libipsec: Pass the same data to del_policy() as to add_policy()
authorTobias Brunner <tobias@strongswan.org>
Thu, 4 Feb 2016 09:57:31 +0000 (10:57 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 4 Feb 2016 10:02:59 +0000 (11:02 +0100)
We already do this for the other kernel interfaces.

Fixes e1e88d5adde0 ("libipsec: Don't attempt deletion of any non-IPsec policies")

src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_ipsec.c
src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
src/libipsec/ipsec_policy_mgr.c
src/libipsec/ipsec_policy_mgr.h

index 2eef49f..1eb6084 100644 (file)
@@ -131,8 +131,9 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
        policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
        mark_t mark, policy_priority_t priority)
 {
        policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
        mark_t mark, policy_priority_t priority)
 {
-       return ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts,
-                                                                          direction, sa->reqid, mark, priority);
+       return ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts,
+                                                                          dst_ts,  direction, type, sa, mark,
+                                                                          priority);
 }
 
 METHOD(kernel_ipsec_t, flush_policies, status_t,
 }
 
 METHOD(kernel_ipsec_t, flush_policies, status_t,
index d738e6d..9f5f4ed 100644 (file)
@@ -571,8 +571,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
        policy_entry_t *policy, *found = NULL;
        status_t status;
 
        policy_entry_t *policy, *found = NULL;
        status_t status;
 
-       status = ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts,
-                                                                                direction, sa->reqid, mark, priority);
+       status = ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts,
+                                                               dst_ts, direction, type, sa, mark, priority);
 
        policy = create_policy_entry(src_ts, dst_ts, direction);
 
 
        policy = create_policy_entry(src_ts, dst_ts, direction);
 
index 1baa894..3f312ff 100644 (file)
@@ -175,9 +175,10 @@ METHOD(ipsec_policy_mgr_t, add_policy, status_t,
 }
 
 METHOD(ipsec_policy_mgr_t, del_policy, status_t,
 }
 
 METHOD(ipsec_policy_mgr_t, del_policy, status_t,
-       private_ipsec_policy_mgr_t *this, traffic_selector_t *src_ts,
-       traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
-       mark_t mark, policy_priority_t policy_priority)
+       private_ipsec_policy_mgr_t *this, host_t *src, host_t *dst,
+       traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+       policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
+       policy_priority_t policy_priority)
 {
        enumerator_t *enumerator;
        ipsec_policy_entry_t *current, *found = NULL;
 {
        enumerator_t *enumerator;
        ipsec_policy_entry_t *current, *found = NULL;
@@ -198,7 +199,7 @@ METHOD(ipsec_policy_mgr_t, del_policy, status_t,
        {
                if (current->priority == priority &&
                        current->policy->match(current->policy, src_ts, dst_ts, direction,
        {
                if (current->priority == priority &&
                        current->policy->match(current->policy, src_ts, dst_ts, direction,
-                                                                  reqid, mark, policy_priority))
+                                                                  sa->reqid, mark, policy_priority))
                {
                        this->policies->remove_at(this->policies, enumerator);
                        found = current;
                {
                        this->policies->remove_at(this->policies, enumerator);
                        found = current;
index 30406bd..0ea797e 100644 (file)
@@ -71,18 +71,21 @@ struct ipsec_policy_mgr_t {
        /**
         * Remove a policy
         *
        /**
         * Remove a policy
         *
+        * @param src                   source address of SA
+        * @param dst                   dest address of SA
         * @param src_ts                traffic selector to match traffic source
         * @param dst_ts                traffic selector to match traffic dest
         * @param direction             direction of traffic, POLICY_(IN|OUT|FWD)
         * @param src_ts                traffic selector to match traffic source
         * @param dst_ts                traffic selector to match traffic dest
         * @param direction             direction of traffic, POLICY_(IN|OUT|FWD)
-        * @param reqid                 unique ID of the associated SA
+        * @param type                  type of policy, POLICY_(IPSEC|PASS|DROP)
+        * @param sa                    details about the SA(s) tied to this policy
         * @param mark                  optional mark
         * @param priority              priority of the policy
         * @return                              SUCCESS if operation completed
         */
        status_t (*del_policy)(ipsec_policy_mgr_t *this,
         * @param mark                  optional mark
         * @param priority              priority of the policy
         * @return                              SUCCESS if operation completed
         */
        status_t (*del_policy)(ipsec_policy_mgr_t *this,
-                                                  traffic_selector_t *src_ts,
-                                                  traffic_selector_t *dst_ts,
-                                                  policy_dir_t direction, u_int32_t reqid, mark_t mark,
+                                                  host_t *src, host_t *dst, traffic_selector_t *src_ts,
+                                                  traffic_selector_t *dst_ts, policy_dir_t direction,
+                                                  policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
                                                   policy_priority_t priority);
 
        /**
                                                   policy_priority_t priority);
 
        /**