diff options
Diffstat (limited to 'src/libhydra/kernel')
| -rw-r--r-- | src/libhydra/kernel/kernel_interface.c | 13 | ||||
| -rw-r--r-- | src/libhydra/kernel/kernel_interface.h | 8 | ||||
| -rw-r--r-- | src/libhydra/kernel/kernel_ipsec.h | 6 |
3 files changed, 15 insertions, 12 deletions
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c index 90637fa06..cbfddd03b 100644 --- a/src/libhydra/kernel/kernel_interface.c +++ b/src/libhydra/kernel/kernel_interface.c @@ -208,7 +208,7 @@ METHOD(kernel_interface_t, update_sa, status_t, METHOD(kernel_interface_t, query_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, u_int32_t *time) + u_int64_t *bytes, u_int64_t *packets, time_t *time) { if (!this->ipsec) { @@ -256,7 +256,7 @@ METHOD(kernel_interface_t, add_policy, status_t, METHOD(kernel_interface_t, query_policy, status_t, private_kernel_interface_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - u_int32_t *use_time) + time_t *use_time) { if (!this->ipsec) { @@ -447,7 +447,9 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t, } host->destroy(host); - addrs = create_address_enumerator(this, ADDR_TYPE_VIRTUAL); + /* try virtual IPs only first (on all interfaces) */ + addrs = create_address_enumerator(this, + ADDR_TYPE_ALL ^ ADDR_TYPE_REGULAR); while (addrs->enumerate(addrs, (void**)&host)) { if (ts->includes(ts, host)) @@ -464,8 +466,9 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t, addrs->destroy(addrs); if (!found) - { - addrs = create_address_enumerator(this, ADDR_TYPE_REGULAR); + { /* then try the regular addresses (on all interfaces) */ + addrs = create_address_enumerator(this, + ADDR_TYPE_ALL ^ ADDR_TYPE_VIRTUAL); while (addrs->enumerate(addrs, (void**)&host)) { if (ts->includes(ts, host)) diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h index 1d96f1c35..cc47d3c4a 100644 --- a/src/libhydra/kernel/kernel_interface.h +++ b/src/libhydra/kernel/kernel_interface.h @@ -200,12 +200,12 @@ struct kernel_interface_t { * @param mark optional mark for this SA * @param[out] bytes the number of bytes processed by SA * @param[out] packets number of packets processed by SA - * @param[out] time last time of SA use + * @param[out] time last (monotonic) time of SA use * @return SUCCESS if operation completed */ status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, u_int32_t *time); + u_int64_t *bytes, u_int64_t *packets, time_t *time); /** * Delete a previously installed SA from the SAD. @@ -264,14 +264,14 @@ struct kernel_interface_t { * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_(IN|OUT|FWD) * @param mark optional mark - * @param[out] use_time the time of this SA's last use + * @param[out] use_time the (monotonic) time of this SA's last use * @return SUCCESS if operation completed */ status_t (*query_policy) (kernel_interface_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - u_int32_t *use_time); + time_t *use_time); /** * Remove a policy from the SPD. diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h index 413e5920f..25f5b38fd 100644 --- a/src/libhydra/kernel/kernel_ipsec.h +++ b/src/libhydra/kernel/kernel_ipsec.h @@ -156,12 +156,12 @@ struct kernel_ipsec_t { * @param mark optional mark for this SA * @param[out] bytes the number of bytes processed by SA * @param[out] packets number of packets processed by SA - * @param[out] time last time of SA use + * @param[out] time last (monotonic) time of SA use * @return SUCCESS if operation completed */ status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, u_int32_t *time); + u_int64_t *bytes, u_int64_t *packets, time_t *time); /** * Delete a previusly installed SA from the SAD. @@ -228,7 +228,7 @@ struct kernel_ipsec_t { traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - u_int32_t *use_time); + time_t *use_time); /** * Remove a policy from the SPD. |