<html>
<head>
<title>embedded IPsec - IPsec library</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="doxygen.css" type="text/css">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<table width="98%" border="0" align="center">
<tr>
<td>
<h2 align="left"><img src="logo_small.gif" alt="embedded IPsec"> source
code documentation </h2>
<hr>
<!-- Generated by Doxygen 1.3.4 -->
<div class="qindex"><a class="qindex" href="index.html">Main Page</a> | <a class="qindex" href="classes.html">Alphabetical List</a> | <a class="qindex" href="annotated.html">Data Structures</a> | <a class="qindex" href="files.html">File List</a> | <a class="qindex" href="functions.html">Data Fields</a> | <a class="qindex" href="globals.html">Globals</a> | <a class="qindex" href="pages.html">Related Pages</a></div>
<h1>sa.c File Reference</h1><hr><a name="_details"></a><h2>Detailed Description</h2>
This module contains the Security Association code.
<p>
<dl compact><dt><b>Author:</b></dt><dd>Niklaus Schild <<a href="mailto:n.schild@gmx.ch">n.schild@gmx.ch</a>> <br>
</dd></dl>
<b>OUTLINE:</b> Here we implement the Security Association concept from RFC 2401. Both SPD and SAD are implemented. At the time we do not support IKE and SA bundling. For having maximum flexibility two physically different tables (SPD and SAD) were implemented. They both provide functions to manipulate the database during run-time, so that a later IKE or SA-bundling could be implemented. The SPD contains the selector fields on which each IP packet needs to be checked. After outbound packets found their SPD entry, they can access the SA via the SA pointer. Inbound packets can access their SA directly by applying the SPI to the SAD (by performing an SAD lookup). Each IPsec enabled device needs to have its own set of SPD and SAD for each, inbound and outbound processing.<p>
<b>IMPLEMENTATION:</b> To be independent of any memory allocation we store the data from the tables in a statically allocated array. Because entries can be added and removed, a more flexible method for creating the table is needed. The table itself is implemented with a doubly linked list. The data is stored in the array records, but the sequence is determined by the linked-list structure.<p>
One database consists of two objects:<ol>
<li>database structure: spd_table inbound_spd_table ;</li><li>array for storing data: spd_entry inbound_spd_data[size] ;</li></ol>
<p>
The 1st object holds the structure of the database (linked-list) while the second one is memory for storing the objects.<p>
<b>NOTES:</b> To create and use a database you should guaranty the following sequence.<ol>
<li><a class="el" href="sa_8c.html#a2">ipsec_spd_load_dbs()</a>: to initialize the table</li><li><a class="el" href="sa_8c.html#a5">ipsec_spd_add()</a>: to fill up as many records as the size (usually IPSEC_MAX_SA_ENTRIES) permits</li><li><a class="el" href="sa_8c.html#a7">ipsec_spd_del()</a>: to remove entries if required</li><li><a class="el" href="sa_8c.html#a8">ipsec_spd_lookup()</a>: to check packets for a matching entry</li><li><a class="el" href="sa_8c.html#a3">ipsec_spd_release_dbs()</a>: to clean up</li></ol>
<p>
This document is part of <em>embedded IPsec<br>
Copyright (c) 2003 Niklaus Schild and Christian Scheurer, HTI Biel/Bienne<br>
All rights reserved.<br>
This file contains code from the OpenSSL Project<br>
portions Copyright (c) 1998-2003 OpenSSL (www.openssl.org) </em><hr>
<p>
Definition in file <a class="el" href="sa_8c-source.html">sa.c</a>.
