]>
Commit | Line | Data |
---|---|---|
3ebebc5e | 1 | /* |
a6014d99 | 2 | * Copyright (C) 2006-2019 Tobias Brunner |
3aaf7908 | 3 | * Copyright (C) 2006-2008 Martin Willi |
d4aad554 | 4 | * Copyright (C) 2006 Daniel Roethlisberger |
4989aba8 | 5 | * HSR Hochschule fuer Technik Rapperswil |
3ebebc5e MW |
6 | * |
7 | * This program is free software; you can redistribute it and/or modify it | |
8 | * under the terms of the GNU General Public License as published by the | |
9 | * Free Software Foundation; either version 2 of the License, or (at your | |
10 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
15 | * for more details. | |
16 | */ | |
17 | ||
552cc11b MW |
18 | /** |
19 | * @defgroup child_sa child_sa | |
20 | * @{ @ingroup sa | |
21 | */ | |
3ebebc5e | 22 | |
16b9a73c MW |
23 | #ifndef CHILD_SA_H_ |
24 | #define CHILD_SA_H_ | |
3ebebc5e | 25 | |
382b4817 | 26 | typedef enum child_sa_state_t child_sa_state_t; |
afbea8ce | 27 | typedef enum child_sa_outbound_state_t child_sa_outbound_state_t; |
382b4817 MW |
28 | typedef struct child_sa_t child_sa_t; |
29 | ||
db7ef624 | 30 | #include <library.h> |
68621281 | 31 | #include <crypto/prf_plus.h> |
3ebebc5e | 32 | #include <encoding/payloads/proposal_substructure.h> |
2307bffe | 33 | #include <crypto/proposal/proposal.h> |
e0fe7651 | 34 | #include <config/child_cfg.h> |
3ebebc5e | 35 | |
bcb95ced | 36 | /** |
552cc11b | 37 | * States of a CHILD_SA |
bcb95ced MW |
38 | */ |
39 | enum child_sa_state_t { | |
7daf5226 | 40 | |
bcb95ced MW |
41 | /** |
42 | * Just created, uninstalled CHILD_SA | |
43 | */ | |
44 | CHILD_CREATED, | |
7daf5226 | 45 | |
45f76a7d MW |
46 | /** |
47 | * Installed SPD, but no SAD entries | |
48 | */ | |
49 | CHILD_ROUTED, | |
7daf5226 | 50 | |
ea625fab TB |
51 | /** |
52 | * Installing an in-use CHILD_SA | |
53 | */ | |
54 | CHILD_INSTALLING, | |
7daf5226 | 55 | |
83186d3c TB |
56 | /** |
57 | * Installed both SAs of a CHILD_SA | |
bcb95ced MW |
58 | */ |
59 | CHILD_INSTALLED, | |
7daf5226 | 60 | |
ad3af574 MW |
61 | /** |
62 | * While updating hosts, in update_hosts() | |
63 | */ | |
64 | CHILD_UPDATING, | |
7daf5226 | 65 | |
bcb95ced MW |
66 | /** |
67 | * CHILD_SA which is rekeying | |
68 | */ | |
69 | CHILD_REKEYING, | |
7daf5226 | 70 | |
70728eb1 TB |
71 | /** |
72 | * CHILD_SA that was rekeyed, but stays installed | |
73 | */ | |
74 | CHILD_REKEYED, | |
75 | ||
013857ad MW |
76 | /** |
77 | * CHILD_SA negotiation failed, but gets retried | |
78 | */ | |
79 | CHILD_RETRYING, | |
80 | ||
bcb95ced MW |
81 | /** |
82 | * CHILD_SA in progress of delete | |
83 | */ | |
84 | CHILD_DELETING, | |
7daf5226 | 85 | |
16898026 TB |
86 | /** |
87 | * CHILD_SA has been deleted, but not yet destroyed | |
88 | */ | |
89 | CHILD_DELETED, | |
90 | ||
a985db3f MW |
91 | /** |
92 | * CHILD_SA object gets destroyed | |
93 | */ | |
94 | CHILD_DESTROYING, | |
bcb95ced MW |
95 | }; |
96 | ||
97 | /** | |
60356f33 | 98 | * enum strings for child_sa_state_t. |
bcb95ced | 99 | */ |
60356f33 | 100 | extern enum_name_t *child_sa_state_names; |
bcb95ced | 101 | |
afbea8ce TB |
102 | /** |
103 | * States of the outbound SA of a CHILD_SA | |
104 | */ | |
105 | enum child_sa_outbound_state_t { | |
106 | ||
107 | /** | |
108 | * Outbound SA is not installed | |
109 | */ | |
2c116ef5 | 110 | CHILD_OUTBOUND_NONE = 0, |
afbea8ce TB |
111 | |
112 | /** | |
2c116ef5 TB |
113 | * Data for the outbound SA has been registered during a rekeying (not set |
