aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/bus/bus.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/bus/bus.h')
-rw-r--r--src/libcharon/bus/bus.h37
1 files changed, 37 insertions, 0 deletions
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 8cf392eae..df555d83e 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -22,6 +22,7 @@
#define BUS_H_
typedef enum alert_t alert_t;
+typedef enum narrow_hook_t narrow_hook_t;
typedef struct bus_t bus_t;
#include <stdarg.h>
@@ -86,6 +87,31 @@ enum alert_t {
};
/**
+ * Kind of narrow hook.
+ *
+ * There is a non-authenticated (IKE_AUTH) and a authenticated
+ * (CREATE_CHILD_SA) narrowing hook for the initiator. Only one of these
+ * hooks is invoked before the exchange.
+ * To verify the traffic selectors negotiated, each PRE hook has a POST
+ * counterpart that follows. POST hooks are invoked with an authenticated peer.
+ * It is usually not a good idea to narrow in the POST hooks,
+ * as the resulting traffic selector is not negotiated and results
+ * in non-matching policies.
+ */
+enum narrow_hook_t {
+ /** invoked as initiator before exchange, peer is not yet authenticated */
+ NARROW_INITIATOR_PRE_NOAUTH,
+ /** invoked as initiator before exchange, peer is authenticated */
+ NARROW_INITIATOR_PRE_AUTH,
+ /** invoked as responder during exchange, peer is authenticated */
+ NARROW_RESPONDER,
+ /** invoked as initiator after exchange, follows a INITIATOR_PRE_NOAUTH */
+ NARROW_INITIATOR_POST_NOAUTH,
+ /** invoked as initiator after exchange, follows a INITIATOR_PRE_AUTH */
+ NARROW_INITIATOR_POST_AUTH,
+};
+
+/**
* The bus receives events and sends them to all registered listeners.
*
* Any events sent to are delivered to all registered listeners. Threads
@@ -217,6 +243,17 @@ struct bus_t {
bool (*authorize)(bus_t *this, bool final);
/**
+ * CHILD_SA traffic selector narrowing hook.
+ *
+ * @param child_sa CHILD_SA set up with these traffic selectors
+ * @param type type of hook getting invoked
+ * @param local list of local traffic selectors to narrow
+ * @param remote list of remote traffic selectors to narrow
+ */
+ void (*narrow)(bus_t *this, child_sa_t *child_sa, narrow_hook_t type,
+ linked_list_t *local, linked_list_t *remote);
+
+ /**
* IKE_SA keymat hook.
*
* @param ike_sa IKE_SA this keymat belongs to
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 22:35:40 +0000