Install virtual IPs via interface name, and use an interface lookup where required
[strongswan.git] / src / libhydra / kernel / kernel_interface.h
index 471a1d5..a5ee0b5 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2010 Tobias Brunner
+ * Copyright (C) 2006-2012 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * for more details.
  */
 
+/*
+ * Copyright (c) 2012 Nanoteq Pty Ltd
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
 /**
  * @defgroup kernel_interface kernel_interface
  * @{ @ingroup hkernel
@@ -26,7 +48,7 @@
 
 typedef struct kernel_interface_t kernel_interface_t;
 
-#include <utils/host.h>
+#include <networking/host.h>
 #include <crypto/prf_plus.h>
 
 #include <kernel/kernel_listener.h>
@@ -175,6 +197,13 @@ struct kernel_interface_t {
                                                mark_t mark);
 
        /**
+        * Flush all SAs from the SAD.
+        *
+        * @return                              SUCCESS if operation completed
+        */
+       status_t (*flush_sas) (kernel_interface_t *this);
+
+       /**
         * Add a policy to the SPD.
         *
         * A policy is always associated to an SA. Traffic which matches a
@@ -188,7 +217,7 @@ struct kernel_interface_t {
         * @param type                  type of policy, POLICY_(IPSEC|PASS|DROP)
         * @param sa                    details about the SA(s) tied to this policy
         * @param mark                  mark for this policy
-        * @param routed                TRUE, if this policy is routed in the kernel
+        * @param priority              priority of this policy
         * @return                              SUCCESS if operation completed
         */
        status_t (*add_policy) (kernel_interface_t *this,
@@ -196,7 +225,8 @@ struct kernel_interface_t {
                                                        traffic_selector_t *src_ts,
                                                        traffic_selector_t *dst_ts,
                                                        policy_dir_t direction, policy_type_t type,
-                                                       ipsec_sa_cfg_t *sa, mark_t mark, bool routed);
+                                                       ipsec_sa_cfg_t *sa, mark_t mark,
+                                                       policy_priority_t priority);
 
        /**
         * Query the use time of a policy.
@@ -228,15 +258,23 @@ struct kernel_interface_t {
         * @param src_ts                traffic selector to match traffic source
         * @param dst_ts                traffic selector to match traffic dest
         * @param direction             direction of traffic, POLICY_(IN|OUT|FWD)
+        * @param reqid                 unique ID of the associated SA
         * @param mark                  optional mark
-        * @param unrouted              TRUE, if this policy is unrouted from the kernel
+        * @param priority              priority of the policy
         * @return                              SUCCESS if operation completed
         */
        status_t (*del_policy) (kernel_interface_t *this,
                                                        traffic_selector_t *src_ts,
                                                        traffic_selector_t *dst_ts,
-                                                       policy_dir_t direction, mark_t mark,
-                                                       bool unrouted);
+                                                       policy_dir_t direction, u_int32_t reqid,
+                                                       mark_t mark, policy_priority_t priority);
+
+       /**
+        * Flush all policies from the SPD.
+        *
+        * @return                              SUCCESS if operation completed
+        */
+       status_t (*flush_policies) (kernel_interface_t *this);
 
        /**
         * Get our outgoing source address for a destination.
@@ -244,7 +282,7 @@ struct kernel_interface_t {
         * Does a route lookup to get the source address used to reach dest.
         * The returned host is allocated and must be destroyed.
         * An optional src address can be used to check if a route is available
-        * for given source to dest.
+        * for the given source to dest.
         *
         * @param dest                  target destination address
         * @param src                   source address to check, or NULL
@@ -258,19 +296,23 @@ struct kernel_interface_t {
         *
         * Does a route lookup to get the next hop used to reach dest.
         * The returned host is allocated and must be destroyed.
+        * An optional src address can be used to check if a route is available
+        * for the given source to dest.
         *
         * @param dest                  target destination address
         * @return                              next hop address, NULL if unreachable
         */
-       host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest);
+       host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest, host_t *src);
 
        /**
-        * Get the interface name of a local address.
+        * Get the interface name of a local address. Interfaces that are down or
+        * ignored by config are not considered.
         *
         * @param host                  address to get interface name from
-        * @return                              allocated interface name, or NULL if not found
+        * @param name                  allocated interface name (optional)
+        * @return                              TRUE if interface found and usable
         */
-       char* (*get_interface) (kernel_interface_t *this, host_t *host);
+       bool (*get_interface)(kernel_interface_t *this, host_t *host, char **name);
 
        /**
         * Creates an enumerator over all local addresses.
@@ -279,12 +321,11 @@ struct kernel_interface_t {
         * enumerator gets destroyed.
         * The hosts are read-only, do not modify of free.
         *
-        * @param include_down_ifaces   TRUE to enumerate addresses from down interfaces
-        * @param include_virtual_ips   TRUE to enumerate virtual ip addresses
-        * @return                                              enumerator over host_t's
+        * @param which                 a combination of address types to enumerate
+        * @return                              enumerator over host_t's
         */
        enumerator_t *(*create_address_enumerator) (kernel_interface_t *this,
-                                               bool include_down_ifaces, bool include_virtual_ips);
+                                                                                               kernel_address_type_t which);
 
