[thirdparty/strongswan.git] / src / libstrongswan / ipsec / ipsec_types.h

/*
 * Copyright (C) 2012-2013 Tobias Brunner
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup ipsec_types ipsec_types
 * @{ @ingroup ipsec
 */

#ifndef IPSEC_TYPES_H_
#define IPSEC_TYPES_H_

typedef enum ipsec_mode_t ipsec_mode_t;
typedef enum policy_dir_t policy_dir_t;
typedef enum policy_type_t policy_type_t;
typedef enum policy_priority_t policy_priority_t;
typedef enum ipcomp_transform_t ipcomp_transform_t;
typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
typedef struct lifetime_cfg_t lifetime_cfg_t;
typedef struct mark_t mark_t;

#include <library.h>

/**
 * Mode of an IPsec SA.
 */
enum ipsec_mode_t {
	/** not using any encapsulation */
	MODE_NONE = 0,
	/** transport mode, no inner address */
	MODE_TRANSPORT = 1,
	/** tunnel mode, inner and outer addresses */
	MODE_TUNNEL,
	/** BEET mode, tunnel mode but fixed, bound inner addresses */
	MODE_BEET,
	/** passthrough policy for traffic without an IPsec SA */
	MODE_PASS,
	/** drop policy discarding traffic */
	MODE_DROP
};

/**
 * enum names for ipsec_mode_t.
 */
extern enum_name_t *ipsec_mode_names;

/**
 * Direction of a policy. These are equal to those
 * defined in xfrm.h, but we want to stay implementation
 * neutral here.
 */
enum policy_dir_t {
	/** Policy for inbound traffic */
	POLICY_IN = 0,
	/** Policy for outbound traffic */
	POLICY_OUT = 1,
	/** Policy for forwarded traffic */
	POLICY_FWD = 2,
};

/**
 * enum names for policy_dir_t.
 */
extern enum_name_t *policy_dir_names;

/**
 * Type of a policy.
 */
enum policy_type_t {
	/** Normal IPsec policy */
	POLICY_IPSEC = 1,
	/** Passthrough policy (traffic is ignored by IPsec) */
	POLICY_PASS,
	/** Drop policy (traffic is discarded) */
	POLICY_DROP,
};

/**
 * High-level priority of a policy.
 */
enum policy_priority_t {
	/** Priority for passthrough policies */
	POLICY_PRIORITY_PASS,
	/** Priority for regular IPsec policies */
	POLICY_PRIORITY_DEFAULT,
	/** Priority for trap policies */
	POLICY_PRIORITY_ROUTED,
	/** Priority for fallback drop policies */
	POLICY_PRIORITY_FALLBACK,
};

/**
 * IPComp transform IDs, as in RFC 4306
 */
enum ipcomp_transform_t {
	IPCOMP_NONE = 0,
	IPCOMP_OUI = 1,
	IPCOMP_DEFLATE = 2,
	IPCOMP_LZS = 3,
	IPCOMP_LZJH = 4,
};

/**
 * enum strings for ipcomp_transform_t.
 */
extern enum_name_t *ipcomp_transform_names;

/**
 * This struct contains details about IPsec SA(s) tied to a policy.
 */
struct ipsec_sa_cfg_t {
	/** mode of SA (tunnel, transport) */
	ipsec_mode_t mode;
	/** unique ID */
	u_int32_t reqid;
	/** number of policies of the same kind (in/out/fwd) attached to SA */
	u_int32_t policy_count;
	/** details about ESP/AH */
	struct {
		/** TRUE if this protocol is used */
		bool use;
		/** SPI for ESP/AH */
		u_int32_t spi;
	} esp, ah;
	/** details about IPComp */
	struct {
		/** the IPComp transform used */
		u_int16_t transform;
		/** CPI for IPComp */
		u_int16_t cpi;
	} ipcomp;
};

/**
 * A lifetime_cfg_t defines the lifetime limits of an SA.
 *
 * Set any of these values to 0 to ignore.
 */
struct lifetime_cfg_t {
	struct {
		/** Limit before the SA gets invalid. */
		u_int64_t	life;
		/** Limit before the SA gets rekeyed. */
		u_int64_t	rekey;
		/** The range of a random value subtracted from rekey. */
		u_int64_t	jitter;
	} time, bytes, packets;
};

/**
 * A mark_t defines an optional mark in an IPsec SA.
 */
struct mark_t {
	/** Mark value */
	u_int32_t value;
	/** Mark mask */
	u_int32_t mask;
};

/**
 * Special mark value that uses a unique mark for each CHILD_SA
 */
#define MARK_UNIQUE (0xFFFFFFFF)

/**
 * Try to parse a mark_t from the given string of the form mark[/mask].
 *
 * @param value		string to parse
 * @param mark		mark to fill
 * @return			TRUE if parsing was successful
 */
bool mark_from_string(const char *value, mark_t *mark);

