summaryrefslogtreecommitdiff
path: root/src/libcharon/sa/ike_sa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa/ike_sa.c')
-rw-r--r--src/libcharon/sa/ike_sa.c726
1 files changed, 302 insertions, 424 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 023f0749f..7536662ca 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -287,18 +287,14 @@ static time_t get_use_time(private_ike_sa_t* this, bool inbound)
return use_time;
}
-/**
- * Implementation of ike_sa_t.get_unique_id
- */
-static u_int32_t get_unique_id(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_unique_id, u_int32_t,
+ private_ike_sa_t *this)
{
return this->unique_id;
}
-/**
- * Implementation of ike_sa_t.get_name.
- */
-static char *get_name(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_name, char*,
+ private_ike_sa_t *this)
{
if (this->peer_cfg)
{
@@ -307,10 +303,8 @@ static char *get_name(private_ike_sa_t *this)
return "(unnamed)";
}
-/**
- * Implementation of ike_sa_t.get_statistic.
- */
-static u_int32_t get_statistic(private_ike_sa_t *this, statistic_t kind)
+METHOD(ike_sa_t, get_statistic, u_int32_t,
+ private_ike_sa_t *this, statistic_t kind)
{
if (kind < STAT_MAX)
{
@@ -319,52 +313,40 @@ static u_int32_t get_statistic(private_ike_sa_t *this, statistic_t kind)
return 0;
}
-/**
- * Implementation of ike_sa_t.get_my_host.
- */
-static host_t *get_my_host(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_my_host, host_t*,
+ private_ike_sa_t *this)
{
return this->my_host;
}
-/**
- * Implementation of ike_sa_t.set_my_host.
- */
-static void set_my_host(private_ike_sa_t *this, host_t *me)
+METHOD(ike_sa_t, set_my_host, void,
+ private_ike_sa_t *this, host_t *me)
{
DESTROY_IF(this->my_host);
this->my_host = me;
}
-/**
- * Implementation of ike_sa_t.get_other_host.
- */
-static host_t *get_other_host(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_other_host, host_t*,
+ private_ike_sa_t *this)
{
return this->other_host;
}
-/**
- * Implementation of ike_sa_t.set_other_host.
- */
-static void set_other_host(private_ike_sa_t *this, host_t *other)
+METHOD(ike_sa_t, set_other_host, void,
+ private_ike_sa_t *this, host_t *other)
{
DESTROY_IF(this->other_host);
this->other_host = other;
}
-/**
- * Implementation of ike_sa_t.get_peer_cfg
- */
-static peer_cfg_t* get_peer_cfg(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_peer_cfg, peer_cfg_t*,
+ private_ike_sa_t *this)
{
return this->peer_cfg;
}
-/**
- * Implementation of ike_sa_t.set_peer_cfg
- */
-static void set_peer_cfg(private_ike_sa_t *this, peer_cfg_t *peer_cfg)
+METHOD(ike_sa_t, set_peer_cfg, void,
+ private_ike_sa_t *this, peer_cfg_t *peer_cfg)
{
DESTROY_IF(this->peer_cfg);
peer_cfg->get_ref(peer_cfg);
@@ -377,10 +359,8 @@ static void set_peer_cfg(private_ike_sa_t *this, peer_cfg_t *peer_cfg)
}
}
-/**
- * Implementation of ike_sa_t.get_auth_cfg
- */
-static auth_cfg_t* get_auth_cfg(private_ike_sa_t *this, bool local)
+METHOD(ike_sa_t, get_auth_cfg, auth_cfg_t*,
+ private_ike_sa_t *this, bool local)
{
if (local)
{
@@ -389,10 +369,8 @@ static auth_cfg_t* get_auth_cfg(private_ike_sa_t *this, bool local)
return this->other_auth;
}
-/**
- * Implementation of ike_sa_t.add_auth_cfg
- */
-static void add_auth_cfg(private_ike_sa_t *this, bool local, auth_cfg_t *cfg)
+METHOD(ike_sa_t, add_auth_cfg, void,
+ private_ike_sa_t *this, bool local, auth_cfg_t *cfg)
{
if (local)
{
@@ -404,11 +382,8 @@ static void add_auth_cfg(private_ike_sa_t *this, bool local, auth_cfg_t *cfg)
}
}
-/**
- * Implementation of ike_sa_t.create_auth_cfg_enumerator
- */
-static enumerator_t* create_auth_cfg_enumerator(private_ike_sa_t *this,
- bool local)
+METHOD(ike_sa_t, create_auth_cfg_enumerator, enumerator_t*,
+ private_ike_sa_t *this, bool local)
{
if (local)
{
@@ -424,42 +399,33 @@ static void flush_auth_cfgs(private_ike_sa_t *this)
{
auth_cfg_t *cfg;
- if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", FALSE))
+ while (this->my_auths->remove_last(this->my_auths,
+ (void**)&cfg) == SUCCESS)
{
- while (this->my_auths->remove_last(this->my_auths,
- (void**)&cfg) == SUCCESS)
- {
- cfg->destroy(cfg);
- }
- while (this->other_auths->remove_last(this->other_auths,
- (void**)&cfg) == SUCCESS)
- {
- cfg->destroy(cfg);
- }
+ cfg->destroy(cfg);
+ }
+ while (this->other_auths->remove_last(this->other_auths,
+ (void**)&cfg) == SUCCESS)
+ {
+ cfg->destroy(cfg);
}
}
-/**
- * Implementation of ike_sa_t.get_proposal
- */
-static proposal_t* get_proposal(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_proposal, proposal_t*,
+ private_ike_sa_t *this)
{
return this->proposal;
}
-/**
- * Implementation of ike_sa_t.set_proposal
- */
-static void set_proposal(private_ike_sa_t *this, proposal_t *proposal)
+METHOD(ike_sa_t, set_proposal, void,
+ private_ike_sa_t *this, proposal_t *proposal)
{
DESTROY_IF(this->proposal);
