Moved types used by kernel_ipsec_t interface (and libipsec) to libstrongswan
authorTobias Brunner <tobias@strongswan.org>
Fri, 13 Jul 2012 09:02:08 +0000 (11:02 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Aug 2012 13:41:02 +0000 (15:41 +0200)
This avoids a dependency of libipsec to libhydra.

src/libhydra/kernel/kernel_ipsec.c
src/libhydra/kernel/kernel_ipsec.h
src/libipsec/Android.mk
src/libipsec/Makefile.am
src/libstrongswan/Android.mk
src/libstrongswan/Makefile.am
src/libstrongswan/ipsec/ipsec_types.c [new file with mode: 0644]
src/libstrongswan/ipsec/ipsec_types.h [new file with mode: 0644]
src/libstrongswan/library.h

index 9b38297..1a32ab4 100644 (file)
 
 #include <hydra.h>
 
-ENUM(ipsec_mode_names, MODE_TRANSPORT, MODE_DROP,
-       "TRANSPORT",
-       "TUNNEL",
-       "BEET",
-       "PASS",
-       "DROP"
-);
-
-ENUM(policy_dir_names, POLICY_IN, POLICY_FWD,
-       "in",
-       "out",
-       "fwd"
-);
-
-ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH,
-       "IPCOMP_NONE",
-       "IPCOMP_OUI",
-       "IPCOMP_DEFLATE",
-       "IPCOMP_LZS",
-       "IPCOMP_LZJH"
-);
-
 /**
  * See header
  */
index 500a77c..ee0ade2 100644 (file)
 #ifndef KERNEL_IPSEC_H_
 #define KERNEL_IPSEC_H_
 
-typedef enum ipsec_mode_t ipsec_mode_t;
-typedef enum policy_dir_t policy_dir_t;
-typedef enum policy_type_t policy_type_t;
-typedef enum policy_priority_t policy_priority_t;
-typedef enum ipcomp_transform_t ipcomp_transform_t;
 typedef struct kernel_ipsec_t kernel_ipsec_t;
-typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
-typedef struct lifetime_cfg_t lifetime_cfg_t;
-typedef struct mark_t mark_t;
 
 #include <utils/host.h>
-#include <crypto/prf_plus.h>
+#include <ipsec/ipsec_types.h>
 #include <selectors/traffic_selector.h>
 #include <plugins/plugin.h>
 
