Moved types used by kernel_ipsec_t interface (and libipsec) to libstrongswan
This avoids a dependency of libipsec to libhydra.
This commit is contained in:
parent
053276e69a
commit
156f7e9b85
|
@ -17,28 +17,6 @@
|
|||
|
||||
#include <hydra.h>
|
||||
|
||||
ENUM(ipsec_mode_names, MODE_TRANSPORT, MODE_DROP,
|
||||
"TRANSPORT",
|
||||
"TUNNEL",
|
||||
"BEET",
|
||||
"PASS",
|
||||
"DROP"
|
||||
);
|
||||
|
||||
ENUM(policy_dir_names, POLICY_IN, POLICY_FWD,
|
||||
"in",
|
||||
"out",
|
||||
"fwd"
|
||||
);
|
||||
|
||||
ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH,
|
||||
"IPCOMP_NONE",
|
||||
"IPCOMP_OUI",
|
||||
"IPCOMP_DEFLATE",
|
||||
"IPCOMP_LZS",
|
||||
"IPCOMP_LZJH"
|
||||
);
|
||||
|
||||
/**
|
||||
* See header
|
||||
*/
|
||||
|
|
|
@ -24,158 +24,13 @@
|
|||
#ifndef KERNEL_IPSEC_H_
|
||||
#define KERNEL_IPSEC_H_
|
||||
|
||||
typedef enum ipsec_mode_t ipsec_mode_t;
|
||||
typedef enum policy_dir_t policy_dir_t;
|
||||
typedef enum policy_type_t policy_type_t;
|
||||
typedef enum policy_priority_t policy_priority_t;
|
||||
typedef enum ipcomp_transform_t ipcomp_transform_t;
|
||||
typedef struct kernel_ipsec_t kernel_ipsec_t;
|
||||
typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
|
||||
typedef struct lifetime_cfg_t lifetime_cfg_t;
|
||||
typedef struct mark_t mark_t;
|
||||
|
||||
#include <utils/host.h>
|
||||
#include <crypto/prf_plus.h>
|
||||
#include <ipsec/ipsec_types.h>
|
||||
#include <selectors/traffic_selector.h>
|
||||
#include <plugins/plugin.h>
|
||||
|
||||
/**
|
||||
* Mode of an IPsec SA.
|
||||
*/
|
||||
enum ipsec_mode_t {
|
||||
/** not using any encapsulation */
|
||||
MODE_NONE = 0,
|
||||
/** transport mode, no inner address */
|
||||
MODE_TRANSPORT = 1,
|
||||
/** tunnel mode, inner and outer addresses */
|
||||
MODE_TUNNEL,
|
||||
/** BEET mode, tunnel mode but fixed, bound inner addresses */
|
||||
MODE_BEET,
|
||||
/** passthrough policy for traffic without an IPsec SA */
|
||||
MODE_PASS,
|
||||
/** drop policy discarding traffic */
|
||||
MODE_DROP
|
||||
};
|
||||
|
||||
/**
|
||||
* enum names for ipsec_mode_t.
|
||||
*/
|
||||
extern enum_name_t *ipsec_mode_names;
|
||||
|
||||
/**
|
||||
* Direction of a policy. These are equal to those
|
||||
* defined in xfrm.h, but we want to stay implementation
|
||||
* neutral here.
|
||||
*/
|
||||
enum policy_dir_t {
|
||||
/** Policy for inbound traffic */
|
||||
POLICY_IN = 0,
|
||||
/** Policy for outbound traffic */
|
||||
POLICY_OUT = 1,
|
||||
/** Policy for forwarded traffic */
|
||||
POLICY_FWD = 2,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum names for policy_dir_t.
|
||||
*/
|
||||
extern enum_name_t *policy_dir_names;
|
||||
|
||||
/**
|
||||
* Type of a policy.
|
||||
*/
|
||||
enum policy_type_t {
|
||||
/** Normal IPsec policy */
|
||||
POLICY_IPSEC = 1,
|
||||
/** Passthrough policy (traffic is ignored by IPsec) */
|
||||
POLICY_PASS,
|
||||
/** Drop policy (traffic is discarded) */
|
||||
POLICY_DROP,
|
||||
};
|
||||
|
||||
/**
|
||||
* High-level priority of a policy.
|
||||
*/
|
||||
enum policy_priority_t {
|
||||
/** Default priority */
|
||||
POLICY_PRIORITY_DEFAULT,
|
||||
/** Priority for trap policies */
|
||||
POLICY_PRIORITY_ROUTED,
|
||||
/** Priority for fallback drop policies */
|
||||
POLICY_PRIORITY_FALLBACK,
|
||||
};
|
||||
|
||||
/**
|
||||
* IPComp transform IDs, as in RFC 4306
|
||||
*/
|
||||
enum ipcomp_transform_t {
|
||||
IPCOMP_NONE = 0,
|
||||
IPCOMP_OUI = 1,
|
||||
IPCOMP_DEFLATE = 2,
|
||||
IPCOMP_LZS = 3,
|
||||
IPCOMP_LZJH = 4,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum strings for ipcomp_transform_t.
