kernel: Add option to control DS field behavior
[strongswan.git] / src / libstrongswan / ipsec / ipsec_types.h
1 /*
2 * Copyright (C) 2012-2013 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup ipsec_types ipsec_types
18 * @{ @ingroup ipsec
19 */
20
21 #ifndef IPSEC_TYPES_H_
22 #define IPSEC_TYPES_H_
23
24 typedef enum ipsec_mode_t ipsec_mode_t;
25 typedef enum policy_dir_t policy_dir_t;
26 typedef enum policy_type_t policy_type_t;
27 typedef enum policy_priority_t policy_priority_t;
28 typedef enum ipcomp_transform_t ipcomp_transform_t;
29 typedef enum hw_offload_t hw_offload_t;
30 typedef enum dscp_copy_t dscp_copy_t;
31 typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
32 typedef struct lifetime_cfg_t lifetime_cfg_t;
33 typedef struct mark_t mark_t;
34
35 #include <library.h>
36
37 /**
38 * Mode of an IPsec SA.
39 */
40 enum ipsec_mode_t {
41 /** not using any encapsulation */
42 MODE_NONE = 0,
43 /** transport mode, no inner address */
44 MODE_TRANSPORT = 1,
45 /** tunnel mode, inner and outer addresses */
46 MODE_TUNNEL,
47 /** BEET mode, tunnel mode but fixed, bound inner addresses */
48 MODE_BEET,
49 /** passthrough policy for traffic without an IPsec SA */
50 MODE_PASS,
51 /** drop policy discarding traffic */
52 MODE_DROP
53 };
54
55 /**
56 * enum names for ipsec_mode_t.
57 */
58 extern enum_name_t *ipsec_mode_names;
59
60 /**
61 * Direction of a policy. These are equal to those
62 * defined in xfrm.h, but we want to stay implementation
63 * neutral here.
64 */
65 enum policy_dir_t {
66 /** Policy for inbound traffic */
67 POLICY_IN = 0,
68 /** Policy for outbound traffic */
69 POLICY_OUT = 1,
70 /** Policy for forwarded traffic */
71 POLICY_FWD = 2,
72 };
73
74 /**
75 * enum names for policy_dir_t.
76 */
77 extern enum_name_t *policy_dir_names;
78
79 /**
80 * Type of a policy.
81 */
82 enum policy_type_t {
83 /** Normal IPsec policy */
84 POLICY_IPSEC = 1,
85 /** Passthrough policy (traffic is ignored by IPsec) */
86 POLICY_PASS,
87 /** Drop policy (traffic is discarded) */
88 POLICY_DROP,
89 };
90
91 /**
92 * High-level priority of a policy.
93 */
94 enum policy_priority_t {
95 /** Priority for passthrough policies */
96 POLICY_PRIORITY_PASS,
97 /** Priority for regular IPsec policies */
98 POLICY_PRIORITY_DEFAULT,
99 /** Priority for trap policies */
100 POLICY_PRIORITY_ROUTED,
101 /** Priority for fallback drop policies */
102 POLICY_PRIORITY_FALLBACK,
103 };
104
105 /**
106 * IPComp transform IDs, as in RFC 4306
107 */
108 enum ipcomp_transform_t {
109 IPCOMP_NONE = 0,
110 IPCOMP_OUI = 1,
111 IPCOMP_DEFLATE = 2,
112 IPCOMP_LZS = 3,
113 IPCOMP_LZJH = 4,
114 };
115
116 /**
117 * enum strings for ipcomp_transform_t.
118 */
119 extern enum_name_t *ipcomp_transform_names;
120
121 /**
122 * HW offload mode options
123 */
124 enum hw_offload_t {
125 HW_OFFLOAD_NO = 0,
126 HW_OFFLOAD_YES = 1,
127 HW_OFFLOAD_AUTO = 2,
128 };
129
130 /**
131 * enum names for hw_offload_t.
132 */
133 extern enum_name_t *hw_offload_names;
134
135 /**
136 * DSCP header field copy behavior (the default is not to copy from outer
137 * to inner header)
138 */
139 enum dscp_copy_t {
140 DSCP_COPY_OUT_ONLY,
141 DSCP_COPY_IN_ONLY,
142 DSCP_COPY_YES,
143 DSCP_COPY_NO,
144 };
145
146 /**
147 * enum strings for dscp_copy_t.
148 */
149 extern enum_name_t *dscp_copy_names;
150
151 /**
152 * This struct contains details about IPsec SA(s) tied to a policy.
153 */
154 struct ipsec_sa_cfg_t {
155 /** mode of SA (tunnel, transport) */
156 ipsec_mode_t mode;
157 /** unique ID */
158 uint32_t reqid;
159 /** number of policies of the same kind (in/out/fwd) attached to SA */
160 uint32_t policy_count;
161 /** details about ESP/AH */
162 struct {
163 /** TRUE if this protocol is used */
164 bool use;
165 /** SPI for ESP/AH */
166 uint32_t spi;
167 } esp, ah;
168 /** details about IPComp */
169 struct {
170 /** the IPComp transform used */
171 uint16_t transform;
172 /** CPI for IPComp */
173 uint16_t cpi;
174 } ipcomp;
175 };
176
177 /**
178 * Compare two ipsec_sa_cfg_t objects for equality.
179 *
180 * @param a first object
181 * @param b second object
182 * @return TRUE if both objects are equal
183 */
184 bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b);
185
186 /**
187 * A lifetime_cfg_t defines the lifetime limits of an SA.
188 *
189 * Set any of these values to 0 to ignore.
190 */
191 struct lifetime_cfg_t {
192 struct {
193 /** Limit before the SA gets invalid. */
194 uint64_t life;
195 /** Limit before the SA gets rekeyed. */
196 uint64_t rekey;
197 /** The range of a random value subtracted from rekey. */
198 uint64_t jitter;
199 } time, bytes, packets;
200 };
201
202 /**
203 * A mark_t defines an optional mark in an IPsec SA.
204 */
205 struct mark_t {
206 /** Mark value */
207 uint32_t value;
208 /** Mark mask */
209 uint32_t mask;
210 };
211
212 /**
213 * Special mark value that uses a unique mark for each CHILD_SA (and direction)
214 */
215 #define MARK_UNIQUE (0xFFFFFFFF)
216 #define MARK_UNIQUE_DIR (0xFFFFFFFE)
217 #define MARK_IS_UNIQUE(m) ((m) == MARK_UNIQUE || (m) == MARK_UNIQUE_DIR)
218
219 /**
220 * Try to parse a mark_t from the given string of the form mark[/mask].
221 *
222 * @param value string to parse
223 * @param mark mark to fill
224 * @return TRUE if parsing was successful
225 */
226 bool mark_from_string(const char *value, mark_t *mark);
227
228 #endif /** IPSEC_TYPES_H_ @}*/