- New upstream release.

- Don't disable internal crypto plugins, pluto expects to find them in some cases. - Enable integrity checking.
author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2009-10-21 11:18:20 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2009-10-21 11:18:20 +0000
commit: a9b7f8d4a4a4202facd9690580b38542e7933f00 (patch)
tree: d82a9d506c62cff257e5292845b68df3ca5c60dc /src/charon/bus
parent: 12263dccbbb6747d53b97333c3d6f0f17e1bffea (diff)
download: vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.tar.gz
vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.zip
6 files changed, 412 insertions, 113 deletions
diff --git a/src/charon/bus/bus.c b/src/charon/bus/bus.c
index bb7014b0b..2671f848e 100644
--- a/src/charon/bus/bus.c
+++ b/src/charon/bus/bus.c
@@ -117,7 +117,7 @@ static entry_t *entry_create(listener_t *listener, bool blocker)
 	this->listener = listener;
 	this->blocker = blocker;
 	this->calling = 0;
-	this->condvar = condvar_create(CONDVAR_DEFAULT);
+	this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
 	
 	return this;
 }
@@ -351,6 +351,41 @@ static void unregister_listener(private_bus_t *this, entry_t *entry,
 }
 
 /**
+ * Implementation of bus_t.alert
+ */
+static void alert(private_bus_t *this, alert_t alert, ...)
+{
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa;
+	entry_t *entry;
+	va_list args;
+	bool keep;
+	
+	ike_sa = pthread_getspecific(this->thread_sa);
+	
+	this->mutex->lock(this->mutex);
+	enumerator = this->listeners->create_enumerator(this->listeners);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->calling || !entry->listener->alert)
+		{
+			continue;
+		}
+		entry->calling++;
+		va_start(args, alert);
+		keep = entry->listener->alert(entry->listener, ike_sa, alert, args);
+		va_end(args);
+		entry->calling--;
+		if (!keep)
+		{
+			unregister_listener(this, entry, enumerator);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->mutex->unlock(this->mutex);
+}
+
+/**
  * Implementation of bus_t.ike_state_change
  */
 static void ike_state_change(private_bus_t *this, ike_sa_t *ike_sa,
@@ -374,7 +409,6 @@ static void ike_state_change(private_bus_t *this, ike_sa_t *ike_sa,
 		if (!keep)
 		{
 			unregister_listener(this, entry, enumerator);
-			break;
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -409,7 +443,6 @@ static void child_state_change(private_bus_t *this, child_sa_t *child_sa,
 		if (!keep)
 		{
 			unregister_listener(this, entry, enumerator);
-			break;
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -443,7 +476,6 @@ static void message(private_bus_t *this, message_t *message, bool incoming)
 		if (!keep)
 		{
 			unregister_listener(this, entry, enumerator);
-			break;
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -476,7 +508,6 @@ static void ike_keys(private_bus_t *this, ike_sa_t *ike_sa,
 		if (!keep)
 		{
 			unregister_listener(this, entry, enumerator);
-			break;
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -511,7 +542,143 @@ static void child_keys(private_bus_t *this, child_sa_t *child_sa,
 		if (!keep)
 		{
 			unregister_listener(this, entry, enumerator);
-			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Implementation of bus_t.child_updown
+ */
+static void child_updown(private_bus_t *this, child_sa_t *child_sa, bool up)
+{
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa;
+	entry_t *entry;
+	bool keep;
+	
+	ike_sa = pthread_getspecific(this->thread_sa);
+	
+	this->mutex->lock(this->mutex);
+	enumerator = this->listeners->create_enumerator(this->listeners);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->calling || !entry->listener->child_updown)
+		{
+			continue;
+		}
+		entry->calling++;
+		keep = entry->listener->child_updown(entry->listener,
+											 ike_sa, child_sa, up);
+		entry->calling--;
+		if (!keep)
+		{
+			unregister_listener(this, entry, enumerator);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Implementation of bus_t.child_rekey
+ */
+static void child_rekey(private_bus_t *this, child_sa_t *old, child_sa_t *new)
+{
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa;
+	entry_t *entry;
+	bool keep;
+	
+	ike_sa = pthread_getspecific(this->thread_sa);
+	
+	this->mutex->lock(this->mutex);
