![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to task_manager_v1.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa / ikev1|
Return to task_manager_v1.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa / ikev1 |
1.1 misho 1: /*
2: * Copyright (C) 2007-2019 Tobias Brunner
3: * Copyright (C) 2007-2011 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #include "task_manager_v1.h"
18:
19: #include <math.h>
20:
21: #include <daemon.h>
22: #include <sa/ikev1/tasks/main_mode.h>
23: #include <sa/ikev1/tasks/aggressive_mode.h>
24: #include <sa/ikev1/tasks/quick_mode.h>
25: #include <sa/ikev1/tasks/quick_delete.h>
26: #include <sa/ikev1/tasks/xauth.h>
27: #include <sa/ikev1/tasks/mode_config.h>
28: #include <sa/ikev1/tasks/informational.h>
29: #include <sa/ikev1/tasks/isakmp_natd.h>
30: #include <sa/ikev1/tasks/isakmp_vendor.h>
31: #include <sa/ikev1/tasks/isakmp_cert_pre.h>
32: #include <sa/ikev1/tasks/isakmp_cert_post.h>
33: #include <sa/ikev1/tasks/isakmp_delete.h>
34: #include <sa/ikev1/tasks/isakmp_dpd.h>
35:
36: #include <processing/jobs/retransmit_job.h>
37: #include <processing/jobs/delete_ike_sa_job.h>
38: #include <processing/jobs/dpd_timeout_job.h>
39: #include <processing/jobs/process_message_job.h>
40:
41: #include <collections/array.h>
42:
43: /**
44: * Number of old messages hashes we keep for retransmission.
45: *
46: * In Main Mode, we must ignore messages from a previous message pair if
47: * we already continued to the next. Otherwise a late retransmission
48: * could be considered as a reply to the newer request.
49: */
50: #define MAX_OLD_HASHES 2
51:
52: /**
53: * First sequence number of responding packets.
54: *
55: * To distinguish retransmission jobs for initiating and responding packets,
56: * we split up the sequence counter and use the upper half for responding.
57: */
58: #define RESPONDING_SEQ INT_MAX
59:
60: typedef struct exchange_t exchange_t;
61:
62: /**
63: * An exchange in the air, used do detect and handle retransmission
64: */
65: struct exchange_t {
66:
67: /**
68: * Message ID used for this transaction
69: */
70: uint32_t mid;
71:
72: /**
73: * generated packet for retransmission
74: */
75: packet_t *packet;
76: };
77:
78: typedef struct private_task_manager_t private_task_manager_t;
79:
80: /**
81: * private data of the task manager
82: */
83: struct private_task_manager_t {
84:
85: /**
86: * public functions
87: */
88: task_manager_v1_t public;
89:
90: /**
91: * associated IKE_SA we are serving
92: */
93: ike_sa_t *ike_sa;
94:
95: /**
96: * RNG to create message IDs
97: */
98: rng_t *rng;
99:
100: /**
101: * Exchange we are currently handling as responder
102: */
103: struct {
104: /**
105: * Message ID of the last response
106: */
107: uint32_t mid;
108:
109: /**
110: * Hash of a previously received message
111: */
112: uint32_t hash;
113:
114: /**
115: * packet(s) for retransmission
116: */
117: array_t *packets;
118:
119: /**
120: * Sequence number of the last sent message
121: */
122: uint32_t seqnr;
123:
124: /**
125: * how many times we have retransmitted so far
126: */
127: u_int retransmitted;
128:
129: } responding;
130:
131: /**
132: * Exchange we are currently handling as initiator
133: */
134: struct {
135: /**
136: * Message ID of the exchange
137: */
138: uint32_t mid;
139:
140: /**
141: * Hashes of old responses we can ignore
142: */
143: uint32_t old_hashes[MAX_OLD_HASHES];
144:
145: /**
146: * Position in old hash array
147: */
148: int old_hash_pos;
149:
150: /**
151: * Sequence number of the last sent message
152: */
153: uint32_t seqnr;
154:
155: /**
156: * how many times we have retransmitted so far
157: */
158: u_int retransmitted;
159:
160: /**
161: * packet(s) for retransmission
162: */
163: array_t *packets;
164:
165: /**
166: * type of the initiated exchange
167: */
168: exchange_type_t type;
169:
170: } initiating;
171:
172: /**
173: * Message we are currently defragmenting, if any (only one at a time)
174: */
175: message_t *defrag;
176:
177: /**
178: * List of queued tasks not yet in action
179: */
180: linked_list_t *queued_tasks;
181:
182: /**
183: * List of active tasks, initiated by ourselves
184: */
185: linked_list_t *active_tasks;
186:
187: /**
188: * List of tasks initiated by peer
189: */
190: linked_list_t *passive_tasks;
191:
192: /**
193: * Queued messages not yet ready to process
194: */
195: message_t *queued;
196:
197: /**
198: * Number of times we retransmit messages before giving up
199: */
200: u_int retransmit_tries;
201:
202: /**
1.1.1.2 ! misho 203: * Maximum number of tries possible with current retransmission settings
! 204: * before overflowing the range of uint32_t, which we use for the timeout.
! 205: * Note that UINT32_MAX milliseconds equal nearly 50 days, so that doesn't
! 206: * make much sense without retransmit_limit anyway.
! 207: */
! 208: u_int retransmit_tries_max;
! 209:
! 210: /**
1.1 misho 211: * Retransmission timeout
212: */
213: double retransmit_timeout;
214:
215: /**
216: * Base to calculate retransmission timeout
217: */
218: double retransmit_base;
219:
220: /**
221: * Jitter to apply to calculated retransmit timeout (in percent)
222: */
223: u_int retransmit_jitter;
224:
225: /**
226: * Limit retransmit timeout to this value
227: */
228: uint32_t retransmit_limit;
229:
230: /**
231: * Sequence number for sending DPD requests
232: */
233: uint32_t dpd_send;
234:
235: /**
236: * Sequence number for received DPD requests
237: */
238: uint32_t dpd_recv;
239: };
240:
241: /**
242: * Reset retransmission packet list
243: */
244: static void clear_packets(array_t *array)
245: {
246: packet_t *packet;
247:
248: while (array_remove(array, ARRAY_TAIL, &packet))
249: {
250: packet->destroy(packet);
251: }
252: }
253:
254: METHOD(task_manager_t, flush_queue, void,
255: private_task_manager_t *this, task_queue_t queue)
256: {
257: linked_list_t *list;
258: task_t *task;
259:
260: if (this->queued)
261: {
262: this->queued->destroy(this->queued);
263: this->queued = NULL;
264: }
265: switch (queue)
266: {
267: case TASK_QUEUE_ACTIVE:
268: list = this->active_tasks;
269: /* cancel pending retransmits */
270: this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
271: clear_packets(this->initiating.packets);
272: break;
273: case TASK_QUEUE_PASSIVE:
274: list = this->passive_tasks;
275: break;
276: case TASK_QUEUE_QUEUED:
277: list = this->queued_tasks;
278: break;
279: default:
280: return;
281: }
282: while (list->remove_last(list, (void**)&task) == SUCCESS)
283: {
284: task->destroy(task);
285: }
286: }
287:
288: METHOD(task_manager_t, flush, void,
289: private_task_manager_t *this)
290: {
291: flush_queue(this, TASK_QUEUE_QUEUED);
292: flush_queue(this, TASK_QUEUE_PASSIVE);
293: flush_queue(this, TASK_QUEUE_ACTIVE);
294: }
295:
296: /**
297: * move a task of a specific type from the queue to the active list
298: */
299: static bool activate_task(private_task_manager_t *this, task_type_t type)
300: {
301: enumerator_t *enumerator;
302: task_t *task;
303: bool found = FALSE;
304:
305: enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
306: while (enumerator->enumerate(enumerator, (void**)&task))
307: {
308: if (task->get_type(task) == type)
309: {
310: DBG2(DBG_IKE, " activating %N task", task_type_names, type);
311: this->queued_tasks->remove_at(this->queued_tasks, enumerator);
312: this->active_tasks->insert_last(this->active_tasks, task);
313: found = TRUE;
314: break;
315: }
316: }
