aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon')
-rw-r--r--src/libcharon/Android.mk5
-rw-r--r--src/libcharon/Makefile.am5
-rw-r--r--src/libcharon/attributes/mem_pool.c1
-rw-r--r--src/libcharon/daemon.c2
-rw-r--r--src/libcharon/daemon.h8
-rw-r--r--src/libcharon/kernel/kernel_handler.c7
-rw-r--r--src/libcharon/kernel/kernel_handler.h2
-rw-r--r--src/libcharon/kernel/kernel_interface.c1085
-rw-r--r--src/libcharon/kernel/kernel_interface.h655
-rw-r--r--src/libcharon/kernel/kernel_ipsec.c36
-rw-r--r--src/libcharon/kernel/kernel_ipsec.h297
-rw-r--r--src/libcharon/kernel/kernel_listener.h107
-rw-r--r--src/libcharon/kernel/kernel_net.c36
-rw-r--r--src/libcharon/kernel/kernel_net.h196
-rw-r--r--src/libcharon/network/receiver.c6
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_socket.c4
-rw-r--r--src/libcharon/plugins/forecast/forecast_forwarder.c8
-rw-r--r--src/libcharon/plugins/kernel_iph/kernel_iph_net.c4
-rw-r--r--src/libcharon/plugins/kernel_iph/kernel_iph_plugin.c2
-rw-r--r--src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c59
-rw-r--r--src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c7
-rw-r--r--src/libcharon/plugins/kernel_netlink/Makefile.am2
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c59
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c8
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c2
-rw-r--r--src/libcharon/plugins/kernel_netlink/tests.c2
-rw-r--r--src/libcharon/plugins/kernel_pfkey/Makefile.am2
-rw-r--r--src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c70
-rw-r--r--src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c2
-rw-r--r--src/libcharon/plugins/kernel_pfroute/Makefile.am2
-rw-r--r--src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c17
-rw-r--r--src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c2
-rw-r--r--src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c25
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_config.c13
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_plugin.c1
-rw-r--r--src/libcharon/plugins/resolve/resolve_handler.c1
-rw-r--r--src/libcharon/plugins/socket_default/socket_default_socket.c8
-rw-r--r--src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c7
-rw-r--r--src/libcharon/plugins/socket_win/socket_win_socket.c7
-rw-r--r--src/libcharon/plugins/stroke/stroke_config.c4
-rw-r--r--src/libcharon/plugins/stroke/stroke_control.c1
-rw-r--r--src/libcharon/plugins/stroke/stroke_list.c5
-rw-r--r--src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c5
-rw-r--r--src/libcharon/plugins/updown/updown_listener.c4
-rw-r--r--src/libcharon/plugins/vici/vici_tests.c1
-rw-r--r--src/libcharon/processing/jobs/adopt_children_job.c1
-rw-r--r--src/libcharon/sa/child_sa.c82
-rw-r--r--src/libcharon/sa/ike_sa.c25
-rw-r--r--src/libcharon/sa/ikev1/tasks/isakmp_natd.c3
-rw-r--r--src/libcharon/sa/ikev1/tasks/xauth.c1
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_create.c3
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_me.c5
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_mobike.c13
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_natd.c9
-rw-r--r--src/libcharon/sa/shunt_manager.c25
-rw-r--r--src/libcharon/sa/trap_manager.c4
56 files changed, 2646 insertions, 307 deletions
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk
index 65d0e2b11..794228665 100644
--- a/src/libcharon/Android.mk
+++ b/src/libcharon/Android.mk
@@ -47,7 +47,10 @@ encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
encoding/payloads/hash_payload.c encoding/payloads/hash_payload.h \
encoding/payloads/fragment_payload.c encoding/payloads/fragment_payload.h \
-kernel/kernel_handler.c kernel/kernel_handler.h \
+kernel/kernel_interface.c kernel/kernel_interface.h \
+kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+kernel/kernel_net.c kernel/kernel_net.h \
+kernel/kernel_listener.h kernel/kernel_handler.c kernel/kernel_handler.h \
network/receiver.c network/receiver.h network/sender.c network/sender.h \
network/socket.c network/socket.h \
network/socket_manager.c network/socket_manager.h \
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
index 0eee3c28d..910f50269 100644
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@@ -46,7 +46,10 @@ encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
encoding/payloads/hash_payload.c encoding/payloads/hash_payload.h \
encoding/payloads/fragment_payload.c encoding/payloads/fragment_payload.h \
-kernel/kernel_handler.c kernel/kernel_handler.h \
+kernel/kernel_interface.c kernel/kernel_interface.h \
+kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+kernel/kernel_net.c kernel/kernel_net.h \
+kernel/kernel_listener.h kernel/kernel_handler.c kernel/kernel_handler.h \
network/receiver.c network/receiver.h network/sender.c network/sender.h \
network/socket.c network/socket.h \
network/socket_manager.c network/socket_manager.h \
diff --git a/src/libcharon/attributes/mem_pool.c b/src/libcharon/attributes/mem_pool.c
index 279668249..833c3e950 100644
--- a/src/libcharon/attributes/mem_pool.c
+++ b/src/libcharon/attributes/mem_pool.c
@@ -17,7 +17,6 @@
#include "mem_pool.h"
#include <library.h>
-#include <hydra.h>
#include <utils/debug.h>
#include <collections/hashtable.h>
#include <collections/array.h>
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index f861460db..799c3f6dc 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -685,6 +685,7 @@ static void destroy(private_daemon_t *this)
DESTROY_IF(this->public.xauth);
DESTROY_IF(this->public.backends);
DESTROY_IF(this->public.socket);
+ DESTROY_IF(this->public.kernel);
/* rehook library logging, shutdown logging */
dbg = dbg_old;
@@ -862,6 +863,7 @@ private_daemon_t *daemon_create()
.ref = 1,
);
charon = &this->public;
+ this->public.kernel = kernel_interface_create();
this->public.attributes = attribute_manager_create();
this->public.controller = controller_create();
this->public.eap = eap_manager_create();
diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h
index 0b66ea39a..654e22a07 100644
--- a/src/libcharon/daemon.h
+++ b/src/libcharon/daemon.h
@@ -63,7 +63,7 @@
* @defgroup payloads payloads
* @ingroup encoding
*
- * @defgroup ckernel kernel
+ * @defgroup kernel kernel
* @ingroup libcharon
*
* @defgroup network network
@@ -179,6 +179,7 @@
typedef struct daemon_t daemon_t;
#include <attributes/attribute_manager.h>
+#include <kernel/kernel_interface.h>
#include <network/sender.h>
#include <network/receiver.h>
#include <network/socket_manager.h>
@@ -239,6 +240,11 @@ struct daemon_t {
socket_manager_t *socket;
/**
+ * Kernel interface to communicate with kernel
+ */
+ kernel_interface_t *kernel;
+
+ /**
* A ike_sa_manager_t instance.
*/
ike_sa_manager_t *ike_sa_manager;
diff --git a/src/libcharon/kernel/kernel_handler.c b/src/libcharon/kernel/kernel_handler.c
index 9c0e2602b..be37d30e5 100644
--- a/src/libcharon/kernel/kernel_handler.c
+++ b/src/libcharon/kernel/kernel_handler.c
@@ -15,7 +15,6 @@
#include "kernel_handler.h"
-#include <hydra.h>
#include <daemon.h>
#include <processing/jobs/acquire_job.h>
#include <processing/jobs/delete_child_sa_job.h>
@@ -135,8 +134,7 @@ METHOD(kernel_listener_t, roam, bool,
METHOD(kernel_handler_t, destroy, void,
private_kernel_handler_t *this)
{
- hydra->kernel_interface->remove_listener(hydra->kernel_interface,
- &this->public.listener);
+ charon->kernel->remove_listener(charon->kernel, &this->public.listener);
free(this);
}
@@ -157,8 +155,7 @@ kernel_handler_t *kernel_handler_create()
},
);
- hydra->kernel_interface->add_listener(hydra->kernel_interface,
- &this->public.listener);
+ charon->kernel->add_listener(charon->kernel, &this->public.listener);
return &this->public;
}
diff --git a/src/libcharon/kernel/kernel_handler.h b/src/libcharon/kernel/kernel_handler.h
index 48ad6889c..f1fa0bdfc 100644
--- a/src/libcharon/kernel/kernel_handler.h
+++ b/src/libcharon/kernel/kernel_handler.h
@@ -15,7 +15,7 @@
/**
* @defgroup kernel_handler kernel_handler
- * @{ @ingroup ckernel
+ * @{ @ingroup kernel
*/
#ifndef KERNEL_HANDLER_H_
diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c
new file mode 100644
index 000000000..40c4ee589
--- /dev/null
+++ b/src/libcharon/kernel/kernel_interface.c
@@ -0,0 +1,1085 @@
+/*
+ * Copyright (C) 2008-2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/*
+ * Copyright (c) 2012 Nanoteq Pty Ltd
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "kernel_interface.h"
+
+#include <utils/debug.h>
+#include <threading/mutex.h>
+#include <collections/linked_list.h>
+#include <collections/hashtable.h>
+#include <collections/array.h>
+
+typedef struct private_kernel_interface_t private_kernel_interface_t;
+
+typedef struct kernel_algorithm_t kernel_algorithm_t;
+
+/**
+ * Mapping of IKE algorithms to kernel-specific algorithm identifiers
+ */
+struct kernel_algorithm_t {
+
+ /**
+ * Transform type of the algorithm
+ */
+ transform_type_t type;
+
+ /**
+ * Identifier specified in IKE
+ */
+ u_int16_t ike;
+
+ /**
+ * Identifier as defined in pfkeyv2.h
+ */
+ u_int16_t kernel;
+
+ /**
+ * Name of the algorithm in linux crypto API
+ */
+ char *name;
+};
+
+/**
+ * Private data of a kernel_interface_t object.
+ */
+struct private_kernel_interface_t {
+
+ /**
+ * Public part of kernel_interface_t object.
+ */
+ kernel_interface_t public;
+
+ /**
+ * Registered IPsec constructor
+ */
+ kernel_ipsec_constructor_t ipsec_constructor;
+
+ /**
+ * Registered net constructor
+ */
+ kernel_net_constructor_t net_constructor;
+
+ /**
+ * ipsec interface
+ */
+ kernel_ipsec_t *ipsec;
+
+ /**
+ * network interface
+ */
+ kernel_net_t *net;
+
+ /**
+ * mutex for listeners
+ */
+ mutex_t *mutex;
+
+ /**
+ * list of registered listeners
+ */
+ linked_list_t *listeners;
+
+ /**
+ * Reqid entries indexed by reqids
+ */
+ hashtable_t *reqids;
+
+ /**
+ * Reqid entries indexed by traffic selectors
+ */
+ hashtable_t *reqids_by_ts;
+
+ /**
+ * mutex for algorithm mappings
+ */
+ mutex_t *mutex_algs;
+
+ /**
+ * List of algorithm mappings (kernel_algorithm_t*)
+ */
+ linked_list_t *algorithms;
+
+ /**
+ * List of interface names to include or exclude (char*), NULL if interfaces
+ * are not filtered
+ */
+ linked_list_t *ifaces_filter;
+
+ /**
+ * TRUE to exclude interfaces listed in ifaces_filter, FALSE to consider
+ * only those listed there
+ */
+ bool ifaces_exclude;
+};
+
+METHOD(kernel_interface_t, get_features, kernel_feature_t,
+ private_kernel_interface_t *this)
+{
+ kernel_feature_t features = 0;
+
+ if (this->ipsec && this->ipsec->get_features)
+ {
+ features |= this->ipsec->get_features(this->ipsec);
+ }
+ if (this->net && this->net->get_features)
+ {
+ features |= this->net->get_features(this->net);
+ }
+ return features;
+}
+
+METHOD(kernel_interface_t, get_spi, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int8_t protocol, u_int32_t *spi)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->get_spi(this->ipsec, src, dst, protocol, spi);
+}
+
+METHOD(kernel_interface_t, get_cpi, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int16_t *cpi)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->get_cpi(this->ipsec, src, dst, cpi);
+}
+
+/**
+ * Reqid mapping entry
+ */
+typedef struct {
+ /** allocated reqid */
+ u_int32_t reqid;
+ /** references to this entry */
+ u_int refs;
+ /** inbound mark used for SA */
+ mark_t mark_in;
+ /** outbound mark used for SA */
+ mark_t mark_out;
+ /** local traffic selectors */
+ array_t *local;
+ /** remote traffic selectors */
+ array_t *remote;
+} reqid_entry_t;
+
+/**
+ * Destroy a reqid mapping entry
+ */
+static void reqid_entry_destroy(reqid_entry_t *entry)
+{
+ array_destroy_offset(entry->local, offsetof(traffic_selector_t, destroy));
+ array_destroy_offset(entry->remote, offsetof(traffic_selector_t, destroy));
+ free(entry);
+}
+
+/**
+ * Hashtable hash function for reqid entries using reqid as key
+ */
+static u_int hash_reqid(reqid_entry_t *entry)
+{
+ return chunk_hash_inc(chunk_from_thing(entry->reqid),
+ chunk_hash_inc(chunk_from_thing(entry->mark_in),
+ chunk_hash(chunk_from_thing(entry->mark_out))));
+}
+
+/**
+ * Hashtable equals function for reqid entries using reqid as key
+ */
+static bool equals_reqid(reqid_entry_t *a, reqid_entry_t *b)
+{
+ return a->reqid == b->reqid &&
+ a->mark_in.value == b->mark_in.value &&
+ a->mark_in.mask == b->mark_in.mask &&
+ a->mark_out.value == b->mark_out.value &&
+ a->mark_out.mask == b->mark_out.mask;
+}
+
+/**
+ * Hash an array of traffic selectors
+ */
+static u_int hash_ts_array(array_t *array, u_int hash)
+{
+ enumerator_t *enumerator;
+ traffic_selector_t *ts;
+
+ enumerator = array_create_enumerator(array);
+ while (enumerator->enumerate(enumerator, &ts))
+ {
+ hash = ts->hash(ts, hash);
+ }
+ enumerator->destroy(enumerator);
+
+ return hash;
+}
+
+/**
+ * Hashtable hash function for reqid entries using traffic selectors as key
+ */
+static u_int hash_reqid_by_ts(reqid_entry_t *entry)
+{
+ return hash_ts_array(entry->local, hash_ts_array(entry->remote,
+ chunk_hash_inc(chunk_from_thing(entry->mark_in),
+ chunk_hash(chunk_from_thing(entry->mark_out)))));
+}
+
+/**
+ * Compare two array with traffic selectors for equality
+ */
+static bool ts_array_equals(array_t *a, array_t *b)
+{
+ traffic_selector_t *tsa, *tsb;
+ enumerator_t *ae, *be;
+ bool equal = TRUE;
+
+ if (array_count(a) != array_count(b))
+ {
+ return FALSE;
+ }
+
+ ae = array_create_enumerator(a);
+ be = array_create_enumerator(b);
+ while (equal && ae->enumerate(ae, &tsa) && be->enumerate(be, &tsb))
+ {
+ equal = tsa->equals(tsa, tsb);
+ }
+ ae->destroy(ae);
+ be->destroy(be);
+
+ return equal;
+}
+
+/**
+ * Hashtable equals function for reqid entries using traffic selectors as key
+ */
+static bool equals_reqid_by_ts(reqid_entry_t *a, reqid_entry_t *b)
+{
+ return ts_array_equals(a->local, b->local) &&
+ ts_array_equals(a->remote, b->remote) &&
+ a->mark_in.value == b->mark_in.value &&
+ a->mark_in.mask == b->mark_in.mask &&
+ a->mark_out.value == b->mark_out.value &&
+ a->mark_out.mask == b->mark_out.mask;
+}
+
+/**
+ * Create an array from copied traffic selector list items
+ */
+static array_t *array_from_ts_list(linked_list_t *list)
+{
+ enumerator_t *enumerator;
+ traffic_selector_t *ts;
+ array_t *array;
+
+ array = array_create(0, 0);
+
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &ts))
+ {
+ array_insert(array, ARRAY_TAIL, ts->clone(ts));
+ }
+ enumerator->destroy(enumerator);
+
+ return array;
+}
+
+METHOD(kernel_interface_t, alloc_reqid, status_t,
+ private_kernel_interface_t *this,
+ linked_list_t *local_ts, linked_list_t *remote_ts,
+ mark_t mark_in, mark_t mark_out, u_int32_t *reqid)
+{
+ static u_int32_t counter = 0;
+ reqid_entry_t *entry = NULL, *tmpl;
+ status_t status = SUCCESS;
+
+ INIT(tmpl,
+ .local = array_from_ts_list(local_ts),
+ .remote = array_from_ts_list(remote_ts),
+ .mark_in = mark_in,
+ .mark_out = mark_out,
+ .reqid = *reqid,
+ );
+
+ this->mutex->lock(this->mutex);
+ if (tmpl->reqid)
+ {
+ /* search by reqid if given */
+ entry = this->reqids->get(this->reqids, tmpl);
+ }
+ if (entry)
+ {
+ /* we don't require a traffic selector match for explicit reqids,
+ * as we wan't to reuse a reqid for trap-triggered policies that
+ * got narrowed during negotiation. */
+ reqid_entry_destroy(tmpl);
+ }
+ else
+ {
+ /* search by traffic selectors */
+ entry = this->reqids_by_ts->get(this->reqids_by_ts, tmpl);
+ if (entry)
+ {
+ reqid_entry_destroy(tmpl);
+ }
+ else
+ {
+ /* none found, create a new entry, allocating a reqid */
+ entry = tmpl;
+ entry->reqid = ++counter;
+ this->reqids_by_ts->put(this->reqids_by_ts, entry, entry);
+ this->reqids->put(this->reqids, entry, entry);
+ }
+ *reqid = entry->reqid;
+ }
+ entry->refs++;
+ this->mutex->unlock(this->mutex);
+
+ return status;
+}
+
+METHOD(kernel_interface_t, release_reqid, status_t,
+ private_kernel_interface_t *this, u_int32_t reqid,
+ mark_t mark_in, mark_t mark_out)
+{
+ reqid_entry_t *entry, tmpl = {
+ .reqid = reqid,
+ .mark_in = mark_in,
+ .mark_out = mark_out,
+ };
+
+ this->mutex->lock(this->mutex);
+ entry = this->reqids->remove(this->reqids, &tmpl);
+ if (entry)
+ {
+ if (--entry->refs == 0)
+ {
+ entry = this->reqids_by_ts->remove(this->reqids_by_ts, entry);
+ if (entry)
+ {
+ reqid_entry_destroy(entry);
+ }
+ }
+ else
+ {
+ this->reqids->put(this->reqids, entry, entry);
+ }
+ }
+ this->mutex->unlock(this->mutex);
+
+ if (entry)
+ {
+ return SUCCESS;
+ }
+ return NOT_FOUND;
+}
+
+METHOD(kernel_interface_t, add_sa, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
+ u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
+ u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
+ u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window,
+ bool initiator, bool encap, bool esn, bool inbound, bool update,
+ linked_list_t *src_ts, linked_list_t *dst_ts)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
+ mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode,
+ ipcomp, cpi, replay_window, initiator, encap, esn, inbound,
+ update, src_ts, dst_ts);
+}
+
+METHOD(kernel_interface_t, update_sa, status_t,
+ private_kernel_interface_t *this, u_int32_t spi, u_int8_t protocol,
+ u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+ bool encap, bool new_encap, mark_t mark)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst,
+ new_src, new_dst, encap, new_encap, mark);
+}
+
+METHOD(kernel_interface_t, query_sa, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, u_int8_t protocol, mark_t mark,
+ u_int64_t *bytes, u_int64_t *packets, time_t *time)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark,
+ bytes, packets, time);
+}
+
+METHOD(kernel_interface_t, del_sa, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi,
+ u_int8_t protocol, u_int16_t cpi, mark_t mark)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark);
+}
+
+METHOD(kernel_interface_t, flush_sas, status_t,
+ private_kernel_interface_t *this)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->flush_sas(this->ipsec);
+}
+
+METHOD(kernel_interface_t, add_policy, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
+ mark_t mark, policy_priority_t priority)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts,
+ direction, type, sa, mark, priority);
+}
+
+METHOD(kernel_interface_t, query_policy, status_t,
+ private_kernel_interface_t *this, traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
+ time_t *use_time)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts,
+ direction, mark, use_time);
+}
+
+METHOD(kernel_interface_t, del_policy, status_t,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
+ mark_t mark, policy_priority_t priority)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->del_policy(this->ipsec, src, dst, src_ts, dst_ts,
+ direction, type, sa, mark, priority);
+}
+
+METHOD(kernel_interface_t, flush_policies, status_t,
+ private_kernel_interface_t *this)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->flush_policies(this->ipsec);
+}
+
+METHOD(kernel_interface_t, get_source_addr, host_t*,
+ private_kernel_interface_t *this, host_t *dest, host_t *src)
+{
+ if (!this->net)
+ {
+ return NULL;
+ }
+ return this->net->get_source_addr(this->net, dest, src);
+}
+
+METHOD(kernel_interface_t, get_nexthop, host_t*,
+ private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src)
+{
+ if (!this->net)
+ {
+ return NULL;
+ }
+ return this->net->get_nexthop(this->net, dest, prefix, src);
+}
+
+METHOD(kernel_interface_t, get_interface, bool,
+ private_kernel_interface_t *this, host_t *host, char **name)
+{
+ if (!this->net)
+ {
+ return NULL;
+ }
+ return this->net->get_interface(this->net, host, name);
+}
+
+METHOD(kernel_interface_t, create_address_enumerator, enumerator_t*,
+ private_kernel_interface_t *this, kernel_address_type_t which)
+{
+ if (!this->net)
+ {
+ return enumerator_create_empty();
+ }
+ return this->net->create_address_enumerator(this->net, which);
+}
+
+METHOD(kernel_interface_t, add_ip, status_t,
+ private_kernel_interface_t *this, host_t *virtual_ip, int prefix,
+ char *iface)
+{
+ if (!this->net)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->net->add_ip(this->net, virtual_ip, prefix, iface);
+}
+
+METHOD(kernel_interface_t, del_ip, status_t,
+ private_kernel_interface_t *this, host_t *virtual_ip, int prefix, bool wait)
+{
+ if (!this->net)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->net->del_ip(this->net, virtual_ip, prefix, wait);
+}
+
+METHOD(kernel_interface_t, add_route, status_t,
+ private_kernel_interface_t *this, chunk_t dst_net,
+ u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+{
+ if (!this->net)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->net->add_route(this->net, dst_net, prefixlen, gateway,
+ src_ip, if_name);
+}
+
+METHOD(kernel_interface_t, del_route, status_t,
+ private_kernel_interface_t *this, chunk_t dst_net,
+ u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+{
+ if (!this->net)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->net->del_route(this->net, dst_net, prefixlen, gateway,
+ src_ip, if_name);
+}
+
+METHOD(kernel_interface_t, bypass_socket, bool,
+ private_kernel_interface_t *this, int fd, int family)
+{
+ if (!this->ipsec)
+ {
+ return FALSE;
+ }
+ return this->ipsec->bypass_socket(this->ipsec, fd, family);
+}
+
+METHOD(kernel_interface_t, enable_udp_decap, bool,
+ private_kernel_interface_t *this, int fd, int family, u_int16_t port)
+{
+ if (!this->ipsec)
+ {
+ return FALSE;
+ }
+ return this->ipsec->enable_udp_decap(this->ipsec, fd, family, port);
+}
+
+METHOD(kernel_interface_t, is_interface_usable, bool,
+ private_kernel_interface_t *this, const char *iface)
+{
+ status_t expected;
+
+ if (!this->ifaces_filter)
+ {
+ return TRUE;
+ }
+ expected = this->ifaces_exclude ? NOT_FOUND : SUCCESS;
+ return this->ifaces_filter->find_first(this->ifaces_filter, (void*)streq,
+ NULL, iface) == expected;
+}
+
+METHOD(kernel_interface_t, all_interfaces_usable, bool,
+ private_kernel_interface_t *this)
+{
+ return this->ifaces_filter == NULL;
+}
+
+METHOD(kernel_interface_t, get_address_by_ts, status_t,
+ private_kernel_interface_t *this, traffic_selector_t *ts,
+ host_t **ip, bool *vip)
+{
+ enumerator_t *addrs;
+ host_t *host;
+ int family;
+ bool found = FALSE;
+
+ DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts);
+
+ /* if we have a family which includes localhost, we do not
+ * search for an IP, we use the default */
+ family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
+
+ if (family == AF_INET)
+ {
+ host = host_create_from_string("127.0.0.1", 0);
+ }
+ else
+ {
+ host = host_create_from_string("::1", 0);
+ }
+
+ if (ts->includes(ts, host))
+ {
+ *ip = host_create_any(family);
+ host->destroy(host);
+ DBG2(DBG_KNL, "using host %H", *ip);
+ return SUCCESS;
+ }
+ host->destroy(host);
+
+ /* try virtual IPs only first (on all interfaces) */
+ addrs = create_address_enumerator(this,
+ ADDR_TYPE_ALL ^ ADDR_TYPE_REGULAR);
+ while (addrs->enumerate(addrs, (void**)&host))
+ {
+ if (ts->includes(ts, host))
+ {
+ found = TRUE;
+ *ip = host->clone(host);
+ if (vip)
+ {
+ *vip = TRUE;
+ }
+ break;
+ }
+ }
+ addrs->destroy(addrs);
+
+ if (!found)
+ { /* then try the regular addresses (on all interfaces) */
+ addrs = create_address_enumerator(this,
+ ADDR_TYPE_ALL ^ ADDR_TYPE_VIRTUAL);
+ while (addrs->enumerate(addrs, (void**)&host))
+ {
+ if (ts->includes(ts, host))
+ {
+ found = TRUE;
+ *ip = host->clone(host);
+ if (vip)
+ {
+ *vip = FALSE;
+ }
+ break;
+ }
+ }
+ addrs->destroy(addrs);
+ }
+
+ if (!found)
+ {
+ DBG2(DBG_KNL, "no local address found in traffic selector %R", ts);
+ return FAILED;
+ }
+
+ DBG2(DBG_KNL, "using host %H", *ip);
+ return SUCCESS;
+}
+
+
+METHOD(kernel_interface_t, add_ipsec_interface, bool,
+ private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
+{
+ if (!this->ipsec)
+ {
+ this->ipsec_constructor = constructor;
+ this->ipsec = constructor();
+ return this->ipsec != NULL;
+ }
+ return FALSE;
+}
+
+METHOD(kernel_interface_t, remove_ipsec_interface, bool,
+ private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
+{
+ if (constructor == this->ipsec_constructor && this->ipsec)
+ {
+ this->ipsec->destroy(this->ipsec);
+ this->ipsec = NULL;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(kernel_interface_t, add_net_interface, bool,
+ private_kernel_interface_t *this, kernel_net_constructor_t constructor)
+{
+ if (!this->net)
+ {
+ this->net_constructor = constructor;
+ this->net = constructor();
+ return this->net != NULL;
+ }
+ return FALSE;
+}
+
+METHOD(kernel_interface_t, remove_net_interface, bool,
+ private_kernel_interface_t *this, kernel_net_constructor_t constructor)
+{
+ if (constructor == this->net_constructor && this->net)
+ {
+ this->net->destroy(this->net);
+ this->net = NULL;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(kernel_interface_t, add_listener, void,
+ private_kernel_interface_t *this, kernel_listener_t *listener)
+{
+ this->mutex->lock(this->mutex);
+ this->listeners->insert_last(this->listeners, listener);
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(kernel_interface_t, remove_listener, void,
+ private_kernel_interface_t *this, kernel_listener_t *listener)
+{
+ this->mutex->lock(this->mutex);
+ this->listeners->remove(this->listeners, listener, NULL);
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(kernel_interface_t, acquire, void,
+ private_kernel_interface_t *this, u_int32_t reqid,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
+{
+ kernel_listener_t *listener;
+ enumerator_t *enumerator;
+ this->mutex->lock(this->mutex);
+ enumerator = this->listeners->create_enumerator(this->listeners);
+ while (enumerator->enumerate(enumerator, &listener))
+ {
+ if (listener->acquire &&
+ !listener->acquire(listener, reqid, src_ts, dst_ts))
+ {
+ this->listeners->remove_at(this->listeners, enumerator);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(kernel_interface_t, expire, void,
+ private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, bool hard)
+{
+ kernel_listener_t *listener;
+ enumerator_t *enumerator;
+
+ this->mutex->lock(this->mutex);
+ enumerator = this->listeners->create_enumerator(this->listeners);
+ while (enumerator->enumerate(enumerator, &listener))
+ {
+ if (listener->expire &&
+ !listener->expire(listener, protocol, spi, dst, hard))
+ {
+ this->listeners->remove_at(this->listeners, enumerator);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(kernel_interface_t, mapping, void,
+ private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, host_t *remote)
+{
+ kernel_listener_t *listener;
+ enumerator_t *enumerator;
+
+ this->mutex->lock(this->mutex);
+ enumerator = this->listeners->create_enumerator(this->listeners);
+ while (enumerator->enumerate(enumerator, &listener))
+ {
+ if (listener->mapping &&
+ !listener->mapping(listener, protocol, spi, dst, remote))
+ {
+ this->listeners->remove_at(this->listeners, enumerator);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(kernel_interface_t, migrate, void,
+ private_kernel_interface_t *this, u_int32_t reqid,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, host_t *local, host_t *remote)
+{
+ kernel_listener_t *listener;
+ enumerator_t *enumerator;
+ this->mutex->lock(this->mutex);
+ enumerator = this->listeners->create_enumerator(this->listeners);
+ while (enumerator->enumerate(enumerator, &listener))
+ {
+ if (listener->migrate &&
+ !listener->migrate(listener, reqid, src_ts, dst_ts, direction,
+ local, remote))
+ {
+ this->listeners->remove_at(this->listeners, enumerator);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+}
+
+static bool call_roam(kernel_listener_t *listener, bool *roam)
+{
+ return listener->roam && !listener->roam(listener, *roam);
+}
+
+METHOD(kernel_interface_t, roam, void,
+ private_kernel_interface_t *this, bool address)
+{
+ this->mutex->lock(this->mutex);
+ this->listeners->remove(this->listeners, &address, (void*)call_roam);
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(kernel_interface_t, tun, void,
+ private_kernel_interface_t *this, tun_device_t *tun, bool created)
+{
+ kernel_listener_t *listener;
+ enumerator_t *enumerator;
+ this->mutex->lock(this->mutex);
+ enumerator = this->listeners->create_enumerator(this->listeners);
+ while (enumerator->enumerate(enumerator, &listener))
+ {
+ if (listener->tun &&
+ !listener->tun(listener, tun, created))
+ {
+ this->listeners->remove_at(this->listeners, enumerator);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(kernel_interface_t, register_algorithm, void,
+ private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type,
+ u_int16_t kernel_id, char *kernel_name)
+{
+ kernel_algorithm_t *algorithm;
+
+ INIT(algorithm,
+ .type = type,
+ .ike = alg_id,
+ .kernel = kernel_id,
+ .name = strdup(kernel_name),
+ );
+
+ this->mutex_algs->lock(this->mutex_algs);
+ this->algorithms->insert_first(this->algorithms, algorithm);
+ this->mutex_algs->unlock(this->mutex_algs);
+}
+
+METHOD(kernel_interface_t, lookup_algorithm, bool,
+ private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type,
+ u_int16_t *kernel_id, char **kernel_name)
+{
+ kernel_algorithm_t *algorithm;
+ enumerator_t *enumerator;
+ bool found = FALSE;
+
+ this->mutex_algs->lock(this->mutex_algs);
+ enumerator = this->algorithms->create_enumerator(this->algorithms);
+ while (enumerator->enumerate(enumerator, &algorithm))
+ {
+ if (algorithm->type == type && algorithm->ike == alg_id)
+ {
+ if (kernel_id)
+ {
+ *kernel_id = algorithm->kernel;
+ }
+ if (kernel_name)
+ {
+ *kernel_name = algorithm->name;
+ }
+ found = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex_algs->unlock(this->mutex_algs);
+ return found;
+}
+
+METHOD(kernel_interface_t, destroy, void,
+ private_kernel_interface_t *this)
+{
+ kernel_algorithm_t *algorithm;
+
+ while (this->algorithms->remove_first(this->algorithms,
+ (void**)&algorithm) == SUCCESS)
+ {
+ free(algorithm->name);
+ free(algorithm);
+ }
+ this->algorithms->destroy(this->algorithms);
+ this->mutex_algs->destroy(this->mutex_algs);
+ DESTROY_IF(this->ipsec);
+ DESTROY_IF(this->net);
+ DESTROY_FUNCTION_IF(this->ifaces_filter, (void*)free);
+ this->reqids->destroy(this->reqids);
+ this->reqids_by_ts->destroy(this->reqids_by_ts);
+ this->listeners->destroy(this->listeners);
+ this->mutex->destroy(this->mutex);
+ free(this);
+}
+
+/*
+ * Described in header-file
+ */
+kernel_interface_t *kernel_interface_create()
+{
+ private_kernel_interface_t *this;
+ char *ifaces;
+
+ INIT(this,
+ .public = {
+ .get_features = _get_features,
+ .get_spi = _get_spi,
+ .get_cpi = _get_cpi,
+ .alloc_reqid = _alloc_reqid,
+ .release_reqid = _release_reqid,
+ .add_sa = _add_sa,
+ .update_sa = _update_sa,
+ .query_sa = _query_sa,
+ .del_sa = _del_sa,
+ .flush_sas = _flush_sas,
+ .add_policy = _add_policy,
+ .query_policy = _query_policy,
+ .del_policy = _del_policy,
+ .flush_policies = _flush_policies,
+ .get_source_addr = _get_source_addr,
+ .get_nexthop = _get_nexthop,
+ .get_interface = _get_interface,
+ .create_address_enumerator = _create_address_enumerator,
+ .add_ip = _add_ip,
+ .del_ip = _del_ip,
+ .add_route = _add_route,
+ .del_route = _del_route,
+ .bypass_socket = _bypass_socket,
+ .enable_udp_decap = _enable_udp_decap,
+
+ .is_interface_usable = _is_interface_usable,
+ .all_interfaces_usable = _all_interfaces_usable,
+ .get_address_by_ts = _get_address_by_ts,
+ .add_ipsec_interface = _add_ipsec_interface,
+ .remove_ipsec_interface = _remove_ipsec_interface,
+ .add_net_interface = _add_net_interface,
+ .remove_net_interface = _remove_net_interface,
+
+ .add_listener = _add_listener,
+ .remove_listener = _remove_listener,
+ .register_algorithm = _register_algorithm,
+ .lookup_algorithm = _lookup_algorithm,
+ .acquire = _acquire,
+ .expire = _expire,
+ .mapping = _mapping,
+ .migrate = _migrate,
+ .roam = _roam,
+ .tun = _tun,
+ .destroy = _destroy,
+ },
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .listeners = linked_list_create(),
+ .mutex_algs = mutex_create(MUTEX_TYPE_DEFAULT),
+ .algorithms = linked_list_create(),
+ .reqids = hashtable_create((hashtable_hash_t)hash_reqid,
+ (hashtable_equals_t)equals_reqid, 8),
+ .reqids_by_ts = hashtable_create((hashtable_hash_t)hash_reqid_by_ts,
+ (hashtable_equals_t)equals_reqid_by_ts, 8),
+ );
+
+ ifaces = lib->settings->get_str(lib->settings,
+ "%s.interfaces_use", NULL, lib->ns);
+ if (!ifaces)
+ {
+ this->ifaces_exclude = TRUE;
+ ifaces = lib->settings->get_str(lib->settings,
+ "%s.interfaces_ignore", NULL, lib->ns);
+ }
+ if (ifaces)
+ {
+ enumerator_t *enumerator;
+ char *iface;
+
+ enumerator = enumerator_create_token(ifaces, ",", " ");
+ while (enumerator->enumerate(enumerator, &iface))
+ {
+ if (!this->ifaces_filter)
+ {
+ this->ifaces_filter = linked_list_create();
+ }
+ this->ifaces_filter->insert_last(this->ifaces_filter,
+ strdup(iface));
+ }
+ enumerator->destroy(enumerator);
+ }
+
+ return &this->public;
+}
diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h
new file mode 100644
index 000000000..6793c6cc6
--- /dev/null
+++ b/src/libcharon/kernel/kernel_interface.h
@@ -0,0 +1,655 @@
+/*
+ * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2006 Daniel Roethlisberger
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/*
+ * Copyright (c) 2012 Nanoteq Pty Ltd
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup kernel_interface kernel_interface
+ * @{ @ingroup kernel
+ */
+
+#ifndef KERNEL_INTERFACE_H_
+#define KERNEL_INTERFACE_H_
+
+typedef struct kernel_interface_t kernel_interface_t;
+typedef enum kernel_feature_t kernel_feature_t;
+
+#include <networking/host.h>
+#include <crypto/prf_plus.h>
+
+#include <kernel/kernel_listener.h>
+#include <kernel/kernel_ipsec.h>
+#include <kernel/kernel_net.h>
+
+/**
+ * Bitfield of optional features a kernel backend supports.
