diff options
Diffstat (limited to 'src/libcharon/bus/bus.h')
| -rw-r--r-- | src/libcharon/bus/bus.h | 145 |
1 files changed, 121 insertions, 24 deletions
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index 69060d383..4a0ac68e3 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2006-2009 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -27,10 +28,11 @@ typedef struct bus_t bus_t; #include <stdarg.h> -#include <debug.h> +#include <utils/debug.h> #include <sa/ike_sa.h> #include <sa/child_sa.h> #include <processing/jobs/job.h> +#include <bus/listeners/logger.h> #include <bus/listeners/listener.h> /* undefine the definitions from libstrongswan */ @@ -84,10 +86,70 @@ enum alert_t { ALERT_RADIUS_NOT_RESPONDING, /** a shutdown signal has been received, argument is the signal (int) */ ALERT_SHUTDOWN_SIGNAL, + /** local peer authentication failed (by us or by peer), no arguments */ + ALERT_LOCAL_AUTH_FAILED, /** peer authentication failed, no arguments */ ALERT_PEER_AUTH_FAILED, /** failed to resolve peer address, no arguments */ ALERT_PEER_ADDR_FAILED, + /** peer did not respond to initial message, current try (int, 0-based) */ + ALERT_PEER_INIT_UNREACHABLE, + /** received IKE message with invalid SPI, argument is message_t* */ + ALERT_INVALID_IKE_SPI, + /** received IKE message with invalid header, argument is message_t* */ + ALERT_PARSE_ERROR_HEADER, + /** received IKE message with invalid body, argument is message_t*, + * followed by a status_t result returned by message_t.parse_body(). */ + ALERT_PARSE_ERROR_BODY, + /** sending a retransmit for a message, argument is packet_t */ + ALERT_RETRANSMIT_SEND, + /** sending retransmits timed out, argument is packet_t, if available */ + ALERT_RETRANSMIT_SEND_TIMEOUT, + /** received a retransmit for a message, argument is message_t */ + ALERT_RETRANSMIT_RECEIVE, + /** received half-open timeout before IKE_SA established, no argument */ + ALERT_HALF_OPEN_TIMEOUT, + /** IKE proposals do not match, argument is linked_list_t of proposal_t */ + ALERT_PROPOSAL_MISMATCH_IKE, + /** CHILD proposals do not match, argument is linked_list_t of proposal_t */ + ALERT_PROPOSAL_MISMATCH_CHILD, + /** traffic selectors do not match, arguments are two linked_list_t + * containing traffic_selector_t for initiator and for responder */ + ALERT_TS_MISMATCH, + /** traffic selectors have been narrowed by the peer, arguments are + * an int (TRUE for local TS), a linked_list_t* (final TS list), and the + * child_cfg_t*. */ + ALERT_TS_NARROWED, + /** Installation of IPsec SAs failed, argument is child_sa_t */ + ALERT_INSTALL_CHILD_SA_FAILED, + /** Installation of IPsec Policy failed, argument is child_sa_t */ + ALERT_INSTALL_CHILD_POLICY_FAILED, + /** IKE_SA deleted because of "replace" unique policy, no argument */ + ALERT_UNIQUE_REPLACE, + /** IKE_SA deleted because of "keep" unique policy, no argument */ + ALERT_UNIQUE_KEEP, + /** IKE_SA kept on failed child SA establishment, no argument */ + ALERT_KEEP_ON_CHILD_SA_FAILURE, + /** allocating virtual IP failed, linked_list_t of host_t requested */ + ALERT_VIP_FAILURE, + /** an authorize() hook failed, no argument */ + ALERT_AUTHORIZATION_FAILED, + /** IKE_SA hit the hard lifetime limit before it could be rekeyed */ + ALERT_IKE_SA_EXPIRED, + /** Certificate rejected; it has expired, certificate_t */ + ALERT_CERT_EXPIRED, + /** Certificate rejected; it has been revoked, certificate_t */ + ALERT_CERT_REVOKED, + /** Validating certificate status failed, certificate_t */ + ALERT_CERT_VALIDATION_FAILED, + /** Certificate rejected; no trusted issuer found, certificate_t */ + ALERT_CERT_NO_ISSUER, + /** Certificate rejected; root not trusted, certificate_t */ + ALERT_CERT_UNTRUSTED_ROOT, + /** Certificate rejected; trustchain length exceeds limit, certificate_t */ + ALERT_CERT_EXCEEDED_PATH_LEN, + /** Certificate rejected; other policy violation, certificate_t */ + ALERT_CERT_POLICY_VIOLATION, }; /** @@ -109,6 +171,8 @@ enum narrow_hook_t { NARROW_INITIATOR_PRE_AUTH, /** invoked as responder during exchange, peer is authenticated */ NARROW_RESPONDER, + /** invoked as responder after exchange, peer is authenticated */ + NARROW_RESPONDER_POST, /** invoked as initiator after exchange, follows a INITIATOR_PRE_NOAUTH */ NARROW_INITIATOR_POST_NOAUTH, /** invoked as initiator after exchange, follows a INITIATOR_PRE_AUTH */ @@ -118,8 +182,7 @@ enum narrow_hook_t { /** * The bus receives events and sends them to all registered listeners. * - * Any events sent to are delivered to all registered listeners. Threads - * may wait actively to events using the blocking listen() call. + * Loggers are handled separately. */ struct bus_t { @@ -142,26 +205,37 @@ struct bus_t { void (*remove_listener) (bus_t *this, listener_t *listener); /** - * Register a listener and block the calling thread. + * Register a logger with the bus. * - * This call registers a listener and blocks the calling thread until - * its listeners function returns