114 | * once the SA and policies are both installed) | |
afbea8ce | 115 | */ |
2c116ef5 | 116 | CHILD_OUTBOUND_REGISTERED = (1<<0), |
afbea8ce TB |
117 | |
118 | /** | |
2c116ef5 | 119 | * The outbound SA has been installed |
afbea8ce | 120 | */ |
2c116ef5 TB |
121 | CHILD_OUTBOUND_SA = (1<<1), |
122 | ||
123 | /** | |
124 | * The outbound policies have been installed | |
125 | */ | |
126 | CHILD_OUTBOUND_POLICIES = (1<<2), | |
127 | ||
128 | /** | |
129 | * The outbound SA and policies are both installed | |
130 | */ | |
131 | CHILD_OUTBOUND_INSTALLED = (CHILD_OUTBOUND_SA|CHILD_OUTBOUND_POLICIES), | |
afbea8ce TB |
132 | }; |
133 | ||
134 | /** | |
135 | * enum strings for child_sa_outbound_state_t. | |
136 | */ | |
137 | extern enum_name_t *child_sa_outbound_state_names; | |
138 | ||
3ebebc5e | 139 | /** |
552cc11b | 140 | * Represents an IPsec SAs between two hosts. |
c3a78360 | 141 | * |
1396815a MW |
142 | * A child_sa_t contains two SAs. SAs for both |
143 | * directions are managed in one child_sa_t object. Both | |
144 | * SAs and the policies have the same reqid. | |
c3a78360 | 145 | * |
a527a426 | 146 | * The procedure for child sa setup is as follows: |
3aaf7908 MW |
147 | * - A gets SPIs for a all protocols in its proposals via child_sa_t.alloc |
148 | * - A send the proposals with the allocated SPIs to B | |
a527a426 | 149 | * - B selects a suitable proposal |
3aaf7908 MW |
150 | * - B allocates an SPI for the selected protocol |
151 | * - B calls child_sa_t.install for both, the allocated and received SPI | |
152 | * - B sends the proposal with the allocated SPI to A | |
2db6d5b8 | 153 | * - A calls child_sa_t.install for both, the allocated and received SPI |
c3a78360 | 154 | * |
aa5a35a0 | 155 | * Once SAs are set up, policies can be added using add_policies. |
3ebebc5e MW |
156 | */ |
157 | struct child_sa_t { | |
7daf5226 | 158 | |
9be547c0 | 159 | /** |
552cc11b | 160 | * Get the name of the config this CHILD_SA uses. |
9be547c0 | 161 | * |
552cc11b | 162 | * @return name |
9be547c0 MW |
163 | */ |
164 | char* (*get_name) (child_sa_t *this); | |
7daf5226 | 165 | |
9be547c0 | 166 | /** |
552cc11b | 167 | * Get the reqid of the CHILD SA. |
c3a78360 | 168 | * |
c60c7694 MW |
169 | * Every CHILD_SA has a reqid. The kernel uses this ID to |
170 | * identify it. | |
32b6500f | 171 | * |
32b6500f MW |
172 | * @return reqid of the CHILD SA |
173 | */ | |
b12c53ce | 174 | uint32_t (*get_reqid)(child_sa_t *this); |
7daf5226 | 175 | |
4ec397b8 MW |
176 | /** |
177 | * Get the unique numerical identifier for this CHILD_SA. | |
178 | * | |
179 | * While the same reqid might be shared between multiple SAs, the unique_id | |
180 | * is truly unique for all CHILD_SA instances. | |
181 | * | |
182 | * @return unique CHILD_SA identifier | |
183 | */ | |
b12c53ce | 184 | uint32_t (*get_unique_id)(child_sa_t *this); |
4ec397b8 | 185 | |
3aaf7908 MW |
186 | /** |
187 | * Get the config used to set up this child sa. | |
188 | * | |
189 | * @return child_cfg | |
190 | */ | |
191 | child_cfg_t* (*get_config) (child_sa_t *this); | |
7daf5226 | 192 | |
3aaf7908 MW |
193 | /** |
194 | * Get the state of the CHILD_SA. | |
195 | * | |
196 | * @return CHILD_SA state | |
c3a78360 | 197 | */ |
afbea8ce TB |
198 | child_sa_state_t (*get_state)(child_sa_t *this); |
199 | ||
200 | /** | |
201 | * Get the state of the outbound SA. | |
202 | * | |
203 | * @return outbound SA state | |
204 | */ | |
