src/libipsec/ipsec_policy.h

   1 /*
   2  * Copyright (C) 2012 Tobias Brunner
   3  * Copyright (C) 2012 Giuliano Grassi
   4  * Copyright (C) 2012 Ralf Sager
   5  *
   6  * Copyright (C) secunet Security Networks AG
   7  *
   8  * This program is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU General Public License as published by the
  10  * Free Software Foundation; either version 2 of the License, or (at your
  11  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  12  *
  13  * This program is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  15  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  16  * for more details.
  17  */
  18
  19 /**
  20  * @defgroup ipsec_policy ipsec_policy
  21  * @{ @ingroup libipsec
  22  */
  23
  24 #ifndef IPSEC_POLICY_H
  25 #define IPSEC_POLICY_H
  26
  27 #include "ip_packet.h"
  28
  29 #include <library.h>
  30 #include <networking/host.h>
  31 #include <ipsec/ipsec_types.h>
  32 #include <selectors/traffic_selector.h>
  33
  34 typedef struct ipsec_policy_t ipsec_policy_t;
  35
  36 /**
  37  * IPsec Policy
  38  */
  39 struct ipsec_policy_t {
  40
  41         /**
  42          * Get the source traffic selector of this policy
  43          *
  44          * @return                      the source traffic selector
  45          */
  46         traffic_selector_t *(*get_source_ts)(ipsec_policy_t *this);
  47
  48         /**
  49          * Get the destination traffic selector of this policy
  50          *
  51          * @return                      the destination traffic selector
  52          */
  53         traffic_selector_t *(*get_destination_ts)(ipsec_policy_t *this);
  54
  55         /**
  56          * Get the direction of this policy
  57          *
  58          * @return                      direction
  59          */
  60         policy_dir_t (*get_direction)(ipsec_policy_t *this);
  61
  62         /**
  63          * Get the priority of this policy
  64          *
  65          * @return                      priority
  66          */
  67         policy_priority_t (*get_priority)(ipsec_policy_t *this);
  68
  69         /**
  70          * Get the type of this policy (e.g. IPsec)
  71          *
  72          * @return                      the policy type
  73          */
  74         policy_type_t (*get_type)(ipsec_policy_t *this);
  75
  76         /**
  77          * Get the reqid associated to this policy
  78          *
  79          * @return                      the reqid
  80          */
  81         uint32_t (*get_reqid)(ipsec_policy_t *this);
  82
  83         /**
  84          * Get another reference to this policy
  85          *
  86          * @return                      additional reference to the policy
  87          */
  88         ipsec_policy_t *(*get_ref)(ipsec_policy_t *this);
  89
  90         /**
  91          * Check if this policy matches all given parameters
  92          *
  93          * @param src_ts                source traffic selector
  94          * @param dst_ts                destination traffic selector
  95          * @param direction             traffic direction
  96          * @param reqid                 reqid of the policy
  97          * @param mark                  mark for this policy
  98          * @param priority              policy priority
  99          * @return                              TRUE if policy matches all parameters
 100          */
 101         bool (*match)(ipsec_policy_t *this, traffic_selector_t *src_ts,
 102                                   traffic_selector_t *dst_ts, policy_dir_t direction,
 103                                   uint32_t reqid, mark_t mark, policy_priority_t priority);
 104
 105         /**
 106          * Check if this policy matches the given IP packet
 107          *
 108          * @param packet                IP packet
 109          * @return                              TRUE if policy matches the packet
 110          */
 111         bool (*match_packet)(ipsec_policy_t *this, ip_packet_t *packet);
 112
 113         /**
 114          * Destroy an ipsec_policy_t
 115          */
 116         void (*destroy)(ipsec_policy_t *this);
 117
 118 };
 119
 120 /**
 121  * Create an ipsec_policy_t instance
 122  *
 123  * @param src                   source address of SA
 124  * @param dst                   dest address of SA
 125  * @param src_ts                traffic selector to match traffic source
 126  * @param dst_ts                traffic selector to match traffic dest
 127  * @param direction             direction of traffic, POLICY_(IN|OUT|FWD)
 128  * @param type                  type of policy, POLICY_(IPSEC|PASS|DROP)
 129  * @param sa                    details about the SA(s) tied to this policy
 130  * @param mark                  mark for this policy
 131  * @param priority              priority of this policy
 132  * @return                              ipsec policy instance
 133  */
 134 ipsec_policy_t *ipsec_policy_create(host_t *src, host_t *dst,
 135                                                                         traffic_selector_t *src_ts,
 136                                                                         traffic_selector_t *dst_ts,
 137                                                                         policy_dir_t direction, policy_type_t type,
 138                                                                         ipsec_sa_cfg_t *sa, mark_t mark,
 139                                                                         policy_priority_t priority);
 140
 141 #endif /** IPSEC_POLICY_H @}*/