|
||||
*/
|
||||
extern enum_name_t *ipcomp_transform_names;
|
||||
|
||||
/**
|
||||
* This struct contains details about IPsec SA(s) tied to a policy.
|
||||
*/
|
||||
struct ipsec_sa_cfg_t {
|
||||
/** mode of SA (tunnel, transport) */
|
||||
ipsec_mode_t mode;
|
||||
/** unique ID */
|
||||
u_int32_t reqid;
|
||||
/** details about ESP/AH */
|
||||
struct {
|
||||
/** TRUE if this protocol is used */
|
||||
bool use;
|
||||
/** SPI for ESP/AH */
|
||||
u_int32_t spi;
|
||||
} esp, ah;
|
||||
/** details about IPComp */
|
||||
struct {
|
||||
/** the IPComp transform used */
|
||||
u_int16_t transform;
|
||||
/** CPI for IPComp */
|
||||
u_int16_t cpi;
|
||||
} ipcomp;
|
||||
};
|
||||
|
||||
/**
|
||||
* A lifetime_cfg_t defines the lifetime limits of an SA.
|
||||
*
|
||||
* Set any of these values to 0 to ignore.
|
||||
*/
|
||||
struct lifetime_cfg_t {
|
||||
struct {
|
||||
/** Limit before the SA gets invalid. */
|
||||
u_int64_t life;
|
||||
/** Limit before the SA gets rekeyed. */
|
||||
u_int64_t rekey;
|
||||
/** The range of a random value subtracted from rekey. */
|
||||
u_int64_t jitter;
|
||||
} time, bytes, packets;
|
||||
};
|
||||
|
||||
/**
|
||||
* A mark_t defines an optional mark in an IPsec SA.
|
||||
*/
|
||||
struct mark_t {
|
||||
/** Mark value */
|
||||
u_int32_t value;
|
||||
/** Mark mask */
|
||||
u_int32_t mask;
|
||||
};
|
||||
|
||||
/**
|
||||
* Special mark value that uses the reqid of the CHILD_SA as mark
|
||||
*/
|
||||
#define MARK_REQID (0xFFFFFFFF)
|
||||
|
||||
/**
|
||||
* Interface to the ipsec subsystem of the kernel.
|
||||
*
|
||||
|
|
|
@ -12,7 +12,6 @@ esp_packet.c esp_packet.h
|
|||
LOCAL_C_INCLUDES += \
|
||||
$(libvstr_PATH) \
|
||||
$(strongswan_PATH)/src/include \
|
||||
$(strongswan_PATH)/src/libhydra \
|
||||
$(strongswan_PATH)/src/libstrongswan
|
||||
|
||||
LOCAL_CFLAGS := $(strongswan_CFLAGS)
|
||||
|
@ -25,7 +24,7 @@ LOCAL_ARM_MODE := arm
|
|||
|
||||
LOCAL_PRELINK_MODULE := false
|
||||
|
||||
LOCAL_SHARED_LIBRARIES += libstrongswan libhydra
|
||||
LOCAL_SHARED_LIBRARIES += libstrongswan
|
||||
|
||||
include $(BUILD_SHARED_LIBRARY)
|
||||
|
||||
|
|
|
@ -8,8 +8,7 @@ esp_packet.c esp_packet.h
|
|||
libipsec_la_LIBADD =
|
||||
|
||||
INCLUDES = \
|
||||
-I$(top_srcdir)/src/libstrongswan \
|
||||
-I$(top_srcdir)/src/libhydra
|
||||
-I$(top_srcdir)/src/libstrongswan
|
||||
|
||||
EXTRA_DIST = Android.mk
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ credentials/sets/auth_cfg_wrapper.c credentials/sets/ocsp_response_wrapper.c \
|
|||
credentials/sets/cert_cache.c credentials/sets/mem_cred.c \
|
||||
credentials/sets/callback_cred.c credentials/auth_cfg.c database/database.c \
|
||||
database/database_factory.c fetcher/fetcher.c fetcher/fetcher_manager.c eap/eap.c \
|
||||
ipsec/ipsec_types.c \
|
||||
pen/pen.c plugins/plugin_loader.c plugins/plugin_feature.c processing/jobs/job.c \
|
||||
processing/jobs/callback_job.c processing/processor.c processing/scheduler.c \
|
||||
selectors/traffic_selector.c threading/thread.c threading/thread_value.c \
|
||||
|
|
|
@ -18,6 +18,7 @@ credentials/sets/auth_cfg_wrapper.c credentials/sets/ocsp_response_wrapper.c \
|
|||
credentials/sets/cert_cache.c credentials/sets/mem_cred.c \
|
||||
credentials/sets/callback_cred.c credentials/auth_cfg.c database/database.c \
|
||||
