Annotation of embedaddon/strongswan/src/libcharon/bus/listeners/listener.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2011-2016 Tobias Brunner
3: * Copyright (C) 2009 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup listener listener
19: * @{ @ingroup listeners
20: */
21:
22: #ifndef LISTENER_H_
23: #define LISTENER_H_
24:
25: typedef struct listener_t listener_t;
26:
27: #include <bus/bus.h>
28:
29: /**
30: * Listener interface, listens to events if registered to the bus.
31: */
32: struct listener_t {
33:
34: /**
35: * Hook called if a critical alert is raised.
36: *
37: * @param ike_sa IKE_SA associated to the alert, if any
38: * @param alert kind of alert
39: * @param ... alert specific argument list
40: * @return TRUE to stay registered, FALSE to unregister
41: */
42: bool (*alert)(listener_t *this, ike_sa_t *ike_sa,
43: alert_t alert, va_list args);
44:
45: /**
46: * Handle state changes in an IKE_SA.
47: *
48: * @param ike_sa IKE_SA which changes its state
49: * @param state new IKE_SA state this IKE_SA changes to
50: * @return TRUE to stay registered, FALSE to unregister
51: */
52: bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa,
53: ike_sa_state_t state);
54:
55: /**
56: * Handle state changes in a CHILD_SA.
57: *
58: * @param ike_sa IKE_SA containing the affected CHILD_SA
59: * @param child_sa CHILD_SA which changes its state
60: * @param state new CHILD_SA state this CHILD_SA changes to
61: * @return TRUE to stay registered, FALSE to unregister
62: */
63: bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa,
64: child_sa_t *child_sa, child_sa_state_t state);
65:
66: /**
67: * Hook called for received/sent messages of an IKE_SA.
68: *
69: * The hook is invoked twice for each message: Once with plain, parsed data
70: * and once encoded and encrypted.
71: *
72: * @param ike_sa IKE_SA sending/receiving a message
73: * @param message message object
74: * @param incoming TRUE for incoming messages, FALSE for outgoing
75: * @param plain TRUE if message is parsed and decrypted, FALSE it not
76: * @return TRUE to stay registered, FALSE to unregister
77: */
78: bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message,
79: bool incoming, bool plain);
80:
81: /**
82: * Hook called with IKE_SA key material.
83: *
84: * @param ike_sa IKE_SA this keymat belongs to
85: * @param dh diffie hellman shared secret
86: * @param dh_other others DH public value (IKEv1 only)
87: * @param nonce_i initiator's nonce
88: * @param nonce_r responder's nonce
89: * @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
90: * @param shared shared key used for key derivation (IKEv1-PSK only)
91: * @param method auth method for key derivation (IKEv1-non-PSK only)
92: * @return TRUE to stay registered, FALSE to unregister
93: */
94: bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
95: chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
96: ike_sa_t *rekey, shared_key_t *shared,
97: auth_method_t method);
98:
99: /**
100: * Hook called with derived IKE_SA keys.
101: *
102: * @param ike_sa IKE_SA these keys belong to
103: * @param sk_ei SK_ei, or Ka for IKEv1
104: * @param sk_er SK_er
105: * @param sk_ai SK_ai, or SKEYID_a for IKEv1
106: * @param sk_ar SK_ar
107: */
108: bool (*ike_derived_keys)(listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei,
109: chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar);
110:
111: /**
112: * Hook called with CHILD_SA key material.
113: *
114: * @param ike_sa IKE_SA the child sa belongs to
115: * @param child_sa CHILD_SA this keymat is used for
116: * @param initiator initiator of the CREATE_CHILD_SA exchange
117: * @param dh diffie hellman shared secret
118: * @param nonce_i initiator's nonce
119: * @param nonce_r responder's nonce
120: * @return TRUE to stay registered, FALSE to unregister
121: */
122: bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
123: bool initiator, diffie_hellman_t *dh,
124: chunk_t nonce_i, chunk_t nonce_r);
125:
126: /**
127: * Hook called with derived CHILD_SA keys.
128: *
129: * @param ike_sa IKE_SA the child sa belongs to
130: * @param child_sa CHILD_SA these keys are used for
131: * @param initiator initiator of the CREATE_CHILD_SA exchange
132: * @param encr_i initiator's encryption key
133: * @param encr_o responder's encryption key
134: * @param integ_i initiator's integrity key
135: * @param integ_r responder's integrity key
136: */
137: bool (*child_derived_keys)(listener_t *this, ike_sa_t *ike_sa,
138: child_sa_t *child_sa, bool initiator,
139: chunk_t encr_i, chunk_t encr_r,
140: chunk_t integ_i, chunk_t integ_r);
141:
142: /**
143: * Hook called if an IKE_SA gets up or down.
144: *
145: * @param ike_sa IKE_SA coming up/going down
146: * @param up TRUE for an up event, FALSE for a down event
147: * @return TRUE to stay registered, FALSE to unregister
148: */
149: bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up);
150:
151: /**
152: * Hook called when an IKE_SA gets rekeyed.
153: *
154: * @param old rekeyed IKE_SA getting obsolete
155: * @param new new IKE_SA replacing old
156: * @return TRUE to stay registered, FALSE to unregister
157: */
158: bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
159:
160: /**
161: * Hook called for IKE_SA peer endpoint updates.
