[strongSwan] TSi, TSr narrow down by external authorization process
SunilVasanta
v.sunil at sawridgesystems.com
Mon Nov 18 11:40:31 CET 2013
Hi Martin,
Thanks a lot for your valuable input, it helped me a lot
Thanks,
Sunil Vasanta
On 11-11-2013 14:59, Martin Willi wrote:
> Hi,
>
>> Is it possible to send out traffic selectors values TSi,TSr to other
>> process (Authorization process) for TS narrow down.
> A listener_t interface registered to the charon bus has a narrow() hook,
> see [1]. This hook can be used to modify traffic selectors during the
> setup of a CHILD_SA.
>
> To implement this interface, you should create your own charon plugin.
> This plugin can register a listener, but runs in the charon process. To
> delegate the narrowing decisions to a dedicated process, you can use
> some kind of IPC to communicate between the plugin and your external
> process.
>
> An example of a plugin using the narrow() hook is "unity". It registers
> a listener and uses it for narrowing, see [2] for more details.
>
> Regards
> Martin
>
> [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/bus/listeners/listener.h#l179
> [2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/unity/unity_narrow.c
>
>
>
--
Sunil Vasanta
Sawridgesystems
More information about the Users
mailing list