Replaced ike_sa_t.create_child_sa_iterator with enumerator.

This required two new methods on ike_sa_t. One returns the number of
CHILD_SAs and one allows to remove a CHILD_SA.

16 files changed, 140 insertions, 119 deletions

diff --git a/src/conftest/actions.c b/src/conftest/actions.c
index d07e5634c..1844d0c28 100644
--- a/src/conftest/actions.c
+++ b/src/conftest/actions.c
@@ -114,8 +114,7 @@ static job_requeue_t rekey_ike(char *config)
  */
 static job_requeue_t rekey_child(char *config)
 {
-	enumerator_t *enumerator;
-	iterator_t *children;
+	enumerator_t *enumerator, *children;
 	ike_sa_t *ike_sa;
 	child_sa_t *child_sa;
 	u_int32_t reqid = 0, spi = 0;
@@ -125,8 +124,8 @@ static job_requeue_t rekey_child(char *config)
 													charon->controller, TRUE);
 	while (enumerator->enumerate(enumerator, &ike_sa))
 	{
-		children = ike_sa->create_child_sa_iterator(ike_sa);
-		while (children->iterate(children, (void**)&child_sa))
+		children = ike_sa->create_child_sa_enumerator(ike_sa);
+		while (children->enumerate(children, (void**)&child_sa))
 		{
 			if (streq(config, child_sa->get_name(child_sa)))
 			{
@@ -222,8 +221,7 @@ static job_requeue_t close_ike(char *config)
  */
 static job_requeue_t close_child(char *config)
 {
-	enumerator_t *enumerator;
-	iterator_t *children;
+	enumerator_t *enumerator, *children;
 	ike_sa_t *ike_sa;
 	child_sa_t *child_sa;
 	int id = 0;
@@ -233,8 +231,8 @@ static job_requeue_t close_child(char *config)
 	while (enumerator->enumerate(enumerator, &ike_sa))
 	{
 
-		children = ike_sa->create_child_sa_iterator(ike_sa);
-		while (children->iterate(children, (void**)&child_sa))
+		children = ike_sa->create_child_sa_enumerator(ike_sa);
+		while (children->enumerate(children, (void**)&child_sa))
 		{
 			if (streq(config, child_sa->get_name(child_sa)))
 			{
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index 23931c47d..f2f59d70a 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -564,15 +564,15 @@ METHOD(bus_t, ike_updown, void,
 	/* a down event for IKE_SA implicitly downs all CHILD_SAs */
 	if (!up)
 	{
-		iterator_t *iterator;
+		enumerator_t *enumerator;
 		child_sa_t *child_sa;
 
-		iterator = ike_sa->create_child_sa_iterator(ike_sa);
-		while (iterator->iterate(iterator, (void**)&child_sa))
+		enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
+		while (enumerator->enumerate(enumerator, (void**)&child_sa))
 		{
 			child_updown(this, child_sa, FALSE);
 		}
-		iterator->destroy(iterator);
+		enumerator->destroy(enumerator);
 	}
 }
 
diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
index 09291c8c8..3893a617b 100644
--- a/src/libcharon/control/controller.c
+++ b/src/libcharon/control/controller.c
@@ -367,7 +367,7 @@ METHOD(controller_t, terminate_child, status_t,
 {
 	ike_sa_t *ike_sa;
 	child_sa_t *child_sa;
-	iterator_t *iterator;
+	enumerator_t *enumerator;
 	interface_job_t job = {
 		.listener = {
 			.public = {
@@ -397,8 +397,8 @@ METHOD(controller_t, terminate_child, status_t,
 	}
 	job.listener.ike_sa = ike_sa;
 
