- reworked configuration framework completly
[strongswan.git] / Source / charon / config / policy.h
1 /**
2 * @file policy.h
3 *
4 * @brief Interface of policy_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef POLICY_H_
24 #define POLICY_H_
25
26 #include <types.h>
27 #include <utils/identification.h>
28 #include <config/traffic_selector.h>
29 #include <config/proposal.h>
30 #include <encoding/payloads/auth_payload.h>
31
32
33 typedef struct policy_t policy_t;
34
35 /**
36 * @brief A policy_t defines the policies to apply to CHILD_SAs.
37 *
38 * The given two IDs identify a policy. These rules define how
39 * child SAs may be set up and which traffic may be IPsec'ed.
40 *
41 * @b Constructors:
42 * - policy_create()
43 *
44 * @ingroup config
45 */
46 struct policy_t {
47
48 /**
49 * @brief Get own id to use for identification.
50 *
51 * Returned object is not getting cloned.
52 *
53 * @param this calling object
54 * @return own id
55 */
56 identification_t *(*get_my_id) (policy_t *this);
57
58 /**
59 * @brief Get id of communication partner.
60 *
61 * Returned object is not getting cloned.
62 *
63 * @param this calling object
64 * @return other id
65 */
66 identification_t *(*get_other_id) (policy_t *this);
67
68 /**
69 * @brief Get configured traffic selectors for our site.
70 *
71 * Returns a list with all traffic selectors for the local
72 * site. List and items MUST NOT be freed nor modified.
73 *
74 * @param this calling object
75 * @return list with traffic selectors
76 */
77 linked_list_t *(*get_my_traffic_selectors) (policy_t *this);
78
79 /**
80 * @brief Get configured traffic selectors for others site.
81 *
82 * Returns a list with all traffic selectors for the remote
83 * site. List and items MUST NOT be freed nor modified.
84 *
85 * @param this calling object
86 * @return list with traffic selectors
87 */
88 linked_list_t *(*get_other_traffic_selectors) (policy_t *this);
89
90 /**
91 * @brief Select traffic selectors from a supplied list for local site.
92 *
93 * Resulted list and traffic selectors must be destroyed after usage.
94 *
95 * @param this calling object
96 * @param supplied linked list with traffic selectors
97 * @return list containing the selected traffic selectors
98 */
99 linked_list_t *(*select_my_traffic_selectors) (policy_t *this, linked_list_t *supplied);
100
101 /**
102 * @brief Select traffic selectors from a supplied list for remote site.
103 *
104 * Resulted list and traffic selectors must be destroyed after usage.
105 *
106 * @param this calling object
107 * @param supplied linked list with traffic selectors
108 * @return list containing the selected traffic selectors
109 */
110 linked_list_t *(*select_other_traffic_selectors) (policy_t *this, linked_list_t *supplied);
111
112 /**
113 * @brief Get the list of internally stored proposals.
114 *
115 * Rembember: policy_t does store proposals for AH/ESP,
116 * IKE proposals are in the connection_t
117 *
118 * @warning List and Items are still owned by policy and MUST NOT
119 * be manipulated or freed!
120 *
121 * @param this calling object
122 * @return lists with proposals
123 */
124 linked_list_t *(*get_proposals) (policy_t *this);
125
126 /**
127 * @brief Select a proposal from a supplied list.
128 *
129 * @param this calling object
130 * @param proposals list from from wich proposals are selected
131 * @return selected proposal, or NULL if nothing matches
132 */
133 proposal_t *(*select_proposal) (policy_t *this, linked_list_t *proposals);
134
135 /**
136 * @brief Add a traffic selector to the list for local site.
137 *
138 * After add, proposal is owned by policy.
139 *
140 * @warning Do not add while other threads are reading.
141 *
142 * @param this calling object
143 * @param traffic_selector traffic_selector to add
144 */
145 void (*add_my_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
146
147 /**
148 * @brief Add a traffic selector to the list for remote site.
149 *
150 * After add, proposal is owned by policy.
151 *
152 * @warning Do not add while other threads are reading.
153 *
154 * @param this calling object
155 * @param traffic_selector traffic_selector to add
156 */
157 void (*add_other_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
158
159 /**
160 * @brief Add a proposal to the list.
161 *
162 * The proposals are stored by priority, first added
163 * is the most prefered.
164 *
165 * @warning Do not add while other threads are reading.
166 *
167 * @param this calling object
168 * @param proposal proposal to add
169 */
170 void (*add_proposal) (policy_t *this, proposal_t *proposal);
171
172 /**
173 * @brief Destroys the config object
174 *
175 * @param this calling object
176 */
177 void (*destroy) (policy_t *this);
178 };
179
180 /**
181 * @brief Create a configuration object for IKE_AUTH and later.
182 *
183 * @param my_id identification_t for ourselves
184 * @param other_id identification_t for the remote guy
185 * @return policy_t object
186 *
187 * @ingroup config
188 */
189 policy_t *policy_create(identification_t *my_id, identification_t *other_id);
190
191 #endif /* POLICY_H_ */