2007-04-10 06:01:03 +00:00
|
|
|
/*
|
2017-02-07 10:30:49 +00:00
|
|
|
* Copyright (C) 2007-2017 Tobias Brunner
|
2009-04-14 10:34:24 +00:00
|
|
|
* Copyright (C) 2005-2009 Martin Willi
|
2007-04-10 06:01:03 +00:00
|
|
|
* Copyright (C) 2005 Jan Hutter
|
2016-04-04 16:41:17 +00:00
|
|
|
* HSR Hochschule fuer Technik Rapperswil
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the
|
|
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* for more details.
|
2008-03-13 14:14:44 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @defgroup peer_cfg peer_cfg
|
|
|
|
* @{ @ingroup config
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef PEER_CFG_H_
|
|
|
|
#define PEER_CFG_H_
|
|
|
|
|
|
|
|
typedef enum cert_policy_t cert_policy_t;
|
2008-04-14 13:23:24 +00:00
|
|
|
typedef enum unique_policy_t unique_policy_t;
|
2007-04-10 06:01:03 +00:00
|
|
|
typedef struct peer_cfg_t peer_cfg_t;
|
2016-04-04 16:41:17 +00:00
|
|
|
typedef struct peer_cfg_create_t peer_cfg_create_t;
|
2007-04-10 06:01:03 +00:00
|
|
|
|
|
|
|
#include <library.h>
|
|
|
|
#include <utils/identification.h>
|
2012-10-16 12:54:16 +00:00
|
|
|
#include <collections/enumerator.h>
|
2009-12-20 13:57:38 +00:00
|
|
|
#include <selectors/traffic_selector.h>
|
2017-11-17 16:15:14 +00:00
|
|
|
#include <crypto/proposal/proposal.h>
|
2007-04-10 06:01:03 +00:00
|
|
|
#include <config/ike_cfg.h>
|
|
|
|
#include <config/child_cfg.h>
|
2010-07-05 09:54:25 +00:00
|
|
|
#include <credentials/auth_cfg.h>
|
2007-04-10 06:01:03 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Certificate sending policy. This is also used for certificate
|
|
|
|
* requests when using this definition for the other peer. If
|
|
|
|
* it is CERT_NEVER_SEND, a certreq is omitted, otherwise its
|
|
|
|
* included.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* @warning These definitions must be the same as in pluto/starter,
|
|
|
|
* as they are sent over the stroke socket.
|
|
|
|
*/
|
|
|
|
enum cert_policy_t {
|
|
|
|
/** always send certificates, even when not requested */
|
2009-09-04 12:50:23 +00:00
|
|
|
CERT_ALWAYS_SEND = 0,
|
2007-04-10 06:01:03 +00:00
|
|
|
/** send certificate upon cert request */
|
2009-09-04 12:50:23 +00:00
|
|
|
CERT_SEND_IF_ASKED = 1,
|
2007-04-10 06:01:03 +00:00
|
|
|
/** never send a certificate, even when requested */
|
2009-09-04 12:50:23 +00:00
|
|
|
CERT_NEVER_SEND = 2,
|
2007-04-10 06:01:03 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* enum strings for cert_policy_t
|
|
|
|
*/
|
|
|
|
extern enum_name_t *cert_policy_names;
|
|
|
|
|
2008-04-14 13:23:24 +00:00
|
|
|
/**
|
|
|
|
* Uniqueness of an IKE_SA, used to drop multiple connections with one peer.
|
|
|
|
*/
|
|
|
|
enum unique_policy_t {
|
2012-09-10 15:24:21 +00:00
|
|
|
/** never check for client uniqueness */
|
|
|
|
UNIQUE_NEVER,
|
|
|
|
/** only check for client uniqueness when receiving an INITIAL_CONTACT */
|
2008-04-14 13:23:24 +00:00
|
|
|
UNIQUE_NO,
|
2012-09-10 15:24:21 +00:00
|
|
|
/** replace existing IKE_SAs when new ones get established by a client */
|
2008-04-14 13:23:24 +00:00
|
|
|
UNIQUE_REPLACE,
|
2012-09-10 15:24:21 +00:00
|
|
|
/** keep existing IKE_SAs, close the new ones on connection attempt */
|
2008-04-14 13:23:24 +00:00
|
|
|
UNIQUE_KEEP,
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* enum strings for unique_policy_t
|
|
|
|
*/
|
|
|
|
extern enum_name_t *unique_policy_names;
|
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Configuration of a peer, specified by IDs.
