diff options
Diffstat (limited to 'src/libcharon/kernel')
| -rw-r--r-- | src/libcharon/kernel/kernel_handler.c | 25 | ||||
| -rw-r--r-- | src/libcharon/kernel/kernel_interface.c | 14 | ||||
| -rw-r--r-- | src/libcharon/kernel/kernel_interface.h | 14 | ||||
| -rw-r--r-- | src/libcharon/kernel/kernel_ipsec.h | 14 | ||||
| -rw-r--r-- | src/libcharon/kernel/kernel_listener.h | 2 |
5 files changed, 43 insertions, 26 deletions
diff --git a/src/libcharon/kernel/kernel_handler.c b/src/libcharon/kernel/kernel_handler.c index 482f1494c..d863ca504 100644 --- a/src/libcharon/kernel/kernel_handler.c +++ b/src/libcharon/kernel/kernel_handler.c @@ -38,6 +38,22 @@ struct private_kernel_handler_t { }; +/** + * convert an IP protocol identifier to the IKEv2 specific protocol identifier. + */ +static inline protocol_id_t proto_ip2ike(u_int8_t protocol) +{ + switch (protocol) + { + case IPPROTO_ESP: + return PROTO_ESP; + case IPPROTO_AH: + return PROTO_AH; + default: + return protocol; + } +} + METHOD(kernel_listener_t, acquire, bool, private_kernel_handler_t *this, u_int32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) @@ -58,20 +74,21 @@ METHOD(kernel_listener_t, acquire, bool, } METHOD(kernel_listener_t, expire, bool, - private_kernel_handler_t *this, u_int32_t reqid, protocol_id_t protocol, + private_kernel_handler_t *this, u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard) { job_t *job; + protocol_id_t proto = proto_ip2ike(protocol); DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x " "and reqid {%u}", hard ? "delete" : "rekey", - protocol_id_names, protocol, ntohl(spi), reqid); + protocol_id_names, proto, ntohl(spi), reqid); if (hard) { - job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi); + job = (job_t*)delete_child_sa_job_create(reqid, proto, spi); } else { - job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi); + job = (job_t*)rekey_child_sa_job_create(reqid, proto, spi); } hydra->processor->queue_job(hydra->processor, job); return TRUE; diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c index fffde68ae..cecaef728 100644 --- a/src/libcharon/kernel/kernel_interface.c +++ b/src/libcharon/kernel/kernel_interface.c @@ -56,7 +56,7 @@ struct private_kernel_interface_t { METHOD(kernel_interface_t, get_spi, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) + u_int8_t protocol, u_int32_t reqid, u_int32_t *spi) { if (!this->ipsec) { @@ -78,7 +78,7 @@ METHOD(kernel_interface_t, get_cpi, status_t, METHOD(kernel_interface_t, add_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, + u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts, @@ -94,7 +94,7 @@ METHOD(kernel_interface_t, add_sa, status_t, } METHOD(kernel_interface_t, update_sa, status_t, - private_kernel_interface_t *this, u_int32_t spi, protocol_id_t protocol, + private_kernel_interface_t *this, u_int32_t spi, u_int8_t protocol, u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap, mark_t mark) { @@ -108,7 +108,7 @@ METHOD(kernel_interface_t, update_sa, status_t, METHOD(kernel_interface_t, query_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, mark_t mark, u_int64_t *bytes) + u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes) { if (!this->ipsec) { @@ -119,7 +119,7 @@ METHOD(kernel_interface_t, query_sa, status_t, METHOD(kernel_interface_t, del_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, - protocol_id_t protocol, u_int16_t cpi, mark_t mark) + u_int8_t protocol, u_int16_t cpi, mark_t mark) { if (!this->ipsec) { @@ -131,7 +131,7 @@ METHOD(kernel_interface_t, del_sa, status_t, METHOD(kernel_interface_t, add_policy, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t spi, protocol_id_t protocol, + policy_dir_t direction, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool routed) { @@ -387,7 +387,7 @@ METHOD(kernel_interface_t, acquire, void, } METHOD(kernel_interface_t, expire, void, - private_kernel_interface_t *this, u_int32_t reqid, protocol_id_t protocol, + private_kernel_interface_t *this, u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard) { kernel_listener_t *listener; diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h index 61ce84102..06c526581 100644 --- a/src/libcharon/kernel/kernel_interface.h +++ b/src/libcharon/kernel/kernel_interface.h @@ -63,7 +63,7 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst, - protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi); + u_int8_t protocol, u_int32_t reqid, u_int32_t *spi); /** * Get a Compression Parameter Index (CPI) from the kernel. @@ -108,7 +108,7 @@ struct kernel_interface_t { */ status_t (*add_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, mark_t mark, + u_int8_t protocol, u_int32_t reqid, mark_t mark, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, @@ -138,7 +138,7 @@ struct kernel_interface_t { * the kernel interface can't update the SA */ status_t (*update_sa)(kernel_interface_t *this, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, + u_int32_t spi, u_int8_t protocol, u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap, mark_t mark); @@ -155,7 +155,7 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, mark_t mark, + u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes); /** @@ -170,7 +170,7 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, + u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark); /** @@ -199,7 +199,7 @@ struct kernel_interface_t { traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, + u_int8_t protocol, u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool routed); @@ -436,7 +436,7 @@ struct kernel_interface_t { * @param hard TRUE if it is a hard expire, FALSE otherwise */ void (*expire)(kernel_interface_t *this, u_int32_t reqid, - protocol_id_t protocol, u_int32_t spi, bool hard); + u_int8_t protocol, u_int32_t spi, bool hard); /** * Raise a mapping event. diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h index a2c29f5fd..340b7e91d 100644 --- a/src/libcharon/kernel/kernel_ipsec.h +++ b/src/libcharon/kernel/kernel_ipsec.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2009 Tobias Brunner + * Copyright (C) 2006-2010 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -93,7 +93,7 @@ struct kernel_ipsec_t { * @return SUCCESS if operation completed */ status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst, - protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi); + u_int8_t protocol, u_int32_t reqid, u_int32_t *spi); /** * Get a Compression Parameter Index (CPI) from the kernel. @@ -138,7 +138,7 @@ struct kernel_ipsec_t { */ status_t (*add_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, + u_int8_t protocol, u_int32_t reqid, mark_t mark, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, @@ -168,7 +168,7 @@ struct kernel_ipsec_t { * the kernel interface can't update the SA */ status_t (*update_sa)(kernel_ipsec_t *this, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, + u_int32_t spi, u_int8_t protocol, u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap, mark_t mark); @@ -185,7 +185,7 @@ struct kernel_ipsec_t { * @return SUCCESS if operation completed */ status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, mark_t mark, + u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes); /** @@ -200,7 +200,7 @@ struct kernel_ipsec_t { * @return SUCCESS if operation completed */ status_t (*del_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, + u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark); /** @@ -229,7 +229,7 @@ struct kernel_ipsec_t { traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, + u_int8_t protocol, u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool routed); diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h index b69bed66f..02e5b809e 100644 --- a/src/libcharon/kernel/kernel_listener.h +++ b/src/libcharon/kernel/kernel_listener.h @@ -55,7 +55,7 @@ struct kernel_listener_t { * @return TRUE to remain registered, FALSE to unregister */ bool (*expire)(kernel_listener_t *this, u_int32_t reqid, - protocol_id_t protocol, u_int32_t spi, bool hard); + u_int8_t protocol, u_int32_t spi, bool hard); /** * Hook called if the NAT mappings of an IPsec SA changed. |