1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
/* ipsec-interface= structures, for libreswan
*
* Copyright (C) 2018-2020 Antony Antony <antony@phenome.org>
* Copyright (C) 2023 Brady Johnson <bradyallenjohnson@gmail.com>
* Copyright (C) Andrew Cagney
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef IPSEC_INTERFACE_H
#define IPSEC_INTERFACE_H
#include <net/if.h> /* for IFNAMSIZ */
#include <stdbool.h>
#include "reqid.h"
#include "err.h"
#include "ip_cidr.h"
#include "refcnt.h"
#include "ip_endpoint.h"
enum yn_options;
struct ipsec_interface_config;
struct connection;
struct logger;
struct ipsec_interface; /* forward */
struct iface_device;
struct config;
typedef enum { IPSEC_INTERFACE_ID_1 = 1, } ipsec_interface_id_t;
/*
* The same interface IP can be used by multiple tunnels, with
* different remote IPs, so they are ref-counted to control removing
* the IP from the IF.
*/
struct ipsec_interface_address {
refcnt_t refcnt;
ip_cidr if_ip;
bool pluto_added; /* vs an address on a pre-existing
* interface */
struct ipsec_interface_address *next;
};
struct ipsec_interface {
refcnt_t refcnt;
char name[IFNAMSIZ]; /* ipsec<ipsec-interface> */
char physical[IFNAMSIZ]; /* name of physical (link)
* device; if known */
ipsec_interface_id_t if_id; /* <ipsec-interface> but with
* 0 re-mapped on linux;
* derived from
* IFLA_XFRM_IF_ID */
struct ipsec_interface_address *if_ips;
/* ref-counted IPs on this IF;
* ref-counted as multiple connections
* may share the same value; this
* seems a little weird */
bool pluto_added; /* vs a pre-existing interface */
struct ipsec_interface *next;
};
typedef struct {
char buf[IFNAMSIZ+7/*[16384]*/+1/*@*/+IFNAMSIZ+1/*NUL*/+1/*CANARY*/];
} ipsec_interface_buf;
size_t jam_ipsec_interface(struct jambuf *buf, const struct ipsec_interface *ipsec_if);
const char *str_ipsec_interface(const struct ipsec_interface *ipsec_if, ipsec_interface_buf *buf);
/* Both add_ipsec_interface() return true on success, false otherwise */
diag_t parse_ipsec_interface(const char *ipsec_interface,
struct ipsec_interface_config *config,
struct logger *logger);
bool add_ipsec_interface(struct connection *c, const struct iface_device *iface);
struct ipsec_interface *ipsec_interface_addref(struct ipsec_interface *ipsec_if,
struct logger *logger, where_t where);
void ipsec_interface_delref(struct ipsec_interface **ipsec_if,
struct logger *logger,
where_t where);
/* add/remove the system's interface device and address */
bool add_kernel_ipsec_interface_address(struct connection *c, struct logger *logger);
void del_kernel_ipsec_interface_address(struct connection *c, struct logger *logger);
size_t jam_ipsec_interface_id(struct jambuf *buf, ipsec_interface_id_t if_id);
const char *str_ipsec_interface_id(ipsec_interface_id_t if_id, ipsec_interface_buf *buf);
reqid_t ipsec_interface_reqid(ipsec_interface_id_t if_id, struct logger *logger);
void config_ipsec_interface(enum yn_options managed, struct logger *logger);
enum yn_options init_ipsec_interface(struct logger *logger);
#endif
|
