4 * @brief Interface of policy_t.
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
27 #include <utils/identification.h>
28 #include <config/traffic_selector.h>
29 #include <config/proposal.h>
30 #include <encoding/payloads/auth_payload.h>
33 typedef struct policy_t policy_t
;
36 * @brief A policy_t defines the policies to apply to CHILD_SAs.
38 * The given two IDs identify a policy. These rules define how
39 * child SAs may be set up and which traffic may be IPsec'ed.
49 * @brief Get own id to use for identification.
51 * Returned object is not getting cloned.
53 * @param this calling object
56 identification_t
*(*get_my_id
) (policy_t
*this);
59 * @brief Get id of communication partner.
61 * Returned object is not getting cloned.
63 * @param this calling object
66 identification_t
*(*get_other_id
) (policy_t
*this);
69 * @brief Update own ID.
71 * It may be necessary to uptdate own ID, as it
72 * is set to %any or to e.g. *@strongswan.org in
74 * Old ID is destroyed, new one NOT cloned.
76 * @param this calling object
77 * @param my_id new ID to set as my_id
79 void (*update_my_id
) (policy_t
*this, identification_t
*my_id
);
82 * @brief Update others ID.
84 * It may be necessary to uptdate others ID, as it
85 * is set to %any or to e.g. *@strongswan.org in
87 * Old ID is destroyed, new one NOT cloned.
89 * @param this calling object
90 * @param other_id new ID to set as other_id
92 void (*update_other_id
) (policy_t
*this, identification_t
*other_id
);
95 * @brief Update own address in traffic selectors.
97 * Update own 0.0.0.0 address in traffic selectors
98 * with supplied one. The size of the subnet will be
101 * @param this calling object
102 * @param my_host new address to set in traffic selectors
104 void (*update_my_ts
) (policy_t
*this, host_t
*my_host
);
107 * @brief Update others address in traffic selectors.
109 * Update remote 0.0.0.0 address in traffic selectors
110 * with supplied one. The size of the subnet will be
113 * @param this calling object
114 * @param other_host new address to set in traffic selectors
116 void (*update_other_ts
) (policy_t
*this, host_t
*other_host
);
119 * @brief Get configured traffic selectors for our site.
121 * Returns a list with all traffic selectors for the local
122 * site. List and items MUST NOT be freed nor modified.
124 * @param this calling object
125 * @return list with traffic selectors
127 linked_list_t
*(*get_my_traffic_selectors
) (policy_t
*this);
130 * @brief Get configured traffic selectors for others site.
132 * Returns a list with all traffic selectors for the remote
133 * site. List and items MUST NOT be freed nor modified.
135 * @param this calling object
136 * @return list with traffic selectors
138 linked_list_t
*(*get_other_traffic_selectors
) (policy_t
*this);
141 * @brief Select traffic selectors from a supplied list for local site.
143 * Resulted list and traffic selectors must be destroyed after usage.
145 * @param this calling object
146 * @param supplied linked list with traffic selectors
147 * @return list containing the selected traffic selectors
149 linked_list_t
*(*select_my_traffic_selectors
) (policy_t
*this, linked_list_t
*supplied
);
152 * @brief Select traffic selectors from a supplied list for remote site.
154 * Resulted list and traffic selectors must be destroyed after usage.
156 * @param this calling object
157 * @param supplied linked list with traffic selectors
158 * @return list containing the selected traffic selectors
160 linked_list_t
*(*select_other_traffic_selectors
) (policy_t
*this, linked_list_t
*supplied
);
163 * @brief Get the list of internally stored proposals.
165 * Rembember: policy_t does store proposals for AH/ESP,
166 * IKE proposals are in the connection_t
168 * @warning List and Items are still owned by policy and MUST NOT
169 * be manipulated or freed!
171 * @param this calling object
172 * @return lists with proposals
174 linked_list_t
*(*get_proposals
) (policy_t
*this);
177 * @brief Select a proposal from a supplied list.
179 * @param this calling object
180 * @param proposals list from from wich proposals are selected
181 * @return selected proposal, or NULL if nothing matches
183 proposal_t
*(*select_proposal
) (policy_t
*this, linked_list_t
*proposals
);
186 * @brief Add a traffic selector to the list for local site.
188 * After add, proposal is owned by policy.
190 * @warning Do not add while other threads are reading.
192 * @param this calling object
193 * @param traffic_selector traffic_selector to add
195 void (*add_my_traffic_selector
) (policy_t
*this, traffic_selector_t
*traffic_selector
);
198 * @brief Add a traffic selector to the list for remote site.
200 * After add, proposal is owned by policy.
202 * @warning Do not add while other threads are reading.
204 * @param this calling object
205 * @param traffic_selector traffic_selector to add
207 void (*add_other_traffic_selector
) (policy_t
*this, traffic_selector_t
*traffic_selector
);
210 * @brief Add a proposal to the list.
212 * The proposals are stored by priority, first added
213 * is the most prefered.
215 * @warning Do not add while other threads are reading.
217 * @param this calling object
218 * @param proposal proposal to add
220 void (*add_proposal
) (policy_t
*this, proposal_t
*proposal
);
223 * @brief Clone a policy.
225 * @param this policy to clone
226 * @return clone of it
228 policy_t
*(*clone
) (policy_t
*this);
231 * @brief Destroys the policy object
233 * @param this calling object
235 void (*destroy
) (policy_t
*this);
239 * @brief Create a configuration object for IKE_AUTH and later.
241 * @param my_id identification_t for ourselves
242 * @param other_id identification_t for the remote guy
243 * @return policy_t object
247 policy_t
*policy_create(identification_t
*my_id
, identification_t
*other_id
);
249 #endif /* POLICY_H_ */