this->proposal = proposal->clone(proposal);
}
-/**
- * Implementation of ike_sa_t.set_message_id
- */
-static void set_message_id(private_ike_sa_t *this, bool initiate, u_int32_t mid)
+METHOD(ike_sa_t, set_message_id, void,
+ private_ike_sa_t *this, bool initiate, u_int32_t mid)
{
if (initiate)
{
@@ -471,10 +437,8 @@ static void set_message_id(private_ike_sa_t *this, bool initiate, u_int32_t mid)
}
}
-/**
- * Implementation of ike_sa_t.send_keepalive
- */
-static void send_keepalive(private_ike_sa_t *this)
+METHOD(ike_sa_t, send_keepalive, void,
+ private_ike_sa_t *this)
{
send_keepalive_job_t *job;
time_t last_out, now, diff;
@@ -510,52 +474,39 @@ static void send_keepalive(private_ike_sa_t *this)
this->keepalive_interval - diff);
}
-/**
- * Implementation of ike_sa_t.get_ike_cfg
- */
-static ike_cfg_t *get_ike_cfg(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_ike_cfg, ike_cfg_t*,
+ private_ike_sa_t *this)
{
return this->ike_cfg;
}
-/**
- * Implementation of ike_sa_t.set_ike_cfg
- */
-static void set_ike_cfg(private_ike_sa_t *this, ike_cfg_t *ike_cfg)
+METHOD(ike_sa_t, set_ike_cfg, void,
+ private_ike_sa_t *this, ike_cfg_t *ike_cfg)
{
ike_cfg->get_ref(ike_cfg);
this->ike_cfg = ike_cfg;
}
-/**
- * Implementation of ike_sa_t.enable_extension.
- */
-static void enable_extension(private_ike_sa_t *this, ike_extension_t extension)
+METHOD(ike_sa_t, enable_extension, void,
+ private_ike_sa_t *this, ike_extension_t extension)
{
this->extensions |= extension;
}
-/**
- * Implementation of ike_sa_t.has_extension.
- */
-static bool supports_extension(private_ike_sa_t *this, ike_extension_t extension)
+METHOD(ike_sa_t, supports_extension, bool,
+ private_ike_sa_t *this, ike_extension_t extension)
{
return (this->extensions & extension) != FALSE;
}
-/**
- * Implementation of ike_sa_t.has_condition.
- */
-static bool has_condition(private_ike_sa_t *this, ike_condition_t condition)
+METHOD(ike_sa_t, has_condition, bool,
+ private_ike_sa_t *this, ike_condition_t condition)
{
return (this->conditions & condition) != FALSE;
}
-/**
- * Implementation of ike_sa_t.enable_condition.
- */
-static void set_condition(private_ike_sa_t *this, ike_condition_t condition,
- bool enable)
+METHOD(ike_sa_t, set_condition, void,
+ private_ike_sa_t *this, ike_condition_t condition, bool enable)
{
if (has_condition(this, condition) != enable)
{
@@ -601,10 +552,8 @@ static void set_condition(private_ike_sa_t *this, ike_condition_t condition,
}
}
-/**
- * Implementation of ike_sa_t.send_dpd
- */
-static status_t send_dpd(private_ike_sa_t *this)
+METHOD(ike_sa_t, send_dpd, status_t,
+ private_ike_sa_t *this)
{
job_t *job;
time_t diff, delay;
@@ -660,18 +609,14 @@ static status_t send_dpd(private_ike_sa_t *this)
return SUCCESS;
}
-/**
- * Implementation of ike_sa_t.get_state.
- */
-static ike_sa_state_t get_state(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_state, ike_sa_state_t,
+ private_ike_sa_t *this)
{
return this->state;
}
-/**
- * Implementation of ike_sa_t.set_state.
- */
-static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
+METHOD(ike_sa_t, set_state, void,
+ private_ike_sa_t *this, ike_sa_state_t state)
{
DBG2(DBG_IKE, "IKE_SA %s[%d] state change: %N => %N",
get_name(this), this->unique_id,
@@ -754,10 +699,8 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
this->state = state;
}
-/**
- * Implementation of ike_sa_t.reset
- */
-static void reset(private_ike_sa_t *this)
+METHOD(ike_sa_t, reset, void,
+ private_ike_sa_t *this)
{
/* the responder ID is reset, as peer may choose another one */
if (this->ike_sa_id->is_initiator(this->ike_sa_id))
@@ -767,21 +710,22 @@ static void reset(private_ike_sa_t *this)
set_state(this, IKE_CREATED);
+ flush_auth_cfgs(this);
+
+ this->keymat->destroy(this->keymat);
+ this->keymat = keymat_create(this->ike_sa_id->is_initiator(this->ike_sa_id));
+
this->task_manager->reset(this->task_manager, 0, 0);
}
-/**
- * Implementation of ike_sa_t.get_keymat
- */
-static keymat_t* get_keymat(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_keymat, keymat_t*,
+ private_ike_sa_t *this)
{
return this->keymat;
}
-/**
- * Implementation of ike_sa_t.set_virtual_ip
- */
-static void set_virtual_ip(private_ike_sa_t *this, bool local, host_t *ip)
+METHOD(ike_sa_t, set_virtual_ip, void,
+ private_ike_sa_t *this, bool local, host_t *ip)
{
if (local)
{
@@ -811,10 +755,8 @@ static void set_virtual_ip(private_ike_sa_t *this, bool local, host_t *ip)
}
}
-/**
- * Implementation of ike_sa_t.get_virtual_ip
- */
-static host_t* get_virtual_ip(private_ike_sa_t *this, bool local)
+METHOD(ike_sa_t, get_virtual_ip, host_t*,
+ private_ike_sa_t *this, bool local)
{
if (local)
{
@@ -826,27 +768,21 @@ static host_t* get_virtual_ip(private_ike_sa_t *this, bool local)
}
}
-/**
- * Implementation of ike_sa_t.add_additional_address.