-	iterator = ike_sa->create_child_sa_iterator(ike_sa);
-	while (iterator->iterate(iterator, (void**)&child_sa))
+	enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
+	while (enumerator->enumerate(enumerator, (void**)&child_sa))
 	{
 		if (child_sa->get_state(child_sa) != CHILD_ROUTED &&
 			child_sa->get_reqid(child_sa) == reqid)
@@ -407,7 +407,7 @@ METHOD(controller_t, terminate_child, status_t,
 		}
 		child_sa = NULL;
 	}
-	iterator->destroy(iterator);
+	enumerator->destroy(enumerator);
 
 	if (child_sa == NULL)
 	{
diff --git a/src/libcharon/plugins/ha/ha_cache.c b/src/libcharon/plugins/ha/ha_cache.c
index b6525a8f8..a7ddc28cc 100644
--- a/src/libcharon/plugins/ha/ha_cache.c
+++ b/src/libcharon/plugins/ha/ha_cache.c
@@ -196,12 +196,12 @@ METHOD(ha_cache_t, delete_, void,
  */
 static status_t rekey_children(ike_sa_t *ike_sa)
 {
-	iterator_t *iterator;
+	enumerator_t *enumerator;
 	child_sa_t *child_sa;
 	status_t status = SUCCESS;
 
-	iterator = ike_sa->create_child_sa_iterator(ike_sa);
-	while (iterator->iterate(iterator, (void**)&child_sa))
+	enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
+	while (enumerator->enumerate(enumerator, (void**)&child_sa))
 	{
 		DBG1(DBG_CFG, "resyncing CHILD_SA");
 		status = ike_sa->rekey_child_sa(ike_sa, child_sa->get_protocol(child_sa),
@@ -211,7 +211,7 @@ static status_t rekey_children(ike_sa_t *ike_sa)
 			break;
 		}
 	}
-	iterator->destroy(iterator);
+	enumerator->destroy(enumerator);
 	return status;
 }
 
diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
index 58f98cf42..ea54dbf65 100644
--- a/src/libcharon/plugins/smp/smp.c
+++ b/src/libcharon/plugins/smp/smp.c
@@ -214,7 +214,7 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer
 	{
 		ike_sa_id_t *id;
 		host_t *local, *remote;
-		iterator_t *children;
+		enumerator_t *children;
 		child_sa_t *child_sa;
 
 		id = ike_sa->get_id(ike_sa);
@@ -264,8 +264,8 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer
 
 		/* <childsalist> */
 		xmlTextWriterStartElement(writer, "childsalist");
-		children = ike_sa->create_child_sa_iterator(ike_sa);
-		while (children->iterate(children, (void**)&child_sa))
+		children = ike_sa->create_child_sa_enumerator(ike_sa);
+		while (children->enumerate(children, (void**)&child_sa))
 		{
 			write_child(writer, child_sa);
 		}
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index 95576482b..972606d60 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -294,12 +294,12 @@ METHOD(stroke_control_t, terminate, void,
 	while (enumerator->enumerate(enumerator, &ike_sa))
 	{
 		child_sa_t *child_sa;
-		iterator_t *children;
+		enumerator_t *children;
 
 		if (child)
 		{
-			children = ike_sa->create_child_sa_iterator(ike_sa);
-			while (children->iterate(children, (void**)&child_sa))
+			children = ike_sa->create_child_sa_enumerator(ike_sa);
+			while (children->enumerate(children, (void**)&child_sa))
 			{
 				if (streq(name, child_sa->get_name(child_sa)))
 				{
@@ -374,12 +374,12 @@ METHOD(stroke_control_t, rekey, void,
 	while (enumerator->enumerate(enumerator, &ike_sa))
 	{
 		child_sa_t *child_sa;
-		iterator_t *children;
+		enumerator_t *children;
 
