path: root/src/libtnccs/tnc
diff options
Diffstat (limited to 'src/libtnccs/tnc')
12 files changed, 1685 insertions, 0 deletions
diff --git a/src/libtnccs/tnc/imc/imc.h b/src/libtnccs/tnc/imc/imc.h
new file mode 100644
index 000000000..3ff7d5194
--- /dev/null
+++ b/src/libtnccs/tnc/imc/imc.h
@@ -0,0 +1,230 @@
+ * Copyright (C) 2010-2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+ * @defgroup imc imc
+ * @ingroup tnc
+ *
+ * @defgroup imct imc
+ * @{ @ingroup imc
+ */
+#ifndef IMC_H_
+#define IMC_H_
+#include <tncifimc.h>
+#include <library.h>
+typedef struct imc_t imc_t;
+ * Controls a single Integrity Measurement Collector (IMC)
+ */
+struct imc_t {
+ /**
+ * The TNC Client calls this function to initialize the IMC and agree on
+ * the API version number to be used. It also supplies the IMC ID, an IMC
+ * identifier that the IMC must use when calling TNC Client callback functions.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @param minVersion minimum API version supported by TNCC
+ * @param maxVersion maximum API version supported by TNCC
+ * @param OutActualVersion mutually supported API version number
+ * @return TNC result code
+ */
+ TNC_Result (*initialize)(TNC_IMCID imcID,
+ TNC_Version minVersion,
+ TNC_Version maxVersion,
+ TNC_Version *OutActualVersion);
+ /**
+ * The TNC Client calls this function to inform the IMC that the state of
+ * the network connection identified by connectionID has changed to newState.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @param connectionID network connection ID assigned by TNCC
+ * @param newState new network connection state
+ * @return TNC result code
+ */
+ TNC_Result (*notify_connection_change)(TNC_IMCID imcID,
+ TNC_ConnectionID connectionID,
+ TNC_ConnectionState newState);
+ /**
+ * The TNC Client calls this function to indicate that an Integrity Check
+ * Handshake is beginning and solicit messages from IMCs for the first batch.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @param connectionID network connection ID assigned by TNCC
+ * @return TNC result code
+ */
+ TNC_Result (*begin_handshake)(TNC_IMCID imcID,
+ TNC_ConnectionID connectionID);
+ /**
+ * The TNC Client calls this function to deliver a message to the IMC.
+ * The message is contained in the buffer referenced by message and contains
+ * the number of octets indicated by messageLength. The type of the message
+ * is indicated by messageType.
+ *
+ * @param imcID IMC ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCC
+ * @param message reference to buffer containing message
+ * @param messageLength number of octets in message
+ * @param messageType message type of message
+ * @return TNC result code
+ */
+ TNC_Result (*receive_message)(TNC_IMCID imcID,
+ TNC_ConnectionID connectionID,
+ TNC_BufferReference message,
+ TNC_UInt32 messageLength,
+ TNC_MessageType messageType);
+ /**
+ * The TNC Client calls this function to deliver a message to the IMC.
+ * The message is contained in the buffer referenced by message and contains
+ * the number of octets indicated by messageLength. The type of the message
+ * is indicated by the message Vendor ID and message subtype.
+ *
+ * @param imcID IMC ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCC
+ * @param messageFlags message flags
+ * @param message reference to buffer containing message
+ * @param messageLength number of octets in message
+ * @param messageVendorID message Vendor ID
+ * @param messageSubtype message subtype
+ * @param sourceIMVID source IMV ID
+ * @param destinationIMCID destination IMC ID
+ * @return TNC result code
+ */
+ TNC_Result (*receive_message_long)(TNC_IMCID imcID,
+ TNC_ConnectionID connectionID,
+ TNC_UInt32 messageFlags,
+ TNC_BufferReference message,
+ TNC_UInt32 messageLength,
+ TNC_VendorID messageVendorID,
+ TNC_MessageSubtype messageSubtype,
+ TNC_UInt32 sourceIMVID,
+ TNC_UInt32 destinationIMCID);
+ /**
+ * The TNC Client calls this function to notify IMCs that all IMV messages
+ * received in a batch have been delivered and this is the IMC’s last chance
+ * to send a message in the batch of IMC messages currently being collected.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @param connectionID network connection ID assigned by TNCC
+ * @return TNC result code
+ */
+ TNC_Result (*batch_ending)(TNC_IMCID imcID,
+ TNC_ConnectionID connectionID);
+ /**
+ * The TNC Client calls this function to close down the IMC when all work is
+ * complete or the IMC reports TNC_RESULT_FATAL.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @return TNC result code
+ */
+ TNC_Result (*terminate)(TNC_IMCID imcID);
+ /**
+ * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+ * define this additional function. The TNC Server MUST call the function
+ * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+ * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+ * pointers to any other TNCS functions.
+ *
+ * @param imcID IMC ID assigned by TNCC
+ * @param bindFunction pointer to TNC_TNCC_BindFunction
+ * @return TNC result code
+ */
+ TNC_Result (*provide_bind_function)(TNC_IMCID imcID,
+ TNC_TNCC_BindFunctionPointer bindFunction);
+ /**
+ * Sets the ID of an imc_t object.
+ *
+ * @param id IMC ID to be assigned
+ */
+ void (*set_id)(imc_t *this, TNC_IMCID id);
+ /**
+ * Returns the ID of an imc_t object.
+ *
+ * @return assigned IMC ID
+ */
+ TNC_IMCID (*get_id)(imc_t *this);
+ /**
+ * Assign an additional ID to an imc_t object.
+ *
+ * @param id additional IMC ID to be assigned
+ */
+ void (*add_id)(imc_t *this, TNC_IMCID id);
+ /**
+ * Checks if the ID is assigned to the imc_t object.
