]> git.ipfire.org Git - thirdparty/strongswan.git/blob - programs/charon/charon/config/policies/policy.h
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
- import of strongswan-2.7.0
[thirdparty/strongswan.git] / programs / charon / charon / config / policies / policy.h
1 /**
2 * @file policy.h
3 *
4 * @brief Interface of policy_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef POLICY_H_
24 #define POLICY_H_
25
26 #include <types.h>
27 #include <utils/identification.h>
28 #include <config/traffic_selector.h>
29 #include <config/proposal.h>
30 #include <encoding/payloads/auth_payload.h>
31
32
33 typedef struct policy_t policy_t;
34
35 /**
36 * @brief A policy_t defines the policies to apply to CHILD_SAs.
37 *
38 * The given two IDs identify a policy. These rules define how
39 * child SAs may be set up and which traffic may be IPsec'ed.
40 *
41 * @b Constructors:
42 * - policy_create()
43 *
44 * @ingroup config
45 */
46 struct policy_t {
47
48 /**
49 * @brief Get own id to use for identification.
50 *
51 * Returned object is not getting cloned.
52 *
53 * @param this calling object
54 * @return own id
55 */
56 identification_t *(*get_my_id) (policy_t *this);
57
58 /**
59 * @brief Get id of communication partner.
60 *
61 * Returned object is not getting cloned.
62 *
63 * @param this calling object
64 * @return other id
65 */
66 identification_t *(*get_other_id) (policy_t *this);
67
68 /**
69 * @brief Update own ID.
70 *
71 * It may be necessary to uptdate own ID, as it
72 * is set to %any or to e.g. *@strongswan.org in
73 * some cases.
74 * Old ID is destroyed, new one NOT cloned.
75 *
76 * @param this calling object
77 * @param my_id new ID to set as my_id
78 */
79 void (*update_my_id) (policy_t *this, identification_t *my_id);
80
81 /**
82 * @brief Update others ID.
83 *
84 * It may be necessary to uptdate others ID, as it
85 * is set to %any or to e.g. *@strongswan.org in
86 * some cases.
87 * Old ID is destroyed, new one NOT cloned.
88 *
89 * @param this calling object
90 * @param other_id new ID to set as other_id
91 */
92 void (*update_other_id) (policy_t *this, identification_t *other_id);
93
94 /**
95 * @brief Update own address in traffic selectors.
96 *
97 * Update own 0.0.0.0 address in traffic selectors
98 * with supplied one. The size of the subnet will be
99 * set to /32.
100 *
101 * @param this calling object
102 * @param my_host new address to set in traffic selectors
103 */
104 void (*update_my_ts) (policy_t *this, host_t *my_host);
105
106 /**
107 * @brief Update others address in traffic selectors.
108 *
109 * Update remote 0.0.0.0 address in traffic selectors
110 * with supplied one. The size of the subnet will be
111 * set to /32.
112 *
113 * @param this calling object
114 * @param other_host new address to set in traffic selectors
115 */
116 void (*update_other_ts) (policy_t *this, host_t *other_host);
117
118 /**
119 * @brief Get configured traffic selectors for our site.
120 *
121 * Returns a list with all traffic selectors for the local
122 * site. List and items MUST NOT be freed nor modified.
123 *
124 * @param this calling object
125 * @return list with traffic selectors
126 */
127 linked_list_t *(*get_my_traffic_selectors) (policy_t *this);
128
129 /**
130 * @brief Get configured traffic selectors for others site.
131 *
132 * Returns a list with all traffic selectors for the remote
133 * site. List and items MUST NOT be freed nor modified.
134 *
135 * @param this calling object
136 * @return list with traffic selectors
137 */
138 linked_list_t *(*get_other_traffic_selectors) (policy_t *this);
139
140 /**
141 * @brief Select traffic selectors from a supplied list for local site.
142 *
143 * Resulted list and traffic selectors must be destroyed after usage.
144 *
145 * @param this calling object
146 * @param supplied linked list with traffic selectors
147 * @return list containing the selected traffic selectors
148 */
149 linked_list_t *(*select_my_traffic_selectors) (policy_t *this, linked_list_t *supplied);
150
151 /**
152 * @brief Select traffic selectors from a supplied list for remote site.
153 *
154 * Resulted list and traffic selectors must be destroyed after usage.
155 *
156 * @param this calling object
157 * @param supplied linked list with traffic selectors
158 * @return list containing the selected traffic selectors
159 */
160 linked_list_t *(*select_other_traffic_selectors) (policy_t *this, linked_list_t *supplied);
161
162 /**
163 * @brief Get the list of internally stored proposals.
164 *
165 * Rembember: policy_t does store proposals for AH/ESP,
166 * IKE proposals are in the connection_t
167 *
168 * @warning List and Items are still owned by policy and MUST NOT
169 * be manipulated or freed!
170 *
171 * @param this calling object
172 * @return lists with proposals
173 */
174 linked_list_t *(*get_proposals) (policy_t *this);
175
176 /**
177 * @brief Select a proposal from a supplied list.
178 *
179 * @param this calling object
180 * @param proposals list from from wich proposals are selected
181 * @return selected proposal, or NULL if nothing matches
182 */
183 proposal_t *(*select_proposal) (policy_t *this, linked_list_t *proposals);
184
185 /**
186 * @brief Add a traffic selector to the list for local site.
187 *
188 * After add, proposal is owned by policy.
189 *
190 * @warning Do not add while other threads are reading.
191 *
192 * @param this calling object
193 * @param traffic_selector traffic_selector to add
194 */
195 void (*add_my_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
196
197 /**
198 * @brief Add a traffic selector to the list for remote site.
199 *
200 * After add, proposal is owned by policy.
201 *
202 * @warning Do not add while other threads are reading.
203 *
204 * @param this calling object
205 * @param traffic_selector traffic_selector to add
206 */
207 void (*add_other_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
208
209 /**
210 * @brief Add a proposal to the list.
211 *
212 * The proposals are stored by priority, first added
213 * is the most prefered.
214 *
215 * @warning Do not add while other threads are reading.
216 *
217 * @param this calling object
218 * @param proposal proposal to add
219 */
220 void (*add_proposal) (policy_t *this, proposal_t *proposal);
221
222 /**
223 * @brief Clone a policy.
224 *
225 * @param this policy to clone
226 * @return clone of it
227 */
228 policy_t *(*clone) (policy_t *this);
229
230 /**
231 * @brief Destroys the policy object
232 *
233 * @param this calling object
234 */
235 void (*destroy) (policy_t *this);
236 };
237
238 /**
239 * @brief Create a configuration object for IKE_AUTH and later.
240 *
241 * @param my_id identification_t for ourselves
242 * @param other_id identification_t for the remote guy
243 * @return policy_t object
244 *
245 * @ingroup config
246 */
247 policy_t *policy_create(identification_t *my_id, identification_t *other_id);
248
249 #endif /* POLICY_H_ */
Unnamed repository; edit this file 'description' to name the repository.