- fixed bad bugs in kernel interface
[strongswan.git] / Source / charon / threads / kernel_interface.h
1 /**
2 * @file kernel_interface.h
3 *
4 * @brief Interface of kernel_interface_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef KERNEL_INTERFACE_H_
24 #define KERNEL_INTERFACE_H_
25
26 #include <linux/xfrm.h>
27
28 #include <utils/host.h>
29 #include <encoding/payloads/proposal_substructure.h>
30
31 typedef struct kernel_interface_t kernel_interface_t;
32
33 /**
34 * @brief Interface to the kernel.
35 *
36 * The kernel interface handles the communication with the kernel
37 * for SA and policy management. It allows setup of these, and provides
38 * further the handling of kernel events.
39 *
40 * @b Constructors:
41 * - kernel_interface_create()
42 *
43 * @ingroup threads
44 */
45 struct kernel_interface_t {
46
47 /**
48 * @brief Get a SPI from the kernel.
49 *
50 * @param this calling object
51 * @param src source address of SA
52 * @param dst destination address of SA
53 * @param protocol protocol for SA (ESP/AH)
54 * @param reqid unique ID for this SA
55 * @param[out] spi allocated spi
56 * @return
57 * - SUCCESS
58 * - FAILED if kernel comm failed
59 */
60 status_t (*get_spi) (kernel_interface_t *this,
61 host_t *src, host_t *dst,
62 protocol_id_t protocol,
63 u_int32_t reqid,
64 u_int32_t *spi);
65
66 /**
67 * @brief Add an SA to the SAD.
68 *
69 * add_sa() may update an already allocated
70 * SPI (via get_spi). In this case, the replace
71 * flag must be set.
72 * This function does install a single SA for a
73 * single protocol in one direction.
74 *
75 * @param this calling object
76 * @param src source address for this SA
77 * @param dst destination address for this SA
78 * @param spi SPI allocated by us or remote peer
79 * @param protocol protocol for this SA (ESP/AH)
80 * @param reqid unique ID for this SA
81 * @param enc_alg Algorithm to use for encryption (ESP only)
82 * @param enc_key Key to use for encryption
83 * @param int_alg Algorithm to use for integrity protection
84 * @param int_key Key for integrity protection
85 * @param replace Should an already installed SA be updated?
86 * @return
87 * - SUCCESS
88 * - FAILED if kernel comm failed
89 */
90 status_t (*add_sa)(kernel_interface_t *this,
91 host_t *src, host_t *dst,
92 u_int32_t spi,
93 protocol_id_t protocol,
94 u_int32_t reqid,
95 encryption_algorithm_t enc_alg,
96 chunk_t enc_key,
97 integrity_algorithm_t int_alg,
98 chunk_t int_key,
99 bool replace);
100 /**
101 * @brief Delete a previusly installed SA from the SAD.
102 *
103 * @param this calling object
104 * @param dst destination address for this SA
105 * @param spi SPI allocated by us or remote peer
106 * @param protocol protocol for this SA (ESP/AH)
107 * @return
108 * - SUCCESS
109 * - FAILED if kernel comm failed
110 */
111 status_t (*del_sa) (kernel_interface_t *this,
112 host_t *dst,
113 u_int32_t spi,
114 protocol_id_t protocol);
115
116 /**
117 * @brief Add a policy to the SPD.
118 *
119 * A policy is always associated to an SA, so
120 * traffic applied to a policy. Traffic which
121 * matches a policy is handled by the SA with the same
122 * reqid.
123 *
124 * @param this calling object
125 * @param me address of local peer
126 * @param other address of remote peer
127 * @param src src address of traffic this policy applies
128 * @param dst dest address of traffic this policy applies
129 * @param src_hostbits subnetmask to use for src address
130 * @param dst_hostbits subnetmask to use for dst address
131 * @param direction direction of traffic, XFRM_POLICY_OUT, XFRM_POLICY_IN, XFRM_POLICY_FWD
132 * @param upper_proto upper layer protocol of traffic for this policy (TCP, UDP, ICMP, ...)
133 * @param ah protect traffic with AH?
134 * @param esp protect traffic with ESP?
135 * @param reqid uniqe ID of an SA to use to enforce policy
136 * @return
137 * - SUCCESS
138 * - FAILED if kernel comm failed
139 */
140 status_t (*add_policy) (kernel_interface_t *this,
141 host_t *me, host_t *other,
142 host_t *src, host_t *dst,
143 u_int8_t src_hostbits, u_int8_t dst_hostbits,
144 int direction, int upper_proto,
145 bool ah, bool esp,
146 u_int32_t reqid);
147
148 /**
149 * @brief Remove a policy from the SPD.
150 *
151 * @param this calling object
152 * @param me address of local peer
153 * @param other address of remote peer
154 * @param src src address of traffic this policy applies
155 * @param dst dest address of traffic this policy applies
156 * @param src_hostbits subnetmask to use for src address
157 * @param dst_hostbits subnetmask to use for dst address
158 * @param direction direction of traffic, XFRM_POLICY_OUT, XFRM_POLICY_IN, XFRM_POLICY_FWD
159 * @param upper_proto upper layer protocol of traffic for this policy (TCP, UDP, ICMP, ...)
160 * @return
161 * - SUCCESS
162 * - FAILED if kernel comm failed
163 */
164 status_t (*del_policy) (kernel_interface_t *this,
165 host_t *me, host_t *other,
166 host_t *src, host_t *dst,
167 u_int8_t src_hostbits, u_int8_t dst_hostbits,
168 int direction, int upper_proto);
169
170 /**
171 * @brief Destroys a kernel_interface object.
172 *
173 * @param kernel_interface_t calling object
174 */
175 void (*destroy) (kernel_interface_t *kernel_interface);
176 };
177
178 /**
179 * @brief Creates an object of type kernel_interface_t.
180 *
181 * @ingroup threads
182 */
183 kernel_interface_t *kernel_interface_create();
184
185 #endif /*KERNEL_INTERFACE_H_*/