Imported Upstream version 4.6.4

12 files changed, 1685 insertions, 0 deletions

diff --git a/src/libtnccs/tnc/imc/imc.h b/src/libtnccs/tnc/imc/imc.h
new file mode 100644
index 000000000..3ff7d5194
--- /dev/null
+++ b/src/libtnccs/tnc/imc/imc.h
@@ -0,0 +1,230 @@
+/*
+ * Copyright (C) 2010-2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imc imc
+ * @ingroup tnc
+ *
+ * @defgroup imct imc
+ * @{ @ingroup imc
+ */
+
+#ifndef IMC_H_
+#define IMC_H_
+
+#include <tncifimc.h>
+
+#include <library.h>
+
+typedef struct imc_t imc_t;
+
+/**
+ * Controls a single Integrity Measurement Collector (IMC)
+ */
+struct imc_t {
+
+	/**
+	 * The TNC Client calls this function to initialize the IMC and agree on
+	 * the API version number to be used. It also supplies the IMC ID, an IMC
+	 * identifier that the IMC must use when calling TNC Client callback functions.
+	 *
+	 * @param imcID					IMC ID assigned by TNCC
+	 * @param minVersion			minimum API version supported by TNCC
+	 * @param maxVersion			maximum API version supported by TNCC
+	 * @param OutActualVersion		mutually supported API version number
+	 * @return						TNC result code
+	 */
+	TNC_Result (*initialize)(TNC_IMCID imcID,
+							 TNC_Version minVersion,
+							 TNC_Version maxVersion,
+							 TNC_Version *OutActualVersion);
+
+	/**
+	 * The TNC Client calls this function to inform the IMC that the state of
+	 * the network connection identified by connectionID has changed to newState.
+	 *
+	 * @param imcID					IMC ID assigned by TNCC
+	 * @param connectionID			network connection ID assigned by TNCC
+	 * @param newState				new network connection state
+	 * @return						TNC result code
+	 */
+	TNC_Result (*notify_connection_change)(TNC_IMCID imcID,
+										   TNC_ConnectionID connectionID,
+										   TNC_ConnectionState newState);
+
+	/**
+	 * The TNC Client calls this function to indicate that an Integrity Check
+	 * Handshake is beginning and solicit messages from IMCs for the first batch.
+	 *
+	 * @param imcID					IMC ID assigned by TNCC
+	 * @param connectionID			network connection ID assigned by TNCC
+	 * @return						TNC result code
+	 */
+	TNC_Result (*begin_handshake)(TNC_IMCID imcID,
+								  TNC_ConnectionID connectionID);
+
+	/**
+	 * The TNC Client calls this function to deliver a message to the IMC.
+	 * The message is contained in the buffer referenced by message and contains
+	 * the number of octets indicated by messageLength. The type of the message
+	 * is indicated by messageType.
+	 *
+	 * @param imcID					IMC ID assigned by TNCS
+	 * @param connectionID			network connection ID assigned by TNCC
+	 * @param message				reference to buffer containing message
+	 * @param messageLength			number of octets in message
+	 * @param messageType			message type of message
+	 * @return						TNC result code
+	 */
+	TNC_Result (*receive_message)(TNC_IMCID imcID,
+								  TNC_ConnectionID connectionID,
+								  TNC_BufferReference message,
+								  TNC_UInt32 messageLength,
+								  TNC_MessageType messageType);
+
+	/**
+	 * The TNC Client calls this function to deliver a message to the IMC.
+	 * The message is contained in the buffer referenced by message and contains
+	 * the number of octets indicated by messageLength. The type of the message
+	 * is indicated by the message Vendor ID and message subtype.
+	 *
+	 * @param imcID					IMC ID assigned by TNCS
+	 * @param connectionID			network connection ID assigned by TNCC
+	 * @param messageFlags			message flags
+	 * @param message				reference to buffer containing message
+	 * @param messageLength			number of octets in message
+	 * @param messageVendorID		message Vendor ID
+	 * @param messageSubtype		message subtype
+	 * @param sourceIMVID			source IMV ID
+	 * @param destinationIMCID		destination IMC ID
+	 * @return						TNC result code
+	 */
+	TNC_Result (*receive_message_long)(TNC_IMCID imcID,
+									   TNC_ConnectionID connectionID,
+									   TNC_UInt32 messageFlags,
+									   TNC_BufferReference message,
+									   TNC_UInt32 messageLength,
+									   TNC_VendorID messageVendorID,
+									   TNC_MessageSubtype messageSubtype,
+									   TNC_UInt32 sourceIMVID,
+									   TNC_UInt32 destinationIMCID);
+
+	/**
+	 * The TNC Client calls this function to notify IMCs that all IMV messages
+	 * received in a batch have been delivered and this is the IMC’s last chance
+	 * to send a message in the batch of IMC messages currently being collected.
+	 *
+	 * @param imcID					IMC ID assigned by TNCC
+	 * @param connectionID			network connection ID assigned by TNCC
+	 * @return						TNC result code
+	 */
+	TNC_Result (*batch_ending)(TNC_IMCID imcID,
+							   TNC_ConnectionID connectionID);
+
+	/**
+	 * The TNC Client calls this function to close down the IMC when all work is
+	 * complete or the IMC reports TNC_RESULT_FATAL.
+	 *
+	 * @param imcID					IMC ID assigned by TNCC
+	 * @return						TNC result code
+	 */
+	TNC_Result (*terminate)(TNC_IMCID imcID);
+
+	/**
+	 * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+	 * define this additional function. The TNC Server MUST call the function
+	 * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+	 * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+	 * pointers to any other TNCS functions.
+	 *
+	 * @param imcID					IMC ID assigned by TNCC
+	 * @param bindFunction			pointer to TNC_TNCC_BindFunction
+	 * @return						TNC result code
+	 */
+	TNC_Result (*provide_bind_function)(TNC_IMCID imcID,
+										TNC_TNCC_BindFunctionPointer bindFunction);
+
+	/**
+	 * Sets the ID of an imc_t object.
+	 *
+	 * @param id					IMC ID to be assigned
+	 */
+	void (*set_id)(imc_t *this, TNC_IMCID id);
+
+	/**
+	 * Returns the ID of an imc_t object.
+	 *
+	 * @return						assigned IMC ID
+	 */
+	TNC_IMCID (*get_id)(imc_t *this);
+
+	/**
+	 * Assign an additional ID to an imc_t object.