 /**
- * Mode of an IPsec SA.
- */
-enum ipsec_mode_t {
-       /** not using any encapsulation */
-       MODE_NONE = 0,
-       /** transport mode, no inner address */
-       MODE_TRANSPORT = 1,
-       /** tunnel mode, inner and outer addresses */
-       MODE_TUNNEL,
-       /** BEET mode, tunnel mode but fixed, bound inner addresses */
-       MODE_BEET,
-       /** passthrough policy for traffic without an IPsec SA */
-       MODE_PASS,
-       /** drop policy discarding traffic */
-       MODE_DROP
-};
-
-/**
- * enum names for ipsec_mode_t.
- */
-extern enum_name_t *ipsec_mode_names;
-
-/**
- * Direction of a policy. These are equal to those
- * defined in xfrm.h, but we want to stay implementation
- * neutral here.
- */
-enum policy_dir_t {
-       /** Policy for inbound traffic */
-       POLICY_IN = 0,
-       /** Policy for outbound traffic */
-       POLICY_OUT = 1,
-       /** Policy for forwarded traffic */
-       POLICY_FWD = 2,
-};
-
-/**
- * enum names for policy_dir_t.
- */
-extern enum_name_t *policy_dir_names;
-
-/**
- * Type of a policy.
- */
-enum policy_type_t {
-       /** Normal IPsec policy */
-       POLICY_IPSEC = 1,
-       /** Passthrough policy (traffic is ignored by IPsec) */
-       POLICY_PASS,
-       /** Drop policy (traffic is discarded) */
-       POLICY_DROP,
-};
-
-/**
- * High-level priority of a policy.
- */
-enum policy_priority_t {
-       /** Default priority */
-       POLICY_PRIORITY_DEFAULT,
-       /** Priority for trap policies */
-       POLICY_PRIORITY_ROUTED,
-       /** Priority for fallback drop policies */
-       POLICY_PRIORITY_FALLBACK,
-};
-
-/**
- * IPComp transform IDs, as in RFC 4306
- */
-enum ipcomp_transform_t {
-       IPCOMP_NONE = 0,
-       IPCOMP_OUI = 1,
-       IPCOMP_DEFLATE = 2,
-       IPCOMP_LZS = 3,
-       IPCOMP_LZJH = 4,
-};
-
-/**
- * enum strings for ipcomp_transform_t.
- */
-extern enum_name_t *ipcomp_transform_names;
-
-/**
- * This struct contains details about IPsec SA(s) tied to a policy.
- */
-struct ipsec_sa_cfg_t {
-       /** mode of SA (tunnel, transport) */
-       ipsec_mode_t mode;
-       /** unique ID */
-       u_int32_t reqid;
-       /** details about ESP/AH */
-       struct {
-               /** TRUE if this protocol is used */
-               bool use;
-               /** SPI for ESP/AH */
-               u_int32_t spi;
-       } esp, ah;
-       /** details about IPComp */
-       struct {
-               /** the IPComp transform used */
-               u_int16_t transform;
-               /** CPI for IPComp */
-               u_int16_t cpi;
-       } ipcomp;
-};
-
-/**
- * A lifetime_cfg_t defines the lifetime limits of an SA.
- *
- * Set any of these values to 0 to ignore.
- */
-struct lifetime_cfg_t {
-       struct {
-               /** Limit before the SA gets invalid. */
-               u_int64_t       life;
-               /** Limit before the SA gets rekeyed. */
-               u_int64_t       rekey;
-               /** The range of a random value subtracted from rekey. */
-               u_int64_t       jitter;
-       } time, bytes, packets;
-};
-
-/**
- * A mark_t defines an optional mark in an IPsec SA.
- */
-struct mark_t {
-       /** Mark value */
-       u_int32_t value;
-       /** Mark mask */
-       u_int32_t mask;
-};
-
-/**
- * Special mark value that uses the reqid of the CHILD_SA as mark
- */
-#define MARK_REQID (0xFFFFFFFF)
-
-/**
  * Interface to the ipsec subsystem of the kernel.
  *
  * The kernel ipsec interface handles the communication with the kernel
index 7292bff..c4cf92d 100644 (file)
@@ -12,7 +12,6 @@ esp_packet.c esp_packet.h
 LOCAL_C_INCLUDES += \
        $(libvstr_PATH) \
        $(strongswan_PATH)/src/include \
-       $(strongswan_PATH)/src/libhydra \
        $(strongswan_PATH)/src/libstrongswan
 
 LOCAL_CFLAGS := $(strongswan_CFLAGS)
@@ -25,7 +24,7 @@ LOCAL_ARM_MODE := arm
 
 LOCAL_PRELINK_MODULE := false
 
-LOCAL_SHARED_LIBRARIES += libstrongswan libhydra
+LOCAL_SHARED_LIBRARIES += libstrongswan
 
 include $(BUILD_SHARED_LIBRARY)
 
index ce07e3c..128de7a 100644 (file)
@@ -8,8 +8,7 @@ esp_packet.c esp_packet.h
 libipsec_la_LIBADD =
 
 INCLUDES = \
-       -I$(top_srcdir)/src/libstrongswan \
-       -I$(top_srcdir)/src/libhydra
+       -I$(top_srcdir)/src/libstrongswan
 