- */
-static void add_additional_address(private_ike_sa_t *this, host_t *host)
+METHOD(ike_sa_t, add_additional_address, void,
+ private_ike_sa_t *this, host_t *host)
{
this->additional_addresses->insert_last(this->additional_addresses, host);
}
-/**
- * Implementation of ike_sa_t.create_additional_address_iterator.
- */
-static iterator_t* create_additional_address_iterator(private_ike_sa_t *this)
+METHOD(ike_sa_t, create_additional_address_iterator, iterator_t*,
+ private_ike_sa_t *this)
{
return this->additional_addresses->create_iterator(
this->additional_addresses, TRUE);
}
-/**
- * Implementation of ike_sa_t.has_mapping_changed
- */
-static bool has_mapping_changed(private_ike_sa_t *this, chunk_t hash)
+METHOD(ike_sa_t, has_mapping_changed, bool,
+ private_ike_sa_t *this, chunk_t hash)
{
if (this->nat_detection_dest.ptr == NULL)
{
@@ -862,26 +798,20 @@ static bool has_mapping_changed(private_ike_sa_t *this, chunk_t hash)
return TRUE;
}
-/**
- * Implementation of ike_sa_t.set_pending_updates.
- */
-static void set_pending_updates(private_ike_sa_t *this, u_int32_t updates)
+METHOD(ike_sa_t, set_pending_updates, void,
+ private_ike_sa_t *this, u_int32_t updates)
{
this->pending_updates = updates;
}
-/**
- * Implementation of ike_sa_t.get_pending_updates.
- */
-static u_int32_t get_pending_updates(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_pending_updates, u_int32_t,
+ private_ike_sa_t *this)
{
return this->pending_updates;
}
-/**
- * Update hosts, as addresses may change (NAT)
- */
-static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
+METHOD(ike_sa_t, update_hosts, void,
+ private_ike_sa_t *this, host_t *me, host_t *other)
{
bool update = FALSE;
@@ -946,11 +876,8 @@ static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other)
}
}
-/**
- * Implementation of ike_sa_t.generate
- */
-static status_t generate_message(private_ike_sa_t *this, message_t *message,
- packet_t **packet)
+METHOD(ike_sa_t, generate_message, status_t,
+ private_ike_sa_t *this, message_t *message, packet_t **packet)
{
this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
message->set_ike_sa_id(message, this->ike_sa_id);
@@ -994,10 +921,8 @@ static void send_notify_response(private_ike_sa_t *this, message_t *request,
response->destroy(response);
}
-/**
- * Implementation of ike_sa_t.set_kmaddress.
- */
-static void set_kmaddress(private_ike_sa_t *this, host_t *local, host_t *remote)
+METHOD(ike_sa_t, set_kmaddress, void,
+ private_ike_sa_t *this, host_t *local, host_t *remote)
{
DESTROY_IF(this->local_host);
DESTROY_IF(this->remote_host);
@@ -1006,46 +931,35 @@ static void set_kmaddress(private_ike_sa_t *this, host_t *local, host_t *remote)
}
#ifdef ME
-/**
- * Implementation of ike_sa_t.act_as_mediation_server.
- */
-static void act_as_mediation_server(private_ike_sa_t *this)
+METHOD(ike_sa_t, act_as_mediation_server, void,
+ private_ike_sa_t *this)
{
charon->mediation_manager->update_sa_id(charon->mediation_manager,
this->other_id, this->ike_sa_id);
this->is_mediation_server = TRUE;
}
-/**
- * Implementation of ike_sa_t.get_server_reflexive_host.
- */
-static host_t *get_server_reflexive_host(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_server_reflexive_host, host_t*,
+ private_ike_sa_t *this)
{
return this->server_reflexive_host;
}
-/**
- * Implementation of ike_sa_t.set_server_reflexive_host.
- */
-static void set_server_reflexive_host(private_ike_sa_t *this, host_t *host)
+METHOD(ike_sa_t, set_server_reflexive_host, void,
+ private_ike_sa_t *this, host_t *host)
{
DESTROY_IF(this->server_reflexive_host);
this->server_reflexive_host = host;
}
-/**
- * Implementation of ike_sa_t.get_connect_id.
