diff options
Diffstat (limited to 'src/charon/config/policies')
| -rw-r--r-- | src/charon/config/policies/policy.c | 18 | ||||
| -rw-r--r-- | src/charon/config/policies/policy.h | 30 |
2 files changed, 43 insertions, 5 deletions
diff --git a/src/charon/config/policies/policy.c b/src/charon/config/policies/policy.c index b52ae33ac..f7e2eb43c 100644 --- a/src/charon/config/policies/policy.c +++ b/src/charon/config/policies/policy.c @@ -130,6 +130,11 @@ struct private_policy_t { * What to do with an SA when other peer seams to be dead? */ bool dpd_action; + + /** + * Mode to propose for a initiated CHILD: tunnel/transport + */ + mode_t mode; }; /** @@ -378,7 +383,6 @@ static dpd_action_t get_dpd_action(private_policy_t *this) return this->dpd_action; } - /** * Implementation of policy_t.add_my_traffic_selector */ @@ -424,6 +428,14 @@ static u_int32_t get_hard_lifetime(private_policy_t *this) } /** + * Implementation of policy_t.get_mode. + */ +static mode_t get_mode(private_policy_t *this) +{ + return this->mode; +} + +/** * Implements policy_t.get_ref. */ static void get_ref(private_policy_t *this) @@ -475,7 +487,7 @@ policy_t *policy_create(char *name, identification_t *my_id, identification_t *o auth_method_t auth_method, u_int32_t hard_lifetime, u_int32_t soft_lifetime, u_int32_t jitter, char *updown, bool hostaccess, - dpd_action_t dpd_action) + mode_t mode, dpd_action_t dpd_action) { private_policy_t *this = malloc_thing(private_policy_t); @@ -501,6 +513,7 @@ policy_t *policy_create(char *name, identification_t *my_id, identification_t *o this->public.get_dpd_action = (dpd_action_t (*) (policy_t*))get_dpd_action; this->public.get_soft_lifetime = (u_int32_t (*) (policy_t *))get_soft_lifetime; this->public.get_hard_lifetime = (u_int32_t (*) (policy_t *))get_hard_lifetime; + this->public.get_mode = (mode_t (*) (policy_t *))get_mode; this->public.get_ref = (void (*) (policy_t*))get_ref; this->public.destroy = (void (*) (policy_t*))destroy; @@ -515,6 +528,7 @@ policy_t *policy_create(char *name, identification_t *my_id, identification_t *o this->updown = (updown == NULL) ? NULL : strdup(updown); this->hostaccess = hostaccess; this->dpd_action = dpd_action; + this->mode = mode; /* initialize private members*/ this->refcount = 1; diff --git a/src/charon/config/policies/policy.h b/src/charon/config/policies/policy.h index a040434c1..76b20f69b 100644 --- a/src/charon/config/policies/policy.h +++ b/src/charon/config/policies/policy.h @@ -53,6 +53,22 @@ enum dpd_action_t { }; /** + * @brief Mode of an IPsec SA. + * + * These are equal to those defined in XFRM, so don't change. + * + * @ingroup config + */ +enum mode_t { + /** transport mode, no inner address */ + MODE_TRANSPORT = 0, + /** tunnel mode, inner and outer addresses */ + MODE_TUNNEL = 1, + /** BEET mode, tunnel mode but fixed, bound inner addresses */ + MODE_BEET = 4, +}; + +/** * enum names for dpd_action_t. */ extern enum_name_t *dpd_action_names; @@ -291,6 +307,14 @@ struct policy_t { u_int32_t (*get_hard_lifetime) (policy_t *this); /** + * @brief Get the mode to use for the CHILD_SA, tunnel, transport or BEET. + * + * @param this policy + * @return lifetime in seconds + */ + mode_t (*get_mode) (policy_t *this); + + /** * @brief Get a new reference. * * Get a new reference to this policy by increasing @@ -334,6 +358,7 @@ struct policy_t { * @param jitter range of randomization time * @param updown updown script to execute on up/down event * @param hostaccess allow access to the host itself (used by the updown script) + * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET * @param dpd_action what to to with a CHILD_SA when other peer does not respond * @return policy_t object * @@ -343,8 +368,7 @@ policy_t *policy_create(char *name, identification_t *my_id, identification_t *other_id, auth_method_t auth_method, u_int32_t hard_lifetime, u_int32_t soft_lifetime, - u_int32_t jitter, - char *updown, bool hostaccess, - dpd_action_t dpd_action); + u_int32_t jitter, char *updown, bool hostaccess, + mode_t mode, dpd_action_t dpd_action); #endif /* POLICY_H_ */ |