Annotation of embedaddon/strongswan/src/libcharon/bus/bus.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2012-2016 Tobias Brunner
! 3: * Copyright (C) 2006-2009 Martin Willi
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: /**
! 18: * @defgroup bus bus
! 19: * @{ @ingroup libcharon
! 20: */
! 21:
! 22: #ifndef BUS_H_
! 23: #define BUS_H_
! 24:
! 25: typedef enum alert_t alert_t;
! 26: typedef enum narrow_hook_t narrow_hook_t;
! 27: typedef struct bus_t bus_t;
! 28:
! 29: #include <stdarg.h>
! 30:
! 31: #include <utils/debug.h>
! 32: #include <sa/ike_sa.h>
! 33: #include <sa/child_sa.h>
! 34: #include <processing/jobs/job.h>
! 35: #include <bus/listeners/logger.h>
! 36: #include <bus/listeners/listener.h>
! 37:
! 38: /* undefine the definitions from libstrongswan */
! 39: #undef DBG0
! 40: #undef DBG1
! 41: #undef DBG2
! 42: #undef DBG3
! 43: #undef DBG4
! 44:
! 45: #ifndef DEBUG_LEVEL
! 46: # define DEBUG_LEVEL 4
! 47: #endif /* DEBUG_LEVEL */
! 48:
! 49: #if DEBUG_LEVEL >= 0
! 50: #define DBG0(group, format, ...) charon->bus->log(charon->bus, group, 0, format, ##__VA_ARGS__)
! 51: #endif /* DEBUG_LEVEL >= 0 */
! 52: #if DEBUG_LEVEL >= 1
! 53: #define DBG1(group, format, ...) charon->bus->log(charon->bus, group, 1, format, ##__VA_ARGS__)
! 54: #endif /* DEBUG_LEVEL >= 1 */
! 55: #if DEBUG_LEVEL >= 2
! 56: #define DBG2(group, format, ...) charon->bus->log(charon->bus, group, 2, format, ##__VA_ARGS__)
! 57: #endif /* DEBUG_LEVEL >= 2 */
! 58: #if DEBUG_LEVEL >= 3
! 59: #define DBG3(group, format, ...) charon->bus->log(charon->bus, group, 3, format, ##__VA_ARGS__)
! 60: #endif /* DEBUG_LEVEL >= 3 */
! 61: #if DEBUG_LEVEL >= 4
! 62: #define DBG4(group, format, ...) charon->bus->log(charon->bus, group, 4, format, ##__VA_ARGS__)
! 63: #endif /* DEBUG_LEVEL >= 4 */
! 64:
! 65: #ifndef DBG0
! 66: # define DBG0(...) {}
! 67: #endif /* DBG0 */
! 68: #ifndef DBG1
! 69: # define DBG1(...) {}
! 70: #endif /* DBG1 */
! 71: #ifndef DBG2
! 72: # define DBG2(...) {}
! 73: #endif /* DBG2 */
! 74: #ifndef DBG3
! 75: # define DBG3(...) {}
! 76: #endif /* DBG3 */
! 77: #ifndef DBG4
! 78: # define DBG4(...) {}
! 79: #endif /* DBG4 */
! 80:
! 81: /**
! 82: * Kind of alerts to raise.
