From 2e1a19136d8123e5a8c9aa99afbb4a51d92ec2a6 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 13 Jul 2012 15:18:07 +0200
Subject: IPsec policies can be looked up based on an IP packet

---
 src/libipsec/ipsec_policy_mgr.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src/libipsec/ipsec_policy_mgr.h')

diff --git a/src/libipsec/ipsec_policy_mgr.h b/src/libipsec/ipsec_policy_mgr.h
index 0a2f63239..d3ee1074f 100644
--- a/src/libipsec/ipsec_policy_mgr.h
+++ b/src/libipsec/ipsec_policy_mgr.h
@@ -23,6 +23,9 @@
 #ifndef IPSEC_POLICY_MGR_H_
 #define IPSEC_POLICY_MGR_H_
 
+#include "ipsec_policy.h"
+#include "ip_packet.h"
+
 #include <library.h>
 #include <utils/host.h>
 #include <utils/linked_list.h>
@@ -89,6 +92,16 @@ struct ipsec_policy_mgr_t {
 	 */
 	status_t (*flush_policies)(ipsec_policy_mgr_t *this);
 
+	/**
+	 * Find the policy that matches the given IP packet best
+	 *
+	 * @param packet		IP packet to match
+	 * @param inbound		TRUE for an inbound packet
+	 * @return				reference to the policy, or NULL if none found
+	 */
+	ipsec_policy_t *(*find_by_packet)(ipsec_policy_mgr_t *this,
+									  ip_packet_t *packet, bool inbound);
+
 	/**
 	 * Destroy an ipsec_policy_mgr_t
 	 */
-- 
cgit v1.2.3