libipsec: Pass the same data to del_policy() as to add_policy()
We already do this for the other kernel interfaces.
Fixes e1e88d5add
("libipsec: Don't attempt deletion of any non-IPsec policies")
This commit is contained in:
parent
e1e88d5add
commit
e8140531fc
|
@ -131,8 +131,9 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
|
|||
policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
|
||||
mark_t mark, policy_priority_t priority)
|
||||
{
|
||||
return ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts,
|
||||
direction, sa->reqid, mark, priority);
|
||||
return ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts,
|
||||
dst_ts, direction, type, sa, mark,
|
||||
priority);
|
||||
}
|
||||
|
||||
METHOD(kernel_ipsec_t, flush_policies, status_t,
|
||||
|
|
|
@ -571,8 +571,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
|
|||
policy_entry_t *policy, *found = NULL;
|
||||
status_t status;
|
||||
|
||||
status = ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts,
|
||||
direction, sa->reqid, mark, priority);
|
||||
status = ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts,
|
||||
dst_ts, direction, type, sa, mark, priority);
|
||||
|
||||
policy = create_policy_entry(src_ts, dst_ts, direction);
|
||||
|
||||
|
|
|
@ -175,9 +175,10 @@ METHOD(ipsec_policy_mgr_t, add_policy, status_t,
|
|||
}
|
||||
|
||||
METHOD(ipsec_policy_mgr_t, del_policy, status_t,
|
||||
private_ipsec_policy_mgr_t *this, traffic_selector_t *src_ts,
|
||||
traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
|
||||
mark_t mark, policy_priority_t policy_priority)
|
||||
private_ipsec_policy_mgr_t *this, host_t *src, host_t *dst,
|
||||
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
|
||||
policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
|
||||
policy_priority_t policy_priority)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
ipsec_policy_entry_t *current, *found = NULL;
|
||||
|
@ -198,7 +199,7 @@ METHOD(ipsec_policy_mgr_t, del_policy, status_t,
|
|||
{
|
||||
if (current->priority == priority &&
|
||||
current->policy->match(current->policy, src_ts, dst_ts, direction,
|
||||
reqid, mark, policy_priority))
|
||||
sa->reqid, mark, policy_priority))
|
||||
{
|
||||
this->policies->remove_at(this->policies, enumerator);
|
||||
found = current;
|
||||
|
|
|
@ -71,18 +71,21 @@ struct ipsec_policy_mgr_t {
|
|||
/**
|
||||
* Remove a policy
|
||||
*
|
||||
* @param src source address of SA
|
||||
* @param dst dest address of SA
|
||||
* @param src_ts traffic selector to match traffic source
|
||||
* @param dst_ts traffic selector to match traffic dest
|
||||
* @param direction direction of traffic, POLICY_(IN|OUT|FWD)
|
||||
* @param reqid unique ID of the associated SA
|
||||
* @param type type of policy, POLICY_(IPSEC|PASS|DROP)
|
||||
* @param sa details about the SA(s) tied to this policy
|
||||
* @param mark optional mark
|
||||
* @param priority priority of the policy
|
||||
* @return SUCCESS if operation completed
|
||||
*/
|
||||
status_t (*del_policy)(ipsec_policy_mgr_t *this,
|
||||
traffic_selector_t *src_ts,
|
||||
traffic_selector_t *dst_ts,
|
||||
policy_dir_t direction, u_int32_t reqid, mark_t mark,
|
||||
host_t *src, host_t *dst, traffic_selector_t *src_ts,
|
||||
traffic_selector_t *dst_ts, policy_dir_t direction,
|
||||
policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark,
|
||||
policy_priority_t priority);
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue