Annotation of embedaddon/strongswan/src/libcharon/bus/bus.h, revision 1.1.1.2
1.1 misho 1: /*
1.1.1.2 ! misho 2: * Copyright (C) 2012-2020 Tobias Brunner
1.1 misho 3: * Copyright (C) 2006-2009 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup bus bus
19: * @{ @ingroup libcharon
20: */
21:
22: #ifndef BUS_H_
23: #define BUS_H_
24:
25: typedef enum alert_t alert_t;
26: typedef enum narrow_hook_t narrow_hook_t;
27: typedef struct bus_t bus_t;
28:
29: #include <stdarg.h>
30:
31: #include <utils/debug.h>
32: #include <sa/ike_sa.h>
33: #include <sa/child_sa.h>
34: #include <processing/jobs/job.h>
35: #include <bus/listeners/logger.h>
36: #include <bus/listeners/listener.h>
37:
38: /* undefine the definitions from libstrongswan */
39: #undef DBG0
40: #undef DBG1
41: #undef DBG2
42: #undef DBG3
43: #undef DBG4
44:
45: #ifndef DEBUG_LEVEL
46: # define DEBUG_LEVEL 4
47: #endif /* DEBUG_LEVEL */
48:
49: #if DEBUG_LEVEL >= 0
50: #define DBG0(group, format, ...) charon->bus->log(charon->bus, group, 0, format, ##__VA_ARGS__)
51: #endif /* DEBUG_LEVEL >= 0 */
52: #if DEBUG_LEVEL >= 1
53: #define DBG1(group, format, ...) charon->bus->log(charon->bus, group, 1, format, ##__VA_ARGS__)
54: #endif /* DEBUG_LEVEL >= 1 */
55: #if DEBUG_LEVEL >= 2
56: #define DBG2(group, format, ...) charon->bus->log(charon->bus, group, 2, format, ##__VA_ARGS__)
57: #endif /* DEBUG_LEVEL >= 2 */
58: #if DEBUG_LEVEL >= 3
59: #define DBG3(group, format, ...) charon->bus->log(charon->bus, group, 3, format, ##__VA_ARGS__)
60: #endif /* DEBUG_LEVEL >= 3 */
61: #if DEBUG_LEVEL >= 4
62: #define DBG4(group, format, ...) charon->bus->log(charon->bus, group, 4, format, ##__VA_ARGS__)
63: #endif /* DEBUG_LEVEL >= 4 */
64:
65: #ifndef DBG0
66: # define DBG0(...) {}
67: #endif /* DBG0 */
68: #ifndef DBG1
69: # define DBG1(...) {}
70: #endif /* DBG1 */
71: #ifndef DBG2
72: # define DBG2(...) {}
73: #endif /* DBG2 */
74: #ifndef DBG3
75: # define DBG3(...) {}
76: #endif /* DBG3 */
77: #ifndef DBG4
78: # define DBG4(...) {}
79: #endif /* DBG4 */
80:
81: /**
82: * Kind of alerts to raise.
