Removed references to protocol_id_t from kernel interface.

author Tobias Brunner <tobias@strongswan.org>

Mon, 12 Jul 2010 08:35:19 +0000 (10:35 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Thu, 2 Sep 2010 17:01:25 +0000 (19:01 +0200)
author Tobias Brunner <tobias@strongswan.org>
Mon, 12 Jul 2010 08:35:19 +0000 (10:35 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Thu, 2 Sep 2010 17:01:25 +0000 (19:01 +0200)
diff --git a/src/libcharon/kernel/kernel_handler.c b/src/libcharon/kernel/kernel_handler.c

index 482f1494c3f84e7edccc4092288737f543e31765..d863ca504926cae17cac8b9f0045785cf299f1f9 100644 (file)
--- a/src/libcharon/kernel/kernel_handler.c
+++ b/src/libcharon/kernel/kernel_handler.c
@@ -38,6 +38,22 @@ struct private_kernel_handler_t {
  
  };
  
+/**
+ * convert an IP protocol identifier to the IKEv2 specific protocol identifier.
+ */
+static inline protocol_id_t proto_ip2ike(u_int8_t protocol)
+{
+       switch (protocol)
+       {
+               case IPPROTO_ESP:
+                       return PROTO_ESP;
+               case IPPROTO_AH:
+                       return PROTO_AH;
+               default:
+                       return protocol;
+       }
+}
+
  METHOD(kernel_listener_t, acquire, bool,
            private_kernel_handler_t *this, u_int32_t reqid,
            traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
@@ -58,20 +74,21 @@ METHOD(kernel_listener_t, acquire, bool,
  }
  
  METHOD(kernel_listener_t, expire, bool,
-          private_kernel_handler_t *this, u_int32_t reqid, protocol_id_t protocol,
+          private_kernel_handler_t *this, u_int32_t reqid, u_int8_t protocol,
            u_int32_t spi, bool hard)
  {
         job_t *job;
+       protocol_id_t proto = proto_ip2ike(protocol);
         DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x "
                                   "and reqid {%u}", hard ? "delete" : "rekey",
-                                 protocol_id_names, protocol, ntohl(spi), reqid);
+                                 protocol_id_names, proto, ntohl(spi), reqid);
         if (hard)
         {
-               job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi);
+               job = (job_t*)delete_child_sa_job_create(reqid, proto, spi);
         }
         else
         {
-               job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi);
+               job = (job_t*)rekey_child_sa_job_create(reqid, proto, spi);
         }
         hydra->processor->queue_job(hydra->processor, job);
         return TRUE;
diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c

index fffde68ae204f9be72fd972168a1583d7f625222..cecaef728d42acac7970c14d45c59e0c0a71f502 100644 (file)
--- a/src/libcharon/kernel/kernel_interface.c
+++ b/src/libcharon/kernel/kernel_interface.c
@@ -56,7 +56,7 @@ struct private_kernel_interface_t {
  
  METHOD(kernel_interface_t, get_spi, status_t,
         private_kernel_interface_t *this, host_t *src, host_t *dst,
-       protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
+       u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
  {
         if (!this->ipsec)
         {
@@ -78,7 +78,7 @@ METHOD(kernel_interface_t, get_cpi, status_t,
  
  METHOD(kernel_interface_t, add_sa, status_t,
         private_kernel_interface_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, protocol_id_t protocol, u_int32_t reqid,
+       u_int32_t spi, u_int8_t protocol, u_int32_t reqid,
         mark_t mark, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
         u_int16_t int_alg, chunk_t int_key,     ipsec_mode_t mode, u_int16_t ipcomp,
         u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
@@ -94,7 +94,7 @@ METHOD(kernel_interface_t, add_sa, status_t,
  }
  
  METHOD(kernel_interface_t, update_sa, status_t,
-       private_kernel_interface_t *this, u_int32_t spi, protocol_id_t protocol,
+       private_kernel_interface_t *this, u_int32_t spi, u_int8_t protocol,
         u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
         bool encap, bool new_encap, mark_t mark)
  {
@@ -108,7 +108,7 @@ METHOD(kernel_interface_t, update_sa, status_t,
  
  METHOD(kernel_interface_t, query_sa, status_t,
         private_kernel_interface_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, protocol_id_t protocol, mark_t mark, u_int64_t *bytes)
+       u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
  {
         if (!this->ipsec)
         {
@@ -119,7 +119,7 @@ METHOD(kernel_interface_t, query_sa, status_t,
  
  METHOD(kernel_interface_t, del_sa, status_t,
         private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi,
-       protocol_id_t protocol, u_int16_t cpi, mark_t mark)
+       u_int8_t protocol, u_int16_t cpi, mark_t mark)
  {
         if (!this->ipsec)
         {
@@ -131,7 +131,7 @@ METHOD(kernel_interface_t, del_sa, status_t,
  METHOD(kernel_interface_t, add_policy, status_t,
         private_kernel_interface_t *this, host_t *src, host_t *dst,
         traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
-       policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+       policy_dir_t direction, u_int32_t spi, u_int8_t protocol,
         u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp,
         u_int16_t cpi,  bool routed)
  {
@@ -387,7 +387,7 @@ METHOD(kernel_interface_t, acquire, void,
  }
  
  METHOD(kernel_interface_t, expire, void,
-       private_kernel_interface_t *this, u_int32_t reqid, protocol_id_t protocol,
+       private_kernel_interface_t *this, u_int32_t reqid, u_int8_t protocol,
         u_int32_t spi, bool hard)
  {
         kernel_listener_t *listener;
diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h

index 61ce84102bac6436168bc27950c8ce65e64c3f38..06c526581ebc20a2edc34226e84e3bdb0052453a 100644 (file)
--- a/src/libcharon/kernel/kernel_interface.h
+++ b/src/libcharon/kernel/kernel_interface.h
@@ -63,7 +63,7 @@ struct kernel_interface_t {
          * @return                              SUCCESS if operation completed
          */
         status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst,
-                                               protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi);
+                                               u_int8_t protocol, u_int32_t reqid, u_int32_t *spi);
  
