projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel-interface: query SAD for last use time if SPD query didn't yield one
[strongswan.git] / src / libhydra / kernel / kernel_interface.c
1 /*
2 * Copyright (C) 2008-2012 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 * Copyright (C) 2010 Martin Willi
5 * Copyright (C) 2010 revosec AG
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 /*
19 * Copyright (c) 2012 Nanoteq Pty Ltd
20 *
21 * Permission is hereby granted, free of charge, to any person obtaining a copy
22 * of this software and associated documentation files (the "Software"), to deal
23 * in the Software without restriction, including without limitation the rights
24 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
25 * copies of the Software, and to permit persons to whom the Software is
26 * furnished to do so, subject to the following conditions:
27 *
28 * The above copyright notice and this permission notice shall be included in
29 * all copies or substantial portions of the Software.
30 *
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
32 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
33 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
34 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
35 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
36 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
37 * THE SOFTWARE.
38 */
39
40 #include "kernel_interface.h"
41
42 #include <hydra.h>
43 #include <utils/debug.h>
44 #include <threading/mutex.h>
45 #include <collections/linked_list.h>
46
47 typedef struct private_kernel_interface_t private_kernel_interface_t;
48
49 typedef struct kernel_algorithm_t kernel_algorithm_t;
50
51 /**
52 * Mapping of IKE algorithms to kernel-specific algorithm identifiers
53 */
54 struct kernel_algorithm_t {
55
56 /**
57 * Transform type of the algorithm
58 */
59 transform_type_t type;
60
61 /**
62 * Identifier specified in IKE
63 */
64 u_int16_t ike;
65
66 /**
67 * Identifier as defined in pfkeyv2.h
68 */
69 u_int16_t kernel;
70
71 /**
72 * Name of the algorithm in linux crypto API
73 */
74 char *name;
75 };
76
77 /**
78 * Private data of a kernel_interface_t object.
79 */
80 struct private_kernel_interface_t {
81
82 /**
83 * Public part of kernel_interface_t object.
84 */
85 kernel_interface_t public;
86
87 /**
88 * Registered IPsec constructor
89 */
90 kernel_ipsec_constructor_t ipsec_constructor;
91
92 /**
93 * Registered net constructor
94 */
95 kernel_net_constructor_t net_constructor;
96
97 /**
98 * ipsec interface
99 */
100 kernel_ipsec_t *ipsec;
101
102 /**
103 * network interface
104 */
105 kernel_net_t *net;
106
107 /**
108 * mutex for listeners
109 */
110 mutex_t *mutex;
111
112 /**
113 * list of registered listeners
114 */
115 linked_list_t *listeners;
116
117 /**
118 * mutex for algorithm mappings
119 */
120 mutex_t *mutex_algs;
121
122 /**
123 * List of algorithm mappings (kernel_algorithm_t*)
124 */
125 linked_list_t *algorithms;
126
127 /**
128 * List of interface names to include or exclude (char*), NULL if interfaces
129 * are not filtered
130 */
131 linked_list_t *ifaces_filter;
132
133 /**
134 * TRUE to exclude interfaces listed in ifaces_filter, FALSE to consider
135 * only those listed there
136 */
137 bool ifaces_exclude;
138 };
139
140 METHOD(kernel_interface_t, get_features, kernel_feature_t,
141 private_kernel_interface_t *this)
142 {
143 kernel_feature_t features = 0;
144
145 if (this->ipsec && this->ipsec->get_features)
146 {
147 features |= this->ipsec->get_features(this->ipsec);
148 }
149 if (this->net && this->net->get_features)
150 {
151 features |= this->net->get_features(this->net);
