diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2011-05-13 12:50:29 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2011-07-06 09:43:45 +0200 |
| commit | 328f22e1d3a38aa087399899794ebb60f1f5610e (patch) | |
| tree | b29d4b374bce20d1bef58ad5b2ab5d1dfe98c30a /src | |
| parent | 0b6ff2a9fe52ebcbfab7d72b60a9af5d8712f4f5 (diff) | |
| download | strongswan-328f22e1d3a38aa087399899794ebb60f1f5610e.tar.bz2 strongswan-328f22e1d3a38aa087399899794ebb60f1f5610e.tar.xz | |
Add the reqid to kernel_ipsec_t.del_policy.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/load_tester/load_tester_ipsec.c | 4 | ||||
| -rw-r--r-- | src/libcharon/sa/child_sa.c | 18 | ||||
| -rw-r--r-- | src/libhydra/kernel/kernel_interface.c | 8 | ||||
| -rw-r--r-- | src/libhydra/kernel/kernel_interface.h | 7 | ||||
| -rw-r--r-- | src/libhydra/kernel/kernel_ipsec.h | 7 | ||||
| -rw-r--r-- | src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c | 4 | ||||
| -rw-r--r-- | src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 4 | ||||
| -rw-r--r-- | src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 4 | ||||
| -rw-r--r-- | src/pluto/kernel.c | 4 |
9 files changed, 34 insertions, 26 deletions
diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index c469cee31..e8c02b99a 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -102,8 +102,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, METHOD(kernel_ipsec_t, del_policy, status_t, private_load_tester_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - bool unrouted) + traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + mark_t mark, bool unrouted) { return SUCCESS; } diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index dc42ba787..870ba8d66 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -837,13 +837,16 @@ METHOD(child_sa_t, update, status_t, { /* remove old policies first */ hydra->kernel_interface->del_policy(hydra->kernel_interface, - my_ts, other_ts, POLICY_OUT, this->mark_out, FALSE); + my_ts, other_ts, POLICY_OUT, this->reqid, + this->mark_out, FALSE); hydra->kernel_interface->del_policy(hydra->kernel_interface, - other_ts, my_ts, POLICY_IN, this->mark_in, FALSE); + other_ts, my_ts, POLICY_IN, this->reqid, + this->mark_in, FALSE); if (this->mode != MODE_TRANSPORT) { hydra->kernel_interface->del_policy(hydra->kernel_interface, - other_ts, my_ts, POLICY_FWD, this->mark_in, FALSE); + other_ts, my_ts, POLICY_FWD, this->reqid, + this->mark_in, FALSE); } /* check whether we have to update a "dynamic" traffic selector */ @@ -943,13 +946,16 @@ METHOD(child_sa_t, destroy, void, while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { hydra->kernel_interface->del_policy(hydra->kernel_interface, - my_ts, other_ts, POLICY_OUT, this->mark_out, unrouted); + my_ts, other_ts, POLICY_OUT, this->reqid, + this->mark_out, unrouted); hydra->kernel_interface->del_policy(hydra->kernel_interface, - other_ts, my_ts, POLICY_IN, this->mark_in, unrouted); + other_ts, my_ts, POLICY_IN, this->reqid, + this->mark_in, unrouted); if (this->mode != MODE_TRANSPORT) { hydra->kernel_interface->del_policy(hydra->kernel_interface, - other_ts, my_ts, POLICY_FWD, this->mark_in, unrouted); + other_ts, my_ts, POLICY_FWD, this->reqid, + this->mark_in, unrouted); } } enumerator->destroy(enumerator); diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c index 4b5b41f2b..8228d2619 100644 --- a/src/libhydra/kernel/kernel_interface.c +++ b/src/libhydra/kernel/kernel_interface.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2010 Tobias Brunner + * Copyright (C) 2008-2011 Tobias Brunner * Hochschule fuer Technik Rapperswil * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG @@ -157,15 +157,15 @@ METHOD(kernel_interface_t, query_policy, status_t, METHOD(kernel_interface_t, del_policy, status_t, private_kernel_interface_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - bool unrouted) + traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + mark_t mark, bool unrouted) { if (!this->ipsec) { return NOT_SUPPORTED; } return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts, - direction, mark, unrouted); + direction, reqid, mark, unrouted); } METHOD(kernel_interface_t, get_source_addr, host_t*, diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h index 471a1d5d3..a7f8e26a8 100644 --- a/src/libhydra/kernel/kernel_interface.h +++ b/src/libhydra/kernel/kernel_interface.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2010 Tobias Brunner + * Copyright (C) 2006-2011 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -228,6 +228,7 @@ struct kernel_interface_t { * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_(IN|OUT|FWD) + * @param reqid unique ID of the associated SA * @param mark optional mark * @param unrouted TRUE, if this policy is unrouted from the kernel * @return SUCCESS if operation completed @@ -235,8 +236,8 @@ struct kernel_interface_t { status_t (*del_policy) (kernel_interface_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, mark_t mark, - bool unrouted); + policy_dir_t direction, u_int32_t reqid, + mark_t mark, bool unrouted); /** * Get our outgoing source address for a destination. diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h index e7b62ad1f..f1122db68 100644 --- a/src/libhydra/kernel/kernel_ipsec.h +++ b/src/libhydra/kernel/kernel_ipsec.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2010 Tobias Brunner + * Copyright (C) 2006-2011 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -346,6 +346,7 @@ struct kernel_ipsec_t { * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_(IN|OUT|FWD) + * @param reqid unique ID of the associated SA * @param mark optional mark * @param unrouted TRUE, if this policy is unrouted from the kernel * @return SUCCESS if operation completed @@ -353,8 +354,8 @@ struct kernel_ipsec_t { status_t (*del_policy) (kernel_ipsec_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, mark_t mark, - bool unrouted); + policy_dir_t direction, u_int32_t reqid, + mark_t mark, bool unrouted); /** * Install a bypass policy for the given socket. diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c index 71c4bf8cf..380be1580 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c @@ -2347,8 +2347,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, METHOD(kernel_ipsec_t, del_policy, status_t, private_kernel_klips_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - bool unrouted) + traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + mark_t mark, bool unrouted) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)request, *out; diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index 23db18708..85007433f 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -2055,8 +2055,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, METHOD(kernel_ipsec_t, del_policy, status_t, private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - bool unrouted) + traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + mark_t mark, bool unrouted) { policy_entry_t *current, policy, *to_delete = NULL; route_entry_t *route; diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 3958ca857..cfc66e803 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1914,8 +1914,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, METHOD(kernel_ipsec_t, del_policy, status_t, private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - bool unrouted) + traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + mark_t mark, bool unrouted) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index 8bed1fcfc..c458b2dad 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -837,7 +837,7 @@ static bool raw_eroute(const ip_address *this_host, if (deleting || replacing) { hydra->kernel_interface->del_policy(hydra->kernel_interface, - ts_src, ts_dst, dir, mark, routed); + ts_src, ts_dst, dir, sa->reqid, mark, routed); } if (!deleting) @@ -853,7 +853,7 @@ static bool raw_eroute(const ip_address *this_host, if (deleting || replacing) { hydra->kernel_interface->del_policy(hydra->kernel_interface, - ts_src, ts_dst, dir, mark, routed); + ts_src, ts_dst, dir, sa->reqid, mark, routed); } if (!deleting && ok && |