kernel_interface.h

Revision 4618, 13.0 kB (checked in by tobias, 2 months ago)
merging kernel_klips plugin back into trunk
Property svn:keywords set to `Id`

Line
1	/*
2	* Copyright (C) 2006-2008 Tobias Brunner
3	* Copyright (C) 2006 Daniel Roethlisberger
4	* Copyright (C) 2005-2006 Martin Willi
5	* Copyright (C) 2005 Jan Hutter
6	* Hochschule fuer Technik Rapperswil
7	*
8	* This program is free software; you can redistribute it and/or modify it
9	* under the terms of the GNU General Public License as published by the
10	* Free Software Foundation; either version 2 of the License, or (at your
11	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12	*
13	* This program is distributed in the hope that it will be useful, but
14	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16	* for more details.
17	*
18	* $Id$
19	*/
20
21	/**
22	* @defgroup kernel_interface kernel_interface
23	* @{ @ingroup kernel
24	*/
25
26	#ifndef KERNEL_INTERFACE_H_
27	#define KERNEL_INTERFACE_H_
28
29	typedef struct kernel_interface_t kernel_interface_t;
30
31	#include <utils/host.h>
32	#include <crypto/prf_plus.h>
33	#include <encoding/payloads/proposal_substructure.h>
34
35	#include <kernel/kernel_ipsec.h>
36	#include <kernel/kernel_net.h>
37
38	/**
39	* Constructor function for ipsec kernel interface
40	*/
41	typedef kernel_ipsec_t* (kernel_ipsec_constructor_t)(void*);
42
43	/**
44	* Constructor function for network kernel interface
45	*/
46	typedef kernel_net_t* (kernel_net_constructor_t)(void*);
47
48	/**
49	* Manager and wrapper for different kernel interfaces.
50	*
51	* The kernel interface handles the communication with the kernel
52	* for SA and policy management and interface and IP address management.
53	*/
54	struct kernel_interface_t {
55
56	/**
57	* Get a SPI from the kernel.
58	*
59	* @param src source address of SA
60	* @param dst destination address of SA
61	* @param protocol protocol for SA (ESP/AH)
62	* @param reqid unique ID for this SA
63	* @param spi allocated spi
64	* @return SUCCESS if operation completed
65	*/
66	status_t (get_spi)(kernel_interface_t this, host_t src, host_t dst,
67	protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi);
68
69	/**
70	* Get a Compression Parameter Index (CPI) from the kernel.
71	*
72	* @param src source address of SA
73	* @param dst destination address of SA
74	* @param reqid unique ID for the corresponding SA
75	* @param cpi allocated cpi
76	* @return SUCCESS if operation completed
77	*/
78	status_t (get_cpi)(kernel_interface_t this, host_t src, host_t dst,
79	u_int32_t reqid, u_int16_t *cpi);
80
81	/**
82	* Add an SA to the SAD.
83	*
84	* add_sa() may update an already allocated
85	* SPI (via get_spi). In this case, the replace
86	* flag must be set.
87	* This function does install a single SA for a
88	* single protocol in one direction. The kernel-interface
89	* gets the keys itself from the PRF, as we don't know
90	* his algorithms and key sizes.
91	*
92	* @param src source address for this SA
93	* @param dst destination address for this SA
94	* @param spi SPI allocated by us or remote peer
95	* @param protocol protocol for this SA (ESP/AH)
96	* @param reqid unique ID for this SA
97	* @param expire_soft lifetime in seconds before rekeying
98	* @param expire_hard lifetime in seconds before delete
99	* @param enc_alg Algorithm to use for encryption (ESP only)
100	* @param enc_key key to use for encryption
101	* @param int_alg Algorithm to use for integrity protection
102	* @param int_key key to use for integrity protection
103	* @param mode mode of the SA (tunnel, transport)
104	* @param ipcomp IPComp transform to use
105	* @param cpi CPI for IPComp
106	* @param encap enable UDP encapsulation for NAT traversal
107	* @param inbound TRUE if this is an inbound SA
108	* @return SUCCESS if operation completed
109	*/
110	status_t (add_sa) (kernel_interface_t this,
111	host_t src, host_t dst, u_int32_t spi,
112	protocol_id_t protocol, u_int32_t reqid,
113	u_int64_t expire_soft, u_int64_t expire_hard,
114	u_int16_t enc_alg, chunk_t enc_key,
115	u_int16_t int_alg, chunk_t int_key,
116	ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
117	bool encap, bool inbound);
118
119	/**
120	* Update the hosts on an installed SA.
121	*
122	* We cannot directly update the destination address as the kernel
123	* requires the spi, the protocol AND the destination address (and family)
124	* to identify SAs. Therefore if the destination address changed we
125	* create a new SA and delete the old one.
126	*
127	* @param spi SPI of the SA
128	* @param protocol protocol for this SA (ESP/AH)
