redirect-manager: Add helper function to create and parse REDIRECT notify data
[strongswan.git] / src / libcharon / sa / redirect_manager.h
1 /*
2 * Copyright (C) 2015 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup redirect_manager redirect_manager
18 * @{ @ingroup sa
19 */
20
21 #ifndef REDIRECT_MANAGER_H_
22 #define REDIRECT_MANAGER_H_
23
24 typedef struct redirect_manager_t redirect_manager_t;
25
26 #include <sa/redirect_provider.h>
27
28 /**
29 * Manages redirect providers.
30 */
31 struct redirect_manager_t {
32
33 /**
34 * Add a redirect provider.
35 *
36 * All registered providers are queried until one of them decides to
37 * redirect a client.
38 *
39 * A provider may be called concurrently for different IKE_SAs.
40 *
41 * @param provider provider to register
42 */
43 void (*add_provider)(redirect_manager_t *this,
44 redirect_provider_t *provider);
45
46 /**
47 * Remove a redirect provider.
48 *
49 * @param provider provider to unregister
50 */
51 void (*remove_provider)(redirect_manager_t *this,
52 redirect_provider_t *provider);
53
54 /**
55 * Determine whether a client should be redirected upon receipt of the
56 * IKE_SA_INIT message.
57 *
58 * @param ike_sa IKE_SA for which this is called
59 * @param gateway[out] new IKE gateway (IP or FQDN)
60 * @return TRUE if client should be redirected, FALSE otherwise
61 */
62 bool (*redirect_on_init)(redirect_manager_t *this, ike_sa_t *ike_sa,
63 identification_t **gateway);
64
65 /**
66 * Determine whether a client should be redirected after the IKE_AUTH has
67 * been handled. Should be called after the client is authenticated and
68 * when the server authenticates itself.
69 *
70 * @param ike_sa IKE_SA for which this is called
71 * @param gateway[out] new IKE gateway (IP or FQDN)
72 * @return TRUE if client should be redirected, FALSE otherwise
73 */
74 bool (*redirect_on_auth)(redirect_manager_t *this, ike_sa_t *ike_sa,
75 identification_t **gateway);
76
77 /**
78 * Destroy this instance.
79 */
80 void (*destroy)(redirect_manager_t *this);
81 };
82
83 /**
84 * Create a redirect manager instance.
85 *
86 * @return manager instance
87 */
88 redirect_manager_t *redirect_manager_create();
89
90 /**
91 * Create notification data of a REDIRECT or REDIRECT_FROM payload using the
92 * given gateway identity and optional nonce (only used during IKE_SA_INIT).
93 *
94 * @param gw gateway identity (IP or FQDN), gets cloned
95 * @param nonce nonce value, or chunk_empty, gets cloned
96 * @return notify data, chunk_empty if ID type is not supported
97 */
98 chunk_t redirect_data_create(identification_t *gw, chunk_t nonce);
99
100 /**
101 * Parse notification data of a REDIRECT or REDIRECTED_FROM notify payload.
102 *
103 * @param data notification data to parse
104 * @param nonce[out] nonce data (allocated), if any was provided
105 * @return gateway identity, NULL if data is invalid
106 */
107 identification_t *redirect_data_parse(chunk_t data, chunk_t *nonce);
108
109 #endif /** REDIRECT_MANAGER_H_ @}*/