encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
kernel/kernel_interface.c kernel/kernel_interface.h \
-kernel/kernel_interface_ipsec.h kernel/kernel_interface_net.h \
+kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+kernel/kernel_net.h \
network/packet.c network/packet.h \
network/receiver.c network/receiver.h \
network/sender.c network/sender.h \
#include <daemon.h>
-ENUM(mode_names, MODE_TRANSPORT, MODE_BEET,
- "TRANSPORT",
- "TUNNEL",
- "2",
- "3",
- "BEET",
-);
-
ENUM(action_names, ACTION_NONE, ACTION_RESTART,
"clear",
"hold",
/**
* Mode to propose for a initiated CHILD: tunnel/transport
*/
- mode_t mode;
+ ipsec_mode_t mode;
/**
* action to take on DPD
/**
* Implementation of child_cfg_t.get_mode
*/
-static mode_t get_mode(private_child_cfg_t *this)
+static ipsec_mode_t get_mode(private_child_cfg_t *this)
{
return this->mode;
}
*/
child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
u_int32_t rekeytime, u_int32_t jitter,
- char *updown, bool hostaccess, mode_t mode,
+ char *updown, bool hostaccess, ipsec_mode_t mode,
action_t dpd_action, action_t close_action, bool ipcomp)
{
private_child_cfg_t *this = malloc_thing(private_child_cfg_t);
this->public.select_proposal = (proposal_t* (*) (child_cfg_t*,linked_list_t*,bool))select_proposal;
this->public.get_updown = (char* (*) (child_cfg_t*))get_updown;
this->public.get_hostaccess = (bool (*) (child_cfg_t*))get_hostaccess;
- this->public.get_mode = (mode_t (*) (child_cfg_t *))get_mode;
+ this->public.get_mode = (ipsec_mode_t (*) (child_cfg_t *))get_mode;
this->public.get_dpd_action = (action_t (*) (child_cfg_t *))get_dpd_action;
this->public.get_close_action = (action_t (*) (child_cfg_t *))get_close_action;
this->public.get_lifetime = (u_int32_t (*) (child_cfg_t *,bool))get_lifetime;
#ifndef CHILD_CFG_H_
#define CHILD_CFG_H_
-typedef enum mode_t mode_t;
typedef enum action_t action_t;
typedef enum ipcomp_transform_t ipcomp_transform_t;
typedef struct child_cfg_t child_cfg_t;
#include <library.h>
#include <config/proposal.h>
#include <config/traffic_selector.h>
-
-/**
- * Mode of an CHILD_SA.
- *
- * These are equal to those defined in XFRM, so don't change.
- */
-enum mode_t {
- /** transport mode, no inner address */
- MODE_TRANSPORT = 0,
- /** tunnel mode, inner and outer addresses */
- MODE_TUNNEL = 1,
- /** BEET mode, tunnel mode but fixed, bound inner addresses */
- MODE_BEET = 4,
-};
-
-/**
- * enum names for mode_t.
- */
-extern enum_name_t *mode_names;
+#include <kernel/kernel_ipsec.h>
/**
* Action to take when DPD detected/connection gets closed by peer.
*
* @return ipsec mode
*/
- mode_t (*get_mode) (child_cfg_t *this);
+ ipsec_mode_t (*get_mode) (child_cfg_t *this);
/**
* Action to take on DPD.