83: */
84: enum alert_t {
85: /** a RADIUS server did not respond, no additional arguments */
86: ALERT_RADIUS_NOT_RESPONDING,
87: /** a shutdown signal has been received, argument is the signal (int) */
88: ALERT_SHUTDOWN_SIGNAL,
89: /** local peer authentication failed (by us or by peer), no arguments */
90: ALERT_LOCAL_AUTH_FAILED,
91: /** peer authentication failed, no arguments */
92: ALERT_PEER_AUTH_FAILED,
93: /** failed to resolve peer address, no arguments */
94: ALERT_PEER_ADDR_FAILED,
95: /** peer did not respond to initial message, current try (int, 0-based) */
96: ALERT_PEER_INIT_UNREACHABLE,
97: /** received IKE message with invalid SPI, argument is message_t* */
98: ALERT_INVALID_IKE_SPI,
99: /** received IKE message with invalid header, argument is message_t* */
100: ALERT_PARSE_ERROR_HEADER,
101: /** received IKE message with invalid body, argument is message_t*,
102: * followed by a status_t result returned by message_t.parse_body(). */
103: ALERT_PARSE_ERROR_BODY,
104: /** sending a retransmit for a message, arguments are packet_t and number
105: * of the retransmit, if the message got fragmented only the first fragment
106: * is passed */
107: ALERT_RETRANSMIT_SEND,
108: /** received response for retransmitted request, argument is packet_t, if
109: * the message got fragmented only the first fragment is passed */
110: ALERT_RETRANSMIT_SEND_CLEARED,
111: /** sending retransmits timed out, argument is packet_t, if available and if
112: * the message got fragmented only the first fragment is passed */
113: ALERT_RETRANSMIT_SEND_TIMEOUT,
114: /** received a retransmit for a message, argument is message_t */
115: ALERT_RETRANSMIT_RECEIVE,
116: /** received half-open timeout before IKE_SA established, no argument */
117: ALERT_HALF_OPEN_TIMEOUT,
118: /** IKE proposals do not match, argument is linked_list_t of proposal_t */
119: ALERT_PROPOSAL_MISMATCH_IKE,
120: /** CHILD proposals do not match, argument is linked_list_t of proposal_t */
121: ALERT_PROPOSAL_MISMATCH_CHILD,
122: /** traffic selectors do not match, arguments are two linked_list_t
123: * containing traffic_selector_t for initiator and for responder */
124: ALERT_TS_MISMATCH,
125: /** traffic selectors have been narrowed by the peer, arguments are
126: * an int (TRUE for local TS), a linked_list_t* (final TS list), and the
127: * child_cfg_t*. */
128: ALERT_TS_NARROWED,
129: /** Installation of IPsec SAs failed, argument is child_sa_t */
130: ALERT_INSTALL_CHILD_SA_FAILED,
131: /** Installation of IPsec Policy failed, argument is child_sa_t */
132: ALERT_INSTALL_CHILD_POLICY_FAILED,
133: /** IKE_SA deleted because of "replace" unique policy, no argument */
134: ALERT_UNIQUE_REPLACE,
135: /** IKE_SA deleted because of "keep" unique policy, no argument */
136: ALERT_UNIQUE_KEEP,
137: /** IKE_SA kept on failed child SA establishment, argument is an int (!=0 if
138: * first child SA) */
139: ALERT_KEEP_ON_CHILD_SA_FAILURE,
140: /** allocating virtual IP failed, linked_list_t of host_t requested */
141: ALERT_VIP_FAILURE,
142: /** an authorize() hook failed, no argument */
143: ALERT_AUTHORIZATION_FAILED,
144: /** IKE_SA hit the hard lifetime limit before it could be rekeyed */
145: ALERT_IKE_SA_EXPIRED,
146: /** Certificate rejected; it has expired, certificate_t */
147: ALERT_CERT_EXPIRED,
148: /** Certificate rejected; it has been revoked, certificate_t */
149: ALERT_CERT_REVOKED,
150: /** Validating certificate status failed, certificate_t */
151: ALERT_CERT_VALIDATION_FAILED,
152: /** Certificate rejected; no trusted issuer found, certificate_t */
153: ALERT_CERT_NO_ISSUER,
154: /** Certificate rejected; root not trusted, certificate_t */
155: ALERT_CERT_UNTRUSTED_ROOT,
156: /** Certificate rejected; trustchain length exceeds limit, certificate_t */
157: ALERT_CERT_EXCEEDED_PATH_LEN,
158: /** Certificate rejected; other policy violation, certificate_t */
159: ALERT_CERT_POLICY_VIOLATION,
160: };
161:
162: /**
163: * Kind of narrow hook.
164: *
165: * There is a non-authenticated (IKE_AUTH) and a authenticated
166: * (CREATE_CHILD_SA) narrowing hook for the initiator. Only one of these
167: * hooks is invoked before the exchange.
168: * To verify the traffic selectors negotiated, each PRE hook has a POST
169: * counterpart that follows. POST hooks are invoked with an authenticated peer.
