fixed CHILD_SA proposal selection when not using DH exchange
[strongswan.git] / src / charon / config / traffic_selector.h
index 109b991..0e798fc 100644 (file)
@@ -6,7 +6,9 @@
  */
 
 /*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Copyright (C) 2007 Tobias Brunner
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
 #ifndef TRAFFIC_SELECTOR_H_
 #define TRAFFIC_SELECTOR_H_
 
-#include <types.h>
-#include <utils/host.h>
-
 typedef enum ts_type_t ts_type_t;
+typedef struct traffic_selector_t traffic_selector_t;
+
+#include <library.h>
+#include <utils/host.h>
 
 /**
  * Traffic selector types.
@@ -55,25 +58,22 @@ enum ts_type_t {
 };
 
 /**
- * string mappings for ts_type_t
+ * enum names for ts_type_t
  */
-extern mapping_t ts_type_m[];
-
-
-typedef struct traffic_selector_t traffic_selector_t;
+extern enum_name_t *ts_type_name;
 
 /**
  * @brief Object representing a traffic selector entry.
- * 
+ *
  * A traffic selector defines an range of addresses
  * and a range of ports. IPv6 is not fully supported yet.
- * 
+ *
  * @b Constructors:
  * - traffic_selector_create_from_bytes()
  * - traffic_selector_create_from_string()
- * 
+ *
  * @todo Add IPv6 support
- * 
+ *
  * @ingroup config
  */
 struct traffic_selector_t {
@@ -81,20 +81,21 @@ struct traffic_selector_t {
        /**
         * @brief Compare two traffic selectors, and create a new one
         * which is the largest subset of both (subnet & port).
-        * 
+        *
         * Resulting traffic_selector is newly created and must be destroyed.
-        * 
+        *
         * @param this          first to compare
         * @param other         second to compare
         * @return
         *                                      - created subset of them
         *                                      - or NULL if no match between this and other
         */
-       traffic_selector_t *(*get_subset) (traffic_selector_t *this, traffic_selector_t *other);
+       traffic_selector_t *(*get_subset)  (traffic_selector_t *this, 
+                                                                               traffic_selector_t *other);
        
        /**
         * @brief Clone a traffic selector.
-        *  
+        *
         * @param this          traffic selector to clone
         * @return                      clone of it
         */
@@ -102,26 +103,20 @@ struct traffic_selector_t {
        
        /**
         * @brief Get starting address of this ts as a chunk.
-        * 
-        * Data is in network order and represents the address.
-        * Size depends on protocol.
-        * 
-        * Resulting chunk data is allocated and must be freed!
-        *  
-        * @param this          calling object
+        *
+        * Chunk is in network order gets allocated.
+        *
+        * @param this          called object
         * @return                      chunk containing the address
         */
        chunk_t (*get_from_address) (traffic_selector_t *this);
        
        /**
         * @brief Get ending address of this ts as a chunk.
-        * 
-        * Data is in network order and represents the address.
-        * Size depends on protocol.
-        * 
-        * Resulting chunk data is allocated and must be freed!
-        *  
-        * @param this          calling object
+        *
+        * Chunk is in network order gets allocated.
+        *
+        * @param this          called object
         * @return                      chunk containing the address
         */
        chunk_t (*get_to_address) (traffic_selector_t *this);
@@ -132,69 +127,96 @@ struct traffic_selector_t {
         * Port is in host order, since the parser converts it.
         * Size depends on protocol.
         *  
-        * @param this          calling object
+        * @param this          called object
         * @return                      port
         */
        u_int16_t (*get_from_port) (traffic_selector_t *this);
        
        /**
         * @brief Get ending port of this ts.
-        * 
+        *
         * Port is in host order, since the parser converts it.
         * Size depends on protocol.
-        *  
-        * @param this          calling object
+        *
+        * @param this          called object
         * @return                      port
         */
        u_int16_t (*get_to_port) (traffic_selector_t *this);
        