+ *
+ * @return TRUE if IMC ID is assigned to imc_t object
+ */
+ bool (*has_id)(imc_t *this, TNC_IMCID id);
+ /**
+ * Returns the name of an imc_t object.
+ *
+ * @return name of IMC
+ */
+ char* (*get_name)(imc_t *this);
+ /**
+ * Sets the supported message types of an imc_t object.
+ *
+ * @param supported_types list of messages type supported by IMC
+ * @param type_count number of supported message types
+ */
+ void (*set_message_types)(imc_t *this, TNC_MessageTypeList supported_types,
+ TNC_UInt32 type_count);
+ /**
+ * Sets the supported long message types of an imc_t object.
+ *
+ * @param supported_vids list of vendor IDs supported by IMC
+ * @param supported_subtypes list of messages type supported by IMC
+ * @param type_count number of supported message types
+ */
+ void (*set_message_types_long)(imc_t *this, TNC_VendorIDList supported_vids,
+ TNC_MessageSubtypeList supported_subtypes,
+ TNC_UInt32 type_count);
+ /**
+ * Check if the IMC supports a given message type.
+ *
+ * @param msg_vid message vendor ID
+ * @param msg_subtype message subtype
+ * @return TRUE if supported
+ */
+ bool (*type_supported)(imc_t *this, TNC_VendorID msg_vid,
+ TNC_MessageSubtype msg_subtype);
+ /**
+ * Destroys an imc_t object.
+ */
+ void (*destroy)(imc_t *this);
+#endif /** IMC_H_ @}*/
diff --git a/src/libtnccs/tnc/imc/imc_manager.h b/src/libtnccs/tnc/imc/imc_manager.h
new file mode 100644
index 000000000..25e0efe9d
--- /dev/null
+++ b/src/libtnccs/tnc/imc/imc_manager.h
@@ -0,0 +1,165 @@
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+ * @defgroup imc_manager imc_manager
+ * @{ @ingroup imc
+ */
+#ifndef IMC_MANAGER_H_
+#define IMC_MANAGER_H_
+typedef struct imc_manager_t imc_manager_t;
+#include "imc.h"
+#include <library.h>
+ * The IMC manager controls all IMC instances.
+ */
+struct imc_manager_t {
+ /**
+ * Add an IMC instance
+ *
+ * @param imc IMC instance
+ * @return TRUE if initialization successful
+ */
+ bool (*add)(imc_manager_t *this, imc_t *imc);
+ /**
+ * Remove an IMC instance from the list and return it
+ *
+ * @param id ID of IMC instance
+ * @return removed IMC instance
+ */
+ imc_t* (*remove)(imc_manager_t *this, TNC_IMCID id);
+ /**
+ * Load and initialize an IMC as a dynamic library and add it to the list
+ *
+ * @param name name of the IMC to be loaded
+ * @param path path of the IMC dynamic library file
+ * @return TRUE if loading succeeded
+ */
+ bool (*load)(imc_manager_t *this, char *name, char *path);
+ /**
+ * Check if an IMC with a given ID is registered with the IMC manager
+ *
+ * @param id ID of IMC instance
+ * @return TRUE if registered
+ */
+ bool (*is_registered)(imc_manager_t *this, TNC_IMCID id);
+ /**
+ * Reserve an additional ID for an IMC
+ *
+ * @param id ID of IMC instance
+ * @param new_id reserved ID assigned to IMC
+ * @return TRUE if primary IMC ID was used
+ */
+ bool (*reserve_id)(imc_manager_t *this, TNC_IMCID id, TNC_UInt32 *new_id);
+ /**
+ * Return the preferred language for recommendations
+ *
+ * @return preferred language string
+ */
+ char* (*get_preferred_language)(imc_manager_t *this);
+ /**
+ * Notify all IMC instances
+ *
+ * @param state communicate the state a connection has reached
+ */
+ void (*notify_connection_change)(imc_manager_t *this,
+ TNC_ConnectionID id,
+ TNC_ConnectionState state);
+ /**
+ * Begin a handshake between the IMCs and a connection
+ *
+ * @param id connection ID
+ */
+ void (*begin_handshake)(imc_manager_t *this, TNC_ConnectionID id);
+ /**
+ * Sets the supported message types reported by a given IMC
+ *
+ * @param id ID of reporting IMC
+ * @param supported_types list of messages type supported by IMC
+ * @param type_count number of supported message types
+ * @return TNC result code
+ */
+ TNC_Result (*set_message_types)(imc_manager_t *this,
+ TNC_MessageTypeList supported_types,
+ TNC_UInt32 type_count);
+ /**
+ * Sets the supported long message types reported by a given IMC
+ *
+ * @param id ID of reporting IMC
+ * @param supported_vids list of vendor IDs supported by IMC
+ * @param supported_subtypes list of messages type supported by IMC
+ * @param type_count number of supported message types
+ * @return TNC result code
+ */
+ TNC_Result (*set_message_types_long)(imc_manager_t *this,
+ TNC_VendorIDList supported_vids,
+ TNC_MessageSubtypeList supported_subtypes,
+ TNC_UInt32 type_count);
+ /**
+ * Delivers a message to interested IMCs.
+ *
+ * @param connection_id connection ID
+ * @param excl exclusive message flag
+ * @param msg message
+ * @param msg_len message length
+ * @param msg_vid message Vendor ID
+ * @param msg_subtype message subtype
+ * @param src_imv_id source IMV ID
+ * @param dst_imc_id destination IMC ID
+ */
+ void (*receive_message)(imc_manager_t *this,
+ TNC_ConnectionID connection_id,
+ bool excl,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_VendorID msg_vid,
+ TNC_MessageSubtype msg_subtype,
+ TNC_UInt32 src_imv_id,
+ TNC_UInt32 dst_imc_id);
+ /**
+ * Notify all IMCs that all IMV messages received in a batch have been
+ * delivered and this is the IMCs last chance to send a message in the
+ * batch of IMC messages currently being collected.