152 }
153 return features;
154 }
155
156 METHOD(kernel_interface_t, get_spi, status_t,
157 private_kernel_interface_t *this, host_t *src, host_t *dst,
158 u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
159 {
160 if (!this->ipsec)
161 {
162 return NOT_SUPPORTED;
163 }
164 return this->ipsec->get_spi(this->ipsec, src, dst, protocol, reqid, spi);
165 }
166
167 METHOD(kernel_interface_t, get_cpi, status_t,
168 private_kernel_interface_t *this, host_t *src, host_t *dst,
169 u_int32_t reqid, u_int16_t *cpi)
170 {
171 if (!this->ipsec)
172 {
173 return NOT_SUPPORTED;
174 }
175 return this->ipsec->get_cpi(this->ipsec, src, dst, reqid, cpi);
176 }
177
178 METHOD(kernel_interface_t, add_sa, status_t,
179 private_kernel_interface_t *this, host_t *src, host_t *dst,
180 u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
181 u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
182 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
183 u_int16_t cpi, bool encap, bool esn, bool inbound,
184 traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
185 {
186 if (!this->ipsec)
187 {
188 return NOT_SUPPORTED;
189 }
190 return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
191 mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode,
192 ipcomp, cpi, encap, esn, inbound, src_ts, dst_ts);
193 }
194
195 METHOD(kernel_interface_t, update_sa, status_t,
196 private_kernel_interface_t *this, u_int32_t spi, u_int8_t protocol,
197 u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
198 bool encap, bool new_encap, mark_t mark)
199 {
200 if (!this->ipsec)
201 {
202 return NOT_SUPPORTED;
203 }
204 return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst,
205 new_src, new_dst, encap, new_encap, mark);
206 }
207
208 METHOD(kernel_interface_t, query_sa, status_t,
209 private_kernel_interface_t *this, host_t *src, host_t *dst,
210 u_int32_t spi, u_int8_t protocol, mark_t mark,
211 u_int64_t *bytes, u_int64_t *packets, u_int32_t *time)
212 {
213 if (!this->ipsec)
214 {
215 return NOT_SUPPORTED;
216 }
217 return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark,
218 bytes, packets, time);
219 }
220
221 METHOD(kernel_interface_t, del_sa, status_t,
222 private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi,
223 u_int8_t protocol, u_int16_t cpi, mark_t mark)
224 {
225 if (!this->ipsec)
226 {
227 return NOT_SUPPORTED;
228 }
229 return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark);
230 }
231
232 METHOD(kernel_interface_t, flush_sas, status_t,
233 private_kernel_interface_t *this)
234 {
235 if (!this->ipsec)
236 {
237 return NOT_SUPPORTED;
238 }
239 return this->ipsec->flush_sas(this->ipsec);
240 }
241
242 METHOD(kernel_interface_t, add_policy, status_t,
243 private_kernel_interface_t *this, host_t *src, host_t *dst,
244 traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
245 policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
246 mark_t mark, policy_priority_t priority)
247 {
248 if (!this->ipsec)
249 {
250 return NOT_SUPPORTED;
251 }
252 return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts,
253 direction, type, sa, mark, priority);
254 }
255
256 METHOD(kernel_interface_t, query_policy, status_t,
257 private_kernel_interface_t *this, traffic_selector_t *src_ts,
258 traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
259 u_int32_t *use_time)
260 {
261 if (!this->ipsec)
262 {
263 return NOT_SUPPORTED;
264 }
265 return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts,
266 direction, mark, use_time);
267 }
268
269 METHOD(kernel_interface_t, del_policy, status_t,
270 private_kernel_interface_t *this, traffic_selector_t *src_ts,
