Defined functions in the kernel interface to flush SAD and SPD entries.
authorTobias Brunner <tobias@strongswan.org>
Fri, 21 Oct 2011 11:37:16 +0000 (13:37 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 21 Oct 2011 12:18:23 +0000 (14:18 +0200)
src/libhydra/kernel/kernel_interface.c
src/libhydra/kernel/kernel_interface.h
src/libhydra/kernel/kernel_ipsec.h

index 9113d81..922f270 100644 (file)
@@ -138,6 +138,16 @@ METHOD(kernel_interface_t, del_sa, status_t,
        return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark);
 }
 
+METHOD(kernel_interface_t, flush_sas, status_t,
+       private_kernel_interface_t *this)
+{
+       if (!this->ipsec)
+       {
+               return NOT_SUPPORTED;
+       }
+       return this->ipsec->flush_sas(this->ipsec);
+}
+
 METHOD(kernel_interface_t, add_policy, status_t,
        private_kernel_interface_t *this, host_t *src, host_t *dst,
        traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
@@ -178,6 +188,16 @@ METHOD(kernel_interface_t, del_policy, status_t,
                                                                   direction, reqid, mark, priority);
 }
 
+METHOD(kernel_interface_t, flush_policies, status_t,
+       private_kernel_interface_t *this)
+{
+       if (!this->ipsec)
+       {
+               return NOT_SUPPORTED;
+       }
+       return this->ipsec->flush_policies(this->ipsec);
+}
+
 METHOD(kernel_interface_t, get_source_addr, host_t*,
        private_kernel_interface_t *this, host_t *dest, host_t *src)
 {
@@ -505,9 +525,11 @@ kernel_interface_t *kernel_interface_create()
                        .update_sa = _update_sa,
                        .query_sa = _query_sa,
                        .del_sa = _del_sa,
+                       .flush_sas = _flush_sas,
                        .add_policy = _add_policy,
                        .query_policy = _query_policy,
                        .del_policy = _del_policy,
+                       .flush_policies = _flush_policies,
                        .get_source_addr = _get_source_addr,
                        .get_nexthop = _get_nexthop,
                        .get_interface = _get_interface,
index 4c2f7ef..991cfaf 100644 (file)
@@ -175,6 +175,13 @@ struct kernel_interface_t {
                                                mark_t mark);
 
        /**
+        * Flush all SAs from the SAD.
+        *
+        * @return                              SUCCESS if operation completed
+        */
+       status_t (*flush_sas) (kernel_interface_t *this);
+
+       /**
         * Add a policy to the SPD.
         *
         * A policy is always associated to an SA. Traffic which matches a
@@ -241,6 +248,13 @@ struct kernel_interface_t {
                                                        mark_t mark, policy_priority_t priority);
 
        /**
+        * Flush all policies from the SPD.
+        *
+        * @return                              SUCCESS if operation completed
+        */
+       status_t (*flush_policies) (kernel_interface_t *this);
+
+       /**
         * Get our outgoing source address for a destination.
         *
         * Does a route lookup to get the source address used to reach dest.
index eacf7c7..ddb6328 100644 (file)
@@ -306,6 +306,13 @@ struct kernel_ipsec_t {
                                                mark_t mark);
 
        /**
+        * Flush all SAs from the SAD.
+        *
+        * @return                              SUCCESS if operation completed
+        */
+       status_t (*flush_sas) (kernel_ipsec_t *this);
+
+       /**
         * Add a policy to the SPD.
         *
         * A policy is always associated to an SA. Traffic which matches a
@@ -373,6 +380,13 @@ struct kernel_ipsec_t {
                                                        mark_t mark, policy_priority_t priority);
 
        /**
+        * Flush all policies from the SPD.
+        *
+        * @return                              SUCCESS if operation completed
+        */
+       status_t (*flush_policies) (kernel_ipsec_t *this);
+
+       /**
         * Install a bypass policy for the given socket.
         *
         * @param fd                    socket file descriptor to setup policy for