fixed CHILD_SA proposal selection when not using DH exchange
[strongswan.git] / src / charon / config / child_cfg.h
1 /**
2 * @file child_cfg.h
3 *
4 * @brief Interface of child_cfg_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2007 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #ifndef CHILD_CFG_H_
25 #define CHILD_CFG_H_
26
27 typedef enum mode_t mode_t;
28 typedef struct child_cfg_t child_cfg_t;
29
30 #include <library.h>
31 #include <config/proposal.h>
32 #include <config/traffic_selector.h>
33
34 /**
35 * @brief Mode of an CHILD_SA.
36 *
37 * These are equal to those defined in XFRM, so don't change.
38 *
39 * @ingroup config
40 */
41 enum mode_t {
42 /** transport mode, no inner address */
43 MODE_TRANSPORT = 0,
44 /** tunnel mode, inner and outer addresses */
45 MODE_TUNNEL = 1,
46 /** BEET mode, tunnel mode but fixed, bound inner addresses */
47 MODE_BEET = 4,
48 };
49
50 /**
51 * enum names for mode_t.
52 */
53 extern enum_name_t *mode_names;
54
55 /**
56 * @brief A child_cfg_t defines the config template for a CHILD_SA.
57 *
58 * After creation, proposals and traffic selectors may be added to the config.
59 * A child_cfg object is referenced multiple times, and is not thread save.
60 * Reading from the object is save, adding things is not allowed while other
61 * threads may access the object.
62 * A reference counter handles the number of references hold to this config.
63 *
64 * @see peer_cfg_t to get an overview over the configurations.
65 *
66 * @b Constructors:
67 * - child_cfg_create()
68 *
69 * @ingroup config
70 */
71 struct child_cfg_t {
72
73 /**
74 * @brief Get the name of the child_cfg.
75 *
76 * @param this calling object
77 * @return child_cfg's name
78 */
79 char *(*get_name) (child_cfg_t *this);
80
81 /**
82 * @brief Add a proposal to the list.
83 *
84 * The proposals are stored by priority, first added
85 * is the most prefered.
86 * After add, proposal is owned by child_cfg.
87 *
88 * @param this calling object
89 * @param proposal proposal to add
90 */
91 void (*add_proposal) (child_cfg_t *this, proposal_t *proposal);
92
93 /**
94 * @brief Get the list of proposals for the CHILD_SA.
95 *
96 * Resulting list and all of its proposals must be freed after use.
97 *
98 * @param this calling object
99 * @param strip_dh TRUE strip out diffie hellman groups
100 * @return list of proposals
101 */
102 linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh);
103
104 /**
105 * @brief Select a proposal from a supplied list.
106 *
107 * Returned propsal is newly created and must be destroyed after usage.
108 *
109 * @param this calling object
110 * @param proposals list from from wich proposals are selected
111 * @param strip_dh TRUE strip out diffie hellman groups
112 * @return selected proposal, or NULL if nothing matches
113 */
114 proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals,
115 bool strip_dh);
116
117 /**
118 * @brief Add a traffic selector to the config.
119 *
120 * Use the "local" parameter to add it for the local or the remote side.
121 * After add, traffic selector is owned by child_cfg.
122 *
123 * @param this calling object
124 * @param local TRUE for local side, FALSE for remote
125 * @param ts traffic_selector to add
126 */
127 void (*add_traffic_selector)(child_cfg_t *this, bool local,
128 traffic_selector_t *ts);
129
130 /**
131 * @brief Get a list of traffic selectors to use for the CHILD_SA.
132 *
133 * The config contains two set of traffic selectors, one for the local
134 * side, one for the remote side.
135 * If a list with traffic selectors is supplied, these are used to narrow
136 * down the traffic selector list to the greatest common divisor.
137 * Some traffic selector may be "dymamic", meaning they are narrowed down
138 * to a specific address (host-to-host or virtual-IP setups). Use
139 * the "host" parameter to narrow such traffic selectors to that address.
140 * Resulted list and its traffic selectors must be destroyed after use.
141 *
142 * @param this calling object
143 * @param local TRUE for TS on local side, FALSE for remote
144 * @param supplied list with TS to select from, or NULL
145 * @param host address to use for narrowing "dynamic" TS', or NULL
146 * @return list containing the traffic selectors
147 */
148 linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local,
149 linked_list_t *supplied,
150 host_t *host);
151
152 /**
153 * @brief Get the updown script to run for the CHILD_SA.
154 *
155 * @param this calling object
156 * @return path to updown script
157 */
158 char* (*get_updown)(child_cfg_t *this);
159
160 /**
161 * @brief Should we allow access to the local host (gateway)?
162 *
163 * @param this calling object
164 * @return value of hostaccess flag
165 */
166 bool (*get_hostaccess) (child_cfg_t *this);
167
168 /**
169 * @brief Get the lifetime of a CHILD_SA.
170 *
171 * If "rekey" is set to TRUE, a lifetime is returned before the first
172 * rekeying should be started. If it is FALSE, the actual lifetime is
173 * returned when the CHILD_SA must be deleted.
174 * The rekey time automatically contains a jitter to avoid simlutaneous
175 * rekeying.
176 *
177 * @param this child_cfg
178 * @param rekey TRUE to get rekey time
179 * @return lifetime in seconds
180 */
181 u_int32_t (*get_lifetime) (child_cfg_t *this, bool rekey);
182
183 /**
184 * @brief Get the mode to use for the CHILD_SA.
185 *
186 * The mode is either tunnel, transport or BEET. The peer must agree
187 * on the method, fallback is tunnel mode.
188 *
189 * @param this child_cfg
190 * @return lifetime in seconds
191 */
192 mode_t (*get_mode) (child_cfg_t *this);
193
194 /**
195 * @brief Get the DH group to use for CHILD_SA setup.
196 *
197 * @param this calling object
198 * @return dh group to use
199 */
200 diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this);
201
202 /**
203 * @brief Get a new reference.
204 *
205 * Get a new reference to this child_cfg by increasing
206 * it's internal reference counter.
207 * Do not call get_ref or any other function until you
208 * already have a reference. Otherwise the object may get
209 * destroyed while calling get_ref(),
210 *
211 * @param this calling object
212 */
213 void (*get_ref) (child_cfg_t *this);
214
215 /**
216 * @brief Destroys the child_cfg object.
217 *
218 * Decrements the internal reference counter and
219 * destroys the child_cfg when it reaches zero.
220 *
221 * @param this calling object
222 */
223 void (*destroy) (child_cfg_t *this);
224 };
225
226 /**
227 * @brief Create a configuration template for CHILD_SA setup.
228 *
229 * The "name" string gets cloned.
230 * Lifetimes are in seconds. To prevent to peers to start rekeying at the
231 * same time, a jitter may be specified. Rekeying of an SA starts at
232 * (rekeytime - random(0, jitter)). You should specify
233 * lifetime > rekeytime > jitter.
234 * After a call to create, a reference is obtained (refcount = 1).
235 *
236 * @param name name of the child_cfg
237 * @param lifetime lifetime after CHILD_SA expires and gets deleted
238 * @param rekeytime time when rekeying should be initiated
239 * @param jitter range of randomization time to remove from rekeytime
240 * @param updown updown script to execute on up/down event
241 * @param hostaccess TRUE to allow access to the local host
242 * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET
243 * @return child_cfg_t object
244 *
245 * @ingroup config
246 */
247 child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
248 u_int32_t rekeytime, u_int32_t jitter,
249 char *updown, bool hostaccess, mode_t mode);
250
251 #endif /* CHILD_CFG_H_ */