271 traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
272 mark_t mark, policy_priority_t priority)
273 {
274 if (!this->ipsec)
275 {
276 return NOT_SUPPORTED;
277 }
278 return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts,
279 direction, reqid, mark, priority);
280 }
281
282 METHOD(kernel_interface_t, flush_policies, status_t,
283 private_kernel_interface_t *this)
284 {
285 if (!this->ipsec)
286 {
287 return NOT_SUPPORTED;
288 }
289 return this->ipsec->flush_policies(this->ipsec);
290 }
291
292 METHOD(kernel_interface_t, get_source_addr, host_t*,
293 private_kernel_interface_t *this, host_t *dest, host_t *src)
294 {
295 if (!this->net)
296 {
297 return NULL;
298 }
299 return this->net->get_source_addr(this->net, dest, src);
300 }
301
302 METHOD(kernel_interface_t, get_nexthop, host_t*,
303 private_kernel_interface_t *this, host_t *dest, host_t *src)
304 {
305 if (!this->net)
306 {
307 return NULL;
308 }
309 return this->net->get_nexthop(this->net, dest, src);
310 }
311
312 METHOD(kernel_interface_t, get_interface, bool,
313 private_kernel_interface_t *this, host_t *host, char **name)
314 {
315 if (!this->net)
316 {
317 return NULL;
318 }
319 return this->net->get_interface(this->net, host, name);
320 }
321
322 METHOD(kernel_interface_t, create_address_enumerator, enumerator_t*,
323 private_kernel_interface_t *this, kernel_address_type_t which)
324 {
325 if (!this->net)
326 {
327 return enumerator_create_empty();
328 }
329 return this->net->create_address_enumerator(this->net, which);
330 }
331
332 METHOD(kernel_interface_t, add_ip, status_t,
333 private_kernel_interface_t *this, host_t *virtual_ip, int prefix,
334 char *iface)
335 {
336 if (!this->net)
337 {
338 return NOT_SUPPORTED;
339 }
340 return this->net->add_ip(this->net, virtual_ip, prefix, iface);
341 }
342
343 METHOD(kernel_interface_t, del_ip, status_t,
344 private_kernel_interface_t *this, host_t *virtual_ip, int prefix, bool wait)
345 {
346 if (!this->net)
347 {
348 return NOT_SUPPORTED;
349 }
350 return this->net->del_ip(this->net, virtual_ip, prefix, wait);
351 }
352
353 METHOD(kernel_interface_t, add_route, status_t,
354 private_kernel_interface_t *this, chunk_t dst_net,
355 u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
356 {
357 if (!this->net)
358 {
359 return NOT_SUPPORTED;
360 }
361 return this->net->add_route(this->net, dst_net, prefixlen, gateway,
362 src_ip, if_name);
363 }
364
365 METHOD(kernel_interface_t, del_route, status_t,
366 private_kernel_interface_t *this, chunk_t dst_net,
367 u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
368 {
369 if (!this->net)
370 {
371 return NOT_SUPPORTED;
372 }
373 return this->net->del_route(this->net, dst_net, prefixlen, gateway,
374 src_ip, if_name);
375 }
376
377 METHOD(kernel_interface_t, bypass_socket, bool,
378 private_kernel_interface_t *this, int fd, int family)
379 {
380 if (!this->ipsec)
381 {
382 return FALSE;
383 }
384 return this->ipsec->bypass_socket(this->ipsec, fd, family);
385 }
386
387 METHOD(kernel_interface_t, enable_udp_decap, bool,
388 private_kernel_interface_t *this, int fd, int family, u_int16_t port)
389 {
390 if (!this->ipsec)
391 {
392 return FALSE;
393 }
394 return this->ipsec->enable_udp_decap(this->ipsec, fd, family, port);
395 }
396
397 METHOD(kernel_interface_t, is_interface_usable, bool,
398 private_kernel_interface_t *this, const char *iface)
399 {
400 status_t expected;
401
402 if (!this->ifaces_filter)
403 {
404 return TRUE;
405 }
406 expected = this->ifaces_exclude ? NOT_FOUND : SUCCESS;
407 return this->ifaces_filter->find_first(this->ifaces_filter, (void*)streq,
408 NULL, iface) == expected;
