From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 13 Jul 2012 12:17:03 +0000 (+0200)
Subject: Method added to easily compare IPsec policies
X-Git-Tag: 5.0.1~210^2~98
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3b8276b405868c176a936e34579d908dcabd61df;p=thirdparty%2Fstrongswan.git

Method added to easily compare IPsec policies
---

diff --git a/src/libipsec/ipsec_policy.c b/src/libipsec/ipsec_policy.c
index e0e154bef4..54bae6a766 100644
--- a/src/libipsec/ipsec_policy.c
+++ b/src/libipsec/ipsec_policy.c
@@ -88,6 +88,19 @@ struct private_ipsec_policy_t {
 
 };
 
+METHOD(ipsec_policy_t, match, bool,
+	private_ipsec_policy_t *this, traffic_selector_t *src_ts,
+	traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+	mark_t mark, policy_priority_t priority)
+{
+	return (this->direction == direction &&
+			this->priority == priority &&
+			this->sa.reqid == reqid &&
+			memeq(&this->mark, &mark, sizeof(mark_t)) &&
+			this->src_ts->equals(this->src_ts, src_ts) &&
+			this->dst_ts->equals(this->dst_ts, dst_ts));
+}
+
 METHOD(ipsec_policy_t, get_source_ts, traffic_selector_t*,
 	private_ipsec_policy_t *this)
 {
@@ -158,6 +171,7 @@ ipsec_policy_t *ipsec_policy_create(host_t *src, host_t *dst,
 
 	INIT(this,
 		.public = {
+			.match = _match,
 			.get_source_ts = _get_source_ts,
 			.get_destination_ts = _get_destination_ts,
 			.get_direction = _get_direction,
diff --git a/src/libipsec/ipsec_policy.h b/src/libipsec/ipsec_policy.h
index 0f65b18766..08069307ad 100644
--- a/src/libipsec/ipsec_policy.h
+++ b/src/libipsec/ipsec_policy.h
@@ -84,6 +84,21 @@ struct ipsec_policy_t {
 	 */
 	ipsec_policy_t *(*get_ref)(ipsec_policy_t *this);
 
+	/**
+	 * Check if this policy matches all given parameters
+	 *
+	 * @param src_ts		source traffic selector
+	 * @param dst_ts		destination traffic selector
+	 * @param direction		traffic direction
+	 * @param reqid			reqid of the policy
+	 * @param mark			mark for this policy
+	 * @param prioirty		policy priority
+	 * @return				TRUE if policy matches all parameters
+	 */
+	bool (*match)(ipsec_policy_t *this, traffic_selector_t *src_ts,
+				  traffic_selector_t *dst_ts, policy_dir_t direction,
+				  u_int32_t reqid, mark_t mark, policy_priority_t priority);
+
 	/**
 	 * Destroy an ipsec_policy_t
 	 */