+ *
+ * @param id connection ID
+ */
+ void (*batch_ending)(imc_manager_t *this, TNC_ConnectionID id);
+ /**
+ * Destroy an IMC manager and all its controlled instances.
+ */
+ void (*destroy)(imc_manager_t *this);
+#endif /** IMC_MANAGER_H_ @}*/
diff --git a/src/libtnccs/tnc/imv/imv.h b/src/libtnccs/tnc/imv/imv.h
new file mode 100644
index 000000000..3716532d6
--- /dev/null
+++ b/src/libtnccs/tnc/imv/imv.h
@@ -0,0 +1,230 @@
+ * Copyright (C) 2010-2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+ * @defgroup imv imv
+ * @ingroup tnc
+ *
+ * @defgroup imvt imv
+ * @{ @ingroup imv
+ */
+#ifndef IMV_H_
+#define IMV_H_
+#include <tncifimv.h>
+#include <library.h>
+typedef struct imv_t imv_t;
+ * Controls a single Integrity Measurement Verifier (IMV)
+ */
+struct imv_t {
+ /**
+ * The TNC Server calls this function to initialize the IMV and agree on
+ * the API version number to be used. It also supplies the IMV ID, an IMV
+ * identifier that the IMV must use when calling TNC Server callback functions.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param minVersion minimum API version supported
+ * @param maxVersion maximum API version supported by TNCS
+ * @param OutActualVersion mutually supported API version number
+ * @return TNC result code
+ */
+ TNC_Result (*initialize)(TNC_IMVID imvID,
+ TNC_Version minVersion,
+ TNC_Version maxVersion,
+ TNC_Version *OutActualVersion);
+ /**
+ * The TNC Server calls this function to inform the IMV that the state of
+ * the network connection identified by connectionID has changed to newState.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @param newState new network connection state
+ * @return TNC result code
+ */
+ TNC_Result (*notify_connection_change)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID,
+ TNC_ConnectionState newState);
+ /**
+ * The TNC Server calls this function at the end of an Integrity Check
+ * Handshake (after all IMC-IMV messages have been delivered) to solicit
+ * recommendations from IMVs that have not yet provided a recommendation.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*solicit_recommendation)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID);
+ /**
+ * The TNC Server calls this function to deliver a message to the IMV.
+ * The message is contained in the buffer referenced by message and contains
+ * the number of octets indicated by messageLength. The type of the message
+ * is indicated by messageType.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @param message reference to buffer containing message
+ * @param messageLength number of octets in message
+ * @param messageType message type of message
+ * @return TNC result code
+ */
+ TNC_Result (*receive_message)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID,
+ TNC_BufferReference message,
+ TNC_UInt32 messageLength,
+ TNC_MessageType messageType);
+ /**
+ * The TNC Server calls this function to deliver a message to the IMV.
+ * The message is contained in the buffer referenced by message and contains
+ * the number of octets indicated by messageLength. The type of the message
+ * is indicated by the message Vendor ID and message subtype.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @param messageFlags message flags
+ * @param message reference to buffer containing message
+ * @param messageLength number of octets in message
+ * @param messageVendorID message Vendor ID
+ * @param messageSubtype message subtype
+ * @param sourceIMCID source IMC ID
+ * @param destinationIMVID destination IMV ID
+ * @return TNC result code
+ */
+ TNC_Result (*receive_message_long)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID,
+ TNC_UInt32 messageFlags,
+ TNC_BufferReference message,
+ TNC_UInt32 messageLength,
+ TNC_VendorID messageVendorID,
+ TNC_MessageSubtype messageSubtype,
+ TNC_UInt32 sourceIMCID,
+ TNC_UInt32 destinationIMVID);
+ /**
+ * The TNC Server calls this function to notify IMVs that all IMC messages
+ * received in a batch have been delivered and this is the IMV’s last chance
+ * to send a message in the batch of IMV messages currently being collected.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param connectionID network connection ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*batch_ending)(TNC_IMVID imvID,
+ TNC_ConnectionID connectionID);
+ /**
+ * The TNC Server calls this function to close down the IMV.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*terminate)(TNC_IMVID imvID);
+ /**
+ * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+ * define this additional function. The TNC Server MUST call the function
+ * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+ * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+ * pointers to any other TNCS functions.
+ *
+ * @param imvID IMV ID assigned by TNCS
+ * @param bindFunction pointer to TNC_TNCS_BindFunction
+ * @return TNC result code
+ */
+ TNC_Result (*provide_bind_function)(TNC_IMVID imvID,
+ TNC_TNCS_BindFunctionPointer bindFunction);
+ /**
+ * Sets the ID of an imv_t object.
+ *
+ * @param id IMV ID to be assigned
+ */
+ void (*set_id)(imv_t *this, TNC_IMVID id);
+ /**
+ * Returns the ID of an imv_t object.
+ *
+ * @return IMV ID assigned by TNCS
+ */
+ TNC_IMVID (*get_id)(imv_t *this);
+ /**
+ * Assign an additional ID to an imv_t object.
+ *
+ * @param id additional IMV ID to be assigned
+ */
+ void (*add_id)(imv_t *this, TNC_IMVID id);
+ /**
+ * Checks if the ID is assigned to the imv_t object.
+ *
+ * @return TRUE if IMV ID is assigned to imv_t object
+ */
+ bool (*has_id)(imv_t *this, TNC_IMVID id);
+ /**
+ * Returns the name of an imv_t object.
+ *
+ * @return name of IMV
+ */
+ char* (*get_name)(imv_t *this);
+ /**
+ * Sets the supported message types of an imv_t object.
