Annotation of embedaddon/strongswan/src/libcharon/bus/listeners/listener.h, revision 1.1.1.2
1.1 misho 1: /*
1.1.1.2 ! misho 2: * Copyright (C) 2011-2020 Tobias Brunner
1.1 misho 3: * Copyright (C) 2009 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup listener listener
19: * @{ @ingroup listeners
20: */
21:
22: #ifndef LISTENER_H_
23: #define LISTENER_H_
24:
25: typedef struct listener_t listener_t;
26:
27: #include <bus/bus.h>
28:
29: /**
30: * Listener interface, listens to events if registered to the bus.
31: */
32: struct listener_t {
33:
34: /**
35: * Hook called if a critical alert is raised.
36: *
37: * @param ike_sa IKE_SA associated to the alert, if any
38: * @param alert kind of alert
39: * @param ... alert specific argument list
40: * @return TRUE to stay registered, FALSE to unregister
41: */
42: bool (*alert)(listener_t *this, ike_sa_t *ike_sa,
43: alert_t alert, va_list args);
44:
45: /**
46: * Handle state changes in an IKE_SA.
47: *
48: * @param ike_sa IKE_SA which changes its state
49: * @param state new IKE_SA state this IKE_SA changes to
50: * @return TRUE to stay registered, FALSE to unregister
51: */
52: bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa,
53: ike_sa_state_t state);
54:
55: /**
56: * Handle state changes in a CHILD_SA.
57: *
58: * @param ike_sa IKE_SA containing the affected CHILD_SA
59: * @param child_sa CHILD_SA which changes its state
60: * @param state new CHILD_SA state this CHILD_SA changes to
61: * @return TRUE to stay registered, FALSE to unregister
62: */
63: bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa,
64: child_sa_t *child_sa, child_sa_state_t state);
65:
66: /**
67: * Hook called for received/sent messages of an IKE_SA.
68: *
69: * The hook is invoked twice for each message: Once with plain, parsed data
70: * and once encoded and encrypted.
71: *
72: * @param ike_sa IKE_SA sending/receiving a message
73: * @param message message object
74: * @param incoming TRUE for incoming messages, FALSE for outgoing
75: * @param plain TRUE if message is parsed and decrypted, FALSE it not
76: * @return TRUE to stay registered, FALSE to unregister
77: */
78: bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message,
79: bool incoming, bool plain);
80:
81: /**
82: * Hook called with IKE_SA key material.
83: *
84: * @param ike_sa IKE_SA this keymat belongs to
85: * @param dh diffie hellman shared secret
86: * @param dh_other others DH public value (IKEv1 only)
87: * @param nonce_i initiator's nonce
88: * @param nonce_r responder's nonce
89: * @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
90: * @param shared shared key used for key derivation (IKEv1-PSK only)
91: * @param method auth method for key derivation (IKEv1-non-PSK only)
92: * @return TRUE to stay registered, FALSE to unregister
93: */
94: bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
95: chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
96: ike_sa_t *rekey, shared_key_t *shared,
97: auth_method_t method);
98:
99: /**
100: * Hook called with derived IKE_SA keys.
101: *
102: * @param ike_sa IKE_SA these keys belong to
103: * @param sk_ei SK_ei, or Ka for IKEv1
104: * @param sk_er SK_er
105: * @param sk_ai SK_ai, or SKEYID_a for IKEv1
106: * @param sk_ar SK_ar
107: */
108: bool (*ike_derived_keys)(listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei,
109: chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar);
110:
111: /**
112: * Hook called with CHILD_SA key material.
113: *
114: * @param ike_sa IKE_SA the child sa belongs to
115: * @param child_sa CHILD_SA this keymat is used for
116: * @param initiator initiator of the CREATE_CHILD_SA exchange
117: * @param dh diffie hellman shared secret
118: * @param nonce_i initiator's nonce
119: * @param nonce_r responder's nonce
120: * @return TRUE to stay registered, FALSE to unregister
121: */
122: bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
123: bool initiator, diffie_hellman_t *dh,
124: chunk_t nonce_i, chunk_t nonce_r);
125:
126: /**
127: * Hook called with derived CHILD_SA keys.
128: *
129: * @param ike_sa IKE_SA the child sa belongs to
130: * @param child_sa CHILD_SA these keys are used for
131: * @param initiator initiator of the CREATE_CHILD_SA exchange
132: * @param encr_i initiator's encryption key
133: * @param encr_o responder's encryption key
134: * @param integ_i initiator's integrity key
135: * @param integ_r responder's integrity key
136: */
137: bool (*child_derived_keys)(listener_t *this, ike_sa_t *ike_sa,
138: child_sa_t *child_sa, bool initiator,
139: chunk_t encr_i, chunk_t encr_r,
140: chunk_t integ_i, chunk_t integ_r);
141:
142: /**
143: * Hook called if an IKE_SA gets up or down.
144: *
145: * @param ike_sa IKE_SA coming up/going down
146: * @param up TRUE for an up event, FALSE for a down event
147: * @return TRUE to stay registered, FALSE to unregister
148: */
149: bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up);
150:
151: /**
152: * Hook called when an IKE_SA gets rekeyed.
153: *
154: * @param old rekeyed IKE_SA getting obsolete
155: * @param new new IKE_SA replacing old
156: * @return TRUE to stay registered, FALSE to unregister
157: */
158: bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
159:
160: /**
161: * Hook called for IKE_SA peer endpoint updates.
162: *
1.1.1.2 ! misho 163: * At least one endpoint has changed when this is invoked.