+	enumerator = this->listeners->create_enumerator(this->listeners);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->calling || !entry->listener->child_rekey)
+		{
+			continue;
+		}
+		entry->calling++;
+		keep = entry->listener->child_rekey(entry->listener, ike_sa, old, new);
+		entry->calling--;
+		if (!keep)
+		{
+			unregister_listener(this, entry, enumerator);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Implementation of bus_t.ike_updown
+ */
+static void ike_updown(private_bus_t *this, ike_sa_t *ike_sa, bool up)
+{
+	enumerator_t *enumerator;
+	entry_t *entry;
+	bool keep;
+	
+	this->mutex->lock(this->mutex);
+	enumerator = this->listeners->create_enumerator(this->listeners);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->calling || !entry->listener->ike_updown)
+		{
+			continue;
+		}
+		entry->calling++;
+		keep = entry->listener->ike_updown(entry->listener, ike_sa, up);
+		entry->calling--;
+		if (!keep)
+		{
+			unregister_listener(this, entry, enumerator);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->mutex->unlock(this->mutex);
+	
+	/* a down event for IKE_SA implicitly downs all CHILD_SAs */
+	if (!up)
+	{
+		iterator_t *iterator;
+		child_sa_t *child_sa;
+		
+		iterator = ike_sa->create_child_sa_iterator(ike_sa);
+		while (iterator->iterate(iterator, (void**)&child_sa))
+		{
+			child_updown(this, child_sa, FALSE);
+		}
+		iterator->destroy(iterator);
+	}
+}
+
+/**
+ * Implementation of bus_t.ike_rekey
+ */
+static void ike_rekey(private_bus_t *this, ike_sa_t *old, ike_sa_t *new)
+{
+	enumerator_t *enumerator;
+	entry_t *entry;
+	bool keep;
+	
+	this->mutex->lock(this->mutex);
+	enumerator = this->listeners->create_enumerator(this->listeners);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->calling || !entry->listener->ike_rekey)
+		{
+			continue;
+		}
+		entry->calling++;
+		keep = entry->listener->ike_rekey(entry->listener, old, new);
+		entry->calling--;
+		if (!keep)
+		{
+			unregister_listener(this, entry, enumerator);
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -545,7 +712,6 @@ static bool authorize(private_bus_t *this, linked_list_t *auth, bool final)
 		if (!keep)
 		{
 			unregister_listener(this, entry, enumerator);
-			break;
 		}
 		if (!success)
 		{
@@ -580,16 +746,21 @@ bus_t *bus_create()
 	this->public.set_sa = (void(*)(bus_t*,ike_sa_t*))set_sa;
 	this->public.log = (void(*)(bus_t*,debug_t,level_t,char*,...))log_;
 	this->public.vlog = (void(*)(bus_t*,debug_t,level_t,char*,va_list))vlog;
+	this->public.alert = (void(*)(bus_t*, alert_t alert, ...))alert;
 	this->public.ike_state_change = (void(*)(bus_t*,ike_sa_t*,ike_sa_state_t))ike_state_change;
 	this->public.child_state_change = (void(*)(bus_t*,child_sa_t*,child_sa_state_t))child_state_change;
 	this->public.message = (void(*)(bus_t*, message_t *message, bool incoming))message;
 	this->public.ike_keys = (void(*)(bus_t*, ike_sa_t *ike_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey))ike_keys;
 	this->public.child_keys = (void(*)(bus_t*, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r))child_keys;
+	this->public.ike_updown = (void(*)(bus_t*, ike_sa_t *ike_sa, bool up))ike_updown;
+	this->public.ike_rekey = (void(*)(bus_t*, ike_sa_t *old, ike_sa_t *new))ike_rekey;
+	this->public.child_updown = (void(*)(bus_t*, child_sa_t *child_sa, bool up))child_updown;
+	this->public.child_rekey = (void(*)(bus_t*, child_sa_t *old, child_sa_t *new))child_rekey;
 	this->public.authorize = (bool(*)(bus_t*, linked_list_t *auth, bool final))authorize;
 	this->public.destroy = (void(*)(bus_t*)) destroy;
 	
 	this->listeners = linked_list_create();
-	this->mutex = mutex_create(MUTEX_RECURSIVE);
+	this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
 	pthread_key_create(&this->thread_id, NULL);
 	pthread_key_create(&this->thread_sa, NULL);
 	
diff --git a/src/charon/bus/bus.h b/src/charon/bus/bus.h
index 5faea088f..9c90db6f9 100644
--- a/src/charon/bus/bus.h
+++ b/src/charon/bus/bus.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006 Martin Willi
+ * Copyright (C) 2006-2009 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 typedef enum debug_t debug_t;
 typedef enum level_t level_t;
-typedef struct listener_t listener_t;
+typedef enum alert_t alert_t;
 typedef struct bus_t bus_t;
 