+ *
+ * @param supported_types list of messages type supported by IMV
+ * @param type_count number of supported message types
+ */
+ void (*set_message_types)(imv_t *this, TNC_MessageTypeList supported_types,
+ TNC_UInt32 type_count);
+ /**
+ * Sets the supported long message types of an imv_t object.
+ *
+ * @param supported_vids list of vendor IDs supported by IMC
+ * @param supported_subtypes list of messages type supported by IMC
+ * @param type_count number of supported message types
+ */
+ void (*set_message_types_long)(imv_t *this, TNC_VendorIDList supported_vids,
+ TNC_MessageSubtypeList supported_subtypes,
+ TNC_UInt32 type_count);
+ /**
+ * Check if the IMV supports a given message type.
+ *
+ * @param msg_vid message vendor ID
+ * @param msg_subtype message subtype
+ * @return TRUE if supported
+ */
+ bool (*type_supported)(imv_t *this, TNC_VendorID msg_vid,
+ TNC_MessageSubtype msg_subtype);
+ /**
+ * Destroys an imv_t object.
+ */
+ void (*destroy)(imv_t *this);
+#endif /** IMV_H_ @}*/
diff --git a/src/libtnccs/tnc/imv/imv_manager.h b/src/libtnccs/tnc/imv/imv_manager.h
new file mode 100644
index 000000000..43f40973c
--- /dev/null
+++ b/src/libtnccs/tnc/imv/imv_manager.h
@@ -0,0 +1,186 @@
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+ * @defgroup imv_manager imv_manager
+ * @{ @ingroup imv
+ */
+#ifndef IMV_MANAGER_H_
+#define IMV_MANAGER_H_
+typedef struct imv_manager_t imv_manager_t;
+#include "imv.h"
+#include "imv_recommendations.h"
+#include <library.h>
+ * The IMV manager controls all IMV instances.
+ */
+struct imv_manager_t {
+ /**
+ * Add an IMV instance
+ *
+ * @param imv IMV instance
+ * @return TRUE if initialization successful
+ */
+ bool (*add)(imv_manager_t *this, imv_t *imv);
+ /**
+ * Remove an IMV instance from the list and return it
+ *
+ * @param id ID of IMV instance
+ * @return removed IMC instance
+ */
+ imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id);
+ /**
+ * Load and initialize an IMV as a dynamic library and add it to the list
+ *
+ * @param name name of the IMV to be loaded
+ * @param path path of the IMV dynamic library file
+ * @return TRUE if loading succeeded
+ */
+ bool (*load)(imv_manager_t *this, char *name, char *path);
+ /**
+ * Check if an IMV with a given ID is registered with the IMV manager
+ *
+ * @param id ID of IMV instance
+ * @return TRUE if registered
+ */
+ bool (*is_registered)(imv_manager_t *this, TNC_IMVID id);
+ /**
+ * Reserve an additional ID for an IMV
+ *
+ * @param id ID of IMV instance
+ * @param new_id reserved ID assigned to IMV
+ * @return TRUE if primary IMV ID was used
+ */
+ bool (*reserve_id)(imv_manager_t *this, TNC_IMVID id, TNC_UInt32 *new_id);
+ /**
+ * Get the configured recommendation policy
+ *
+ * @return configured recommendation policy
+ */
+ recommendation_policy_t (*get_recommendation_policy)(imv_manager_t *this);
+ /**
+ * Create an empty set of IMV recommendations and evaluations
+ *
+ * @return instance of a recommendations_t list
+ */
+ recommendations_t* (*create_recommendations)(imv_manager_t *this);
+ /**
+ * Enforce the TNC recommendation on the IKE_SA by either inserting an
+ * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
+ *
+ * @param rec TNC action recommendation
+ * @param eval TNC evaluation result
+ * @return TRUE for allow|isolate, FALSE for none
+ */
+ bool (*enforce_recommendation)(imv_manager_t *this,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval);
+ /**
+ * Notify all IMV instances
+ *
+ * @param state communicate the state a connection has reached
+ */
+ void (*notify_connection_change)(imv_manager_t *this,
+ TNC_ConnectionID id,
+ TNC_ConnectionState state);
+ /**
+ * Sets the supported message types reported by a given IMV
+ *
+ * @param id ID of reporting IMV
+ * @param supported_types list of messages type supported by IMV
+ * @param type_count number of supported message types
+ * @return TNC result code
+ */
+ TNC_Result (*set_message_types)(imv_manager_t *this,
+ TNC_MessageTypeList supported_types,
+ TNC_UInt32 type_count);
+ /**
+ * Sets the supported long message types reported by a given IMV
+ *
+ * @param id ID of reporting IMV
+ * @param supported_vids list of vendor IDs supported by IMV
+ * @param supported_subtypes list of messages type supported by IMV
+ * @param type_count number of supported message types
+ * @return TNC result code
+ */
+ TNC_Result (*set_message_types_long)(imv_manager_t *this,
+ TNC_VendorIDList supported_vids,
+ TNC_MessageSubtypeList supported_subtypes,
+ TNC_UInt32 type_count);
+ /**
+ * Solicit recommendations from IMVs that have not yet provided one
+ *
+ * @param id connection ID
+ */
+ void (*solicit_recommendation)(imv_manager_t *this, TNC_ConnectionID id);
+ /**
+ * Delivers a message to interested IMVs.
+ *
+ * @param connection_id connection ID
+ * @param excl exclusive message flag
+ * @param msg message
+ * @param msg_len message length
+ * @param msg_vid message Vendor ID
+ * @param msg_subtype message subtype
+ * @param src_imc_id source IMC ID
+ * @param dst_imv_id destination IMV ID
+ */
+ void (*receive_message)(imv_manager_t *this,
+ TNC_ConnectionID connection_id,
+ bool excl,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_VendorID msg_vid,
+ TNC_MessageSubtype msg_subtype,
+ TNC_UInt32 src_imc_id,
+ TNC_UInt32 dst_imv_id);
+ /**
+ * Notify all IMVs that all IMC messages received in a batch have been
+ * delivered and this is the IMVs last chance to send a message in the
+ * batch of IMV messages currently being collected.
