diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2017-09-01 17:21:25 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-09-01 17:21:25 +0200 |
| commit | 11d6b62db969bdd808d0f56706cb18f113927a31 (patch) | |
| tree | 8aa7d8fb611c3da6a3523cb78a082f62ffd0dac8 /src/libcharon/sa/child_sa.h | |
| parent | bba25e2ff6c4a193acb54560ea4417537bd2954e (diff) | |
| download | vyos-strongswan-11d6b62db969bdd808d0f56706cb18f113927a31.tar.gz vyos-strongswan-11d6b62db969bdd808d0f56706cb18f113927a31.zip | |
New upstream version 5.6.0
Diffstat (limited to 'src/libcharon/sa/child_sa.h')
| -rw-r--r-- | src/libcharon/sa/child_sa.h | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index b9a913da1..082404d93 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -102,17 +102,28 @@ enum child_sa_outbound_state_t { /** * Outbound SA is not installed */ - CHILD_OUTBOUND_NONE, + CHILD_OUTBOUND_NONE = 0, /** - * Data for the outbound SA has been registered, but not installed yet + * Data for the outbound SA has been registered during a rekeying (not set + * once the SA and policies are both installed) */ - CHILD_OUTBOUND_REGISTERED, + CHILD_OUTBOUND_REGISTERED = (1<<0), /** - * The outbound SA is currently installed + * The outbound SA has been installed */ - CHILD_OUTBOUND_INSTALLED, + CHILD_OUTBOUND_SA = (1<<1), + + /** + * The outbound policies have been installed + */ + CHILD_OUTBOUND_POLICIES = (1<<2), + + /** + * The outbound SA and policies are both installed + */ + CHILD_OUTBOUND_INSTALLED = (CHILD_OUTBOUND_SA|CHILD_OUTBOUND_POLICIES), }; /** @@ -400,20 +411,23 @@ struct child_sa_t { * Register data for the installation of an outbound SA as responder during * a rekeying. * - * The SA is not installed until install_outbound() is called. + * If the kernel is able to handle SPIs on policies the SA is installed + * immediately, if not it won't be installed until install_outbound() is + * called. * * @param encr encryption key, if any (cloned) * @param integ integrity key (cloned) * @param spi SPI to use, allocated for inbound * @param cpi CPI to use, allocated for outbound * @param tfcv3 TRUE if peer supports ESPv3 TFC + * @return SUCCESS or FAILED */ - void (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ, - uint32_t spi, uint16_t cpi, bool tfcv3); + status_t (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ, + uint32_t spi, uint16_t cpi, bool tfcv3); /** - * Install the outbound SA and the outbound policies as responder during a - * rekeying. + * Install the outbound policies and, if not already done, the outbound SA + * as responder during a rekeying. * * @return SUCCESS or FAILED */ |