Return to listener.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / bus / listeners |
1.1 misho 1: /* 2: * Copyright (C) 2011-2016 Tobias Brunner 3: * Copyright (C) 2009 Martin Willi 4: * HSR Hochschule fuer Technik Rapperswil 5: * 6: * This program is free software; you can redistribute it and/or modify it 7: * under the terms of the GNU General Public License as published by the 8: * Free Software Foundation; either version 2 of the License, or (at your 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 10: * 11: * This program is distributed in the hope that it will be useful, but 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14: * for more details. 15: */ 16: 17: /** 18: * @defgroup listener listener 19: * @{ @ingroup listeners 20: */ 21: 22: #ifndef LISTENER_H_ 23: #define LISTENER_H_ 24: 25: typedef struct listener_t listener_t; 26: 27: #include <bus/bus.h> 28: 29: /** 30: * Listener interface, listens to events if registered to the bus. 31: */ 32: struct listener_t { 33: 34: /** 35: * Hook called if a critical alert is raised. 36: * 37: * @param ike_sa IKE_SA associated to the alert, if any 38: * @param alert kind of alert 39: * @param ... alert specific argument list 40: * @return TRUE to stay registered, FALSE to unregister 41: */ 42: bool (*alert)(listener_t *this, ike_sa_t *ike_sa, 43: alert_t alert, va_list args); 44: 45: /** 46: * Handle state changes in an IKE_SA. 47: * 48: * @param ike_sa IKE_SA which changes its state 49: * @param state new IKE_SA state this IKE_SA changes to 50: * @return TRUE to stay registered, FALSE to unregister 51: */ 52: bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa, 53: ike_sa_state_t state); 54: 55: /** 56: * Handle state changes in a CHILD_SA. 57: * 58: * @param ike_sa IKE_SA containing the affected CHILD_SA 59: * @param child_sa CHILD_SA which changes its state 60: * @param state new CHILD_SA state this CHILD_SA changes to 61: * @return TRUE to stay registered, FALSE to unregister 62: */ 63: bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa, 64: child_sa_t *child_sa, child_sa_state_t state); 65: 66: /** 67: * Hook called for received/sent messages of an IKE_SA. 68: * 69: * The hook is invoked twice for each message: Once with plain, parsed data 70: * and once encoded and encrypted. 71: * 72: * @param ike_sa IKE_SA sending/receiving a message 73: * @param message message object 74: * @param incoming TRUE for incoming messages, FALSE for outgoing 75: * @param plain TRUE if message is parsed and decrypted, FALSE it not 76: * @return TRUE to stay registered, FALSE to unregister 77: */ 78: bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message, 79: bool incoming, bool plain); 80: 81: /** 82: * Hook called with IKE_SA key material. 83: * 84: * @param ike_sa IKE_SA this keymat belongs to 85: * @param dh diffie hellman shared secret 86: * @param dh_other others DH public value (IKEv1 only) 87: * @param nonce_i initiator's nonce 88: * @param nonce_r responder's nonce 89: * @param rekey IKE_SA we are rekeying, if any (IKEv2 only) 90: * @param shared shared key used for key derivation (IKEv1-PSK only) 91: * @param method auth method for key derivation (IKEv1-non-PSK only) 92: * @return TRUE to stay registered, FALSE to unregister 93: */ 94: bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh, 95: chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, 96: ike_sa_t *rekey, shared_key_t *shared, 97: auth_method_t method); 98: 99: /** 100: * Hook called with derived IKE_SA keys. 101: * 102: * @param ike_sa IKE_SA these keys belong to 103: * @param sk_ei SK_ei, or Ka for IKEv1 104: * @param sk_er SK_er 105: * @param sk_ai SK_ai, or SKEYID_a for IKEv1 106: * @param sk_ar SK_ar 107: */ 108: bool (*ike_derived_keys)(listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei, 109: chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar); 110: 111: /** 112: * Hook called with CHILD_SA key material. 113: * 114: * @param ike_sa IKE_SA the child sa belongs to 115: * @param child_sa CHILD_SA this keymat is used for 116: * @param initiator initiator of the CREATE_CHILD_SA exchange 117: * @param dh diffie hellman shared secret 118: * @param nonce_i initiator's nonce 119: * @param nonce_r responder's nonce 120: * @return TRUE to stay registered, FALSE to unregister 121: */ 122: bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, 123: bool initiator, diffie_hellman_t *dh, 124: chunk_t nonce_i, chunk_t nonce_r); 125: 126: /** 127: * Hook called with derived CHILD_SA keys. 128: * 129: * @param ike_sa IKE_SA the child sa belongs to 130: * @param child_sa CHILD_SA these keys are used for 131: * @param initiator initiator of the CREATE_CHILD_SA exchange 132: * @param encr_i initiator's encryption key 133: * @param encr_o responder's encryption key 134: * @param integ_i initiator's integrity key 135: * @param integ_r responder's integrity key 136: */ 137: bool (*child_derived_keys)(listener_t *this, ike_sa_t *ike_sa, 138: child_sa_t *child_sa, bool initiator, 139: chunk_t encr_i, chunk_t encr_r, 140: chunk_t integ_i, chunk_t integ_r); 141: 142: /** 143: * Hook called if an IKE_SA gets up or down. 144: * 145: * @param ike_sa IKE_SA coming up/going down 146: * @param up TRUE for an up event, FALSE for a down event 147: * @return TRUE to stay registered, FALSE to unregister 148: */ 149: bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up); 150: 151: /** 152: * Hook called when an IKE_SA gets rekeyed. 