From 5313d2d78ca150515f7f5eb39801c100690b6b29 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez <corsac@debian.org> Date: Fri, 1 Nov 2013 13:32:07 +0100 Subject: Imported Upstream version 5.1.1 --- src/libipsec/ipsec_sa.h | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'src/libipsec/ipsec_sa.h') diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h index dec688e68..5e69f18cf 100644 --- a/src/libipsec/ipsec_sa.h +++ b/src/libipsec/ipsec_sa.h @@ -109,9 +109,38 @@ struct ipsec_sa_t { */ esp_context_t *(*get_esp_context)(ipsec_sa_t *this); + /** + * Get usage statistics for this SA. + * + * @param bytes receives number of processed bytes, or NULL + * @param packets receives number of processed packets, or NULL + * @param time receives last use time of this SA, or NULL + */ + void (*get_usestats)(ipsec_sa_t *this, u_int64_t *bytes, u_int64_t *packets, + time_t *time); + + /** + * Record en/decryption of a packet to update usage statistics. + * + * @param bytes length of packet processed + */ + void (*update_usestats)(ipsec_sa_t *this, u_int32_t bytes); + + /** + * Expire this SA, soft or hard. + * + * A soft expire triggers a rekey, a hard expire blocks the SA and + * triggers a delete for the SA. + * + * @param hard TRUE for hard, FALSE for soft + */ + void (*expire)(ipsec_sa_t *this, bool hard); + /** * Check if this SA matches all given parameters * + * Only matches if the SA has not yet expired. + * * @param spi SPI * @param dst destination address * @return TRUE if this SA matches all parameters, FALSE otherwise @@ -132,6 +161,8 @@ struct ipsec_sa_t { /** * Check if this SA matches all given parameters * + * Only matches if the SA has not yet expired. + * * @param reqid reqid * @param inbound TRUE for inbound SA, FALSE for outbound * @return TRUE if this SA matches all parameters, FALSE otherwise -- cgit v1.2.3