<p>
<code>#include <string.h></code><br>
<code>#include "<a class="el" href="debug_8h-source.html">ipsec/debug.h</a>"</code><br>
<code>#include "<a class="el" href="util_8h-source.html">ipsec/util.h</a>"</code><br>
<code>#include "<a class="el" href="sa_8h-source.html">ipsec/sa.h</a>"</code><br>
<code>#include "<a class="el" href="ah_8h-source.html">ipsec/ah.h</a>"</code><br>
<code>#include "<a class="el" href="esp_8h-source.html">ipsec/esp.h</a>"</code><br>
<p>
<a href="sa_8c-source.html">Go to the source code of this file.</a><table border=0 cellpadding=0 cellspacing=0>
<tr><td></td></tr>
<tr><td colspan=2><br><h2>Data Structures</h2></td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top>struct </td><td class="memItemRight" valign=bottom><a class="el" href="structipsec__in__ip__struct.html">ipsec_in_ip_struct</a></td></tr>
<tr><td colspan=2><br><h2>Typedefs</h2></td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top>typedef <a class="el" href="structipsec__in__ip__struct.html">ipsec_in_ip_struct</a> </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a1">ipsec_in_ip</a></td></tr>
<tr><td colspan=2><br><h2>Functions</h2></td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="structdb__set__netif__struct.html">db_set_netif</a> * </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a2">ipsec_spd_load_dbs</a> (<a class="el" href="structspd__entry__struct.html">spd_entry</a> *inbound_spd_data, <a class="el" href="structspd__entry__struct.html">spd_entry</a> *outbound_spd_data, <a class="el" href="structsa__entry__struct.html">sad_entry</a> *inbound_sad_data, <a class="el" href="structsa__entry__struct.html">sad_entry</a> *outbound_sad_data)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="types_8h.html#a6">ipsec_status</a> </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a3">ipsec_spd_release_dbs</a> (<a class="el" href="structdb__set__netif__struct.html">db_set_netif</a> *dbs)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="structspd__entry__struct.html">spd_entry</a> * </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a4">ipsec_spd_get_free</a> (<a class="el" href="structspd__table__struct.html">spd_table</a> *table)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="structspd__entry__struct.html">spd_entry</a> * </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a5">ipsec_spd_add</a> (<a class="el" href="types_8h.html#a4">__u32</a> src, <a class="el" href="types_8h.html#a4">__u32</a> src_net, <a class="el" href="types_8h.html#a4">__u32</a> dst, <a class="el" href="types_8h.html#a4">__u32</a> dst_net, <a class="el" href="types_8h.html#a0">__u8</a> proto, <a class="el" href="types_8h.html#a2">__u16</a> src_port, <a class="el" href="types_8h.html#a2">__u16</a> dst_port, <a class="el" href="types_8h.html#a0">__u8</a> policy, <a class="el" href="structspd__table__struct.html">spd_table</a> *table)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="types_8h.html#a6">ipsec_status</a> </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a6">ipsec_spd_add_sa</a> (<a class="el" href="structspd__entry__struct.html">spd_entry</a> *entry, <a class="el" href="structsa__entry__struct.html">sad_entry</a> *sa)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="types_8h.html#a6">ipsec_status</a> </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a7">ipsec_spd_del</a> (<a class="el" href="structspd__entry__struct.html">spd_entry</a> *entry, <a class="el" href="structspd__table__struct.html">spd_table</a> *table)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="structspd__entry__struct.html">spd_entry</a> * </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a8">ipsec_spd_lookup</a> (<a class="el" href="structipsec__ip__hdr__struct.html">ipsec_ip_header</a> *header, <a class="el" href="structspd__table__struct.html">spd_table</a> *table)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top>void </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a9">ipsec_spd_print_single</a> (<a class="el" href="structspd__entry__struct.html">spd_entry</a> *entry)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top>void </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a10">ipsec_spd_print</a> (<a class="el" href="structspd__table__struct.html">spd_table</a> *table)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="structsa__entry__struct.html">sad_entry</a> * </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a11">ipsec_sad_get_free</a> (<a class="el" href="structsad__table__struct.html">sad_table</a> *table)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="structsa__entry__struct.html">sad_entry</a> * </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a12">ipsec_sad_add</a> (<a class="el" href="structsa__entry__struct.html">sad_entry</a> *entry, <a