*/
child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
u_int32_t rekeytime, u_int32_t jitter,
- char *updown, bool hostaccess, mode_t mode,
+ char *updown, bool hostaccess, ipsec_mode_t mode,
action_t dpd_action, action_t close_action,
bool ipcomp);
u_int64_t expire_soft, u_int64_t expire_hard,
u_int16_t enc_alg, u_int16_t enc_size,
u_int16_t int_alg, u_int16_t int_size,
- prf_plus_t *prf_plus, mode_t mode, u_int16_t ipcomp, bool encap,
+ prf_plus_t *prf_plus, ipsec_mode_t mode, u_int16_t ipcomp, bool encap,
bool update)
{
return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
static status_t add_policy(private_kernel_interface_t *this, host_t *src, host_t *dst,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, protocol_id_t protocol,
- u_int32_t reqid, bool high_prio, mode_t mode,
+ u_int32_t reqid, bool high_prio, ipsec_mode_t mode,
u_int16_t ipcomp)
{
return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts,
this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
- this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,u_int16_t,u_int16_t,u_int16_t,prf_plus_t*,mode_t,u_int16_t,bool,bool))add_sa;
+ this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,u_int16_t,u_int16_t,u_int16_t,prf_plus_t*,ipsec_mode_t,u_int16_t,bool,bool))add_sa;
this->public.update_sa = (status_t(*)(kernel_interface_t*,u_int32_t,protocol_id_t,host_t*,host_t*,host_t*,host_t*,bool))update_sa;
this->public.query_sa = (status_t(*)(kernel_interface_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t*))query_sa;
this->public.del_sa = (status_t(*)(kernel_interface_t*,host_t*,u_int32_t,protocol_id_t))del_sa;
- this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,protocol_id_t,u_int32_t,bool,mode_t,u_int16_t))add_policy;
+ this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,protocol_id_t,u_int32_t,bool,ipsec_mode_t,u_int16_t))add_policy;
this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
this->public.del_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t))del_policy;
u_int64_t expire_soft, u_int64_t expire_hard,
u_int16_t enc_alg, u_int16_t enc_size,
u_int16_t int_alg, u_int16_t int_size,
- prf_plus_t *prf_plus, mode_t mode,
+ prf_plus_t *prf_plus, ipsec_mode_t mode,
u_int16_t ipcomp, bool encap,
bool update);
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
policy_dir_t direction, protocol_id_t protocol,
- u_int32_t reqid, bool high_prio, mode_t mode,
+ u_int32_t reqid, bool high_prio, ipsec_mode_t mode,
u_int16_t ipcomp);
/**
--- /dev/null
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "kernel_ipsec.h"
+
+ENUM(ipsec_mode_names, MODE_TRANSPORT, MODE_BEET,
+ "TRANSPORT",
+ "TUNNEL",
+ "2",
+ "3",
+ "BEET",
+);
#ifndef KERNEL_IPSEC_H_
#define KERNEL_IPSEC_H_
+typedef enum ipsec_mode_t ipsec_mode_t;
typedef enum policy_dir_t policy_dir_t;
typedef struct kernel_ipsec_t kernel_ipsec_t;
#include <encoding/payloads/proposal_substructure.h>
/**
+ * Mode of an CHILD_SA.
+ *
+ * These are equal to those defined in XFRM, so don't change.
+ */
+enum ipsec_mode_t {
+ /** transport mode, no inner address */
+ MODE_TRANSPORT = 0,
+ /** tunnel mode, inner and outer addresses */
+ MODE_TUNNEL = 1,
+ /** BEET mode, tunnel mode but fixed, bound inner addresses */
+ MODE_BEET = 4,
+};
+
+/**
+ * enum names for ipsec_mode_t.
+ */
+extern enum_name_t *ipsec_mode_names;
+
+/**
* Direction of a policy. These are equal to those
* defined in xfrm.h, but we want to stay implementation
* neutral here.
