summaryrefslogtreecommitdiff
path: root/src/libhydra/kernel/kernel_interface.h
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2014-07-11 07:23:31 +0200
committerYves-Alexis Perez <corsac@debian.org>2014-07-11 07:23:31 +0200
commit81c63b0eed39432878f78727f60a1e7499645199 (patch)
tree82387d8fecd1c20788fd8bd784a9b0bde091fb6b /src/libhydra/kernel/kernel_interface.h
parentc5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9 (diff)
downloadvyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.tar.gz
vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.zip
Imported Upstream version 5.2.0
Diffstat (limited to 'src/libhydra/kernel/kernel_interface.h')
-rw-r--r--src/libhydra/kernel/kernel_interface.h9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index cc47d3c4a..cd550383c 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -69,6 +69,8 @@ enum kernel_feature_t {
KERNEL_REQUIRE_EXCLUDE_ROUTE = (1<<1),
/** IPsec implementation requires UDP encapsulation of ESP packets */
KERNEL_REQUIRE_UDP_ENCAPSULATION = (1<<2),
+ /** IPsec backend does not require a policy reinstall on SA updates */
+ KERNEL_NO_POLICY_UPDATES = (1<<3),
};
/**
@@ -145,6 +147,7 @@ struct kernel_interface_t {
* @param mode mode of the SA (tunnel, transport)
* @param ipcomp IPComp transform to use
* @param cpi CPI for IPComp
+ * @param replay_window anti-replay window size
* @param initiator TRUE if initiator of the exchange creating this SA
* @param encap enable UDP encapsulation for NAT traversal
* @param esn TRUE to use Extended Sequence Numbers
@@ -160,6 +163,7 @@ struct kernel_interface_t {
u_int16_t enc_alg, chunk_t enc_key,
u_int16_t int_alg, chunk_t int_key,
ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+ u_int32_t replay_window,
bool initiator, bool encap, bool esn, bool inbound,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
@@ -326,9 +330,12 @@ struct kernel_interface_t {
* for the given source to dest.
*
* @param dest target destination address
+ * @param prefix prefix length if dest is a subnet, -1 for auto
+ * @param src source address to check, or NULL
* @return next hop address, NULL if unreachable
*/
- host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest, host_t *src);
+ host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest,
+ int prefix, host_t *src);
/**
* Get the interface name of a local address. Interfaces that are down or
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 17:03:36 +0000