database/database_factory.c fetcher/fetcher.c fetcher/fetcher_manager.c eap/eap.c \
|
||||
ipsec/ipsec_types.c \
|
||||
pen/pen.c plugins/plugin_loader.c plugins/plugin_feature.c processing/jobs/job.c \
|
||||
processing/jobs/callback_job.c processing/processor.c processing/scheduler.c \
|
||||
selectors/traffic_selector.c threading/thread.c threading/thread_value.c \
|
||||
|
@ -51,10 +52,11 @@ credentials/sets/ocsp_response_wrapper.h credentials/sets/cert_cache.h \
|
|||
credentials/sets/mem_cred.h credentials/sets/callback_cred.h \
|
||||
credentials/auth_cfg.h credentials/credential_set.h credentials/cert_validator.h \
|
||||
database/database.h database/database_factory.h fetcher/fetcher.h \
|
||||
fetcher/fetcher_manager.h eap/eap.h pen/pen.h plugins/plugin_loader.h \
|
||||
plugins/plugin.h plugins/plugin_feature.h processing/jobs/job.h \
|
||||
processing/jobs/callback_job.h processing/processor.h processing/scheduler.h \
|
||||
selectors/traffic_selector.h threading/thread.h threading/thread_value.h \
|
||||
fetcher/fetcher_manager.h eap/eap.h pen/pen.h ipsec/ipsec_types.h \
|
||||
plugins/plugin_loader.h plugins/plugin.h plugins/plugin_feature.h
|
||||
processing/jobs/job.h processing/jobs/callback_job.h processing/processor.h
|
||||
processing/scheduler.h selectors/traffic_selector.h \
|
||||
threading/thread.h threading/thread_value.h \
|
||||
threading/mutex.h threading/condvar.h threading/spinlock.h threading/semaphore.h \
|
||||
threading/rwlock.h threading/lock_profiler.h utils.h utils/host.h \
|
||||
utils/packet.h utils/identification.h utils/lexparser.h utils/linked_list.h \
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "ipsec_types.h"
|
||||
|
||||
ENUM(ipsec_mode_names, MODE_TRANSPORT, MODE_DROP,
|
||||
"TRANSPORT",
|
||||
"TUNNEL",
|
||||
"BEET",
|
||||
"PASS",
|
||||
"DROP"
|
||||
);
|
||||
|
||||
ENUM(policy_dir_names, POLICY_IN, POLICY_FWD,
|
||||
"in",
|
||||
"out",
|
||||
"fwd"
|
||||
);
|
||||
|
||||
ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH,
|
||||
"IPCOMP_NONE",
|
||||
"IPCOMP_OUI",
|
||||
"IPCOMP_DEFLATE",
|
||||
"IPCOMP_LZS",
|
||||
"IPCOMP_LZJH"
|
||||
);
|
|
@ -0,0 +1,172 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup ipsec_types ipsec_types
|
||||
* @{ @ingroup ipsec
|
||||
*/
|
||||
|
||||
#ifndef IPSEC_TYPES_H_
|
||||
#define IPSEC_TYPES_H_
|
||||
|
||||
typedef enum ipsec_mode_t ipsec_mode_t;
|
||||
typedef enum policy_dir_t policy_dir_t;
|
||||
typedef enum policy_type_t policy_type_t;
|
||||
typedef enum policy_priority_t policy_priority_t;
|
||||
typedef enum ipcomp_transform_t ipcomp_transform_t;
|
||||
typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
|
||||
typedef struct lifetime_cfg_t lifetime_cfg_t;
|
||||
typedef struct mark_t mark_t;
|
||||
|
||||
#include <library.h>
|
||||
|
||||
/**
|
||||
* Mode of an IPsec SA.
|
||||
*/
|
||||
enum ipsec_mode_t {
|
||||
/** not using any encapsulation */
|
||||
MODE_NONE = 0,
|
||||
/** transport mode, no inner address */
|
||||
MODE_TRANSPORT = 1,
|
||||
/** tunnel mode, inner and outer addresses */
|
||||
MODE_TUNNEL,
|
||||
/** BEET mode, tunnel mode but fixed, bound inner addresses */
|
||||
MODE_BEET,
|
||||
/** passthrough policy for traffic without an IPsec SA */
|
||||
MODE_PASS,
|
||||
/** drop policy discarding traffic */
|
||||
MODE_DROP
|
||||
};
|
||||
|
||||
/**
|
||||
* enum names for ipsec_mode_t.
