1 files changed, 99 insertions, 106 deletions
diff --git a/src/charon/sa/child_sa.h b/src/charon/sa/child_sa.h
index 7109de5cd..277fd0a79 100644
--- a/src/charon/sa/child_sa.h
+++ b/src/charon/sa/child_sa.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2008 Tobias Brunner
- * Copyright (C) 2006-2007 Martin Willi
+ * Copyright (C) 2006-2008 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Hochschule fuer Technik Rapperswil
  *
@@ -14,7 +14,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * $Id: child_sa.h 4618 2008-11-11 09:22:00Z tobias $
+ * $Id: child_sa.h 4677 2008-11-19 15:31:27Z martin $
  */
 
 /**
@@ -93,12 +93,13 @@ extern enum_name_t *child_sa_state_names;
  * SAs and the policies have the same reqid.
  * 
  * The procedure for child sa setup is as follows:
- * - A gets SPIs for a proposal via child_sa_t.alloc
- * - A send the updated proposal to B
+ * - A gets SPIs for a all protocols in its proposals via child_sa_t.alloc
+ * - A send the proposals with the allocated SPIs to B
  * - B selects a suitable proposal
- * - B calls child_sa_t.add to add and update the selected proposal
- * - B sends the updated proposal to A
- * - A calls child_sa_t.update to update the already allocated SPIs with the chosen proposal
+ * - B allocates an SPI for the selected protocol
+ * - B calls child_sa_t.install for both, the allocated and received SPI
+ * - B sends the proposal with the allocated SPI to A
+ * - A calls child_sa_t.install for both, the allocated and recevied SPI
  * 
  * Once SAs are set up, policies can be added using add_policies.
  */
@@ -122,6 +123,27 @@ struct child_sa_t {
 	u_int32_t (*get_reqid)(child_sa_t *this);
 	
 	/**
+	 * Get the config used to set up this child sa.
+	 *
+	 * @return			child_cfg
+	 */
+	child_cfg_t* (*get_config) (child_sa_t *this);
+	
+	/**
+	 * Get the state of the CHILD_SA.
+	 *
+	 * @return 			CHILD_SA state
+	 */	
+	child_sa_state_t (*get_state) (child_sa_t *this);
+	
+	/**
+	 * Set the state of the CHILD_SA.
+	 *
+	 * @param state		state to set on CHILD_SA
+	 */	
+	void (*set_state) (child_sa_t *this, child_sa_state_t state);
+	
+	/**
 	 * Get the SPI of this CHILD_SA.
 	 * 
 	 * Set the boolean parameter inbound to TRUE to
@@ -153,6 +175,13 @@ struct child_sa_t {
 	protocol_id_t (*get_protocol) (child_sa_t *this);
 	
 	/**
+	 * Set the negotiated protocol to use for this CHILD_SA.
+	 *
+	 * @param protocol	AH | ESP
+	 */
+	void (*set_protocol)(child_sa_t *this, protocol_id_t protocol);
+	
+	/**
 	 * Get the IPsec mode of this CHILD_SA.
 	 *
 	 * @return			TUNNEL | TRANSPORT | BEET
@@ -160,6 +189,13 @@ struct child_sa_t {
 	ipsec_mode_t (*get_mode)(child_sa_t *this);
 	
 	/**
+	 * Set the negotiated IPsec mode to use.
+	 *
+	 * @param mode		TUNNEL | TRANPORT | BEET
+	 */
+	void (*set_mode)(child_sa_t *this, ipsec_mode_t mode);
+	
+	/**
 	 * Get the used IPComp algorithm.
 	 *
 	 * @return			IPComp compression algorithm.
@@ -167,6 +203,27 @@ struct child_sa_t {
 	ipcomp_transform_t (*get_ipcomp)(child_sa_t *this);
 	
