summaryrefslogtreecommitdiff
path: root/src/libtnccs/tnc
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-11-01 13:32:07 +0100
committerYves-Alexis Perez <corsac@debian.org>2013-11-01 13:32:07 +0100
commita54780509260a8cb6f0344f531da168b34410dd5 (patch)
tree477239a312679174252f39f7a80bc8bf33836d9a /src/libtnccs/tnc
parent6e50941f7ce9c6f2d6888412968c7f4ffb495379 (diff)
parent5313d2d78ca150515f7f5eb39801c100690b6b29 (diff)
downloadvyos-strongswan-a54780509260a8cb6f0344f531da168b34410dd5.tar.gz
vyos-strongswan-a54780509260a8cb6f0344f531da168b34410dd5.zip
Merge tag 'upstream/5.1.1'
Upstream version 5.1.1
Diffstat (limited to 'src/libtnccs/tnc')
-rw-r--r--src/libtnccs/tnc/imv/imv_manager.h14
-rw-r--r--src/libtnccs/tnc/tnccs/tnccs.h30
-rw-r--r--src/libtnccs/tnc/tnccs/tnccs_manager.h3
3 files changed, 32 insertions, 15 deletions
diff --git a/src/libtnccs/tnc/imv/imv_manager.h b/src/libtnccs/tnc/imv/imv_manager.h
index 7772b7e08..b72eb8bf7 100644
--- a/src/libtnccs/tnc/imv/imv_manager.h
+++ b/src/libtnccs/tnc/imv/imv_manager.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Andreas Steffen
+ * Copyright (C) 2010-2013 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -114,18 +114,6 @@ struct imv_manager_t {
recommendations_t* (*create_recommendations)(imv_manager_t *this);
/**
- * Enforce the TNC recommendation on the IKE_SA by either inserting an
- * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
- *
- * @param rec TNC action recommendation
- * @param eval TNC evaluation result
- * @return TRUE for allow|isolate, FALSE for none
- */
- bool (*enforce_recommendation)(imv_manager_t *this,
- TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval);
-
- /**
* Notify all IMV instances
*
* @param state communicate the state a connection has reached
diff --git a/src/libtnccs/tnc/tnccs/tnccs.h b/src/libtnccs/tnc/tnccs/tnccs.h
index fd3e5cabb..eefd5565d 100644
--- a/src/libtnccs/tnc/tnccs/tnccs.h
+++ b/src/libtnccs/tnc/tnccs/tnccs.h
@@ -38,6 +38,17 @@ typedef enum tnc_ift_type_t tnc_ift_type_t;
#include <tls.h>
/**
+ * Callback function to communicate action recommendation and evaluation result
+ * generated by TNC server
+ *
+ * @param rec TNC Action Recommendation
+ * @param eval TNC Evaluation Result
+ * @return TRUE to terminate TNCCS connection, FALSE to keep it
+ */
+typedef bool (*tnccs_cb_t)(TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval);
+
+/**
* Type of TNC Client/Server protocol
*/
enum tnccs_type_t {
@@ -103,6 +114,21 @@ struct tnccs_t {
*/
void (*set_auth_type)(tnccs_t *this, u_int32_t auth_type);
+ /**
+ * Get PDP server name and port number
+ *
+ * @param port PDP port number
+ * @return PDP server name
+ */
+ chunk_t (*get_pdp_server)(tnccs_t *this, u_int16_t *port);
+
+ /**
+ * Get a new reference to the TNCCS object.
+ *
+ * @return this, with an increased refcount
+ */
+ tnccs_t* (*get_ref)(tnccs_t *this);
+
};
/**
@@ -112,12 +138,14 @@ struct tnccs_t {
* @param server Server identity
* @param peer Client identity
* @param transport Underlying TNC IF-T transport protocol used
+ * @param cb Callback function if TNC Server, NULL if TNC Client
* @return implementation of the tnccs_t interface
*/
typedef tnccs_t *(*tnccs_constructor_t)(bool is_server,
identification_t *server,
identification_t *peer,
- tnc_ift_type_t transport);
+ tnc_ift_type_t transport,
+ tnccs_cb_t cb);
/**
* Callback function adding a message to a TNCCS batch
diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.h b/src/libtnccs/tnc/tnccs/tnccs_manager.h
index 4ab9d7e18..791336ee1 100644
--- a/src/libtnccs/tnc/tnccs/tnccs_manager.h
+++ b/src/libtnccs/tnc/tnccs/tnccs_manager.h
@@ -59,12 +59,13 @@ struct tnccs_manager_t {
* @param server Server identity
* @param peer Client identity
* @param transport Underlying TNC IF-T transport protocol used
+ * @param cb Callback function if TNC Server, NULL if TNC Client
* @return TNCCS protocol instance, NULL if no constructor found
*/
tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
bool is_server, identification_t *server,
identification_t *peer,
- tnc_ift_type_t transport);
+ tnc_ift_type_t transport, tnccs_cb_t cb);
/**
* Create a TNCCS connection and assign a unique connection ID as well a