openikev2::IkeSaController

openikev2::IkeSaController Class Reference

This class represents an IKE_SA Controller, that controls an IKE_SA and stores all its attributes and status. More...

#include <ikesacontroller.h>

Inheritance diagram for openikev2::IkeSaController:

Inheritance graph
[legend]
List of all members.

Public Types

enum  IKE_SA_STATE {
  STATE_INITIAL, STATE_IKE_SA_INIT_SENT, STATE_IKE_AUTH_SENT, STATE_IKE_AUTH_EAP_INIT_SENT,
  STATE_IKE_AUTH_EAP_CONT_SENT, STATE_IKE_AUTH_EAP_FINISH_SENT, STATE_IKE_SA_INIT_RECV, STATE_IKE_AUTH_RECV,
  STATE_IKE_AUTH_EAP_INIT_RECV, STATE_IKE_AUTH_EAP_CONT_RECV, STATE_IKE_AUTH_EAP_SUCCESS, STATE_IKE_SA_ESTABLISHED,
  STATE_NEW_CHILD_SA_SENT, STATE_REKEY_CHILD_SA_SENT, STATE_REKEY_IKE_SA_SENT, STATE_DELETE_CHILD_SA_SENT,
  STATE_DELETE_IKE_SA_SENT, STATE_INFORMATIONAL_SENT, STATE_REDUNDANT_CHILD_SA, STATE_REDUNDANT_IKE_SA,
  STATE_IKE_SA_DYING, STATE_MAX
}
 IKE_SA States. More...