+ *
+ * This feature-set is for both, kernel_ipsec_t and kernel_net_t. Each
+ * backend returns a subset of these features.
+ */
+enum kernel_feature_t {
+ /** IPsec can process ESPv3 (RFC 4303) TFC padded packets */
+ KERNEL_ESP_V3_TFC = (1<<0),
+ /** Networking requires an "exclude" route for IKE/ESP packets */
+ KERNEL_REQUIRE_EXCLUDE_ROUTE = (1<<1),
+ /** IPsec implementation requires UDP encapsulation of ESP packets */
+ KERNEL_REQUIRE_UDP_ENCAPSULATION = (1<<2),
+ /** IPsec backend does not require a policy reinstall on SA updates */
+ KERNEL_NO_POLICY_UPDATES = (1<<3),
+};
+
+/**
+ * Constructor function for ipsec kernel interface
+ */
+typedef kernel_ipsec_t* (*kernel_ipsec_constructor_t)(void);
+
+/**
+ * Constructor function for network kernel interface
+ */
+typedef kernel_net_t* (*kernel_net_constructor_t)(void);
+
+/**
+ * Manager and wrapper for different kernel interfaces.
+ *
+ * The kernel interface handles the communication with the kernel
+ * for SA and policy management and interface and IP address management.
+ */
+struct kernel_interface_t {
+
+ /**
+ * Get the feature set supported by the net and ipsec kernel backends.
+ *
+ * @return ORed feature-set of backends
+ */
+ kernel_feature_t (*get_features)(kernel_interface_t *this);
+
+ /**
+ * Get a SPI from the kernel.
+ *
+ * @param src source address of SA
+ * @param dst destination address of SA
+ * @param protocol protocol for SA (ESP/AH)
+ * @param spi allocated spi
+ * @return SUCCESS if operation completed
+ */
+ status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int8_t protocol, u_int32_t *spi);
+
+ /**
+ * Get a Compression Parameter Index (CPI) from the kernel.
+ *
+ * @param src source address of SA
+ * @param dst destination address of SA
+ * @param cpi allocated cpi
+ * @return SUCCESS if operation completed
+ */
+ status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int16_t *cpi);
+
+ /**
+ * Allocate or confirm a reqid to use for a given SA pair.
+ *
+ * Each returned reqid by a successful call to alloc_reqid() must be
+ * released using release_reqid().
+ *
+ * The reqid parameter is an in/out parameter. If it points to non-zero,
+ * the reqid is confirmed and registered for use. If it points to zero,
+ * a reqid is allocated for the given selectors, and returned to reqid.
+ *
+ * @param local_ts traffic selectors of local side for SA
+ * @param remote_ts traffic selectors of remote side for SA
+ * @param mark_in inbound mark on SA
+ * @param mark_out outbound mark on SA
+ * @param reqid allocated reqid
+ * @return SUCCESS if reqid allocated
+ */
+ status_t (*alloc_reqid)(kernel_interface_t *this,
+ linked_list_t *local_ts, linked_list_t *remote_ts,
+ mark_t mark_in, mark_t mark_out,
+ u_int32_t *reqid);
+
+ /**
+ * Release a previously allocated reqid.
+ *
+ * @param reqid reqid to release
+ * @param mark_in inbound mark on SA
+ * @param mark_out outbound mark on SA
+ * @return SUCCESS if reqid released
+ */
+ status_t (*release_reqid)(kernel_interface_t *this, u_int32_t reqid,
+ mark_t mark_in, mark_t mark_out);
+
+ /**
+ * Add an SA to the SAD.
+ *
+ * This function does install a single SA for a single protocol in one
+ * direction.
+ *
+ * @param src source address for this SA
+ * @param dst destination address for this SA
+ * @param spi SPI allocated by us or remote peer
+ * @param protocol protocol for this SA (ESP/AH)
+ * @param reqid reqid for this SA
+ * @param mark optional mark for this SA
+ * @param tfc Traffic Flow Confidentiality padding for this SA
+ * @param lifetime lifetime_cfg_t for this SA
+ * @param enc_alg Algorithm to use for encryption (ESP only)
+ * @param enc_key key to use for encryption
+ * @param int_alg Algorithm to use for integrity protection
+ * @param int_key key to use for integrity protection
+ * @param mode mode of the SA (tunnel, transport)
+ * @param ipcomp IPComp transform to use
+ * @param cpi CPI for IPComp
+ * @param replay_window anti-replay window size
+ * @param initiator TRUE if initiator of the exchange creating this SA
+ * @param encap enable UDP encapsulation for NAT traversal
+ * @param esn TRUE to use Extended Sequence Numbers
+ * @param inbound TRUE if this is an inbound SA
+ * @param update TRUE if an SPI has already been allocated for SA
+ * @param src_ts list of source traffic selectors
+ * @param dst_ts list of destination traffic selectors
+ * @return SUCCESS if operation completed
+ */
+ status_t (*add_sa) (kernel_interface_t *this,
+ host_t *src, host_t *dst, u_int32_t spi,
+ u_int8_t protocol, u_int32_t reqid, mark_t mark,
+ u_int32_t tfc, lifetime_cfg_t *lifetime,
+ u_int16_t enc_alg, chunk_t enc_key,
+ u_int16_t int_alg, chunk_t int_key,
+ ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+ u_int32_t replay_window, bool initiator, bool encap,
+ bool esn, bool inbound, bool update,
+ linked_list_t *src_ts, linked_list_t *dst_ts);
+
+ /**
+ * Update the hosts on an installed SA.
+ *
+ * We cannot directly update the destination address as the kernel
+ * requires the spi, the protocol AND the destination address (and family)
+ * to identify SAs. Therefore if the destination address changed we
+ * create a new SA and delete the old one.
+ *
+ * @param spi SPI of the SA
+ * @param protocol protocol for this SA (ESP/AH)
+ * @param cpi CPI for IPComp, 0 if no IPComp is used
+ * @param src current source address
+ * @param dst current destination address
+ * @param new_src new source address
+ * @param new_dst new destination address
+ * @param encap current use of UDP encapsulation
+ * @param new_encap new use of UDP encapsulation
+ * @param mark optional mark for this SA
+ * @return SUCCESS if operation completed, NOT_SUPPORTED if
+ * the kernel interface can't update the SA
+ */
+ status_t (*update_sa)(kernel_interface_t *this,
+ u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
+ host_t *src, host_t *dst,
+ host_t *new_src, host_t *new_dst,
+ bool encap, bool new_encap, mark_t mark);
+
+ /**
+ * Query the number of bytes processed by an SA from the SAD.
+ *
+ * @param src source address for this SA
+ * @param dst destination address for this SA
+ * @param spi SPI allocated by us or remote peer
+ * @param protocol protocol for this SA (ESP/AH)
+ * @param mark optional mark for this SA
+ * @param[out] bytes the number of bytes processed by SA
+ * @param[out] packets number of packets processed by SA
+ * @param[out] time last (monotonic) time of SA use
+ * @return SUCCESS if operation completed
+ */
+ status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, u_int8_t protocol, mark_t mark,
+ u_int64_t *bytes, u_int64_t *packets, time_t *time);
+
+ /**
+ * Delete a previously installed SA from the SAD.
+ *
+ * @param src source address for this SA
+ * @param dst destination address for this SA
+ * @param spi SPI allocated by us or remote peer
+ * @param protocol protocol for this SA (ESP/AH)
+ * @param cpi CPI for IPComp or 0
+ * @param mark optional mark for this SA
+ * @return SUCCESS if operation completed
+ */
+ status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
+ mark_t mark);
+
+ /**
+ * Flush all SAs from the SAD.
+ *
+ * @return SUCCESS if operation completed
+ */
+ status_t (*flush_sas) (kernel_interface_t *this);
+
+ /**
+ * Add a policy to the SPD.
+ *
+ * @param src source address of SA
+ * @param dst dest address of SA
+ * @param src_ts traffic selector to match traffic source
+ * @param dst_ts traffic selector to match traffic dest
+ * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
+ * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
+ * @param sa details about the SA(s) tied to this policy
+ * @param mark mark for this policy
+ * @param priority priority of this policy
+ * @return SUCCESS if operation completed
+ */
+ status_t (*add_policy) (kernel_interface_t *this,
+ host_t *src, host_t *dst,
+ traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type,
+ ipsec_sa_cfg_t *sa, mark_t mark,
+ policy_priority_t priority);
+
+ /**
+ * Query the use time of a policy.
+ *
+ * The use time of a policy is the time the policy was used
+ * for the last time.
+ *
+ * @param src_ts traffic selector to match traffic source
+ * @param dst_ts traffic selector to match traffic dest
+ * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
+ * @param mark optional mark
+ * @param[out] use_time the (monotonic) time of this SA's last use
+ * @return SUCCESS if operation completed
+ */
+ status_t (*query_policy) (kernel_interface_t *this,
+ traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts,
+ policy_dir_t direction, mark_t mark,
+ time_t *use_time);
+
+ /**
+ * Remove a policy from the SPD.
+ *
+ * @param src source address of SA
+ * @param dst dest address of SA
+ * @param src_ts traffic selector to match traffic source
+ * @param dst_ts traffic selector to match traffic dest
+ * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
+ * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
+ * @param sa details about the SA(s) tied to this policy
+ * @param mark mark for this policy
+ * @param priority priority of the policy
+ * @return SUCCESS if operation completed
+ */
+ status_t (*del_policy) (kernel_interface_t *this,
+ host_t *src, host_t *dst,
+ traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type,
+ ipsec_sa_cfg_t *sa, mark_t mark,
+ policy_priority_t priority);
+
+ /**
+ * Flush all policies from the SPD.
+ *
+ * @return SUCCESS if operation completed
+ */
+ status_t (*flush_policies) (kernel_interface_t *this);
+
+ /**
+ * Get our outgoing source address for a destination.
+ *
+ * Does a route lookup to get the source address used to reach dest.
+ * The returned host is allocated and must be destroyed.
+ * An optional src address can be used to check if a route is available
+ * for the given source to dest.
+ *
+ * @param dest target destination address
+ * @param src source address to check, or NULL
+ * @return outgoing source address, NULL if unreachable
+ */
+ host_t* (*get_source_addr)(kernel_interface_t *this,
+ host_t *dest, host_t *src);
+
+ /**
+ * Get the next hop for a destination.
+ *
+ * Does a route lookup to get the next hop used to reach dest.
+ * The returned host is allocated and must be destroyed.
+ * An optional src address can be used to check if a route is available
+ * for the given source to dest.
+ *
+ * @param dest target destination address
+ * @param prefix prefix length if dest is a subnet, -1 for auto
+ * @param src source address to check, or NULL
+ * @return next hop address, NULL if unreachable
+ */
+ host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest,
+ int prefix, host_t *src);
+
+ /**
+ * Get the interface name of a local address. Interfaces that are down or
+ * ignored by config are not considered.
+ *
+ * @param host address to get interface name from
+ * @param name allocated interface name (optional)
+ * @return TRUE if interface found and usable
+ */
+ bool (*get_interface)(kernel_interface_t *this, host_t *host, char **name);
+
+ /**
+ * Creates an enumerator over all local addresses.
+ *
+ * This function blocks an internal cached address list until the
+ * enumerator gets destroyed.
+ * The hosts are read-only, do not modify of free.
+ *
+ * @param which a combination of address types to enumerate
+ * @return enumerator over host_t's
+ */
+ enumerator_t *(*create_address_enumerator) (kernel_interface_t *this,
+ kernel_address_type_t which);
+
+ /**
+ * Add a virtual IP to an interface.
+ *
+ * Virtual IPs are attached to an interface. If an IP is added multiple
+ * times, the IP is refcounted and not removed until del_ip() was called
+ * as many times as add_ip().
+ *
+ * @param virtual_ip virtual ip address to assign
+ * @param prefix prefix length to install IP with, -1 for auto
+ * @param iface interface to install virtual IP on
+ * @return SUCCESS if operation completed
+ */
+ status_t (*add_ip) (kernel_interface_t *this, host_t *virtual_ip, int prefix,
+ char *iface);
+
+ /**
+ * Remove a virtual IP from an interface.
+ *
+ * The kernel interface uses refcounting, see add_ip().
+ *
+ * @param virtual_ip virtual ip address to remove
+ * @param prefix prefix length of the IP to uninstall, -1 for auto
+ * @param wait TRUE to wait untily IP is gone
+ * @return SUCCESS if operation completed
+ */
+ status_t (*del_ip) (kernel_interface_t *this, host_t *virtual_ip,
+ int prefix, bool wait);
+
+ /**
+ * Add a route.
+ *
+ * @param dst_net destination net
+ * @param prefixlen destination net prefix length
+ * @param gateway gateway for this route
+ * @param src_ip source ip of the route
+ * @param if_name name of the interface the route is bound to
+ * @return SUCCESS if operation completed
+ * ALREADY_DONE if the route already exists
+ */
+ status_t (*add_route) (kernel_interface_t *this, chunk_t dst_net,
+ u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ char *if_name);
+
+ /**
+ * Delete a route.
+ *
+ * @param dst_net destination net
+ * @param prefixlen destination net prefix length
+ * @param gateway gateway for this route
+ * @param src_ip source ip of the route
+ * @param if_name name of the interface the route is bound to
+ * @return SUCCESS if operation completed
+ */
+ status_t (*del_route) (kernel_interface_t *this, chunk_t dst_net,
+ u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ char *if_name);
+
+ /**
+ * Set up a bypass policy for a given socket.
+ *
+ * @param fd socket file descriptor to setup policy for
+ * @param family protocol family of the socket
+ * @return TRUE if policy set up successfully
+ */
+ bool (*bypass_socket)(kernel_interface_t *this, int fd, int family);
+
+ /**
+ * Enable decapsulation of ESP-in-UDP packets for the given port/socket.
+ *
+ * @param fd socket file descriptor
+ * @param family protocol family of the socket
+ * @param port the UDP port
+ * @return TRUE if UDP decapsulation was enabled successfully
+ */
+ bool (*enable_udp_decap)(kernel_interface_t *this, int fd, int family,
+ u_int16_t port);
+
+
+ /**
+ * manager methods
+ */
+
+ /**
+ * Verifies that the given interface is usable and not excluded by
+ * configuration.
+ *
+ * @param iface interface name
+ * @return TRUE if usable
+ */
+ bool (*is_interface_usable)(kernel_interface_t *this, const char *iface);
+
+ /**
+ * Check if interfaces are excluded by config.
+ *
+ * @return TRUE if no interfaces are exclued by config
+ */
+ bool (*all_interfaces_usable)(kernel_interface_t *this);
+
+ /**
+ * Tries to find an IP address of a local interface that is included in the
+ * supplied traffic selector.
+ *
+ * @param ts traffic selector
+ * @param ip returned IP address (has to be destroyed)
+ * @param vip set to TRUE if returned address is a virtual IP
+ * @return SUCCESS if address found
+ */
+ status_t (*get_address_by_ts)(kernel_interface_t *this,
+ traffic_selector_t *ts, host_t **ip, bool *vip);
+
+ /**
+ * Register an ipsec kernel interface constructor on the manager.
+ *
+ * @param create constructor to register
+ * @return TRUE if the ipsec kernel interface was registered
+ * successfully, FALSE if an interface was already
+ * registered or the registration failed
+ */
+ bool (*add_ipsec_interface)(kernel_interface_t *this,
+ kernel_ipsec_constructor_t create);
+
+ /**
+ * Unregister an ipsec kernel interface constructor.
+ *
+ * @param create constructor to unregister
+ * @return TRUE if the ipsec kernel interface was unregistered
+ * successfully, FALSE otherwise
+ */
+ bool (*remove_ipsec_interface)(kernel_interface_t *this,
+ kernel_ipsec_constructor_t create);
+
+ /**
+ * Register a network kernel interface constructor on the manager.
+ *
+ * @param create constructor to register
+ * @return TRUE if the kernel net interface was registered
+ * successfully, FALSE if an interface was already
+ * registered or the registration failed
+ */
+ bool (*add_net_interface)(kernel_interface_t *this,
+ kernel_net_constructor_t create);
+
+ /**
+ * Unregister a network kernel interface constructor.