- */
-static chunk_t get_connect_id(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_connect_id, chunk_t,
+ private_ike_sa_t *this)
{
return this->connect_id;
}
-/**
- * Implementation of ike_sa_t.respond
- */
-static status_t respond(private_ike_sa_t *this, identification_t *peer_id,
- chunk_t connect_id)
+METHOD(ike_sa_t, respond, status_t,
+ private_ike_sa_t *this, identification_t *peer_id, chunk_t connect_id)
{
ike_me_t *task = ike_me_create(&this->public, TRUE);
task->respond(task, peer_id, connect_id);
@@ -1053,10 +967,8 @@ static status_t respond(private_ike_sa_t *this, identification_t *peer_id,
return this->task_manager->initiate(this->task_manager);
}
-/**
- * Implementation of ike_sa_t.callback
- */
-static status_t callback(private_ike_sa_t *this, identification_t *peer_id)
+METHOD(ike_sa_t, callback, status_t,
+ private_ike_sa_t *this, identification_t *peer_id)
{
ike_me_t *task = ike_me_create(&this->public, TRUE);
task->callback(task, peer_id);
@@ -1064,12 +976,9 @@ static status_t callback(private_ike_sa_t *this, identification_t *peer_id)
return this->task_manager->initiate(this->task_manager);
}
-/**
- * Implementation of ike_sa_t.relay
- */
-static status_t relay(private_ike_sa_t *this, identification_t *requester,
- chunk_t connect_id, chunk_t connect_key,
- linked_list_t *endpoints, bool response)
+METHOD(ike_sa_t, relay, status_t,
+ private_ike_sa_t *this, identification_t *requester, chunk_t connect_id,
+ chunk_t connect_key, linked_list_t *endpoints, bool response)
{
ike_me_t *task = ike_me_create(&this->public, TRUE);
task->relay(task, requester, connect_id, connect_key, endpoints, response);
@@ -1077,11 +986,8 @@ static status_t relay(private_ike_sa_t *this, identification_t *requester,
return this->task_manager->initiate(this->task_manager);
}
-/**
- * Implementation of ike_sa_t.initiate_mediation
- */
-static status_t initiate_mediation(private_ike_sa_t *this,
- peer_cfg_t *mediated_cfg)
+METHOD(ike_sa_t, initiate_mediation, status_t,
+ private_ike_sa_t *this, peer_cfg_t *mediated_cfg)
{
ike_me_t *task = ike_me_create(&this->public, TRUE);
task->connect(task, mediated_cfg->get_peer_id(mediated_cfg));
@@ -1089,11 +995,8 @@ static status_t initiate_mediation(private_ike_sa_t *this,
return this->task_manager->initiate(this->task_manager);
}
-/**
- * Implementation of ike_sa_t.initiate_mediated
- */
-static status_t initiate_mediated(private_ike_sa_t *this, host_t *me,
- host_t *other, chunk_t connect_id)
+METHOD(ike_sa_t, initiate_mediated, status_t,
+ private_ike_sa_t *this, host_t *me, host_t *other, chunk_t connect_id)
{
set_my_host(this, me->clone(me));
set_other_host(this, other->clone(other));
@@ -1166,12 +1069,9 @@ static void resolve_hosts(private_ike_sa_t *this)
}
}
-/**
- * Implementation of ike_sa_t.initiate
- */
-static status_t initiate(private_ike_sa_t *this,
- child_cfg_t *child_cfg, u_int32_t reqid,
- traffic_selector_t *tsi, traffic_selector_t *tsr)
+METHOD(ike_sa_t, initiate, status_t,
+ private_ike_sa_t *this, child_cfg_t *child_cfg, u_int32_t reqid,
+ traffic_selector_t *tsi, traffic_selector_t *tsr)
{
task_t *task;
@@ -1259,10 +1159,8 @@ static status_t initiate(private_ike_sa_t *this,
return this->task_manager->initiate(this->task_manager);
}
-/**
- * Implementation of ike_sa_t.process_message.
- */
-static status_t process_message(private_ike_sa_t *this, message_t *message)
+METHOD(ike_sa_t, process_message, status_t,
+ private_ike_sa_t *this, message_t *message)
{
status_t status;
bool is_request;
@@ -1367,7 +1265,9 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
}
status = this->task_manager->process_message(this->task_manager, message);
if (message->get_exchange_type(message) == IKE_AUTH &&
- this->state == IKE_ESTABLISHED)
+ this->state == IKE_ESTABLISHED &&
+ lib->settings->get_bool(lib->settings,
+ "charon.flush_auth_cfg", FALSE))
{ /* authentication completed */
flush_auth_cfgs(this);
}
@@ -1375,43 +1275,33 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
return status;
}
-/**
- * Implementation of ike_sa_t.get_id.
- */
-static ike_sa_id_t* get_id(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_id, ike_sa_id_t*,
+ private_ike_sa_t *this)
{
return this->ike_sa_id;
}
-/**
- * Implementation of ike_sa_t.get_my_id.
- */
-static identification_t* get_my_id(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_my_id, identification_t*,
+ private_ike_sa_t *this)
{
return this->my_id;
}
-/**
- * Implementation of ike_sa_t.set_my_id.
- */
-static void set_my_id(private_ike_sa_t *this, identification_t *me)
+METHOD(ike_sa_t, set_my_id, void,
+ private_ike_sa_t *this, identification_t *me)
{
DESTROY_IF(this->my_id);
this->my_id = me;
}
-/**
- * Implementation of ike_sa_t.get_other_id.
- */
-static identification_t* get_other_id(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_other_id, identification_t*,
+ private_ike_sa_t *this)
{
return this->other_id;
}
-/**
- * Implementation of ike_sa_t.get_other_eap_id.
- */
-static identification_t* get_other_eap_id(private_ike_sa_t *this)
+METHOD(ike_sa_t, get_other_eap_id, identification_t*,
+ private_ike_sa_t *this)
{
identification_t *id = NULL, *current;
enumerator_t *enumerator;
@@ -1440,28 +1330,21 @@ static identification_t* get_other_eap_id(private_ike_sa_t *this)
return this->other_id;
}
-/**
- * Implementation of ike_sa_t.set_other_id.
- */
-static void set_other_id(private_ike_sa_t *this, identification_t *other)
+METHOD(ike_sa_t, set_other_id, void,
+ private_ike_sa_t *this, identification_t *other)
{
DESTROY_IF(this->other_id);
this->other_id = other;
}
-/**
- * Implementation of ike_sa_t.add_child_sa.
- */
-static void add_child_sa(private_ike_sa_t *this, child_sa_t *child_sa)
+METHOD(ike_sa_t, add_child_sa, void,
+ private_ike_sa_t *this, child_sa_t *child_sa)
{
this->child_sas->insert_last(this->child_sas, child_sa);
}
-/**
- * Implementation of ike_sa_t.get_child_sa.
- */
-static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
- u_int32_t spi, bool inbound)
+METHOD(ike_sa_t, get_child_sa, child_sa_t*,
+ private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi, bool inbound)
{
iterator_t *iterator;
child_sa_t *current, *found = NULL;
@@ -1479,19 +1362,14 @@ static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
return found;
}
-/**
- * Implementation of ike_sa_t.create_child_sa_iterator.