Public Member Functions

 IkeSaController (uint64_t my_spi, bool is_initiator, auto_ptr< IpAddress > my_addr, auto_ptr< IpAddress > peer_addr, auto_ptr< ChildSa > child_sa)
 Creates a new IkeSaController setting its parameters.
 IkeSaController (uint64_t my_spi, bool is_initiator, bool is_auth_initiator, auto_ptr< IpAddress > my_addr, auto_ptr< IpAddress > peer_addr, auto_ptr< ID > my_id, auto_ptr< ID > peer_id)
 Creates a new IkeSaController in a Rekey process.
bool processCommand ()
 Processes the next Command in the queues.
void addResponseNotifyPayload (auto_ptr< Payload_NOTIFY > payload_notify)
 Adds a payload notify in the collection to be included in the next response messasge.
Enums::MESSAGE_ACTION close ()
 Close current IkeSaController.
void setState (IKE_SA_STATE state)
 Changes the IKE_SA state.
IKE_SA_STATE getState ()
 Gets the current IKE_SA state.
void checkForCommands ()
 Checks if this IkeSaController has more commands to be executed TODO: BORRAME.
void pushDeferredCommand (auto_ptr< Command > command)
 Pushes new Command into the deferred command queue.
auto_ptr< MessagecreateMessage (Message::EXCHANGE_TYPE exchange_type, Message::MESSAGE_TYPE message_type) const
 Creates a new Message using the IKE_SA information.
Enums::MESSAGE_ACTION createIkeSaInitRequest ()
 Creates and sends a new IKE_SA_INIT request to the peer Uses the internal proposal and the DH group indicated in the first DH transform.
Enums::MESSAGE_ACTION createIkeSaInitResponse ()
 Creates and sends a new IKE_SA_INIT response to the peer.
Enums::MESSAGE_ACTION createIkeAuthRequest (Payload_CERT_REQ *received_payload_cert_req)
 Creates a new IKE_AUTH request.
Enums::MESSAGE_ACTION createIkeAuthNoEapResponse (auto_ptr< Payload_CONF > payload_conf_r, auto_ptr< Certificate > my_certificate)
 Creates a new IKE_AUTH response.
Enums::MESSAGE_ACTION createRekeyChildSaRequest (uint32_t spi_rekey)
 Creates a new CREATE_CHILD_SA exchange request to rekey a CHILD_SA.
Enums::MESSAGE_ACTION createNewChildSaRequest (auto_ptr< ChildSa > child_sa)
 Creates a new CREATE_CHILD_SA exchange request to create a new CHILD_SA.
Enums::MESSAGE_ACTION createChildSaResponse ()
 Creates a new CREATE_CHILD_SA response.
Enums::MESSAGE_ACTION generateInformationalRequest (AutoVector< Payload > payloads)
 Creates a new INFORMATIONAL request.
Enums::MESSAGE_ACTION createInformationalResponse (AutoVector< Payload > responses)
 Creates a new INFORMATIONAL response.
Enums::MESSAGE_ACTION createRekeyIkeSaRequest ()
 Creates a new IKE_SA REKEY request.
Enums::MESSAGE_ACTION createRekeyIkeSaResponse ()
 Creates a new IKE_SA REKEY response.
Enums::MESSAGE_ACTION createEapInitResponse (auto_ptr< Certificate > my_certificate)
 Creates a new EAP_INIT response.
Enums::MESSAGE_ACTION createEapContinueRequest (auto_ptr< Payload_EAP > payload_eap)
 Creates a new EAP_CONTINUE request.
Enums::MESSAGE_ACTION createEapContinueResponse (auto_ptr< Payload_EAP > payload_eap)
 Creates a new EAP_CONTINUE response.
Enums::MESSAGE_ACTION createEapFinishRequest ()
 Creates a new EAP_FINISH request.
Enums::MESSAGE_ACTION createEapFinishResponse (auto_ptr< Payload_CONF > payload_conf_r)
 Creates a new EAP_FINISH response.
Enums::MESSAGE_ACTION createDeleteChildSaRequest (uint32_t spi)
 Creates a new INFORMATIONAL request to delete a CHILD_SA.
Enums::MESSAGE_ACTION createDeleteIkeSaRequest ()
 Creates a new INFORMATIONAL request to delete the IKE_SA.
Enums::MESSAGE_ACTION createInformationalRequest (AutoVector< Payload > payloads)
 Creates a new INFORMATIONAL request with generic information.
Enums::MESSAGE_ACTION processIkeSaInitRequest (Message &message)
 Process an IKE_SA_INIT request Message and performs adequated actions.
Enums::MESSAGE_ACTION processIkeSaInitResponse (Message &message)
 Process an IKE_SA_INIT response Message and performs adequated actions.
Enums::MESSAGE_ACTION processIkeAuthRequest (Message &message)
 Process an IKE_AUTH request Message and performs adequated actions.
Enums::MESSAGE_ACTION processIkeAuthNoEapRequest (Message &message)
 Process an IKE_AUTH request when no EAP is being used, and perform the adequated actions.
Enums::MESSAGE_ACTION processIkeAuthResponse (Message &message)
 Process an IKE_AUTH response Message and performs adequated actions.
Enums::MESSAGE_ACTION processIkeAuthNoEapResponse (Message &message)
 Process an IKE_AUTH response when no EAP is being used, and perform the adequated actions.
Enums::MESSAGE_ACTION processCreateChildSaRequest (Message &message)
 Process an CREATE_CHILD_SA request Message and performs adequated actions.
Enums::MESSAGE_ACTION processNewChildSaRequest (Message &message)
Enums::MESSAGE_ACTION processRekeyChildSaRequest (Message &message)
Enums::MESSAGE_ACTION processRekeyIkeSaRequest (Message &message)
Enums::MESSAGE_ACTION processCreateChildSaResponse (Message &message)
Enums::MESSAGE_ACTION processNewChildSaResponse (Message &message)
Enums::MESSAGE_ACTION processRekeyChildSaResponse (Message &message)
Enums::MESSAGE_ACTION processRekeyIkeSaResponse (Message &message)
Enums::MESSAGE_ACTION processInformationalRequest (Message &message)
 Process an INFORMATIONAL request Message and performs adequated actions.
Enums::MESSAGE_ACTION processInformationalResponse (Message &message)
Enums::MESSAGE_ACTION processEapInitRequest (Message &message)
 Process an EAP_INIT request Message and performs adequated actions.
Enums::MESSAGE_ACTION processEapInitResponse (Message &message)
 Process an EAP_INIT response Message and performs adequated actions.
Enums::MESSAGE_ACTION processEapContinueRequest (Message &message)
 Process an EAP_CONTINUE request Message and performs adequated actions.
Enums::MESSAGE_ACTION processEapContinueResponse (Message &message)
 Process an EAP_CONTINUE response Message and performs adequated actions.
Enums::MESSAGE_ACTION processEapFinishRequest (Message &message)
 Process an EAP_FINISH request Message and performs adequated actions.
Enums::MESSAGE_ACTION processEapFinishResponse (Message &message)
 Process and EAP_FINISH response Message and performs appropiated actions.
Enums::MESSAGE_ACTION processMessage (Message &message)
 Process a received Message.
Enums::NOTIFY_ACTION processNotifies (Message &message, ChildSa *child_sa)
 Process the notification payloads included in message and perform the apropiated actions.
void sendNotifyResponse (Message::EXCHANGE_TYPE type, auto_ptr< Payload_NOTIFY > notify)
AutoVector< PayloadprocessDeleteRequest (vector< Payload * > payloads_delete)
 Process delete requests.
AutoVector< PayloadprocessNotifyRequest (Message &message)
 Process notify requests.
AutoVector< PayloadprocessConfigRequest (vector< Payload * > payloads_config)
 Process configuration requests.
void processDeleteResponse (vector< Payload * > payloads_delete)
 Process delete response.
void processNotifyResponse (Message &message)
 Process notify response.
void processConfigResponse (vector< Payload * > payloads_config)
 Process configuration response.
Enums::MESSAGE_ACTION retransmitLastRequest ()
 Retransmits last sent request.
void retransmitLastResponse ()
 Retransmit las sent response.
void notifyAlarm (Alarm &alarm)
 Executes tasks associated to alarm events.
Enums::MESSAGE_ACTION processAlarm (Alarm &alarm)
void IKE_SA_ERROR_i (string error1, string error2, Payload_NOTIFY::NOTIFY_TYPE error_type)
 Performs the common actions associated to a IKE_SA error in the initiator side.
void IKE_SA_ERROR_r (string error1, string error2, Payload_NOTIFY::NOTIFY_TYPE error_type, Message::EXCHANGE_TYPE exchange_type)
 Performs the common actions associated to a IKE_SA error in the responder side.
void IKE_SA_ERROR (bool initiator, string error1, string error2, Payload_NOTIFY::NOTIFY_TYPE error_type, Message::EXCHANGE_TYPE exchange_type)
void CHILD_SA_ERROR_i (string error1, string error2, Payload_NOTIFY::NOTIFY_TYPE error_type, ChildSa &child_sa)
 Performs the common actions associated to a CHILD_SA error in the initiator side These actions are: Write a log message, send a bus event, delete the ike configuration object and push an ExitCommand.
void CHILD_SA_ERROR_r (string error1, string error2, Payload_NOTIFY::NOTIFY_TYPE error_type, Message::EXCHANGE_TYPE exchange_type, ChildSa &child_sa)
 Performs the common actions associated to a CHILD_SA error in the responder side These actions are: Send a error notify, write a log message, send a bus event, delete the ike configuration object and push an ExitCommand.
IkeConfigurationgetIkeConfiguration () const

