diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-08-09 09:43:35 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-08-09 09:43:35 +0000 |
| commit | 9e7fb8577802de2abf191d783be5b6b953c22271 (patch) | |
| tree | e6818532d3a85a8a840652f6dfc0d58d42c89a69 /src/libcharon/kernel | |
| parent | 20e652eab94f898365fdde046ed11a2dda2f165e (diff) | |
| download | vyos-strongswan-9e7fb8577802de2abf191d783be5b6b953c22271.tar.gz vyos-strongswan-9e7fb8577802de2abf191d783be5b6b953c22271.zip | |
New upstream release.
Diffstat (limited to 'src/libcharon/kernel')
| -rw-r--r-- | src/libcharon/kernel/kernel_interface.c | 36 | ||||
| -rw-r--r-- | src/libcharon/kernel/kernel_interface.h | 26 | ||||
| -rw-r--r-- | src/libcharon/kernel/kernel_ipsec.h | 26 |
3 files changed, 55 insertions, 33 deletions
diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c index 64a43a7fc..837e628bc 100644 --- a/src/libcharon/kernel/kernel_interface.c +++ b/src/libcharon/kernel/kernel_interface.c @@ -67,8 +67,8 @@ METHOD(kernel_interface_t, get_cpi, status_t, METHOD(kernel_interface_t, add_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, + mark_t mark, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, + u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { @@ -77,82 +77,84 @@ METHOD(kernel_interface_t, add_sa, status_t, return NOT_SUPPORTED; } return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, - lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi, - encap, inbound, src_ts, dst_ts); + mark, lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, + cpi, encap, inbound, src_ts, dst_ts); } METHOD(kernel_interface_t, update_sa, status_t, private_kernel_interface_t *this, u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap) + bool encap, bool new_encap, mark_t mark) { if (!this->ipsec) { return NOT_SUPPORTED; } return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst, - new_src, new_dst, encap, new_encap); + new_src, new_dst, encap, new_encap, mark); } METHOD(kernel_interface_t, query_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes) + u_int32_t spi, protocol_id_t protocol, mark_t mark, u_int64_t *bytes) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, bytes); + return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark, bytes); } METHOD(kernel_interface_t, del_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, - protocol_id_t protocol, u_int16_t cpi) + protocol_id_t protocol, u_int16_t cpi, mark_t mark) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi); + return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark); } METHOD(kernel_interface_t, add_policy, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t spi, protocol_id_t protocol, - u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool routed) + u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp, + u_int16_t cpi, bool routed) { if (!this->ipsec) { return NOT_SUPPORTED; } return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts, - direction, spi, protocol, reqid, mode, ipcomp, cpi, routed); + direction, spi, protocol, reqid, mark, mode, ipcomp, cpi, routed); } METHOD(kernel_interface_t, query_policy, status_t, private_kernel_interface_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) + traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, + u_int32_t *use_time) { if (!this->ipsec) { return NOT_SUPPORTED; } return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts, - direction, use_time); + direction, mark, use_time); } METHOD(kernel_interface_t, del_policy, status_t, private_kernel_interface_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) + traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, + bool unrouted) { if (!this->ipsec) { return NOT_SUPPORTED; } return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts, - direction, unrouted); + direction, mark, unrouted); } METHOD(kernel_interface_t, get_source_addr, host_t*, diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h index 4a62e76b8..92d85f9c9 100644 --- a/src/libcharon/kernel/kernel_interface.h +++ b/src/libcharon/kernel/kernel_interface.h @@ -90,6 +90,7 @@ struct kernel_interface_t { * @param spi SPI allocated by us or remote peer * @param protocol protocol for this SA (ESP/AH) * @param reqid unique ID for this SA + * @param mark optional mark for this SA * @param lifetime lifetime_cfg_t for this SA * @param enc_alg Algorithm to use for encryption (ESP only) * @param enc_key key to use for encryption @@ -106,7 +107,7 @@ struct kernel_interface_t { */ status_t (*add_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, + protocol_id_t protocol, u_int32_t reqid, mark_t mark, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, @@ -131,6 +132,7 @@ struct kernel_interface_t { * @param new_dst new destination address * @param encap current use of UDP encapsulation * @param new_encap new use of UDP encapsulation + * @param mark optional mark for this SA * @return SUCCESS if operation completed, NOT_SUPPORTED if * the kernel interface can't update the SA */ @@ -138,7 +140,7 @@ struct kernel_interface_t { u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap); + bool encap, bool new_encap, mark_t mark); /** * Query the number of bytes processed by an SA from the SAD. @@ -147,11 +149,13 @@ struct kernel_interface_t { * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer * @param protocol protocol for this SA (ESP/AH) + * @param mark optional mark for this SA * @param[out] bytes the number of bytes processed by SA * @return SUCCESS if operation completed */ status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes); + u_int32_t