1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
/* Kernel interace to IPsec Interface, for libreswan
*
* Copyright (C) 2024 Andrew Cagney
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
*/
#ifndef KERNEL_IPSEC_INTERFACE_H
#define KERNEL_IPSEC_INTERFACE_H
#include "verbose.h"
struct ipsec_interface_address;
struct ipsec_interface;
struct iface_device;
struct ipsec_interface_match {
const char *ipsec_if_name; /* when non-NULL */
unsigned iface_if_index; /* when non-zero */
bool wildcard; /* match any valid ipsec-interface */
/* BSD can have zero? Linux remaps 0 */
ipsec_interface_id_t ipsec_if_id; /* only when !wildcard */
char found[IFNAMSIZ];
diag_t diag;
};
struct kernel_ipsec_interface {
const char *name;
/*
* On XFRMi IF_ID 0 is invalid; hence remap ipsec-interface=0
* to some other value; is this all about preserving old VTI
* code?
*/
ipsec_interface_id_t map_if_id_zero;
bool (*has_cidr)(const char *ipsec_if_name, ip_cidr cidr,
struct verbose verbose);
bool (*add_cidr)(const char *ipsec_if_name, ip_cidr cidr,
struct verbose verbose);
void (*del_cidr)(const char *ipsec_if_name, ip_cidr cidr,
struct verbose verbose);
bool (*add)(const char *ipsec_if_name /*non-NULL*/,
const ipsec_interface_id_t ipsec_if_id,
const struct iface_device *physical_device,
struct verbose verbose);
bool (*up)(const char *ipsec_if_name,
struct verbose verbose);
bool (*del)(const char *ipsec_if_name /*non-NULL*/,
struct verbose verbose);
bool (*match)(struct ipsec_interface_match *match,
struct verbose verbose);
reqid_t (*reqid)(ipsec_interface_id_t if_id, struct verbose verbose);
err_t (*init)(struct verbose verbose);
};
extern const struct kernel_ipsec_interface kernel_ipsec_interface_xfrm;
extern const struct kernel_ipsec_interface kernel_ipsec_interface_ifconfig;
bool kernel_ipsec_interface_has_cidr(const char *ipsec_if_name,
ip_cidr cidr,
struct verbose verbose);
bool kernel_ipsec_interface_add_cidr(const char *ipsec_if_name, ip_cidr cidr,
struct verbose verbose);
void kernel_ipsec_interface_del_cidr(const char *ipsec_if_name, ip_cidr cidr,
struct verbose verbose);
bool kernel_ipsec_interface_add(const char *ipsec_if_name /*non-NULL*/,
const ipsec_interface_id_t ipsec_if_id,
const struct iface_device *physical_device,
struct verbose verbose);
bool kernel_ipsec_interface_up(const char *ipsec_if_name,
struct verbose verbose);
bool kernel_ipsec_interface_del(const char *ipsec_if_name /*non-NULL*/,
struct verbose verbose);
bool kernel_ipsec_interface_match(struct ipsec_interface_match *match,
struct verbose verbose);
#endif
|
