Annotation of embedaddon/strongswan/src/libipsec/ipsec_policy_mgr.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2012 Tobias Brunner
3: * Copyright (C) 2012 Giuliano Grassi
4: * Copyright (C) 2012 Ralf Sager
5: * HSR Hochschule fuer Technik Rapperswil
6: *
7: * This program is free software; you can redistribute it and/or modify it
8: * under the terms of the GNU General Public License as published by the
9: * Free Software Foundation; either version 2 of the License, or (at your
10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11: *
12: * This program is distributed in the hope that it will be useful, but
13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15: * for more details.
16: */
17:
18: /**
19: * @defgroup ipsec_policy_mgr ipsec_policy_mgr
20: * @{ @ingroup libipsec
21: */
22:
23: #ifndef IPSEC_POLICY_MGR_H_
24: #define IPSEC_POLICY_MGR_H_
25:
26: #include "ipsec_policy.h"
27: #include "ip_packet.h"
28:
29: #include <library.h>
30: #include <networking/host.h>
31: #include <collections/linked_list.h>
32: #include <ipsec/ipsec_types.h>
33: #include <selectors/traffic_selector.h>
34:
35: typedef struct ipsec_policy_mgr_t ipsec_policy_mgr_t;
36:
37: /**
38: * IPsec policy manager
39: *
40: * The first methods are modeled after those in kernel_ipsec_t.
41: *
42: * @note Only policies of type POLICY_IPSEC are currently used, also policies
43: * with direction POLICY_FWD are ignored. Any packets that do not match an
44: * installed policy will be dropped.
45: */
46: struct ipsec_policy_mgr_t {
47:
48: /**
49: * Add a policy
50: *
51: * A policy is always associated to an SA. Traffic which matches a
52: * policy is handled by the SA with the same reqid.
53: *
54: * @param src source address of SA
55: * @param dst dest address of SA
56: * @param src_ts traffic selector to match traffic source
57: * @param dst_ts traffic selector to match traffic dest
58: * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
59: * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
60: * @param sa details about the SA(s) tied to this policy
61: * @param mark mark for this policy
62: * @param priority priority of this policy
63: * @return SUCCESS if operation completed
64: */
65: status_t (*add_policy)(ipsec_policy_mgr_t *this,
66: host_t *src, host_t *dst, traffic_selector_t *src_ts,
67: traffic_selector_t *dst_ts, policy_dir_t direction,
68: policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
69: policy_priority_t priority);
70:
71: /**
72: * Remove a policy
73: *
74: * @param src source address of SA
75: * @param dst dest address of SA
76: * @param src_ts traffic selector to match traffic source
77: * @param dst_ts traffic selector to match traffic dest
78: * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
79: * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
80: * @param sa details about the SA(s) tied to this policy
81: * @param mark optional mark
82: * @param priority priority of the policy
83: * @return SUCCESS if operation completed
84: */
85: status_t (*del_policy)(ipsec_policy_mgr_t *this,
86: host_t *src, host_t *dst, traffic_selector_t *src_ts,
87: traffic_selector_t *dst_ts, policy_dir_t direction,
88: policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
89: policy_priority_t priority);
90:
91: /**
92: * Flush all policies
93: *
94: * @return SUCCESS if operation completed
95: */
96: status_t (*flush_policies)(ipsec_policy_mgr_t *this);
97:
98: /**
99: * Find the policy that matches the given IP packet best
100: *
101: * @param packet IP packet to match
102: * @param inbound TRUE for an inbound packet
103: * @param reqid require a policy with a specific reqid, 0 for any
104: * @return reference to the policy, or NULL if none found
105: */
106: ipsec_policy_t *(*find_by_packet)(ipsec_policy_mgr_t *this,
107: ip_packet_t *packet, bool inbound,
108: uint32_t reqid);
109:
110: /**
111: * Destroy an ipsec_policy_mgr_t
112: */
113: void (*destroy)(ipsec_policy_mgr_t *this);
114:
115: };
116:
117: /**
118: * Create an ipsec_policy_mgr instance
119: *
120: * @return ipsec_policy_mgr
121: */
122: ipsec_policy_mgr_t *ipsec_policy_mgr_create();
123:
124: #endif /** IPSEC_POLICY_MGR_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>