]>
Commit | Line | Data |
---|---|---|
3ebebc5e | 1 | /* |
4989aba8 | 2 | * Copyright (C) 2006-2017 Tobias Brunner |
3aaf7908 | 3 | * Copyright (C) 2006-2008 Martin Willi |
d4aad554 | 4 | * Copyright (C) 2006 Daniel Roethlisberger |
4989aba8 | 5 | * HSR Hochschule fuer Technik Rapperswil |
3ebebc5e MW |
6 | * |
7 | * This program is free software; you can redistribute it and/or modify it | |
8 | * under the terms of the GNU General Public License as published by the | |
9 | * Free Software Foundation; either version 2 of the License, or (at your | |
10 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
15 | * for more details. | |
16 | */ | |
17 | ||
552cc11b MW |
18 | /** |
19 | * @defgroup child_sa child_sa | |
20 | * @{ @ingroup sa | |
21 | */ | |
3ebebc5e | 22 | |
16b9a73c MW |
23 | #ifndef CHILD_SA_H_ |
24 | #define CHILD_SA_H_ | |
3ebebc5e | 25 | |
382b4817 | 26 | typedef enum child_sa_state_t child_sa_state_t; |
afbea8ce | 27 | typedef enum child_sa_outbound_state_t child_sa_outbound_state_t; |
382b4817 MW |
28 | typedef struct child_sa_t child_sa_t; |
29 | ||
db7ef624 | 30 | #include <library.h> |
68621281 | 31 | #include <crypto/prf_plus.h> |
3ebebc5e | 32 | #include <encoding/payloads/proposal_substructure.h> |
2307bffe | 33 | #include <crypto/proposal/proposal.h> |
e0fe7651 | 34 | #include <config/child_cfg.h> |
3ebebc5e | 35 | |
bcb95ced | 36 | /** |
552cc11b | 37 | * States of a CHILD_SA |
bcb95ced MW |
38 | */ |
39 | enum child_sa_state_t { | |
7daf5226 | 40 | |
bcb95ced MW |
41 | /** |
42 | * Just created, uninstalled CHILD_SA | |
43 | */ | |
44 | CHILD_CREATED, | |
7daf5226 | 45 | |
45f76a7d MW |
46 | /** |
47 | * Installed SPD, but no SAD entries | |
48 | */ | |
49 | CHILD_ROUTED, | |
7daf5226 | 50 | |
ea625fab TB |
51 | /** |
52 | * Installing an in-use CHILD_SA | |
53 | */ | |
54 | CHILD_INSTALLING, | |
7daf5226 | 55 | |
83186d3c TB |
56 | /** |
57 | * Installed both SAs of a CHILD_SA | |
bcb95ced MW |
58 | */ |
59 | CHILD_INSTALLED, | |
7daf5226 | 60 | |
ad3af574 MW |
61 | /** |
62 | * While updating hosts, in update_hosts() | |
63 | */ | |
64 | CHILD_UPDATING, | |
7daf5226 | 65 | |
bcb95ced MW |
66 | /** |
67 | * CHILD_SA which is rekeying | |
68 | */ | |
69 | CHILD_REKEYING, | |
7daf5226 | 70 | |
70728eb1 TB |
71 | /** |
72 | * CHILD_SA that was rekeyed, but stays installed | |
73 | */ | |
74 | CHILD_REKEYED, | |
75 | ||
013857ad MW |
76 | /** |
77 | * CHILD_SA negotiation failed, but gets retried | |
78 | */ | |
79 | CHILD_RETRYING, | |
80 | ||
bcb95ced MW |
81 | /** |
82 | * CHILD_SA in progress of delete | |
83 | */ | |
84 | CHILD_DELETING, | |
7daf5226 | 85 | |
a985db3f MW |
86 | /** |
87 | * CHILD_SA object gets destroyed | |
88 | */ | |
89 | CHILD_DESTROYING, | |
bcb95ced MW |
90 | }; |
91 | ||
92 | /** | |
60356f33 | 93 | * enum strings for child_sa_state_t. |
bcb95ced | 94 | */ |
60356f33 | 95 | extern enum_name_t *child_sa_state_names; |
bcb95ced | 96 | |
afbea8ce TB |
97 | /** |
98 | * States of the outbound SA of a CHILD_SA | |
99 | */ | |
100 | enum child_sa_outbound_state_t { | |
101 | ||
102 | /** | |
103 | * Outbound SA is not installed | |
104 | */ | |
2c116ef5 | 105 | CHILD_OUTBOUND_NONE = 0, |
afbea8ce TB |
106 | |
107 | /** | |
2c116ef5 TB |
108 | * Data for the outbound SA has been registered during a rekeying (not set |
