diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2009-09-04 15:48:30 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2009-09-04 15:48:30 +0200 |
| commit | 0755e98e5cdc61428da2b639d265c9bb52e41632 (patch) | |
| tree | 95ad8127f4cddc8ad0485891938fe442d4c8f14e | |
| parent | f4b975a65df9b2f2878f4be1df8821b84fa4b808 (diff) | |
| download | strongswan-0755e98e5cdc61428da2b639d265c9bb52e41632.tar.bz2 strongswan-0755e98e5cdc61428da2b639d265c9bb52e41632.tar.xz | |
Cleaned up some code of the mediation extension.
| -rw-r--r-- | src/charon/encoding/payloads/endpoint_notify.c | 12 | ||||
| -rw-r--r-- | src/charon/processing/jobs/initiate_mediation_job.c | 19 | ||||
| -rw-r--r-- | src/charon/processing/jobs/initiate_mediation_job.h | 5 | ||||
| -rw-r--r-- | src/charon/sa/connect_manager.c | 246 | ||||
| -rw-r--r-- | src/charon/sa/connect_manager.h | 73 | ||||
| -rw-r--r-- | src/charon/sa/mediation_manager.c | 22 | ||||
| -rw-r--r-- | src/charon/sa/mediation_manager.h | 17 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_init.c | 2 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_me.c | 184 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_me.h | 22 |
10 files changed, 342 insertions, 260 deletions
diff --git a/src/charon/encoding/payloads/endpoint_notify.c b/src/charon/encoding/payloads/endpoint_notify.c index 5b8848f11..faec1ea71 100644 --- a/src/charon/encoding/payloads/endpoint_notify.c +++ b/src/charon/encoding/payloads/endpoint_notify.c @@ -23,7 +23,6 @@ typedef struct private_endpoint_notify_t private_endpoint_notify_t; /** * Private data of an notify_payload_t object. - * */ struct private_endpoint_notify_t { /** @@ -65,7 +64,7 @@ struct private_endpoint_notify_t { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Family ! Type ! Port ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! IP Address (variable) + ! IP Address (variable) ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ @@ -136,15 +135,14 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid family"); return FAILED; } - this->family = (me_endpoint_family_t)family; - if (parse_uint8(&cur, top, &type) != SUCCESS || type >= MAX_TYPE) + if (parse_uint8(&cur, top, &type) != SUCCESS || + type == NO_TYPE || type >= MAX_TYPE) { DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid type"); return FAILED; } - this->type = (me_endpoint_type_t)type; addr_family = AF_INET; @@ -170,7 +168,6 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t } addr.ptr = cur; - this->endpoint = host_create_from_chunk(addr_family, addr, port); break; case NO_FAMILY: @@ -214,9 +211,8 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) /* data = prio | family | type | port | addr */ data = chunk_cat("ccccc", prio_chunk, family_chunk, type_chunk, - port_chunk, addr_chunk); + port_chunk, addr_chunk); DBG3(DBG_IKE, "me_endpoint_data %B", &data); - return data; } diff --git a/src/charon/processing/jobs/initiate_mediation_job.c b/src/charon/processing/jobs/initiate_mediation_job.c index d3828e190..3dc1b0dbf 100644 --- a/src/charon/processing/jobs/initiate_mediation_job.c +++ b/src/charon/processing/jobs/initiate_mediation_job.c @@ -181,7 +181,7 @@ static void reinitiate(private_initiate_mediation_job_t *this) peer_cfg_t *mediated_cfg; mediated_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, - this->mediated_sa_id); + this->mediated_sa_id); if (mediated_sa) { mediated_cfg = mediated_sa->get_peer_cfg(mediated_sa); @@ -189,22 +189,27 @@ static void reinitiate(private_initiate_mediation_job_t *this) charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediated_sa); mediation_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, - this->mediation_sa_id); + this->mediation_sa_id); if (mediation_sa) { - if (mediation_sa->initiate_mediation(mediation_sa, mediated_cfg) != SUCCESS) + if (mediation_sa->initiate_mediation(mediation_sa, + mediated_cfg) != SUCCESS) { DBG1(DBG_JOB, "initiating mediated connection '%s' failed", - mediated_cfg->get_name(mediated_cfg)); + mediated_cfg->get_name(mediated_cfg)); mediated_cfg->destroy(mediated_cfg); - charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, mediation_sa); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, + mediation_sa); mediated_sa = charon->ike_sa_manager->checkout( - charon->ike_sa_manager, this->mediated_sa_id); + charon->ike_sa_manager, + this->mediated_sa_id); if (mediated_sa) { DBG1(DBG_IKE, "establishing mediation connection failed"); charon->ike_sa_manager->checkin_and_destroy( - charon->ike_sa_manager, mediated_sa); + charon->ike_sa_manager, + mediated_sa); } destroy(this); return; diff --git a/src/charon/processing/jobs/initiate_mediation_job.h b/src/charon/processing/jobs/initiate_mediation_job.h index f23317941..fddb1dd7b 100644 --- a/src/charon/processing/jobs/initiate_mediation_job.h +++ b/src/charon/processing/jobs/initiate_mediation_job.h @@ -55,7 +55,8 @@ initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id); * @param mediated_sa_id identification of the mediated sa (gets cloned) * @return job object */ -initiate_mediation_job_t *reinitiate_mediation_job_create(ike_sa_id_t *mediation_sa_id, - ike_sa_id_t *mediated_sa_id); +initiate_mediation_job_t *reinitiate_mediation_job_create( + ike_sa_id_t *mediation_sa_id, + ike_sa_id_t *mediated_sa_id); #endif /** INITIATE_MEDIATION_JOB_H_ @}*/ diff --git a/src/charon/sa/connect_manager.c b/src/charon/sa/connect_manager.c index 2eebe4cfe..dac12d870 100644 --- a/src/charon/sa/connect_manager.c +++ b/src/charon/sa/connect_manager.c @@ -42,7 +42,6 @@ * the first check has succeeded */ #define ME_WAIT_TO_FINISH 1000 /* ms */ - typedef struct private_connect_manager_t private_connect_manager_t; /** @@ -70,7 +69,8 @@ struct private_connect_manager_t { linked_list_t *initiated; /** - * Linked list with checklists (hash table with connect ID as key would be better). + * Linked list with checklists (hash table with connect ID as key would + * be better). */ linked_list_t *checklists; }; @@ -138,9 +138,11 @@ static endpoint_pair_t *endpoint_pair_create(endpoint_notify_t *initiator, u_int32_t pr = responder->get_priority(responder); this->priority = pow(2, 32) * min(pi, pr) + 2 * max(pi, pr) + (pi > pr ? 