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
2007-04-11 07:20:39 +00:00
|
|
|
* The peer config defines a connection between two given IDs. It contains
|
2011-07-11 09:18:15 +00:00
|
|
|
* exactly one ike_cfg_t, which is used for initiation. Additionally, it
|
|
|
|
* contains multiple child_cfg_t defining which CHILD_SAs are allowed for this
|
|
|
|
* peer.
|
2007-04-11 07:20:39 +00:00
|
|
|
* @verbatim
|
2009-04-14 10:34:24 +00:00
|
|
|
+-------------------+ +---------------+
|
|
|
|
+---------------+ | peer_cfg | +---------------+ |
|
|
|
|
| ike_cfg | +-------------------+ | child_cfg | |
|
|
|
|
+---------------+ | - ids | +---------------+ |
|
|
|
|
| - hosts | 1 1 | - cas | 1 n | - proposals | |
|
|
|
|
| - proposals |<-----| - auth info |----->| - traffic sel | |
|
|
|
|
| - ... | | - dpd config | | - ... |-+
|
|
|
|
+---------------+ | - ... | +---------------+
|
|
|
|
+-------------------+
|
|
|
|
| 1 0 |
|
|
|
|
| |
|
|
|
|
v n n V
|
|
|
|
+-------------------+ +-------------------+
|
|
|
|
+-------------------+ | +-------------------+ |
|
|
|
|
| auth_cfg | | | auth_cfg | |
|
|
|
|
+-------------------+ | +-------------------+ |
|
|
|
|
| - local rules |-+ | - remote constr. |-+
|
|
|
|
+-------------------+ +-------------------+
|
2007-04-11 07:20:39 +00:00
|
|
|
@endverbatim
|
2009-04-14 10:34:24 +00:00
|
|
|
*
|
|
|
|
* Each peer_cfg has two lists of authentication config attached. Local
|
|
|
|
* authentication configs define how to authenticate ourself against the remote
|
|
|
|
* peer. Each config is enforced using the multiple authentication extension
|
2009-09-02 15:26:36 +00:00
|
|
|
* (RFC4739).
|
2009-04-14 10:34:24 +00:00
|
|
|
* The remote authentication configs are handled as constraints. The peer has
|
2011-07-20 13:57:53 +00:00
|
|
|
* to fulfill each of these rules (using multiple authentication, in any order)
|
2009-04-14 10:34:24 +00:00
|
|
|
* to gain access to the configuration.
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
|
|
|
struct peer_cfg_t {
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Get the name of the peer_cfg.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* Returned object is not getting cloned.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* @return peer_cfg's name
|
|
|
|
*/
|
|
|
|
char* (*get_name) (peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Get the IKE version to use for initiating.
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
2011-07-11 09:18:15 +00:00
|
|
|
* @return IKE major version
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2011-11-16 16:28:06 +00:00
|
|
|
ike_version_t (*get_ike_version)(peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Get the IKE config to use for initiaton.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* @return the IKE config to use
|
|
|
|
*/
|
|
|
|
ike_cfg_t* (*get_ike_cfg) (peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Attach a CHILD config.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* @param child_cfg CHILD config to add
|
|
|
|
*/
|
|
|
|
void (*add_child_cfg) (peer_cfg_t *this, child_cfg_t *child_cfg);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Detach a CHILD config, pointed to by an enumerator.
|
|
|
|
*
|
|
|
|
* @param enumerator enumerator indicating element position
|
|
|
|
*/
|
|
|
|
void (*remove_child_cfg)(peer_cfg_t *this, enumerator_t *enumerator);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2015-10-16 10:31:38 +00:00
|
|
|
/**
|
|
|
|
* Replace the CHILD configs with those in the given PEER config.
|
|
|
|
*
|
|
|
|
* The enumerator enumerates the removed and added CHILD configs
|
|
|
|
* (child_cfg_t*, bool), where the flag is FALSE for removed configs and
|
2018-09-06 13:13:37 +00:00
|
|
|
* TRUE for added configs. Configs that are equal are not enumerated.
|
2015-10-16 10:31:38 +00:00
|
|
|
*
|
|
|
|
* @param other other config to get CHILD configs from
|
|
|
|
* @return an enumerator over removed/added CHILD configs
|
|
|
|
*/
|
|
|
|
enumerator_t* (*replace_child_cfgs)(peer_cfg_t *this, peer_cfg_t *other);
|
|
|
|
|
2008-03-13 14:14:44 +00:00
|
|
|
/**
|
|
|
|
* Create an enumerator for all attached CHILD configs.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2008-03-13 14:14:44 +00:00
|
|
|
* @return an enumerator over all CHILD configs.
