141 lines
3.7 KiB
C
141 lines
3.7 KiB
C
/*
|
|
* Copyright (C) 2012 Tobias Brunner
|
|
* Copyright (C) 2012 Giuliano Grassi
|
|
* Copyright (C) 2012 Ralf Sager
|
|
* HSR Hochschule fuer Technik Rapperswil
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*/
|
|
|
|
/**
|
|
* @defgroup ipsec_policy ipsec_policy
|
|
* @{ @ingroup libipsec
|
|
*/
|
|
|
|
#ifndef IPSEC_POLICY_H
|
|
#define IPSEC_POLICY_H
|
|
|
|
#include "ip_packet.h"
|
|
|
|
#include <library.h>
|
|
#include <networking/host.h>
|
|
#include <ipsec/ipsec_types.h>
|
|
#include <selectors/traffic_selector.h>
|
|
|
|
typedef struct ipsec_policy_t ipsec_policy_t;
|
|
|
|
/**
|
|
* IPsec Policy
|
|
*/
|
|
struct ipsec_policy_t {
|
|
|
|
/**
|
|
* Get the source traffic selector of this policy
|
|
*
|
|
* @return the source traffic selector
|
|
*/
|
|
traffic_selector_t *(*get_source_ts)(ipsec_policy_t *this);
|
|
|
|
/**
|
|
* Get the destination traffic selector of this policy
|
|
*
|
|
* @return the destination traffic selector
|
|
*/
|
|
traffic_selector_t *(*get_destination_ts)(ipsec_policy_t *this);
|
|
|
|
/**
|
|
* Get the direction of this policy
|
|
*
|
|
* @return direction
|
|
*/
|
|
policy_dir_t (*get_direction)(ipsec_policy_t *this);
|
|
|
|
/**
|
|
* Get the priority of this policy
|
|
*
|
|
* @return priority
|
|
*/
|
|
policy_priority_t (*get_priority)(ipsec_policy_t *this);
|
|
|
|
/**
|
|
* Get the type of this policy (e.g. IPsec)
|
|
*
|
|
* @return the policy type
|
|
*/
|
|
policy_type_t (*get_type)(ipsec_policy_t *this);
|
|
|
|
/**
|
|
* Get the reqid associated to this policy
|
|
*
|
|
* @return the reqid
|
|
*/
|
|
uint32_t (*get_reqid)(ipsec_policy_t *this);
|
|
|
|
/**
|
|
* Get another reference to this policy
|
|
*
|
|
* @return additional reference to the policy
|
|
*/
|
|
ipsec_policy_t *(*get_ref)(ipsec_policy_t *this);
|
|
|
|
/**
|
|
* Check if this policy matches all given parameters
|
|
*
|
|
* @param src_ts source traffic selector
|
|
* @param dst_ts destination traffic selector
|
|
* @param direction traffic direction
|
|
* @param reqid reqid of the policy
|
|
* @param mark mark for this policy
|
|
* @param prioirty policy priority
|
|
* @return TRUE if policy matches all parameters
|
|
*/
|
|
bool (*match)(ipsec_policy_t *this, traffic_selector_t *src_ts,
|
|
traffic_selector_t *dst_ts, policy_dir_t direction,
|
|
uint32_t reqid, mark_t mark, policy_priority_t priority);
|
|
|
|
/**
|
|
* Check if this policy matches the given IP packet
|
|
*
|
|
* @param packet IP packet
|
|
* @return TRUE if policy matches the packet
|
|
*/
|
|
bool (*match_packet)(ipsec_policy_t *this, ip_packet_t *packet);
|
|
|
|
/**
|
|
* Destroy an ipsec_policy_t
|
|
*/
|
|
void (*destroy)(ipsec_policy_t *this);
|
|
|
|
};
|
|
|
|
/**
|
|
* Create an ipsec_policy_t instance
|
|
*
|
|
* @param src source address of SA
|
|
* @param dst dest address of SA
|
|
* @param src_ts traffic selector to match traffic source
|
|
* @param dst_ts traffic selector to match traffic dest
|
|
* @param direction direction of traffic, POLICY_(IN|OUT|FWD)
|
|
* @param type type of policy, POLICY_(IPSEC|PASS|DROP)
|
|
* @param sa details about the SA(s) tied to this policy
|
|
* @param mark mark for this policy
|
|
* @param priority priority of this policy
|
|
* @return ipsec policy instance
|
|
*/
|
|
ipsec_policy_t *ipsec_policy_create(host_t *src, host_t *dst,
|
|
traffic_selector_t *src_ts,
|
|
traffic_selector_t *dst_ts,
|
|
policy_dir_t direction, policy_type_t type,
|
|
ipsec_sa_cfg_t *sa, mark_t mark,
|
|
policy_priority_t priority);
|
|
|
|
#endif /** IPSEC_POLICY_H @}*/
|