libipsec: Pass the same data to del_policy() as to add_policy()

We already do this for the other kernel interfaces. Fixes e1e88d5add ("libipsec: Don't attempt deletion of any non-IPsec policies")
2016-02-04 10:57:31 +01:00 · 2016-02-04 10:57:31 +01:00 · e8140531fc
parent e1e88d5add
commit e8140531fc
4 changed files with 17 additions and 12 deletions
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_ipsec.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_ipsec.c
@ -131,8 +131,9 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
 	policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
 	mark_t mark, policy_priority_t priority)
 {
-	return ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts,
-									   direction, sa->reqid, mark, priority);
+	return ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts,
+									   dst_ts,  direction, type, sa, mark,
+									   priority);
 }

 METHOD(kernel_ipsec_t, flush_policies, status_t,
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
@ -571,8 +571,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
 	policy_entry_t *policy, *found = NULL;
 	status_t status;

-	status = ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts,
-										 direction, sa->reqid, mark, priority);
+	status = ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts,
+								dst_ts, direction, type, sa, mark, priority);

 	policy = create_policy_entry(src_ts, dst_ts, direction);

--- a/src/libipsec/ipsec_policy_mgr.c
+++ b/src/libipsec/ipsec_policy_mgr.c
@ -175,9 +175,10 @@ METHOD(ipsec_policy_mgr_t, add_policy, status_t,
 }

 METHOD(ipsec_policy_mgr_t, del_policy, status_t,
-	private_ipsec_policy_mgr_t *this, traffic_selector_t *src_ts,
-	traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
-	mark_t mark, policy_priority_t policy_priority)
+	private_ipsec_policy_mgr_t *this, host_t *src, host_t *dst,
+	traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+	policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
+	policy_priority_t policy_priority)
 {
 	enumerator_t *enumerator;
 	ipsec_policy_entry_t *current, *found = NULL;
@ -198,7 +199,7 @@ METHOD(ipsec_policy_mgr_t, del_policy, status_t,
 	{
 		if (current->priority == priority &&
 			current->policy->match(current->policy, src_ts, dst_ts, direction,
-								   reqid, mark, policy_priority))
+								   sa->reqid, mark, policy_priority))
 		{
 			this->policies->remove_at(this->policies, enumerator);
 			found = current;
--- a/src/libipsec/ipsec_policy_mgr.h
+++ b/src/libipsec/ipsec_policy_mgr.h
@ -71,18 +71,21 @@ struct ipsec_policy_mgr_t {
 	/**
 	 * Remove a policy
 	 *
+	 * @param src			source address of SA
+	 * @param dst			dest address of SA
 	 * @param src_ts		traffic selector to match traffic source
 	 * @param dst_ts		traffic selector to match traffic dest
 	 * @param direction		direction of traffic, POLICY_(IN|OUT|FWD)
-	 * @param reqid			unique ID of the associated SA
+	 * @param type			type of policy, POLICY_(IPSEC|PASS|DROP)
+	 * @param sa			details about the SA(s) tied to this policy
 	 * @param mark			optional mark
 	 * @param priority		priority of the policy
 	 * @return				SUCCESS if operation completed
 	 */
 	status_t (*del_policy)(ipsec_policy_mgr_t *this,
-						   traffic_selector_t *src_ts,
-						   traffic_selector_t *dst_ts,
-						   policy_dir_t direction, u_int32_t reqid, mark_t mark,
+						   host_t *src, host_t *dst, traffic_selector_t *src_ts,
+						   traffic_selector_t *dst_ts, policy_dir_t direction,
+						   policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
 						   policy_priority_t priority);

 	/**