2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2012 Giuliano Grassi
4 * Copyright (C) 2012 Ralf Sager
5 * Hochschule fuer Technik Rapperswil
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 * @defgroup ipsec_policy ipsec_policy
20 * @{ @ingroup libipsec
23 #ifndef IPSEC_POLICY_H
24 #define IPSEC_POLICY_H
26 #include "ip_packet.h"
29 #include <networking/host.h>
30 #include <ipsec/ipsec_types.h>
31 #include <selectors/traffic_selector.h>
33 typedef struct ipsec_policy_t ipsec_policy_t
;
38 struct ipsec_policy_t
{
41 * Get the source traffic selector of this policy
43 * @return the source traffic selector
45 traffic_selector_t
*(*get_source_ts
)(ipsec_policy_t
*this);
48 * Get the destination traffic selector of this policy
50 * @return the destination traffic selector
52 traffic_selector_t
*(*get_destination_ts
)(ipsec_policy_t
*this);
55 * Get the direction of this policy
59 policy_dir_t (*get_direction
)(ipsec_policy_t
*this);
62 * Get the priority of this policy
66 policy_priority_t (*get_priority
)(ipsec_policy_t
*this);
69 * Get the type of this policy (e.g. IPsec)
71 * @return the policy type
73 policy_type_t (*get_type
)(ipsec_policy_t
*this);
76 * Get the reqid associated to this policy
80 uint32_t (*get_reqid
)(ipsec_policy_t
*this);
83 * Get another reference to this policy
85 * @return additional reference to the policy
87 ipsec_policy_t
*(*get_ref
)(ipsec_policy_t
*this);
90 * Check if this policy matches all given parameters
92 * @param src_ts source traffic selector
93 * @param dst_ts destination traffic selector
94 * @param direction traffic direction
95 * @param reqid reqid of the policy
96 * @param mark mark for this policy
97 * @param prioirty policy priority
98 * @return TRUE if policy matches all parameters
100 bool (*match
)(ipsec_policy_t
*this, traffic_selector_t
*src_ts
,
101 traffic_selector_t
*dst_ts
, policy_dir_t direction
,
102 uint32_t reqid
, mark_t mark
, policy_priority_t priority
);
105 * Check if this policy matches the given IP packet
107 * @param packet IP packet
108 * @return TRUE if policy matches the packet
110 bool (*match_packet
)(ipsec_policy_t
*this, ip_packet_t
*packet
);
113 * Destroy an ipsec_policy_t
115 void (*destroy
)(ipsec_policy_t
*this);
120 * Create an ipsec_policy_t instance
122 * @param src source address of SA
123 * @param dst dest address of SA
124 * @param src_ts traffic selector to match traffic source
125 * @param dst_ts traffic selector to match traffic dest
126 * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
127 * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
128 * @param sa details about the SA(s) tied to this policy
129 * @param mark mark for this policy
130 * @param priority priority of this policy
131 * @return ipsec policy instance
133 ipsec_policy_t
*ipsec_policy_create(host_t
*src
, host_t
*dst
,
134 traffic_selector_t
*src_ts
,
135 traffic_selector_t
*dst_ts
,
136 policy_dir_t direction
, policy_type_t type
,
137 ipsec_sa_cfg_t
*sa
, mark_t mark
,
138 policy_priority_t priority
);
140 #endif /** IPSEC_POLICY_H @}*/