diff options
| author | Martin Willi <martin@revosec.ch> | 2013-10-11 10:24:27 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-10-11 10:25:35 +0200 |
| commit | 11282d0054d8a51f184a6f726f7f180ccf60e456 (patch) | |
| tree | 8d7cceebfa783449fbe3d164cb0cdd5c3e2cafcc /src/libipsec/ipsec_sa_mgr.c | |
| parent | b59bcba2b38dda5f0f6301b7ae90acc58b4a069b (diff) | |
| parent | d53002f088c588bb65215bb9a6e5100ba321738e (diff) | |
| download | strongswan-11282d0054d8a51f184a6f726f7f180ccf60e456.tar.bz2 strongswan-11282d0054d8a51f184a6f726f7f180ccf60e456.tar.xz | |
Merge branch 'libipsec-usestats'
Brings SA usage statistics and volume based expiration to libipsec and the
associated kernel-libipsec plugin. Additionally removes any ESPv3 style TFC
padding found in incoming packets.
Diffstat (limited to 'src/libipsec/ipsec_sa_mgr.c')
| -rw-r--r-- | src/libipsec/ipsec_sa_mgr.c | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c index 928a53d50..1db1776c0 100644 --- a/src/libipsec/ipsec_sa_mgr.c +++ b/src/libipsec/ipsec_sa_mgr.c @@ -299,12 +299,10 @@ static job_requeue_t sa_expired(ipsec_sa_expired_t *expired) if (this->sas->find_first(this->sas, (void*)match_entry_by_ptr, NULL, expired->entry) == SUCCESS) { - u_int32_t hard_offset = expired->hard_offset; - ipsec_sa_t *sa = expired->entry->sa; + u_int32_t hard_offset; - ipsec->events->expire(ipsec->events, sa->get_reqid(sa), - sa->get_protocol(sa), sa->get_spi(sa), - hard_offset == 0); + hard_offset = expired->hard_offset; + expired->entry->sa->expire(expired->entry->sa, hard_offset == 0); if (hard_offset) { /* soft limit reached, schedule hard expire */ expired->hard_offset = 0; @@ -530,6 +528,28 @@ METHOD(ipsec_sa_mgr_t, update_sa, status_t, return SUCCESS; } +METHOD(ipsec_sa_mgr_t, query_sa, status_t, + private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, + u_int32_t spi, u_int8_t protocol, mark_t mark, + u_int64_t *bytes, u_int64_t *packets, time_t *time) +{ + ipsec_sa_entry_t *entry = NULL; + + this->mutex->lock(this->mutex); + if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst, + (void**)&entry, &spi, src, dst) == SUCCESS && + wait_for_entry(this, entry)) + { + entry->sa->get_usestats(entry->sa, bytes, packets, time); + /* checkin the entry */ + entry->locked = FALSE; + entry->condvar->signal(entry->condvar); + } + this->mutex->unlock(this->mutex); + + return entry ? SUCCESS : NOT_FOUND; +} + METHOD(ipsec_sa_mgr_t, del_sa, status_t, private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) @@ -653,6 +673,7 @@ ipsec_sa_mgr_t *ipsec_sa_mgr_create() .get_spi = _get_spi, .add_sa = _add_sa, .update_sa = _update_sa, + .query_sa = _query_sa, .del_sa = _del_sa, .checkout_by_spi = _checkout_by_spi, .checkout_by_reqid = _checkout_by_reqid, |