kernel-interface: Pass full list of traffic selectors to add_sa()

While we can handle the first selector only in BEET mode in kernel-netlink,
passing the full list gives the backend more flexibility how to handle this
information.

1 files changed, 5 insertions, 8 deletions

diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h
index 286f53ff3..f6705ff88 100644
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -78,11 +78,8 @@ struct kernel_ipsec_t {
 	/**
 	 * Add an SA to the SAD.
 	 *
-	 * add_sa() may update an already allocated
-	 * SPI (via get_spi). In this case, the replace
-	 * flag must be set.
-	 * This function does install a single SA for a
-	 * single protocol in one direction.
+	 * This function does install a single SA for a single protocol in one
+	 * direction.
 	 *
 	 * @param src			source address for this SA
 	 * @param dst			destination address for this SA
@@ -104,8 +101,8 @@ struct kernel_ipsec_t {
 	 * @param encap			enable UDP encapsulation for NAT traversal
 	 * @param esn			TRUE to use Extended Sequence Numbers
 	 * @param inbound		TRUE if this is an inbound SA
-	 * @param src_ts		traffic selector with BEET source address
-	 * @param dst_ts		traffic selector with BEET destination address
+	 * @param src_ts		list of source traffic selectors
+	 * @param dst_ts		list of destination traffic selectors
 	 * @return				SUCCESS if operation completed
 	 */
 	status_t (*add_sa) (kernel_ipsec_t *this,
@@ -117,7 +114,7 @@ struct kernel_ipsec_t {
 						ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
 						u_int32_t replay_window,
 						bool initiator, bool encap, bool esn, bool inbound,
-						traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
+						linked_list_t *src_ts, linked_list_t *dst_ts);
 
 	/**
 	 * Update the hosts on an installed SA.