+ *
+ * @param create constructor to unregister
+ * @return TRUE if the kernel net interface was unregistered
+ * successfully, FALSE otherwise
+ */
+ bool (*remove_net_interface)(kernel_interface_t *this,
+ kernel_net_constructor_t create);
+
+ /**
+ * Add a listener to the kernel interface.
+ *
+ * @param listener listener to add
+ */
+ void (*add_listener)(kernel_interface_t *this,
+ kernel_listener_t *listener);
+
+ /**
+ * Remove a listener from the kernel interface.
+ *
+ * @param listener listener to remove
+ */
+ void (*remove_listener)(kernel_interface_t *this,
+ kernel_listener_t *listener);
+
+ /**
+ * Raise an acquire event.
+ *
+ * @param reqid reqid of the policy to acquire
+ * @param src_ts source traffic selector
+ * @param dst_ts destination traffic selector
+ */
+ void (*acquire)(kernel_interface_t *this, u_int32_t reqid,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
+
+ /**
+ * Raise an expire event.
+ *
+ * @param protocol protocol of the expired SA
+ * @param spi spi of the expired SA
+ * @param dst destination address of expired SA
+ * @param hard TRUE if it is a hard expire, FALSE otherwise
+ */
+ void (*expire)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, bool hard);
+
+ /**
+ * Raise a mapping event.
+ *
+ * @param protocol protocol of affected SA
+ * @param spi spi of the SA
+ * @param dst original destination address of SA
+ * @param remote new remote host
+ */
+ void (*mapping)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, host_t *remote);
+
+ /**
+ * Raise a migrate event.
+ *
+ * @param reqid reqid of the policy
+ * @param src_ts source traffic selector
+ * @param dst_ts destination traffic selector
+ * @param direction direction of the policy (in|out)
+ * @param local local host address to be used in the IKE_SA
+ * @param remote remote host address to be used in the IKE_SA
+ */
+ void (*migrate)(kernel_interface_t *this, u_int32_t reqid,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, host_t *local, host_t *remote);
+
+ /**
+ * Raise a roam event.
+ *
+ * @param address TRUE if address list, FALSE if routing changed
+ */
+ void (*roam)(kernel_interface_t *this, bool address);
+
+ /**
+ * Raise a tun event.
+ *
+ * @param tun TUN device
+ * @param created TRUE if created, FALSE if going to be destroyed
+ */
+ void (*tun)(kernel_interface_t *this, tun_device_t *tun, bool created);
+
+ /**
+ * Register a new algorithm with the kernel interface.
+ *
+ * @param alg_id the IKE id of the algorithm
+ * @param type the transform type of the algorithm
+ * @param kernel_id the kernel id of the algorithm
+ * @param kernel_name the kernel name of the algorithm
+ */
+ void (*register_algorithm)(kernel_interface_t *this, u_int16_t alg_id,
+ transform_type_t type, u_int16_t kernel_id,
+ char *kernel_name);
+
+ /**
+ * Return the kernel-specific id and/or name for an algorithms depending on
+ * the arguments specified.
+ *
+ * @param alg_id the IKE id of the algorithm
+ * @param type the transform type of the algorithm
+ * @param kernel_id the kernel id of the algorithm (optional)
+ * @param kernel_name the kernel name of the algorithm (optional)
+ * @return TRUE if algorithm was found
+ */
+ bool (*lookup_algorithm)(kernel_interface_t *this, u_int16_t alg_id,
+ transform_type_t type, u_int16_t *kernel_id,
+ char **kernel_name);
+
+ /**
+ * Destroys a kernel_interface_t object.
+ */
+ void (*destroy) (kernel_interface_t *this);
+};
+
+/**
+ * Creates an object of type kernel_interface_t.
+ */
+kernel_interface_t *kernel_interface_create(void);
+
+#endif /** KERNEL_INTERFACE_H_ @}*/
diff --git a/src/libcharon/kernel/kernel_ipsec.c b/src/libcharon/kernel/kernel_ipsec.c
new file mode 100644
index 000000000..0440f11bb
--- /dev/null
+++ b/src/libcharon/kernel/kernel_ipsec.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "kernel_ipsec.h"
+
+#include <daemon.h>
+
+/**
+ * See header
+ */
+bool kernel_ipsec_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data)
+{
+ if (reg)
+ {
+ return charon->kernel->add_ipsec_interface(charon->kernel,
+ (kernel_ipsec_constructor_t)data);
+ }
+ else
+ {
+ return charon->kernel->remove_ipsec_interface(charon->kernel,
+ (kernel_ipsec_constructor_t)data);
+ }
+}
diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
new file mode 100644
index 000000000..31e06308e
--- /dev/null
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -0,0 +1,297 @@
+/*
+ * Copyright (C) 2006-2015 Tobias Brunner
+ * Copyright (C) 2006 Daniel Roethlisberger
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup kernel_ipsec kernel_ipsec
+ * @{ @ingroup kernel
+ */
+
+#ifndef KERNEL_IPSEC_H_
+#define KERNEL_IPSEC_H_
+
+typedef struct kernel_ipsec_t kernel_ipsec_t;
+
+#include <networking/host.h>
+#include <ipsec/ipsec_types.h>
+#include <selectors/traffic_selector.h>
+#include <plugins/plugin.h>
+#include <kernel/kernel_interface.h>
+
+/**
+ * Interface to the ipsec subsystem of the kernel.
+ *
+ * The kernel ipsec interface handles the communication with the kernel
+ * for SA and policy management. It allows setup of these, and provides
+ * further the handling of kernel events.
+ * Policy information are cached in the interface. This is necessary to do
+ * reference counting. The Linux kernel does not allow the same policy
+ * installed twice, but we need this as CHILD_SA exist multiple times
+ * when rekeying. Thats why we do reference counting of policies.
+ */
+struct kernel_ipsec_t {
+
+ /**
+ * Get the feature set supported by this kernel backend.
+ *
+ * @return ORed feature-set of backend
+ */
+ kernel_feature_t (*get_features)(kernel_ipsec_t *this);
+
+ /**
+ * Get a SPI from the kernel.
+ *
+ * @param src source address of SA
+ * @param dst destination address of SA
+ * @param protocol protocol for SA (ESP/AH)
+ * @param spi allocated spi
+ * @return SUCCESS if operation completed
+ */
+ status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst,
+ u_int8_t protocol, u_int32_t *spi);
+
+ /**
+ * Get a Compression Parameter Index (CPI) from the kernel.
+ *
+ * @param src source address of SA
+ * @param dst destination address of SA
+ * @param cpi allocated cpi
+ * @return SUCCESS if operation completed
+ */
+ status_t (*get_cpi)(kernel_ipsec_t *this, host_t *src, host_t *dst,
+ u_int16_t *cpi);
+
+ /**
+ * Add an SA to the SAD.
+ *
+ * This function does install a single SA for a single protocol in one
+ * direction.
+ *
+ * @param src source address for this SA
+ * @param dst destination address for this SA
+ * @param spi SPI allocated by us or remote peer
+ * @param protocol protocol for this SA (ESP/AH)
+ * @param reqid unique ID for this SA
+ * @param mark mark for this SA
+ * @param tfc Traffic Flow Confidentiality padding for this SA
+ * @param lifetime lifetime_cfg_t for this SA
+ * @param enc_alg Algorithm to use for encryption (ESP only)
+ * @param enc_key key to use for encryption
+ * @param int_alg Algorithm to use for integrity protection
+ * @param int_key key to use for integrity protection
+ * @param mode mode of the SA (tunnel, transport)
+ * @param ipcomp IPComp transform to use
+ * @param cpi CPI for IPComp
+ * @param replay_window anti-replay window size
+ * @param initiator TRUE if initiator of the exchange creating this SA
+ * @param encap enable UDP encapsulation for NAT traversal
+ * @param esn TRUE to use Extended Sequence Numbers
+ * @param inbound TRUE if this is an inbound SA
+ * @param update TRUE if an SPI has already been allocated for SA
+ * @param src_ts list of source traffic selectors
+ * @param dst_ts list of destination traffic selectors
+ * @return SUCCESS if operation completed
+ */
+ status_t (*add_sa) (kernel_ipsec_t *this,
+ host_t *src, host_t *dst, u_int32_t spi,
+ u_int8_t protocol, u_int32_t reqid,
+ mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime,
+ u_int16_t enc_alg, chunk_t enc_key,
+ u_int16_t int_alg, chunk_t int_key,
+ ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+ u_int32_t replay_window, bool initiator, bool encap,
+ bool esn, bool inbound, bool update,
+ linked_list_t *src_ts, linked_list_t *dst_ts);
+
+ /**
+ * Update the hosts on an installed SA.
+ *
+ * We cannot directly update the destination address as the kernel
+ * requires the spi, the protocol AND the destination address (and family)
+ * to identify SAs. Therefore if the destination address changed we
+ * create a new SA and delete the old one.
+ *
+ * @param spi SPI of the SA
+ * @param protocol protocol for this SA (ESP/AH)
+ * @param cpi CPI for IPComp, 0 if no IPComp is used
+ * @param src current source address
+ * @param dst current destination address
+ * @param new_src new source address
+ * @param new_dst new destination address
+ * @param encap current use of UDP encapsulation
+ * @param new_encap new use of UDP encapsulation
+ * @param mark optional mark for this SA
+ * @return SUCCESS if operation completed, NOT_SUPPORTED if
+ * the kernel interface can't update the SA
+ */
+ status_t (*update_sa)(kernel_ipsec_t *this,
+ u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
+ host_t *src, host_t *dst,
+ host_t *new_src, host_t *new_dst,
+ bool encap, bool new_encap, mark_t mark);
+
+ /**
+ * Query the number of bytes processed by an SA from the SAD.
+ *
+ * @param src source address for this SA
+ * @param dst destination address for this SA
+ * @param spi SPI allocated by us or remote peer
+ * @param protocol protocol for this SA (ESP/AH)
+ * @param mark optional mark for this SA
+ * @param[out] bytes the number of bytes processed by SA
+ * @param[out] packets number of packets processed by SA
+ * @param[out] time last (monotonic) time of SA use
+ * @return SUCCESS if operation completed
+ */
+ status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, u_int8_t protocol, mark_t mark,
+ u_int64_t *bytes, u_int64_t *packets, time_t *time);
+
+ /**
+ * Delete a previusly installed SA from the SAD.
+ *
+ * @param src source address for this SA
+ * @param dst destination address for this SA
+ * @param spi SPI allocated by us or remote peer
+ * @param protocol protocol for this SA (ESP/AH)
+ * @param cpi CPI for IPComp or 0
+ * @param mark optional mark for this SA
+ * @return SUCCESS if operation completed
+ */
+ status_t (*del_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
+ u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
+ mark_t mark);
+
+ /**
+ * Flush all SAs from the SAD.
+ *
+ * @return SUCCESS if operation completed
+ */
+ status_t (*flush_sas) (kernel_ipsec_t *this);
+
+ /**
+ * Add a policy to the SPD.
+ *
+ * @param src source address of SA
+ * @param dst dest address of SA
+ * @param src_ts traffic selector to match traffic source
+ * @param dst_ts traffic selector to match traffic dest
+ * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
+ * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
+ * @param sa details about the SA(s) tied to this policy
+ * @param mark mark for this policy
+ * @param priority priority of this policy
+ * @return SUCCESS if operation completed
+ */
+ status_t (*add_policy) (kernel_ipsec_t *this,
+ host_t *src, host_t *dst,
+ traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type,
+ ipsec_sa_cfg_t *sa, mark_t mark,
+ policy_priority_t priority);
+
+ /**
+ * Query the use time of a policy.
+ *
+ * The use time of a policy is the time the policy was used for the last
+ * time. It is not the system time, but a monotonic timestamp as returned
+ * by time_monotonic.
+ *
+ * @param src_ts traffic selector to match traffic source
+ * @param dst_ts traffic selector to match traffic dest
+ * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
+ * @param mark optional mark
+ * @param[out] use_time the monotonic timestamp of this SA's last use
+ * @return SUCCESS if operation completed
+ */
+ status_t (*query_policy) (kernel_ipsec_t *this,
+ traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts,
+ policy_dir_t direction, mark_t mark,
+ time_t *use_time);
+
+ /**
+ * Remove a policy from the SPD.
+ *
+ * @param src source address of SA
+ * @param dst dest address of SA
+ * @param src_ts traffic selector to match traffic source
+ * @param dst_ts traffic selector to match traffic dest
+ * @param direction direction of traffic, POLICY_(IN|OUT|FWD)
+ * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
+ * @param sa details about the SA(s) tied to this policy
+ * @param mark mark for this policy
+ * @param priority priority of the policy
+ * @return SUCCESS if operation completed
+ */
+ status_t (*del_policy) (kernel_ipsec_t *this,
+ host_t *src, host_t *dst,
+ traffic_selector_t *src_ts,
+ traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type,
+ ipsec_sa_cfg_t *sa, mark_t mark,
+ policy_priority_t priority);
+
+ /**
+ * Flush all policies from the SPD.
+ *
+ * @return SUCCESS if operation completed
+ */
+ status_t (*flush_policies) (kernel_ipsec_t *this);
+
+ /**
+ * Install a bypass policy for the given socket.
+ *
+ * @param fd socket file descriptor to setup policy for
+ * @param family protocol family of the socket
+ * @return TRUE of policy set up successfully
+ */
+ bool (*bypass_socket)(kernel_ipsec_t *this, int fd, int family);
+
+ /**
+ * Enable decapsulation of ESP-in-UDP packets for the given port/socket.
+ *
+ * @param fd socket file descriptor
+ * @param family protocol family of the socket
+ * @param port the UDP port
+ * @return TRUE if UDP decapsulation was enabled successfully
+ */
+ bool (*enable_udp_decap)(kernel_ipsec_t *this, int fd, int family,
+ u_int16_t port);
+
+ /**
+ * Destroy the implementation.
+ */
+ void (*destroy) (kernel_ipsec_t *this);
+};
+
+/**
+ * Helper function to (un-)register IPsec kernel interfaces from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register an IPsec kernel interface constructor.
+ *
+ * @param plugin plugin registering the kernel interface
+ * @param feature associated plugin feature
+ * @param reg TRUE to register, FALSE to unregister
+ * @param data data passed to callback, an kernel_ipsec_constructor_t
+ */
+bool kernel_ipsec_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data);
+
+#endif /** KERNEL_IPSEC_H_ @}*/
diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h
new file mode 100644
index 000000000..6426fae2a
--- /dev/null
+++ b/src/libcharon/kernel/kernel_listener.h
@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2010-2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup kernel_listener kernel_listener
+ * @{ @ingroup kernel
+ */
+
+#ifndef KERNEL_LISTENER_H_
+#define KERNEL_LISTENER_H_
+
+typedef struct kernel_listener_t kernel_listener_t;
+
+#include <networking/host.h>
+#include <networking/tun_device.h>
+#include <selectors/traffic_selector.h>
+#include <kernel/kernel_ipsec.h>
+
+/**
+ * Interface for components interested in kernel events.
+ *
+ * All hooks are optional.
+ */
+struct kernel_listener_t {
+
+ /**
+ * Hook called if an acquire event for a policy is received.
+ *
+ * @param reqid reqid of the policy to acquire
+ * @param src_ts source traffic selector
+ * @param dst_ts destination traffic selector
+ * @return TRUE to remain registered, FALSE to unregister
+ */
+ bool (*acquire)(kernel_listener_t *this, u_int32_t reqid,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
+
+ /**
+ * Hook called if an exire event for an IPsec SA is received.
+ *
+ * @param protocol protocol of the expired SA
+ * @param spi spi of the expired SA
+ * @param dst destination address of expired SA
+ * @param hard TRUE if it is a hard expire, FALSE otherwise
+ * @return TRUE to remain registered, FALSE to unregister
+ */
+ bool (*expire)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, bool hard);
+
+ /**
+ * Hook called if the NAT mappings of an IPsec SA changed.
+ *
+ * @param protocol IPsec protocol of affected SA
+ * @param spi spi of the SA
+ * @param dst old destinatino address of SA
+ * @param remote new remote host
+ * @return TRUE to remain registered, FALSE to unregister
+ */
+ bool (*mapping)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi,
+ host_t *dst, host_t *remote);
+
+ /**
+ * Hook called if a migrate event for a policy is received.
+ *
+ * @param reqid reqid of the policy
+ * @param src_ts source traffic selector
+ * @param dst_ts destination traffic selector
+ * @param direction direction of the policy (in|out)
+ * @param local local host address to be used in the IKE_SA
+ * @param remote remote host address to be used in the IKE_SA
+ * @return TRUE to remain registered, FALSE to unregister
+ */
+ bool (*migrate)(kernel_listener_t *this, u_int32_t reqid,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, host_t *local, host_t *remote);
+
+ /**
+ * Hook called if changes in the networking layer occurred (interfaces
+ * up/down, routes added/deleted etc.).
+ *
+ * @param address TRUE if address list, FALSE if routing changed
+ * @return TRUE to remain registered, FALSE to unregister
+ */
+ bool (*roam)(kernel_listener_t *this, bool address);
+
+ /**
+ * Hook called after a TUN device was created for a virtual IP address, or
+ * before such a device gets destroyed.
