Merge tag 'upstream/5.5.0'

Upstream version 5.5.0
author: Yves-Alexis Perez <corsac@debian.org> 2016-07-16 15:19:53 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2016-07-16 15:19:53 +0200
commit: a4ab9f7f145c94a5eeb950b92b95c3d362baee67 (patch)
tree: b3490a4d2054b18dd1549416216557c8114329aa /src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
parent: 7c6a8194526dc1035140a3157a07b2d9dbfedc59 (diff)
parent: bf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff)
download: vyos-strongswan-a4ab9f7f145c94a5eeb950b92b95c3d362baee67.tar.gz
vyos-strongswan-a4ab9f7f145c94a5eeb950b92b95c3d362baee67.zip
1 files changed, 49 insertions, 52 deletions
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
index 4c8771e96..77e37e249 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
@@ -108,7 +108,7 @@ struct route_entry_t {
 	/** Destination net */
 	chunk_t dst_net;
 	/** Destination net prefixlen */
-	u_int8_t prefixlen;
+	uint8_t prefixlen;
 	/** Reference to exclude route, if any */
 	exclude_route_t *exclude;
 };
@@ -151,15 +151,15 @@ typedef struct policy_entry_t policy_entry_t;
  */
 struct policy_entry_t {
 	/** Direction of this policy: in, out, forward */
-	u_int8_t direction;
+	uint8_t direction;
 	/** Parameters of installed policy */
 	struct {
 		/** Subnet and port */
 		host_t *net;
 		/** Subnet mask */
-		u_int8_t mask;
+		uint8_t mask;
 		/** Protocol */
-		u_int8_t proto;
+		uint8_t proto;
 	} src, dst;
 	/** Associated route installed for this policy */
 	route_entry_t *route;
@@ -222,7 +222,7 @@ static inline bool policy_entry_equals(policy_entry_t *a,
 /**
  * Expiration callback
  */
-static void expire(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard)
+static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard)
 {
 	charon->kernel->expire(charon->kernel, protocol, spi, dst, hard);
 }
@@ -235,55 +235,51 @@ METHOD(kernel_ipsec_t, get_features, kernel_feature_t,
 
 METHOD(kernel_ipsec_t, get_spi, status_t,
 	private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
-	u_int8_t protocol, u_int32_t *spi)
+	uint8_t protocol, uint32_t *spi)
 {
 	return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi);
 }
 
 METHOD(kernel_ipsec_t, get_cpi, status_t,
 	private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
-	u_int16_t *cpi)
+	uint16_t *cpi)
 {
 	return NOT_SUPPORTED;
 }
 
 METHOD(kernel_ipsec_t, add_sa, status_t,
-	private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
-	u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
-	u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
-	u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
-	u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
-	bool initiator, bool encap, bool esn, bool inbound, bool update,
-	linked_list_t *src_ts, linked_list_t *dst_ts)
+	private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+	kernel_ipsec_add_sa_t *data)
 {
-	return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark,
-							  tfc, lifetime, enc_alg, enc_key, int_alg, int_key,
-							  mode, ipcomp, cpi, initiator, encap, esn,
-							  inbound, update);
+	return ipsec->sas->add_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto,
+					data->reqid, id->mark, data->tfc, data->lifetime,
+					data->enc_alg, data->enc_key, data->int_alg, data->int_key,
+					data->mode, data->ipcomp, data->cpi, data->initiator,
+					data->encap, data->esn, data->inbound, data->update);
 }
 
 METHOD(kernel_ipsec_t, update_sa, status_t,
-	private_kernel_libipsec_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
-	u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
-	bool encap, bool new_encap, mark_t mark)
+	private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+	kernel_ipsec_update_sa_t *data)
 {
 	return NOT_SUPPORTED;
 }
 
 METHOD(kernel_ipsec_t, query_sa, status_t,
-	private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
-	u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes,
-	u_int64_t *packets, time_t *time)
+	private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+	kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
+	time_t *time)
 {
-	return ipsec->sas->query_sa(ipsec->sas, src, dst, spi, protocol, mark,
-								bytes, packets, time);
+	return ipsec->sas->query_sa(ipsec->sas, id->src, id->dst, id->spi,
+								id->proto, id->mark, bytes, packets, time);
 }
 
 METHOD(kernel_ipsec_t, del_sa, status_t,
-	private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
-	u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
+	private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+	kernel_ipsec_del_sa_t *data)
 {
-	return ipsec->sas->del_sa(ipsec->sas, src, dst, spi, protocol, cpi, mark);
+	return ipsec->sas->del_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto,
+							  data->cpi, id->mark);
 }
 