u_int64_t expire_soft, u_int64_t expire_hard,
u_int16_t enc_alg, u_int16_t enc_size,
u_int16_t int_alg, u_int16_t int_size,
- prf_plus_t *prf_plus, mode_t mode,
+ prf_plus_t *prf_plus, ipsec_mode_t mode,
u_int16_t ipcomp, bool encap,
bool update);
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
policy_dir_t direction, protocol_id_t protocol,
- u_int32_t reqid, bool high_prio, mode_t mode,
+ u_int32_t reqid, bool high_prio, ipsec_mode_t mode,
u_int16_t ipcomp);
/**
u_int64_t expire_soft, u_int64_t expire_hard,
u_int16_t enc_alg, u_int16_t enc_size,
u_int16_t int_alg, u_int16_t int_size,
- prf_plus_t *prf_plus, mode_t mode,
+ prf_plus_t *prf_plus, ipsec_mode_t mode,
u_int16_t ipcomp, bool encap,
bool replace)
{
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
policy_dir_t direction, protocol_id_t protocol,
- u_int32_t reqid, bool high_prio, mode_t mode,
+ u_int32_t reqid, bool high_prio, ipsec_mode_t mode,
u_int16_t ipcomp)
{
iterator_t *iterator;
/* public functions */
this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
- this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,u_int16_t,u_int16_t,u_int16_t,prf_plus_t*,mode_t,u_int16_t,bool,bool))add_sa;
+ this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,u_int16_t,u_int16_t,u_int16_t,prf_plus_t*,ipsec_mode_t,u_int16_t,bool,bool))add_sa;
this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,host_t*,host_t*,host_t*,host_t*,bool))update_sa;
this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t*))query_sa;
this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,u_int32_t,protocol_id_t))del_sa;
- this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,protocol_id_t,u_int32_t,bool,mode_t,u_int16_t))add_policy;
+ this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,protocol_id_t,u_int32_t,bool,ipsec_mode_t,u_int16_t))add_policy;
this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t))del_policy;
this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy;
*/
kernel_netlink_ipsec_t *kernel_netlink_ipsec_create();
-#endif /* KERNEL_NETLINK_IPSEC_H_ */
+#endif /* KERNEL_NETLINK_IPSEC_H_ @} */
*/
plugin_t *plugin_create();
-#endif /* KERNEL_NETLINK_PLUGIN_H_ */
+#endif /* KERNEL_NETLINK_PLUGIN_H_ @} */
*/
static void write_child(xmlTextWriterPtr writer, child_sa_t *child)
{
- mode_t mode;
+ ipsec_mode_t mode;
encryption_algorithm_t encr;
integrity_algorithm_t int_algo;
size_t encr_len, int_len;
encryption_algorithm_t encr_alg;
integrity_algorithm_t int_alg;
size_t encr_len, int_len;
- mode_t mode;
+ ipsec_mode_t mode;
child_sa->get_stats(child_sa, &mode, &encr_alg, &encr_len,
&int_alg, &int_len, &rekey, &use_in, &use_out,
fprintf(out, "%12s{%d}: %N, %N",
child_sa->get_name(child_sa), child_sa->get_reqid(child_sa),
child_sa_state_names, child_sa->get_state(child_sa),
- mode_names, mode);
+ ipsec_mode_names, mode);
if (child_sa->get_state(child_sa) == CHILD_INSTALLED)
{
/**
* mode this SA uses, tunnel/transport
*/
- mode_t mode;
+ ipsec_mode_t mode;
/**
* virtual IP assinged to local host
/**
* Implementation of child_sa_t.get_stats.