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2008-03-13 14:14:44 +00:00
|
|
|
enumerator_t* (*create_child_cfg_enumerator) (peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Select a CHILD config from traffic selectors.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* @param my_ts TS for local side
|
|
|
|
* @param other_ts TS for remote side
|
2012-09-18 10:46:36 +00:00
|
|
|
* @param my_hosts hosts to narrow down dynamic TS for local side
|
|
|
|
* @param other_hosts hosts to narrow down dynamic TS for remote side
|
2007-04-10 06:01:03 +00:00
|
|
|
* @return selected CHILD config, or NULL if no match found
|
|
|
|
*/
|
2012-09-18 10:46:36 +00:00
|
|
|
child_cfg_t* (*select_child_cfg) (peer_cfg_t *this,
|
|
|
|
linked_list_t *my_ts, linked_list_t *other_ts,
|
|
|
|
linked_list_t *my_hosts, linked_list_t *other_hosts);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2009-04-14 10:34:24 +00:00
|
|
|
* Add an authentication config to the peer configuration.
|
2008-03-13 14:14:44 +00:00
|
|
|
*
|
2013-07-18 15:27:11 +00:00
|
|
|
* @param cfg config to add
|
2009-04-14 10:34:24 +00:00
|
|
|
* @param local TRUE for local rules, FALSE for remote constraints
|
2008-03-13 14:14:44 +00:00
|
|
|
*/
|
2009-04-14 10:34:24 +00:00
|
|
|
void (*add_auth_cfg)(peer_cfg_t *this, auth_cfg_t *cfg, bool local);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2009-04-14 10:34:24 +00:00
|
|
|
* Create an enumerator over registered authentication configs.
|
|
|
|
*
|
|
|
|
* @param local TRUE for local rules, FALSE for remote constraints
|
|
|
|
* @return enumerator over auth_cfg_t*
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2009-04-14 10:34:24 +00:00
|
|
|
enumerator_t* (*create_auth_cfg_enumerator)(peer_cfg_t *this, bool local);
|
2007-09-13 15:33:17 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2013-07-18 15:27:11 +00:00
|
|
|
* Should a certificate be sent for this connection?
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
|
|
|
* @return certificate sending policy
|
|
|
|
*/
|
|
|
|
cert_policy_t (*get_cert_policy) (peer_cfg_t *this);
|
|
|
|
|
2008-04-14 13:23:24 +00:00
|
|
|
/**
|
|
|
|
* How to handle uniqueness of IKE_SAs?
|
|
|
|
*
|
|
|
|
* @return unique policy
|
|
|
|
*/
|
|
|
|
unique_policy_t (*get_unique_policy) (peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Get the max number of retries after timeout.
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
|
|
|
* @return max number retries
|
|
|
|
*/
|
2016-03-22 12:22:01 +00:00
|
|
|
uint32_t (*get_keyingtries) (peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2011-11-24 10:38:37 +00:00
|
|
|
* Get a time to start rekeying.
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
2016-05-03 15:33:43 +00:00
|
|
|
* @param jitter subtract a jitter value to randomize time
|
2007-11-20 12:06:40 +00:00
|
|
|
* @return time in s when to start rekeying, 0 disables rekeying
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2016-03-22 12:22:01 +00:00
|
|
|
uint32_t (*get_rekey_time)(peer_cfg_t *this, bool jitter);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2011-11-24 10:38:37 +00:00
|
|
|
* Get a time to start reauthentication.
|
2007-11-20 12:06:40 +00:00
|
|
|
*
|
2016-05-03 15:33:43 +00:00
|
|
|
* @param jitter subtract a jitter value to randomize time
|
2007-11-20 12:06:40 +00:00
|
|
|
* @return time in s when to start reauthentication, 0 disables it
|
|
|
|
*/
|
2016-03-22 12:22:01 +00:00
|
|
|
uint32_t (*get_reauth_time)(peer_cfg_t *this, bool jitter);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-11-20 12:06:40 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Get the timeout of a rekeying/reauthenticating SA.
|
2007-11-20 12:06:40 +00:00
|
|
|
*
|
|
|
|
* @return timeout in s
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2016-03-22 12:22:01 +00:00
|
|
|
uint32_t (*get_over_time)(peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-08-29 12:11:25 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Use MOBIKE (RFC4555) if peer supports it?
