diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-07-13 11:21:25 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-08-08 15:41:02 +0200 |
| commit | 9f7e1899a90c2ffbdbac626d4d58945460eca97c (patch) | |
| tree | 36eac459d11b85db7c050b50fa5547d859f6356f /src/libipsec | |
| parent | f9b0c0547500d9a0f767a95b1ef821a3742d0ee4 (diff) | |
| download | strongswan-9f7e1899a90c2ffbdbac626d4d58945460eca97c.tar.bz2 strongswan-9f7e1899a90c2ffbdbac626d4d58945460eca97c.tar.xz | |
Add methods to easily compare IPsec SAs
Diffstat (limited to 'src/libipsec')
| -rw-r--r-- | src/libipsec/ipsec_sa.c | 22 | ||||
| -rw-r--r-- | src/libipsec/ipsec_sa.h | 29 |
2 files changed, 51 insertions, 0 deletions
diff --git a/src/libipsec/ipsec_sa.c b/src/libipsec/ipsec_sa.c index 02fa81354..cccd16404 100644 --- a/src/libipsec/ipsec_sa.c +++ b/src/libipsec/ipsec_sa.c @@ -131,6 +131,25 @@ METHOD(ipsec_sa_t, get_esp_context, esp_context_t*, return this->esp_context; } +METHOD(ipsec_sa_t, match_by_spi_dst, bool, + private_ipsec_sa_t *this, u_int32_t spi, host_t *dst) +{ + return this->spi == spi && this->dst->ip_equals(this->dst, dst); +} + +METHOD(ipsec_sa_t, match_by_spi_src_dst, bool, + private_ipsec_sa_t *this, u_int32_t spi, host_t *src, host_t *dst) +{ + return this->spi == spi && this->src->ip_equals(this->src, src) && + this->dst->ip_equals(this->dst, dst); +} + +METHOD(ipsec_sa_t, match_by_reqid, bool, + private_ipsec_sa_t *this, u_int32_t reqid, bool inbound) +{ + return this->reqid == reqid && this->inbound == inbound; +} + METHOD(ipsec_sa_t, destroy, void, private_ipsec_sa_t *this) { @@ -188,6 +207,9 @@ ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst, .get_protocol = _get_protocol, .get_lifetime = _get_lifetime, .is_inbound = _is_inbound, + .match_by_spi_dst = _match_by_spi_dst, + .match_by_spi_src_dst = _match_by_spi_src_dst, + .match_by_reqid = _match_by_reqid, .get_esp_context = _get_esp_context, }, .spi = spi, diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h index 5cf559a38..5fd03b6e4 100644 --- a/src/libipsec/ipsec_sa.h +++ b/src/libipsec/ipsec_sa.h @@ -96,6 +96,35 @@ struct ipsec_sa_t { esp_context_t *(*get_esp_context)(ipsec_sa_t *this); /** + * Check if this SA matches all given parameters + * + * @param spi SPI + * @param dst destination address + * @return TRUE if this SA matches all parameters, FALSE otherwise + */ + bool (*match_by_spi_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *dst); + + /** + * Check if this SA matches all given parameters + * + * @param spi SPI + * @param src source address + * @param dst destination address + * @return TRUE if this SA matches all parameters, FALSE otherwise + */ + bool (*match_by_spi_src_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *src, + host_t *dst); + + /** + * Check if this SA matches all given parameters + * + * @param reqid reqid + * @param inbound TRUE for inbound SA, FALSE for outbound + * @return TRUE if this SA matches all parameters, FALSE otherwise + */ + bool (*match_by_reqid)(ipsec_sa_t *this, u_int32_t reqid, bool inbound); + + /** * Destroy an ipsec_sa_t */ void (*destroy)(ipsec_sa_t *this); |