diff options
Diffstat (limited to 'src/charon/queues')
| -rw-r--r-- | src/charon/queues/jobs/acquire_job.c | 4 | ||||
| -rw-r--r-- | src/charon/queues/jobs/delete_child_sa_job.c | 4 | ||||
| -rw-r--r-- | src/charon/queues/jobs/delete_ike_sa_job.c | 43 | ||||
| -rw-r--r-- | src/charon/queues/jobs/incoming_packet_job.c | 34 | ||||
| -rw-r--r-- | src/charon/queues/jobs/initiate_job.c | 21 | ||||
| -rw-r--r-- | src/charon/queues/jobs/initiate_job.h | 4 | ||||
| -rw-r--r-- | src/charon/queues/jobs/job.c | 2 | ||||
| -rw-r--r-- | src/charon/queues/jobs/job.h | 4 | ||||
| -rw-r--r-- | src/charon/queues/jobs/rekey_child_sa_job.c | 4 | ||||
| -rw-r--r-- | src/charon/queues/jobs/rekey_ike_sa_job.c | 4 | ||||
| -rw-r--r-- | src/charon/queues/jobs/retransmit_job.c (renamed from src/charon/queues/jobs/retransmit_request_job.c) | 59 | ||||
| -rw-r--r-- | src/charon/queues/jobs/retransmit_job.h (renamed from src/charon/queues/jobs/retransmit_request_job.h) | 30 | ||||
| -rw-r--r-- | src/charon/queues/jobs/route_job.c | 2 |
13 files changed, 100 insertions, 115 deletions
diff --git a/src/charon/queues/jobs/acquire_job.c b/src/charon/queues/jobs/acquire_job.c index 4deadf3fe..b4ffb258d 100644 --- a/src/charon/queues/jobs/acquire_job.c +++ b/src/charon/queues/jobs/acquire_job.c @@ -57,8 +57,8 @@ static status_t execute(private_acquire_job_t *this) { ike_sa_t *ike_sa; - ike_sa = charon->ike_sa_manager->checkout_by_child(charon->ike_sa_manager, - this->reqid); + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + this->reqid, TRUE); if (ike_sa == NULL) { DBG2(DBG_JOB, "CHILD_SA with reqid %d not found for acquiring", diff --git a/src/charon/queues/jobs/delete_child_sa_job.c b/src/charon/queues/jobs/delete_child_sa_job.c index 71ee3f00a..f694696b0 100644 --- a/src/charon/queues/jobs/delete_child_sa_job.c +++ b/src/charon/queues/jobs/delete_child_sa_job.c @@ -68,8 +68,8 @@ static status_t execute(private_delete_child_sa_job_t *this) { ike_sa_t *ike_sa; - ike_sa = charon->ike_sa_manager->checkout_by_child(charon->ike_sa_manager, - this->reqid); + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + this->reqid, TRUE); if (ike_sa == NULL) { DBG1(DBG_JOB, "CHILD_SA with reqid %d not found for delete", diff --git a/src/charon/queues/jobs/delete_ike_sa_job.c b/src/charon/queues/jobs/delete_ike_sa_job.c index 9e8173c39..706155aa6 100644 --- a/src/charon/queues/jobs/delete_ike_sa_job.c +++ b/src/charon/queues/jobs/delete_ike_sa_job.c @@ -62,41 +62,38 @@ static status_t execute(private_delete_ike_sa_job_t *this) { ike_sa_t *ike_sa; - if (this->delete_if_established) + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->ike_sa_id); + if (ike_sa) { - if (charon->ike_sa_manager->delete(charon->ike_sa_manager, - this->ike_sa_id) != SUCCESS) + if (this->delete_if_established) { - DBG2(DBG_JOB, "IKE SA didn't exist anymore"); - } - return DESTROY_ME; - } - else - { - ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); - if (ike_sa == NULL) - { - /* hm, somebody was faster ;-) */ - return DESTROY_ME; + if (ike_sa->delete(ike_sa) == DESTROY_ME) + { + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } } - - switch (ike_sa->get_state(ike_sa)) + else { - case IKE_ESTABLISHED: + /* destroy only if not ESTABLISHED */ + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) { - /* IKE_SA is established and so is not getting destroyed */ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); - return DESTROY_ME; } - default: + else { - /* IKE_SA is half open and gets destroyed */ DBG1(DBG_JOB, "deleting half