class="el" href="structsad__table__struct.html">sad_table</a> *table)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="types_8h.html#a6">ipsec_status</a> </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a13">ipsec_sad_del</a> (<a class="el" href="structsa__entry__struct.html">sad_entry</a> *entry, <a class="el" href="structsad__table__struct.html">sad_table</a> *table)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="structsa__entry__struct.html">sad_entry</a> * </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a14">ipsec_sad_lookup</a> (<a class="el" href="types_8h.html#a4">__u32</a> dest, <a class="el" href="types_8h.html#a0">__u8</a> proto, <a class="el" href="types_8h.html#a4">__u32</a> spi, <a class="el" href="structsad__table__struct.html">sad_table</a> *table)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top>void </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a15">ipsec_sad_print_single</a> (<a class="el" href="structsa__entry__struct.html">sad_entry</a> *entry)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top>void </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a16">ipsec_sad_print</a> (<a class="el" href="structsad__table__struct.html">sad_table</a> *table)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="types_8h.html#a4">__u32</a> </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a17">ipsec_sad_get_spi</a> (<a class="el" href="structipsec__ip__hdr__struct.html">ipsec_ip_header</a> *header)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="types_8h.html#a6">ipsec_status</a> </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a18">ipsec_spd_flush</a> (<a class="el" href="structspd__table__struct.html">spd_table</a> *table, <a class="el" href="structspd__entry__struct.html">spd_entry</a> *def_entry)</td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="types_8h.html#a6">ipsec_status</a> </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a19">ipsec_sad_flush</a> (<a class="el" href="structsad__table__struct.html">sad_table</a> *table)</td></tr>
<tr><td colspan=2><br><h2>Variables</h2></td></tr>
<tr><td class="memItemLeft" nowrap align=right valign=top><a class="el" href="structdb__set__netif__struct.html">db_set_netif</a> </td><td class="memItemRight" valign=bottom><a class="el" href="sa_8c.html#a0">db_sets</a> [IPSEC_NR_NETIFS]</td></tr>
</table>
<hr><h2>Typedef Documentation</h2>
<a class="anchor" name="a1" doxytag="sa.c::ipsec_in_ip" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> typedef struct <a class="el" href="structipsec__in__ip__struct.html">ipsec_in_ip_struct</a> <a class="el" href="structipsec__in__ip__struct.html">ipsec_in_ip</a>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
< IPsec in IP structure - used to access headers inside SA </td>
</tr>
</table>
<hr><h2>Function Documentation</h2>
<a class="anchor" name="a12" doxytag="sa.c::ipsec_sad_add" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="structsa__entry__struct.html">sad_entry</a>* ipsec_sad_add </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structsa__entry__struct.html">sad_entry</a> * </td>
<td class="mdname" nowrap> <em>entry</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structsad__table__struct.html">sad_table</a> * </td>
<td class="mdname" nowrap> <em>table</em></td>
</tr>
<tr>
<td></td>
<td class="md">) </td>
<td class="md" colspan="2"></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Adds an Security Association to an SA table.<p>
The SA entries are added to a statically allocated array of SAD structs. The size is defined by IPSEC_MAX_SAD_ENTRIES, so there cannot be added more entries added as this constant. The order of the entries within the table is not the same as the order within the array. The "table functionality" is implemented in a linked-list, so one must follow the links of the structure to get to the next entry.<p>
Implementation<ol>
<li>This function first gets an empty entry out of the table passed by <a class="el" href="sa_8c.html#a2">ipsec_spd_load_dbs()</a>.</li><li>If a free place was found, then the function arguments are copied to the appropriate place.</li><li>Then the linked-list is re-linked.</li></ol>
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>entry</em> </td><td>pointer to the SA structure which will be copied into the table </td></tr>
<tr><td valign=top><em>table</em> </td><td>pointer to the table where the SA is added </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>A pointer to the added entry when adding was successful <p>
NULL when the entry could not have been added (no free entry or duplicate) </dd></dl>
<dl compact><dt><b><a class="el" href="todo.html#_todo000013">Todo:</a></b></dt><dd>right now there is no special order implemented, maybe this is needed </dd></dl>