 METHOD(kernel_ipsec_t, flush_sas, status_t,
@@ -312,7 +308,7 @@ static void add_exclude_route(private_kernel_libipsec_ipsec_t *this,
 	if (!route->exclude)
 	{
 		DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src);
-		gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL);
+		gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL, NULL);
 		if (gtw)
 		{
 			char *if_name = NULL;
@@ -438,7 +434,8 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
 	);
 #ifndef __linux__
 	/* on Linux we cant't install a gateway */
-	route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src);
+	route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src,
+												 NULL);
 #endif
 
 	if (policy->route)
@@ -509,22 +506,22 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
 }
 
 METHOD(kernel_ipsec_t, add_policy, status_t,
-	private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
-	traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
-	policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
-	policy_priority_t priority)
+	private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+	kernel_ipsec_manage_policy_t *data)
 {
 	policy_entry_t *policy, *found = NULL;
 	status_t status;
 
-	status = ipsec->policies->add_policy(ipsec->policies, src, dst, src_ts,
-								dst_ts, direction, type, sa, mark, priority);
+	status = ipsec->policies->add_policy(ipsec->policies, data->src, data->dst,
+										 id->src_ts, id->dst_ts, id->dir,
+										 data->type, data->sa, id->mark,
+										 data->prio);
 	if (status != SUCCESS)
 	{
 		return status;
 	}
 	/* we track policies in order to install routes */
-	policy = create_policy_entry(src_ts, dst_ts, direction);
+	policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir);
 
 	this->mutex->lock(this->mutex);
 	if (this->policies->find_first(this->policies,
@@ -540,7 +537,8 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
 	}
 	policy->refs++;
 
-	if (!install_route(this, src, dst, src_ts, dst_ts, policy))
+	if (!install_route(this, data->src, data->dst, id->src_ts, id->dst_ts,
+					   policy))
 	{
 		return FAILED;
 	}
@@ -548,26 +546,25 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
 }
 
 METHOD(kernel_ipsec_t, query_policy, status_t,
-	private_kernel_libipsec_ipsec_t *this, traffic_selector_t *src_ts,
-	traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
-	time_t *use_time)
+	private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+	kernel_ipsec_query_policy_t *data, time_t *use_time)
 {
 	return NOT_SUPPORTED;
 }
 
 METHOD(kernel_ipsec_t, del_policy, status_t,
-	private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
-	traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
-	policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
-	mark_t mark, policy_priority_t priority)
+	private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id,
+	kernel_ipsec_manage_policy_t *data)
 {
 	policy_entry_t *policy, *found = NULL;
 	status_t status;
 
-	status = ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts,
-								dst_ts, direction, type, sa, mark, priority);
+	status = ipsec->policies->del_policy(ipsec->policies, data->src, data->dst,
+										 id->src_ts, id->dst_ts, id->dir,
+										 data->type, data->sa, id->mark,
+										 data->prio);
 
-	policy = create_policy_entry(src_ts, dst_ts, direction);
+	policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir);
 
 	this->mutex->lock(this->mutex);
 	if (this->policies->find_first(this->policies,
@@ -596,8 +593,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
 									  route->src_ip, route->if_name) != SUCCESS)
 		{
 			DBG1(DBG_KNL, "error uninstalling route installed with "
-						  "policy %R === %R %N", src_ts, dst_ts,
-						   policy_dir_names, direction);
+				 "policy %R === %R %N", id->src_ts, id->dst_ts,
+				 policy_dir_names, id->dir);
 		}
 		remove_exclude_route(this, route);
 	}
@@ -641,7 +638,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool,
 }
 
 METHOD(kernel_ipsec_t, enable_udp_decap, bool,
-	private_kernel_libipsec_ipsec_t *this, int fd, int family, u_int16_t port)
+	private_kernel_libipsec_ipsec_t *this, int fd, int family, uint16_t port)
 {
 	return NOT_SUPPORTED;
 }
author	Yves-Alexis Perez <corsac@debian.org>	2016-07-16 15:19:53 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2016-07-16 15:19:53 +0200
commit	a4ab9f7f145c94a5eeb950b92b95c3d362baee67 (patch)
tree	b3490a4d2054b18dd1549416216557c8114329aa /src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
parent	7c6a8194526dc1035140a3157a07b2d9dbfedc59 (diff)
parent	bf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff)
download	vyos-strongswan-a4ab9f7f145c94a5eeb950b92b95c3d362baee67.tar.gz vyos-strongswan-a4ab9f7f145c94a5eeb950b92b95c3d362baee67.zip