+ *
+ * @param tun TUN device
+ * @param created TRUE if created, FALSE if going to be destroyed
+ */
+ bool (*tun)(kernel_listener_t *this, tun_device_t *tun, bool created);
+};
+
+#endif /** KERNEL_LISTENER_H_ @}*/
diff --git a/src/libcharon/kernel/kernel_net.c b/src/libcharon/kernel/kernel_net.c
new file mode 100644
index 000000000..f169cad14
--- /dev/null
+++ b/src/libcharon/kernel/kernel_net.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2011 Martin Willi
+ * Copyright (C) 2011 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "kernel_net.h"
+
+#include <daemon.h>
+
+/**
+ * See header
+ */
+bool kernel_net_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data)
+{
+ if (reg)
+ {
+ return charon->kernel->add_net_interface(charon->kernel,
+ (kernel_net_constructor_t)data);
+ }
+ else
+ {
+ return charon->kernel->remove_net_interface(charon->kernel,
+ (kernel_net_constructor_t)data);
+ }
+}
diff --git a/src/libcharon/kernel/kernel_net.h b/src/libcharon/kernel/kernel_net.h
new file mode 100644
index 000000000..7fc644a7e
--- /dev/null
+++ b/src/libcharon/kernel/kernel_net.h
@@ -0,0 +1,196 @@
+/*
+ * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup kernel_net kernel_net
+ * @{ @ingroup kernel
+ */
+
+#ifndef KERNEL_NET_H_
+#define KERNEL_NET_H_
+
+typedef struct kernel_net_t kernel_net_t;
+typedef enum kernel_address_type_t kernel_address_type_t;
+
+#include <collections/enumerator.h>
+#include <networking/host.h>
+#include <plugins/plugin.h>
+#include <kernel/kernel_interface.h>
+
+/**
+ * Type of addresses (e.g. when enumerating them)
+ */
+enum kernel_address_type_t {
+ /** normal addresses (on regular, up, non-ignored) interfaces */
+ ADDR_TYPE_REGULAR = (1 << 0),
+ /** addresses on down interfaces */
+ ADDR_TYPE_DOWN = (1 << 1),
+ /** addresses on ignored interfaces */
+ ADDR_TYPE_IGNORED = (1 << 2),
+ /** addresses on loopback interfaces */
+ ADDR_TYPE_LOOPBACK = (1 << 3),
+ /** virtual IP addresses */
+ ADDR_TYPE_VIRTUAL = (1 << 4),
+ /** to enumerate all available addresses */
+ ADDR_TYPE_ALL = (1 << 5) - 1,
+};
+
+/**
+ * Interface to the network subsystem of the kernel.
+ *
+ * The kernel network interface handles the communication with the kernel
+ * for interface and IP address management.
+ */
+struct kernel_net_t {
+
+ /**
+ * Get the feature set supported by this kernel backend.
+ *
+ * @return ORed feature-set of backend
+ */
+ kernel_feature_t (*get_features)(kernel_net_t *this);
+
+ /**
+ * Get our outgoing source address for a destination.
+ *
+ * Does a route lookup to get the source address used to reach dest.
+ * The returned host is allocated and must be destroyed.
+ * An optional src address can be used to check if a route is available
+ * for the given source to dest.
+ *
+ * @param dest target destination address
+ * @param src source address to check, or NULL
+ * @return outgoing source address, NULL if unreachable
+ */
+ host_t* (*get_source_addr)(kernel_net_t *this, host_t *dest, host_t *src);
+
+ /**
+ * Get the next hop for a destination.
+ *
+ * Does a route lookup to get the next hop used to reach dest.
+ * The returned host is allocated and must be destroyed.
+ * An optional src address can be used to check if a route is available
+ * for the given source to dest.
+ *
+ * @param dest target destination address
+ * @param prefix prefix length if dest is a subnet, -1 for auto
+ * @param src source address to check, or NULL
+ * @return next hop address, NULL if unreachable
+ */
+ host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, int prefix,
+ host_t *src);
+
+ /**
+ * Get the interface name of a local address. Interfaces that are down or
+ * ignored by config are not considered.
+ *
+ * @param host address to get interface name from
+ * @param name allocated interface name (optional)
+ * @return TRUE if interface found and usable
+ */
+ bool (*get_interface) (kernel_net_t *this, host_t *host, char **name);
+
+ /**
+ * Creates an enumerator over all local addresses.
+ *
+ * This function blocks an internal cached address list until the
+ * enumerator gets destroyed.
+ * The hosts are read-only, do not modify of free.
+ *
+ * @param which a combination of address types to enumerate
+ * @return enumerator over host_t's
+ */
+ enumerator_t *(*create_address_enumerator) (kernel_net_t *this,
+ kernel_address_type_t which);
+
+ /**
+ * Add a virtual IP to an interface.
+ *
+ * Virtual IPs are attached to an interface. If an IP is added multiple
+ * times, the IP is refcounted and not removed until del_ip() was called
+ * as many times as add_ip().
+ *
+ * @param virtual_ip virtual ip address to assign
+ * @param prefix prefix length to install with IP address, -1 for auto
+ * @param iface interface to install virtual IP on
+ * @return SUCCESS if operation completed
+ */
+ status_t (*add_ip) (kernel_net_t *this, host_t *virtual_ip, int prefix,
+ char *iface);
+
+ /**
+ * Remove a virtual IP from an interface.
+ *
+ * The kernel interface uses refcounting, see add_ip().
+ *
+ * @param virtual_ip virtual ip address to remove
+ * @param prefix prefix length of the IP to uninstall, -1 for auto
+ * @param wait TRUE to wait until IP is gone
+ * @return SUCCESS if operation completed
+ */
+ status_t (*del_ip) (kernel_net_t *this, host_t *virtual_ip, int prefix,
+ bool wait);
+
+ /**
+ * Add a route.
+ *
+ * @param dst_net destination net
+ * @param prefixlen destination net prefix length
+ * @param gateway gateway for this route
+ * @param src_ip source ip of the route
+ * @param if_name name of the interface the route is bound to
+ * @return SUCCESS if operation completed
+ * ALREADY_DONE if the route already exists
+ */
+ status_t (*add_route) (kernel_net_t *this, chunk_t dst_net,
+ u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ char *if_name);
+
+ /**
+ * Delete a route.
+ *
+ * @param dst_net destination net
+ * @param prefixlen destination net prefix length
+ * @param gateway gateway for this route
+ * @param src_ip source ip of the route
+ * @param if_name name of the interface the route is bound to
+ * @return SUCCESS if operation completed
+ */
+ status_t (*del_route) (kernel_net_t *this, chunk_t dst_net,
+ u_int8_t prefixlen, host_t *gateway, host_t *src_ip,
+ char *if_name);
+
+ /**
+ * Destroy the implementation.
+ */
+ void (*destroy) (kernel_net_t *this);
+};
+
+/**
+ * Helper function to (un-)register net kernel interfaces from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register an net kernel interface constructor.
+ *
+ * @param plugin plugin registering the kernel interface
+ * @param feature associated plugin feature
+ * @param reg TRUE to register, FALSE to unregister
+ * @param data data passed to callback, an kernel_net_constructor_t
+ */
+bool kernel_net_register(plugin_t *plugin, plugin_feature_t *feature,
+ bool reg, void *data);
+
+#endif /** KERNEL_NET_H_ @}*/
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index a2f2016ff..ee357ca4d 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -20,7 +20,6 @@
#include "receiver.h"
-#include <hydra.h>
#include <daemon.h>
#include <network/socket.h>
#include <processing/jobs/job.h>
@@ -451,9 +450,8 @@ static job_requeue_t receive_packets(private_receiver_t *this)
dst = packet->get_destination(packet);
src = packet->get_source(packet);
- if (!hydra->kernel_interface->all_interfaces_usable(hydra->kernel_interface)
- && !hydra->kernel_interface->get_interface(hydra->kernel_interface,
- dst, NULL))
+ if (!charon->kernel->all_interfaces_usable(charon->kernel)
+ && !charon->kernel->get_interface(charon->kernel, dst, NULL))
{
DBG3(DBG_NET, "received packet from %#H to %#H on ignored interface",
src, dst);
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
index b8c1b4059..0fd1d33fd 100644
--- a/src/libcharon/plugins/dhcp/dhcp_socket.c
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -31,7 +31,6 @@
#include <threading/condvar.h>
#include <threading/thread.h>
-#include <hydra.h>
#include <daemon.h>
#include <processing/jobs/callback_job.h>
@@ -209,8 +208,7 @@ static int prepare_dhcp(private_dhcp_socket_t *this,
else
{
/* act as relay agent */
- src = hydra->kernel_interface->get_source_addr(hydra->kernel_interface,
- this->dst, NULL);
+ src = charon->kernel->get_source_addr(charon->kernel, this->dst, NULL);
if (src)
{
memcpy(&dhcp->gateway_address, src->get_address(src).ptr,
diff --git a/src/libcharon/plugins/forecast/forecast_forwarder.c b/src/libcharon/plugins/forecast/forecast_forwarder.c
index 07a3d4953..40aaa7f25 100644
--- a/src/libcharon/plugins/forecast/forecast_forwarder.c
+++ b/src/libcharon/plugins/forecast/forecast_forwarder.c
@@ -27,7 +27,6 @@
#include <ifaddrs.h>
#include <net/if.h>
-#include <hydra.h>
#include <daemon.h>
#include <threading/thread.h>
#include <processing/jobs/callback_job.h>
@@ -428,8 +427,7 @@ METHOD(forecast_forwarder_t, destroy, void,
lib->watcher->remove(lib->watcher, this->kernel.pkt);
close(this->kernel.pkt);
}
- hydra->kernel_interface->remove_listener(hydra->kernel_interface,
- &this->kernel.listener);
+ charon->kernel->remove_listener(charon->kernel, &this->kernel.listener);
free(this);
}
@@ -486,8 +484,8 @@ forecast_forwarder_t *forecast_forwarder_create(forecast_listener_t *listener)
setup_interface(&this->kernel);
- hydra->kernel_interface->add_listener(hydra->kernel_interface,
- &this->kernel.listener);
+ charon->kernel->add_listener(charon->kernel,
+ &this->kernel.listener);
lib->watcher->add(lib->watcher, this->kernel.pkt, WATCHER_READ,
(watcher_cb_t)receive_casts, this);
diff --git a/src/libcharon/plugins/kernel_iph/kernel_iph_net.c b/src/libcharon/plugins/kernel_iph/kernel_iph_net.c
index a4be4041e..6a8a96821 100644
--- a/src/libcharon/plugins/kernel_iph/kernel_iph_net.c
+++ b/src/libcharon/plugins/kernel_iph/kernel_iph_net.c
@@ -24,7 +24,7 @@
#include "kernel_iph_net.h"
-#include <hydra.h>
+#include <daemon.h>
#include <threading/mutex.h>
#include <collections/linked_list.h>
#include <processing/jobs/callback_job.h>
@@ -130,7 +130,7 @@ static job_requeue_t roam_event(private_kernel_iph_net_t *this)
this->roam_address = FALSE;
this->mutex->unlock(this->mutex);
- hydra->kernel_interface->roam(hydra->kernel_interface, address);
+ charon->kernel->roam(charon->kernel, address);
return JOB_REQUEUE_NONE;
}
diff --git a/src/libcharon/plugins/kernel_iph/kernel_iph_plugin.c b/src/libcharon/plugins/kernel_iph/kernel_iph_plugin.c
index c5475e30b..c16381440 100644
--- a/src/libcharon/plugins/kernel_iph/kernel_iph_plugin.c
+++ b/src/libcharon/plugins/kernel_iph/kernel_iph_plugin.c
@@ -17,8 +17,6 @@
#include "kernel_iph_plugin.h"
#include "kernel_iph_net.h"
-#include <hydra.h>
-
typedef struct private_kernel_iph_plugin_t private_kernel_iph_plugin_t;
/**
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
index 9f5f4edbd..4c8771e96 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
@@ -17,7 +17,7 @@
#include <library.h>
#include <ipsec.h>
-#include <hydra.h>
+#include <daemon.h>
#include <networking/tun_device.h>
#include <threading/mutex.h>
#include <utils/debug.h>
@@ -224,8 +224,7 @@ static inline bool policy_entry_equals(policy_entry_t *a,
*/
static void expire(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard)
{
- hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
- spi, dst, hard);
+ charon->kernel->expire(charon->kernel, protocol, spi, dst, hard);
}
METHOD(kernel_ipsec_t, get_features, kernel_feature_t,
@@ -313,16 +312,13 @@ static void add_exclude_route(private_kernel_libipsec_ipsec_t *this,
if (!route->exclude)
{
DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src);
- gtw = hydra->kernel_interface->get_nexthop(hydra->kernel_interface,
- dst, -1, NULL);
+ gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL);
if (gtw)
{
char *if_name = NULL;
- if (hydra->kernel_interface->get_interface(
- hydra->kernel_interface, src, &if_name) &&
- hydra->kernel_interface->add_route(hydra->kernel_interface,
- dst->get_address(dst),
+ if (charon->kernel->get_interface(charon->kernel, src, &if_name) &&
+ charon->kernel->add_route(charon->kernel, dst->get_address(dst),
dst->get_family(dst) == AF_INET ? 32 : 128,
gtw, src, if_name) == SUCCESS)
{
@@ -367,14 +363,12 @@ static void remove_exclude_route(private_kernel_libipsec_ipsec_t *this,
dst = route->exclude->dst;
DBG2(DBG_KNL, "uninstalling exclude route for %H src %H",
dst, route->exclude->src);
- if (hydra->kernel_interface->get_interface(
- hydra->kernel_interface,
- route->exclude->src, &if_name) &&
- hydra->kernel_interface->del_route(hydra->kernel_interface,
- dst->get_address(dst),
- dst->get_family(dst) == AF_INET ? 32 : 128,
- route->exclude->gtw, route->exclude->src,
- if_name) != SUCCESS)
+ if (charon->kernel->get_interface(charon->kernel, route->exclude->src,
+ &if_name) &&
+ charon->kernel->del_route(charon->kernel, dst->get_address(dst),
+ dst->get_family(dst) == AF_INET ? 32 : 128,
+ route->exclude->gtw, route->exclude->src,
+ if_name) != SUCCESS)
{
DBG1(DBG_KNL, "uninstalling exclude route for %H failed", dst);
}
@@ -402,8 +396,8 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
return TRUE;
}
- if (hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
- src_ts, &src_ip, &is_virtual) != SUCCESS)
+ if (charon->kernel->get_address_by_ts(charon->kernel, src_ts, &src_ip,
+ &is_virtual) != SUCCESS)
{
traffic_selector_t *multicast, *broadcast = NULL;
bool ignore = FALSE;
@@ -444,8 +438,7 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
);
#ifndef __linux__
/* on Linux we cant't install a gateway */
- route->gateway = hydra->kernel_interface->get_nexthop(
- hydra->kernel_interface, dst, -1, src);
+ route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src);
#endif
if (policy->route)
@@ -459,9 +452,9 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
return TRUE;
}
/* uninstall previously installed route */
- if (hydra->kernel_interface->del_route(hydra->kernel_interface,
- old->dst_net, old->prefixlen, old->gateway,
- old->src_ip, old->if_name) != SUCCESS)
+ if (charon->kernel->del_route(charon->kernel, old->dst_net,
+ old->prefixlen, old->gateway,
+ old->src_ip, old->if_name) != SUCCESS)
{
DBG1(DBG_KNL, "error uninstalling route installed with policy "
"%R === %R %N", src_ts, dst_ts, policy_dir_names,
@@ -490,9 +483,9 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
DBG2(DBG_KNL, "installing route: %R src %H dev %s",
dst_ts, route->src_ip, route->if_name);
- switch (hydra->kernel_interface->add_route(hydra->kernel_interface,
- route->dst_net, route->prefixlen, route->gateway,
- route->src_ip, route->if_name))
+ switch (charon->kernel->add_route(charon->kernel, route->dst_net,
+ route->prefixlen, route->gateway,
+ route->src_ip, route->if_name))
{
case ALREADY_DONE:
/* route exists, do not uninstall */
@@ -598,9 +591,9 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
{
route_entry_t *route = policy->route;
- if (hydra->kernel_interface->del_route(hydra->kernel_interface,
- route->dst_net, route->prefixlen, route->gateway, route->src_ip,
- route->if_name) != SUCCESS)
+ if (charon->kernel->del_route(charon->kernel, route->dst_net,
+ route->prefixlen, route->gateway,
+ route->src_ip, route->if_name) != SUCCESS)
{
DBG1(DBG_KNL, "error uninstalling route installed with "
"policy %R === %R %N", src_ts, dst_ts,
@@ -629,9 +622,9 @@ METHOD(kernel_ipsec_t, flush_policies, status_t,
{
route_entry_t *route = pol->route;
- hydra->kernel_interface->del_route(hydra->kernel_interface,
- route->dst_net, route->prefixlen, route->gateway,
- route->src_ip, route->if_name);
+ charon->kernel->del_route(charon->kernel, route->dst_net,
+ route->prefixlen, route->gateway,
+ route->src_ip, route->if_name);
remove_exclude_route(this, route);
}
policy_entry_destroy(pol);
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
index 830954e11..66141ad56 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
@@ -19,7 +19,6 @@
#include "kernel_libipsec_router.h"
#include <daemon.h>
-#include <hydra.h>
#include <ipsec.h>
#include <collections/hashtable.h>
#include <networking/tun_device.h>
@@ -298,8 +297,7 @@ METHOD(kernel_libipsec_router_t, destroy, void,
(ipsec_outbound_cb_t)send_esp);
ipsec->processor->unregister_inbound(ipsec->processor,
