Return to listener.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / bus / listeners |
1.1 misho 1: /* 1.1.1.2 ! misho 2: * Copyright (C) 2011-2020 Tobias Brunner 1.1 misho 3: * Copyright (C) 2009 Martin Willi 4: * HSR Hochschule fuer Technik Rapperswil 5: * 6: * This program is free software; you can redistribute it and/or modify it 7: * under the terms of the GNU General Public License as published by the 8: * Free Software Foundation; either version 2 of the License, or (at your 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 10: * 11: * This program is distributed in the hope that it will be useful, but 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14: * for more details. 15: */ 16: 17: /** 18: * @defgroup listener listener 19: * @{ @ingroup listeners 20: */ 21: 22: #ifndef LISTENER_H_ 23: #define LISTENER_H_ 24: 25: typedef struct listener_t listener_t; 26: 27: #include <bus/bus.h> 28: 29: /** 30: * Listener interface, listens to events if registered to the bus. 31: */ 32: struct listener_t { 33: 34: /** 35: * Hook called if a critical alert is raised. 36: * 37: * @param ike_sa IKE_SA associated to the alert, if any 38: * @param alert kind of alert 39: * @param ... alert specific argument list 40: * @return TRUE to stay registered, FALSE to unregister 41: */ 42: bool (*alert)(listener_t *this, ike_sa_t *ike_sa, 43: alert_t alert, va_list args); 44: 45: /** 46: * Handle state changes in an IKE_SA. 47: * 48: * @param ike_sa IKE_SA which changes its state 49: * @param state new IKE_SA state this IKE_SA changes to 50: * @return TRUE to stay registered, FALSE to unregister 51: */ 52: bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa, 53: ike_sa_state_t state); 54: 55: /** 56: * Handle state changes in a CHILD_SA. 57: * 58: * @param ike_sa IKE_SA containing the affected CHILD_SA 59: * @param child_sa CHILD_SA which changes its state 60: * @param state new CHILD_SA state this CHILD_SA changes to 61: * @return TRUE to stay registered, FALSE to unregister 62: */ 63: bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa, 64: child_sa_t *child_sa, child_sa_state_t state); 65: 66: /** 67: * Hook called for received/sent messages of an IKE_SA. 68: * 69: * The hook is invoked twice for each message: Once with plain, parsed data 70: * and once encoded and encrypted. 71: * 72: * @param ike_sa IKE_SA sending/receiving a message 73: * @param message message object 74: * @param incoming TRUE for incoming messages, FALSE for outgoing 75: * @param plain TRUE if message is parsed and decrypted, FALSE it not 76: * @return TRUE to stay registered, FALSE to unregister 77: */ 78: bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message, 79: bool incoming, bool plain); 80: 81: /** 82: * Hook called with IKE_SA key material. 83: * 84: * @param ike_sa IKE_SA this keymat belongs to 85: * @param dh diffie hellman shared secret 86: * @param dh_other others DH public value (IKEv1 only) 87: * @param nonce_i initiator's nonce 88: * @param nonce_r responder's nonce 89: * @param rekey IKE_SA we are rekeying, if any (IKEv2 only) 90: * @param shared shared key used for key derivation (IKEv1-PSK only) 91: * @param method auth method for key derivation (IKEv1-non-PSK only) 92: * @return TRUE to stay registered, FALSE to unregister 93: */ 94: bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh, 95: chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, 96: ike_sa_t *rekey, shared_key_t *shared, 97: auth_method_t method); 98: 99: /** 100: * Hook called with derived IKE_SA keys. 101: * 102: * @param ike_sa IKE_SA these keys belong to 103: * @param sk_ei SK_ei, or Ka for IKEv1 104: * @param sk_er SK_er 105: * @param sk_ai SK_ai, or SKEYID_a for IKEv1 106: * @param sk_ar SK_ar 107: */ 108: bool (*ike_derived_keys)(listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei, 109: chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar); 110: 111: /** 112: * Hook called with CHILD_SA key material. 