 	/**
+	 * Set the IPComp algorithm to use.
+	 * 
+	 * @param ipcomp	the IPComp transform to use
+	 */
+	void (*set_ipcomp)(child_sa_t *this, ipcomp_transform_t ipcomp);
+	
+	/**
+	 * Get the selected proposal.
+	 *
+	 * @return			selected proposal
+	 */
+	proposal_t* (*get_proposal)(child_sa_t *this);
+	
+	/**
+	 * Set the negotiated proposal.
+	 *
+	 * @param proposal	selected proposal
+	 */
+	void (*set_proposal)(child_sa_t *this, proposal_t *proposal);	
+	
+	/**
 	 * Check if this CHILD_SA uses UDP encapsulation.
 	 *
 	 * @return			TRUE if SA encapsulates ESP packets
@@ -190,69 +247,48 @@ struct child_sa_t {
 	u_int32_t (*get_usetime)(child_sa_t *this, bool inbound);
 	
 	/**
-	 * Allocate SPIs for given proposals.
-	 * 
-	 * Since the kernel manages SPIs for us, we need
-	 * to allocate them. If a proposal contains more
-	 * than one protocol, for each protocol an SPI is
-	 * allocated. SPIs are stored internally and written
-	 * back to the proposal.
+	 * Get the traffic selectors list added for one side.
 	 *
-	 * @param proposals	list of proposals for which SPIs are allocated
-	 */
-	status_t (*alloc)(child_sa_t *this, linked_list_t* proposals);
+	 * @param local		TRUE for own traffic selectors, FALSE for remote
+	 * @return			list of traffic selectors
+	 */	
+	linked_list_t* (*get_traffic_selectors) (child_sa_t *this, bool local);
 	
 	/**
-	 * Install the kernel SAs for a proposal, without previous SPI allocation.
+	 * Create an enumerator over installed policies.
 	 *
-	 * @param proposal	proposal for which SPIs are allocated
-	 * @param mode		mode for the CHILD_SA
-	 * @param integ_in	integrity key for inbound traffic
-	 * @param integ_out	integrity key for outbound traffic
-	 * @param encr_in	encryption key for inbound traffic
-	 * @param enc_out	encryption key for outbound traffic
-	 * @return			SUCCESS or FAILED
+	 * @return			enumerator over pairs of traffic selectors.
 	 */
-	status_t (*add)(child_sa_t *this, proposal_t *proposal, ipsec_mode_t mode,
-					chunk_t integ_in, chunk_t integ_out,
-					chunk_t encr_in, chunk_t encr_out);
+	enumerator_t* (*create_policy_enumerator)(child_sa_t *this);
+	
 	/**
-	 * Install the kernel SAs for a proposal, after SPIs have been allocated.
-	 *
-	 * Updates an SA, for which SPIs are already allocated via alloc().
+	 * Allocate an SPI to include in a proposal.
 	 *
-	 * @param proposal	proposal for which SPIs are allocated
-	 * @param mode		mode for the CHILD_SA
-	 * @param integ_in	integrity key for inbound traffic
-	 * @param integ_out	integrity key for outbound traffic
-	 * @param encr_in	encryption key for inbound traffic
-	 * @param enc_out	encryption key for outbound traffic
-	 * @return			SUCCESS or FAILED
+	 * @param protocol	protocol to allocate SPI for (ESP|AH)
+	 * @param spi		SPI output pointer
+	 * @return			SPI, 0 on failure
 	 */
-	status_t (*update)(child_sa_t *this, proposal_t *proposal, ipsec_mode_t mode,
-					   chunk_t integ_in, chunk_t integ_out,
-					   chunk_t encr_in, chunk_t encr_out);
+	u_int32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol);
+	
 	/**
-	 * Get the selected proposal passed to add()/update().
+	 * Allocate a CPI to use for IPComp.
 	 *
-	 * @return			selected proposal
+	 * @return			CPI, 0 on failure
 	 */
-	proposal_t* (*get_proposal)(child_sa_t *this);
+	u_int16_t (*alloc_cpi)(child_sa_t *this);
 	
