228f0d888acbbe2e58f6bfbac627a2b7aa112edf
[strongswan.git] / src / charon / config / child_cfg.h
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2005-2007 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 *
17 * $Id$
18 */
19
20 /**
21 * @defgroup child_cfg child_cfg
22 * @{ @ingroup config
23 */
24
25 #ifndef CHILD_CFG_H_
26 #define CHILD_CFG_H_
27
28 typedef enum mode_t mode_t;
29 typedef enum action_t action_t;
30 typedef enum ipcomp_transform_t ipcomp_transform_t;
31 typedef struct child_cfg_t child_cfg_t;
32
33 #include <library.h>
34 #include <config/proposal.h>
35 #include <config/traffic_selector.h>
36
37 /**
38 * Mode of an CHILD_SA.
39 *
40 * These are equal to those defined in XFRM, so don't change.
41 */
42 enum mode_t {
43 /** transport mode, no inner address */
44 MODE_TRANSPORT = 0,
45 /** tunnel mode, inner and outer addresses */
46 MODE_TUNNEL = 1,
47 /** BEET mode, tunnel mode but fixed, bound inner addresses */
48 MODE_BEET = 4,
49 };
50
51 /**
52 * enum names for mode_t.
53 */
54 extern enum_name_t *mode_names;
55
56 /**
57 * Action to take when DPD detected/connection gets closed by peer.
58 */
59 enum action_t {
60 /** No action */
61 ACTION_NONE,
62 /** Route config to reestablish on demand */
63 ACTION_ROUTE,
64 /** Restart config immediately */
65 ACTION_RESTART,
66 };
67
68 /**
69 * enum names for action_t.
70 */
71 extern enum_name_t *action_names;
72
73 /**
74 * IPComp transform IDs, as in RFC 4306
75 */
76 enum ipcomp_transform_t {
77 IPCOMP_NONE = 241,
78 IPCOMP_OUI = 1,
79 IPCOMP_DEFLATE = 2,
80 IPCOMP_LZS = 3,
81 IPCOMP_LZJH = 4,
82 };
83
84 /**
85 * enum strings for ipcomp_transform_t.
86 */
87 extern enum_name_t *ipcomp_transform_names;
88
89 /**
90 * A child_cfg_t defines the config template for a CHILD_SA.
91 *
92 * After creation, proposals and traffic selectors may be added to the config.
93 * A child_cfg object is referenced multiple times, and is not thread save.
94 * Reading from the object is save, adding things is not allowed while other
95 * threads may access the object.
96 * A reference counter handles the number of references hold to this config.
97 *
98 * @see peer_cfg_t to get an overview over the configurations.
99 */
100 struct child_cfg_t {
101
102 /**
103 * Get the name of the child_cfg.
104 *
105 * @return child_cfg's name
106 */
107 char *(*get_name) (child_cfg_t *this);
108
109 /**
110 * Add a proposal to the list.
111 *
112 * The proposals are stored by priority, first added
113 * is the most prefered.
114 * After add, proposal is owned by child_cfg.
115 *
116 * @param proposal proposal to add
117 */
118 void (*add_proposal) (child_cfg_t *this, proposal_t *proposal);
119
120 /**
121 * Get the list of proposals for the CHILD_SA.
122 *
123 * Resulting list and all of its proposals must be freed after use.
124 *
125 * @param strip_dh TRUE strip out diffie hellman groups
126 * @return list of proposals
127 */
128 linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh);
129
130 /**
131 * Select a proposal from a supplied list.
132 *
133 * Returned propsal is newly created and must be destroyed after usage.
134 *
135 * @param proposals list from from wich proposals are selected
136 * @param strip_dh TRUE strip out diffie hellman groups
137 * @return selected proposal, or NULL if nothing matches
138 */
139 proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals,
140 bool strip_dh);
141
142 /**
143 * Add a traffic selector to the config.
144 *
145 * Use the "local" parameter to add it for the local or the remote side.
146 * After add, traffic selector is owned by child_cfg.
147 *
148 * @param local TRUE for local side, FALSE for remote
149 * @param ts traffic_selector to add
150 */
151 void (*add_traffic_selector)(child_cfg_t *this, bool local,
152 traffic_selector_t *ts);
153
154 /**
155 * Get a list of traffic selectors to use for the CHILD_SA.
156 *
157 * The config contains two set of traffic selectors, one for the local
158 * side, one for the remote side.
