Partially based on an old patch by Adrian-Ken Rueegsegger.
completely. Using
.B %dynamic
can be used to define multiple dynamic selectors, each having a potentially
-different protocol/port definiton.
+different protocol/port definition.
.TP
.BR leftupdown " = <path>"
return 0;
}
case SIGUSR1:
- { /* an error occured */
+ { /* an error occurred */
charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
return 1;
}
*/
/**
+ * @defgroup charon-cmd charon-cmd
+ *
+ * @defgroup cmd cmd
+ * @ingroup charon-cmd
+ *
* @defgroup cmd_connection cmd_connection
* @{ @ingroup cmd
*/
* _id_: client identity to use
* _channel_: XPC endpoint for this connection
-The start_connection() RPC returns just after the initation of the call and
+The start_connection() RPC returns just after the initiation of the call and
does not wait for the connection to establish. Nonetheless does it have a
return value to indicate if connection initiation could be triggered.
*/
/**
+ * @defgroup xpc charon-xpc
+ *
* @defgroup xpc_channels xpc_channels
* @{ @ingroup xpc
*/
struct listener_t {
/**
- * Hook called if a critical alert is risen.
+ * Hook called if a critical alert is raised.
*
* @param ike_sa IKE_SA associated to the alert, if any
* @param alert kind of alert
u_int32_t (*get_inactivity)(child_cfg_t *this);
/**
- * Specific reqid to use for CHILD_SA
+ * Specific reqid to use for CHILD_SA.
*
* @return reqid
*/
u_int32_t (*get_reqid)(child_cfg_t *this);
/**
- * Optional mark for CHILD_SA
+ * Optional mark for CHILD_SA.
*
* @param inbound TRUE for inbound, FALSE for outbound
* @return mark
u_int32_t (*get_tfc)(child_cfg_t *this);
/**
- * Sets two options needed for Mobile IPv6 interoperability
+ * Sets two options needed for Mobile IPv6 interoperability.
*
* @param proxy_mode use IPsec transport proxy mode (default FALSE)
* @param install_policy install IPsec kernel policies (default TRUE)
bool install_policy);
/**
- * Check whether IPsec transport SA should be set up in proxy mode
+ * Check whether IPsec transport SA should be set up in proxy mode.
*
* @return TRUE, if proxy mode should be used
* FALSE, otherwise
bool (*use_proxy_mode)(child_cfg_t *this);
/**
- * Check whether IPsec policies should be installed in the kernel
+ * Check whether IPsec policies should be installed in the kernel.
*
* @return TRUE, if IPsec kernel policies should be installed
* FALSE, otherwise
/**
* Add an authentication config to the peer configuration.
*
- * @param config config to add
+ * @param cfg config to add
* @param local TRUE for local rules, FALSE for remote constraints
*/
void (*add_auth_cfg)(peer_cfg_t *this, auth_cfg_t *cfg, bool local);
enumerator_t* (*create_auth_cfg_enumerator)(peer_cfg_t *this, bool local);
/**
- * Should be sent a certificate for this connection?
+ * Should a certificate be sent for this connection?
*
* @return certificate sending policy
*/
*
* @param major_version major version to set
*/
- void (*set_major_version) (message_t *this,u_int8_t major_version);
+ void (*set_major_version) (message_t *this, u_int8_t major_version);
/**
* Gets the IKE major version of the message.
*
* @param minor_version minor version to set
*/
- void (*set_minor_version) (message_t *this,u_int8_t minor_version);
+ void (*set_minor_version) (message_t *this, u_int8_t minor_version);
/**
* Gets the IKE minor version of the message.
*
* @param message_id message_id to set
*/
- void (*set_message_id) (message_t *this,u_int32_t message_id);
+ void (*set_message_id) (message_t *this, u_int32_t message_id);
/**
* Gets the Message ID of the message.
*
* @param ike_sa_id ike_sa_id to set
*/
- void (*set_ike_sa_id) (message_t *this, ike_sa_id_t * ike_sa_id);
+ void (*set_ike_sa_id) (message_t *this, ike_sa_id_t *ike_sa_id);
/**
* Gets the IKE_SA ID of the message.