open IKE_SA after timeout"); - charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); - return DESTROY_ME; + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); } } } + return DESTROY_ME; } /** diff --git a/src/charon/queues/jobs/incoming_packet_job.c b/src/charon/queues/jobs/incoming_packet_job.c index 18671610d..c4f211a04 100644 --- a/src/charon/queues/jobs/incoming_packet_job.c +++ b/src/charon/queues/jobs/incoming_packet_job.c @@ -64,6 +64,13 @@ static void send_notify_response(private_incoming_packet_job_t *this, packet_t *packet; ike_sa_id_t *ike_sa_id; + if (request->get_exchange_type(request) != IKE_SA_INIT) + { + /* TODO: Use transforms implementing the "NULL" algorithm, + we are unable to generate message otherwise */ + return; + } + ike_sa_id = request->get_ike_sa_id(request); ike_sa_id = ike_sa_id->clone(ike_sa_id); ike_sa_id->switch_initiator(ike_sa_id); @@ -80,8 +87,6 @@ static void send_notify_response(private_incoming_packet_job_t *this, ike_sa_id->destroy(ike_sa_id); notify = notify_payload_create_from_protocol_and_type(PROTO_NONE, type); response->add_payload(response, (payload_t *)notify); - /* generation may fail, as most messages need a crypter/signer. - * TODO: Use transforms implementing the "NULL" algorithm */ if (response->generate(response, NULL, NULL, &packet) != SUCCESS) { response->destroy(response); @@ -107,12 +112,12 @@ static status_t execute(private_incoming_packet_job_t *this) message = message_create_from_packet(this->packet->clone(this->packet)); src = message->get_source(message); dst = message->get_destination(message); - DBG1(DBG_NET, "received packet: from %#H to %#H", src, dst); status = message->parse_header(message); if (status != SUCCESS) { - DBG1(DBG_NET, "received message with invalid IKE header, ignored"); + DBG1(DBG_NET, "received message from %H with invalid IKE header, " + "ignored", src); message->destroy(message); return DESTROY_ME; } @@ -120,11 +125,12 @@ static status_t execute(private_incoming_packet_job_t *this) if ((message->get_major_version(message) != IKE_MAJOR_VERSION) || (message->get_minor_version(message) != IKE_MINOR_VERSION)) { - DBG1(DBG_NET, - "received a packet with IKE version %d.%d, not supported", - message->get_major_version(message), - message->get_minor_version(message)); - if ((message->get_exchange_type(message) == IKE_SA_INIT) && (message->get_request(message))) + DBG1(DBG_NET, "received message from %H with unsupported IKE " + "version %d.%d, ignored", src, message->get_major_version(message), + message->get_minor_version(message)); + + if (message->get_exchange_type(message) == IKE_SA_INIT && + message->get_request(message)) { send_notify_response(this, message, INVALID_MAJOR_VERSION); } @@ -138,19 +144,19 @@ static status_t execute(private_incoming_packet_job_t *this) ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, ike_sa_id); if (ike_sa == NULL) { - DBG1(DBG_NET, "received packet for IKE_SA: %J, but no such IKE_SA", - ike_sa_id); + DBG1(DBG_NET, "received packet from %#H for IKE_SA: %J, but no such " + "IKE_SA", src, ike_sa_id); if (message->get_request(message)) { - /* TODO: send notify if we have NULL crypters, - * see todo in send_notify_response - send_notify_response(this, message, INVALID_IKE_SPI); */ + send_notify_response(this, message, INVALID_IKE_SPI); } ike_sa_id->destroy(ike_sa_id); message->destroy(message); return DESTROY_ME; } + DBG1(DBG_NET, "received packet: from %#H to %#H", src, dst); + status = ike_sa->process_message(ike_sa, message); if (status == DESTROY_ME) { diff --git a/src/charon/queues/jobs/initiate_job.c b/src/charon/queues/jobs/initiate_job.c index 8b943a3f1..af50663d6 100644 --- a/src/charon/queues/jobs/initiate_job.c +++ b/src/charon/queues/jobs/initiate_job.c @@ -45,11 +45,6 @@ struct private_initiate_job_t { connection_t *connection; /** - * host to connect to, use NULL to use connections one - */ - host_t *other; - - /** * associated policy to initiate */ policy_t *policy; @@ -70,19 +65,12 @@ static status_t execute(private_initiate_job_t *this) { ike_sa_t *ike_sa; - ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + ike_sa = charon->ike_sa_manager->checkout_by_peer(charon->ike_sa_manager, this->connection->get_my_host(this->connection), this->connection->get_other_host(this->connection), this->policy->get_my_id(this->policy), this->policy->get_other_id(this->policy)); - - if (this->other) - { - ike_sa->set_other_host(ike_sa, this->other->clone(this->other)); - } - - this->connection->get_ref(this->connection); - this->policy->get_ref(this->policy); + if (ike_sa->initiate(ike_sa, this->connection, this->policy) != SUCCESS) { DBG1(DBG_JOB, "initiation failed, going to delete IKE_SA"); @@ -101,15 +89,13 @@ static void destroy(private_initiate_job_t *this) { this->connection->destroy(this->connection); this->policy->destroy(this->policy); - DESTROY_IF(this->other); free(this); } /* * Described in header */ -initiate_job_t *initiate_job_create(connection_t *connection, host_t *other, - policy_t *policy) +initiate_job_t *initiate_job_create(connection_t *connection, policy_t *policy) { private_initiate_job_t *this = malloc_thing(private_initiate_job_t); @@ -121,7 +107,6 @@ initiate_job_t *initiate_job_create(connection_t *connection, host_t *other, /* private variables */ this->connection = connection; this->policy = policy; - this->other = other; return &this->public; } diff --git a/src/charon/queues/jobs/initiate_job.h b/src/charon/queues/jobs/initiate_job.h index 2fd0ced93..af1dd9ece 100644 --- a/src/charon/queues/jobs/initiate_job.h +++ b/src/charon/queues/jobs/initiate_job.h @@ -51,13 +51,11 @@ struct initiate_job_t { * @brief Creates a job of type INITIATE_IKE_SA. * * @param connection connection_t to initialize - * @param other another host to initiate to, NULL to use connections one * @param policy policy to set up * @return initiate_job_t object * * @ingroup jobs */ -initiate_job_t *initiate_job_create(connection_t *connection, host_t *other, - policy_t *policy); +initiate_job_t *initiate_job_create(connection_t *connection, policy_t *policy); #endif /*INITIATE_IKE_SA_JOB_H_*/ diff --git a/src/charon/queues/jobs/job.c b/src/charon/queues/jobs/job.c index d88843d7c..337558c2d 100644 --- a/src/charon/queues/jobs/job.c +++ b/src/charon/queues/jobs/job.c @@ -26,7 +26,7 @@ ENUM(job_type_names, INCOMING_PACKET, SEND_DPD, "INCOMING_PACKET", - "RETRANSMIT_REQUEST", + "RETRANSMIT", "INITIATE", "ROUTE", "ACQUIRE", diff --git a/src/charon/queues/jobs/job.h b/src/charon/queues/jobs/job.h index ae3fe7974..ae67a2bdc 100644 --- a/src/charon/queues/jobs/job.h +++ b/src/charon/queues/jobs/job.h @@ -45,9 +45,9 @@ enum job_type_t { /** * Retransmit an IKEv2-Message. * - * Job is implemented in class retransmit_request_job_t + * Job is implemented in class retransmit_job_t */ - RETRANSMIT_REQUEST, + RETRANSMIT, /** * Set up a CHILD_SA, optional with an IKE_SA. diff --git a/src/charon/queues/jobs/rekey_child_sa_job.c b/src/charon/queues/jobs/rekey_child_sa_job.c index 5944aa77f..3422b614d 100644 --- a/src/charon/queues/jobs/rekey_child_sa_job.c +++ b/src/charon/queues/jobs/rekey_child_sa_job.c @@ -67,8 +67,8 @@ static status_t execute(private_rekey_child_sa_job_t *this) { ike_sa_t *ike_sa; - ike_sa = charon->ike_sa_manager->checkout_by_child(charon->ike_sa_manager, - this->reqid); + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + this->reqid, TRUE); if (ike_sa == NULL) { DBG2(DBG_JOB, "CHILD_SA with reqid %d not found for rekeying", diff --git a/src/charon/queues/jobs/rekey_ike_sa_job.c b/src/charon/queues/jobs/rekey_ike_sa_job.c index f0c4bef4f..2539d997e 100644 --- a/src/charon/queues/jobs/rekey_ike_sa_job.c +++ b/src/charon/queues/jobs/rekey_ike_sa_job.c @@ -61,7 +61,7 @@ static job_type_t get_type(private_rekey_ike_sa_job_t *this) static status_t execute(private_rekey_ike_sa_job_t *this) { ike_sa_t *ike_sa; - status_t status; + status_t status = SUCCESS; ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); @@ -73,7 +73,7 @@ static status_t execute(private_rekey_ike_sa_job_t *this) if (this->reauth) { - status = ike_sa->reauth(ike_sa); + ike_sa->reestablish(ike_sa); } else { diff --git a/src/charon/queues/jobs/retransmit_request_job.c b/src/charon/queues/jobs/retransmit_job.c index 1dee6e521..5bfa20dfd 100644 --- a/src/charon/queues/jobs/retransmit_request_job.c +++ b/src/charon/queues/jobs/retransmit_job.c @@ -1,12 +1,12 @@ /** - * @file retransmit_request_job.c + * @file retransmit_job.c * - * @brief Implementation of retransmit_request_job_t. + * @brief Implementation of retransmit_job_t. * */ /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -21,20 +21,20 @@ * for more details. */ -#include "retransmit_request_job.h" +#include "retransmit_job.h" #include <daemon.h> -typedef struct private_retransmit_request_job_t private_retransmit_request_job_t; +typedef struct private_retransmit_job_t private_retransmit_job_t; /** - * Private data of an retransmit_request_job_t Object. + * Private data of an retransmit_job_t Object. */ -struct private_retransmit_request_job_t { +struct private_retransmit_job_t { /** - * Public retransmit_request_job_t interface. + * Public retransmit_job_t interface. */ - retransmit_request_job_t public; + retransmit_job_t public; /** * Message ID of the request to resend. @@ -50,33 +50,32 @@ struct private_retransmit_request_job_t { /** * Implements job_t.get_type. */ -static job_type_t get_type(private_retransmit_request_job_t *this) +static job_type_t get_type(private_retransmit_job_t *this) { - return RETRANSMIT_REQUEST; + return RETRANSMIT; } /** * Implementation of job_t.execute. */ -static status_t execute(private_retransmit_request_job_t *this) +static status_t execute(private_retransmit_job_t *this) { ike_sa_t *ike_sa; - ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); - if (ike_sa == NULL) + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->ike_sa_id); + if (ike_sa) { - DBG2(DBG_JOB, "IKE SA could not be checked out. Already deleted?"); - return DESTROY_ME; - } - - if (ike_sa->retransmit_request(ike_sa, this->message_id) == DESTROY_ME) - { - /* retransmission hopeless, kill SA */ - charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); - } - else - { - charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + if (ike_sa->retransmit(ike_sa, this->message_id) == DESTROY_ME) + { + /* retransmitted to many times, giving up */ + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, + ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } } return DESTROY_ME; } @@ -84,7 +83,7 @@ static status_t execute(private_retransmit_request_job_t *this) /** * Implements job_t.destroy. */ -static void destroy(private_retransmit_request_job_t *this) +static void destroy(private_retransmit_job_t *this) { this->ike_sa_id->destroy(this->ike_sa_id); free(this); @@ -93,9 +92,9 @@ static void destroy(private_retransmit_request_job_t *this) /* * Described in header. */ -retransmit_request_job_t *retransmit_request_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id) +retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id) { - private_retransmit_request_job_t *this = malloc_thing(private_retransmit_request_job_t); + private_retransmit_job_t *this = malloc_thing(private_retransmit_job_t); /* interface functions */ this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type; @@ -106,5 +105,5 @@ retransmit_request_job_t *retransmit_request_job_create(u_int32_t message_id,ike this->message_id = message_id; this->ike_sa_id = ike_sa_id->clone(ike_sa_id); - return &(this->public); + return &this->public; } diff --git a/src/charon/queues/jobs/retransmit_request_job.h b/src/charon/queues/jobs/retransmit_job.h index 1897af16d..19e29b909 100644 --- a/src/charon/queues/jobs/retransmit_request_job.h +++ b/src/charon/queues/jobs/retransmit_job.h @@ -1,12 +1,12 @@ /** - * @file retransmit_request_job.h + * @file retransmit_job.h * - * @brief Interface of retransmit_request_job_t. + * @brief Interface of retransmit_job_t. * */ /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -21,28 +21,28 @@ * for more details. */ -#ifndef RESEND_MESSAGE_JOB_H_ -#define RESEND_MESSAGE_JOB_H_ +#ifndef RETRANSMIT_JOB_H_ +#define RETRANSMIT_JOB_H_ -typedef struct retransmit_request_job_t retransmit_request_job_t; +typedef struct retransmit_job_t retransmit_job_t; #include <library.h> #include <queues/jobs/job.h> #include <sa/ike_sa_id.h> /** - * @brief Class representing an RETRANSMIT_REQUEST Job. + * @brief Class representing an retransmit Job. * * This job is scheduled every time a request is sent over the * wire. If the response to the request is not received at schedule * time, the retransmission will be initiated. * * @b Constructors: - * - retransmit_request_job_create() + * - retransmit_job_create() * * @ingroup jobs */ -struct retransmit_request_job_t { +struct retransmit_job_t { /** * The job_t interface. */ @@ -50,15 +50,15 @@ struct retransmit_request_job_t { }; /** - * @brief Creates a job of type RETRANSMIT_REQUEST. + * @brief Creates a job of type retransmit. * * @param message_id message_id of the request to resend - * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) - * @return retransmit_request_job_t object + * @param ike_sa_id identification of the ike_sa as ike_sa_id_t + * @return retransmit_job_t object * * @ingroup jobs */ -retransmit_request_job_t *retransmit_request_job_create(u_int32_t message_id, - ike_sa_id_t *ike_sa_id); +retransmit_job_t *retransmit_job_create(u_int32_t message_id, + ike_sa_id_t *ike_sa_id); -#endif /* RESEND_MESSAGE_JOB_H_ */ +#endif /* RETRANSMIT_JOB_H_ */ diff --git a/src/charon/queues/jobs/route_job.c b/src/charon/queues/jobs/route_job.c index 5a128474b..bb6281dcc 100644 --- a/src/charon/queues/jobs/route_job.c +++ b/src/charon/queues/jobs/route_job.c @@ -69,7 +69,7 @@ static status_t execute(private_route_job_t *this) { ike_sa_t *ike_sa; - ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + ike_sa = charon->ike_sa_manager->checkout_by_peer(charon->ike_sa_manager, this->connection->get_my_host(this->connection), this->connection->get_other_host(this->connection), this->policy->get_my_id(this->policy), |