From 914479370ed23aa420a15ef3f19c2c39dce3b133 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 13 Jul 2012 13:21:45 +0200 Subject: Added IPsec SA manager --- src/libipsec/ipsec.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/libipsec/ipsec.c') diff --git a/src/libipsec/ipsec.c b/src/libipsec/ipsec.c index add3b463a..5ae6c74aa 100644 --- a/src/libipsec/ipsec.c +++ b/src/libipsec/ipsec.c @@ -1,4 +1,6 @@ /* + * Copyright (C) 2012 Giuliano Grassi + * Copyright (C) 2012 Ralf Sager * Copyright (C) 2012 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -41,6 +43,7 @@ ipsec_t *ipsec; void libipsec_deinit() { private_ipsec_t *this = (private_ipsec_t*)ipsec; + DESTROY_IF(this->public.sas); free(this); ipsec = NULL; } @@ -52,10 +55,7 @@ bool libipsec_init() { private_ipsec_t *this; - INIT(this, - .public = { - }, - ); + INIT(this); ipsec = &this->public; if (lib->integrity && @@ -64,6 +64,8 @@ bool libipsec_init() DBG1(DBG_LIB, "integrity check of libipsec failed"); return FALSE; } + + this->public.sas = ipsec_sa_mgr_create(); return TRUE; } -- cgit v1.2.3 From b50f56f326d1e58d13f4287280799236fd239a05 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 13 Jul 2012 13:32:27 +0200 Subject: Added class to relay IPsec events (like expiration) to listeners Currently, only expiration of IPsec SAs is supported. Later other events for e.g. acquires or changed NAT endpoints could be added. --- src/libipsec/ipsec.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/libipsec/ipsec.c') diff --git a/src/libipsec/ipsec.c b/src/libipsec/ipsec.c index 5ae6c74aa..49773abc9 100644 --- a/src/libipsec/ipsec.c +++ b/src/libipsec/ipsec.c @@ -43,6 +43,7 @@ ipsec_t *ipsec; void libipsec_deinit() { private_ipsec_t *this = (private_ipsec_t*)ipsec; + DESTROY_IF(this->public.events); DESTROY_IF(this->public.sas); free(this); ipsec = NULL; @@ -66,6 +67,7 @@ bool libipsec_init() } this->public.sas = ipsec_sa_mgr_create(); + this->public.events = ipsec_event_relay_create(); return TRUE; } -- cgit v1.2.3 From 7000cf11b1b4e3b2c504951812b48396258e55e2 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 13 Jul 2012 14:27:41 +0200 Subject: IPsec policy manager added This version only provides the very simplest management functions. --- src/libipsec/ipsec.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/libipsec/ipsec.c') diff --git a/src/libipsec/ipsec.c b/src/libipsec/ipsec.c index 49773abc9..5453430a3 100644 --- a/src/libipsec/ipsec.c +++ b/src/libipsec/ipsec.c @@ -44,6 +44,7 @@ void libipsec_deinit() { private_ipsec_t *this = (private_ipsec_t*)ipsec; DESTROY_IF(this->public.events); + DESTROY_IF(this->public.policies); DESTROY_IF(this->public.sas); free(this); ipsec = NULL; @@ -67,6 +68,7 @@ bool libipsec_init() } this->public.sas = ipsec_sa_mgr_create(); + this->public.policies = ipsec_policy_mgr_create(); this->public.events = ipsec_event_relay_create(); return TRUE; } -- cgit v1.2.3 From a113d7f29bd2c4c9f378e3644f9309f44e0a08e8 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 13 Jul 2012 15:34:51 +0200 Subject: Added IPsec processor which is responsible for handling in- and outbound packets Two callbacks can be registered that get called when new inbound plaintext and outbound ESP packets have been processed. Inbound ESP and outbound plaintext packets can be queued for processing with two other methods. --- src/libipsec/ipsec.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/libipsec/ipsec.c') diff --git a/src/libipsec/ipsec.c b/src/libipsec/ipsec.c index 5453430a3..50d9163ea 100644 --- a/src/libipsec/ipsec.c +++ b/src/libipsec/ipsec.c @@ -43,6 +43,7 @@ ipsec_t *ipsec; void libipsec_deinit() { private_ipsec_t *this = (private_ipsec_t*)ipsec; + DESTROY_IF(this->public.processor); DESTROY_IF(this->public.events); DESTROY_IF(this->public.policies); DESTROY_IF(this->public.sas); @@ -70,6 +71,7 @@ bool libipsec_init() this->public.sas = ipsec_sa_mgr_create(); this->public.policies = ipsec_policy_mgr_create(); this->public.events = ipsec_event_relay_create(); + this->public.processor = ipsec_processor_create(); return TRUE; } -- cgit v1.2.3