1 /* timer event handling
2 * Copyright (C) 1997 Angelos D. Keromytis.
3 * Copyright (C) 1998-2001 D. Hugh Redelmeier.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * RCSID $Id: timer.c,v 1.71 2002/03/23 20:15:35 dhr Exp $
20 #include <sys/types.h>
23 #include <netinet/in.h>
24 #include <arpa/inet.h>
28 #include "constants.h"
32 #include "connections.h" /* needs id.h */
35 #include "demux.h" /* needs packet.h */
36 #include "ipsec_doi.h" /* needs demux.h and state.h */
45 #include "nat_traversal.h"
48 /* monotonic version of time(3) */
52 static time_t delta = 0
54 time_t n = time((time_t)NULL);
56 passert(n != (time_t)-1);
59 log("time moved backwards %ld seconds", (long)(last_time - n));
60 delta += last_time - n;
66 /* This file has the event handling routines. Events are
67 * kept as a linked list of event structures. These structures
68 * have information like event type, expiration time and a pointer
69 * to event specific data (for example, to a state structure).
72 static struct event *evlist = (struct event *) NULL;
75 * This routine places an event in the event list.
78 event_schedule(enum event_type type, time_t tm, struct state *st)
80 struct event *ev = alloc_thing(struct event, "struct event in event_schedule()");
83 ev->ev_time = tm + now();
86 /* If the event is associated with a state, put a backpointer to the
87 * event in the state object, so we can find and delete the event
88 * if we need to (for example, if we receive a reply).
92 if (type == EVENT_DPD || type == EVENT_DPD_TIMEOUT)
94 passert(st->st_dpd_event == NULL);
95 st->st_dpd_event = ev;
99 passert(st->st_event == NULL);
106 DBG_log("inserting event %s, timeout in %lu seconds"
107 , enum_show(&timer_event_names, type), (unsigned long)tm);
109 DBG_log("inserting event %s, timeout in %lu seconds for #%lu"
110 , enum_show(&timer_event_names, type), (unsigned long)tm
111 , ev->ev_state->st_serialno));
113 if (evlist == (struct event *) NULL
114 || evlist->ev_time >= ev->ev_time)
116 ev->ev_next = evlist;
123 for (evt = evlist; evt->ev_next != NULL; evt = evt->ev_next)
124 if (evt->ev_next->ev_time >= ev->ev_time)
127 #ifdef NEVER /* this seems to be overkill */
129 if (evt->ev_state == NULL)
130 DBG_log("event added after event %s"
131 , enum_show(&timer_event_names, evt->ev_type));
133 DBG_log("event added after event %s for #%lu"
134 , enum_show(&timer_event_names, evt->ev_type)
135 , evt->ev_state->st_serialno));
138 ev->ev_next = evt->ev_next;
144 * Handle the first event on the list.
147 handle_timer_event(void)
150 struct event *ev = evlist;
153 struct connection *c;
156 if (ev == (struct event *) NULL) /* Just paranoid */
158 DBG(DBG_CONTROL, DBG_log("empty event list, yet we're called"));
167 if (tm < ev->ev_time)
169 DBG(DBG_CONTROL, DBG_log("called while no event expired (%lu/%lu, %s)"
170 , (unsigned long)tm, (unsigned long)ev->ev_time
171 , enum_show(&timer_event_names, type)));
173 /* This will happen if the most close-to-expire event was
174 * a retransmission or cleanup, and we received a packet
175 * at the same time as the event expired. Due to the processing
176 * order in call_server(), the packet processing will happen first,
177 * and the event will be removed.
182 evlist = evlist->ev_next; /* Ok, we'll handle this event */
185 if (evlist != (struct event *) NULL)
186 DBG_log("event after this is %s in %ld seconds",
187 enum_show(&timer_event_names, evlist->ev_type),
188 (long) (evlist->ev_time - tm)));
190 /* for state-associated events, pick up the state pointer
191 * and remove the backpointer from the state object.