+	 *
+	 * @param id					additional IMC ID to be assigned
+	 */
+	void (*add_id)(imc_t *this, TNC_IMCID id);
+
+	/**
+	 * Checks if the ID is assigned to the imc_t object.
+	 *
+	 * @return						TRUE if IMC ID is assigned to imc_t object
+	 */
+	bool (*has_id)(imc_t *this, TNC_IMCID id);
+
+	/**
+	 * Returns the name of an imc_t object.
+	 *
+	 * @return						name of IMC
+	 */
+	char* (*get_name)(imc_t *this);
+
+	/**
+	 * Sets the supported message types of an imc_t object.
+	 *
+	 * @param supported_types		list of messages type supported by IMC
+	 * @param type_count			number of supported message types
+	 */
+	void (*set_message_types)(imc_t *this, TNC_MessageTypeList supported_types,
+										   TNC_UInt32 type_count);
+
+	/**
+	 * Sets the supported long message types of an imc_t object.
+	 *
+	 * @param supported_vids		list of vendor IDs supported by IMC
+	 * @param supported_subtypes	list of messages type supported by IMC
+	 * @param type_count			number of supported message types
+	 */
+	void (*set_message_types_long)(imc_t *this, TNC_VendorIDList supported_vids,
+								   TNC_MessageSubtypeList supported_subtypes,
+								   TNC_UInt32 type_count);
+
+	/**
+	 * Check if the IMC supports a given message type.
+	 *
+	 * @param msg_vid				message vendor ID
+	 * @param msg_subtype			message subtype
+	 * @return						TRUE if supported
+	 */
+	bool (*type_supported)(imc_t *this, TNC_VendorID msg_vid,
+										TNC_MessageSubtype msg_subtype);
+
+	/**
+	 * Destroys an imc_t object.
+	 */
+	void (*destroy)(imc_t *this);
+};
+
+#endif /** IMC_H_ @}*/
diff --git a/src/libtnccs/tnc/imc/imc_manager.h b/src/libtnccs/tnc/imc/imc_manager.h
new file mode 100644
index 000000000..25e0efe9d
--- /dev/null
+++ b/src/libtnccs/tnc/imc/imc_manager.h
@@ -0,0 +1,165 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imc_manager imc_manager
+ * @{ @ingroup imc
+ */
+
+#ifndef IMC_MANAGER_H_
+#define IMC_MANAGER_H_
+
+typedef struct imc_manager_t imc_manager_t;
+
+#include "imc.h"
+
+#include <library.h>
+
+/**
+ * The IMC manager controls all IMC instances.
+ */
+struct imc_manager_t {
+
+	/**
+	 * Add an IMC instance
+	 *
+	 * @param imc				IMC instance
+	 * @return					TRUE if initialization successful
+	 */
+	 bool (*add)(imc_manager_t *this, imc_t *imc);
+
+	/**
+	 * Remove an IMC instance from the list and return it
+	 *
+	 * @param id				ID of IMC instance
+	 * @return					removed IMC instance
+	 */
+	imc_t* (*remove)(imc_manager_t *this, TNC_IMCID id);
+
+	/**
+	 * Load and initialize an IMC as a dynamic library and add it to the list
+	 *
+	 * @param name				name of the IMC to be loaded
+	 * @param path				path of the IMC dynamic library file
+	 * @return					TRUE if loading succeeded
+	 */
+	 bool (*load)(imc_manager_t *this, char *name, char *path);
+
+	/**
+	 * Check if an IMC with a given ID is registered with the IMC manager
+	 *
+	 * @param id				ID of IMC instance
+	 * @return					TRUE if registered
+	 */
+	bool (*is_registered)(imc_manager_t *this, TNC_IMCID id);
+
+	/**
+	 * Reserve an additional ID for an IMC
+	 *
+	 * @param id				ID of IMC instance
+	 * @param new_id			reserved ID assigned to IMC
+	 * @return					TRUE if primary IMC ID was used
+	 */
+	bool (*reserve_id)(imc_manager_t *this, TNC_IMCID id, TNC_UInt32 *new_id);
+
+	/**
+	 * Return the preferred language for recommendations
+	 *
+	 * @return					preferred language string
+	 */
+	char* (*get_preferred_language)(imc_manager_t *this);
+
+	/**
+	 * Notify all IMC instances
+	 *
+	 * @param state			communicate the state a connection has reached
+	 */
+	void (*notify_connection_change)(imc_manager_t *this,
+									 TNC_ConnectionID id,
+									 TNC_ConnectionState state);
+
+	/**
+	 * Begin a handshake between the IMCs and a connection
+	 *
+	 * @param id					connection ID
+	 */
+	void (*begin_handshake)(imc_manager_t *this, TNC_ConnectionID id);
+
+	/**
+	 * Sets the supported message types reported by a given IMC
+	 *
+	 * @param id					ID of reporting IMC
+	 * @param supported_types		list of messages type supported by IMC
+	 * @param type_count			number of supported message types
+	 * @return						TNC result code
+	 */
+	TNC_Result (*set_message_types)(imc_manager_t *this,
+									TNC_IMCID id,
+									TNC_MessageTypeList supported_types,
+									TNC_UInt32 type_count);
+
+	/**
+	 * Sets the supported long message types reported by a given IMC
+	 *
+	 * @param id					ID of reporting IMC
+	 * @param supported_vids		list of vendor IDs supported by IMC
+	 * @param supported_subtypes	list of messages type supported by IMC
+	 * @param type_count			number of supported message types
+	 * @return						TNC result code
+	 */
+	TNC_Result (*set_message_types_long)(imc_manager_t *this,
+									TNC_IMCID id,
+									TNC_VendorIDList supported_vids,
+									TNC_MessageSubtypeList supported_subtypes,
+									TNC_UInt32 type_count);
+
+	/**
+	 * Delivers a message to interested IMCs.
+	 *
+	 * @param connection_id			connection ID
+	 * @param excl					exclusive message flag
+	 * @param msg					message
+	 * @param msg_len				message length
+	 * @param msg_vid				message Vendor ID
+	 * @param msg_subtype			message subtype
+	 * @param src_imv_id			source IMV ID
+	 * @param dst_imc_id			destination IMC ID
+	 */
+	void (*receive_message)(imc_manager_t *this,
+							TNC_ConnectionID connection_id,
+							bool excl,
+							TNC_BufferReference msg,
+							TNC_UInt32 msg_len,
+							TNC_VendorID msg_vid,
+							TNC_MessageSubtype msg_subtype,
+							TNC_UInt32 src_imv_id,
+							TNC_UInt32 dst_imc_id);
+
+	/**
+	 * Notify all IMCs that all IMV messages received in a batch have been
+	 * delivered and this is the IMCs last chance to send a message in the
+	 * batch of IMC messages currently being collected.
