diff options
Diffstat (limited to 'src/charon/config/child_cfg.h')
-rw-r--r-- | src/charon/config/child_cfg.h | 251 |
1 files changed, 251 insertions, 0 deletions
diff --git a/src/charon/config/child_cfg.h b/src/charon/config/child_cfg.h new file mode 100644 index 000000000..e1a6553b4 --- /dev/null +++ b/src/charon/config/child_cfg.h @@ -0,0 +1,251 @@ +/** + * @file child_cfg.h + * + * @brief Interface of child_cfg_t. + * + */ + +/* + * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef CHILD_CFG_H_ +#define CHILD_CFG_H_ + +typedef enum mode_t mode_t; +typedef struct child_cfg_t child_cfg_t; + +#include <library.h> +#include <config/proposal.h> +#include <config/traffic_selector.h> + +/** + * @brief Mode of an CHILD_SA. + * + * These are equal to those defined in XFRM, so don't change. + * + * @ingroup config + */ +enum mode_t { + /** transport mode, no inner address */ + MODE_TRANSPORT = 0, + /** tunnel mode, inner and outer addresses */ + MODE_TUNNEL = 1, + /** BEET mode, tunnel mode but fixed, bound inner addresses */ + MODE_BEET = 4, +}; + +/** + * enum names for mode_t. + */ +extern enum_name_t *mode_names; + +/** + * @brief A child_cfg_t defines the config template for a CHILD_SA. + * + * After creation, proposals and traffic selectors may be added to the config. + * A child_cfg object is referenced multiple times, and is not thread save. + * Reading from the object is save, adding things is not allowed while other + * threads may access the object. + * A reference counter handles the number of references hold to this config. + * + * @see peer_cfg_t to get an overview over the configurations. + * + * @b Constructors: + * - child_cfg_create() + * + * @ingroup config + */ +struct child_cfg_t { + + /** + * @brief Get the name of the child_cfg. + * + * @param this calling object + * @return child_cfg's name + */ + char *(*get_name) (child_cfg_t *this); + + /** + * @brief Add a proposal to the list. + * + * The proposals are stored by priority, first added + * is the most prefered. + * After add, proposal is owned by child_cfg. + * + * @param this calling object + * @param proposal proposal to add + */ + void (*add_proposal) (child_cfg_t *this, proposal_t *proposal); + + /** + * @brief Get the list of proposals for the CHILD_SA. + * + * Resulting list and all of its proposals must be freed after use. + * + * @param this calling object + * @param strip_dh TRUE strip out diffie hellman groups + * @return list of proposals + */ + linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh); + + /** + * @brief Select a proposal from a supplied list. + * + * Returned propsal is newly created and must be destroyed after usage. + * + * @param this calling object + * @param proposals list from from wich proposals are selected + * @param strip_dh TRUE strip out diffie hellman groups + * @return selected proposal, or NULL if nothing matches + */ + proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals, + bool strip_dh); + + /** + * @brief Add a traffic selector to the config. + * + * Use the "local" parameter to add it for the local or the remote side. + * After add, traffic selector is owned by child_cfg. + * + * @param this calling object + * @param local TRUE for local side, FALSE for remote + * @param ts traffic_selector to add + */ + void (*add_traffic_selector)(child_cfg_t *this, bool local, + traffic_selector_t *ts); + + /** + * @brief Get a list of traffic selectors to use for the CHILD_SA. + * + * The config contains two set of traffic selectors, one for the local + * side, one for the remote side. + * If a list with traffic selectors is supplied, these are used to narrow + * down the traffic selector list to the greatest common divisor. + * Some traffic selector may be "dymamic", meaning they are narrowed down + * to a specific address (host-to-host or virtual-IP setups). Use + * the "host" parameter to narrow such traffic selectors to that address. + * Resulted list and its traffic selectors must be destroyed after use. + * + * @param this calling object + * @param local TRUE for TS on local side, FALSE for remote + * @param supplied list with TS to select from, or NULL + * @param host address to use for narrowing "dynamic" TS', or NULL + * @return list containing the traffic selectors + */ + linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local, + linked_list_t *supplied, + host_t *host); + + /** + * @brief Get the updown script to run for the CHILD_SA. + * + * @param this calling object + * @return path to updown script + */ + char* (*get_updown)(child_cfg_t *this); + + /** + * @brief Should we allow access to the local host (gateway)? + * + * @param this calling object + * @return value of hostaccess flag + */ + bool (*get_hostaccess) (child_cfg_t *this); + + /** + * @brief Get the lifetime of a CHILD_SA. + * + * If "rekey" is set to TRUE, a lifetime is returned before the first + * rekeying should be started. If it is FALSE, the actual lifetime is + * returned when the CHILD_SA must be deleted. + * The rekey time automatically contains a jitter to avoid simlutaneous + * rekeying. + * + * @param this child_cfg + * @param rekey TRUE to get rekey time + * @return lifetime in seconds + */ + u_int32_t (*get_lifetime) (child_cfg_t *this, bool rekey); + + /** + * @brief Get the mode to use for the CHILD_SA. + * + * The mode is either tunnel, transport or BEET. The peer must agree + * on the method, fallback is tunnel mode. + * + * @param this child_cfg + * @return lifetime in seconds + */ + mode_t (*get_mode) (child_cfg_t *this); + + /** + * @brief Get the DH group to use for CHILD_SA setup. + * + * @param this calling object + * @return dh group to use + */ + diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this); + + /** + * @brief Get a new reference. + * + * Get a new reference to this child_cfg by increasing + * it's internal reference counter. + * Do not call get_ref or any other function until you + * already have a reference. Otherwise the object may get + * destroyed while calling get_ref(), + * + * @param this calling object + */ + void (*get_ref) (child_cfg_t *this); + + /** + * @brief Destroys the child_cfg object. + * + * Decrements the internal reference counter and + * destroys the child_cfg when it reaches zero. + * + * @param this calling object + */ + void (*destroy) (child_cfg_t *this); +}; + +/** + * @brief Create a configuration template for CHILD_SA setup. + * + * The "name" string gets cloned. + * Lifetimes are in seconds. To prevent to peers to start rekeying at the + * same time, a jitter may be specified. Rekeying of an SA starts at + * (rekeytime - random(0, jitter)). You should specify + * lifetime > rekeytime > jitter. + * After a call to create, a reference is obtained (refcount = 1). + * + * @param name name of the child_cfg + * @param lifetime lifetime after CHILD_SA expires and gets deleted + * @param rekeytime time when rekeying should be initiated + * @param jitter range of randomization time to remove from rekeytime + * @param updown updown script to execute on up/down event + * @param hostaccess TRUE to allow access to the local host + * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET + * @return child_cfg_t object + * + * @ingroup config + */ +child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime, + u_int32_t rekeytime, u_int32_t jitter, + char *updown, bool hostaccess, mode_t mode); + +#endif /* CHILD_CFG_H_ */ |