         /**
          * Get a Compression Parameter Index (CPI) from the kernel.
@@ -108,7 +108,7 @@ struct kernel_interface_t {
          */
         status_t (*add_sa) (kernel_interface_t *this,
                                                 host_t *src, host_t *dst, u_int32_t spi,
-                                               protocol_id_t protocol, u_int32_t reqid, mark_t mark,
+                                               u_int8_t protocol, u_int32_t reqid, mark_t mark,
                                                 lifetime_cfg_t *lifetime,
                                                 u_int16_t enc_alg, chunk_t enc_key,
                                                 u_int16_t int_alg, chunk_t int_key,
@@ -138,7 +138,7 @@ struct kernel_interface_t {
          *                                        the kernel interface can't update the SA
          */
         status_t (*update_sa)(kernel_interface_t *this,
-                                                 u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
+                                                 u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
                                                   host_t *src, host_t *dst,
                                                   host_t *new_src, host_t *new_dst,
                                                   bool encap, bool new_encap, mark_t mark);
@@ -155,7 +155,7 @@ struct kernel_interface_t {
          * @return                              SUCCESS if operation completed
          */
         status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
-                                                 u_int32_t spi, protocol_id_t protocol, mark_t mark,
+                                                 u_int32_t spi, u_int8_t protocol, mark_t mark,
                                                   u_int64_t *bytes);
  
         /**
@@ -170,7 +170,7 @@ struct kernel_interface_t {
          * @return                              SUCCESS if operation completed
          */
         status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
-                                               u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
+                                               u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
                                                 mark_t mark);
  
         /**
@@ -199,7 +199,7 @@ struct kernel_interface_t {
                                                         traffic_selector_t *src_ts,
                                                         traffic_selector_t *dst_ts,
                                                         policy_dir_t direction, u_int32_t spi,
-                                                       protocol_id_t protocol, u_int32_t reqid,
+                                                       u_int8_t protocol, u_int32_t reqid,
                                                         mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp,
                                                         u_int16_t cpi, bool routed);
  
@@ -436,7 +436,7 @@ struct kernel_interface_t {
          * @param hard                  TRUE if it is a hard expire, FALSE otherwise
          */
         void (*expire)(kernel_interface_t *this, u_int32_t reqid,
-                                  protocol_id_t protocol, u_int32_t spi, bool hard);
+                                  u_int8_t protocol, u_int32_t spi, bool hard);
  
         /**
          * Raise a mapping event.
diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h

index a2c29f5fd36ee07fb8d265dab72e458a34d4d909..340b7e91d84b686b12ca762c201ad66e42f88cf8 100644 (file)
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2006-2009 Tobias Brunner
+ * Copyright (C) 2006-2010 Tobias Brunner
   * Copyright (C) 2006 Daniel Roethlisberger
   * Copyright (C) 2005-2006 Martin Willi
   * Copyright (C) 2005 Jan Hutter
@@ -93,7 +93,7 @@ struct kernel_ipsec_t {
          * @return                              SUCCESS if operation completed
          */
         status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst,
-                                               protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi);
+                                               u_int8_t protocol, u_int32_t reqid, u_int32_t *spi);
  
         /**
          * Get a Compression Parameter Index (CPI) from the kernel.
@@ -138,7 +138,7 @@ struct kernel_ipsec_t {
          */
         status_t (*add_sa) (kernel_ipsec_t *this,
                                                 host_t *src, host_t *dst, u_int32_t spi,
-                                               protocol_id_t protocol, u_int32_t reqid,
+                                               u_int8_t protocol, u_int32_t reqid,
                                                 mark_t mark, lifetime_cfg_t *lifetime,
                                                 u_int16_t enc_alg, chunk_t enc_key,
                                                 u_int16_t int_alg, chunk_t int_key,
@@ -168,7 +168,7 @@ struct kernel_ipsec_t {
          *                                        the kernel interface can't update the SA
          */
         status_t (*update_sa)(kernel_ipsec_t *this,
-                                                 u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
+                                                 u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
                                                   host_t *src, host_t *dst,
                                                   host_t *new_src, host_t *new_dst,
                                                   bool encap, bool new_encap, mark_t mark);
@@ -185,7 +185,7 @@ struct kernel_ipsec_t {
          * @return                              SUCCESS if operation completed
          */
         status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
-                                                 u_int32_t spi, protocol_id_t protocol, mark_t mark,
+                                                 u_int32_t spi, u_int8_t protocol, mark_t mark,
                                                   u_int64_t *bytes);
  
         /**
@@ -200,7 +200,7 @@ struct kernel_ipsec_t {
          * @return                              SUCCESS if operation completed
          */
         status_t (*del_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
-                                               u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
+                                               u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
                                                 mark_t mark);
  
         /**
@@ -229,7 +229,7 @@ struct kernel_ipsec_t {
                                                         traffic_selector_t *src_ts,
                                                         traffic_selector_t *dst_ts,
                                                         policy_dir_t direction, u_int32_t spi,
-                                                       protocol_id_t protocol, u_int32_t reqid,
+                                                       u_int8_t protocol, u_int32_t reqid,
                                                         mark_t mark, ipsec_mode_t mode,
                                                         u_int16_t ipcomp, u_int16_t cpi, bool routed);
  
diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h

index b69bed66f444c737e91504050942f9702848274f..02e5b809e2ef22b969ceacc826848d349cf7d98f 100644 (file)
--- a/src/libcharon/kernel/kernel_listener.h
+++ b/src/libcharon/kernel/kernel_listener.h
@@ -55,7 +55,7 @@ struct kernel_listener_t {
          * @return                              TRUE to remain registered, FALSE to unregister
          */
         bool (*expire)(kernel_listener_t *this, u_int32_t reqid,
-                                  protocol_id_t protocol, u_int32_t spi, bool hard);
+                                  u_int8_t protocol, u_int32_t spi, bool hard);
  
         /**
          * Hook called if the NAT mappings of an IPsec SA changed.
diff --git a/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c

index 0b6233ae7f8ff211d2028817886ab811bb4ba612..7fa307f9a5b370f2aa9dd6bda823beba9e635d9e 100644 (file)
--- a/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -584,7 +584,7 @@ typedef struct sa_entry_t sa_entry_t;
  struct sa_entry_t {
  
         /** protocol of this SA */
-       protocol_id_t protocol;
+       u_int8_t protocol;
  
