Annotation of embedaddon/strongswan/src/libipsec/ipsec_sa.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2012 Tobias Brunner
! 3: * Copyright (C) 2012 Giuliano Grassi
! 4: * Copyright (C) 2012 Ralf Sager
! 5: * HSR Hochschule fuer Technik Rapperswil
! 6: *
! 7: * This program is free software; you can redistribute it and/or modify it
! 8: * under the terms of the GNU General Public License as published by the
! 9: * Free Software Foundation; either version 2 of the License, or (at your
! 10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 11: *
! 12: * This program is distributed in the hope that it will be useful, but
! 13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 15: * for more details.
! 16: */
! 17:
! 18: /**
! 19: * @defgroup ipsec_sa ipsec_sa
! 20: * @{ @ingroup libipsec
! 21: */
! 22:
! 23: #ifndef IPSEC_SA_H_
! 24: #define IPSEC_SA_H_
! 25:
! 26: #include "esp_context.h"
! 27:
! 28: #include <library.h>
! 29: #include <networking/host.h>
! 30: #include <selectors/traffic_selector.h>
! 31: #include <ipsec/ipsec_types.h>
! 32:
! 33: typedef struct ipsec_sa_t ipsec_sa_t;
! 34:
! 35: /**
! 36: * IPsec Security Association (SA)
! 37: */
! 38: struct ipsec_sa_t {
! 39:
! 40: /**
! 41: * Get the source address for this SA
! 42: *
! 43: * @return source address of this SA
! 44: */
! 45: host_t *(*get_source)(ipsec_sa_t *this);
! 46:
! 47: /**
! 48: * Get the destination address for this SA
! 49: *
! 50: * @return destination address of this SA
! 51: */
! 52: host_t *(*get_destination)(ipsec_sa_t *this);
! 53:
! 54: /**
! 55: * Set the source address for this SA
! 56: *
! 57: * @param addr source address of this SA (gets cloned)
! 58: */
! 59: void (*set_source)(ipsec_sa_t *this, host_t *addr);
! 60:
! 61: /**
! 62: * Set the destination address for this SA
! 63: *
! 64: * @param addr destination address of this SA (gets cloned)
! 65: */
! 66: void (*set_destination)(ipsec_sa_t *this, host_t *addr);
! 67:
! 68: /**
! 69: * Get the SPI for this SA
! 70: *
! 71: * @return SPI of this SA
! 72: */
! 73: uint32_t (*get_spi)(ipsec_sa_t *this);
! 74:
! 75: /**
! 76: * Get the reqid of this SA
! 77: *
! 78: * @return reqid of this SA
! 79: */
! 80: uint32_t (*get_reqid)(ipsec_sa_t *this);
! 81:
! 82: /**
! 83: * Get the protocol (e.g. IPPROTO_ESP) of this SA
! 84: *
! 85: * @return protocol of this SA
! 86: */
! 87: uint8_t (*get_protocol)(ipsec_sa_t *this);
! 88:
! 89: /**
! 90: * Returns whether this SA is inbound or outbound
! 91: *
! 92: * @return TRUE if inbound, FALSE if outbound
! 93: */
! 94: bool (*is_inbound)(ipsec_sa_t *this);
! 95:
! 96: /**
! 97: * Get the lifetime information for this SA
! 98: * Note that this information is always relative to the time when the
! 99: * SA was installed (i.e. it is not adjusted over time)
! 100: *
! 101: * @return lifetime of this SA
! 102: */
! 103: lifetime_cfg_t *(*get_lifetime)(ipsec_sa_t *this);
! 104:
! 105: /**
! 106: * Get the ESP context for this SA
! 107: *
! 108: * @return ESP context of this SA
! 109: */
! 110: esp_context_t *(*get_esp_context)(ipsec_sa_t *this);
! 111:
! 112: /**
! 113: * Get usage statistics for this SA.
! 114: *
! 115: * @param bytes receives number of processed bytes, or NULL
! 116: * @param packets receives number of processed packets, or NULL
! 117: * @param time receives last use time of this SA, or NULL
! 118: */
! 119: void (*get_usestats)(ipsec_sa_t *this, uint64_t *bytes, uint64_t *packets,
! 120: time_t *time);
! 121:
! 122: /**
! 123: * Record en/decryption of a packet to update usage statistics.