- */
-static iterator_t* create_child_sa_iterator(private_ike_sa_t *this)
+METHOD(ike_sa_t, create_child_sa_iterator, iterator_t*,
+ private_ike_sa_t *this)
{
return this->child_sas->create_iterator(this->child_sas, TRUE);
}
-/**
- * Implementation of ike_sa_t.rekey_child_sa.
- */
-static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
- u_int32_t spi)
+METHOD(ike_sa_t, rekey_child_sa, status_t,
+ private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
{
child_rekey_t *child_rekey;
@@ -1500,11 +1378,8 @@ static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
return this->task_manager->initiate(this->task_manager);
}
-/**
- * Implementation of ike_sa_t.delete_child_sa.
- */
-static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
- u_int32_t spi)
+METHOD(ike_sa_t, delete_child_sa, status_t,
+ private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
{
child_delete_t *child_delete;
@@ -1513,11 +1388,8 @@ static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
return this->task_manager->initiate(this->task_manager);
}
-/**
- * Implementation of ike_sa_t.destroy_child_sa.
- */
-static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
- u_int32_t spi)
+METHOD(ike_sa_t, destroy_child_sa, status_t,
+ private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi)
{
iterator_t *iterator;
child_sa_t *child_sa;
@@ -1539,10 +1411,8 @@ static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol,
return status;
}
-/**
- * Implementation of public_ike_sa_t.delete.
- */
-static status_t delete_(private_ike_sa_t *this)
+METHOD(ike_sa_t, delete_, status_t,
+ private_ike_sa_t *this)
{
ike_delete_t *ike_delete;
@@ -1567,10 +1437,8 @@ static status_t delete_(private_ike_sa_t *this)
return DESTROY_ME;
}
-/**
- * Implementation of ike_sa_t.rekey.
- */
-static status_t rekey(private_ike_sa_t *this)
+METHOD(ike_sa_t, rekey, status_t,
+ private_ike_sa_t *this)
{
ike_rekey_t *ike_rekey;
@@ -1580,10 +1448,8 @@ static status_t rekey(private_ike_sa_t *this)
return this->task_manager->initiate(this->task_manager);
}
-/**
- * Implementation of ike_sa_t.reauth
- */
-static status_t reauth(private_ike_sa_t *this)
+METHOD(ike_sa_t, reauth, status_t,
+ private_ike_sa_t *this)
{
task_t *task;
@@ -1618,10 +1484,8 @@ static status_t reauth(private_ike_sa_t *this)
return this->task_manager->initiate(this->task_manager);
}
-/**
- * Implementation of ike_sa_t.reestablish
- */
-static status_t reestablish(private_ike_sa_t *this)
+METHOD(ike_sa_t, reestablish, status_t,
+ private_ike_sa_t *this)
{
ike_sa_t *new;
host_t *host;
@@ -1636,14 +1500,13 @@ static status_t reestablish(private_ike_sa_t *this)
iterator = create_child_sa_iterator(this);
while (iterator->iterate(iterator, (void**)&child_sa))
{
- child_cfg = child_sa->get_config(child_sa);
if (this->state == IKE_DELETING)
{
- action = child_cfg->get_close_action(child_cfg);
+ action = child_sa->get_close_action(child_sa);
}
else
{
- action = child_cfg->get_dpd_action(child_cfg);
+ action = child_sa->get_dpd_action(child_sa);
}
switch (action)
{
@@ -1651,7 +1514,8 @@ static status_t reestablish(private_ike_sa_t *this)
restart = TRUE;
break;
case ACTION_ROUTE:
- charon->traps->install(charon->traps, this->peer_cfg, child_cfg);
+ charon->traps->install(charon->traps, this->peer_cfg,
+ child_sa->get_config(child_sa));
break;
default:
break;
@@ -1707,18 +1571,18 @@ static status_t reestablish(private_ike_sa_t *this)
iterator = create_child_sa_iterator(this);
while (iterator->iterate(iterator, (void**)&child_sa))
{
- child_cfg = child_sa->get_config(child_sa);
if (this->state == IKE_DELETING)
{
- action = child_cfg->get_close_action(child_cfg);
+ action = child_sa->get_close_action(child_sa);
}
else
{
- action = child_cfg->get_dpd_action(child_cfg);
+ action = child_sa->get_dpd_action(child_sa);
}
switch (action)
{
case ACTION_RESTART:
+ child_cfg = child_sa->get_config(child_sa);
DBG1(DBG_IKE, "restarting CHILD_SA %s",
child_cfg->get_name(child_cfg));
child_cfg->get_ref(child_cfg);
@@ -1750,9 +1614,41 @@ static status_t reestablish(private_ike_sa_t *this)
}
/**
- * Implementation of ike_sa_t.retransmit.
+ * Requeue the IKE_SA_INIT tasks for initiation, if required
*/
-static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
+static void requeue_init_tasks(private_ike_sa_t *this)
+{
+ enumerator_t *enumerator;
+ bool has_init = FALSE;
+ task_t *task;
+
+ /* if we have advanced to IKE_AUTH, the IKE_INIT and related tasks
+ * have already completed. Recreate them if necessary. */
+ enumerator = this->task_manager->create_task_enumerator(
+ this->task_manager, TASK_QUEUE_QUEUED);
+ while (enumerator->enumerate(enumerator, &task))
+ {
+ if (task->get_type(task) == IKE_INIT)
+ {
+ has_init = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (!has_init)
+ {
+ task = (task_t*)ike_vendor_create(&this->public, TRUE);
+ this->task_manager->queue_task(this->task_manager, task);
+ task = (task_t*)ike_natd_create(&this->public, TRUE);
+ this->task_manager->queue_task(this->task_manager, task);
+ task = (task_t*)ike_init_create(&this->public, TRUE, NULL);
+ this->task_manager->queue_task(this->task_manager, task);
+ }
+}
+
+METHOD(ike_sa_t, retransmit, status_t,
+ private_ike_sa_t *this, u_int32_t message_id)
{
this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
if (this->task_manager->retransmit(this->task_manager, message_id) != SUCCESS)
@@ -1770,6 +1666,7 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
DBG1(DBG_IKE, "peer not responding, trying again (%d/%d)",
this->keyingtry + 1, tries);
reset(this);
+ requeue_init_tasks(this);
return this->task_manager->initiate(this->task_manager);
}
DBG1(DBG_IKE, "establishing IKE_SA failed, peer not responding");
@@ -1790,10 +1687,8 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id)
return SUCCESS;
}
-/**
- * Implementation of ike_sa_t.set_auth_lifetime.
