1 files changed, 0 insertions, 413 deletions
diff --git a/src/charon/config/policies/policy.h b/src/charon/config/policies/policy.h
deleted file mode 100644
index d8916b29e..000000000
--- a/src/charon/config/policies/policy.h
+++ /dev/null
@@ -1,413 +0,0 @@
-/**
- * @file policy.h
- * 
- * @brief Interface of policy_t.
- *  
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef POLICY_H_
-#define POLICY_H_
-
-typedef enum dpd_action_t dpd_action_t;
-typedef struct policy_t policy_t;
-
-#include <library.h>
-#include <utils/identification.h>
-#include <config/traffic_selector.h>
-#include <config/proposal.h>
-#include <sa/authenticators/authenticator.h>
-#include <sa/authenticators/eap/eap_method.h>
-
-
-/**
- * @brief Actions to take when a peer does not respond (dead peer detected).
- *
- * These values are the same as in pluto/starter, so do not modify them!
- *
- * @ingroup config
- */
-enum dpd_action_t {
-	/** DPD disabled */
-	DPD_NONE,
-	/** remove CHILD_SA without replacement */
-	DPD_CLEAR,
-	/** route the CHILD_SA to resetup when needed */
-	DPD_ROUTE,
-	/** restart CHILD_SA in a new IKE_SA, immediately */
-	DPD_RESTART,
-};
-
-/**
- * enum names for dpd_action_t.
- */
-extern enum_name_t *dpd_action_names;
-
-/**
- * @brief Mode of an IPsec SA.
- *
- * These are equal to those defined in XFRM, so don't change.
- *
- * @ingroup config
- */
-enum mode_t {
-	/** transport mode, no inner address */
-	MODE_TRANSPORT = 0,
-	/** tunnel mode, inner and outer addresses */
-	MODE_TUNNEL = 1,
-	/** BEET mode, tunnel mode but fixed, bound inner addresses */
-	MODE_BEET = 4,
-};
-
-/**
- * enum names for mode_t.
- */
-extern enum_name_t *mode_names;
-
-/**
- * @brief A policy_t defines the policies to apply to CHILD_SAs.
- *
- * The given two IDs identify a policy. These rules define how
- * child SAs may be set up and which traffic may be IPsec'ed.
- *
- * @b Constructors:
- *   - policy_create()
- *
- * @ingroup config
- */
-struct policy_t {
-	
-	/**
-	 * @brief Get the name of the policy.
-	 * 
-	 * Returned object is not getting cloned.
-	 * 
-	 * @param this			calling object
-	 * @return				policy's name
-	 */
-	char *(*get_name) (policy_t *this);
-	
-	/**
-	 * @brief Get own id.
-	 * 
-	 * Returned object is not getting cloned.
-	 * 
-	 * @param this			calling object
-	 * @return				own id
-	 */
-	identification_t *(*get_my_id) (policy_t *this);
-	
-	/**
-	 * @brief Get peer id.
-	 *
-	 * Returned object is not getting cloned.
-	 * 
-	 * @param this			calling object
-	 * @return				other id
-	 */
-	identification_t *(*get_other_id) (policy_t *this);
-	
-	/**
-	 * @brief Get own ca.
-	 *
-	 * Returned object is not getting cloned.
-	 * 
-	 * @param this			calling object
-	 * @return				own ca
-	 */
-	identification_t *(*get_my_ca) (policy_t *this);
-
-	/**
-	 * @brief Get peer ca.
-	 *
-	 * Returned object is not getting cloned.
-	 * 
-	 * @param this			calling object
-	 * @return				other ca
-	 */
-	identification_t *(*get_other_ca) (policy_t *this);
-
-	/**
-	 * @brief Get the authentication method to use.
-	 * 
-	 * @param this		calling object
-	 * @return			authentication method
-	 */
-	auth_method_t (*get_auth_method) (policy_t *this);
-
-	/**
-	 * @brief Get the EAP type to use for peer authentication.
-	 * 
-	 * @param this		calling object
-	 * @return			authentication method
-	 */
-	eap_type_t (*get_eap_type) (policy_t *this);
-	
-	/**
-	 * @brief Get configured traffic selectors for our site.
-	 * 
-	 * Returns a list with all traffic selectors for the local
-	 * site. List and items must be destroyed after usage.
-	 * 
-	 * @param this			calling object
-	 * @return				list with traffic selectors
-	 */
-	linked_list_t *(*get_my_traffic_selectors) (policy_t *this, host_t *me);
-	
-	/**
-	 * @brief Get configured traffic selectors for others site.
