Class representing an IPsec policy added

4 files changed, 302 insertions, 0 deletions

diff --git a/src/libipsec/Android.mk b/src/libipsec/Android.mk
index 024810997..f18fc73f0 100644
--- a/src/libipsec/Android.mk
+++ b/src/libipsec/Android.mk
@@ -8,6 +8,7 @@ esp_context.c esp_context.h \
 esp_packet.c esp_packet.h \
 ipsec_event_listener.h \
 ipsec_event_relay.c ipsec_event_relay.h \
+ipsec_policy.c ipsec_policy.h \
 ipsec_sa.c ipsec_sa.h \
 ipsec_sa_mgr.c ipsec_sa_mgr.h
 
diff --git a/src/libipsec/Makefile.am b/src/libipsec/Makefile.am
index c1024930d..4b81d4563 100644
--- a/src/libipsec/Makefile.am
+++ b/src/libipsec/Makefile.am
@@ -6,6 +6,7 @@ esp_context.c esp_context.h \
 esp_packet.c esp_packet.h \
 ipsec_event_listener.h \
 ipsec_event_relay.c ipsec_event_relay.h \
+ipsec_policy.c ipsec_policy.h \
 ipsec_sa.c ipsec_sa.h \
 ipsec_sa_mgr.c ipsec_sa_mgr.h
 