+	 *
+	 * @param id				connection ID
+	 */
+	void (*batch_ending)(imc_manager_t *this, TNC_ConnectionID id);
+
+	/**
+	 * Destroy an IMC manager and all its controlled instances.
+	 */
+	void (*destroy)(imc_manager_t *this);
+};
+
+#endif /** IMC_MANAGER_H_ @}*/
diff --git a/src/libtnccs/tnc/imv/imv.h b/src/libtnccs/tnc/imv/imv.h
new file mode 100644
index 000000000..3716532d6
--- /dev/null
+++ b/src/libtnccs/tnc/imv/imv.h
@@ -0,0 +1,230 @@
+/*
+ * Copyright (C) 2010-2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv imv
+ * @ingroup tnc
+ *
+ * @defgroup imvt imv
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_H_
+#define IMV_H_
+
+#include <tncifimv.h>
+
+#include <library.h>
+
+typedef struct imv_t imv_t;
+
+/**
+ * Controls a single Integrity Measurement Verifier (IMV)
+ */
+struct imv_t {
+
+	/**
+	 * The TNC Server calls this function to initialize the IMV and agree on
+	 * the API version number to be used. It also supplies the IMV ID, an IMV
+	 * identifier that the IMV must use when calling TNC Server callback functions.
+	 *
+	 * @param imvID					IMV ID assigned by TNCS
+	 * @param minVersion			minimum API version supported
+	 * @param maxVersion			maximum API version supported by TNCS
+	 * @param OutActualVersion		mutually supported API version number
+	 * @return						TNC result code
+	 */
+	TNC_Result (*initialize)(TNC_IMVID imvID,
+							 TNC_Version minVersion,
+							 TNC_Version maxVersion,
+							 TNC_Version *OutActualVersion);
+
+	/**
+	 * The TNC Server calls this function to inform the IMV that the state of
+	 * the network connection identified by connectionID has changed to newState.
+	 *
+	 * @param imvID					IMV ID assigned by TNCS
+	 * @param connectionID			network connection ID assigned by TNCS
+	 * @param newState				new network connection state
+	 * @return						TNC result code
+	 */
+	TNC_Result (*notify_connection_change)(TNC_IMVID imvID,
+										   TNC_ConnectionID connectionID,
+										   TNC_ConnectionState newState);
+
+	/**
+	 * The TNC Server calls this function at the end of an Integrity Check
+	 * Handshake (after all IMC-IMV messages have been delivered) to solicit
+	 * recommendations from IMVs that have not yet provided a recommendation.
+	 *
+	 * @param imvID					IMV ID assigned by TNCS
+	 * @param connectionID			network connection ID assigned by TNCS
+	 * @return						TNC result code
+	 */
+	TNC_Result (*solicit_recommendation)(TNC_IMVID imvID,
+										 TNC_ConnectionID connectionID);
+
+	/**
+	 * The TNC Server calls this function to deliver a message to the IMV.
+	 * The message is contained in the buffer referenced by message and contains
+	 * the number of octets indicated by messageLength. The type of the message
+	 * is indicated by messageType.
+	 *
+	 * @param imvID					IMV ID assigned by TNCS
+	 * @param connectionID			network connection ID assigned by TNCS
+	 * @param message				reference to buffer containing message
+	 * @param messageLength			number of octets in message
+	 * @param messageType			message type of message
+	 * @return						TNC result code
+	 */
+	TNC_Result (*receive_message)(TNC_IMVID imvID,
+								  TNC_ConnectionID connectionID,
+								  TNC_BufferReference message,
+								  TNC_UInt32 messageLength,
+								  TNC_MessageType messageType);
+
+	/**
+	 * The TNC Server calls this function to deliver a message to the IMV.
+	 * The message is contained in the buffer referenced by message and contains
+	 * the number of octets indicated by messageLength. The type of the message
+	 * is indicated by the message Vendor ID and message subtype.
+	 *
+	 * @param imvID					IMV ID assigned by TNCS
+	 * @param connectionID			network connection ID assigned by TNCS
+	 * @param messageFlags			message flags
+	 * @param message				reference to buffer containing message
+	 * @param messageLength			number of octets in message
+	 * @param messageVendorID		message Vendor ID
+	 * @param messageSubtype		message subtype
+	 * @param sourceIMCID			source IMC ID
+	 * @param destinationIMVID		destination IMV ID
+	 * @return						TNC result code
+	 */
+	TNC_Result (*receive_message_long)(TNC_IMVID imvID,
+									   TNC_ConnectionID connectionID,
+									   TNC_UInt32 messageFlags,
+									   TNC_BufferReference message,
+									   TNC_UInt32 messageLength,
+									   TNC_VendorID messageVendorID,
+									   TNC_MessageSubtype messageSubtype,
+									   TNC_UInt32 sourceIMCID,
+									   TNC_UInt32 destinationIMVID);
+
+	/**
+	 * The TNC Server calls this function to notify IMVs that all IMC messages
+	 * received in a batch have been delivered and this is the IMV’s last chance
+	 * to send a message in the batch of IMV messages currently being collected.
+	 *
+	 * @param imvID					IMV ID assigned by TNCS
+	 * @param connectionID			network connection ID assigned by TNCS
+	 * @return						TNC result code
+	 */
+	TNC_Result (*batch_ending)(TNC_IMVID imvID,
+							   TNC_ConnectionID connectionID);
+
+	/**
+	 * The TNC Server calls this function to close down the IMV.
+	 *
+	 * @param imvID					IMV ID assigned by TNCS
+	 * @return						TNC result code
+	 */
+	TNC_Result (*terminate)(TNC_IMVID imvID);
+
+	/**
+	 * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+	 * define this additional function. The TNC Server MUST call the function
+	 * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+	 * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+	 * pointers to any other TNCS functions.
+	 *
+	 * @param imvID					IMV ID assigned by TNCS
+	 * @param bindFunction			pointer to TNC_TNCS_BindFunction
+	 * @return						TNC result code
+	 */
+	TNC_Result (*provide_bind_function)(TNC_IMVID imvID,
+										TNC_TNCS_BindFunctionPointer bindFunction);
+
+	/**
+	 * Sets the ID of an imv_t object.
+	 *
+	 * @param id					IMV ID to be assigned
+	 */
+	void (*set_id)(imv_t *this, TNC_IMVID id);
+
+	/**
+	 * Returns the ID of an imv_t object.
