diff options
Diffstat (limited to 'src/libcharon/config/child_cfg.h')
| -rw-r--r-- | src/libcharon/config/child_cfg.h | 82 |
1 files changed, 35 insertions, 47 deletions
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index b85bfd9bc..a102c459c 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -1,6 +1,6 @@ /* + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2016 Andreas Steffen - * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -25,6 +25,7 @@ #define CHILD_CFG_H_ typedef enum action_t action_t; +typedef enum child_cfg_option_t child_cfg_option_t; typedef struct child_cfg_t child_cfg_t; typedef struct child_cfg_create_t child_cfg_create_t; @@ -147,13 +148,6 @@ struct child_cfg_t { char* (*get_updown)(child_cfg_t *this); /** - * Should we allow access to the local host (gateway)? - * - * @return value of hostaccess flag - */ - bool (*get_hostaccess) (child_cfg_t *this); - - /** * Get the lifetime configuration of a CHILD_SA. * * The rekey limits automatically contain a jitter to avoid simultaneous @@ -203,14 +197,6 @@ struct child_cfg_t { diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this); /** - * Check whether IPComp should be used, if the other peer supports it. - * - * @return TRUE, if IPComp should be used - * FALSE, otherwise - */ - bool (*use_ipcomp)(child_cfg_t *this); - - /** * Get the inactivity timeout value. * * @return inactivity timeout in s @@ -263,33 +249,17 @@ struct child_cfg_t { /** * Set anti-replay window size * - * @param window anti-replay window size + * @param window anti-replay window size */ void (*set_replay_window)(child_cfg_t *this, uint32_t window); /** - * Check whether IPsec transport SA should be set up in proxy mode. - * - * @return TRUE, if proxy mode should be used - * FALSE, otherwise - */ - bool (*use_proxy_mode)(child_cfg_t *this); - - /** - * Check whether IPsec policies should be installed in the kernel. - * - * @return TRUE, if IPsec kernel policies should be installed - * FALSE, otherwise - */ - bool (*install_policy)(child_cfg_t *this); - - /** - * Check whether outbound FWD IPsec policies should be installed. + * Check if an option flag is set. * - * @return TRUE, if outbound FWD policies should be installed - * FALSE, otherwise + * @param option option flag to check + * @return TRUE if option flag set, FALSE otherwise */ - bool (*install_fwd_out_policy)(child_cfg_t *this); + bool (*has_option)(child_cfg_t *this, child_cfg_option_t option); /** * Check if two child_cfg objects are equal. @@ -315,11 +285,39 @@ struct child_cfg_t { void (*destroy) (child_cfg_t *this); }; +/** + * Option flags that may be set on a child_cfg_t object + */ +enum child_cfg_option_t { + + /** Use IPsec transport proxy mode */ + OPT_PROXY_MODE = (1<<0), + + /** Use IPComp, if peer supports it */ + OPT_IPCOMP = (1<<1), + + /** Allow access to the local host */ + OPT_HOSTACCESS = (1<<2), + + /** Don't install any IPsec policies */ + OPT_NO_POLICIES = (1<<3), + + /** Install outbound FWD IPsec policies to bypass drop policies */ + OPT_FWD_OUT_POLICIES = (1<<4), + + /** Enable hardware offload, if supported by the IPsec backend */ + OPT_HW_OFFLOAD = (1<<5), + + /** Force 96-bit truncation for SHA-256 */ + OPT_SHA256_96 = (1<<6), +}; /** * Data passed to the constructor of a child_cfg_t object. */ struct child_cfg_create_t { + /** Options set for CHILD_SA */ + child_cfg_option_t options; /** Specific reqid to use for CHILD_SA, 0 for auto assignment */ uint32_t reqid; /** Optional inbound mark */ @@ -328,10 +326,6 @@ struct child_cfg_create_t { mark_t mark_out; /** Mode to propose for CHILD_SA */ ipsec_mode_t mode; - /** Use IPsec transport proxy mode */ - bool proxy_mode; - /** Use IPComp, if peer supports it */ - bool ipcomp; /** TFC padding size, 0 to disable, -1 to pad to PMTU */ uint32_t tfc; /** Optional manually-set IPsec policy priority */ @@ -350,12 +344,6 @@ struct child_cfg_create_t { action_t close_action; /** updown script to execute on up/down event (cloned) */ char *updown; - /** TRUE to allow access to the local host */ - bool hostaccess; - /** Don't install IPsec policies */ - bool suppress_policies; - /** Install outbound FWD IPsec policies to bypass drop policies */ - bool fwd_out_policies; }; /** |