summaryrefslogtreecommitdiff
path: root/src/libcharon/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/kernel')
-rw-r--r--src/libcharon/kernel/kernel_handler.c10
-rw-r--r--src/libcharon/kernel/kernel_interface.c115
-rw-r--r--src/libcharon/kernel/kernel_interface.h185
-rw-r--r--src/libcharon/kernel/kernel_ipsec.h299
-rw-r--r--src/libcharon/kernel/kernel_listener.h8
-rw-r--r--src/libcharon/kernel/kernel_net.h12
6 files changed, 307 insertions, 322 deletions
diff --git a/src/libcharon/kernel/kernel_handler.c b/src/libcharon/kernel/kernel_handler.c
index be37d30e5..71121908b 100644
--- a/src/libcharon/kernel/kernel_handler.c
+++ b/src/libcharon/kernel/kernel_handler.c
@@ -39,7 +39,7 @@ struct private_kernel_handler_t {
/**
* convert an IP protocol identifier to the IKEv2 specific protocol identifier.
*/
-static inline protocol_id_t proto_ip2ike(u_int8_t protocol)
+static inline protocol_id_t proto_ip2ike(uint8_t protocol)
{
switch (protocol)
{
@@ -53,7 +53,7 @@ static inline protocol_id_t proto_ip2ike(u_int8_t protocol)
}
METHOD(kernel_listener_t, acquire, bool,
- private_kernel_handler_t *this, u_int32_t reqid,
+ private_kernel_handler_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
if (src_ts && dst_ts)
@@ -71,7 +71,7 @@ METHOD(kernel_listener_t, acquire, bool,
}
METHOD(kernel_listener_t, expire, bool,
- private_kernel_handler_t *this, u_int8_t protocol, u_int32_t spi,
+ private_kernel_handler_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard)
{
protocol_id_t proto = proto_ip2ike(protocol);
@@ -93,7 +93,7 @@ METHOD(kernel_listener_t, expire, bool,
}
METHOD(kernel_listener_t, mapping, bool,
- private_kernel_handler_t *this, u_int8_t protocol, u_int32_t spi,
+ private_kernel_handler_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, host_t *remote)
{
protocol_id_t proto = proto_ip2ike(protocol);
@@ -108,7 +108,7 @@ METHOD(kernel_listener_t, mapping, bool,
}
METHOD(kernel_listener_t, migrate, bool,
- private_kernel_handler_t *this, u_int32_t reqid,
+ private_kernel_handler_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, host_t *local, host_t *remote)
{
diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c
index 40c4ee589..7b39a020c 100644
--- a/src/libcharon/kernel/kernel_interface.c
+++ b/src/libcharon/kernel/kernel_interface.c
@@ -1,6 +1,7 @@
/*
- * Copyright (C) 2008-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2008-2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -62,12 +63,12 @@ struct kernel_algorithm_t {
/**
* Identifier specified in IKE
*/
- u_int16_t ike;
+ uint16_t ike;
/**
* Identifier as defined in pfkeyv2.h
*/
- u_int16_t kernel;
+ uint16_t kernel;
/**
* Name of the algorithm in linux crypto API
@@ -166,7 +167,7 @@ METHOD(kernel_interface_t, get_features, kernel_feature_t,
METHOD(kernel_interface_t, get_spi, status_t,
private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi)
+ uint8_t protocol, uint32_t *spi)
{
if (!this->ipsec)
{
@@ -177,7 +178,7 @@ METHOD(kernel_interface_t, get_spi, status_t,
METHOD(kernel_interface_t, get_cpi, status_t,
private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi)
+ uint16_t *cpi)
{
if (!this->ipsec)
{
@@ -191,7 +192,7 @@ METHOD(kernel_interface_t, get_cpi, status_t,
*/
typedef struct {
/** allocated reqid */
- u_int32_t reqid;
+ uint32_t reqid;
/** references to this entry */
u_int refs;
/** inbound mark used for SA */
@@ -327,9 +328,9 @@ static array_t *array_from_ts_list(linked_list_t *list)
METHOD(kernel_interface_t, alloc_reqid, status_t,
private_kernel_interface_t *this,
linked_list_t *local_ts, linked_list_t *remote_ts,
- mark_t mark_in, mark_t mark_out, u_int32_t *reqid)
+ mark_t mark_in, mark_t mark_out, uint32_t *reqid)
{
- static u_int32_t counter = 0;
+ static uint32_t counter = 0;
reqid_entry_t *entry = NULL, *tmpl;
status_t status = SUCCESS;
@@ -379,7 +380,7 @@ METHOD(kernel_interface_t, alloc_reqid, status_t,
}
METHOD(kernel_interface_t, release_reqid, status_t,
- private_kernel_interface_t *this, u_int32_t reqid,
+ private_kernel_interface_t *this, uint32_t reqid,
mark_t mark_in, mark_t mark_out)
{
reqid_entry_t *entry, tmpl = {
@@ -415,59 +416,48 @@ METHOD(kernel_interface_t, release_reqid, status_t,
}
METHOD(kernel_interface_t, add_sa, status_t,
- private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
- u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
- bool initiator, bool encap, bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts)
