2 * Copyright (C) 2015 Tobias Brunner
4 * Copyright (C) secunet Security Networks AG
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 * @defgroup redirect_provider redirect_provider
22 #ifndef REDIRECT_PROVIDER_H_
23 #define REDIRECT_PROVIDER_H_
25 typedef struct redirect_provider_t redirect_provider_t
;
28 #include <sa/ike_sa.h>
31 * Interface that allows implementations to decide whether a client is
32 * redirected during IKE_SA_INIT or IKE_AUTH using RFC 5685.
34 struct redirect_provider_t
{
37 * Decide whether a client is redirect directly upon receipt of the
38 * IKE_SA_INIT message.
40 * @param ike_sa IKE_SA for which this is called
41 * @param gateway[out] new IKE gateway (IP or FQDN)
42 * @return TRUE if client should be redirected, FALSE otherwise
44 bool (*redirect_on_init
)(redirect_provider_t
*this, ike_sa_t
*ike_sa
,
45 identification_t
**gateway
);
48 * Decide whether a client is redirect after the IKE_AUTH has been
49 * handled. This is called after the client is authenticated and when the
50 * server authenticates itself.
52 * @param ike_sa IKE_SA for which this is called
53 * @param gateway[out] new IKE gateway (IP or FQDN)
54 * @return TRUE if client should be redirected, FALSE otherwise
56 bool (*redirect_on_auth
)(redirect_provider_t
*this, ike_sa_t
*ike_sa
,
57 identification_t
**gateway
);
60 #endif /** REDIRECT_PROVIDER_H_ @}*/