diff options
Diffstat (limited to 'src/pluto/kernel.h')
| -rw-r--r-- | src/pluto/kernel.h | 204 |
1 files changed, 101 insertions, 103 deletions
diff --git a/src/pluto/kernel.h b/src/pluto/kernel.h index fdc2bf0a8..06850abfd 100644 --- a/src/pluto/kernel.h +++ b/src/pluto/kernel.h @@ -10,13 +10,11 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: kernel.h 3252 2007-10-06 21:24:50Z andreas $ */ #include "connections.h" -extern bool no_klips; /* don't actually use KLIPS */ +extern bool no_klips; /* don't actually use KLIPS */ extern bool can_do_IPcomp; /* can system actually perform IPCOMP? */ #ifdef KLIPS @@ -28,96 +26,96 @@ extern bool can_do_IPcomp; /* can system actually perform IPCOMP? */ * limited to appropriate source and destination addresses. */ -#define ERO_MASK 0xFF -#define ERO_FLAG_SHIFT 8 +#define ERO_MASK 0xFF +#define ERO_FLAG_SHIFT 8 -#define ERO_DELETE SADB_X_DELFLOW -#define ERO_ADD SADB_X_ADDFLOW -#define ERO_REPLACE (SADB_X_ADDFLOW | (SADB_X_SAFLAGS_REPLACEFLOW << ERO_FLAG_SHIFT)) -#define ERO_ADD_INBOUND (SADB_X_ADDFLOW | (SADB_X_SAFLAGS_INFLOW << ERO_FLAG_SHIFT)) -#define ERO_DEL_INBOUND (SADB_X_DELFLOW | (SADB_X_SAFLAGS_INFLOW << ERO_FLAG_SHIFT)) +#define ERO_DELETE SADB_X_DELFLOW +#define ERO_ADD SADB_X_ADDFLOW +#define ERO_REPLACE (SADB_X_ADDFLOW | (SADB_X_SAFLAGS_REPLACEFLOW << ERO_FLAG_SHIFT)) +#define ERO_ADD_INBOUND (SADB_X_ADDFLOW | (SADB_X_SAFLAGS_INFLOW << ERO_FLAG_SHIFT)) +#define ERO_DEL_INBOUND (SADB_X_DELFLOW | (SADB_X_SAFLAGS_INFLOW << ERO_FLAG_SHIFT)) struct pfkey_proto_info { - int proto; - int encapsulation; - unsigned reqid; + int proto; + int encapsulation; + unsigned reqid; }; struct sadb_msg; struct kernel_sa { - const ip_address *src; - const ip_address *dst; + const ip_address *src; + const ip_address *dst; - const ip_subnet *src_client; - const ip_subnet *dst_client; + const ip_subnet *src_client; + const ip_subnet *dst_client; - ipsec_spi_t spi; - unsigned proto; - unsigned satype; - unsigned transport_proto; - unsigned replay_window; - unsigned reqid; + ipsec_spi_t spi; + unsigned proto; + unsigned satype; + unsigned transport_proto; + unsigned replay_window; + unsigned reqid; - unsigned authalg; - unsigned authkeylen; - char *authkey; + unsigned authalg; + unsigned authkeylen; + char *authkey; - unsigned encalg; - unsigned enckeylen; - char *enckey; + unsigned encalg; + unsigned enckeylen; + char *enckey; - unsigned compalg; + unsigned compalg; - int encapsulation; + int encapsulation; - u_int16_t natt_sport, natt_dport; - u_int8_t transid, natt_type; - ip_address *natt_oa; + u_int16_t natt_sport, natt_dport; + u_int8_t transid, natt_type; + ip_address *natt_oa; - const char *text_said; + const char *text_said; }; struct kernel_ops { - enum { - KERNEL_TYPE_NONE, - KERNEL_TYPE_KLIPS, - KERNEL_TYPE_LINUX, - } type; - bool inbound_eroute; - bool policy_lifetime; - int *async_fdp; - - void (*init)(void); - void (*pfkey_register)(void); - void (*pfkey_register_response)(const struct sadb_msg *msg); - void (*process_queue)(void); - void (*process_msg)(void); - bool (*raw_eroute)(const ip_address *this_host, - const ip_subnet *this_client, - const ip_address *that_host, - const ip_subnet *that_client, - ipsec_spi_t spi, - unsigned int satype, - unsigned int transport_proto, - const struct pfkey_proto_info *proto_info, - time_t use_lifetime, - unsigned int op, - const char *text_said); - bool (*get_policy)(const struct kernel_sa *sa, bool inbound, - time_t *use_time); - bool (*add_sa)(const struct kernel_sa *sa, bool replace); - bool (*grp_sa)(const struct kernel_sa *sa_outer, - const struct kernel_sa *sa_inner); - bool (*del_sa)(const struct kernel_sa *sa); - bool (*get_sa)(const struct kernel_sa *sa, u_int *bytes); - ipsec_spi_t (*get_spi)(const ip_address *src, - const ip_address *dst, - int proto, - bool tunnel_mode, - unsigned reqid, - ipsec_spi_t min, - ipsec_spi_t max, - const char *text_said); + enum { + KERNEL_TYPE_NONE, + KERNEL_TYPE_KLIPS, + KERNEL_TYPE_LINUX, + } type; + bool inbound_eroute; + bool policy_lifetime; + int *async_fdp; + + void (*init)(void); + void (*pfkey_register)(void); + void (*pfkey_register_response)(const struct sadb_msg *msg); + void (*process_queue)(void); + void (*process_msg)(void); + bool (*raw_eroute)(const ip_address *this_host, + const ip_subnet *this_client, + const ip_address *that_host, + const ip_subnet *that_client, + ipsec_spi_t spi, + unsigned int satype, + unsigned int transport_proto, + const struct pfkey_proto_info *proto_info, + time_t use_lifetime, + unsigned int op, + const char *text_said); + bool (*get_policy)(const struct kernel_sa *sa, bool inbound, + time_t *use_time); + bool (*add_sa)(const struct kernel_sa *sa, bool replace); + bool (*grp_sa)(const struct kernel_sa *sa_outer, + const struct kernel_sa *sa_inner); + bool (*del_sa)(const struct kernel_sa *sa); + bool (*get_sa)(const struct kernel_sa *sa, u_int *bytes); + ipsec_spi_t (*get_spi)(const ip_address *src, + const ip_address *dst, + int proto, + bool tunnel_mode, + unsigned reqid, + ipsec_spi_t min, + ipsec_spi_t max, + const char *text_said); }; @@ -126,13 +124,13 @@ extern const struct kernel_ops *kernel_ops; /* information from /proc/net/ipsec_eroute */ struct eroute_info { - unsigned long count; - ip_subnet ours; - ip_subnet his; - ip_address dst; - ip_said said; - int transport_proto; - struct eroute_info *next; + unsigned long count; + ip_subnet ours; + ip_subnet his; + ip_address dst; + ip_said said; + int transport_proto; + struct eroute_info *next; }; extern struct eroute_info *orphaned_holds; @@ -144,13 +142,13 @@ extern void show_shunt_status(void); * Is there a PF_KEY equivalent? */ #ifndef EM_MAXRELSPIS -# define EM_MAXRELSPIS 4 /* AH ESP IPCOMP IPIP */ +# define EM_MAXRELSPIS 4 /* AH ESP IPCOMP IPIP */ #endif extern void record_and_initiate_opportunistic(const ip_subnet * - , const ip_subnet * - , int transport_proto - , const char *why); + , const ip_subnet * + , int transport_proto + , const char *why); extern void init_kernel(void); @@ -160,39 +158,39 @@ extern bool trap_connection(struct connection *c); extern void unroute_connection(struct connection *c); extern bool has_bare_hold(const ip_address *src, const ip_address *dst - , int transport_proto); + , int transport_proto); extern bool replace_bare_shunt(const ip_address *src, const ip_address *dst - , policy_prio_t policy_prio - , ipsec_spi_t shunt_spi /* in host order! */ - , bool repl - , unsigned int transport_proto - , const char *why); + , policy_prio_t policy_prio + , ipsec_spi_t shunt_spi /* in host order! */ + , bool repl + , unsigned int transport_proto + , const char *why); extern bool assign_hold(struct connection *c - , struct spd_route *sr - , int transport_proto - , const ip_address *src, const ip_address *dst); + , struct spd_route *sr + , int transport_proto + , const ip_address *src, const ip_address *dst); extern ipsec_spi_t shunt_policy_spi(struct connection *c, bool prospective); -struct state; /* forward declaration of tag */ +struct state; /* forward declaration of tag */ extern ipsec_spi_t get_ipsec_spi(ipsec_spi_t avoid - , int proto - , struct spd_route *sr - , bool tunnel_mode); + , int proto + , struct spd_route *sr + , bool tunnel_mode); extern ipsec_spi_t get_my_cpi(struct spd_route *sr, bool tunnel_mode); extern bool install_inbound_ipsec_sa(struct state *st); extern bool install_ipsec_sa(struct state *st, bool inbound_also); extern void delete_ipsec_sa(struct state *st, bool inbound_only); extern bool route_and_eroute(struct connection *c - , struct spd_route *sr - , struct state *st); + , struct spd_route *sr + , struct state *st); extern bool was_eroute_idle(struct state *st, time_t idle_max - , time_t *idle_time); + , time_t *idle_time); extern bool get_sa_info(struct state *st, bool inbound, u_int *bytes - , time_t *use_time); + , time_t *use_time); extern bool update_ipsec_sa(struct state *st); |