409 }
410
411 METHOD(kernel_interface_t, all_interfaces_usable, bool,
412 private_kernel_interface_t *this)
413 {
414 return this->ifaces_filter == NULL;
415 }
416
417 METHOD(kernel_interface_t, get_address_by_ts, status_t,
418 private_kernel_interface_t *this, traffic_selector_t *ts,
419 host_t **ip, bool *vip)
420 {
421 enumerator_t *addrs;
422 host_t *host;
423 int family;
424 bool found = FALSE;
425
426 DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts);
427
428 /* if we have a family which includes localhost, we do not
429 * search for an IP, we use the default */
430 family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
431
432 if (family == AF_INET)
433 {
434 host = host_create_from_string("127.0.0.1", 0);
435 }
436 else
437 {
438 host = host_create_from_string("::1", 0);
439 }
440
441 if (ts->includes(ts, host))
442 {
443 *ip = host_create_any(family);
444 host->destroy(host);
445 DBG2(DBG_KNL, "using host %H", *ip);
446 return SUCCESS;
447 }
448 host->destroy(host);
449
450 addrs = create_address_enumerator(this, ADDR_TYPE_VIRTUAL);
451 while (addrs->enumerate(addrs, (void**)&host))
452 {
453 if (ts->includes(ts, host))
454 {
455 found = TRUE;
456 *ip = host->clone(host);
457 if (vip)
458 {
459 *vip = TRUE;
460 }
461 break;
462 }
463 }
464 addrs->destroy(addrs);
465
466 if (!found)
467 {
468 addrs = create_address_enumerator(this, ADDR_TYPE_REGULAR);
469 while (addrs->enumerate(addrs, (void**)&host))
470 {
471 if (ts->includes(ts, host))
472 {
473 found = TRUE;
474 *ip = host->clone(host);
475 if (vip)
476 {
477 *vip = FALSE;
478 }
479 break;
480 }
481 }
482 addrs->destroy(addrs);
483 }
484
485 if (!found)
486 {
487 DBG2(DBG_KNL, "no local address found in traffic selector %R", ts);
488 return FAILED;
489 }
490
491 DBG2(DBG_KNL, "using host %H", *ip);
492 return SUCCESS;
493 }
494
495
496 METHOD(kernel_interface_t, add_ipsec_interface, void,
497 private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
498 {
499 if (!this->ipsec)
500 {
501 this->ipsec_constructor = constructor;
502 this->ipsec = constructor();
503 }
504 }
505
506 METHOD(kernel_interface_t, remove_ipsec_interface, void,
507 private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
508 {
509 if (constructor == this->ipsec_constructor && this->ipsec)
510 {
511 this->ipsec->destroy(this->ipsec);
512 this->ipsec = NULL;
513 }
514 }
515
516 METHOD(kernel_interface_t, add_net_interface, void,
517 private_kernel_interface_t *this, kernel_net_constructor_t constructor)
518 {
519 if (!this->net)
520 {
521 this->net_constructor = constructor;
522 this->net = constructor();
523 }
524 }
525
526 METHOD(kernel_interface_t, remove_net_interface, void,
527 private_kernel_interface_t *this, kernel_net_constructor_t constructor)
528 {
529 if (constructor == this->net_constructor && this->net)
530 {
531 this->net->destroy(this->net);
532 this->net = NULL;
533 }
534 }
535
536 METHOD(kernel_interface_t, add_listener, void,
537 private_kernel_interface_t *this, kernel_listener_t *listener)
538 {
539 this->mutex->lock(this->mutex);
540 this->listeners->insert_last(this->listeners, listener);
541 this->mutex->unlock(this->mutex);
542 }
543
544 METHOD(kernel_interface_t, remove_listener, void,
545 private_kernel_interface_t *this, kernel_listener_t *listener)
546 {
547 this->mutex->lock(this->mutex);
548 this->listeners->remove(this->listeners, listener, NULL);
549 this->mutex->unlock(this->mutex);
550 }
551
552 METHOD(kernel_interface_t, acquire, void,
553 private_kernel_interface_t *this, u_int32_t reqid,
554 traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
555 {
556 kernel_listener_t *listener;