- */
-static void set_auth_lifetime(private_ike_sa_t *this, u_int32_t lifetime)
+METHOD(ike_sa_t, set_auth_lifetime, void,
+ private_ike_sa_t *this, u_int32_t lifetime)
{
u_int32_t reduction = this->peer_cfg->get_over_time(this->peer_cfg);
u_int32_t reauth_time = time_monotonic(NULL) + lifetime - reduction;
@@ -1823,10 +1718,8 @@ static void set_auth_lifetime(private_ike_sa_t *this, u_int32_t lifetime)
}
}
-/**
- * Implementation of ike_sa_t.roam.
- */
-static status_t roam(private_ike_sa_t *this, bool address)
+METHOD(ike_sa_t, roam, status_t,
+ private_ike_sa_t *this, bool address)
{
host_t *src;
ike_mobike_t *mobike;
@@ -1919,12 +1812,9 @@ static status_t roam(private_ike_sa_t *this, bool address)
return reauth(this);
}
-/**
- * Implementation of ike_sa_t.add_configuration_attribute
- */
-static void add_configuration_attribute(private_ike_sa_t *this,
- attribute_handler_t *handler,
- configuration_attribute_type_t type, chunk_t data)
+METHOD(ike_sa_t, add_configuration_attribute, void,
+ private_ike_sa_t *this, attribute_handler_t *handler,
+ configuration_attribute_type_t type, chunk_t data)
{
attribute_entry_t *entry = malloc_thing(attribute_entry_t);
@@ -1935,11 +1825,16 @@ static void add_configuration_attribute(private_ike_sa_t *this,
this->attributes->insert_last(this->attributes, entry);
}
-/**
- * Implementation of ike_sa_t.inherit.
- */
-static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other)
+METHOD(ike_sa_t, create_task_enumerator, enumerator_t*,
+ private_ike_sa_t *this, task_queue_t queue)
+{
+ return this->task_manager->create_task_enumerator(this->task_manager, queue);
+}
+
+METHOD(ike_sa_t, inherit, status_t,
+ private_ike_sa_t *this, ike_sa_t *other_public)
{
+ private_ike_sa_t *other = (private_ike_sa_t*)other_public;
child_sa_t *child_sa;
attribute_entry_t *entry;
@@ -2021,10 +1916,8 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other)
return this->task_manager->initiate(this->task_manager);
}
-/**
- * Implementation of ike_sa_t.destroy.
- */
-static void destroy(private_ike_sa_t *this)
+METHOD(ike_sa_t, destroy, void,
+ private_ike_sa_t *this)
{
attribute_entry_t *entry;
@@ -2106,122 +1999,107 @@ static void destroy(private_ike_sa_t *this)
*/
ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
{
- private_ike_sa_t *this = malloc_thing(private_ike_sa_t);
+ private_ike_sa_t *this;
static u_int32_t unique_id = 0;
- /* Public functions */
- this->public.get_state = (ike_sa_state_t (*)(ike_sa_t*)) get_state;
- this->public.set_state = (void (*)(ike_sa_t*,ike_sa_state_t)) set_state;
- this->public.get_name = (char* (*)(ike_sa_t*))get_name;
- this->public.get_statistic = (u_int32_t(*)(ike_sa_t*, statistic_t kind))get_statistic;
- this->public.process_message = (status_t (*)(ike_sa_t*, message_t*)) process_message;
- this->public.initiate = (status_t (*)(ike_sa_t*,child_cfg_t*,u_int32_t,traffic_selector_t*,traffic_selector_t*)) initiate;
- this->public.get_ike_cfg = (ike_cfg_t* (*)(ike_sa_t*))get_ike_cfg;
- this->public.set_ike_cfg = (void (*)(ike_sa_t*,ike_cfg_t*))set_ike_cfg;
- this->public.get_peer_cfg = (peer_cfg_t* (*)(ike_sa_t*))get_peer_cfg;
- this->public.set_peer_cfg = (void (*)(ike_sa_t*,peer_cfg_t*))set_peer_cfg;
- this->public.get_auth_cfg = (auth_cfg_t*(*)(ike_sa_t*, bool local))get_auth_cfg;
- this->public.create_auth_cfg_enumerator = (enumerator_t*(*)(ike_sa_t*, bool local))create_auth_cfg_enumerator;
- this->public.add_auth_cfg = (void(*)(ike_sa_t*, bool local, auth_cfg_t *cfg))add_auth_cfg;
- this->public.get_proposal = (proposal_t*(*)(ike_sa_t*))get_proposal;
- this->public.set_proposal = (void(*)(ike_sa_t*, proposal_t *proposal))set_proposal;
- this->public.get_id = (ike_sa_id_t* (*)(ike_sa_t*)) get_id;
- this->public.get_my_host = (host_t* (*)(ike_sa_t*)) get_my_host;
- this->public.set_my_host = (void (*)(ike_sa_t*,host_t*)) set_my_host;
- this->public.get_other_host = (host_t* (*)(ike_sa_t*)) get_other_host;
- this->public.set_other_host = (void (*)(ike_sa_t*,host_t*)) set_other_host;
- this->public.set_message_id = (void(*)(ike_sa_t*, bool inbound, u_int32_t mid))set_message_id;
- this->public.update_hosts = (void(*)(ike_sa_t*, host_t *me, host_t *other))update_hosts;
- this->public.get_my_id = (identification_t* (*)(ike_sa_t*)) get_my_id;
- this->public.set_my_id = (void (*)(ike_sa_t*,identification_t*)) set_my_id;
- this->public.get_other_id = (identification_t* (*)(ike_sa_t*)) get_other_id;