         /** reqid of this SA */
         u_int32_t reqid;
@@ -608,7 +608,7 @@ struct sa_entry_t {
  /**
   * create an sa_entry_t object
   */
-static sa_entry_t *create_sa_entry(protocol_id_t protocol, u_int32_t spi,
+static sa_entry_t *create_sa_entry(u_int8_t protocol, u_int32_t spi,
                                                                    u_int32_t reqid, host_t *src, host_t *dst,
                                                                    bool encap, bool inbound)
  {
@@ -646,7 +646,7 @@ static inline bool sa_entry_match_encapbysrc(sa_entry_t *current, u_int32_t *spi
  /**
   * match an sa_entry_t by protocol, spi and dst address (as the kernel does it)
   */
-static inline bool sa_entry_match_bydst(sa_entry_t *current, protocol_id_t *protocol,
+static inline bool sa_entry_match_bydst(sa_entry_t *current, u_int8_t *protocol,
                 u_int32_t *spi, host_t *dst)
  {
         return current->protocol == *protocol && current->spi == *spi && dst->ip_equals(dst, current->dst);
@@ -655,7 +655,7 @@ static inline bool sa_entry_match_bydst(sa_entry_t *current, protocol_id_t *prot
  /**
   * match an sa_entry_t by protocol, reqid and spi
   */
-static inline bool sa_entry_match_byid(sa_entry_t *current, protocol_id_t *protocol,
+static inline bool sa_entry_match_byid(sa_entry_t *current, u_int8_t *protocol,
                 u_int32_t *spi, u_int32_t *reqid)
  {
         return current->protocol == *protocol && current->spi == *spi && current->reqid == *reqid;
@@ -713,15 +713,15 @@ struct pfkey_msg_t
  };
  
  /**
- * convert a IKEv2 specific protocol identifier to the PF_KEY sa type
+ * convert a protocol identifier to the PF_KEY sa type
   */
-static u_int8_t proto_ike2satype(protocol_id_t proto)
+static u_int8_t proto2satype(u_int8_t proto)
  {
         switch (proto)
         {
-               case PROTO_ESP:
+               case IPPROTO_ESP:
                         return SADB_SATYPE_ESP;
-               case PROTO_AH:
+               case IPPROTO_AH:
                         return SADB_SATYPE_AH;
                 case IPPROTO_COMP:
                         return SADB_X_SATYPE_COMP;
@@ -731,20 +731,20 @@ static u_int8_t proto_ike2satype(protocol_id_t proto)
  }
  
  /**
- * convert a PF_KEY sa type to a IKEv2 specific protocol identifier
+ * convert a PF_KEY sa type to a protocol identifier
   */
-static protocol_id_t proto_satype2ike(u_int8_t proto)
+static u_int8_t satype2proto(u_int8_t satype)
  {
-       switch (proto)
+       switch (satype)
         {
                 case SADB_SATYPE_ESP:
-                       return PROTO_ESP;
+                       return IPPROTO_ESP;
                 case SADB_SATYPE_AH:
-                       return PROTO_AH;
+                       return IPPROTO_AH;
                 case SADB_X_SATYPE_COMP:
                         return IPPROTO_COMP;
                 default:
-                       return proto;
+                       return satype;
         }
  }
  
@@ -1316,7 +1316,7 @@ static void process_mapping(private_kernel_klips_ipsec_t *this, struct sadb_msg*
  
         spi = response.sa->sadb_sa_spi;
  
-       if (proto_satype2ike(msg->sadb_msg_satype) == PROTO_ESP)
+       if (satype2proto(msg->sadb_msg_satype) == IPPROTO_ESP)
         {
                 sa_entry_t *sa;
                 sockaddr_t *addr = (sockaddr_t*)(response.src + 1);
@@ -1448,7 +1448,7 @@ struct sa_expire_t {
         /** the SPI of the expiring SA */
         u_int32_t spi;
         /** the protocol of the expiring SA */
-       protocol_id_t protocol;
+       u_int8_t protocol;
         /** the reqid of the expiring SA*/
         u_int32_t reqid;
         /** what type of expire this is */
@@ -1461,7 +1461,7 @@ struct sa_expire_t {
  static job_requeue_t sa_expires(sa_expire_t *expire)
  {
         private_kernel_klips_ipsec_t *this = expire->this;
-       protocol_id_t protocol = expire->protocol;
+       u_int8_t protocol = expire->protocol;
         u_int32_t spi = expire->spi, reqid = expire->reqid;
         bool hard = expire->type != EXPIRE_TYPE_SOFT;
         sa_entry_t *cached_sa;
@@ -1500,7 +1500,7 @@ static job_requeue_t sa_expires(sa_expire_t *expire)
   * Schedule an expire job for an SA. Time is in seconds.
   */
  static void schedule_expire(private_kernel_klips_ipsec_t *this,
-                                                       protocol_id_t protocol, u_int32_t spi,
+                                                       u_int8_t protocol, u_int32_t spi,
                                                         u_int32_t reqid, expire_type_t type, u_int32_t time)
  {
         callback_job_t *job;
@@ -1516,7 +1516,7 @@ static void schedule_expire(private_kernel_klips_ipsec_t *this,
  
  METHOD(kernel_ipsec_t, get_spi, status_t,
         private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
-       protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
+       u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
  {
         /* we cannot use SADB_GETSPI because KLIPS does not allow us to set the
          * NAT-T type in an SADB_UPDATE which we would have to use to update the
@@ -1611,7 +1611,7 @@ static status_t add_ipip_sa(private_kernel_klips_ipsec_t *this,
   */
  static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this,
                                            host_t *src, host_t *dst, u_int32_t spi,
-                                          protocol_id_t protocol, u_int32_t reqid)
+                                          u_int8_t protocol, u_int32_t reqid)
  {
         unsigned char request[PFKEY_BUFFER_SIZE];
         struct sadb_msg *msg, *out;
@@ -1641,7 +1641,7 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this,
         satype = (struct sadb_x_satype*)PFKEY_EXT_ADD_NEXT(msg);
         satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2;
         satype->sadb_x_satype_len = PFKEY_LEN(sizeof(struct sadb_x_satype));
-       satype->sadb_x_satype_satype = proto_ike2satype(protocol);
+       satype->sadb_x_satype_satype = proto2satype(protocol);
         PFKEY_EXT_ADD(msg, satype);
  
         sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
@@ -1672,7 +1672,7 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this,
  
  METHOD(kernel_ipsec_t, add_sa, status_t,
         private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi,
-       protocol_id_t protocol, u_int32_t reqid, mark_t mark,
+       u_int8_t protocol, u_int32_t reqid, mark_t mark,
         lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
         u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
         u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound,
@@ -1713,7 +1713,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
         msg = (struct sadb_msg*)request;
         msg->sadb_msg_version = PF_KEY_V2;
         msg->sadb_msg_type = SADB_ADD;
-       msg->sadb_msg_satype = proto_ike2satype(protocol);
+       msg->sadb_msg_satype = proto2satype(protocol);
         msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
  
         sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
@@ -1830,7 +1830,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
  }
  
