2 * Copyright (C) 2012-2013 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * @defgroup ipsec_types ipsec_types
21 #ifndef IPSEC_TYPES_H_
22 #define IPSEC_TYPES_H_
24 typedef enum ipsec_mode_t ipsec_mode_t
;
25 typedef enum policy_dir_t policy_dir_t
;
26 typedef enum policy_type_t policy_type_t
;
27 typedef enum policy_priority_t policy_priority_t
;
28 typedef enum ipcomp_transform_t ipcomp_transform_t
;
29 typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t
;
30 typedef struct lifetime_cfg_t lifetime_cfg_t
;
31 typedef struct mark_t mark_t
;
36 * Mode of an IPsec SA.
39 /** not using any encapsulation */
41 /** transport mode, no inner address */
43 /** tunnel mode, inner and outer addresses */
45 /** BEET mode, tunnel mode but fixed, bound inner addresses */
47 /** passthrough policy for traffic without an IPsec SA */
49 /** drop policy discarding traffic */
54 * enum names for ipsec_mode_t.
56 extern enum_name_t
*ipsec_mode_names
;
59 * Direction of a policy. These are equal to those
60 * defined in xfrm.h, but we want to stay implementation
64 /** Policy for inbound traffic */
66 /** Policy for outbound traffic */
68 /** Policy for forwarded traffic */
73 * enum names for policy_dir_t.
75 extern enum_name_t
*policy_dir_names
;
81 /** Normal IPsec policy */
83 /** Passthrough policy (traffic is ignored by IPsec) */
85 /** Drop policy (traffic is discarded) */
90 * High-level priority of a policy.
92 enum policy_priority_t
{
93 /** Priority for passthrough policies */
95 /** Priority for regular IPsec policies */
96 POLICY_PRIORITY_DEFAULT
,
97 /** Priority for trap policies */
98 POLICY_PRIORITY_ROUTED
,
99 /** Priority for fallback drop policies */
100 POLICY_PRIORITY_FALLBACK
,
104 * IPComp transform IDs, as in RFC 4306
106 enum ipcomp_transform_t
{
115 * enum strings for ipcomp_transform_t.
117 extern enum_name_t
*ipcomp_transform_names
;
120 * This struct contains details about IPsec SA(s) tied to a policy.
122 struct ipsec_sa_cfg_t
{
123 /** mode of SA (tunnel, transport) */
127 /** number of policies of the same kind (in/out/fwd) attached to SA */
128 u_int32_t policy_count
;
129 /** details about ESP/AH */
131 /** TRUE if this protocol is used */
133 /** SPI for ESP/AH */
136 /** details about IPComp */
138 /** the IPComp transform used */
140 /** CPI for IPComp */
146 * A lifetime_cfg_t defines the lifetime limits of an SA.
148 * Set any of these values to 0 to ignore.
150 struct lifetime_cfg_t
{
152 /** Limit before the SA gets invalid. */
154 /** Limit before the SA gets rekeyed. */
156 /** The range of a random value subtracted from rekey. */
158 } time
, bytes
, packets
;
162 * A mark_t defines an optional mark in an IPsec SA.
172 * Special mark value that uses a unique mark for each CHILD_SA
174 #define MARK_UNIQUE (0xFFFFFFFF)
177 * Try to parse a mark_t from the given string of the form mark[/mask].
179 * @param value string to parse
180 * @param mark mark to fill
181 * @return TRUE if parsing was successful
183 bool mark_from_string(const char *value
, mark_t
*mark
);
185 #endif /** IPSEC_TYPES_H_ @}*/