Static Public Member Functions

static string IKE_SA_STATE_STR (IKE_SA_STATE state)
 Gets a textual representation of an IKE_SA state.

Public Attributes

uint64_t my_spi
 Our SPI.
uint64_t peer_spi
 Peer SPI.
auto_ptr< IpAddressmy_addr
 Our address.
auto_ptr< IpAddresspeer_addr
 Peer IP address.
uint32_t my_message_id
 Current own message id.
uint32_t peer_message_id
 Expected peer message id.
bool is_initiator
 Indicates if we are the original initiator.
bool is_auth_initiator
 Indicates if we are the original authentication initiator.
auto_ptr< Messageike_sa_init_req
 IKE_SA_INIT request message.
auto_ptr< Messageike_sa_init_res
 IKE_SA_INIT response message.
auto_ptr< Messagelast_sent_request
 Last sent request.
auto_ptr< Messagelast_sent_response
 Last sent response.
uint32_t remaining_timeout_retries
 Remaining retries to send the current request.
auto_ptr< Alarmretransmition_alarm
 Retransmition alarm.
auto_ptr< EapClientControllereap_client_controller
 EAP Controller.
auto_ptr< EapServerControllereap_server_controller
 EAP Controller.
bool is_half_open
 Indicates if this IKE_SA is half open.
auto_ptr< IDmy_id
 Our identification.
auto_ptr< IDpeer_id
 Peer identification.
auto_ptr< AttributeMapattributemap
 Extra attributes.
bool peer_support_hash_url
 Indicates if peer supports HASH & URL certificates.
map< uint32_t, ChildSa * > child_sa_collection_inbound
 Child SA collection (indexed by inbound SPI).
map< uint32_t, ChildSa * > child_sa_collection_outbound
 Child SA collection (indexed by outbound SPI).
auto_ptr< ChildSamy_creating_child_sa
 CHILD SA being created by us.
auto_ptr< ChildSapeer_creating_child_sa
 CHILD SA being created by the peer.
auto_ptr< Alarmrekey_ike_sa_alarm
 Rekey IKE SA notification alarm.
auto_ptr< Alarmhalfopen_alarm
 Alarm limiting the negotiation time of the IKE SA.
auto_ptr< ByteArraymy_nonce
 Our nonce payload.
auto_ptr< ByteArraypeer_nonce
 Peer nonce payload.
bool is_idle
 If the IKE_SA is not used since the last rekeying.
auto_ptr< IkeSaControllermy_creating_ike_sa
 IKE SA being created by us.
auto_ptr< IkeSaControllerpeer_creating_ike_sa
 IKE SA being created by the peer.
bool is_dying
 Indicates if this IkeSaController is dying.
auto_ptr< ByteArraymy_vendor_id
 Our VENDOR ID.
auto_ptr< ByteArraypeer_vendor_id
 Peer VENDOR ID.
auto_ptr< DiffieHellmandh
 Diffie Hellman used to compute IKE SA shared secret.

