diff options
Diffstat (limited to 'src/libcharon/config/ike_cfg.h')
-rw-r--r-- | src/libcharon/config/ike_cfg.h | 59 |
1 files changed, 54 insertions, 5 deletions
diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index 691d223a3..5a7fae1e9 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -22,16 +23,47 @@ #ifndef IKE_CFG_H_ #define IKE_CFG_H_ +typedef enum ike_version_t ike_version_t; +typedef enum fragmentation_t fragmentation_t; typedef struct ike_cfg_t ike_cfg_t; #include <library.h> -#include <utils/host.h> -#include <utils/linked_list.h> +#include <networking/host.h> +#include <collections/linked_list.h> #include <utils/identification.h> #include <config/proposal.h> #include <crypto/diffie_hellman.h> /** + * IKE version. + */ +enum ike_version_t { + /** any version */ + IKE_ANY = 0, + /** IKE version 1 */ + IKEV1 = 1, + /** IKE version 2 */ + IKEV2 = 2, +}; + +/** + * Proprietary IKEv1 fragmentation + */ +enum fragmentation_t { + /** disable fragmentation */ + FRAGMENTATION_NO, + /** enable fragmentation if supported by peer */ + FRAGMENTATION_YES, + /** force use of fragmentation (even for the first message) */ + FRAGMENTATION_FORCE, +}; + +/** + * enum strings fro ike_version_t + */ +extern enum_name_t *ike_version_names; + +/** * An ike_cfg_t defines the rules to set up an IKE_SA. * * @see peer_cfg_t to get an overview over the configurations. @@ -39,6 +71,13 @@ typedef struct ike_cfg_t ike_cfg_t; struct ike_cfg_t { /** + * Get the IKE version to use with this configuration. + * + * @return IKE major version + */ + ike_version_t (*get_version)(ike_cfg_t *this); + + /** * Get own address. * * @param allow_any allow any address to match @@ -109,11 +148,18 @@ struct ike_cfg_t { /** * Enforce UDP encapsulation by faking NATD notifies? * - * @return TRUE to enfoce UDP encapsulation + * @return TRUE to enforce UDP encapsulation */ bool (*force_encap) (ike_cfg_t *this); /** + * Use proprietary IKEv1 fragmentation + * + * @return TRUE to use fragmentation + */ + fragmentation_t (*fragmentation) (ike_cfg_t *this); + + /** * Get the DH group to use for IKE_SA setup. * * @return dh group to use for initialization @@ -149,6 +195,7 @@ struct ike_cfg_t { * * Supplied hosts become owned by ike_cfg, the name gets cloned. * + * @param version IKE major version to use for this config * @param certreq TRUE to send a certificate request * @param force_encap enforce UDP encapsulation by faking NATD notify * @param me address/DNS name of local peer @@ -157,10 +204,12 @@ struct ike_cfg_t { * @param other address/DNS name of remote peer * @param other_allow_any allow override of remote address by any address * @param other_port IKE port to use as dest, 500 uses IKEv2 port floating + * @param fragmentation use IKEv1 fragmentation * @return ike_cfg_t object. */ -ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, +ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, char *me, bool my_allow_any, u_int16_t my_port, - char *other, bool other_allow_any, u_int16_t other_port); + char *other, bool other_allow_any, u_int16_t other_port, + fragmentation_t fragmentation); #endif /** IKE_CFG_H_ @}*/ |