! 83: */
! 84: enum alert_t {
! 85: /** a RADIUS server did not respond, no additional arguments */
! 86: ALERT_RADIUS_NOT_RESPONDING,
! 87: /** a shutdown signal has been received, argument is the signal (int) */
! 88: ALERT_SHUTDOWN_SIGNAL,
! 89: /** local peer authentication failed (by us or by peer), no arguments */
! 90: ALERT_LOCAL_AUTH_FAILED,
! 91: /** peer authentication failed, no arguments */
! 92: ALERT_PEER_AUTH_FAILED,
! 93: /** failed to resolve peer address, no arguments */
! 94: ALERT_PEER_ADDR_FAILED,
! 95: /** peer did not respond to initial message, current try (int, 0-based) */
! 96: ALERT_PEER_INIT_UNREACHABLE,
! 97: /** received IKE message with invalid SPI, argument is message_t* */
! 98: ALERT_INVALID_IKE_SPI,
! 99: /** received IKE message with invalid header, argument is message_t* */
! 100: ALERT_PARSE_ERROR_HEADER,
! 101: /** received IKE message with invalid body, argument is message_t*,
! 102: * followed by a status_t result returned by message_t.parse_body(). */
! 103: ALERT_PARSE_ERROR_BODY,
! 104: /** sending a retransmit for a message, arguments are packet_t and number
! 105: * of the retransmit, if the message got fragmented only the first fragment
! 106: * is passed */
! 107: ALERT_RETRANSMIT_SEND,
! 108: /** received response for retransmitted request, argument is packet_t, if
! 109: * the message got fragmented only the first fragment is passed */
! 110: ALERT_RETRANSMIT_SEND_CLEARED,
! 111: /** sending retransmits timed out, argument is packet_t, if available and if
! 112: * the message got fragmented only the first fragment is passed */
! 113: ALERT_RETRANSMIT_SEND_TIMEOUT,
! 114: /** received a retransmit for a message, argument is message_t */
! 115: ALERT_RETRANSMIT_RECEIVE,
! 116: /** received half-open timeout before IKE_SA established, no argument */
! 117: ALERT_HALF_OPEN_TIMEOUT,
! 118: /** IKE proposals do not match, argument is linked_list_t of proposal_t */
! 119: ALERT_PROPOSAL_MISMATCH_IKE,
! 120: /** CHILD proposals do not match, argument is linked_list_t of proposal_t */
! 121: ALERT_PROPOSAL_MISMATCH_CHILD,
! 122: /** traffic selectors do not match, arguments are two linked_list_t
! 123: * containing traffic_selector_t for initiator and for responder */
! 124: ALERT_TS_MISMATCH,
! 125: /** traffic selectors have been narrowed by the peer, arguments are
! 126: * an int (TRUE for local TS), a linked_list_t* (final TS list), and the
! 127: * child_cfg_t*. */
! 128: ALERT_TS_NARROWED,
! 129: /** Installation of IPsec SAs failed, argument is child_sa_t */
! 130: ALERT_INSTALL_CHILD_SA_FAILED,
! 131: /** Installation of IPsec Policy failed, argument is child_sa_t */
! 132: ALERT_INSTALL_CHILD_POLICY_FAILED,
! 133: /** IKE_SA deleted because of "replace" unique policy, no argument */
! 134: ALERT_UNIQUE_REPLACE,
! 135: /** IKE_SA deleted because of "keep" unique policy, no argument */
! 136: ALERT_UNIQUE_KEEP,
! 137: /** IKE_SA kept on failed child SA establishment, argument is an int (!=0 if
! 138: * first child SA) */
! 139: ALERT_KEEP_ON_CHILD_SA_FAILURE,
! 140: /** allocating virtual IP failed, linked_list_t of host_t requested */
! 141: ALERT_VIP_FAILURE,
! 142: /** an authorize() hook failed, no argument */
! 143: ALERT_AUTHORIZATION_FAILED,
! 144: /** IKE_SA hit the hard lifetime limit before it could be rekeyed */
! 145: ALERT_IKE_SA_EXPIRED,
! 146: /** Certificate rejected; it has expired, certificate_t */
! 147: ALERT_CERT_EXPIRED,
! 148: /** Certificate rejected; it has been revoked, certificate_t */
! 149: ALERT_CERT_REVOKED,
! 150: /** Validating certificate status failed, certificate_t */
! 151: ALERT_CERT_VALIDATION_FAILED,
! 152: /** Certificate rejected; no trusted issuer found, certificate_t */
! 153: ALERT_CERT_NO_ISSUER,
! 154: /** Certificate rejected; root not trusted, certificate_t */
! 155: ALERT_CERT_UNTRUSTED_ROOT,
! 156: /** Certificate rejected; trustchain length exceeds limit, certificate_t */
! 157: ALERT_CERT_EXCEEDED_PATH_LEN,
! 158: /** Certificate rejected; other policy violation, certificate_t */
! 159: ALERT_CERT_POLICY_VIOLATION,
! 160: };
! 161:
! 162: /**
! 163: * Kind of narrow hook.
! 164: *
! 165: * There is a non-authenticated (IKE_AUTH) and a authenticated
! 166: * (CREATE_CHILD_SA) narrowing hook for the initiator. Only one of these
! 167: * hooks is invoked before the exchange.
! 168: * To verify the traffic selectors negotiated, each PRE hook has a POST
! 169: * counterpart that follows. POST hooks are invoked with an authenticated peer.
! 170: * It is usually not a good idea to narrow in the POST hooks,
! 171: * as the resulting traffic selector is not negotiated and results
! 172: * in non-matching policies.