Protected Member Functions

void base (uint64_t my_spi, bool is_initiator, auto_ptr< IpAddress > my_addr, auto_ptr< IpAddress > peer_addr)
 Base IkeSaController creation method.
void pushCommand (auto_ptr< Command > command, bool priority)
 Pushes a new Command into the queue.
auto_ptr< CommandpopDeferredCommand ()
 Extracts the first Message from the deferred queue.
auto_ptr< CommandpopCommand ()
 Extracts the first Message from the queue.
bool checkPeerIkeSpi (Message &message)
 Checks the peer SPI value of the Message.
bool checkMessageId (Message &message)
 Checks the sequence number of the MEssage.
void createChildSa (auto_ptr< ChildSa > child_sa)
 Creates physically a new ChildSa and adds it into collection.
void inheritIkeSaStatus (IkeSaController &other)
ChildSagetChildSa (uint32_t spi)
ProposalgetProposal () const
void setProposal (auto_ptr< Proposal > proposal)
Enums::MESSAGE_ACTION createIkeSaNegotiationRequest (Message &message, IkeSaController &ike_sa_controller)
Enums::MESSAGE_ACTION processIkeSaNegotiationResponse (Message &message, IkeSaController &ike_sa_controller)
Enums::MESSAGE_ACTION processIkeSaNegotiationRequest (Message &message, IkeSaController &ike_sa_controller)
Enums::MESSAGE_ACTION createIkeSaNegotiationResponse (Message &message, IkeSaController &ike_sa_controller)
Enums::MESSAGE_ACTION createChildSaNegotiationRequest (Message &message)
Enums::MESSAGE_ACTION processChildSaNegotiationResponse (Message &message)
Enums::MESSAGE_ACTION processChildSaNegotiationRequest (Message &message)
Enums::MESSAGE_ACTION createChildSaNegotiationResponse (Message &message)

Static Protected Member Functions

static IkeSaControllerhasMinNonce (const IkeSaController &ike_sa_controller1, const IkeSaController &ike_sa_controller2)
 Determines what IkeSaController has the minimal nonce value.

Protected Attributes

IKE_SA_STATE state
 IKE SA state.
auto_ptr< IkeConfigurationike_configuration
 IKE SA configuration.
auto_ptr< IpsecConfigurationipsec_configuration
 Configuration for all the Child SAs.
deque< Command * > command_queue
 Command Queue.
deque< Command * > deferred_queue
 Deferred Command Queue.
bool has_pending_command
 Indicates if the IKE SA has pending commands to be executed.
auto_ptr< Mutexmutex_command_queue
 Mutex to protect command queue accesses.
AutoVector< Payload_NOTIFYresponse_notifies_to_be_included
 Payload collection that must be included in the next response message.
auto_ptr< Ciphersend_cipher
 Cipher used to encrypt outgoing messages.
auto_ptr< Cipherreceive_cipher
 Cipher used to decrypt incoming messages.
auto_ptr< PseudoRandomFunctionprf
 PRF used to create AUTH payloads and more.
auto_ptr< KeyRingkey_ring
 IKE SA KeyRing.

Friends

class ThreadControllerImpl
class BusEventIkeSa

Detailed Description

This class represents an IKE_SA Controller, that controls an IKE_SA and stores all its attributes and status.

Author:
Alejandro Perez Mendez, Pedro J. Fernandez Ruiz <alejandro_perez@dif.um.es, pedroj.fernandez@dif.um.es>

Member Enumeration Documentation

enum openikev2::IkeSaController::IKE_SA_STATE

IKE_SA States.

Enumerator:
STATE_INITIAL  Initial state.

All the newly created IKE_SAs start in this state.

