From: Tobias Brunner Date: Fri, 21 Oct 2011 11:37:16 +0000 (+0200) Subject: Defined functions in the kernel interface to flush SAD and SPD entries. X-Git-Tag: 4.6.0~103 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b0f466bbc9d63b84fd9e893c0eccddb92202c8a;p=thirdparty%2Fstrongswan.git Defined functions in the kernel interface to flush SAD and SPD entries. --- diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c index 9113d813cc..922f270949 100644 --- a/src/libhydra/kernel/kernel_interface.c +++ b/src/libhydra/kernel/kernel_interface.c @@ -138,6 +138,16 @@ METHOD(kernel_interface_t, del_sa, status_t, return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark); } +METHOD(kernel_interface_t, flush_sas, status_t, + private_kernel_interface_t *this) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->flush_sas(this->ipsec); +} + METHOD(kernel_interface_t, add_policy, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, @@ -178,6 +188,16 @@ METHOD(kernel_interface_t, del_policy, status_t, direction, reqid, mark, priority); } +METHOD(kernel_interface_t, flush_policies, status_t, + private_kernel_interface_t *this) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->flush_policies(this->ipsec); +} + METHOD(kernel_interface_t, get_source_addr, host_t*, private_kernel_interface_t *this, host_t *dest, host_t *src) { @@ -505,9 +525,11 @@ kernel_interface_t *kernel_interface_create() .update_sa = _update_sa, .query_sa = _query_sa, .del_sa = _del_sa, + .flush_sas = _flush_sas, .add_policy = _add_policy, .query_policy = _query_policy, .del_policy = _del_policy, + .flush_policies = _flush_policies, .get_source_addr = _get_source_addr, .get_nexthop = _get_nexthop, .get_interface = _get_interface, diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h index 4c2f7ef99b..991cfafd0e 100644 --- a/src/libhydra/kernel/kernel_interface.h +++ b/src/libhydra/kernel/kernel_interface.h @@ -174,6 +174,13 @@ struct kernel_interface_t { u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark); + /** + * Flush all SAs from the SAD. + * + * @return SUCCESS if operation completed + */ + status_t (*flush_sas) (kernel_interface_t *this); + /** * Add a policy to the SPD. * @@ -240,6 +247,13 @@ struct kernel_interface_t { policy_dir_t direction, u_int32_t reqid, mark_t mark, policy_priority_t priority); + /** + * Flush all policies from the SPD. + * + * @return SUCCESS if operation completed + */ + status_t (*flush_policies) (kernel_interface_t *this); + /** * Get our outgoing source address for a destination. * diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h index eacf7c79ff..ddb63283c8 100644 --- a/src/libhydra/kernel/kernel_ipsec.h +++ b/src/libhydra/kernel/kernel_ipsec.h @@ -305,6 +305,13 @@ struct kernel_ipsec_t { u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark); + /** + * Flush all SAs from the SAD. + * + * @return SUCCESS if operation completed + */ + status_t (*flush_sas) (kernel_ipsec_t *this); + /** * Add a policy to the SPD. * @@ -372,6 +379,13 @@ struct kernel_ipsec_t { policy_dir_t direction, u_int32_t reqid, mark_t mark, policy_priority_t priority); + /** + * Flush all policies from the SPD. + * + * @return SUCCESS if operation completed + */ + status_t (*flush_policies) (kernel_ipsec_t *this); + /** * Install a bypass policy for the given socket. *