+ private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
- mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode,
- ipcomp, cpi, replay_window, initiator, encap, esn, inbound,
- update, src_ts, dst_ts);
+ return this->ipsec->add_sa(this->ipsec, id, data);
}
METHOD(kernel_interface_t, update_sa, status_t,
- private_kernel_interface_t *this, u_int32_t spi, u_int8_t protocol,
- u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap, mark_t mark)
+ private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst,
- new_src, new_dst, encap, new_encap, mark);
+ return this->ipsec->update_sa(this->ipsec, id, data);
}
METHOD(kernel_interface_t, query_sa, status_t,
- private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time)
+ private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets,
+ time_t *time)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark,
- bytes, packets, time);
+ return this->ipsec->query_sa(this->ipsec, id, data, bytes, packets, time);
}
METHOD(kernel_interface_t, del_sa, status_t,
- private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi,
- u_int8_t protocol, u_int16_t cpi, mark_t mark)
+ private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark);
+ return this->ipsec->del_sa(this->ipsec, id, data);
}
METHOD(kernel_interface_t, flush_sas, status_t,
@@ -481,44 +471,36 @@ METHOD(kernel_interface_t, flush_sas, status_t,
}
METHOD(kernel_interface_t, add_policy, status_t,
- private_kernel_interface_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts,
- direction, type, sa, mark, priority);
+ return this->ipsec->add_policy(this->ipsec, id, data);
}
METHOD(kernel_interface_t, query_policy, status_t,
- private_kernel_interface_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
- time_t *use_time)
+ private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data, time_t *use_time)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts,
- direction, mark, use_time);
+ return this->ipsec->query_policy(this->ipsec, id, data, use_time);
}
METHOD(kernel_interface_t, del_policy, status_t,
- private_kernel_interface_t *this, host_t *src, host_t *dst,
- traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, policy_priority_t priority)
+ private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->del_policy(this->ipsec, src, dst, src_ts, dst_ts,
- direction, type, sa, mark, priority);
+ return this->ipsec->del_policy(this->ipsec, id, data);
}
METHOD(kernel_interface_t, flush_policies, status_t,
@@ -542,13 +524,14 @@ METHOD(kernel_interface_t, get_source_addr, host_t*,
}
METHOD(kernel_interface_t, get_nexthop, host_t*,
- private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src)
+ private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src,
+ char **iface)
{
if (!this->net)
{
return NULL;
}
- return this->net->get_nexthop(this->net, dest, prefix, src);
+ return this->net->get_nexthop(this->net, dest, prefix, src, iface);
}
METHOD(kernel_interface_t, get_interface, bool,
@@ -594,7 +577,7 @@ METHOD(kernel_interface_t, del_ip, status_t,
METHOD(kernel_interface_t, add_route, status_t,
private_kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
{
if (!this->net)
{
@@ -606,7 +589,7 @@ METHOD(kernel_interface_t, add_route, status_t,
METHOD(kernel_interface_t, del_route, status_t,
private_kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
{
if (!this->net)
{
@@ -627,7 +610,7 @@ METHOD(kernel_interface_t, bypass_socket, bool,
}
METHOD(kernel_interface_t, enable_udp_decap, bool,
- private_kernel_interface_t *this, int fd, int family, u_int16_t port)
+ private_kernel_interface_t *this, int fd, int family, uint16_t port)
{
if (!this->ipsec)
{
@@ -683,6 +666,10 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t,
if (ts->includes(ts, host))
{
*ip = host_create_any(family);
+ if (vip)
+ {
+ *vip = FALSE;
+ }
host->destroy(host);
DBG2(DBG_KNL, "using host %H", *ip);
return SUCCESS;
@@ -803,7 +790,7 @@ METHOD(kernel_interface_t, remove_listener, void,
}
METHOD(kernel_interface_t, acquire, void,
- private_kernel_interface_t *this, u_int32_t reqid,
+ private_kernel_interface_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
{
kernel_listener_t *listener;
@@ -823,7 +810,7 @@ METHOD(kernel_interface_t, acquire, void,
}
METHOD(kernel_interface_t, expire, void,
- private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ private_kernel_interface_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard)
{
kernel_listener_t *listener;