317: enumerator->destroy(enumerator);
318: return found;
319: }
320:
321: /**
322: * Send packets in the given array (they get cloned)
323: */
324: static void send_packets(private_task_manager_t *this, array_t *packets)
325: {
326: enumerator_t *enumerator;
327: packet_t *packet;
328:
329: enumerator = array_create_enumerator(packets);
330: while (enumerator->enumerate(enumerator, &packet))
331: {
332: charon->sender->send(charon->sender, packet->clone(packet));
333: }
334: enumerator->destroy(enumerator);
335: }
336:
337: /**
338: * Generates the given message and stores packet(s) in the given array
339: */
340: static bool generate_message(private_task_manager_t *this, message_t *message,
341: array_t **packets)
342: {
343: enumerator_t *fragments;
344: packet_t *fragment;
345:
346: if (this->ike_sa->generate_message_fragmented(this->ike_sa, message,
347: &fragments) != SUCCESS)
348: {
349: return FALSE;
350: }
351: while (fragments->enumerate(fragments, &fragment))
352: {
353: array_insert_create(packets, ARRAY_TAIL, fragment);
354: }
355: fragments->destroy(fragments);
356: return TRUE;
357: }
358:
359: /**
360: * Retransmit a packet (or its fragments)
361: */
362: static status_t retransmit_packet(private_task_manager_t *this, uint32_t seqnr,
363: u_int mid, u_int retransmitted, array_t *packets)
364: {
365: packet_t *packet;
1.1.1.2 ! misho 366: uint32_t t = UINT32_MAX, max_jitter;
1.1 misho 367:
368: array_get(packets, 0, &packet);
369: if (retransmitted > this->retransmit_tries)
370: {
371: DBG1(DBG_IKE, "giving up after %u retransmits", retransmitted - 1);
372: charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, packet);
373: return DESTROY_ME;
374: }
1.1.1.2 ! misho 375: if (!this->retransmit_tries_max ||
! 376: retransmitted <= this->retransmit_tries_max)
! 377: {
! 378: t = (uint32_t)(this->retransmit_timeout * 1000.0 *
! 379: pow(this->retransmit_base, retransmitted));
! 380: }
1.1 misho 381: if (this->retransmit_limit)
382: {
383: t = min(t, this->retransmit_limit);
384: }
385: if (this->retransmit_jitter)
386: {
387: max_jitter = (t / 100.0) * this->retransmit_jitter;
388: t -= max_jitter * (random() / (RAND_MAX + 1.0));
389: }
390: if (retransmitted)
391: {
392: DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u",
393: retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response",
394: mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ);
395: charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet,
396: retransmitted);
397: }
398: send_packets(this, packets);
399: lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)
400: retransmit_job_create(seqnr, this->ike_sa->get_id(this->ike_sa)), t);
401: return SUCCESS;
402: }
403:
404: METHOD(task_manager_t, retransmit, status_t,
405: private_task_manager_t *this, uint32_t seqnr)
406: {
1.1.1.2 ! misho 407: status_t status = INVALID_STATE;
1.1 misho 408:
409: if (seqnr == this->initiating.seqnr &&
410: array_count(this->initiating.packets))
411: {
412: status = retransmit_packet(this, seqnr, this->initiating.mid,
413: this->initiating.retransmitted, this->initiating.packets);
414: if (status == SUCCESS)
415: {
416: this->initiating.retransmitted++;
417: }
418: }
419: if (seqnr == this->responding.seqnr &&
420: array_count(this->responding.packets))
421: {
422: status = retransmit_packet(this, seqnr, this->responding.mid,
423: this->responding.retransmitted, this->responding.packets);
424: if (status == SUCCESS)
425: {
426: this->responding.retransmitted++;
427: }
428: }
429: return status;
430: }
431:
432: /**
433: * Check if we have to wait for a mode config before starting a quick mode
434: */
435: static bool mode_config_expected(private_task_manager_t *this)
436: {
437: enumerator_t *enumerator;
438: peer_cfg_t *peer_cfg;
439: char *pool;
440: bool local;
441: host_t *host;
442:
443: peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
444: if (peer_cfg)
445: {
446: if (peer_cfg->use_pull_mode(peer_cfg))
447: {
448: enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
449: if (!enumerator->enumerate(enumerator, &pool))
450: { /* no pool configured */
451: enumerator->destroy(enumerator);
452: return FALSE;
453: }
454: enumerator->destroy(enumerator);
455:
456: local = FALSE;
457: }
458: else
459: {
460: enumerator = peer_cfg->create_virtual_ip_enumerator(peer_cfg);
461: if (!enumerator->enumerate(enumerator, &host))
462: { /* not requesting a vip */
463: enumerator->destroy(enumerator);
464: return FALSE;
465: }
466: enumerator->destroy(enumerator);
467:
468: local = TRUE;
469: }
470: enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa,
471: local);
472: if (!enumerator->enumerate(enumerator, &host))
473: { /* expecting a VIP exchange, but no VIP assigned yet */
474: enumerator->destroy(enumerator);
475: return TRUE;
476: }
477: enumerator->destroy(enumerator);
478: }
479: return FALSE;
480: }
481:
482: METHOD(task_manager_t, initiate, status_t,
483: private_task_manager_t *this)
484: {
485: enumerator_t *enumerator;
486: task_t *task;
487: message_t *message;
488: host_t *me, *other;
489: exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
490: bool new_mid = FALSE, expect_response = FALSE, cancelled = FALSE, keep = FALSE;
491:
492: if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED &&
493: this->initiating.type != INFORMATIONAL_V1)
494: {
495: DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
496: exchange_type_names, this->initiating.type);
497: /* do not initiate if we already have a message in the air */
498: return SUCCESS;
499: }
500:
501: if (this->active_tasks->get_count(this->active_tasks) == 0)
502: {
503: DBG2(DBG_IKE, "activating new tasks");
504: switch (this->ike_sa->get_state(this->ike_sa))
505: {
506: case IKE_CREATED:
507: activate_task(this, TASK_ISAKMP_VENDOR);
508: activate_task(this, TASK_ISAKMP_CERT_PRE);
509: if (activate_task(this, TASK_MAIN_MODE))
510: {
511: exchange = ID_PROT;
512: }
513: else if (activate_task(this, TASK_AGGRESSIVE_MODE))
514: {
515: exchange = AGGRESSIVE;
516: }
517: activate_task(this, TASK_ISAKMP_CERT_POST);
518: activate_task(this, TASK_ISAKMP_NATD);
519: break;
520: case IKE_CONNECTING:
521: if (activate_task(this, TASK_ISAKMP_DELETE))
522: {
523: exchange = INFORMATIONAL_V1;
524: new_mid = TRUE;
525: break;
526: }
527: if (activate_task(this, TASK_XAUTH))
528: {
529: exchange = TRANSACTION;
530: new_mid = TRUE;
531: break;
532: }
533: if (activate_task(this, TASK_INFORMATIONAL))
534: {
535: exchange = INFORMATIONAL_V1;
536: new_mid = TRUE;
537: break;
538: }
539: break;
540: case IKE_ESTABLISHED:
541: if (activate_task(this, TASK_MODE_CONFIG))
542: {
543: exchange = TRANSACTION;
544: new_mid = TRUE;
545: break;
546: }
547: if (activate_task(this, TASK_QUICK_DELETE))
548: {
549: exchange = INFORMATIONAL_V1;
550: new_mid = TRUE;
551: break;
552: }
553: if (activate_task(this, TASK_ISAKMP_DELETE))
554: {
555: exchange = INFORMATIONAL_V1;
556: new_mid = TRUE;
557: break;
558: }
559: if (activate_task(this, TASK_ISAKMP_DPD))
560: {
561: exchange = INFORMATIONAL_V1;
562: new_mid = TRUE;
563: break;
564: }
565: if (!mode_config_expected(this) &&
566: activate_task(this, TASK_QUICK_MODE))
567: {
568: exchange = QUICK_MODE;
569: new_mid = TRUE;
570: break;
571: }
572: if (activate_task(this, TASK_INFORMATIONAL))
573: {
574: exchange = INFORMATIONAL_V1;
575: new_mid = TRUE;
576: break;
577: }
578: break;
579: case IKE_REKEYING:
580: if (activate_task(this, TASK_ISAKMP_DELETE))