diff --git a/src/libipsec/ipsec_policy.c b/src/libipsec/ipsec_policy.c
new file mode 100644
index 000000000..e0e154bef
--- /dev/null
+++ b/src/libipsec/ipsec_policy.c
@@ -0,0 +1,185 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012 Giuliano Grassi
+ * Copyright (C) 2012 Ralf Sager
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ipsec_policy.h"
+
+#include <debug.h>
+
+typedef struct private_ipsec_policy_t private_ipsec_policy_t;
+
+/**
+ * Private additions to ipsec_policy_t.
+ */
+struct private_ipsec_policy_t {
+
+	/**
+	 * Public members
+	 */
+	ipsec_policy_t public;
+
+	/**
+	 * SA source address
+	 */
+	host_t *src;
+
+	/**
+	 * SA destination address
+	 */
+	host_t *dst;
+
+	/**
+	 * Source traffic selector
+	 */
+	traffic_selector_t *src_ts;
+
+	/**
+	 * Destination traffic selector
+	 */
+	traffic_selector_t *dst_ts;
+
+	/**
+	 * If any of the two TS has a protocol selector we cache it here
+	 */
+	u_int8_t protocol;
+
+	/**
+	 * Traffic direction
+	 */
+	policy_dir_t direction;
+
+	/**
+	 * Policy type
+	 */
+	policy_type_t type;
+
+	/**
+	 * SA configuration
+	 */
+	ipsec_sa_cfg_t sa;
+
+	/**
+	 * Mark
+	 */
+	mark_t mark;
+
+	/**
+	 * Policy priority
+	 */
+	policy_priority_t priority;
+
+	/**
+	 * Reference counter
+	 */
+	refcount_t refcount;
+
+};
+
+METHOD(ipsec_policy_t, get_source_ts, traffic_selector_t*,
+	private_ipsec_policy_t *this)
+{
+	return this->src_ts;
+}
+
+METHOD(ipsec_policy_t, get_destination_ts, traffic_selector_t*,
+	private_ipsec_policy_t *this)
+{
+	return this->dst_ts;
+}
+
+METHOD(ipsec_policy_t, get_reqid, u_int32_t,
+	private_ipsec_policy_t *this)
+{
+	return this->sa.reqid;
+}
+
+METHOD(ipsec_policy_t, get_direction, policy_dir_t,
+	private_ipsec_policy_t *this)
+{
+	return this->direction;
+}
+
+METHOD(ipsec_policy_t, get_priority, policy_priority_t,
+	private_ipsec_policy_t *this)
+{
+	return this->priority;
+}
+
+METHOD(ipsec_policy_t, get_type, policy_type_t,
+	private_ipsec_policy_t *this)
+{
+	return this->type;
+}
+
+METHOD(ipsec_policy_t, get_ref, ipsec_policy_t*,
+	private_ipsec_policy_t *this)
+{
+	ref_get(&this->refcount);
+	return &this->public;
+}
+
+METHOD(ipsec_policy_t, destroy, void,
+		private_ipsec_policy_t *this)
+{
+	if (ref_put(&this->refcount))
+	{
+		this->src->destroy(this->src);
+		this->dst->destroy(this->dst);
+		this->src_ts->destroy(this->src_ts);
+		this->dst_ts->destroy(this->dst_ts);
+		free(this);
+	}
+}
+
+/**
+ * Described in header.
+ */
+ipsec_policy_t *ipsec_policy_create(host_t *src, host_t *dst,
+									traffic_selector_t *src_ts,
+									traffic_selector_t *dst_ts,
+									policy_dir_t direction, policy_type_t type,
+									ipsec_sa_cfg_t *sa, mark_t mark,
+									policy_priority_t priority)
+{
+	private_ipsec_policy_t *this;
+
+	INIT(this,
+		.public = {
+			.get_source_ts = _get_source_ts,
+			.get_destination_ts = _get_destination_ts,
+			.get_direction = _get_direction,
+			.get_priority = _get_priority,
+			.get_reqid = _get_reqid,
+			.get_type = _get_type,
+			.get_ref = _get_ref,
+			.destroy = _destroy,
+		},
+		.src = src->clone(src),
+		.dst = dst->clone(dst),
+		.src_ts = src_ts->clone(src_ts),
+		.dst_ts = dst_ts->clone(dst_ts),
+		.protocol = max(src_ts->get_protocol(src_ts),
+						dst_ts->get_protocol(dst_ts)),
+		.direction = direction,
+		.type = type,
+		.sa = *sa,
+		.mark = mark,
+		.priority = priority,
+		.refcount = 1,
+	);
+
+	return &this->public;
+}
diff --git a/src/libipsec/ipsec_policy.h b/src/libipsec/ipsec_policy.h
new file mode 100644
index 000000000..0f65b1876
--- /dev/null
+++ b/src/libipsec/ipsec_policy.h
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012 Giuliano Grassi
+ * Copyright (C) 2012 Ralf Sager
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ipsec_policy ipsec_policy
+ * @{ @ingroup libipsec
+ */
+
+#ifndef IPSEC_POLICY_H
+#define IPSEC_POLICY_H
+
+#include <library.h>
+#include <utils/host.h>
+#include <ipsec/ipsec_types.h>
+#include <selectors/traffic_selector.h>
+
+typedef struct ipsec_policy_t ipsec_policy_t;
+
+/**
+ * IPsec Policy
+ */
+struct ipsec_policy_t {
+
+	/**
+	 * Get the source traffic selector of this policy
+	 *
+	 * @return			the source traffic selector
+	 */
+	traffic_selector_t *(*get_source_ts)(ipsec_policy_t *this);
+
+	/**
+	 * Get the destination traffic selector of this policy
+	 *
+	 * @return			the destination traffic selector
+	 */
+	traffic_selector_t *(*get_destination_ts)(ipsec_policy_t *this);
+
+	/**
+	 * Get the direction of this policy
+	 *
+	 * @return			direction
+	 */
+	policy_dir_t (*get_direction)(ipsec_policy_t *this);
+
+	/**
+	 * Get the priority of this policy
+	 *
+	 * @return			priority
+	 */
+	policy_priority_t (*get_priority)(ipsec_policy_t *this);
+
+	/**
+	 * Get the type of this policy (e.g. IPsec)
+	 *
+	 * @return			the policy type
+	 */
+	policy_type_t (*get_type)(ipsec_policy_t *this);
+
+	/**
+	 * Get the reqid associated to this policy
+	 *
+	 * @return			the reqid
+	 */
+	u_int32_t (*get_reqid)(ipsec_policy_t *this);
+
+	/**
+	 * Get another reference to this policy
+	 *
+	 * @return			additional reference to the policy
+	 */
+	ipsec_policy_t *(*get_ref)(ipsec_policy_t *this);
+
+	/**
+	 * Destroy an ipsec_policy_t
+	 */
+	void (*destroy)(ipsec_policy_t *this);
+
+};
+
+/**
+ * Create an ipsec_policy_t instance
+ *
+ * @param src			source address of SA
+ * @param dst			dest address of SA
+ * @param src_ts		traffic selector to match traffic source
+ * @param dst_ts		traffic selector to match traffic dest
+ * @param direction		direction of traffic, POLICY_(IN|OUT|FWD)
+ * @param type			type of policy, POLICY_(IPSEC|PASS|DROP)
+ * @param sa			details about the SA(s) tied to this policy
+ * @param mark			mark for this policy
+ * @param priority		priority of this policy
+ * @return				ipsec policy instance
+ */
+ipsec_policy_t *ipsec_policy_create(host_t *src, host_t *dst,
+									traffic_selector_t *src_ts,
+									traffic_selector_t *dst_ts,
+									policy_dir_t direction,	policy_type_t type,
+									ipsec_sa_cfg_t *sa, mark_t mark,
+									policy_priority_t priority);
+
+#endif /** IPSEC_POLICY_H @}*/