*
* @param exchange_type exchange_type to set
*/
- void (*set_exchange_type) (message_t *this,exchange_type_t exchange_type);
+ void (*set_exchange_type) (message_t *this, exchange_type_t exchange_type);
/**
* Gets the exchange type of the message.
/**
* Override the DPD action specified by the CHILD_SA config.
*
- * @param close action to enforce
+ * @param dpd action to enforce
*/
void (*set_dpd_action)(child_sa_t *this, action_t action);
* @param me the new local host
* @param other the new remote host
* @param vips list of local virtual IPs
- * @param TRUE to use UDP encapsulation for NAT traversal
+ * @param encap TRUE to use UDP encapsulation for NAT traversal
* @return SUCCESS or FAILED
*/
status_t (*update)(child_sa_t *this, host_t *me, host_t *other,
enum statistic_t {
/** Timestamp of SA establishement */
STAT_ESTABLISHED = 0,
- /** Timestamp of scheudled rekeying */
+ /** Timestamp of scheduled rekeying */
STAT_REKEY,
- /** Timestamp of scheudled reauthentication */
+ /** Timestamp of scheduled reauthentication */
STAT_REAUTH,
- /** Timestamp of scheudled delete */
+ /** Timestamp of scheduled delete */
STAT_DELETE,
/** Timestamp of last inbound IKE packet */
STAT_INBOUND,
/**
* Sends a keep alive packet.
*
- * To refresh NAT tables in a NAT router
- * between the peers, periodic empty
- * UDP packets are sent if no other traffic
- * was sent.
+ * To refresh NAT tables in a NAT router between the peers, periodic empty
+ * UDP packets are sent if no other traffic was sent.
*/
void (*send_keepalive) (ike_sa_t *this);
bool (*equals) (ike_sa_id_t *this, ike_sa_id_t *other);
/**
- * Replace all values of a given ike_sa_id_t object with values.
+ * Replace all values of a given ike_sa_id_t object with values
* from another ike_sa_id_t object.
*
* After calling this function, both objects are equal.
#include <sa/task.h>
/**
- * Task of type ike_cert_post, certificate processing before authentication.
+ * Task of type ike_cert_pre, certificate processing before authentication.
*/
struct ike_cert_pre_t {
*/
nonce_gen_t* (*create_nonce_gen)(keymat_t *this);
- /*
+ /**
* Get a AEAD transform to en-/decrypt and sign/verify IKE messages.
*
* @param in TRUE for inbound (decrypt), FALSE for outbound (encrypt)
TASK_CHILD_CREATE,
/** delete an established CHILD_SA */
TASK_CHILD_DELETE,
- /** rekey an CHILD_SA */
+ /** rekey a CHILD_SA */
TASK_CHILD_REKEY,
/** IKEv1 main mode */
TASK_MAIN_MODE,
*
* The kernel interface uses refcounting, see add_ip().
*
- * @param virtual_ip virtual ip address to assign
+ * @param virtual_ip virtual ip address to remove
* @param prefix prefix length of the IP to uninstall, -1 for auto
* @param wait TRUE to wait untily IP is gone
* @return SUCCESS if operation completed
* @param dst_net destination net
* @param prefixlen destination net prefix length
* @param gateway gateway for this route
- * @param src_ip sourc ip of the route
+ * @param src_ip source ip of the route
* @param if_name name of the interface the route is bound to
* @return SUCCESS if operation completed
* ALREADY_DONE if the route already exists
* @param dst_net destination net
* @param prefixlen destination net prefix length
* @param gateway gateway for this route
- * @param src_ip sourc ip of the route
+ * @param src_ip source ip of the route
* @param if_name name of the interface the route is bound to
* @return SUCCESS if operation completed
*/
char **kernel_name);
/**
- * Destroys a kernel_interface_manager_t object.
+ * Destroys a kernel_interface_t object.
*/
void (*destroy) (kernel_interface_t *this);
};
*
* The kernel interface uses refcounting, see add_ip().
