1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
|
/**
* @file ike_sa_manager.h
*
* @brief Interface of ike_sa_manager_t.
*
*/
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef IKE_SA_MANAGER_H_
#define IKE_SA_MANAGER_H_
typedef struct ike_sa_manager_t ike_sa_manager_t;
#include <library.h>
#include <sa/ike_sa.h>
/**
* @brief The IKE_SA-Manager is responsible for managing all initiated and responded IKE_SA's.
*
* To avoid access from multiple threads, IKE_SAs must be checked out from
* the manager, and checked in after usage.
* The manager also handles deletion of SAs.
*
* @todo checking of double-checkouts from the same threads would be nice.
* This could be done by comparing thread-ids via pthread_self()...
*
* @todo Managing of ike_sa_t objects in a hash table instead of linked list.
*
* @b Constructors:
* - ike_sa_manager_create()
*
* @ingroup sa
*/
struct ike_sa_manager_t {
/**
* @brief Checkout an IKE_SA, create it when necesarry.
*
* Checks out a SA by its ID. An SA will be created, when the responder
* SPI is not set (when received an IKE_SA_INIT from initiator).
* Management of SPIs is the managers job, he will set it.
* This function blocks until SA is available for checkout.
*
* @warning checking out two times without checking in will
* result in a deadlock!
*
* @param this the manager object
* @param[in/out] ike_sa_id the SA identifier, will be updated
* @returns
* - checked out IKE_SA if found
* - NULL, if no such IKE_SA available
*/
ike_sa_t* (*checkout) (ike_sa_manager_t* this, ike_sa_id_t *sa_id);
/**
* @brief Checkout an existing IKE_SA by hosts and identifications.
*
* Allows the lookup of an IKE_SA by user IDs and hosts. It returns the
* first found occurence, if there are multiple candidates. Supplied IDs
* may contain wildcards, hosts may be %any.
* If no IKE_SA is found, a new one is created.
*
* @param this the manager object
* @param my_host address of our host
* @param other_id address of remote host
* @param my_id ID used by us
* @param other_id ID used by remote
* @return checked out/created IKE_SA
*/
ike_sa_t* (*checkout_by_id) (ike_sa_manager_t* this,
host_t *my_host, host_t* other_host,
identification_t *my_id,
identification_t *other_id);
/**
* @brief Check out an IKE_SA by protocol and SPI of one of its CHILD_SA.
*
* The kernel sends us expire messages for IPsec SAs. To fullfill
* this request, we must check out the IKE SA which contains the
* CHILD_SA the kernel wants to modify.
*
* @param this the manager object
* @param reqid reqid of the CHILD_SA
* @return
* - checked out IKE_SA, if found
* - NULL, if not found
*/
ike_sa_t* (*checkout_by_child) (ike_sa_manager_t* this, u_int32_t reqid);
/**
* @brief Create an iterator over all stored IKE_SAs.
*
* The avoid synchronization issues, the iterator locks access
* to the manager exclusively, until it gets destroyed.
* This iterator is for reading only! Writing will corrupt the manager.
*
* @param this the manager object
* @return iterator over all IKE_SAs.
*/
iterator_t *(*create_iterator) (ike_sa_manager_t* this);
/**
* @brief Checkin the SA after usage.
*
* @warning the SA pointer MUST NOT be used after checkin!
* The SA must be checked out again!
*
* @param this the manager object
* @param[in/out] ike_sa_id the SA identifier, will be updated
* @param[out] ike_sa checked out SA
* @returns
* - SUCCESS if checked in
* - NOT_FOUND when not found (shouldn't happen!)
*/
status_t (*checkin) (ike_sa_manager_t* this, ike_sa_t *ike_sa);
/**
* @brief Delete a SA, which was not checked out.
*
* If the state allows it, the IKE SA is destroyed immediately. If it is
* in the state ESTABLSIHED, a delete message
* is sent to the remote peer, which has to be acknowledged.
*
* @warning do not use this when the SA is already checked out, this will
* deadlock!
*
* @param this the manager object
* @param[in/out] ike_sa_id the SA identifier
* @returns
* - SUCCESS if found
* - NOT_FOUND when no such SA is available
*/
status_t (*delete) (ike_sa_manager_t* this, ike_sa_id_t *ike_sa_id);
/**
* @brief Delete a SA identified by its name, which was not checked out.
*
* Using delete_by_name allows the delete of IKE_SAs and CHILD_SAs.
* The supplied name may have one of the following format:
*
* name{x} => delete IKE_SA with "name" and unique id "x"
* name{} => delete all IKE_SAs with "name"
* name[x] => delete CHILD_SA with "name" and unique id "x"
* name[] => delete all CHILD_SAs with "name"
* name => delete all CHILD_SAs or IKE_SAs with "name"
*
* @warning do not use this when the SA is already checked out, this will
* deadlock!
*
* @param this the manager object
* @param name name in one of the format described above
* @returns
* - SUCCESS if found
* - NOT_FOUND when no such SA is available
*/
status_t (*delete_by_name) (ike_sa_manager_t* this, char *name);
/**
* @brief Destroy a checked out SA.
*
* The IKE SA is destroyed without notification of the remote peer.
* Use this only if the other peer doesn't respond or behaves not
* as predicted.
* Checking in and destruction is an atomic operation (for the IKE_SA),
* so this can be called if the SA is in a "unclean" state, without the
* risk that another thread can get the SA.
*
* @param this the manager object
* @param ike_sa SA to delete
* @returns
* - SUCCESS if found
* - NOT_FOUND when no such SA is available
*/
status_t (*checkin_and_destroy) (ike_sa_manager_t* this, ike_sa_t *ike_sa);
/**
* @brief Destroys the manager with all associated SAs.
*
* Threads will be driven out, so all SAs can be deleted cleanly.
*
* @param this the manager object
*/
void (*destroy) (ike_sa_manager_t *this);
};
/**
* @brief Create a manager.
*
* @returns ike_sa_manager_t object
*
* @ingroup sa
*/
ike_sa_manager_t *ike_sa_manager_create(void);
#endif /*IKE_SA_MANAGER_H_*/
|
