Merge branch 'ikev1-cache-informational'

With these changes an INFORMATIONAL message (e.g. with an INITIAL_CONTACT
notify) that arrives while a responder is waiting for the last Aggressive
Mode request gets queued and delivered later.  Previously such messages
caused the IKE_SA to fail as some tasks waiting for the last AM message
fail when trying to handle the INFORMATIONAL message.  Therefore, all
other messages, such as TRANSACTION and QUICK_MODE requests, are now
dropped until AM is complete.  These don't have to be cached as they get
retransmitted by the other peer.

Fixes #1130.

1 files changed, 81 insertions, 15 deletions

diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index e1747d2c6..a839f51e7 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -935,6 +935,28 @@ static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid)
 }
 
 /**
+ * Check if we still have an aggressive mode task queued
+ */
+static bool have_aggressive_mode_task(private_task_manager_t *this)
+{
+	enumerator_t *enumerator;
+	task_t *task;
+	bool found = FALSE;
+
+	enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
+	while (enumerator->enumerate(enumerator, &task))
+	{
+		if (task->get_type(task) == TASK_AGGRESSIVE_MODE)
+		{
+			found = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	return found;
+}
+
+/**
  * handle an incoming request message
  */
 static status_t process_request(private_task_manager_t *this,
@@ -1073,6 +1095,22 @@ static status_t process_request(private_task_manager_t *this,
 		 * the same message again. */
 		clear_packets(this->responding.packets);
 	}
+	if (this->queued &&
+		this->queued->get_exchange_type(this->queued) == INFORMATIONAL_V1)
+	{
+		message_t *queued;
+		status_t status;
+
+		queued = this->queued;
+		this->queued = NULL;
+		status = this->public.task_manager.process_message(
+											&this->public.task_manager, queued);
+		queued->destroy(queued);
+		if (status == DESTROY_ME)
+		{
+			return status;
+		}
+	}
 	if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
 		this->queued_tasks->get_count(this->queued_tasks) > 0)
 	{
@@ -1145,7 +1183,8 @@ static status_t process_response(private_task_manager_t *this,
 	this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
 	clear_packets(this->initiating.packets);
 
-	if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0)
+	if (this->queued && !this->active_tasks->get_count(this->active_tasks) &&
+		this->queued->get_exchange_type(this->queued) == TRANSACTION)
 	{
 		queued = this->queued;
 		this->queued = NULL;
@@ -1240,6 +1279,29 @@ static status_t parse_message(private_task_manager_t *this, message_t *msg)
 	return status;
 }
 
+/**
+ * Queue the given message if possible
+ */
+static status_t queue_message(private_task_manager_t *this, message_t *msg)
+{
+	if (this->queued)
+	{
+		DBG1(DBG_IKE, "ignoring %N request, queue full",
+			 exchange_type_names, msg->get_exchange_type(msg));
+		return FAILED;
+	}
+	this->queued = message_create_from_packet(msg->get_packet(msg));
+	if (this->queued->parse_header(this->queued) != SUCCESS)
+	{
+		this->queued->destroy(this->queued);
+		this->queued = NULL;
+		return FAILED;
+	}
+	DBG1(DBG_IKE, "queueing %N request as tasks still active",
+		 exchange_type_names, msg->get_exchange_type(msg));
+	return SUCCESS;
+}
+
 METHOD(task_manager_t, process_message, status_t,
 	private_task_manager_t *this, message_t *msg)
 {
@@ -1340,25 +1402,29 @@ METHOD(task_manager_t, process_message, status_t,
 			}
 		}
 
-		if (msg->get_exchange_type(msg) == TRANSACTION &&
-			this->active_tasks->get_count(this->active_tasks))
-		{	/* main mode not yet complete, queue XAuth/Mode config tasks */
-			if (this->queued)
+		/* drop XAuth/Mode Config/Quick Mode messages until we received the last
+		 * Aggressive Mode message.  since Informational messages are not
+		 * retransmitted we queue them. */
+		if (have_aggressive_mode_task(this))
+		{
+			if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
 			{
-				DBG1(DBG_IKE, "ignoring additional %N request, queue full",
-					 exchange_type_names, TRANSACTION);
-				return SUCCESS;
+				return queue_message(this, msg);
 			}
-			this->queued = message_create_from_packet(msg->get_packet(msg));
-			if (this->queued->parse_header(this->queued) != SUCCESS)
+			else if (msg->get_exchange_type(msg) != AGGRESSIVE)
 			{
-				this->queued->destroy(this->queued);
-				this->queued = NULL;
+				DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
+					 exchange_type_names, msg->get_exchange_type(msg));
 				return FAILED;
 			}
-			DBG1(DBG_IKE, "queueing %N request as tasks still active",
-				 exchange_type_names, TRANSACTION);
-			return SUCCESS;
+		}
+
+		/* queue XAuth/Mode Config messages unless the Main Mode exchange we
+		 * initiated is complete */
+		if (msg->get_exchange_type(msg) == TRANSACTION &&
+			this->active_tasks->get_count(this->active_tasks))
+		{
+			return queue_message(this, msg);
 		}
 
 		msg->set_request(msg, TRUE);