  METHOD(kernel_ipsec_t, update_sa, status_t,
-       private_kernel_klips_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+       private_kernel_klips_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
         u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
         bool encap, bool new_encap, mark_t mark)
  {
@@ -1867,7 +1867,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
         msg = (struct sadb_msg*)request;
         msg->sadb_msg_version = PF_KEY_V2;
         msg->sadb_msg_type = SADB_UPDATE;
-       msg->sadb_msg_satype = proto_ike2satype(protocol);
+       msg->sadb_msg_satype = proto2satype(protocol);
         msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
  
         sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
@@ -1903,14 +1903,14 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
  
  METHOD(kernel_ipsec_t, query_sa, status_t,
         private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, protocol_id_t protocol, mark_t mark, u_int64_t *bytes)
+       u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
  {
         return NOT_SUPPORTED;  /* TODO */
  }
  
  METHOD(kernel_ipsec_t, del_sa, status_t,
         private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, mark_t mark)
+       u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
  {
         unsigned char request[PFKEY_BUFFER_SIZE];
         struct sadb_msg *msg, *out;
@@ -1939,7 +1939,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
         msg = (struct sadb_msg*)request;
         msg->sadb_msg_version = PF_KEY_V2;
         msg->sadb_msg_type = SADB_DELETE;
-       msg->sadb_msg_satype = proto_ike2satype(protocol);
+       msg->sadb_msg_satype = proto2satype(protocol);
         msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
  
         sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
@@ -1974,7 +1974,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
  METHOD(kernel_ipsec_t, add_policy, status_t,
         private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
         traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
-       policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+       policy_dir_t direction, u_int32_t spi, u_int8_t protocol,
         u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp,
         u_int16_t cpi, bool routed)
  {
@@ -1992,7 +1992,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
  
         /* tunnel mode policies direct the packets into the pseudo IPIP SA */
         satype = (mode == MODE_TUNNEL) ? SADB_X_SATYPE_IPIP :
-                                                                        proto_ike2satype(protocol);
+                                                                        proto2satype(protocol);
  
         /* create a policy */
         policy = create_policy_entry(src_ts, dst_ts, direction);
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c

index 6d971bdbcb80bf8676b7b91d931322e65f3094ae..c366efde209f7c6dd20b293ddae0e0198fa5d342 100644 (file)
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2006-2009 Tobias Brunner
+ * Copyright (C) 2006-2010 Tobias Brunner
   * Copyright (C) 2005-2009 Martin Willi
   * Copyright (C) 2008 Andreas Steffen
   * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser
@@ -348,38 +348,6 @@ struct private_kernel_netlink_ipsec_t {
         bool install_routes;
  };
  
-/**
- * convert a IKEv2 specific protocol identifier to the kernel one
- */
-static u_int8_t proto_ike2kernel(protocol_id_t proto)
-{
-       switch (proto)
-       {
-               case PROTO_ESP:
-                       return IPPROTO_ESP;
-               case PROTO_AH:
-                       return IPPROTO_AH;
-               default:
-                       return proto;
-       }
-}
-
-/**
- * reverse of ike2kernel
- */
-static protocol_id_t proto_kernel2ike(u_int8_t proto)
-{
-       switch (proto)
-       {
-               case IPPROTO_ESP:
-                       return PROTO_ESP;
-               case IPPROTO_AH:
-                       return PROTO_AH;
-               default:
-                       return proto;
-       }
-}
-
  /**
   * convert the general ipsec mode to the one defined in xfrm.h
   */
@@ -595,18 +563,18 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this, struct nlmsghd
   */
  static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr *hdr)
  {
-       protocol_id_t protocol;
+       u_int8_t protocol;
         u_int32_t spi, reqid;
         struct xfrm_user_expire *expire;
  
         expire = (struct xfrm_user_expire*)NLMSG_DATA(hdr);
-       protocol = proto_kernel2ike(expire->state.id.proto);
+       protocol = expire->state.id.proto;
         spi = expire->state.id.spi;
         reqid = expire->state.reqid;
  
         DBG2(DBG_KNL, "received a XFRM_MSG_EXPIRE");
  
-       if (protocol != PROTO_ESP && protocol != PROTO_AH)
+       if (protocol != IPPROTO_ESP && protocol != IPPROTO_AH)
         {
                 DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and "
                                           "reqid {%u} which is not a CHILD_SA", ntohl(spi), reqid);
@@ -659,18 +627,15 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this, struct nlmsghd
                 else if (rta->rta_type == XFRMA_MIGRATE)
                 {
                         struct xfrm_user_migrate *migrate;
-                       protocol_id_t proto;
  
                         migrate = (struct xfrm_user_migrate*)RTA_DATA(rta);
                         old_src = xfrm2host(migrate->old_family, &migrate->old_saddr, 0);
                         old_dst = xfrm2host(migrate->old_family, &migrate->old_daddr, 0);
                         new_src = xfrm2host(migrate->new_family, &migrate->new_saddr, 0);
                         new_dst = xfrm2host(migrate->new_family, &migrate->new_daddr, 0);
-                       proto = proto_kernel2ike(migrate->proto);
                         reqid = migrate->reqid;
-                       DBG2(DBG_KNL, "  migrate %N %H...%H to %H...%H, reqid {%u}",
-                                                        protocol_id_names, proto, old_src, old_dst,
-                                                        new_src, new_dst, reqid);
+                       DBG2(DBG_KNL, "  migrate %H...%H to %H...%H, reqid {%u}",
+                                                 old_src, old_dst, new_src, new_dst, reqid);
                         DESTROY_IF(old_src);
                         DESTROY_IF(old_dst);
                         DESTROY_IF(new_src);
@@ -709,7 +674,7 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this,
  
         DBG2(DBG_KNL, "received a XFRM_MSG_MAPPING");
  
-       if (proto_kernel2ike(mapping->id.proto) == PROTO_ESP)
+       if (mapping->id.proto == IPPROTO_ESP)
         {
                 host = xfrm2host(mapping->id.family, &mapping->new_saddr,
                                                  mapping->new_sport);
@@ -858,11 +823,11 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this,
  
  METHOD(kernel_ipsec_t, get_spi, status_t,
         private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
-       protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
+       u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
  {
         DBG2(DBG_KNL, "getting SPI for reqid {%u}", reqid);
  