192 * We'll eventually either schedule a new event, or delete the state.
194 passert(GLOBALS_ARE_RESET());
197 c = st->st_connection;
198 if (type == EVENT_DPD || type == EVENT_DPD_TIMEOUT)
200 passert(st->st_dpd_event == ev);
201 st->st_dpd_event = NULL;
205 passert(st->st_event == ev);
208 peer = c->that.host_addr;
214 case EVENT_REINIT_SECRET:
216 DBG(DBG_CONTROL, DBG_log("event EVENT_REINIT_SECRET handled"));
221 case EVENT_SHUNT_SCAN:
227 case EVENT_RETRANSMIT:
228 /* Time to retransmit, or give up.
230 * Generally, we'll only try to send the message
231 * MAXIMUM_RETRANSMISSIONS times. Each time we double
234 * As a special case, if this is the first initiating message
235 * of a Main Mode exchange, and we have been directed to try
236 * forever, we'll extend the number of retransmissions to
237 * MAXIMUM_RETRANSMISSIONS_INITIAL times, with all these
238 * extended attempts having the same patience. The intention
239 * is to reduce the bother when nobody is home.
244 DBG(DBG_CONTROL, DBG_log(
245 "handling event EVENT_RETRANSMIT for %s \"%s\" #%lu"
246 , ip_str(&peer), c->name, st->st_serialno));
248 if (st->st_retransmit < MAXIMUM_RETRANSMISSIONS)
249 delay = EVENT_RETRANSMIT_DELAY_0 << (st->st_retransmit + 1);
250 else if ((st->st_state == STATE_MAIN_I1
251 || st->st_state == STATE_AGGR_I1)
252 && c->sa_keying_tries == 0
253 && st->st_retransmit < MAXIMUM_RETRANSMISSIONS_INITIAL)
254 delay = EVENT_RETRANSMIT_DELAY_0 << MAXIMUM_RETRANSMISSIONS;
259 whack_log(RC_RETRANSMISSION
260 , "%s: retransmission; will wait %lus for response"
261 , enum_name(&state_names, st->st_state)
262 , (unsigned long)delay);
264 /* DONT KNOW IF WE SHOULD INCLUDE THIS ONE */
265 if (((st->st_state == STATE_MAIN_I1 && st->st_connection->dnshostname != NULL)
266 || (st->st_state == STATE_AGGR_I1 && st->st_connection->dnshostname != NULL)) && st->st_retransmit > st->st_connection->retransmit_trigger) {
267 struct connection *c = st->st_connection;
269 event_schedule(EVENT_SA_EXPIRE, st->st_margin, st);
270 terminate_connections_by_peer(c);
271 initiate_connections_by_peer(c);
273 send_packet(st, "EVENT_RETRANSMIT");
274 event_schedule(EVENT_RETRANSMIT, delay, st);
279 /* check if we've tried rekeying enough times.
280 * st->st_try == 0 means that this should be the only try.
281 * c->sa_keying_tries == 0 means that there is no limit.
283 unsigned long try = st->st_try;
284 unsigned long try_limit = c->sa_keying_tries;
285 const char *details = "";
287 switch (st->st_state)
290 details = ". Possible authentication failure:"
291 " no acceptable response to our"
292 " first encrypted message";
295 details = ". No acceptable response to our"
296 " first IKE message";
299 if (c->newest_ipsec_sa == SOS_NOBODY)
300 details = ". No acceptable response to our"
301 " first Quick Mode message:"
302 " perhaps peer likes no proposal";
307 loglog(RC_NORETRANSMISSION
308 , "max number of retransmissions (%d) reached %s%s"
310 , enum_show(&state_names, st->st_state), details);
311 if (try != 0 && try != try_limit)
313 /* A lot like EVENT_SA_REPLACE, but over again.
314 * Since we know that st cannot be in use,
315 * we can delete it right away.