+ *
+ * @param id connection ID
+ */
+ void (*batch_ending)(imv_manager_t *this, TNC_ConnectionID id);
+ /**
+ * Destroy an IMV manager and all its controlled instances.
+ */
+ void (*destroy)(imv_manager_t *this);
+#endif /** IMV_MANAGER_H_ @}*/
diff --git a/src/libtnccs/tnc/imv/imv_recommendations.c b/src/libtnccs/tnc/imv/imv_recommendations.c
new file mode 100644
index 000000000..9daaca16c
--- /dev/null
+++ b/src/libtnccs/tnc/imv/imv_recommendations.c
@@ -0,0 +1,24 @@
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+#include "imv_recommendations.h"
+ENUM(recommendation_policy_names, RECOMMENDATION_POLICY_DEFAULT,
+ "default",
+ "any",
+ "all"
diff --git a/src/libtnccs/tnc/imv/imv_recommendations.h b/src/libtnccs/tnc/imv/imv_recommendations.h
new file mode 100644
index 000000000..d694e16ae
--- /dev/null
+++ b/src/libtnccs/tnc/imv/imv_recommendations.h
@@ -0,0 +1,123 @@
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+ * @defgroup imv_recommendations imv_recommendations
+ * @{ @ingroup imv
+ */
+#include <tncifimv.h>
+#include <library.h>
+typedef enum recommendation_policy_t recommendation_policy_t;
+enum recommendation_policy_t {
+extern enum_name_t *recommendation_policy_names;
+typedef struct recommendations_t recommendations_t;
+ * Collection of all IMV action recommendations and evaluation results
+ */
+struct recommendations_t {
+ /**
+ * Deliver an IMV action recommendation and IMV evaluation result to the TNCS
+ *
+ * @param imv_id ID of the IMV providing the recommendation
+ * @param rec action recommendation
+ * @param eval evaluation result
+ * @return return code
+ */
+ TNC_Result (*provide_recommendation)(recommendations_t *this,
+ TNC_IMVID imv_id,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval);
+ /**
+ * If all IMVs provided a recommendation, derive a consolidated action
+ * recommendation and evaluation result based on a configured policy
+ *
+ * @param rec action recommendation
+ * @param eval evaluation result
+ * @return TRUE if all IMVs provided a recommendation
+ */
+ bool (*have_recommendation)(recommendations_t *this,
+ TNC_IMV_Action_Recommendation *rec,
+ TNC_IMV_Evaluation_Result *eval);
+ /**
+ * Get the preferred language for remediation messages
+ *
+ * @return preferred language
+ */
+ chunk_t (*get_preferred_language)(recommendations_t *this);
+ /**
+ * Set the preferred language for remediation messages
+ *
+ * @param pref_lang preferred language
+ */
+ void (*set_preferred_language)(recommendations_t *this, chunk_t pref_lang);
+ /**
+ * Set the reason string
+ *
+ * @param id ID of IMV setting the reason string
+ * @param reason reason string
+ * @result return code
+ */
+ TNC_Result (*set_reason_string)(recommendations_t *this, TNC_IMVID id,
+ chunk_t reason);
+ /**
+ * Set the language for reason strings
+ *
+ * @param id ID of IMV setting the reason language
+ * @param reason_lang reason language
+ * @result return code
+ */
+ TNC_Result (*set_reason_language)(recommendations_t *this, TNC_IMVID id,
+ chunk_t reason_lang);
+ /**
+ * Enumerates over all IMVs sending a reason string.
+ * Format: TNC_IMVID *id, chunk_t *reason, chunk_t *reason_language
+ *
+ * @return enumerator
+ */
+ enumerator_t* (*create_reason_enumerator)(recommendations_t *this);
+ /**
+ * Clears all reason entries
+ */
+ void (*clear_reasons)(recommendations_t *this);
+ /**
+ * Destroys an imv_t object.
+ */
+ void (*destroy)(recommendations_t *this);
+#endif /** IMV_RECOMMENDATIONS_H_ @}*/
diff --git a/src/libtnccs/tnc/tnc.c b/src/libtnccs/tnc/tnc.c
new file mode 100644
index 000000000..652afc291
--- /dev/null
+++ b/src/libtnccs/tnc/tnc.c
@@ -0,0 +1,268 @@
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+#include "tnc.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <utils/lexparser.h>
+#include <debug.h>
+typedef struct private_tnc_t private_tnc_t;
+typedef tnccs_manager_t *(*tnc_create_tnccs_manager_t)(void);
+typedef imc_manager_t *(*tnc_create_imc_manager_t)(void);
+typedef imv_manager_t *(*tnc_create_imv_manager_t)(void);
+ * Private additions to tnc_t.
+ */
+struct private_tnc_t {
+ /**
+ * Public members of tnc_t.
+ */
+ tnc_t public;
+ * Single instance of tnc_t.
+ */
+tnc_t *tnc;
+ * Described in header.
+ */
+void libtnccs_init(void)
+ private_tnc_t *this;
+ INIT(this,
+ .public = {
+ },
+ );
+ tnc = &this->public;
+ * Described in header.