@@ -844,7 +831,7 @@ METHOD(kernel_interface_t, expire, void,
}
METHOD(kernel_interface_t, mapping, void,
- private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ private_kernel_interface_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, host_t *remote)
{
kernel_listener_t *listener;
@@ -865,7 +852,7 @@ METHOD(kernel_interface_t, mapping, void,
}
METHOD(kernel_interface_t, migrate, void,
- private_kernel_interface_t *this, u_int32_t reqid,
+ private_kernel_interface_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, host_t *local, host_t *remote)
{
@@ -919,8 +906,8 @@ METHOD(kernel_interface_t, tun, void,
}
METHOD(kernel_interface_t, register_algorithm, void,
- private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type,
- u_int16_t kernel_id, char *kernel_name)
+ private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type,
+ uint16_t kernel_id, char *kernel_name)
{
kernel_algorithm_t *algorithm;
@@ -937,8 +924,8 @@ METHOD(kernel_interface_t, register_algorithm, void,
}
METHOD(kernel_interface_t, lookup_algorithm, bool,
- private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type,
- u_int16_t *kernel_id, char **kernel_name)
+ private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type,
+ uint16_t *kernel_id, char **kernel_name)
{
kernel_algorithm_t *algorithm;
enumerator_t *enumerator;
diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h
index 6793c6cc6..225b40932 100644
--- a/src/libcharon/kernel/kernel_interface.h
+++ b/src/libcharon/kernel/kernel_interface.h
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2006-2016 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -108,7 +108,7 @@ struct kernel_interface_t {
* @return SUCCESS if operation completed
*/
status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi);
+ uint8_t protocol, uint32_t *spi);
/**
* Get a Compression Parameter Index (CPI) from the kernel.
@@ -119,7 +119,7 @@ struct kernel_interface_t {
* @return SUCCESS if operation completed
*/
status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi);
+ uint16_t *cpi);
/**
* Allocate or confirm a reqid to use for a given SA pair.
@@ -141,7 +141,7 @@ struct kernel_interface_t {
status_t (*alloc_reqid)(kernel_interface_t *this,
linked_list_t *local_ts, linked_list_t *remote_ts,
mark_t mark_in, mark_t mark_out,
- u_int32_t *reqid);
+ uint32_t *reqid);
/**
* Release a previously allocated reqid.
@@ -151,7 +151,7 @@ struct kernel_interface_t {
* @param mark_out outbound mark on SA
* @return SUCCESS if reqid released
*/
- status_t (*release_reqid)(kernel_interface_t *this, u_int32_t reqid,
+ status_t (*release_reqid)(kernel_interface_t *this, uint32_t reqid,
mark_t mark_in, mark_t mark_out);
/**
@@ -160,41 +160,12 @@ struct kernel_interface_t {
* This function does install a single SA for a single protocol in one
* direction.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param reqid reqid for this SA
- * @param mark optional mark for this SA
- * @param tfc Traffic Flow Confidentiality padding for this SA
- * @param lifetime lifetime_cfg_t for this SA
- * @param enc_alg Algorithm to use for encryption (ESP only)
- * @param enc_key key to use for encryption
- * @param int_alg Algorithm to use for integrity protection
- * @param int_key key to use for integrity protection
- * @param mode mode of the SA (tunnel, transport)
- * @param ipcomp IPComp transform to use
- * @param cpi CPI for IPComp
- * @param replay_window anti-replay window size
- * @param initiator TRUE if initiator of the exchange creating this SA
- * @param encap enable UDP encapsulation for NAT traversal
- * @param esn TRUE to use Extended Sequence Numbers
- * @param inbound TRUE if this is an inbound SA
- * @param update TRUE if an SPI has already been allocated for SA
- * @param src_ts list of source traffic selectors
- * @param dst_ts list of destination traffic selectors
+ * @param id data identifying this SA
+ * @param data data for this SA
* @return SUCCESS if operation completed
*/
- status_t (*add_sa) (kernel_interface_t *this,
- host_t *src, host_t *dst, u_int32_t spi,
- u_int8_t protocol, u_int32_t reqid, mark_t mark,
- u_int32_t tfc, lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- u_int32_t replay_window, bool initiator, bool encap,
- bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts);
+ status_t (*add_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data);
/**
* Update the hosts on an installed SA.