*
- * @param virtual_ip virtual ip address to assign
+ * @param virtual_ip virtual ip address to remove
* @param prefix prefix length of the IP to uninstall, -1 for auto
* @param wait TRUE to wait until IP is gone
* @return SUCCESS if operation completed
* @param dst_net destination net
* @param prefixlen destination net prefix length
* @param gateway gateway for this route
- * @param src_ip sourc ip of the route
+ * @param src_ip source ip of the route
* @param if_name name of the interface the route is bound to
* @return SUCCESS if operation completed
* ALREADY_DONE if the route already exists
* @param dst_net destination net
* @param prefixlen destination net prefix length
* @param gateway gateway for this route
- * @param src_ip sourc ip of the route
+ * @param src_ip source ip of the route
* @param if_name name of the interface the route is bound to
* @return SUCCESS if operation completed
*/
typedef struct imv_session_t imv_session_t;
/**
- * IMV session interface
+ * IMV session interface
*/
struct imv_session_t {
* Create an imv_session_t instance
*
* @param session_id Unique Session ID
- * @param conn_id Associated Connection ID
+ * @param id Associated Connection ID
*/
imv_session_t* imv_session_create(int session_id, TNC_ConnectionID id);
/**
* Creates an ita_attr_device_id_t object
*
- * @param size ITA Device ID attribute value
+ * @param value ITA Device ID attribute value
*/
pa_tnc_attr_t* ita_attr_device_id_create(chunk_t value);
*/
/**
- * @defgroup pt_tls pt_tls
+ * @defgroup pt_tls libpttls
*
* @addtogroup pt_tls
* @{
*
* An array is a primitive object with associated functions to avoid the
* overhead of an object with methods. It is efficient in memory usage, but
- * less effecient than a linked list in manipulating elements.
+ * less efficient than a linked list in manipulating elements.
*/
typedef struct array_t array_t;
void array_insert_enumerator(array_t *array, int idx, enumerator_t *enumerator);
/**
- * Remove an element from the array end.
+ * Remove an element from the array.
*
* If data is given, the element is copied to that position.
*
* @param array array to remove element from, or NULL
+ * @param idx index of the item to remove
* @param data data to copy element to, or NULL
* @return TRUE if idx existed and item removed
*/
/**
* Get the key in an encoded form as a chunk.
*
- * @param type type of the encoding, one of PRIVKEY_*
+ * @param type type of the encoding, one of PUBKEY_*
* @param encoding encoding of the key, allocated
* @return TRUE if encoding supported
*/
* is returned in the encrypted chunk, the last get_icv_size() bytes
* contain the verified ICV.
*
- * @param encrypted data to encrypt and verify
+ * @param encrypted data to decrypt and verify
* @param assoc associated data to verify
* @param iv initialization vector
* @param plain allocated result, if successful
chunk_t key) __attribute__((warn_unused_result));
/**
- * Destroy a aead_t.
+ * Destroy an aead_t.
*/
void (*destroy)(aead_t *this);
};
*
* Returned chunk points to internal data.
*
- * @return address string,
+ * @return address blob
*/
chunk_t (*get_address) (host_t *this);
/**
* Set the port of this host
*
- * @param port port numer
+ * @param port port number
*/
void (*set_port) (host_t *this, u_int16_t port);
/**
* Create a netmask host having the first netbits bits set.
*
+ * @param family family of the netmask host
* @param netbits number of leading bits set in the host
* @return netmask host
*/
* and handle EAGAIN/EWOULDBLOCK gracefully.
*
* @param data user data passed during registration
- * @param fd file descriptor the event occured on
+ * @param fd file descriptor the event occurred on
* @param event type of event
* @return TRUE to keep watching event, FALSE to unregister fd for event
*/
* no match at all, 1 means a bad match, and 2 a slightly better match.
*
* @param other the ID containing one or more wildcards
- * @param wildcards returns the number of wildcards, may be NULL
* @return match value as described above
*/
id_match_t (*matches) (identification_t *this, identification_t *other);