-	 * 
-	 * Returns a list with all traffic selectors for the remote
-	 * site. List and items must be destroyed after usage.
-	 * 
-	 * @param this			calling object
-	 * @return				list with traffic selectors
-	 */
-	linked_list_t *(*get_other_traffic_selectors) (policy_t *this, host_t* other);
-	
-	/**
-	 * @brief Select traffic selectors from a supplied list for local site.
-	 * 
-	 * Resulted list and traffic selectors must be destroyed after usage.
-	 * As the traffic selectors may contain a wildcard address (0.0.0.0) for
-	 * addresses we don't know in previous, an address may be supplied to
-	 * replace these 0.0.0.0 addresses on-the-fly.
-	 * 
-	 * @param this			calling object
-	 * @param supplied		linked list with traffic selectors
-	 * @param me			host address used by us
-	 * @return				list containing the selected traffic selectors
-	 */
-	linked_list_t *(*select_my_traffic_selectors) (policy_t *this, 
-												   linked_list_t *supplied,
-												   host_t *me);
-		
-	/**
-	 * @brief Select traffic selectors from a supplied list for remote site.
-	 * 
-	 * Resulted list and traffic selectors must be destroyed after usage.
-	 * As the traffic selectors may contain a wildcard address (0.0.0.0) for
-	 * addresses we don't know in previous, an address may be supplied to
-	 * replace these 0.0.0.0 addresses on-the-fly.
-	 *
-	 * @param this			calling object
-	 * @param supplied		linked list with traffic selectors
-	 * @return				list containing the selected traffic selectors
-	 */
-	linked_list_t *(*select_other_traffic_selectors) (policy_t *this, 
-													  linked_list_t *supplied,
-													  host_t *other);
-	
-	/**
-	 * @brief Get the list of internally stored proposals.
-	 * 
-	 * policy_t does store proposals for AH/ESP, IKE proposals are in 
-	 * the connection_t.
-	 * Resulting list and all of its proposals must be freed after usage.
-	 *
-	 * @param this			calling object
-	 * @return				lists with proposals
-	 */
-	linked_list_t *(*get_proposals) (policy_t *this);
-	
-	/**
-	 * @brief Select a proposal from a supplied list.
-	 *
-	 * Returned propsal is newly created and must be destroyed after usage.
-	 * 
-	 * @param this			calling object
-	 * @param proposals		list from from wich proposals are selected
-	 * @return				selected proposal, or NULL if nothing matches
-	 */
-	proposal_t *(*select_proposal) (policy_t *this, linked_list_t *proposals);
-	
-	/**
-	 * @brief Add a traffic selector to the list for local site.
-	 * 
-	 * After add, traffic selector is owned by policy.
-	 * 
-	 * @param this				calling object
-	 * @param traffic_selector	traffic_selector to add
-	 */
-	void (*add_my_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
-	
-	/**
-	 * @brief Add a traffic selector to the list for remote site.
-	 * 
-	 * After add, traffic selector is owned by policy.
-	 * 
-	 * @param this				calling object
-	 * @param traffic_selector	traffic_selector to add
-	 */
-	void (*add_other_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector);
-	
-	/**
-	 * @brief Add a proposal to the list. 
-	 * 
-	 * The proposals are stored by priority, first added
-	 * is the most prefered.
-	 * After add, proposal is owned by policy.
-	 * 
-	 * @param this			calling object
-	 * @param proposal		proposal to add
-	 */
-	void (*add_proposal) (policy_t *this, proposal_t *proposal);
-	
-	/**
-	 * @brief Add certification authorities.
-	 * 
-	 * @param this			calling object
-	 * @param my_ca			issuer of my certificate
-	 * @param other_ca		required issuer of the peer's certificate
-	 */
-	void (*add_authorities) (policy_t *this, identification_t *my_ca, identification_t *other_ca);
-
-	/**
-	 * @brief Get updown script
-	 * 
-	 * @param this			calling object
-	 * @return				path to updown script
-	 */
-	char* (*get_updown) (policy_t *this);
-	
-	/**
-	 * @brief Get hostaccess flag
-	 * 
-	 * @param this			calling object
-	 * @return				value of hostaccess flag
-	 */
-	bool (*get_hostaccess) (policy_t *this);
-	
-	/**
-	 * @brief What should be done with a CHILD_SA, when other peer does not respond.