@@ -204,85 +175,55 @@ struct kernel_interface_t {
* to identify SAs. Therefore if the destination address changed we
* create a new SA and delete the old one.
*
- * @param spi SPI of the SA
- * @param protocol protocol for this SA (ESP/AH)
- * @param cpi CPI for IPComp, 0 if no IPComp is used
- * @param src current source address
- * @param dst current destination address
- * @param new_src new source address
- * @param new_dst new destination address
- * @param encap current use of UDP encapsulation
- * @param new_encap new use of UDP encapsulation
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data updated data for this SA
* @return SUCCESS if operation completed, NOT_SUPPORTED if
- * the kernel interface can't update the SA
+ * the kernel interface can't update the SA
*/
- status_t (*update_sa)(kernel_interface_t *this,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
- host_t *src, host_t *dst,
- host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap, mark_t mark);
+ status_t (*update_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data);
/**
* Query the number of bytes processed by an SA from the SAD.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data data to query the SA
* @param[out] bytes the number of bytes processed by SA
* @param[out] packets number of packets processed by SA
* @param[out] time last (monotonic) time of SA use
* @return SUCCESS if operation completed
*/
- status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time);
+ status_t (*query_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes,
+ uint64_t *packets, time_t *time);
/**
* Delete a previously installed SA from the SAD.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param cpi CPI for IPComp or 0
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data data to delete the SA
* @return SUCCESS if operation completed
*/
- status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
- mark_t mark);
+ status_t (*del_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data);
/**
* Flush all SAs from the SAD.
*
* @return SUCCESS if operation completed
*/
- status_t (*flush_sas) (kernel_interface_t *this);
+ status_t (*flush_sas)(kernel_interface_t *this);
/**
* Add a policy to the SPD.
*
- * @param src source address of SA
- * @param dst dest address of SA
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
- * @param sa details about the SA(s) tied to this policy
- * @param mark mark for this policy
- * @param priority priority of this policy
+ * @param id data identifying this policy
+ * @param data data for this policy
* @return SUCCESS if operation completed
*/
- status_t (*add_policy) (kernel_interface_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority);
+ status_t (*add_policy)(kernel_interface_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
/**
* Query the use time of a policy.
@@ -290,47 +231,33 @@ struct kernel_interface_t {
* The use time of a policy is the time the policy was used
* for the last time.
*
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param mark optional mark
- * @param[out] use_time the (monotonic) time of this SA's last use
+ * @param id data identifying this policy
+ * @param data data to query the policy
+ * @param[out] use_time the monotonic timestamp of this SA's last use
* @return SUCCESS if operation completed
*/
- status_t (*query_policy) (kernel_interface_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, mark_t mark,
- time_t *use_time);
+ status_t (*query_policy)(kernel_interface_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data,
+ time_t *use_time);
/**
* Remove a policy from the SPD.
*
- * @param src source address of SA
- * @param dst dest address of SA
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
- * @param sa details about the SA(s) tied to this policy
- * @param mark mark for this policy
- * @param priority priority of the policy
+ * @param id data identifying this policy
+ * @param data data for this policy
* @return SUCCESS if operation completed
*/
- status_t (*del_policy) (kernel_interface_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority);
+ status_t (*del_policy)(kernel_interface_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
/**
* Flush all policies from the SPD.
*
* @return SUCCESS if operation completed
*/
- status_t (*flush_policies) (kernel_interface_t *this);
+ status_t (*flush_policies)(kernel_interface_t *this);
/**
* Get our outgoing source address for a destination.
