Remove policies in kernel interfaces based on their priority.
[strongswan.git] / src / libhydra / kernel / kernel_interface.h
index 8b0c7a2..4c2f7ef 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2010 Tobias Brunner
+ * Copyright (C) 2006-2011 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -91,6 +91,7 @@ struct kernel_interface_t {
         * @param protocol              protocol for this SA (ESP/AH)
         * @param reqid                 unique ID for this SA
         * @param mark                  optional mark for this SA
+        * @param tfc                   Traffic Flow Confidentiality padding for this SA
         * @param lifetime              lifetime_cfg_t for this SA
         * @param enc_alg               Algorithm to use for encryption (ESP only)
         * @param enc_key               key to use for encryption
@@ -100,6 +101,7 @@ struct kernel_interface_t {
         * @param ipcomp                IPComp transform to use
         * @param cpi                   CPI for IPComp
         * @param encap                 enable UDP encapsulation for NAT traversal
+        * @param esn                   TRUE to use Extended Sequence Numbers
         * @param inbound               TRUE if this is an inbound SA
         * @param src_ts                traffic selector with BEET source address
         * @param dst_ts                traffic selector with BEET destination address
@@ -108,11 +110,11 @@ struct kernel_interface_t {
        status_t (*add_sa) (kernel_interface_t *this,
                                                host_t *src, host_t *dst, u_int32_t spi,
                                                u_int8_t protocol, u_int32_t reqid, mark_t mark,
-                                               lifetime_cfg_t *lifetime,
+                                               u_int32_t tfc, lifetime_cfg_t *lifetime,
                                                u_int16_t enc_alg, chunk_t enc_key,
                                                u_int16_t int_alg, chunk_t int_key,
                                                ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-                                               bool encap, bool inbound,
+                                               bool encap, bool esn, bool inbound,
                                                traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
 
        /**
@@ -186,7 +188,7 @@ struct kernel_interface_t {
         * @param type                  type of policy, POLICY_(IPSEC|PASS|DROP)
         * @param sa                    details about the SA(s) tied to this policy
         * @param mark                  mark for this policy
-        * @param routed                TRUE, if this policy is routed in the kernel
+        * @param priority              priority of this policy
         * @return                              SUCCESS if operation completed
         */
        status_t (*add_policy) (kernel_interface_t *this,
@@ -194,7 +196,8 @@ struct kernel_interface_t {
                                                        traffic_selector_t *src_ts,
                                                        traffic_selector_t *dst_ts,
                                                        policy_dir_t direction, policy_type_t type,
-                                                       ipsec_sa_cfg_t *sa, mark_t mark, bool routed);
+                                                       ipsec_sa_cfg_t *sa, mark_t mark,
+                                                       policy_priority_t priority);
 
        /**
         * Query the use time of a policy.
@@ -226,15 +229,16 @@ struct kernel_interface_t {
         * @param src_ts                traffic selector to match traffic source
         * @param dst_ts                traffic selector to match traffic dest
         * @param direction             direction of traffic, POLICY_(IN|OUT|FWD)
+        * @param reqid                 unique ID of the associated SA
         * @param mark                  optional mark
-        * @param unrouted              TRUE, if this policy is unrouted from the kernel
+        * @param priority              priority of the policy
         * @return                              SUCCESS if operation completed
         */
        status_t (*del_policy) (kernel_interface_t *this,
                                                        traffic_selector_t *src_ts,
                                                        traffic_selector_t *dst_ts,
-                                                       policy_dir_t direction, mark_t mark,
-                                                       bool unrouted);
+                                                       policy_dir_t direction, u_int32_t reqid,
+                                                       mark_t mark, policy_priority_t priority);
 
        /**
         * Get our outgoing source address for a destination.