170: * It is usually not a good idea to narrow in the POST hooks,
171: * as the resulting traffic selector is not negotiated and results
172: * in non-matching policies.
173: */
174: enum narrow_hook_t {
175: /** invoked as initiator before exchange, peer is not yet authenticated */
176: NARROW_INITIATOR_PRE_NOAUTH,
177: /** invoked as initiator before exchange, peer is authenticated */
178: NARROW_INITIATOR_PRE_AUTH,
179: /** invoked as responder during exchange, peer is authenticated */
180: NARROW_RESPONDER,
181: /** invoked as responder after exchange, peer is authenticated */
182: NARROW_RESPONDER_POST,
183: /** invoked as initiator after exchange, follows a INITIATOR_PRE_NOAUTH */
184: NARROW_INITIATOR_POST_NOAUTH,
185: /** invoked as initiator after exchange, follows a INITIATOR_PRE_AUTH */
186: NARROW_INITIATOR_POST_AUTH,
187: };
188:
189: /**
190: * The bus receives events and sends them to all registered listeners.
191: *
192: * Loggers are handled separately.
193: */
194: struct bus_t {
195:
196: /**
197: * Register a listener to the bus.
198: *
199: * A registered listener receives all events which are sent to the bus.
200: * The listener is passive; the thread which emitted the event
201: * processes the listener routine.
202: *
203: * @param listener listener to register.
204: */
205: void (*add_listener) (bus_t *this, listener_t *listener);
206:
207: /**
208: * Unregister a listener from the bus.
209: *
210: * @param listener listener to unregister.
211: */
212: void (*remove_listener) (bus_t *this, listener_t *listener);
213:
214: /**
215: * Register a logger with the bus.
216: *
217: * The logger is passive; the thread which emitted the event
218: * processes the logger routine. This routine may be called concurrently
219: * by multiple threads. Recursive calls are not prevented, so logger that
220: * may cause recursive calls are responsible to avoid infinite loops.
221: *
222: * During registration get_level() is called for all log groups and the
223: * logger is registered to receive log messages for groups for which
224: * the requested log level is > LEVEL_SILENT and whose level is lower
225: * or equal than the requested level.
226: *
227: * To update the registered log levels call add_logger again with the
228: * same logger and return the new levels from get_level().
229: *
230: * @param logger logger to register.
231: */
232: void (*add_logger) (bus_t *this, logger_t *logger);
233:
234: /**
235: * Unregister a logger from the bus.
236: *
237: * @param logger logger to unregister.
238: */
239: void (*remove_logger) (bus_t *this, logger_t *logger);
240:
241: /**
242: * Set the IKE_SA the calling thread is using.
243: *
244: * To associate a received log message with an IKE_SA without passing it as
245: * parameter each time, the thread registers the currently used IKE_SA
246: * during check-out. Before check-in, the thread unregisters the IKE_SA.
247: * This IKE_SA is stored per-thread, so each thread has its own IKE_SA
248: * registered.
249: *
250: * @param ike_sa ike_sa to register, or NULL to unregister
251: */
252: void (*set_sa) (bus_t *this, ike_sa_t *ike_sa);
253:
254: /**
255: * Get the IKE_SA the calling thread is currently using.
256: *
257: * If a thread currently does not know what IKE_SA it is processing,
258: * it can call get_sa() to look up the SA set during checkout via set_sa().
259: *
260: * @return registered ike_sa, NULL if none registered
261: */
262: ike_sa_t* (*get_sa)(bus_t *this);
263:
264: /**
265: * Send a log message to the bus.
266: *
267: * The format string specifies an additional informational or error
268: * message with a printf() like variable argument list.
269: * Use the DBG() macros.
270: *
271: * @param group debugging group
272: * @param level verbosity level of the signal
273: * @param format printf() style format string
274: * @param ... printf() style argument list
275: */
276: void (*log)(bus_t *this, debug_t group, level_t level, char* format, ...);
277:
278: /**
279: * Send a log message to the bus using va_list arguments.
280: *
281: * Same as bus_t.log(), but uses va_list argument list.
282: *
283: * @param group kind of the signal (up, down, rekeyed, ...)
284: * @param level verbosity level of the signal
285: * @param format printf() style format string
286: * @param args va_list arguments
287: */
288: void (*vlog)(bus_t *this, debug_t group, level_t level,
289: char* format, va_list args);
290:
291: /**
292: * Raise an alert over the bus.
293: *
294: * @param alert kind of alert
295: * @param ... alert specific arguments
296: */
297: void (*alert)(bus_t *this, alert_t alert, ...);
298:
299: /**
300: * Send a IKE_SA state change event to the bus.
301: *
302: * @param ike_sa IKE_SA which changes its state
303: * @param state new state IKE_SA changes to
304: */
305: void (*ike_state_change)(bus_t *this, ike_sa_t *ike_sa,
306: ike_sa_state_t state);
307: /**
308: * Send a CHILD_SA state change event to the bus.
309: *
310: * @param child_sa CHILD_SA which changes its state
311: * @param state new state CHILD_SA changes to
312: */
313: void (*child_state_change)(bus_t *this, child_sa_t *child_sa,
314: child_sa_state_t state);
315: /**
316: * Message send/receive hook.
317: *
318: * The hook is invoked twice for each message: Once with plain, parsed data
319: * and once encoded and encrypted.
320: *
321: * @param message message to send/receive
322: * @param incoming TRUE for incoming messages, FALSE for outgoing
323: * @param plain TRUE if message is parsed and decrypted, FALSE it not
324: */
325: void (*message)(bus_t *this, message_t *message, bool incoming, bool plain);
326:
327: /**
328: * IKE_SA authorization hook.
329: *
330: * @param final TRUE if this is the final invocation
331: * @return TRUE to establish IKE_SA, FALSE to send AUTH_FAILED
332: */
333: bool (*authorize)(bus_t *this, bool final);
334:
335: /**
336: * CHILD_SA traffic selector narrowing hook.
337: *
338: * @param child_sa CHILD_SA set up with these traffic selectors
339: * @param type type of hook getting invoked
340: * @param local list of local traffic selectors to narrow
341: * @param remote list of remote traffic selectors to narrow
342: */
343: void (*narrow)(bus_t *this, child_sa_t *child_sa, narrow_hook_t type,
344: linked_list_t *local, linked_list_t *remote);
345:
346: /**
347: * IKE_SA keymat hook.
348: *
349: * @param ike_sa IKE_SA this keymat belongs to
350: * @param dh diffie hellman shared secret
351: * @param dh_other others DH public value (IKEv1 only)
352: * @param nonce_i initiator's nonce
353: * @param nonce_r responder's nonce
354: * @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
355: * @param shared shared key used for key derivation (IKEv1-PSK only)
356: * @param method auth method for key derivation (IKEv1-non-PSK only)
357: */
358: void (*ike_keys)(bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
359: chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
360: ike_sa_t *rekey, shared_key_t *shared,
361: auth_method_t method);
362:
363: /**
364: * IKE_SA derived keys hook.
365: *
366: * @param sk_ei SK_ei, or Ka for IKEv1
367: * @param sk_er SK_er
368: * @param sk_ai SK_ai, or SKEYID_a for IKEv1
369: * @param sk_ar SK_ar
370: */
371: void (*ike_derived_keys)(bus_t *this, chunk_t sk_ei, chunk_t sk_er,
372: chunk_t sk_ai, chunk_t sk_ar);
373:
374: /**
375: * CHILD_SA keymat hook.
376: *
377: * @param child_sa CHILD_SA this keymat is used for
378: * @param initiator initiator of the CREATE_CHILD_SA exchange
379: * @param dh diffie hellman shared secret
380: * @param nonce_i initiator's nonce
381: * @param nonce_r responder's nonce
382: */
383: void (*child_keys)(bus_t *this, child_sa_t *child_sa, bool initiator,
384: diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r);
385:
386: /**
387: * CHILD_SA derived keys hook.