-       if (get_spi_internal(this, src, dst, proto_ike2kernel(protocol),
+       if (get_spi_internal(this, src, dst, protocol,
                         0xc0000000, 0xcFFFFFFF, reqid, spi) != SUCCESS)
         {
                 DBG1(DBG_KNL, "unable to get SPI for reqid {%u}", reqid);
@@ -898,7 +863,7 @@ METHOD(kernel_ipsec_t, get_cpi, status_t,
  
  METHOD(kernel_ipsec_t, add_sa, status_t,
         private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, mark_t mark,
+       u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
         lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
         u_int16_t int_alg, chunk_t int_key,     ipsec_mode_t mode, u_int16_t ipcomp,
         u_int16_t cpi, bool encap, bool inbound,
@@ -944,7 +909,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
         host2xfrm(src, &sa->saddr);
         host2xfrm(dst, &sa->id.daddr);
         sa->id.spi = spi;
-       sa->id.proto = proto_ike2kernel(protocol);
+       sa->id.proto = protocol;
         sa->family = src->get_family(src);
         sa->mode = mode2kernel(mode);
         switch (mode)
@@ -1206,7 +1171,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
   * Get the replay state (i.e. sequence numbers) of an SA.
   */
  static status_t get_replay_state(private_kernel_netlink_ipsec_t *this,
-                                                 u_int32_t spi, protocol_id_t protocol, host_t *dst,
+                                                 u_int32_t spi, u_int8_t protocol, host_t *dst,
                                                   struct xfrm_replay_state *replay)
  {
         netlink_buf_t request;
@@ -1230,7 +1195,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this,
  
         host2xfrm(dst, &aevent_id->sa_id.daddr);
         aevent_id->sa_id.spi = spi;
-       aevent_id->sa_id.proto = proto_ike2kernel(protocol);
+       aevent_id->sa_id.proto = protocol;
         aevent_id->sa_id.family = dst->get_family(dst);
  
         if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS)
@@ -1292,7 +1257,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this,
  
  METHOD(kernel_ipsec_t, query_sa, status_t,
         private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, protocol_id_t protocol, mark_t mark, u_int64_t *bytes)
+       u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
  {
         netlink_buf_t request;
         struct nlmsghdr *out = NULL, *hdr;
@@ -1319,7 +1284,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
         sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr);
         host2xfrm(dst, &sa_id->daddr);
         sa_id->spi = spi;
-       sa_id->proto = proto_ike2kernel(protocol);
+       sa_id->proto = protocol;
         sa_id->family = dst->get_family(dst);
  
         if (mark.value)
@@ -1395,7 +1360,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
  
  METHOD(kernel_ipsec_t, del_sa, status_t,
         private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, mark_t mark)
+       u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
  {
         netlink_buf_t request;
         struct nlmsghdr *hdr;
@@ -1426,7 +1391,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
         sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr);
         host2xfrm(dst, &sa_id->daddr);
         sa_id->spi = spi;
-       sa_id->proto = proto_ike2kernel(protocol);
+       sa_id->proto = protocol;
         sa_id->family = dst->get_family(dst);
  
         if (mark.value)
@@ -1473,7 +1438,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
  }
  
  METHOD(kernel_ipsec_t, update_sa, status_t,
-       private_kernel_netlink_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+       private_kernel_netlink_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
         u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
         bool old_encap, bool new_encap, mark_t mark)
  {
@@ -1509,7 +1474,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
         sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr);
         host2xfrm(dst, &sa_id->daddr);
         sa_id->spi = spi;
-       sa_id->proto = proto_ike2kernel(protocol);
+       sa_id->proto = protocol;
         sa_id->family = dst->get_family(dst);
  
         if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS)
@@ -1652,9 +1617,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
  METHOD(kernel_ipsec_t, add_policy, status_t,
         private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
         traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
-       policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+       policy_dir_t direction, u_int32_t spi, u_int8_t protocol,
         u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp,
-       u_int16_t cpi,  bool routed)
+       u_int16_t cpi, bool routed)
  {
         policy_entry_t *current, *policy;
         bool found = FALSE;
@@ -1784,7 +1749,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
         }
  
         tmpl->reqid = reqid;
-       tmpl->id.proto = proto_ike2kernel(protocol);
+       tmpl->id.proto = protocol;
         tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0;
         tmpl->mode = mode2kernel(mode);
         tmpl->family = src->get_family(src);
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

index 91e46cbf23a895e86f118ebbea8f24d217483593..4cb175bfa637b50324c9276cc7e0f750798bf633 100644 (file)
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -394,15 +394,15 @@ ENUM(sadb_ext_type_names, SADB_EXT_RESERVED, SADB_EXT_MAX,
  );
  
  /**
- * convert a IKEv2 specific protocol identifier to the PF_KEY sa type
+ * convert a protocol identifier to the PF_KEY sa type
   */
-static u_int8_t proto_ike2satype(protocol_id_t proto)
+static u_int8_t proto2satype(u_int8_t proto)
  {
         switch (proto)
         {
-               case PROTO_ESP:
+               case IPPROTO_ESP:
                         return SADB_SATYPE_ESP;
-               case PROTO_AH:
+               case IPPROTO_AH:
                         return SADB_SATYPE_AH;
                 case IPPROTO_COMP:
                         return SADB_X_SATYPE_IPCOMP;
@@ -412,36 +412,20 @@ static u_int8_t proto_ike2satype(protocol_id_t proto)
  }
  
  /**
- * convert a PF_KEY sa type to a IKEv2 specific protocol identifier
+ * convert a PF_KEY sa type to a protocol identifier
   */
-static protocol_id_t proto_satype2ike(u_int8_t proto)
+static u_int8_t satype2proto(u_int8_t satype)
  {
-       switch (proto)
+       switch (satype)
         {
                 case SADB_SATYPE_ESP:
-                       return PROTO_ESP;
+                       return IPPROTO_ESP;
                 case SADB_SATYPE_AH:
-                       return PROTO_AH;
+                       return IPPROTO_AH;
                 case SADB_X_SATYPE_IPCOMP:
                         return IPPROTO_COMP;
                 default:
-                       return proto;
-       }
-}
-
-/**
- * convert a IKEv2 specific protocol identifier to the IP protocol identifier
- */
-static u_int8_t proto_ike2ip(protocol_id_t proto)
-{
-       switch (proto)
-       {
-               case PROTO_ESP:
-                       return IPPROTO_ESP;
-               case PROTO_AH:
-                       return IPPROTO_AH;
-               default:
-                       return proto;
+                       return satype;
         }
  }
  
