1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
/**
* @file ike_sa_manager.h
*
* @brief Interface of ike_sa_manager_t.
*
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef IKE_SA_MANAGER_H_
#define IKE_SA_MANAGER_H_
#include <types.h>
#include <sa/ike_sa.h>
typedef struct ike_sa_manager_t ike_sa_manager_t;
/**
* @brief The IKE_SA-Manager manages the IKE_SAs ;-).
*
* To avoid access from multiple threads, IKE_SAs must be checked out from
* the manager, and checked in after usage.
* The manager also handles deletion of SAs.
*
* @todo checking of double-checkouts from the same threads would be nice.
* This could be by comparing thread-ids via pthread_self()...
*
* @ingroup sa
*/
struct ike_sa_manager_t {
/**
* @brief Checkout an IKE_SA, create it when necesarry
*
* Checks out a SA by its ID. An SA will be created, when:
* - Responder SPI is not set (when received an IKE_SA_INIT from initiator)
* Management of SPIs is the managers job, he will set it.
* This function blocks until SA is available for checkout.
*
* @warning checking out two times without checking in will
* result in a deadlock!
*
* @param ike_sa_manager the manager object
* @param ike_sa_id[in/out] the SA identifier, will be updated
* @param ike_sa[out] checked out SA
* @returns
* - SUCCESS if checkout successful
* - NOT_FOUND when no such SA is available
*/
status_t (*checkout) (ike_sa_manager_t* ike_sa_manager, ike_sa_id_t *sa_id, ike_sa_t **ike_sa);
/**
* @brief Create and checkout an IKE_SA as original initator.
*
* Creates and checks out a SA as initiator. An SA will be created, when:
* Management of SPIs is the managers job, he will set it.
*
* @warning checking out two times without checking in will
* result in a deadlock!
*
* @param ike_sa_manager the manager object
* @param ike_sa[out] checked out SA
*/
void (*create_and_checkout) (ike_sa_manager_t* ike_sa_manager,ike_sa_t **ike_sa);
/**
* @brief Checkin the SA after usage
*
* @warning the SA pointer MUST NOT be used after checkin!
* The SA must be checked out again!
*
* @param ike_sa_manager the manager object
* @param ike_sa_id[in/out] the SA identifier, will be updated
* @param ike_sa[out] checked out SA
* @returns
* - SUCCESS if checked in
* - NOT_FOUND when not found (shouldn't happen!)
*/
status_t (*checkin) (ike_sa_manager_t* ike_sa_manager, ike_sa_t *ike_sa);
/**
* @brief delete a SA, wich was not checked out
*
* @warning do not use this when the SA is already checked out, this will
* deadlock!
*
* @param ike_sa_manager the manager object
* @param ike_sa_id[in/out] the SA identifier
* @returns
* - SUCCESS if found
* - NOT_FOUND when no such SA is available
*/
status_t (*delete) (ike_sa_manager_t* ike_sa_manager, ike_sa_id_t *ike_sa_id);
/**
* @brief delete a checked out SA
*
* @param ike_sa_manager the manager object
* @param ike_sa SA to delete
* @returns
* - SUCCESS if found
* - NOT_FOUND when no such SA is available
*/
status_t (*checkin_and_delete) (ike_sa_manager_t* ike_sa_manager, ike_sa_t *ike_sa);
/**
* @brief Destroys the manager with all associated SAs
*
* Threads will be driven out, so all SAs can be deleted cleanly
*
* @param ike_sa_manager the manager object
*/
void (*destroy) (ike_sa_manager_t *ike_sa_manager);
};
/**
* @brief Create a manager
*
* @returns the created manager
*
* @ingroup sa
*/
ike_sa_manager_t *ike_sa_manager_create();
#endif /*IKE_SA_MANAGER_H_*/
|