1 : 0); - this->local = initiator_is_local ? initiator->get_base(initiator) : responder->get_base(responder); + this->local = initiator_is_local ? initiator->get_base(initiator) + : responder->get_base(responder); this->local = this->local->clone(this->local); - this->remote = initiator_is_local ? responder->get_host(responder) : initiator->get_host(initiator); + this->remote = initiator_is_local ? responder->get_host(responder) + : initiator->get_host(initiator); this->remote = this->remote->clone(this->remote); this->state = CHECK_WAITING; @@ -215,11 +217,13 @@ static void check_list_destroy(check_list_t *this) chunk_free(&this->initiator.key); chunk_free(&this->responder.key); - DESTROY_OFFSET_IF(this->initiator.endpoints, offsetof(endpoint_notify_t, destroy)); - DESTROY_OFFSET_IF(this->responder.endpoints, offsetof(endpoint_notify_t, destroy)); + DESTROY_OFFSET_IF(this->initiator.endpoints, + offsetof(endpoint_notify_t, destroy)); + DESTROY_OFFSET_IF(this->responder.endpoints, + offsetof(endpoint_notify_t, destroy)); DESTROY_FUNCTION_IF(this->pairs, (void*)endpoint_pair_destroy); - /* this list contains some of the same elements as contained in this->pairs */ + /* this list contains some of the elements contained in this->pairs */ DESTROY_IF(this->triggered); free(this); @@ -228,9 +232,12 @@ static void check_list_destroy(check_list_t *this) /** * Creates a new checklist */ -static check_list_t *check_list_create(identification_t *initiator, identification_t *responder, - chunk_t connect_id, chunk_t initiator_key, linked_list_t *initiator_endpoints, - bool is_initiator) +static check_list_t *check_list_create(identification_t *initiator, + identification_t *responder, + chunk_t connect_id, + chunk_t initiator_key, + linked_list_t *initiator_endpoints, + bool is_initiator) { check_list_t *this = malloc_thing(check_list_t); @@ -276,14 +283,16 @@ static void initiated_destroy(initiated_t *this) { DESTROY_IF(this->id); DESTROY_IF(this->peer_id); - this->mediated->destroy_offset(this->mediated, offsetof(ike_sa_id_t, destroy)); + this->mediated->destroy_offset(this->mediated, + offsetof(ike_sa_id_t, destroy)); free(this); } /** * Creates a queued initiation */ -static initiated_t *initiated_create(identification_t *id, identification_t *peer_id) +static initiated_t *initiated_create(identification_t *id, + identification_t *peer_id) { initiated_t *this = malloc_thing(initiated_t); @@ -385,7 +394,7 @@ static void callback_data_destroy(callback_data_t *this) * Creates a new callback data object */ static callback_data_t *callback_data_create(private_connect_manager_t *connect_manager, - chunk_t connect_id) + chunk_t connect_id) { callback_data_t *this = malloc_thing(callback_data_t); this->connect_manager = connect_manager; @@ -398,7 +407,7 @@ static callback_data_t *callback_data_create(private_connect_manager_t *connect_ * Creates a new retransmission data object */ static callback_data_t *retransmit_data_create(private_connect_manager_t *connect_manager, - chunk_t connect_id, u_int32_t mid) + chunk_t connect_id, u_int32_t mid) { callback_data_t *this = callback_data_create(connect_manager, connect_id); this->mid = mid; @@ -431,7 +440,8 @@ static void initiate_data_destroy(initiate_data_t *this) /** * Creates a new initiate data object */ -static initiate_data_t *initiate_data_create(check_list_t *checklist, initiated_t *initiated) +static initiate_data_t *initiate_data_create(check_list_t *checklist, + initiated_t *initiated) { initiate_data_t *this = malloc_thing(initiate_data_t); @@ -445,23 +455,26 @@ static initiate_data_t *initiate_data_create(check_list_t *checklist, initiated_ * Find an initiated connection by the peers' ids */ static bool match_initiated_by_ids(initiated_t *current, identification_t *id, - identification_t *peer_id) + identification_t *peer_id) { return id->equals(id, current->id) && peer_id->equals(peer_id, current->peer_id); } static status_t get_initiated_by_ids(private_connect_manager_t *this, - identification_t *id, identification_t *peer_id, initiated_t **initiated) + identification_t *id, + identification_t *peer_id, + initiated_t **initiated) { return this->initiated->find_first(this->initiated, - (linked_list_match_t)match_initiated_by_ids, - (void**)initiated, id, peer_id); + (linked_list_match_t)match_initiated_by_ids, + (void**)initiated, id, peer_id); } /** * Removes data about initiated connections */ -static void remove_initiated(private_connect_manager_t *this, initiated_t *initiated) +static void remove_initiated(private_connect_manager_t *this, + initiated_t *initiated) { iterator_t *iterator; initiated_t *current; @@ -487,17 +500,19 @@ static bool match_checklist_by_id(check_list_t *current, chunk_t *connect_id) } static status_t get_checklist_by_id(private_connect_manager_t *this, - chunk_t connect_id, check_list_t **check_list) + chunk_t connect_id, + check_list_t **check_list) { return this->checklists->find_first(this->checklists, - (linked_list_match_t)match_checklist_by_id, - (void**)check_list, &connect_id); + (linked_list_match_t)match_checklist_by_id, + (void**)check_list, &connect_id); } /** * Removes a checklist */ -static void remove_checklist(private_connect_manager_t *this, check_list_t *checklist) +static void remove_checklist(private_connect_manager_t *this, + check_list_t *checklist) { iterator_t *iterator; check_list_t *current; @@ -522,15 +537,16 @@ static bool match_endpoint_by_host(endpoint_notify_t *current, host_t *host) return host->equals(host, current->get_host(current)); } -static status_t endpoints_contain(linked_list_t *endpoints, host_t *host, endpoint_notify_t **endpoint) +static status_t endpoints_contain(linked_list_t *endpoints, host_t *host, + endpoint_notify_t **endpoint) { return endpoints->find_first(endpoints, - (linked_list_match_t)match_endpoint_by_host, - (void**)endpoint, host); + (linked_list_match_t)match_endpoint_by_host, + (void**)endpoint, host); } /** - * Inserts an endpoint pair into the list of pairs ordered by priority (high to low) + * Inserts an endpoint pair into a list of pairs ordered by priority (high to low) */ static void insert_pair_by_priority(linked_list_t *pairs, endpoint_pair_t *pair) { @@ -559,16 +575,17 @@ static void insert_pair_by_priority(linked_list_t *pairs, endpoint_pair_t *pair) /** * Searches a list of endpoint_pair_t for a pair with specific host_ts */ -static bool match_pair_by_hosts(endpoint_pair_t *current, host_t *local, host_t *remote) +static bool match_pair_by_hosts(endpoint_pair_t *current, host_t *local, + host_t *remote) { return local->equals(local, current->local) && remote->equals(remote, current->remote); } -static status_t get_pair_by_hosts(linked_list_t *pairs, host_t *local, host_t *remote, endpoint_pair_t **pair) +static status_t get_pair_by_hosts(linked_list_t *pairs, host_t *local, + host_t *remote, endpoint_pair_t **pair) { - return pairs->find_first(pairs, - (linked_list_match_t)match_pair_by_hosts, - (void**)pair, local, remote); + return pairs->find_first(pairs, (linked_list_match_t)match_pair_by_hosts, + (void**)pair, local, remote); } static bool match_pair_by_id(endpoint_pair_t *current, u_int32_t *id) @@ -579,11 +596,12 @@ static bool match_pair_by_id(endpoint_pair_t *current, u_int32_t *id) /** * Searches for a pair with a specific id */ -static status_t get_pair_by_id(check_list_t *checklist, u_int32_t id, endpoint_pair_t **pair) +static status_t get_pair_by_id(check_list_t *checklist, u_int32_t id, + endpoint_pair_t **pair) { return checklist->pairs->find_first(checklist->pairs, - (linked_list_match_t)match_pair_by_id, - (void**)pair, &id); + (linked_list_match_t)match_pair_by_id, + (void**)pair, &id); } static bool match_succeeded_pair(endpoint_pair_t *current) @@ -594,11 +612,12 @@ static bool match_succeeded_pair(endpoint_pair_t *current) /** * Returns the best pair of state CHECK_SUCCEEDED from a checklist. */ -static status_t get_best_valid_pair(check_list_t *checklist, endpoint_pair_t **pair) +static status_t get_best_valid_pair(check_list_t *checklist, + endpoint_pair_t **pair) { return checklist->pairs->find_first(checklist->pairs, - (linked_list_match_t)match_succeeded_pair, - (void**)pair); + (linked_list_match_t)match_succeeded_pair, + (void**)pair); } static