Use the vararg list constructor in quick mode task
[strongswan.git] / src / libcharon / config / ike_cfg.h
1 /*
2 * Copyright (C) 2005-2007 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup ike_cfg ike_cfg
19 * @{ @ingroup config
20 */
21
22 #ifndef IKE_CFG_H_
23 #define IKE_CFG_H_
24
25 typedef struct ike_cfg_t ike_cfg_t;
26
27 #include <library.h>
28 #include <utils/host.h>
29 #include <utils/linked_list.h>
30 #include <utils/identification.h>
31 #include <config/proposal.h>
32 #include <crypto/diffie_hellman.h>
33
34 /**
35 * An ike_cfg_t defines the rules to set up an IKE_SA.
36 *
37 * @see peer_cfg_t to get an overview over the configurations.
38 */
39 struct ike_cfg_t {
40
41 /**
42 * Get own address.
43 *
44 * @param allow_any allow any address to match
45 * @return string of address/DNS name
46 */
47 char* (*get_my_addr) (ike_cfg_t *this, bool *allow_any);
48
49 /**
50 * Get peer's address.
51 *
52 * @param allow_any allow any address to match
53 * @return string of address/DNS name
54 */
55 char* (*get_other_addr) (ike_cfg_t *this, bool *allow_any);
56
57 /**
58 * Get the port to use as our source port.
59 *
60 * @return source address port, host order
61 */
62 u_int16_t (*get_my_port)(ike_cfg_t *this);
63
64 /**
65 * Get the port to use as destination port.
66 *
67 * @return destination address, host order
68 */
69 u_int16_t (*get_other_port)(ike_cfg_t *this);
70
71 /**
72 * Adds a proposal to the list.
73 *
74 * The first added proposal has the highest priority, the last
75 * added the lowest.
76 *
77 * @param proposal proposal to add
78 */
79 void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
80
81 /**
82 * Returns a list of all supported proposals.
83 *
84 * Returned list and its proposals must be destroyed after use.
85 *
86 * @return list containing all the proposals
87 */
88 linked_list_t* (*get_proposals) (ike_cfg_t *this);
89
90 /**
91 * Select a proposed from suggested proposals.
92 *
93 * Returned proposal must be destroyed after use.
94 *
95 * @param proposals list of proposals to select from
96 * @param private accept algorithms from a private range
97 * @return selected proposal, or NULL if none matches.
98 */
99 proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals,
100 bool private);
101
102 /**
103 * Should we send a certificate request in IKE_SA_INIT?
104 *
105 * @return certificate request sending policy
106 */
107 bool (*send_certreq) (ike_cfg_t *this);
108
109 /**
110 * Enforce UDP encapsulation by faking NATD notifies?
111 *
112 * @return TRUE to enfoce UDP encapsulation
113 */
114 bool (*force_encap) (ike_cfg_t *this);
115
116 /**
117 * Get the DH group to use for IKE_SA setup.
118 *
119 * @return dh group to use for initialization
120 */
121 diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
122
123 /**
124 * Check if two IKE configs are equal.
125 *
126 * @param other other to check for equality
127 * @return TRUE if other equal to this
128 */
129 bool (*equals)(ike_cfg_t *this, ike_cfg_t *other);
130
131 /**
132 * Increase reference count.
133 *
134 * @return reference to this
135 */
136 ike_cfg_t* (*get_ref) (ike_cfg_t *this);
137
138 /**
139 * Destroys a ike_cfg_t object.
140 *
141 * Decrements the internal reference counter and
142 * destroys the ike_cfg when it reaches zero.
143 */
144 void (*destroy) (ike_cfg_t *this);
145 };
146
147 /**
148 * Creates a ike_cfg_t object.
149 *
150 * Supplied hosts become owned by ike_cfg, the name gets cloned.
151 *
152 * @param certreq TRUE to send a certificate request
153 * @param force_encap enforce UDP encapsulation by faking NATD notify
154 * @param me address/DNS name of local peer
155 * @param my_allow_any allow override of local address by any address
156 * @param my_port IKE port to use as source, 500 uses IKEv2 port floating
157 * @param other address/DNS name of remote peer
158 * @param other_allow_any allow override of remote address by any address
159 * @param other_port IKE port to use as dest, 500 uses IKEv2 port floating
160 * @return ike_cfg_t object.
161 */
162 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
163 char *me, bool my_allow_any, u_int16_t my_port,
164 char *other, bool other_allow_any, u_int16_t other_port);
165
166 #endif /** IKE_CFG_H_ @}*/