Annotation of embedaddon/strongswan/src/libcharon/sa/task.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2007-2015 Tobias Brunner
! 3: * Copyright (C) 2006 Martin Willi
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: /**
! 18: * @defgroup task task
! 19: * @{ @ingroup sa
! 20: */
! 21:
! 22: #ifndef TASK_H_
! 23: #define TASK_H_
! 24:
! 25: #include <utils/utils.h>
! 26:
! 27: typedef enum task_type_t task_type_t;
! 28: typedef struct task_t task_t;
! 29:
! 30: #include <library.h>
! 31: #include <sa/ike_sa.h>
! 32: #include <encoding/message.h>
! 33:
! 34: /**
! 35: * Different kinds of tasks.
! 36: */
! 37: enum task_type_t {
! 38: /** establish an unauthenticated IKE_SA */
! 39: TASK_IKE_INIT,
! 40: /** detect NAT situation */
! 41: TASK_IKE_NATD,
! 42: /** handle MOBIKE stuff */
! 43: TASK_IKE_MOBIKE,
! 44: /** authenticate the initiated IKE_SA */
! 45: TASK_IKE_AUTH,
! 46: /** AUTH_LIFETIME negotiation, RFC4478 */
! 47: TASK_IKE_AUTH_LIFETIME,
! 48: /** certificate processing before authentication (certreqs, cert parsing) */
! 49: TASK_IKE_CERT_PRE,
! 50: /** certificate processing after authentication (certs payload generation) */
! 51: TASK_IKE_CERT_POST,
! 52: /** Configuration payloads, virtual IP and such */
! 53: TASK_IKE_CONFIG,
! 54: /** rekey an IKE_SA */
! 55: TASK_IKE_REKEY,
! 56: /** reestablish a complete IKE_SA, break-before-make */
! 57: TASK_IKE_REAUTH,
! 58: /** completion task for make-before-break IKE_SA re-authentication */
! 59: TASK_IKE_REAUTH_COMPLETE,
! 60: /** redirect an active IKE_SA */
! 61: TASK_IKE_REDIRECT,
! 62: /** verify a peer's certificate */
! 63: TASK_IKE_VERIFY_PEER_CERT,
! 64: /** synchronize message IDs, RFC6311 */
! 65: TASK_IKE_MID_SYNC,
! 66: /** delete an IKE_SA */
! 67: TASK_IKE_DELETE,
! 68: /** liveness check */
! 69: TASK_IKE_DPD,
! 70: /** Vendor ID processing */
! 71: TASK_IKE_VENDOR,
! 72: #ifdef ME
! 73: /** handle ME stuff */
! 74: TASK_IKE_ME,
! 75: #endif /* ME */
! 76: /** establish a CHILD_SA within an IKE_SA */
! 77: TASK_CHILD_CREATE,
! 78: /** delete an established CHILD_SA */
! 79: TASK_CHILD_DELETE,
! 80: /** rekey a CHILD_SA */
! 81: TASK_CHILD_REKEY,
! 82: /** IKEv1 main mode */
! 83: TASK_MAIN_MODE,
! 84: /** IKEv1 aggressive mode */
! 85: TASK_AGGRESSIVE_MODE,
! 86: /** IKEv1 informational exchange */
! 87: TASK_INFORMATIONAL,
! 88: /** IKEv1 delete using an informational */
! 89: TASK_ISAKMP_DELETE,
! 90: /** IKEv1 XAUTH authentication */
! 91: TASK_XAUTH,
! 92: /** IKEv1 Mode Config */
! 93: TASK_MODE_CONFIG,
! 94: /** IKEv1 quick mode */
! 95: TASK_QUICK_MODE,
! 96: /** IKEv1 delete of a quick mode SA */
! 97: TASK_QUICK_DELETE,
! 98: /** IKEv1 vendor ID payload handling */
! 99: TASK_ISAKMP_VENDOR,
! 100: /** IKEv1 NAT detection */
! 101: TASK_ISAKMP_NATD,
! 102: /** IKEv1 DPD */
! 103: TASK_ISAKMP_DPD,
! 104: /** IKEv1 pre-authentication certificate handling */
! 105: TASK_ISAKMP_CERT_PRE,
! 106: /** IKEv1 post-authentication certificate handling */
! 107: TASK_ISAKMP_CERT_POST,
! 108: };
! 109:
! 110: /**
! 111: * enum names for task_type_t.