STATE_IKE_SA_INIT_SENT  IKE_SA_INIT exchange request has been sent.
STATE_IKE_AUTH_SENT  IKE_AUTH exchange request has been sent.
STATE_IKE_AUTH_EAP_INIT_SENT  IKE_AUTH exchange request has been sent without AUTH payload (EAP init).
STATE_IKE_AUTH_EAP_CONT_SENT  IKE_AUTH exchange request has been sent with only an EAP payload (EAP continue).
STATE_IKE_AUTH_EAP_FINISH_SENT  IKE_AUTH exchange request has been sent with AUTH payload (EAP finish).
STATE_IKE_SA_INIT_RECV  IKE_SA_INIT exchange request has been received.
STATE_IKE_AUTH_RECV  IKE_AUTH exchange request has been received.
STATE_IKE_AUTH_EAP_INIT_RECV  IKE_AUTH exchange request has been received without AUTH paylaod (EAP init).
STATE_IKE_AUTH_EAP_CONT_RECV  IKE_AUTH exchange request has been received with only an EAP payload (EAP coninue).
STATE_IKE_AUTH_EAP_SUCCESS  IKE_AUTH exchange request has been sent with AUTH payload (EAP success).
STATE_IKE_SA_ESTABLISHED  IKE_SA is already established.
STATE_NEW_CHILD_SA_SENT  New CREATE_CHILD_SA exchange has been sent to create a new Child SA.
STATE_REKEY_CHILD_SA_SENT  New CREATE_CHILD_SA exchange has been sent to rekey a Child SA.
STATE_REKEY_IKE_SA_SENT  New CREATE_CHILD_SA exchange has been sent to rekey an IKE SA.
STATE_DELETE_CHILD_SA_SENT  New INFORMATIONAL exchange has been sent to delete a Child SA.
STATE_DELETE_IKE_SA_SENT  New INFORMATIONAL exchange has been sent to delete an IKE SA.
STATE_INFORMATIONAL_SENT  New INFORMATIONAL exchange has been sent.
STATE_REDUNDANT_CHILD_SA  A redundant Child SA is being created.
STATE_REDUNDANT_IKE_SA  A redundant IKE SA is being created.
STATE_IKE_SA_DYING  The IKE SA is dying.
STATE_MAX  Maximun state value.

Constructor & Destructor Documentation

openikev2::IkeSaController::IkeSaController ( uint64_t  my_spi,
bool  is_initiator,
auto_ptr< IpAddress my_addr,
auto_ptr< IpAddress peer_addr,
auto_ptr< ChildSa child_sa 
)

Creates a new IkeSaController setting its parameters.

Parameters:
spi SPI given to this IKE_SA.
is_initiator Indicates if this is the initiator.
addr Own IpAddress used to communicate with the Peer.
peer_addr Peer IpAddress wich communicates with us.
child_sa ChildSa to be created

openikev2::IkeSaController::IkeSaController ( uint64_t  my_spi,
bool  is_initiator,
bool  is_auth_initiator,
auto_ptr< IpAddress my_addr,
auto_ptr< IpAddress peer_addr,
auto_ptr< ID my_id,
auto_ptr< ID peer_id 
)

Creates a new IkeSaController in a Rekey process.

Parameters:
spi SPI given to this IKE_SA.
is_initiator Indicates if this is the initiator.
is_auth_initiator Indicates if this is the authentication initiator.
addr Own IpAddress used to communicate with the Peer.
peer_addr Peer IpAddress wich communicates with us.
my_id Own ID to use with this IKE_SA
peer_id Peer ID to use with this IKE_SA

Member Function Documentation

void openikev2::IkeSaController::base ( uint64_t  my_spi,
bool  is_initiator,
auto_ptr< IpAddress my_addr,
auto_ptr< IpAddress peer_addr 
) [protected]

Base IkeSaController creation method.

Used in all the different constructors.

Parameters:
spi IKE_SA SPI
is_initiator Indicates if we are initiators
addr Own IP Address
peer_addr Peer IP Address

IkeSaController & openikev2::IkeSaController::hasMinNonce ( const IkeSaController ike_sa_controller1,
const IkeSaController ike_sa_controller2 
) [static, protected]

Determines what IkeSaController has the minimal nonce value.

Parameters:
ike_sa_controller1 IkeSaController object to compare its nonces
ike_sa_controller2 IkeSaController object to compare its nonces
Returns:
The IkeSaController with the minimal nonce value

void openikev2::IkeSaController::pushCommand ( auto_ptr< Command command,
bool  priority 
) [protected]

Pushes a new Command into the queue.

