2 * Copyright (C) 2012-2013 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * @defgroup ipsec_types ipsec_types
21 #ifndef IPSEC_TYPES_H_
22 #define IPSEC_TYPES_H_
24 typedef enum ipsec_mode_t ipsec_mode_t
;
25 typedef enum policy_dir_t policy_dir_t
;
26 typedef enum policy_type_t policy_type_t
;
27 typedef enum policy_priority_t policy_priority_t
;
28 typedef enum ipcomp_transform_t ipcomp_transform_t
;
29 typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t
;
30 typedef struct lifetime_cfg_t lifetime_cfg_t
;
31 typedef struct mark_t mark_t
;
36 * Mode of an IPsec SA.
39 /** not using any encapsulation */
41 /** transport mode, no inner address */
43 /** tunnel mode, inner and outer addresses */
45 /** BEET mode, tunnel mode but fixed, bound inner addresses */
47 /** passthrough policy for traffic without an IPsec SA */
49 /** drop policy discarding traffic */
54 * enum names for ipsec_mode_t.
56 extern enum_name_t
*ipsec_mode_names
;
59 * Direction of a policy. These are equal to those
60 * defined in xfrm.h, but we want to stay implementation
64 /** Policy for inbound traffic */
66 /** Policy for outbound traffic */
68 /** Policy for forwarded traffic */
73 * enum names for policy_dir_t.
75 extern enum_name_t
*policy_dir_names
;
81 /** Normal IPsec policy */
83 /** Passthrough policy (traffic is ignored by IPsec) */
85 /** Drop policy (traffic is discarded) */
90 * High-level priority of a policy.
92 enum policy_priority_t
{
93 /** Default priority */
94 POLICY_PRIORITY_DEFAULT
,
95 /** Priority for trap policies */
96 POLICY_PRIORITY_ROUTED
,
97 /** Priority for fallback drop policies */
98 POLICY_PRIORITY_FALLBACK
,
102 * IPComp transform IDs, as in RFC 4306
104 enum ipcomp_transform_t
{
113 * enum strings for ipcomp_transform_t.
115 extern enum_name_t
*ipcomp_transform_names
;
118 * This struct contains details about IPsec SA(s) tied to a policy.
120 struct ipsec_sa_cfg_t
{
121 /** mode of SA (tunnel, transport) */
125 /** details about ESP/AH */
127 /** TRUE if this protocol is used */
129 /** SPI for ESP/AH */
132 /** details about IPComp */
134 /** the IPComp transform used */
136 /** CPI for IPComp */
142 * A lifetime_cfg_t defines the lifetime limits of an SA.
144 * Set any of these values to 0 to ignore.
146 struct lifetime_cfg_t
{
148 /** Limit before the SA gets invalid. */
150 /** Limit before the SA gets rekeyed. */
152 /** The range of a random value subtracted from rekey. */
154 } time
, bytes
, packets
;
158 * A mark_t defines an optional mark in an IPsec SA.
168 * Special mark value that uses the reqid of the CHILD_SA as mark
170 #define MARK_REQID (0xFFFFFFFF)
173 * Try to parse a mark_t from the given string of the form mark[/mask].
175 * @param value string to parse
176 * @param mark mark to fill
177 * @return TRUE if parsing was successful
179 bool mark_from_string(const char *value
, mark_t
*mark
);
181 #endif /** IPSEC_TYPES_H_ @}*/