aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/kernel/kernel_ipsec.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/kernel/kernel_ipsec.h')
-rw-r--r--src/charon/kernel/kernel_ipsec.h22
1 files changed, 10 insertions, 12 deletions
diff --git a/src/charon/kernel/kernel_ipsec.h b/src/charon/kernel/kernel_ipsec.h
index 4abe3bf54..b21be849d 100644
--- a/src/charon/kernel/kernel_ipsec.h
+++ b/src/charon/kernel/kernel_ipsec.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2008 Tobias Brunner
+ * Copyright (C) 2006-2009 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -30,7 +30,8 @@ typedef struct kernel_ipsec_t kernel_ipsec_t;
#include <utils/host.h>
#include <crypto/prf_plus.h>
-#include <encoding/payloads/proposal_substructure.h>
+#include <config/proposal.h>
+#include <config/child_cfg.h>
/**
* Mode of a CHILD_SA.
@@ -108,22 +109,19 @@ struct kernel_ipsec_t {
/**
* Add an SA to the SAD.
- *
+ *
* add_sa() may update an already allocated
* SPI (via get_spi). In this case, the replace
* flag must be set.
* This function does install a single SA for a
- * single protocol in one direction. The kernel-interface
- * gets the keys itself from the PRF, as we don't know
- * his algorithms and key sizes.
- *
+ * single protocol in one direction.
+ *
* @param src source address for this SA
* @param dst destination address for this SA
* @param spi SPI allocated by us or remote peer
* @param protocol protocol for this SA (ESP/AH)
* @param reqid unique ID for this SA
- * @param expire_soft lifetime in seconds before rekeying
- * @param expire_hard lifetime in seconds before delete
+ * @param lifetime lifetime_cfg_t for this SA
* @param enc_alg Algorithm to use for encryption (ESP only)
* @param enc_key key to use for encryption
* @param int_alg Algorithm to use for integrity protection
@@ -138,9 +136,9 @@ struct kernel_ipsec_t {
status_t (*add_sa) (kernel_ipsec_t *this,
host_t *src, host_t *dst, u_int32_t spi,
protocol_id_t protocol, u_int32_t reqid,
- u_int64_t expire_soft, u_int64_t expire_hard,
- u_int16_t enc_alg, chunk_t enc_key,
- u_int16_t int_alg, chunk_t int_key,
+ lifetime_cfg_t *lifetime,
+ u_int16_t enc_alg, chunk_t enc_key,
+ u_int16_t int_alg, chunk_t int_key,
ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
bool encap, bool inbound);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-25 01:32:50 +0000