redirect-provider: Add interface to redirect clients during initial messages
authorTobias Brunner <tobias@strongswan.org>
Mon, 20 Apr 2015 12:05:16 +0000 (14:05 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Mar 2016 15:02:57 +0000 (16:02 +0100)
This will allow e.g. plugins to decide whether a connecting client is
redirected to a different gateway using RFC 5685.

src/libcharon/Android.mk
src/libcharon/Makefile.am
src/libcharon/sa/redirect_provider.h [new file with mode: 0644]

index 844bbfd..ca94666 100644 (file)
@@ -84,6 +84,7 @@ sa/child_sa_manager.c sa/child_sa_manager.h \
 sa/task_manager.h sa/task_manager.c \
 sa/shunt_manager.c sa/shunt_manager.h \
 sa/trap_manager.c sa/trap_manager.h \
+sa/redirect_provider.h \
 sa/task.c sa/task.h
 
 libcharon_la_SOURCES += \
index 4de8faa..2edf92a 100644 (file)
@@ -83,6 +83,7 @@ sa/child_sa_manager.c sa/child_sa_manager.h \
 sa/task_manager.h sa/task_manager.c \
 sa/shunt_manager.c sa/shunt_manager.h \
 sa/trap_manager.c sa/trap_manager.h \
+sa/redirect_provider.h \
 sa/task.c sa/task.h
 
 if USE_IKEV2
diff --git a/src/libcharon/sa/redirect_provider.h b/src/libcharon/sa/redirect_provider.h
new file mode 100644 (file)
index 0000000..ef2288f
--- /dev/null
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup redirect_provider redirect_provider
+ * @{ @ingroup sa
+ */
+
+#ifndef REDIRECT_PROVIDER_H_
+#define REDIRECT_PROVIDER_H_
+
+typedef struct redirect_provider_t redirect_provider_t;
+
+#include <library.h>
+#include <sa/ike_sa.h>
+
+/**
+ * Interface that allows implementations to decide whether a client is
+ * redirected during IKE_SA_INIT or IKE_AUTH using RFC 5685.
+ */
+struct redirect_provider_t {
+
+       /**
+        * Decide whether a client is redirect directly upon receipt of the
+        * IKE_SA_INIT message.
+        *
+        * @param ike_sa                IKE_SA for which this is called
+        * @param gateway[out]  new IKE gateway (IP or FQDN)
+        * @return                              TRUE if client should be redirected, FALSE otherwise
+        */
+       bool (*redirect_on_init)(redirect_provider_t *this, ike_sa_t *ike_sa,
+                                                        identification_t **gateway);
+
+       /**
+        * Decide whether a client is redirect after the IKE_AUTH has been
+        * handled.  This is called after the client is authenticated and when the
+        * server authenticates itself.
+        *
+        * @param ike_sa                IKE_SA for which this is called
+        * @param gateway[out]  new IKE gateway (IP or FQDN)
+        * @return                              TRUE if client should be redirected, FALSE otherwise
+        */
+       bool (*redirect_on_auth)(redirect_provider_t *this, ike_sa_t *ike_sa,
+                                                        identification_t **gateway);
+};
+
+#endif /** REDIRECT_PROVIDER_H_ @}*/