205 | child_sa_outbound_state_t (*get_outbound_state)(child_sa_t *this); | |
7daf5226 | 206 | |
3aaf7908 MW |
207 | /** |
208 | * Set the state of the CHILD_SA. | |
209 | * | |
210 | * @param state state to set on CHILD_SA | |
c3a78360 | 211 | */ |
3aaf7908 | 212 | void (*set_state) (child_sa_t *this, child_sa_state_t state); |
7daf5226 | 213 | |
8d77edde | 214 | /** |
552cc11b | 215 | * Get the SPI of this CHILD_SA. |
c3a78360 | 216 | * |
8d77edde MW |
217 | * Set the boolean parameter inbound to TRUE to |
218 | * get the SPI for which we receive packets, use | |
219 | * FALSE to get those we use for sending packets. | |
220 | * | |
8d77edde | 221 | * @param inbound TRUE to get inbound SPI, FALSE for outbound. |
66da78b4 | 222 | * @return SPI of the CHILD SA |
8d77edde | 223 | */ |
b12c53ce | 224 | uint32_t (*get_spi) (child_sa_t *this, bool inbound); |
7daf5226 | 225 | |
66da78b4 AS |
226 | /** |
227 | * Get the CPI of this CHILD_SA. | |
c3a78360 | 228 | * |
66da78b4 | 229 | * Set the boolean parameter inbound to TRUE to |
32f5ee15 | 230 | * get the CPI for which we receive packets, use |
66da78b4 AS |
231 | * FALSE to get those we use for sending packets. |
232 | * | |
233 | * @param inbound TRUE to get inbound CPI, FALSE for outbound. | |
234 | * @return CPI of the CHILD SA | |
235 | */ | |
b12c53ce | 236 | uint16_t (*get_cpi) (child_sa_t *this, bool inbound); |
66da78b4 | 237 | |
8d77edde | 238 | /** |
552cc11b | 239 | * Get the protocol which this CHILD_SA uses to protect traffic. |
8d77edde | 240 | * |
8d77edde MW |
241 | * @return AH | ESP |
242 | */ | |
243 | protocol_id_t (*get_protocol) (child_sa_t *this); | |
7daf5226 | 244 | |
3aaf7908 MW |
245 | /** |
246 | * Set the negotiated protocol to use for this CHILD_SA. | |
247 | * | |
248 | * @param protocol AH | ESP | |
249 | */ | |
250 | void (*set_protocol)(child_sa_t *this, protocol_id_t protocol); | |
7daf5226 | 251 | |
a3ce4bc2 | 252 | /** |
6e10aead | 253 | * Get the IPsec mode of this CHILD_SA. |
a3ce4bc2 | 254 | * |
6e10aead | 255 | * @return TUNNEL | TRANSPORT | BEET |
a3ce4bc2 | 256 | */ |
6e10aead | 257 | ipsec_mode_t (*get_mode)(child_sa_t *this); |
7daf5226 | 258 | |
3aaf7908 MW |
259 | /** |
260 | * Set the negotiated IPsec mode to use. | |
261 | * | |
2db6d5b8 | 262 | * @param mode TUNNEL | TRANSPORT | BEET |
3aaf7908 MW |
263 | */ |
264 | void (*set_mode)(child_sa_t *this, ipsec_mode_t mode); | |
7daf5226 | 265 | |
82d20c05 MW |
266 | /** |
267 | * Get the used IPComp algorithm. | |
268 | * | |
269 | * @return IPComp compression algorithm. | |
270 | */ | |
271 | ipcomp_transform_t (*get_ipcomp)(child_sa_t *this); | |
7daf5226 | 272 | |
3aaf7908 MW |
273 | /** |
274 | * Set the IPComp algorithm to use. | |
c3a78360 | 275 | * |
3aaf7908 MW |
276 | * @param ipcomp the IPComp transform to use |
277 | */ | |
278 | void (*set_ipcomp)(child_sa_t *this, ipcomp_transform_t ipcomp); | |
7daf5226 | 279 | |
4c401ea2 MW |
280 | /** |
281 | * Get the action to enforce if the remote peer closes the CHILD_SA. | |
282 | * | |
283 | * @return close action | |
284 | */ | |
285 | action_t (*get_close_action)(child_sa_t *this); | |
286 | ||
287 | /** | |
288 | * Override the close action specified by the CHILD_SA config. | |
289 | * | |
290 | * @param close action to enforce | |
291 | */ | |
292 | void (*set_close_action)(child_sa_t *this, action_t action); | |
293 | ||
294 | /** | |
295 | * Get the action to enforce if the peer is considered dead. | |