bool match_waiting_pair(endpoint_pair_t *current) @@ -609,7 +628,8 @@ static bool match_waiting_pair(endpoint_pair_t *current) /** * Returns and *removes* the first triggered pair in state CHECK_WAITING. */ -static status_t get_triggered_pair(check_list_t *checklist, endpoint_pair_t **pair) +static status_t get_triggered_pair(check_list_t *checklist, + endpoint_pair_t **pair) { iterator_t *iterator; endpoint_pair_t *current; @@ -648,7 +668,7 @@ static void print_checklist(check_list_t *checklist) while (iterator->iterate(iterator, (void**)¤t)) { DBG1(DBG_IKE, " * %#H - %#H (%d)", current->local, current->remote, - current->priority); + current->priority); } iterator->destroy(iterator); } @@ -677,14 +697,14 @@ static void prune_pairs(linked_list_t *pairs) } if (current->local->equals(current->local, other->local) && - current->remote->equals(current->remote, other->remote)) + current->remote->equals(current->remote, other->remote)) { /* since the list of pairs is sorted by priority in descending * order, and we iterate the list from the beginning, we are * sure that the priority of 'other' is lower than that of * 'current', remove it */ DBG1(DBG_IKE, "pruning endpoint pair %#H - %#H with priority %d", - other->local, other->remote, other->priority); + other->local, other->remote, other->priority); search->remove(search); endpoint_pair_destroy(other); } @@ -704,10 +724,12 @@ static void build_pairs(check_list_t *checklist) iterator_t *iterator_i, *iterator_r; endpoint_notify_t *initiator, *responder; - iterator_i = checklist->initiator.endpoints->create_iterator(checklist->initiator.endpoints, TRUE); + iterator_i = checklist->initiator.endpoints->create_iterator( + checklist->initiator.endpoints, TRUE); while (iterator_i->iterate(iterator_i, (void**)&initiator)) { - iterator_r = checklist->responder.endpoints->create_iterator(checklist->responder.endpoints, TRUE); + iterator_r = checklist->responder.endpoints->create_iterator( + checklist->responder.endpoints, TRUE); while (iterator_r->iterate(iterator_r, (void**)&responder)) { if (initiator->get_family(initiator) != responder->get_family(responder)) @@ -715,8 +737,8 @@ static void build_pairs(check_list_t *checklist) continue; } - insert_pair_by_priority(checklist->pairs, - endpoint_pair_create(initiator, responder, checklist->is_initiator)); + insert_pair_by_priority(checklist->pairs, endpoint_pair_create( + initiator, responder, checklist->is_initiator)); } iterator_r->destroy(iterator_r); } @@ -741,7 +763,8 @@ static status_t process_payloads(message_t *message, check_t *check) if (payload->get_type(payload) != NOTIFY) { DBG1(DBG_IKE, "ignoring payload of type '%N' while processing " - "connectivity check", payload_type_names, payload->get_type(payload)); + "connectivity check", payload_type_names, + payload->get_type(payload)); continue; } @@ -753,7 +776,8 @@ static status_t process_payloads(message_t *message, check_t *check) { if (check->endpoint) { - DBG1(DBG_IKE, "connectivity check contains multiple ME_ENDPOINT notifies"); + DBG1(DBG_IKE, "connectivity check contains multiple " + "ME_ENDPOINT notifies"); break; } @@ -772,7 +796,8 @@ static status_t process_payloads(message_t *message, check_t *check) { if (check->connect_id.ptr) { - DBG1(DBG_IKE, "connectivity check contains multiple ME_CONNECTID notifies"); + DBG1(DBG_IKE, "connectivity check contains multiple " + "ME_CONNECTID notifies"); break; } check->connect_id = chunk_clone(notify->get_notification_data(notify)); @@ -783,7 +808,8 @@ static status_t process_payloads(message_t *message, check_t *check) { if (check->auth.ptr) { - DBG1(DBG_IKE, "connectivity check contains multiple ME_CONNECTAUTH notifies"); + DBG1(DBG_IKE, "connectivity check contains multiple " + "ME_CONNECTAUTH notifies"); break; } check->auth = chunk_clone(notify->get_notification_data(notify)); @@ -798,7 +824,8 @@ static status_t process_payloads(message_t *message, check_t *check) if (!check->connect_id.ptr || !check->endpoint || !check->auth.ptr) { - DBG1(DBG_IKE, "at least one payload was missing from the connectivity check"); + DBG1(DBG_IKE, "at least one required payload was missing from the " + "connectivity check"); return FAILED; } @@ -822,7 +849,8 @@ static chunk_t build_signature(private_connect_manager_t *this, ? checklist->initiator.key : checklist->responder.key; /* signature = SHA1( MID | ME_CONNECTID | ME_ENDPOINT | ME_CONNECTKEY ) */ - sig_chunk = chunk_cat("cccc", mid_chunk, check->connect_id, check->endpoint_raw, key_chunk); + sig_chunk = chunk_cat("cccc", mid_chunk, check->connect_id, + check->endpoint_raw, key_chunk); this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash); DBG3(DBG_IKE, "sig_chunk %#B", &sig_chunk); DBG3(DBG_IKE, "sig_hash %#B", &sig_hash); @@ -848,8 +876,8 @@ static job_requeue_t initiator_finish(callback_data_t *data) check_list_t *checklist; if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) { - DBG1(DBG_IKE, "checklist with id '%#B' not found, can't finish connectivity checks", - &data->connect_id); + DBG1(DBG_IKE, "checklist with id '%#B' not found, can't finish " + "connectivity checks", &data->connect_id); this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } @@ -864,7 +892,8 @@ static job_requeue_t initiator_finish(callback_data_t *data) /** * Updates the state of the whole checklist */ -static void update_checklist_state(private_connect_manager_t *this, check_list_t *checklist) +static void update_checklist_state(private_connect_manager_t *this, + check_list_t *checklist) { iterator_t *iterator; endpoint_pair_t *current; @@ -898,7 +927,8 @@ static void update_checklist_state(private_connect_manager_t *this, check_list_t * retransmissions have failed) the initiator finishes the checks * right after the first check has succeeded. to allow a probably * better pair to succeed, we still wait a certain time */ - DBG2(DBG_IKE, "fast finishing checks for checklist '%#B'", &checklist->connect_id); + DBG2(DBG_IKE, "fast finishing checks for checklist '%#B'", + &checklist->connect_id); callback_data_t *data = callback_data_create(this, checklist->connect_id); job_t *job = (job_t*)callback_job_create((callback_job_cb_t)initiator_finish, data, (callback_job_cleanup_t)callback_data_destroy, NULL); @@ -932,8 +962,8 @@ static job_requeue_t retransmit(callback_data_t *data) check_list_t *checklist; if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) { - DBG1(DBG_IKE, "checklist with id '%#B' not found, can't retransmit connectivity check", - &data->connect_id); + DBG1(DBG_IKE, "checklist with id '%#B' not found, can't retransmit " + "connectivity check", &data->connect_id); this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } @@ -941,22 +971,22 @@ static job_requeue_t retransmit(callback_data_t *data) endpoint_pair_t *pair; if (get_pair_by_id(checklist, data->mid, &pair) != SUCCESS) { - DBG1(DBG_IKE, "pair with id '%d' not found, can't retransmit connectivity check", - data->mid); + DBG1(DBG_IKE, "pair with id '%d' not found, can't retransmit " + "connectivity check", data->mid); goto retransmit_end; } if (pair->state != CHECK_IN_PROGRESS) { - DBG2(DBG_IKE, "pair with