 		if (child)
 		{
-			children = ike_sa->create_child_sa_iterator(ike_sa);
-			while (children->iterate(children, (void**)&child_sa))
+			children = ike_sa->create_child_sa_enumerator(ike_sa);
+			while (children->enumerate(children, (void**)&child_sa))
 			{
 				if ((name && streq(name, child_sa->get_name(child_sa))) ||
 					(id && id == child_sa->get_reqid(child_sa)))
@@ -486,8 +486,7 @@ METHOD(stroke_control_t, terminate_srcip, void,
 METHOD(stroke_control_t, purge_ike, void,
 	private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
 {
-	enumerator_t *enumerator;
-	iterator_t *iterator;
+	enumerator_t *enumerator, *children;
 	ike_sa_t *ike_sa;
 	child_sa_t *child_sa;
 	linked_list_t *list;
@@ -502,13 +501,13 @@ METHOD(stroke_control_t, purge_ike, void,
 													charon->controller, TRUE);
 	while (enumerator->enumerate(enumerator, &ike_sa))
 	{
-		iterator = ike_sa->create_child_sa_iterator(ike_sa);
-		if (!iterator->iterate(iterator, (void**)&child_sa))
+		children = ike_sa->create_child_sa_enumerator(ike_sa);
+		if (!children->enumerate(children, (void**)&child_sa))
 		{
 			list->insert_last(list,
 						(void*)(uintptr_t)ike_sa->get_unique_id(ike_sa));
 		}
-		iterator->destroy(iterator);
+		children->destroy(children);
 	}
 	enumerator->destroy(enumerator);
 
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index d93164dae..6995f6e43 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -576,7 +576,7 @@ METHOD(stroke_list_t, status, void,
 	while (enumerator->enumerate(enumerator, &ike_sa))
 	{
 		bool ike_printed = FALSE;
-		iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa);
+		enumerator_t *children = ike_sa->create_child_sa_enumerator(ike_sa);
 
 		if (name == NULL || streq(name, ike_sa->get_name(ike_sa)))
 		{
@@ -585,7 +585,7 @@ METHOD(stroke_list_t, status, void,
 			ike_printed = TRUE;
 		}
 
-		while (children->iterate(children, (void**)&child_sa))
+		while (children->enumerate(children, (void**)&child_sa))
 		{
 			if (name == NULL || streq(name, child_sa->get_name(child_sa)))
 			{
diff --git a/src/libcharon/plugins/uci/uci_control.c b/src/libcharon/plugins/uci/uci_control.c
index 1fe981889..caf8acf88 100644
--- a/src/libcharon/plugins/uci/uci_control.c
+++ b/src/libcharon/plugins/uci/uci_control.c
@@ -76,8 +76,7 @@ static void write_fifo(private_uci_control_t *this, char *format, ...)
  */
 static void status(private_uci_control_t *this, char *name)
 {
-	enumerator_t *configs, *sas;
-	iterator_t *children;
+	enumerator_t *configs, *sas, *children;
 	ike_sa_t *ike_sa;
 	child_sa_t *child_sa;
 	peer_cfg_t *peer_cfg;
@@ -111,8 +110,8 @@ static void status(private_uci_control_t *this, char *name)
 			fprintf(out, "%-8s %-20D %-16H ", ike_sa->get_name(ike_sa),
 				ike_sa->get_other_id(ike_sa), ike_sa->get_other_host(ike_sa));
 
-			children = ike_sa->create_child_sa_iterator(ike_sa);
-			while (children->iterate(children, (void**)&child_sa))
+			children = ike_sa->create_child_sa_enumerator(ike_sa);
+			while (children->enumerate(children, (void**)&child_sa))
 			{
 				fprintf(out, "%#R",
 						child_sa->get_traffic_selectors(child_sa, FALSE));
diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c
index f3140c7c1..251b9ab03 100644
--- a/src/libcharon/processing/jobs/inactivity_job.c
+++ b/src/libcharon/processing/jobs/inactivity_job.c
@@ -61,15 +61,15 @@ METHOD(job_t, execute, void,
 													this->reqid, TRUE);
 	if (ike_sa)
 	{
-		iterator_t *iterator;
+		enumerator_t *enumerator;
 		child_sa_t *child_sa;
 		u_int32_t delete = 0;
 		protocol_id_t proto = 0;
 		int children = 0;
 		status_t status = SUCCESS;
 