109 | * once the SA and policies are both installed) | |
afbea8ce | 110 | */ |
2c116ef5 | 111 | CHILD_OUTBOUND_REGISTERED = (1<<0), |
afbea8ce TB |
112 | |
113 | /** | |
2c116ef5 | 114 | * The outbound SA has been installed |
afbea8ce | 115 | */ |
2c116ef5 TB |
116 | CHILD_OUTBOUND_SA = (1<<1), |
117 | ||
118 | /** | |
119 | * The outbound policies have been installed | |
120 | */ | |
121 | CHILD_OUTBOUND_POLICIES = (1<<2), | |
122 | ||
123 | /** | |
124 | * The outbound SA and policies are both installed | |
125 | */ | |
126 | CHILD_OUTBOUND_INSTALLED = (CHILD_OUTBOUND_SA|CHILD_OUTBOUND_POLICIES), | |
afbea8ce TB |
127 | }; |
128 | ||
129 | /** | |
130 | * enum strings for child_sa_outbound_state_t. | |
131 | */ | |
132 | extern enum_name_t *child_sa_outbound_state_names; | |
133 | ||
3ebebc5e | 134 | /** |
552cc11b | 135 | * Represents an IPsec SAs between two hosts. |
c3a78360 | 136 | * |
1396815a MW |
137 | * A child_sa_t contains two SAs. SAs for both |
138 | * directions are managed in one child_sa_t object. Both | |
139 | * SAs and the policies have the same reqid. | |
c3a78360 | 140 | * |
a527a426 | 141 | * The procedure for child sa setup is as follows: |
3aaf7908 MW |
142 | * - A gets SPIs for a all protocols in its proposals via child_sa_t.alloc |
143 | * - A send the proposals with the allocated SPIs to B | |
a527a426 | 144 | * - B selects a suitable proposal |
3aaf7908 MW |
145 | * - B allocates an SPI for the selected protocol |
146 | * - B calls child_sa_t.install for both, the allocated and received SPI | |
147 | * - B sends the proposal with the allocated SPI to A | |
148 | * - A calls child_sa_t.install for both, the allocated and recevied SPI | |
c3a78360 | 149 | * |
aa5a35a0 | 150 | * Once SAs are set up, policies can be added using add_policies. |
3ebebc5e MW |
151 | */ |
152 | struct child_sa_t { | |
7daf5226 | 153 | |
9be547c0 | 154 | /** |
552cc11b | 155 | * Get the name of the config this CHILD_SA uses. |
9be547c0 | 156 | * |
552cc11b | 157 | * @return name |
9be547c0 MW |
158 | */ |
159 | char* (*get_name) (child_sa_t *this); | |
7daf5226 | 160 | |
9be547c0 | 161 | /** |
552cc11b | 162 | * Get the reqid of the CHILD SA. |
c3a78360 | 163 | * |
c60c7694 MW |
164 | * Every CHILD_SA has a reqid. The kernel uses this ID to |
165 | * identify it. | |
32b6500f | 166 | * |
32b6500f MW |
167 | * @return reqid of the CHILD SA |
168 | */ | |
b12c53ce | 169 | uint32_t (*get_reqid)(child_sa_t *this); |
7daf5226 | 170 | |
4ec397b8 MW |
171 | /** |
172 | * Get the unique numerical identifier for this CHILD_SA. | |
173 | * | |
174 | * While the same reqid might be shared between multiple SAs, the unique_id | |
175 | * is truly unique for all CHILD_SA instances. | |
176 | * | |
177 | * @return unique CHILD_SA identifier | |
178 | */ | |
b12c53ce | 179 | uint32_t (*get_unique_id)(child_sa_t *this); |
4ec397b8 | 180 | |
3aaf7908 MW |
181 | /** |
182 | * Get the config used to set up this child sa. | |
183 | * | |
184 | * @return child_cfg | |
185 | */ | |
186 | child_cfg_t* (*get_config) (child_sa_t *this); | |
7daf5226 | 187 | |
3aaf7908 MW |
188 | /** |
189 | * Get the state of the CHILD_SA. | |
190 | * | |
191 | * @return CHILD_SA state | |
c3a78360 | 192 | */ |
afbea8ce TB |
193 | child_sa_state_t (*get_state)(child_sa_t *this); |
194 | ||
195 | /** | |