 EXTRA_DIST = Android.mk
 
index 398e371..389120e 100644 (file)
@@ -20,6 +20,7 @@ credentials/sets/auth_cfg_wrapper.c credentials/sets/ocsp_response_wrapper.c \
 credentials/sets/cert_cache.c credentials/sets/mem_cred.c \
 credentials/sets/callback_cred.c credentials/auth_cfg.c database/database.c \
 database/database_factory.c fetcher/fetcher.c fetcher/fetcher_manager.c eap/eap.c \
+ipsec/ipsec_types.c \
 pen/pen.c plugins/plugin_loader.c plugins/plugin_feature.c processing/jobs/job.c \
 processing/jobs/callback_job.c processing/processor.c processing/scheduler.c \
 selectors/traffic_selector.c threading/thread.c threading/thread_value.c \
index 383efc8..1f27f01 100644 (file)
@@ -18,6 +18,7 @@ credentials/sets/auth_cfg_wrapper.c credentials/sets/ocsp_response_wrapper.c \
 credentials/sets/cert_cache.c credentials/sets/mem_cred.c \
 credentials/sets/callback_cred.c credentials/auth_cfg.c database/database.c \
 database/database_factory.c fetcher/fetcher.c fetcher/fetcher_manager.c eap/eap.c \
+ipsec/ipsec_types.c \
 pen/pen.c plugins/plugin_loader.c plugins/plugin_feature.c processing/jobs/job.c \
 processing/jobs/callback_job.c processing/processor.c processing/scheduler.c \
 selectors/traffic_selector.c threading/thread.c threading/thread_value.c \
@@ -51,10 +52,11 @@ credentials/sets/ocsp_response_wrapper.h credentials/sets/cert_cache.h \
 credentials/sets/mem_cred.h credentials/sets/callback_cred.h \
 credentials/auth_cfg.h credentials/credential_set.h credentials/cert_validator.h \
 database/database.h database/database_factory.h fetcher/fetcher.h \
-fetcher/fetcher_manager.h eap/eap.h pen/pen.h plugins/plugin_loader.h \
-plugins/plugin.h plugins/plugin_feature.h processing/jobs/job.h \
-processing/jobs/callback_job.h processing/processor.h processing/scheduler.h \
-selectors/traffic_selector.h threading/thread.h threading/thread_value.h \
+fetcher/fetcher_manager.h eap/eap.h pen/pen.h ipsec/ipsec_types.h \
+plugins/plugin_loader.h plugins/plugin.h plugins/plugin_feature.h
+processing/jobs/job.h processing/jobs/callback_job.h processing/processor.h
+processing/scheduler.h selectors/traffic_selector.h \
+threading/thread.h threading/thread_value.h \
 threading/mutex.h threading/condvar.h threading/spinlock.h threading/semaphore.h \
 threading/rwlock.h threading/lock_profiler.h utils.h utils/host.h \
 utils/packet.h utils/identification.h utils/lexparser.h utils/linked_list.h \
diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c
new file mode 100644 (file)
index 0000000..e4e9273
--- /dev/null
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ipsec_types.h"
+
+ENUM(ipsec_mode_names, MODE_TRANSPORT, MODE_DROP,
+       "TRANSPORT",
+       "TUNNEL",
+       "BEET",
+       "PASS",
+       "DROP"
+);
+
+ENUM(policy_dir_names, POLICY_IN, POLICY_FWD,
+       "in",
+       "out",
+       "fwd"
+);
+
+ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH,
+       "IPCOMP_NONE",
+       "IPCOMP_OUI",
+       "IPCOMP_DEFLATE",
+       "IPCOMP_LZS",
+       "IPCOMP_LZJH"
+);
diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
new file mode 100644 (file)
index 0000000..32e55bc
--- /dev/null
@@ -0,0 +1,172 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ipsec_types ipsec_types
+ * @{ @ingroup ipsec
+ */
+
+#ifndef IPSEC_TYPES_H_
+#define IPSEC_TYPES_H_
+
+typedef enum ipsec_mode_t ipsec_mode_t;
+typedef enum policy_dir_t policy_dir_t;
+typedef enum policy_type_t policy_type_t;
+typedef enum policy_priority_t policy_priority_t;
+typedef enum ipcomp_transform_t ipcomp_transform_t;
+typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
+typedef struct lifetime_cfg_t lifetime_cfg_t;
+typedef struct mark_t mark_t;
+
