2 files changed, 18 insertions, 2 deletions

diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index cd6d58e9d8f..e67b7088a2b 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ipsp.h,v 1.184 2017/10/16 08:22:25 mpi Exp $	*/
+/*	$OpenBSD: ip_ipsp.h,v 1.185 2017/10/27 08:27:14 mpi Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -449,6 +449,8 @@ const char *ipsp_address(union sockaddr_union *, char *, socklen_t);
 /* SPD tables */
 struct radix_node_head *spd_table_add(unsigned int);
 struct radix_node_head *spd_table_get(unsigned int);
+int spd_table_walk(unsigned int,
+    int (*walker)(struct ipsec_policy *, void *, unsigned int), void *);
 
 /* TDB management routines */
 uint32_t reserve_spi(u_int, u_int32_t, u_int32_t, union sockaddr_union *,
diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c
index 8a26e990b6c..f87b5de5111 100644
--- a/sys/netinet/ip_spd.c
+++ b/sys/netinet/ip_spd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_spd.c,v 1.93 2017/10/16 08:22:25 mpi Exp $ */
+/* $OpenBSD: ip_spd.c,v 1.94 2017/10/27 08:27:14 mpi Exp $ */
 /*
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
  *
@@ -115,6 +115,20 @@ spd_table_add(unsigned int rtableid)
 	return (spd_tables[rdomain]);
 }
 
+int
+spd_table_walk(unsigned int rtableid,
+    int (*walker)(struct ipsec_policy *, void *, unsigned int), void *arg)
+{
+	struct radix_node_head *rnh;
+
+	rnh = spd_table_get(rtableid);
+	if (rnh == NULL)
+		return (0);
+
+	return (rn_walktree(rnh,
+	    (int (*)(struct radix_node *, void *, u_int))walker, arg));
+}
+
 /*
  * Lookup at the SPD based on the headers contained on the mbuf. The second
  * argument indicates what protocol family the header at the beginning of