Add the reqid to kernel_ipsec_t.del_policy.
authorTobias Brunner <tobias@strongswan.org>
Fri, 13 May 2011 10:50:29 +0000 (12:50 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 6 Jul 2011 07:43:45 +0000 (09:43 +0200)
src/libcharon/plugins/load_tester/load_tester_ipsec.c
src/libcharon/sa/child_sa.c
src/libhydra/kernel/kernel_interface.c
src/libhydra/kernel/kernel_interface.h
src/libhydra/kernel/kernel_ipsec.h
src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
src/pluto/kernel.c

index c469cee..e8c02b9 100644 (file)
@@ -102,8 +102,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
 
 METHOD(kernel_ipsec_t, del_policy, status_t,
           private_load_tester_ipsec_t *this, traffic_selector_t *src_ts,
-          traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
-          bool unrouted)
+          traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+          mark_t mark, bool unrouted)
 {
        return SUCCESS;
 }
index dc42ba7..870ba8d 100644 (file)
@@ -837,13 +837,16 @@ METHOD(child_sa_t, update, status_t,
                        {
                                /* remove old policies first */
                                hydra->kernel_interface->del_policy(hydra->kernel_interface,
-                                                       my_ts, other_ts, POLICY_OUT, this->mark_out, FALSE);
+                                                       my_ts, other_ts, POLICY_OUT, this->reqid,
+                                                       this->mark_out, FALSE);
                                hydra->kernel_interface->del_policy(hydra->kernel_interface,
-                                                       other_ts, my_ts,  POLICY_IN, this->mark_in, FALSE);
+                                                       other_ts, my_ts,  POLICY_IN, this->reqid,
+                                                       this->mark_in, FALSE);
                                if (this->mode != MODE_TRANSPORT)
                                {
                                        hydra->kernel_interface->del_policy(hydra->kernel_interface,
-                                                       other_ts, my_ts, POLICY_FWD, this->mark_in, FALSE);
+                                                       other_ts, my_ts, POLICY_FWD, this->reqid,
+                                                       this->mark_in, FALSE);
                                }
 
                                /* check whether we have to update a "dynamic" traffic selector */
@@ -943,13 +946,16 @@ METHOD(child_sa_t, destroy, void,
                while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
                {
                        hydra->kernel_interface->del_policy(hydra->kernel_interface,
-                                               my_ts, other_ts, POLICY_OUT, this->mark_out, unrouted);
+                                               my_ts, other_ts, POLICY_OUT, this->reqid,
+                                               this->mark_out, unrouted);
                        hydra->kernel_interface->del_policy(hydra->kernel_interface,
-                                               other_ts, my_ts, POLICY_IN, this->mark_in, unrouted);
+                                               other_ts, my_ts, POLICY_IN, this->reqid,
+                                               this->mark_in, unrouted);
                        if (this->mode != MODE_TRANSPORT)
                        {
                                hydra->kernel_interface->del_policy(hydra->kernel_interface,
-                                               other_ts, my_ts, POLICY_FWD, this->mark_in, unrouted);
+                                               other_ts, my_ts, POLICY_FWD, this->reqid,
+                                               this->mark_in, unrouted);
                        }
                }
                enumerator->destroy(enumerator);
index 4b5b41f..8228d26 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2010 Tobias Brunner
+ * Copyright (C) 2008-2011 Tobias Brunner
  * Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
@@ -157,15 +157,15 @@ METHOD(kernel_interface_t, query_policy, status_t,
 
 METHOD(kernel_interface_t, del_policy, status_t,
        private_kernel_interface_t *this, traffic_selector_t *src_ts,
-       traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
-       bool unrouted)
+       traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+       mark_t mark, bool unrouted)
 {
        if (!this->ipsec)
        {
                return NOT_SUPPORTED;
        }
        return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts,
-                                                                  direction, mark, unrouted);
+                                                                  direction, reqid, mark, unrouted);
 }
 