id '%d' is in wrong state [%d], don't retransmit the connectivity check", - data->mid, pair->state); + DBG2(DBG_IKE, "pair with id '%d' is in wrong state [%d], don't " + "retransmit the connectivity check", data->mid, pair->state); goto retransmit_end; } if (++pair->retransmitted > ME_MAX_RETRANS) { DBG2(DBG_IKE, "pair with id '%d' failed after %d retransmissions", - data->mid, ME_MAX_RETRANS); + data->mid, ME_MAX_RETRANS); pair->state = CHECK_FAILED; goto retransmit_end; } @@ -998,7 +1028,8 @@ static void queue_retransmission(private_connect_manager_t *this, check_list_t * { rto = (u_int32_t)(ME_INTERVAL * pow(ME_RETRANS_BASE, retransmission - ME_BOOST)); } - DBG2(DBG_IKE, "scheduling retransmission %d of pair '%d' in %dms", retransmission, pair->id, rto); + DBG2(DBG_IKE, "scheduling retransmission %d of pair '%d' in %dms", + retransmission, pair->id, rto); charon->scheduler->schedule_job_ms(charon->scheduler, (job_t*)job, rto); } @@ -1081,8 +1112,8 @@ static job_requeue_t sender(callback_data_t *data) check_list_t *checklist; if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) { - DBG1(DBG_IKE, "checklist with id '%#B' not found, can't send connectivity check", - &data->connect_id); + DBG1(DBG_IKE, "checklist with id '%#B' not found, can't send " + "connectivity check", &data->connect_id); this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } @@ -1096,7 +1127,8 @@ static job_requeue_t sender(callback_data_t *data) DBG1(DBG_IKE, "no triggered check queued, sending an ordinary check"); if (checklist->pairs->find_first(checklist->pairs, - (linked_list_match_t)match_waiting_pair, (void**)&pair) != SUCCESS) + (linked_list_match_t)match_waiting_pair, + (void**)&pair) != SUCCESS) { this->mutex->unlock(this->mutex); DBG1(DBG_IKE, "no pairs in waiting state, aborting"); @@ -1194,8 +1226,8 @@ static void finish_checks(private_connect_manager_t *this, check_list_t *checkli } else { - DBG1(DBG_IKE, "there is no mediated connection waiting between '%Y' " - "and '%Y'", checklist->initiator.id, checklist->responder.id); + DBG1(DBG_IKE, "there is no mediated connection waiting between '%Y'" + " and '%Y'", checklist->initiator.id, checklist->responder.id); } } } @@ -1210,10 +1242,10 @@ static void process_response(private_connect_manager_t *this, check_t *check, if (get_pair_by_id(checklist, check->mid, &pair) == SUCCESS) { if (pair->local->equals(pair->local, check->dst) && - pair->remote->equals(pair->remote, check->src)) + pair->remote->equals(pair->remote, check->src)) { - DBG1(DBG_IKE, "endpoint pair '%d' is valid: '%#H' - '%#H'", pair->id, - pair->local, pair->remote); + DBG1(DBG_IKE, "endpoint pair '%d' is valid: '%#H' - '%#H'", + pair->id, pair->local, pair->remote); pair->state = CHECK_SUCCEEDED; } @@ -1222,11 +1254,13 @@ static void process_response(private_connect_manager_t *this, check_t *check, endpoint_notify_t *local_endpoint; if (endpoints_contain(local_endpoints, - check->endpoint->get_host(check->endpoint), &local_endpoint) != SUCCESS) + check->endpoint->get_host(check->endpoint), + &local_endpoint) != SUCCESS) { local_endpoint = endpoint_notify_create_from_host(PEER_REFLEXIVE, check->endpoint->get_host(check->endpoint), pair->local); - local_endpoint->set_priority(local_endpoint, check->endpoint->get_priority(check->endpoint)); + local_endpoint->set_priority(local_endpoint, + check->endpoint->get_priority(check->endpoint)); local_endpoints->insert_last(local_endpoints, local_endpoint); } @@ -1249,14 +1283,16 @@ static void process_response(private_connect_manager_t *this, check_t *check, } static void process_request(private_connect_manager_t *this, check_t *check, - check_list_t *checklist) + check_list_t *checklist) { linked_list_t *remote_endpoints = checklist->is_initiator ? checklist->responder.endpoints : checklist->initiator.endpoints; endpoint_notify_t *peer_reflexive, *remote_endpoint; - peer_reflexive = endpoint_notify_create_from_host(PEER_REFLEXIVE, check->src, NULL); - peer_reflexive->set_priority(peer_reflexive, check->endpoint->get_priority(check->endpoint)); + peer_reflexive = endpoint_notify_create_from_host(PEER_REFLEXIVE, + check->src, NULL); + peer_reflexive->set_priority(peer_reflexive, + check->endpoint->get_priority(check->endpoint)); if (endpoints_contain(remote_endpoints, check->src, &remote_endpoint) != SUCCESS) { @@ -1265,15 +1301,17 @@ static void process_request(private_connect_manager_t *this, check_t *check, } endpoint_pair_t *pair; - if (get_pair_by_hosts(checklist->pairs, check->dst, check->src, &pair) == SUCCESS) + if (get_pair_by_hosts(checklist->pairs, check->dst, check->src, + &pair) == SUCCESS) { switch(pair->state) { case CHECK_IN_PROGRESS: /* prevent retransmissions */ pair->retransmitted = ME_MAX_RETRANS; - /* FIXME: we should wait to the next rto to send the triggered check - * fall-through */ + /* FIXME: we should wait to the next rto to send the triggered + * check */ + /* fall-through */ case CHECK_WAITING: case CHECK_FAILED: queue_triggered_check(this, checklist, pair); @@ -1300,7 +1338,6 @@ static void process_request(private_connect_manager_t *this, check_t *check, local_endpoint->destroy(local_endpoint); } - check_t *response = check_create(); response->mid = check->mid; @@ -1338,7 +1375,7 @@ static void process_check(private_connect_manager_t *this, message_t *message) if (process_payloads(message, check) != SUCCESS) { DBG1(DBG_IKE, "invalid connectivity check %s received", - message->get_request(message) ? "request" : "response"); + message->get_request(message) ? "request" : "response"); check_destroy(check); return; } @@ -1349,7 +1386,7 @@ static void process_check(private_connect_manager_t *this, message_t *message) if (get_checklist_by_id(this, check->connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' not found", - &check->connect_id); + &check->connect_id); check_destroy(check); this->mutex->unlock(this->mutex); return; @@ -1394,16 +1431,19 @@ static bool check_and_register(private_connect_manager_t *this, if (get_initiated_by_ids(this, id, peer_id, &initiated) != SUCCESS) { - DBG2(DBG_IKE, "registered waiting mediated connection with '%Y'", peer_id); + DBG2(DBG_IKE, "registered waiting mediated connection with '%Y'", + peer_id); initiated = initiated_create(id, peer_id); this->initiated->insert_last(this->initiated, initiated); already_there = FALSE; } if (initiated->mediated->find_first(initiated->mediated, - (linked_list_match_t)mediated_sa->equals, NULL, mediated_sa) != SUCCESS) + (linked_list_match_t)mediated_sa->equals, + NULL, mediated_sa) != SUCCESS) { - initiated->mediated->insert_last(initiated->mediated, mediated_sa->clone(mediated_sa)); + initiated->mediated->insert_last(initiated->mediated, + mediated_sa->clone(mediated_sa)); } this->mutex->unlock(this->mutex); @@ -1414,8 +1454,9 @@ static bool check_and_register(private_connect_manager_t *this, /** * Implementation of connect_manager_t.check_and_initiate. */ -static void check_and_initiate(private_connect_manager_t *this, ike_sa_id_t *mediation_sa, - identification_t *id, identification_t *peer_id) +static void check_and_initiate(private_connect_manager_t *this, + ike_sa_id_t *mediation_sa, identification_t *id, + identification_t *peer_id) { initiated_t *initiated; @@ -1429,10 +1470,12 @@ static void check_and_initiate(private_connect_manager_t *this, ike_sa_id_t *med } ike_sa_id_t *waiting_sa; - iterator_t *iterator = initiated->mediated->create_iterator(initiated->mediated, TRUE); + iterator_t *iterator = initiated->mediated->create_iterator( + initiated->mediated, TRUE); while (iterator->iterate(iterator, (void**)&waiting_sa)) { - job_t *job = (job_t*)reinitiate_mediation_job_create(mediation_sa, waiting_sa); + job_t *job = (job_t*)reinitiate_mediation_job_create(mediation_sa, + waiting_sa); charon->processor->queue_job(charon->processor, job); } iterator->destroy(iterator); @@ -1444,8 +1487,10 @@ static void check_and_initiate(private_connect_manager_t *this, ike_sa_id_t *med * Implementation of connect_manager_t.set_initiator_data. */ static status_t set_initiator_data(private_connect_manager_t *this, - identification_t *initiator, identification_t *responder, - chunk_t connect_id, chunk_t key, linked_list_t *endpoints, bool is_initiator) + identification_t *initiator, + identification_t *responder, + chunk_t connect_id, chunk_t key, + linked_list_t *endpoints, bool is_initiator) { check_list_t *checklist; @@ -1454,12 +1499,13 @@ static status_t set_initiator_data(private_connect_manager_t *this, if (get_checklist_by_id(this, connect_id, NULL) == SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' already exists, aborting", - &connect_id); + &connect_id); this->mutex->unlock(this->mutex); return FAILED; } - checklist = check_list_create(initiator, responder, connect_id, key, endpoints, is_initiator); + checklist = check_list_create(initiator, responder, connect_id, key, + endpoints, is_initiator); this->checklists->insert_last(this->checklists, checklist); this->mutex->unlock(this->mutex); @@ -1471,7 +1517,8 @@ static status_t set_initiator_data(private_connect_manager_t *this, * Implementation of connect_manager_t.set_responder_data. */ static status_t set_responder_data(private_connect_manager_t *this, - chunk_t connect_id, chunk_t key, linked_list_t *endpoints) + chunk_t connect_id, chunk_t key, + linked_list_t *endpoints) { check_list_t *checklist; @@ -1480,13 +1527,14 @@ static status_t set_responder_data(private_connect_manager_t *this, if (get_checklist_by_id(this, connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' not found", - &connect_id); + &connect_id); this->mutex->unlock(this->mutex); return NOT_FOUND; } checklist->responder.key = chunk_clone(key); - checklist->responder.endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); + checklist->responder.endpoints = endpoints->clone_offset(endpoints, + offsetof(endpoint_notify_t, clone)); checklist->state = CHECK_WAITING; build_pairs(checklist); @@ -1511,7 +1559,7 @@ static status_t stop_checks(private_connect_manager_t *this, chunk_t connect_id) if (get_checklist_by_id(this, connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' not found", - &connect_id); + &connect_id); this->mutex->unlock(this->mutex); return NOT_FOUND; } diff --git a/src/charon/sa/connect_manager.h b/src/charon/sa/connect_manager.h index d21b5af28..8fa8ff697 100644 --- a/src/charon/sa/connect_manager.h +++ b/src/charon/sa/connect_manager.h @@ -37,71 +37,76 @@ struct connect_manager_t { * Checks if a there is already a mediated connection registered * between two peers. * - * @param id my id - * @param peer_id the other peer's id - * @param mediated_sa the IKE_SA ID of the mediated connection + * @param id my id + * @param peer_id the other peer's id + * @param mediated_sa the IKE_SA ID of the mediated connection * @returns - * - TRUE, if there was already a mediated connection registered - * - FALSE, otherwise + * - TRUE, if a mediated connection is registered + * - FALSE, otherwise */ - bool (*check_and_register) (connect_manager_t *this, - identification_t *id, identification_t *peer_id, ike_sa_id_t *mediated_sa); + bool (*check_and_register) (connect_manager_t *this, identification_t *id, + identification_t *peer_id, + ike_sa_id_t *mediated_sa); /** * Checks if there are waiting connections with a specific peer. * If so, reinitiate them. * - * @param id my id - * @param peer_id the other peer's id + * @param id my id + * @param peer_id the other peer's id */ - void (*check_and_initiate) (connect_manager_t *this, ike_sa_id_t *mediation_sa, - identification_t *id, identification_t *peer_id); + void (*check_and_initiate) (connect_manager_t *this, + ike_sa_id_t *mediation_sa, identification_t *id, + identification_t *peer_id); /** * Creates a checklist and sets the initiator's data. * - * @param initiator ID of the initiator - * @param responder ID of the responder - * @param connect_id the connect ID provided by the initiator - * @param key the initiator's key - * @param endpoints the initiator's endpoints - * @param is_initiator TRUE, if the caller of this method is the initiator - * FALSE, otherwise - * @returns SUCCESS + * @param initiator ID of the initiator + * @param responder ID of the responder + * @param connect_id the connect ID provided by the initiator + * @param key the initiator's key + * @param endpoints the initiator's endpoints + * @param is_initiator TRUE, if the caller of this method is the initiator + * @returns SUCCESS */ status_t (*set_initiator_data) (connect_manager_t *this, - identification_t *initiator, identification_t *responder, - chunk_t connect_id, chunk_t key, linked_list_t *endpoints, bool is_initiator); + identification_t *initiator, + identification_t *responder, + chunk_t connect_id, chunk_t key, + linked_list_t *endpoints, + bool is_initiator); /** * Updates a checklist and sets the responder's data. The checklist's * state is advanced to WAITING which means that checks will be sent. * - * @param connect_id the connect ID - * @param chunk_t the responder's key - * @param endpoints the responder's endpoints + * @param connect_id the connect ID + * @param chunk_t the responder's key + * @param endpoints the responder's endpoints * @returns - * - NOT_FOUND, if the checklist has not been found - * - SUCCESS, otherwise + * - NOT_FOUND, if the checklist has not been found + * - SUCCESS, otherwise */ status_t (*set_responder_data) (connect_manager_t *this, - chunk_t connect_id, chunk_t key, linked_list_t *endpoints); + chunk_t connect_id, chunk_t key, + linked_list_t *endpoints); /** - * Stops checks for a checklist. Used after the responder received an IKE_SA_INIT - * request which contains a ME_CONNECTID payload. + * Stops checks for a checklist. Called after the responder received an + * IKE_SA_INIT request which contains a ME_CONNECTID payload. * - * @param connect_id the connect ID + * @param connect_id the connect ID * @returns - * - NOT_FOUND, if the checklist has not been found - * - SUCCESS, otherwise + * - NOT_FOUND, if the checklist has not been found + * - SUCCESS, otherwise */ status_t (*stop_checks) (connect_manager_t *this, chunk_t connect_id); /** * Processes a connectivity check * - * @param message the received message + * @param message the received message */ void (*process_check) (connect_manager_t *this, message_t *message); @@ -114,7 +119,7 @@ struct connect_manager_t { /** * Create a