![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ipsec_policy.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libipsec|
Return to ipsec_policy.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libipsec |
1.1 misho 1: /*
2: * Copyright (C) 2012 Tobias Brunner
3: * Copyright (C) 2012 Giuliano Grassi
4: * Copyright (C) 2012 Ralf Sager
5: * HSR Hochschule fuer Technik Rapperswil
6: *
7: * This program is free software; you can redistribute it and/or modify it
8: * under the terms of the GNU General Public License as published by the
9: * Free Software Foundation; either version 2 of the License, or (at your
10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11: *
12: * This program is distributed in the hope that it will be useful, but
13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15: * for more details.
16: */
17:
18: /**
19: * @defgroup ipsec_policy ipsec_policy
20: * @{ @ingroup libipsec
21: */
22:
23: #ifndef IPSEC_POLICY_H
24: #define IPSEC_POLICY_H
25:
26: #include "ip_packet.h"
27:
28: #include <library.h>
29: #include <networking/host.h>
30: #include <ipsec/ipsec_types.h>
31: #include <selectors/traffic_selector.h>
32:
33: typedef struct ipsec_policy_t ipsec_policy_t;
34:
35: /**
36: * IPsec Policy
37: */
38: struct ipsec_policy_t {
39:
40: /**
41: * Get the source traffic selector of this policy
42: *
43: * @return the source traffic selector
44: */
45: traffic_selector_t *(*get_source_ts)(ipsec_policy_t *this);
46:
47: /**
48: * Get the destination traffic selector of this policy
49: *
50: * @return the destination traffic selector
51: */
52: traffic_selector_t *(*get_destination_ts)(ipsec_policy_t *this);
53:
54: /**
55: * Get the direction of this policy
56: *
57: * @return direction
58: */
59: policy_dir_t (*get_direction)(ipsec_policy_t *this);
60:
61: /**
62: * Get the priority of this policy
63: *
64: * @return priority
65: */
66: policy_priority_t (*get_priority)(ipsec_policy_t *this);
67:
68: /**
69: * Get the type of this policy (e.g. IPsec)
70: *
71: * @return the policy type
72: */
73: policy_type_t (*get_type)(ipsec_policy_t *this);
74:
75: /**
76: * Get the reqid associated to this policy
77: *
78: * @return the reqid
79: */
80: uint32_t (*get_reqid)(ipsec_policy_t *this);
81:
82: /**
83: * Get another reference to this policy
84: *
85: * @return additional reference to the policy
86: */
87: ipsec_policy_t *(*get_ref)(ipsec_policy_t *this);
88:
89: /**
90: * Check if this policy matches all given parameters
91: *
92: * @param src_ts source traffic selector
93: * @param dst_ts destination traffic selector
94: * @param direction traffic direction
95: * @param reqid reqid of the policy
96: * @param mark mark for this policy
97: * @param priority policy priority
98: * @return TRUE if policy matches all parameters
99: */
100: bool (*match)(ipsec_policy_t *this, traffic_selector_t *src_ts,
101: traffic_selector_t *dst_ts, policy_dir_t direction,
102: uint32_t reqid, mark_t mark, policy_priority_t priority);
103:
104: /**
105: * Check if this policy matches the given IP packet
106: *
107: * @param packet IP packet
108: * @return TRUE if policy matches the packet
109: */
110: bool (*match_packet)(ipsec_policy_t *this, ip_packet_t *packet);
111:
112: /**
113: * Destroy an ipsec_policy_t
114: */
115: void (*destroy)(ipsec_policy_t *this);
116:
117: };
118:
119: /**
120: * Create an ipsec_policy_t instance
121: *
122: * @param src source address of SA
123: * @param dst dest address of SA
124: * @param src_ts traffic selector to match traffic source
125: * @param dst_ts traffic selector to match traffic dest
126: * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
127: * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
128: * @param sa details about the SA(s) tied to this policy
129: * @param mark mark for this policy
130: * @param priority priority of this policy
131: * @return ipsec policy instance
132: */
133: ipsec_policy_t *ipsec_policy_create(host_t *src, host_t *dst,
134: traffic_selector_t *src_ts,
135: traffic_selector_t *dst_ts,
136: policy_dir_t direction, policy_type_t type,
137: ipsec_sa_cfg_t *sa, mark_t mark,
138: policy_priority_t priority);
139:
140: #endif /** IPSEC_POLICY_H @}*/