From 5313d2d78ca150515f7f5eb39801c100690b6b29 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 1 Nov 2013 13:32:07 +0100
Subject: Imported Upstream version 5.1.1

---
 src/libipsec/ipsec_sa.h | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'src/libipsec/ipsec_sa.h')

diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h
index dec688e68..5e69f18cf 100644
--- a/src/libipsec/ipsec_sa.h
+++ b/src/libipsec/ipsec_sa.h
@@ -109,9 +109,38 @@ struct ipsec_sa_t {
 	 */
 	esp_context_t *(*get_esp_context)(ipsec_sa_t *this);
 
+	/**
+	 * Get usage statistics for this SA.
+	 *
+	 * @param bytes		receives number of processed bytes, or NULL
+	 * @param packets	receives number of processed packets, or NULL
+	 * @param time		receives last use time of this SA, or NULL
+	 */
+	void (*get_usestats)(ipsec_sa_t *this, u_int64_t *bytes, u_int64_t *packets,
+						 time_t *time);
+
+	/**
+	 * Record en/decryption of a packet to update usage statistics.
+	 *
+	 * @param bytes		length of packet processed
+	 */
+	void (*update_usestats)(ipsec_sa_t *this, u_int32_t bytes);
+
+	/**
+	 * Expire this SA, soft or hard.
+	 *
+	 * A soft expire triggers a rekey, a hard expire blocks the SA and
+	 * triggers a delete for the SA.
+	 *
+	 * @param hard		TRUE for hard, FALSE for soft
+	 */
+	void (*expire)(ipsec_sa_t *this, bool hard);
+
 	/**
 	 * Check if this SA matches all given parameters
 	 *
+	 * Only matches if the SA has not yet expired.
+	 *
 	 * @param spi		SPI
 	 * @param dst		destination address
 	 * @return			TRUE if this SA matches all parameters, FALSE otherwise
@@ -132,6 +161,8 @@ struct ipsec_sa_t {
 	/**
 	 * Check if this SA matches all given parameters
 	 *
+	 * Only matches if the SA has not yet expired.
+	 *
 	 * @param reqid		reqid
 	 * @param inbound	TRUE for inbound SA, FALSE for outbound
 	 * @return			TRUE if this SA matches all parameters, FALSE otherwise
-- 
cgit v1.2.3