@@ -358,10 +285,12 @@ struct kernel_interface_t {
* @param dest target destination address
* @param prefix prefix length if dest is a subnet, -1 for auto
* @param src source address to check, or NULL
+ * @param[out] iface allocated name of the interface to reach dest, if
+ * available (optional)
* @return next hop address, NULL if unreachable
*/
host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest,
- int prefix, host_t *src);
+ int prefix, host_t *src, char **iface);
/**
* Get the interface name of a local address. Interfaces that are down or
@@ -426,7 +355,7 @@ struct kernel_interface_t {
* ALREADY_DONE if the route already exists
*/
status_t (*add_route) (kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip,
char *if_name);
/**
@@ -440,7 +369,7 @@ struct kernel_interface_t {
* @return SUCCESS if operation completed
*/
status_t (*del_route) (kernel_interface_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip,
char *if_name);
/**
@@ -461,7 +390,7 @@ struct kernel_interface_t {
* @return TRUE if UDP decapsulation was enabled successfully
*/
bool (*enable_udp_decap)(kernel_interface_t *this, int fd, int family,
- u_int16_t port);
+ uint16_t port);
/**
@@ -561,7 +490,7 @@ struct kernel_interface_t {
* @param src_ts source traffic selector
* @param dst_ts destination traffic selector
*/
- void (*acquire)(kernel_interface_t *this, u_int32_t reqid,
+ void (*acquire)(kernel_interface_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
/**
@@ -572,7 +501,7 @@ struct kernel_interface_t {
* @param dst destination address of expired SA
* @param hard TRUE if it is a hard expire, FALSE otherwise
*/
- void (*expire)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ void (*expire)(kernel_interface_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard);
/**
@@ -583,7 +512,7 @@ struct kernel_interface_t {
* @param dst original destination address of SA
* @param remote new remote host
*/
- void (*mapping)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ void (*mapping)(kernel_interface_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, host_t *remote);
/**
@@ -596,7 +525,7 @@ struct kernel_interface_t {
* @param local local host address to be used in the IKE_SA
* @param remote remote host address to be used in the IKE_SA
*/
- void (*migrate)(kernel_interface_t *this, u_int32_t reqid,
+ void (*migrate)(kernel_interface_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, host_t *local, host_t *remote);
@@ -623,8 +552,8 @@ struct kernel_interface_t {
* @param kernel_id the kernel id of the algorithm
* @param kernel_name the kernel name of the algorithm
*/
- void (*register_algorithm)(kernel_interface_t *this, u_int16_t alg_id,
- transform_type_t type, u_int16_t kernel_id,
+ void (*register_algorithm)(kernel_interface_t *this, uint16_t alg_id,
+ transform_type_t type, uint16_t kernel_id,
char *kernel_name);
/**
@@ -637,8 +566,8 @@ struct kernel_interface_t {
* @param kernel_name the kernel name of the algorithm (optional)
* @return TRUE if algorithm was found
*/
- bool (*lookup_algorithm)(kernel_interface_t *this, u_int16_t alg_id,
- transform_type_t type, u_int16_t *kernel_id,
+ bool (*lookup_algorithm)(kernel_interface_t *this, uint16_t alg_id,
+ transform_type_t type, uint16_t *kernel_id,
char **kernel_name);
/**
diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index 31e06308e..0ad566068 100644
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -1,9 +1,10 @@
/*
- * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2006-2016 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -25,6 +26,14 @@
#define KERNEL_IPSEC_H_
typedef struct kernel_ipsec_t kernel_ipsec_t;
+typedef struct kernel_ipsec_sa_id_t kernel_ipsec_sa_id_t;
+typedef struct kernel_ipsec_add_sa_t kernel_ipsec_add_sa_t;
+typedef struct kernel_ipsec_update_sa_t kernel_ipsec_update_sa_t;
+typedef struct kernel_ipsec_query_sa_t kernel_ipsec_query_sa_t;
+typedef struct kernel_ipsec_del_sa_t kernel_ipsec_del_sa_t;
+typedef struct kernel_ipsec_policy_id_t kernel_ipsec_policy_id_t;