<p>
<dl compact><dt><b><a class="el" href="todo.html#_todo000014">Todo:</a></b></dt><dd>this part needs to be rewritten when an order is introduced</dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00796">796</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a13" doxytag="sa.c::ipsec_sad_del" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="types_8h.html#a6">ipsec_status</a> ipsec_sad_del </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structsa__entry__struct.html">sad_entry</a> * </td>
<td class="mdname" nowrap> <em>entry</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structsad__table__struct.html">sad_table</a> * </td>
<td class="mdname" nowrap> <em>table</em></td>
</tr>
<tr>
<td></td>
<td class="md">) </td>
<td class="md" colspan="2"></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Deletes an Security Association from an SA table.<p>
This function is simple. If the pointer is within the range of the table, then the entry is cleared. If the pointer does not match, nothing happens.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>entry</em> </td><td>Pointer to the SA entry which needs to be deleted </td></tr>
<tr><td valign=top><em>table</em> </td><td>Pointer to the SA table</td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>IPSEC_STATUS_SUCCESS entry was deleted properly <p>
IPSEC_STATUS_FAILURE entry could not be deleted because not found, or invalid pointer </dd></dl>
<dl compact><dt><b><a class="el" href="todo.html#_todo000015">Todo:</a></b></dt><dd>right now there is no special order implemented, maybe this is needed </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00870">870</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a19" doxytag="sa.c::ipsec_sad_flush" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="types_8h.html#a6">ipsec_status</a> ipsec_sad_flush </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structsad__table__struct.html">sad_table</a> * </td>
<td class="mdname1" valign="top" nowrap> <em>table</em> </td>
<td class="md" valign="top"> ) </td>
<td class="md" nowrap></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Flushes an SAD table.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>table</em> </td><td>pointer to the SAD table </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>IPSEC_STATUS_SUCCESS if the flush was successful </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l01104">1104</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a11" doxytag="sa.c::ipsec_sad_get_free" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="structsa__entry__struct.html">sad_entry</a>* ipsec_sad_get_free </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structsad__table__struct.html">sad_table</a> * </td>
<td class="mdname1" valign="top" nowrap> <em>table</em> </td>
<td class="md" valign="top"> ) </td>
<td class="md" nowrap></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Gives back a pointer to the next free entry from the given SA table.<p>
<dl compact><dt><b><a class="el" href="todo.html#_todo000012">Todo:</a></b></dt><dd>this function should probably be static </dd></dl>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>table</em> </td><td>pointer to the SA table </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>pointer to the free entry if one was found <p>
NULL if no free entry was found </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00756">756</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a17" doxytag="sa.c::ipsec_sad_get_spi" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="types_8h.html#a4">__u32</a> ipsec_sad_get_spi </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structipsec__ip__hdr__struct.html">ipsec_ip_header</a> * </td>
<td class="mdname1" valign="top" nowrap> <em>header</em> </td>
<td class="md" valign="top"> ) </td>
<td class="md" nowrap></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Returns the SPI from an IPsec header out of an IP packet.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>header</em> </td><td>pointer to the IP header having an IPsec header as payload </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>the SPI if one could be extracted <p>
0 if no SPI could be extracted (not IPsec packet) </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l01040">1040</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a14" doxytag="sa.c::ipsec_sad_lookup" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="structsa__entry__struct.html">sad_entry</a>* ipsec_sad_lookup </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="types_8h.html#a4">__u32</a> </td>
<td class="mdname" nowrap> <em>dest</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="types_8h.html#a0">__u8</a> </td>
