diff options
Diffstat (limited to 'src/charon/config/policies')
| -rw-r--r-- | src/charon/config/policies/policy.c | 25 | ||||
| -rw-r--r-- | src/charon/config/policies/policy.h | 36 |
2 files changed, 55 insertions, 6 deletions
diff --git a/src/charon/config/policies/policy.c b/src/charon/config/policies/policy.c index 71fadbdfa..f64447a52 100644 --- a/src/charon/config/policies/policy.c +++ b/src/charon/config/policies/policy.c @@ -31,6 +31,13 @@ #include <utils/identification.h> #include <utils/logger_manager.h> +mapping_t dpd_action_m[] = { + {DPD_CLEAR, "DPD_CLEAR"}, + {DPD_ROUTE, "DPD_ROUTE"}, + {DPD_RESTART, "DPD_RESTART"}, + {MAPPING_END, NULL}, +}; + typedef struct private_policy_t private_policy_t; /** @@ -110,9 +117,9 @@ struct private_policy_t { u_int32_t jitter; /** - * Should the SA get ROUTED when peer detected as dead? + * What to do with an SA when other peer seams to be dead? */ - bool dpd_route; + bool dpd_action; /** * logger @@ -334,6 +341,15 @@ static char* get_updown(private_policy_t *this) } /** + * Implements policy_t.get_dpd_action + */ +static dpd_action_t get_dpd_action(private_policy_t *this) +{ + return this->dpd_action; +} + + +/** * Implementation of policy_t.add_my_traffic_selector */ static void add_my_traffic_selector(private_policy_t *this, traffic_selector_t *traffic_selector) @@ -446,7 +462,7 @@ static void destroy(private_policy_t *this) */ policy_t *policy_create(char *name, identification_t *my_id, identification_t *other_id, u_int32_t hard_lifetime, u_int32_t soft_lifetime, - u_int32_t jitter, char *updown, bool dpd_route) + u_int32_t jitter, char *updown, dpd_action_t dpd_action) { private_policy_t *this = malloc_thing(private_policy_t); @@ -465,6 +481,7 @@ policy_t *policy_create(char *name, identification_t *my_id, identification_t *o this->public.add_proposal = (void(*)(policy_t*,proposal_t*))add_proposal; this->public.add_authorities = (void(*)(policy_t*,identification_t*, identification_t*))add_authorities; this->public.get_updown = (char*(*)(policy_t*))get_updown; + this->public.get_dpd_action = (dpd_action_t(*)(policy_t*))get_dpd_action; this->public.get_soft_lifetime = (u_int32_t (*) (policy_t *))get_soft_lifetime; this->public.get_hard_lifetime = (u_int32_t (*) (policy_t *))get_hard_lifetime; this->public.get_ref = (void(*)(policy_t*))get_ref; @@ -478,7 +495,7 @@ policy_t *policy_create(char *name, identification_t *my_id, identification_t *o this->soft_lifetime = soft_lifetime; this->jitter = jitter; this->updown = (updown == NULL) ? NULL : strdup(updown); - this->dpd_route = dpd_route; + this->dpd_action = dpd_action; /* initialize private members*/ this->refcount = 1; diff --git a/src/charon/config/policies/policy.h b/src/charon/config/policies/policy.h index 9505e53fd..18e6ad0fc 100644 --- a/src/charon/config/policies/policy.h +++ b/src/charon/config/policies/policy.h @@ -31,6 +31,30 @@ #include <encoding/payloads/auth_payload.h> +typedef enum dpd_action_t dpd_action_t; + +/** + * @brief Actions to take when a peer does not respond (dead peer detected). + * + * These values are the same as in pluto/starter, so do not modify them! + * + * @ingroup config + */ +enum dpd_action_t { + /** remove CHILD_SA without replacement */ + DPD_CLEAR = 1, + /** route the CHILD_SA to resetup when needed */ + DPD_ROUTE = 2, + /** restart CHILD_SA in a new IKE_SA, immediately */ + DPD_RESTART = 3, +}; + +/** + * String mappings for dpd_action_t + */ +mapping_t dpd_action_m[]; + + typedef struct policy_t policy_t; /** @@ -202,6 +226,14 @@ struct policy_t { * @return path to updown script */ char* (*get_updown) (policy_t *this); + + /** + * @brief What should be done with a CHILD_SA, when other peer does not respond. + * + * @param this calling object + * @return dpd action + */ + dpd_action_t (*get_dpd_action) (policy_t *this); /** * @brief Get the lifetime of a policy, before rekeying starts. @@ -264,7 +296,7 @@ struct policy_t { * @param soft_lifetime lifetime before rekeying an SA * @param jitter range of randomization time * @param updown updown script to execute on up/down event - * @param dpd_route should the connection go to routed state if DPD detected? + * @param dpd_action what to to with a CHILD_SA when other peer does not respond * @return policy_t object * * @ingroup config @@ -272,6 +304,6 @@ struct policy_t { policy_t *policy_create(char *name, identification_t *my_id, identification_t *other_id, u_int32_t hard_lifetime, u_int32_t soft_lifetime, - u_int32_t jitter, char *updown, bool dpd_route); + u_int32_t jitter, char *updown, dpd_action_t dpd_action); #endif /* POLICY_H_ */ |