summaryrefslogtreecommitdiff
path: root/src/libipsec/ipsec_sa_mgr.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-05-30 20:59:31 +0200
committerYves-Alexis Perez <corsac@corsac.net>2017-05-30 20:59:31 +0200
commitbba25e2ff6c4a193acb54560ea4417537bd2954e (patch)
tree9e074fe343f9ab6f5ce1e9c5142d9a6cf180fcda /src/libipsec/ipsec_sa_mgr.c
parent05ddd767992d68bb38c7f16ece142e8c2e9ae016 (diff)
downloadvyos-strongswan-bba25e2ff6c4a193acb54560ea4417537bd2954e.tar.gz
vyos-strongswan-bba25e2ff6c4a193acb54560ea4417537bd2954e.zip
New upstream version 5.5.3
Diffstat (limited to 'src/libipsec/ipsec_sa_mgr.c')
-rw-r--r--src/libipsec/ipsec_sa_mgr.c91
1 files changed, 54 insertions, 37 deletions
diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c
index a1fa23e28..957d930f2 100644
--- a/src/libipsec/ipsec_sa_mgr.c
+++ b/src/libipsec/ipsec_sa_mgr.c
@@ -224,42 +224,60 @@ static void flush_entries(private_ipsec_sa_mgr_t *this)
enumerator->destroy(enumerator);
}
-/*
- * Different match functions to find SAs in the linked list
- */
-static bool match_entry_by_ptr(ipsec_sa_entry_t *item, ipsec_sa_entry_t *entry)
+CALLBACK(match_entry_by_sa_ptr, bool,
+ ipsec_sa_entry_t *item, va_list args)
{
- return item == entry;
-}
+ ipsec_sa_t *sa;
-static bool match_entry_by_sa_ptr(ipsec_sa_entry_t *item, ipsec_sa_t *sa)
-{
+ VA_ARGS_VGET(args, sa);
return item->sa == sa;
}
-static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, uint32_t *spi,
- bool *inbound)
+CALLBACK(match_entry_by_spi_inbound, bool,
+ ipsec_sa_entry_t *item, va_list args)
{
- return item->sa->get_spi(item->sa) == *spi &&
- item->sa->is_inbound(item->sa) == *inbound;
+ uint32_t spi;
+ int inbound;
+
+ VA_ARGS_VGET(args, spi, inbound);
+ return item->sa->get_spi(item->sa) == spi &&
+ item->sa->is_inbound(item->sa) == inbound;
}
-static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, uint32_t *spi,
+static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, uint32_t spi,
host_t *src, host_t *dst)
{
- return item->sa->match_by_spi_src_dst(item->sa, *spi, src, dst);
+ return item->sa->match_by_spi_src_dst(item->sa, spi, src, dst);
}
-static bool match_entry_by_reqid_inbound(ipsec_sa_entry_t *item,
- uint32_t *reqid, bool *inbound)
+CALLBACK(match_entry_by_spi_src_dst_cb, bool,
+ ipsec_sa_entry_t *item, va_list args)
{
- return item->sa->match_by_reqid(item->sa, *reqid, *inbound);
+ host_t *src, *dst;
+ uint32_t spi;
+
+ VA_ARGS_VGET(args, spi, src, dst);
+ return match_entry_by_spi_src_dst(item, spi, src, dst);
+}
+
+CALLBACK(match_entry_by_reqid_inbound, bool,
+ ipsec_sa_entry_t *item, va_list args)
+{
+ uint32_t reqid;
+ int inbound;
+
+ VA_ARGS_VGET(args, reqid, inbound);
+ return item->sa->match_by_reqid(item->sa, reqid, inbound);
}
-static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, uint32_t *spi,
- host_t *dst)
+CALLBACK(match_entry_by_spi_dst, bool,
+ ipsec_sa_entry_t *item, va_list args)
{
- return item->sa->match_by_spi_dst(item->sa, *spi, dst);
+ host_t *dst;
+ uint32_t spi;
+
+ VA_ARGS_VGET(args, spi, dst);
+ return item->sa->match_by_spi_dst(item->sa, spi, dst);
}
/**
@@ -296,8 +314,7 @@ static job_requeue_t sa_expired(ipsec_sa_expired_t *expired)
private_ipsec_sa_mgr_t *this = expired->manager;
