aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'src/libhydra/kernel')
-rw-r--r--src/libhydra/kernel/kernel_interface.c8
-rw-r--r--src/libhydra/kernel/kernel_interface.h9
-rw-r--r--src/libhydra/kernel/kernel_ipsec.h20
3 files changed, 25 insertions, 12 deletions
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index 8228d2619..ebe653ec4 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -132,14 +132,14 @@ METHOD(kernel_interface_t, add_policy, status_t,
private_kernel_interface_t *this, host_t *src, host_t *dst,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, bool routed)
+ mark_t mark, policy_priority_t priority)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts,
- direction, type, sa, mark, routed);
+ direction, type, sa, mark, priority);
}
METHOD(kernel_interface_t, query_policy, status_t,
@@ -158,14 +158,14 @@ METHOD(kernel_interface_t, query_policy, status_t,
METHOD(kernel_interface_t, del_policy, status_t,
private_kernel_interface_t *this, traffic_selector_t *src_ts,
traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
- mark_t mark, bool unrouted)
+ mark_t mark, policy_priority_t priority)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts,
- direction, reqid, mark, unrouted);
+ direction, reqid, mark, priority);
}
METHOD(kernel_interface_t, get_source_addr, host_t*,
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index a7f8e26a8..4c2f7ef99 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -188,7 +188,7 @@ struct kernel_interface_t {
* @param type type of policy, POLICY_(IPSEC|PASS|DROP)
* @param sa details about the SA(s) tied to this policy
* @param mark mark for this policy
- * @param routed TRUE, if this policy is routed in the kernel
+ * @param priority priority of this policy
* @return SUCCESS if operation completed
*/
status_t (*add_policy) (kernel_interface_t *this,
@@ -196,7 +196,8 @@ struct kernel_interface_t {
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark, bool routed);
+ ipsec_sa_cfg_t *sa, mark_t mark,
+ policy_priority_t priority);
/**
* Query the use time of a policy.
@@ -230,14 +231,14 @@ struct kernel_interface_t {
* @param direction direction of traffic, POLICY_(IN|OUT|FWD)
* @param reqid unique ID of the associated SA
* @param mark optional mark
- * @param unrouted TRUE, if this policy is unrouted from the kernel
+ * @param priority priority of the policy
* @return SUCCESS if operation completed
*/
status_t (*del_policy) (kernel_interface_t *this,
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
policy_dir_t direction, u_int32_t reqid,
- mark_t mark, bool unrouted);
+ mark_t mark, policy_priority_t priority);
/**
* Get our outgoing source address for a destination.
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h
index f1122db68..375945917 100644
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -27,6 +27,7 @@
typedef enum ipsec_mode_t ipsec_mode_t;
typedef enum policy_dir_t policy_dir_t;
typedef enum policy_type_t policy_type_t;
+typedef enum policy_priority_t policy_priority_t;
typedef enum ipcomp_transform_t ipcomp_transform_t;
typedef struct kernel_ipsec_t kernel_ipsec_t;
typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
@@ -90,6 +91,16 @@ enum policy_type_t {
};
/**
+ * High-level priority of a policy.
+ */
+enum policy_priority_t {
+ /** Default priority */
+ POLICY_PRIORITY_DEFAULT,
+ /** Priority for trap policies */
+ POLICY_PRIORITY_ROUTED,
+};
+
+/**
* IPComp transform IDs, as in RFC 4306
*/
enum ipcomp_transform_t {
@@ -305,7 +316,7 @@ struct kernel_ipsec_t {
* @param type type of policy, POLICY_(IPSEC|PASS|DROP)
* @param sa details about the SA(s) tied to this policy
* @param mark mark for this policy
- * @param routed TRUE, if this policy is routed in the kernel
+ * @param priority priority of this policy
* @return SUCCESS if operation completed
*/
status_t (*add_policy) (kernel_ipsec_t *this,
@@ -313,7 +324,8 @@ struct kernel_ipsec_t {
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
policy_dir_t direction, policy_type_t type,
- ipsec_sa_cfg_t *sa, mark_t mark, bool routed);
+ ipsec_sa_cfg_t *sa, mark_t mark,
+ policy_priority_t priority);
/**
* Query the use time of a policy.
@@ -348,14 +360,14 @@ struct kernel_ipsec_t {
* @param direction direction of traffic, POLICY_(IN|OUT|FWD)
* @param reqid unique ID of the associated SA
* @param mark optional mark
- * @param unrouted TRUE, if this policy is unrouted from the kernel
+ * @param priority priority of the policy
* @return SUCCESS if operation completed
*/
status_t (*del_policy) (kernel_ipsec_t *this,
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
policy_dir_t direction, u_int32_t reqid,
- mark_t mark, bool unrouted);
+ mark_t mark, policy_priority_t priority);
/**
* Install a bypass policy for the given socket.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 19:27:17 +0000