1 files changed, 91 insertions, 29 deletions
diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index f1edde255..719ceb9dd 100644
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
@@ -22,16 +23,47 @@
 #ifndef IKE_CFG_H_
 #define IKE_CFG_H_
 
+typedef enum ike_version_t ike_version_t;
+typedef enum fragmentation_t fragmentation_t;
 typedef struct ike_cfg_t ike_cfg_t;
 
 #include <library.h>
-#include <utils/host.h>
-#include <utils/linked_list.h>
+#include <networking/host.h>
+#include <collections/linked_list.h>
 #include <utils/identification.h>
 #include <config/proposal.h>
 #include <crypto/diffie_hellman.h>
 
 /**
+ * IKE version.
+ */
+enum ike_version_t {
+	/** any version */
+	IKE_ANY = 0,
+	/** IKE version 1 */
+	IKEV1 = 1,
+	/** IKE version 2 */
+	IKEV2 = 2,
+};
+
+/**
+ * Proprietary IKEv1 fragmentation
+ */
+enum fragmentation_t {
+	/** disable fragmentation */
+	FRAGMENTATION_NO,
+	/** enable fragmentation if supported by peer */
+	FRAGMENTATION_YES,
+	/** force use of fragmentation (even for the first message) */
+	FRAGMENTATION_FORCE,
+};
+
+/**
+ * enum strings fro ike_version_t
+ */
+extern enum_name_t *ike_version_names;
+
+/**
  * An ike_cfg_t defines the rules to set up an IKE_SA.
  *
  * @see peer_cfg_t to get an overview over the configurations.
@@ -39,40 +71,56 @@ typedef struct ike_cfg_t ike_cfg_t;
 struct ike_cfg_t {
 
 	/**
+	 * Get the IKE version to use with this configuration.
+	 *
+	 * @return				IKE major version
+	 */
+	ike_version_t (*get_version)(ike_cfg_t *this);
+
+	/**
 	 * Get own address.
 	 *
-	 * @return		string of address/DNS name
+	 * @param allow_any		allow any address to match
+	 * @return				string of address/DNS name
 	 */
-	char* (*get_my_addr) (ike_cfg_t *this);
+	char* (*get_my_addr) (ike_cfg_t *this, bool *allow_any);
 
 	/**
-	 * Get peers address.
+	 * Get peer's address.
 	 *
-	 * @return		string of address/DNS name
+	 * @param allow_any		allow any address to match
+	 * @return				string of address/DNS name
 	 */
-	char* (*get_other_addr) (ike_cfg_t *this);
+	char* (*get_other_addr) (ike_cfg_t *this, bool *allow_any);
 
 	/**
 	 * Get the port to use as our source port.
 	 *
-	 * @return		source address port, host order
+	 * @return				source address port, host order
 	 */
 	u_int16_t (*get_my_port)(ike_cfg_t *this);
 
 	/**
 	 * Get the port to use as destination port.
 	 *
-	 * @return		destination address, host order
+	 * @return				destination address, host order
 	 */
 	u_int16_t (*get_other_port)(ike_cfg_t *this);
 
 	/**
+	 * Get the DSCP value to use for IKE packets send from connections.
+	 *
+	 * @return				DSCP value
+	 */
+	u_int8_t (*get_dscp)(ike_cfg_t *this);
+
+	/**
 	 * Adds a proposal to the list.
 	 *
 	 * The first added proposal has the highest priority, the last
 	 * added the lowest.
 	 *
-	 * @param proposal	proposal to add
+	 * @param proposal		proposal to add
 	 */
 	void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
 
@@ -81,7 +129,7 @@ struct ike_cfg_t {
 	 *
 	 * Returned list and its proposals must be destroyed after use.
 	 *
-	 * @return 			list containing all the proposals
+	 * @return 				list containing all the proposals
 	 */
 	linked_list_t* (*get_proposals) (ike_cfg_t *this);
 
@@ -90,9 +138,9 @@ struct ike_cfg_t {
 	 *
 	 * Returned proposal must be destroyed after use.
 	 *
-	 * @param proposals	list of proposals to select from
-	 * @param private	accept algorithms from a private range
-	 * @return			selected proposal, or NULL if none matches.
+	 * @param proposals		list of proposals to select from
+	 * @param private		accept algorithms from a private range
+	 * @return				selected proposal, or NULL if none matches.
 	 */
 	proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals,
 									bool private);
@@ -100,36 +148,43 @@ struct ike_cfg_t {
 	/**
 	 * Should we send a certificate request in IKE_SA_INIT?
 	 *
-	 * @return			certificate request sending policy
+	 * @return				certificate request sending policy
 	 */
 	bool (*send_certreq) (ike_cfg_t *this);
 
 	/**
 	 * Enforce UDP encapsulation by faking NATD notifies?
 	 *
-	 * @return			TRUE to enfoce UDP encapsulation
+	 * @return				TRUE to enforce UDP encapsulation
 	 */
 	bool (*force_encap) (ike_cfg_t *this);
 
 	/**
+	 * Use proprietary IKEv1 fragmentation
+	 *
+	 * @return				TRUE to use fragmentation
+	 */
+	fragmentation_t (*fragmentation) (ike_cfg_t *this);
+
+	/**
 	 * Get the DH group to use for IKE_SA setup.
 	 *
-	 * @return			dh group to use for initialization
+	 * @return				dh group to use for initialization
 	 */
 	diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
 
 	/**
 	 * Check if two IKE configs are equal.
 	 *
-	 * @param other		other to check for equality
-	 * @return			TRUE if other equal to this
+	 * @param other			other to check for equality
+	 * @return				TRUE if other equal to this
 	 */
 	bool (*equals)(ike_cfg_t *this, ike_cfg_t *other);
 
 	/**
 	 * Increase reference count.
 	 *
-	 * @return			reference to this
+	 * @return				reference to this
 	 */
 	ike_cfg_t* (*get_ref) (ike_cfg_t *this);
 
@@ -147,15 +202,22 @@ struct ike_cfg_t {
  *
  * Supplied hosts become owned by ike_cfg, the name gets cloned.
  *
- * @param certreq		TRUE to send a certificate request
- * @param force_encap	enforce UDP encapsulation by faking NATD notify
- * @param me			address/DNS name of local peer
- * @param my_port		IKE port to use as source, 500 uses IKEv2 port floating
- * @param other			address/DNS name of remote peer
- * @param other_port	IKE port to use as dest, 500 uses IKEv2 port floating
- * @return 				ike_cfg_t object.
+ * @param version			IKE major version to use for this config
+ * @param certreq			TRUE to send a certificate request
+ * @param force_encap		enforce UDP encapsulation by faking NATD notify
+ * @param me				address/DNS name of local peer
+ * @param my_allow_any		allow override of local address by any address
+ * @param my_port			IKE port to use as source, 500 uses IKEv2 port floating
+ * @param other				address/DNS name of remote peer
+ * @param other_allow_any	allow override of remote address by any address
+ * @param other_port		IKE port to use as dest, 500 uses IKEv2 port floating
+ * @param fragmentation		use IKEv1 fragmentation
+ * @param dscp				DSCP value to send IKE packets with
+ * @return 					ike_cfg_t object.
  */
-ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
-				char *me, u_int16_t my_port, char *other, u_int16_t other_port);
+ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
+						  char *me, bool my_allow_any, u_int16_t my_port,
+						  char *other, bool other_allow_any, u_int16_t other_port,
+						  fragmentation_t fragmentation, u_int8_t dscp);
 
 #endif /** IKE_CFG_H_ @}*/