Annotation of embedaddon/strongswan/src/libcharon/sa/task.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2007-2015 Tobias Brunner
3: * Copyright (C) 2006 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup task task
19: * @{ @ingroup sa
20: */
21:
22: #ifndef TASK_H_
23: #define TASK_H_
24:
25: #include <utils/utils.h>
26:
27: typedef enum task_type_t task_type_t;
28: typedef struct task_t task_t;
29:
30: #include <library.h>
31: #include <sa/ike_sa.h>
32: #include <encoding/message.h>
33:
34: /**
35: * Different kinds of tasks.
36: */
37: enum task_type_t {
38: /** establish an unauthenticated IKE_SA */
39: TASK_IKE_INIT,
40: /** detect NAT situation */
41: TASK_IKE_NATD,
42: /** handle MOBIKE stuff */
43: TASK_IKE_MOBIKE,
44: /** authenticate the initiated IKE_SA */
45: TASK_IKE_AUTH,
46: /** AUTH_LIFETIME negotiation, RFC4478 */
47: TASK_IKE_AUTH_LIFETIME,
48: /** certificate processing before authentication (certreqs, cert parsing) */
49: TASK_IKE_CERT_PRE,
50: /** certificate processing after authentication (certs payload generation) */
51: TASK_IKE_CERT_POST,
52: /** Configuration payloads, virtual IP and such */
53: TASK_IKE_CONFIG,
54: /** rekey an IKE_SA */
55: TASK_IKE_REKEY,
56: /** reestablish a complete IKE_SA, break-before-make */
57: TASK_IKE_REAUTH,
58: /** completion task for make-before-break IKE_SA re-authentication */
59: TASK_IKE_REAUTH_COMPLETE,
60: /** redirect an active IKE_SA */
61: TASK_IKE_REDIRECT,
62: /** verify a peer's certificate */
63: TASK_IKE_VERIFY_PEER_CERT,
64: /** synchronize message IDs, RFC6311 */
65: TASK_IKE_MID_SYNC,
66: /** delete an IKE_SA */
67: TASK_IKE_DELETE,
68: /** liveness check */
69: TASK_IKE_DPD,
70: /** Vendor ID processing */
71: TASK_IKE_VENDOR,
72: #ifdef ME
73: /** handle ME stuff */
74: TASK_IKE_ME,
75: #endif /* ME */
76: /** establish a CHILD_SA within an IKE_SA */
77: TASK_CHILD_CREATE,
78: /** delete an established CHILD_SA */
79: TASK_CHILD_DELETE,
80: /** rekey a CHILD_SA */
81: TASK_CHILD_REKEY,
82: /** IKEv1 main mode */
83: TASK_MAIN_MODE,
84: /** IKEv1 aggressive mode */
85: TASK_AGGRESSIVE_MODE,
86: /** IKEv1 informational exchange */
87: TASK_INFORMATIONAL,
88: /** IKEv1 delete using an informational */
89: TASK_ISAKMP_DELETE,
90: /** IKEv1 XAUTH authentication */
91: TASK_XAUTH,
92: /** IKEv1 Mode Config */
93: TASK_MODE_CONFIG,
94: /** IKEv1 quick mode */
95: TASK_QUICK_MODE,
96: /** IKEv1 delete of a quick mode SA */
97: TASK_QUICK_DELETE,
98: /** IKEv1 vendor ID payload handling */
99: TASK_ISAKMP_VENDOR,
100: /** IKEv1 NAT detection */
101: TASK_ISAKMP_NATD,
102: /** IKEv1 DPD */
103: TASK_ISAKMP_DPD,
104: /** IKEv1 pre-authentication certificate handling */
105: TASK_ISAKMP_CERT_PRE,
106: /** IKEv1 post-authentication certificate handling */
107: TASK_ISAKMP_CERT_POST,
108: };
109:
110: /**
111: * enum names for task_type_t.
112: */
113: extern enum_name_t *task_type_names;
114:
115: /**
116: * Interface for a task, an operation handled within exchanges.
117: *
118: * A task is an elementary operation. It may be handled by a single or by
119: * multiple exchanges. An exchange may even complete multiple tasks.
120: * A task has a build() and an process() operation. The build() operation
121: * creates payloads and adds it to the message. The process() operation
122: * inspects a message and handles its payloads. An initiator of an exchange
123: * first calls build() to build the request, and processes the response message
124: * with the process() method.
125: * A responder does the opposite; it calls process() first to handle an incoming
126: * request and secondly calls build() to build an appropriate response.
127: * Both methods return either SUCCESS, NEED_MORE or FAILED. A SUCCESS indicates
128: * that the task completed, even when the task completed unsuccessfully. The
129: * manager then removes the task from the list. A NEED_MORE is returned when
130: * the task needs further build()/process() calls to complete, the manager
131: * leaves the task in the queue. A returned FAILED indicates a critical failure.
132: * The manager closes the IKE_SA whenever a task returns FAILED.
133: */
134: struct task_t {
135:
136: /**
137: * Build a request or response message for this task.
138: *
139: * @param message message to add payloads to
140: * @return
141: * - FAILED if a critical error occurred
142: * - DESTROY_ME if IKE_SA has been properly deleted
143: * - NEED_MORE if another call to build/process needed
144: * - ALREADY_DONE to cancel task processing
145: * - SUCCESS if task completed
146: */
147: status_t (*build) (task_t *this, message_t *message);
148:
149: /**
150: * Process a request or response message for this task.
151: *
152: * @param message message to read payloads from
153: * @return
154: * - FAILED if a critical error occurred
155: * - DESTROY_ME if IKE_SA has been properly deleted
156: * - NEED_MORE if another call to build/process needed
157: * - ALREADY_DONE to cancel task processing
158: * - SUCCESS if task completed
159: */
160: status_t (*process) (task_t *this, message_t *message);
161:
162: /**
163: * Verify a message before processing it (optional to implement by tasks).
164: *
165: * @param message message to verify
166: * @return
167: * - FAILED if verification is not successful, the
168: * message will be silently discarded
169: * - DESTROY_ME if IKE_SA has to be destroyed
170: * - SUCCESS if verification is successful
171: */
172: status_t (*pre_process) (task_t *this, message_t *message);
173:
174: /**
175: * Get the type of the task implementation.
176: */
177: task_type_t (*get_type) (task_t *this);
178:
179: /**
180: * Migrate a task to a new IKE_SA.
181: *
182: * After migrating a task, it goes back to a state where it can be
183: * used again to initiate an exchange. This is useful when a task
184: * has to get migrated to a new IKE_SA.
185: * A special usage is when a INVALID_KE_PAYLOAD is received. A call
186: * to reset resets the task, but uses another DH group for the next
187: * try.
188: * The ike_sa is the new IKE_SA this task belongs to and operates on.
189: *
190: * @param ike_sa new IKE_SA this task works for
191: */
192: void (*migrate) (task_t *this, ike_sa_t *ike_sa);
193:
194: /**
195: * Destroys a task_t object.
196: */
197: void (*destroy) (task_t *this);
198: };
199:
200: #endif /** TASK_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>