557 enumerator_t *enumerator;
558 this->mutex->lock(this->mutex);
559 enumerator = this->listeners->create_enumerator(this->listeners);
560 while (enumerator->enumerate(enumerator, &listener))
561 {
562 if (listener->acquire &&
563 !listener->acquire(listener, reqid, src_ts, dst_ts))
564 {
565 this->listeners->remove_at(this->listeners, enumerator);
566 }
567 }
568 enumerator->destroy(enumerator);
569 this->mutex->unlock(this->mutex);
570 }
571
572 METHOD(kernel_interface_t, expire, void,
573 private_kernel_interface_t *this, u_int32_t reqid, u_int8_t protocol,
574 u_int32_t spi, bool hard)
575 {
576 kernel_listener_t *listener;
577 enumerator_t *enumerator;
578 this->mutex->lock(this->mutex);
579 enumerator = this->listeners->create_enumerator(this->listeners);
580 while (enumerator->enumerate(enumerator, &listener))
581 {
582 if (listener->expire &&
583 !listener->expire(listener, reqid, protocol, spi, hard))
584 {
585 this->listeners->remove_at(this->listeners, enumerator);
586 }
587 }
588 enumerator->destroy(enumerator);
589 this->mutex->unlock(this->mutex);
590 }
591
592 METHOD(kernel_interface_t, mapping, void,
593 private_kernel_interface_t *this, u_int32_t reqid, u_int32_t spi,
594 host_t *remote)
595 {
596 kernel_listener_t *listener;
597 enumerator_t *enumerator;
598 this->mutex->lock(this->mutex);
599 enumerator = this->listeners->create_enumerator(this->listeners);
600 while (enumerator->enumerate(enumerator, &listener))
601 {
602 if (listener->mapping &&
603 !listener->mapping(listener, reqid, spi, remote))
604 {
605 this->listeners->remove_at(this->listeners, enumerator);
606 }
607 }
608 enumerator->destroy(enumerator);
609 this->mutex->unlock(this->mutex);
610 }
611
612 METHOD(kernel_interface_t, migrate, void,
613 private_kernel_interface_t *this, u_int32_t reqid,
614 traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
615 policy_dir_t direction, host_t *local, host_t *remote)
616 {
617 kernel_listener_t *listener;
618 enumerator_t *enumerator;
619 this->mutex->lock(this->mutex);
620 enumerator = this->listeners->create_enumerator(this->listeners);
621 while (enumerator->enumerate(enumerator, &listener))
622 {
623 if (listener->migrate &&
624 !listener->migrate(listener, reqid, src_ts, dst_ts, direction,
625 local, remote))
626 {
627 this->listeners->remove_at(this->listeners, enumerator);
628 }
629 }
630 enumerator->destroy(enumerator);
631 this->mutex->unlock(this->mutex);
632 }
633
634 static bool call_roam(kernel_listener_t *listener, bool *roam)
635 {
636 return listener->roam && !listener->roam(listener, *roam);
637 }
638
639 METHOD(kernel_interface_t, roam, void,
640 private_kernel_interface_t *this, bool address)
641 {
642 this->mutex->lock(this->mutex);
643 this->listeners->remove(this->listeners, &address, (void*)call_roam);
644 this->mutex->unlock(this->mutex);
645 }
646
647 METHOD(kernel_interface_t, register_algorithm, void,
648 private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type,
649 u_int16_t kernel_id, char *kernel_name)
650 {
651 kernel_algorithm_t *algorithm;
652
653 INIT(algorithm,
654 .type = type,
655 .ike = alg_id,
656 .kernel = kernel_id,
657 .name = strdup(kernel_name),
658 );
659
660 this->mutex_algs->lock(this->mutex_algs);
661 this->algorithms->insert_first(this->algorithms, algorithm);
662 this->mutex_algs->unlock(this->mutex_algs);
663 }
664
665 METHOD(kernel_interface_t, lookup_algorithm, bool,
666 private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type,
667 u_int16_t *kernel_id, char **kernel_name)
668 {
669 kernel_algorithm_t *algorithm;
670 enumerator_t *enumerator;
671 bool found = FALSE;
672