581: {
582: exchange = INFORMATIONAL_V1;
583: new_mid = TRUE;
584: break;
585: }
586: if (activate_task(this, TASK_ISAKMP_DPD))
587: {
588: exchange = INFORMATIONAL_V1;
589: new_mid = TRUE;
590: break;
591: }
592: break;
593: default:
594: break;
595: }
596: }
597: else
598: {
599: DBG2(DBG_IKE, "reinitiating already active tasks");
600: enumerator = this->active_tasks->create_enumerator(this->active_tasks);
601: while (enumerator->enumerate(enumerator, (void**)&task))
602: {
603: DBG2(DBG_IKE, " %N task", task_type_names, task->get_type(task));
604: switch (task->get_type(task))
605: {
606: case TASK_MAIN_MODE:
607: exchange = ID_PROT;
608: break;
609: case TASK_AGGRESSIVE_MODE:
610: exchange = AGGRESSIVE;
611: break;
612: case TASK_QUICK_MODE:
613: exchange = QUICK_MODE;
614: break;
615: case TASK_XAUTH:
616: exchange = TRANSACTION;
617: new_mid = TRUE;
618: break;
619: default:
620: continue;
621: }
622: break;
623: }
624: enumerator->destroy(enumerator);
625: }
626:
627: if (exchange == EXCHANGE_TYPE_UNDEFINED)
628: {
629: DBG2(DBG_IKE, "nothing to initiate");
630: /* nothing to do yet... */
631: return SUCCESS;
632: }
633:
634: me = this->ike_sa->get_my_host(this->ike_sa);
635: other = this->ike_sa->get_other_host(this->ike_sa);
636:
637: if (new_mid)
638: {
639: if (!this->rng->get_bytes(this->rng, sizeof(this->initiating.mid),
640: (void*)&this->initiating.mid))
641: {
642: DBG1(DBG_IKE, "failed to allocate message ID, destroying IKE_SA");
643: flush(this);
644: return DESTROY_ME;
645: }
646: }
647: message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
648: message->set_message_id(message, this->initiating.mid);
649: message->set_source(message, me->clone(me));
650: message->set_destination(message, other->clone(other));
651: message->set_exchange_type(message, exchange);
652: this->initiating.type = exchange;
653: this->initiating.retransmitted = 0;
654:
655: enumerator = this->active_tasks->create_enumerator(this->active_tasks);
656: while (enumerator->enumerate(enumerator, (void*)&task))
657: {
658: switch (task->build(task, message))
659: {
660: case SUCCESS:
661: /* task completed, remove it */
662: this->active_tasks->remove_at(this->active_tasks, enumerator);
663: if (task->get_type(task) == TASK_AGGRESSIVE_MODE ||
664: task->get_type(task) == TASK_QUICK_MODE)
665: { /* last message of three message exchange */
666: keep = TRUE;
667: }
668: task->destroy(task);
669: continue;
670: case NEED_MORE:
671: expect_response = TRUE;
672: /* processed, but task needs another exchange */
673: continue;
674: case ALREADY_DONE:
675: cancelled = TRUE;
676: break;
677: case FAILED:
678: default:
679: if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
680: {
681: charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
682: }
683: /* FALL */
684: case DESTROY_ME:
685: /* critical failure, destroy IKE_SA */
686: enumerator->destroy(enumerator);
687: message->destroy(message);
688: flush(this);
689: return DESTROY_ME;
690: }
691: break;
692: }
693: enumerator->destroy(enumerator);
694:
695: if (this->active_tasks->get_count(this->active_tasks) == 0 &&
696: (exchange == QUICK_MODE || exchange == AGGRESSIVE))
697: { /* tasks completed, no exchange active anymore */
698: this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
699: }
700: if (cancelled)
701: {
702: message->destroy(message);
703: return initiate(this);
704: }
705:
706: clear_packets(this->initiating.packets);
707: if (!generate_message(this, message, &this->initiating.packets))
708: {
709: /* message generation failed. There is nothing more to do than to
710: * close the SA */
711: message->destroy(message);
712: flush(this);
713: charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
714: return DESTROY_ME;
715: }
716:
717: this->initiating.seqnr++;
718: if (expect_response)
719: {
720: message->destroy(message);
721: return retransmit(this, this->initiating.seqnr);
722: }
723: send_packets(this, this->initiating.packets);
724: if (!keep)
725: {
726: clear_packets(this->initiating.packets);
727: }
728: message->destroy(message);
729:
730: if (exchange == INFORMATIONAL_V1)
731: {
732: switch (this->ike_sa->get_state(this->ike_sa))
733: {
734: case IKE_CONNECTING:
735: /* close after sending an INFORMATIONAL when unestablished */
736: charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
737: return FAILED;
738: case IKE_DELETING:
739: /* close after sending a DELETE */
740: return DESTROY_ME;
741: default:
742: break;
743: }
744: }
745: return initiate(this);
746: }
747:
748: /**
749: * build a response depending on the "passive" task list
750: */
751: static status_t build_response(private_task_manager_t *this, message_t *request)
752: {
753: enumerator_t *enumerator;
754: task_t *task;
755: message_t *message;
756: host_t *me, *other;
757: bool delete = FALSE, cancelled = FALSE, expect_request = FALSE;
758:
759: me = request->get_destination(request);
760: other = request->get_source(request);
761:
762: message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
763: message->set_exchange_type(message, request->get_exchange_type(request));
764: /* send response along the path the request came in */
765: message->set_source(message, me->clone(me));
766: message->set_destination(message, other->clone(other));
767: message->set_message_id(message, request->get_message_id(request));
768: message->set_request(message, FALSE);
769:
770: this->responding.mid = request->get_message_id(request);
771: this->responding.retransmitted = 0;
772: this->responding.seqnr++;
773:
774: enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
775: while (enumerator->enumerate(enumerator, (void*)&task))
776: {
777: switch (task->build(task, message))
778: {
779: case SUCCESS:
780: /* task completed, remove it */
781: this->passive_tasks->remove_at(this->passive_tasks, enumerator);
782: task->destroy(task);
783: continue;
784: case NEED_MORE:
785: /* processed, but task needs another exchange */
786: if (task->get_type(task) == TASK_QUICK_MODE ||
787: task->get_type(task) == TASK_AGGRESSIVE_MODE)
788: { /* we rely on initiator retransmission, except for
789: * three-message exchanges */
790: expect_request = TRUE;
791: }
792: continue;
793: case ALREADY_DONE:
794: cancelled = TRUE;
795: break;
796: case INVALID_ARG:
797: if (task->get_type(task) == TASK_QUICK_MODE)
798: { /* not responsible for this exchange */
799: continue;
800: }
801: /* FALL */
802: case FAILED:
803: default:
804: charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
805: /* FALL */
806: case DESTROY_ME:
807: /* destroy IKE_SA, but SEND response first */
808: delete = TRUE;
809: break;
810: }
811: break;
812: }
813: enumerator->destroy(enumerator);
814:
815: clear_packets(this->responding.packets);
816: if (cancelled)
817: {
818: message->destroy(message);
819: return initiate(this);
820: }
821: if (!generate_message(this, message, &this->responding.packets))
822: {
823: message->destroy(message);
824: charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
825: return DESTROY_ME;
826: }
827: message->destroy(message);
828:
829: if (expect_request && !delete)
830: {
831: return retransmit(this, this->responding.seqnr);
832: }
833: send_packets(this, this->responding.packets);
834: if (delete)
835: {
836: return DESTROY_ME;
837: }
838: return SUCCESS;
839: }
840:
841: /**
842: * Send a notify in a separate INFORMATIONAL exchange back to the sender.