113: * 114: * @param ike_sa IKE_SA the child sa belongs to 115: * @param child_sa CHILD_SA this keymat is used for 116: * @param initiator initiator of the CREATE_CHILD_SA exchange 117: * @param dh diffie hellman shared secret 118: * @param nonce_i initiator's nonce 119: * @param nonce_r responder's nonce 120: * @return TRUE to stay registered, FALSE to unregister 121: */ 122: bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, 123: bool initiator, diffie_hellman_t *dh, 124: chunk_t nonce_i, chunk_t nonce_r); 125: 126: /** 127: * Hook called with derived CHILD_SA keys. 128: * 129: * @param ike_sa IKE_SA the child sa belongs to 130: * @param child_sa CHILD_SA these keys are used for 131: * @param initiator initiator of the CREATE_CHILD_SA exchange 132: * @param encr_i initiator's encryption key 133: * @param encr_o responder's encryption key 134: * @param integ_i initiator's integrity key 135: * @param integ_r responder's integrity key 136: */ 137: bool (*child_derived_keys)(listener_t *this, ike_sa_t *ike_sa, 138: child_sa_t *child_sa, bool initiator, 139: chunk_t encr_i, chunk_t encr_r, 140: chunk_t integ_i, chunk_t integ_r); 141: 142: /** 143: * Hook called if an IKE_SA gets up or down. 144: * 145: * @param ike_sa IKE_SA coming up/going down 146: * @param up TRUE for an up event, FALSE for a down event 147: * @return TRUE to stay registered, FALSE to unregister 148: */ 149: bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up); 150: 151: /** 152: * Hook called when an IKE_SA gets rekeyed. 153: * 154: * @param old rekeyed IKE_SA getting obsolete 155: * @param new new IKE_SA replacing old 156: * @return TRUE to stay registered, FALSE to unregister 157: */ 158: bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new); 159: 160: /** 161: * Hook called for IKE_SA peer endpoint updates. 162: * 1.1.1.2 ! misho 163: * At least one endpoint has changed when this is invoked. ! 164: * 1.1 misho 165: * @param ike_sa updated IKE_SA, having old endpoints set 1.1.1.2 ! misho 166: * @param local new/current local endpoint address and port ! 167: * @param remote new/current remote endpoint address and port 1.1 misho 168: * @return TRUE to stay registered, FALSE to unregister 169: */ 170: bool (*ike_update)(listener_t *this, ike_sa_t *ike_sa, 1.1.1.2 ! misho 171: host_t *local, host_t *remote); 1.1 misho 172: 173: /** 174: * Hook called when an initiator reestablishes an IKE_SA. 175: * 176: * This is invoked right after creating the new IKE_SA and setting the 177: * peer_cfg (and the old hosts), but before resolving the hosts anew. 178: * It is not invoked on the responder. 179: * 180: * @param old IKE_SA getting reestablished (is destroyed) 181: * @param new new IKE_SA replacing old (gets established) 182: * @return TRUE to stay registered, FALSE to unregister 183: */ 184: bool (*ike_reestablish_pre)(listener_t *this, ike_sa_t *old, ike_sa_t *new); 185: 186: /** 187: * Hook called when an initiator reestablishes an IKE_SA. 188: * 189: * This is invoked right before the new IKE_SA is checked in after 190: * initiating it. It is not invoked on the responder. 191: * 192: * @param old IKE_SA getting reestablished (is destroyed) 193: * @param new new IKE_SA replacing old (gets established) 194: * @param initiated TRUE if initiation was successful, FALSE otherwise 195: * @return TRUE to stay registered, FALSE to unregister 196: */ 197: bool (*ike_reestablish_post)(listener_t *this, ike_sa_t *old, 198: ike_sa_t *new, bool initiated); 199: 200: /** 201: * Hook called when a CHILD_SA gets up or down. 202: * 203: * @param ike_sa IKE_SA containing the handled CHILD_SA 204: * @param child_sa CHILD_SA coming up/going down 205: * @param up TRUE for an up event, FALSE for a down event 206: * @return TRUE to stay registered, FALSE to unregister 207: */ 208: bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa, 209: child_sa_t *child_sa, bool up); 210: 211: /** 212: * Hook called when an CHILD_SA gets rekeyed. 