[strongSwan] TSi, TSr narrow down by external authorization process
Martin Willi
martin at strongswan.org
Mon Nov 11 10:29:49 CET 2013
Hi,
> Is it possible to send out traffic selectors values TSi,TSr to other
> process (Authorization process) for TS narrow down.
A listener_t interface registered to the charon bus has a narrow() hook,
see [1]. This hook can be used to modify traffic selectors during the
setup of a CHILD_SA.
To implement this interface, you should create your own charon plugin.
This plugin can register a listener, but runs in the charon process. To
delegate the narrowing decisions to a dedicated process, you can use
some kind of IPC to communicate between the plugin and your external
process.
An example of a plugin using the narrow() hook is "unity". It registers
a listener and uses it for narrowing, see [2] for more details.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/bus/listeners/listener.h#l179
[2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/unity/unity_narrow.c
More information about the Users
mailing list