129	* @param cpi CPI for IPComp, 0 if no IPComp is used
130	* @param src current source address
131	* @param dst current destination address
132	* @param new_src new source address
133	* @param new_dst new destination address
134	* @param encap current use of UDP encapsulation
135	* @param new_encap new use of UDP encapsulation
136	* @return SUCCESS if operation completed, NOT_SUPPORTED if
137	* the kernel interface can't update the SA
138	*/
139	status_t (update_sa)(kernel_interface_t this,
140	u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
141	host_t src, host_t dst,
142	host_t new_src, host_t new_dst,
143	bool encap, bool new_encap);
144
145	/**
146	* Delete a previously installed SA from the SAD.
147	*
148	* @param dst destination address for this SA
149	* @param spi SPI allocated by us or remote peer
150	* @param protocol protocol for this SA (ESP/AH)
151	* @param cpi CPI for IPComp or 0
152	* @return SUCCESS if operation completed
153	*/
154	status_t (del_sa) (kernel_interface_t this, host_t *dst, u_int32_t spi,
155	protocol_id_t protocol, u_int16_t cpi);
156
157	/**
158	* Add a policy to the SPD.
159	*
160	* A policy is always associated to an SA. Traffic which matches a
161	* policy is handled by the SA with the same reqid.
162	*
163	* @param src source address of SA
164	* @param dst dest address of SA
165	* @param src_ts traffic selector to match traffic source
166	* @param dst_ts traffic selector to match traffic dest
167	* @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD
168	* @param spi SPI of SA
169	* @param protocol protocol to use to protect traffic (AH/ESP)
170	* @param reqid unique ID of an SA to use to enforce policy
171	* @param mode mode of SA (tunnel, transport)
172	* @param ipcomp the IPComp transform used
173	* @param cpi CPI for IPComp
174	* @param routed TRUE, if this policy is routed in the kernel
175	* @return SUCCESS if operation completed
176	*/
177	status_t (add_policy) (kernel_interface_t this,
178	host_t src, host_t dst,
179	traffic_selector_t *src_ts,
180	traffic_selector_t *dst_ts,
181	policy_dir_t direction, u_int32_t spi,
182	protocol_id_t protocol, u_int32_t reqid,
183	ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
184	bool routed);
185
186	/**
187	* Query the use time of a policy.
188	*
189	* The use time of a policy is the time the policy was used
190	* for the last time.
191	*
192	* @param src_ts traffic selector to match traffic source
193	* @param dst_ts traffic selector to match traffic dest
194	* @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD
195	* @param[out] use_time the time of this SA's last use
196	* @return SUCCESS if operation completed
197	*/
198	status_t (query_policy) (kernel_interface_t this,
199	traffic_selector_t *src_ts,
200	traffic_selector_t *dst_ts,
201	policy_dir_t direction, u_int32_t *use_time);
202
203	/**
204	* Remove a policy from the SPD.
205	*
206	* The kernel interface implements reference counting for policies.
207	* If the same policy is installed multiple times (in the case of rekeying),
208	* the reference counter is increased. del_policy() decreases the ref counter
209	* and removes the policy only when no more references are available.
210	*
211	* @param src_ts traffic selector to match traffic source
212	* @param dst_ts traffic selector to match traffic dest
213	* @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD
214	* @param unrouted TRUE, if this policy is unrouted from the kernel
215	* @return SUCCESS if operation completed
216	*/
217	status_t (del_policy) (kernel_interface_t this,
218	traffic_selector_t *src_ts,
219	traffic_selector_t *dst_ts,
220	policy_dir_t direction,
221	bool unrouted);
222
223	/**
224	* Get our outgoing source address for a destination.
225	*
226	* Does a route lookup to get the source address used to reach dest.
227	* The returned host is allocated and must be destroyed.
228	* An optional src address can be used to check if a route is available
229	* for given source to dest.
230	*
231	* @param dest target destination address
232	* @param src source address to check, or NULL
233	* @return outgoing source address, NULL if unreachable
234	*/
235	host_t* (get_source_addr)(kernel_interface_t this,
236	host_t dest, host_t src);
237
238	/**
239	* Get the next hop for a destination.
240	*
241	* Does a route lookup to get the next hop used to reach dest.
242	* The returned host is allocated and must be destroyed.
243	*
244	* @param dest target destination address
245	* @return next hop address, NULL if unreachable
246	*/