! 164: *
1.1 misho 165: * @param ike_sa updated IKE_SA, having old endpoints set
1.1.1.2 ! misho 166: * @param local new/current local endpoint address and port
! 167: * @param remote new/current remote endpoint address and port
1.1 misho 168: * @return TRUE to stay registered, FALSE to unregister
169: */
170: bool (*ike_update)(listener_t *this, ike_sa_t *ike_sa,
1.1.1.2 ! misho 171: host_t *local, host_t *remote);
1.1 misho 172:
173: /**
174: * Hook called when an initiator reestablishes an IKE_SA.
175: *
176: * This is invoked right after creating the new IKE_SA and setting the
177: * peer_cfg (and the old hosts), but before resolving the hosts anew.
178: * It is not invoked on the responder.
179: *
180: * @param old IKE_SA getting reestablished (is destroyed)
181: * @param new new IKE_SA replacing old (gets established)
182: * @return TRUE to stay registered, FALSE to unregister
183: */
184: bool (*ike_reestablish_pre)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
185:
186: /**
187: * Hook called when an initiator reestablishes an IKE_SA.
188: *
189: * This is invoked right before the new IKE_SA is checked in after
190: * initiating it. It is not invoked on the responder.
191: *
192: * @param old IKE_SA getting reestablished (is destroyed)
193: * @param new new IKE_SA replacing old (gets established)
194: * @param initiated TRUE if initiation was successful, FALSE otherwise
195: * @return TRUE to stay registered, FALSE to unregister
196: */
197: bool (*ike_reestablish_post)(listener_t *this, ike_sa_t *old,
198: ike_sa_t *new, bool initiated);
199:
200: /**
201: * Hook called when a CHILD_SA gets up or down.
202: *
203: * @param ike_sa IKE_SA containing the handled CHILD_SA
204: * @param child_sa CHILD_SA coming up/going down
205: * @param up TRUE for an up event, FALSE for a down event
206: * @return TRUE to stay registered, FALSE to unregister
207: */
208: bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa,
209: child_sa_t *child_sa, bool up);
210:
211: /**
212: * Hook called when an CHILD_SA gets rekeyed.
213: *
214: * @param ike_sa IKE_SA containing the rekeyed CHILD_SA
215: * @param old rekeyed CHILD_SA getting obsolete
216: * @param new new CHILD_SA replacing old
217: * @return TRUE to stay registered, FALSE to unregister
218: */
219: bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa,
220: child_sa_t *old, child_sa_t *new);
221:
222: /**
223: * Hook called when CHILD_SAs get migrated from one IKE_SA to another during
224: * IKEv1 reauthentication.
225: *
226: * This is called twice, once for the old IKE_SA before the CHILD_SAs are
227: * removed, and once for the new IKE_SA just after they got added.
228: *
229: * @param ike_sa new or old IKE_SA
230: * @param new ID of new SA when called for the old, NULL otherwise
231: * @param unique unique ID of new SA when called for the old, 0 otherwise
232: * @return TRUE to stay registered, FALSE to unregister
233: */
234: bool (*children_migrate)(listener_t *this, ike_sa_t *ike_sa,
235: ike_sa_id_t *new, uint32_t unique);
236:
237: /**
238: * Hook called to invoke additional authorization rules.
239: *
240: * An authorization hook gets invoked several times: After each
241: * authentication round, the hook gets invoked with with final = FALSE.
242: * After authentication is complete and the peer configuration is selected,
243: * it is invoked again, but with final = TRUE.
244: *
245: * @param ike_sa IKE_SA to authorize
246: * @param final TRUE if this is the final hook invocation
247: * @param success set to TRUE to complete IKE_SA, FALSE abort
248: * @return TRUE to stay registered, FALSE to unregister
249: */
250: bool (*authorize)(listener_t *this, ike_sa_t *ike_sa,
251: bool final, bool *success);
252:
253: /**
254: * CHILD_SA traffic selector narrowing hook.
255: *
256: * This hook is invoked for each CHILD_SA and allows plugins to modify
257: * the traffic selector list negotiated for this CHILD_SA.
258: *
259: * @param ike_sa IKE_SA the created CHILD_SA is created in
260: * @param child_sa CHILD_SA set up with these traffic selectors
261: * @param type type of hook getting invoked
262: * @param local list of local traffic selectors to narrow
263: * @param remote list of remote traffic selectors to narrow
264: */
265: bool (*narrow)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
266: narrow_hook_t type, linked_list_t *local, linked_list_t *remote);
267:
268: /**
269: * Virtual IP address assignment hook.
270: *
271: * This hook gets invoked after virtual IPs have been assigned to a peer
272: * for a specific IKE_SA, and again before they get released.
273: *
274: * @param ike_sa IKE_SA the VIPs are assigned to
275: * @param assign TRUE if assigned to IKE_SA, FALSE if released
276: * @return TRUE to stay registered, FALSE to unregister
277: */
278: bool (*assign_vips)(listener_t *this, ike_sa_t *ike_sa, bool assign);
279:
280: /**
281: * Virtual IP and configuration attribute handler hook.
282: *
283: * This hook gets invoked after virtual IP and other configuration
284: * attributes just got installed or are about to get uninstalled on a peer
285: * receiving them.
286: *
287: * @param ike_sa IKE_SA the VIPs/attributes are handled on
288: * @param handle TRUE if handled by IKE_SA, FALSE on release
289: * @return TRUE to stay registered, FALSE to unregister
290: */
291: bool (*handle_vips)(listener_t *this, ike_sa_t *ike_sa, bool handle);
292: };
293:
294: #endif /** LISTENER_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>