843: * The notify protocol_id is set to ISAKMP
844: */
845: static void send_notify(private_task_manager_t *this, message_t *request,
846: notify_type_t type)
847: {
848: message_t *response;
849: array_t *packets = NULL;
850: host_t *me, *other;
851: uint32_t mid;
852:
853: if (request->get_exchange_type(request) == INFORMATIONAL_V1)
854: { /* don't respond to INFORMATIONAL requests to avoid a notify war */
855: DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request");
856: return;
857: }
858: if (!this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid))
859: {
860: DBG1(DBG_IKE, "failed to allocate message ID");
861: return;
862: }
863: response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
864: response->set_exchange_type(response, INFORMATIONAL_V1);
865: response->set_request(response, TRUE);
866: response->set_message_id(response, mid);
867: response->add_payload(response, (payload_t*)
868: notify_payload_create_from_protocol_and_type(PLV1_NOTIFY,
869: PROTO_IKE, type));
870:
871: me = this->ike_sa->get_my_host(this->ike_sa);
872: if (me->is_anyaddr(me))
873: {
874: me = request->get_destination(request);
875: this->ike_sa->set_my_host(this->ike_sa, me->clone(me));
876: }
877: other = this->ike_sa->get_other_host(this->ike_sa);
878: if (other->is_anyaddr(other))
879: {
880: other = request->get_source(request);
881: this->ike_sa->set_other_host(this->ike_sa, other->clone(other));
882: }
883: response->set_source(response, me->clone(me));
884: response->set_destination(response, other->clone(other));
885: if (generate_message(this, response, &packets))
886: {
887: send_packets(this, packets);
888: }
889: clear_packets(packets);
890: array_destroy(packets);
891: response->destroy(response);
892: }
893:
894: /**
895: * Process a DPD request/response
896: */
897: static bool process_dpd(private_task_manager_t *this, message_t *message)
898: {
899: notify_payload_t *notify;
900: notify_type_t type;
901: uint32_t seq;
902: chunk_t data;
903:
904: type = DPD_R_U_THERE;
905: notify = message->get_notify(message, type);
906: if (!notify)
907: {
908: type = DPD_R_U_THERE_ACK;
909: notify = message->get_notify(message, type);
910: }
911: if (!notify)
912: {
913: return FALSE;
914: }
915: data = notify->get_notification_data(notify);
916: if (data.len != 4)
917: {
918: return FALSE;
919: }
920: seq = untoh32(data.ptr);
921:
922: if (type == DPD_R_U_THERE)
923: {
924: if (this->dpd_recv == 0 || seq == this->dpd_recv)
925: { /* check sequence validity */
926: this->dpd_recv = seq + 1;
927: this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
928: time_monotonic(NULL));
929: }
930: /* but respond anyway */
931: this->ike_sa->queue_task(this->ike_sa,
932: &isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE_ACK, seq)->task);
933: }
934: else /* DPD_R_U_THERE_ACK */
935: {
936: if (seq == this->dpd_send)
937: {
938: this->dpd_send++;
939: this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
940: time_monotonic(NULL));
941: }
942: else
943: {
944: DBG1(DBG_IKE, "received invalid DPD sequence number %u "
945: "(expected %u), ignored", seq, this->dpd_send);
946: }
947: }
948: return TRUE;
949: }
950:
951: /**
952: * Check if we already have a quick mode task queued for the exchange with the
953: * given message ID
954: */
955: static bool have_quick_mode_task(private_task_manager_t *this, uint32_t mid)
956: {
957: enumerator_t *enumerator;
958: quick_mode_t *qm;
959: task_t *task;
960: bool found = FALSE;
961:
962: enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
963: while (enumerator->enumerate(enumerator, &task))
964: {
965: if (task->get_type(task) == TASK_QUICK_MODE)
966: {
967: qm = (quick_mode_t*)task;
968: if (qm->get_mid(qm) == mid)
969: {
970: found = TRUE;
971: break;
972: }
973: }
974: }
975: enumerator->destroy(enumerator);
976: return found;
977: }
978:
979: /**
980: * Check if we still have a specific task queued
981: */
982: static bool have_task_queued(private_task_manager_t *this, task_type_t type)
983: {
984: enumerator_t *enumerator;
985: task_t *task;
986: bool found = FALSE;
987:
988: enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
989: while (enumerator->enumerate(enumerator, &task))
990: {
991: if (task->get_type(task) == type)
992: {
993: found = TRUE;
994: break;
995: }
996: }
997: enumerator->destroy(enumerator);
998: return found;
999: }
1000:
1001: /**
1002: * handle an incoming request message
1003: */
1004: static status_t process_request(private_task_manager_t *this,
1005: message_t *message)
1006: {
1007: enumerator_t *enumerator;
1008: task_t *task = NULL;
1009: bool send_response = FALSE, dpd = FALSE;
1010:
1011: if (message->get_exchange_type(message) == INFORMATIONAL_V1 ||
1012: message->get_exchange_type(message) == QUICK_MODE ||
1013: this->passive_tasks->get_count(this->passive_tasks) == 0)
1014: { /* create tasks depending on request type, if not already some queued */
1015: switch (message->get_exchange_type(message))
1016: {
1017: case ID_PROT:
1018: task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
1019: this->passive_tasks->insert_last(this->passive_tasks, task);
1020: task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
1021: this->passive_tasks->insert_last(this->passive_tasks, task);
1022: task = (task_t *)main_mode_create(this->ike_sa, FALSE);
1023: this->passive_tasks->insert_last(this->passive_tasks, task);
1024: task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
1025: this->passive_tasks->insert_last(this->passive_tasks, task);
1026: task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
1027: this->passive_tasks->insert_last(this->passive_tasks, task);
1028: break;
1029: case AGGRESSIVE:
1030: task = (task_t *)isakmp_vendor_create(this->ike_sa, FALSE);
1031: this->passive_tasks->insert_last(this->passive_tasks, task);
1032: task = (task_t*)isakmp_cert_pre_create(this->ike_sa, FALSE);
1033: this->passive_tasks->insert_last(this->passive_tasks, task);
1034: task = (task_t *)aggressive_mode_create(this->ike_sa, FALSE);
1035: this->passive_tasks->insert_last(this->passive_tasks, task);
1036: task = (task_t*)isakmp_cert_post_create(this->ike_sa, FALSE);
1037: this->passive_tasks->insert_last(this->passive_tasks, task);
1038: task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
1039: this->passive_tasks->insert_last(this->passive_tasks, task);
1040: break;
1041: case QUICK_MODE:
1042: if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
1043: {
1044: DBG1(DBG_IKE, "received quick mode request for "
1045: "unestablished IKE_SA, ignored");
1046: return FAILED;
1047: }
1048: if (have_quick_mode_task(this, message->get_message_id(message)))
1049: {
1050: break;
1051: }
1052: task = (task_t *)quick_mode_create(this->ike_sa, NULL,
1053: NULL, NULL);
1054: this->passive_tasks->insert_last(this->passive_tasks, task);
1055: break;
1056: case INFORMATIONAL_V1:
1057: if (process_dpd(this, message))
1058: {
1059: dpd = TRUE;
1060: }
1061: else
1062: {
1063: task = (task_t *)informational_create(this->ike_sa, NULL);
1064: this->passive_tasks->insert_first(this->passive_tasks, task);
1065: }
1066: break;
1067: case TRANSACTION:
1068: if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
1069: {
1070: task = (task_t *)mode_config_create(this->ike_sa,
1071: FALSE, TRUE);
1072: }
1073: else
1074: {
1075: task = (task_t *)xauth_create(this->ike_sa, FALSE);
1076: }
1077: this->passive_tasks->insert_last(this->passive_tasks, task);
1078: break;
1079: default:
1080: return FAILED;
1081: }
1082: }
1083: if (dpd)
1084: {
1085: return initiate(this);
1086: }
1087: this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND, time_monotonic(NULL));
1088:
1089: /* let the tasks process the message */
1090: enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
1091: while (enumerator->enumerate(enumerator, (void*)&task))
1092: {
1093: switch (task->process(task, message))
1094: {
1095: case SUCCESS:
1096: /* task completed, remove it */
1097: this->passive_tasks->remove_at(this->passive_tasks, enumerator);
1098: task->destroy(task);
1099: continue;
1100: case NEED_MORE:
1101: /* processed, but task needs at least another call to build() */
1102: send_response = TRUE;
1103: continue;
1104: case ALREADY_DONE:
1105: send_response = FALSE;
1106: break;
