From bf372706c469764d59e9f29c39e3ecbebd72b8d2 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Sat, 16 Jul 2016 15:19:53 +0200 Subject: Imported Upstream version 5.5.0 --- .../plugins/kernel_wfp/kernel_wfp_ipsec.c | 260 ++++++++++----------- 1 file changed, 128 insertions(+), 132 deletions(-) (limited to 'src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c') diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c index e1c429885..6ad26b72f 100644 --- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c +++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c @@ -45,7 +45,7 @@ struct private_kernel_wfp_ipsec_t { /** * Mix value to distribute SPI allocation randomly */ - u_int32_t mixspi; + uint32_t mixspi; /** * IKE bypass filters, as UINT64 filter LUID @@ -103,16 +103,16 @@ struct private_kernel_wfp_ipsec_t { */ typedef struct { /** SPI for this SA */ - u_int32_t spi; + uint32_t spi; /** protocol, IPPROTO_ESP/IPPROTO_AH */ - u_int8_t protocol; + uint8_t protocol; /** hard lifetime of SA */ - u_int32_t lifetime; + uint32_t lifetime; /** destination host address for this SPI */ host_t *dst; struct { /** algorithm */ - u_int16_t alg; + uint16_t alg; /** key */ chunk_t key; } integ, encr; @@ -144,13 +144,13 @@ typedef struct { /** policy destinaiton addresses */ traffic_selector_t *dst; /** WFP allocated LUID for inbound filter ID */ - u_int64_t policy_in; + uint64_t policy_in; /** WFP allocated LUID for outbound filter ID */ - u_int64_t policy_out; + uint64_t policy_out; /** WFP allocated LUID for forward inbound filter ID, tunnel mode only */ - u_int64_t policy_fwd_in; + uint64_t policy_fwd_in; /** WFP allocated LUID for forward outbound filter ID, tunnel mode only */ - u_int64_t policy_fwd_out; + uint64_t policy_fwd_out; /** have installed a route for it? */ bool route; } sp_entry_t; @@ -170,7 +170,7 @@ static void sp_entry_destroy(sp_entry_t *sp) */ typedef struct { /** reqid of entry */ - u_int32_t reqid; + uint32_t reqid; /** outer address on local host */ host_t *local; /** outer address on remote host */ @@ -186,17 +186,17 @@ typedef struct { /** UDP encapsulation */ bool encap; /** provider context, for tunnel mode only */ - u_int64_t provider; + uint64_t provider; /** WFP allocated LUID for SA context */ - u_int64_t sa_id; + uint64_t sa_id; /** WFP allocated LUID for tunnel mode IP-IPv4 inbound filter */ - u_int64_t ip_ipv4_in; + uint64_t ip_ipv4_in; /** WFP allocated LUID for tunnel mode IP-IPv4 outbound filter */ - u_int64_t ip_ipv4_out; + uint64_t ip_ipv4_out; /** WFP allocated LUID for tunnel mode IP-IPv6 inbound filter */ - u_int64_t ip_ipv6_in; + uint64_t ip_ipv6_in; /** WFP allocated LUID for tunnel mode IP-IPv6 outbound filter */ - u_int64_t ip_ipv6_out; + uint64_t ip_ipv6_out; } entry_t; /** @@ -206,7 +206,7 @@ typedef struct { /** destination net of route */ host_t *dst; /** prefix length of dst */ - u_int8_t mask; + uint8_t mask; /** source address for route */ host_t *src; /** gateway of route, NULL if directly attached */ @@ -348,9 +348,9 @@ static FWPM_FILTER_CONDITION0 *append_condition(FWPM_FILTER_CONDITION0 *conds[], /** * Convert an IPv4 prefix to a host order subnet mask */ -static u_int32_t prefix2mask(u_int8_t prefix) +static uint32_t prefix2mask(uint8_t prefix) { - u_int8_t netmask[4] = {}; + uint8_t netmask[4] = {}; int i; for (i = 0; i < sizeof(netmask); i++) @@ -370,7 +370,7 @@ static u_int32_t prefix2mask(u_int8_t prefix) * Convert a 16-bit range to a WFP condition */ static void range2cond(FWPM_FILTER_CONDITION0 *cond, - u_int16_t from, u_int16_t to) + uint16_t from, uint16_t to) { if (from == to) { @@ -399,11 +399,11 @@ static bool ts2condition(traffic_selector_t *ts, const GUID *target, FWPM_FILTER_CONDITION0 *cond; FWP_BYTE_ARRAY16 *addr; FWP_RANGE0 *range; - u_int16_t from_port, to_port; + uint16_t from_port, to_port; void *from, *to; - u_int8_t proto; + uint8_t