<td class="mdname" nowrap> <em>proto</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="types_8h.html#a4">__u32</a> </td>
<td class="mdname" nowrap> <em>spi</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structsad__table__struct.html">sad_table</a> * </td>
<td class="mdname" nowrap> <em>table</em></td>
</tr>
<tr>
<td></td>
<td class="md">) </td>
<td class="md" colspan="2"></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Gives back a pointer to a SA matching the SA selectors.<p>
For incoming packets the IPsec packet must be checked against the inbound SAD and for outgoing packets the packet must be checked against the outbound SAD.<p>
Implementation It simply loops over all entries and returns the first match.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>dest</em> </td><td>destination IP address </td></tr>
<tr><td valign=top><em>proto</em> </td><td>IPsec protocol </td></tr>
<tr><td valign=top><em>spi</em> </td><td>Security Parameters Index </td></tr>
<tr><td valign=top><em>table</em> </td><td>pointer to the SAD table </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>pointer to the SA entry if one matched <p>
NULL if no matching entry was found </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00940">940</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a16" doxytag="sa.c::ipsec_sad_print" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> void ipsec_sad_print </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structsad__table__struct.html">sad_table</a> * </td>
<td class="mdname1" valign="top" nowrap> <em>table</em> </td>
<td class="md" valign="top"> ) </td>
<td class="md" nowrap></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Prints a SAD table.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>table</em> </td><td>pointer to the SAD table which will be printed </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>void </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l01014">1014</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a15" doxytag="sa.c::ipsec_sad_print_single" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> void ipsec_sad_print_single </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structsa__entry__struct.html">sad_entry</a> * </td>
<td class="mdname1" valign="top" nowrap> <em>entry</em> </td>
<td class="md" valign="top"> ) </td>
<td class="md" nowrap></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Prints a single SA entry.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>entry</em> </td><td>pointer to the SA entry which will be printed </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>void </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00975">975</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a5" doxytag="sa.c::ipsec_spd_add" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="structspd__entry__struct.html">spd_entry</a>* ipsec_spd_add </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="types_8h.html#a4">__u32</a> </td>
<td class="mdname" nowrap> <em>src</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="types_8h.html#a4">__u32</a> </td>
<td class="mdname" nowrap> <em>src_net</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="types_8h.html#a4">__u32</a> </td>
<td class="mdname" nowrap> <em>dst</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="types_8h.html#a4">__u32</a> </td>
<td class="mdname" nowrap> <em>dst_net</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="types_8h.html#a0">__u8</a> </td>
<td class="mdname" nowrap> <em>proto</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="types_8h.html#a2">__u16</a> </td>
<td class="mdname" nowrap> <em>src_port</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="types_8h.html#a2">__u16</a> </td>
<td class="mdname" nowrap> <em>dst_port</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="types_8h.html#a0">__u8</a> </td>
<td class="mdname" nowrap> <em>policy</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structspd__table__struct.html">spd_table</a> * </td>
<td class="mdname" nowrap> <em>table</em></td>
</tr>
<tr>
<td></td>
<td class="md">) </td>
<td class="md" colspan="2"></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Adds a Security Policy to an SPD table.<p>
The SPD entries are added to a statically allocated array of SPD structs. The size is defined by IPSEC_MAX_SPD_ENRIES, so there cannot be added more entries added as this constant. The order of the entries within the table is not the same as the order within the array. The "table functionality" is implemented in a linked-list, so one must follow the links of the structure to get to the next entry.<p>
Implementation<ol>