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-08-29 12:11:25 +00:00
|
|
|
* @return TRUE to enable MOBIKE support
|
|
|
|
*/
|
|
|
|
bool (*use_mobike) (peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2012-01-09 16:32:41 +00:00
|
|
|
/**
|
|
|
|
* Use/Accept aggressive mode with IKEv1?.
|
|
|
|
*
|
|
|
|
* @return TRUE to use aggressive mode
|
|
|
|
*/
|
|
|
|
bool (*use_aggressive)(peer_cfg_t *this);
|
|
|
|
|
2013-07-19 12:24:04 +00:00
|
|
|
/**
|
|
|
|
* Use pull or push mode for mode config?
|
|
|
|
*
|
|
|
|
* @return TRUE to use pull, FALSE to use push mode
|
|
|
|
*/
|
|
|
|
bool (*use_pull_mode)(peer_cfg_t *this);
|
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Get the DPD check interval.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* @return dpd_delay in seconds
|
|
|
|
*/
|
2016-03-22 12:22:01 +00:00
|
|
|
uint32_t (*get_dpd) (peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2012-05-17 17:49:22 +00:00
|
|
|
/**
|
|
|
|
* Get the DPD timeout interval (IKEv1 only)
|
|
|
|
*
|
|
|
|
* @return dpd_timeout in seconds
|
|
|
|
*/
|
2016-03-22 12:22:01 +00:00
|
|
|
uint32_t (*get_dpd_timeout) (peer_cfg_t *this);
|
2012-05-17 17:49:22 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2012-08-21 11:50:32 +00:00
|
|
|
* Add a virtual IP to request as initiator.
|
2007-05-22 13:49:31 +00:00
|
|
|
*
|
2012-08-21 11:50:32 +00:00
|
|
|
* @param vip virtual IP to request, may be %any or %any6
|
|
|
|
*/
|
|
|
|
void (*add_virtual_ip)(peer_cfg_t *this, host_t *vip);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create an enumerator over virtual IPs to request.
|
|
|
|
*
|
|
|
|
* The returned enumerator enumerates over IPs added with add_virtual_ip().
|
2007-05-22 13:49:31 +00:00
|
|
|
*
|
2012-08-21 11:50:32 +00:00
|
|
|
* @return enumerator over host_t*
|
2007-05-22 13:49:31 +00:00
|
|
|
*/
|
2012-08-21 11:50:32 +00:00
|
|
|
enumerator_t* (*create_virtual_ip_enumerator)(peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-05-22 13:49:31 +00:00
|
|
|
/**
|
2012-08-24 12:31:24 +00:00
|
|
|
* Add a pool name this configuration uses to select virtual IPs.
|
2007-05-22 13:49:31 +00:00
|
|
|
*
|
2012-08-24 12:31:24 +00:00
|
|
|
* @param name pool name to use for virtual IP lookup
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2012-08-24 12:31:24 +00:00
|
|
|
void (*add_pool)(peer_cfg_t *this, char *name);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create an enumerator over pool names of this config.
|
|
|
|
*
|
|
|
|
* @return enumerator over char*
|
|
|
|
*/
|
|
|
|
enumerator_t* (*create_pool_enumerator)(peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2008-03-26 18:40:19 +00:00
|
|
|
#ifdef ME
|
2007-10-03 15:10:41 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Is this a mediation connection?
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-10-03 15:10:41 +00:00
|
|
|
* @return TRUE, if this is a mediation connection
|
|
|
|
*/
|
2017-02-07 10:30:49 +00:00
|
|
|
bool (*is_mediation)(peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-10-03 15:10:41 +00:00
|
|
|
/**
|
2017-02-07 10:30:49 +00:00
|
|
|
* Get name of the connection this one is mediated through.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2017-02-07 10:30:49 +00:00
|
|
|
* @return the name of the mediation connection
|
2007-10-03 15:10:41 +00:00
|
|
|
*/
|
2017-02-07 10:30:49 +00:00
|
|
|
char* (*get_mediated_by)(peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-10-03 15:10:41 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Get the id of the other peer at the mediation server.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-10-03 15:10:41 +00:00
|
|
|
* This is the leftid of the peer's connection with the mediation server.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2007-10-03 15:10:41 +00:00
|
|
|
* If it is not configured, it is assumed to be the same as the right id
|
2009-09-02 15:26:36 +00:00
|
|
|
* of this connection.
