bus: Add an ike_update() hook invoked when peer endpoints change
[strongswan.git] / src / libcharon / bus / listeners / listener.h
1 /*
2 * Copyright (C) 2011-2014 Tobias Brunner
3 * Copyright (C) 2009 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup listener listener
19 * @{ @ingroup listeners
20 */
21
22 #ifndef LISTENER_H_
23 #define LISTENER_H_
24
25 typedef struct listener_t listener_t;
26
27 #include <bus/bus.h>
28
29 /**
30 * Listener interface, listens to events if registered to the bus.
31 */
32 struct listener_t {
33
34 /**
35 * Hook called if a critical alert is raised.
36 *
37 * @param ike_sa IKE_SA associated to the alert, if any
38 * @param alert kind of alert
39 * @param ... alert specific argument list
40 * @return TRUE to stay registered, FALSE to unregister
41 */
42 bool (*alert)(listener_t *this, ike_sa_t *ike_sa,
43 alert_t alert, va_list args);
44
45 /**
46 * Handle state changes in an IKE_SA.
47 *
48 * @param ike_sa IKE_SA which changes its state
49 * @param state new IKE_SA state this IKE_SA changes to
50 * @return TRUE to stay registered, FALSE to unregister
51 */
52 bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa,
53 ike_sa_state_t state);
54
55 /**
56 * Handle state changes in a CHILD_SA.
57 *
58 * @param ike_sa IKE_SA containing the affected CHILD_SA
59 * @param child_sa CHILD_SA which changes its state
60 * @param state new CHILD_SA state this CHILD_SA changes to
61 * @return TRUE to stay registered, FALSE to unregister
62 */
63 bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa,
64 child_sa_t *child_sa, child_sa_state_t state);
65
66 /**
67 * Hook called for received/sent messages of an IKE_SA.
68 *
69 * The hook is invoked twice for each message: Once with plain, parsed data
70 * and once encoded and encrypted.
71 *
72 * @param ike_sa IKE_SA sending/receiving a message
73 * @param message message object
74 * @param incoming TRUE for incoming messages, FALSE for outgoing
75 * @param plain TRUE if message is parsed and decrypted, FALSE it not
76 * @return TRUE to stay registered, FALSE to unregister
77 */
78 bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message,
79 bool incoming, bool plain);
80
81 /**
82 * Hook called with IKE_SA key material.
83 *
84 * @param ike_sa IKE_SA this keymat belongs to
85 * @param dh diffie hellman shared secret
86 * @param dh_other others DH public value (IKEv1 only)
87 * @param nonce_i initiators nonce
88 * @param nonce_r responders nonce
89 * @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
90 * @param shared shared key used for key derivation (IKEv1-PSK only)
91 * @return TRUE to stay registered, FALSE to unregister
92 */
93 bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
94 chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
95 ike_sa_t *rekey, shared_key_t *shared);
96
97 /**
98 * Hook called with CHILD_SA key material.
99 *
100 * @param ike_sa IKE_SA the child sa belongs to
101 * @param child_sa CHILD_SA this keymat is used for
102 * @param initiator initiator of the CREATE_CHILD_SA exchange
103 * @param dh diffie hellman shared secret
104 * @param nonce_i initiators nonce
105 * @param nonce_r responders nonce
106 * @return TRUE to stay registered, FALSE to unregister
107 */
108 bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
109 bool initiator, diffie_hellman_t *dh,
110 chunk_t nonce_i, chunk_t nonce_r);
111
112 /**
113 * Hook called if an IKE_SA gets up or down.
114 *
115 * @param ike_sa IKE_SA coming up/going down
116 * @param up TRUE for an up event, FALSE for a down event
117 * @return TRUE to stay registered, FALSE to unregister
118 */
119 bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up);
120
121 /**
122 * Hook called when an IKE_SA gets rekeyed.
123 *
124 * @param old rekeyed IKE_SA getting obsolete
125 * @param new new IKE_SA replacing old
126 * @return TRUE to stay registered, FALSE to unregister
127 */
128 bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
129
130 /**
131 * Hook called for IKE_SA peer endpoint updates.
132 *
133 * @param ike_sa updated IKE_SA, having old endpoints set
134 * @param local TRUE if local endpoint gets updated, FALSE for remote
135 * @param new new endpoint address and port
136 * @return TRUE to stay registered, FALSE to unregister
137 */
138 bool (*ike_update)(listener_t *this, ike_sa_t *ike_sa,
139 bool local, host_t *new);
140
141 /**
142 * Hook called when an initiator reestablishes an IKE_SA.
