src/libipsec/ipsec_policy.h

   1 /*
   2  * Copyright (C) 2012 Tobias Brunner
   3  * Copyright (C) 2012 Giuliano Grassi
   4  * Copyright (C) 2012 Ralf Sager
   5  * Hochschule fuer Technik Rapperswil
   6  *
   7  * This program is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by the
   9  * Free Software Foundation; either version 2 of the License, or (at your
  10  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  11  *
  12  * This program is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  14  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  15  * for more details.
  16  */
  17
  18 /**
  19  * @defgroup ipsec_policy ipsec_policy
  20  * @{ @ingroup libipsec
  21  */
  22
  23 #ifndef IPSEC_POLICY_H
  24 #define IPSEC_POLICY_H
  25
  26 #include "ip_packet.h"
  27
  28 #include <library.h>
  29 #include <networking/host.h>
  30 #include <ipsec/ipsec_types.h>
  31 #include <selectors/traffic_selector.h>
  32
  33 typedef struct ipsec_policy_t ipsec_policy_t;
  34
  35 /**
  36  * IPsec Policy
  37  */
  38 struct ipsec_policy_t {
  39
  40         /**
  41          * Get the source traffic selector of this policy
  42          *
  43          * @return                      the source traffic selector
  44          */
  45         traffic_selector_t *(*get_source_ts)(ipsec_policy_t *this);
  46
  47         /**
  48          * Get the destination traffic selector of this policy
  49          *
  50          * @return                      the destination traffic selector
  51          */
  52         traffic_selector_t *(*get_destination_ts)(ipsec_policy_t *this);
  53
  54         /**
  55          * Get the direction of this policy
  56          *
  57          * @return                      direction
  58          */
  59         policy_dir_t (*get_direction)(ipsec_policy_t *this);
  60
  61         /**
  62          * Get the priority of this policy
  63          *
  64          * @return                      priority
  65          */
  66         policy_priority_t (*get_priority)(ipsec_policy_t *this);
  67
  68         /**
  69          * Get the type of this policy (e.g. IPsec)
  70          *
  71          * @return                      the policy type
  72          */
  73         policy_type_t (*get_type)(ipsec_policy_t *this);
  74
  75         /**
  76          * Get the reqid associated to this policy
  77          *
  78          * @return                      the reqid
  79          */
  80         uint32_t (*get_reqid)(ipsec_policy_t *this);
  81
  82         /**
  83          * Get another reference to this policy
  84          *
  85          * @return                      additional reference to the policy
  86          */
  87         ipsec_policy_t *(*get_ref)(ipsec_policy_t *this);
  88
  89         /**
  90          * Check if this policy matches all given parameters
  91          *
  92          * @param src_ts                source traffic selector
  93          * @param dst_ts                destination traffic selector
  94          * @param direction             traffic direction
  95          * @param reqid                 reqid of the policy
  96          * @param mark                  mark for this policy
  97          * @param prioirty              policy priority
  98          * @return                              TRUE if policy matches all parameters
  99          */
 100         bool (*match)(ipsec_policy_t *this, traffic_selector_t *src_ts,
 101                                   traffic_selector_t *dst_ts, policy_dir_t direction,
 102                                   uint32_t reqid, mark_t mark, policy_priority_t priority);
 103
 104         /**
 105          * Check if this policy matches the given IP packet
 106          *
 107          * @param packet                IP packet
 108          * @return                              TRUE if policy matches the packet
 109          */
 110         bool (*match_packet)(ipsec_policy_t *this, ip_packet_t *packet);
 111
 112         /**
 113          * Destroy an ipsec_policy_t
 114          */
 115         void (*destroy)(ipsec_policy_t *this);
 116
 117 };
 118
 119 /**
 120  * Create an ipsec_policy_t instance
 121  *
 122  * @param src                   source address of SA
 123  * @param dst                   dest address of SA
 124  * @param src_ts                traffic selector to match traffic source
 125  * @param dst_ts                traffic selector to match traffic dest
 126  * @param direction             direction of traffic, POLICY_(IN|OUT|FWD)
 127  * @param type                  type of policy, POLICY_(IPSEC|PASS|DROP)
 128  * @param sa                    details about the SA(s) tied to this policy
 129  * @param mark                  mark for this policy
 130  * @param priority              priority of this policy
 131  * @return                              ipsec policy instance
 132  */
 133 ipsec_policy_t *ipsec_policy_create(host_t *src, host_t *dst,
 134                                                                         traffic_selector_t *src_ts,
 135                                                                         traffic_selector_t *dst_ts,
 136                                                                         policy_dir_t direction, policy_type_t type,
 137                                                                         ipsec_sa_cfg_t *sa, mark_t mark,
 138                                                                         policy_priority_t priority);
 139
 140 #endif /** IPSEC_POLICY_H @}*/