diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-10-27 08:27:15 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-10-27 08:27:15 +0000 |
| commit | d3bf0afe08cb2e34167651ce64ea95480b5c337e (patch) | |
| tree | d44a39bff4911345c8cdbc473b11e3417920c71a /sys/netinet/ip_spd.c | |
| parent | be067d186ada17ab1cb7366a3f925da9177b2a79 (diff) | |
Dump IPsec flows by iterating over the rafdix-tree.
This enforces an order and will allow us to get rid of the global list.
ok millert@, visa@, markus@
Diffstat (limited to 'sys/netinet/ip_spd.c')
| -rw-r--r-- | sys/netinet/ip_spd.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index 8a26e990b6c..f87b5de5111 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.93 2017/10/16 08:22:25 mpi Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.94 2017/10/27 08:27:14 mpi Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -115,6 +115,20 @@ spd_table_add(unsigned int rtableid) return (spd_tables[rdomain]); } +int +spd_table_walk(unsigned int rtableid, + int (*walker)(struct ipsec_policy *, void *, unsigned int), void *arg) +{ + struct radix_node_head *rnh; + + rnh = spd_table_get(rtableid); + if (rnh == NULL) + return (0); + + return (rn_walktree(rnh, + (int (*)(struct radix_node *, void *, u_int))walker, arg)); +} + /* * Lookup at the SPD based on the headers contained on the mbuf. The second * argument indicates what protocol family the header at the beginning of |