 #include <stdarg.h>
@@ -31,6 +31,7 @@ typedef struct bus_t bus_t;
 #include <sa/ike_sa.h>
 #include <sa/child_sa.h>
 #include <processing/jobs/job.h>
+#include <bus/listeners/listener.h>
 
 /**
  * Debug message group.
@@ -126,105 +127,12 @@ enum level_t {
 # define DBG4(...) {}
 #endif /* DBG4 */
 
-
 /**
- * Listener interface, listens to events if registered to the bus.
+ * Kind of alerts to raise.
  */
-struct listener_t {
-	
-	/**
-	 * Log a debugging message.
-	 *
-	 * The implementing signal function returns TRUE to stay registered
-	 * to the bus, or FALSE to unregister itself.
-	 * Calling bus_t.log() inside of a registered listener is possible,
-	 * but the bus does not invoke listeners recursively.
-	 *
-	 * @param singal	kind of the signal (up, down, rekeyed, ...)
-	 * @param level		verbosity level of the signal
-	 * @param thread	ID of the thread raised this signal
-	 * @param ike_sa	IKE_SA associated to the event
-	 * @param format	printf() style format string
-	 * @param args		vprintf() style va_list argument list
-	 " @return			TRUE to stay registered, FALSE to unregister
-	 */
-	bool (*log) (listener_t *this, debug_t group, level_t level, int thread,
-				 ike_sa_t *ike_sa, char* format, va_list args);
-	
-	/**
-	 * Handle state changes in an IKE_SA.
-	 *
-	 * @param ike_sa	IKE_SA which changes its state
-	 * @param state		new IKE_SA state this IKE_SA changes to
-	 * @return			TRUE to stay registered, FALSE to unregister
-	 */
-	bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa,
-							 ike_sa_state_t state);
-	
-	/**
-	 * Handle state changes in a CHILD_SA.
-	 *
-	 * @param ike_sa	IKE_SA containing the affected CHILD_SA
-	 * @param child_sa	CHILD_SA which changes its state
-	 * @param state		new CHILD_SA state this CHILD_SA changes to
-	 * @return			TRUE to stay registered, FALSE to unregister
-	 */
-	bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa,
-							   child_sa_t *child_sa, child_sa_state_t state);
-	
-	/**
-	 * Hook called for received/sent messages of an IKE_SA.
-	 *
-	 * @param ike_sa	IKE_SA sending/receving a message
-	 * @param message	message object
-	 * @param incoming	TRUE for incoming messages, FALSE for outgoing
-	 * @return			TRUE to stay registered, FALSE to unregister
-	 */
-	bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message,
-					bool incoming);
-	
-	/**
-	 * Hook called with IKE_SA key material.
-	 *
-	 * @param ike_sa	IKE_SA this keymat belongs to
-	 * @param dh		diffie hellman shared secret
-	 * @param nonce_i	initiators nonce
-	 * @param nonce_r	responders nonce
-	 * @param rekey		IKE_SA we are rekeying, if any
-	 * @return			TRUE to stay registered, FALSE to unregister
-	 */
-	bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
-					 chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey);
-	
-	/**
-	 * Hook called with CHILD_SA key material.
-	 *
-	 * @param ike_sa	IKE_SA the child sa belongs to
-	 * @param child_sa	CHILD_SA this keymat is used for
-	 * @param dh		diffie hellman shared secret
-	 * @param nonce_i	initiators nonce
-	 * @param nonce_r	responders nonce
-	 * @return			TRUE to stay registered, FALSE to unregister
-	 */
-	bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
-					   diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r);
-	
-	/**
-	 * Hook called to invoke additional authorization rules.
-	 *
-	 * An authorization hook gets invoked several times: After each
-	 * authentication round, the hook gets invoked with with final = FALSE.
-	 * After authentication is complete and the peer configuration is selected,
-	 * it is invoked again, but with final = TRUE.
-	 *
-	 * @param ike_sa	IKE_SA to authorize
-	 * @param auth		list of auth_cfg_t, done in peers authentication rounds
-	 * @param final		TRUE if this is the final hook invocation
-	 * @param success	set to TRUE to complete IKE_SA, FALSE abort
-	 * @return			TRUE to stay registered, FALSE to unregister
-	 */
-	bool (*authorize)(listener_t *this, ike_sa_t *ike_sa, linked_list_t *auth,
-					  bool final, bool *success);
+enum alert_t {
+	/* a RADIUS server did not respond, no additional arguments */
+	ALERT_RADIUS_NOT_RESPONDING,
 };
 