+	 *
+	 * @return						IMV ID assigned by TNCS
+	 */
+	TNC_IMVID (*get_id)(imv_t *this);
+
+	/**
+	 * Assign an additional ID to an imv_t object.
+	 *
+	 * @param id					additional IMV ID to be assigned
+	 */
+	void (*add_id)(imv_t *this, TNC_IMVID id);
+
+	/**
+	 * Checks if the ID is assigned to the imv_t object.
+	 *
+	 * @return						TRUE if IMV ID is assigned to imv_t object
+	 */
+	bool (*has_id)(imv_t *this, TNC_IMVID id);
+
+	/**
+	 * Returns the name of an imv_t object.
+	 *
+	 * @return						name of IMV
+	 */
+	char* (*get_name)(imv_t *this);
+
+	/**
+	 * Sets the supported message types of an imv_t object.
+	 *
+	 * @param supported_types		list of messages type supported by IMV
+	 * @param type_count			number of supported message types
+	 */
+	void (*set_message_types)(imv_t *this, TNC_MessageTypeList supported_types,
+										   TNC_UInt32 type_count);
+
+	/**
+	 * Sets the supported long message types of an imv_t object.
+	 *
+	 * @param supported_vids		list of vendor IDs supported by IMC
+	 * @param supported_subtypes	list of messages type supported by IMC
+	 * @param type_count			number of supported message types
+	 */
+	void (*set_message_types_long)(imv_t *this, TNC_VendorIDList supported_vids,
+								   TNC_MessageSubtypeList supported_subtypes,
+								   TNC_UInt32 type_count);
+
+	/**
+	 * Check if the IMV supports a given message type.
+	 *
+	 * @param msg_vid				message vendor ID
+	 * @param msg_subtype			message subtype
+	 * @return						TRUE if supported
+	 */
+	bool (*type_supported)(imv_t *this, TNC_VendorID msg_vid,
+										TNC_MessageSubtype msg_subtype);
+
+	/**
+	 * Destroys an imv_t object.
+	 */
+	void (*destroy)(imv_t *this);
+};
+
+#endif /** IMV_H_ @}*/
diff --git a/src/libtnccs/tnc/imv/imv_manager.h b/src/libtnccs/tnc/imv/imv_manager.h
new file mode 100644
index 000000000..43f40973c
--- /dev/null
+++ b/src/libtnccs/tnc/imv/imv_manager.h
@@ -0,0 +1,186 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_manager imv_manager
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_MANAGER_H_
+#define IMV_MANAGER_H_
+
+typedef struct imv_manager_t imv_manager_t;
+
+#include "imv.h"
+#include "imv_recommendations.h"
+
+#include <library.h>
+
+/**
+ * The IMV manager controls all IMV instances.
+ */
+struct imv_manager_t {
+
+	/**
+	 * Add an IMV instance
+	 *
+	 * @param imv				IMV instance
+	 * @return					TRUE if initialization successful
+	 */
+	bool (*add)(imv_manager_t *this, imv_t *imv);
+
+	/**
+	 * Remove an IMV instance from the list and return it
+	 *
+	 * @param id				ID of IMV instance
+	 * @return					removed IMC instance
+	 */
+	imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id);
+
+	/**
+	 * Load and initialize an IMV as a dynamic library and add it to the list
+	 *
+	 * @param name				name of the IMV to be loaded
+	 * @param path				path of the IMV dynamic library file
+	 * @return					TRUE if loading succeeded
+	 */
+	 bool (*load)(imv_manager_t *this, char *name, char *path);
+
+
+	/**
+	 * Check if an IMV with a given ID is registered with the IMV manager
+	 *
+	 * @param id				ID of IMV instance
+	 * @return					TRUE if registered
+	 */
+	bool (*is_registered)(imv_manager_t *this, TNC_IMVID id);
+
+	/**
+	 * Reserve an additional ID for an IMV
+	 *
+	 * @param id				ID of IMV instance
+	 * @param new_id			reserved ID assigned to IMV
+	 * @return					TRUE if primary IMV ID was used
+	 */
+	bool (*reserve_id)(imv_manager_t *this, TNC_IMVID id, TNC_UInt32 *new_id);
+
+	/**
+	 * Get the configured recommendation policy
+	 *
+	 * @return					configured recommendation policy
+	 */
+	recommendation_policy_t (*get_recommendation_policy)(imv_manager_t *this);
+
+	/**
+	 * Create an empty set of IMV recommendations and evaluations
+	 *
+	 * @return					instance of a recommendations_t list
+	 */
+	recommendations_t* (*create_recommendations)(imv_manager_t *this);
+
+	/**
+	 * Enforce the TNC recommendation on the IKE_SA by either inserting an
+	 * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
+	 *
+	 * @param rec				TNC action recommendation
+	 * @param eval				TNC evaluation result
+	 * @return					TRUE for allow|isolate, FALSE for none
+	 */
+	bool (*enforce_recommendation)(imv_manager_t *this,
+								   TNC_IMV_Action_Recommendation rec,
+								   TNC_IMV_Evaluation_Result eval);
+
+	/**
+	 * Notify all IMV instances
+	 *
+	 * @param state			communicate the state a connection has reached
+	 */
+	void (*notify_connection_change)(imv_manager_t *this,
+									 TNC_ConnectionID id,
+									 TNC_ConnectionState state);
+
+	/**
+	 * Sets the supported message types reported by a given IMV
+	 *
+	 * @param id					ID of reporting IMV
+	 * @param supported_types		list of messages type supported by IMV
+	 * @param type_count			number of supported message types
+	 * @return						TNC result code
+	 */
+	TNC_Result (*set_message_types)(imv_manager_t *this,
+									TNC_IMVID id,
+									TNC_MessageTypeList supported_types,
+									TNC_UInt32 type_count);
+
+	/**
+	 * Sets the supported long message types reported by a given IMV
+	 *
+	 * @param id					ID of reporting IMV
+	 * @param supported_vids		list of vendor IDs supported by IMV
+	 * @param supported_subtypes	list of messages type supported by IMV
+	 * @param type_count			number of supported message types
+	 * @return						TNC result code
+	 */
+	TNC_Result (*set_message_types_long)(imv_manager_t *this,
+									TNC_IMVID id,
+									TNC_VendorIDList supported_vids,
+									TNC_MessageSubtypeList supported_subtypes,
+									TNC_UInt32 type_count);
+
+	/**
+	 * Solicit recommendations from IMVs that have not yet provided one
+	 *
+	 * @param id					connection ID
+	 */
+	void (*solicit_recommendation)(imv_manager_t *this, TNC_ConnectionID id);
+
+	/**
+	 * Delivers a message to interested IMVs.