+typedef struct kernel_ipsec_manage_policy_t kernel_ipsec_manage_policy_t;
+typedef struct kernel_ipsec_query_policy_t kernel_ipsec_query_policy_t;
#include <networking/host.h>
#include <ipsec/ipsec_types.h>
@@ -33,6 +42,137 @@ typedef struct kernel_ipsec_t kernel_ipsec_t;
#include <kernel/kernel_interface.h>
/**
+ * Data required to identify an SA in the kernel
+ */
+struct kernel_ipsec_sa_id_t {
+ /** Source address */
+ host_t *src;
+ /** Destination address */
+ host_t *dst;
+ /** SPI */
+ uint32_t spi;
+ /** Protocol (ESP/AH) */
+ uint8_t proto;
+ /** Optional mark */
+ mark_t mark;
+};
+
+/**
+ * Data required to add an SA to the kernel
+ */
+struct kernel_ipsec_add_sa_t {
+ /** Reqid */
+ uint32_t reqid;
+ /** Mode (tunnel, transport...) */
+ ipsec_mode_t mode;
+ /** List of source traffic selectors */
+ linked_list_t *src_ts;
+ /** List of destination traffic selectors */
+ linked_list_t *dst_ts;
+ /** Network interface restricting policy */
+ char *interface;
+ /** Lifetime configuration */
+ lifetime_cfg_t *lifetime;
+ /** Encryption algorithm */
+ uint16_t enc_alg;
+ /** Encryption key */
+ chunk_t enc_key;
+ /** Integrity protection algorithm */
+ uint16_t int_alg;
+ /** Integrity protection key */
+ chunk_t int_key;
+ /** Anti-replay window size */
+ uint32_t replay_window;
+ /** Traffic Flow Confidentiality padding */
+ uint32_t tfc;
+ /** IPComp transform */
+ uint16_t ipcomp;
+ /** CPI for IPComp */
+ uint16_t cpi;
+ /** TRUE to enable UDP encapsulation for NAT traversal */
+ bool encap;
+ /** TRUE to use Extended Sequence Numbers */
+ bool esn;
+ /** TRUE if initiator of the exchange creating the SA */
+ bool initiator;
+ /** TRUE if this is an inbound SA */
+ bool inbound;
+ /** TRUE if an SPI has already been allocated for this SA */
+ bool update;
+};
+
+/**
+ * Data required to update the hosts of an SA in the kernel
+ */
+struct kernel_ipsec_update_sa_t {
+ /** CPI in case IPComp is used */
+ uint16_t cpi;
+ /** New source address */
+ host_t *new_src;
+ /** New destination address */
+ host_t *new_dst;
+ /** TRUE if UDP encapsulation is currently enabled */
+ bool encap;
+ /** TRUE to enable UDP encapsulation */
+ bool new_encap;
+};
+
+/**
+ * Data required to query an SA in the kernel
+ */
+struct kernel_ipsec_query_sa_t {
+ uint16_t cpi;
+};
+
+/**
+ * Data required to delete an SA in the kernel
+ */
+struct kernel_ipsec_del_sa_t {
+ /** CPI in case IPComp is used */
+ uint16_t cpi;
+};
+
+/**
+ * Data identifying a policy in the kernel
+ */
+struct kernel_ipsec_policy_id_t {
+ /** Direction of traffic */
+ policy_dir_t dir;
+ /** Source traffic selector */
+ traffic_selector_t *src_ts;
+ /** Destination traffic selector */
+ traffic_selector_t *dst_ts;
+ /** Optional mark */
+ mark_t mark;
+ /** Network interface restricting policy */
+ char *interface;
+};
+
+/**
+ * Data required to add/delete a policy to/from the kernel
+ */
+struct kernel_ipsec_manage_policy_t {
+ /** Type of policy */
+ policy_type_t type;
+ /** Priority class */
+ policy_priority_t prio;
+ /** Manually-set priority (automatic if set to 0) */
+ uint32_t manual_prio;
+ /** Source address of the SA(s) tied to this policy */
+ host_t *src;
+ /** Destination address of the SA(s) tied to this policy */
+ host_t *dst;
+ /** Details about the SA(s) tied to this policy */
+ ipsec_sa_cfg_t *sa;
+};
+
+/**
+ * Data required to query a policy in the kernel
+ */
+struct kernel_ipsec_query_policy_t {
+};
+
+/**
* Interface to the ipsec subsystem of the kernel.
*
* The kernel ipsec interface handles the communication with the kernel
@@ -62,7 +202,7 @@ struct kernel_ipsec_t {
* @return SUCCESS if operation completed
*/
status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int8_t protocol, u_int32_t *spi);
+ uint8_t protocol, uint32_t *spi);
/**
* Get a Compression Parameter Index (CPI) from the kernel.
@@ -73,7 +213,7 @@ struct kernel_ipsec_t {
* @return SUCCESS if operation completed
*/
status_t (*get_cpi)(kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int16_t *cpi);
+ uint16_t *cpi);
/**
* Add an SA to the SAD.
