diff options
Diffstat (limited to 'src/libcharon/kernel/kernel_interface.c')
| -rw-r--r-- | src/libcharon/kernel/kernel_interface.c | 115 |
1 files changed, 51 insertions, 64 deletions
diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c index 40c4ee589..7b39a020c 100644 --- a/src/libcharon/kernel/kernel_interface.c +++ b/src/libcharon/kernel/kernel_interface.c @@ -1,6 +1,7 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2008-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -62,12 +63,12 @@ struct kernel_algorithm_t { /** * Identifier specified in IKE */ - u_int16_t ike; + uint16_t ike; /** * Identifier as defined in pfkeyv2.h */ - u_int16_t kernel; + uint16_t kernel; /** * Name of the algorithm in linux crypto API @@ -166,7 +167,7 @@ METHOD(kernel_interface_t, get_features, kernel_feature_t, METHOD(kernel_interface_t, get_spi, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { if (!this->ipsec) { @@ -177,7 +178,7 @@ METHOD(kernel_interface_t, get_spi, status_t, METHOD(kernel_interface_t, get_cpi, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { if (!this->ipsec) { @@ -191,7 +192,7 @@ METHOD(kernel_interface_t, get_cpi, status_t, */ typedef struct { /** allocated reqid */ - u_int32_t reqid; + uint32_t reqid; /** references to this entry */ u_int refs; /** inbound mark used for SA */ @@ -327,9 +328,9 @@ static array_t *array_from_ts_list(linked_list_t *list) METHOD(kernel_interface_t, alloc_reqid, status_t, private_kernel_interface_t *this, linked_list_t *local_ts, linked_list_t *remote_ts, - mark_t mark_in, mark_t mark_out, u_int32_t *reqid) + mark_t mark_in, mark_t mark_out, uint32_t *reqid) { - static u_int32_t counter = 0; + static uint32_t counter = 0; reqid_entry_t *entry = NULL, *tmpl; status_t status = SUCCESS; @@ -379,7 +380,7 @@ METHOD(kernel_interface_t, alloc_reqid, status_t, } METHOD(kernel_interface_t, release_reqid, status_t, - private_kernel_interface_t *this, u_int32_t reqid, + private_kernel_interface_t *this, uint32_t reqid, mark_t mark_in, mark_t mark_out) { reqid_entry_t *entry, tmpl = { @@ -415,59 +416,48 @@ METHOD(kernel_interface_t, release_reqid, status_t, } METHOD(kernel_interface_t, add_sa, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, - mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode, - ipcomp, cpi, replay_window, initiator, encap, esn, inbound, - update, src_ts, dst_ts); + return this->ipsec->add_sa(this->ipsec, id, data); } METHOD(kernel_interface_t, update_sa, status_t, - private_kernel_interface_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst, - new_src, new_dst, encap, new_encap, mark); + return this->ipsec->update_sa(this->ipsec, id, data); } METHOD(kernel_interface_t, query_sa, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark, - bytes, packets, time); + return this->ipsec->query_sa(this->ipsec, id, data, bytes, packets, time); } METHOD(kernel_interface_t, del_sa, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark); + return this->ipsec->del_sa(this->ipsec, id, data); } METHOD(kernel_interface_t, flush_sas, status_t, @@ -481,44 +471,36 @@ METHOD(kernel_interface_t, flush_sas, status_t, } METHOD(kernel_interface_t, add_policy, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts, - direction, type, sa, mark, priority); + return this->ipsec->add_policy(this->ipsec, id, data); } METHOD(kernel_interface_t, query_policy, status_t, - private_kernel_interface_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts, - direction, mark, use_time); + return this->ipsec->query_policy(this->ipsec, id, data, use_time); } METHOD(kernel_interface_t, del_policy, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->del_policy(this->ipsec, src, dst, src_ts, dst_ts, - direction, type, sa, mark, priority); + return this->ipsec->del_policy(this->ipsec, id, data); } METHOD(kernel_interface_t, flush_policies, status_t, @@ -542,13 +524,14 @@ METHOD(kernel_interface_t, get_source_addr, host_t*, } METHOD(kernel_interface_t, get_nexthop, host_t*, - private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src) + private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src, + char **iface) { if (!this->net) { return NULL; } - return this->net->get_nexthop(this->net, dest, prefix, src); + return this->net->get_nexthop(this->net, dest, prefix, src, iface); } METHOD(kernel_interface_t, get_interface, bool, @@ -594,7 +577,7 @@ METHOD(kernel_interface_t, del_ip, status_t, METHOD(kernel_interface_t, add_route, status_t, private_kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { if (!this->net) { @@ -606,7 +589,7 @@ METHOD(kernel_interface_t, add_route, status_t, METHOD(kernel_interface_t, del_route, status_t, private_kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { if (!this->net) { @@ -627,7 +610,7 @@ METHOD(kernel_interface_t, bypass_socket, bool, } METHOD(kernel_interface_t, enable_udp_decap, bool, - private_kernel_interface_t *this, int fd, int family, u_int16_t port) + private_kernel_interface_t *this, int fd, int family, uint16_t port) { if (!this->ipsec) { @@ -683,6 +666,10 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t, if (ts->includes(ts, host)) { *ip = host_create_any(family); + if (vip) + { + *vip = FALSE; + } host->destroy(host); DBG2(DBG_KNL, "using host %H", *ip); return SUCCESS; @@ -803,7 +790,7 @@ METHOD(kernel_interface_t, remove_listener, void, } METHOD(kernel_interface_t, acquire, void, - private_kernel_interface_t *this, u_int32_t reqid, + private_kernel_interface_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { kernel_listener_t *listener; @@ -823,7 +810,7 @@ METHOD(kernel_interface_t, acquire, void, } METHOD(kernel_interface_t, expire, void, - private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi, + private_kernel_interface_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard) { kernel_listener_t *listener; @@ -844,7 +831,7 @@ METHOD(kernel_interface_t, expire, void, } METHOD(kernel_interface_t, mapping, void, - private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi, + private_kernel_interface_t *this, uint8_t protocol, uint32_t spi, host_t *dst, host_t *remote) { kernel_listener_t *listener; @@ -865,7 +852,7 @@ METHOD(kernel_interface_t, mapping, void, } METHOD(kernel_interface_t, migrate, void, - private_kernel_interface_t *this, u_int32_t reqid, + private_kernel_interface_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, host_t *local, host_t *remote) { @@ -919,8 +906,8 @@ METHOD(kernel_interface_t, tun, void, } METHOD(kernel_interface_t, register_algorithm, void, - private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type, - u_int16_t kernel_id, char *kernel_name) + private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type, + uint16_t kernel_id, char *kernel_name) { kernel_algorithm_t *algorithm; @@ -937,8 +924,8 @@ METHOD(kernel_interface_t, register_algorithm, void, } METHOD(kernel_interface_t, lookup_algorithm, bool, - private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type, - u_int16_t *kernel_id, char **kernel_name) + private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type, + uint16_t *kernel_id, char **kernel_name) { kernel_algorithm_t *algorithm; enumerator_t *enumerator; |