Defined functions in the kernel interface to flush SAD and SPD entries.

author Tobias Brunner <tobias@strongswan.org>

Fri, 21 Oct 2011 11:37:16 +0000 (13:37 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 21 Oct 2011 12:18:23 +0000 (14:18 +0200)
author Tobias Brunner <tobias@strongswan.org>
Fri, 21 Oct 2011 11:37:16 +0000 (13:37 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 21 Oct 2011 12:18:23 +0000 (14:18 +0200)
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c

index 9113d813cc8f7aa372546a169be98cefaf029979..922f2709490b23ee743bf172a7bd3a96abdeac7c 100644 (file)
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -138,6 +138,16 @@ METHOD(kernel_interface_t, del_sa, status_t,
         return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark);
  }
  
+METHOD(kernel_interface_t, flush_sas, status_t,
+       private_kernel_interface_t *this)
+{
+       if (!this->ipsec)
+       {
+               return NOT_SUPPORTED;
+       }
+       return this->ipsec->flush_sas(this->ipsec);
+}
+
  METHOD(kernel_interface_t, add_policy, status_t,
         private_kernel_interface_t *this, host_t *src, host_t *dst,
         traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
@@ -178,6 +188,16 @@ METHOD(kernel_interface_t, del_policy, status_t,
                                                                    direction, reqid, mark, priority);
  }
  
+METHOD(kernel_interface_t, flush_policies, status_t,
+       private_kernel_interface_t *this)
+{
+       if (!this->ipsec)
+       {
+               return NOT_SUPPORTED;
+       }
+       return this->ipsec->flush_policies(this->ipsec);
+}
+
  METHOD(kernel_interface_t, get_source_addr, host_t*,
         private_kernel_interface_t *this, host_t *dest, host_t *src)
  {
@@ -505,9 +525,11 @@ kernel_interface_t *kernel_interface_create()
                         .update_sa = _update_sa,
                         .query_sa = _query_sa,
                         .del_sa = _del_sa,
+                       .flush_sas = _flush_sas,
                         .add_policy = _add_policy,
                         .query_policy = _query_policy,
                         .del_policy = _del_policy,
+                       .flush_policies = _flush_policies,
                         .get_source_addr = _get_source_addr,
                         .get_nexthop = _get_nexthop,
                         .get_interface = _get_interface,
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h

index 4c2f7ef99be74d60a9ff25f4e7d9375e3d4338e1..991cfafd0ec8c7cf8e62389f6681a24dae7bf4c0 100644 (file)
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -174,6 +174,13 @@ struct kernel_interface_t {
                                                 u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
                                                 mark_t mark);
  
+       /**
+        * Flush all SAs from the SAD.
+        *
+        * @return                              SUCCESS if operation completed
+        */
+       status_t (*flush_sas) (kernel_interface_t *this);
+
         /**
          * Add a policy to the SPD.
          *
@@ -240,6 +247,13 @@ struct kernel_interface_t {
                                                         policy_dir_t direction, u_int32_t reqid,
                                                         mark_t mark, policy_priority_t priority);
  
+       /**
+        * Flush all policies from the SPD.
+        *
+        * @return                              SUCCESS if operation completed
+        */
+       status_t (*flush_policies) (kernel_interface_t *this);
+
         /**
          * Get our outgoing source address for a destination.
          *
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h

index eacf7c79ff22259cf87524361c90192f7ea49d34..ddb63283c8cf6bd1420b18dfc6ec389d916b38dc 100644 (file)
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -305,6 +305,13 @@ struct kernel_ipsec_t {
                                                 u_int32_t spi, u_int8_t protocol, u_int16_t cpi,
                                                 mark_t mark);
  
+       /**
+        * Flush all SAs from the SAD.
+        *
+        * @return                              SUCCESS if operation completed
+        */
+       status_t (*flush_sas) (kernel_ipsec_t *this);
+
         /**
          * Add a policy to the SPD.
          *
@@ -372,6 +379,13 @@ struct kernel_ipsec_t {
                                                         policy_dir_t direction, u_int32_t reqid,
                                                         mark_t mark, policy_priority_t priority);
  
+       /**
+        * Flush all policies from the SPD.
+        *
+        * @return                              SUCCESS if operation completed
+        */
+       status_t (*flush_policies) (kernel_ipsec_t *this);
+
         /**
          * Install a bypass policy for the given socket.
          *
author	Tobias Brunner <tobias@strongswan.org>
	Fri, 21 Oct 2011 11:37:16 +0000 (13:37 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 21 Oct 2011 12:18:23 +0000 (14:18 +0200)
src/libhydra/kernel/kernel_interface.c		patch \| blob \| blame \| history
src/libhydra/kernel/kernel_interface.h		patch \| blob \| blame \| history
src/libhydra/kernel/kernel_ipsec.h		patch \| blob \| blame \| history