(ipsec_inbound_cb_t)deliver_plain);
- hydra->kernel_interface->remove_listener(hydra->kernel_interface,
- &this->public.listener);
+ charon->kernel->remove_listener(charon->kernel, &this->public.listener);
this->lock->destroy(this->lock);
this->tuns->destroy(this->tuns);
close(this->notify[0]);
@@ -351,8 +349,7 @@ kernel_libipsec_router_t *kernel_libipsec_router_create()
(hashtable_equals_t)tun_entry_equals, 4);
this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
- hydra->kernel_interface->add_listener(hydra->kernel_interface,
- &this->public.listener);
+ charon->kernel->add_listener(charon->kernel, &this->public.listener);
ipsec->processor->register_outbound(ipsec->processor, send_esp, NULL);
ipsec->processor->register_inbound(ipsec->processor,
(ipsec_inbound_cb_t)deliver_plain, this);
diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.am b/src/libcharon/plugins/kernel_netlink/Makefile.am
index cc8855406..973e2c2f4 100644
--- a/src/libcharon/plugins/kernel_netlink/Makefile.am
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.am
@@ -1,7 +1,7 @@
AM_CPPFLAGS = \
-I${linux_headers} \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon \
-DROUTING_TABLE=${routing_table} \
-DROUTING_TABLE_PRIO=${routing_table_prio}
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 8c506d9f4..275aa6cb2 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -35,7 +35,7 @@
#include "kernel_netlink_ipsec.h"
#include "kernel_netlink_shared.h"
-#include <hydra.h>
+#include <daemon.h>
#include <utils/debug.h>
#include <threading/mutex.h>
#include <collections/array.h>
@@ -262,8 +262,8 @@ static char* lookup_algorithm(transform_type_t type, int ikev2)
return list[i].name;
}
}
- if (hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface,
- ikev2, type, NULL, &name))
+ if (charon->kernel->lookup_algorithm(charon->kernel, ikev2, type, NULL,
+ &name))
{
return name;
}
@@ -856,8 +856,7 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this,
src_ts = selector2ts(&acquire->sel, TRUE);
dst_ts = selector2ts(&acquire->sel, FALSE);
- hydra->kernel_interface->acquire(hydra->kernel_interface, reqid, src_ts,
- dst_ts);
+ charon->kernel->acquire(charon->kernel, reqid, src_ts, dst_ts);
}
/**
@@ -882,8 +881,8 @@ static void process_expire(private_kernel_netlink_ipsec_t *this,
dst = xfrm2host(expire->state.family, &expire->state.id.daddr, 0);
if (dst)
{
- hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
- spi, dst, expire->hard != 0);
+ charon->kernel->expire(charon->kernel, protocol, spi, dst,
+ expire->hard != 0);
dst->destroy(dst);
}
}
@@ -951,8 +950,8 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this,
if (src_ts && dst_ts && local && remote)
{
- hydra->kernel_interface->migrate(hydra->kernel_interface, reqid,
- src_ts, dst_ts, dir, local, remote);
+ charon->kernel->migrate(charon->kernel, reqid, src_ts, dst_ts, dir,
+ local, remote);
}
else
{
@@ -988,8 +987,8 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this,
mapping->new_sport);
if (new)
{
- hydra->kernel_interface->mapping(hydra->kernel_interface,
- IPPROTO_ESP, spi, dst, new);
+ charon->kernel->mapping(charon->kernel, IPPROTO_ESP, spi, dst,
+ new);
new->destroy(new);
}
dst->destroy(dst);
@@ -2202,22 +2201,21 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
.prefixlen = policy->sel.prefixlen_s,
);
- if (hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
- fwd->dst_ts, &route->src_ip, NULL) == SUCCESS)
+ if (charon->kernel->get_address_by_ts(charon->kernel, fwd->dst_ts,
+ &route->src_ip, NULL) == SUCCESS)
{
/* get the nexthop to src (src as we are in POLICY_FWD) */
if (!ipsec->src->is_anyaddr(ipsec->src))
{
- route->gateway = hydra->kernel_interface->get_nexthop(
- hydra->kernel_interface, ipsec->src,
- -1, ipsec->dst);
+ route->gateway = charon->kernel->get_nexthop(charon->kernel,
+ ipsec->src, -1, ipsec->dst);
}
else
{ /* for shunt policies */
iface = xfrm2host(policy->sel.family, &policy->sel.saddr, 0);
- route->gateway = hydra->kernel_interface->get_nexthop(
- hydra->kernel_interface, iface,
- policy->sel.prefixlen_s, route->src_ip);
+ route->gateway = charon->kernel->get_nexthop(charon->kernel,
+ iface, policy->sel.prefixlen_s,
+ route->src_ip);
iface->destroy(iface);
}
route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16);
@@ -2232,8 +2230,8 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
iface = route->src_ip;
}
/* install route via outgoing interface */
- if (!hydra->kernel_interface->get_interface(hydra->kernel_interface,
- iface, &route->if_name))
+ if (!charon->kernel->get_interface(charon->kernel, iface,
+ &route->if_name))
{
this->mutex->unlock(this->mutex);
route_entry_destroy(route);
@@ -2250,9 +2248,9 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
return SUCCESS;
}
/* uninstall previously installed route */
- if (hydra->kernel_interface->del_route(hydra->kernel_interface,
- old->dst_net, old->prefixlen, old->gateway,
- old->src_ip, old->if_name) != SUCCESS)
+ if (charon->kernel->del_route(charon->kernel, old->dst_net,
+ old->prefixlen, old->gateway,
+ old->src_ip, old->if_name) != SUCCESS)
{
DBG1(DBG_KNL, "error uninstalling route installed with "
"policy %R === %R %N", fwd->src_ts,
@@ -2265,10 +2263,9 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s",
fwd->src_ts, route->gateway, route->src_ip, route->if_name);
- switch (hydra->kernel_interface->add_route(
- hydra->kernel_interface, route->dst_net,
- route->prefixlen, route->gateway,
- route->src_ip, route->if_name))
+ switch (charon->kernel->add_route(charon->kernel, route->dst_net,
+ route->prefixlen, route->gateway,
+ route->src_ip, route->if_name))
{
default:
DBG1(DBG_KNL, "unable to install source route for %H",
@@ -2579,9 +2576,9 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
if (current->route)
{
route_entry_t *route = current->route;
- if (hydra->kernel_interface->del_route(hydra->kernel_interface,
- route->dst_net, route->prefixlen, route->gateway,
- route->src_ip, route->if_name) != SUCCESS)
+ if (charon->kernel->del_route(charon->kernel, route->dst_net,
+ route->prefixlen, route->gateway,
+ route->src_ip, route->if_name) != SUCCESS)
{
DBG1(DBG_KNL, "error uninstalling route installed with "
"policy %R === %R %N", src_ts, dst_ts,
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 4e5e02d07..abe29e2c5 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -51,7 +51,7 @@
#include "kernel_netlink_net.h"
#include "kernel_netlink_shared.h"
-#include <hydra.h>
+#include <daemon.h>
#include <utils/debug.h>
#include <threading/mutex.h>
#include <threading/rwlock.h>
@@ -893,7 +893,7 @@ static job_requeue_t roam_event(private_kernel_netlink_net_t *this)
address = this->roam_address;
this->roam_address = FALSE;
this->roam_lock->unlock(this->roam_lock);
- hydra->kernel_interface->roam(hydra->kernel_interface, address);
+ charon->kernel->roam(charon->kernel, address);
return JOB_REQUEUE_NONE;
}
@@ -1004,8 +1004,8 @@ static void process_link(private_kernel_netlink_net_t *this,
INIT(entry,
.ifindex = msg->ifi_index,
.addrs = linked_list_create(),
- .usable = hydra->kernel_interface->is_interface_usable(
- hydra->kernel_interface, name),
+ .usable = charon->kernel->is_interface_usable(
+ charon->kernel, name),
);
this->ifaces->insert_last(this->ifaces, entry);
}
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
index 8d5a0d5e8..8bafc3c55 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
@@ -19,8 +19,6 @@
#include "kernel_netlink_ipsec.h"
#include "kernel_netlink_net.h"
-#include <hydra.h>
-
typedef struct private_kernel_netlink_plugin_t private_kernel_netlink_plugin_t;
/**
diff --git a/src/libcharon/plugins/kernel_netlink/tests.c b/src/libcharon/plugins/kernel_netlink/tests.c
index 52985b438..a1799ea70 100644
--- a/src/libcharon/plugins/kernel_netlink/tests.c
+++ b/src/libcharon/plugins/kernel_netlink/tests.c
@@ -15,8 +15,6 @@
#include <test_runner.h>
-#include <hydra.h>
-
/* declare test suite constructors */
#define TEST_SUITE(x) test_suite_t* x();
#include "tests.h"
diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.am b/src/libcharon/plugins/kernel_pfkey/Makefile.am
index f645528d9..8fdca93a5 100644
--- a/src/libcharon/plugins/kernel_pfkey/Makefile.am
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.am
@@ -1,7 +1,7 @@
AM_CPPFLAGS = \
-I${linux_headers} \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra
+ -I$(top_srcdir)/src/libcharon
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index a2fccd1d3..d505f1c33 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -78,7 +78,7 @@
#include "kernel_pfkey_ipsec.h"
-#include <hydra.h>
+#include <daemon.h>
#include <utils/debug.h>
#include <networking/host.h>
#include <collections/linked_list.h>
@@ -922,8 +922,7 @@ static int lookup_algorithm(transform_type_t type, int ikev2)
}
list++;
}
- hydra->kernel_interface->lookup_algorithm(hydra->kernel_interface, ikev2,
- type, &alg, NULL);
+ charon->kernel->lookup_algorithm(charon->kernel, ikev2, type, &alg, NULL);
return alg;
}
@@ -1283,8 +1282,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this,
src_ts = sadb_address2ts(response.src);
dst_ts = sadb_address2ts(response.dst);
- hydra->kernel_interface->acquire(hydra->kernel_interface, reqid, src_ts,
- dst_ts);
+ charon->kernel->acquire(charon->kernel, reqid, src_ts, dst_ts);
}
/**
@@ -1316,8 +1314,7 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this,
dst = host_create_from_sockaddr((sockaddr_t*)(response.dst + 1));
if (dst)
{
- hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
- spi, dst, hard);
+ charon->kernel->expire(charon->kernel, protocol, spi, dst, hard);
dst->destroy(dst);
}
}
@@ -1366,8 +1363,8 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this,
if (src_ts && dst_ts && local && remote)
{
- hydra->kernel_interface->migrate(hydra->kernel_interface, reqid,
- src_ts, dst_ts, dir, local, remote);
+ charon->kernel->migrate(charon->kernel, reqid, src_ts, dst_ts, dir,
+ local, remote);
}
else
{
@@ -1437,8 +1434,7 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this,
new = host_create_from_sockaddr(sa);
if (new)
{
- hydra->kernel_interface->mapping(hydra->kernel_interface,
- IPPROTO_ESP, spi, dst, new);
+ charon->kernel->mapping(charon->kernel, IPPROTO_ESP, spi, dst, new);
new->destroy(new);
}
dst->destroy(dst);
@@ -2142,15 +2138,13 @@ static void add_exclude_route(private_kernel_pfkey_ipsec_t *this,
if (!route->exclude)
{
DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src);
- gtw = hydra->kernel_interface->get_nexthop(hydra->kernel_interface,
- dst, -1, NULL);
+ gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL);
if (gtw)
{
char *if_name = NULL;
- if (hydra->kernel_interface->get_interface(
- hydra->kernel_interface, src, &if_name) &&
- hydra->kernel_interface->add_route(hydra->kernel_interface,
+ if (charon->kernel->get_interface(charon->kernel, src, &if_name) &&
+ charon->kernel->add_route(charon->kernel,
dst->get_address(dst),
dst->get_family(dst) == AF_INET ? 32 : 128,
gtw, src, if_name) == SUCCESS)
@@ -2213,10 +2207,10 @@ static void remove_exclude_route(private_kernel_pfkey_ipsec_t *this,
dst = route->exclude->dst;
DBG2(DBG_KNL, "uninstalling exclude route for %H src %H",
dst, route->exclude->src);
- if (hydra->kernel_interface->get_interface(
- hydra->kernel_interface,
+ if (charon->kernel->get_interface(
+ charon->kernel,
route->exclude->src, &if_name) &&
- hydra->kernel_interface->del_route(hydra->kernel_interface,
+ charon->kernel->del_route(charon->kernel,
dst->get_address(dst),
dst->get_family(dst) == AF_INET ? 32 : 128,
route->exclude->gtw, route->exclude->src,
@@ -2241,8 +2235,8 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
host_t *host, *src, *dst;
bool is_virtual;
- if (hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
- in->dst_ts, &host, &is_virtual) != SUCCESS)
+ if (charon->kernel->get_address_by_ts(charon->kernel, in->dst_ts, &host,
+ &is_virtual) != SUCCESS)
{
return FALSE;
}
@@ -2259,8 +2253,8 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
if (!dst->is_anyaddr(dst))
{
- route->gateway = hydra->kernel_interface->get_nexthop(
- hydra->kernel_interface, dst, -1, src);
+ route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1,
+ src);
/* if the IP is virtual, we install the route over the interface it has
* been installed on. Otherwise we use the interface we use for IKE, as
@@ -2272,17 +2266,16 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
}
else
{ /* for shunt policies */
- route->gateway = hydra->kernel_interface->get_nexthop(
- hydra->kernel_interface, policy->src.net,
- policy->src.mask, route->src_ip);
+ route->gateway = charon->kernel->get_nexthop(charon->kernel,
+ policy->src.net, policy->src.mask,
+ route->src_ip);
/* we don't have a source address, use the address we found */
src = route->src_ip;
}
/* get interface for route, using source address */
- if (!hydra->kernel_interface->get_interface(hydra->kernel_interface,
- src, &route->if_name))
+ if (!charon->kernel->get_interface(charon->kernel, src, &route->if_name))
{
route_entry_destroy(route);
return FALSE;
@@ -2298,9 +2291,9 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
return TRUE;
}
/* uninstall previously installed route */
- if (hydra->kernel_interface->del_route(hydra->kernel_interface,
- old->dst_net, old->prefixlen, old->gateway,
- old->src_ip, old->if_name) != SUCCESS)
+ if (charon->kernel->del_route(charon->kernel, old->dst_net,
+ old->prefixlen, old->gateway,
+ old->src_ip, old->if_name) != SUCCESS)
{
DBG1(DBG_KNL, "error uninstalling route installed with policy "
"%R === %R %N", in->src_ts, in->dst_ts,
@@ -2311,8 +2304,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
}
/* if remote traffic selector covers the IKE peer, add an exclude route */
- if (hydra->kernel_interface->get_features(
- hydra->kernel_interface) & KERNEL_REQUIRE_EXCLUDE_ROUTE)
+ if (charon->kernel->get_features(charon->kernel) & KERNEL_REQUIRE_EXCLUDE_ROUTE)
{
if (in->src_ts->is_host(in->src_ts, dst))
{
@@ -2331,9 +2323,9 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s",
in->src_ts, route->gateway, route->src_ip, route->if_name);
- switch (hydra->kernel_interface->add_route(hydra->kernel_interface,
- route->dst_net, route->prefixlen, route->gateway,
- route->src_ip, route->if_name))
+ switch (charon->kernel->add_route(charon->kernel, route->dst_net,
+ route->prefixlen, route->gateway,
+ route->src_ip, route->if_name))
{
case ALREADY_DONE:
/* route exists, do not uninstall */
@@ -2813,9 +2805,9 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
if (policy->route)
{
route_entry_t *route = policy->route;
- if (hydra->kernel_interface->del_route(hydra->kernel_interface,
- route->dst_net, route->prefixlen, route->gateway,
- route->src_ip, route->if_name) != SUCCESS)
+ if (charon->kernel->del_route(charon->kernel, route->dst_net,
+ route->prefixlen, route->gateway,
+ route->src_ip, route->if_name) != SUCCESS)
{
DBG1(DBG_KNL, "error uninstalling route installed with "
"policy %R === %R %N", src_ts, dst_ts,
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
index 61d576547..d49fe2422 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
@@ -18,8 +18,6 @@
#include "kernel_pfkey_ipsec.h"
-#include <hydra.h>
-
typedef struct private_kernel_pfkey_plugin_t private_kernel_pfkey_plugin_t;
/**
diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.am b/src/libcharon/plugins/kernel_pfroute/Makefile.am
index 5129c02f6..51047e38a 100644
--- a/src/libcharon/plugins/kernel_pfroute/Makefile.am
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.am
@@ -1,7 +1,7 @@
AM_CPPFLAGS = \
-I${linux_headers} \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra
+ -I$(top_srcdir)/src/libcharon
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
index df80c29b8..4eebdfdad 100644
--- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -24,7 +24,7 @@
#include "kernel_pfroute_net.h"
-#include <hydra.h>
+#include <daemon.h>
#include <utils/debug.h>
#include <networking/host.h>
#include <networking/tun_device.h>
@@ -555,7 +555,7 @@ static job_requeue_t roam_event(private_kernel_pfroute_net_t *this)
address = this->roam_address;
this->roam_address = FALSE;
this->roam_lock->unlock(this->roam_lock);