317 char story[80]; /* arbitrary limit */
320 snprintf(story, sizeof(story), try_limit == 0
321 ? "starting keying attempt %ld of an unlimited number"
322 : "starting keying attempt %ld of at most %ld"
325 if (st->st_whack_sock != NULL_FD)
327 /* Release whack because the observer will get bored. */
328 loglog(RC_COMMENT, "%s, but releasing whack"
330 release_pending_whacks(st, story);
334 /* no whack: just log to syslog */
337 ipsecdoi_replace(st, try);
344 case EVENT_SA_REPLACE:
346 so_serial_t newest = IS_PHASE1(st->st_state)
347 ? c->newest_isakmp_sa : c->newest_ipsec_sa;
349 if (newest != st->st_serialno
350 && newest != SOS_NOBODY)
352 /* not very interesting: no need to replace */
354 , log("not replacing stale %s SA: #%lu will do"
355 , IS_PHASE1(st->st_state)? "ISAKMP" : "IPsec"
361 , log("replacing stale %s SA"
362 , IS_PHASE1(st->st_state)? "ISAKMP" : "IPsec"));
363 ipsecdoi_replace(st, 1);
365 delete_dpd_event(st);
366 event_schedule(EVENT_SA_EXPIRE, st->st_margin, st);
370 case EVENT_SA_EXPIRE:
375 if (IS_PHASE1(st->st_state))
378 latest = c->newest_isakmp_sa;
383 latest = c->newest_ipsec_sa;
386 if (st->st_serialno != latest)
388 /* not very interesting: already superseded */
390 , log("%s SA expired (superseded by #%lu)"
395 log("%s SA expired (%s)", satype
396 , (c->policy & POLICY_DONT_REKEY)
403 case EVENT_SO_DISCARD:
404 /* Delete this state object. It must be in the hash table. */
409 case EVENT_NAT_T_KEEPALIVE:
410 nat_traversal_ka_event();
418 case EVENT_DPD_TIMEOUT:
423 loglog(RC_LOG_SERIOUS, "INTERNAL ERROR: ignoring unknown expiring event %s"
424 , enum_show(&timer_event_names, type));
432 * Return the time until the next event in the queue
433 * expires (never negative), or -1 if no jobs in queue.
440 if (evlist == (struct event *) NULL)
446 if (evlist->ev_state == NULL)
447 DBG_log("next event %s in %ld seconds"
448 , enum_show(&timer_event_names, evlist->ev_type)
449 , (long)evlist->ev_time - (long)tm);
451 DBG_log("next event %s in %ld seconds for #%lu"
452 , enum_show(&timer_event_names, evlist->ev_type)
453 , (long)evlist->ev_time - (long)tm
454 , evlist->ev_state->st_serialno));
456 if (evlist->ev_time - tm <= 0)
459 return evlist->ev_time - tm;
466 delete_event(struct state *st)
468 if (st->st_event != (struct event *) NULL)
472 for (ev = &evlist; ; ev = &(*ev)->ev_next)
476 DBG(DBG_CONTROL, DBG_log("event %s to be deleted not found",
477 enum_show(&timer_event_names, st->st_event->ev_type)));
480 if ((*ev) == st->st_event)
482 *ev = (*ev)->ev_next;
484 if (st->st_event->ev_type == EVENT_RETRANSMIT)
485 st->st_retransmit = 0;
487 st->st_event = (struct event *) NULL;
496 * Delete a DPD event.
499 delete_dpd_event(struct state *st)
501 if (st->st_dpd_event != (struct event *) NULL)
505 for (ev = &evlist; ; ev = &(*ev)->ev_next)
509 DBG(DBG_CONTROL, DBG_log("event %s to be deleted not found",
510 enum_show(&timer_event_names, st->st_dpd_event->ev_type)));
513 if ((*ev) == st->st_dpd_event)
515 *ev = (*ev)->ev_next;
516 pfree(st->st_dpd_event);
517 st->st_dpd_event = (struct event *) NULL;