diff options
author | Yves-Alexis Perez <corsac@corsac.net> | 2017-05-30 20:59:31 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-05-30 20:59:31 +0200 |
commit | bba25e2ff6c4a193acb54560ea4417537bd2954e (patch) | |
tree | 9e074fe343f9ab6f5ce1e9c5142d9a6cf180fcda /src/libipsec/ipsec_sa_mgr.c | |
parent | 05ddd767992d68bb38c7f16ece142e8c2e9ae016 (diff) | |
download | vyos-strongswan-bba25e2ff6c4a193acb54560ea4417537bd2954e.tar.gz vyos-strongswan-bba25e2ff6c4a193acb54560ea4417537bd2954e.zip |
New upstream version 5.5.3
Diffstat (limited to 'src/libipsec/ipsec_sa_mgr.c')
-rw-r--r-- | src/libipsec/ipsec_sa_mgr.c | 91 |
1 files changed, 54 insertions, 37 deletions
diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c index a1fa23e28..957d930f2 100644 --- a/src/libipsec/ipsec_sa_mgr.c +++ b/src/libipsec/ipsec_sa_mgr.c @@ -224,42 +224,60 @@ static void flush_entries(private_ipsec_sa_mgr_t *this) enumerator->destroy(enumerator); } -/* - * Different match functions to find SAs in the linked list - */ -static bool match_entry_by_ptr(ipsec_sa_entry_t *item, ipsec_sa_entry_t *entry) +CALLBACK(match_entry_by_sa_ptr, bool, + ipsec_sa_entry_t *item, va_list args) { - return item == entry; -} + ipsec_sa_t *sa; -static bool match_entry_by_sa_ptr(ipsec_sa_entry_t *item, ipsec_sa_t *sa) -{ + VA_ARGS_VGET(args, sa); return item->sa == sa; } -static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, uint32_t *spi, - bool *inbound) +CALLBACK(match_entry_by_spi_inbound, bool, + ipsec_sa_entry_t *item, va_list args) { - return item->sa->get_spi(item->sa) == *spi && - item->sa->is_inbound(item->sa) == *inbound; + uint32_t spi; + int inbound; + + VA_ARGS_VGET(args, spi, inbound); + return item->sa->get_spi(item->sa) == spi && + item->sa->is_inbound(item->sa) == inbound; } -static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, uint32_t *spi, +static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, uint32_t spi, host_t *src, host_t *dst) { - return item->sa->match_by_spi_src_dst(item->sa, *spi, src, dst); + return item->sa->match_by_spi_src_dst(item->sa, spi, src, dst); } -static bool match_entry_by_reqid_inbound(ipsec_sa_entry_t *item, - uint32_t *reqid, bool *inbound) +CALLBACK(match_entry_by_spi_src_dst_cb, bool, + ipsec_sa_entry_t *item, va_list args) { - return item->sa->match_by_reqid(item->sa, *reqid, *inbound); + host_t *src, *dst; + uint32_t spi; + + VA_ARGS_VGET(args, spi, src, dst); + return match_entry_by_spi_src_dst(item, spi, src, dst); +} + +CALLBACK(match_entry_by_reqid_inbound, bool, + ipsec_sa_entry_t *item, va_list args) +{ + uint32_t reqid; + int inbound; + + VA_ARGS_VGET(args, reqid, inbound); + return item->sa->match_by_reqid(item->sa, reqid, inbound); } -static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, uint32_t *spi, - host_t *dst) +CALLBACK(match_entry_by_spi_dst, bool, + ipsec_sa_entry_t *item, va_list args) { - return item->sa->match_by_spi_dst(item->sa, *spi, dst); + host_t *dst; + uint32_t spi; + + VA_ARGS_VGET(args, spi, dst); + return item->sa->match_by_spi_dst(item->sa, spi, dst); } /** @@ -296,8 +314,7 @@ static job_requeue_t sa_expired(ipsec_sa_expired_t *expired) private_ipsec_sa_mgr_t *this = expired->manager; this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_ptr, - NULL, expired->entry) == SUCCESS) + if (this->sas->find_first(this->sas, NULL, (void**)&expired->entry)) { uint32_t hard_offset; @@ -383,8 +400,8 @@ static bool allocate_spi(private_ipsec_sa_mgr_t *this, uint32_t spi) uint32_t *spi_alloc; if (this->allocated_spis->get(this->allocated_spis, &spi) || - this->sas->find_first(this->sas, (void*)match_entry_by_spi_inbound, - NULL, &spi, TRUE) == SUCCESS) + this->sas->find_first(this->sas, match_entry_by_spi_inbound, + NULL, spi, TRUE)) { return FALSE; } @@ -484,8 +501,8 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t, free(spi_alloc); } - if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst, - NULL, &spi, src, dst) == SUCCESS) + if (this->sas->find_first(this->sas, match_entry_by_spi_src_dst_cb, NULL, + spi, src, dst)) { this->mutex->unlock(this->mutex); DBG1(DBG_ESP, "failed to install SAD entry: already installed"); @@ -519,8 +536,8 @@ METHOD(ipsec_sa_mgr_t, update_sa, status_t, } this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst, - (void**)&entry, &spi, src, dst) == SUCCESS && + if (this->sas->find_first(this->sas, match_entry_by_spi_src_dst_cb, + (void**)&entry, spi, src, dst) && wait_for_entry(this, entry)) { entry->sa->set_source(entry->sa, new_src); @@ -547,8 +564,8 @@ METHOD(ipsec_sa_mgr_t, query_sa, status_t, ipsec_sa_entry_t *entry = NULL; this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst, - (void**)&entry, &spi, src, dst) == SUCCESS && + if (this->sas->find_first(this->sas, match_entry_by_spi_src_dst_cb, + (void**)&entry, spi, src, dst) && wait_for_entry(this, entry)) { entry->sa->get_usestats(entry->sa, bytes, packets, time); @@ -572,7 +589,7 @@ METHOD(ipsec_sa_mgr_t, del_sa, status_t, enumerator = this->sas->create_enumerator(this->sas); while (enumerator->enumerate(enumerator, (void**)¤t)) { - if (match_entry_by_spi_src_dst(current, &spi, src, dst)) + if (match_entry_by_spi_src_dst(current, spi, src, dst)) { if (wait_remove_entry(this, current)) { @@ -602,8 +619,8 @@ METHOD(ipsec_sa_mgr_t, checkout_by_reqid, ipsec_sa_t*, ipsec_sa_t *sa = NULL; this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_reqid_inbound, - (void**)&entry, &reqid, &inbound) == SUCCESS && + if (this->sas->find_first(this->sas, match_entry_by_reqid_inbound, + (void**)&entry, reqid, inbound) && wait_for_entry(this, entry)) { sa = entry->sa; @@ -619,8 +636,8 @@ METHOD(ipsec_sa_mgr_t, checkout_by_spi, ipsec_sa_t*, ipsec_sa_t *sa = NULL; this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_dst, - (void**)&entry, &spi, dst) == SUCCESS && + if (this->sas->find_first(this->sas, match_entry_by_spi_dst, + (void**)&entry, spi, dst) && wait_for_entry(this, entry)) { sa = entry->sa; @@ -635,8 +652,8 @@ METHOD(ipsec_sa_mgr_t, checkin, void, ipsec_sa_entry_t *entry; this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_sa_ptr, - (void**)&entry, sa) == SUCCESS) + if (this->sas->find_first(this->sas, match_entry_by_sa_ptr, + (void**)&entry, sa)) { if (entry->locked) { |