! 112: */
! 113: extern enum_name_t *task_type_names;
! 114:
! 115: /**
! 116: * Interface for a task, an operation handled within exchanges.
! 117: *
! 118: * A task is an elementary operation. It may be handled by a single or by
! 119: * multiple exchanges. An exchange may even complete multiple tasks.
! 120: * A task has a build() and an process() operation. The build() operation
! 121: * creates payloads and adds it to the message. The process() operation
! 122: * inspects a message and handles its payloads. An initiator of an exchange
! 123: * first calls build() to build the request, and processes the response message
! 124: * with the process() method.
! 125: * A responder does the opposite; it calls process() first to handle an incoming
! 126: * request and secondly calls build() to build an appropriate response.
! 127: * Both methods return either SUCCESS, NEED_MORE or FAILED. A SUCCESS indicates
! 128: * that the task completed, even when the task completed unsuccessfully. The
! 129: * manager then removes the task from the list. A NEED_MORE is returned when
! 130: * the task needs further build()/process() calls to complete, the manager
! 131: * leaves the task in the queue. A returned FAILED indicates a critical failure.
! 132: * The manager closes the IKE_SA whenever a task returns FAILED.
! 133: */
! 134: struct task_t {
! 135:
! 136: /**
! 137: * Build a request or response message for this task.
! 138: *
! 139: * @param message message to add payloads to
! 140: * @return
! 141: * - FAILED if a critical error occurred
! 142: * - DESTROY_ME if IKE_SA has been properly deleted
! 143: * - NEED_MORE if another call to build/process needed
! 144: * - ALREADY_DONE to cancel task processing
! 145: * - SUCCESS if task completed
! 146: */
! 147: status_t (*build) (task_t *this, message_t *message);
! 148:
! 149: /**
! 150: * Process a request or response message for this task.
! 151: *
! 152: * @param message message to read payloads from
! 153: * @return
! 154: * - FAILED if a critical error occurred
! 155: * - DESTROY_ME if IKE_SA has been properly deleted
! 156: * - NEED_MORE if another call to build/process needed
! 157: * - ALREADY_DONE to cancel task processing
! 158: * - SUCCESS if task completed
! 159: */
! 160: status_t (*process) (task_t *this, message_t *message);
! 161:
! 162: /**
! 163: * Verify a message before processing it (optional to implement by tasks).
! 164: *
! 165: * @param message message to verify
! 166: * @return
! 167: * - FAILED if verification is not successful, the
! 168: * message will be silently discarded
! 169: * - DESTROY_ME if IKE_SA has to be destroyed
! 170: * - SUCCESS if verification is successful
! 171: */
! 172: status_t (*pre_process) (task_t *this, message_t *message);
! 173:
! 174: /**
! 175: * Get the type of the task implementation.
! 176: */
! 177: task_type_t (*get_type) (task_t *this);
! 178:
! 179: /**
! 180: * Migrate a task to a new IKE_SA.
! 181: *
! 182: * After migrating a task, it goes back to a state where it can be
! 183: * used again to initiate an exchange. This is useful when a task
! 184: * has to get migrated to a new IKE_SA.
! 185: * A special usage is when a INVALID_KE_PAYLOAD is received. A call
! 186: * to reset resets the task, but uses another DH group for the next
! 187: * try.
! 188: * The ike_sa is the new IKE_SA this task belongs to and operates on.
! 189: *
! 190: * @param ike_sa new IKE_SA this task works for
! 191: */
! 192: void (*migrate) (task_t *this, ike_sa_t *ike_sa);
! 193:
! 194: /**
! 195: * Destroys a task_t object.
! 196: */
! 197: void (*destroy) (task_t *this);
! 198: };
! 199:
! 200: #endif /** TASK_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>