Imported Upstream version 5.3.4

5 files changed, 66 insertions, 51 deletions

diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index ce31bd410..89e95ade9 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2013 Tobias Brunner
+ * Copyright (C) 2008-2015 Tobias Brunner
  * Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
@@ -509,16 +509,17 @@ METHOD(kernel_interface_t, query_policy, status_t,
 }
 
 METHOD(kernel_interface_t, del_policy, status_t,
-	private_kernel_interface_t *this, traffic_selector_t *src_ts,
-	traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+	private_kernel_interface_t *this, host_t *src, host_t *dst,
+	traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+	policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
 	mark_t mark, policy_priority_t priority)
 {
 	if (!this->ipsec)
 	{
 		return NOT_SUPPORTED;
 	}
-	return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts,
-								   direction, reqid, mark, priority);
+	return this->ipsec->del_policy(this->ipsec, src, dst, src_ts, dst_ts,
+								   direction, type, sa, mark, priority);
 }
 
 METHOD(kernel_interface_t, flush_policies, status_t,
@@ -738,44 +739,52 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t,
 }
 
 
-METHOD(kernel_interface_t, add_ipsec_interface, void,
+METHOD(kernel_interface_t, add_ipsec_interface, bool,
 	private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
 {
 	if (!this->ipsec)
 	{
 		this->ipsec_constructor = constructor;
 		this->ipsec = constructor();
+		return this->ipsec != NULL;
 	}
+	return FALSE;
 }
 
-METHOD(kernel_interface_t, remove_ipsec_interface, void,
+METHOD(kernel_interface_t, remove_ipsec_interface, bool,
 	private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
 {
 	if (constructor == this->ipsec_constructor && this->ipsec)
 	{
 		this->ipsec->destroy(this->ipsec);
 		this->ipsec = NULL;
+		return TRUE;
 	}
+	return FALSE;
 }
 
-METHOD(kernel_interface_t, add_net_interface, void,
+METHOD(kernel_interface_t, add_net_interface, bool,
 	private_kernel_interface_t *this, kernel_net_constructor_t constructor)
 {
 	if (!this->net)
 	{
 		this->net_constructor = constructor;
 		this->net = constructor();
+		return this->net != NULL;
 	}
+	return FALSE;
 }
 
-METHOD(kernel_interface_t, remove_net_interface, void,
+METHOD(kernel_interface_t, remove_net_interface, bool,
 	private_kernel_interface_t *this, kernel_net_constructor_t constructor)
 {
 	if (constructor == this->net_constructor && this->net)
 	{
 		this->net->destroy(this->net);
 		this->net = NULL;
+		return TRUE;
 	}
+	return FALSE;
 }
 
 METHOD(kernel_interface_t, add_listener, void,
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index 96ce9e26d..45efe8946 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2013 Tobias Brunner
+ * Copyright (C) 2006-2015 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -265,9 +265,6 @@ struct kernel_interface_t {
 	/**
 	 * Add a policy to the SPD.
 	 *
-	 * A policy is always associated to an SA. Traffic which matches a
-	 * policy is handled by the SA with the same reqid.
-	 *
 	 * @param src			source address of SA
 	 * @param dst			dest address of SA
 	 * @param src_ts		traffic selector to match traffic source
@@ -309,24 +306,24 @@ struct kernel_interface_t {
 	/**
 	 * Remove a policy from the SPD.
 	 *
-	 * The kernel interface implements reference counting for policies.
-	 * If the same policy is installed multiple times (in the case of rekeying),
-	 * the reference counter is increased. del_policy() decreases the ref counter
-	 * and removes the policy only when no more references are available.
-	 *
+	 * @param src			source address of SA
+	 * @param dst			dest address of SA
 	 * @param src_ts		traffic selector to match traffic source
 	 * @param dst_ts		traffic selector to match traffic dest
 	 * @param direction		direction of traffic, POLICY_(IN|OUT|FWD)
-	 * @param reqid			unique ID of the associated SA
-	 * @param mark			optional mark
+	 * @param type			type of policy, POLICY_(IPSEC|PASS|DROP)
+	 * @param sa			details about the SA(s) tied to this policy
+	 * @param mark			mark for this policy
 	 * @param priority		priority of the policy
 	 * @return				SUCCESS if operation completed
 	 */
 	status_t (*del_policy) (kernel_interface_t *this,
+							host_t *src, host_t *dst,
 							traffic_selector_t *src_ts,
 							traffic_selector_t *dst_ts,
-							policy_dir_t direction, u_int32_t reqid,
-							mark_t mark, policy_priority_t priority);
+							policy_dir_t direction, policy_type_t type,
+							ipsec_sa_cfg_t *sa, mark_t mark,
+							policy_priority_t priority);
 
 	/**
 	 * Flush all policies from the SPD.
@@ -502,39 +499,49 @@ struct kernel_interface_t {
 	/**
 	 * Register an ipsec kernel interface constructor on the manager.
 	 *
-	 * @param create			constructor to register
+	 * @param create		constructor to register
+	 * @return				TRUE if the ipsec kernel interface was registered
+	 *						successfully, FALSE if an interface was already
+	 *						registered or the registration failed
 	 */
-	void (*add_ipsec_interface)(kernel_interface_t *this,
+	bool (*add_ipsec_interface)(kernel_interface_t *this,
 								kernel_ipsec_constructor_t create);
 
 	/**
 	 * Unregister an ipsec kernel interface constructor.
 	 *
-	 * @param create			constructor to unregister
+	 * @param create		constructor to unregister
+	 * @return				TRUE if the ipsec kernel interface was unregistered
+	 *						successfully, FALSE otherwise
 	 */
-	void (*remove_ipsec_interface)(kernel_interface_t *this,
+	bool (*remove_ipsec_interface)(kernel_interface_t *this,
 								   kernel_ipsec_constructor_t create);
 
