Annotation of embedaddon/strongswan/src/libcharon/bus/listeners/listener.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2011-2016 Tobias Brunner
! 3: * Copyright (C) 2009 Martin Willi
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: /**
! 18: * @defgroup listener listener
! 19: * @{ @ingroup listeners
! 20: */
! 21:
! 22: #ifndef LISTENER_H_
! 23: #define LISTENER_H_
! 24:
! 25: typedef struct listener_t listener_t;
! 26:
! 27: #include <bus/bus.h>
! 28:
! 29: /**
! 30: * Listener interface, listens to events if registered to the bus.
! 31: */
! 32: struct listener_t {
! 33:
! 34: /**
! 35: * Hook called if a critical alert is raised.
! 36: *
! 37: * @param ike_sa IKE_SA associated to the alert, if any
! 38: * @param alert kind of alert
! 39: * @param ... alert specific argument list
! 40: * @return TRUE to stay registered, FALSE to unregister
! 41: */
! 42: bool (*alert)(listener_t *this, ike_sa_t *ike_sa,
! 43: alert_t alert, va_list args);
! 44:
! 45: /**
! 46: * Handle state changes in an IKE_SA.
! 47: *
! 48: * @param ike_sa IKE_SA which changes its state
! 49: * @param state new IKE_SA state this IKE_SA changes to
! 50: * @return TRUE to stay registered, FALSE to unregister
! 51: */
! 52: bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa,
! 53: ike_sa_state_t state);
! 54:
! 55: /**
! 56: * Handle state changes in a CHILD_SA.
! 57: *
! 58: * @param ike_sa IKE_SA containing the affected CHILD_SA
! 59: * @param child_sa CHILD_SA which changes its state
! 60: * @param state new CHILD_SA state this CHILD_SA changes to
! 61: * @return TRUE to stay registered, FALSE to unregister
! 62: */
! 63: bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa,
! 64: child_sa_t *child_sa, child_sa_state_t state);
! 65:
! 66: /**
! 67: * Hook called for received/sent messages of an IKE_SA.
! 68: *
! 69: * The hook is invoked twice for each message: Once with plain, parsed data
! 70: * and once encoded and encrypted.
! 71: *
! 72: * @param ike_sa IKE_SA sending/receiving a message
! 73: * @param message message object
! 74: * @param incoming TRUE for incoming messages, FALSE for outgoing
! 75: * @param plain TRUE if message is parsed and decrypted, FALSE it not
! 76: * @return TRUE to stay registered, FALSE to unregister
! 77: */
! 78: bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message,
! 79: bool incoming, bool plain);
! 80:
! 81: /**
! 82: * Hook called with IKE_SA key material.
! 83: *
! 84: * @param ike_sa IKE_SA this keymat belongs to
! 85: * @param dh diffie hellman shared secret
! 86: * @param dh_other others DH public value (IKEv1 only)
! 87: * @param nonce_i initiator's nonce
! 88: * @param nonce_r responder's nonce
! 89: * @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
! 90: * @param shared shared key used for key derivation (IKEv1-PSK only)
! 91: * @param method auth method for key derivation (IKEv1-non-PSK only)
! 92: * @return TRUE to stay registered, FALSE to unregister
! 93: */
! 94: bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
! 95: chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
! 96: ike_sa_t *rekey, shared_key_t *shared,
! 97: auth_method_t method);
! 98:
! 99: /**
! 100: * Hook called with derived IKE_SA keys.
! 101: *
! 102: * @param ike_sa IKE_SA these keys belong to
! 103: * @param sk_ei SK_ei, or Ka for IKEv1
! 104: * @param sk_er SK_er
! 105: * @param sk_ai SK_ai, or SKEYID_a for IKEv1
! 106: * @param sk_ar SK_ar
! 107: */
! 108: bool (*ike_derived_keys)(listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei,
! 109: chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar);
! 110:
! 111: /**
! 112: * Hook called with CHILD_SA key material.
! 113: *
! 114: * @param ike_sa IKE_SA the child sa belongs to
! 115: * @param child_sa CHILD_SA this keymat is used for
! 116: * @param initiator initiator of the CREATE_CHILD_SA exchange
! 117: * @param dh diffie hellman shared secret
! 118: * @param nonce_i initiator's nonce
! 119: * @param nonce_r responder's nonce
! 120: * @return TRUE to stay registered, FALSE to unregister
! 121: */
! 122: bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
! 123: bool initiator, diffie_hellman_t *dh,
! 124: chunk_t nonce_i, chunk_t nonce_r);
! 125:
! 126: /**
! 127: * Hook called with derived CHILD_SA keys.
! 128: *
! 129: * @param ike_sa IKE_SA the child sa belongs to
! 130: * @param child_sa CHILD_SA these keys are used for
! 131: * @param initiator initiator of the CREATE_CHILD_SA exchange
! 132: * @param encr_i initiator's encryption key
! 133: * @param encr_o responder's encryption key
! 134: * @param integ_i initiator's integrity key
! 135: * @param integ_r responder's integrity key
! 136: */
! 137: bool (*child_derived_keys)(listener_t *this, ike_sa_t *ike_sa,
! 138: child_sa_t *child_sa, bool initiator,
! 139: chunk_t encr_i, chunk_t encr_r,
! 140: chunk_t integ_i, chunk_t integ_r);
! 141:
! 142: /**
! 143: * Hook called if an IKE_SA gets up or down.
! 144: *
! 145: * @param ike_sa IKE_SA coming up/going down
! 146: * @param up TRUE for an up event, FALSE for a down event
! 147: * @return TRUE to stay registered, FALSE to unregister
! 148: */
! 149: bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up);
! 150:
! 151: /**
! 152: * Hook called when an IKE_SA gets rekeyed.
! 153: *
! 154: * @param old rekeyed IKE_SA getting obsolete
! 155: * @param new new IKE_SA replacing old
! 156: * @return TRUE to stay registered, FALSE to unregister
! 157: */
! 158: bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
! 159:
! 160: /**
! 161: * Hook called for IKE_SA peer endpoint updates.
! 162: *
! 163: * @param ike_sa updated IKE_SA, having old endpoints set
! 164: * @param local TRUE if local endpoint gets updated, FALSE for remote
! 165: * @param new new endpoint address and port
! 166: * @return TRUE to stay registered, FALSE to unregister
! 167: */
! 168: bool (*ike_update)(listener_t *this, ike_sa_t *ike_sa,
! 169: bool local, host_t *new);
! 170:
! 171: /**
! 172: * Hook called when an initiator reestablishes an IKE_SA.
! 173: *
! 174: * This is invoked right after creating the new IKE_SA and setting the
! 175: * peer_cfg (and the old hosts), but before resolving the hosts anew.
! 176: * It is not invoked on the responder.
! 177: *
! 178: * @param old IKE_SA getting reestablished (is destroyed)
! 179: * @param new new IKE_SA replacing old (gets established)
! 180: * @return TRUE to stay registered, FALSE to unregister
! 181: */
! 182: bool (*ike_reestablish_pre)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
! 183:
! 184: /**
! 185: * Hook called when an initiator reestablishes an IKE_SA.
! 186: *
! 187: * This is invoked right before the new IKE_SA is checked in after
! 188: * initiating it. It is not invoked on the responder.
! 189: *
! 190: * @param old IKE_SA getting reestablished (is destroyed)
! 191: * @param new new IKE_SA replacing old (gets established)
! 192: * @param initiated TRUE if initiation was successful, FALSE otherwise
! 193: * @return TRUE to stay registered, FALSE to unregister
! 194: */
! 195: bool (*ike_reestablish_post)(listener_t *this, ike_sa_t *old,
! 196: ike_sa_t *new, bool initiated);
! 197:
! 198: /**
! 199: * Hook called when a CHILD_SA gets up or down.
! 200: *
! 201: * @param ike_sa IKE_SA containing the handled CHILD_SA
! 202: * @param child_sa CHILD_SA coming up/going down
! 203: * @param up TRUE for an up event, FALSE for a down event
! 204: * @return TRUE to stay registered, FALSE to unregister
! 205: */
! 206: bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa,
! 207: child_sa_t *child_sa, bool up);
! 208:
! 209: /**
! 210: * Hook called when an CHILD_SA gets rekeyed.
