2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2012 Giuliano Grassi
4 * Copyright (C) 2012 Ralf Sager
6 * Copyright (C) secunet Security Networks AG
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * @defgroup ipsec_policy ipsec_policy
21 * @{ @ingroup libipsec
24 #ifndef IPSEC_POLICY_H
25 #define IPSEC_POLICY_H
27 #include "ip_packet.h"
30 #include <networking/host.h>
31 #include <ipsec/ipsec_types.h>
32 #include <selectors/traffic_selector.h>
34 typedef struct ipsec_policy_t ipsec_policy_t
;
39 struct ipsec_policy_t
{
42 * Get the source traffic selector of this policy
44 * @return the source traffic selector
46 traffic_selector_t
*(*get_source_ts
)(ipsec_policy_t
*this);
49 * Get the destination traffic selector of this policy
51 * @return the destination traffic selector
53 traffic_selector_t
*(*get_destination_ts
)(ipsec_policy_t
*this);
56 * Get the direction of this policy
60 policy_dir_t (*get_direction
)(ipsec_policy_t
*this);
63 * Get the priority of this policy
67 policy_priority_t (*get_priority
)(ipsec_policy_t
*this);
70 * Get the type of this policy (e.g. IPsec)
72 * @return the policy type
74 policy_type_t (*get_type
)(ipsec_policy_t
*this);
77 * Get the reqid associated to this policy
81 uint32_t (*get_reqid
)(ipsec_policy_t
*this);
84 * Get another reference to this policy
86 * @return additional reference to the policy
88 ipsec_policy_t
*(*get_ref
)(ipsec_policy_t
*this);
91 * Check if this policy matches all given parameters
93 * @param src_ts source traffic selector
94 * @param dst_ts destination traffic selector
95 * @param direction traffic direction
96 * @param reqid reqid of the policy
97 * @param mark mark for this policy
98 * @param priority policy priority
99 * @return TRUE if policy matches all parameters
101 bool (*match
)(ipsec_policy_t
*this, traffic_selector_t
*src_ts
,
102 traffic_selector_t
*dst_ts
, policy_dir_t direction
,
103 uint32_t reqid
, mark_t mark
, policy_priority_t priority
);
106 * Check if this policy matches the given IP packet
108 * @param packet IP packet
109 * @return TRUE if policy matches the packet
111 bool (*match_packet
)(ipsec_policy_t
*this, ip_packet_t
*packet
);
114 * Destroy an ipsec_policy_t
116 void (*destroy
)(ipsec_policy_t
*this);
121 * Create an ipsec_policy_t instance
123 * @param src source address of SA
124 * @param dst dest address of SA
125 * @param src_ts traffic selector to match traffic source
126 * @param dst_ts traffic selector to match traffic dest
127 * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
128 * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
129 * @param sa details about the SA(s) tied to this policy
130 * @param mark mark for this policy
131 * @param priority priority of this policy
132 * @return ipsec policy instance
134 ipsec_policy_t
*ipsec_policy_create(host_t
*src
, host_t
*dst
,
135 traffic_selector_t
*src_ts
,
136 traffic_selector_t
*dst_ts
,
137 policy_dir_t direction
, policy_type_t type
,
138 ipsec_sa_cfg_t
*sa
, mark_t mark
,
139 policy_priority_t priority
);
141 #endif /** IPSEC_POLICY_H @}*/