1107: case INVALID_ARG:
1108: if (task->get_type(task) == TASK_QUICK_MODE)
1109: { /* not responsible for this exchange */
1110: continue;
1111: }
1112: /* FALL */
1113: case FAILED:
1114: default:
1115: charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1116: /* FALL */
1117: case DESTROY_ME:
1118: /* critical failure, destroy IKE_SA */
1119: this->passive_tasks->remove_at(this->passive_tasks, enumerator);
1120: enumerator->destroy(enumerator);
1121: task->destroy(task);
1122: return DESTROY_ME;
1123: }
1124: break;
1125: }
1126: enumerator->destroy(enumerator);
1127:
1128: if (send_response)
1129: {
1130: if (build_response(this, message) != SUCCESS)
1131: {
1132: return DESTROY_ME;
1133: }
1134: }
1135: else
1136: {
1137: if (this->responding.retransmitted > 1)
1138: {
1139: packet_t *packet = NULL;
1140: array_get(this->responding.packets, 0, &packet);
1141: charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED,
1142: packet);
1143: }
1144: /* We don't send a response, so don't retransmit one if we get
1145: * the same message again. */
1146: clear_packets(this->responding.packets);
1147: }
1148: if (this->queued &&
1149: this->queued->get_exchange_type(this->queued) == INFORMATIONAL_V1)
1150: {
1151: message_t *queued;
1152: status_t status;
1153:
1154: queued = this->queued;
1155: this->queued = NULL;
1156: status = this->public.task_manager.process_message(
1157: &this->public.task_manager, queued);
1158: queued->destroy(queued);
1159: if (status == DESTROY_ME)
1160: {
1161: return status;
1162: }
1163: }
1164: if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
1165: this->queued_tasks->get_count(this->queued_tasks) > 0)
1166: {
1167: /* passive tasks completed, check if an active task has been queued,
1168: * such as XAUTH or modeconfig push */
1169: return initiate(this);
1170: }
1171: return SUCCESS;
1172: }
1173:
1174: /**
1175: * handle an incoming response message
1176: */
1177: static status_t process_response(private_task_manager_t *this,
1178: message_t *message)
1179: {
1180: enumerator_t *enumerator;
1181: message_t *queued;
1182: status_t status;
1183: task_t *task;
1184:
1185: if (message->get_exchange_type(message) != this->initiating.type)
1186: {
1187: /* Windows server sends a fourth quick mode message having an initial
1188: * contact notify. Ignore this message for compatibility. */
1189: if (this->initiating.type == EXCHANGE_TYPE_UNDEFINED &&
1190: message->get_exchange_type(message) == QUICK_MODE &&
1191: message->get_notify(message, INITIAL_CONTACT))
1192: {
1193: DBG1(DBG_IKE, "ignoring fourth Quick Mode message");
1194: return SUCCESS;
1195: }
1196: DBG1(DBG_IKE, "received %N response, but expected %N",
1197: exchange_type_names, message->get_exchange_type(message),
1198: exchange_type_names, this->initiating.type);
1199: charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1200: return DESTROY_ME;
1201: }
1202:
1203: enumerator = this->active_tasks->create_enumerator(this->active_tasks);
1204: while (enumerator->enumerate(enumerator, (void*)&task))
1205: {
1206: switch (task->process(task, message))
1207: {
1208: case SUCCESS:
1209: /* task completed, remove it */
1210: this->active_tasks->remove_at(this->active_tasks, enumerator);
1211: task->destroy(task);
1212: continue;
1213: case NEED_MORE:
1214: /* processed, but task needs another exchange */
1215: continue;
1216: case ALREADY_DONE:
1217: break;
1218: case FAILED:
1219: default:
1220: charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
1221: /* FALL */
1222: case DESTROY_ME:
1223: /* critical failure, destroy IKE_SA */
1224: this->active_tasks->remove_at(this->active_tasks, enumerator);
1225: enumerator->destroy(enumerator);
1226: task->destroy(task);
1227: return DESTROY_ME;
1228: }
1229: break;
1230: }
1231: enumerator->destroy(enumerator);
1232:
1233: if (this->initiating.retransmitted > 1)
1234: {
1235: packet_t *packet = NULL;
1236: array_get(this->initiating.packets, 0, &packet);
1237: charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet);
1238: }
1239: this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
1240: clear_packets(this->initiating.packets);
1241:
1242: if (this->queued && !this->active_tasks->get_count(this->active_tasks) &&
1243: this->queued->get_exchange_type(this->queued) == TRANSACTION)
1244: {
1245: queued = this->queued;
1246: this->queued = NULL;
1247: status = this->public.task_manager.process_message(
1248: &this->public.task_manager, queued);
1249: queued->destroy(queued);
1250: if (status == DESTROY_ME)
1251: {
1252: return status;
1253: }
1254: }
1255:
1256: return initiate(this);
1257: }
1258:
1259: static status_t handle_fragment(private_task_manager_t *this, message_t *msg)
1260: {
1261: status_t status;
1262:
1263: if (!this->defrag)
1264: {
1265: this->defrag = message_create_defrag(msg);
1266: if (!this->defrag)
1267: {
1268: return FAILED;
1269: }
1270: }
1271: status = this->defrag->add_fragment(this->defrag, msg);
1272: if (status == SUCCESS)
1273: {
1274: lib->processor->queue_job(lib->processor,
1275: (job_t*)process_message_job_create(this->defrag));
1276: this->defrag = NULL;
1277: /* do not process the last fragment */
1278: status = NEED_MORE;
1279: }
1280: return status;
1281: }
1282:
1283: /**
1284: * Parse the given message and verify that it is valid.
1285: */
1286: static status_t parse_message(private_task_manager_t *this, message_t *msg)
1287: {
1288: status_t status;
1289:
1290: status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa));
1291:
1292: if (status != SUCCESS)
1293: {
1294: switch (status)
1295: {
1296: case NOT_SUPPORTED:
1297: DBG1(DBG_IKE, "unsupported exchange type");
1298: send_notify(this, msg, INVALID_EXCHANGE_TYPE);
1299: break;
1300: case PARSE_ERROR:
1301: DBG1(DBG_IKE, "message parsing failed");
1302: send_notify(this, msg, PAYLOAD_MALFORMED);
1303: break;
1304: case VERIFY_ERROR:
1305: DBG1(DBG_IKE, "message verification failed");
1306: send_notify(this, msg, PAYLOAD_MALFORMED);
1307: break;
1308: case FAILED:
1309: DBG1(DBG_IKE, "integrity check failed");
1310: send_notify(this, msg, INVALID_HASH_INFORMATION);
1311: break;
1312: case INVALID_STATE:
1313: DBG1(DBG_IKE, "found encrypted message, but no keys available");
1314: send_notify(this, msg, PAYLOAD_MALFORMED);
1315: default:
1316: break;
1317: }
1318: DBG1(DBG_IKE, "%N %s with message ID %u processing failed",
1319: exchange_type_names, msg->get_exchange_type(msg),
1320: msg->get_request(msg) ? "request" : "response",
1321: msg->get_message_id(msg));
1322:
1323: charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_BODY, msg, status);
1324:
1325: if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED)
1326: { /* invalid initiation attempt, close SA */
1327: return DESTROY_ME;
1328: }
1329: }
1330:
1331: if (msg->get_first_payload_type(msg) == PLV1_FRAGMENT)
1332: {
1333: return handle_fragment(this, msg);
1334: }
1335: return status;
1336: }
1337:
1338: /**
1339: * Queue the given message if possible
1340: */
1341: static status_t queue_message(private_task_manager_t *this, message_t *msg)
1342: {
1343: if (this->queued)
1344: {
1345: DBG1(DBG_IKE, "ignoring %N request, queue full",
1346: exchange_type_names, msg->get_exchange_type(msg));
1347: return FAILED;
1348: }
1349: this->queued = message_create_from_packet(msg->get_packet(msg));
1350: if (this->queued->parse_header(this->queued) != SUCCESS)
1351: {
1352: this->queued->destroy(this->queued);
1353: this->queued = NULL;
1354: return FAILED;
1355: }
1356: DBG1(DBG_IKE, "queueing %N request as tasks still active",
1357: exchange_type_names, msg->get_exchange_type(msg));
1358: return SUCCESS;
1359: }
1360:
1361: METHOD(task_manager_t, process_message, status_t,
1362: private_task_manager_t *this, message_t *msg)
1363: {
1364: uint32_t hash, mid, i;
1365: host_t *me, *other;
1366: status_t status;
1367:
1368: /* TODO-IKEv1: update hosts more selectively */
1369: me = msg->get_destination(msg);
1370: other = msg->get_source(msg);
1371: mid = msg->get_message_id(msg);
1372: hash = chunk_hash(msg->get_packet_data(msg));
1373: for (i = 0; i < MAX_OLD_HASHES; i++)
1374: {
1375: if (this->initiating.old_hashes[i] == hash)
1376: {
1377: if (array_count(this->initiating.packets) &&
1378: i == (this->initiating.old_hash_pos % MAX_OLD_HASHES) &&