*/
-static void get_stats(private_child_sa_t *this, mode_t *mode,
+static void get_stats(private_child_sa_t *this, ipsec_mode_t *mode,
encryption_algorithm_t *encr_algo, size_t *encr_len,
integrity_algorithm_t *int_algo, size_t *int_len,
u_int32_t *rekey, u_int32_t *use_in, u_int32_t *use_out,
}
static status_t install(private_child_sa_t *this, proposal_t *proposal,
- mode_t mode, prf_plus_t *prf_plus, bool mine)
+ ipsec_mode_t mode, prf_plus_t *prf_plus, bool mine)
{
u_int32_t spi, soft, hard;
host_t *src;
}
static status_t add(private_child_sa_t *this, proposal_t *proposal,
- mode_t mode, prf_plus_t *prf_plus)
+ ipsec_mode_t mode, prf_plus_t *prf_plus)
{
u_int32_t outbound_spi, inbound_spi;
}
static status_t update(private_child_sa_t *this, proposal_t *proposal,
- mode_t mode, prf_plus_t *prf_plus)
+ ipsec_mode_t mode, prf_plus_t *prf_plus)
{
u_int32_t inbound_spi;
static status_t add_policies(private_child_sa_t *this,
linked_list_t *my_ts_list, linked_list_t *other_ts_list,
- mode_t mode, protocol_id_t proto)
+ ipsec_mode_t mode, protocol_id_t proto)
{
iterator_t *my_iter, *other_iter;
traffic_selector_t *my_ts, *other_ts;
this->public.get_spi = (u_int32_t(*)(child_sa_t*, bool))get_spi;
this->public.get_cpi = (u_int16_t(*)(child_sa_t*, bool))get_cpi;
this->public.get_protocol = (protocol_id_t(*)(child_sa_t*))get_protocol;
- this->public.get_stats = (void(*)(child_sa_t*, mode_t*,encryption_algorithm_t*,size_t*,integrity_algorithm_t*,size_t*,u_int32_t*,u_int32_t*,u_int32_t*,u_int32_t*))get_stats;
+ this->public.get_stats = (void(*)(child_sa_t*, ipsec_mode_t*,encryption_algorithm_t*,size_t*,integrity_algorithm_t*,size_t*,u_int32_t*,u_int32_t*,u_int32_t*,u_int32_t*))get_stats;
this->public.alloc = (status_t(*)(child_sa_t*,linked_list_t*))alloc;
- this->public.add = (status_t(*)(child_sa_t*,proposal_t*,mode_t,prf_plus_t*))add;
- this->public.update = (status_t(*)(child_sa_t*,proposal_t*,mode_t,prf_plus_t*))update;
+ this->public.add = (status_t(*)(child_sa_t*,proposal_t*,ipsec_mode_t,prf_plus_t*))add;
+ this->public.update = (status_t(*)(child_sa_t*,proposal_t*,ipsec_mode_t,prf_plus_t*))update;
this->public.update_hosts = (status_t (*)(child_sa_t*,host_t*,host_t*,bool))update_hosts;
- this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*,mode_t,protocol_id_t))add_policies;
+ this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*,ipsec_mode_t,protocol_id_t))add_policies;
this->public.get_traffic_selectors = (linked_list_t*(*)(child_sa_t*,bool))get_traffic_selectors;
this->public.get_use_time = (status_t (*)(child_sa_t*,bool,time_t*))get_use_time;
this->public.set_state = (void(*)(child_sa_t*,child_sa_state_t))set_state;
* @param use_out time when last traffic was seen going out
* @param use_fwd time when last traffic was getting forwarded
*/
- void (*get_stats)(child_sa_t *this, mode_t *mode,
+ void (*get_stats)(child_sa_t *this, ipsec_mode_t *mode,
encryption_algorithm_t *encr, size_t *encr_len,
integrity_algorithm_t *int_algo, size_t *int_len,
u_int32_t *rekey, u_int32_t *use_in, u_int32_t *use_out,
* @param prf_plus key material to use for key derivation
* @return SUCCESS or FAILED
*/
- status_t (*add)(child_sa_t *this, proposal_t *proposal, mode_t mode,
+ status_t (*add)(child_sa_t *this, proposal_t *proposal, ipsec_mode_t mode,
prf_plus_t *prf_plus);
/**
* @param prf_plus key material to use for key derivation
* @return SUCCESS or FAILED
*/
- status_t (*update)(child_sa_t *this, proposal_t *proposal, mode_t mode,
+ status_t (*update)(child_sa_t *this, proposal_t *proposal, ipsec_mode_t mode,
prf_plus_t *prf_plus);
/**
* @return SUCCESS or FAILED
*/
status_t (*add_policies)(child_sa_t *this, linked_list_t *my_ts_list,
- linked_list_t *other_ts_list, mode_t mode,
+ linked_list_t *other_ts_list, ipsec_mode_t mode,
protocol_id_t proto);
/**
/**
* mode the new CHILD_SA uses (transport/tunnel/beet)
*/
- mode_t mode;
+ ipsec_mode_t mode;
/**
* IPComp transform to use