Parameters:
command Command to be inserted into the queue.
priority If TRUE, then the command is inserted at the front. Otherwise, is inserted at the back.

auto_ptr< Command > openikev2::IkeSaController::popDeferredCommand (  )  [protected]

Extracts the first Message from the deferred queue.

Returns:
Extracted Command

auto_ptr< Command > openikev2::IkeSaController::popCommand (  )  [protected]

Extracts the first Message from the queue.

If there are deferred Commands, and the state == IKE_SA_ESTABLISHED, then search first in the deferred queue

Returns:
Extracted Command

bool openikev2::IkeSaController::checkPeerIkeSpi ( Message message  )  [protected]

Checks the peer SPI value of the Message.

Parameters:
message Message to be checked.
Returns:
TRUE if is valid. FALSE otherwise.

bool openikev2::IkeSaController::checkMessageId ( Message message  )  [protected]

Checks the sequence number of the MEssage.

Parameters:
message Message to be checked.
Returns:
TRUE if is valid. FALSE otherwise.

void openikev2::IkeSaController::createChildSa ( auto_ptr< ChildSa child_sa  )  [protected]

Creates physically a new ChildSa and adds it into collection.

The ChildSa must have updated the two SPI values, the proposal, the selectors and the DH value (if needed). The keyring will be created by this method

Parameters:
child_sa ChildSa to be created

string openikev2::IkeSaController::IKE_SA_STATE_STR ( IKE_SA_STATE  state  )  [static]

Gets a textual representation of an IKE_SA state.

Parameters:
state IKE_SA state
Returns:
The textual representation

bool openikev2::IkeSaController::processCommand (  ) 

Processes the next Command in the queues.

Returns:
TRUE if the life of this IkeSaController has been expired and must be deleted. FALSE otherwise

void openikev2::IkeSaController::addResponseNotifyPayload ( auto_ptr< Payload_NOTIFY payload_notify  ) 

Adds a payload notify in the collection to be included in the next response messasge.

Parameters:
payload_notify Payload_NOTIFY to be included in the collection

void openikev2::IkeSaController::setState ( IKE_SA_STATE  state  ) 

Changes the IKE_SA state.

Parameters:
state New IKE_SA state

IkeSaController::IKE_SA_STATE openikev2::IkeSaController::getState (  ) 

Gets the current IKE_SA state.

Returns:
Current IKE_SA state

void openikev2::IkeSaController::pushDeferredCommand ( auto_ptr< Command command  ) 

Pushes new Command into the deferred command queue.

Parameters:
command Command to be inserted into queue

auto_ptr< Message > openikev2::IkeSaController::createMessage ( Message::EXCHANGE_TYPE  exchange_type,
Message::MESSAGE_TYPE  message_type 
) const

Creates a new Message using the IKE_SA information.

Parameters:
exchange_type Exchange type
message_type Indicates if the Message is a request or a response
Returns:
The new created Message object

Enums::MESSAGE_ACTION openikev2::IkeSaController::createIkeSaInitRequest (  ) 

Creates and sends a new IKE_SA_INIT request to the peer Uses the internal proposal and the DH group indicated in the first DH transform.

Returns:
Action to be performed after message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createIkeSaInitResponse (  ) 

Creates and sends a new IKE_SA_INIT response to the peer.

Returns:
Action to be performed after message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createIkeAuthRequest ( Payload_CERT_REQ received_payload_cert_req  ) 

Creates a new IKE_AUTH request.

Parameters:
received_payload_cert_req Received PAYLOAD_CERT_REQ in the IKE_SA_INIT exchange response. NULL if not received
Returns:
Action to be performed after message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createIkeAuthNoEapResponse ( auto_ptr< Payload_CONF payload_conf_r,
auto_ptr< Certificate my_certificate 
)

Creates a new IKE_AUTH response.

Parameters:
payload_conf_r Response configuration payload.
my_certificate My certificate to sign the AUTH

Enums::MESSAGE_ACTION openikev2::IkeSaController::createRekeyChildSaRequest ( uint32_t  spi_rekey  ) 

Creates a new CREATE_CHILD_SA exchange request to rekey a CHILD_SA.

Parameters:
spi_rekey SPI of the CHILD_SA to be rekeyed
Returns:
Action to be performed after message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createNewChildSaRequest ( auto_ptr< ChildSa child_sa  ) 

Creates a new CREATE_CHILD_SA exchange request to create a new CHILD_SA.

Parameters:
child_sa CHILD_SA to be created
Returns:
Action to be performed after message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createChildSaResponse (  ) 

Creates a new CREATE_CHILD_SA response.

Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::generateInformationalRequest ( AutoVector< Payload payloads  ) 

Creates a new INFORMATIONAL request.

Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createInformationalResponse ( AutoVector< Payload responses  ) 

Creates a new INFORMATIONAL response.

Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createRekeyIkeSaRequest (  ) 

Creates a new IKE_SA REKEY request.

Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createRekeyIkeSaResponse (  ) 

Creates a new IKE_SA REKEY response.

Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createEapInitResponse ( auto_ptr< Certificate my_certificate  ) 

Creates a new EAP_INIT response.

Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createEapContinueRequest ( auto_ptr< Payload_EAP payload_eap  ) 

Creates a new EAP_CONTINUE request.

Parameters:
payload_eap The EAP payload to be included in the message
Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createEapContinueResponse ( auto_ptr< Payload_EAP payload_eap  ) 

Creates a new EAP_CONTINUE response.

Parameters:
payload_eap The EAP payload to be included in the message
Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createEapFinishRequest (  ) 

Creates a new EAP_FINISH request.

Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createEapFinishResponse ( auto_ptr< Payload_CONF payload_conf_r  ) 

Creates a new EAP_FINISH response.

Parameters:
payload_conf_r Response Payload_CONF to be included in the response
Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createDeleteChildSaRequest ( uint32_t  spi  ) 

Creates a new INFORMATIONAL request to delete a CHILD_SA.

Parameters:
spi SPI of the SA to be deleted. If 0 value, then IKE_SA delete is assumed.
Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createDeleteIkeSaRequest (  ) 

Creates a new INFORMATIONAL request to delete the IKE_SA.

Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::createInformationalRequest ( AutoVector< Payload payloads  ) 

Creates a new INFORMATIONAL request with generic information.

Parameters:
payloads Payloads to be sent within the message
Returns:
Action to be performed after the message creation

Enums::MESSAGE_ACTION openikev2::IkeSaController::processIkeSaInitRequest ( Message message  ) 

Process an IKE_SA_INIT request Message and performs adequated actions.

Parameters:
message IKE_SA_INIT request Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processIkeSaInitResponse ( Message message  ) 

Process an IKE_SA_INIT response Message and performs adequated actions.

Parameters:
message IKE_SA_INIT response Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processIkeAuthRequest ( Message message  ) 

Process an IKE_AUTH request Message and performs adequated actions.

Parameters:
message IKE_AUTH request Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processIkeAuthNoEapRequest ( Message message  ) 

Process an IKE_AUTH request when no EAP is being used, and perform the adequated actions.

Parameters:
message IKE_AUTH request Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processIkeAuthResponse ( Message message  ) 

Process an IKE_AUTH response Message and performs adequated actions.

Parameters:
message IKE_AUTH response Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processIkeAuthNoEapResponse ( Message message  ) 

Process an IKE_AUTH response when no EAP is being used, and perform the adequated actions.

Parameters:
message IKE_AUTH response Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processCreateChildSaRequest ( Message message  ) 

Process an CREATE_CHILD_SA request Message and performs adequated actions.

Parameters:
message CREATE_CHILD_SA request Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processInformationalRequest ( Message message  ) 

Process an INFORMATIONAL request Message and performs adequated actions.

Parameters:
message INFORMATIONAL request Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processEapInitRequest ( Message message  ) 

Process an EAP_INIT request Message and performs adequated actions.

Parameters:
message EAP_INIT request Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processEapInitResponse ( Message message  ) 

Process an EAP_INIT response Message and performs adequated actions.

Parameters:
message EAP_INIT response Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processEapContinueRequest ( Message message  ) 

Process an EAP_CONTINUE request Message and performs adequated actions.

Parameters:
message EAP_CONTINUE response Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processEapContinueResponse ( Message message  ) 

Process an EAP_CONTINUE response Message and performs adequated actions.

Parameters:
message EAP_CONTINUE response message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processEapFinishRequest ( Message message  ) 

Process an EAP_FINISH request Message and performs adequated actions.

Parameters:
message EAP_FINISH response Message.
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processEapFinishResponse ( Message message  ) 

Process and EAP_FINISH response Message and performs appropiated actions.

Parameters:
message EAP_FINISH response Message
Returns:
Action to be performed after message processing

Enums::MESSAGE_ACTION openikev2::IkeSaController::processMessage ( Message message  ) 

Process a received Message.

Parameters:
message Received Message.

Enums::NOTIFY_ACTION openikev2::IkeSaController::processNotifies ( Message message,
ChildSa child_sa 
)

Process the notification payloads included in message and perform the apropiated actions.