 METHOD(kernel_interface_t, get_source_addr, host_t*,
index 471a1d5..a7f8e26 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2010 Tobias Brunner
+ * Copyright (C) 2006-2011 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -228,6 +228,7 @@ struct kernel_interface_t {
         * @param src_ts                traffic selector to match traffic source
         * @param dst_ts                traffic selector to match traffic dest
         * @param direction             direction of traffic, POLICY_(IN|OUT|FWD)
+        * @param reqid                 unique ID of the associated SA
         * @param mark                  optional mark
         * @param unrouted              TRUE, if this policy is unrouted from the kernel
         * @return                              SUCCESS if operation completed
@@ -235,8 +236,8 @@ struct kernel_interface_t {
        status_t (*del_policy) (kernel_interface_t *this,
                                                        traffic_selector_t *src_ts,
                                                        traffic_selector_t *dst_ts,
-                                                       policy_dir_t direction, mark_t mark,
-                                                       bool unrouted);
+                                                       policy_dir_t direction, u_int32_t reqid,
+                                                       mark_t mark, bool unrouted);
 
        /**
         * Get our outgoing source address for a destination.
index e7b62ad..f1122db 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2010 Tobias Brunner
+ * Copyright (C) 2006-2011 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -346,6 +346,7 @@ struct kernel_ipsec_t {
         * @param src_ts                traffic selector to match traffic source
         * @param dst_ts                traffic selector to match traffic dest
         * @param direction             direction of traffic, POLICY_(IN|OUT|FWD)
+        * @param reqid                 unique ID of the associated SA
         * @param mark                  optional mark
         * @param unrouted              TRUE, if this policy is unrouted from the kernel
         * @return                              SUCCESS if operation completed
@@ -353,8 +354,8 @@ struct kernel_ipsec_t {
        status_t (*del_policy) (kernel_ipsec_t *this,
                                                        traffic_selector_t *src_ts,
                                                        traffic_selector_t *dst_ts,
-                                                       policy_dir_t direction, mark_t mark,
-                                                       bool unrouted);
+                                                       policy_dir_t direction, u_int32_t reqid,
+                                                       mark_t mark, bool unrouted);
 
        /**
         * Install a bypass policy for the given socket.
index 71c4bf8..380be15 100644 (file)
@@ -2347,8 +2347,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
 
 METHOD(kernel_ipsec_t, del_policy, status_t,
        private_kernel_klips_ipsec_t *this, traffic_selector_t *src_ts,
-       traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
-       bool unrouted)
+       traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+       mark_t mark, bool unrouted)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg = (struct sadb_msg*)request, *out;
index 23db187..8500743 100644 (file)
@@ -2055,8 +2055,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
 
 METHOD(kernel_ipsec_t, del_policy, status_t,
        private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts,
-       traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
-       bool unrouted)
+       traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+       mark_t mark, bool unrouted)
 {
        policy_entry_t *current, policy, *to_delete = NULL;
        route_entry_t *route;
index 3958ca8..cfc66e8 100644 (file)
@@ -1914,8 +1914,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
 
 METHOD(kernel_ipsec_t, del_policy, status_t,
        private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts,
-       traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark,
-       bool unrouted)
+       traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+       mark_t mark, bool unrouted)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
index 8bed1fc..c458b2d 100644 (file)
@@ -837,7 +837,7 @@ static bool raw_eroute(const ip_address *this_host,
        if (deleting || replacing)
        {
                hydra->kernel_interface->del_policy(hydra->kernel_interface,
-                                               ts_src, ts_dst, dir, mark, routed);
+                                               ts_src, ts_dst, dir, sa->reqid, mark, routed);
        }
 
        if (!deleting)
@@ -853,7 +853,7 @@ static bool raw_eroute(const ip_address *this_host,
                if (deleting || replacing)
                {
                        hydra->kernel_interface->del_policy(hydra->kernel_interface,
-                                               ts_src, ts_dst, dir, mark, routed);
+                                               ts_src, ts_dst, dir, sa->reqid, mark, routed);
                }
 
                if (!deleting && ok &&