296 | * | |
297 | * @return dpd action | |
298 | */ | |
299 | action_t (*get_dpd_action)(child_sa_t *this); | |
300 | ||
301 | /** | |
302 | * Override the DPD action specified by the CHILD_SA config. | |
303 | * | |
0ceb2888 | 304 | * @param dpd action to enforce |
4c401ea2 MW |
305 | */ |
306 | void (*set_dpd_action)(child_sa_t *this, action_t action); | |
307 | ||
3aaf7908 MW |
308 | /** |
309 | * Get the selected proposal. | |
310 | * | |
311 | * @return selected proposal | |
312 | */ | |
313 | proposal_t* (*get_proposal)(child_sa_t *this); | |
7daf5226 | 314 | |
3aaf7908 MW |
315 | /** |
316 | * Set the negotiated proposal. | |
317 | * | |
318 | * @param proposal selected proposal | |
319 | */ | |
c3a78360 | 320 | void (*set_proposal)(child_sa_t *this, proposal_t *proposal); |
7daf5226 | 321 | |
82d20c05 MW |
322 | /** |
323 | * Check if this CHILD_SA uses UDP encapsulation. | |
324 | * | |
325 | * @return TRUE if SA encapsulates ESP packets | |
326 | */ | |
327 | bool (*has_encap)(child_sa_t *this); | |
7daf5226 | 328 | |
6e10aead | 329 | /** |
e3c7e729 | 330 | * Get the absolute time when the CHILD_SA expires or gets rekeyed. |
6e10aead MW |
331 | * |
332 | * @param hard TRUE for hard lifetime, FALSE for soft (rekey) lifetime | |
e3c7e729 | 333 | * @return absolute time |
6e10aead | 334 | */ |
e3c7e729 | 335 | time_t (*get_lifetime)(child_sa_t *this, bool hard); |
7daf5226 | 336 | |
763e0353 MW |
337 | /** |
338 | * Get the absolute time when this SA has been installed. | |
339 | * | |
340 | * @return monotonic absolute install time | |
341 | */ | |
342 | time_t (*get_installtime)(child_sa_t *this); | |
343 | ||
6e10aead | 344 | /** |
c3a78360 | 345 | * Get last use time and the number of bytes processed. |
2ad51539 | 346 | * |
3f720dc7 | 347 | * @param inbound TRUE for inbound traffic, FALSE for outbound |
c3a78360 TB |
348 | * @param[out] time time of last use in seconds (NULL to ignore) |
349 | * @param[out] bytes number of processed bytes (NULL to ignore) | |
d954a208 | 350 | * @param[out] packets number of processed packets (NULL to ignore) |
2ad51539 | 351 | */ |
c3a78360 | 352 | void (*get_usestats)(child_sa_t *this, bool inbound, time_t *time, |
b12c53ce | 353 | uint64_t *bytes, uint64_t *packets); |
7daf5226 | 354 | |
79f39ecf MW |
355 | /** |
356 | * Get the mark used with this CHILD_SA. | |
357 | * | |
358 | * @param inbound TRUE to get inbound mark, FALSE for outbound | |
359 | * @return mark used with this CHILD_SA | |
360 | */ | |
361 | mark_t (*get_mark)(child_sa_t *this, bool inbound); | |
362 | ||
a6014d99 TB |
363 | /** |
364 | * Get the interface ID used with this CHILD_SA. | |
365 | * | |
366 | * @param inbound TRUE to get inbound ID, FALSE for outbound | |
367 | * @return interface ID used with this CHILD_SA | |
368 | */ | |
369 | uint32_t (*get_if_id)(child_sa_t *this, bool inbound); | |
370 | ||
144f676c | 371 | /** |
553bb787 | 372 | * Create an enumerator over traffic selectors of one side. |
a527a426 | 373 | * |
553bb787 MW |
374 | * @param local TRUE for own traffic selectors, FALSE for remote. |
375 | * @return enumerator over traffic_selector_t* | |
c3a78360 | 376 | */ |
553bb787 | 377 | enumerator_t* (*create_ts_enumerator)(child_sa_t *this, bool local); |
7daf5226 | 378 | |
a527a426 | 379 | /** |
3aaf7908 | 380 | * Create an enumerator over installed policies. |
a527a426 | 381 | * |
553bb787 MW |