-	 *
-	 * @param this 		calling object
-	 * @return			dpd action
-	 */	
-	dpd_action_t (*get_dpd_action) (policy_t *this);
-
-	/**
-	 * @brief Get the lifetime of a policy, before rekeying starts.
-	 * 
-	 * A call to this function automatically adds a jitter to
-	 * avoid simultanous rekeying.
-	 * 
-	 * @param this			policy 
-	 * @return				lifetime in seconds
-	 */
-	u_int32_t (*get_soft_lifetime) (policy_t *this);
-	
-	/**
-	 * @brief Get the lifetime of a policy, before SA gets deleted.
-	 * 
-	 * @param this			policy
-	 * @return				lifetime in seconds
-	 */
-	u_int32_t (*get_hard_lifetime) (policy_t *this);
-	
-	/**
-	 * @brief Get the mode to use for the CHILD_SA, tunnel, transport or BEET.
-	 * 
-	 * @param this			policy
-	 * @return				lifetime in seconds
-	 */
-	mode_t (*get_mode) (policy_t *this);
-	
-	/**
-	 * @brief Get a virtual IP for the local or the remote host.
-	 *
-	 * By supplying NULL as IP, an IP for the local host is requested. It
-	 * may be %any or specific. 
-	 * By supplying %any as host, an IP from the pool is selected to be
-	 * served to the peer.
-	 * If a specified host is supplied, it is checked if this address
-	 * is acceptable to serve to the peer. If so, it is returned. Otherwise,
-	 * an alternative IP is returned.
-	 * In any mode, this call may return NULL indicating virtual IP should
-	 * not be used.
-	 * 
-	 * @param this			policy
-	 * @param suggestion	NULL, %any or specific, see description
-	 * @return				clone of an IP to use, or NULL
-	 */
-	host_t* (*get_virtual_ip) (policy_t *this, host_t *suggestion);
-	
-	/**
-	 * @brief Get a new reference.
-	 *
-	 * Get a new reference to this policy by increasing
-	 * it's internal reference counter.
-	 * Do not call get_ref or any other function until you
-	 * already have a reference. Otherwise the object may get
-	 * destroyed while calling get_ref(),
-	 * 
-	 * @param this				calling object
-	 */
-	void (*get_ref) (policy_t *this);
-	
-	/**
-	 * @brief Destroys the policy object.
-	 *
-	 * Decrements the internal reference counter and
-	 * destroys the policy when it reaches zero.
-	 * 
-	 * @param this				calling object
-	 */
-	void (*destroy) (policy_t *this);
-};
-
-/**
- * @brief Create a configuration object for IKE_AUTH and later.
- * 
- * name-string gets cloned, ID's not.
- * Virtual IPs are used if they are != NULL. A %any host means the virtual
- * IP should be obtained from the other peer.
- * Lifetimes are in seconds. To prevent to peers to start rekeying at the
- * same time, a jitter may be specified. Rekeying of an SA starts at
- * (soft_lifetime - random(0, jitter)). After a successful rekeying, 
- * the hard_lifetime limit counter is reset. You should specify
- * hard_lifetime > soft_lifetime > jitter.
- * After a call to create, a reference is obtained (refcount = 1).
- * 
- * @param name				name of the policy
- * @param my_id 			identification_t for ourselves
- * @param other_id 			identification_t for the remote guy
- * @param my_virtual_ip		virtual IP for local host, or NULL
- * @param other_virtual_ip	virtual IP for remote host, or NULL
- * @param auth_method		Authentication method to use for our(!) auth data
- * @param eap_type			EAP type to use for peer authentication
- * @param hard_lifetime		lifetime before deleting an SA
- * @param soft_lifetime		lifetime before rekeying an SA
- * @param jitter			range of randomization time
- * @param updown			updown script to execute on up/down event
- * @param hostaccess		allow access to the host itself (used by the updown script)
- * @param mode				mode to propose for CHILD_SA, transport, tunnel or BEET
- * @param dpd_action		what to to with a CHILD_SA when other peer does not respond
- * @return 					policy_t object
- * 
- * @ingroup config
- */
-policy_t *policy_create(char *name, 
-						identification_t *my_id, identification_t *other_id,
-						host_t *my_virtual_ip, host_t *other_virtual_ip,
-						auth_method_t auth_method, eap_type_t eap_type,
-						u_int32_t hard_lifetime, u_int32_t soft_lifetime,
-						u_int32_t jitter, char *updown, bool hostaccess,
-						mode_t mode, dpd_action_t dpd_action);
-
-#endif /* POLICY_H_ */