Remove policies in kernel interfaces based on their priority.
[strongswan.git] / src / libhydra / kernel / kernel_interface.h
index ec73fa1..4c2f7ef 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2010 Tobias Brunner
+ * Copyright (C) 2006-2011 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -101,6 +101,7 @@ struct kernel_interface_t {
         * @param ipcomp                IPComp transform to use
         * @param cpi                   CPI for IPComp
         * @param encap                 enable UDP encapsulation for NAT traversal
+        * @param esn                   TRUE to use Extended Sequence Numbers
         * @param inbound               TRUE if this is an inbound SA
         * @param src_ts                traffic selector with BEET source address
         * @param dst_ts                traffic selector with BEET destination address
@@ -113,7 +114,7 @@ struct kernel_interface_t {
                                                u_int16_t enc_alg, chunk_t enc_key,
                                                u_int16_t int_alg, chunk_t int_key,
                                                ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-                                               bool encap, bool inbound,
+                                               bool encap, bool esn, bool inbound,
                                                traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
 
        /**
@@ -187,7 +188,7 @@ struct kernel_interface_t {
         * @param type                  type of policy, POLICY_(IPSEC|PASS|DROP)
         * @param sa                    details about the SA(s) tied to this policy
         * @param mark                  mark for this policy
-        * @param routed                TRUE, if this policy is routed in the kernel
+        * @param priority              priority of this policy
         * @return                              SUCCESS if operation completed
         */
        status_t (*add_policy) (kernel_interface_t *this,
@@ -195,7 +196,8 @@ struct kernel_interface_t {
                                                        traffic_selector_t *src_ts,
                                                        traffic_selector_t *dst_ts,
                                                        policy_dir_t direction, policy_type_t type,
-                                                       ipsec_sa_cfg_t *sa, mark_t mark, bool routed);
+                                                       ipsec_sa_cfg_t *sa, mark_t mark,
+                                                       policy_priority_t priority);
 
        /**
         * Query the use time of a policy.
@@ -227,15 +229,16 @@ struct kernel_interface_t {
         * @param src_ts                traffic selector to match traffic source
         * @param dst_ts                traffic selector to match traffic dest
         * @param direction             direction of traffic, POLICY_(IN|OUT|FWD)
+        * @param reqid                 unique ID of the associated SA
         * @param mark                  optional mark
-        * @param unrouted              TRUE, if this policy is unrouted from the kernel
+        * @param priority              priority of the policy
         * @return                              SUCCESS if operation completed
         */
        status_t (*del_policy) (kernel_interface_t *this,
                                                        traffic_selector_t *src_ts,
                                                        traffic_selector_t *dst_ts,
-                                                       policy_dir_t direction, mark_t mark,
-                                                       bool unrouted);
+                                                       policy_dir_t direction, u_int32_t reqid,
+                                                       mark_t mark, policy_priority_t priority);
 
        /**
         * Get our outgoing source address for a destination.