aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libhydra/kernel/kernel_interface.c22
-rw-r--r--src/libhydra/kernel/kernel_interface.h14
-rw-r--r--src/libhydra/kernel/kernel_ipsec.h14
3 files changed, 50 insertions, 0 deletions
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index 9113d813c..922f27094 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -138,6 +138,16 @@ METHOD(kernel_interface_t, del_sa, status_t,
return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark);
}
+METHOD(kernel_interface_t, flush_sas, status_t,
+ private_kernel_interface_t *this)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->flush_sas(this->ipsec);
+}
+
METHOD(kernel_interface_t, add_policy, status_t,
private_kernel_interface_t *this, host_t *src, host_t *dst,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
@@ -178,6 +188,16 @@ METHOD(kernel_interface_t, del_policy, status_t,
direction, reqid, mark, priority);
}
+METHOD(kernel_interface_t, flush_policies, status_t,
+ private_kernel_interface_t *this)
+{
+ if (!this->ipsec)
+ {
+ return NOT_SUPPORTED;
+ }
+ return this->ipsec->flush_policies(this->ipsec);
+}
+
METHOD(kernel_interface_t, get_source_addr, host_t*,
private_kernel_interface_t *this, host_t *dest, host_t *src)
{
@@ -505,9 +525,11 @@ kernel_interface_t *kernel_interface_create()
.update_sa = _update_sa,
.query_sa = _query_sa,
.del_sa = _del_sa,
+ .flush_sas = _flush_sas,
.add_policy = _add_policy,
.query_policy = _query_policy,
.del_policy = _del_policy,
+ .flush_policies = _flush_policies,
.get_source_addr = _get_source_addr,
.get_nexthop = _get_nexthop,
.get_interface = _get_interface,
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index 4c2f7ef99..991cfafd0 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -175,6 +175,13 @@ struct kernel_interface_t {
mark_t mark);
/**
+ * Flush all SAs from the SAD.
+ *
+ * @return SUCCESS if operation completed
+ */
+ status_t (*flush_sas) (kernel_interface_t *this);
+
+ /**
* Add a policy to the SPD.
*
* A policy is always associated to an SA. Traffic which matches a
@@ -241,6 +248,13 @@ struct kernel_interface_t {
mark_t mark, policy_priority_t priority);
/**
+ * Flush all policies from the SPD.
+ *
+ * @return SUCCESS if operation completed
+ */
+ status_t (*flush_policies) (kernel_interface_t *this);
+
+ /**
* Get our outgoing source address for a destination.
*
* Does a route lookup to get the source address used to reach dest.
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h
index eacf7c79f..ddb63283c 100644
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -306,6 +306,13 @@ struct kernel_ipsec_t {
mark_t mark);
/**
+ * Flush all SAs from the SAD.
+ *
+ * @return SUCCESS if operation completed
+ */
+ status_t (*flush_sas) (kernel_ipsec_t *this);
+
+ /**
* Add a policy to the SPD.
*
* A policy is always associated to an SA. Traffic which matches a
@@ -373,6 +380,13 @@ struct kernel_ipsec_t {
mark_t mark, policy_priority_t priority);
/**
+ * Flush all policies from the SPD.
+ *
+ * @return SUCCESS if operation completed
+ */
+ status_t (*flush_policies) (kernel_ipsec_t *this);
+
+ /**
* Install a bypass policy for the given socket.
*
* @param fd socket file descriptor to setup policy for
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 14:31:43 +0000