Parameters:
message Received message
child_sa Child SA needed to process notifications (NULL if not needed)
Returns:
Action to be performed after the notification processing

AutoVector< Payload > openikev2::IkeSaController::processDeleteRequest ( vector< Payload * >  payloads_delete  ) 

Process delete requests.

Parameters:
payloads_delete Delete payload collection (outbound half)
Returns:
Response delete payload collection (inbound half)

AutoVector< Payload > openikev2::IkeSaController::processNotifyRequest ( Message message  ) 

Process notify requests.

Parameters:
message Received INFORMATIONAL request
Returns:
Response notify payload collection

AutoVector< Payload > openikev2::IkeSaController::processConfigRequest ( vector< Payload * >  payloads_config  ) 

Process configuration requests.

Parameters:
payloads_config Configuration payload collection
Returns:
Response configuration payload collection

void openikev2::IkeSaController::processDeleteResponse ( vector< Payload * >  payloads_delete  ) 

Process delete response.

Parameters:
payloads_delete Delete payload collection (outbound half)

void openikev2::IkeSaController::processNotifyResponse ( Message message  ) 

Process notify response.

Parameters:
message Received INFORMATIONAL response

void openikev2::IkeSaController::processConfigResponse ( vector< Payload * >  payloads_config  ) 

Process configuration response.

Parameters:
payloads_config Configuration payload collection

void openikev2::IkeSaController::notifyAlarm ( Alarm alarm  )  [virtual]

Executes tasks associated to alarm events.

Parameters:
alarm Alarm that produces current event.

Implements openikev2::Alarmable.

void openikev2::IkeSaController::IKE_SA_ERROR_i ( string  error1,
string  error2,
Payload_NOTIFY::NOTIFY_TYPE  error_type 
)

Performs the common actions associated to a IKE_SA error in the initiator side.

Parameters:
error1 Text string shown before IKE_SA SPI value
error2 Text string shown after IKE_SA SPI value
error_type Type of the error.

void openikev2::IkeSaController::IKE_SA_ERROR_r ( string  error1,
string  error2,
Payload_NOTIFY::NOTIFY_TYPE  error_type,
Message::EXCHANGE_TYPE  exchange_type 
)

Performs the common actions associated to a IKE_SA error in the responder side.

These actions are: Write a log message, send a bus event, delete the ike configuration object and push an ExitCommand.

Parameters:
error1 Text string shown before IKE_SA SPI value
error2 Text string shown after IKE_SA SPI value
error_type Type of the error.
exchange_type Exchange type.

void openikev2::IkeSaController::CHILD_SA_ERROR_i ( string  error1,
string  error2,
Payload_NOTIFY::NOTIFY_TYPE  error_type,
ChildSa child_sa 
)

Performs the common actions associated to a CHILD_SA error in the initiator side These actions are: Write a log message, send a bus event, delete the ike configuration object and push an ExitCommand.

Parameters:
error1 Text string shown before IKE_SA SPI value
error2 Text string shown after IKE_SA SPI value
error_type Type of the error.
child_sa Failed Child SA (the method will delete it) .

void openikev2::IkeSaController::CHILD_SA_ERROR_r ( string  error1,
string  error2,
Payload_NOTIFY::NOTIFY_TYPE  error_type,
Message::EXCHANGE_TYPE  exchange_type,
ChildSa child_sa 
)

Performs the common actions associated to a CHILD_SA error in the responder side These actions are: Send a error notify, write a log message, send a bus event, delete the ike configuration object and push an ExitCommand.

Parameters:
error1 Text string shown before IKE_SA SPI value
error2 Text string shown after IKE_SA SPI value
error_type Type of the error.
exchange_type Exchange type
child_sa Failed Child SA (the method will delete it) .

Member Data Documentation

auto_ptr<Message> openikev2::IkeSaController::ike_sa_init_req

IKE_SA_INIT request message.

It is stored in order to generate and check the AUTH payload

auto_ptr<Message> openikev2::IkeSaController::ike_sa_init_res

IKE_SA_INIT response message.

It is stored in order to generete and check the AUTH payload

auto_ptr<AttributeMap> openikev2::IkeSaController::attributemap

Extra attributes.

This attribute will be inherit by the new IKE_SA when rekeying

map<uint32_t, ChildSa*> openikev2::IkeSaController::child_sa_collection_outbound

Child SA collection (indexed by outbound SPI).

This collection is redundant and it exist only for performance reasons.

Generated on Fri Jul 27 11:04:51 2007 for libopenikev2 by  doxygen 1.5.1