4e6e2d9dc0eb9d68974f89596a7b931047dba320
[strongswan.git] / src / libstrongswan / ipsec / ipsec_types.h
1 /*
2 * Copyright (C) 2012-2013 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup ipsec_types ipsec_types
18 * @{ @ingroup ipsec
19 */
20
21 #ifndef IPSEC_TYPES_H_
22 #define IPSEC_TYPES_H_
23
24 typedef enum ipsec_mode_t ipsec_mode_t;
25 typedef enum policy_dir_t policy_dir_t;
26 typedef enum policy_type_t policy_type_t;
27 typedef enum policy_priority_t policy_priority_t;
28 typedef enum ipcomp_transform_t ipcomp_transform_t;
29 typedef enum hw_offload_t hw_offload_t;
30 typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
31 typedef struct lifetime_cfg_t lifetime_cfg_t;
32 typedef struct mark_t mark_t;
33
34 #include <library.h>
35
36 /**
37 * Mode of an IPsec SA.
38 */
39 enum ipsec_mode_t {
40 /** not using any encapsulation */
41 MODE_NONE = 0,
42 /** transport mode, no inner address */
43 MODE_TRANSPORT = 1,
44 /** tunnel mode, inner and outer addresses */
45 MODE_TUNNEL,
46 /** BEET mode, tunnel mode but fixed, bound inner addresses */
47 MODE_BEET,
48 /** passthrough policy for traffic without an IPsec SA */
49 MODE_PASS,
50 /** drop policy discarding traffic */
51 MODE_DROP
52 };
53
54 /**
55 * enum names for ipsec_mode_t.
56 */
57 extern enum_name_t *ipsec_mode_names;
58
59 /**
60 * Direction of a policy. These are equal to those
61 * defined in xfrm.h, but we want to stay implementation
62 * neutral here.
63 */
64 enum policy_dir_t {
65 /** Policy for inbound traffic */
66 POLICY_IN = 0,
67 /** Policy for outbound traffic */
68 POLICY_OUT = 1,
69 /** Policy for forwarded traffic */
70 POLICY_FWD = 2,
71 };
72
73 /**
74 * enum names for policy_dir_t.
75 */
76 extern enum_name_t *policy_dir_names;
77
78 /**
79 * Type of a policy.
80 */
81 enum policy_type_t {
82 /** Normal IPsec policy */
83 POLICY_IPSEC = 1,
84 /** Passthrough policy (traffic is ignored by IPsec) */
85 POLICY_PASS,
86 /** Drop policy (traffic is discarded) */
87 POLICY_DROP,
88 };
89
90 /**
91 * High-level priority of a policy.
92 */
93 enum policy_priority_t {
94 /** Priority for passthrough policies */
95 POLICY_PRIORITY_PASS,
96 /** Priority for regular IPsec policies */
97 POLICY_PRIORITY_DEFAULT,
98 /** Priority for trap policies */
99 POLICY_PRIORITY_ROUTED,
100 /** Priority for fallback drop policies */
101 POLICY_PRIORITY_FALLBACK,
102 };
103
104 /**
105 * IPComp transform IDs, as in RFC 4306
106 */
107 enum ipcomp_transform_t {
108 IPCOMP_NONE = 0,
109 IPCOMP_OUI = 1,
110 IPCOMP_DEFLATE = 2,
111 IPCOMP_LZS = 3,
112 IPCOMP_LZJH = 4,
113 };
114
115 /**
116 * enum strings for ipcomp_transform_t.
117 */
118 extern enum_name_t *ipcomp_transform_names;
119
120 /**
121 * HW offload mode options
122 */
123 enum hw_offload_t {
124 HW_OFFLOAD_NO = 0,
125 HW_OFFLOAD_YES = 1,
126 HW_OFFLOAD_AUTO = 2,
127 };
128
129 /**
130 * enum names for hw_offload_t.
131 */
132 extern enum_name_t *hw_offload_names;
133
134 /**
135 * This struct contains details about IPsec SA(s) tied to a policy.
136 */
137 struct ipsec_sa_cfg_t {
138 /** mode of SA (tunnel, transport) */
139 ipsec_mode_t mode;
140 /** unique ID */
141 uint32_t reqid;
142 /** number of policies of the same kind (in/out/fwd) attached to SA */
143 uint32_t policy_count;
144 /** details about ESP/AH */
145 struct {
146 /** TRUE if this protocol is used */
147 bool use;
148 /** SPI for ESP/AH */
149 uint32_t spi;
150 } esp, ah;
151 /** details about IPComp */
152 struct {
153 /** the IPComp transform used */
154 uint16_t transform;
155 /** CPI for IPComp */
156 uint16_t cpi;
157 } ipcomp;
158 };
159
160 /**
161 * Compare two ipsec_sa_cfg_t objects for equality.
162 *
163 * @param a first object
164 * @param b second object
165 * @return TRUE if both objects are equal
166 */
167 bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b);
168
169 /**
170 * A lifetime_cfg_t defines the lifetime limits of an SA.
171 *
172 * Set any of these values to 0 to ignore.
173 */
174 struct lifetime_cfg_t {
175 struct {
176 /** Limit before the SA gets invalid. */
177 uint64_t life;
178 /** Limit before the SA gets rekeyed. */
179 uint64_t rekey;
180 /** The range of a random value subtracted from rekey. */
181 uint64_t jitter;
182 } time, bytes, packets;
183 };
184
185 /**
186 * A mark_t defines an optional mark in an IPsec SA.
187 */
188 struct mark_t {
189 /** Mark value */
190 uint32_t value;
191 /** Mark mask */
192 uint32_t mask;
193 };
194
195 /**
196 * Special mark value that uses a unique mark for each CHILD_SA (and direction)
197 */
198 #define MARK_UNIQUE (0xFFFFFFFF)
199 #define MARK_UNIQUE_DIR (0xFFFFFFFE)
200 #define MARK_IS_UNIQUE(m) ((m) == MARK_UNIQUE || (m) == MARK_UNIQUE_DIR)
201
202 /**
203 * Try to parse a mark_t from the given string of the form mark[/mask].
204 *
205 * @param value string to parse
206 * @param mark mark to fill
207 * @return TRUE if parsing was successful
208 */
209 bool mark_from_string(const char *value, mark_t *mark);
210
211 #endif /** IPSEC_TYPES_H_ @}*/