+ */
+void libtnccs_deinit(void)
+ private_tnc_t *this = (private_tnc_t*)tnc;
+ free(this);
+ tnc = NULL;
+static bool load_imcvs_from_config(char *filename, bool is_imc)
+ int fd, line_nr = 0;
+ chunk_t src, line;
+ struct stat sb;
+ void *addr;
+ char *label;
+ label = is_imc ? "IMC" : "IMV";
+ DBG1(DBG_TNC, "loading %ss from '%s'", label, filename);
+ fd = open(filename, O_RDONLY);
+ if (fd == -1)
+ {
+ DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
+ strerror(errno));
+ return FALSE;
+ }
+ if (fstat(fd, &sb) == -1)
+ {
+ DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
+ strerror(errno));
+ close(fd);
+ return FALSE;
+ }
+ addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+ if (addr == MAP_FAILED)
+ {
+ DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
+ close(fd);
+ return FALSE;
+ }
+ src = chunk_create(addr, sb.st_size);
+ while (fetchline(&src, &line))
+ {
+ char *name, *path;
+ bool success;
+ chunk_t token;
+ line_nr++;
+ /* skip comments or empty lines */
+ if (*line.ptr == '#' || !eat_whitespace(&line))
+ {
+ continue;
+ }
+ /* determine keyword */
+ if (!extract_token(&token, ' ', &line))
+ {
+ DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
+ line_nr);
+ return FALSE;
+ }
+ /* only interested in IMCs or IMVs depending on label */
+ if (!match(label, &token))
+ {
+ continue;
+ }
+ /* advance to the IMC/IMV name and extract it */
+ if (!extract_token(&token, '"', &line) ||
+ !extract_token(&token, '"', &line))
+ {
+ DBG1(DBG_TNC, "line %d: %s name must be set in double quotes",
+ line_nr, label);
+ return FALSE;
+ }
+ /* copy the IMC/IMV name */
+ name = malloc(token.len + 1);
+ memcpy(name, token.ptr, token.len);
+ name[token.len] = '\0';
+ /* advance to the IMC/IMV path and extract it */
+ if (!eat_whitespace(&line))
+ {
+ DBG1(DBG_TNC, "line %d: %s path is missing", line_nr, label);
+ free(name);
+ return FALSE;
+ }
+ if (!extract_token(&token, ' ', &line))
+ {
+ token = line;
+ }
+ /* copy the IMC/IMV path */
+ path = malloc(token.len + 1);
+ memcpy(path, token.ptr, token.len);
+ path[token.len] = '\0';
+ /* load and register an IMC/IMV instance */
+ if (is_imc)
+ {
+ success = tnc->imcs->load(tnc->imcs, name, path);
+ }
+ else
+ {
+ success = tnc->imvs->load(tnc->imvs, name, path);
+ }
+ if (!success)
+ {
+ return FALSE;
+ }
+ }
+ munmap(addr, sb.st_size);
+ close(fd);
+ return TRUE;
+ * Described in header.
+ */
+bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data)
+ bool load_imcvs = FALSE;
+ bool is_imc = FALSE;
+ if (feature->type == FEATURE_CUSTOM)
+ {
+ if (streq(feature->arg.custom, "tnccs-manager"))
+ {
+ if (reg)
+ {
+ tnc->tnccs = ((tnc_create_tnccs_manager_t)data)();
+ }
+ else
+ {
+ tnc->tnccs->destroy(tnc->tnccs);
+ tnc->tnccs = NULL;
+ }
+ }
+ else if (streq(feature->arg.custom, "imc-manager"))
+ {
+ if (reg)
+ {
+ tnc->imcs = ((tnc_create_imc_manager_t)data)();
+ is_imc = TRUE;
+ load_imcvs = TRUE;
+ }
+ else
+ {
+ tnc->imcs->destroy(tnc->imcs);
+ tnc->imcs = NULL;
+ }
+ }
+ else if (streq(feature->arg.custom, "imv-manager"))
+ {
+ if (reg)
+ {
+ tnc->imvs = ((tnc_create_imv_manager_t)data)();
+ is_imc = FALSE;
+ load_imcvs = TRUE;
+ }
+ else
+ {
+ tnc->imvs->destroy(tnc->imvs);
+ tnc->imvs = NULL;
+ }
+ }
+ else
+ {
+ return FALSE;
+ }
+ if (load_imcvs)
+ {
+ char *tnc_config;
+ tnc_config = lib->settings->get_str(lib->settings,
+ "libtnccs.tnc_config", "/etc/tnc_config");
+ if (!load_imcvs_from_config(tnc_config, is_imc))
+ {
+ if (is_imc)
+ {
+ tnc->imcs->destroy(tnc->imcs);
+ tnc->imcs = NULL;
+ }
+ else
+ {
+ tnc->imvs->destroy(tnc->imvs);
+ tnc->imvs = NULL;
+ }
+ return FALSE;
+ }
+ }
+ }
+ return TRUE;
diff --git a/src/libtnccs/tnc/tnc.h b/src/libtnccs/tnc/tnc.h
new file mode 100644
index 000000000..e5a4a2959
--- /dev/null
+++ b/src/libtnccs/tnc/tnc.h
@@ -0,0 +1,87 @@
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+ * @defgroup tnc tnc
+ *
+ * @addtogroup tnc
+ * @{
+ */
+#ifndef TNC_H_
+#define TNC_H_
+typedef struct tnc_t tnc_t;
+#include "tnc/imc/imc_manager.h"
+#include "tnc/imv/imv_manager.h"
+#include "tnc/tnccs/tnccs_manager.h"
+#include <library.h>
+ * TNC management support object.
+ */
+struct tnc_t {
+ /**
+ * TNC-IMC manager controlling Integrity Measurement Collectors
+ */
+ imc_manager_t *imcs;
+ /**
+ * TNC-IMV manager controlling Integrity Measurement Verifiers
+ */
+ imv_manager_t *imvs;
+ /**
+ * TNC-TNCCS manager controlling the TNC Server and Client protocols
+ */
+ tnccs_manager_t *tnccs;
+ * The single instance of tnc_t.
