summaryrefslogtreecommitdiff
path: root/src/libcharon/kernel/kernel_interface.h
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2016-07-16 15:19:53 +0200
committerYves-Alexis Perez <corsac@debian.org>2016-07-16 15:19:53 +0200
commita4ab9f7f145c94a5eeb950b92b95c3d362baee67 (patch)
treeb3490a4d2054b18dd1549416216557c8114329aa /src/libcharon/kernel/kernel_interface.h
parent7c6a8194526dc1035140a3157a07b2d9dbfedc59 (diff)
parentbf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff)
downloadvyos-strongswan-a4ab9f7f145c94a5eeb950b92b95c3d362baee67.tar.gz
vyos-strongswan-a4ab9f7f145c94a5eeb950b92b95c3d362baee67.zip
Merge tag 'upstream/5.5.0'
Upstream version 5.5.0
Diffstat (limited to 'src/libcharon/kernel/kernel_interface.h')
-rw-r--r--src/libcharon/kernel/kernel_interface.h185
1 files changed, 57 insertions, 128 deletions
diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h
index 6793c6cc6..225b40932 100644
--- a/src/libcharon/kernel/kernel_interface.h
+++ b/src/libcharon/kernel/kernel_interface.h
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2006-2016 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -108,7 +108,7 @@ struct kernel_interface_t {
* @return SUCCESS if operation completed
*/
status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi);
+ uint8_t protocol, uint32_t *spi);
/**
* Get a Compression Parameter Index (CPI) from the kernel.
@@ -119,7 +119,7 @@ struct kernel_interface_t {
* @return SUCCESS if operation completed
*/
status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi);
+ uint16_t *cpi);
/**
* Allocate or confirm a reqid to use for a given SA pair.
@@ -141,7 +141,7 @@ struct kernel_interface_t {
status_t (*alloc_reqid)(kernel_interface_t *this,
linked_list_t *local_ts, linked_list_t *remote_ts,
mark_t mark_in, mark_t mark_out,
- u_int32_t *reqid);
+ uint32_t *reqid);
/**
* Release a previously allocated reqid.
@@ -151,7 +151,7 @@ struct kernel_interface_t {
* @param mark_out outbound mark on SA
* @return SUCCESS if reqid released
*/
- status_t (*release_reqid)(kernel_interface_t *this, u_int32_t reqid,
+ status_t (*release_reqid)(kernel_interface_t *this, uint32_t reqid,
mark_t mark_in, mark_t mark_out);
/**
@@ -160,41 +160,12 @@ struct kernel_interface_t {
* This function does install a single SA for a single protocol in one
* direction.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param reqid reqid for this SA
- * @param mark optional mark for this SA
- * @param tfc Traffic Flow Confidentiality padding for this SA
- * @param lifetime lifetime_cfg_t for this SA
- * @param enc_alg Algorithm to use for encryption (ESP only)
- * @param enc_key key to use for encryption
- * @param int_alg Algorithm to use for integrity protection
- * @param int_key key to use for integrity protection
- * @param mode mode of the SA (tunnel, transport)
- * @param ipcomp IPComp transform to use
- * @param cpi CPI for IPComp
- * @param replay_window anti-replay window size
- * @param initiator TRUE if initiator of the exchange creating this SA
- * @param encap enable UDP encapsulation for NAT traversal
- * @param esn TRUE to use Extended Sequence Numbers
- * @param inbound TRUE if this is an inbound SA
- * @param update TRUE if an SPI has already been allocated for SA
- * @param src_ts list of source traffic selectors
- * @param dst_ts list of destination traffic selectors
+ * @param id data identifying this SA
+ * @param data data for this SA
* @return SUCCESS if operation completed
*/
- status_t (*add_sa) (kernel_interface_t *this,
- host_t *src, host_t *dst, u_int32_t spi,
- u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- u_int32_t replay_window, bool initiator, bool encap,
- bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts);
+ status_t (*add_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data);
/**
* Update the hosts on an installed SA.
@@ -204,85 +175,55 @@ struct kernel_interface_t {
* to identify SAs. Therefore if the destination address changed we
* create a new SA and delete the old one.
*
- * @param spi SPI of the SA
- * @param protocol protocol for this SA (ESP/AH)
- * @param cpi CPI for IPComp, 0 if no IPComp is used
- * @param src current source address
- * @param dst current destination address
- * @param new_src new source address
- * @param new_dst new destination address
- * @param encap current use of UDP encapsulation
- * @param new_encap new use of UDP encapsulation
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data updated data for this SA
* @return SUCCESS if operation completed, NOT_SUPPORTED if
- * the kernel interface can't update the SA
+ * the kernel interface can't update the SA
*/
- status_t (*update_sa)(kernel_interface_t *this,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
- host_t *src, host_t *dst,
- host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap, mark_t mark);
+ status_t (*update_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data);
/**
* Query the number of bytes processed by an SA from the SAD.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data data to query the SA
* @param[out] bytes the number of bytes processed by SA
* @param[out] packets number of packets processed by SA
* @param[out] time last (monotonic) time of SA use
* @return SUCCESS if operation completed
*/
- status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time);
+ status_t (*query_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes,
+ uint64_t *packets, time_t *time);
/**
* Delete a previously installed SA from the SAD.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param cpi CPI for IPComp or 0
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data data to delete the SA
* @return SUCCESS if operation completed
*/
- status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
- mark_t mark);
+ status_t (*del_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data);
/**
* Flush all SAs from the SAD.