 /**
@@ -307,6 +215,15 @@ struct bus_t {
 	 */
 	void (*vlog)(bus_t *this, debug_t group, level_t level,
 				 char* format, va_list args);
+	
+	/**
+	 * Raise an alert over the bus.
+	 *
+	 * @param alert		kind of alert
+	 * @param ...		alert specific attributes
+	 */
+	void (*alert)(bus_t *this, alert_t alert, ...);
+	
 	/**
 	 * Send a IKE_SA state change event to the bus.
 	 *
@@ -361,6 +278,39 @@ struct bus_t {
 	 */
 	void (*child_keys)(bus_t *this, child_sa_t *child_sa, diffie_hellman_t *dh,
 					   chunk_t nonce_i, chunk_t nonce_r);
+	
+	/**
+	 * IKE_SA up/down hook.
+	 *
+	 * @param ike_sa	IKE_SA coming up/going down
+	 * @param up		TRUE for an up event, FALSE for a down event
+	 */
+	void (*ike_updown)(bus_t *this, ike_sa_t *ike_sa, bool up);
+	
+	/**
+	 * IKE_SA rekeying hook.
+	 *
+	 * @param old		rekeyed and obsolete IKE_SA
+	 * @param new		new IKE_SA replacing old
+	 */
+	void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
+	
+	/**
+	 * CHILD_SA up/down hook.
+	 *
+	 * @param child_sa	CHILD_SA coming up/going down
+	 * @param up		TRUE for an up event, FALSE for a down event
+	 */
+	void (*child_updown)(bus_t *this, child_sa_t *child_sa, bool up);
+	
+	/**
+	 * CHILD_SA rekeying hook.
+	 *
+	 * @param old		rekeyed and obsolete CHILD_SA
+	 * @param new		new CHILD_SA replacing old
+	 */
+	void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new);
+	
 	/**
 	 * Destroy the event bus.
 	 */
diff --git a/src/charon/bus/listeners/file_logger.h b/src/charon/bus/listeners/file_logger.h
index 7282224a5..a69374f23 100644
--- a/src/charon/bus/listeners/file_logger.h
+++ b/src/charon/bus/listeners/file_logger.h
@@ -21,9 +21,9 @@
 #ifndef FILE_LOGGER_H_
 #define FILE_LOGGER_H_
 
-typedef struct file_logger_t file_logger_t;
+#include <bus/listeners/listener.h>
 
-#include <bus/bus.h>
+typedef struct file_logger_t file_logger_t;
 