manager. * - * @returns connect_manager_t object + * @returns connect_manager_t object */ connect_manager_t *connect_manager_create(void); diff --git a/src/charon/sa/mediation_manager.c b/src/charon/sa/mediation_manager.c index 89ff8c9bd..2b05df1f4 100644 --- a/src/charon/sa/mediation_manager.c +++ b/src/charon/sa/mediation_manager.c @@ -20,7 +20,6 @@ #include <utils/linked_list.h> #include <processing/jobs/mediation_job.h> - typedef struct peer_t peer_t; /** @@ -44,7 +43,8 @@ static void peer_destroy(peer_t *this) { DESTROY_IF(this->id); DESTROY_IF(this->ike_sa_id); - this->requested_by->destroy_offset(this->requested_by, offsetof(identification_t, destroy)); + this->requested_by->destroy_offset(this->requested_by, + offsetof(identification_t, destroy)); free(this); } @@ -63,7 +63,6 @@ static peer_t *peer_create(identification_t *id, ike_sa_id_t* ike_sa_id) return this; } - typedef struct private_mediation_manager_t private_mediation_manager_t; /** @@ -105,14 +104,15 @@ static void register_peer(peer_t *peer, identification_t *peer_id) } iterator->destroy(iterator); - peer->requested_by->insert_last(peer->requested_by, peer_id->clone(peer_id)); + peer->requested_by->insert_last(peer->requested_by, + peer_id->clone(peer_id)); } /** * Get a peer_t object by a peer's id */ static status_t get_peer_by_id(private_mediation_manager_t *this, - identification_t *id, peer_t **peer) + identification_t *id, peer_t **peer) { iterator_t *iterator; peer_t *current; @@ -141,7 +141,8 @@ static status_t get_peer_by_id(private_mediation_manager_t *this, * and then remove peers completely that are not online and have no registered * peers. */ -static void unregister_peer(private_mediation_manager_t *this, identification_t *peer_id) +static void unregister_peer(private_mediation_manager_t *this, + identification_t *peer_id) { iterator_t *iterator, *iterator_r; peer_t *peer; @@ -150,7 +151,8 @@ static void unregister_peer(private_mediation_manager_t *this, identification_t iterator = this->peers->create_iterator(this->peers, TRUE); while (iterator->iterate(iterator, (void**)&peer)) { - iterator_r = peer->requested_by->create_iterator(peer->requested_by, TRUE); + iterator_r = peer->requested_by->create_iterator(peer->requested_by, + TRUE); while (iterator_r->iterate(iterator_r, (void**)®istered)) { if (peer_id->equals(peer_id, registered)) @@ -235,7 +237,8 @@ static void update_sa_id(private_mediation_manager_t *this, identification_t *pe /* send callbacks to registered peers */ identification_t *requester; - while(peer->requested_by->remove_last(peer->requested_by, (void**)&requester) == SUCCESS) + while(peer->requested_by->remove_last(peer->requested_by, + (void**)&requester) == SUCCESS) { job_t *job = (job_t*)mediation_callback_job_create(requester, peer_id); charon->processor->queue_job(charon->processor, job); @@ -290,7 +293,8 @@ static ike_sa_id_t *check_and_register(private_mediation_manager_t *this, if (!peer->ike_sa_id) { /* the peer is not online */ - DBG2(DBG_IKE, "requested peer '%Y' is offline, registering peer '%Y'", peer_id, requester); + DBG2(DBG_IKE, "requested peer '%Y' is offline, registering peer '%Y'", + peer_id, requester); register_peer(peer, requester); this->mutex->unlock(this->mutex); return NULL; diff --git a/src/charon/sa/mediation_manager.h b/src/charon/sa/mediation_manager.h index 60d2ccf76..31a16f69c 100644 --- a/src/charon/sa/mediation_manager.h +++ b/src/charon/sa/mediation_manager.h @@ -47,18 +47,18 @@ struct mediation_manager_t { * @param ike_sa_id the IKE_SA ID of the peer's SA */ void (*update_sa_id) (mediation_manager_t* this, identification_t *peer_id, - ike_sa_id_t *ike_sa_id); + ike_sa_id_t *ike_sa_id); /** * Checks if a specific peer is online. * * @param peer_id the peer's ID * @returns - * - IKE_SA ID of the peer's SA. - * - NULL, if the peer is not online. + * - IKE_SA ID of the peer's SA. + * - NULL, if the peer is not online. */ ike_sa_id_t* (*check) (mediation_manager_t* this, - identification_t *peer_id); + identification_t *peer_id); /** * Checks if a specific peer is online and registers the requesting @@ -67,11 +67,12 @@ struct mediation_manager_t { * @param peer_id the peer's ID * @param requester the requesters ID * @returns - * - IKE_SA ID of the peer's SA. - * - NULL, if the peer is not online. + * - IKE_SA ID of the peer's SA. + * - NULL, if the peer is not online. */ ike_sa_id_t* (*check_and_register) (mediation_manager_t* this, - identification_t *peer_id, identification_t *requester); + identification_t *peer_id, + identification_t *requester); /** * Destroys the manager with all data. @@ -82,7 +83,7 @@ struct mediation_manager_t { /** * Create a manager. * - * @returns mediation_manager_t object + * @returns mediation_manager_t object */ mediation_manager_t *mediation_manager_create(void); diff --git a/src/charon/sa/tasks/ike_init.c b/src/charon/sa/tasks/ike_init.c index 7968c265d..7e763181e 100644 --- a/src/charon/sa/tasks/ike_init.c +++ b/src/charon/sa/tasks/ike_init.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil diff --git a/src/charon/sa/tasks/ike_me.c b/src/charon/sa/tasks/ike_me.c index 0eb602b10..2d2847ae0 100644 --- a/src/charon/sa/tasks/ike_me.c +++ b/src/charon/sa/tasks/ike_me.c @@ -193,16 +193,19 @@ static void process_payloads(private_ike_me_t *this, message_t *message) } case ME_ENDPOINT: { - endpoint_notify_t *endpoint = endpoint_notify_create_from_payload(notify); + endpoint_notify_t *endpoint; + endpoint = endpoint_notify_create_from_payload(notify); if (!endpoint) { DBG1(DBG_IKE, "received invalid ME_ENDPOINT notify"); break; } - DBG1(DBG_IKE, "received %N ME_ENDPOINT %#H", me_endpoint_type_names, - endpoint->get_type(endpoint), endpoint->get_host(endpoint)); + DBG1(DBG_IKE, "received %N ME_ENDPOINT %#H", + me_endpoint_type_names, endpoint->get_type(endpoint), + endpoint->get_host(endpoint)); - this->remote_endpoints->insert_last(this->remote_endpoints, endpoint); + this->remote_endpoints->insert_last(this->remote_endpoints, + endpoint); break; } case ME_CALLBACK: @@ -263,7 +266,9 @@ static status_t build_i(private_ike_me_t *this, message_t *message) { if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE)) { - endpoint_notify_t *endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE, NULL, NULL); + endpoint_notify_t *endpoint; + endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE, + NULL, NULL); message->add_payload(message, (payload_t*)endpoint->build_notify(endpoint)); endpoint->destroy(endpoint); } @@ -271,10 +276,10 @@ static status_t build_i(private_ike_me_t *this, message_t *message) } case ME_CONNECT: { - id_payload_t *id_payload; rng_t *rng; - - id_payload = id_payload_create_from_identification(ID_PEER, this->peer_id); + id_payload_t *id_payload; + id_payload = id_payload_create_from_identification(ID_PEER, + this->peer_id); message->add_payload(message, (payload_t*)id_payload); rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); @@ -285,8 +290,8 @@ static status_t build_i(private_ike_me_t *this, message_t *message) } if (!this->response) { - /* only the initiator creates a connect ID. the responder returns - * the connect ID that it received from the initiator */ + /* only the