+	 *
+	 * @param connection_id			connection ID
+	 * @param excl					exclusive message flag
+	 * @param msg					message
+	 * @param msg_len				message length
+	 * @param msg_vid				message Vendor ID
+	 * @param msg_subtype			message subtype
+	 * @param src_imc_id			source IMC ID
+	 * @param dst_imv_id			destination IMV ID
+	 */
+	void (*receive_message)(imv_manager_t *this,
+							TNC_ConnectionID connection_id,
+							bool excl,
+							TNC_BufferReference msg,
+							TNC_UInt32 msg_len,
+							TNC_VendorID msg_vid,
+							TNC_MessageSubtype msg_subtype,
+							TNC_UInt32 src_imc_id,
+							TNC_UInt32 dst_imv_id);
+
+	/**
+	 * Notify all IMVs that all IMC messages received in a batch have been
+	 * delivered and this is the IMVs last chance to send a message in the
+	 * batch of IMV messages currently being collected.
+	 *
+	 * @param id				connection ID
+	 */
+	void (*batch_ending)(imv_manager_t *this, TNC_ConnectionID id);
+
+	/**
+	 * Destroy an IMV manager and all its controlled instances.
+	 */
+	void (*destroy)(imv_manager_t *this);
+};
+
+#endif /** IMV_MANAGER_H_ @}*/
diff --git a/src/libtnccs/tnc/imv/imv_recommendations.c b/src/libtnccs/tnc/imv/imv_recommendations.c
new file mode 100644
index 000000000..9daaca16c
--- /dev/null
+++ b/src/libtnccs/tnc/imv/imv_recommendations.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_recommendations.h"
+
+ENUM(recommendation_policy_names, RECOMMENDATION_POLICY_DEFAULT,
+								  RECOMMENDATION_POLICY_ALL,
+	"default",
+	"any",
+	"all"
+);
+
diff --git a/src/libtnccs/tnc/imv/imv_recommendations.h b/src/libtnccs/tnc/imv/imv_recommendations.h
new file mode 100644
index 000000000..d694e16ae
--- /dev/null
+++ b/src/libtnccs/tnc/imv/imv_recommendations.h
@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_recommendations imv_recommendations
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_RECOMMENDATIONS_H_
+#define IMV_RECOMMENDATIONS_H_
+
+#include <tncifimv.h>
+#include <library.h>
+
+typedef enum recommendation_policy_t recommendation_policy_t;
+
+enum recommendation_policy_t {
+	RECOMMENDATION_POLICY_DEFAULT,
+	RECOMMENDATION_POLICY_ANY,
+	RECOMMENDATION_POLICY_ALL
+};
+
+extern enum_name_t *recommendation_policy_names;
+
+
+typedef struct recommendations_t recommendations_t;
+
+/**
+ * Collection of all IMV action recommendations and evaluation results
+ */
+struct recommendations_t {
+
+	/**
+	 * Deliver an IMV action recommendation and IMV evaluation result to the TNCS
+	 *
+	 * @param imv_id		ID of the IMV providing the recommendation
+	 * @param rec			action recommendation
+	 * @param eval			evaluation result
+	 * @return				return code
+	 */
+	TNC_Result (*provide_recommendation)(recommendations_t *this,
+										 TNC_IMVID imv_id,
+										 TNC_IMV_Action_Recommendation rec,
+										 TNC_IMV_Evaluation_Result eval);
+
+	/**
+	 * If all IMVs provided a recommendation, derive a consolidated action
+	 * recommendation and evaluation result based on a configured policy
+	 *
+	 * @param rec			action recommendation
+	 * @param eval			evaluation result
+	 * @return				TRUE if all IMVs provided a recommendation
+	 */
+	bool (*have_recommendation)(recommendations_t *this,
+								TNC_IMV_Action_Recommendation *rec,
+								TNC_IMV_Evaluation_Result *eval);
+
+	/**
+	 * Get the preferred language for remediation messages
+	 *
+	 * @return				preferred language
+	 */
+	chunk_t (*get_preferred_language)(recommendations_t *this);
+
+	/**
+	 * Set the preferred language for remediation messages
+	 *
+	 * @param pref_lang		preferred language
+	 */
+	void (*set_preferred_language)(recommendations_t *this, chunk_t pref_lang);
+
+	/**
+	 * Set the reason string
+	 *
+	 * @param id			ID of IMV setting the reason string
+	 * @param reason		reason string
+	 * @result				return code
+	 */
+	TNC_Result (*set_reason_string)(recommendations_t *this, TNC_IMVID id,
+									chunk_t reason);
+
+	/**
+	 * Set the language for reason strings
+	 *
+	 * @param id			ID of IMV setting the reason language
+	 * @param reason_lang	reason language
+	 * @result				return code
+	 */
+	TNC_Result (*set_reason_language)(recommendations_t *this, TNC_IMVID id,
+									  chunk_t reason_lang);
+
+	/**
+	 * Enumerates over all IMVs sending a reason string.
+	 * Format:  TNC_IMVID *id, chunk_t *reason, chunk_t *reason_language
+	 *
+	 * @return				enumerator
+	 */
+	enumerator_t* (*create_reason_enumerator)(recommendations_t *this);
+
+	/**
+	 * Clears all reason entries
+	 */
+	void (*clear_reasons)(recommendations_t *this);
+
+	/**
+	 * Destroys an imv_t object.
+	 */
+	void (*destroy)(recommendations_t *this);
+};
+
+#endif /** IMV_RECOMMENDATIONS_H_ @}*/
diff --git a/src/libtnccs/tnc/tnc.c b/src/libtnccs/tnc/tnc.c
new file mode 100644
index 000000000..652afc291
--- /dev/null
+++ b/src/libtnccs/tnc/tnc.c
@@ -0,0 +1,268 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+
+#include <utils/lexparser.h>
+#include <debug.h>
+
+typedef struct private_tnc_t private_tnc_t;
+
+typedef tnccs_manager_t *(*tnc_create_tnccs_manager_t)(void);
+typedef imc_manager_t *(*tnc_create_imc_manager_t)(void);
+typedef imv_manager_t *(*tnc_create_imv_manager_t)(void);
+
+/**
+ * Private additions to tnc_t.
