merged the modularization branch (credentials) back to trunk
[strongswan.git] / src / charon / config / child_cfg.h
1 /*
2 * Copyright (C) 2005-2007 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 *
16 * $Id$
17 */
18
19 /**
20 * @defgroup child_cfg child_cfg
21 * @{ @ingroup config
22 */
23
24 #ifndef CHILD_CFG_H_
25 #define CHILD_CFG_H_
26
27 typedef enum mode_t mode_t;
28 typedef struct child_cfg_t child_cfg_t;
29
30 #include <library.h>
31 #include <config/proposal.h>
32 #include <config/traffic_selector.h>
33
34 /**
35 * Mode of an CHILD_SA.
36 *
37 * These are equal to those defined in XFRM, so don't change.
38 */
39 enum mode_t {
40 /** transport mode, no inner address */
41 MODE_TRANSPORT = 0,
42 /** tunnel mode, inner and outer addresses */
43 MODE_TUNNEL = 1,
44 /** BEET mode, tunnel mode but fixed, bound inner addresses */
45 MODE_BEET = 4,
46 };
47
48 /**
49 * enum names for mode_t.
50 */
51 extern enum_name_t *mode_names;
52
53 /**
54 * A child_cfg_t defines the config template for a CHILD_SA.
55 *
56 * After creation, proposals and traffic selectors may be added to the config.
57 * A child_cfg object is referenced multiple times, and is not thread save.
58 * Reading from the object is save, adding things is not allowed while other
59 * threads may access the object.
60 * A reference counter handles the number of references hold to this config.
61 *
62 * @see peer_cfg_t to get an overview over the configurations.
63 */
64 struct child_cfg_t {
65
66 /**
67 * Get the name of the child_cfg.
68 *
69 * @return child_cfg's name
70 */
71 char *(*get_name) (child_cfg_t *this);
72
73 /**
74 * Add a proposal to the list.
75 *
76 * The proposals are stored by priority, first added
77 * is the most prefered.
78 * After add, proposal is owned by child_cfg.
79 *
80 * @param proposal proposal to add
81 */
82 void (*add_proposal) (child_cfg_t *this, proposal_t *proposal);
83
84 /**
85 * Get the list of proposals for the CHILD_SA.
86 *
87 * Resulting list and all of its proposals must be freed after use.
88 *
89 * @param strip_dh TRUE strip out diffie hellman groups
90 * @return list of proposals
91 */
92 linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh);
93
94 /**
95 * Select a proposal from a supplied list.
96 *
97 * Returned propsal is newly created and must be destroyed after usage.
98 *
99 * @param proposals list from from wich proposals are selected
100 * @param strip_dh TRUE strip out diffie hellman groups
101 * @return selected proposal, or NULL if nothing matches
102 */
103 proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals,
104 bool strip_dh);
105
106 /**
107 * Add a traffic selector to the config.
108 *
109 * Use the "local" parameter to add it for the local or the remote side.
110 * After add, traffic selector is owned by child_cfg.
111 *
112 * @param local TRUE for local side, FALSE for remote
113 * @param ts traffic_selector to add
114 */
115 void (*add_traffic_selector)(child_cfg_t *this, bool local,
116 traffic_selector_t *ts);
117
118 /**
119 * Get a list of traffic selectors to use for the CHILD_SA.
120 *
121 * The config contains two set of traffic selectors, one for the local
122 * side, one for the remote side.
123 * If a list with traffic selectors is supplied, these are used to narrow
124 * down the traffic selector list to the greatest common divisor.
125 * Some traffic selector may be "dymamic", meaning they are narrowed down
126 * to a specific address (host-to-host or virtual-IP setups). Use
127 * the "host" parameter to narrow such traffic selectors to that address.
128 * Resulted list and its traffic selectors must be destroyed after use.
129 *
130 * @param local TRUE for TS on local side, FALSE for remote
131 * @param supplied list with TS to select from, or NULL
132 * @param host address to use for narrowing "dynamic" TS', or NULL
133 * @return list containing the traffic selectors
134 */
135 linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local,
136 linked_list_t *supplied,
137 host_t *host);
138
139 /**
140 * Get the updown script to run for the CHILD_SA.
141 *
142 * @return path to updown script
143 */
144 char* (*get_updown)(child_cfg_t *this);
145
146 /**
147 * Should we allow access to the local host (gateway)?
148 *
149 * @return value of hostaccess flag
150 */
151 bool (*get_hostaccess) (child_cfg_t *this);
152
153 /**
154 * Get the lifetime of a CHILD_SA.
155 *
156 * If "rekey" is set to TRUE, a lifetime is returned before the first
157 * rekeying should be started. If it is FALSE, the actual lifetime is
158 * returned when the CHILD_SA must be deleted.
159 * The rekey time automatically contains a jitter to avoid simlutaneous
160 * rekeying.
161 *
162 * @param rekey TRUE to get rekey time
163 * @return lifetime in seconds
164 */
165 u_int32_t (*get_lifetime) (child_cfg_t *this, bool rekey);
166
167 /**
168 * Get the mode to use for the CHILD_SA.
169 *
170 * The mode is either tunnel, transport or BEET. The peer must agree
171 * on the method, fallback is tunnel mode.
172 *
173 * @return lifetime in seconds
174 */
175 mode_t (*get_mode) (child_cfg_t *this);
176
177 /**
178 * Get the DH group to use for CHILD_SA setup.
179 *
180 * @return dh group to use
181 */
182 diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this);
183
184 /**
185 * Get a new reference.
186 *
187 * Get a new reference to this child_cfg by increasing
188 * it's internal reference counter.
189 * Do not call get_ref or any other function until you
190 * already have a reference. Otherwise the object may get
191 * destroyed while calling get_ref(),
192 */
193 void (*get_ref) (child_cfg_t *this);
194
195 /**
196 * Destroys the child_cfg object.
197 *
198 * Decrements the internal reference counter and
199 * destroys the child_cfg when it reaches zero.
200 */
201 void (*destroy) (child_cfg_t *this);
202 };
203
204 /**
205 * Create a configuration template for CHILD_SA setup.
206 *
207 * The "name" string gets cloned.
208 * Lifetimes are in seconds. To prevent to peers to start rekeying at the
209 * same time, a jitter may be specified. Rekeying of an SA starts at
210 * (rekeytime - random(0, jitter)). You should specify
211 * lifetime > rekeytime > jitter.
212 * After a call to create, a reference is obtained (refcount = 1).
213 *
214 * @param name name of the child_cfg
215 * @param lifetime lifetime after CHILD_SA expires and gets deleted
216 * @param rekeytime time when rekeying should be initiated
217 * @param jitter range of randomization time to remove from rekeytime
218 * @param updown updown script to execute on up/down event
219 * @param hostaccess TRUE to allow access to the local host
220 * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET
221 * @return child_cfg_t object
222 */
223 child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
224 u_int32_t rekeytime, u_int32_t jitter,
225 char *updown, bool hostaccess, mode_t mode);
226
227 #endif /* CHILD_CFG_H_ @} */