testing: Start charon before Apache in tnc/tnccs-20-pdp-pt-tls
[strongswan.git] / src / libipsec / esp_packet.h
index 7dbbd19..c42acba 100644 (file)
 #ifndef ESP_PACKET_H_
 #define ESP_PACKET_H_
 
+#include "ip_packet.h"
 #include "esp_context.h"
 
 #include <library.h>
-#include <utils/host.h>
-#include <utils/packet.h>
+#include <networking/host.h>
+#include <networking/packet.h>
 
 typedef struct esp_packet_t esp_packet_t;
 
@@ -63,7 +64,7 @@ struct esp_packet_t {
         * @return                              TRUE when successful, FALSE otherwise (e.g. when the
         *                                              length of the packet is invalid)
         */
-       bool (*parse_header)(esp_packet_t *this, u_int32_t *spi);
+       bool (*parse_header)(esp_packet_t *this, uint32_t *spi);
 
        /**
         * Authenticate and decrypt the packet. Also verifies the sequence number
@@ -90,10 +91,10 @@ struct esp_packet_t {
         * @return                                      - SUCCESS if encrypted
         *                                                      - FAILED if sequence number cycled or any of the
         *                                                        cryptographic functions failed
-        *                                                      - NOT_FOUND if no suitable RNG could be found
+        *                                                      - NOT_FOUND if no suitable IV generator provided
         */
        status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context,
-                                               u_int32_t spi);
+                                               uint32_t spi);
 
        /**
         * Get the next header field of a packet.
@@ -102,15 +103,23 @@ struct esp_packet_t {
         *
         * @return                                      next header field
         */
-       u_int8_t (*get_next_header)(esp_packet_t *this);
+       uint8_t (*get_next_header)(esp_packet_t *this);
 
        /**
-        * Get the plaintext payload of this packet (e.g. inner IP packet).
+        * Get the plaintext payload of this packet.
         *
         * @return                                      plaintext payload (internal data),
-        *                                                      chunk_empty if not decrypted
+        *                                                      NULL if not decrypted
         */
-       chunk_t (*get_payload)(esp_packet_t *this);
+       ip_packet_t *(*get_payload)(esp_packet_t *this);
+
+       /**
+        * Extract the plaintext payload from this packet.
+        *
+        * @return                                      plaintext payload (has to be destroyed),
+        *                                                      NULL if not decrypted
+        */
+       ip_packet_t *(*extract_payload)(esp_packet_t *this);
 
        /**
         * Destroy an esp_packet_t
@@ -128,17 +137,15 @@ struct esp_packet_t {
 esp_packet_t *esp_packet_create_from_packet(packet_t *packet);
 
 /**
- * Create an ESP packet from a plaintext payload (e.g. inner IP packet)
+ * Create an ESP packet from a plaintext payload
  *
  * @param src                  source address
  * @param dst                  destination address
- * @param payload              plaintext payload (e.g. inner IP packet), gets owned
- * @param next_header  next header type of the payload (e.g IPPROTO_IPIP)
+ * @param payload              plaintext payload, gets owned
  * @return                             esp_packet_t instance
  */
 esp_packet_t *esp_packet_create_from_payload(host_t *src, host_t *dst,
-                                                                                        chunk_t payload,
-                                                                                        u_int8_t next_header);
+                                                                                        ip_packet_t *payload);
 
 #endif /** ESP_PACKET_H_ @}*/