spi, protocol_id_t protocol, mark_t mark, + u_int64_t *bytes); /** * Delete a previously installed SA from the SAD. @@ -161,10 +165,12 @@ struct kernel_interface_t { * @param spi SPI allocated by us or remote peer * @param protocol protocol for this SA (ESP/AH) * @param cpi CPI for IPComp or 0 + * @param mark optional mark for this SA * @return SUCCESS if operation completed */ status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi); + u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, + mark_t mark); /** * Add a policy to the SPD. @@ -180,6 +186,7 @@ struct kernel_interface_t { * @param spi SPI of SA * @param protocol protocol to use to protect traffic (AH/ESP) * @param reqid unique ID of an SA to use to enforce policy + * @param mark mark for this policy * @param mode mode of SA (tunnel, transport) * @param ipcomp the IPComp transform used * @param cpi CPI for IPComp @@ -192,8 +199,8 @@ struct kernel_interface_t { traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool routed); + mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp, + u_int16_t cpi, bool routed); /** * Query the use time of a policy. @@ -204,13 +211,15 @@ struct kernel_interface_t { * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD + * @param mark optional mark * @param[out] use_time the time of this SA's last use * @return SUCCESS if operation completed */ status_t (*query_policy) (kernel_interface_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t *use_time); + policy_dir_t direction, mark_t mark, + u_int32_t *use_time); /** * Remove a policy from the SPD. @@ -223,13 +232,14 @@ struct kernel_interface_t { * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD + * @param mark optional mark * @param unrouted TRUE, if this policy is unrouted from the kernel * @return SUCCESS if operation completed */ status_t (*del_policy) (kernel_interface_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, + policy_dir_t direction, mark_t mark, bool unrouted); /** diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h index 300464cf6..d09265cc9 100644 --- a/src/libcharon/kernel/kernel_ipsec.h +++ b/src/libcharon/kernel/kernel_ipsec.h @@ -121,6 +121,7 @@ struct kernel_ipsec_t { * @param spi SPI allocated by us or remote peer * @param protocol protocol for this SA (ESP/AH) * @param reqid unique ID for this SA + * @param mark mark for this SA * @param lifetime lifetime_cfg_t for this SA * @param enc_alg Algorithm to use for encryption (ESP only) * @param enc_key key to use for encryption @@ -138,7 +139,7 @@ struct kernel_ipsec_t { status_t (*add_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - lifetime_cfg_t *lifetime, + mark_t mark, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, @@ -162,6 +163,7 @@ struct kernel_ipsec_t { * @param new_dst new destination address * @param encap current use of UDP encapsulation * @param new_encap new use of UDP encapsulation + * @param mark optional mark for this SA * @return SUCCESS if operation completed, NOT_SUPPORTED if * the kernel interface can't update the SA */ @@ -169,7 +171,7 @@ struct kernel_ipsec_t { u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap); + bool encap, bool new_encap, mark_t mark); /** * Query the number of bytes processed by an SA from the SAD. @@ -178,11 +180,13 @@ struct kernel_ipsec_t { * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer * @param protocol protocol for this SA (ESP/AH) + * @param mark optional mark for this SA * @param[out] bytes the number of bytes processed by SA * @return SUCCESS if operation completed */ status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes); + u_int32_t spi, protocol_id_t protocol, mark_t mark, + u_int64_t *bytes); /** * Delete a previusly installed SA from the SAD. @@ -192,10 +196,12 @@ struct kernel_ipsec_t { * @param spi SPI allocated by us or remote peer * @param protocol protocol for this SA (ESP/AH) * @param cpi CPI for IPComp or 0 + * @param mark optional mark for this SA * @return SUCCESS if operation completed */ status_t (*del_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi); + u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, + mark_t mark); /** * Add a policy to the SPD. @@ -211,6 +217,7 @@ struct kernel_ipsec_t { * @param spi SPI of SA * @param protocol protocol to use to protect traffic (AH/ESP) * @param reqid unique ID of an SA to use to enforce policy + * @param mark mark for this policy * @param mode mode of SA (tunnel, transport) * @param ipcomp the IPComp transform used * @param cpi CPI for IPComp @@ -223,8 +230,8 @@ struct kernel_ipsec_t { traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool routed); + mark_t mark, ipsec_mode_t mode, + u_int16_t ipcomp, u_int16_t cpi, bool routed); /** * Query the use time of a policy. @@ -236,13 +243,15 @@ struct kernel_ipsec_t { * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD + * @param mark optional mark * @param[out] use_time the monotonic timestamp of this SA's last use * @return SUCCESS if operation completed */ status_t (*query_policy) (kernel_ipsec_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t *use_time); + policy_dir_t direction, mark_t mark, + u_int32_t *use_time); /** * Remove a policy from the SPD. @@ -255,13 +264,14 @@ struct kernel_ipsec_t { * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD + * @param mark optional mark * @param unrouted TRUE, if this policy is unrouted from the kernel * @return SUCCESS if operation completed */ status_t (*del_policy) (kernel_ipsec_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, + policy_dir_t direction, mark_t mark, bool unrouted); /** |