- hydra->kernel_interface->roam(hydra->kernel_interface, address);
+ charon->kernel->roam(charon->kernel, address);
return JOB_REQUEUE_NONE;
}
@@ -862,8 +862,8 @@ static void process_link(private_kernel_pfroute_net_t *this,
if (if_indextoname(iface->ifindex, iface->ifname))
{
DBG1(DBG_KNL, "interface %s appeared", iface->ifname);
- iface->usable = hydra->kernel_interface->is_interface_usable(
- hydra->kernel_interface, iface->ifname);
+ iface->usable = charon->kernel->is_interface_usable(charon->kernel,
+ iface->ifname);
repopulate_iface(this, iface);
this->ifaces->insert_last(this->ifaces, iface);
if (iface->usable)
@@ -1266,7 +1266,7 @@ METHOD(kernel_net_t, add_ip, status_t,
/* lets do this while holding the lock, thus preventing another thread
* from deleting the TUN device concurrently, hopefully listeners are quick
* and cause no deadlocks */
- hydra->kernel_interface->tun(hydra->kernel_interface, tun, TRUE);
+ charon->kernel->tun(charon->kernel, tun, TRUE);
this->lock->unlock(this->lock);
return SUCCESS;
@@ -1294,8 +1294,7 @@ METHOD(kernel_net_t, del_ip, status_t,
if (addr && addr->ip_equals(addr, vip))
{
this->tuns->remove_at(this->tuns, enumerator);
- hydra->kernel_interface->tun(hydra->kernel_interface, tun,
- FALSE);
+ charon->kernel->tun(charon->kernel, tun, FALSE);
tun->destroy(tun);
found = TRUE;
break;
@@ -1738,8 +1737,8 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this)
.ifindex = if_nametoindex(ifa->ifa_name),
.flags = ifa->ifa_flags,
.addrs = linked_list_create(),
- .usable = hydra->kernel_interface->is_interface_usable(
- hydra->kernel_interface, ifa->ifa_name),
+ .usable = charon->kernel->is_interface_usable(
+ charon->kernel, ifa->ifa_name),
);
memcpy(iface->ifname, ifa->ifa_name, IFNAMSIZ);
this->ifaces->insert_last(this->ifaces, iface);
diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
index 09068b33e..acd834ba3 100644
--- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
@@ -18,8 +18,6 @@
#include "kernel_pfroute_net.h"
-#include <hydra.h>
-
typedef struct private_kernel_pfroute_plugin_t private_kernel_pfroute_plugin_t;
/**
diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
index 95f79f168..e1c429885 100644
--- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
+++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
@@ -20,7 +20,6 @@
#include "kernel_wfp_ipsec.h"
#include <daemon.h>
-#include <hydra.h>
#include <threading/mutex.h>
#include <collections/array.h>
#include <collections/hashtable.h>
@@ -1396,10 +1395,9 @@ static bool uninstall_route(private_kernel_wfp_ipsec_t *this,
{
if (--route->refs == 0)
{
- if (hydra->kernel_interface->get_interface(hydra->kernel_interface,
- src, &name))
+ if (charon->kernel->get_interface(charon->kernel, src, &name))
{
- res = hydra->kernel_interface->del_route(hydra->kernel_interface,
+ res = charon->kernel->del_route(charon->kernel,
dst->get_address(dst), mask, gtw, src, name) == SUCCESS;
free(name);
}
@@ -1442,10 +1440,9 @@ static bool install_route(private_kernel_wfp_ipsec_t *this,
}
else
{
- if (hydra->kernel_interface->get_interface(hydra->kernel_interface,
- src, &name))
+ if (charon->kernel->get_interface(charon->kernel, src, &name))
{
- if (hydra->kernel_interface->add_route(hydra->kernel_interface,
+ if (charon->kernel->add_route(charon->kernel,
dst->get_address(dst), mask, gtw, src, name) == SUCCESS)
{
INIT(route,
@@ -1486,14 +1483,13 @@ static bool manage_route(private_kernel_wfp_ipsec_t *this,
{
return FALSE;
}
- if (hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
- src_ts, &src, NULL) != SUCCESS)
+ if (charon->kernel->get_address_by_ts(charon->kernel, src_ts, &src,
+ NULL) != SUCCESS)
{
dst->destroy(dst);
return FALSE;
}
- gtw = hydra->kernel_interface->get_nexthop(hydra->kernel_interface,
- remote, -1, local);
+ gtw = charon->kernel->get_nexthop(charon->kernel, remote, -1, local);
if (add)
{
done = install_route(this, dst, mask, src, gtw);
@@ -1650,8 +1646,7 @@ static void acquire(private_kernel_wfp_ipsec_t *this, UINT64 filter_id,
{
src = src ? src->clone(src) : NULL;
dst = dst ? dst->clone(dst) : NULL;
- hydra->kernel_interface->acquire(hydra->kernel_interface, reqid,
- src, dst);
+ charon->kernel->acquire(charon->kernel, reqid, src, dst);
}
}
@@ -2069,8 +2064,8 @@ static job_requeue_t expire_job(expire_data_t *data)
if (entry)
{
- hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
- data->spi, data->dst, data->hard);
+ charon->kernel->expire(charon->kernel, protocol, data->spi, data->dst,
+ data->hard);
}
return JOB_REQUEUE_NONE;
diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index 8a500635c..8f6abde0c 100644
--- a/src/libcharon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -18,7 +18,6 @@
#include <netdb.h>
#include <daemon.h>
-#include <hydra.h>
#include <attributes/mem_pool.h>
#include <collections/hashtable.h>
#include <threading/mutex.h>
@@ -656,8 +655,8 @@ static host_t *allocate_addr(private_load_tester_config_t *this, uint num)
id->destroy(id);
return NULL;
}
- if (hydra->kernel_interface->add_ip(hydra->kernel_interface,
- found, this->prefix, iface) != SUCCESS)
+ if (charon->kernel->add_ip(charon->kernel, found, this->prefix,
+ iface) != SUCCESS)
{
DBG1(DBG_CFG, "installing load-tester IP %H on %s failed", found, iface);
found->destroy(found);
@@ -852,8 +851,8 @@ METHOD(load_tester_config_t, delete_ip, void,
{
if (pool->release_address(pool, entry->host, entry->id))
{
- hydra->kernel_interface->del_ip(hydra->kernel_interface,
- entry->host, this->prefix, FALSE);
+ charon->kernel->del_ip(charon->kernel, entry->host,
+ this->prefix, FALSE);
break;
}
}
@@ -882,8 +881,8 @@ static void cleanup_leases(private_load_tester_config_t *this)
{
if (online)
{
- hydra->kernel_interface->del_ip(hydra->kernel_interface,
- addr, this->prefix, FALSE);
+ charon->kernel->del_ip(charon->kernel, addr, this->prefix,
+ FALSE);
entry = this->leases->remove(this->leases, addr);
if (entry)
{
diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c
index a0c467e22..6cf3a909c 100644
--- a/src/libcharon/plugins/load_tester/load_tester_plugin.c
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c
@@ -23,7 +23,6 @@
#include <unistd.h>
-#include <hydra.h>
#include <daemon.h>
#include <processing/jobs/callback_job.h>
#include <threading/condvar.h>
diff --git a/src/libcharon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c
index 74c3960ff..ec3decc4d 100644
--- a/src/libcharon/plugins/resolve/resolve_handler.c
+++ b/src/libcharon/plugins/resolve/resolve_handler.c
@@ -20,7 +20,6 @@
#include <sys/stat.h>
#include <unistd.h>
-#include <hydra.h>
#include <utils/debug.h>
#include <threading/mutex.h>
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index 13bf3e775..6e432d9cf 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -41,7 +41,6 @@
#include <netinet/udp.h>
#include <net/if.h>
-#include <hydra.h>
#include <daemon.h>
#include <threading/thread.h>
@@ -720,16 +719,15 @@ static int open_socket(private_socket_default_socket_t *this,
}
#endif
- if (!hydra->kernel_interface->bypass_socket(hydra->kernel_interface,
- skt, family))
+ if (!charon->kernel->bypass_socket(charon->kernel, skt, family))
{
DBG1(DBG_NET, "installing IKE bypass policy failed");
}
/* enable UDP decapsulation for NAT-T sockets */
if (port == &this->natt &&
- !hydra->kernel_interface->enable_udp_decap(hydra->kernel_interface,
- skt, family, this->natt))
+ !charon->kernel->enable_udp_decap(charon->kernel, skt, family,
+ this->natt))
{
DBG1(DBG_NET, "enabling UDP decapsulation for %s on port %d failed",
family == AF_INET ? "IPv4" : "IPv6", this->natt);
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
index a032134c3..b89cae47b 100644
--- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
@@ -36,7 +36,6 @@
#include <netinet/udp.h>
#include <net/if.h>
-#include <hydra.h>
#include <daemon.h>
#include <threading/thread.h>
#include <threading/rwlock.h>
@@ -438,15 +437,13 @@ static int open_socket(private_socket_dynamic_socket_t *this,
return 0;
}
- if (!hydra->kernel_interface->bypass_socket(hydra->kernel_interface,
- fd, family))
+ if (!charon->kernel->bypass_socket(charon->kernel, fd, family))
{
DBG1(DBG_NET, "installing IKE bypass policy failed");
}
/* enable UDP decapsulation on each socket */
- if (!hydra->kernel_interface->enable_udp_decap(hydra->kernel_interface,
- fd, family, *port))
+ if (!charon->kernel->enable_udp_decap(charon->kernel, fd, family, *port))
{
DBG1(DBG_NET, "enabling UDP decapsulation for %s on port %d failed",
family == AF_INET ? "IPv4" : "IPv6", *port);
diff --git a/src/libcharon/plugins/socket_win/socket_win_socket.c b/src/libcharon/plugins/socket_win/socket_win_socket.c
index fbfbedae1..94af08e80 100644
--- a/src/libcharon/plugins/socket_win/socket_win_socket.c
+++ b/src/libcharon/plugins/socket_win/socket_win_socket.c
@@ -19,7 +19,6 @@
#include "socket_win_socket.h"
#include <library.h>
-#include <hydra.h>
#include <threading/thread.h>
#include <daemon.h>
@@ -397,13 +396,11 @@ static SOCKET open_socket(private_socket_win_socket_t *this, int i)
closesocket(s);
return INVALID_SOCKET;
}
- if (!hydra->kernel_interface->bypass_socket(hydra->kernel_interface,
- s, AF_INET))
+ if (!charon->kernel->bypass_socket(charon->kernel, s, AF_INET))
{
DBG1(DBG_NET, "installing IPv4 IKE bypass policy failed");
}
- if (!hydra->kernel_interface->bypass_socket(hydra->kernel_interface,
- s, AF_INET6))
+ if (!charon->kernel->bypass_socket(charon->kernel, s, AF_INET6))
{
DBG1(DBG_NET, "installing IPv6 IKE bypass policy failed");
}
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 400aa64a2..134abb955 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -16,7 +16,6 @@
#include "stroke_config.h"
-#include <hydra.h>
#include <daemon.h>
#include <threading/mutex.h>
#include <utils/lexparser.h>
@@ -201,8 +200,7 @@ static bool is_local(char *address, bool any_allowed)
host = host_create_from_dns(token, 0, 0);
if (host)
{
- if (hydra->kernel_interface->get_interface(
- hydra->kernel_interface, host, NULL))
+ if (charon->kernel->get_interface(charon->kernel, host, NULL))
{
found = TRUE;
}
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index 5a1a5074d..36da5ff21 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -16,7 +16,6 @@
#include "stroke_control.h"
-#include <hydra.h>
#include <daemon.h>
#include <processing/jobs/delete_ike_sa_job.h>
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index 14233c975..9d4d54246 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -26,7 +26,6 @@
#include <malloc.h>
#endif /* HAVE_MALLINFO */
-#include <hydra.h>
#include <daemon.h>
#include <collections/linked_list.h>
#include <plugins/plugin.h>
@@ -533,8 +532,8 @@ METHOD(stroke_list_t, status, void,
}
enumerator->destroy(enumerator);
- enumerator = hydra->kernel_interface->create_address_enumerator(
- hydra->kernel_interface, ADDR_TYPE_REGULAR);
+ enumerator = charon->kernel->create_address_enumerator(charon->kernel,
+ ADDR_TYPE_REGULAR);
fprintf(out, "Listening IP addresses:\n");
while (enumerator->enumerate(enumerator, (void**)&host))
{
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
index d2ba2e345..2bad4fab0 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
@@ -18,7 +18,6 @@
#include "tnc_ifmap_renew_session_job.h"
#include <daemon.h>
-#include <hydra.h>
#include <utils/debug.h>
#define IFMAP_RENEW_SESSION_INTERVAL 150
@@ -51,8 +50,8 @@ static bool publish_device_ip_addresses(private_tnc_ifmap_listener_t *this)
host_t *host;
bool success = TRUE;
- enumerator = hydra->kernel_interface->create_address_enumerator(
- hydra->kernel_interface, ADDR_TYPE_REGULAR);
+ enumerator = charon->kernel->create_address_enumerator(charon->kernel,
+ ADDR_TYPE_REGULAR);
while (enumerator->enumerate(enumerator, &host))
{
if (!this->ifmap->publish_device_ip(this->ifmap, host))
diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index 96282bee0..dafdf94fc 100644
--- a/src/libcharon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
@@ -21,7 +21,6 @@
#include "updown_listener.h"
#include <utils/process.h>
-#include <hydra.h>
#include <daemon.h>
#include <config/child_cfg.h>
@@ -265,8 +264,7 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
config->get_name(config));
if (up)
{
- if (hydra->kernel_interface->get_interface(hydra->kernel_interface,
- me, &iface))
+ if (charon->kernel->get_interface(charon->kernel, me, &iface))
{
cache_iface(this, child_sa->get_reqid(child_sa), iface);
}
diff --git a/src/libcharon/plugins/vici/vici_tests.c b/src/libcharon/plugins/vici/vici_tests.c
index 434aa5e18..d1f8097bf 100644
--- a/src/libcharon/plugins/vici/vici_tests.c
+++ b/src/libcharon/plugins/vici/vici_tests.c
@@ -16,7 +16,6 @@
#include <test_runner.h>
#include <daemon.h>
-#include <hydra.h>
/* declare test suite constructors */
#define TEST_SUITE(x) test_suite_t* x();
diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c
index b4f135a57..c39689012 100644
--- a/src/libcharon/processing/jobs/adopt_children_job.c
+++ b/src/libcharon/processing/jobs/adopt_children_job.c
@@ -19,7 +19,6 @@
#include "adopt_children_job.h"
#include <daemon.h>
-#include <hydra.h>
#include <collections/array.h>
#include <processing/jobs/delete_ike_sa_job.h>
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index b0f163c83..56b7cb5a4 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -23,7 +23,6 @@
#include <string.h>
#include <time.h>
-#include <hydra.h>
#include <daemon.h>
#include <collections/array.h>
@@ -469,10 +468,10 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound)
{
if (this->my_spi)
{
- status = hydra->kernel_interface->query_sa(hydra->kernel_interface,
- this->other_addr, this->my_addr, this->my_spi,
- proto_ike2ip(this->protocol), this->mark_in,
- &bytes, &packets, &time);
+ status = charon->kernel->query_sa(charon->kernel, this->other_addr,
+ this->my_addr, this->my_spi,
+ proto_ike2ip(this->protocol), this->mark_in,
+ &bytes, &packets, &time);
if (status == SUCCESS)
{
if (bytes > this->my_usebytes)
@@ -493,10 +492,10 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound)
{
if (this->other_spi)
{
- status = hydra->kernel_interface->query_sa(hydra->kernel_interface,
- this->my_addr, this->other_addr, this->other_spi,
- proto_ike2ip(this->protocol), this->mark_out,
- &bytes, &packets, &time);
+ status = charon->kernel->query_sa(charon->kernel, this->my_addr,
+ this->other_addr, this->other_spi,
+ proto_ike2ip(this->protocol), this->mark_out,
+ &bytes, &packets, &time);
if (status == SUCCESS)
{
if (bytes > this->other_usebytes)
@@ -532,15 +531,15 @@ static bool update_usetime(private_child_sa_t *this, bool inbound)
if (inbound)
{
- if (hydra->kernel_interface->query_policy(hydra->kernel_interface,
- other_ts, my_ts, POLICY_IN, this->mark_in, &in) == SUCCESS)
+ if (charon->kernel->query_policy(charon->kernel, other_ts,
+ my_ts, POLICY_IN, this->mark_in, &in) == SUCCESS)
{
last_use = max(last_use, in);
}
if (this->mode != MODE_TRANSPORT)
{
- if (hydra->kernel_interface->query_policy(hydra->kernel_interface,
- other_ts, my_ts, POLICY_FWD, this->mark_in, &fwd) == SUCCESS)
+ if (charon->kernel->query_policy(charon->kernel, other_ts,
+ my_ts, POLICY_FWD, this->mark_in, &fwd) == SUCCESS)
{
last_use = max(last_use, fwd);
}
@@ -548,8 +547,8 @@ static bool update_usetime(private_child_sa_t *this, bool inbound)
}
else
{
- if (hydra->kernel_interface->query_policy(hydra->kernel_interface,
- my_ts, other_ts, POLICY_OUT, this->mark_out, &out) == SUCCESS)
+ if (charon->kernel->query_policy(charon->kernel, my_ts,
+ other_ts, POLICY_OUT, this->mark_out, &out) == SUCCESS)
{
last_use = max(last_use, out);
}
@@ -629,10 +628,8 @@ METHOD(child_sa_t, get_installtime, time_t,
METHOD(child_sa_t, alloc_spi, u_int32_t,
private_child_sa_t *this, protocol_id_t protocol)
{
- if (hydra->kernel_interface->get_spi(hydra->kernel_interface,
- this->other_addr, this->my_addr,
- proto_ike2ip(protocol),
- &this->my_spi) == SUCCESS)
+ if (charon->kernel->get_spi(charon->kernel, this->other_addr, this->my_addr,
+ proto_ike2ip(protocol), &this->my_spi) == SUCCESS)
{
/* if we allocate a SPI, but then are unable to establish the SA, we
* need to know the protocol family to delete the partial SA */
@@ -645,9 +642,8 @@ METHOD(child_sa_t, alloc_spi, u_int32_t,