@@ -942,7 +926,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg*
  static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* msg)
  {
         pfkey_msg_t response;
-       protocol_id_t protocol;
+       u_int8_t protocol;
         u_int32_t spi, reqid;
         bool hard;
  
@@ -954,12 +938,12 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg*
                 return;
         }
  
-       protocol = proto_satype2ike(msg->sadb_msg_satype);
+       protocol = satype2proto(msg->sadb_msg_satype);
         spi = response.sa->sadb_sa_spi;
         reqid = response.x_sa2->sadb_x_sa2_reqid;
         hard = response.lft_hard != NULL;
  
-       if (protocol != PROTO_ESP && protocol != PROTO_AH)
+       if (protocol != IPPROTO_ESP && protocol != IPPROTO_AH)
         {
                 DBG2(DBG_KNL, "ignoring SADB_EXPIRE for SA with SPI %.8x and reqid {%u} "
                                           "which is not a CHILD_SA", ntohl(spi), reqid);
@@ -1053,7 +1037,7 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this, struct sadb_msg*
         spi = response.sa->sadb_sa_spi;
         reqid = response.x_sa2->sadb_x_sa2_reqid;
  
-       if (proto_satype2ike(msg->sadb_msg_satype) == PROTO_ESP)
+       if (satype2proto(msg->sadb_msg_satype) == IPPROTO_ESP)
         {
                 sockaddr_t *sa = (sockaddr_t*)(response.dst + 1);
                 switch (sa->sa_family)
@@ -1155,7 +1139,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this)
  
  METHOD(kernel_ipsec_t, get_spi, status_t,
         private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
-       protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
+       u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
  {
         unsigned char request[PFKEY_BUFFER_SIZE];
         struct sadb_msg *msg, *out;
@@ -1170,7 +1154,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
         msg = (struct sadb_msg*)request;
         msg->sadb_msg_version = PF_KEY_V2;
         msg->sadb_msg_type = SADB_GETSPI;
-       msg->sadb_msg_satype = proto_ike2satype(protocol);
+       msg->sadb_msg_satype = proto2satype(protocol);
         msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
  
         sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg);
@@ -1221,7 +1205,7 @@ METHOD(kernel_ipsec_t, get_cpi, status_t,
  
  METHOD(kernel_ipsec_t, add_sa, status_t,
         private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi,
-       protocol_id_t protocol, u_int32_t reqid, mark_t mark,
+       u_int8_t protocol, u_int32_t reqid, mark_t mark,
         lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
         u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode,
         u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound,
@@ -1242,7 +1226,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
         msg = (struct sadb_msg*)request;
         msg->sadb_msg_version = PF_KEY_V2;
         msg->sadb_msg_type = inbound ? SADB_UPDATE : SADB_ADD;
-       msg->sadb_msg_satype = proto_ike2satype(protocol);
+       msg->sadb_msg_satype = proto2satype(protocol);
         msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
  
  #ifdef __APPLE__
@@ -1367,7 +1351,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
  }
  
  METHOD(kernel_ipsec_t, update_sa, status_t,
-       private_kernel_pfkey_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+       private_kernel_pfkey_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
         u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
         bool encap, bool new_encap, mark_t mark)
  {
@@ -1395,7 +1379,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
         msg = (struct sadb_msg*)request;
         msg->sadb_msg_version = PF_KEY_V2;
         msg->sadb_msg_type = SADB_GET;
-       msg->sadb_msg_satype = proto_ike2satype(protocol);
+       msg->sadb_msg_satype = proto2satype(protocol);
         msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
  
         sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
@@ -1438,7 +1422,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
         msg = (struct sadb_msg*)request;
         msg->sadb_msg_version = PF_KEY_V2;
         msg->sadb_msg_type = SADB_UPDATE;
-       msg->sadb_msg_satype = proto_ike2satype(protocol);
+       msg->sadb_msg_satype = proto2satype(protocol);
         msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
  
  #ifdef __APPLE__
@@ -1502,7 +1486,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
  
  METHOD(kernel_ipsec_t, query_sa, status_t,
         private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, protocol_id_t protocol, mark_t mark, u_int64_t *bytes)
+       u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
  {
         unsigned char request[PFKEY_BUFFER_SIZE];
         struct sadb_msg *msg, *out;
@@ -1517,7 +1501,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
         msg = (struct sadb_msg*)request;
         msg->sadb_msg_version = PF_KEY_V2;
         msg->sadb_msg_type = SADB_GET;
-       msg->sadb_msg_satype = proto_ike2satype(protocol);
+       msg->sadb_msg_satype = proto2satype(protocol);
         msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
  
         sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
@@ -1558,7 +1542,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
  
  METHOD(kernel_ipsec_t, del_sa, status_t,
         private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, mark_t mark)
+       u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
  {
         unsigned char request[PFKEY_BUFFER_SIZE];
         struct sadb_msg *msg, *out;
@@ -1572,7 +1556,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
         msg = (struct sadb_msg*)request;
         msg->sadb_msg_version = PF_KEY_V2;
         msg->sadb_msg_type = SADB_DELETE;
-       msg->sadb_msg_satype = proto_ike2satype(protocol);
+       msg->sadb_msg_satype = proto2satype(protocol);
         msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
  
         sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
@@ -1608,7 +1592,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
  METHOD(kernel_ipsec_t, add_policy, status_t,
         private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
         traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
-       policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+       policy_dir_t direction, u_int32_t spi, u_int8_t protocol,
         u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp,
         u_int16_t cpi, bool routed)
  {
@@ -1676,7 +1660,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
  
         /* one or more sadb_x_ipsecrequest extensions are added to the sadb_x_policy extension */
         req = (struct sadb_x_ipsecrequest*)(pol + 1);
-       req->sadb_x_ipsecrequest_proto = proto_ike2ip(protocol);
+       req->sadb_x_ipsecrequest_proto = protocol;
         /* !!! the length of this struct MUST be in octets instead of 64 bit words */
         req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest);
         req->sadb_x_ipsecrequest_mode = mode2kernel(mode);
diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c

index 43c0ef009b8187529ec2521c358570b0cdbd717e..efb8fb6fa4773fb461be403e7f4c39a6f0acd4f8 100644 (file)
--- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
@@ -36,7 +36,7 @@ struct private_load_tester_ipsec_t {
  
  METHOD(kernel_ipsec_t, get_spi, status_t,
            private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
-          protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
+          u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
  {
         *spi = ++this->spi;
         return SUCCESS;
@@ -51,7 +51,7 @@ METHOD(kernel_ipsec_t, get_cpi, status_t,
  
