1 /* declarations of routines that interface with the kernel's IPsec mechanism
2 * Copyright (C) 1998-2001 D. Hugh Redelmeier.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * RCSID $Id: kernel.h,v 1.26 2002/03/23 20:15:33 dhr Exp $
17 extern bool no_klips; /* don't actually use KLIPS */
18 extern bool can_do_IPcomp; /* can system actually perform IPCOMP? */
22 extern void pfkey_dequeue(void);
23 extern void pfkey_event(void);
26 /* A netlink header defines EM_MAXRELSPIS, the max number of SAs in a group.
27 * Is there a PF_KEY equivalent?
30 # define EM_MAXRELSPIS 4 /* AH ESP IPCOMP IPIP */
33 extern void init_kernel(void);
35 extern void scan_proc_shunts(void);
37 extern void pfkey_event(void);
39 struct connection; /* forward declaration of tag */
40 extern bool trap_connection(struct connection *c);
41 extern void unroute_connection(struct connection *c);
43 extern bool replace_bare_shunt(const ip_address *src, const ip_address *dst
44 , ipsec_spi_t shunt_spi /* in host order! */
45 , bool repl, const char *opname);
47 extern bool assign_hold(struct connection *c
48 , const ip_address *src, const ip_address *dst);
50 struct state; /* forward declaration of tag */
51 extern ipsec_spi_t get_ipsec_spi(ipsec_spi_t avoid);
52 extern ipsec_spi_t get_my_cpi(void);
54 extern bool install_inbound_ipsec_sa(struct state *st);
55 extern bool install_ipsec_sa(struct state *st, bool inbound_also);
56 extern void delete_ipsec_sa(struct state *st, bool inbound_only);
59 extern bool update_ipsec_sa(struct state *st);