        /**
         * Add a virtual IP to an interface.
@@ -292,14 +333,14 @@ struct kernel_interface_t {
         * Virtual IPs are attached to an interface. If an IP is added multiple
         * times, the IP is refcounted and not removed until del_ip() was called
         * as many times as add_ip().
-        * The virtual IP is attached to the interface where the iface_ip is found.
         *
         * @param virtual_ip    virtual ip address to assign
-        * @param iface_ip              IP of an interface to attach virtual IP
+        * @param prefix                prefix length to install IP with, -1 for auto
+        * @param iface                 interface to install virtual IP on
         * @return                              SUCCESS if operation completed
         */
-       status_t (*add_ip) (kernel_interface_t *this, host_t *virtual_ip,
-                                               host_t *iface_ip);
+       status_t (*add_ip) (kernel_interface_t *this, host_t *virtual_ip, int prefix,
+                                               char *iface);
 
        /**
         * Remove a virtual IP from an interface.
@@ -307,9 +348,10 @@ struct kernel_interface_t {
         * The kernel interface uses refcounting, see add_ip().
         *
         * @param virtual_ip    virtual ip address to assign
+        * @param prefix                prefix length of the IP to uninstall, -1 for auto
         * @return                              SUCCESS if operation completed
         */
-       status_t (*del_ip) (kernel_interface_t *this, host_t *virtual_ip);
+       status_t (*del_ip) (kernel_interface_t *this, host_t *virtual_ip, int prefix);
 
        /**
         * Add a route.
@@ -345,20 +387,48 @@ struct kernel_interface_t {
         *
         * @param fd                    socket file descriptor to setup policy for
         * @param family                protocol family of the socket
-        * @return                              TRUE of policy set up successfully
+        * @return                              TRUE if policy set up successfully
         */
        bool (*bypass_socket)(kernel_interface_t *this, int fd, int family);
 
        /**
+        * Enable decapsulation of ESP-in-UDP packets for the given port/socket.
+        *
+        * @param fd                    socket file descriptor
+        * @param family                protocol family of the socket
+        * @param port                  the UDP port
+        * @return                              TRUE if UDP decapsulation was enabled successfully
+        */
+       bool (*enable_udp_decap)(kernel_interface_t *this, int fd, int family,
+                                                        u_int16_t port);
+
+
+       /**
         * manager methods
         */
 
        /**
-        * Tries to find an ip address of a local interface that is included in the
+        * Verifies that the given interface is usable and not excluded by
+        * configuration.
+        *
+        * @param iface                 interface name
+        * @return                              TRUE if usable
+        */
+       bool (*is_interface_usable)(kernel_interface_t *this, const char *iface);
+
+       /**
+        * Check if interfaces are excluded by config.
+        *
+        * @return                              TRUE if no interfaces are exclued by config
+        */
+       bool (*all_interfaces_usable)(kernel_interface_t *this);
+
+       /**
+        * Tries to find an IP address of a local interface that is included in the
         * supplied traffic selector.
         *
         * @param ts                    traffic selector
-        * @param ip                    returned ip (has to be destroyed)
+        * @param ip                    returned IP address (has to be destroyed)
         * @return                              SUCCESS if address found
         */
        status_t (*get_address_by_ts)(kernel_interface_t *this,
@@ -465,6 +535,32 @@ struct kernel_interface_t {
        void (*roam)(kernel_interface_t *this, bool address);
 
        /**
+        * Register a new algorithm with the kernel interface.
+        *
+        * @param alg_id                        the IKE id of the algorithm
+        * @param type                          the transform type of the algorithm
+        * @param kernel_id                     the kernel id of the algorithm
+        * @param kernel_name           the kernel name of the algorithm
+        */
+       void (*register_algorithm)(kernel_interface_t *this, u_int16_t alg_id,
+                                                          transform_type_t type, u_int16_t kernel_id,
+                                                          char *kernel_name);
+
+       /**
+        * Return the kernel-specific id and/or name for an algorithms depending on
+        * the arguments specified.
+        *
+        * @param alg_id                        the IKE id of the algorithm
+        * @param type                          the transform type of the algorithm
+        * @param kernel_id                     the kernel id of the algorithm (optional)
+        * @param kernel_name           the kernel name of the algorithm (optional)
+        * @return                                      TRUE if algorithm was found
+        */
+       bool (*lookup_algorithm)(kernel_interface_t *this, u_int16_t alg_id,
+                                                        transform_type_t type, u_int16_t *kernel_id,
+                                                        char **kernel_name);
+
+       /**
         * Destroys a kernel_interface_manager_t object.
         */
        void (*destroy) (kernel_interface_t *this);