proto; host_t *net; - u_int8_t prefix; + uint8_t prefix; from = ts->get_from_address(ts).ptr; to = ts->get_to_address(ts).ptr; @@ -496,7 +496,7 @@ static bool ts2condition(traffic_selector_t *ts, const GUID *target, { if (target == &FWPM_CONDITION_IP_LOCAL_ADDRESS) { - u_int8_t from_type, to_type, from_code, to_code; + uint8_t from_type, to_type, from_code, to_code; from_type = traffic_selector_icmp_type(from_port); to_type = traffic_selector_icmp_type(to_port); @@ -736,7 +736,7 @@ static bool install_sp(private_kernel_wfp_ipsec_t *this, sp_entry_t *sp, */ static bool install_ipip_ale(private_kernel_wfp_ipsec_t *this, host_t *local, host_t *remote, GUID *context, - bool inbound, int proto, u_int64_t *filter_id) + bool inbound, int proto, uint64_t *filter_id) { traffic_selector_t *lts, *rts; FWPM_FILTER_CONDITION0 *conds = NULL; @@ -1013,7 +1013,7 @@ static bool install_sa(private_kernel_wfp_ipsec_t *this, entry_t *entry, .ipVersion = version, }; struct { - u_int16_t alg; + uint16_t alg; chunk_t key; } integ = {}, encr = {}; DWORD res; @@ -1099,9 +1099,9 @@ static bool install_sa(private_kernel_wfp_ipsec_t *this, entry_t *entry, */ static void host2address6(host_t *host, void *out) { - u_int32_t *src, *dst = out; + uint32_t *src, *dst = out; - src = (u_int32_t*)host->get_address(host).ptr; + src = (uint32_t*)host->get_address(host).ptr; dst[0] = untoh32(&src[3]); dst[1] = untoh32(&src[2]); @@ -1273,7 +1273,7 @@ static bool generate_guid(private_kernel_wfp_ipsec_t *this, GUID *guid) { return FALSE; } - ok = rng->get_bytes(rng, sizeof(GUID), (u_int8_t*)guid); + ok = rng->get_bytes(rng, sizeof(GUID), (uint8_t*)guid); rng->destroy(rng); return ok; } @@ -1379,7 +1379,7 @@ static bool install_tunnel_sps(private_kernel_wfp_ipsec_t *this, entry_t *entry) * Reduce refcount, or uninstall a route if all refs gone */ static bool uninstall_route(private_kernel_wfp_ipsec_t *this, - host_t *dst, u_int8_t mask, host_t *src, host_t *gtw) + host_t *dst, uint8_t mask, host_t *src, host_t *gtw) { route_t *route, key = { .dst = dst, @@ -1421,7 +1421,7 @@ static bool uninstall_route(private_kernel_wfp_ipsec_t *this, * Install a single route, or refcount if exists */ static bool install_route(private_kernel_wfp_ipsec_t *this, - host_t *dst, u_int8_t mask, host_t *src, host_t *gtw) + host_t *dst, uint8_t mask, host_t *src, host_t *gtw) { route_t *route, key = { .dst = dst, @@ -1476,7 +1476,7 @@ static bool manage_route(private_kernel_wfp_ipsec_t *this, bool add) { host_t *src, *dst, *gtw; - u_int8_t mask; + uint8_t mask; bool done; if (!dst_ts->to_subnet(dst_ts, &dst, &mask)) @@ -1489,7 +1489,7 @@ static bool manage_route(private_kernel_wfp_ipsec_t *this, dst->destroy(dst); return FALSE; } - gtw = charon->kernel->get_nexthop(charon->kernel, remote, -1, local); + gtw = charon->kernel->get_nexthop(charon->kernel, remote, -1, local, NULL); if (add) { done = install_route(this, dst, mask, src, gtw); @@ -1578,7 +1578,7 @@ static bool install(private_kernel_wfp_ipsec_t *this, entry_t *entry) */ typedef struct { /** reqid this trap is installed for */ - u_int32_t reqid; + uint32_t reqid; /** is this a forward policy trap for tunnel mode? */ bool fwd; /** do we have installed a route for this trap policy? */ @@ -1629,7 +1629,7 @@ static u_int hash_trap(trap_t *trap) static void acquire(private_kernel_wfp_ipsec_t *this, UINT64 filter_id, traffic_selector_t *src, traffic_selector_t *dst) { - u_int32_t reqid = 0; + uint32_t reqid = 0; trap_t *trap, key = { .filter_id = filter_id, }; @@ -1654,7 +1654,7 @@ static void acquire(private_kernel_wfp_ipsec_t *this, UINT64 filter_id, * Create a single host traffic selector from an FWP address definition */ static traffic_selector_t *addr2ts(FWP_IP_VERSION version, void *data, - u_int8_t protocol, u_int16_t from_port, u_int16_t to_port) + uint8_t protocol, uint16_t from_port, uint16_t to_port) { ts_type_t type; UINT32 