diff options
author | Tobias Brunner <tobias@strongswan.org> | 2010-07-19 18:38:29 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2010-09-02 19:04:19 +0200 |
commit | bd7a2f3bfc4093ed10097d167bf5f1221bf5bb61 (patch) | |
tree | b1c03a5ad7f024d4db0da924d90ddcb5f978158f /src/libhydra/kernel/kernel_ipsec.h | |
parent | 6a066ad19b60cb137b353feb96241a90241b4dbc (diff) | |
download | strongswan-bd7a2f3bfc4093ed10097d167bf5f1221bf5bb61.tar.bz2 strongswan-bd7a2f3bfc4093ed10097d167bf5f1221bf5bb61.tar.xz |
Added an option to specify the type of a policy to kernel_ipsec.add_policy.
This will later allow us to support pluto's passthrough and drop
policies in charon.
Diffstat (limited to 'src/libhydra/kernel/kernel_ipsec.h')
-rw-r--r-- | src/libhydra/kernel/kernel_ipsec.h | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h index 1a7f7b44d..ff692535d 100644 --- a/src/libhydra/kernel/kernel_ipsec.h +++ b/src/libhydra/kernel/kernel_ipsec.h @@ -26,6 +26,7 @@ typedef enum ipsec_mode_t ipsec_mode_t; typedef enum policy_dir_t policy_dir_t; +typedef enum policy_type_t policy_type_t; typedef enum ipcomp_transform_t ipcomp_transform_t; typedef struct kernel_ipsec_t kernel_ipsec_t; typedef struct lifetime_cfg_t lifetime_cfg_t; @@ -72,6 +73,18 @@ enum policy_dir_t { extern enum_name_t *policy_dir_names; /** + * Type of a policy. + */ +enum policy_type_t { + /** Normal IPsec policy */ + POLICY_IPSEC = 1, + /** Passthrough policy (traffic is ignored by IPsec) */ + POLICY_PASS, + /** Drop policy (traffic is discarded) */ + POLICY_DROP, +}; + +/** * IPComp transform IDs, as in RFC 4306 */ enum ipcomp_transform_t { @@ -258,6 +271,7 @@ struct kernel_ipsec_t { * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_(IN|OUT|FWD) + * @param type type of policy, POLICY_(IPSEC|PASS|DROP) * @param spi SPI of optional ESP SA * @param ah_spi SPI of optional AH SA * @param reqid unique ID of an SA to use to enforce policy @@ -272,8 +286,8 @@ struct kernel_ipsec_t { host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t spi, - u_int32_t ah_spi, u_int32_t reqid, + policy_dir_t direction, policy_type_t type, + u_int32_t spi, u_int32_t ah_spi, u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool routed); |