-		iterator = ike_sa->create_child_sa_iterator(ike_sa);
-		while (iterator->iterate(iterator, (void**)&child_sa))
+		enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
+		while (enumerator->enumerate(enumerator, (void**)&child_sa))
 		{
 			if (child_sa->get_reqid(child_sa) == this->reqid)
 			{
@@ -94,7 +94,7 @@ METHOD(job_t, execute, void,
 			}
 			children++;
 		}
-		iterator->destroy(iterator);
+		enumerator->destroy(enumerator);
 
 		if (delete)
 		{
diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c
index 7190826b4..eb10e2e46 100644
--- a/src/libcharon/processing/jobs/migrate_job.c
+++ b/src/libcharon/processing/jobs/migrate_job.c
@@ -79,12 +79,12 @@ METHOD(job_t, execute, void,
 	}
 	if (ike_sa)
 	{
-		iterator_t *children;
+		enumerator_t *children;
 		child_sa_t *child_sa;
 		host_t *host;
 
-		children = ike_sa->create_child_sa_iterator(ike_sa);
-		while (children->iterate(children, (void**)&child_sa))
+		children = ike_sa->create_child_sa_enumerator(ike_sa);
+		while (children->enumerate(children, (void**)&child_sa))
 		{
 			if (child_sa->get_reqid(child_sa) == this->reqid)
 			{
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index be93ca4fe..f4ce35db4 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2008 Tobias Brunner
+ * Copyright (C) 2006-2011 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -1393,10 +1393,22 @@ METHOD(ike_sa_t, get_child_sa, child_sa_t*,
 	return found;
 }
 
-METHOD(ike_sa_t, create_child_sa_iterator, iterator_t*,
+METHOD(ike_sa_t, get_child_count, int,
 	private_ike_sa_t *this)
 {
-	return this->child_sas->create_iterator(this->child_sas, TRUE);
+	return this->child_sas->get_count(this->child_sas);
+}
+
+METHOD(ike_sa_t, create_child_sa_enumerator, enumerator_t*,
+	private_ike_sa_t *this)
+{
+	return this->child_sas->create_enumerator(this->child_sas);
+}
+
+METHOD(ike_sa_t, remove_child_sa, void,
+	private_ike_sa_t *this, enumerator_t *enumerator)
+{
+	this->child_sas->remove_at(this->child_sas, enumerator);
 }
 
 METHOD(ike_sa_t, rekey_child_sa, status_t,
@@ -2113,7 +2125,9 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 			.get_keymat = _get_keymat,
 			.add_child_sa = _add_child_sa,
 			.get_child_sa = _get_child_sa,
-			.create_child_sa_iterator = _create_child_sa_iterator,
+			.get_child_count = _get_child_count,
+			.create_child_sa_enumerator = _create_child_sa_enumerator,
+			.remove_child_sa = _remove_child_sa,
 			.rekey_child_sa = _rekey_child_sa,
 			.delete_child_sa = _delete_child_sa,
 			.destroy_child_sa = _destroy_child_sa,
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 69a74d8b7..1b2ccd788 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2008 Tobias Brunner
+ * Copyright (C) 2006-2011 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -260,14 +260,14 @@ struct ike_sa_t {
 	 *
 	 * Returned ike_sa_id_t object is not getting cloned!
 	 *
-	 * @return 				ike_sa's ike_sa_id_t
+	 * @return				ike_sa's ike_sa_id_t
 	 */
 	ike_sa_id_t* (*get_id) (ike_sa_t *this);
 
 	/**
 	 * Get the numerical ID uniquely defining this IKE_SA.
 	 *
-	 * @return 				unique ID
+	 * @return				unique ID
 	 */
 	u_int32_t (*get_unique_id) (ike_sa_t *this);
 
@@ -474,7 +474,7 @@ struct ike_sa_t {
 	/**
 	 * Create an iterator over all additional addresses of the peer.
 	 *
-	 * @return 				iterator over addresses
+	 * @return				iterator over addresses
 	 */
 	iterator_t* (*create_additional_address_iterator)(ike_sa_t *this);
 
