- policies contain a connections name now
[strongswan.git] / src / charon / config / policies / policy.h
1 /**
2 * @file policy.h
3 *
4 * @brief Interface of policy_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef POLICY_H_
24 #define POLICY_H_
25
26 #include <types.h>
27 #include <utils/identification.h>
28 #include <config/traffic_selector.h>
29 #include <config/proposal.h>
30 #include <encoding/payloads/auth_payload.h>
31
32
33 typedef struct policy_t policy_t;
34
35 /**
36 * @brief A policy_t defines the policies to apply to CHILD_SAs.
37 *
38 * The given two IDs identify a policy. These rules define how
39 * child SAs may be set up and which traffic may be IPsec'ed.
40 *
41 * @b Constructors:
42 * - policy_create()
43 *
44 * @ingroup config
45 */
46 struct policy_t {
47
48 /**
49 * @brief Get the name of the policy.
50 *
51 * Returned object is not getting cloned.
52 *
53 * @param this calling object
54 * @return policy's name
55 */
56 char *(*get_name) (policy_t *this);
57
58 /**
59 * @brief Get own id to use for identification.
60 *
61 * Returned object is not getting cloned.
62 *
63 * @param this calling object
64 * @return own id
65 */
66 identification_t *(*get_my_id) (policy_t *this);
67
68 /**
69 * @brief Get id of communication partner.
70 *
71 * Returned object is not getting cloned.
72 *
73 * @param this calling object
74 * @return other id
75 */
76 identification_t *(*get_other_id) (policy_t *this);
77
78 /**
79 * @brief Update own ID.
80 *
81 * It may be necessary to uptdate own ID, as it
82 * is set to %any or to e.g. *@strongswan.org in
83 * some cases.
84 * Old ID is destroyed, new one NOT cloned.
85 *
86 * @param this calling object
87 * @param my_id new ID to set as my_id
88 */
89 void (*update_my_id) (policy_t *this, identification_t *my_id);
90
91 /**
92 * @brief Update others ID.
93 *
94 * It may be necessary to uptdate others ID, as it
95 * is set to %any or to e.g. *@strongswan.org in
96 * some cases.
97 * Old ID is destroyed, new one NOT cloned.
98 *
99 * @param this calling object
100 * @param other_id new ID to set as other_id
101 */
102 void (*update_other_id) (policy_t *this, identification_t *other_id);
103
104 /**
105 * @brief Update own address in traffic selectors.
106 *
107 * Update own 0.0.0.0 address in traffic selectors
108 * with supplied one. The size of the subnet will be
109 * set to /32.
110 *
111 * @param this calling object
112 * @param my_host new address to set in traffic selectors
113 */
114 void (*update_my_ts) (policy_t *this, host_t *my_host);
115
116 /**
117 * @brief Update others address in traffic selectors.
118 *
119 * Update remote 0.0.0.0 address in traffic selectors
120 * with supplied one. The size of the subnet will be
121 * set to /32.
122 *
123 * @param this calling object
124 * @param other_host new address to set in traffic selectors
125 */
126 void (*update_other_ts) (policy_t *this, host_t *other_host);
127
128 /**
129 * @brief Get configured traffic selectors for our site.
130 *
131 * Returns a list with all traffic selectors for the local
132 * site. List and items MUST NOT be freed nor modified.
133 *
134 * @param this calling object
135 * @return list with traffic selectors
136 */
137 linked_list_t *(*get_my_traffic_selectors) (policy_t *this);
138
139 /**
140 * @brief Get configured traffic selectors for others site.
141 *
142 * Returns a list with all traffic selectors for the remote
143 * site. List and items MUST NOT be freed nor modified.
144 *
145 * @param this calling object
146 * @return list with traffic selectors
147 */
148 linked_list_t *(*get_other_traffic_selectors) (policy_t *this);
149
150 /**
151 * @brief Select traffic selectors from a supplied list for local site.
152 *
153 * Resulted list and traffic selectors must be destroyed after usage.
154 *
155 * @param this calling object
156 * @param supplied linked list with traffic selectors
157 * @return list containing the selected traffic selectors
158 */
159 linked_list_t *(*select_my_traffic_selectors) (policy_t *this, linked_list_t *supplied);
160
161 /**
162 * @brief Select traffic selectors from a supplied list for remote site.
163 *
164 * Resulted list and traffic selectors must be destroyed after usage.
165 *
166 * @param this calling object
167 * @param supplied linked list with traffic selectors
168 * @return list containing the selected traffic selectors
169 */
170 linked_list_t *(*select_other_traffic_selectors) (policy_t *this, linked_list_t *supplied);
171
172 /**
173 * @brief Get the list of internally stored proposals.
174 *
175 * Rembember: policy_t does store proposals for AH/ESP,
176 * IKE proposals are in the connection_t
177 *
178 * @warning List and Items are still owned by policy and MUST NOT
179 * be manipulated or freed!
180 *
181 * @param this calling object
182 * @return lists with proposals
183 */
184 linked_list_t *(*get_proposals) (policy_t *this);
185
186 /**
187 * @brief Select a proposal from a supplied list.
188 *
189 * @param this calling object
190 * @param proposals list from from wich proposals are selected
191 * @return selected proposal, or NULL if nothing matches
192 */
193 proposal_t *(*select_proposal) (policy_t *this, linked_list_t *proposals);
194
195 /**
196 * @brief Add a traffic selector to the list for local site.
197 *
198 * After add, proposal is owned by policy.
199 *
200 * @warning Do not add while other threads are reading.
201 *
202 * @param this calling object
203 * @param traffic_selector traffic_selector to add
204 */
205 void (*add_my_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
206
207 /**
208 * @brief Add a traffic selector to the list for remote site.
209 *
210 * After add, proposal is owned by policy.
211 *
212 * @warning Do not add while other threads are reading.
213 *
214 * @param this calling object
215 * @param traffic_selector traffic_selector to add
216 */
217 void (*add_other_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
218
219 /**
220 * @brief Add a proposal to the list.
221 *
222 * The proposals are stored by priority, first added
223 * is the most prefered.
224 *
225 * @warning Do not add while other threads are reading.
226 *
227 * @param this calling object
228 * @param proposal proposal to add
229 */
230 void (*add_proposal) (policy_t *this, proposal_t *proposal);
231
232 /**
233 * @brief Clone a policy.
234 *
235 * @param this policy to clone
236 * @return clone of it
237 */
238 policy_t *(*clone) (policy_t *this);
239
240 /**
241 * @brief Destroys the policy object
242 *
243 * @param this calling object
244 */
245 void (*destroy) (policy_t *this);
246 };
247
248 /**
249 * @brief Create a configuration object for IKE_AUTH and later.
250 *
251 * name-string gets cloned, ID's not.
252 *
253 * @param name name of the policy
254 * @param my_id identification_t for ourselves
255 * @param other_id identification_t for the remote guy
256 * @return policy_t object
257 *
258 * @ingroup config
259 */
260 policy_t *policy_create(char *name, identification_t *my_id, identification_t *other_id);
261
262 #endif /* POLICY_H_ */