- this->public.set_other_id = (void (*)(ike_sa_t*,identification_t*)) set_other_id;
- this->public.get_other_eap_id = (identification_t* (*)(ike_sa_t*)) get_other_eap_id;
- this->public.enable_extension = (void(*)(ike_sa_t*, ike_extension_t extension))enable_extension;
- this->public.supports_extension = (bool(*)(ike_sa_t*, ike_extension_t extension))supports_extension;
- this->public.set_condition = (void (*)(ike_sa_t*, ike_condition_t,bool)) set_condition;
- this->public.has_condition = (bool (*)(ike_sa_t*,ike_condition_t)) has_condition;
- this->public.set_pending_updates = (void(*)(ike_sa_t*, u_int32_t updates))set_pending_updates;
- this->public.get_pending_updates = (u_int32_t(*)(ike_sa_t*))get_pending_updates;
- this->public.create_additional_address_iterator = (iterator_t*(*)(ike_sa_t*))create_additional_address_iterator;
- this->public.add_additional_address = (void(*)(ike_sa_t*, host_t *host))add_additional_address;
- this->public.has_mapping_changed = (bool(*)(ike_sa_t*, chunk_t hash))has_mapping_changed;
- this->public.retransmit = (status_t (*)(ike_sa_t *, u_int32_t)) retransmit;
- this->public.delete = (status_t (*)(ike_sa_t*))delete_;
- this->public.destroy = (void (*)(ike_sa_t*))destroy;
- this->public.send_dpd = (status_t (*)(ike_sa_t*)) send_dpd;
- this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
- this->public.get_keymat = (keymat_t*(*)(ike_sa_t*))get_keymat;
- this->public.add_child_sa = (void (*)(ike_sa_t*,child_sa_t*)) add_child_sa;
- this->public.get_child_sa = (child_sa_t* (*)(ike_sa_t*,protocol_id_t,u_int32_t,bool)) get_child_sa;
- this->public.create_child_sa_iterator = (iterator_t* (*)(ike_sa_t*)) create_child_sa_iterator;
- this->public.rekey_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t)) rekey_child_sa;
- this->public.delete_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t)) delete_child_sa;
- this->public.destroy_child_sa = (status_t (*)(ike_sa_t*,protocol_id_t,u_int32_t))destroy_child_sa;
- this->public.rekey = (status_t (*)(ike_sa_t*))rekey;
- this->public.reauth = (status_t (*)(ike_sa_t*))reauth;
- this->public.reestablish = (status_t (*)(ike_sa_t*))reestablish;
- this->public.set_auth_lifetime = (void(*)(ike_sa_t*, u_int32_t lifetime))set_auth_lifetime;
- this->public.roam = (status_t(*)(ike_sa_t*,bool))roam;
- this->public.inherit = (status_t (*)(ike_sa_t*,ike_sa_t*))inherit;
- this->public.generate_message = (status_t (*)(ike_sa_t*,message_t*,packet_t**))generate_message;
- this->public.reset = (void (*)(ike_sa_t*))reset;
- this->public.get_unique_id = (u_int32_t (*)(ike_sa_t*))get_unique_id;
- this->public.set_virtual_ip = (void (*)(ike_sa_t*,bool,host_t*))set_virtual_ip;
- this->public.get_virtual_ip = (host_t* (*)(ike_sa_t*,bool))get_virtual_ip;
- this->public.add_configuration_attribute = (void(*)(ike_sa_t*, attribute_handler_t *handler,configuration_attribute_type_t type, chunk_t data))add_configuration_attribute;
- this->public.set_kmaddress = (void (*)(ike_sa_t*,host_t*,host_t*))set_kmaddress;
+ INIT(this,
+ .public = {
+ .get_state = _get_state,
+ .set_state = _set_state,
+ .get_name = _get_name,
+ .get_statistic = _get_statistic,
+ .process_message = _process_message,
+ .initiate = _initiate,
+ .get_ike_cfg = _get_ike_cfg,
+ .set_ike_cfg = _set_ike_cfg,
+ .get_peer_cfg = _get_peer_cfg,
+ .set_peer_cfg = _set_peer_cfg,
+ .get_auth_cfg = _get_auth_cfg,
+ .create_auth_cfg_enumerator = _create_auth_cfg_enumerator,
+ .add_auth_cfg = _add_auth_cfg,
+ .get_proposal = _get_proposal,
+ .set_proposal = _set_proposal,
+ .get_id = _get_id,
+ .get_my_host = _get_my_host,
+ .set_my_host = _set_my_host,
+ .get_other_host = _get_other_host,
+ .set_other_host = _set_other_host,
+ .set_message_id = _set_message_id,
+ .update_hosts = _update_hosts,
+ .get_my_id = _get_my_id,
+ .set_my_id = _set_my_id,
+ .get_other_id = _get_other_id,
+ .set_other_id = _set_other_id,
+ .get_other_eap_id = _get_other_eap_id,
+ .enable_extension = _enable_extension,
+ .supports_extension = _supports_extension,
+ .set_condition = _set_condition,
+ .has_condition = _has_condition,
+ .set_pending_updates = _set_pending_updates,
+ .get_pending_updates = _get_pending_updates,
+ .create_additional_address_iterator = _create_additional_address_iterator,
+ .add_additional_address = _add_additional_address,
+ .has_mapping_changed = _has_mapping_changed,
+ .retransmit = _retransmit,
+ .delete = _delete_,
+ .destroy = _destroy,
+ .send_dpd = _send_dpd,
+ .send_keepalive = _send_keepalive,
+ .get_keymat = _get_keymat,
