summaryrefslogtreecommitdiff
path: root/src/libhydra/kernel/kernel_ipsec.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/libhydra/kernel/kernel_ipsec.h')
-rw-r--r--src/libhydra/kernel/kernel_ipsec.h23
1 files changed, 10 insertions, 13 deletions
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h
index 19caaa400..2458db5b9 100644
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2006-2015 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -186,9 +186,6 @@ struct kernel_ipsec_t {
/**
* Add a policy to the SPD.
*
- * A policy is always associated to an SA. Traffic which matches a
- * policy is handled by the SA with the same reqid.
- *
* @param src source address of SA
* @param dst dest address of SA
* @param src_ts traffic selector to match traffic source
@@ -231,24 +228,24 @@ struct kernel_ipsec_t {
/**
* Remove a policy from the SPD.
*
- * The kernel interface implements reference counting for policies.
- * If the same policy is installed multiple times (in the case of rekeying),
- * the reference counter is increased. del_policy() decreases the ref counter
- * and removes the policy only when no more references are available.
- *
+ * @param src source address of SA
+ * @param dst dest address of SA
* @param src_ts traffic selector to match traffic source
* @param dst_ts traffic selector to match traffic dest
* @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param reqid unique ID of the associated SA
- * @param mark optional mark
+ * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
+ * @param sa details about the SA(s) tied to this policy
+ * @param mark mark for this policy
* @param priority priority of the policy
* @return SUCCESS if operation completed
*/
status_t (*del_policy) (kernel_ipsec_t *this,
+ host_t *src, host_t *dst,
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t reqid,
- mark_t mark, policy_priority_t priority);
+ policy_dir_t direction, policy_type_t type,
+ ipsec_sa_cfg_t *sa, mark_t mark,
+ policy_priority_t priority);
/**
* Flush all policies from the SPD.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-13 14:22:13 +0000