382 | * The enumerated traffic selectors is a full mesh of compatible local |
383 | * and remote traffic selectors. | |
384 | * | |
385 | * @return enumerator over a pair of traffic_selector_t* | |
a527a426 | 386 | */ |
3aaf7908 | 387 | enumerator_t* (*create_policy_enumerator)(child_sa_t *this); |
7daf5226 | 388 | |
a527a426 | 389 | /** |
3aaf7908 | 390 | * Allocate an SPI to include in a proposal. |
a527a426 | 391 | * |
3aaf7908 MW |
392 | * @param protocol protocol to allocate SPI for (ESP|AH) |
393 | * @param spi SPI output pointer | |
394 | * @return SPI, 0 on failure | |
a527a426 | 395 | */ |
b12c53ce | 396 | uint32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol); |
7daf5226 | 397 | |
80853d84 | 398 | /** |
3aaf7908 | 399 | * Allocate a CPI to use for IPComp. |
80853d84 | 400 | * |
3aaf7908 | 401 | * @return CPI, 0 on failure |
80853d84 | 402 | */ |
b12c53ce | 403 | uint16_t (*alloc_cpi)(child_sa_t *this); |
7daf5226 | 404 | |
1396815a | 405 | /** |
3aaf7908 | 406 | * Install an IPsec SA for one direction. |
1396815a | 407 | * |
4989aba8 TB |
408 | * set_policies() should be called before calling this. |
409 | * | |
3aaf7908 MW |
410 | * @param encr encryption key, if any |
411 | * @param integ integrity key | |
412 | * @param spi SPI to use, allocated for inbound | |
413 | * @param cpi CPI to use, allocated for outbound | |
a8c94544 | 414 | * @param initiator TRUE if initiator of exchange resulting in this SA |
3aaf7908 | 415 | * @param inbound TRUE to install an inbound SA, FALSE for outbound |
55df72e6 | 416 | * @param tfcv3 TRUE if peer supports ESPv3 TFC |
2b3100b5 | 417 | * @return SUCCESS or FAILED |
1396815a | 418 | */ |
3aaf7908 | 419 | status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ, |
b12c53ce | 420 | uint32_t spi, uint16_t cpi, |
4989aba8 TB |
421 | bool initiator, bool inbound, bool tfcv3); |
422 | ||
8a3a389e TB |
423 | /** |
424 | * Register data for the installation of an outbound SA as responder during | |
425 | * a rekeying. | |
426 | * | |
a146b4c9 TB |
427 | * If the kernel is able to handle SPIs on policies the SA is installed |
428 | * immediately, if not it won't be installed until install_outbound() is | |
429 | * called. | |
8a3a389e TB |
430 | * |
431 | * @param encr encryption key, if any (cloned) | |
432 | * @param integ integrity key (cloned) | |
433 | * @param spi SPI to use, allocated for inbound | |
434 | * @param cpi CPI to use, allocated for outbound | |
435 | * @param tfcv3 TRUE if peer supports ESPv3 TFC | |
a146b4c9 | 436 | * @return SUCCESS or FAILED |
8a3a389e | 437 | */ |
a146b4c9 TB |
438 | status_t (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ, |
439 | uint32_t spi, uint16_t cpi, bool tfcv3); | |
8a3a389e TB |
440 | |
441 | /** | |
a146b4c9 TB |
442 | * Install the outbound policies and, if not already done, the outbound SA |
443 | * as responder during a rekeying. | |
8a3a389e TB |
444 | * |
445 | * @return SUCCESS or FAILED | |
446 | */ | |
447 | status_t (*install_outbound)(child_sa_t *this); | |
448 | ||
c5fed4cd TB |
449 | /** |
450 | * Remove the outbound SA and the outbound policies after a rekeying. | |
451 | */ | |
452 | void (*remove_outbound)(child_sa_t *this); | |
453 | ||
a527a426 | 454 | /** |
4989aba8 | 455 | * Configure the policies using some traffic selectors. |
8d77edde | 456 | * |
7881ac14 | 457 | * Supplied lists of traffic_selector_t's specify the policies |
a527a426 MW |
458 | * to use for this child sa. |
459 | * | |