initiator creates a connect ID. the responder + * returns the connect ID that it received from the initiator */ rng->allocate_bytes(rng, ME_CONNECTID_LEN, &this->connect_id); } rng->allocate_bytes(rng, ME_CONNECTKEY_LEN, &this->connect_key); @@ -301,7 +306,7 @@ static status_t build_i(private_ike_me_t *this, message_t *message) } else { - /* FIXME: should we make that configurable? */ + /* FIXME: should we make this configurable? */ message->add_notify(message, FALSE, ME_CALLBACK, chunk_empty); } @@ -328,7 +333,8 @@ static status_t process_r(private_ike_me_t *this, message_t *message) id_payload = (id_payload_t*)message->get_payload(message, ID_PEER); if (!id_payload) { - DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload" + ", aborting"); break; } this->peer_id = id_payload->get_identification(id_payload); @@ -343,21 +349,24 @@ static status_t process_r(private_ike_me_t *this, message_t *message) if (!this->connect_id.ptr) { - DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify" + ", aborting"); this->invalid_syntax = TRUE; break; } if (!this->connect_key.ptr) { - DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY " + "notify, aborting"); this->invalid_syntax = TRUE; break; } if (!this->remote_endpoints->get_count(this->remote_endpoints)) { - DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT payloads, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT " + "payloads, aborting"); this->invalid_syntax = TRUE; break; } @@ -388,7 +397,10 @@ static status_t build_r(private_ike_me_t *this, message_t *message) if (this->callback) { - charon->connect_manager->check_and_initiate(charon->connect_manager, + /* we got a callback from the mediation server, initiate the + * queued mediated connecction */ + charon->connect_manager->check_and_initiate( + charon->connect_manager, this->ike_sa->get_id(this->ike_sa), this->ike_sa->get_my_id(this->ike_sa), this->peer_id); return SUCCESS; @@ -399,19 +411,22 @@ static status_t build_r(private_ike_me_t *this, message_t *message) /* FIXME: handle result of set_responder_data * as initiator, upon receiving a response from another peer, * update the checklist and start sending checks */ - charon->connect_manager->set_responder_data(charon->connect_manager, - this->connect_id, this->connect_key, this->remote_endpoints); + charon->connect_manager->set_responder_data( + charon->connect_manager, + this->connect_id, this->connect_key, + this->remote_endpoints); } else { /* FIXME: handle result of set_initiator_data * as responder, create a checklist with the initiator's data */ - charon->connect_manager->set_initiator_data(charon->connect_manager, + charon->connect_manager->set_initiator_data( + charon->connect_manager, this->peer_id, this->ike_sa->get_my_id(this->ike_sa), - this->connect_id, this->connect_key, this->remote_endpoints, - FALSE); + this->connect_id, this->connect_key, + this->remote_endpoints, FALSE); if (this->ike_sa->respond(this->ike_sa, this->peer_id, - this->connect_id) != SUCCESS) + this->connect_id) != SUCCESS) { return FAILED; } @@ -434,13 +449,11 @@ static status_t process_i(private_ike_me_t *this, message_t *message) case IKE_SA_INIT: { process_payloads(this, message); - if (!this->mediation) { DBG1(DBG_IKE, "server did not return a ME_MEDIATION, aborting"); return FAILED; } - return NEED_MORE; } case IKE_AUTH: @@ -455,12 +468,9 @@ static status_t process_i(private_ike_me_t *this, message_t *message) { /* FIXME: should we accept this endpoint even if we did not send * a request? */ host_t *endpoint = reflexive->get_host(reflexive); - - this->ike_sa->set_server_reflexive_host(this->ike_sa, endpoint->clone(endpoint)); + endpoint = endpoint->clone(endpoint); + this->ike_sa->set_server_reflexive_host(this->ike_sa, endpoint); } - /* FIXME: what if it failed? e.g. AUTH failure */ - DBG1(DBG_IKE, "established mediation connection successfully"); - break; } case ME_CONNECT: @@ -476,21 +486,25 @@ static status_t process_i(private_ike_me_t *this, message_t *message) { if (this->response) { - /* FIXME: handle result of set_responder_data. - * as responder, we update the checklist and start sending checks */ - charon->connect_manager->set_responder_data(charon->connect_manager, - this->connect_id, this->connect_key, this->local_endpoints); + /* FIXME: handle result of set_responder_data. */ + /* as responder, we update the checklist and start sending + * checks */ + charon->connect_manager->set_responder_data( + charon->connect_manager, this->connect_id, + this->connect_key, this->local_endpoints); } else { - /* FIXME: handle result of set_initiator_data - * as initiator, we create a checklist and set the initiator's data */ - charon->connect_manager->set_initiator_data(charon->connect_manager, - this->ike_sa->get_my_id(this->ike_sa), this->peer_id, - this->connect_id, this->connect_key, this->local_endpoints, - TRUE); - /* FIXME: also start a timer for the whole transaction (maybe - * within the connect_manager?) */ + /* FIXME: handle result of set_initiator_data */ + /* as initiator, we create a checklist and set the + * initiator's data */ + charon->connect_manager->set_initiator_data( + charon->connect_manager, + this->ike_sa->get_my_id(this->ike_sa), + this->peer_id, this->connect_id, this->connect_key, + this->local_endpoints, TRUE); + /* FIXME: also start a timer for the whole transaction + * (maybe within the connect_manager?) */ } } break; @@ -510,7 +524,9 @@ static status_t build_i_ms(private_ike_me_t *this, message_t *message) { case ME_CONNECT: { - id_payload_t *id_payload = id_payload_create_from_identification(ID_PEER, this->peer_id); + id_payload_t *id_payload; + id_payload = id_payload_create_from_identification(ID_PEER, + this->peer_id); message->add_payload(message, (payload_t*)id_payload); if (this->callback) @@ -521,11 +537,13 @@ static status_t build_i_ms(private_ike_me_t *this, message_t *message) { if (this->response) { - message->add_notify(message, FALSE, ME_RESPONSE, chunk_empty); + message->add_notify(message, FALSE, ME_RESPONSE, + chunk_empty); } - message->add_notify(message, FALSE, ME_CONNECTID, this->connect_id); - message->add_notify(message, FALSE, ME_CONNECTKEY, this->connect_key); - + message->add_notify(message, FALSE, ME_CONNECTID, + this->connect_id); + message->add_notify(message, FALSE, ME_CONNECTKEY, + this->connect_key); add_endpoints_to_message(message, this->remote_endpoints); } break; @@ -533,7 +551,6 @@ static status_t build_i_ms(private_ike_me_t *this, message_t *message) default: break; } - return NEED_MORE; } @@ -546,15 +563,15 @@ static status_t process_r_ms(private_ike_me_t *this, message_t *message) { case IKE_SA_INIT: { - /* FIXME: we should check for SA* and TS* payloads - * if any are there send NO_ADDITIONAL_SAS back and delete this SA */ + /* FIXME: we should check for SA* and TS* payloads. if there are + * any, send NO_ADDITIONAL_SAS back and delete this SA */ process_payloads(this, message); return this->mediation ? NEED_MORE : SUCCESS; } case IKE_AUTH: { - /* FIXME: we should check whether the current peer_config is configured - * as mediation connection */ + /* FIXME: we should check whether the current peer_config is + * configured as mediation