196 | * Get the state of the outbound SA. | |
197 | * | |
198 | * @return outbound SA state | |
199 | */ | |
200 | child_sa_outbound_state_t (*get_outbound_state)(child_sa_t *this); | |
7daf5226 | 201 | |
3aaf7908 MW |
202 | /** |
203 | * Set the state of the CHILD_SA. | |
204 | * | |
205 | * @param state state to set on CHILD_SA | |
c3a78360 | 206 | */ |
3aaf7908 | 207 | void (*set_state) (child_sa_t *this, child_sa_state_t state); |
7daf5226 | 208 | |
8d77edde | 209 | /** |
552cc11b | 210 | * Get the SPI of this CHILD_SA. |
c3a78360 | 211 | * |
8d77edde MW |
212 | * Set the boolean parameter inbound to TRUE to |
213 | * get the SPI for which we receive packets, use | |
214 | * FALSE to get those we use for sending packets. | |
215 | * | |
8d77edde | 216 | * @param inbound TRUE to get inbound SPI, FALSE for outbound. |
66da78b4 | 217 | * @return SPI of the CHILD SA |
8d77edde | 218 | */ |
b12c53ce | 219 | uint32_t (*get_spi) (child_sa_t *this, bool inbound); |
7daf5226 | 220 | |
66da78b4 AS |
221 | /** |
222 | * Get the CPI of this CHILD_SA. | |
c3a78360 | 223 | * |
66da78b4 | 224 | * Set the boolean parameter inbound to TRUE to |
32f5ee15 | 225 | * get the CPI for which we receive packets, use |
66da78b4 AS |
226 | * FALSE to get those we use for sending packets. |
227 | * | |
228 | * @param inbound TRUE to get inbound CPI, FALSE for outbound. | |
229 | * @return CPI of the CHILD SA | |
230 | */ | |
b12c53ce | 231 | uint16_t (*get_cpi) (child_sa_t *this, bool inbound); |
66da78b4 | 232 | |
8d77edde | 233 | /** |
552cc11b | 234 | * Get the protocol which this CHILD_SA uses to protect traffic. |
8d77edde | 235 | * |
8d77edde MW |
236 | * @return AH | ESP |
237 | */ | |
238 | protocol_id_t (*get_protocol) (child_sa_t *this); | |
7daf5226 | 239 | |
3aaf7908 MW |
240 | /** |
241 | * Set the negotiated protocol to use for this CHILD_SA. | |
242 | * | |
243 | * @param protocol AH | ESP | |
244 | */ | |
245 | void (*set_protocol)(child_sa_t *this, protocol_id_t protocol); | |
7daf5226 | 246 | |
a3ce4bc2 | 247 | /** |
6e10aead | 248 | * Get the IPsec mode of this CHILD_SA. |
a3ce4bc2 | 249 | * |
6e10aead | 250 | * @return TUNNEL | TRANSPORT | BEET |
a3ce4bc2 | 251 | */ |
6e10aead | 252 | ipsec_mode_t (*get_mode)(child_sa_t *this); |
7daf5226 | 253 | |
3aaf7908 MW |
254 | /** |
255 | * Set the negotiated IPsec mode to use. | |
256 | * | |
257 | * @param mode TUNNEL | TRANPORT | BEET | |
258 | */ | |
259 | void (*set_mode)(child_sa_t *this, ipsec_mode_t mode); | |
7daf5226 | 260 | |
82d20c05 MW |
261 | /** |
262 | * Get the used IPComp algorithm. | |
263 | * | |
264 | * @return IPComp compression algorithm. | |
265 | */ | |
266 | ipcomp_transform_t (*get_ipcomp)(child_sa_t *this); | |
7daf5226 | 267 | |
3aaf7908 MW |
268 | /** |
269 | * Set the IPComp algorithm to use. | |
c3a78360 | 270 | * |
3aaf7908 MW |
271 | * @param ipcomp the IPComp transform to use |
272 | */ | |
273 | void (*set_ipcomp)(child_sa_t *this, ipcomp_transform_t ipcomp); | |
7daf5226 | 274 | |
4c401ea2 MW |
275 | /** |
276 | * Get the action to enforce if the remote peer closes the CHILD_SA. | |
277 | * | |
278 | * @return close action | |
279 | */ | |
280 | action_t (*get_close_action)(child_sa_t *this); | |
281 | ||
282 | /** | |
283 | * Override the close action specified by the CHILD_SA config. | |
284 | * | |