<li>This function first gets an empty entry out of the table passed by <a class="el" href="sa_8c.html#a2">ipsec_spd_load_dbs()</a>.</li><li>If a free place was found, then the function arguments are copied to the appropriate place.</li><li>Then the linked-list is re-linked.</li></ol>
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>src</em> </td><td>IP source address </td></tr>
<tr><td valign=top><em>src_net</em> </td><td>Netmask for the source address </td></tr>
<tr><td valign=top><em>dst</em> </td><td>IP destination address </td></tr>
<tr><td valign=top><em>dst_net</em> </td><td>Netmask for the destination address </td></tr>
<tr><td valign=top><em>proto</em> </td><td>Transport protocol </td></tr>
<tr><td valign=top><em>src_port</em> </td><td>Source Port </td></tr>
<tr><td valign=top><em>dst_port</em> </td><td>Destination Port </td></tr>
<tr><td valign=top><em>policy</em> </td><td>The policy defining how the packet matching the entry must be processed </td></tr>
<tr><td valign=top><em>table</em> </td><td>Pointer to the SPD table </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>A pointer to the added entry when adding was successful <p>
NULL when the entry could not have been added (no free entry or duplicate) </dd></dl>
<dl compact><dt><b><a class="el" href="todo.html#_todo000007">Todo:</a></b></dt><dd>right now there is no special order implemented, maybe this is needed </dd></dl>
<p>
<dl compact><dt><b><a class="el" href="todo.html#_todo000008">Todo:</a></b></dt><dd>this part needs to be rewritten when an order is introduced</dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00428">428</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a6" doxytag="sa.c::ipsec_spd_add_sa" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="types_8h.html#a6">ipsec_status</a> ipsec_spd_add_sa </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structspd__entry__struct.html">spd_entry</a> * </td>
<td class="mdname" nowrap> <em>entry</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structsa__entry__struct.html">sad_entry</a> * </td>
<td class="mdname" nowrap> <em>sa</em></td>
</tr>
<tr>
<td></td>
<td class="md">) </td>
<td class="md" colspan="2"></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Adds a Security Association to a Security Police.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>entry</em> </td><td>pointer to the SPD entry where the SA should be added </td></tr>
<tr><td valign=top><em>sa</em> </td><td>a pointer to the SA which is added to the SPD </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>IPSEC_STATUS_SUCCESS the entry was added successfully </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00496">496</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a7" doxytag="sa.c::ipsec_spd_del" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="types_8h.html#a6">ipsec_status</a> ipsec_spd_del </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structspd__entry__struct.html">spd_entry</a> * </td>
<td class="mdname" nowrap> <em>entry</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structspd__table__struct.html">spd_table</a> * </td>
<td class="mdname" nowrap> <em>table</em></td>
</tr>
<tr>
<td></td>
<td class="md">) </td>
<td class="md" colspan="2"></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Deletes an Security Policy from an SPD table.<p>
This function is simple. If the pointer is within the range of the table, then the entry is cleared. If the pointer does not match, nothing happens.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>entry</em> </td><td>Pointer to the SPD entry which needs to be deleted </td></tr>
<tr><td valign=top><em>table</em> </td><td>Pointer to the SPD table</td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>IPSEC_STATUS_SUCCESS entry was deleted properly <p>
IPSEC_STATUS_FAILURE entry could not be deleted because not found, or invalid pointer </dd></dl>
<dl compact><dt><b><a class="el" href="todo.html#_todo000009">Todo:</a></b></dt><dd>right now there is no special order implemented, maybe this is needed </dd></dl>
<p>
<dl compact><dt><b><a class="el" href="todo.html#_todo000010">Todo:</a></b></dt><dd>probably the SA should also be deleted</dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00523">523</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a18" doxytag="sa.c::ipsec_spd_flush" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="types_8h.html#a6">ipsec_status</a> ipsec_spd_flush </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structspd__table__struct.html">spd_table</a> * </td>
<td class="mdname" nowrap> <em>table</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structspd__entry__struct.html">spd_entry</a> * </td>
<td class="mdname" nowrap> <em>def_entry</em></td>
</tr>
<tr>
<td></td>
<td class="md">) </td>
