Method added to easily compare IPsec policies
authorTobias Brunner <tobias@strongswan.org>
Fri, 13 Jul 2012 12:17:03 +0000 (14:17 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Aug 2012 13:41:03 +0000 (15:41 +0200)
src/libipsec/ipsec_policy.c
src/libipsec/ipsec_policy.h

index e0e154b..54bae6a 100644 (file)
@@ -88,6 +88,19 @@ struct private_ipsec_policy_t {
 
 };
 
+METHOD(ipsec_policy_t, match, bool,
+       private_ipsec_policy_t *this, traffic_selector_t *src_ts,
+       traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+       mark_t mark, policy_priority_t priority)
+{
+       return (this->direction == direction &&
+                       this->priority == priority &&
+                       this->sa.reqid == reqid &&
+                       memeq(&this->mark, &mark, sizeof(mark_t)) &&
+                       this->src_ts->equals(this->src_ts, src_ts) &&
+                       this->dst_ts->equals(this->dst_ts, dst_ts));
+}
+
 METHOD(ipsec_policy_t, get_source_ts, traffic_selector_t*,
        private_ipsec_policy_t *this)
 {
@@ -158,6 +171,7 @@ ipsec_policy_t *ipsec_policy_create(host_t *src, host_t *dst,
 
        INIT(this,
                .public = {
+                       .match = _match,
                        .get_source_ts = _get_source_ts,
                        .get_destination_ts = _get_destination_ts,
                        .get_direction = _get_direction,
index 0f65b18..0806930 100644 (file)
@@ -85,6 +85,21 @@ struct ipsec_policy_t {
        ipsec_policy_t *(*get_ref)(ipsec_policy_t *this);
 
        /**
+        * Check if this policy matches all given parameters
+        *
+        * @param src_ts                source traffic selector
+        * @param dst_ts                destination traffic selector
+        * @param direction             traffic direction
+        * @param reqid                 reqid of the policy
+        * @param mark                  mark for this policy
+        * @param prioirty              policy priority
+        * @return                              TRUE if policy matches all parameters
+        */
+       bool (*match)(ipsec_policy_t *this, traffic_selector_t *src_ts,
+                                 traffic_selector_t *dst_ts, policy_dir_t direction,
+                                 u_int32_t reqid, mark_t mark, policy_priority_t priority);
+
+       /**
         * Destroy an ipsec_policy_t
         */
        void (*destroy)(ipsec_policy_t *this);