! 173: */
! 174: enum narrow_hook_t {
! 175: /** invoked as initiator before exchange, peer is not yet authenticated */
! 176: NARROW_INITIATOR_PRE_NOAUTH,
! 177: /** invoked as initiator before exchange, peer is authenticated */
! 178: NARROW_INITIATOR_PRE_AUTH,
! 179: /** invoked as responder during exchange, peer is authenticated */
! 180: NARROW_RESPONDER,
! 181: /** invoked as responder after exchange, peer is authenticated */
! 182: NARROW_RESPONDER_POST,
! 183: /** invoked as initiator after exchange, follows a INITIATOR_PRE_NOAUTH */
! 184: NARROW_INITIATOR_POST_NOAUTH,
! 185: /** invoked as initiator after exchange, follows a INITIATOR_PRE_AUTH */
! 186: NARROW_INITIATOR_POST_AUTH,
! 187: };
! 188:
! 189: /**
! 190: * The bus receives events and sends them to all registered listeners.
! 191: *
! 192: * Loggers are handled separately.
! 193: */
! 194: struct bus_t {
! 195:
! 196: /**
! 197: * Register a listener to the bus.
! 198: *
! 199: * A registered listener receives all events which are sent to the bus.
! 200: * The listener is passive; the thread which emitted the event
! 201: * processes the listener routine.
! 202: *
! 203: * @param listener listener to register.
! 204: */
! 205: void (*add_listener) (bus_t *this, listener_t *listener);
! 206:
! 207: /**
! 208: * Unregister a listener from the bus.
! 209: *
! 210: * @param listener listener to unregister.
! 211: */
! 212: void (*remove_listener) (bus_t *this, listener_t *listener);
! 213:
! 214: /**
! 215: * Register a logger with the bus.
! 216: *
! 217: * The logger is passive; the thread which emitted the event
! 218: * processes the logger routine. This routine may be called concurrently
! 219: * by multiple threads. Recursive calls are not prevented, so logger that
! 220: * may cause recursive calls are responsible to avoid infinite loops.
! 221: *
! 222: * During registration get_level() is called for all log groups and the
! 223: * logger is registered to receive log messages for groups for which
! 224: * the requested log level is > LEVEL_SILENT and whose level is lower
! 225: * or equal than the requested level.
! 226: *
! 227: * To update the registered log levels call add_logger again with the
! 228: * same logger and return the new levels from get_level().
! 229: *
! 230: * @param logger logger to register.
! 231: */
! 232: void (*add_logger) (bus_t *this, logger_t *logger);
! 233:
! 234: /**
! 235: * Unregister a logger from the bus.
! 236: *
! 237: * @param logger logger to unregister.
! 238: */
! 239: void (*remove_logger) (bus_t *this, logger_t *logger);
! 240:
! 241: /**
! 242: * Set the IKE_SA the calling thread is using.
! 243: *
! 244: * To associate a received log message with an IKE_SA without passing it as
! 245: * parameter each time, the thread registers the currently used IKE_SA
! 246: * during check-out. Before check-in, the thread unregisters the IKE_SA.
! 247: * This IKE_SA is stored per-thread, so each thread has its own IKE_SA
! 248: * registered.
! 249: *
! 250: * @param ike_sa ike_sa to register, or NULL to unregister
! 251: */
! 252: void (*set_sa) (bus_t *this, ike_sa_t *ike_sa);
! 253:
! 254: /**
! 255: * Get the IKE_SA the calling thread is currently using.
! 256: *
! 257: * If a thread currently does not know what IKE_SA it is processing,
! 258: * it can call get_sa() to look up the SA set during checkout via set_sa().
! 259: *
! 260: * @return registered ike_sa, NULL if none registered
! 261: */
! 262: ike_sa_t* (*get_sa)(bus_t *this);
! 263:
! 264: /**
! 265: * Send a log message to the bus.
! 266: *
! 267: * The format string specifies an additional informational or error
! 268: * message with a printf() like variable argument list.
! 269: * Use the DBG() macros.
! 270: *
! 271: * @param group debugging group
! 272: * @param level verbosity level of the signal
! 273: * @param format printf() style format string
! 274: * @param ... printf() style argument list
! 275: */
! 276: void (*log)(bus_t *this, debug_t group, level_t level, char* format, ...);
! 277:
! 278: /**
! 279: * Send a log message to the bus using va_list arguments.
! 280: *
! 281: * Same as bus_t.log(), but uses va_list argument list.