<td class="md" colspan="2"></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Flushes an SPD table and sets a new default entry. The default entry allows to keep a door open for IKE.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>table</em> </td><td>pointer to the SPD table </td></tr>
<tr><td valign=top><em>def_entry</em> </td><td>pointer to the default entry </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>IPSEC_STATUS_SUCCESS if the flush was successful <p>
IPSEC_STATUS_FAILURE if the flush failed </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l01078">1078</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a4" doxytag="sa.c::ipsec_spd_get_free" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="structspd__entry__struct.html">spd_entry</a>* ipsec_spd_get_free </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structspd__table__struct.html">spd_table</a> * </td>
<td class="mdname1" valign="top" nowrap> <em>table</em> </td>
<td class="md" valign="top"> ) </td>
<td class="md" nowrap></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Gives back a pointer to the next free entry from the given SPD table.<p>
<dl compact><dt><b><a class="el" href="todo.html#_todo000006">Todo:</a></b></dt><dd>this function should probably be static </dd></dl>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>table</em> </td><td>pointer to the SPD table </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>pointer to the free entry if one was found <p>
NULL if no free entry was found </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00375">375</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a2" doxytag="sa.c::ipsec_spd_load_dbs" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="structdb__set__netif__struct.html">db_set_netif</a>* ipsec_spd_load_dbs </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structspd__entry__struct.html">spd_entry</a> * </td>
<td class="mdname" nowrap> <em>inbound_spd_data</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structspd__entry__struct.html">spd_entry</a> * </td>
<td class="mdname" nowrap> <em>outbound_spd_data</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structsa__entry__struct.html">sad_entry</a> * </td>
<td class="mdname" nowrap> <em>inbound_sad_data</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structsa__entry__struct.html">sad_entry</a> * </td>
<td class="mdname" nowrap> <em>outbound_sad_data</em></td>
</tr>
<tr>
<td></td>
<td class="md">) </td>
<td class="md" colspan="2"></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
This function initializes the database set, allocated in a per-network manner.<p>
The data which is passed by the pointers should not be used by other functions except the ones of the SA-module. The data passed can be viewed as a place where the SA-module can store its data (Security Policies or Security Associations). The tables which are passed to the function can already be filled up with static configuration data. You can use the SPD_ENTRY and the SAD_ENTRY macro to do this in a nice way.<p>
Implementation<ol>
<li>First the function gets a free entry (set of structs) out of the db_sets table.</li><li>Then it sets the pointer of this struct members.</li><li>On all entries in the table which are not already filled are set to IPSEC_FREE.</li><li>In the last and most ugly part of this function tables are linked together so that the linked list is setup properly.</li></ol>
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>inbound_spd_data</em> </td><td>pointer to a table where inbound Security Policies will be stored </td></tr>
<tr><td valign=top><em>outbound_spd_data</em> </td><td>pointer to a table where outbound Security Policies will be stored </td></tr>
<tr><td valign=top><em>inbound_sad_data</em> </td><td>pointer to a table where inbound Security Associations will be stored </td></tr>
<tr><td valign=top><em>outbound_sad_data</em> </td><td>pointer to a table where outbound Security Associations will be stored</td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>pointer to the initialized set of DB's if the setup was successful <p>
NULL if loading failed </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00136">136</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a8" doxytag="sa.c::ipsec_spd_lookup" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="structspd__entry__struct.html">spd_entry</a>* ipsec_spd_lookup </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structipsec__ip__hdr__struct.html">ipsec_ip_header</a> * </td>
<td class="mdname" nowrap> <em>header</em>, </td>
</tr>
<tr>
<td></td>
<td></td>
<td class="md" nowrap><a class="el" href="structspd__table__struct.html">spd_table</a> * </td>
<td class="mdname" nowrap> <em>table</em></td>
</tr>
<tr>
<td></td>
<td class="md">) </td>