ints[4]; @@ -1689,9 +1689,9 @@ static void WINAPI event_callback(void *user, const FWPM_NET_EVENT1 *event) { private_kernel_wfp_ipsec_t *this = user; traffic_selector_t *local = NULL, *remote = NULL; - u_int8_t protocol = 0; - u_int16_t from_local = 0, to_local = 65535; - u_int16_t from_remote = 0, to_remote = 65535; + uint8_t protocol = 0; + uint16_t from_local = 0, to_local = 65535; + uint16_t from_remote = 0, to_remote = 65535; if ((event->header.flags & FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET) && (event->header.flags & FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET)) @@ -1861,7 +1861,7 @@ static bool uninstall_trap(private_kernel_wfp_ipsec_t *this, trap_t *trap) * Create and install a new trap entry */ static bool add_trap(private_kernel_wfp_ipsec_t *this, - u_int32_t reqid, bool fwd, host_t *local, host_t *remote, + uint32_t reqid, bool fwd, host_t *local, host_t *remote, traffic_selector_t *src, traffic_selector_t *dst) { trap_t *trap; @@ -1893,7 +1893,7 @@ static bool add_trap(private_kernel_wfp_ipsec_t *this, * Uninstall and remove a new trap entry */ static bool remove_trap(private_kernel_wfp_ipsec_t *this, - u_int32_t reqid, bool fwd, + uint32_t reqid, bool fwd, traffic_selector_t *src, traffic_selector_t *dst) { enumerator_t *enumerator; @@ -1949,10 +1949,10 @@ static bool init_spi(private_kernel_wfp_ipsec_t *this) { return FALSE; } - ok = rng->get_bytes(rng, sizeof(this->nextspi), (u_int8_t*)&this->nextspi); + ok = rng->get_bytes(rng, sizeof(this->nextspi), (uint8_t*)&this->nextspi); if (ok) { - ok = rng->get_bytes(rng, sizeof(this->mixspi), (u_int8_t*)&this->mixspi); + ok = rng->get_bytes(rng, sizeof(this->mixspi), (uint8_t*)&this->mixspi); } rng->destroy(rng); return ok; @@ -1966,7 +1966,7 @@ static u_int permute(u_int x, u_int p) u_int qr; x = x % p; - qr = ((u_int64_t)x * x) % p; + qr = ((uint64_t)x * x) % p; if (x <= p / 2) { return qr; @@ -1976,7 +1976,7 @@ static u_int permute(u_int x, u_int p) METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { /* To avoid sequencial SPIs, we use a one-to-one permuation function on * an incrementing counter, that is a full period PRNG for the range we @@ -1993,7 +1993,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { return NOT_SUPPORTED; } @@ -2005,7 +2005,7 @@ typedef struct { /* backref to kernel backend */ private_kernel_wfp_ipsec_t *this; /* SPI of expiring SA */ - u_int32_t spi; + uint32_t spi; /* destination address of expiring SA */ host_t *dst; /* is this a hard expire, or a rekey request? */ @@ -2027,7 +2027,7 @@ static void expire_data_destroy(expire_data_t *data) static job_requeue_t expire_job(expire_data_t *data) { private_kernel_wfp_ipsec_t *this = data->this; - u_int8_t protocol; + uint8_t protocol; entry_t *entry = NULL; sa_entry_t key = { .spi = data->spi, @@ -2074,8 +2074,8 @@ static job_requeue_t expire_job(expire_data_t *data) /** * Schedule an expire event for an SA */ -static void schedule_expire(private_kernel_wfp_ipsec_t *this, u_int32_t spi, - host_t *dst, u_int32_t lifetime, bool hard) +static void schedule_expire(private_kernel_wfp_ipsec_t *this, uint32_t spi, + host_t *dst, uint32_t lifetime, bool hard) { expire_data_t *data; @@ -2093,57 +2093,55 @@ static void schedule_expire(private_kernel_wfp_ipsec_t *this, u_int32_t spi, } METHOD(kernel_ipsec_t, add_sa, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { host_t *local, *remote; entry_t *entry; - if (inbound) + if (data->inbound) { /* comes first, create new entry */ - local = dst->clone(dst); - remote = src->clone(src); + local = id->dst->clone(id->dst); + remote = id->src->clone(id->src); INIT(entry, - .reqid = reqid, + .reqid = data->reqid, .isa = { - .spi = spi, + .spi = id->spi, .dst = local, - .protocol = protocol, - .lifetime = lifetime->time.life, + .protocol = id->proto, + .lifetime = data->lifetime->time.life, .encr = { - .alg = enc_alg, - .key = chunk_clone(enc_key), + .alg = data->enc_alg, + .key = chunk_clone(data->enc_key), }, .integ = { - .alg = int_alg, - .key = chunk_clone(int_key), + .alg = data->int_alg, + .key = chunk_clone(data->int_key), }, }, .sps = array_create(0, 0), .local = local, .remote = remote, - .mode = mode, - .encap = encap, + .mode = data->mode, + .encap = data->encap, ); - if (lifetime->time.life) + if (data->lifetime->time.life) { - schedule_expire(this, spi, local, lifetime->time.life, TRUE); + schedule_expire(this, id->spi, local, + data->lifetime->time.life, TRUE); } - if (lifetime->time.rekey && lifetime->time.rekey != lifetime->time.life) + if (data->lifetime->time.rekey && + data->lifetime->time.rekey != data->lifetime->time.life) { - schedule_expire(this, spi, local, lifetime->time.rekey, FALSE); + schedule_expire(this, id->spi, local, + data->lifetime->time.rekey, FALSE); } this->mutex->lock(this->mutex); - this->tsas->put(this->tsas, (void*)(uintptr_t)reqid, entry); + this->tsas->put(this->tsas, (void*)(uintptr_t)data->reqid, entry); this->isas->put(this->isas, &entry->isa, entry); this->mutex->unlock(this->mutex); } @@ -2151,29 +2149,29 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { /* comes after inbound, update entry */ this->mutex->lock(this->mutex); - entry = this->tsas->remove(this->tsas, (void*)(uintptr_t)reqid); + entry = this->tsas->remove(this->tsas, (void*)(uintptr_t)data->reqid); this->mutex->unlock(this->mutex); if (!entry) { DBG1(DBG_KNL, "adding outbound SA failed, no inbound SA found " - "for reqid %u ", reqid); + "for reqid %u ", data->reqid); return NOT_FOUND; } /* TODO: should we check for local/remote, mode etc.? */ entry->osa = (sa_entry_t){ - .spi = spi, + .spi = id->spi, .dst = entry->remote, - .protocol = protocol, - .lifetime = lifetime->time.life, + .protocol = id->proto, + .lifetime = data->lifetime->time.life, .encr = { - .alg = enc_alg, - .key = chunk_clone(enc_key), + .alg = data->enc_alg, + .key = chunk_clone(data->enc_key), }, .integ = { - .alg = int_alg, - .key = chunk_clone(int_key), + .alg = data->int_alg, + .key = chunk_clone(data->int_key), }, }; @@ -2186,14 +2184,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } METHOD(kernel_ipsec_t, update_sa, status_t, - private_kernel_wfp_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { entry_t *entry; sa_entry_t key = { - .dst = dst, - .spi = spi, + .dst = id->dst, + .spi = id->spi, }; UINT64 sa_id = 0; IPSEC_SA_CONTEXT1 *ctx; @@ -2233,16 +2230,16 @@ METHOD(kernel_ipsec_t, update_sa, status_t, DBG1(DBG_KNL, "getting WFP SA context for updated failed: 0x%08x", res); return FAILED; } - if (!hosts2traffic(this, new_dst, new_src, &ctx->inboundSa->traffic) || - !hosts2traffic(this, new_dst, new_src, &ctx->outboundSa->traffic)) + if (!hosts2traffic(this, data->new_dst, data->new_src, &ctx->inboundSa->traffic) || + !hosts2traffic(this, data->new_dst, data->new_src, &ctx->outboundSa->traffic)) { FwpmFreeMemory0((void**)&ctx); return FAILED; } - if (new_encap != encap) + if (data->new_encap != data->encap) { - if (new_encap) + if (data->new_encap) { ctx->inboundSa->udpEncapsulation = &ports; ctx->outboundSa->udpEncapsulation = &ports; @@ -2273,8 +2270,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, entry->local->destroy(entry->local); entry->remote->destroy(entry->remote); - entry->local = new_dst->clone(new_dst); - entry->remote = new_src->clone(new_src); + entry->local = data->new_dst->clone(data->new_dst); + entry->remote = data->new_src->clone(data->new_src); entry->isa.dst = entry->local; entry->osa.dst = entry->remote; @@ -2290,9 +2287,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t, } METHOD(kernel_ipsec_t, query_sa, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes, - u_int64_t *packets, time_t *time) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { /* It does not seem that WFP provides any means