 /**
  * Logger to files which implements listener_t.
diff --git a/src/charon/bus/listeners/listener.h b/src/charon/bus/listeners/listener.h
new file mode 100644
index 000000000..578f08ebe
--- /dev/null
+++ b/src/charon/bus/listeners/listener.h
@@ -0,0 +1,179 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup listener listener
+ * @{ @ingroup listeners
+ */
+
+#ifndef LISTENER_H_
+#define LISTENER_H_
+
+typedef struct listener_t listener_t;
+
+#include <bus/bus.h>
+
+/**
+ * Listener interface, listens to events if registered to the bus.
+ */
+struct listener_t {
+	
+	/**
+	 * Log a debugging message.
+	 *
+	 * The implementing signal function returns TRUE to stay registered
+	 * to the bus, or FALSE to unregister itself.
+	 * Calling bus_t.log() inside of a registered listener is possible,
+	 * but the bus does not invoke listeners recursively.
+	 *
+	 * @param group		kind of the signal (up, down, rekeyed, ...)
+	 * @param level		verbosity level of the signal
+	 * @param thread	ID of the thread raised this signal
+	 * @param ike_sa	IKE_SA associated to the event
+	 * @param format	printf() style format string
+	 * @param args		vprintf() style va_list argument list
+	 " @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*log)(listener_t *this, debug_t group, level_t level, int thread,
+				ike_sa_t *ike_sa, char* format, va_list args);
+	
+	/**
+	 * Hook called if a critical alert is risen.
+	 *
+	 * @param ike_sa	IKE_SA associated to the alert, if any
+	 * @param alert		kind of alert
+	 * @param ...		alert specific argument list
+	 " @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*alert)(listener_t *this, ike_sa_t *ike_sa,
+				  alert_t alert, va_list args);
+	
+	/**
+	 * Handle state changes in an IKE_SA.
+	 *
+	 * @param ike_sa	IKE_SA which changes its state
+	 * @param state		new IKE_SA state this IKE_SA changes to
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa,
+							 ike_sa_state_t state);
+	
+	/**
+	 * Handle state changes in a CHILD_SA.
+	 *
+	 * @param ike_sa	IKE_SA containing the affected CHILD_SA
+	 * @param child_sa	CHILD_SA which changes its state
+	 * @param state		new CHILD_SA state this CHILD_SA changes to
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa,
+							   child_sa_t *child_sa, child_sa_state_t state);
+	
+	/**
+	 * Hook called for received/sent messages of an IKE_SA.
+	 *
+	 * @param ike_sa	IKE_SA sending/receving a message
+	 * @param message	message object
+	 * @param incoming	TRUE for incoming messages, FALSE for outgoing
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message,
+					bool incoming);
+	
+	/**
+	 * Hook called with IKE_SA key material.
+	 *
+	 * @param ike_sa	IKE_SA this keymat belongs to
+	 * @param dh		diffie hellman shared secret
+	 * @param nonce_i	initiators nonce
+	 * @param nonce_r	responders nonce
+	 * @param rekey		IKE_SA we are rekeying, if any
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
+					 chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey);
+	
+	/**
+	 * Hook called with CHILD_SA key material.
+	 *
+	 * @param ike_sa	IKE_SA the child sa belongs to
+	 * @param child_sa	CHILD_SA this keymat is used for
+	 * @param dh		diffie hellman shared secret
+	 * @param nonce_i	initiators nonce
+	 * @param nonce_r	responders nonce
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
+					   diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r);
+	
+	/**
+	 * Hook called if an IKE_SA gets up or down.
+	 *
+	 * @param ike_sa	IKE_SA coming up/going down
+	 * @param up		TRUE for an up event, FALSE for a down event
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up);
+	
+	/**
+	 * Hook called when an IKE_SA gets rekeyed.
+	 *
+	 * @param old		rekeyed IKE_SA getting obsolete
+	 * @param new		new IKE_SA replacing old
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
+	
+	/**
+	 * Hook called when a CHILD_SA gets up or down.
+	 *
+	 * @param ike_sa	IKE_SA containing the handled CHILD_SA
+	 * @param child_sa	CHILD_SA coming up/going down
+	 * @param up		TRUE for an up event, FALSE for a down event
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa,
+						 child_sa_t *child_sa, bool up);
+	
+	/**
+	 * Hook called when an CHILD_SA gets rekeyed.
+	 *
+	 * @param ike_sa	IKE_SA containing the rekeyed CHILD_SA
+	 * @param old		rekeyed CHILD_SA getting obsolete
+	 * @param new		new CHILD_SA replacing old
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa,
+						child_sa_t *old, child_sa_t *new);
+	
+	/**
+	 * Hook called to invoke additional authorization rules.
+	 *
+	 * An authorization hook gets invoked several times: After each
+	 * authentication round, the hook gets invoked with with final = FALSE.
+	 * After authentication is complete and the peer configuration is selected,
+	 * it is invoked again, but with final = TRUE.
+	 *
+	 * @param ike_sa	IKE_SA to authorize
+	 * @param auth		list of auth_cfg_t, done in peers authentication rounds
+	 * @param final		TRUE if this is the final hook invocation
+	 * @param success	set to TRUE to complete IKE_SA, FALSE abort
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*authorize)(listener_t *this, ike_sa_t *ike_sa, linked_list_t *auth,
+					  bool final, bool *success);
+};
+
+#endif /* LISTENER_ @}*/
diff --git a/src/charon/bus/listeners/sys_logger.c b/src/charon/bus/listeners/sys_logger.c
index 5bcf28f24..0b579ce92 100644
--- a/src/charon/bus/listeners/sys_logger.c
+++ b/src/charon/bus/listeners/sys_logger.c
@@ -15,7 +15,6 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <pthread.h>
 
 #include "sys_logger.h"
 
diff --git a/src/charon/bus/listeners/sys_logger.h b/src/charon/bus/listeners/sys_logger.h
index 6eda096a9..3ed0f02fa 100644
--- a/src/charon/bus/listeners/sys_logger.h
+++ b/src/charon/bus/listeners/sys_logger.h
@@ -21,11 +21,11 @@
 #ifndef SYS_LOGGER_H_
 #define SYS_LOGGER_H_
 
-typedef struct sys_logger_t sys_logger_t;
-
 #include <syslog.h>
 
-#include <bus/bus.h>
+#include <bus/listeners/listener.h>
+
+typedef struct sys_logger_t sys_logger_t;
 
 /**
  * Logger for syslog which implements listener_t.
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2009-10-21 11:18:20 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2009-10-21 11:18:20 +0000
commit	a9b7f8d4a4a4202facd9690580b38542e7933f00 (patch)
tree	d82a9d506c62cff257e5292845b68df3ca5c60dc /src/charon/bus
parent	12263dccbbb6747d53b97333c3d6f0f17e1bffea (diff)
download	vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.tar.gz vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.zip