285 | * @param close action to enforce | |
286 | */ | |
287 | void (*set_close_action)(child_sa_t *this, action_t action); | |
288 | ||
289 | /** | |
290 | * Get the action to enforce if the peer is considered dead. | |
291 | * | |
292 | * @return dpd action | |
293 | */ | |
294 | action_t (*get_dpd_action)(child_sa_t *this); | |
295 | ||
296 | /** | |
297 | * Override the DPD action specified by the CHILD_SA config. | |
298 | * | |
0ceb2888 | 299 | * @param dpd action to enforce |
4c401ea2 MW |
300 | */ |
301 | void (*set_dpd_action)(child_sa_t *this, action_t action); | |
302 | ||
3aaf7908 MW |
303 | /** |
304 | * Get the selected proposal. | |
305 | * | |
306 | * @return selected proposal | |
307 | */ | |
308 | proposal_t* (*get_proposal)(child_sa_t *this); | |
7daf5226 | 309 | |
3aaf7908 MW |
310 | /** |
311 | * Set the negotiated proposal. | |
312 | * | |
313 | * @param proposal selected proposal | |
314 | */ | |
c3a78360 | 315 | void (*set_proposal)(child_sa_t *this, proposal_t *proposal); |
7daf5226 | 316 | |
82d20c05 MW |
317 | /** |
318 | * Check if this CHILD_SA uses UDP encapsulation. | |
319 | * | |
320 | * @return TRUE if SA encapsulates ESP packets | |
321 | */ | |
322 | bool (*has_encap)(child_sa_t *this); | |
7daf5226 | 323 | |
6e10aead | 324 | /** |
e3c7e729 | 325 | * Get the absolute time when the CHILD_SA expires or gets rekeyed. |
6e10aead MW |
326 | * |
327 | * @param hard TRUE for hard lifetime, FALSE for soft (rekey) lifetime | |
e3c7e729 | 328 | * @return absolute time |
6e10aead | 329 | */ |
e3c7e729 | 330 | time_t (*get_lifetime)(child_sa_t *this, bool hard); |
7daf5226 | 331 | |
763e0353 MW |
332 | /** |
333 | * Get the absolute time when this SA has been installed. | |
334 | * | |
335 | * @return monotonic absolute install time | |
336 | */ | |
337 | time_t (*get_installtime)(child_sa_t *this); | |
338 | ||
6e10aead | 339 | /** |
c3a78360 | 340 | * Get last use time and the number of bytes processed. |
2ad51539 | 341 | * |
3f720dc7 | 342 | * @param inbound TRUE for inbound traffic, FALSE for outbound |
c3a78360 TB |
343 | * @param[out] time time of last use in seconds (NULL to ignore) |
344 | * @param[out] bytes number of processed bytes (NULL to ignore) | |
d954a208 | 345 | * @param[out] packets number of processed packets (NULL to ignore) |
2ad51539 | 346 | */ |
c3a78360 | 347 | void (*get_usestats)(child_sa_t *this, bool inbound, time_t *time, |
b12c53ce | 348 | uint64_t *bytes, uint64_t *packets); |
7daf5226 | 349 | |
79f39ecf MW |
350 | /** |
351 | * Get the mark used with this CHILD_SA. | |
352 | * | |
353 | * @param inbound TRUE to get inbound mark, FALSE for outbound | |
354 | * @return mark used with this CHILD_SA | |
355 | */ | |
356 | mark_t (*get_mark)(child_sa_t *this, bool inbound); | |
357 | ||
144f676c | 358 | /** |
553bb787 | 359 | * Create an enumerator over traffic selectors of one side. |
a527a426 | 360 | * |
553bb787 MW |
361 | * @param local TRUE for own traffic selectors, FALSE for remote. |
362 | * @return enumerator over traffic_selector_t* | |
c3a78360 | 363 | */ |
553bb787 | 364 | enumerator_t* (*create_ts_enumerator)(child_sa_t *this, bool local); |
7daf5226 | 365 | |
a527a426 | 366 | /** |
3aaf7908 | 367 | * Create an enumerator over installed policies. |
a527a426 | 368 | * |
553bb787 MW |
369 | * The enumerated traffic selectors is a full mesh of compatible local |