|
||||
*/
|
||||
extern enum_name_t *ipsec_mode_names;
|
||||
|
||||
/**
|
||||
* Direction of a policy. These are equal to those
|
||||
* defined in xfrm.h, but we want to stay implementation
|
||||
* neutral here.
|
||||
*/
|
||||
enum policy_dir_t {
|
||||
/** Policy for inbound traffic */
|
||||
POLICY_IN = 0,
|
||||
/** Policy for outbound traffic */
|
||||
POLICY_OUT = 1,
|
||||
/** Policy for forwarded traffic */
|
||||
POLICY_FWD = 2,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum names for policy_dir_t.
|
||||
*/
|
||||
extern enum_name_t *policy_dir_names;
|
||||
|
||||
/**
|
||||
* Type of a policy.
|
||||
*/
|
||||
enum policy_type_t {
|
||||
/** Normal IPsec policy */
|
||||
POLICY_IPSEC = 1,
|
||||
/** Passthrough policy (traffic is ignored by IPsec) */
|
||||
POLICY_PASS,
|
||||
/** Drop policy (traffic is discarded) */
|
||||
POLICY_DROP,
|
||||
};
|
||||
|
||||
/**
|
||||
* High-level priority of a policy.
|
||||
*/
|
||||
enum policy_priority_t {
|
||||
/** Default priority */
|
||||
POLICY_PRIORITY_DEFAULT,
|
||||
/** Priority for trap policies */
|
||||
POLICY_PRIORITY_ROUTED,
|
||||
/** Priority for fallback drop policies */
|
||||
POLICY_PRIORITY_FALLBACK,
|
||||
};
|
||||
|
||||
/**
|
||||
* IPComp transform IDs, as in RFC 4306
|
||||
*/
|
||||
enum ipcomp_transform_t {
|
||||
IPCOMP_NONE = 0,
|
||||
IPCOMP_OUI = 1,
|
||||
IPCOMP_DEFLATE = 2,
|
||||
IPCOMP_LZS = 3,
|
||||
IPCOMP_LZJH = 4,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum strings for ipcomp_transform_t.
|
||||
*/
|
||||
extern enum_name_t *ipcomp_transform_names;
|
||||
|
||||
/**
|
||||
* This struct contains details about IPsec SA(s) tied to a policy.
|
||||
*/
|
||||
struct ipsec_sa_cfg_t {
|
||||
/** mode of SA (tunnel, transport) */
|
||||
ipsec_mode_t mode;
|
||||
/** unique ID */
|
||||
u_int32_t reqid;
|
||||
/** details about ESP/AH */
|
||||
struct {
|
||||
/** TRUE if this protocol is used */
|
||||
bool use;
|
||||
/** SPI for ESP/AH */
|
||||
u_int32_t spi;
|
||||
} esp, ah;
|
||||
/** details about IPComp */
|
||||
struct {
|
||||
/** the IPComp transform used */
|
||||
u_int16_t transform;
|
||||
/** CPI for IPComp */
|
||||
u_int16_t cpi;
|
||||
} ipcomp;
|
||||
};
|
||||
|
||||
/**
|
||||
* A lifetime_cfg_t defines the lifetime limits of an SA.
|
||||
*
|
||||
* Set any of these values to 0 to ignore.
|
||||
*/
|
||||
struct lifetime_cfg_t {
|
||||
struct {
|
||||
/** Limit before the SA gets invalid. */
|
||||
u_int64_t life;
|
||||
/** Limit before the SA gets rekeyed. */
|
||||
u_int64_t rekey;
|
||||
/** The range of a random value subtracted from rekey. */
|
||||
u_int64_t jitter;
|
||||
} time, bytes, packets;
|
||||
};
|
||||
|
||||
/**
|
||||
* A mark_t defines an optional mark in an IPsec SA.
|
||||
*/
|
||||
struct mark_t {
|
||||
/** Mark value */
|
||||
u_int32_t value;
|
||||
/** Mark mask */
|
||||
u_int32_t mask;
|
||||
};
|
||||
|
||||
/**
|
||||
* Special mark value that uses the reqid of the CHILD_SA as mark
|
||||
*/
|
||||
#define MARK_REQID (0xFFFFFFFF)
|
||||
|
||||
#endif /** IPSEC_TYPES_H_ @}*/
|
|
@ -43,6 +43,9 @@
|
|||
* @defgroup fetcher fetcher
|
||||
* @ingroup libstrongswan
|
||||
*
|
||||
* @defgroup ipsec ipsec
|
||||
* @ingroup libstrongswan
|
||||
*
|
||||
* @defgroup plugins plugins
|
||||
* @ingroup libstrongswan
|
||||
*
|
||||
|
|
Loading…
Reference in New Issue