summaryrefslogtreecommitdiff
path: root/src/charon/kernel
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-10-21 11:18:20 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-10-21 11:18:20 +0000
commita9b7f8d4a4a4202facd9690580b38542e7933f00 (patch)
treed82a9d506c62cff257e5292845b68df3ca5c60dc /src/charon/kernel
parent12263dccbbb6747d53b97333c3d6f0f17e1bffea (diff)
downloadvyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.tar.gz
vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.zip
- New upstream release.
- Don't disable internal crypto plugins, pluto expects to find them in some cases. - Enable integrity checking.
Diffstat (limited to 'src/charon/kernel')
-rw-r--r--src/charon/kernel/kernel_interface.c14
-rw-r--r--src/charon/kernel/kernel_interface.h13
-rw-r--r--src/charon/kernel/kernel_ipsec.h13
3 files changed, 40 insertions, 0 deletions
diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c
index 5188b79fe..53ae1d200 100644
--- a/src/charon/kernel/kernel_interface.c
+++ b/src/charon/kernel/kernel_interface.c
@@ -104,6 +104,19 @@ static status_t update_sa(private_kernel_interface_t *this, u_int32_t spi,
}
/**
+ * Implementation of kernel_interface_t.query_sa
+ */
+static status_t query_sa(private_kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, bytes);
+}
+
+/**
* Implementation of kernel_interface_t.del_sa
*/
static status_t del_sa(private_kernel_interface_t *this, host_t *src, host_t *dst,
@@ -387,6 +400,7 @@ kernel_interface_t *kernel_interface_create()
this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa;
this->public.update_sa = (status_t(*)(kernel_interface_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
+ this->public.query_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
this->public.del_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
diff --git a/src/charon/kernel/kernel_interface.h b/src/charon/kernel/kernel_interface.h
index 8c58c959a..c4a273a34 100644
--- a/src/charon/kernel/kernel_interface.h
+++ b/src/charon/kernel/kernel_interface.h
@@ -141,6 +141,19 @@ struct kernel_interface_t {
bool encap, bool new_encap);
/**
+ * Query the number of bytes processed by an SA from the SAD.
+ *
+ * @param src source address for this SA
+ * @param dst destination address for this SA
+ * @param spi SPI allocated by us or remote peer
+ * @param protocol protocol for this SA (ESP/AH)
+ * @param[out] bytes the number of bytes processed by SA
+ * @return SUCCESS if operation completed
+ */
+ status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes);
+
+ /**
* Delete a previously installed SA from the SAD.
*
* @param src source address for this SA
diff --git a/src/charon/kernel/kernel_ipsec.h b/src/charon/kernel/kernel_ipsec.h
index 6e8c5bc63..d6438c197 100644
--- a/src/charon/kernel/kernel_ipsec.h
+++ b/src/charon/kernel/kernel_ipsec.h
@@ -171,6 +171,19 @@ struct kernel_ipsec_t {
bool encap, bool new_encap);
/**
+ * Query the number of bytes processed by an SA from the SAD.
+ *
+ * @param src source address for this SA
+ * @param dst destination address for this SA
+ * @param spi SPI allocated by us or remote peer
+ * @param protocol protocol for this SA (ESP/AH)
+ * @param[out] bytes the number of bytes processed by SA
+ * @return SUCCESS if operation completed
+ */
+ status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes);
+
+ /**
* Delete a previusly installed SA from the SAD.
*
* @param src source address for this SA