159 * If a list with traffic selectors is supplied, these are used to narrow
160 * down the traffic selector list to the greatest common divisor.
161 * Some traffic selector may be "dymamic", meaning they are narrowed down
162 * to a specific address (host-to-host or virtual-IP setups). Use
163 * the "host" parameter to narrow such traffic selectors to that address.
164 * Resulted list and its traffic selectors must be destroyed after use.
165 *
166 * @param local TRUE for TS on local side, FALSE for remote
167 * @param supplied list with TS to select from, or NULL
168 * @param host address to use for narrowing "dynamic" TS', or NULL
169 * @return list containing the traffic selectors
170 */
171 linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local,
172 linked_list_t *supplied,
173 host_t *host);
174
175 /**
176 * Get the updown script to run for the CHILD_SA.
177 *
178 * @return path to updown script
179 */
180 char* (*get_updown)(child_cfg_t *this);
181
182 /**
183 * Should we allow access to the local host (gateway)?
184 *
185 * @return value of hostaccess flag
186 */
187 bool (*get_hostaccess) (child_cfg_t *this);
188
189 /**
190 * Get the lifetime of a CHILD_SA.
191 *
192 * If "rekey" is set to TRUE, a lifetime is returned before the first
193 * rekeying should be started. If it is FALSE, the actual lifetime is
194 * returned when the CHILD_SA must be deleted.
195 * The rekey time automatically contains a jitter to avoid simlutaneous
196 * rekeying.
197 *
198 * @param rekey TRUE to get rekey time
199 * @return lifetime in seconds
200 */
201 u_int32_t (*get_lifetime) (child_cfg_t *this, bool rekey);
202
203 /**
204 * Get the mode to use for the CHILD_SA.
205 *
206 * The mode is either tunnel, transport or BEET. The peer must agree
207 * on the method, fallback is tunnel mode.
208 *
209 * @return ipsec mode
210 */
211 mode_t (*get_mode) (child_cfg_t *this);
212
213 /**
214 * Action to take on DPD.
215 *
216 * @return DPD action
217 */
218 action_t (*get_dpd_action) (child_cfg_t *this);
219
220 /**
221 * Action to take if CHILD_SA gets closed.
222 *
223 * @return close action
224 */
225 action_t (*get_close_action) (child_cfg_t *this);
226
227 /**
228 * Get the DH group to use for CHILD_SA setup.
229 *
230 * @return dh group to use
231 */
232 diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this);
233
234 /**
235 * Check whether IPComp should be used, if the other peer supports it.
236 *
237 * @return TRUE, if IPComp should be used
238 * FALSE, otherwise
239 */
240 bool (*use_ipcomp)(child_cfg_t *this);
241
242 /**
243 * Increase the reference count.
244 *
245 * @return reference to this
246 */
247 child_cfg_t* (*get_ref) (child_cfg_t *this);
248
249 /**
250 * Destroys the child_cfg object.
251 *
252 * Decrements the internal reference counter and
253 * destroys the child_cfg when it reaches zero.
254 */
255 void (*destroy) (child_cfg_t *this);
256 };
257
258 /**
259 * Create a configuration template for CHILD_SA setup.
260 *
261 * The "name" string gets cloned.
262 * Lifetimes are in seconds. To prevent to peers to start rekeying at the
263 * same time, a jitter may be specified. Rekeying of an SA starts at
264 * (rekeytime - random(0, jitter)). You should specify
265 * lifetime > rekeytime > jitter.
266 * After a call to create, a reference is obtained (refcount = 1).
267 *
268 * @param name name of the child_cfg
269 * @param lifetime lifetime after CHILD_SA expires and gets deleted
270 * @param rekeytime time when rekeying should be initiated
271 * @param jitter range of randomization time to remove from rekeytime
272 * @param updown updown script to execute on up/down event
273 * @param hostaccess TRUE to allow access to the local host
274 * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET
275 * @param dpd_action DPD action
276 * @param close_action close action
277 * @param ipcomp use IPComp, if peer supports it
278 * @return child_cfg_t object
279 */
280 child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
281 u_int32_t rekeytime, u_int32_t jitter,
282 char *updown, bool hostaccess, mode_t mode,
283 action_t dpd_action, action_t close_action,
284 bool ipcomp);
285
286 #endif /* CHILD_CFG_H_ @} */