143 *
144 * This is invoked right after creating the new IKE_SA and setting the
145 * peer_cfg (and the old hosts), but before resolving the hosts anew.
146 * It is not invoked on the responder.
147 *
148 * @param old IKE_SA getting reestablished (is destroyed)
149 * @param new new IKE_SA replacing old (gets established)
150 * @return TRUE to stay registered, FALSE to unregister
151 */
152 bool (*ike_reestablish_pre)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
153
154 /**
155 * Hook called when an initiator reestablishes an IKE_SA.
156 *
157 * This is invoked right before the new IKE_SA is checked in after
158 * initiating it. It is not invoked on the responder.
159 *
160 * @param old IKE_SA getting reestablished (is destroyed)
161 * @param new new IKE_SA replacing old (gets established)
162 * @param initiated TRUE if initiation was successful, FALSE otherwise
163 * @return TRUE to stay registered, FALSE to unregister
164 */
165 bool (*ike_reestablish_post)(listener_t *this, ike_sa_t *old,
166 ike_sa_t *new, bool initiated);
167
168 /**
169 * Hook called when a CHILD_SA gets up or down.
170 *
171 * @param ike_sa IKE_SA containing the handled CHILD_SA
172 * @param child_sa CHILD_SA coming up/going down
173 * @param up TRUE for an up event, FALSE for a down event
174 * @return TRUE to stay registered, FALSE to unregister
175 */
176 bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa,
177 child_sa_t *child_sa, bool up);
178
179 /**
180 * Hook called when an CHILD_SA gets rekeyed.
181 *
182 * @param ike_sa IKE_SA containing the rekeyed CHILD_SA
183 * @param old rekeyed CHILD_SA getting obsolete
184 * @param new new CHILD_SA replacing old
185 * @return TRUE to stay registered, FALSE to unregister
186 */
187 bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa,
188 child_sa_t *old, child_sa_t *new);
189
190 /**
191 * Hook called to invoke additional authorization rules.
192 *
193 * An authorization hook gets invoked several times: After each
194 * authentication round, the hook gets invoked with with final = FALSE.
195 * After authentication is complete and the peer configuration is selected,
196 * it is invoked again, but with final = TRUE.
197 *
198 * @param ike_sa IKE_SA to authorize
199 * @param final TRUE if this is the final hook invocation
200 * @param success set to TRUE to complete IKE_SA, FALSE abort
201 * @return TRUE to stay registered, FALSE to unregister
202 */
203 bool (*authorize)(listener_t *this, ike_sa_t *ike_sa,
204 bool final, bool *success);
205
206 /**
207 * CHILD_SA traffic selector narrowing hook.
208 *
209 * This hook is invoked for each CHILD_SA and allows plugins to modify
210 * the traffic selector list negotiated for this CHILD_SA.
211 *
212 * @param ike_sa IKE_SA the created CHILD_SA is created in
213 * @param child_sa CHILD_SA set up with these traffic selectors
214 * @param type type of hook getting invoked
215 * @param local list of local traffic selectors to narrow
216 * @param remote list of remote traffic selectors to narrow
217 */
218 bool (*narrow)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
219 narrow_hook_t type, linked_list_t *local, linked_list_t *remote);
220
221 /**
222 * Virtual IP address assignment hook.
223 *
224 * This hook gets invoked after virtual IPs have been assigned to a peer
225 * for a specific IKE_SA, and again before they get released.
226 *
227 * @param ike_sa IKE_SA the VIPs are assigned to
228 * @param assign TRUE if assigned to IKE_SA, FALSE if released
229 * @return TRUE to stay registered, FALSE to unregister
230 */
231 bool (*assign_vips)(listener_t *this, ike_sa_t *ike_sa, bool assign);
232
233 /**
234 * Virtual IP and configuration attribute handler hook.
235 *
236 * This hook gets invoked after virtual IP and other configuration
237 * attributes just got installed or are about to get uninstalled on a peer
238 * receiving them.
239 *
240 * @param ike_sa IKE_SA the VIPs/attributes are handled on
241 * @param handle TRUE if handled by IKE_SA, FALSE on release
242 * @return TRUE to stay registered, FALSE to unregister
243 */
244 bool (*handle_vips)(listener_t *this, ike_sa_t *ike_sa, bool handle);
245 };
246
247 #endif /** LISTENER_H_ @}*/