src/libcharon/sa/redirect_provider.h

   1 /*
   2  * Copyright (C) 2015 Tobias Brunner
   3  *
   4  * Copyright (C) secunet Security Networks AG
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 /**
  18  * @defgroup redirect_provider redirect_provider
  19  * @{ @ingroup sa
  20  */
  21
  22 #ifndef REDIRECT_PROVIDER_H_
  23 #define REDIRECT_PROVIDER_H_
  24
  25 typedef struct redirect_provider_t redirect_provider_t;
  26
  27 #include <library.h>
  28 #include <sa/ike_sa.h>
  29
  30 /**
  31  * Interface that allows implementations to decide whether a client is
  32  * redirected during IKE_SA_INIT or IKE_AUTH using RFC 5685.
  33  */
  34 struct redirect_provider_t {
  35
  36         /**
  37          * Decide whether a client is redirect directly upon receipt of the
  38          * IKE_SA_INIT message.
  39          *
  40          * @param ike_sa                IKE_SA for which this is called
  41          * @param gateway[out]  new IKE gateway (IP or FQDN)
  42          * @return                              TRUE if client should be redirected, FALSE otherwise
  43          */
  44         bool (*redirect_on_init)(redirect_provider_t *this, ike_sa_t *ike_sa,
  45                                                          identification_t **gateway);
  46
  47         /**
  48          * Decide whether a client is redirect after the IKE_AUTH has been
  49          * handled.  This is called after the client is authenticated and when the
  50          * server authenticates itself.
  51          *
  52          * @param ike_sa                IKE_SA for which this is called
  53          * @param gateway[out]  new IKE gateway (IP or FQDN)
  54          * @return                              TRUE if client should be redirected, FALSE otherwise
  55          */
  56         bool (*redirect_on_auth)(redirect_provider_t *this, ike_sa_t *ike_sa,
  57                                                          identification_t **gateway);
  58 };
  59
  60 #endif /** REDIRECT_PROVIDER_H_ @}*/