! 211: *
! 212: * @param ike_sa IKE_SA containing the rekeyed CHILD_SA
! 213: * @param old rekeyed CHILD_SA getting obsolete
! 214: * @param new new CHILD_SA replacing old
! 215: * @return TRUE to stay registered, FALSE to unregister
! 216: */
! 217: bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa,
! 218: child_sa_t *old, child_sa_t *new);
! 219:
! 220: /**
! 221: * Hook called when CHILD_SAs get migrated from one IKE_SA to another during
! 222: * IKEv1 reauthentication.
! 223: *
! 224: * This is called twice, once for the old IKE_SA before the CHILD_SAs are
! 225: * removed, and once for the new IKE_SA just after they got added.
! 226: *
! 227: * @param ike_sa new or old IKE_SA
! 228: * @param new ID of new SA when called for the old, NULL otherwise
! 229: * @param unique unique ID of new SA when called for the old, 0 otherwise
! 230: * @return TRUE to stay registered, FALSE to unregister
! 231: */
! 232: bool (*children_migrate)(listener_t *this, ike_sa_t *ike_sa,
! 233: ike_sa_id_t *new, uint32_t unique);
! 234:
! 235: /**
! 236: * Hook called to invoke additional authorization rules.
! 237: *
! 238: * An authorization hook gets invoked several times: After each
! 239: * authentication round, the hook gets invoked with with final = FALSE.
! 240: * After authentication is complete and the peer configuration is selected,
! 241: * it is invoked again, but with final = TRUE.
! 242: *
! 243: * @param ike_sa IKE_SA to authorize
! 244: * @param final TRUE if this is the final hook invocation
! 245: * @param success set to TRUE to complete IKE_SA, FALSE abort
! 246: * @return TRUE to stay registered, FALSE to unregister
! 247: */
! 248: bool (*authorize)(listener_t *this, ike_sa_t *ike_sa,
! 249: bool final, bool *success);
! 250:
! 251: /**
! 252: * CHILD_SA traffic selector narrowing hook.
! 253: *
! 254: * This hook is invoked for each CHILD_SA and allows plugins to modify
! 255: * the traffic selector list negotiated for this CHILD_SA.
! 256: *
! 257: * @param ike_sa IKE_SA the created CHILD_SA is created in
! 258: * @param child_sa CHILD_SA set up with these traffic selectors
! 259: * @param type type of hook getting invoked
! 260: * @param local list of local traffic selectors to narrow
! 261: * @param remote list of remote traffic selectors to narrow
! 262: */
! 263: bool (*narrow)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
! 264: narrow_hook_t type, linked_list_t *local, linked_list_t *remote);
! 265:
! 266: /**
! 267: * Virtual IP address assignment hook.
! 268: *
! 269: * This hook gets invoked after virtual IPs have been assigned to a peer
! 270: * for a specific IKE_SA, and again before they get released.
! 271: *
! 272: * @param ike_sa IKE_SA the VIPs are assigned to
! 273: * @param assign TRUE if assigned to IKE_SA, FALSE if released
! 274: * @return TRUE to stay registered, FALSE to unregister
! 275: */
! 276: bool (*assign_vips)(listener_t *this, ike_sa_t *ike_sa, bool assign);
! 277:
! 278: /**
! 279: * Virtual IP and configuration attribute handler hook.
! 280: *
! 281: * This hook gets invoked after virtual IP and other configuration
! 282: * attributes just got installed or are about to get uninstalled on a peer
! 283: * receiving them.
! 284: *
! 285: * @param ike_sa IKE_SA the VIPs/attributes are handled on
! 286: * @param handle TRUE if handled by IKE_SA, FALSE on release
! 287: * @return TRUE to stay registered, FALSE to unregister
! 288: */
! 289: bool (*handle_vips)(listener_t *this, ike_sa_t *ike_sa, bool handle);
! 290: };
! 291:
! 292: #endif /** LISTENER_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>