aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/kernel/kernel_ipsec.h
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2010-07-19 18:38:29 +0200
committerTobias Brunner <tobias@strongswan.org>2010-09-02 19:04:19 +0200
commitbd7a2f3bfc4093ed10097d167bf5f1221bf5bb61 (patch)
treeb1c03a5ad7f024d4db0da924d90ddcb5f978158f /src/libhydra/kernel/kernel_ipsec.h
parent6a066ad19b60cb137b353feb96241a90241b4dbc (diff)
downloadstrongswan-bd7a2f3bfc4093ed10097d167bf5f1221bf5bb61.tar.bz2
strongswan-bd7a2f3bfc4093ed10097d167bf5f1221bf5bb61.tar.xz
Added an option to specify the type of a policy to kernel_ipsec.add_policy.
This will later allow us to support pluto's passthrough and drop policies in charon.
Diffstat (limited to 'src/libhydra/kernel/kernel_ipsec.h')
-rw-r--r--src/libhydra/kernel/kernel_ipsec.h18
1 files changed, 16 insertions, 2 deletions
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h
index 1a7f7b44d..ff692535d 100644
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -26,6 +26,7 @@
typedef enum ipsec_mode_t ipsec_mode_t;
typedef enum policy_dir_t policy_dir_t;
+typedef enum policy_type_t policy_type_t;
typedef enum ipcomp_transform_t ipcomp_transform_t;
typedef struct kernel_ipsec_t kernel_ipsec_t;
typedef struct lifetime_cfg_t lifetime_cfg_t;
@@ -72,6 +73,18 @@ enum policy_dir_t {
extern enum_name_t *policy_dir_names;
/**
+ * Type of a policy.
+ */
+enum policy_type_t {
+ /** Normal IPsec policy */
+ POLICY_IPSEC = 1,
+ /** Passthrough policy (traffic is ignored by IPsec) */
+ POLICY_PASS,
+ /** Drop policy (traffic is discarded) */
+ POLICY_DROP,
+};
+
+/**
* IPComp transform IDs, as in RFC 4306
*/
enum ipcomp_transform_t {
@@ -258,6 +271,7 @@ struct kernel_ipsec_t {
* @param src_ts traffic selector to match traffic source
* @param dst_ts traffic selector to match traffic dest
* @param direction direction of traffic, POLICY_(IN|OUT|FWD)
+ * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
* @param spi SPI of optional ESP SA
* @param ah_spi SPI of optional AH SA
* @param reqid unique ID of an SA to use to enforce policy
@@ -272,8 +286,8 @@ struct kernel_ipsec_t {
host_t *src, host_t *dst,
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t spi,
- u_int32_t ah_spi, u_int32_t reqid,
+ policy_dir_t direction, policy_type_t type,
+ u_int32_t spi, u_int32_t ah_spi, u_int32_t reqid,
mark_t mark, ipsec_mode_t mode,
u_int16_t ipcomp, u_int16_t cpi, bool routed);