247	host_t* (get_nexthop)(kernel_interface_t this, host_t *dest);
248
249	/**
250	* Get the interface name of a local address.
251	*
252	* @param host address to get interface name from
253	* @return allocated interface name, or NULL if not found
254	*/
255	char* (get_interface) (kernel_interface_t this, host_t *host);
256
257	/**
258	* Creates an enumerator over all local addresses.
259	*
260	* This function blocks an internal cached address list until the
261	* enumerator gets destroyed.
262	* The hosts are read-only, do not modify of free.
263	*
264	* @param include_down_ifaces TRUE to enumerate addresses from down interfaces
265	* @param include_virtual_ips TRUE to enumerate virtual ip addresses
266	* @return enumerator over host_t's
267	*/
268	enumerator_t (create_address_enumerator) (kernel_interface_t *this,
269	bool include_down_ifaces, bool include_virtual_ips);
270
271	/**
272	* Add a virtual IP to an interface.
273	*
274	* Virtual IPs are attached to an interface. If an IP is added multiple
275	* times, the IP is refcounted and not removed until del_ip() was called
276	* as many times as add_ip().
277	* The virtual IP is attached to the interface where the iface_ip is found.
278	*
279	* @param virtual_ip virtual ip address to assign
280	* @param iface_ip IP of an interface to attach virtual IP
281	* @return SUCCESS if operation completed
282	*/
283	status_t (add_ip) (kernel_interface_t this, host_t *virtual_ip,
284	host_t *iface_ip);
285
286	/**
287	* Remove a virtual IP from an interface.
288	*
289	* The kernel interface uses refcounting, see add_ip().
290	*
291	* @param virtual_ip virtual ip address to assign
292	* @return SUCCESS if operation completed
293	*/
294	status_t (del_ip) (kernel_interface_t this, host_t *virtual_ip);
295
296	/**
297	* Add a route.
298	*
299	* @param dst_net destination net
300	* @param prefixlen destination net prefix length
301	* @param gateway gateway for this route
302	* @param src_ip sourc ip of the route
303	* @param if_name name of the interface the route is bound to
304	* @return SUCCESS if operation completed
305	* ALREADY_DONE if the route already exists
306	*/
307	status_t (add_route) (kernel_interface_t this, chunk_t dst_net, u_int8_t prefixlen,
308	host_t gateway, host_t src_ip, char *if_name);
309
310	/**
311	* Delete a route.
312	*
313	* @param dst_net destination net
314	* @param prefixlen destination net prefix length
315	* @param gateway gateway for this route
316	* @param src_ip sourc ip of the route
317	* @param if_name name of the interface the route is bound to
318	* @return SUCCESS if operation completed
319	*/
320	status_t (del_route) (kernel_interface_t this, chunk_t dst_net, u_int8_t prefixlen,
321	host_t gateway, host_t src_ip, char *if_name);
322
323	/**
324	* manager methods
325	*/
326
327	/**
328	* Tries to find an ip address of a local interface that is included in the
329	* supplied traffic selector.
330	*
331	* @param ts traffic selector
332	* @param ip returned ip (has to be destroyed)
333	* @return SUCCESS if address found
334	*/
335	status_t (get_address_by_ts) (kernel_interface_t this,
336	traffic_selector_t ts, host_t *ip);
337
338	/**
339	* Register an ipsec kernel interface constructor on the manager.
340	*
341	* @param create constructor to register
342	*/
343	void (add_ipsec_interface)(kernel_interface_t this, kernel_ipsec_constructor_t create);
344
345	/**
346	* Unregister an ipsec kernel interface constructor.
347	*
348	* @param create constructor to unregister
349	*/
350	void (remove_ipsec_interface)(kernel_interface_t this, kernel_ipsec_constructor_t create);
351
352	/**
353	* Register a network kernel interface constructor on the manager.
354	*
355	* @param create constructor to register
356	*/
357	void (add_net_interface)(kernel_interface_t this, kernel_net_constructor_t create);
358
359	/**
360	* Unregister a network kernel interface constructor.
361	*
362	* @param create constructor to unregister
363	*/
364	void (remove_net_interface)(kernel_interface_t this, kernel_net_constructor_t create);
365
366	/**
367	* Create the kernel interfaces classes.
368	*/
369	void (create_interfaces)(kernel_interface_t this);
370
371	/**
372	* Destroys a kernel_interface_manager_t object.
373	*/
374	void (destroy) (kernel_interface_t this);
375	};
376
377	/**
378	* Creates an object of type kernel_interface_t.
379	*/
380	kernel_interface_t *kernel_interface_create(void);
381
382	#endif / KERNEL_INTERFACE_H_ @} /

Note: See TracBrowser for help on using the browser.

root/trunk/src/charon/kernel/kernel_interface.h

Download in other formats: