Moving charon to libcharon.
[strongswan.git] / src / libcharon / config / ike_cfg.h
1 /*
2 * Copyright (C) 2005-2007 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup ike_cfg ike_cfg
19 * @{ @ingroup config
20 */
21
22 #ifndef IKE_CFG_H_
23 #define IKE_CFG_H_
24
25 typedef struct ike_cfg_t ike_cfg_t;
26
27 #include <library.h>
28 #include <utils/host.h>
29 #include <utils/linked_list.h>
30 #include <utils/identification.h>
31 #include <config/proposal.h>
32 #include <crypto/diffie_hellman.h>
33
34 /**
35 * An ike_cfg_t defines the rules to set up an IKE_SA.
36 *
37 * @see peer_cfg_t to get an overview over the configurations.
38 */
39 struct ike_cfg_t {
40
41 /**
42 * Get own address.
43 *
44 * @return string of address/DNS name
45 */
46 char* (*get_my_addr) (ike_cfg_t *this);
47
48 /**
49 * Get peers address.
50 *
51 * @return string of address/DNS name
52 */
53 char* (*get_other_addr) (ike_cfg_t *this);
54
55 /**
56 * Get the port to use as our source port.
57 *
58 * @return source address port, host order
59 */
60 u_int16_t (*get_my_port)(ike_cfg_t *this);
61
62 /**
63 * Get the port to use as destination port.
64 *
65 * @return destination address, host order
66 */
67 u_int16_t (*get_other_port)(ike_cfg_t *this);
68
69 /**
70 * Adds a proposal to the list.
71 *
72 * The first added proposal has the highest priority, the last
73 * added the lowest.
74 *
75 * @param proposal proposal to add
76 */
77 void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
78
79 /**
80 * Returns a list of all supported proposals.
81 *
82 * Returned list and its proposals must be destroyed after use.
83 *
84 * @return list containing all the proposals
85 */
86 linked_list_t* (*get_proposals) (ike_cfg_t *this);
87
88 /**
89 * Select a proposed from suggested proposals.
90 *
91 * Returned proposal must be destroyed after use.
92 *
93 * @param proposals list of proposals to select from
94 * @param private accept algorithms from a private range
95 * @return selected proposal, or NULL if none matches.
96 */
97 proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals,
98 bool private);
99
100 /**
101 * Should we send a certificate request in IKE_SA_INIT?
102 *
103 * @return certificate request sending policy
104 */
105 bool (*send_certreq) (ike_cfg_t *this);
106
107 /**
108 * Enforce UDP encapsulation by faking NATD notifies?
109 *
110 * @return TRUE to enfoce UDP encapsulation
111 */
112 bool (*force_encap) (ike_cfg_t *this);
113
114 /**
115 * Get the DH group to use for IKE_SA setup.
116 *
117 * @return dh group to use for initialization
118 */
119 diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
120
121 /**
122 * Check if two IKE configs are equal.
123 *
124 * @param other other to check for equality
125 * @return TRUE if other equal to this
126 */
127 bool (*equals)(ike_cfg_t *this, ike_cfg_t *other);
128
129 /**
130 * Increase reference count.
131 *
132 * @return reference to this
133 */
134 ike_cfg_t* (*get_ref) (ike_cfg_t *this);
135
136 /**
137 * Destroys a ike_cfg_t object.
138 *
139 * Decrements the internal reference counter and
140 * destroys the ike_cfg when it reaches zero.
141 */
142 void (*destroy) (ike_cfg_t *this);
143 };
144
145 /**
146 * Creates a ike_cfg_t object.
147 *
148 * Supplied hosts become owned by ike_cfg, the name gets cloned.
149 *
150 * @param certreq TRUE to send a certificate request
151 * @param force_encap enforce UDP encapsulation by faking NATD notify
152 * @param me address/DNS name of local peer
153 * @param my_port IKE port to use as source, 500 uses IKEv2 port floating
154 * @param other address/DNS name of remote peer
155 * @param other_port IKE port to use as dest, 500 uses IKEv2 port floating
156 * @return ike_cfg_t object.
157 */
158 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
159 char *me, u_int16_t my_port, char *other, u_int16_t other_port);
160
161 #endif /** IKE_CFG_H_ @}*/