@@ -567,8 +567,8 @@ struct ike_sa_t {
 	 *
 	 * @param mediated_cfg	peer_cfg of the mediated connection
 	 * @return
-	 * 						- SUCCESS if initialization started
-	 * 						- DESTROY_ME if initialization failed
+	 *						- SUCCESS if initialization started
+	 *						- DESTROY_ME if initialization failed
 	 */
 	status_t (*initiate_mediation) (ike_sa_t *this, peer_cfg_t *mediated_cfg);
 
@@ -579,8 +579,8 @@ struct ike_sa_t {
 	 * @param other			remote endpoint (gets cloned)
 	 * @param connect_id	connect ID (gets cloned)
 	 * @return
-	 * 						- SUCCESS if initialization started
-	 * 						- DESTROY_ME if initialization failed
+	 *						- SUCCESS if initialization started
+	 *						- DESTROY_ME if initialization failed
 	 */
 	status_t (*initiate_mediated) (ike_sa_t *this, host_t *me, host_t *other,
 								   chunk_t connect_id);
@@ -597,8 +597,8 @@ struct ike_sa_t {
 	 * @param endpoints		endpoints
 	 * @param response		TRUE if this is a response
 	 * @return
-	 * 						- SUCCESS if relay started
-	 * 						- DESTROY_ME if relay failed
+	 *						- SUCCESS if relay started
+	 *						- DESTROY_ME if relay failed
 	 */
 	status_t (*relay) (ike_sa_t *this, identification_t *requester,
 					   chunk_t connect_id, chunk_t connect_key,
@@ -611,8 +611,8 @@ struct ike_sa_t {
 	 *
 	 * @param peer_id		ID of the other peer
 	 * @return
-	 * 						- SUCCESS if response started
-	 * 						- DESTROY_ME if response failed
+	 *						- SUCCESS if response started
+	 *						- DESTROY_ME if response failed
 	 */
 	status_t (*callback) (ike_sa_t *this, identification_t *peer_id);
 
@@ -624,8 +624,8 @@ struct ike_sa_t {
 	 * @param peer_id		ID of the other peer
 	 * @param connect_id	the connect ID supplied by the initiator
 	 * @return
-	 * 						- SUCCESS if response started
-	 * 						- DESTROY_ME if response failed
+	 *						- SUCCESS if response started
+	 *						- DESTROY_ME if response failed
 	 */
 	status_t (*respond) (ike_sa_t *this, identification_t *peer_id,
 						 chunk_t connect_id);
@@ -643,8 +643,8 @@ struct ike_sa_t {
 	 * @param tsi			source of triggering packet
 	 * @param tsr			destination of triggering packet.
 	 * @return
-	 * 						- SUCCESS if initialization started
-	 * 						- DESTROY_ME if initialization failed
+	 *						- SUCCESS if initialization started
+	 *						- DESTROY_ME if initialization failed
 	 */
 	status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg,
 						  u_int32_t reqid, traffic_selector_t *tsi,
@@ -658,10 +658,10 @@ struct ike_sa_t {
 	 * the IKE SA gets deleted.
 	 *
 	 * @return
-	 * 						- SUCCESS if deletion is initialized
-	 * 						- DESTROY_ME, if the IKE_SA is not in
-	 * 						  an established state and can not be
-	 * 						  deleted (but destroyed).
+	 *						- SUCCESS if deletion is initialized
+	 *						- DESTROY_ME, if the IKE_SA is not in
+	 *						  an established state and can not be
+	 *						  deleted (but destroyed).
 	 */
 	status_t (*delete) (ike_sa_t *this);
 
@@ -686,11 +686,11 @@ struct ike_sa_t {
 	 * process_message() return DESTROY_ME. Then the caller must
 	 * destroy the IKE_SA immediatly, as it is unusable.
 	 *
-	 * @param message 		message to process
+	 * @param message		message to process
 	 * @return
-	 * 						- SUCCESS
-	 * 						- FAILED
-	 * 						- DESTROY_ME if this IKE_SA MUST be deleted
+	 *						- SUCCESS
+	 *						- FAILED
+	 *						- DESTROY_ME if this IKE_SA MUST be deleted
 	 */
 	status_t (*process_message) (ike_sa_t *this, message_t *message);
 