162: *
163: * @param ike_sa updated IKE_SA, having old endpoints set
164: * @param local TRUE if local endpoint gets updated, FALSE for remote
165: * @param new new endpoint address and port
166: * @return TRUE to stay registered, FALSE to unregister
167: */
168: bool (*ike_update)(listener_t *this, ike_sa_t *ike_sa,
169: bool local, host_t *new);
170:
171: /**
172: * Hook called when an initiator reestablishes an IKE_SA.
173: *
174: * This is invoked right after creating the new IKE_SA and setting the
175: * peer_cfg (and the old hosts), but before resolving the hosts anew.
176: * It is not invoked on the responder.
177: *
178: * @param old IKE_SA getting reestablished (is destroyed)
179: * @param new new IKE_SA replacing old (gets established)
180: * @return TRUE to stay registered, FALSE to unregister
181: */
182: bool (*ike_reestablish_pre)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
183:
184: /**
185: * Hook called when an initiator reestablishes an IKE_SA.
186: *
187: * This is invoked right before the new IKE_SA is checked in after
188: * initiating it. It is not invoked on the responder.
189: *
190: * @param old IKE_SA getting reestablished (is destroyed)
191: * @param new new IKE_SA replacing old (gets established)
192: * @param initiated TRUE if initiation was successful, FALSE otherwise
193: * @return TRUE to stay registered, FALSE to unregister
194: */
195: bool (*ike_reestablish_post)(listener_t *this, ike_sa_t *old,
196: ike_sa_t *new, bool initiated);
197:
198: /**
199: * Hook called when a CHILD_SA gets up or down.
200: *
201: * @param ike_sa IKE_SA containing the handled CHILD_SA
202: * @param child_sa CHILD_SA coming up/going down
203: * @param up TRUE for an up event, FALSE for a down event
204: * @return TRUE to stay registered, FALSE to unregister
205: */
206: bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa,
207: child_sa_t *child_sa, bool up);
208:
209: /**
210: * Hook called when an CHILD_SA gets rekeyed.
211: *
212: * @param ike_sa IKE_SA containing the rekeyed CHILD_SA
213: * @param old rekeyed CHILD_SA getting obsolete
214: * @param new new CHILD_SA replacing old
215: * @return TRUE to stay registered, FALSE to unregister
216: */
217: bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa,
218: child_sa_t *old, child_sa_t *new);
219:
220: /**
221: * Hook called when CHILD_SAs get migrated from one IKE_SA to another during
222: * IKEv1 reauthentication.
223: *
224: * This is called twice, once for the old IKE_SA before the CHILD_SAs are
225: * removed, and once for the new IKE_SA just after they got added.
226: *
227: * @param ike_sa new or old IKE_SA
228: * @param new ID of new SA when called for the old, NULL otherwise
229: * @param unique unique ID of new SA when called for the old, 0 otherwise
230: * @return TRUE to stay registered, FALSE to unregister
231: */
232: bool (*children_migrate)(listener_t *this, ike_sa_t *ike_sa,
233: ike_sa_id_t *new, uint32_t unique);
234:
235: /**
236: * Hook called to invoke additional authorization rules.
237: *
238: * An authorization hook gets invoked several times: After each
239: * authentication round, the hook gets invoked with with final = FALSE.
240: * After authentication is complete and the peer configuration is selected,
241: * it is invoked again, but with final = TRUE.
242: *
243: * @param ike_sa IKE_SA to authorize
244: * @param final TRUE if this is the final hook invocation
245: * @param success set to TRUE to complete IKE_SA, FALSE abort
246: * @return TRUE to stay registered, FALSE to unregister
247: */
248: bool (*authorize)(listener_t *this, ike_sa_t *ike_sa,
249: bool final, bool *success);
250:
251: /**
252: * CHILD_SA traffic selector narrowing hook.
253: *
254: * This hook is invoked for each CHILD_SA and allows plugins to modify
255: * the traffic selector list negotiated for this CHILD_SA.
256: *
257: * @param ike_sa IKE_SA the created CHILD_SA is created in
258: * @param child_sa CHILD_SA set up with these traffic selectors
259: * @param type type of hook getting invoked
260: * @param local list of local traffic selectors to narrow
261: * @param remote list of remote traffic selectors to narrow
262: */
263: bool (*narrow)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
264: narrow_hook_t type, linked_list_t *local, linked_list_t *remote);
265:
266: /**
267: * Virtual IP address assignment hook.
268: *
269: * This hook gets invoked after virtual IPs have been assigned to a peer
270: * for a specific IKE_SA, and again before they get released.
271: *
272: * @param ike_sa IKE_SA the VIPs are assigned to
273: * @param assign TRUE if assigned to IKE_SA, FALSE if released
274: * @return TRUE to stay registered, FALSE to unregister
275: */
276: bool (*assign_vips)(listener_t *this, ike_sa_t *ike_sa, bool assign);
277:
278: /**
279: * Virtual IP and configuration attribute handler hook.
280: *
281: * This hook gets invoked after virtual IP and other configuration
282: * attributes just got installed or are about to get uninstalled on a peer
283: * receiving them.
284: *
285: * @param ike_sa IKE_SA the VIPs/attributes are handled on
286: * @param handle TRUE if handled by IKE_SA, FALSE on release
287: * @return TRUE to stay registered, FALSE to unregister
288: */
289: bool (*handle_vips)(listener_t *this, ike_sa_t *ike_sa, bool handle);
290: };
291:
292: #endif /** LISTENER_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>