  METHOD(kernel_ipsec_t, add_sa, status_t,
            private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
-          u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, mark_t mark,
+          u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark,
            lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
            u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
            u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
@@ -61,7 +61,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
  }
  
  METHOD(kernel_ipsec_t, update_sa, status_t,
-          private_load_tester_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+          private_load_tester_ipsec_t *this, u_int32_t spi, u_int8_t protocol,
            u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src,
            host_t *new_dst, bool encap, bool new_encap, mark_t mark)
  {
@@ -70,14 +70,14 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
  
  METHOD(kernel_ipsec_t, query_sa, status_t,
            private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
-          u_int32_t spi, protocol_id_t protocol, mark_t mark, u_int64_t *bytes)
+          u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
  {
         return NOT_SUPPORTED;
  }
  
  METHOD(kernel_ipsec_t, del_sa, status_t,
            private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
-          u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, mark_t mark)
+          u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
  {
         return SUCCESS;
  }
@@ -85,7 +85,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
  METHOD(kernel_ipsec_t, add_policy, status_t,
            private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
            traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
-          policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+          policy_dir_t direction, u_int32_t spi, u_int8_t protocol,
            u_int32_t reqid, mark_t mark, ipsec_mode_t mode, u_int16_t ipcomp,
            u_int16_t cpi, bool routed)
  {
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c

index 4e609da7046e6b807f41c6bd6e1241ffc299e013..2f5d948c7c2c4482b6d09885d4b6d7bd393c93ee 100644 (file)
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2006-2009 Tobias Brunner
+ * Copyright (C) 2006-2010 Tobias Brunner
   * Copyright (C) 2005-2008 Martin Willi
   * Copyright (C) 2006 Daniel Roethlisberger
   * Copyright (C) 2005 Jan Hutter
@@ -178,6 +178,22 @@ struct private_child_sa_t {
         u_int64_t other_usebytes;
  };
  
+/**
+ * convert an IKEv2 specific protocol identifier to the IP protocol identifier.
+ */
+static inline u_int8_t proto_ike2ip(protocol_id_t protocol)
+{
+       switch (protocol)
+       {
+               case PROTO_ESP:
+                       return IPPROTO_ESP;
+               case PROTO_AH:
+                       return IPPROTO_AH;
+               default:
+                       return protocol;
+       }
+}
+
  METHOD(child_sa_t, get_name, char*,
            private_child_sa_t *this)
  {
@@ -398,9 +414,9 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound)
                 if (this->my_spi)
                 {
                         status = charon->kernel_interface->query_sa(charon->kernel_interface,
-                                                                       this->other_addr, this->my_addr,
-                                                                       this->my_spi, this->protocol,
-                                                                       this->mark_in, &bytes);
+                                                       this->other_addr, this->my_addr, this->my_spi,
+                                                       proto_ike2ip(this->protocol), this->mark_in,
+                                                       &bytes);
                         if (status == SUCCESS)
                         {
                                 if (bytes > this->my_usebytes)
@@ -417,9 +433,9 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound)
                 if (this->other_spi)
                 {
                         status = charon->kernel_interface->query_sa(charon->kernel_interface,
-                                                                       this->my_addr, this->other_addr,
-                                                                       this->other_spi, this->protocol,
-                                                                       this->mark_out, &bytes);
+                                                       this->my_addr, this->other_addr, this->other_spi,
+                                                       proto_ike2ip(this->protocol), this->mark_out,
+                                                       &bytes);
                         if (status == SUCCESS)
                         {
                                 if (bytes > this->other_usebytes)
@@ -519,8 +535,9 @@ METHOD(child_sa_t, alloc_spi, u_int32_t,
            private_child_sa_t *this, protocol_id_t protocol)
  {
         if (charon->kernel_interface->get_spi(charon->kernel_interface,
-                                                       this->other_addr, this->my_addr, protocol,
-                                                       this->reqid, &this->my_spi) == SUCCESS)
+                                                                       this->other_addr, this->my_addr,
+                                                                       proto_ike2ip(protocol), this->reqid,
+                                                                       &this->my_spi) == SUCCESS)
         {
                 return this->my_spi;
         }
@@ -531,8 +548,8 @@ METHOD(child_sa_t, alloc_cpi, u_int16_t,
            private_child_sa_t *this)
  {
         if (charon->kernel_interface->get_cpi(charon->kernel_interface,
-                                       this->other_addr, this->my_addr, this->reqid,
-                                       &this->my_cpi) == SUCCESS)
+                                                                       this->other_addr, this->my_addr,
+                                                                       this->reqid, &this->my_cpi) == SUCCESS)
         {
                 return this->my_cpi;
         }
@@ -620,7 +637,7 @@ METHOD(child_sa_t, install, status_t,
         }
  
         status = charon->kernel_interface->add_sa(charon->kernel_interface,
-                               src, dst, spi, this->protocol, this->reqid,
+                               src, dst, spi, proto_ike2ip(this->protocol), this->reqid,
                                 inbound ? this->mark_in : this->mark_out,
                                 lifetime, enc_alg, encr, int_alg, integ, this->mode,
                                 this->ipcomp, cpi, this->encap, update, src_ts, dst_ts);
@@ -661,20 +678,26 @@ METHOD(child_sa_t, add_policies, status_t,
                 {
                         /* install 3 policies: out, in and forward */
                         status |= charon->kernel_interface->add_policy(charon->kernel_interface,
-                                       this->my_addr, this->other_addr, my_ts, other_ts, POLICY_OUT,
-                                       this->other_spi, this->protocol, this->reqid, this->mark_out,
-                                       this->mode, this->ipcomp, this->other_cpi, routed);
+                                                       this->my_addr, this->other_addr, my_ts, other_ts,
+                                                       POLICY_OUT, this->other_spi,
+                                                       proto_ike2ip(this->protocol), this->reqid,
+                                                       this->mark_out, this->mode, this->ipcomp,
+                                                       this->other_cpi, routed);
  
