kernel_ipsec_t.query_sa() additionally returns the number of processed packets
authorMartin Willi <martin@revosec.ch>
Wed, 13 Mar 2013 10:31:36 +0000 (11:31 +0100)
committerMartin Willi <martin@revosec.ch>
Thu, 14 Mar 2013 13:20:54 +0000 (14:20 +0100)
src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c
src/libcharon/plugins/load_tester/load_tester_ipsec.c
src/libcharon/sa/child_sa.c
src/libhydra/kernel/kernel_interface.c
src/libhydra/kernel/kernel_interface.h
src/libhydra/kernel/kernel_ipsec.h
src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

index dc272e6..8e85341 100644 (file)
@@ -85,7 +85,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
 
 METHOD(kernel_ipsec_t, query_sa, status_t,
        private_kernel_android_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+       u_int32_t spi, u_int8_t protocol, mark_t mark,
+       u_int64_t *bytes, u_int64_t *packets)
 {
        return NOT_SUPPORTED;
 }
index ded6b2d..4f84845 100644 (file)
@@ -70,7 +70,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
 
 METHOD(kernel_ipsec_t, query_sa, status_t,
        private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+       u_int32_t spi, u_int8_t protocol, mark_t mark,
+       u_int64_t *bytes, u_int64_t *packets)
 {
        return NOT_SUPPORTED;
 }
@@ -145,4 +146,3 @@ load_tester_ipsec_t *load_tester_ipsec_create()
 
        return &this->public;
 }
-
index f02d836..30ec001 100644 (file)
@@ -182,6 +182,16 @@ struct private_child_sa_t {
         * last number of outbound bytes
         */
        u_int64_t other_usebytes;
+
+       /**
+        * last number of inbound packets
+        */
+       u_int64_t my_usepackets;
+
+       /**
+        * last number of outbound bytes
+        */
+       u_int64_t other_usepackets;
 };
 
 /**
@@ -413,7 +423,7 @@ METHOD(child_sa_t, create_policy_enumerator, enumerator_t*,
 static status_t update_usebytes(private_child_sa_t *this, bool inbound)
 {
        status_t status = FAILED;
-       u_int64_t bytes;
+       u_int64_t bytes, packets;
 
        if (inbound)
        {
@@ -422,12 +432,13 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound)
                        status = hydra->kernel_interface->query_sa(hydra->kernel_interface,
                                                        this->other_addr, this->my_addr, this->my_spi,
                                                        proto_ike2ip(this->protocol), this->mark_in,
-                                                       &bytes);
+                                                       &bytes, &packets);
                        if (status == SUCCESS)
                        {
                                if (bytes > this->my_usebytes)
                                {
                                        this->my_usebytes = bytes;
+                                       this->my_usepackets = packets;
                                        return SUCCESS;
                                }
                                return FAILED;
@@ -441,12 +452,13 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound)
                        status = hydra->kernel_interface->query_sa(hydra->kernel_interface,
                                                        this->my_addr, this->other_addr, this->other_spi,
                                                        proto_ike2ip(this->protocol), this->mark_out,
-                                                       &bytes);
+                                                       &bytes, &packets);
                        if (status == SUCCESS)
                        {
                                if (bytes > this->other_usebytes)
                                {
                                        this->other_usebytes = bytes;
+                                       this->other_usepackets = packets;
                                        return SUCCESS;
                                }
                                return FAILED;
index b82fd6d..53b8324 100644 (file)
@@ -207,13 +207,15 @@ METHOD(kernel_interface_t, update_sa, status_t,
 
 METHOD(kernel_interface_t, query_sa, status_t,
        private_kernel_interface_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+       u_int32_t spi, u_int8_t protocol, mark_t mark,
+       u_int64_t *bytes, u_int64_t *packets)
 {
        if (!this->ipsec)
        {
                return NOT_SUPPORTED;
        }
-       return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark, bytes);
+       return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark,
+                                                                bytes, packets);
 }
 
 METHOD(kernel_interface_t, del_sa, status_t,
index 8d8d048..1d2253b 100644 (file)
@@ -194,11 +194,12 @@ struct kernel_interface_t {
         * @param protocol              protocol for this SA (ESP/AH)
         * @param mark                  optional mark for this SA
         * @param[out] bytes    the number of bytes processed by SA
+        * @param[out] packets  number of packets processed by SA
         * @return                              SUCCESS if operation completed
         */
        status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst,
                                                  u_int32_t spi, u_int8_t protocol, mark_t mark,
-                                                 u_int64_t *bytes);
+                                                 u_int64_t *bytes, u_int64_t *packets);
 
        /**
         * Delete a previously installed SA from the SAD.
index c8afcaf..ba67238 100644 (file)
@@ -154,11 +154,12 @@ struct kernel_ipsec_t {
         * @param protocol              protocol for this SA (ESP/AH)
         * @param mark                  optional mark for this SA
         * @param[out] bytes    the number of bytes processed by SA
+        * @param[out] packets  number of packets processed by SA
         * @return                              SUCCESS if operation completed
         */
        status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst,
                                                  u_int32_t spi, u_int8_t protocol, mark_t mark,
-                                                 u_int64_t *bytes);
+                                                 u_int64_t *bytes, u_int64_t *packets);
 
        /**
         * Delete a previusly installed SA from the SAD.
index 431174e..a120b3d 100644 (file)
@@ -1910,7 +1910,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
 
 METHOD(kernel_ipsec_t, query_sa, status_t,
        private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+       u_int32_t spi, u_int8_t protocol, mark_t mark,
+       u_int64_t *bytes, u_int64_t *packets)
 {
        return NOT_SUPPORTED;  /* TODO */
 }
@@ -2648,4 +2649,3 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create()
 
        return &this->public;
 }
-
index e81e55c..8e90e01 100644 (file)
@@ -1649,7 +1649,8 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
 
 METHOD(kernel_ipsec_t, query_sa, status_t,
        private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+       u_int32_t spi, u_int8_t protocol, mark_t mark,
+       u_int64_t *bytes, u_int64_t *packets)
 {
        netlink_buf_t request;
        struct nlmsghdr *out = NULL, *hdr;
@@ -1739,7 +1740,14 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
        }
        else
        {
-               *bytes = sa->curlft.bytes;
+               if (bytes)
+               {
+                       *bytes = sa->curlft.bytes;
+               }
+               if (packets)
+               {
+                       *packets = sa->curlft.packets;
+               }
                status = SUCCESS;
        }
        memwipe(out, len);
index 88b0284..330fe2f 100644 (file)
@@ -1767,7 +1767,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
 
 METHOD(kernel_ipsec_t, query_sa, status_t,
        private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
-       u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes)
+       u_int32_t spi, u_int8_t protocol, mark_t mark,
+       u_int64_t *bytes, u_int64_t *packets)
 {
        unsigned char request[PFKEY_BUFFER_SIZE];
        struct sadb_msg *msg, *out;
@@ -1816,7 +1817,15 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
                free(out);
                return FAILED;
        }
-       *bytes = response.lft_current->sadb_lifetime_bytes;
+       if (bytes)
+       {
+               *bytes = response.lft_current->sadb_lifetime_bytes;
+       }
+       if (packets)
+       {
+               /* not supported by PF_KEY */
+               *packets = 0;
+       }
 
        free(out);
        return SUCCESS;