Annotation of embedaddon/strongswan/src/libipsec/ipsec_policy_mgr.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2012 Tobias Brunner
! 3: * Copyright (C) 2012 Giuliano Grassi
! 4: * Copyright (C) 2012 Ralf Sager
! 5: * HSR Hochschule fuer Technik Rapperswil
! 6: *
! 7: * This program is free software; you can redistribute it and/or modify it
! 8: * under the terms of the GNU General Public License as published by the
! 9: * Free Software Foundation; either version 2 of the License, or (at your
! 10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 11: *
! 12: * This program is distributed in the hope that it will be useful, but
! 13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 15: * for more details.
! 16: */
! 17:
! 18: /**
! 19: * @defgroup ipsec_policy_mgr ipsec_policy_mgr
! 20: * @{ @ingroup libipsec
! 21: */
! 22:
! 23: #ifndef IPSEC_POLICY_MGR_H_
! 24: #define IPSEC_POLICY_MGR_H_
! 25:
! 26: #include "ipsec_policy.h"
! 27: #include "ip_packet.h"
! 28:
! 29: #include <library.h>
! 30: #include <networking/host.h>
! 31: #include <collections/linked_list.h>
! 32: #include <ipsec/ipsec_types.h>
! 33: #include <selectors/traffic_selector.h>
! 34:
! 35: typedef struct ipsec_policy_mgr_t ipsec_policy_mgr_t;
! 36:
! 37: /**
! 38: * IPsec policy manager
! 39: *
! 40: * The first methods are modeled after those in kernel_ipsec_t.
! 41: *
! 42: * @note Only policies of type POLICY_IPSEC are currently used, also policies
! 43: * with direction POLICY_FWD are ignored. Any packets that do not match an
! 44: * installed policy will be dropped.
! 45: */
! 46: struct ipsec_policy_mgr_t {
! 47:
! 48: /**
! 49: * Add a policy
! 50: *
! 51: * A policy is always associated to an SA. Traffic which matches a
! 52: * policy is handled by the SA with the same reqid.
! 53: *
! 54: * @param src source address of SA
! 55: * @param dst dest address of SA
! 56: * @param src_ts traffic selector to match traffic source
! 57: * @param dst_ts traffic selector to match traffic dest
! 58: * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
! 59: * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
! 60: * @param sa details about the SA(s) tied to this policy
! 61: * @param mark mark for this policy
! 62: * @param priority priority of this policy
! 63: * @return SUCCESS if operation completed
! 64: */
! 65: status_t (*add_policy)(ipsec_policy_mgr_t *this,
! 66: host_t *src, host_t *dst, traffic_selector_t *src_ts,
! 67: traffic_selector_t *dst_ts, policy_dir_t direction,
! 68: policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
! 69: policy_priority_t priority);
! 70:
! 71: /**
! 72: * Remove a policy
! 73: *
! 74: * @param src source address of SA
! 75: * @param dst dest address of SA
! 76: * @param src_ts traffic selector to match traffic source
! 77: * @param dst_ts traffic selector to match traffic dest
! 78: * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
! 79: * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
! 80: * @param sa details about the SA(s) tied to this policy
! 81: * @param mark optional mark
! 82: * @param priority priority of the policy
! 83: * @return SUCCESS if operation completed
! 84: */
! 85: status_t (*del_policy)(ipsec_policy_mgr_t *this,
! 86: host_t *src, host_t *dst, traffic_selector_t *src_ts,
! 87: traffic_selector_t *dst_ts, policy_dir_t direction,
! 88: policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
! 89: policy_priority_t priority);
! 90:
! 91: /**
! 92: * Flush all policies
! 93: *
! 94: * @return SUCCESS if operation completed
! 95: */
! 96: status_t (*flush_policies)(ipsec_policy_mgr_t *this);
! 97:
! 98: /**
! 99: * Find the policy that matches the given IP packet best
! 100: *
! 101: * @param packet IP packet to match
! 102: * @param inbound TRUE for an inbound packet
! 103: * @param reqid require a policy with a specific reqid, 0 for any
! 104: * @return reference to the policy, or NULL if none found
! 105: */
! 106: ipsec_policy_t *(*find_by_packet)(ipsec_policy_mgr_t *this,
! 107: ip_packet_t *packet, bool inbound,
! 108: uint32_t reqid);
! 109:
! 110: /**
! 111: * Destroy an ipsec_policy_mgr_t
! 112: */
! 113: void (*destroy)(ipsec_policy_mgr_t *this);
! 114:
! 115: };
! 116:
! 117: /**
! 118: * Create an ipsec_policy_mgr instance
! 119: *
! 120: * @return ipsec_policy_mgr
! 121: */
! 122: ipsec_policy_mgr_t *ipsec_policy_mgr_create();
! 123:
! 124: #endif /** IPSEC_POLICY_MGR_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ipsec_policy_mgr.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libipsec