! 282: *
! 283: * @param group kind of the signal (up, down, rekeyed, ...)
! 284: * @param level verbosity level of the signal
! 285: * @param format printf() style format string
! 286: * @param args va_list arguments
! 287: */
! 288: void (*vlog)(bus_t *this, debug_t group, level_t level,
! 289: char* format, va_list args);
! 290:
! 291: /**
! 292: * Raise an alert over the bus.
! 293: *
! 294: * @param alert kind of alert
! 295: * @param ... alert specific arguments
! 296: */
! 297: void (*alert)(bus_t *this, alert_t alert, ...);
! 298:
! 299: /**
! 300: * Send a IKE_SA state change event to the bus.
! 301: *
! 302: * @param ike_sa IKE_SA which changes its state
! 303: * @param state new state IKE_SA changes to
! 304: */
! 305: void (*ike_state_change)(bus_t *this, ike_sa_t *ike_sa,
! 306: ike_sa_state_t state);
! 307: /**
! 308: * Send a CHILD_SA state change event to the bus.
! 309: *
! 310: * @param child_sa CHILD_SA which changes its state
! 311: * @param state new state CHILD_SA changes to
! 312: */
! 313: void (*child_state_change)(bus_t *this, child_sa_t *child_sa,
! 314: child_sa_state_t state);
! 315: /**
! 316: * Message send/receive hook.
! 317: *
! 318: * The hook is invoked twice for each message: Once with plain, parsed data
! 319: * and once encoded and encrypted.
! 320: *
! 321: * @param message message to send/receive
! 322: * @param incoming TRUE for incoming messages, FALSE for outgoing
! 323: * @param plain TRUE if message is parsed and decrypted, FALSE it not
! 324: */
! 325: void (*message)(bus_t *this, message_t *message, bool incoming, bool plain);
! 326:
! 327: /**
! 328: * IKE_SA authorization hook.
! 329: *
! 330: * @param final TRUE if this is the final invocation
! 331: * @return TRUE to establish IKE_SA, FALSE to send AUTH_FAILED
! 332: */
! 333: bool (*authorize)(bus_t *this, bool final);
! 334:
! 335: /**
! 336: * CHILD_SA traffic selector narrowing hook.
! 337: *
! 338: * @param child_sa CHILD_SA set up with these traffic selectors
! 339: * @param type type of hook getting invoked
! 340: * @param local list of local traffic selectors to narrow
! 341: * @param remote list of remote traffic selectors to narrow
! 342: */
! 343: void (*narrow)(bus_t *this, child_sa_t *child_sa, narrow_hook_t type,
! 344: linked_list_t *local, linked_list_t *remote);
! 345:
! 346: /**
! 347: * IKE_SA keymat hook.
! 348: *
! 349: * @param ike_sa IKE_SA this keymat belongs to
! 350: * @param dh diffie hellman shared secret
! 351: * @param dh_other others DH public value (IKEv1 only)
! 352: * @param nonce_i initiator's nonce
! 353: * @param nonce_r responder's nonce
! 354: * @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
! 355: * @param shared shared key used for key derivation (IKEv1-PSK only)
! 356: * @param method auth method for key derivation (IKEv1-non-PSK only)
! 357: */
! 358: void (*ike_keys)(bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
! 359: chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
! 360: ike_sa_t *rekey, shared_key_t *shared,
! 361: auth_method_t method);
! 362:
! 363: /**
! 364: * IKE_SA derived keys hook.
! 365: *
! 366: * @param sk_ei SK_ei, or Ka for IKEv1
! 367: * @param sk_er SK_er
! 368: * @param sk_ai SK_ai, or SKEYID_a for IKEv1
! 369: * @param sk_ar SK_ar
! 370: */
! 371: void (*ike_derived_keys)(bus_t *this, chunk_t sk_ei, chunk_t sk_er,
! 372: chunk_t sk_ai, chunk_t sk_ar);
! 373:
! 374: /**
! 375: * CHILD_SA keymat hook.
! 376: *
! 377: * @param child_sa CHILD_SA this keymat is used for
! 378: * @param initiator initiator of the CREATE_CHILD_SA exchange
! 379: * @param dh diffie hellman shared secret
! 380: * @param nonce_i initiator's nonce
! 381: * @param nonce_r responder's nonce
! 382: */
! 383: void (*child_keys)(bus_t *this, child_sa_t *child_sa, bool initiator,
! 384: diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r);
! 385:
! 386: /**
! 387: * CHILD_SA derived keys hook.
! 388: *
! 389: * @param child_sa CHILD_SA these keys are used for
! 390: * @param initiator initiator of the CREATE_CHILD_SA exchange
! 391: * @param encr_i initiator's encryption key
! 392: * @param encr_o responder's encryption key
! 393: * @param integ_i initiator's integrity key
! 394: * @param integ_r responder's integrity key
! 395: */
! 396: void (*child_derived_keys)(bus_t *this, child_sa_t *child_sa,
! 397: bool initiator, chunk_t encr_i, chunk_t encr_r,
! 398: chunk_t integ_i, chunk_t integ_r);
! 399:
! 400: /**
! 401: * IKE_SA up/down hook.
! 402: *
! 403: * @param ike_sa IKE_SA coming up/going down
! 404: * @param up TRUE for an up event, FALSE for a down event
! 405: */
! 406: void (*ike_updown)(bus_t *this, ike_sa_t *ike_sa, bool up);
! 407:
! 408: /**
! 409: * IKE_SA rekeying hook.
! 410: *
! 411: * @param old rekeyed and obsolete IKE_SA
! 412: * @param new new IKE_SA replacing old
! 413: */
! 414: void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
! 415:
! 416: /**
! 417: * IKE_SA peer endpoint update hook.
! 418: *
! 419: * @param ike_sa updated IKE_SA, having old endpoints set
! 420: * @param local TRUE if local endpoint gets updated, FALSE for remote
! 421: * @param new new endpoint address and port
! 422: */
! 423: void (*ike_update)(bus_t *this, ike_sa_t *ike_sa, bool local, host_t *new);
! 424:
! 425: /**
! 426: * IKE_SA reestablishing hook (before resolving hosts).
! 427: *
! 428: * @param old reestablished and obsolete IKE_SA
! 429: * @param new new IKE_SA replacing old
! 430: */
! 431: void (*ike_reestablish_pre)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
! 432:
! 433: /**
! 434: * IKE_SA reestablishing hook (after configuring and initiating the new
! 435: * IKE_SA).
! 436: *
! 437: * @param old reestablished and obsolete IKE_SA
! 438: * @param new new IKE_SA replacing old
! 439: * @param initiated TRUE if initiated successfully, FALSE otherwise
! 440: */
! 441: void (*ike_reestablish_post)(bus_t *this, ike_sa_t *old, ike_sa_t *new,
! 442: bool initiated);
! 443:
! 444: /**
! 445: * CHILD_SA up/down hook.
! 446: *
! 447: * @param child_sa CHILD_SA coming up/going down
! 448: * @param up TRUE for an up event, FALSE for a down event
! 449: */
! 450: void (*child_updown)(bus_t *this, child_sa_t *child_sa, bool up);
! 451:
! 452: /**
! 453: * CHILD_SA rekeying hook.
! 454: *
! 455: * @param old rekeyed and obsolete CHILD_SA
! 456: * @param new new CHILD_SA replacing old
! 457: */
! 458: void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new);
! 459:
! 460: /**
! 461: * CHILD_SA migration hook.
! 462: *
! 463: * @param new ID of new SA when called for the old, NULL otherwise
! 464: * @param unique unique ID of new SA when called for the old, 0 otherwise
! 465: */
! 466: void (*children_migrate)(bus_t *this, ike_sa_id_t *new, uint32_t unique);
! 467:
! 468: /**
! 469: * Virtual IP assignment hook.
! 470: *
! 471: * @param ike_sa IKE_SA the VIPs are assigned to
! 472: * @param assign TRUE if assigned to IKE_SA, FALSE if released
! 473: */
! 474: void (*assign_vips)(bus_t *this, ike_sa_t *ike_sa, bool assign);
! 475:
! 476: /**
! 477: * Virtual IP handler hook.
! 478: *
! 479: * @param ike_sa IKE_SA the VIPs/attributes got handled on
! 480: * @param assign TRUE after installing attributes, FALSE on release
! 481: */
! 482: void (*handle_vips)(bus_t *this, ike_sa_t *ike_sa, bool handle);
! 483:
! 484: /**
! 485: * Destroy the event bus.
! 486: */
! 487: void (*destroy) (bus_t *this);
! 488: };
! 489:
! 490: /**
! 491: * Create the event bus which forwards events to its listeners.
! 492: *
! 493: * @return event bus instance
! 494: */
! 495: bus_t *bus_create();
! 496:
! 497: #endif /** BUS_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bus.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / bus