#endif /** IPSEC_TYPES_H_ @}*/
Commit	Line	Data
156f7e9b	1	/*
434e530f	2	* Copyright (C) 2012-2013 Tobias Brunner
156f7e9b TB	3	* Hochschule fuer Technik Rapperswil
	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
	14	*/
	15
	16	/**
	17	* @defgroup ipsec_types ipsec_types
	18	* @{ @ingroup ipsec
	19	*/
	20
	21	#ifndef IPSEC_TYPES_H_
	22	#define IPSEC_TYPES_H_
	23
	24	typedef enum ipsec_mode_t ipsec_mode_t;
	25	typedef enum policy_dir_t policy_dir_t;
	26	typedef enum policy_type_t policy_type_t;
	27	typedef enum policy_priority_t policy_priority_t;
	28	typedef enum ipcomp_transform_t ipcomp_transform_t;
	29	typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
	30	typedef struct lifetime_cfg_t lifetime_cfg_t;
	31	typedef struct mark_t mark_t;
	32
	33	#include <library.h>
	34
	35	/**
	36	* Mode of an IPsec SA.
	37	*/
	38	enum ipsec_mode_t {
	39	/** not using any encapsulation */
	40	MODE_NONE = 0,
	41	/** transport mode, no inner address */
	42	MODE_TRANSPORT = 1,
	43	/** tunnel mode, inner and outer addresses */
	44	MODE_TUNNEL,
	45	/** BEET mode, tunnel mode but fixed, bound inner addresses */
	46	MODE_BEET,
	47	/** passthrough policy for traffic without an IPsec SA */
	48	MODE_PASS,
	49	/** drop policy discarding traffic */
	50	MODE_DROP
	51	};
	52
	53	/**
	54	* enum names for ipsec_mode_t.
	55	*/
	56	extern enum_name_t *ipsec_mode_names;
	57
	58	/**
	59	* Direction of a policy. These are equal to those
	60	* defined in xfrm.h, but we want to stay implementation
	61	* neutral here.
	62	*/
	63	enum policy_dir_t {
	64	/** Policy for inbound traffic */
	65	POLICY_IN = 0,
	66	/** Policy for outbound traffic */
67	POLICY_OUT = 1,
68	/** Policy for forwarded traffic */
69	POLICY_FWD = 2,
70	};
71
72	/**
73	* enum names for policy_dir_t.
74	*/
75	extern enum_name_t *policy_dir_names;
76
77	/**
78	* Type of a policy.
79	*/
80	enum policy_type_t {
81	/** Normal IPsec policy */
82	POLICY_IPSEC = 1,
83	/** Passthrough policy (traffic is ignored by IPsec) */
84	POLICY_PASS,
85	/** Drop policy (traffic is discarded) */
86	POLICY_DROP,
87	};
88
89	/**
90	* High-level priority of a policy.
91	*/
92	enum policy_priority_t {
479060d2 TB	93	/** Priority for passthrough policies */
	94	POLICY_PRIORITY_PASS,
	95	/** Priority for regular IPsec policies */
156f7e9b TB	96	POLICY_PRIORITY_DEFAULT,
	97	/** Priority for trap policies */
	98	POLICY_PRIORITY_ROUTED,
	99	/** Priority for fallback drop policies */
	100	POLICY_PRIORITY_FALLBACK,
	101	};
	102
	103	/**
	104	* IPComp transform IDs, as in RFC 4306
	105	*/
	106	enum ipcomp_transform_t {
	107	IPCOMP_NONE = 0,
	108	IPCOMP_OUI = 1,
	109	IPCOMP_DEFLATE = 2,
	110	IPCOMP_LZS = 3,
	111	IPCOMP_LZJH = 4,
	112	};
	113
	114	/**
	115	* enum strings for ipcomp_transform_t.
	116	*/
	117	extern enum_name_t *ipcomp_transform_names;
	118
	119	/**
	120	* This struct contains details about IPsec SA(s) tied to a policy.
	121	*/
	122	struct ipsec_sa_cfg_t {
	123	/** mode of SA (tunnel, transport) */
	124	ipsec_mode_t mode;
	125	/** unique ID */
	126	u_int32_t reqid;
4b09bd6c MW	127	/** number of policies of the same kind (in/out/fwd) attached to SA */
4b09bd6c MW	128	u_int32_t policy_count;
156f7e9b TB	129	/** details about ESP/AH */
	130	struct {
	131	/** TRUE if this protocol is used */
	132	bool use;
	133	/** SPI for ESP/AH */
	134	u_int32_t spi;
	135	} esp, ah;
	136	/** details about IPComp */
	137	struct {
	138	/** the IPComp transform used */
	139	u_int16_t transform;
	140	/** CPI for IPComp */
	141	u_int16_t cpi;
	142	} ipcomp;
	143	};
	144
	145	/**
	146	* A lifetime_cfg_t defines the lifetime limits of an SA.
	147	*
	148	* Set any of these values to 0 to ignore.
	149	*/
	150	struct lifetime_cfg_t {
	151	struct {
	152	/** Limit before the SA gets invalid. */
	153	u_int64_t life;
	154	/** Limit before the SA gets rekeyed. */
	155	u_int64_t rekey;
	156	/** The range of a random value subtracted from rekey. */
	157	u_int64_t jitter;
	158	} time, bytes, packets;
	159	};
	160
	161	/**
	162	* A mark_t defines an optional mark in an IPsec SA.
	163	*/
	164	struct mark_t {
	165	/** Mark value */
	166	u_int32_t value;
	167	/** Mark mask */
	168	u_int32_t mask;
	169	};
	170
	171	/**
85b23888	172	* Special mark value that uses a unique mark for each CHILD_SA
156f7e9b	173	*/
85b23888	174	#define MARK_UNIQUE (0xFFFFFFFF)
156f7e9b	175
434e530f	176	/**
dd438ee2	177	* Try to parse a mark_t from the given string of the form mark[/mask].
434e530f TB	178	*
	179	* @param value string to parse
	180	* @param mark mark to fill
	181	* @return TRUE if parsing was successful
	182	*/
	183	bool mark_from_string(const char value, mark_t mark);
	184
156f7e9b	185	#endif /** IPSEC_TYPES_H_ @}*/