From 9f7e1899a90c2ffbdbac626d4d58945460eca97c Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 13 Jul 2012 11:21:25 +0200
Subject: [PATCH] Add methods to easily compare IPsec SAs

---
 src/libipsec/ipsec_sa.c | 22 ++++++++++++++++++++++
 src/libipsec/ipsec_sa.h | 29 +++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)

diff --git a/src/libipsec/ipsec_sa.c b/src/libipsec/ipsec_sa.c
index 02fa813547..cccd164040 100644
--- a/src/libipsec/ipsec_sa.c
+++ b/src/libipsec/ipsec_sa.c
@@ -131,6 +131,25 @@ METHOD(ipsec_sa_t, get_esp_context, esp_context_t*,
 	return this->esp_context;
 }
 
+METHOD(ipsec_sa_t, match_by_spi_dst, bool,
+	private_ipsec_sa_t *this, u_int32_t spi, host_t *dst)
+{
+	return this->spi == spi && this->dst->ip_equals(this->dst, dst);
+}
+
+METHOD(ipsec_sa_t, match_by_spi_src_dst, bool,
+	private_ipsec_sa_t *this, u_int32_t spi, host_t *src, host_t *dst)
+{
+	return this->spi == spi && this->src->ip_equals(this->src, src) &&
+		   this->dst->ip_equals(this->dst, dst);
+}
+
+METHOD(ipsec_sa_t, match_by_reqid, bool,
+	private_ipsec_sa_t *this, u_int32_t reqid, bool inbound)
+{
+	return this->reqid == reqid && this->inbound == inbound;
+}
+
 METHOD(ipsec_sa_t, destroy, void,
 	private_ipsec_sa_t *this)
 {
@@ -188,6 +207,9 @@ ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst,
 			.get_protocol = _get_protocol,
 			.get_lifetime = _get_lifetime,
 			.is_inbound = _is_inbound,
+			.match_by_spi_dst = _match_by_spi_dst,
+			.match_by_spi_src_dst = _match_by_spi_src_dst,
+			.match_by_reqid = _match_by_reqid,
 			.get_esp_context = _get_esp_context,
 		},
 		.spi = spi,
diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h
index 5cf559a38f..5fd03b6e4a 100644
--- a/src/libipsec/ipsec_sa.h
+++ b/src/libipsec/ipsec_sa.h
@@ -95,6 +95,35 @@ struct ipsec_sa_t {
 	 */
 	esp_context_t *(*get_esp_context)(ipsec_sa_t *this);
 
+	/**
+	 * Check if this SA matches all given parameters
+	 *
+	 * @param spi		SPI
+	 * @param dst		destination address
+	 * @return			TRUE if this SA matches all parameters, FALSE otherwise
+	 */
+	bool (*match_by_spi_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *dst);
+
+	/**
+	 * Check if this SA matches all given parameters
+	 *
+	 * @param spi		SPI
+	 * @param src		source address
+	 * @param dst		destination address
+	 * @return			TRUE if this SA matches all parameters, FALSE otherwise
+	 */
+	bool (*match_by_spi_src_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *src,
+								 host_t *dst);
+
+	/**
+	 * Check if this SA matches all given parameters
+	 *
+	 * @param reqid		reqid
+	 * @param inbound	TRUE for inbound SA, FALSE for outbound
+	 * @return			TRUE if this SA matches all parameters, FALSE otherwise
+	 */
+	bool (*match_by_reqid)(ipsec_sa_t *this, u_int32_t reqid, bool inbound);
+
 	/**
 	 * Destroy an ipsec_sa_t
 	 */
-- 
2.47.3