FALSE. This allows to wait for certain - * events. The associated job is executed after the listener has been - * registered: This allows to listen on events we initiate with the job, - * without missing any events to job may fire. + * The logger is passive; the thread which emitted the event + * processes the logger routine. This routine may be called concurrently + * by multiple threads. Recursive calls are not prevented, so logger that + * may cause recursive calls are responsible to avoid infinite loops. * - * @param listener listener to register - * @param job job to execute asynchronously when registered, or NULL - * @param timeout max timeout in ms to listen for events, 0 to disable - * @return TRUE if timed out + * During registration get_level() is called for all log groups and the + * logger is registered to receive log messages for groups for which + * the requested log level is > LEVEL_SILENT and whose level is lower + * or equal than the requested level. + * + * To update the registered log levels call add_logger again with the + * same logger and return the new levels from get_level(). + * + * @param logger logger to register. */ - bool (*listen)(bus_t *this, listener_t *listener, job_t *job, u_int timeout); + void (*add_logger) (bus_t *this, logger_t *logger); + + /** + * Unregister a logger from the bus. + * + * @param logger logger to unregister. + */ + void (*remove_logger) (bus_t *this, logger_t *logger); /** * Set the IKE_SA the calling thread is using. * - * To associate an received log message to an IKE_SA without passing it as - * parameter each time, the thread registers the currenlty used IKE_SA + * To associate a received log message with an IKE_SA without passing it as + * parameter each time, the thread registers the currently used IKE_SA * during check-out. Before check-in, the thread unregisters the IKE_SA. * This IKE_SA is stored per-thread, so each thread has its own IKE_SA * registered. @@ -183,9 +257,8 @@ struct bus_t { /** * Send a log message to the bus. * - * The signal specifies the type of the event occurred. The format string - * specifies an additional informational or error message with a - * printf() like variable argument list. + * The format string specifies an additional informational or error + * message with a printf() like variable argument list. * Use the DBG() macros. * * @param group debugging group @@ -198,7 +271,7 @@ struct bus_t { /** * Send a log message to the bus using va_list arguments. * - * Same as bus_t.signal(), but uses va_list argument list. + * Same as bus_t.log(), but uses va_list argument list. * * @param group kind of the signal (up, down, rekeyed, ...) * @param level verbosity level of the signal @@ -212,7 +285,7 @@ struct bus_t { * Raise an alert over the bus. * * @param alert kind of alert - * @param ... alert specific attributes + * @param ... alert specific arguments */ void (*alert)(bus_t *this, alert_t alert, ...); @@ -235,10 +308,14 @@ struct bus_t { /** * Message send/receive hook. * + * The hook is invoked twice for each message: Once with plain, parsed data + * and once encoded and encrypted. + * * @param message message to send/receive * @param incoming TRUE for incoming messages, FALSE for outgoing + * @param plain TRUE if message is parsed and decrypted, FALSE it not */ - void (*message)(bus_t *this, message_t *message, bool incoming); + void (*message)(bus_t *this, message_t *message, bool incoming, bool plain); /** * IKE_SA authorization hook. @@ -264,12 +341,16 @@ struct bus_t { * * @param ike_sa IKE_SA this keymat belongs to * @param dh diffie hellman shared secret + * @param dh_other others DH public value (IKEv1 only) * @param nonce_i initiators nonce * @param nonce_r responders nonce - * @param rekey IKE_SA we are rekeying, if any + * @param rekey IKE_SA we are rekeying, if any (IKEv2 only) + * @param shared shared key used for key derivation (IKEv1-PSK only) */ void (*ike_keys)(bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh, - chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey); + chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, + ike_sa_t *rekey, shared_key_t *shared); + /** * CHILD_SA keymat hook. * @@ -299,6 +380,14 @@ struct bus_t { void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new); /** + * IKE_SA reestablishing hook. + * + * @param old reestablished and obsolete IKE_SA + * @param new new IKE_SA replacing old + */ + void (*ike_reestablish)(bus_t *this, ike_sa_t *old, ike_sa_t *new); + + /** * CHILD_SA up/down hook. * * @param child_sa CHILD_SA coming up/going down @@ -315,6 +404,14 @@ struct bus_t { void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new); /** + * Virtual IP assignment hook. + * + * @param ike_sa IKE_SA the VIPs are assigned to + * @param assign TRUE if assigned to IKE_SA, FALSE if released + */ + void (*assign_vips)(bus_t *this, ike_sa_t *ike_sa, bool assign); + + /** * Destroy the event bus. */ void (*destroy) (bus_t *this); |