 	/**
 	 * Register a network kernel interface constructor on the manager.
 	 *
-	 * @param create			constructor to register
+	 * @param create		constructor to register
+	 * @return				TRUE if the kernel net interface was registered
+	 *						successfully, FALSE if an interface was already
+	 *						registered or the registration failed
 	 */
-	void (*add_net_interface)(kernel_interface_t *this,
+	bool (*add_net_interface)(kernel_interface_t *this,
 							  kernel_net_constructor_t create);
 
 	/**
 	 * Unregister a network kernel interface constructor.
 	 *
-	 * @param create			constructor to unregister
+	 * @param create		constructor to unregister
+	 * @return				TRUE if the kernel net interface was unregistered
+	 *						successfully, FALSE otherwise
 	 */
-	void (*remove_net_interface)(kernel_interface_t *this,
+	bool (*remove_net_interface)(kernel_interface_t *this,
 								 kernel_net_constructor_t create);
 
 	/**
 	 * Add a listener to the kernel interface.
 	 *
-	 * @param listener			listener to add
+	 * @param listener		listener to add
 	 */
 	void (*add_listener)(kernel_interface_t *this,
 						 kernel_listener_t *listener);
@@ -542,7 +549,7 @@ struct kernel_interface_t {
 	/**
 	 * Remove a listener from the kernel interface.
 	 *
-	 * @param listener			listener to remove
+	 * @param listener		listener to remove
 	 */
 	void (*remove_listener)(kernel_interface_t *this,
 							kernel_listener_t *listener);
diff --git a/src/libhydra/kernel/kernel_ipsec.c b/src/libhydra/kernel/kernel_ipsec.c
index 1a32ab4e7..697b1b33d 100644
--- a/src/libhydra/kernel/kernel_ipsec.c
+++ b/src/libhydra/kernel/kernel_ipsec.c
@@ -25,13 +25,14 @@ bool kernel_ipsec_register(plugin_t *plugin, plugin_feature_t *feature,
 {
 	if (reg)
 	{
-		hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface,
+		return hydra->kernel_interface->add_ipsec_interface(
+											hydra->kernel_interface,
 											(kernel_ipsec_constructor_t)data);
 	}
 	else
 	{
-		hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface,
+		return hydra->kernel_interface->remove_ipsec_interface(
+											hydra->kernel_interface,
 											(kernel_ipsec_constructor_t)data);
 	}
-	return TRUE;
 }
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h
index 19caaa400..2458db5b9 100644
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2006-2015 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -186,9 +186,6 @@ struct kernel_ipsec_t {
 	/**
 	 * Add a policy to the SPD.
 	 *
-	 * A policy is always associated to an SA. Traffic which matches a
-	 * policy is handled by the SA with the same reqid.
-	 *
 	 * @param src			source address of SA
 	 * @param dst			dest address of SA
 	 * @param src_ts		traffic selector to match traffic source
@@ -231,24 +228,24 @@ struct kernel_ipsec_t {
 	/**
 	 * Remove a policy from the SPD.
 	 *
-	 * The kernel interface implements reference counting for policies.
-	 * If the same policy is installed multiple times (in the case of rekeying),
-	 * the reference counter is increased. del_policy() decreases the ref counter
-	 * and removes the policy only when no more references are available.
-	 *
+	 * @param src			source address of SA
+	 * @param dst			dest address of SA
 	 * @param src_ts		traffic selector to match traffic source
 	 * @param dst_ts		traffic selector to match traffic dest
 	 * @param direction		direction of traffic, POLICY_(IN|OUT|FWD)
-	 * @param reqid			unique ID of the associated SA
-	 * @param mark			optional mark
+	 * @param type			type of policy, POLICY_(IPSEC|PASS|DROP)
+	 * @param sa			details about the SA(s) tied to this policy
+	 * @param mark			mark for this policy
 	 * @param priority		priority of the policy
 	 * @return				SUCCESS if operation completed
 	 */
 	status_t (*del_policy) (kernel_ipsec_t *this,
+							host_t *src, host_t *dst,
 							traffic_selector_t *src_ts,
 							traffic_selector_t *dst_ts,
-							policy_dir_t direction, u_int32_t reqid,
-							mark_t mark, policy_priority_t priority);
+							policy_dir_t direction, policy_type_t type,
+							ipsec_sa_cfg_t *sa, mark_t mark,
+							policy_priority_t priority);
 
 	/**
 	 * Flush all policies from the SPD.
diff --git a/src/libhydra/kernel/kernel_net.c b/src/libhydra/kernel/kernel_net.c
index 0841ed803..07d8b2999 100644
--- a/src/libhydra/kernel/kernel_net.c
+++ b/src/libhydra/kernel/kernel_net.c
@@ -25,13 +25,14 @@ bool kernel_net_register(plugin_t *plugin, plugin_feature_t *feature,
 {
 	if (reg)
 	{
-		hydra->kernel_interface->add_net_interface(hydra->kernel_interface,
+		return hydra->kernel_interface->add_net_interface(
+											hydra->kernel_interface,
 											(kernel_net_constructor_t)data);
 	}
 	else
 	{
-		hydra->kernel_interface->remove_net_interface(hydra->kernel_interface,
+		return hydra->kernel_interface->remove_net_interface(
+											hydra->kernel_interface,
 											(kernel_net_constructor_t)data);
 	}
-	return TRUE;
 }