2 * Copyright (C) 2013-2017 Tobias Brunner
3 * Copyright (C) 2009 Martin Willi
5 * Copyright (C) secunet Security Networks AG
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 * @defgroup trap_manager trap_manager
23 #ifndef TRAP_MANAGER_H_
24 #define TRAP_MANAGER_H_
27 #include <collections/enumerator.h>
28 #include <config/peer_cfg.h>
29 #include <sa/child_sa.h>
31 typedef struct trap_manager_t trap_manager_t
;
34 * Manage policies to create SAs from traffic.
36 struct trap_manager_t
{
39 * Install a policy as a trap.
41 * @param peer peer configuration to initiate on trap
42 * @param child child configuration to install as a trap
43 * @return TRUE if successfully installed
45 bool (*install
)(trap_manager_t
*this, peer_cfg_t
*peer
, child_cfg_t
*child
);
48 * Uninstall a trap policy.
50 * If no peer configuration name is given the first matching child
51 * configuration is uninstalled.
53 * @param peer peer configuration name or NULL
54 * @param child child configuration name
55 * @return TRUE if uninstalled successfully
57 bool (*uninstall
)(trap_manager_t
*this, char *peer
, char *child
);
60 * Install and register an externally managed trap policy using the two
61 * lists of local and remote addresses when deriving traffic selectors.
63 * @param peer peer configuration to register
64 * @param child CHILD_SA to install and register
65 * @param local list of local addresses (virtual or physical)
66 * @param remote list of remote addresses (virtual or physical)
67 * @return TRUE if successfully installed and registered
69 bool (*install_external
)(trap_manager_t
*this, peer_cfg_t
*peer
,
70 child_sa_t
*child
, linked_list_t
*local
,
71 linked_list_t
*remote
);
74 * Remove and uninstall a previously registered externally managed trap
77 * @param child CHILD_SA to remove
78 * @return TRUE if successfully removed
80 bool (*remove_external
)(trap_manager_t
*this, child_sa_t
*child
);
83 * Create an enumerator over all installed traps (does not include
84 * externally managed trap policies).
86 * @return enumerator over (peer_cfg_t, child_sa_t)
88 enumerator_t
* (*create_enumerator
)(trap_manager_t
*this);
91 * Acquire an SA triggered by an installed trap.
93 * @param reqid reqid of the triggered policy
94 * @param data data from the acquire
96 void (*acquire
)(trap_manager_t
*this, uint32_t reqid
,
97 kernel_acquire_data_t
*data
);
100 * Clear any installed trap.
102 void (*flush
)(trap_manager_t
*this);
105 * Destroy a trap_manager_t.
107 void (*destroy
)(trap_manager_t
*this);
111 * Create a trap_manager instance.
113 trap_manager_t
*trap_manager_create();
115 #endif /** TRAP_MANAGER_H_ @}*/