of getting per-SA traffic * statistics. IPsecGetStatistics0/1() provides global stats, and @@ -2302,13 +2299,13 @@ METHOD(kernel_ipsec_t, query_sa, status_t, } METHOD(kernel_ipsec_t, del_sa, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { entry_t *entry; sa_entry_t key = { - .dst = dst, - .spi = spi, + .dst = id->dst, + .spi = id->spi, }; this->mutex->lock(this->mutex); @@ -2341,25 +2338,23 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, } METHOD(kernel_ipsec_t, add_policy, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { status_t status = SUCCESS; entry_t *entry; sp_entry_t *sp; sa_entry_t key = { - .spi = sa->esp.use ? sa->esp.spi : sa->ah.spi, - .dst = dst, + .spi = data->sa->esp.use ? data->sa->esp.spi : data->sa->ah.spi, + .dst = data->dst, }; - if (sa->esp.use && sa->ah.use) + if (data->sa->esp.use && data->sa->ah.use) { return NOT_SUPPORTED; } - switch (type) + switch (data->type) { case POLICY_IPSEC: break; @@ -2368,7 +2363,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, return NOT_SUPPORTED; } - switch (direction) + switch (id->dir) { case POLICY_OUT: break; @@ -2380,18 +2375,20 @@ METHOD(kernel_ipsec_t, add_policy, status_t, return NOT_SUPPORTED; } - switch (priority) + switch (data->prio) { case POLICY_PRIORITY_DEFAULT: break; case POLICY_PRIORITY_ROUTED: - if (!add_trap(this, sa->reqid, FALSE, src, dst, src_ts, dst_ts)) + if (!add_trap(this, data->sa->reqid, FALSE, data->src, data->dst, + id->src_ts, id->dst_ts)) { return FAILED; } - if (sa->mode == MODE_TUNNEL) + if (data->sa->mode == MODE_TUNNEL) { - if (!add_trap(this, sa->reqid, TRUE, src, dst, src_ts, dst_ts)) + if (!add_trap(this, data->sa->reqid, TRUE, data->src, data->dst, + id->src_ts, id->dst_ts)) { return FAILED; } @@ -2406,14 +2403,14 @@ METHOD(kernel_ipsec_t, add_policy, status_t, entry = this->osas->get(this->osas, &key); if (entry) { - if (sa->mode == MODE_TUNNEL || array_count(entry->sps) == 0) + if (data->sa->mode == MODE_TUNNEL || array_count(entry->sps) == 0) { INIT(sp, - .src = src_ts->clone(src_ts), - .dst = dst_ts->clone(dst_ts), + .src = id->src_ts->clone(id->src_ts), + .dst = id->dst_ts->clone(id->dst_ts), ); array_insert(entry->sps, -1, sp); - if (array_count(entry->sps) == sa->policy_count) + if (array_count(entry->sps) == data->sa->policy_count) { if (!install(this, entry)) { @@ -2442,25 +2439,24 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } METHOD(kernel_ipsec_t, query_policy, status_t, - private_kernel_wfp_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { /* see query_sa() for some notes */ return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { - if (direction == POLICY_OUT && priority == POLICY_PRIORITY_ROUTED) + if (id->dir == POLICY_OUT && data->prio == POLICY_PRIORITY_ROUTED) { - if (remove_trap(this, sa->reqid, FALSE, src_ts, dst_ts)) + if (remove_trap(this, data->sa->reqid, FALSE, id->src_ts, + id->dst_ts)) { - remove_trap(this, sa->reqid, TRUE, src_ts, dst_ts); + remove_trap(this, data->sa->reqid, TRUE, id->src_ts, + id->dst_ts); return SUCCESS; } return NOT_FOUND; @@ -2479,7 +2475,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t, * Add a bypass policy for a specific UDP port */ static bool add_bypass(private_kernel_wfp_ipsec_t *this, - int family, u_int16_t port, bool inbound, UINT64 *luid) + int family, uint16_t port, bool inbound, UINT64 *luid) { FWPM_FILTER_CONDITION0 *cond, *conds = NULL; int count = 0; @@ -2547,7 +2543,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } saddr; int addrlen = sizeof(saddr); UINT64 filter_out, filter_in = 0; - u_int16_t port; + uint16_t port; if (getsockname(fd, &saddr.sa, &addrlen) == SOCKET_ERROR) { @@ -2584,7 +2580,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_kernel_wfp_ipsec_t *this, int fd, int family, u_int16_t port) + private_kernel_wfp_ipsec_t *this, int fd, int family, uint16_t port) { return FALSE; } -- cgit v1.2.3