4989aba8 TB |
460 | * Install the policies by calling install_policies(). |
461 | * | |
462 | * This should be called before calling install() so the traffic selectors | |
463 | * may be passed to the kernel interface when installing the SAs. | |
464 | * | |
465 | * @param my_ts traffic selectors for local site (cloned) | |
466 | * @param other_ts traffic selectors for remote site (cloned) | |
467 | */ | |
468 | void (*set_policies)(child_sa_t *this, linked_list_t *my_ts_list, | |
469 | linked_list_t *other_ts_list); | |
470 | ||
471 | /** | |
472 | * Install the configured policies. | |
473 | * | |
8a3a389e TB |
474 | * If register_outbound() was called previously this only installs the |
475 | * inbound and forward policies, the outbound policies are installed when | |
476 | * install_outbound() is called. | |
477 | * | |
a527a426 | 478 | * @return SUCCESS or FAILED |
c3a78360 | 479 | */ |
4989aba8 TB |
480 | status_t (*install_policies)(child_sa_t *this); |
481 | ||
cad13450 TB |
482 | /** |
483 | * Set the outbound SPI of the CHILD_SA that replaced this CHILD_SA during | |
484 | * a rekeying. | |
485 | * | |
486 | * @param spi outbound SPI of the CHILD_SA that replaced this CHILD_SA | |
487 | */ | |
488 | void (*set_rekey_spi)(child_sa_t *this, uint32_t spi); | |
489 | ||
490 | /** | |
491 | * Get the outbound SPI of the CHILD_SA that replaced this CHILD_SA during | |
492 | * a rekeying. | |
493 | * | |
494 | * @return outbound SPI of the CHILD_SA that replaced this CHILD_SA | |
495 | */ | |
496 | uint32_t (*get_rekey_spi)(child_sa_t *this); | |
497 | ||
1df106bf | 498 | /** |
3aaf7908 | 499 | * Update hosts and ecapulation mode in the kernel SAs and policies. |
1df106bf | 500 | * |
3aaf7908 MW |
501 | * @param me the new local host |
502 | * @param other the new remote host | |
101d26ba | 503 | * @param vips list of local virtual IPs |
0ceb2888 | 504 | * @param encap TRUE to use UDP encapsulation for NAT traversal |
3aaf7908 | 505 | * @return SUCCESS or FAILED |
d4aad554 | 506 | */ |
3aaf7908 | 507 | status_t (*update)(child_sa_t *this, host_t *me, host_t *other, |
101d26ba | 508 | linked_list_t *vips, bool encap); |
3ebebc5e | 509 | /** |
552cc11b | 510 | * Destroys a child_sa. |
3ebebc5e MW |
511 | */ |
512 | void (*destroy) (child_sa_t *this); | |
513 | }; | |
514 | ||
515 | /** | |
34d240a6 | 516 | * Constructor to create a child SA negotiated with IKE. |
aeeb4f4f | 517 | * |
d487b4b7 AS |
518 | * @param me own address |
519 | * @param other remote address | |
d487b4b7 AS |
520 | * @param config config to use for this CHILD_SA |
521 | * @param reqid reqid of old CHILD_SA when rekeying, 0 otherwise | |
522 | * @param encap TRUE to enable UDP encapsulation (NAT traversal) | |
85b23888 MW |
523 | * @param mark_in explicit inbound mark value to use, 0 for config |
524 | * @param mark_out explicit outbound mark value to use, 0 for config | |
a6014d99 TB |
525 | * @param if_id_in explicit inbound interface ID to use, 0 for config |
526 | * @param if_id_out explicit outbound interface ID to use, 0 for config | |
d487b4b7 | 527 | * @return child_sa_t object |
3ebebc5e | 528 | */ |
ad3af574 | 529 | child_sa_t * child_sa_create(host_t *me, host_t *other, child_cfg_t *config, |
b12c53ce | 530 | uint32_t reqid, bool encap, |
a6014d99 TB |
531 | uint32_t mark_in, uint32_t mark_out, |
532 | uint32_t if_id_in, uint32_t if_id_out); | |
5b97779f | 533 | |
1490ff4d | 534 | #endif /** CHILD_SA_H_ @}*/ |