+ *
+ * Exists between calls to libtnccs_init() and libtnccs_deinit().
+ */
+extern tnc_t *tnc;
+ * Initialize libtnccs.
+ */
+void libtnccs_init(void);
+ * Deinitialize libtnccs
+ */
+void libtnccs_deinit(void);
+ * Helper function to (un-)register TNC managers from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a TNC manager constructor.
+ *
+ * @param plugin plugin registering the TNC manager
+ * @param feature associated plugin feature
+ * @param reg TRUE to register, FALSE to unregister.
+ * @param data data passed to callback, a TNC manager constructor
+ */
+bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data);
+#endif /** TNC_H_ @}*/
diff --git a/src/libtnccs/tnc/tnccs/tnccs.c b/src/libtnccs/tnc/tnccs/tnccs.c
new file mode 100644
index 000000000..80d0f497c
--- /dev/null
+++ b/src/libtnccs/tnc/tnccs/tnccs.c
@@ -0,0 +1,24 @@
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+#include "tnccs.h"
+ENUM(tnccs_type_names, TNCCS_UNKNOWN, TNCCS_2_0,
+ "unknown TNCCS",
+ "TNCCS 1.1",
+ "TNCCS 2.0",
diff --git a/src/libtnccs/tnc/tnccs/tnccs.h b/src/libtnccs/tnc/tnccs/tnccs.h
new file mode 100644
index 000000000..c3020d7c3
--- /dev/null
+++ b/src/libtnccs/tnc/tnccs/tnccs.h
@@ -0,0 +1,82 @@
+ * Copyright (C) 2010-2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+ * @defgroup tnccs tnccs
+ * @ingroup tnc
+ *
+ * @defgroup tnccst tnccs
+ * @{ @ingroup tnccs
+ */
+#ifndef TNCCS_H_
+#define TNCCS_H_
+typedef struct tnccs_t tnccs_t;
+typedef enum tnccs_type_t tnccs_type_t;
+#include <tncif.h>
+#include <tncifimc.h>
+#include <tncifimv.h>
+#include <library.h>
+#include <plugins/plugin.h>
+ * Type of TNC Client/Server protocol
+ */
+enum tnccs_type_t {
+ TNCCS_1_1,
+ TNCCS_2_0,
+ * enum names for tnccs_type_t.
+ */
+extern enum_name_t *tnccs_type_names;
+ * Constructor definition for a pluggable TNCCS protocol implementation.
+ *
+ * @param is_server TRUE if TNC Server, FALSE if TNC Client
+ * @return implementation of the tnccs_t interface
+ */
+typedef tnccs_t *(*tnccs_constructor_t)(bool is_server);
+ * Callback function adding a message to a TNCCS batch
+ *
+ * @param imc_id ID of IMC or TNC_IMCID_ANY
+ * @param imc_id ID of IMV or TNC_IMVID_ANY
+ * @param msg_flags message flags
+ * @param msg message to be added
+ * @param msg_len message length
+ * @param msg_vid message vendor ID
+ * @param msg_subtype message subtype
+ * @return return code
+ */
+typedef TNC_Result (*tnccs_send_message_t)(tnccs_t* tncss,
+ TNC_IMCID imc_id,
+ TNC_IMVID imv_id,
+ TNC_UInt32 msg_flags,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_VendorID msg_vid,
+ TNC_MessageSubtype msg_subtype);
+#endif /** TNCCS_H_ @}*/
diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.c b/src/libtnccs/tnc/tnccs/tnccs_manager.c
new file mode 100644
index 000000000..fa91bfb21
--- /dev/null
+++ b/src/libtnccs/tnc/tnccs/tnccs_manager.c
@@ -0,0 +1,63 @@
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+#include "tnccs_manager.h"
+#include "tnc/tnc.h"
+#include <debug.h>
+ * See header
+ */
+bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data)
+ if (!tnc || !tnc->tnccs)
+ {
+ DBG1(DBG_TNC, "TNC TNCCS manager does not exist");
+ return FALSE;
+ }
+ if (reg)
+ {
+ if (feature->type == FEATURE_CUSTOM)
+ {
+ tnccs_type_t type = TNCCS_UNKNOWN;
+ if (streq(feature->arg.custom, "tnccs-2.0"))
+ {
+ type = TNCCS_2_0;
+ }
+ else if (streq(feature->arg.custom, "tnccs-1.1"))
+ {
+ type = TNCCS_1_1;
+ }
+ else if (streq(feature->arg.custom, "tnccs-dynamic"))
+ {
+ }
+ else
+ {
+ return FALSE;
+ }
+ tnc->tnccs->add_method(tnc->tnccs, type, (tnccs_constructor_t)data);
+ }
+ }
+ else
+ {
+ tnc->tnccs->remove_method(tnc->tnccs, (tnccs_constructor_t)data);
+ }
+ return TRUE;
diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.h b/src/libtnccs/tnc/tnccs/tnccs_manager.h
new file mode 100644
index 000000000..9ca450468
--- /dev/null
+++ b/src/libtnccs/tnc/tnccs/tnccs_manager.h
@@ -0,0 +1,203 @@
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+ * @defgroup tnccs_manager tnccs_manager
+ * @{ @ingroup tnccs
+ */
+typedef struct tnccs_manager_t tnccs_manager_t;
+#include "tnccs.h"
+#include "tnc/imv/imv_recommendations.h"
+ * The TNCCS manager manages all TNCCS implementations and creates instances.
+ *
+ * A plugin registers its implemented TNCCS protocol with the manager by
+ * providing type and a constructor function. The manager then creates
+ * TNCCS protocol instances via the provided constructor.
+ */
+struct tnccs_manager_t {
+ /**
+ * Register a TNCCS protocol implementation.