213: * 214: * @param ike_sa IKE_SA containing the rekeyed CHILD_SA 215: * @param old rekeyed CHILD_SA getting obsolete 216: * @param new new CHILD_SA replacing old 217: * @return TRUE to stay registered, FALSE to unregister 218: */ 219: bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa, 220: child_sa_t *old, child_sa_t *new); 221: 222: /** 223: * Hook called when CHILD_SAs get migrated from one IKE_SA to another during 224: * IKEv1 reauthentication. 225: * 226: * This is called twice, once for the old IKE_SA before the CHILD_SAs are 227: * removed, and once for the new IKE_SA just after they got added. 228: * 229: * @param ike_sa new or old IKE_SA 230: * @param new ID of new SA when called for the old, NULL otherwise 231: * @param unique unique ID of new SA when called for the old, 0 otherwise 232: * @return TRUE to stay registered, FALSE to unregister 233: */ 234: bool (*children_migrate)(listener_t *this, ike_sa_t *ike_sa, 235: ike_sa_id_t *new, uint32_t unique); 236: 237: /** 238: * Hook called to invoke additional authorization rules. 239: * 240: * An authorization hook gets invoked several times: After each 241: * authentication round, the hook gets invoked with with final = FALSE. 242: * After authentication is complete and the peer configuration is selected, 243: * it is invoked again, but with final = TRUE. 244: * 245: * @param ike_sa IKE_SA to authorize 246: * @param final TRUE if this is the final hook invocation 247: * @param success set to TRUE to complete IKE_SA, FALSE abort 248: * @return TRUE to stay registered, FALSE to unregister 249: */ 250: bool (*authorize)(listener_t *this, ike_sa_t *ike_sa, 251: bool final, bool *success); 252: 253: /** 254: * CHILD_SA traffic selector narrowing hook. 255: * 256: * This hook is invoked for each CHILD_SA and allows plugins to modify 257: * the traffic selector list negotiated for this CHILD_SA. 258: * 259: * @param ike_sa IKE_SA the created CHILD_SA is created in 260: * @param child_sa CHILD_SA set up with these traffic selectors 261: * @param type type of hook getting invoked 262: * @param local list of local traffic selectors to narrow 263: * @param remote list of remote traffic selectors to narrow 264: */ 265: bool (*narrow)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, 266: narrow_hook_t type, linked_list_t *local, linked_list_t *remote); 267: 268: /** 269: * Virtual IP address assignment hook. 270: * 271: * This hook gets invoked after virtual IPs have been assigned to a peer 272: * for a specific IKE_SA, and again before they get released. 273: * 274: * @param ike_sa IKE_SA the VIPs are assigned to 275: * @param assign TRUE if assigned to IKE_SA, FALSE if released 276: * @return TRUE to stay registered, FALSE to unregister 277: */ 278: bool (*assign_vips)(listener_t *this, ike_sa_t *ike_sa, bool assign); 279: 280: /** 281: * Virtual IP and configuration attribute handler hook. 282: * 283: * This hook gets invoked after virtual IP and other configuration 284: * attributes just got installed or are about to get uninstalled on a peer 285: * receiving them. 286: * 287: * @param ike_sa IKE_SA the VIPs/attributes are handled on 288: * @param handle TRUE if handled by IKE_SA, FALSE on release 289: * @return TRUE to stay registered, FALSE to unregister 290: */ 291: bool (*handle_vips)(listener_t *this, ike_sa_t *ike_sa, bool handle); 292: }; 293: 294: #endif /** LISTENER_H_ @}*/