@@ -700,12 +700,12 @@ struct ike_sa_t {
 	 * This method generates all payloads in the message and encrypts/signs
 	 * the packet.
 	 *
-	 * @param message 		message to generate
+	 * @param message		message to generate
 	 * @param packet		generated output packet
 	 * @return
-	 * 						- SUCCESS
-	 * 						- FAILED
-	 * 						- DESTROY_ME if this IKE_SA MUST be deleted
+	 *						- SUCCESS
+	 *						- FAILED
+	 *						- DESTROY_ME if this IKE_SA MUST be deleted
 	 */
 	status_t (*generate_message) (ike_sa_t *this, message_t *message,
 								  packet_t **packet);
@@ -715,8 +715,8 @@ struct ike_sa_t {
 	 *
 	 * @param message_id	ID of the request to retransmit
 	 * @return
-	 * 						- SUCCESS
-	 * 						- NOT_FOUND if request doesn't have to be retransmited
+	 *						- SUCCESS
+	 *						- NOT_FOUND if request doesn't have to be retransmited
 	 */
 	status_t (*retransmit) (ike_sa_t *this, u_int32_t message_id);
 
@@ -728,8 +728,8 @@ struct ike_sa_t {
 	 * other traffic was received.
 	 *
 	 * @return
-	 * 						- SUCCESS
-	 * 						- DESTROY_ME, if peer did not respond
+	 *						- SUCCESS
+	 *						- DESTROY_ME, if peer did not respond
 	 */
 	status_t (*send_dpd) (ike_sa_t *this);
 
@@ -769,11 +769,25 @@ struct ike_sa_t {
 								 u_int32_t spi, bool inbound);
 
 	/**
-	 * Create an iterator over all CHILD_SAs.
+	 * Get the number of CHILD_SAs.
 	 *
-	 * @return				iterator
+	 * @return				number of CHILD_SAs
 	 */
-	iterator_t* (*create_child_sa_iterator) (ike_sa_t *this);
+	int (*get_child_count) (ike_sa_t *this);
+
+	/**
+	 * Create an enumerator over all CHILD_SAs.
+	 *
+	 * @return				enumerator
+	 */
+	enumerator_t* (*create_child_sa_enumerator) (ike_sa_t *this);
+
+	/**
+	 * Remove the CHILD_SA the given enumerator points to from this IKE_SA.
+	 *
+	 * @param enumerator	enumerator pointing to CHILD_SA
+	 */
+	void (*remove_child_sa) (ike_sa_t *this, enumerator_t *enumerator);
 
 	/**
 	 * Rekey the CHILD SA with the specified reqid.
@@ -783,8 +797,8 @@ struct ike_sa_t {
 	 * @param protocol		protocol of the SA
 	 * @param spi			inbound SPI of the CHILD_SA
 	 * @return
-	 * 						- NOT_FOUND, if IKE_SA has no such CHILD_SA
-	 * 						- SUCCESS, if rekeying initiated
+	 *						- NOT_FOUND, if IKE_SA has no such CHILD_SA
+	 *						- SUCCESS, if rekeying initiated
 	 */
 	status_t (*rekey_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi);
 
@@ -798,8 +812,8 @@ struct ike_sa_t {
 	 * @param protocol		protocol of the SA
 	 * @param spi			inbound SPI of the CHILD_SA
 	 * @return
-	 * 						- NOT_FOUND, if IKE_SA has no such CHILD_SA
-	 * 						- SUCCESS, if delete message sent
+	 *						- NOT_FOUND, if IKE_SA has no such CHILD_SA
+	 *						- SUCCESS, if delete message sent
 	 */
 	status_t (*delete_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi);
 
