diff options
Diffstat (limited to 'src/libhydra/kernel')
-rw-r--r-- | src/libhydra/kernel/kernel_interface.c | 14 | ||||
-rw-r--r-- | src/libhydra/kernel/kernel_interface.h | 9 | ||||
-rw-r--r-- | src/libhydra/kernel/kernel_ipsec.h | 2 | ||||
-rw-r--r-- | src/libhydra/kernel/kernel_net.h | 4 |
4 files changed, 21 insertions, 8 deletions
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c index 3e34d20a6..3fa28e054 100644 --- a/src/libhydra/kernel/kernel_interface.c +++ b/src/libhydra/kernel/kernel_interface.c @@ -179,8 +179,9 @@ METHOD(kernel_interface_t, add_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool initiator, bool encap, bool esn, bool inbound, + u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, + u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, + bool initiator, bool encap, bool esn, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { if (!this->ipsec) @@ -188,8 +189,9 @@ METHOD(kernel_interface_t, add_sa, status_t, return NOT_SUPPORTED; } return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, - mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode, - ipcomp, cpi, initiator, encap, esn, inbound, src_ts, dst_ts); + mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode, + ipcomp, cpi, replay_window, initiator, encap, esn, inbound, + src_ts, dst_ts); } METHOD(kernel_interface_t, update_sa, status_t, @@ -300,13 +302,13 @@ METHOD(kernel_interface_t, get_source_addr, host_t*, } METHOD(kernel_interface_t, get_nexthop, host_t*, - private_kernel_interface_t *this, host_t *dest, host_t *src) + private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src) { if (!this->net) { return NULL; } - return this->net->get_nexthop(this->net, dest, src); + return this->net->get_nexthop(this->net, dest, prefix, src); } METHOD(kernel_interface_t, get_interface, bool, diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h index cc47d3c4a..cd550383c 100644 --- a/src/libhydra/kernel/kernel_interface.h +++ b/src/libhydra/kernel/kernel_interface.h @@ -69,6 +69,8 @@ enum kernel_feature_t { KERNEL_REQUIRE_EXCLUDE_ROUTE = (1<<1), /** IPsec implementation requires UDP encapsulation of ESP packets */ KERNEL_REQUIRE_UDP_ENCAPSULATION = (1<<2), + /** IPsec backend does not require a policy reinstall on SA updates */ + KERNEL_NO_POLICY_UPDATES = (1<<3), }; /** @@ -145,6 +147,7 @@ struct kernel_interface_t { * @param mode mode of the SA (tunnel, transport) * @param ipcomp IPComp transform to use * @param cpi CPI for IPComp + * @param replay_window anti-replay window size * @param initiator TRUE if initiator of the exchange creating this SA * @param encap enable UDP encapsulation for NAT traversal * @param esn TRUE to use Extended Sequence Numbers @@ -160,6 +163,7 @@ struct kernel_interface_t { u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, + u_int32_t replay_window, bool initiator, bool encap, bool esn, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); @@ -326,9 +330,12 @@ struct kernel_interface_t { * for the given source to dest. * * @param dest target destination address + * @param prefix prefix length if dest is a subnet, -1 for auto + * @param src source address to check, or NULL * @return next hop address, NULL if unreachable */ - host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest, host_t *src); + host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest, + int prefix, host_t *src); /** * Get the interface name of a local address. Interfaces that are down or diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h index 25f5b38fd..eec7401e9 100644 --- a/src/libhydra/kernel/kernel_ipsec.h +++ b/src/libhydra/kernel/kernel_ipsec.h @@ -101,6 +101,7 @@ struct kernel_ipsec_t { * @param mode mode of the SA (tunnel, transport) * @param ipcomp IPComp transform to use * @param cpi CPI for IPComp + * @param replay_window anti-replay window size * @param initiator TRUE if initiator of the exchange creating this SA * @param encap enable UDP encapsulation for NAT traversal * @param esn TRUE to use Extended Sequence Numbers @@ -116,6 +117,7 @@ struct kernel_ipsec_t { u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, + u_int32_t replay_window, bool initiator, bool encap, bool esn, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); diff --git a/src/libhydra/kernel/kernel_net.h b/src/libhydra/kernel/kernel_net.h index 8c448ddbc..4312c17d1 100644 --- a/src/libhydra/kernel/kernel_net.h +++ b/src/libhydra/kernel/kernel_net.h @@ -86,10 +86,12 @@ struct kernel_net_t { * for the given source to dest. * * @param dest target destination address + * @param prefix prefix length if dest is a subnet, -1 for auto * @param src source address to check, or NULL * @return next hop address, NULL if unreachable */ - host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, host_t *src); + host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, int prefix, + host_t *src); /** * Get the interface name of a local address. Interfaces that are down or |