<td class="md" colspan="2"></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Returns an pointer to an SPD entry which matches the packet.<p>
Inbound packets must be checked against the inbound SPD and outbound packets must be checked against the outbound SPD.<p>
Implementation<p>
This function checks all the selector fields of the SPD table. The port numbers are only checked if the protocol is TCP or UDP. An entry which has a value of 0 is the same as the '*' which means everything.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>header</em> </td><td>Pointer to an IP packet which is checked </td></tr>
<tr><td valign=top><em>table</em> </td><td>Pointer to the SPD inbound/outbound table </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>Pointer to the matching SPD entry <p>
NULL if no entry matched </dd></dl>
<dl compact><dt><b><a class="el" href="todo.html#_todo000011">Todo:</a></b></dt><dd>port checking should be implemnted also </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00597">597</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a10" doxytag="sa.c::ipsec_spd_print" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> void ipsec_spd_print </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structspd__table__struct.html">spd_table</a> * </td>
<td class="mdname1" valign="top" nowrap> <em>table</em> </td>
<td class="md" valign="top"> ) </td>
<td class="md" nowrap></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Prints a Security Policy Database.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>table</em> </td><td>pointer to the SPD table </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>void </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00726">726</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a9" doxytag="sa.c::ipsec_spd_print_single" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> void ipsec_spd_print_single </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structspd__entry__struct.html">spd_entry</a> * </td>
<td class="mdname1" valign="top" nowrap> <em>entry</em> </td>
<td class="md" valign="top"> ) </td>
<td class="md" nowrap></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
Prints a single SPD entry.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>entry</em> </td><td>pointer to the SPD entry </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>void </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00656">656</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<a class="anchor" name="a3" doxytag="sa.c::ipsec_spd_release_dbs" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="types_8h.html#a6">ipsec_status</a> ipsec_spd_release_dbs </td>
<td class="md" valign="top">( </td>
<td class="md" nowrap valign="top"><a class="el" href="structdb__set__netif__struct.html">db_set_netif</a> * </td>
<td class="mdname1" valign="top" nowrap> <em>dbs</em> </td>
<td class="md" valign="top"> ) </td>
<td class="md" nowrap></td>
</tr>
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
This function is used to release the structure allocated in <a class="el" href="sa_8c.html#a2">ipsec_spd_load_dbs()</a>. The tables which were allocated in <a class="el" href="sa_8c.html#a2">ipsec_spd_load_dbs()</a> can now be freely used.<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign=top><em>dbs</em> </td><td>pointer to the set of databases got by <a class="el" href="sa_8c.html#a2">ipsec_spd_load_dbs()</a> which has to be released </td></tr>
</table>
</dl>
<dl compact><dt><b>Returns:</b></dt><dd>IPSEC_STATUS_SUCCESS if release was successful <p>
IPSEC_STATUS_FAILURE if release was not successful </dd></dl>
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00336">336</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
<hr><h2>Variable Documentation</h2>
<a class="anchor" name="a0" doxytag="sa.c::db_sets" ></a><p>
<table class="mdTable" width="100%" cellpadding="2" cellspacing="0">
<tr>
<td class="mdRow">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="md" nowrap valign="top"> <a class="el" href="structdb__set__netif__struct.html">db_set_netif</a> <a class="el" href="ipsecdev_8c.html#a6">db_sets</a>[IPSEC_NR_NETIFS]
</table>
</td>
</tr>
</table>
<table cellspacing=5 cellpadding=0 border=0>
<tr>
<td>
</td>
<td>
<p>
This structure holds sets of databases used by one network interface. Each successful call of <a class="el" href="sa_8c.html#a2">ipsec_spd_load_dbs()</a> will return a pointer to an entry of this structure array. One entry holds pointers to a inbound and outbound SPD and SAD table.
<p>
Definition at line <a class="el" href="sa_8c-source.html#l00096">96</a> of file <a class="el" href="sa_8c-source.html">sa.c</a>. </td>
</tr>
</table>
</td>
</tr>
</table>
<hr>
<div align="center">Copyright 2003 by Christian Scheurer and Niklaus Schild</div>
</html>