388: *
389: * @param child_sa CHILD_SA these keys are used for
390: * @param initiator initiator of the CREATE_CHILD_SA exchange
391: * @param encr_i initiator's encryption key
392: * @param encr_o responder's encryption key
393: * @param integ_i initiator's integrity key
394: * @param integ_r responder's integrity key
395: */
396: void (*child_derived_keys)(bus_t *this, child_sa_t *child_sa,
397: bool initiator, chunk_t encr_i, chunk_t encr_r,
398: chunk_t integ_i, chunk_t integ_r);
399:
400: /**
401: * IKE_SA up/down hook.
402: *
403: * @param ike_sa IKE_SA coming up/going down
404: * @param up TRUE for an up event, FALSE for a down event
405: */
406: void (*ike_updown)(bus_t *this, ike_sa_t *ike_sa, bool up);
407:
408: /**
409: * IKE_SA rekeying hook.
410: *
411: * @param old rekeyed and obsolete IKE_SA
412: * @param new new IKE_SA replacing old
413: */
414: void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
415:
416: /**
417: * IKE_SA peer endpoint update hook.
418: *
419: * @param ike_sa updated IKE_SA, having old endpoints set
1.1.1.2 ! misho 420: * @param local new/current local endpoint address and port
! 421: * @param remote new/current remote endpoint address and port
1.1 misho 422: */
1.1.1.2 ! misho 423: void (*ike_update)(bus_t *this, ike_sa_t *ike_sa, host_t *local,
! 424: host_t *remote);
1.1 misho 425:
426: /**
427: * IKE_SA reestablishing hook (before resolving hosts).
428: *
429: * @param old reestablished and obsolete IKE_SA
430: * @param new new IKE_SA replacing old
431: */
432: void (*ike_reestablish_pre)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
433:
434: /**
435: * IKE_SA reestablishing hook (after configuring and initiating the new
436: * IKE_SA).
437: *
438: * @param old reestablished and obsolete IKE_SA
439: * @param new new IKE_SA replacing old
440: * @param initiated TRUE if initiated successfully, FALSE otherwise
441: */
442: void (*ike_reestablish_post)(bus_t *this, ike_sa_t *old, ike_sa_t *new,
443: bool initiated);
444:
445: /**
446: * CHILD_SA up/down hook.
447: *
448: * @param child_sa CHILD_SA coming up/going down
449: * @param up TRUE for an up event, FALSE for a down event
450: */
451: void (*child_updown)(bus_t *this, child_sa_t *child_sa, bool up);
452:
453: /**
454: * CHILD_SA rekeying hook.
455: *
456: * @param old rekeyed and obsolete CHILD_SA
457: * @param new new CHILD_SA replacing old
458: */
459: void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new);
460:
461: /**
462: * CHILD_SA migration hook.
463: *
464: * @param new ID of new SA when called for the old, NULL otherwise
465: * @param unique unique ID of new SA when called for the old, 0 otherwise
466: */
467: void (*children_migrate)(bus_t *this, ike_sa_id_t *new, uint32_t unique);
468:
469: /**
470: * Virtual IP assignment hook.
471: *
472: * @param ike_sa IKE_SA the VIPs are assigned to
473: * @param assign TRUE if assigned to IKE_SA, FALSE if released
474: */
475: void (*assign_vips)(bus_t *this, ike_sa_t *ike_sa, bool assign);
476:
477: /**
478: * Virtual IP handler hook.
479: *
480: * @param ike_sa IKE_SA the VIPs/attributes got handled on
481: * @param assign TRUE after installing attributes, FALSE on release
482: */
483: void (*handle_vips)(bus_t *this, ike_sa_t *ike_sa, bool handle);
484:
485: /**
486: * Destroy the event bus.
487: */
488: void (*destroy) (bus_t *this);
489: };
490:
491: /**
492: * Create the event bus which forwards events to its listeners.
493: *
494: * @return event bus instance
495: */
496: bus_t *bus_create();
497:
498: #endif /** BUS_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bus.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / bus