        /**
         * @brief Get the type of the traffic selector.
-        * 
-        * @param this          calling obect
+        *
+        * @param this          called object
         * @return                      ts_type_t specifying the type
         */
        ts_type_t (*get_type) (traffic_selector_t *this);
-               
+       
        /**
         * @brief Get the protocol id of this ts.
-        * 
-        * @param this          calling obect
+        *
+        * @param this          called object
         * @return                      protocol id
         */
        u_int8_t (*get_protocol) (traffic_selector_t *this);
-               
+       
        /**
-        * @brief Get the netmask of the address range.
-        * 
-        * Returns the number of bits associated to the subnet.
-        * (As the "24" in "192.168.0.0/24"). This is approximated
-        * if the address range is not a complete subnet! Since Linux
-        * does not support full IP address ranges (yet), we can't do this
-        * (much) better.
-        * 
-        * @param this          calling obect
-        * @return                      netmask as "bits for subnet"
+        * @brief Check if the traffic selector is for a single host.
+        *
+        * Traffic selector may describe the end of *-to-host tunnel. In this
+        * case, the address range is a single address equal to the hosts
+        * peer address.
+        * If host is NULL, the traffic selector is checked if it is a single host,
+        * but not a specific one.
+        *
+        * @param this          called object
+        * @param host          host_t specifying the address range
         */
-       u_int8_t (*get_netmask) (traffic_selector_t *this);
-               
+       bool (*is_host) (traffic_selector_t *this, host_t* host);
+       
        /**
         * @brief Update the address of a traffic selector.
+        *
+        * Update the address range of a traffic selector, if it is
+        * constructed with the traffic_selector_create_dynamic().
+        *
+        * @param this          called object
+        * @param host          host_t specifying the address
+        */
+       void (*set_address) (traffic_selector_t *this, host_t* host);
+       
+       /**
+        * @brief Compare two traffic selectors for equality.
         * 
-        * Update the address range of a traffic selector, 
-        * if the current address is 0.0.0.0. The new address range
-        * starts from the supplied address and also ends there 
-        * (which means it is a one-host-address-range ;-).
-        * 
-        * @param this          calling obect
-        * @param host          host_t specifying the address range
+        * @param this          first to compare
+        * @param other         second to compare with first
+        * @return                      pointer to a string.
         */
-       void (*update_address_range) (traffic_selector_t *this, host_t* host);
+       bool (*equals) (traffic_selector_t *this, traffic_selector_t *other);
+       
+       /**
+        * @brief Check if a traffic selector is contained completly in another.
+        *
+        * contains() allows to check if multiple traffic selectors are redundant.
+        *
+        * @param this          ts that is contained in another
+        * @param other         ts that contains this
+        * @return                      TRUE if other contains this completly, FALSE otherwise
+        */
+       bool (*is_contained_in) (traffic_selector_t *this, traffic_selector_t *other);
+
+       /**
+        * @brief Check if a specific host is included in the address range of 
+        * this traffic selector.
+        *
+        * @param this          called object
+        * @param host          the host to check
+        */
+       bool (*includes) (traffic_selector_t *this, host_t *host);
        
        /**
         * @brief Destroys the ts object
-        * 
-        * @param this          calling object
+        *
+        * @param this          called object
         */
        void (*destroy) (traffic_selector_t *this);
 };
@@ -214,7 +236,10 @@ struct traffic_selector_t {
  * 
  * @ingroup config
  */
-traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_type_t type, char *from_addr, u_int16_t from_port, char *to_addr, u_int16_t to_port);
+traffic_selector_t *traffic_selector_create_from_string(
+                                                                       u_int8_t protocol, ts_type_t type,
+                                                                       char *from_addr, u_int16_t from_port,
+                                                                       char *to_addr, u_int16_t to_port);
 
 /**
  * @brief Create a new traffic selector using data read from the net.
@@ -229,13 +254,14 @@ traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_ty
  * @param from_port            port number, host order
  * @param to_address   end of address range as string, network
  * @param to_port              port number, host order
- * @return
- *                                             - traffic_selector_t object
- *                                             - NULL if invalid address input/protocol
+ * @return                             traffic_selector_t object
  *
  * @ingroup config
  */
-traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_type_t type, chunk_t from_address, int16_t from_port, chunk_t to_address, u_int16_t to_port);
+traffic_selector_t *traffic_selector_create_from_bytes(
+                                                               u_int8_t protocol, ts_type_t type,
+                                                               chunk_t from_address, u_int16_t from_port,
+                                                               chunk_t to_address, u_int16_t to_port);
 
 /**
  * @brief Create a new traffic selector defining a whole subnet.
@@ -255,6 +281,32 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ
  *
  * @ingroup config
  */
-traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits, u_int8_t protocol, u_int16_t port);
+traffic_selector_t *traffic_selector_create_from_subnet(
+                                                                       host_t *net, u_int8_t netbits, 
+                                                                       u_int8_t protocol, u_int16_t port);
+
+/**
+ * @brief Create a traffic selector for host-to-host cases.
+ * 
+ * For host2host or virtual IP setups, the traffic selectors gets
+ * created at runtime using the external/virtual IP. Using this constructor,
+ * a call to set_address() sets this traffic selector to the supplied host.
+ * 
+ * 
+ * @param protocol             upper layer protocl to allow
+ * @param type                 family type
+ * @param from_port            start of allowed port range
+ * @param to_port              end of range
+ * @return
+ *                                             - traffic_selector_t object
+ *                                             - NULL if type not supported
+ *
+ * @ingroup config
+ */
+traffic_selector_t *traffic_selector_create_dynamic(
+                                                                       u_int8_t protocol, ts_type_t type,
+                                                                       u_int16_t from_port, u_int16_t to_port);
 
 #endif /* TRAFFIC_SELECTOR_H_ */
+
+/* vim: set ts=4 sw=4 noet: */