+ */
+struct private_tnc_t {
+
+	/**
+	 * Public members of tnc_t.
+	 */
+	tnc_t public;
+};
+
+/**
+ * Single instance of tnc_t.
+ */
+tnc_t *tnc;
+
+/**
+ * Described in header.
+ */
+void libtnccs_init(void)
+{
+	private_tnc_t *this;
+
+	INIT(this,
+		.public = {
+		},
+	);	
+
+	tnc = &this->public;
+}
+
+/**
+ * Described in header.
+ */
+void libtnccs_deinit(void)
+{
+	private_tnc_t *this = (private_tnc_t*)tnc;
+
+	free(this);
+	tnc = NULL;
+}
+
+static bool load_imcvs_from_config(char *filename, bool is_imc)
+{
+	int fd, line_nr = 0;
+	chunk_t src, line;
+	struct stat sb;
+	void *addr;
+	char *label;
+
+	label = is_imc ? "IMC" : "IMV";
+
+	DBG1(DBG_TNC, "loading %ss from '%s'", label, filename);
+	fd = open(filename, O_RDONLY);
+	if (fd == -1)
+	{
+		DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
+			 strerror(errno));
+		return FALSE;
+	}
+	if (fstat(fd, &sb) == -1)
+	{
+		DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
+			 strerror(errno));
+		close(fd);
+		return FALSE;
+	}
+	addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+	if (addr == MAP_FAILED)
+	{
+		DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
+		close(fd);
+		return FALSE;
+	}
+	src = chunk_create(addr, sb.st_size);
+
+	while (fetchline(&src, &line))
+	{
+		char *name, *path;
+		bool success;
+		chunk_t token;
+
+		line_nr++;
+
+		/* skip comments or empty lines */
+		if (*line.ptr == '#' || !eat_whitespace(&line))
+		{
+			continue;
+		}
+
+		/* determine keyword */
+		if (!extract_token(&token, ' ', &line))
+		{
+			DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
+						   line_nr);
+			return FALSE;
+		}
+
+		/* only interested in IMCs or IMVs depending on label */
+		if (!match(label, &token))
+		{
+			continue;
+		}
+
+		/* advance to the IMC/IMV name and extract it */
+		if (!extract_token(&token, '"', &line) ||
+			!extract_token(&token, '"', &line))
+		{
+			DBG1(DBG_TNC, "line %d: %s name must be set in double quotes",
+						   line_nr, label);
+			return FALSE;
+		}
+
+		/* copy the IMC/IMV name */
+		name = malloc(token.len + 1);
+		memcpy(name, token.ptr, token.len);
+		name[token.len] = '\0';
+
+		/* advance to the IMC/IMV path and extract it */
+		if (!eat_whitespace(&line))
+		{
+			DBG1(DBG_TNC, "line %d: %s path is missing", line_nr, label);
+			free(name);
+			return FALSE;
+		}
+		if (!extract_token(&token, ' ', &line))
+		{
+			token = line;
+		}
+
+		/* copy the IMC/IMV path */
+		path = malloc(token.len + 1);
+		memcpy(path, token.ptr, token.len);
+		path[token.len] = '\0';
+
+		/* load and register an IMC/IMV instance */
+		if (is_imc)
+		{
+			success = tnc->imcs->load(tnc->imcs, name, path);
+		}
+		else
+		{
+			success = tnc->imvs->load(tnc->imvs, name, path);
+		}
+		if (!success)
+		{
+			return FALSE;
+		}
+	}
+	munmap(addr, sb.st_size);
+	close(fd);
+	return TRUE;
+}
+
+/**
+ * Described in header.
+ */
+bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature,
+						  bool reg, void *data)
+{
+	bool load_imcvs = FALSE;
+	bool is_imc = FALSE;
+
+	if (feature->type == FEATURE_CUSTOM)
+	{
+		if (streq(feature->arg.custom, "tnccs-manager"))
+		{
+			if (reg)
+			{
+				tnc->tnccs = ((tnc_create_tnccs_manager_t)data)();
+			}
+			else
+			{
+				tnc->tnccs->destroy(tnc->tnccs);
+				tnc->tnccs = NULL;
+			}
+		}
+		else if (streq(feature->arg.custom, "imc-manager"))
+		{
+			if (reg)
+			{
+				tnc->imcs = ((tnc_create_imc_manager_t)data)();
+				is_imc = TRUE;
+				load_imcvs = TRUE;
+			}
+			else
+			{
+				tnc->imcs->destroy(tnc->imcs);
+				tnc->imcs = NULL;
+			}
+		}
+		else if (streq(feature->arg.custom, "imv-manager"))
+		{
+			if (reg)
+			{
+				tnc->imvs = ((tnc_create_imv_manager_t)data)();
+				is_imc = FALSE;
+				load_imcvs = TRUE;
+			}
+			else
+			{
+				tnc->imvs->destroy(tnc->imvs);
+				tnc->imvs = NULL;
+			}
+		}
+		else
+		{
+			return FALSE;
+		}
+
+		if (load_imcvs)
+		{
+			char *tnc_config;
+
+			tnc_config = lib->settings->get_str(lib->settings,
+								"libtnccs.tnc_config", "/etc/tnc_config");
+			if (!load_imcvs_from_config(tnc_config, is_imc))
+			{
+				if (is_imc)
+				{
+					tnc->imcs->destroy(tnc->imcs);
+					tnc->imcs = NULL;
+				}
+				else
+				{
+					tnc->imvs->destroy(tnc->imvs);
+					tnc->imvs = NULL;
+				}
+				return FALSE;
+			}
+		}
+	}
+	return TRUE;
+}
+
diff --git a/src/libtnccs/tnc/tnc.h b/src/libtnccs/tnc/tnc.h
new file mode 100644
index 000000000..e5a4a2959
--- /dev/null
+++ b/src/libtnccs/tnc/tnc.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnc tnc
+ *
+ * @addtogroup tnc
+ * @{
+ */
+
+#ifndef TNC_H_
+#define TNC_H_
+
+typedef struct tnc_t tnc_t;
+
+#include "tnc/imc/imc_manager.h"
+#include "tnc/imv/imv_manager.h"
+#include "tnc/tnccs/tnccs_manager.h"
+
+#include <library.h>
+
+/**
+ * TNC management support object.
