ike: Reuse interface ID during CHILD_SA rekeyings
[strongswan.git] / src / libcharon / sa / ikev2 / tasks / child_create.h
1 /*
2 * Copyright (C) 2018-2019 Tobias Brunner
3 * Copyright (C) 2007 Martin Willi
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup child_create child_create
19 * @{ @ingroup tasks_v2
20 */
21
22 #ifndef CHILD_CREATE_H_
23 #define CHILD_CREATE_H_
24
25 typedef struct child_create_t child_create_t;
26
27 #include <library.h>
28 #include <sa/ike_sa.h>
29 #include <sa/task.h>
30 #include <config/child_cfg.h>
31
32 /**
33 * Task of type TASK_CHILD_CREATE, established a new CHILD_SA.
34 *
35 * This task may be included in the IKE_AUTH message or in a separate
36 * CREATE_CHILD_SA exchange.
37 */
38 struct child_create_t {
39
40 /**
41 * Implements the task_t interface
42 */
43 task_t task;
44
45 /**
46 * Use a specific reqid for the CHILD_SA.
47 *
48 * When this task is used for rekeying, the same reqid is used
49 * for the new CHILD_SA.
50 *
51 * @param reqid reqid to use
52 */
53 void (*use_reqid) (child_create_t *this, uint32_t reqid);
54
55 /**
56 * Use specific mark values to override configuration.
57 *
58 * @param in inbound mark value
59 * @param out outbound mark value
60 */
61 void (*use_marks)(child_create_t *this, uint32_t in, uint32_t out);
62
63 /**
64 * Use specific interface IDs, overriding configuration.
65 *
66 * @param in inbound interface ID
67 * @param out outbound interface ID
68 */
69 void (*use_if_ids)(child_create_t *this, uint32_t in, uint32_t out);
70
71 /**
72 * Initially propose a specific DH group to override configuration.
73 *
74 * This is used during rekeying to prefer the previously negotiated group.
75 *
76 * @param dh_group DH group to use
77 */
78 void (*use_dh_group)(child_create_t *this, diffie_hellman_group_t dh_group);
79
80 /**
81 * Get the lower of the two nonces, used for rekey collisions.
82 *
83 * @return lower nonce
84 */
85 chunk_t (*get_lower_nonce) (child_create_t *this);
86
87 /**
88 * Get the CHILD_SA established/establishing by this task.
89 *
90 * @return child_sa
91 */
92 child_sa_t* (*get_child) (child_create_t *this);
93
94 /**
95 * Enforce a specific CHILD_SA config as responder.
96 *
97 * @param cfg configuration to enforce, reference gets owned
98 */
99 void (*set_config)(child_create_t *this, child_cfg_t *cfg);
100 };
101
102 /**
103 * Create a new child_create task.
104 *
105 * @param ike_sa IKE_SA this task works for
106 * @param config child_cfg if task initiator, NULL if responder
107 * @param rekey whether we do a rekey or not
108 * @param tsi source of triggering packet, or NULL
109 * @param tsr destination of triggering packet, or NULL
110 * @return child_create task to handle by the task_manager
111 */
112 child_create_t *child_create_create(ike_sa_t *ike_sa,
113 child_cfg_t *config, bool rekey,
114 traffic_selector_t *tsi, traffic_selector_t *tsr);
115
116 #endif /** CHILD_CREATE_H_ @}*/