+#include <library.h>
+
+/**
+ * Mode of an IPsec SA.
+ */
+enum ipsec_mode_t {
+       /** not using any encapsulation */
+       MODE_NONE = 0,
+       /** transport mode, no inner address */
+       MODE_TRANSPORT = 1,
+       /** tunnel mode, inner and outer addresses */
+       MODE_TUNNEL,
+       /** BEET mode, tunnel mode but fixed, bound inner addresses */
+       MODE_BEET,
+       /** passthrough policy for traffic without an IPsec SA */
+       MODE_PASS,
+       /** drop policy discarding traffic */
+       MODE_DROP
+};
+
+/**
+ * enum names for ipsec_mode_t.
+ */
+extern enum_name_t *ipsec_mode_names;
+
+/**
+ * Direction of a policy. These are equal to those
+ * defined in xfrm.h, but we want to stay implementation
+ * neutral here.
+ */
+enum policy_dir_t {
+       /** Policy for inbound traffic */
+       POLICY_IN = 0,
+       /** Policy for outbound traffic */
+       POLICY_OUT = 1,
+       /** Policy for forwarded traffic */
+       POLICY_FWD = 2,
+};
+
+/**
+ * enum names for policy_dir_t.
+ */
+extern enum_name_t *policy_dir_names;
+
+/**
+ * Type of a policy.
+ */
+enum policy_type_t {
+       /** Normal IPsec policy */
+       POLICY_IPSEC = 1,
+       /** Passthrough policy (traffic is ignored by IPsec) */
+       POLICY_PASS,
+       /** Drop policy (traffic is discarded) */
+       POLICY_DROP,
+};
+
+/**
+ * High-level priority of a policy.
+ */
+enum policy_priority_t {
+       /** Default priority */
+       POLICY_PRIORITY_DEFAULT,
+       /** Priority for trap policies */
+       POLICY_PRIORITY_ROUTED,
+       /** Priority for fallback drop policies */
+       POLICY_PRIORITY_FALLBACK,
+};
+
+/**
+ * IPComp transform IDs, as in RFC 4306
+ */
+enum ipcomp_transform_t {
+       IPCOMP_NONE = 0,
+       IPCOMP_OUI = 1,
+       IPCOMP_DEFLATE = 2,
+       IPCOMP_LZS = 3,
+       IPCOMP_LZJH = 4,
+};
+
+/**
+ * enum strings for ipcomp_transform_t.
+ */
+extern enum_name_t *ipcomp_transform_names;
+
+/**
+ * This struct contains details about IPsec SA(s) tied to a policy.
+ */
+struct ipsec_sa_cfg_t {
+       /** mode of SA (tunnel, transport) */
+       ipsec_mode_t mode;
+       /** unique ID */
+       u_int32_t reqid;
+       /** details about ESP/AH */
+       struct {
+               /** TRUE if this protocol is used */
+               bool use;
+               /** SPI for ESP/AH */
+               u_int32_t spi;
+       } esp, ah;
+       /** details about IPComp */
+       struct {
+               /** the IPComp transform used */
+               u_int16_t transform;
+               /** CPI for IPComp */
+               u_int16_t cpi;
+       } ipcomp;
+};
+
+/**
+ * A lifetime_cfg_t defines the lifetime limits of an SA.
+ *
+ * Set any of these values to 0 to ignore.
+ */
+struct lifetime_cfg_t {
+       struct {
+               /** Limit before the SA gets invalid. */
+               u_int64_t       life;
+               /** Limit before the SA gets rekeyed. */
+               u_int64_t       rekey;
+               /** The range of a random value subtracted from rekey. */
+               u_int64_t       jitter;
+       } time, bytes, packets;
+};
+
+/**
+ * A mark_t defines an optional mark in an IPsec SA.
+ */
+struct mark_t {
+       /** Mark value */
+       u_int32_t value;
+       /** Mark mask */
+       u_int32_t mask;
+};
+
+/**
+ * Special mark value that uses the reqid of the CHILD_SA as mark
+ */
+#define MARK_REQID (0xFFFFFFFF)
+
+#endif /** IPSEC_TYPES_H_ @}*/
index d357ddf..634128f 100644 (file)
@@ -43,6 +43,9 @@
  * @defgroup fetcher fetcher
  * @ingroup libstrongswan
  *
+ * @defgroup ipsec ipsec
+ * @ingroup libstrongswan
+ *
  * @defgroup plugins plugins
  * @ingroup libstrongswan
  *