*
* @return SUCCESS if operation completed
*/
- status_t (*flush_sas) (kernel_interface_t *this);
+ status_t (*flush_sas)(kernel_interface_t *this);
/**
* Add a policy to the SPD.
*
- * @param src source address of SA
- * @param dst dest address of SA
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
- * @param sa details about the SA(s) tied to this policy
- * @param mark mark for this policy
- * @param priority priority of this policy
+ * @param id data identifying this policy
+ * @param data data for this policy
* @return SUCCESS if operation completed
*/
- status_t (*add_policy) (kernel_interface_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority);
+ status_t (*add_policy)(kernel_interface_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
/**
* Query the use time of a policy.
@@ -290,47 +231,33 @@ struct kernel_interface_t {
* The use time of a policy is the time the policy was used
* for the last time.
*
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param mark optional mark
- * @param[out] use_time the (monotonic) time of this SA's last use
+ * @param id data identifying this policy
+ * @param data data to query the policy
+ * @param[out] use_time the monotonic timestamp of this SA's last use
* @return SUCCESS if operation completed
*/
- status_t (*query_policy) (kernel_interface_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, mark_t mark,
- time_t *use_time);
+ status_t (*query_policy)(kernel_interface_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data,
+ time_t *use_time);
/**
* Remove a policy from the SPD.
*
- * @param src source address of SA
- * @param dst dest address of SA
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
- * @param sa details about the SA(s) tied to this policy
- * @param mark mark for this policy
- * @param priority priority of the policy
+ * @param id data identifying this policy
+ * @param data data for this policy
* @return SUCCESS if operation completed
*/
- status_t (*del_policy) (kernel_interface_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority);
+ status_t (*del_policy)(kernel_interface_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
/**
* Flush all policies from the SPD.
*
* @return SUCCESS if operation completed
*/
- status_t (*flush_policies) (kernel_interface_t *this);
+ status_t (*flush_policies)(kernel_interface_t *this);
/**
* Get our outgoing source address for a destination.
@@ -358,10 +285,12 @@ struct kernel_interface_t {
* @param dest target destination address
* @param prefix prefix length if dest is a subnet, -1 for auto
* @param src source address to check, or NULL
+ * @param[out] iface allocated name of the interface to reach dest, if
+ * available (optional)
* @return next hop address, NULL if unreachable
*/
host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest,
- int prefix, host_t *src);
+ int prefix, host_t *src, char **iface);
/**
* Get the interface name of a local address. Interfaces that are down or
@@ -426,7 +355,7 @@ struct kernel_interface_t {
* ALREADY_DONE if the route already exists
*/
status_t (*add_route) (kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip,
char *if_name);
/**
@@ -440,7 +369,7 @@ struct kernel_interface_t {
* @return SUCCESS if operation completed
*/
status_t (*del_route) (kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip,
char *if_name);
/**
@@ -461,7 +390,7 @@ struct kernel_interface_t {
* @return TRUE if UDP decapsulation was enabled successfully
*/
bool (*enable_udp_decap)(kernel_interface_t *this, int fd, int family,
- u_int16_t port);
+ uint16_t port);
/**
@@ -561,7 +490,7 @@ struct kernel_interface_t {
* @param src_ts source traffic selector
* @param dst_ts destination traffic selector
*/
- void (*acquire)(kernel_interface_t *this, u_int32_t reqid,
+ void (*acquire)(kernel_interface_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
/**
@@ -572,7 +501,7 @@ struct kernel_interface_t {
* @param dst destination address of expired SA
* @param hard TRUE if it is a hard expire, FALSE otherwise
*/
- void (*expire)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ void (*expire)(kernel_interface_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard);
/**
@@ -583,7 +512,7 @@ struct kernel_interface_t {
* @param dst original destination address of SA
* @param remote new remote host
*/
- void (*mapping)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ void (*mapping)(kernel_interface_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, host_t *remote);
/**
@@ -596,7 +525,7 @@ struct kernel_interface_t {
* @param local local host address to be used in the IKE_SA
* @param remote remote host address to be used in the IKE_SA
*/
- void (*migrate)(kernel_interface_t *this, u_int32_t reqid,
+ void (*migrate)(kernel_interface_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, host_t *local, host_t *remote);
@@ -623,8 +552,8 @@ struct kernel_interface_t {
* @param kernel_id the kernel id of the algorithm
* @param kernel_name the kernel name of the algorithm
*/
- void (*register_algorithm)(kernel_interface_t *this, u_int16_t alg_id,
- transform_type_t type, u_int16_t kernel_id,
+ void (*register_algorithm)(kernel_interface_t *this, uint16_t alg_id,
+ transform_type_t type, uint16_t kernel_id,
char *kernel_name);
/**
@@ -637,8 +566,8 @@ struct kernel_interface_t {
* @param kernel_name the kernel name of the algorithm (optional)
* @return TRUE if algorithm was found
*/
- bool (*lookup_algorithm)(kernel_interface_t *this, u_int16_t alg_id,
- transform_type_t type, u_int16_t *kernel_id,
+ bool (*lookup_algorithm)(kernel_interface_t *this, uint16_t alg_id,
+ transform_type_t type, uint16_t *kernel_id,
char **kernel_name);
/**