, FALSE);
+                       response->set_message_id(response, 0);
+                       ike_sa_id = message->get_ike_sa_id(message);
+                       ike_sa_id->switch_initiator(ike_sa_id);
+                       response->set_ike_sa_id(response, ike_sa_id);
+                       response->add_notify(response, FALSE, COOKIE, data);
+                       if (response->generate(response, NULL, &packet) == SUCCESS)
+                       {
+                               charon->sender->send(charon->sender, packet);
+                               response->destroy(response);
+                       }
+                       message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED);
+               }
+       }
+       return TRUE;
+}
+
+METHOD(hook_t, destroy, void,
+       private_force_cookie_t *this)
+{
+       free(this);
+}
+
+/**
+ * Create the IKE_AUTH fill hook
+ */
+hook_t *force_cookie_hook_create(char *name)
+{
+       private_force_cookie_t *this;
+
+       INIT(this,
+               .hook = {
+                       .listener = {
+                               .message = _message,
+                       },
+                       .destroy = _destroy,
+               },
+       );
+
+       return &this->hook;
+}