                         status |= charon->kernel_interface->add_policy(charon->kernel_interface,
-                                       this->other_addr, this->my_addr, other_ts, my_ts, POLICY_IN,
-                                       this->my_spi, this->protocol, this->reqid, this->mark_in,
-                                       this->mode,     this->ipcomp, this->my_cpi, routed);
+                                                       this->other_addr, this->my_addr, other_ts, my_ts,
+                                                       POLICY_IN, this->my_spi,
+                                                       proto_ike2ip(this->protocol), this->reqid,
+                                                       this->mark_in, this->mode, this->ipcomp,
+                                                       this->my_cpi, routed);
                         if (this->mode != MODE_TRANSPORT)
                         {
                                 status |= charon->kernel_interface->add_policy(charon->kernel_interface,
-                                       this->other_addr, this->my_addr, other_ts, my_ts, POLICY_FWD,
-                                       this->my_spi, this->protocol, this->reqid, this->mark_in,
-                                       this->mode,     this->ipcomp, this->my_cpi, routed);
+                                                       this->other_addr, this->my_addr, other_ts, my_ts,
+                                                       POLICY_FWD, this->my_spi,
+                                                       proto_ike2ip(this->protocol), this->reqid,
+                                                       this->mark_in, this->mode, this->ipcomp,
+                                                       this->my_cpi, routed);
                         }
  
                         if (status != SUCCESS)
@@ -717,7 +740,7 @@ METHOD(child_sa_t, update, status_t,
                 if (this->my_spi)
                 {
                         if (charon->kernel_interface->update_sa(charon->kernel_interface,
-                                                       this->my_spi, this->protocol,
+                                                       this->my_spi, proto_ike2ip(this->protocol),
                                                         this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0,
                                                         this->other_addr, this->my_addr, other, me,
                                                         this->encap, encap, this->mark_in) == NOT_SUPPORTED)
@@ -730,7 +753,7 @@ METHOD(child_sa_t, update, status_t,
                 if (this->other_spi)
                 {
                         if (charon->kernel_interface->update_sa(charon->kernel_interface,
-                                                       this->other_spi, this->protocol,
+                                                       this->other_spi, proto_ike2ip(this->protocol),
                                                         this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0,
                                                         this->my_addr, this->other_addr, me, other,
                                                         this->encap, encap, this->mark_out) == NOT_SUPPORTED)
@@ -786,19 +809,22 @@ METHOD(child_sa_t, update, status_t,
  
                                 /* reinstall updated policies */
                                 charon->kernel_interface->add_policy(charon->kernel_interface,
-                                               me, other, my_ts, other_ts, POLICY_OUT, this->other_spi,
-                                               this->protocol, this->reqid, this->mark_out, this->mode,
-                                               this->ipcomp, this->other_cpi, FALSE);
+                                                       me, other, my_ts, other_ts, POLICY_OUT,
+                                                       this->other_spi, proto_ike2ip(this->protocol),
+                                                       this->reqid, this->mark_out, this->mode,
+                                                       this->ipcomp, this->other_cpi, FALSE);
                                 charon->kernel_interface->add_policy(charon->kernel_interface,
-                                               other, me, other_ts, my_ts, POLICY_IN, this->my_spi,
-                                               this->protocol, this->reqid, this->mark_in, this->mode,
-                                               this->ipcomp, this->my_cpi, FALSE);
+                                                       other, me, other_ts, my_ts, POLICY_IN,
+                                                       this->my_spi, proto_ike2ip(this->protocol),
+                                                       this->reqid, this->mark_in, this->mode,
+                                                       this->ipcomp, this->my_cpi, FALSE);
                                 if (this->mode != MODE_TRANSPORT)
                                 {
                                         charon->kernel_interface->add_policy(charon->kernel_interface,
-                                               other, me, other_ts, my_ts, POLICY_FWD, this->my_spi,
-                                               this->protocol, this->reqid, this->mark_in, this->mode,
-                                               this->ipcomp, this->my_cpi, FALSE);
+                                                       other, me, other_ts, my_ts, POLICY_FWD,
+                                                       this->my_spi, proto_ike2ip(this->protocol),
+                                                       this->reqid, this->mark_in, this->mode,
+                                                       this->ipcomp, this->my_cpi, FALSE);
                                 }
                         }
                         enumerator->destroy(enumerator);
@@ -846,13 +872,15 @@ METHOD(child_sa_t, destroy, void,
                 }
                 charon->kernel_interface->del_sa(charon->kernel_interface,
                                         this->other_addr, this->my_addr, this->my_spi,
-                                       this->protocol, this->my_cpi, this->mark_in);
+                                       proto_ike2ip(this->protocol), this->my_cpi,
+                                       this->mark_in);
         }
         if (this->other_spi)
         {
                 charon->kernel_interface->del_sa(charon->kernel_interface,
                                         this->my_addr, this->other_addr, this->other_spi,
-                                       this->protocol, this->other_cpi, this->mark_out);
+                                       proto_ike2ip(this->protocol), this->other_cpi,
+                                       this->mark_out);
         }
  
         if (this->config->install_policy(this->config))
@@ -862,13 +890,13 @@ METHOD(child_sa_t, destroy, void,
                 while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
                 {
                         charon->kernel_interface->del_policy(charon->kernel_interface,
-                                                       my_ts, other_ts, POLICY_OUT, this->mark_out, unrouted);
+                                               my_ts, other_ts, POLICY_OUT, this->mark_out, unrouted);
                         charon->kernel_interface->del_policy(charon->kernel_interface,
-                                                       other_ts, my_ts, POLICY_IN, this->mark_in, unrouted);
+                                               other_ts, my_ts, POLICY_IN, this->mark_in, unrouted);
                         if (this->mode != MODE_TRANSPORT)
                         {
                                 charon->kernel_interface->del_policy(charon->kernel_interface,
-                                                       other_ts, my_ts, POLICY_FWD, this->mark_in, unrouted);
+                                               other_ts, my_ts, POLICY_FWD, this->mark_in, unrouted);
                         }
                 }
                 enumerator->destroy(enumerator);
author	Tobias Brunner <tobias@strongswan.org>
	Mon, 12 Jul 2010 08:35:19 +0000 (10:35 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Thu, 2 Sep 2010 17:01:25 +0000 (19:01 +0200)
src/libcharon/kernel/kernel_handler.c		patch \| blob \| blame \| history
src/libcharon/kernel/kernel_interface.c		patch \| blob \| blame \| history
src/libcharon/kernel/kernel_interface.h		patch \| blob \| blame \| history
src/libcharon/kernel/kernel_ipsec.h		patch \| blob \| blame \| history
src/libcharon/kernel/kernel_listener.h		patch \| blob \| blame \| history
src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c		patch \| blob \| blame \| history
src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c		patch \| blob \| blame \| history
src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c		patch \| blob \| blame \| history
src/libcharon/plugins/load_tester/load_tester_ipsec.c		patch \| blob \| blame \| history
src/libcharon/sa/child_sa.c		patch \| blob \| blame \| history