return result;
}
-const struct kernel_ops *kernel_ops;
-
/**
* Data for acquire events
*/
void init_kernel(void)
{
#ifdef KLIPS
-
-#if defined(linux) && defined(KERNEL26_SUPPORT)
- {
- bool linux_ipsec = 0;
- struct stat buf;
-
- linux_ipsec = (stat("/proc/net/pfkey", &buf) == 0);
- if (linux_ipsec)
- {
- plog("Using Linux 2.6 IPsec interface code");
- kernel_ops = &linux_kernel_ops;
- }
- else
- {
- plog("Using KLIPS IPsec interface code");
- }
- }
-#endif
-
/* register SA types that we can negotiate */
can_do_IPcomp = FALSE; /* until we get a response from the kernel */
pfkey_register();
const char *text_said;
};
-struct kernel_ops {
- enum {
- KERNEL_TYPE_NONE,
- KERNEL_TYPE_KLIPS,
- KERNEL_TYPE_LINUX,
- } type;
- bool inbound_eroute;
- bool policy_lifetime;
- int *async_fdp;
-
- void (*init)(void);
- void (*pfkey_register)(void);
- void (*pfkey_register_response)(const struct sadb_msg *msg);
- void (*process_queue)(void);
- void (*process_msg)(void);
- bool (*raw_eroute)(const ip_address *this_host,
- const ip_subnet *this_client,
- const ip_address *that_host,
- const ip_subnet *that_client,
- ipsec_spi_t spi,
- unsigned int satype,
- unsigned int transport_proto,
- const struct pfkey_proto_info *proto_info,
- time_t use_lifetime,
- unsigned int op,
- const char *text_said);
- bool (*get_policy)(const struct kernel_sa *sa, bool inbound,
- time_t *use_time);
- bool (*add_sa)(const struct kernel_sa *sa, bool replace);
- bool (*grp_sa)(const struct kernel_sa *sa_outer,
- const struct kernel_sa *sa_inner);
- bool (*del_sa)(const struct kernel_sa *sa);
- bool (*get_sa)(const struct kernel_sa *sa, u_int *bytes);
- ipsec_spi_t (*get_spi)(const ip_address *src,
- const ip_address *dst,
- int proto,
- bool tunnel_mode,
- unsigned reqid,
- ipsec_spi_t min,
- ipsec_spi_t max,
- const char *text_said);
-};
-
-
-extern const struct kernel_ops *kernel_ops;
-
extern void show_shunt_status(void);
#endif
#endif
#if defined(linux) && defined(KERNEL26_SUPPORT)
- if (!no_klips && kernel_ops->type == KERNEL_TYPE_LINUX)
{
struct sadb_x_policy policy;
int level, opt;
* "after" allows us to avoid double reporting.
*/
#if defined(linux) && defined(KERNEL26_SUPPORT)
- if (!no_klips && kernel_ops->type == KERNEL_TYPE_LINUX)
{
if (after)
{
continue;
#if defined(linux) && defined(KERNEL26_SUPPORT)
- if (!no_klips && kernel_ops->type == KERNEL_TYPE_LINUX)
{
v = ifp;
goto add_entry;
projects / strongswan.git / commitdiff