1379: (msg->get_exchange_type(msg) == QUICK_MODE ||
1380: msg->get_exchange_type(msg) == AGGRESSIVE))
1381: {
1382: DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1383: "resending last request", mid);
1384: send_packets(this, this->initiating.packets);
1385: return SUCCESS;
1386: }
1387: DBG1(DBG_IKE, "received retransmit of response with ID %u, "
1388: "but next request already sent", mid);
1389: return SUCCESS;
1390: }
1391: }
1392:
1393: if ((mid && mid == this->initiating.mid) ||
1394: (this->initiating.mid == 0 &&
1395: msg->get_exchange_type(msg) == this->initiating.type &&
1396: this->active_tasks->get_count(this->active_tasks)))
1397: {
1398: msg->set_request(msg, FALSE);
1399: charon->bus->message(charon->bus, msg, TRUE, FALSE);
1400: status = parse_message(this, msg);
1401: if (status == NEED_MORE)
1402: {
1403: return SUCCESS;
1404: }
1405: if (status != SUCCESS)
1406: {
1407: return status;
1408: }
1409: this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
1410: time_monotonic(NULL));
1.1.1.2 ! misho 1411: this->ike_sa->update_hosts(this->ike_sa, me, other, UPDATE_HOSTS_FORCE_ADDRS);
1.1 misho 1412: charon->bus->message(charon->bus, msg, TRUE, TRUE);
1413: if (process_response(this, msg) != SUCCESS)
1414: {
1415: flush(this);
1416: return DESTROY_ME;
1417: }
1418: this->initiating.old_hashes[(++this->initiating.old_hash_pos) %
1419: MAX_OLD_HASHES] = hash;
1420: }
1421: else
1422: {
1423: if (hash == this->responding.hash)
1424: {
1425: if (array_count(this->responding.packets))
1426: {
1427: DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1428: "retransmitting response", mid);
1429: send_packets(this, this->responding.packets);
1430: }
1431: else if (array_count(this->initiating.packets) &&
1432: this->initiating.type == INFORMATIONAL_V1)
1433: {
1434: DBG1(DBG_IKE, "received retransmit of DPD request, "
1435: "retransmitting response");
1436: send_packets(this, this->initiating.packets);
1437: }
1438: else
1439: {
1440: DBG1(DBG_IKE, "received retransmit of request with ID %u, "
1441: "but no response to retransmit", mid);
1442: }
1443: charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
1444: return SUCCESS;
1445: }
1446:
1447: /* reject Main/Aggressive Modes once established */
1448: if (msg->get_exchange_type(msg) == ID_PROT ||
1449: msg->get_exchange_type(msg) == AGGRESSIVE)
1450: {
1451: if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
1452: this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING &&
1453: msg->get_first_payload_type(msg) != PLV1_FRAGMENT)
1454: {
1455: DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
1456: exchange_type_names, msg->get_exchange_type(msg));
1457: return FAILED;
1458: }
1459: }
1460:
1461: /* drop XAuth/Mode Config/Quick Mode messages until we received the last
1462: * Aggressive Mode message. since Informational messages are not
1463: * retransmitted we queue them. */
1464: if (have_task_queued(this, TASK_AGGRESSIVE_MODE))
1465: {
1466: if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
1467: {
1468: return queue_message(this, msg);
1469: }
1470: else if (msg->get_exchange_type(msg) != AGGRESSIVE)
1471: {
1472: DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
1473: exchange_type_names, msg->get_exchange_type(msg));
1474: return FAILED;
1475: }
1476: }
1477:
1478: /* queue XAuth/Mode Config messages unless the Main Mode exchange we
1479: * initiated is complete */
1480: if (msg->get_exchange_type(msg) == TRANSACTION &&
1481: this->active_tasks->get_count(this->active_tasks))
1482: {
1483: return queue_message(this, msg);
1484: }
1485:
1486: /* some peers send INITIAL_CONTACT notifies during XAuth, cache it */
1487: if (have_task_queued(this, TASK_XAUTH) &&
1488: msg->get_exchange_type(msg) == INFORMATIONAL_V1)
1489: {
1490: return queue_message(this, msg);
1491: }
1492:
1493: msg->set_request(msg, TRUE);
1494: charon->bus->message(charon->bus, msg, TRUE, FALSE);
1495: status = parse_message(this, msg);
1496: if (status == NEED_MORE)
1497: {
1498: return SUCCESS;
1499: }
1500: if (status != SUCCESS)
1501: {
1502: return status;
1503: }
1504: /* if this IKE_SA is virgin, we check for a config */
1505: if (this->ike_sa->get_ike_cfg(this->ike_sa) == NULL)
1506: {
1507: ike_sa_id_t *ike_sa_id;
1508: ike_cfg_t *ike_cfg;
1509: job_t *job;
1510:
1511: ike_cfg = charon->backends->get_ike_cfg(charon->backends,
1512: me, other, IKEV1);
1513: if (ike_cfg == NULL)
1514: {
1515: /* no config found for these hosts, destroy */
1516: DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N",
1517: me, other, notify_type_names, NO_PROPOSAL_CHOSEN);
1518: send_notify(this, msg, NO_PROPOSAL_CHOSEN);
1519: return DESTROY_ME;
1520: }
1521: this->ike_sa->set_ike_cfg(this->ike_sa, ike_cfg);
1522: ike_cfg->destroy(ike_cfg);
1523: /* add a timeout if peer does not establish it completely */
1524: ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1525: job = (job_t*)delete_ike_sa_job_create(ike_sa_id, FALSE);
1526: lib->scheduler->schedule_job(lib->scheduler, job,
1527: lib->settings->get_int(lib->settings,
1528: "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
1529: lib->ns));
1530: }
1.1.1.2 ! misho 1531: this->ike_sa->update_hosts(this->ike_sa, me, other, UPDATE_HOSTS_FORCE_ADDRS);
1.1 misho 1532: charon->bus->message(charon->bus, msg, TRUE, TRUE);
1533: if (process_request(this, msg) != SUCCESS)
1534: {
1535: flush(this);
1536: return DESTROY_ME;
1537: }
1538: this->responding.hash = hash;
1539: }
1540: return SUCCESS;
1541: }
1542:
1543: /**
1544: * Check if a given task has been queued already
1545: */
1546: static bool has_queued(private_task_manager_t *this, task_type_t type)
1547: {
1548: enumerator_t *enumerator;
1549: bool found = FALSE;
1550: task_t *task;
1551:
1552: enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1553: while (enumerator->enumerate(enumerator, &task))
1554: {
1555: if (task->get_type(task) == type)
1556: {
1557: found = TRUE;
1558: break;
1559: }
1560: }
1561: enumerator->destroy(enumerator);
1562: return found;
1563: }
1564:
1565: METHOD(task_manager_t, queue_task_delayed, void,
1566: private_task_manager_t *this, task_t *task, uint32_t delay)
1567: {
1568: task_type_t type = task->get_type(task);
1569:
1570: switch (type)
1571: {
1572: case TASK_MODE_CONFIG:
1573: case TASK_XAUTH:
1574: if (has_queued(this, type))
1575: {
1576: task->destroy(task);
1577: return;
1578: }
1579: break;
1580: default:
1581: break;
1582: }
1583: DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
1584: this->queued_tasks->insert_last(this->queued_tasks, task);
1585: }
1586:
1587: METHOD(task_manager_t, queue_task, void,
1588: private_task_manager_t *this, task_t *task)
1589: {
1590: queue_task_delayed(this, task, 0);
1591: }
1592:
1593: METHOD(task_manager_t, queue_ike, void,
1594: private_task_manager_t *this)
1595: {
1596: peer_cfg_t *peer_cfg;
1597:
1598: if (!has_queued(this, TASK_ISAKMP_VENDOR))
1599: {
1600: queue_task(this, (task_t*)isakmp_vendor_create(this->ike_sa, TRUE));
1601: }
1602: if (!has_queued(this, TASK_ISAKMP_CERT_PRE))
1603: {
1604: queue_task(this, (task_t*)isakmp_cert_pre_create(this->ike_sa, TRUE));
1605: }
1606: peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1607: if (peer_cfg->use_aggressive(peer_cfg))
1608: {
1609: if (!has_queued(this, TASK_AGGRESSIVE_MODE))
1610: {
1611: queue_task(this, (task_t*)aggressive_mode_create(this->ike_sa, TRUE));
1612: }
1613: }
1614: else
1615: {
1616: if (!has_queued(this, TASK_MAIN_MODE))
1617: {
1618: queue_task(this, (task_t*)main_mode_create(this->ike_sa, TRUE));
1619: }
1620: }
1621: if (!has_queued(this, TASK_ISAKMP_CERT_POST))
1622: {
1623: queue_task(this, (task_t*)isakmp_cert_post_create(this->ike_sa, TRUE));
1624: }
1625: if (!has_queued(this, TASK_ISAKMP_NATD))
1626: {
1627: queue_task(this, (task_t*)isakmp_natd_create(this->ike_sa, TRUE));
1628: }
1629: }
1630:
1631: METHOD(task_manager_t, queue_ike_reauth, void,
1632: private_task_manager_t *this)
1633: {
1634: enumerator_t *enumerator;
1635: child_sa_t *child_sa;
1636: ike_sa_t *new;
1637: host_t *host;
1638:
1.1.1.2 ! misho 1639: new = charon->ike_sa_manager->create_new(charon->ike_sa_manager,
1.1 misho 1640: this->ike_sa->get_version(this->ike_sa), TRUE);
1641: if (!new)
1642: { /* shouldn't happen */
