libipsec: Pass the same data to del_policy() as to add_policy()
[strongswan.git] / src / libipsec / ipsec_policy_mgr.h
index d3ee107..0ea797e 100644 (file)
@@ -27,8 +27,8 @@
 #include "ip_packet.h"
 
 #include <library.h>
-#include <utils/host.h>
-#include <utils/linked_list.h>
+#include <networking/host.h>
+#include <collections/linked_list.h>
 #include <ipsec/ipsec_types.h>
 #include <selectors/traffic_selector.h>
 
@@ -71,18 +71,21 @@ struct ipsec_policy_mgr_t {
        /**
         * Remove a policy
         *
+        * @param src                   source address of SA
+        * @param dst                   dest address of SA
         * @param src_ts                traffic selector to match traffic source
         * @param dst_ts                traffic selector to match traffic dest
         * @param direction             direction of traffic, POLICY_(IN|OUT|FWD)
-        * @param reqid                 unique ID of the associated SA
+        * @param type                  type of policy, POLICY_(IPSEC|PASS|DROP)
+        * @param sa                    details about the SA(s) tied to this policy
         * @param mark                  optional mark
         * @param priority              priority of the policy
         * @return                              SUCCESS if operation completed
         */
        status_t (*del_policy)(ipsec_policy_mgr_t *this,
-                                                  traffic_selector_t *src_ts,
-                                                  traffic_selector_t *dst_ts,
-                                                  policy_dir_t direction, u_int32_t reqid, mark_t mark,
+                                                  host_t *src, host_t *dst, traffic_selector_t *src_ts,
+                                                  traffic_selector_t *dst_ts, policy_dir_t direction,
+                                                  policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
                                                   policy_priority_t priority);
 
        /**
@@ -97,10 +100,12 @@ struct ipsec_policy_mgr_t {
         *
         * @param packet                IP packet to match
         * @param inbound               TRUE for an inbound packet
+        * @param reqid                 require a policy with a specific reqid, 0 for any
         * @return                              reference to the policy, or NULL if none found
         */
        ipsec_policy_t *(*find_by_packet)(ipsec_policy_mgr_t *this,
-                                                                         ip_packet_t *packet, bool inbound);
+                                                                         ip_packet_t *packet, bool inbound,
+                                                                         u_int32_t reqid);
 
        /**
         * Destroy an ipsec_policy_mgr_t