Add methods to easily compare IPsec SAs
authorTobias Brunner <tobias@strongswan.org>
Fri, 13 Jul 2012 09:21:25 +0000 (11:21 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Aug 2012 13:41:02 +0000 (15:41 +0200)
src/libipsec/ipsec_sa.c
src/libipsec/ipsec_sa.h

index 02fa813..cccd164 100644 (file)
@@ -131,6 +131,25 @@ METHOD(ipsec_sa_t, get_esp_context, esp_context_t*,
        return this->esp_context;
 }
 
+METHOD(ipsec_sa_t, match_by_spi_dst, bool,
+       private_ipsec_sa_t *this, u_int32_t spi, host_t *dst)
+{
+       return this->spi == spi && this->dst->ip_equals(this->dst, dst);
+}
+
+METHOD(ipsec_sa_t, match_by_spi_src_dst, bool,
+       private_ipsec_sa_t *this, u_int32_t spi, host_t *src, host_t *dst)
+{
+       return this->spi == spi && this->src->ip_equals(this->src, src) &&
+                  this->dst->ip_equals(this->dst, dst);
+}
+
+METHOD(ipsec_sa_t, match_by_reqid, bool,
+       private_ipsec_sa_t *this, u_int32_t reqid, bool inbound)
+{
+       return this->reqid == reqid && this->inbound == inbound;
+}
+
 METHOD(ipsec_sa_t, destroy, void,
        private_ipsec_sa_t *this)
 {
@@ -188,6 +207,9 @@ ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst,
                        .get_protocol = _get_protocol,
                        .get_lifetime = _get_lifetime,
                        .is_inbound = _is_inbound,
+                       .match_by_spi_dst = _match_by_spi_dst,
+                       .match_by_spi_src_dst = _match_by_spi_src_dst,
+                       .match_by_reqid = _match_by_reqid,
                        .get_esp_context = _get_esp_context,
                },
                .spi = spi,
index 5cf559a..5fd03b6 100644 (file)
@@ -96,6 +96,35 @@ struct ipsec_sa_t {
        esp_context_t *(*get_esp_context)(ipsec_sa_t *this);
 
        /**
+        * Check if this SA matches all given parameters
+        *
+        * @param spi           SPI
+        * @param dst           destination address
+        * @return                      TRUE if this SA matches all parameters, FALSE otherwise
+        */
+       bool (*match_by_spi_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *dst);
+
+       /**
+        * Check if this SA matches all given parameters
+        *
+        * @param spi           SPI
+        * @param src           source address
+        * @param dst           destination address
+        * @return                      TRUE if this SA matches all parameters, FALSE otherwise
+        */
+       bool (*match_by_spi_src_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *src,
+                                                                host_t *dst);
+
+       /**
+        * Check if this SA matches all given parameters
+        *
+        * @param reqid         reqid
+        * @param inbound       TRUE for inbound SA, FALSE for outbound
+        * @return                      TRUE if this SA matches all parameters, FALSE otherwise
+        */
+       bool (*match_by_reqid)(ipsec_sa_t *this, u_int32_t reqid, bool inbound);
+
+       /**
         * Destroy an ipsec_sa_t
         */
        void (*destroy)(ipsec_sa_t *this);