Added an option that allows to force IKEv1 fragmentation
[strongswan.git] / src / libcharon / config / ike_cfg.h
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2005-2007 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 /**
19 * @defgroup ike_cfg ike_cfg
20 * @{ @ingroup config
21 */
22
23 #ifndef IKE_CFG_H_
24 #define IKE_CFG_H_
25
26 typedef enum ike_version_t ike_version_t;
27 typedef enum fragmentation_t fragmentation_t;
28 typedef struct ike_cfg_t ike_cfg_t;
29
30 #include <library.h>
31 #include <networking/host.h>
32 #include <collections/linked_list.h>
33 #include <utils/identification.h>
34 #include <config/proposal.h>
35 #include <crypto/diffie_hellman.h>
36
37 /**
38 * IKE version.
39 */
40 enum ike_version_t {
41 /** any version */
42 IKE_ANY = 0,
43 /** IKE version 1 */
44 IKEV1 = 1,
45 /** IKE version 2 */
46 IKEV2 = 2,
47 };
48
49 /**
50 * Proprietary IKEv1 fragmentation
51 */
52 enum fragmentation_t {
53 /** disable fragmentation */
54 FRAGMENTATION_NO,
55 /** enable fragmentation if supported by peer */
56 FRAGMENTATION_YES,
57 /** force use of fragmentation (even for the first message) */
58 FRAGMENTATION_FORCE,
59 };
60
61 /**
62 * enum strings fro ike_version_t
63 */
64 extern enum_name_t *ike_version_names;
65
66 /**
67 * An ike_cfg_t defines the rules to set up an IKE_SA.
68 *
69 * @see peer_cfg_t to get an overview over the configurations.
70 */
71 struct ike_cfg_t {
72
73 /**
74 * Get the IKE version to use with this configuration.
75 *
76 * @return IKE major version
77 */
78 ike_version_t (*get_version)(ike_cfg_t *this);
79
80 /**
81 * Get own address.
82 *
83 * @param allow_any allow any address to match
84 * @return string of address/DNS name
85 */
86 char* (*get_my_addr) (ike_cfg_t *this, bool *allow_any);
87
88 /**
89 * Get peer's address.
90 *
91 * @param allow_any allow any address to match
92 * @return string of address/DNS name
93 */
94 char* (*get_other_addr) (ike_cfg_t *this, bool *allow_any);
95
96 /**
97 * Get the port to use as our source port.
98 *
99 * @return source address port, host order
100 */
101 u_int16_t (*get_my_port)(ike_cfg_t *this);
102
103 /**
104 * Get the port to use as destination port.
105 *
106 * @return destination address, host order
107 */
108 u_int16_t (*get_other_port)(ike_cfg_t *this);
109
110 /**
111 * Adds a proposal to the list.
112 *
113 * The first added proposal has the highest priority, the last
114 * added the lowest.
115 *
116 * @param proposal proposal to add
117 */
118 void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
119
120 /**
121 * Returns a list of all supported proposals.
122 *
123 * Returned list and its proposals must be destroyed after use.
124 *
125 * @return list containing all the proposals
126 */
127 linked_list_t* (*get_proposals) (ike_cfg_t *this);
128
129 /**
130 * Select a proposed from suggested proposals.
131 *
132 * Returned proposal must be destroyed after use.
133 *
134 * @param proposals list of proposals to select from
135 * @param private accept algorithms from a private range
136 * @return selected proposal, or NULL if none matches.
137 */
138 proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals,
139 bool private);
140
141 /**
142 * Should we send a certificate request in IKE_SA_INIT?
143 *
144 * @return certificate request sending policy
145 */
146 bool (*send_certreq) (ike_cfg_t *this);
147
148 /**
149 * Enforce UDP encapsulation by faking NATD notifies?
150 *
151 * @return TRUE to enforce UDP encapsulation
152 */
153 bool (*force_encap) (ike_cfg_t *this);
154
155 /**
156 * Use proprietary IKEv1 fragmentation
157 *
158 * @return TRUE to use fragmentation
159 */
160 fragmentation_t (*fragmentation) (ike_cfg_t *this);
161
162 /**
163 * Get the DH group to use for IKE_SA setup.
164 *
165 * @return dh group to use for initialization
166 */
167 diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
168
169 /**
170 * Check if two IKE configs are equal.
171 *
172 * @param other other to check for equality
173 * @return TRUE if other equal to this
174 */
175 bool (*equals)(ike_cfg_t *this, ike_cfg_t *other);
176
177 /**
178 * Increase reference count.
179 *
180 * @return reference to this
181 */
182 ike_cfg_t* (*get_ref) (ike_cfg_t *this);
183
184 /**
185 * Destroys a ike_cfg_t object.
186 *
187 * Decrements the internal reference counter and
188 * destroys the ike_cfg when it reaches zero.
189 */
190 void (*destroy) (ike_cfg_t *this);
191 };
192
193 /**
194 * Creates a ike_cfg_t object.
195 *
196 * Supplied hosts become owned by ike_cfg, the name gets cloned.
197 *
198 * @param version IKE major version to use for this config
199 * @param certreq TRUE to send a certificate request
200 * @param force_encap enforce UDP encapsulation by faking NATD notify
201 * @param me address/DNS name of local peer
202 * @param my_allow_any allow override of local address by any address
203 * @param my_port IKE port to use as source, 500 uses IKEv2 port floating
204 * @param other address/DNS name of remote peer
205 * @param other_allow_any allow override of remote address by any address
206 * @param other_port IKE port to use as dest, 500 uses IKEv2 port floating
207 * @param fragmentation use IKEv1 fragmentation
208 * @return ike_cfg_t object.
209 */
210 ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
211 char *me, bool my_allow_any, u_int16_t my_port,
212 char *other, bool other_allow_any, u_int16_t other_port,
213 fragmentation_t fragmentation);
214
215 #endif /** IKE_CFG_H_ @}*/