summaryrefslogtreecommitdiff
path: root/src/libcharon/sa/child_sa.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa/child_sa.h')
-rw-r--r--src/libcharon/sa/child_sa.h34
1 files changed, 24 insertions, 10 deletions
diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h
index b9a913da1..082404d93 100644
--- a/src/libcharon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@@ -102,17 +102,28 @@ enum child_sa_outbound_state_t {
/**
* Outbound SA is not installed
*/
- CHILD_OUTBOUND_NONE,
+ CHILD_OUTBOUND_NONE = 0,
/**
- * Data for the outbound SA has been registered, but not installed yet
+ * Data for the outbound SA has been registered during a rekeying (not set
+ * once the SA and policies are both installed)
*/
- CHILD_OUTBOUND_REGISTERED,
+ CHILD_OUTBOUND_REGISTERED = (1<<0),
/**
- * The outbound SA is currently installed
+ * The outbound SA has been installed
*/
- CHILD_OUTBOUND_INSTALLED,
+ CHILD_OUTBOUND_SA = (1<<1),
+
+ /**
+ * The outbound policies have been installed
+ */
+ CHILD_OUTBOUND_POLICIES = (1<<2),
+
+ /**
+ * The outbound SA and policies are both installed
+ */
+ CHILD_OUTBOUND_INSTALLED = (CHILD_OUTBOUND_SA|CHILD_OUTBOUND_POLICIES),
};
/**
@@ -400,20 +411,23 @@ struct child_sa_t {
* Register data for the installation of an outbound SA as responder during
* a rekeying.
*
- * The SA is not installed until install_outbound() is called.
+ * If the kernel is able to handle SPIs on policies the SA is installed
+ * immediately, if not it won't be installed until install_outbound() is
+ * called.
*
* @param encr encryption key, if any (cloned)
* @param integ integrity key (cloned)
* @param spi SPI to use, allocated for inbound
* @param cpi CPI to use, allocated for outbound
* @param tfcv3 TRUE if peer supports ESPv3 TFC
+ * @return SUCCESS or FAILED
*/
- void (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ,
- uint32_t spi, uint16_t cpi, bool tfcv3);
+ status_t (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ,
+ uint32_t spi, uint16_t cpi, bool tfcv3);
/**
- * Install the outbound SA and the outbound policies as responder during a
- * rekeying.
+ * Install the outbound policies and, if not already done, the outbound SA
+ * as responder during a rekeying.
*
* @return SUCCESS or FAILED
*/
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 11:47:23 +0000