! 124: *
! 125: * @param bytes length of packet processed
! 126: */
! 127: void (*update_usestats)(ipsec_sa_t *this, uint32_t bytes);
! 128:
! 129: /**
! 130: * Expire this SA, soft or hard.
! 131: *
! 132: * A soft expire triggers a rekey, a hard expire blocks the SA and
! 133: * triggers a delete for the SA.
! 134: *
! 135: * @param hard TRUE for hard, FALSE for soft
! 136: */
! 137: void (*expire)(ipsec_sa_t *this, bool hard);
! 138:
! 139: /**
! 140: * Check if this SA matches all given parameters
! 141: *
! 142: * Only matches if the SA has not yet expired.
! 143: *
! 144: * @param spi SPI
! 145: * @param dst destination address
! 146: * @return TRUE if this SA matches all parameters, FALSE otherwise
! 147: */
! 148: bool (*match_by_spi_dst)(ipsec_sa_t *this, uint32_t spi, host_t *dst);
! 149:
! 150: /**
! 151: * Check if this SA matches all given parameters
! 152: *
! 153: * @param spi SPI
! 154: * @param src source address
! 155: * @param dst destination address
! 156: * @return TRUE if this SA matches all parameters, FALSE otherwise
! 157: */
! 158: bool (*match_by_spi_src_dst)(ipsec_sa_t *this, uint32_t spi, host_t *src,
! 159: host_t *dst);
! 160:
! 161: /**
! 162: * Check if this SA matches all given parameters
! 163: *
! 164: * Only matches if the SA has not yet expired.
! 165: *
! 166: * @param reqid reqid
! 167: * @param inbound TRUE for inbound SA, FALSE for outbound
! 168: * @return TRUE if this SA matches all parameters, FALSE otherwise
! 169: */
! 170: bool (*match_by_reqid)(ipsec_sa_t *this, uint32_t reqid, bool inbound);
! 171:
! 172: /**
! 173: * Destroy an ipsec_sa_t
! 174: */
! 175: void (*destroy)(ipsec_sa_t *this);
! 176:
! 177: };
! 178:
! 179: /**
! 180: * Create an ipsec_sa_t instance
! 181: *
! 182: * @param spi SPI for this SA
! 183: * @param src source address for this SA (gets cloned)
! 184: * @param dst destination address for this SA (gets cloned)
! 185: * @param protocol protocol for this SA (only ESP is supported)
! 186: * @param reqid reqid for this SA
! 187: * @param mark mark for this SA (ignored)
! 188: * @param tfc Traffic Flow Confidentiality (currently not supported)
! 189: * @param lifetime lifetime for this SA
! 190: * @param enc_alg encryption algorithm for this SA
! 191: * @param enc_key encryption key for this SA
! 192: * @param int_alg integrity protection algorithm
! 193: * @param int_key integrity protection key
! 194: * @param mode mode for this SA (only tunnel mode is supported)
! 195: * @param ipcomp IPcomp transform (not supported, use IPCOMP_NONE)
! 196: * @param cpi CPI for IPcomp (ignored)
! 197: * @param encap enable UDP encapsulation (must be TRUE)
! 198: * @param esn Extended Sequence Numbers (currently not supported)
! 199: * @param inbound TRUE if this is an inbound SA, FALSE otherwise
! 200: * @return the IPsec SA, or NULL if the creation failed
! 201: */
! 202: ipsec_sa_t *ipsec_sa_create(uint32_t spi, host_t *src, host_t *dst,
! 203: uint8_t protocol, uint32_t reqid, mark_t mark,
! 204: uint32_t tfc, lifetime_cfg_t *lifetime,
! 205: uint16_t enc_alg, chunk_t enc_key,
! 206: uint16_t int_alg, chunk_t int_key,
! 207: ipsec_mode_t mode, uint16_t ipcomp, uint16_t cpi,
! 208: bool encap, bool esn, bool inbound);
! 209:
! 210: #endif /** IPSEC_SA_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ipsec_sa.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libipsec