153: * 154: * @param old rekeyed IKE_SA getting obsolete 155: * @param new new IKE_SA replacing old 156: * @return TRUE to stay registered, FALSE to unregister 157: */ 158: bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new); 159: 160: /** 161: * Hook called for IKE_SA peer endpoint updates. 162: * 163: * @param ike_sa updated IKE_SA, having old endpoints set 164: * @param local TRUE if local endpoint gets updated, FALSE for remote 165: * @param new new endpoint address and port 166: * @return TRUE to stay registered, FALSE to unregister 167: */ 168: bool (*ike_update)(listener_t *this, ike_sa_t *ike_sa, 169: bool local, host_t *new); 170: 171: /** 172: * Hook called when an initiator reestablishes an IKE_SA. 173: * 174: * This is invoked right after creating the new IKE_SA and setting the 175: * peer_cfg (and the old hosts), but before resolving the hosts anew. 176: * It is not invoked on the responder. 177: * 178: * @param old IKE_SA getting reestablished (is destroyed) 179: * @param new new IKE_SA replacing old (gets established) 180: * @return TRUE to stay registered, FALSE to unregister 181: */ 182: bool (*ike_reestablish_pre)(listener_t *this, ike_sa_t *old, ike_sa_t *new); 183: 184: /** 185: * Hook called when an initiator reestablishes an IKE_SA. 186: * 187: * This is invoked right before the new IKE_SA is checked in after 188: * initiating it. It is not invoked on the responder. 189: * 190: * @param old IKE_SA getting reestablished (is destroyed) 191: * @param new new IKE_SA replacing old (gets established) 192: * @param initiated TRUE if initiation was successful, FALSE otherwise 193: * @return TRUE to stay registered, FALSE to unregister 194: */ 195: bool (*ike_reestablish_post)(listener_t *this, ike_sa_t *old, 196: ike_sa_t *new, bool initiated); 197: 198: /** 199: * Hook called when a CHILD_SA gets up or down. 200: * 201: * @param ike_sa IKE_SA containing the handled CHILD_SA 202: * @param child_sa CHILD_SA coming up/going down 203: * @param up TRUE for an up event, FALSE for a down event 204: * @return TRUE to stay registered, FALSE to unregister 205: */ 206: bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa, 207: child_sa_t *child_sa, bool up); 208: 209: /** 210: * Hook called when an CHILD_SA gets rekeyed. 211: * 212: * @param ike_sa IKE_SA containing the rekeyed CHILD_SA 213: * @param old rekeyed CHILD_SA getting obsolete 214: * @param new new CHILD_SA replacing old 215: * @return TRUE to stay registered, FALSE to unregister 216: */ 217: bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa, 218: child_sa_t *old, child_sa_t *new); 219: 220: /** 221: * Hook called when CHILD_SAs get migrated from one IKE_SA to another during 222: * IKEv1 reauthentication. 223: * 224: * This is called twice, once for the old IKE_SA before the CHILD_SAs are 225: * removed, and once for the new IKE_SA just after they got added. 226: * 227: * @param ike_sa new or old IKE_SA 228: * @param new ID of new SA when called for the old, NULL otherwise 229: * @param unique unique ID of new SA when called for the old, 0 otherwise 230: * @return TRUE to stay registered, FALSE to unregister 231: */ 232: bool (*children_migrate)(listener_t *this, ike_sa_t *ike_sa, 233: ike_sa_id_t *new, uint32_t unique); 234: 235: /** 236: * Hook called to invoke additional authorization rules. 237: * 238: * An authorization hook gets invoked several times: After each 239: * authentication round, the hook gets invoked with with final = FALSE. 240: * After authentication is complete and the peer configuration is selected, 241: * it is invoked again, but with final = TRUE. 242: * 243: * @param ike_sa IKE_SA to authorize 244: * @param final TRUE if this is the final hook invocation 245: * @param success set to TRUE to complete IKE_SA, FALSE abort 246: * @return TRUE to stay registered, FALSE to unregister 247: */ 248: bool (*authorize)(listener_t *this, ike_sa_t *ike_sa, 249: bool final, bool *success); 250: 251: /** 252: * CHILD_SA traffic selector narrowing hook. 253: * 254: * This hook is invoked for each CHILD_SA and allows plugins to modify 255: * the traffic selector list negotiated for this CHILD_SA. 256: * 257: * @param ike_sa IKE_SA the created CHILD_SA is created in 258: * @param child_sa CHILD_SA set up with these traffic selectors 259: * @param type type of hook getting invoked 260: * @param local list of local traffic selectors to narrow 261: * @param remote list of remote traffic selectors to narrow 262: */ 263: bool (*narrow)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, 264: narrow_hook_t type, linked_list_t *local, linked_list_t *remote); 265: 266: /** 267: * Virtual IP address assignment hook. 268: * 269: * This hook gets invoked after virtual IPs have been assigned to a peer 270: * for a specific IKE_SA, and again before they get released. 271: * 272: * @param ike_sa IKE_SA the VIPs are assigned to 273: * @param assign TRUE if assigned to IKE_SA, FALSE if released 274: * @return TRUE to stay registered, FALSE to unregister 275: */ 276: bool (*assign_vips)(listener_t *this, ike_sa_t *ike_sa, bool assign); 277: 278: /** 279: * Virtual IP and configuration attribute handler hook. 280: * 281: * This hook gets invoked after virtual IP and other configuration 282: * attributes just got installed or are about to get uninstalled on a peer 283: * receiving them. 284: * 285: * @param ike_sa IKE_SA the VIPs/attributes are handled on 286: * @param handle TRUE if handled by IKE_SA, FALSE on release 287: * @return TRUE to stay registered, FALSE to unregister 288: */ 289: bool (*handle_vips)(listener_t *this, ike_sa_t *ike_sa, bool handle); 290: }; 291: 292: #endif /** LISTENER_H_ @}*/