1643: return;
1644: }
1645:
1646: new->set_peer_cfg(new, this->ike_sa->get_peer_cfg(this->ike_sa));
1647: host = this->ike_sa->get_other_host(this->ike_sa);
1648: new->set_other_host(new, host->clone(host));
1649: host = this->ike_sa->get_my_host(this->ike_sa);
1650: new->set_my_host(new, host->clone(host));
1651: enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, TRUE);
1652: while (enumerator->enumerate(enumerator, &host))
1653: {
1654: new->add_virtual_ip(new, TRUE, host);
1655: }
1656: enumerator->destroy(enumerator);
1657:
1658: charon->bus->children_migrate(charon->bus, new->get_id(new),
1659: new->get_unique_id(new));
1660: enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1661: while (enumerator->enumerate(enumerator, &child_sa))
1662: {
1663: this->ike_sa->remove_child_sa(this->ike_sa, enumerator);
1664: new->add_child_sa(new, child_sa);
1665: }
1666: enumerator->destroy(enumerator);
1667: charon->bus->set_sa(charon->bus, new);
1668: charon->bus->children_migrate(charon->bus, NULL, 0);
1669: charon->bus->set_sa(charon->bus, this->ike_sa);
1670:
1671: if (!new->get_child_count(new))
1672: { /* check if a Quick Mode task is queued (UNITY_LOAD_BALANCE case) */
1673: task_t *task;
1674:
1675: enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1676: while (enumerator->enumerate(enumerator, &task))
1677: {
1678: if (task->get_type(task) == TASK_QUICK_MODE)
1679: {
1680: this->queued_tasks->remove_at(this->queued_tasks, enumerator);
1681: task->migrate(task, new);
1682: new->queue_task(new, task);
1683: }
1684: }
1685: enumerator->destroy(enumerator);
1686: }
1687:
1688: if (new->initiate(new, NULL, 0, NULL, NULL) != DESTROY_ME)
1689: {
1690: charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
1691: this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
1692: }
1693: else
1694: {
1695: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
1696: DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
1697: }
1698: charon->bus->set_sa(charon->bus, this->ike_sa);
1699: }
1700:
1701: METHOD(task_manager_t, queue_ike_rekey, void,
1702: private_task_manager_t *this)
1703: {
1704: queue_ike_reauth(this);
1705: }
1706:
1707: METHOD(task_manager_t, queue_ike_delete, void,
1708: private_task_manager_t *this)
1709: {
1710: enumerator_t *enumerator;
1711: child_sa_t *child_sa;
1712:
1713: /* cancel any currently active task to get the DELETE done quickly */
1714: flush_queue(this, TASK_QUEUE_ACTIVE);
1715:
1716: enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
1717: while (enumerator->enumerate(enumerator, &child_sa))
1718: {
1719: queue_task(this, (task_t*)
1720: quick_delete_create(this->ike_sa, child_sa->get_protocol(child_sa),
1721: child_sa->get_spi(child_sa, TRUE), FALSE, FALSE));
1722: }
1723: enumerator->destroy(enumerator);
1724:
1725: queue_task(this, (task_t*)isakmp_delete_create(this->ike_sa, TRUE));
1726: }
1727:
1728: METHOD(task_manager_t, queue_mobike, void,
1729: private_task_manager_t *this, bool roam, bool address)
1730: {
1731: /* Not supported in IKEv1 */
1732: }
1733:
1734: METHOD(task_manager_t, queue_child, void,
1735: private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid,
1736: traffic_selector_t *tsi, traffic_selector_t *tsr)
1737: {
1738: quick_mode_t *task;
1739:
1740: task = quick_mode_create(this->ike_sa, cfg, tsi, tsr);
1741: task->use_reqid(task, reqid);
1742:
1743: queue_task(this, &task->task);
1744: }
1745:
1746: /**
1747: * Check if two CHILD_SAs have the same traffic selector
1748: */
1749: static bool have_equal_ts(child_sa_t *child1, child_sa_t *child2, bool local)
1750: {
1751: enumerator_t *e1, *e2;
1752: traffic_selector_t *ts1, *ts2;
1753: bool equal = FALSE;
1754:
1755: e1 = child1->create_ts_enumerator(child1, local);
1756: e2 = child2->create_ts_enumerator(child2, local);
1757: if (e1->enumerate(e1, &ts1) && e2->enumerate(e2, &ts2))
1758: {
1759: equal = ts1->equals(ts1, ts2);
1760: }
1761: e2->destroy(e2);
1762: e1->destroy(e1);
1763:
1764: return equal;
1765: }
1766:
1767: /*
1768: * Described in header
1769: */
1770: bool ikev1_child_sa_is_redundant(ike_sa_t *ike_sa, child_sa_t *child_sa,
1771: bool (*cmp)(child_sa_t*,child_sa_t*))
1772: {
1773: enumerator_t *enumerator;
1774: child_sa_t *current;
1775: bool redundant = FALSE;
1776:
1777: enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
1778: while (enumerator->enumerate(enumerator, ¤t))
1779: {
1780: if (current != child_sa &&
1781: current->get_state(current) == CHILD_INSTALLED &&
1782: streq(current->get_name(current), child_sa->get_name(child_sa)) &&
1783: have_equal_ts(current, child_sa, TRUE) &&
1784: have_equal_ts(current, child_sa, FALSE) &&
1785: (!cmp || cmp(child_sa, current)))
1786: {
1787: DBG1(DBG_IKE, "detected redundant CHILD_SA %s{%d}",
1788: child_sa->get_name(child_sa),
1789: child_sa->get_unique_id(child_sa));
1790: redundant = TRUE;
1791: break;
1792: }
1793: }
1794: enumerator->destroy(enumerator);
1795:
1796: return redundant;
1797: }
1798:
1799: /**
1800: * Compare the rekey times of two CHILD_SAs, a CHILD_SA is redundant if it is
1801: * rekeyed sooner than another.
1802: */
1803: static bool is_rekeyed_sooner(child_sa_t *is_redundant, child_sa_t *other)
1804: {
1805: return other->get_lifetime(other, FALSE) >
1806: is_redundant->get_lifetime(is_redundant, FALSE);
1807: }
1808:
1809: /**
1810: * Get the first traffic selector of a CHILD_SA, local or remote
1811: */
1812: static traffic_selector_t* get_first_ts(child_sa_t *child_sa, bool local)
1813: {
1814: traffic_selector_t *ts = NULL;
1815: enumerator_t *enumerator;
1816:
1817: enumerator = child_sa->create_ts_enumerator(child_sa, local);
1818: enumerator->enumerate(enumerator, &ts);
1819: enumerator->destroy(enumerator);
1820:
1821: return ts;
1822: }
1823:
1824: METHOD(task_manager_t, queue_child_rekey, void,
1825: private_task_manager_t *this, protocol_id_t protocol, uint32_t spi)
1826: {
1827: child_sa_t *child_sa;
1828: child_cfg_t *cfg;
1829: quick_mode_t *task;
1830:
1831: child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, TRUE);
1832: if (!child_sa)
1833: {
1834: child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE);
1835: }
1836: if (child_sa && child_sa->get_state(child_sa) == CHILD_INSTALLED)
1837: {
1838: if (ikev1_child_sa_is_redundant(this->ike_sa, child_sa,
1839: is_rekeyed_sooner))
1840: {
1841: child_sa->set_state(child_sa, CHILD_REKEYED);
1842: if (lib->settings->get_bool(lib->settings, "%s.delete_rekeyed",
1843: FALSE, lib->ns))
1844: {
1845: queue_task(this, (task_t*)quick_delete_create(this->ike_sa,
1846: protocol, spi, FALSE, FALSE));
1847: }
1848: }
1849: else
1850: {
1851: child_sa->set_state(child_sa, CHILD_REKEYING);
1852: cfg = child_sa->get_config(child_sa);
1853: task = quick_mode_create(this->ike_sa, cfg->get_ref(cfg),
1854: get_first_ts(child_sa, TRUE), get_first_ts(child_sa, FALSE));
1855: task->use_reqid(task, child_sa->get_reqid(child_sa));
1856: task->use_marks(task, child_sa->get_mark(child_sa, TRUE).value,
1857: child_sa->get_mark(child_sa, FALSE).value);
1858: task->use_if_ids(task, child_sa->get_if_id(child_sa, TRUE),
1859: child_sa->get_if_id(child_sa, FALSE));
1860: task->rekey(task, child_sa->get_spi(child_sa, TRUE));
1861:
1862: queue_task(this, &task->task);
1863: }
1864: }
1865: }
1866:
1867: METHOD(task_manager_t, queue_child_delete, void,
1868: private_task_manager_t *this, protocol_id_t protocol, uint32_t spi,
1869: bool expired)
1870: {
1871: queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol,
1872: spi, FALSE, expired));
1873: }
1874:
1875: METHOD(task_manager_t, queue_dpd, void,
1876: private_task_manager_t *this)
1877: {
1878: peer_cfg_t *peer_cfg;
1879: uint32_t t, retransmit;
1880:
1881: queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE,
1882: this->dpd_send));
1883: peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
1884:
1885: /* compute timeout in milliseconds */
1886: t = 1000 * peer_cfg->get_dpd_timeout(peer_cfg);
1887: if (t == 0)
1888: {
1889: /* use the same timeout as a retransmitting IKE message would have */
1890: for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++)
1891: {
1892: t += (uint32_t)(this->retransmit_timeout * 1000.0 *
1893: pow(this->retransmit_base, retransmit));
1894: }
1895: }
1896: /* compensate for the already elapsed dpd delay */