@@ -81,41 +221,12 @@ struct kernel_ipsec_t {
* This function does install a single SA for a single protocol in one
* direction.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param reqid unique ID for this SA
- * @param mark mark for this SA
- * @param tfc Traffic Flow Confidentiality padding for this SA
- * @param lifetime lifetime_cfg_t for this SA
- * @param enc_alg Algorithm to use for encryption (ESP only)
- * @param enc_key key to use for encryption
- * @param int_alg Algorithm to use for integrity protection
- * @param int_key key to use for integrity protection
- * @param mode mode of the SA (tunnel, transport)
- * @param ipcomp IPComp transform to use
- * @param cpi CPI for IPComp
- * @param replay_window anti-replay window size
- * @param initiator TRUE if initiator of the exchange creating this SA
- * @param encap enable UDP encapsulation for NAT traversal
- * @param esn TRUE to use Extended Sequence Numbers
- * @param inbound TRUE if this is an inbound SA
- * @param update TRUE if an SPI has already been allocated for SA
- * @param src_ts list of source traffic selectors
- * @param dst_ts list of destination traffic selectors
+ * @param id data identifying this SA
+ * @param data data for this SA
* @return SUCCESS if operation completed
*/
- status_t (*add_sa) (kernel_ipsec_t *this,
- host_t *src, host_t *dst, u_int32_t spi,
- u_int8_t protocol, u_int32_t reqid,
- mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
- ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
- u_int32_t replay_window, bool initiator, bool encap,
- bool esn, bool inbound, bool update,
- linked_list_t *src_ts, linked_list_t *dst_ts);
+ status_t (*add_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_add_sa_t *data);
/**
* Update the hosts on an installed SA.
@@ -125,85 +236,55 @@ struct kernel_ipsec_t {
* to identify SAs. Therefore if the destination address changed we
* create a new SA and delete the old one.
*
- * @param spi SPI of the SA
- * @param protocol protocol for this SA (ESP/AH)
- * @param cpi CPI for IPComp, 0 if no IPComp is used
- * @param src current source address
- * @param dst current destination address
- * @param new_src new source address
- * @param new_dst new destination address
- * @param encap current use of UDP encapsulation
- * @param new_encap new use of UDP encapsulation
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data updated data for this SA
* @return SUCCESS if operation completed, NOT_SUPPORTED if
- * the kernel interface can't update the SA
+ * the kernel interface can't update the SA
*/
- status_t (*update_sa)(kernel_ipsec_t *this,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
- host_t *src, host_t *dst,
- host_t *new_src, host_t *new_dst,
- bool encap, bool new_encap, mark_t mark);
+ status_t (*update_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_update_sa_t *data);
/**
* Query the number of bytes processed by an SA from the SAD.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data data to query the SA
* @param[out] bytes the number of bytes processed by SA
* @param[out] packets number of packets processed by SA
* @param[out] time last (monotonic) time of SA use
* @return SUCCESS if operation completed
*/
- status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes, u_int64_t *packets, time_t *time);
+ status_t (*query_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_query_sa_t *data, uint64_t *bytes,
+ uint64_t *packets, time_t *time);
/**
- * Delete a previusly installed SA from the SAD.
+ * Delete a previously installed SA from the SAD.
*
- * @param src source address for this SA
- * @param dst destination address for this SA
- * @param spi SPI allocated by us or remote peer
- * @param protocol protocol for this SA (ESP/AH)
- * @param cpi CPI for IPComp or 0
- * @param mark optional mark for this SA
+ * @param id data identifying this SA
+ * @param data data to delete the SA
* @return SUCCESS if operation completed
*/
- status_t (*del_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
- mark_t mark);
+ status_t (*del_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id,
+ kernel_ipsec_del_sa_t *data);
/**
* Flush all SAs from the SAD.
*
* @return SUCCESS if operation completed
*/
- status_t (*flush_sas) (kernel_ipsec_t *this);
+ status_t (*flush_sas)(kernel_ipsec_t *this);
/**
* Add a policy to the SPD.
*
- * @param src source address of SA
- * @param dst dest address of SA
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
- * @param sa details about the SA(s) tied to this policy
- * @param mark mark for this policy
- * @param priority priority of this policy
+ * @param id data identifying this policy
+ * @param data data for this policy
* @return SUCCESS if operation completed
*/
- status_t (*add_policy) (kernel_ipsec_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority);
+ status_t (*add_policy)(kernel_ipsec_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
/**
* Query the use time of a policy.
@@ -212,47 +293,33 @@ struct kernel_ipsec_t {
* time. It is not the system time, but a monotonic timestamp as returned
* by time_monotonic.
*
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param mark optional mark
+ * @param id data identifying this policy
+ * @param data data to query the policy
* @param[out] use_time the monotonic timestamp of this SA's last use
* @return SUCCESS if operation completed
*/
- status_t (*query_policy) (kernel_ipsec_t *this,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, mark_t mark,
- time_t *use_time);
+ status_t (*query_policy)(kernel_ipsec_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_query_policy_t *data,
+ time_t *use_time);
/**
* Remove a policy from the SPD.