METHOD(child_sa_t, alloc_cpi, u_int16_t,
private_child_sa_t *this)
{
- if (hydra->kernel_interface->get_cpi(hydra->kernel_interface,
- this->other_addr, this->my_addr,
- &this->my_cpi) == SUCCESS)
+ if (charon->kernel->get_cpi(charon->kernel, this->other_addr, this->my_addr,
+ &this->my_cpi) == SUCCESS)
{
return this->my_cpi;
}
@@ -711,9 +707,8 @@ METHOD(child_sa_t, install, status_t,
if (!this->reqid_allocated && !this->static_reqid)
{
- status = hydra->kernel_interface->alloc_reqid(hydra->kernel_interface,
- my_ts, other_ts, this->mark_in, this->mark_out,
- &this->reqid);
+ status = charon->kernel->alloc_reqid(charon->kernel, my_ts, other_ts,
+ this->mark_in, this->mark_out, &this->reqid);
if (status != SUCCESS)
{
return status;
@@ -757,7 +752,7 @@ METHOD(child_sa_t, install, status_t,
dst_ts = other_ts;
}
- status = hydra->kernel_interface->add_sa(hydra->kernel_interface,
+ status = charon->kernel->add_sa(charon->kernel,
src, dst, spi, proto_ike2ip(this->protocol), this->reqid,
inbound ? this->mark_in : this->mark_out, tfc,
lifetime, enc_alg, encr, int_alg, integ, this->mode,
@@ -776,7 +771,7 @@ static bool require_policy_update()
{
kernel_feature_t f;
- f = hydra->kernel_interface->get_features(hydra->kernel_interface);
+ f = charon->kernel->get_features(charon->kernel);
return !(f & KERNEL_NO_POLICY_UPDATES);
}
@@ -833,18 +828,18 @@ static status_t install_policies_internal(private_child_sa_t *this,
ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority)
{
status_t status = SUCCESS;
- status |= hydra->kernel_interface->add_policy(hydra->kernel_interface,
+ status |= charon->kernel->add_policy(charon->kernel,
my_addr, other_addr, my_ts, other_ts,
POLICY_OUT, type, other_sa,
this->mark_out, priority);
- status |= hydra->kernel_interface->add_policy(hydra->kernel_interface,
+ status |= charon->kernel->add_policy(charon->kernel,
other_addr, my_addr, other_ts, my_ts,
POLICY_IN, type, my_sa,
this->mark_in, priority);
if (this->mode != MODE_TRANSPORT)
{
- status |= hydra->kernel_interface->add_policy(hydra->kernel_interface,
+ status |= charon->kernel->add_policy(charon->kernel,
other_addr, my_addr, other_ts, my_ts,
POLICY_FWD, type, my_sa,
this->mark_in, priority);
@@ -861,15 +856,15 @@ static void del_policies_internal(private_child_sa_t *this,
ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority)
{
- hydra->kernel_interface->del_policy(hydra->kernel_interface,
+ charon->kernel->del_policy(charon->kernel,
my_addr, other_addr, my_ts, other_ts, POLICY_OUT, type,
other_sa, this->mark_out, priority);
- hydra->kernel_interface->del_policy(hydra->kernel_interface,
+ charon->kernel->del_policy(charon->kernel,
other_addr, my_addr, other_ts, my_ts, POLICY_IN,
type, my_sa, this->mark_in, priority);
if (this->mode != MODE_TRANSPORT)
{
- hydra->kernel_interface->del_policy(hydra->kernel_interface,
+ charon->kernel->del_policy(charon->kernel,
other_addr, my_addr, other_ts, my_ts, POLICY_FWD,
type, my_sa, this->mark_in, priority);
}
@@ -886,8 +881,8 @@ METHOD(child_sa_t, add_policies, status_t,
if (!this->reqid_allocated && !this->static_reqid)
{
/* trap policy, get or confirm reqid */
- status = hydra->kernel_interface->alloc_reqid(
- hydra->kernel_interface, my_ts_list, other_ts_list,
+ status = charon->kernel->alloc_reqid(
+ charon->kernel, my_ts_list, other_ts_list,
this->mark_in, this->mark_out, &this->reqid);
if (status != SUCCESS)
{
@@ -967,11 +962,10 @@ static void reinstall_vip(host_t *vip, host_t *me)
{
char *iface;
- if (hydra->kernel_interface->get_interface(hydra->kernel_interface,
- me, &iface))
+ if (charon->kernel->get_interface(charon->kernel, me, &iface))
{
- hydra->kernel_interface->del_ip(hydra->kernel_interface, vip, -1, TRUE);
- hydra->kernel_interface->add_ip(hydra->kernel_interface, vip, -1, iface);
+ charon->kernel->del_ip(charon->kernel, vip, -1, TRUE);
+ charon->kernel->add_ip(charon->kernel, vip, -1, iface);
free(iface);
}
}
@@ -1000,7 +994,7 @@ METHOD(child_sa_t, update, status_t,
/* update our (initiator) SA */
if (this->my_spi)
{
- if (hydra->kernel_interface->update_sa(hydra->kernel_interface,
+ if (charon->kernel->update_sa(charon->kernel,
this->my_spi, proto_ike2ip(this->protocol),
this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0,
this->other_addr, this->my_addr, other, me,
@@ -1014,7 +1008,7 @@ METHOD(child_sa_t, update, status_t,
/* update his (responder) SA */
if (this->other_spi)
{
- if (hydra->kernel_interface->update_sa(hydra->kernel_interface,
+ if (charon->kernel->update_sa(charon->kernel,
this->other_spi, proto_ike2ip(this->protocol),
this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0,
this->my_addr, this->other_addr, me, other,
@@ -1143,14 +1137,14 @@ METHOD(child_sa_t, destroy, void,
/* delete SAs in the kernel, if they are set up */
if (this->my_spi)
{
- hydra->kernel_interface->del_sa(hydra->kernel_interface,
+ charon->kernel->del_sa(charon->kernel,
this->other_addr, this->my_addr, this->my_spi,
proto_ike2ip(this->protocol), this->my_cpi,
this->mark_in);
}
if (this->other_spi)
{
- hydra->kernel_interface->del_sa(hydra->kernel_interface,
+ charon->kernel->del_sa(charon->kernel,
this->my_addr, this->other_addr, this->other_spi,
proto_ike2ip(this->protocol), this->other_cpi,
this->mark_out);
@@ -1158,7 +1152,7 @@ METHOD(child_sa_t, destroy, void,
if (this->reqid_allocated)
{
- if (hydra->kernel_interface->release_reqid(hydra->kernel_interface,
+ if (charon->kernel->release_reqid(charon->kernel,
this->reqid, this->mark_in, this->mark_out) != SUCCESS)
{
DBG1(DBG_CHD, "releasing reqid %u failed", this->reqid);
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index afd6fdf2a..48a4b274a 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -46,7 +46,6 @@
#include "ike_sa.h"
#include <library.h>
-#include <hydra.h>
#include <daemon.h>
#include <collections/array.h>
#include <utils/lexparser.h>
@@ -803,12 +802,12 @@ METHOD(ike_sa_t, add_virtual_ip, void,
{
char *iface;
- if (hydra->kernel_interface->get_interface(hydra->kernel_interface,
- this->my_host, &iface))
+ if (charon->kernel->get_interface(charon->kernel, this->my_host,
+ &iface))
{
DBG1(DBG_IKE, "installing new virtual IP %H", ip);
- if (hydra->kernel_interface->add_ip(hydra->kernel_interface,
- ip, -1, iface) == SUCCESS)
+ if (charon->kernel->add_ip(charon->kernel, ip, -1,
+ iface) == SUCCESS)
{
array_insert_create(&this->my_vips, ARRAY_TAIL, ip->clone(ip));
}
@@ -845,8 +844,7 @@ METHOD(ike_sa_t, clear_virtual_ips, void,
{
if (local)
{
- hydra->kernel_interface->del_ip(hydra->kernel_interface,
- vip, -1, TRUE);
+ charon->kernel->del_ip(charon->kernel, vip, -1, TRUE);
}
vip->destroy(vip);
}
@@ -1282,8 +1280,8 @@ static void resolve_hosts(private_ike_sa_t *this)
!this->other_host->is_anyaddr(this->other_host))
{
host->destroy(host);
- host = hydra->kernel_interface->get_source_addr(
- hydra->kernel_interface, this->other_host, NULL);
+ host = charon->kernel->get_source_addr(charon->kernel,
+ this->other_host, NULL);
if (host)
{
host->set_port(host, this->ike_cfg->get_my_port(this->ike_cfg));
@@ -2084,8 +2082,8 @@ static bool is_current_path_valid(private_ike_sa_t *this)
{
bool valid = FALSE;
host_t *src;
- src = hydra->kernel_interface->get_source_addr(hydra->kernel_interface,
- this->other_host, this->my_host);
+ src = charon->kernel->get_source_addr(charon->kernel, this->other_host,
+ this->my_host);
if (src)
{
if (src->ip_equals(src, this->my_host))
@@ -2129,8 +2127,7 @@ static bool is_any_path_valid(private_ike_sa_t *this)
continue;
}
DBG1(DBG_IKE, "looking for a route to %H ...", addr);
- src = hydra->kernel_interface->get_source_addr(
- hydra->kernel_interface, addr, NULL);
+ src = charon->kernel->get_source_addr(charon->kernel, addr, NULL);
if (src)
{
break;
@@ -2418,7 +2415,7 @@ METHOD(ike_sa_t, destroy, void,
}
while (array_remove(this->my_vips, ARRAY_TAIL, &vip))
{
- hydra->kernel_interface->del_ip(hydra->kernel_interface, vip, -1, TRUE);
+ charon->kernel->del_ip(charon->kernel, vip, -1, TRUE);
vip->destroy(vip);
}
if (array_count(this->other_vips))
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
index b8af6f67b..cb1a31371 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
@@ -41,7 +41,6 @@
#include <string.h>
-#include <hydra.h>
#include <daemon.h>
#include <sa/ikev1/keymat_v1.h>
#include <config/peer_cfg.h>
@@ -104,7 +103,7 @@ static bool force_encap(ike_cfg_t *ike_cfg)
{
if (!ike_cfg->force_encap(ike_cfg))
{
- return hydra->kernel_interface->get_features(hydra->kernel_interface) &
+ return charon->kernel->get_features(charon->kernel) &
KERNEL_REQUIRE_UDP_ENCAPSULATION;
}
return TRUE;
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index c0c91574c..ecdfc780d 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -16,7 +16,6 @@
#include "xauth.h"
#include <daemon.h>
-#include <hydra.h>
#include <encoding/payloads/cp_payload.h>
#include <processing/jobs/adopt_children_job.h>
#include <sa/ikev1/tasks/mode_config.h>
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 97f73d851..740d09778 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -18,7 +18,6 @@
#include "child_create.h"
#include <daemon.h>
-#include <hydra.h>
#include <sa/ikev2/keymat_v2.h>
#include <crypto/diffie_hellman.h>
#include <credentials/certificates/x509.h>
@@ -786,7 +785,7 @@ static bool build_payloads(private_child_create_t *this, message_t *message)
break;
}
- features = hydra->kernel_interface->get_features(hydra->kernel_interface);
+ features = charon->kernel->get_features(charon->kernel);
if (!(features & KERNEL_ESP_V3_TFC))
{
message->add_notify(message, FALSE, ESP_TFC_PADDING_NOT_SUPPORTED,
diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c
index a7e7505a1..10d412ffd 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_me.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_me.c
@@ -17,7 +17,6 @@
#include <string.h>
-#include <hydra.h>
#include <daemon.h>
#include <config/peer_cfg.h>
#include <encoding/payloads/id_payload.h>
@@ -135,8 +134,8 @@ static void gather_and_add_endpoints(private_ike_me_t *this, message_t *message)
host = this->ike_sa->get_my_host(this->ike_sa);
port = host->get_port(host);
- enumerator = hydra->kernel_interface->create_address_enumerator(
- hydra->kernel_interface, ADDR_TYPE_REGULAR);
+ enumerator = charon->kernel->create_address_enumerator(charon->kernel,
+ ADDR_TYPE_REGULAR);
while (enumerator->enumerate(enumerator, (void**)&addr))
{
host = addr->clone(addr);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index cbdc5e797..3f7bb175f 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -18,7 +18,6 @@
#include <string.h>
-#include <hydra.h>
#include <daemon.h>
#include <sa/ikev2/tasks/ike_natd.h>
#include <encoding/payloads/notify_payload.h>
@@ -196,8 +195,8 @@ static void build_address_list(private_ike_mobike_t *this, message_t *message)
int added = 0;
me = this->ike_sa->get_my_host(this->ike_sa);
- enumerator = hydra->kernel_interface->create_address_enumerator(
- hydra->kernel_interface, ADDR_TYPE_REGULAR);
+ enumerator = charon->kernel->create_address_enumerator(charon->kernel,
+ ADDR_TYPE_REGULAR);
while (enumerator->enumerate(enumerator, (void**)&host))
{
if (me->ip_equals(me, host))
@@ -333,8 +332,7 @@ METHOD(ike_mobike_t, transmit, bool,
if (!this->check)
{
- me = hydra->kernel_interface->get_source_addr(hydra->kernel_interface,
- other_old, me_old);
+ me = charon->kernel->get_source_addr(charon->kernel, other_old, me_old);
if (me)
{
if (me->ip_equals(me, me_old))
@@ -372,8 +370,7 @@ METHOD(ike_mobike_t, transmit, bool,
{
continue;
}
- me = hydra->kernel_interface->get_source_addr(
- hydra->kernel_interface, other, NULL);
+ me = charon->kernel->get_source_addr(charon->kernel, other, NULL);
if (me)
{
/* reuse port for an active address, 4500 otherwise */
@@ -407,7 +404,7 @@ METHOD(task_t, build_i, status_t,
/* we check if the existing address is still valid */
old = message->get_source(message);
- new = hydra->kernel_interface->get_source_addr(hydra->kernel_interface,
+ new = charon->kernel->get_source_addr(charon->kernel,
message->get_destination(message), old);
if (new)
{
diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c
index dd34c1234..4bf5264dd 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_natd.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c
@@ -18,7 +18,6 @@
#include <string.h>
-#include <hydra.h>
#include <daemon.h>
#include <config/peer_cfg.h>
#include <crypto/hashers/hasher.h>
@@ -86,7 +85,7 @@ static bool force_encap(ike_cfg_t *ike_cfg)
{
if (!ike_cfg->force_encap(ike_cfg))
{
- return hydra->kernel_interface->get_features(hydra->kernel_interface) &
+ return charon->kernel->get_features(charon->kernel) &
KERNEL_REQUIRE_UDP_ENCAPSULATION;
}
return TRUE;
@@ -327,7 +326,7 @@ METHOD(task_t, build_i, status_t,
}
else
{
- host = hydra->kernel_interface->get_source_addr(hydra->kernel_interface,
+ host = charon->kernel->get_source_addr(charon->kernel,
this->ike_sa->get_other_host(this->ike_sa), NULL);
if (host)
{ /* 2. */
@@ -341,8 +340,8 @@ METHOD(task_t, build_i, status_t,
}
else
{ /* 3. */
- enumerator = hydra->kernel_interface->create_address_enumerator(
- hydra->kernel_interface, ADDR_TYPE_REGULAR);
+ enumerator = charon->kernel->create_address_enumerator(
+ charon->kernel, ADDR_TYPE_REGULAR);
while (enumerator->enumerate(enumerator, (void**)&host))
{
/* apply port 500 to host, but work on a copy */
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c
index 5231994c8..0e9cf6e1f 100644
--- a/src/libcharon/sa/shunt_manager.c
+++ b/src/libcharon/sa/shunt_manager.c
@@ -16,7 +16,6 @@
#include "shunt_manager.h"
-#include <hydra.h>
#include <daemon.h>
#include <threading/rwlock.h>
#include <threading/rwlock_condvar.h>
@@ -111,22 +110,22 @@ static bool install_shunt_policy(child_cfg_t *child)
continue;
}
/* install out policy */
- status |= hydra->kernel_interface->add_policy(
- hydra->kernel_interface, host_any, host_any,
+ status |= charon->kernel->add_policy(charon->kernel,
+ host_any, host_any,
my_ts, other_ts, POLICY_OUT, policy_type,
&sa, child->get_mark(child, FALSE),
policy_prio);
/* install in policy */
- status |= hydra->kernel_interface->add_policy(
- hydra->kernel_interface, host_any, host_any,
+ status |= charon->kernel->add_policy(charon->kernel,
+ host_any, host_any,
other_ts, my_ts, POLICY_IN, policy_type,
&sa, child->get_mark(child, TRUE),
policy_prio);
/* install forward policy */
- status |= hydra->kernel_interface->add_policy(
- hydra->kernel_interface, host_any, host_any,
+ status |= charon->kernel->add_policy(charon->kernel,
+ host_any, host_any,
other_ts, my_ts, POLICY_FWD, policy_type,
&sa, child->get_mark(child, TRUE),
policy_prio);
@@ -248,22 +247,22 @@ static void uninstall_shunt_policy(child_cfg_t *child)
continue;
}
/* uninstall out policy */
- status |= hydra->kernel_interface->del_policy(
- hydra->kernel_interface, host_any, host_any,
+ status |= charon->kernel->del_policy(charon->kernel,
+ host_any, host_any,
my_ts, other_ts, POLICY_OUT, policy_type,
&sa, child->get_mark(child, FALSE),
policy_prio);
/* uninstall in policy */
- status |= hydra->kernel_interface->del_policy(
- hydra->kernel_interface, host_any, host_any,
+ status |= charon->kernel->del_policy(charon->kernel,
+ host_any, host_any,
other_ts, my_ts, POLICY_IN, policy_type,
&sa, child->get_mark(child, TRUE),
policy_prio);
/* uninstall forward policy */
- status |= hydra->kernel_interface->del_policy(
- hydra->kernel_interface, host_any, host_any,
+ status |= charon->kernel->del_policy(charon->kernel,
+ host_any, host_any,
other_ts, my_ts, POLICY_FWD, policy_type,
&sa, child->get_mark(child, TRUE),
policy_prio);
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index 90ad7e40e..85e220775 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -16,7 +16,6 @@
#include "trap_manager.h"
-#include <hydra.h>
#include <daemon.h>
#include <threading/mutex.h>
#include <threading/rwlock.h>
@@ -195,8 +194,7 @@ METHOD(trap_manager_t, install, u_int32_t,
if (!me || me->is_anyaddr(me))
{
DESTROY_IF(me);
- me = hydra->kernel_interface->get_source_addr(
- hydra->kernel_interface, other, NULL);
+ me = charon->kernel->get_source_addr(charon->kernel, other, NULL);
if (!me)
{
DBG1(DBG_CFG, "installing trap failed, local address unknown");