moved force_encap to ike_config, enables responder to enforce udp encapsulation
[strongswan.git] / src / charon / config / ike_cfg.h
1 /**
2 * @file ike_cfg.h
3 *
4 * @brief Interface of ike_cfg_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2007 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #ifndef IKE_CFG_H_
25 #define IKE_CFG_H_
26
27 typedef struct ike_cfg_t ike_cfg_t;
28
29 #include <library.h>
30 #include <utils/host.h>
31 #include <utils/linked_list.h>
32 #include <utils/identification.h>
33 #include <config/proposal.h>
34 #include <crypto/diffie_hellman.h>
35
36 /**
37 * @brief An ike_cfg_t defines the rules to set up an IKE_SA.
38 *
39 * @see peer_cfg_t to get an overview over the configurations.
40 *
41 * @b Constructors:
42 * - ike_cfg_create()
43 *
44 * @ingroup config
45 */
46 struct ike_cfg_t {
47
48 /**
49 * @brief Get own address.
50 *
51 * @param this calling object
52 * @return host information as host_t object
53 */
54 host_t* (*get_my_host) (ike_cfg_t *this);
55
56 /**
57 * @brief Get peers address.
58 *
59 * @param this calling object
60 * @return host information as host_t object
61 */
62 host_t* (*get_other_host) (ike_cfg_t *this);
63
64 /**
65 * @brief Adds a proposal to the list.
66 *
67 * The first added proposal has the highest priority, the last
68 * added the lowest.
69 *
70 * @param this calling object
71 * @param proposal proposal to add
72 */
73 void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
74
75 /**
76 * @brief Returns a list of all supported proposals.
77 *
78 * Returned list and its proposals must be destroyed after use.
79 *
80 * @param this calling object
81 * @return list containing all the proposals
82 */
83 linked_list_t* (*get_proposals) (ike_cfg_t *this);
84
85 /**
86 * @brief Select a proposed from suggested proposals.
87 *
88 * Returned proposal must be destroyed after use.
89 *
90 * @param this calling object
91 * @param proposals list of proposals to select from
92 * @return selected proposal, or NULL if none matches.
93 */
94 proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals);
95
96 /**
97 * @brief Should we send a certificate request in IKE_SA_INIT?
98 *
99 * @param this calling object
100 * @return certificate request sending policy
101 */
102 bool (*send_certreq) (ike_cfg_t *this);
103
104 /**
105 * @brief Enforce UDP encapsulation by faking NATD notifies?
106 *
107 * @param this calling object
108 * @return TRUE to enfoce UDP encapsulation
109 */
110 bool (*force_encap) (ike_cfg_t *this);
111
112 /**
113 * @brief Get the DH group to use for IKE_SA setup.
114 *
115 * @param this calling object
116 * @return dh group to use for initialization
117 */
118 diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
119
120 /**
121 * @brief Get a new reference to this ike_cfg.
122 *
123 * Get a new reference to this ike_cfg by increasing
124 * it's internal reference counter.
125 * Do not call get_ref or any other function until you
126 * already have a reference. Otherwise the object may get
127 * destroyed while calling get_ref(),
128 *
129 * @param this calling object
130 */
131 void (*get_ref) (ike_cfg_t *this);
132
133 /**
134 * @brief Destroys a ike_cfg_t object.
135 *
136 * Decrements the internal reference counter and
137 * destroys the ike_cfg when it reaches zero.
138 *
139 * @param this calling object
140 */
141 void (*destroy) (ike_cfg_t *this);
142 };
143
144 /**
145 * @brief Creates a ike_cfg_t object.
146 *
147 * Supplied hosts become owned by ike_cfg, the name gets cloned.
148 *
149 * @param name ike_cfg identifier
150 * @param certreq TRUE to send a certificate request
151 * @param force_encap enforce UDP encapsulation by faking NATD notify
152 * @param my_host host_t representing local address
153 * @param other_host host_t representing remote address
154 * @return ike_cfg_t object.
155 *
156 * @ingroup config
157 */
158 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
159 host_t *my_host, host_t *other_host);
160
161 #endif /* IKE_CFG_H_ */