 	/**
-	 * Update the hosts in the kernel SAs and policies.
+	 * Install an IPsec SA for one direction.
 	 *
-	 * The CHILD must be INSTALLED to do this update.
-	 *
-	 * @param me		the new local host
-	 * @param other		the new remote host
-	 * @param vip		virtual IP, if any
-	 * @param			TRUE to use UDP encapsulation for NAT traversal
+	 * @param encr		encryption key, if any
+	 * @param integ		integrity key
+	 * @param spi		SPI to use, allocated for inbound
+	 * @param cpi		CPI to use, allocated for outbound
+	 * @param inbound	TRUE to install an inbound SA, FALSE for outbound
 	 * @return			SUCCESS or FAILED
 	 */
-	status_t (*update_hosts)(child_sa_t *this, host_t *me, host_t *other,
-							 host_t *vip, bool encap);
-	
+	status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ,
+						u_int32_t spi, u_int16_t cpi, bool inbound);
 	/**
 	 * Install the policies using some traffic selectors.
 	 *
@@ -261,64 +297,21 @@ struct child_sa_t {
 	 *
 	 * @param my_ts		traffic selectors for local site
 	 * @param other_ts	traffic selectors for remote site
-	 * @param mode		mode for the SA: tunnel/transport
-	 * @param proto		protocol for policy, ESP/AH
 	 * @return			SUCCESS or FAILED
 	 */	
 	status_t (*add_policies)(child_sa_t *this, linked_list_t *my_ts_list,
-							 linked_list_t *other_ts_list, ipsec_mode_t mode,
-							 protocol_id_t proto);
-	
-	/**
-	 * Get the traffic selectors of added policies of local host.
-	 *
-	 * @param local		TRUE for own traffic selectors, FALSE for remote
-	 * @return			list of traffic selectors
-	 */	
-	linked_list_t* (*get_traffic_selectors) (child_sa_t *this, bool local);
-	
+							 linked_list_t *other_ts_list);
 	/**
-	 * Create an enumerator over installed policies.
+	 * Update hosts and ecapulation mode in the kernel SAs and policies.
 	 *
-	 * @return			enumerator over pairs of traffic selectors.
-	 */
-	enumerator_t* (*create_policy_enumerator)(child_sa_t *this);
-	
-	/**
-	 * Get the state of the CHILD_SA.
-	 */	
-	child_sa_state_t (*get_state) (child_sa_t *this);
-	
-	/**
-	 * Set the state of the CHILD_SA.
-	 *
-	 * @param state		state to set on CHILD_SA
-	 */	
-	void (*set_state) (child_sa_t *this, child_sa_state_t state);
-	
-	/**
-	 * Get the config used to set up this child sa.
-	 *
-	 * @return			child_cfg
-	 */
-	child_cfg_t* (*get_config) (child_sa_t *this);
-	
-	/**
-	 * Activate IPComp by setting the transform ID and CPI values.
-	 * 
-	 * @param ipcomp	the IPComp transform to use
-	 * @param other_cpi	other Compression Parameter Index
-	 */
-	void (*activate_ipcomp) (child_sa_t *this, ipcomp_transform_t ipcomp,
-							 u_int16_t other_cpi);
-	
-	/**
-	 * Returns the Compression Parameter Index (CPI) allocated from the kernel.
-	 * 
-	 * @return			allocated CPI
+	 * @param me		the new local host
+	 * @param other		the new remote host
+	 * @param vip		virtual IP, if any
+	 * @param			TRUE to use UDP encapsulation for NAT traversal
+	 * @return			SUCCESS or FAILED
 	 */
-	u_int16_t (*allocate_cpi) (child_sa_t *this);
-	
+	status_t (*update)(child_sa_t *this, host_t *me, host_t *other,
+					   host_t *vip, bool encap);
 	/**
 	 * Destroys a child_sa.
 	 */