1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
|
/**
* @file policy.h
*
* @brief Interface of policy_t.
*
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef POLICY_H_
#define POLICY_H_
#include <types.h>
#include <utils/identification.h>
#include <config/traffic_selector.h>
#include <config/proposal.h>
#include <encoding/payloads/auth_payload.h>
typedef struct policy_t policy_t;
/**
* @brief A policy_t defines the policies to apply to CHILD_SAs.
*
* The given two IDs identify a policy. These rules define how
* child SAs may be set up and which traffic may be IPsec'ed.
*
* @b Constructors:
* - policy_create()
*
* @ingroup config
*/
struct policy_t {
/**
* @brief Get own id to use for identification.
*
* Returned object is not getting cloned.
*
* @param this calling object
* @return own id
*/
identification_t *(*get_my_id) (policy_t *this);
/**
* @brief Get id of communication partner.
*
* Returned object is not getting cloned.
*
* @param this calling object
* @return other id
*/
identification_t *(*get_other_id) (policy_t *this);
/**
* @brief Update own ID.
*
* It may be necessary to uptdate own ID, as it
* is set to %any or to e.g. *@strongswan.org in
* some cases.
* Old ID is destroyed, new one NOT cloned.
*
* @param this calling object
* @param my_id new ID to set as my_id
*/
void (*update_my_id) (policy_t *this, identification_t *my_id);
/**
* @brief Update others ID.
*
* It may be necessary to uptdate others ID, as it
* is set to %any or to e.g. *@strongswan.org in
* some cases.
* Old ID is destroyed, new one NOT cloned.
*
* @param this calling object
* @param other_id new ID to set as other_id
*/
void (*update_other_id) (policy_t *this, identification_t *other_id);
/**
* @brief Update own address in traffic selectors.
*
* Update own 0.0.0.0 address in traffic selectors
* with supplied one. The size of the subnet will be
* set to /32.
*
* @param this calling object
* @param my_host new address to set in traffic selectors
*/
void (*update_my_ts) (policy_t *this, host_t *my_host);
/**
* @brief Update others address in traffic selectors.
*
* Update remote 0.0.0.0 address in traffic selectors
* with supplied one. The size of the subnet will be
* set to /32.
*
* @param this calling object
* @param other_host new address to set in traffic selectors
*/
void (*update_other_ts) (policy_t *this, host_t *other_host);
/**
* @brief Get configured traffic selectors for our site.
*
* Returns a list with all traffic selectors for the local
* site. List and items MUST NOT be freed nor modified.
*
* @param this calling object
* @return list with traffic selectors
*/
linked_list_t *(*get_my_traffic_selectors) (policy_t *this);
/**
* @brief Get configured traffic selectors for others site.
*
* Returns a list with all traffic selectors for the remote
* site. List and items MUST NOT be freed nor modified.
*
* @param this calling object
* @return list with traffic selectors
*/
linked_list_t *(*get_other_traffic_selectors) (policy_t *this);
/**
* @brief Select traffic selectors from a supplied list for local site.
*
* Resulted list and traffic selectors must be destroyed after usage.
*
* @param this calling object
* @param supplied linked list with traffic selectors
* @return list containing the selected traffic selectors
*/
linked_list_t *(*select_my_traffic_selectors) (policy_t *this, linked_list_t *supplied);
/**
* @brief Select traffic selectors from a supplied list for remote site.
*
* Resulted list and traffic selectors must be destroyed after usage.
*
* @param this calling object
* @param supplied linked list with traffic selectors
* @return list containing the selected traffic selectors
*/
linked_list_t *(*select_other_traffic_selectors) (policy_t *this, linked_list_t *supplied);
/**
* @brief Get the list of internally stored proposals.
*
* Rembember: policy_t does store proposals for AH/ESP,
* IKE proposals are in the connection_t
*
* @warning List and Items are still owned by policy and MUST NOT
* be manipulated or freed!
*
* @param this calling object
* @return lists with proposals
*/
linked_list_t *(*get_proposals) (policy_t *this);
/**
* @brief Select a proposal from a supplied list.
*
* @param this calling object
* @param proposals list from from wich proposals are selected
* @return selected proposal, or NULL if nothing matches
*/
proposal_t *(*select_proposal) (policy_t *this, linked_list_t *proposals);
/**
* @brief Add a traffic selector to the list for local site.
*
* After add, proposal is owned by policy.
*
* @warning Do not add while other threads are reading.
*
* @param this calling object
* @param traffic_selector traffic_selector to add
*/
void (*add_my_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
/**
* @brief Add a traffic selector to the list for remote site.
*
* After add, proposal is owned by policy.
*
* @warning Do not add while other threads are reading.
*
* @param this calling object
* @param traffic_selector traffic_selector to add
*/
void (*add_other_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
/**
* @brief Add a proposal to the list.
*
* The proposals are stored by priority, first added
* is the most prefered.
*
* @warning Do not add while other threads are reading.
*
* @param this calling object
* @param proposal proposal to add
*/
void (*add_proposal) (policy_t *this, proposal_t *proposal);
/**
* @brief Clone a policy.
*
* @param this policy to clone
* @return clone of it
*/
policy_t *(*clone) (policy_t *this);
/**
* @brief Destroys the policy object
*
* @param this calling object
*/
void (*destroy) (policy_t *this);
};
/**
* @brief Create a configuration object for IKE_AUTH and later.
*
* @param my_id identification_t for ourselves
* @param other_id identification_t for the remote guy
* @return policy_t object
*
* @ingroup config
*/
policy_t *policy_create(identification_t *my_id, identification_t *other_id);
#endif /* POLICY_H_ */
|