673 this->mutex_algs->lock(this->mutex_algs);
674 enumerator = this->algorithms->create_enumerator(this->algorithms);
675 while (enumerator->enumerate(enumerator, &algorithm))
676 {
677 if (algorithm->type == type && algorithm->ike == alg_id)
678 {
679 if (kernel_id)
680 {
681 *kernel_id = algorithm->kernel;
682 }
683 if (kernel_name)
684 {
685 *kernel_name = algorithm->name;
686 }
687 found = TRUE;
688 break;
689 }
690 }
691 enumerator->destroy(enumerator);
692 this->mutex_algs->unlock(this->mutex_algs);
693 return found;
694 }
695
696 METHOD(kernel_interface_t, destroy, void,
697 private_kernel_interface_t *this)
698 {
699 kernel_algorithm_t *algorithm;
700
701 while (this->algorithms->remove_first(this->algorithms,
702 (void**)&algorithm) == SUCCESS)
703 {
704 free(algorithm->name);
705 free(algorithm);
706 }
707 this->algorithms->destroy(this->algorithms);
708 this->mutex_algs->destroy(this->mutex_algs);
709 DESTROY_IF(this->ipsec);
710 DESTROY_IF(this->net);
711 DESTROY_FUNCTION_IF(this->ifaces_filter, (void*)free);
712 this->listeners->destroy(this->listeners);
713 this->mutex->destroy(this->mutex);
714 free(this);
715 }
716
717 /*
718 * Described in header-file
719 */
720 kernel_interface_t *kernel_interface_create()
721 {
722 private_kernel_interface_t *this;
723 char *ifaces;
724
725 INIT(this,
726 .public = {
727 .get_features = _get_features,
728 .get_spi = _get_spi,
729 .get_cpi = _get_cpi,
730 .add_sa = _add_sa,
731 .update_sa = _update_sa,
732 .query_sa = _query_sa,
733 .del_sa = _del_sa,
734 .flush_sas = _flush_sas,
735 .add_policy = _add_policy,
736 .query_policy = _query_policy,
737 .del_policy = _del_policy,
738 .flush_policies = _flush_policies,
739 .get_source_addr = _get_source_addr,
740 .get_nexthop = _get_nexthop,
741 .get_interface = _get_interface,
742 .create_address_enumerator = _create_address_enumerator,
743 .add_ip = _add_ip,
744 .del_ip = _del_ip,
745 .add_route = _add_route,
746 .del_route = _del_route,
747 .bypass_socket = _bypass_socket,
748 .enable_udp_decap = _enable_udp_decap,
749
750 .is_interface_usable = _is_interface_usable,
751 .all_interfaces_usable = _all_interfaces_usable,
752 .get_address_by_ts = _get_address_by_ts,
753 .add_ipsec_interface = _add_ipsec_interface,
754 .remove_ipsec_interface = _remove_ipsec_interface,
755 .add_net_interface = _add_net_interface,
756 .remove_net_interface = _remove_net_interface,
757
758 .add_listener = _add_listener,
759 .remove_listener = _remove_listener,
760 .register_algorithm = _register_algorithm,
761 .lookup_algorithm = _lookup_algorithm,
762 .acquire = _acquire,
763 .expire = _expire,
764 .mapping = _mapping,
765 .migrate = _migrate,
766 .roam = _roam,
767 .destroy = _destroy,
768 },
769 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
770 .listeners = linked_list_create(),
771 .mutex_algs = mutex_create(MUTEX_TYPE_DEFAULT),
772 .algorithms = linked_list_create(),
773 );
774
775 ifaces = lib->settings->get_str(lib->settings,
776 "%s.interfaces_use", NULL, hydra->daemon);
777 if (!ifaces)
778 {
779 this->ifaces_exclude = TRUE;
780 ifaces = lib->settings->get_str(lib->settings,
781 "%s.interfaces_ignore", NULL, hydra->daemon);
782 }
783 if (ifaces)
784 {
785 enumerator_t *enumerator;
786 char *iface;
787
788 enumerator = enumerator_create_token(ifaces, ",", " ");
789 while (enumerator->enumerate(enumerator, &iface))
790 {
791 if (!this->ifaces_filter)
792 {
793 this->ifaces_filter = linked_list_create();
794 }
795 this->ifaces_filter->insert_last(this->ifaces_filter,
796 strdup(iface));
797 }
798 enumerator->destroy(enumerator);
799 }
800
801 return &this->public;
802 }
strongSwan - IPsec VPN