1897: t -= 1000 * peer_cfg->get_dpd(peer_cfg);
1898:
1899: /* schedule DPD timeout job */
1900: lib->scheduler->schedule_job_ms(lib->scheduler,
1901: (job_t*)dpd_timeout_job_create(this->ike_sa->get_id(this->ike_sa)), t);
1902: }
1903:
1904: METHOD(task_manager_t, adopt_tasks, void,
1905: private_task_manager_t *this, task_manager_t *other_public)
1906: {
1907: private_task_manager_t *other = (private_task_manager_t*)other_public;
1908: task_t *task;
1909:
1910: /* move queued tasks from other to this */
1911: while (other->queued_tasks->remove_last(other->queued_tasks,
1912: (void**)&task) == SUCCESS)
1913: {
1914: DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task));
1915: task->migrate(task, this->ike_sa);
1916: this->queued_tasks->insert_first(this->queued_tasks, task);
1917: }
1918: }
1919:
1920: METHOD(task_manager_t, busy, bool,
1921: private_task_manager_t *this)
1922: {
1923: return (this->active_tasks->get_count(this->active_tasks) > 0);
1924: }
1925:
1926: METHOD(task_manager_t, incr_mid, void,
1927: private_task_manager_t *this, bool initiate)
1928: {
1929: }
1930:
1931: METHOD(task_manager_t, get_mid, uint32_t,
1932: private_task_manager_t *this, bool initiate)
1933: {
1934: return initiate ? this->initiating.mid : this->responding.mid;
1935: }
1936:
1937: METHOD(task_manager_t, reset, void,
1938: private_task_manager_t *this, uint32_t initiate, uint32_t respond)
1939: {
1940: enumerator_t *enumerator;
1941: task_t *task;
1942:
1943: /* reset message counters and retransmit packets */
1944: clear_packets(this->responding.packets);
1945: clear_packets(this->initiating.packets);
1946: this->responding.seqnr = RESPONDING_SEQ;
1947: this->responding.retransmitted = 0;
1948: this->initiating.mid = 0;
1949: this->initiating.seqnr = 0;
1950: this->initiating.retransmitted = 0;
1951: this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
1952: DESTROY_IF(this->defrag);
1953: this->defrag = NULL;
1954: if (initiate != UINT_MAX)
1955: {
1956: this->dpd_send = initiate;
1957: }
1958: if (respond != UINT_MAX)
1959: {
1960: this->dpd_recv = respond;
1961: }
1962:
1963: /* reset queued tasks */
1964: enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
1965: while (enumerator->enumerate(enumerator, &task))
1966: {
1967: task->migrate(task, this->ike_sa);
1968: }
1969: enumerator->destroy(enumerator);
1970:
1971: /* reset active tasks */
1972: while (this->active_tasks->remove_last(this->active_tasks,
1973: (void**)&task) == SUCCESS)
1974: {
1975: task->migrate(task, this->ike_sa);
1976: this->queued_tasks->insert_first(this->queued_tasks, task);
1977: }
1978: }
1979:
1980: /**
1981: * Data for a task queue enumerator
1982: */
1983: typedef struct {
1984: enumerator_t public;
1985: task_queue_t queue;
1986: enumerator_t *inner;
1987: } task_enumerator_t;
1988:
1989: METHOD(enumerator_t, task_enumerator_destroy, void,
1990: task_enumerator_t *this)
1991: {
1992: this->inner->destroy(this->inner);
1993: free(this);
1994: }
1995:
1996: METHOD(enumerator_t, task_enumerator_enumerate, bool,
1997: task_enumerator_t *this, va_list args)
1998: {
1999: task_t **task;
2000:
2001: VA_ARGS_VGET(args, task);
2002: return this->inner->enumerate(this->inner, task);
2003: }
2004:
2005: METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
2006: private_task_manager_t *this, task_queue_t queue)
2007: {
2008: task_enumerator_t *enumerator;
2009:
2010: INIT(enumerator,
2011: .public = {
2012: .enumerate = enumerator_enumerate_default,
2013: .venumerate = _task_enumerator_enumerate,
2014: .destroy = _task_enumerator_destroy,
2015: },
2016: .queue = queue,
2017: );
2018: switch (queue)
2019: {
2020: case TASK_QUEUE_ACTIVE:
2021: enumerator->inner = this->active_tasks->create_enumerator(
2022: this->active_tasks);
2023: break;
2024: case TASK_QUEUE_PASSIVE:
2025: enumerator->inner = this->passive_tasks->create_enumerator(
2026: this->passive_tasks);
2027: break;
2028: case TASK_QUEUE_QUEUED:
2029: enumerator->inner = this->queued_tasks->create_enumerator(
2030: this->queued_tasks);
2031: break;
2032: default:
2033: enumerator->inner = enumerator_create_empty();
2034: break;
2035: }
2036: return &enumerator->public;
2037: }
2038:
2039: METHOD(task_manager_t, remove_task, void,
2040: private_task_manager_t *this, enumerator_t *enumerator_public)
2041: {
2042: task_enumerator_t *enumerator = (task_enumerator_t*)enumerator_public;
2043:
2044: switch (enumerator->queue)
2045: {
2046: case TASK_QUEUE_ACTIVE:
2047: this->active_tasks->remove_at(this->active_tasks,
2048: enumerator->inner);
2049: break;
2050: case TASK_QUEUE_PASSIVE:
2051: this->passive_tasks->remove_at(this->passive_tasks,
2052: enumerator->inner);
2053: break;
2054: case TASK_QUEUE_QUEUED:
2055: this->queued_tasks->remove_at(this->queued_tasks,
2056: enumerator->inner);
2057: break;
2058: default:
2059: break;
2060: }
2061: }
2062:
2063: METHOD(task_manager_t, destroy, void,
2064: private_task_manager_t *this)
2065: {
2066: flush(this);
2067:
2068: this->active_tasks->destroy(this->active_tasks);
2069: this->queued_tasks->destroy(this->queued_tasks);
2070: this->passive_tasks->destroy(this->passive_tasks);
2071: DESTROY_IF(this->defrag);
2072:
2073: DESTROY_IF(this->queued);
2074: clear_packets(this->responding.packets);
2075: array_destroy(this->responding.packets);
2076: clear_packets(this->initiating.packets);
2077: array_destroy(this->initiating.packets);
2078: DESTROY_IF(this->rng);
2079: free(this);
2080: }
2081:
2082: /*
2083: * see header file
2084: */
2085: task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
2086: {
2087: private_task_manager_t *this;
2088:
2089: INIT(this,
2090: .public = {
2091: .task_manager = {
2092: .process_message = _process_message,
2093: .queue_task = _queue_task,
2094: .queue_task_delayed = _queue_task_delayed,
2095: .queue_ike = _queue_ike,
2096: .queue_ike_rekey = _queue_ike_rekey,
2097: .queue_ike_reauth = _queue_ike_reauth,
2098: .queue_ike_delete = _queue_ike_delete,
2099: .queue_mobike = _queue_mobike,
2100: .queue_child = _queue_child,
2101: .queue_child_rekey = _queue_child_rekey,
2102: .queue_child_delete = _queue_child_delete,
2103: .queue_dpd = _queue_dpd,
2104: .initiate = _initiate,
2105: .retransmit = _retransmit,
2106: .incr_mid = _incr_mid,
2107: .get_mid = _get_mid,
2108: .reset = _reset,
2109: .adopt_tasks = _adopt_tasks,
2110: .busy = _busy,
2111: .create_task_enumerator = _create_task_enumerator,
2112: .remove_task = _remove_task,
2113: .flush = _flush,
2114: .flush_queue = _flush_queue,
2115: .destroy = _destroy,
2116: },
2117: },
2118: .initiating = {
2119: .type = EXCHANGE_TYPE_UNDEFINED,
2120: },
2121: .responding = {
2122: .seqnr = RESPONDING_SEQ,
2123: },
2124: .ike_sa = ike_sa,
2125: .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
2126: .queued_tasks = linked_list_create(),
2127: .active_tasks = linked_list_create(),
2128: .passive_tasks = linked_list_create(),
2129: .retransmit_tries = lib->settings->get_int(lib->settings,
2130: "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns),
2131: .retransmit_timeout = lib->settings->get_double(lib->settings,
2132: "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns),
2133: .retransmit_base = lib->settings->get_double(lib->settings,
2134: "%s.retransmit_base", RETRANSMIT_BASE, lib->ns),
2135: .retransmit_jitter = min(lib->settings->get_int(lib->settings,
2136: "%s.retransmit_jitter", 0, lib->ns), RETRANSMIT_JITTER_MAX),
2137: .retransmit_limit = lib->settings->get_int(lib->settings,
2138: "%s.retransmit_limit", 0, lib->ns) * 1000,
2139: );
2140:
2141: if (!this->rng)
2142: {
2143: DBG1(DBG_IKE, "no RNG found, unable to create IKE_SA");
2144: destroy(this);
2145: return NULL;
2146: }
2147: if (!this->rng->get_bytes(this->rng, sizeof(this->dpd_send),
2148: (void*)&this->dpd_send))
2149: {
2150: DBG1(DBG_IKE, "failed to allocate message ID, unable to create IKE_SA");
2151: destroy(this);
2152: return NULL;
2153: }
2154: this->dpd_send &= 0x7FFFFFFF;
2155:
1.1.1.2 ! misho 2156: if (this->retransmit_base > 1)
! 2157: { /* based on 1000 * timeout * base^try */
! 2158: this->retransmit_tries_max = log(UINT32_MAX/
! 2159: (1000.0 * this->retransmit_timeout))/
! 2160: log(this->retransmit_base);
! 2161: }
1.1 misho 2162: return &this->public;
2163: }