METHOD(kernel_ipsec_t, query_sa, status_t,
private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+ u_int32_t spi, u_int8_t protocol, mark_t mark,
+ u_int64_t *bytes, u_int64_t *packets)
{
return NOT_SUPPORTED;
}
METHOD(kernel_ipsec_t, query_sa, status_t,
private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+ u_int32_t spi, u_int8_t protocol, mark_t mark,
+ u_int64_t *bytes, u_int64_t *packets)
{
return NOT_SUPPORTED;
}
return &this->public;
}
-
* last number of outbound bytes
*/
u_int64_t other_usebytes;
+
+ /**
+ * last number of inbound packets
+ */
+ u_int64_t my_usepackets;
+
+ /**
+ * last number of outbound bytes
+ */
+ u_int64_t other_usepackets;
};
/**
static status_t update_usebytes(private_child_sa_t *this, bool inbound)
{
status_t status = FAILED;
- u_int64_t bytes;
+ u_int64_t bytes, packets;
if (inbound)
{
status = hydra->kernel_interface->query_sa(hydra->kernel_interface,
this->other_addr, this->my_addr, this->my_spi,
proto_ike2ip(this->protocol), this->mark_in,
- &bytes);
+ &bytes, &packets);
if (status == SUCCESS)
{
if (bytes > this->my_usebytes)
{
this->my_usebytes = bytes;
+ this->my_usepackets = packets;
return SUCCESS;
}
return FAILED;
status = hydra->kernel_interface->query_sa(hydra->kernel_interface,
this->my_addr, this->other_addr, this->other_spi,
proto_ike2ip(this->protocol), this->mark_out,
- &bytes);
+ &bytes, &packets);
if (status == SUCCESS)
{
if (bytes > this->other_usebytes)
{
this->other_usebytes = bytes;
+ this->other_usepackets = packets;
return SUCCESS;
}
return FAILED;
METHOD(kernel_interface_t, query_sa, status_t,
private_kernel_interface_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+ u_int32_t spi, u_int8_t protocol, mark_t mark,
+ u_int64_t *bytes, u_int64_t *packets)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark, bytes);
+ return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark,
+ bytes, packets);
}
METHOD(kernel_interface_t, del_sa, status_t,
* @param protocol protocol for this SA (ESP/AH)
* @param mark optional mark for this SA
* @param[out] bytes the number of bytes processed by SA
+ * @param[out] packets number of packets processed by SA
* @return SUCCESS if operation completed
*/
status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes);
+ u_int64_t *bytes, u_int64_t *packets);
/**
* Delete a previously installed SA from the SAD.
* @param protocol protocol for this SA (ESP/AH)
* @param mark optional mark for this SA
* @param[out] bytes the number of bytes processed by SA
+ * @param[out] packets number of packets processed by SA
* @return SUCCESS if operation completed
*/
status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
u_int32_t spi, u_int8_t protocol, mark_t mark,
- u_int64_t *bytes);
+ u_int64_t *bytes, u_int64_t *packets);
/**
* Delete a previusly installed SA from the SAD.
METHOD(kernel_ipsec_t, query_sa, status_t,
private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+ u_int32_t spi, u_int8_t protocol, mark_t mark,
+ u_int64_t *bytes, u_int64_t *packets)
{
return NOT_SUPPORTED; /* TODO */
}
return &this->public;
}
-
METHOD(kernel_ipsec_t, query_sa, status_t,
private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+ u_int32_t spi, u_int8_t protocol, mark_t mark,
+ u_int64_t *bytes, u_int64_t *packets)
{
netlink_buf_t request;
struct nlmsghdr *out = NULL, *hdr;
}
else
{
- *bytes = sa->curlft.bytes;
+ if (bytes)
+ {
+ *bytes = sa->curlft.bytes;
+ }
+ if (packets)
+ {
+ *packets = sa->curlft.packets;
+ }
status = SUCCESS;
}
memwipe(out, len);
METHOD(kernel_ipsec_t, query_sa, status_t,
private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
- u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+ u_int32_t spi, u_int8_t protocol, mark_t mark,
+ u_int64_t *bytes, u_int64_t *packets)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
free(out);
return FAILED;
}
- *bytes = response.lft_current->sadb_lifetime_bytes;
+ if (bytes)
+ {
+ *bytes = response.lft_current->sadb_lifetime_bytes;
+ }
+ if (packets)
+ {
+ /* not supported by PF_KEY */
+ *packets = 0;
+ }
free(out);
return SUCCESS;
projects / thirdparty / strongswan.git / commitdiff