|
|
|
|
*
|
2007-10-03 15:10:41 +00:00
|
|
|
* @return the id of the other peer
|
|
|
|
*/
|
2017-02-07 10:30:49 +00:00
|
|
|
identification_t* (*get_peer_id)(peer_cfg_t *this);
|
2008-03-26 18:40:19 +00:00
|
|
|
#endif /* ME */
|
2008-03-26 10:06:45 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if two peer configurations are equal.
|
|
|
|
*
|
|
|
|
* This method does not compare associated ike/child_cfg.
|
|
|
|
*
|
|
|
|
* @param other candidate to check for equality against this
|
|
|
|
* @return TRUE if peer_cfg and ike_cfg are equal
|
|
|
|
*/
|
|
|
|
bool (*equals)(peer_cfg_t *this, peer_cfg_t *other);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-05-06 10:55:42 +00:00
|
|
|
* Increase reference count.
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
2008-05-06 10:55:42 +00:00
|
|
|
* @return reference to this
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2008-05-06 10:55:42 +00:00
|
|
|
peer_cfg_t* (*get_ref) (peer_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Destroys the peer_cfg object.
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
|
|
|
* Decrements the internal reference counter and
|
|
|
|
* destroys the peer_cfg when it reaches zero.
|
|
|
|
*/
|
|
|
|
void (*destroy) (peer_cfg_t *this);
|
|
|
|
};
|
|
|
|
|
2016-04-04 16:41:17 +00:00
|
|
|
/**
|
|
|
|
* Data passed to the constructor of a peer_cfg_t object.
|
|
|
|
*/
|
|
|
|
struct peer_cfg_create_t {
|
|
|
|
/** Whether to send a certificate payload */
|
|
|
|
cert_policy_t cert_policy;
|
|
|
|
/** Uniqueness of an IKE_SA */
|
|
|
|
unique_policy_t unique;
|
|
|
|
/** How many keying tries should be done before giving up */
|
|
|
|
uint32_t keyingtries;
|
|
|
|
/** Timeout in seconds before starting rekeying */
|
|
|
|
uint32_t rekey_time;
|
|
|
|
/** Timeout in seconds before starting reauthentication */
|
|
|
|
uint32_t reauth_time;
|
|
|
|
/** Time range in seconds to randomly subtract from rekey/reauth time */
|
|
|
|
uint32_t jitter_time;
|
|
|
|
/** Maximum overtime in seconds before closing a rekeying/reauth SA */
|
|
|
|
uint32_t over_time;
|
|
|
|
/** Disable MOBIKE (RFC4555) */
|
|
|
|
bool no_mobike;
|
|
|
|
/** Use/accept aggressive mode with IKEv1 */
|
|
|
|
bool aggressive;
|
|
|
|
/** TRUE to use modeconfig push, FALSE for pull */
|
|
|
|
bool push_mode;
|
|
|
|
/** DPD check interval, 0 to disable */
|
|
|
|
uint32_t dpd;
|
|
|
|
/** DPD timeout interval (IKEv1 only), if 0 default applies */
|
|
|
|
uint32_t dpd_timeout;
|
|
|
|
#ifdef ME
|
|
|
|
/** TRUE if this is a mediation connection */
|
|
|
|
bool mediation;
|
2017-02-07 10:30:49 +00:00
|
|
|
/** peer_cfg_t of the mediation connection to mediate through (cloned) */
|
|
|
|
char *mediated_by;
|
2016-04-04 16:41:17 +00:00
|
|
|
/** ID that identifies our peer at the mediation server (adopted) */
|
|
|
|
identification_t *peer_id;
|
|
|
|
#endif /* ME */
|
|
|
|
};
|
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Create a configuration object for IKE_AUTH and later.
|
2009-09-02 15:26:36 +00:00
|
|
|
*
|
2016-04-04 16:41:17 +00:00
|
|
|
* @param name name of the peer_cfg (cloned)
|
|
|
|
* @param ike_cfg IKE config to use when acting as initiator (adopted)
|
|
|
|
* @param data data for this peer_cfg
|
2011-07-11 09:18:15 +00:00
|
|
|
* @return peer_cfg_t object
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2016-04-04 16:41:17 +00:00
|
|
|
peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg,
|
|
|
|
peer_cfg_create_t *data);
|
2007-04-10 06:01:03 +00:00
|
|
|
|
2009-03-24 17:43:01 +00:00
|
|
|
#endif /** PEER_CFG_H_ @}*/
|