+ .add_child_sa = _add_child_sa,
+ .get_child_sa = _get_child_sa,
+ .create_child_sa_iterator = _create_child_sa_iterator,
+ .rekey_child_sa = _rekey_child_sa,
+ .delete_child_sa = _delete_child_sa,
+ .destroy_child_sa = _destroy_child_sa,
+ .rekey = _rekey,
+ .reauth = _reauth,
+ .reestablish = _reestablish,
+ .set_auth_lifetime = _set_auth_lifetime,
+ .roam = _roam,
+ .inherit = _inherit,
+ .generate_message = _generate_message,
+ .reset = _reset,
+ .get_unique_id = _get_unique_id,
+ .set_virtual_ip = _set_virtual_ip,
+ .get_virtual_ip = _get_virtual_ip,
+ .add_configuration_attribute = _add_configuration_attribute,
+ .set_kmaddress = _set_kmaddress,
+ .create_task_enumerator = _create_task_enumerator,
#ifdef ME
- this->public.act_as_mediation_server = (void (*)(ike_sa_t*)) act_as_mediation_server;
- this->public.get_server_reflexive_host = (host_t* (*)(ike_sa_t*)) get_server_reflexive_host;
- this->public.set_server_reflexive_host = (void (*)(ike_sa_t*,host_t*)) set_server_reflexive_host;
- this->public.get_connect_id = (chunk_t (*)(ike_sa_t*)) get_connect_id;
- this->public.initiate_mediation = (status_t (*)(ike_sa_t*,peer_cfg_t*)) initiate_mediation;
- this->public.initiate_mediated = (status_t (*)(ike_sa_t*,host_t*,host_t*,chunk_t)) initiate_mediated;
- this->public.relay = (status_t (*)(ike_sa_t*,identification_t*,chunk_t,chunk_t,linked_list_t*,bool)) relay;
- this->public.callback = (status_t (*)(ike_sa_t*,identification_t*)) callback;
- this->public.respond = (status_t (*)(ike_sa_t*,identification_t*,chunk_t)) respond;
+ .act_as_mediation_server = _act_as_mediation_server,
+ .get_server_reflexive_host = _get_server_reflexive_host,
+ .set_server_reflexive_host = _set_server_reflexive_host,
+ .get_connect_id = _get_connect_id,
+ .initiate_mediation = _initiate_mediation,
+ .initiate_mediated = _initiate_mediated,
+ .relay = _relay,
+ .callback = _callback,
+ .respond = _respond,
#endif /* ME */
-
- /* initialize private fields */
- this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
- this->child_sas = linked_list_create();
- this->my_host = host_create_any(AF_INET);
+ },
+ .ike_sa_id = ike_sa_id->clone(ike_sa_id),
+ .child_sas = linked_list_create(),
+ .my_host = host_create_any(AF_INET),
+ .other_host = host_create_any(AF_INET),
+ .my_id = identification_create_from_encoding(ID_ANY, chunk_empty),
+ .other_id = identification_create_from_encoding(ID_ANY, chunk_empty),
+ .keymat = keymat_create(ike_sa_id->is_initiator(ike_sa_id)),
+ .state = IKE_CREATED,
+ .stats[STAT_INBOUND] = time_monotonic(NULL),
+ .stats[STAT_OUTBOUND] = time_monotonic(NULL),
+ .my_auth = auth_cfg_create(),
+ .other_auth = auth_cfg_create(),
+ .my_auths = linked_list_create(),
+ .other_auths = linked_list_create(),
+ .task_manager = task_manager_create(&this->public),
+ .unique_id = ++unique_id,
+ .additional_addresses = linked_list_create(),
+ .attributes = linked_list_create(),
+ .keepalive_interval = lib->settings->get_time(lib->settings,
+ "charon.keep_alive", KEEPALIVE_INTERVAL),
+ );
this->my_host->set_port(this->my_host, IKEV2_UDP_PORT);
- this->other_host = host_create_any(AF_INET);
- this->my_id = identification_create_from_encoding(ID_ANY, chunk_empty);
- this->other_id = identification_create_from_encoding(ID_ANY, chunk_empty);
- this->extensions = 0;
- this->conditions = 0;
- this->keymat = keymat_create(ike_sa_id->is_initiator(ike_sa_id));
- this->state = IKE_CREATED;
- this->keepalive_interval = lib->settings->get_time(lib->settings,
- "charon.keep_alive", KEEPALIVE_INTERVAL);
- memset(this->stats, 0, sizeof(this->stats));
- this->stats[STAT_INBOUND] = this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
- this->ike_cfg = NULL;
- this->peer_cfg = NULL;
- this->my_auth = auth_cfg_create();
- this->other_auth = auth_cfg_create();
- this->my_auths = linked_list_create();
- this->other_auths = linked_list_create();
- this->proposal = NULL;
- this->task_manager = task_manager_create(&this->public);
- this->unique_id = ++unique_id;
- this->my_virtual_ip = NULL;
- this->other_virtual_ip = NULL;
- this->additional_addresses = linked_list_create();
- this->attributes = linked_list_create();
- this->nat_detection_dest = chunk_empty;
- this->pending_updates = 0;
- this->keyingtry = 0;
- this->local_host = NULL;
- this->remote_host = NULL;
-#ifdef ME
- this->is_mediation_server = FALSE;
- this->server_reflexive_host = NULL;
- this->connect_id = chunk_empty;
-#endif /* ME */
return &this->public;
}