diff options
| author | Martin Willi <martin@revosec.ch> | 2013-03-13 11:31:36 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-03-14 14:20:54 +0100 |
| commit | 7eeeb1c70226bf5738c367f9903bada5fdde7dab (patch) | |
| tree | e53c67494f0ef2b56fff4672cee679687bfaa782 /src | |
| parent | 003452d18fbc73bc048085752ee0a61656250adf (diff) | |
| download | strongswan-7eeeb1c70226bf5738c367f9903bada5fdde7dab.tar.bz2 strongswan-7eeeb1c70226bf5738c367f9903bada5fdde7dab.tar.xz | |
kernel_ipsec_t.query_sa() additionally returns the number of processed packets
Diffstat (limited to 'src')
| -rw-r--r-- | src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c | 3 | ||||
| -rw-r--r-- | src/libcharon/plugins/load_tester/load_tester_ipsec.c | 4 | ||||
| -rw-r--r-- | src/libcharon/sa/child_sa.c | 18 | ||||
| -rw-r--r-- | src/libhydra/kernel/kernel_interface.c | 6 | ||||
| -rw-r--r-- | src/libhydra/kernel/kernel_interface.h | 3 | ||||
| -rw-r--r-- | src/libhydra/kernel/kernel_ipsec.h | 3 | ||||
| -rw-r--r-- | src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c | 4 | ||||
| -rw-r--r-- | src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 12 | ||||
| -rw-r--r-- | src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 13 |
9 files changed, 50 insertions, 16 deletions
diff --git a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c index dc272e6ff..8e8534190 100644 --- a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c +++ b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c @@ -85,7 +85,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, METHOD(kernel_ipsec_t, query_sa, status_t, private_kernel_android_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes) + u_int32_t spi, u_int8_t protocol, mark_t mark, + u_int64_t *bytes, u_int64_t *packets) { return NOT_SUPPORTED; } diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index ded6b2d20..4f84845a3 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -70,7 +70,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, METHOD(kernel_ipsec_t, query_sa, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes) + u_int32_t spi, u_int8_t protocol, mark_t mark, + u_int64_t *bytes, u_int64_t *packets) { return NOT_SUPPORTED; } @@ -145,4 +146,3 @@ load_tester_ipsec_t *load_tester_ipsec_create() return &this->public; } - diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index f02d836cf..30ec00175 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -182,6 +182,16 @@ struct private_child_sa_t { * last number of outbound bytes */ u_int64_t other_usebytes; + + /** + * last number of inbound packets + */ + u_int64_t my_usepackets; + + /** + * last number of outbound bytes + */ + u_int64_t other_usepackets; }; /** @@ -413,7 +423,7 @@ METHOD(child_sa_t, create_policy_enumerator, enumerator_t*, static status_t update_usebytes(private_child_sa_t *this, bool inbound) { status_t status = FAILED; - u_int64_t bytes; + u_int64_t bytes, packets; if (inbound) { @@ -422,12 +432,13 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) status = hydra->kernel_interface->query_sa(hydra->kernel_interface, this->other_addr, this->my_addr, this->my_spi, proto_ike2ip(this->protocol), this->mark_in, - &bytes); + &bytes, &packets); if (status == SUCCESS) { if (bytes > this->my_usebytes) { this->my_usebytes = bytes; + this->my_usepackets = packets; return SUCCESS; } return FAILED; @@ -441,12 +452,13 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) status = hydra->kernel_interface->query_sa(hydra->kernel_interface, this->my_addr, this->other_addr, this->other_spi, proto_ike2ip(this->protocol), this->mark_out, - &bytes); + &bytes, &packets); if (status == SUCCESS) { if (bytes > this->other_usebytes) { this->other_usebytes = bytes; + this->other_usepackets = packets; return SUCCESS; } return FAILED; diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c index b82fd6d3d..53b8324b7 100644 --- a/src/libhydra/kernel/kernel_interface.c +++ b/src/libhydra/kernel/kernel_interface.c @@ -207,13 +207,15 @@ METHOD(kernel_interface_t, update_sa, status_t, METHOD(kernel_interface_t, query_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes) + u_int32_t spi, u_int8_t protocol, mark_t mark, + u_int64_t *bytes, u_int64_t *packets) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark, bytes); + return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark, + bytes, packets); } METHOD(kernel_interface_t, del_sa, status_t, diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h index 8d8d048d0..1d2253b94 100644 --- a/src/libhydra/kernel/kernel_interface.h +++ b/src/libhydra/kernel/kernel_interface.h @@ -194,11 +194,12 @@ struct kernel_interface_t { * @param protocol protocol for this SA (ESP/AH) * @param mark optional mark for this SA * @param[out] bytes the number of bytes processed by SA + * @param[out] packets number of packets processed by SA * @return SUCCESS if operation completed */ status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes); + u_int64_t *bytes, u_int64_t *packets); /** * Delete a previously installed SA from the SAD. diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h index c8afcaffd..ba67238e5 100644 --- a/src/libhydra/kernel/kernel_ipsec.h +++ b/src/libhydra/kernel/kernel_ipsec.h @@ -154,11 +154,12 @@ struct kernel_ipsec_t { * @param protocol protocol for this SA (ESP/AH) * @param mark optional mark for this SA * @param[out] bytes the number of bytes processed by SA + * @param[out] packets number of packets processed by SA * @return SUCCESS if operation completed */ status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes); + u_int64_t *bytes, u_int64_t *packets); /** * Delete a previusly installed SA from the SAD. diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c index 431174e72..a120b3d00 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c @@ -1910,7 +1910,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, METHOD(kernel_ipsec_t, query_sa, status_t, private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes) + u_int32_t spi, u_int8_t protocol, mark_t mark, + u_int64_t *bytes, u_int64_t *packets) { return NOT_SUPPORTED; /* TODO */ } @@ -2648,4 +2649,3 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create() return &this->public; } - diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index e81e55c24..8e90e01b1 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1649,7 +1649,8 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, METHOD(kernel_ipsec_t, query_sa, status_t, private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes) + u_int32_t spi, u_int8_t protocol, mark_t mark, + u_int64_t *bytes, u_int64_t *packets) { netlink_buf_t request; struct nlmsghdr *out = NULL, *hdr; @@ -1739,7 +1740,14 @@ METHOD(kernel_ipsec_t, query_sa, status_t, } else { - *bytes = sa->curlft.bytes; + if (bytes) + { + *bytes = sa->curlft.bytes; + } + if (packets) + { + *packets = sa->curlft.packets; + } status = SUCCESS; } memwipe(out, len); diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 88b028447..330fe2f1a 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1767,7 +1767,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, METHOD(kernel_ipsec_t, query_sa, status_t, private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes) + u_int32_t spi, u_int8_t protocol, mark_t mark, + u_int64_t *bytes, u_int64_t *packets) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1816,7 +1817,15 @@ METHOD(kernel_ipsec_t, query_sa, status_t, free(out); return FAILED; } - *bytes = response.lft_current->sadb_lifetime_bytes; + if (bytes) + { + *bytes = response.lft_current->sadb_lifetime_bytes; + } + if (packets) + { + /* not supported by PF_KEY */ + *packets = 0; + } free(out); return SUCCESS; |