110 lines
3.2 KiB
C
110 lines
3.2 KiB
C
/*
|
|
* Copyright (C) 2015 Tobias Brunner
|
|
* Hochschule fuer Technik Rapperswil
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*/
|
|
|
|
/**
|
|
* @defgroup redirect_manager redirect_manager
|
|
* @{ @ingroup sa
|
|
*/
|
|
|
|
#ifndef REDIRECT_MANAGER_H_
|
|
#define REDIRECT_MANAGER_H_
|
|
|
|
typedef struct redirect_manager_t redirect_manager_t;
|
|
|
|
#include <sa/redirect_provider.h>
|
|
|
|
/**
|
|
* Manages redirect providers.
|
|
*/
|
|
struct redirect_manager_t {
|
|
|
|
/**
|
|
* Add a redirect provider.
|
|
*
|
|
* All registered providers are queried until one of them decides to
|
|
* redirect a client.
|
|
*
|
|
* A provider may be called concurrently for different IKE_SAs.
|
|
*
|
|
* @param provider provider to register
|
|
*/
|
|
void (*add_provider)(redirect_manager_t *this,
|
|
redirect_provider_t *provider);
|
|
|
|
/**
|
|
* Remove a redirect provider.
|
|
*
|
|
* @param provider provider to unregister
|
|
*/
|
|
void (*remove_provider)(redirect_manager_t *this,
|
|
redirect_provider_t *provider);
|
|
|
|
/**
|
|
* Determine whether a client should be redirected upon receipt of the
|
|
* IKE_SA_INIT message.
|
|
*
|
|
* @param ike_sa IKE_SA for which this is called
|
|
* @param gateway[out] new IKE gateway (IP or FQDN)
|
|
* @return TRUE if client should be redirected, FALSE otherwise
|
|
*/
|
|
bool (*redirect_on_init)(redirect_manager_t *this, ike_sa_t *ike_sa,
|
|
identification_t **gateway);
|
|
|
|
/**
|
|
* Determine whether a client should be redirected after the IKE_AUTH has
|
|
* been handled. Should be called after the client is authenticated and
|
|
* when the server authenticates itself.
|
|
*
|
|
* @param ike_sa IKE_SA for which this is called
|
|
* @param gateway[out] new IKE gateway (IP or FQDN)
|
|
* @return TRUE if client should be redirected, FALSE otherwise
|
|
*/
|
|
bool (*redirect_on_auth)(redirect_manager_t *this, ike_sa_t *ike_sa,
|
|
identification_t **gateway);
|
|
|
|
/**
|
|
* Destroy this instance.
|
|
*/
|
|
void (*destroy)(redirect_manager_t *this);
|
|
};
|
|
|
|
/**
|
|
* Create a redirect manager instance.
|
|
*
|
|
* @return manager instance
|
|
*/
|
|
redirect_manager_t *redirect_manager_create();
|
|
|
|
/**
|
|
* Create notification data of a REDIRECT or REDIRECT_FROM payload using the
|
|
* given gateway identity and optional nonce (only used during IKE_SA_INIT).
|
|
*
|
|
* @param gw gateway identity (IP or FQDN), gets cloned
|
|
* @param nonce nonce value, or chunk_empty, gets cloned
|
|
* @return notify data, chunk_empty if ID type is not supported
|
|
*/
|
|
chunk_t redirect_data_create(identification_t *gw, chunk_t nonce);
|
|
|
|
/**
|
|
* Parse notification data of a REDIRECT or REDIRECTED_FROM notify payload.
|
|
*
|
|
* @param data notification data to parse
|
|
* @param[out] nonce nonce data (allocated), if any was provided
|
|
* @return gateway identity, NULL if data is invalid
|
|
*/
|
|
identification_t *redirect_data_parse(chunk_t data, chunk_t *nonce);
|
|
|
|
#endif /** REDIRECT_MANAGER_H_ @}*/
|