+ */
+struct tnc_t {
+
+	/**
+	 * TNC-IMC manager controlling Integrity Measurement Collectors
+	 */
+	imc_manager_t *imcs;
+
+	/**
+	 * TNC-IMV manager controlling Integrity Measurement Verifiers
+	 */
+	imv_manager_t *imvs;
+
+	/**
+	 * TNC-TNCCS manager controlling the TNC Server and Client protocols
+	 */
+	tnccs_manager_t *tnccs;
+
+};
+
+/**
+ * The single instance of tnc_t.
+ *
+ * Exists between calls to libtnccs_init() and libtnccs_deinit().
+ */
+extern tnc_t *tnc;
+
+/**
+ * Initialize libtnccs.
+ */
+void libtnccs_init(void);
+
+/**
+ * Deinitialize libtnccs
+ */
+void libtnccs_deinit(void);
+
+/**
+ * Helper function to (un-)register TNC managers from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a TNC manager constructor.
+ *
+ * @param plugin		plugin registering the TNC manager
+ * @param feature		associated plugin feature
+ * @param reg			TRUE to register, FALSE to unregister.
+ * @param data			data passed to callback, a TNC manager constructor
+ */
+bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature,
+						  bool reg, void *data);
+
+#endif /** TNC_H_ @}*/
diff --git a/src/libtnccs/tnc/tnccs/tnccs.c b/src/libtnccs/tnc/tnccs/tnccs.c
new file mode 100644
index 000000000..80d0f497c
--- /dev/null
+++ b/src/libtnccs/tnc/tnccs/tnccs.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnccs.h"
+
+ENUM(tnccs_type_names, TNCCS_UNKNOWN, TNCCS_2_0,
+	"unknown TNCCS",
+	"TNCCS 1.1",
+	"TNCCS SOH",
+	"TNCCS 2.0",
+);
+
diff --git a/src/libtnccs/tnc/tnccs/tnccs.h b/src/libtnccs/tnc/tnccs/tnccs.h
new file mode 100644
index 000000000..c3020d7c3
--- /dev/null
+++ b/src/libtnccs/tnc/tnccs/tnccs.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2010-2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnccs tnccs
+ * @ingroup tnc
+ *
+ * @defgroup tnccst tnccs
+ * @{ @ingroup tnccs
+ */
+
+#ifndef TNCCS_H_
+#define TNCCS_H_
+
+typedef struct tnccs_t tnccs_t;
+typedef enum tnccs_type_t tnccs_type_t;
+
+#include <tncif.h>
+#include <tncifimc.h>
+#include <tncifimv.h>
+
+#include <library.h>
+#include <plugins/plugin.h>
+
+/**
+ * Type of TNC Client/Server protocol
+ */
+enum tnccs_type_t {
+	TNCCS_UNKNOWN,
+	TNCCS_1_1,
+	TNCCS_SOH,
+	TNCCS_2_0,
+	TNCCS_DYNAMIC
+};
+
+/**
+ * enum names for tnccs_type_t.
+ */
+extern enum_name_t *tnccs_type_names;
+
+/**
+ * Constructor definition for a pluggable TNCCS protocol implementation.
+ *
+ * @param is_server		TRUE if TNC Server, FALSE if TNC Client
+ * @return				implementation of the tnccs_t interface
+ */
+typedef tnccs_t *(*tnccs_constructor_t)(bool is_server);
+
+/**
+ * Callback function adding a message to a TNCCS batch
+ *
+ * @param imc_id		ID of IMC or TNC_IMCID_ANY
+ * @param imc_id		ID of IMV or TNC_IMVID_ANY
+ * @param msg_flags		message flags
+ * @param msg			message to be added
+ * @param msg_len		message length
+ * @param msg_vid		message vendor ID
+ * @param msg_subtype	message subtype
+ * @return				return code
+ */
+typedef TNC_Result (*tnccs_send_message_t)(tnccs_t* tncss,
+										  TNC_IMCID imc_id,
+										  TNC_IMVID imv_id,
+										  TNC_UInt32 msg_flags,
+										  TNC_BufferReference msg,
+										  TNC_UInt32 msg_len,
+									 	  TNC_VendorID msg_vid,
+										  TNC_MessageSubtype msg_subtype);
+
+#endif /** TNCCS_H_ @}*/
diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.c b/src/libtnccs/tnc/tnccs/tnccs_manager.c
new file mode 100644
index 000000000..fa91bfb21
--- /dev/null
+++ b/src/libtnccs/tnc/tnccs/tnccs_manager.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnccs_manager.h"
+
+#include "tnc/tnc.h"
+
+#include <debug.h>
+
+/**
+ * See header
+ */
+bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
+						   bool reg, void *data)
+{
+	if (!tnc || !tnc->tnccs)
+	{
+		DBG1(DBG_TNC, "TNC TNCCS manager does not exist");
+		return FALSE;
+	}
+	if (reg)
+	{
+		if (feature->type == FEATURE_CUSTOM)
+		{
+			tnccs_type_t type = TNCCS_UNKNOWN;
+
+			if (streq(feature->arg.custom, "tnccs-2.0"))
+			{
+				type = TNCCS_2_0;
+			}
+			else if (streq(feature->arg.custom, "tnccs-1.1"))
+			{
+				type = TNCCS_1_1;
+			}
+			else if (streq(feature->arg.custom, "tnccs-dynamic"))
+			{
+				type = TNCCS_DYNAMIC;
+			}
+			else
+			{
+				return FALSE;
+			}
+			tnc->tnccs->add_method(tnc->tnccs, type, (tnccs_constructor_t)data);
+		}
+	}
+	else
+	{
+		tnc->tnccs->remove_method(tnc->tnccs, (tnccs_constructor_t)data);
+	}
+	return TRUE;
+}
diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.h b/src/libtnccs/tnc/tnccs/tnccs_manager.h
new file mode 100644
index 000000000..9ca450468
--- /dev/null
+++ b/src/libtnccs/tnc/tnccs/tnccs_manager.h
@@ -0,0 +1,203 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnccs_manager tnccs_manager
+ * @{ @ingroup tnccs
+ */
+
+#ifndef TNCCS_MANAGER_H_
+#define TNCCS_MANAGER_H_
+
+typedef struct tnccs_manager_t tnccs_manager_t;
+
+#include "tnccs.h"
+#include "tnc/imv/imv_recommendations.h"
+
+/**
+ * The TNCCS manager manages all TNCCS implementations and creates instances.
+ *
+ * A plugin registers its implemented TNCCS protocol with the manager by
+ * providing type and a constructor function. The manager then creates
+ * TNCCS protocol instances via the provided constructor.
+ */
+struct tnccs_manager_t {
+
+	/**
+	 * Register a TNCCS protocol implementation.