370 | * and remote traffic selectors. | |
371 | * | |
372 | * @return enumerator over a pair of traffic_selector_t* | |
a527a426 | 373 | */ |
3aaf7908 | 374 | enumerator_t* (*create_policy_enumerator)(child_sa_t *this); |
7daf5226 | 375 | |
a527a426 | 376 | /** |
3aaf7908 | 377 | * Allocate an SPI to include in a proposal. |
a527a426 | 378 | * |
3aaf7908 MW |
379 | * @param protocol protocol to allocate SPI for (ESP|AH) |
380 | * @param spi SPI output pointer | |
381 | * @return SPI, 0 on failure | |
a527a426 | 382 | */ |
b12c53ce | 383 | uint32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol); |
7daf5226 | 384 | |
80853d84 | 385 | /** |
3aaf7908 | 386 | * Allocate a CPI to use for IPComp. |
80853d84 | 387 | * |
3aaf7908 | 388 | * @return CPI, 0 on failure |
80853d84 | 389 | */ |
b12c53ce | 390 | uint16_t (*alloc_cpi)(child_sa_t *this); |
7daf5226 | 391 | |
1396815a | 392 | /** |
3aaf7908 | 393 | * Install an IPsec SA for one direction. |
1396815a | 394 | * |
4989aba8 TB |
395 | * set_policies() should be called before calling this. |
396 | * | |
3aaf7908 MW |
397 | * @param encr encryption key, if any |
398 | * @param integ integrity key | |
399 | * @param spi SPI to use, allocated for inbound | |
400 | * @param cpi CPI to use, allocated for outbound | |
a8c94544 | 401 | * @param initiator TRUE if initiator of exchange resulting in this SA |
3aaf7908 | 402 | * @param inbound TRUE to install an inbound SA, FALSE for outbound |
55df72e6 | 403 | * @param tfcv3 TRUE if peer supports ESPv3 TFC |
2b3100b5 | 404 | * @return SUCCESS or FAILED |
1396815a | 405 | */ |
3aaf7908 | 406 | status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ, |
b12c53ce | 407 | uint32_t spi, uint16_t cpi, |
4989aba8 TB |
408 | bool initiator, bool inbound, bool tfcv3); |
409 | ||
8a3a389e TB |
410 | /** |
411 | * Register data for the installation of an outbound SA as responder during | |
412 | * a rekeying. | |
413 | * | |
a146b4c9 TB |
414 | * If the kernel is able to handle SPIs on policies the SA is installed |
415 | * immediately, if not it won't be installed until install_outbound() is | |
416 | * called. | |
8a3a389e TB |
417 | * |
418 | * @param encr encryption key, if any (cloned) | |
419 | * @param integ integrity key (cloned) | |
420 | * @param spi SPI to use, allocated for inbound | |
421 | * @param cpi CPI to use, allocated for outbound | |
422 | * @param tfcv3 TRUE if peer supports ESPv3 TFC | |
a146b4c9 | 423 | * @return SUCCESS or FAILED |
8a3a389e | 424 | */ |
a146b4c9 TB |
425 | status_t (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ, |
426 | uint32_t spi, uint16_t cpi, bool tfcv3); | |
8a3a389e TB |
427 | |
428 | /** | |
a146b4c9 TB |
429 | * Install the outbound policies and, if not already done, the outbound SA |
430 | * as responder during a rekeying. | |
8a3a389e TB |
431 | * |
432 | * @return SUCCESS or FAILED | |
433 | */ | |
434 | status_t (*install_outbound)(child_sa_t *this); | |
435 | ||
c5fed4cd TB |
436 | /** |
437 | * Remove the outbound SA and the outbound policies after a rekeying. | |
438 | */ | |
439 | void (*remove_outbound)(child_sa_t *this); | |
440 | ||
a527a426 | 441 | /** |
4989aba8 | 442 | * Configure the policies using some traffic selectors. |
8d77edde | 443 | * |