this->mutex->lock(this->mutex);
- if (this->sas->find_first(this->sas, (void*)match_entry_by_ptr,
- NULL, expired->entry) == SUCCESS)
+ if (this->sas->find_first(this->sas, NULL, (void**)&expired->entry))
{
uint32_t hard_offset;
@@ -383,8 +400,8 @@ static bool allocate_spi(private_ipsec_sa_mgr_t *this, uint32_t spi)
uint32_t *spi_alloc;
if (this->allocated_spis->get(this->allocated_spis, &spi) ||
- this->sas->find_first(this->sas, (void*)match_entry_by_spi_inbound,
- NULL, &spi, TRUE) == SUCCESS)
+ this->sas->find_first(this->sas, match_entry_by_spi_inbound,
+ NULL, spi, TRUE))
{
return FALSE;
}
@@ -484,8 +501,8 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t,
free(spi_alloc);
}
- if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst,
- NULL, &spi, src, dst) == SUCCESS)
+ if (this->sas->find_first(this->sas, match_entry_by_spi_src_dst_cb, NULL,
+ spi, src, dst))
{
this->mutex->unlock(this->mutex);
DBG1(DBG_ESP, "failed to install SAD entry: already installed");
@@ -519,8 +536,8 @@ METHOD(ipsec_sa_mgr_t, update_sa, status_t,
}
this->mutex->lock(this->mutex);
- if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst,
- (void**)&entry, &spi, src, dst) == SUCCESS &&
+ if (this->sas->find_first(this->sas, match_entry_by_spi_src_dst_cb,
+ (void**)&entry, spi, src, dst) &&
wait_for_entry(this, entry))
{
entry->sa->set_source(entry->sa, new_src);
@@ -547,8 +564,8 @@ METHOD(ipsec_sa_mgr_t, query_sa, status_t,
ipsec_sa_entry_t *entry = NULL;
this->mutex->lock(this->mutex);
- if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst,
- (void**)&entry, &spi, src, dst) == SUCCESS &&
+ if (this->sas->find_first(this->sas, match_entry_by_spi_src_dst_cb,
+ (void**)&entry, spi, src, dst) &&
wait_for_entry(this, entry))
{
entry->sa->get_usestats(entry->sa, bytes, packets, time);
@@ -572,7 +589,7 @@ METHOD(ipsec_sa_mgr_t, del_sa, status_t,
enumerator = this->sas->create_enumerator(this->sas);
while (enumerator->enumerate(enumerator, (void**)&current))
{
- if (match_entry_by_spi_src_dst(current, &spi, src, dst))
+ if (match_entry_by_spi_src_dst(current, spi, src, dst))
{
if (wait_remove_entry(this, current))
{
@@ -602,8 +619,8 @@ METHOD(ipsec_sa_mgr_t, checkout_by_reqid, ipsec_sa_t*,
ipsec_sa_t *sa = NULL;
this->mutex->lock(this->mutex);
- if (this->sas->find_first(this->sas, (void*)match_entry_by_reqid_inbound,
- (void**)&entry, &reqid, &inbound) == SUCCESS &&
+ if (this->sas->find_first(this->sas, match_entry_by_reqid_inbound,
+ (void**)&entry, reqid, inbound) &&
wait_for_entry(this, entry))
{
sa = entry->sa;
@@ -619,8 +636,8 @@ METHOD(ipsec_sa_mgr_t, checkout_by_spi, ipsec_sa_t*,
ipsec_sa_t *sa = NULL;
this->mutex->lock(this->mutex);
- if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_dst,
- (void**)&entry, &spi, dst) == SUCCESS &&
+ if (this->sas->find_first(this->sas, match_entry_by_spi_dst,
+ (void**)&entry, spi, dst) &&
wait_for_entry(this, entry))
{
sa = entry->sa;
@@ -635,8 +652,8 @@ METHOD(ipsec_sa_mgr_t, checkin, void,
ipsec_sa_entry_t *entry;
this->mutex->lock(this->mutex);
- if (this->sas->find_first(this->sas, (void*)match_entry_by_sa_ptr,
- (void**)&entry, sa) == SUCCESS)
+ if (this->sas->find_first(this->sas, match_entry_by_sa_ptr,
+ (void**)&entry, sa))
{
if (entry->locked)
{