+	 *
+	 * @param type			TNCCS protocol type
+	 * @param constructor	constructor, returns a TNCCS protocol implementation
+	 */
+	void (*add_method)(tnccs_manager_t *this, tnccs_type_t type,
+					   tnccs_constructor_t constructor);
+
+	/**
+	 * Unregister a TNCCS protocol implementation using it's constructor.
+	 *
+	 * @param constructor	constructor function to remove, as added in add_method
+	 */
+	void (*remove_method)(tnccs_manager_t *this, tnccs_constructor_t constructor);
+
+	/**
+	 * Create a new TNCCS protocol instance.
+	 *
+	 * @param type		  type of the TNCCS protocol
+	 * @param is_server	  TRUE if TNC Server, FALSE if TNC Client
+	 * @return			  TNCCS protocol instance, NULL if no constructor found
+	 */
+	tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
+								bool is_server);
+
+	/**
+	 * Create a TNCCS connection and assign a unique connection ID as well a
+	 * callback function for adding a message to a TNCCS batch and create
+	 * an empty set for collecting IMV recommendations
+	 *
+	 * @param type						TNCCS protocol type
+	 * @param tnccs						TNCCS connection instance
+	 * @param send_message				TNCCS callback function
+	 * @param request_handshake_retry	pointer to boolean variable
+	 * @param recs						pointer to IMV recommendation set
+	 * @return							assigned connection ID
+	 */
+	TNC_ConnectionID (*create_connection)(tnccs_manager_t *this,
+										  tnccs_type_t type, tnccs_t *tnccs,
+										  tnccs_send_message_t send_message,
+										  bool *request_handshake_retry,
+										  recommendations_t **recs);
+
+	/**
+	 * Remove a TNCCS connection using its connection ID.
+	 *
+	 * @param id				ID of the connection to be removed
+	 * @param is_server			TNC Server if TRUE, TNC Client if FALSE
+	 */
+	void (*remove_connection)(tnccs_manager_t *this, TNC_ConnectionID id,
+							  bool is_server);
+
+	/**
+	 * Request a handshake retry
+	 *
+	 * @param is_imc			TRUE if IMC, FALSE if IMV
+	 * @param imcv_id			ID of IMC or IMV requesting the retry
+	 * @param id				ID of a specific connection or any connection
+	 * @param reason			reason for the handshake retry
+	 * @return					return code
+	 */
+	TNC_Result (*request_handshake_retry)(tnccs_manager_t *this, bool is_imc,
+										  TNC_UInt32 imcv_id,
+										  TNC_ConnectionID id,
+										  TNC_RetryReason reason);
+
+	/**
+	 * Add an IMC/IMV message to the batch of a given connection ID.
+	 *
+	 * @param imc_id			ID of IMC or TNC_IMCID_ANY
+	 * @param imv_id			ID of IMV or TNC_IMVID_ANY
+	 * @param id				ID of target connection
+	 * @param msg_flags			message flags
+	 * @param msg				message to be added
+	 * @param msg_len			message length
+	 * @param msg_vid			message vendor ID
+	 * @param msg_subtype		message subtype
+	 * @return					return code
+	 */
+	TNC_Result (*send_message)(tnccs_manager_t *this,
+							   TNC_IMCID imc_id,
+							   TNC_IMVID imv_id,
+							   TNC_ConnectionID id,
+							   TNC_UInt32 msg_flags,
+							   TNC_BufferReference msg,
+							   TNC_UInt32 msg_len,
+							   TNC_VendorID msg_vid,
+							   TNC_MessageSubtype msg_subtype);
+
+	/**
+	 * Deliver an IMV Action Recommendation and IMV Evaluation Result to the TNCS
+	 *
+	 * @param imv_id			ID of the IMV providing the recommendation
+	 * @param id				ID of target connection
+	 * @param rec				action recommendation
+	 * @param eval				evaluation result
+	 * @return					return code
+	 */
+	TNC_Result (*provide_recommendation)(tnccs_manager_t *this,
+										 TNC_IMVID imv_id,
+										 TNC_ConnectionID id,
+										 TNC_IMV_Action_Recommendation rec,
+										 TNC_IMV_Evaluation_Result eval);
+
+	/**
+	 * Get the value of an attribute associated with a connection or with the
+	 * TNCS as a whole.
+	 *
+	 * @param is_imc			TRUE if IMC, FALSE if IMV
+	 * @param imcv_id			ID of the IMC/IMV requesting the attribute
+	 * @param id				ID of target connection
+	 * @param attribute_id		ID of the requested attribute
+	 * @param buffer_len		length of the buffer in bytes
+	 * @param buffer			pointer to the buffer
+	 * @param value_len			actual length of the returned attribute
+	 * @return					return code
+	 */
+	TNC_Result (*get_attribute)(tnccs_manager_t *this, bool is_imc,
+							   TNC_UInt32 imcv_id,
+							   TNC_ConnectionID id,
+							   TNC_AttributeID attribute_id,
+							   TNC_UInt32 buffer_len,
+							   TNC_BufferReference buffer,
+							   TNC_UInt32 *value_len);
+
+	/**
+	 * Set the value of an attribute associated with a connection or with the
+	 * TNCS as a whole.
+	 *
+	 * @param is_imc			TRUE if IMC, FALSE if IMV
+	 * @param imcv_id			ID of the IMC/IMV setting the attribute
+	 * @param id				ID of target connection
+	 * @param attribute_id		ID of the attribute to be set
+	 * @param buffer_len		length of the buffer in bytes
+	 * @param buffer			pointer to the buffer
+	 * @return					return code
+	 */
+	TNC_Result (*set_attribute)(tnccs_manager_t *this, bool is_imc,
+								TNC_UInt32 imcv_id,
+								TNC_ConnectionID id,
+								TNC_AttributeID attribute_id,
+								TNC_UInt32 buffer_len,
+								TNC_BufferReference buffer);
+
+	/**
+	 * Destroy a tnccs_manager instance.
+	 */
+	void (*destroy)(tnccs_manager_t *this);
+};
+
+/**
+ * Helper function to (un-)register TNCCS methods from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a TNCCS method constructor.
+ *
+ * @param plugin		plugin registering the TNCCS method constructor
+ * @param feature		associated plugin feature
+ * @param reg			TRUE to register, FALSE to unregister.
+ * @param data			data passed to callback, a tnccs_constructor_t
+ */
+bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
+						   bool reg, void *data);
+
+#endif /** TNCCS_MANAGER_H_ @}*/