7881ac14 | 444 | * Supplied lists of traffic_selector_t's specify the policies |
a527a426 MW |
445 | * to use for this child sa. |
446 | * | |
4989aba8 TB |
447 | * Install the policies by calling install_policies(). |
448 | * | |
449 | * This should be called before calling install() so the traffic selectors | |
450 | * may be passed to the kernel interface when installing the SAs. | |
451 | * | |
452 | * @param my_ts traffic selectors for local site (cloned) | |
453 | * @param other_ts traffic selectors for remote site (cloned) | |
454 | */ | |
455 | void (*set_policies)(child_sa_t *this, linked_list_t *my_ts_list, | |
456 | linked_list_t *other_ts_list); | |
457 | ||
458 | /** | |
459 | * Install the configured policies. | |
460 | * | |
8a3a389e TB |
461 | * If register_outbound() was called previously this only installs the |
462 | * inbound and forward policies, the outbound policies are installed when | |
463 | * install_outbound() is called. | |
464 | * | |
a527a426 | 465 | * @return SUCCESS or FAILED |
c3a78360 | 466 | */ |
4989aba8 TB |
467 | status_t (*install_policies)(child_sa_t *this); |
468 | ||
cad13450 TB |
469 | /** |
470 | * Set the outbound SPI of the CHILD_SA that replaced this CHILD_SA during | |
471 | * a rekeying. | |
472 | * | |
473 | * @param spi outbound SPI of the CHILD_SA that replaced this CHILD_SA | |
474 | */ | |
475 | void (*set_rekey_spi)(child_sa_t *this, uint32_t spi); | |
476 | ||
477 | /** | |
478 | * Get the outbound SPI of the CHILD_SA that replaced this CHILD_SA during | |
479 | * a rekeying. | |
480 | * | |
481 | * @return outbound SPI of the CHILD_SA that replaced this CHILD_SA | |
482 | */ | |
483 | uint32_t (*get_rekey_spi)(child_sa_t *this); | |
484 | ||
1df106bf | 485 | /** |
3aaf7908 | 486 | * Update hosts and ecapulation mode in the kernel SAs and policies. |
1df106bf | 487 | * |
3aaf7908 MW |
488 | * @param me the new local host |
489 | * @param other the new remote host | |
101d26ba | 490 | * @param vips list of local virtual IPs |
0ceb2888 | 491 | * @param encap TRUE to use UDP encapsulation for NAT traversal |
3aaf7908 | 492 | * @return SUCCESS or FAILED |
d4aad554 | 493 | */ |
3aaf7908 | 494 | status_t (*update)(child_sa_t *this, host_t *me, host_t *other, |
101d26ba | 495 | linked_list_t *vips, bool encap); |
3ebebc5e | 496 | /** |
552cc11b | 497 | * Destroys a child_sa. |
3ebebc5e MW |
498 | */ |
499 | void (*destroy) (child_sa_t *this); | |
500 | }; | |
501 | ||
502 | /** | |
34d240a6 | 503 | * Constructor to create a child SA negotiated with IKE. |
aeeb4f4f | 504 | * |
d487b4b7 AS |
505 | * @param me own address |
506 | * @param other remote address | |
d487b4b7 AS |
507 | * @param config config to use for this CHILD_SA |
508 | * @param reqid reqid of old CHILD_SA when rekeying, 0 otherwise | |
509 | * @param encap TRUE to enable UDP encapsulation (NAT traversal) | |
85b23888 MW |
510 | * @param mark_in explicit inbound mark value to use, 0 for config |
511 | * @param mark_out explicit outbound mark value to use, 0 for config | |
d487b4b7 | 512 | * @return child_sa_t object |
3ebebc5e | 513 | */ |
ad3af574 | 514 | child_sa_t * child_sa_create(host_t *me, host_t *other, child_cfg_t *config, |
b12c53ce | 515 | uint32_t reqid, bool encap, |
85b23888 | 516 | u_int mark_in, u_int mark_out); |
5b97779f | 517 | |
1490ff4d | 518 | #endif /** CHILD_SA_H_ @}*/ |