+ *
+ * @param type TNCCS protocol type
+ * @param constructor constructor, returns a TNCCS protocol implementation
+ */
+ void (*add_method)(tnccs_manager_t *this, tnccs_type_t type,
+ tnccs_constructor_t constructor);
+ /**
+ * Unregister a TNCCS protocol implementation using it's constructor.
+ *
+ * @param constructor constructor function to remove, as added in add_method
+ */
+ void (*remove_method)(tnccs_manager_t *this, tnccs_constructor_t constructor);
+ /**
+ * Create a new TNCCS protocol instance.
+ *
+ * @param type type of the TNCCS protocol
+ * @param is_server TRUE if TNC Server, FALSE if TNC Client
+ * @return TNCCS protocol instance, NULL if no constructor found
+ */
+ tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
+ bool is_server);
+ /**
+ * Create a TNCCS connection and assign a unique connection ID as well a
+ * callback function for adding a message to a TNCCS batch and create
+ * an empty set for collecting IMV recommendations
+ *
+ * @param type TNCCS protocol type
+ * @param tnccs TNCCS connection instance
+ * @param send_message TNCCS callback function
+ * @param request_handshake_retry pointer to boolean variable
+ * @param recs pointer to IMV recommendation set
+ * @return assigned connection ID
+ */
+ TNC_ConnectionID (*create_connection)(tnccs_manager_t *this,
+ tnccs_type_t type, tnccs_t *tnccs,
+ tnccs_send_message_t send_message,
+ bool *request_handshake_retry,
+ recommendations_t **recs);
+ /**
+ * Remove a TNCCS connection using its connection ID.
+ *
+ * @param id ID of the connection to be removed
+ * @param is_server TNC Server if TRUE, TNC Client if FALSE
+ */
+ void (*remove_connection)(tnccs_manager_t *this, TNC_ConnectionID id,
+ bool is_server);
+ /**
+ * Request a handshake retry
+ *
+ * @param is_imc TRUE if IMC, FALSE if IMV
+ * @param imcv_id ID of IMC or IMV requesting the retry
+ * @param id ID of a specific connection or any connection
+ * @param reason reason for the handshake retry
+ * @return return code
+ */
+ TNC_Result (*request_handshake_retry)(tnccs_manager_t *this, bool is_imc,
+ TNC_UInt32 imcv_id,
+ TNC_ConnectionID id,
+ TNC_RetryReason reason);
+ /**
+ * Add an IMC/IMV message to the batch of a given connection ID.
+ *
+ * @param imc_id ID of IMC or TNC_IMCID_ANY
+ * @param imv_id ID of IMV or TNC_IMVID_ANY
+ * @param id ID of target connection
+ * @param msg_flags message flags
+ * @param msg message to be added
+ * @param msg_len message length
+ * @param msg_vid message vendor ID
+ * @param msg_subtype message subtype
+ * @return return code
+ */
+ TNC_Result (*send_message)(tnccs_manager_t *this,
+ TNC_IMCID imc_id,
+ TNC_IMVID imv_id,
+ TNC_ConnectionID id,
+ TNC_UInt32 msg_flags,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_VendorID msg_vid,
+ TNC_MessageSubtype msg_subtype);
+ /**
+ * Deliver an IMV Action Recommendation and IMV Evaluation Result to the TNCS
+ *
+ * @param imv_id ID of the IMV providing the recommendation
+ * @param id ID of target connection
+ * @param rec action recommendation
+ * @param eval evaluation result
+ * @return return code
+ */
+ TNC_Result (*provide_recommendation)(tnccs_manager_t *this,
+ TNC_IMVID imv_id,
+ TNC_ConnectionID id,
+ TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval);
+ /**
+ * Get the value of an attribute associated with a connection or with the
+ * TNCS as a whole.
+ *
+ * @param is_imc TRUE if IMC, FALSE if IMV
+ * @param imcv_id ID of the IMC/IMV requesting the attribute
+ * @param id ID of target connection
+ * @param attribute_id ID of the requested attribute
+ * @param buffer_len length of the buffer in bytes
+ * @param buffer pointer to the buffer
+ * @param value_len actual length of the returned attribute
+ * @return return code
+ */
+ TNC_Result (*get_attribute)(tnccs_manager_t *this, bool is_imc,
+ TNC_UInt32 imcv_id,
+ TNC_ConnectionID id,
+ TNC_AttributeID attribute_id,
+ TNC_UInt32 buffer_len,
+ TNC_BufferReference buffer,
+ TNC_UInt32 *value_len);
+ /**
+ * Set the value of an attribute associated with a connection or with the
+ * TNCS as a whole.
+ *
+ * @param is_imc TRUE if IMC, FALSE if IMV
+ * @param imcv_id ID of the IMC/IMV setting the attribute
+ * @param id ID of target connection
+ * @param attribute_id ID of the attribute to be set
+ * @param buffer_len length of the buffer in bytes
+ * @param buffer pointer to the buffer
+ * @return return code
+ */
+ TNC_Result (*set_attribute)(tnccs_manager_t *this, bool is_imc,
+ TNC_UInt32 imcv_id,
+ TNC_ConnectionID id,
+ TNC_AttributeID attribute_id,
+ TNC_UInt32 buffer_len,
+ TNC_BufferReference buffer);
+ /**
+ * Destroy a tnccs_manager instance.
+ */
+ void (*destroy)(tnccs_manager_t *this);
+ * Helper function to (un-)register TNCCS methods from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a TNCCS method constructor.
+ *
+ * @param plugin plugin registering the TNCCS method constructor
+ * @param feature associated plugin feature
+ * @param reg TRUE to register, FALSE to unregister.
+ * @param data data passed to callback, a tnccs_constructor_t
+ */
+bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data);
+#endif /** TNCCS_MANAGER_H_ @}*/