connection */ process_payloads(this, message); break; } @@ -570,32 +587,35 @@ static status_t process_r_ms(private_ike_me_t *this, message_t *message) id_payload = (id_payload_t*)message->get_payload(message, ID_PEER); if (!id_payload) { - DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload" + ", aborting"); this->invalid_syntax = TRUE; break; } - this->peer_id = id_payload->get_identification(id_payload); process_payloads(this, message); if (!this->connect_id.ptr) { - DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify" + ", aborting"); this->invalid_syntax = TRUE; break; } if (!this->connect_key.ptr) { - DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify" + ", aborting"); this->invalid_syntax = TRUE; break; } if (!this->remote_endpoints->get_count(this->remote_endpoints)) { - DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT payloads, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT " + "payloads, aborting"); this->invalid_syntax = TRUE; break; } @@ -604,7 +624,6 @@ static status_t process_r_ms(private_ike_me_t *this, message_t *message) default: break; } - return NEED_MORE; } @@ -623,24 +642,19 @@ static status_t build_r_ms(private_ike_me_t *this, message_t *message) case IKE_AUTH: { endpoint_notify_t *endpoint; - if (this->remote_endpoints->get_first(this->remote_endpoints, (void**)&endpoint) == SUCCESS && - endpoint->get_type(endpoint) == SERVER_REFLEXIVE) + if (this->remote_endpoints->get_first(this->remote_endpoints, + (void**)&endpoint) == SUCCESS && + endpoint->get_type(endpoint) == SERVER_REFLEXIVE) { host_t *host = this->ike_sa->get_other_host(this->ike_sa); - - DBG2(DBG_IKE, "received request for a server reflexive endpoint " - "sending: %#H", host); - - endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE, host, NULL); + DBG2(DBG_IKE, "received request for a server reflexive " + "endpoint sending: %#H", host); + endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE, + host, NULL); message->add_payload(message, (payload_t*)endpoint->build_notify(endpoint)); endpoint->destroy(endpoint); } - - /* FIXME: we actually must delete any existing IKE_SAs with the same remote id */ this->ike_sa->act_as_mediation_server(this->ike_sa); - - DBG1(DBG_IKE, "established mediation connection successfully"); - break; } case ME_CONNECT: @@ -654,19 +668,21 @@ static status_t build_r_ms(private_ike_me_t *this, message_t *message) ike_sa_id_t *peer_sa; if (this->callback) { - peer_sa = charon->mediation_manager->check_and_register(charon->mediation_manager, - this->peer_id, this->ike_sa->get_other_id(this->ike_sa)); + peer_sa = charon->mediation_manager->check_and_register( + charon->mediation_manager, this->peer_id, + this->ike_sa->get_other_id(this->ike_sa)); } else { - peer_sa = charon->mediation_manager->check(charon->mediation_manager, - this->peer_id); + peer_sa = charon->mediation_manager->check( + charon->mediation_manager, this->peer_id); } if (!peer_sa) { /* the peer is not online */ - message->add_notify(message, TRUE, ME_CONNECT_FAILED, chunk_empty); + message->add_notify(message, TRUE, ME_CONNECT_FAILED, + chunk_empty); break; } @@ -674,7 +690,6 @@ static status_t build_r_ms(private_ike_me_t *this, message_t *message) this->ike_sa->get_other_id(this->ike_sa), this->connect_id, this->connect_key, this->remote_endpoints, this->response); charon->processor->queue_job(charon->processor, job); - break; } default: @@ -707,7 +722,7 @@ static void me_connect(private_ike_me_t *this, identification_t *peer_id) * Implementation of ike_me.respond */ static void me_respond(private_ike_me_t *this, identification_t *peer_id, - chunk_t connect_id) + chunk_t connect_id) { this->peer_id = peer_id->clone(peer_id); this->connect_id = chunk_clone(connect_id); @@ -726,15 +741,18 @@ static void me_callback(private_ike_me_t *this, identification_t *peer_id) /** * Implementation of ike_me.relay */ -static void relay(private_ike_me_t *this, identification_t *requester, chunk_t connect_id, - chunk_t connect_key, linked_list_t *endpoints, bool response) +static void relay(private_ike_me_t *this, identification_t *requester, + chunk_t connect_id, chunk_t connect_key, + linked_list_t *endpoints, bool response) { this->peer_id = requester->clone(requester); this->connect_id = chunk_clone(connect_id); this->connect_key = chunk_clone(connect_key); - this->remote_endpoints->destroy_offset(this->remote_endpoints, offsetof(endpoint_notify_t, destroy)); - this->remote_endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); + this->remote_endpoints->destroy_offset(this->remote_endpoints, + offsetof(endpoint_notify_t, destroy)); + this->remote_endpoints = endpoints->clone_offset(endpoints, + offsetof(endpoint_notify_t, clone)); this->response = response; } @@ -765,8 +783,10 @@ static void destroy(private_ike_me_t *this) chunk_free(&this->connect_id); chunk_free(&this->connect_key); - this->local_endpoints->destroy_offset(this->local_endpoints, offsetof(endpoint_notify_t, destroy)); - this->remote_endpoints->destroy_offset(this->remote_endpoints, offsetof(endpoint_notify_t, destroy)); + this->local_endpoints->destroy_offset(this->local_endpoints, + offsetof(endpoint_notify_t, destroy)); + this->remote_endpoints->destroy_offset(this->remote_endpoints, + offsetof(endpoint_notify_t, destroy)); DESTROY_IF(this->mediated_cfg); free(this); diff --git a/src/charon/sa/tasks/ike_me.h b/src/charon/sa/tasks/ike_me.h index f4fb5d523..31285a426 100644 --- a/src/charon/sa/tasks/ike_me.h +++ b/src/charon/sa/tasks/ike_me.h @@ -40,7 +40,6 @@ typedef struct ike_me_t ike_me_t; * to it afterwards. */ struct ike_me_t { - /** * Implements the task_t interface */ @@ -58,13 +57,16 @@ struct ike_me_t { * Responds to a ME_CONNECT from another peer (i.e. sends a ME_CONNECT * to the mediation server) * - * @param peer_id ID of the other peer (gets cloned) - * @param connect_id the connect ID as provided by the initiator (gets cloned) + * Data gets cloned. + * + * @param peer_id ID of the other peer + * @param connect_id the connect ID as provided by the initiator */ - void (*respond)(ike_me_t *this, identification_t *peer_id, chunk_t connect_id); + void (*respond)(ike_me_t *this, identification_t *peer_id, + chunk_t connect_id); /** - * Sends a ME_CALLBACK to a peer that previously requested another peer. + * Sends a ME_CALLBACK to a peer that previously requested some other peer. * * @param peer_id ID of the other peer (gets cloned) */ @@ -81,17 +83,17 @@ struct ike_me_t { * @param endpoints endpoints * @param response TRUE if this is a response */ - void (*relay)(ike_me_t *this, identification_t *requester, chunk_t connect_id, - chunk_t connect_key, linked_list_t *endpoints, bool response); - + void (*relay)(ike_me_t *this, identification_t *requester, + chunk_t connect_id, chunk_t connect_key, + linked_list_t *endpoints, bool response); }; /** * Create a new ike_me task. * * @param ike_sa IKE_SA this task works for - * @param initiator TRUE if taks is initiated by us - * @return ike_me task to handle by the task_manager + * @param initiator TRUE if task is initiated by us + * @return ike_me task to be handled by the task_manager */ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator); |