*
- * @param src source address of SA
- * @param dst dest address of SA
- * @param src_ts traffic selector to match traffic source
- * @param dst_ts traffic selector to match traffic dest
- * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
- * @param sa details about the SA(s) tied to this policy
- * @param mark mark for this policy
- * @param priority priority of the policy
+ * @param id data identifying this policy
+ * @param data data for this policy
* @return SUCCESS if operation completed
*/
- status_t (*del_policy) (kernel_ipsec_t *this,
- host_t *src, host_t *dst,
- traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts,
- policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark,
- policy_priority_t priority);
+ status_t (*del_policy)(kernel_ipsec_t *this,
+ kernel_ipsec_policy_id_t *id,
+ kernel_ipsec_manage_policy_t *data);
/**
* Flush all policies from the SPD.
*
* @return SUCCESS if operation completed
*/
- status_t (*flush_policies) (kernel_ipsec_t *this);
+ status_t (*flush_policies)(kernel_ipsec_t *this);
/**
* Install a bypass policy for the given socket.
@@ -272,12 +339,12 @@ struct kernel_ipsec_t {
* @return TRUE if UDP decapsulation was enabled successfully
*/
bool (*enable_udp_decap)(kernel_ipsec_t *this, int fd, int family,
- u_int16_t port);
+ uint16_t port);
/**
* Destroy the implementation.
*/
- void (*destroy) (kernel_ipsec_t *this);
+ void (*destroy)(kernel_ipsec_t *this);
};
/**
diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h
index 6426fae2a..aaeb4f5b7 100644
--- a/src/libcharon/kernel/kernel_listener.h
+++ b/src/libcharon/kernel/kernel_listener.h
@@ -43,7 +43,7 @@ struct kernel_listener_t {
* @param dst_ts destination traffic selector
* @return TRUE to remain registered, FALSE to unregister
*/
- bool (*acquire)(kernel_listener_t *this, u_int32_t reqid,
+ bool (*acquire)(kernel_listener_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
/**
@@ -55,7 +55,7 @@ struct kernel_listener_t {
* @param hard TRUE if it is a hard expire, FALSE otherwise
* @return TRUE to remain registered, FALSE to unregister
*/
- bool (*expire)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi,
+ bool (*expire)(kernel_listener_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, bool hard);
/**
@@ -67,7 +67,7 @@ struct kernel_listener_t {
* @param remote new remote host
* @return TRUE to remain registered, FALSE to unregister
*/
- bool (*mapping)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi,
+ bool (*mapping)(kernel_listener_t *this, uint8_t protocol, uint32_t spi,
host_t *dst, host_t *remote);
/**
@@ -81,7 +81,7 @@ struct kernel_listener_t {
* @param remote remote host address to be used in the IKE_SA
* @return TRUE to remain registered, FALSE to unregister
*/
- bool (*migrate)(kernel_listener_t *this, u_int32_t reqid,
+ bool (*migrate)(kernel_listener_t *this, uint32_t reqid,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, host_t *local, host_t *remote);
diff --git a/src/libcharon/kernel/kernel_net.h b/src/libcharon/kernel/kernel_net.h
index 7fc644a7e..1d78d6edd 100644
--- a/src/libcharon/kernel/kernel_net.h
+++ b/src/libcharon/kernel/kernel_net.h
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -88,10 +88,12 @@ struct kernel_net_t {
* @param dest target destination address
* @param prefix prefix length if dest is a subnet, -1 for auto
* @param src source address to check, or NULL
+ * @param[out] iface allocated name of the interface to reach dest, if
+ * available (optional)
* @return next hop address, NULL if unreachable
*/
host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, int prefix,
- host_t *src);
+ host_t *src, char **iface);
/**
* Get the interface name of a local address. Interfaces that are down or
@@ -156,7 +158,7 @@ struct kernel_net_t {
* ALREADY_DONE if the route already exists
*/
status_t (*add_route) (kernel_net_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip,
char *if_name);
/**
@@ -170,7 +172,7 @@ struct kernel_net_t {
* @return SUCCESS if operation completed
*/
status_t (*del_route) (kernel_net_t *this, chunk_t dst_net,
- u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ uint8_t prefixlen, host_t *gateway, host_t *src_ip,
char *if_name);
/**
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-15 15:58:26 +0000