@@ -811,8 +825,8 @@ struct ike_sa_t {
 	 * @param protocol		protocol of the SA
 	 * @param spi			inbound SPI of the CHILD_SA
 	 * @return
-	 * 						- NOT_FOUND, if IKE_SA has no such CHILD_SA
-	 * 						- SUCCESS
+	 *						- NOT_FOUND, if IKE_SA has no such CHILD_SA
+	 *						- SUCCESS
 	 */
 	status_t (*destroy_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi);
 
@@ -929,8 +943,8 @@ struct ike_sa_t {
 /**
  * Creates an ike_sa_t object with a specific ID.
  *
- * @param ike_sa_id 	ike_sa_id_t object to associate with new IKE_SA
- * @return 				ike_sa_t object
+ * @param ike_sa_id		ike_sa_id_t object to associate with new IKE_SA
+ * @return				ike_sa_t object
  */
 ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id);
 
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 7f3ca7dd5..731ae6007 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1134,8 +1134,7 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
 METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*,
 	private_ike_sa_manager_t *this, u_int32_t id, bool child)
 {
-	enumerator_t *enumerator;
-	iterator_t *children;
+	enumerator_t *enumerator, *children;
 	entry_t *entry;
 	ike_sa_t *ike_sa = NULL;
 	child_sa_t *child_sa;
@@ -1151,8 +1150,8 @@ METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*,
 			/* look for a child with such a reqid ... */
 			if (child)
 			{
-				children = entry->ike_sa->create_child_sa_iterator(entry->ike_sa);
-				while (children->iterate(children, (void**)&child_sa))
+				children = entry->ike_sa->create_child_sa_enumerator(entry->ike_sa);
+				while (children->enumerate(children, (void**)&child_sa))
 				{
 					if (child_sa->get_reqid(child_sa) == id)
 					{
@@ -1188,8 +1187,7 @@ METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*,
 METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*,
 	private_ike_sa_manager_t *this, char *name, bool child)
 {
-	enumerator_t *enumerator;
-	iterator_t *children;
+	enumerator_t *enumerator, *children;
 	entry_t *entry;
 	ike_sa_t *ike_sa = NULL;
 	child_sa_t *child_sa;
@@ -1203,8 +1201,8 @@ METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*,
 			/* look for a child with such a policy name ... */
 			if (child)
 			{
-				children = entry->ike_sa->create_child_sa_iterator(entry->ike_sa);
-				while (children->iterate(children, (void**)&child_sa))
+				children = entry->ike_sa->create_child_sa_enumerator(entry->ike_sa);
+				while (children->enumerate(children, (void**)&child_sa))
 				{
 					if (streq(child_sa->get_name(child_sa), name))
 					{
diff --git a/src/libcharon/sa/tasks/ike_mobike.c b/src/libcharon/sa/tasks/ike_mobike.c
index 5b12eaaac..eec68c6de 100644
--- a/src/libcharon/sa/tasks/ike_mobike.c
+++ b/src/libcharon/sa/tasks/ike_mobike.c
@@ -256,11 +256,11 @@ static void build_cookie(private_ike_mobike_t *this, message_t *message)
  */
 static void update_children(private_ike_mobike_t *this)
 {
-	iterator_t *iterator;
+	enumerator_t *enumerator;
 	child_sa_t *child_sa;
 
-	iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
-	while (iterator->iterate(iterator, (void**)&child_sa))
+	enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
+	while (enumerator->enumerate(enumerator, (void**)&child_sa))
 	{
 		if (child_sa->update(child_sa,
 				this->ike_sa->get_my_host(this->ike_sa),
@@ -273,7 +273,7 @@ static void update_children(private_ike_mobike_t *this)
 					child_sa->get_spi(child_sa, TRUE));
 		}
 	}
-	iterator->destroy(iterator);
+	enumerator->destroy(enumerator);
 }
 
 /**
diff --git a/src/libcharon/sa/tasks/ike_reauth.c b/src/libcharon/sa/tasks/ike_reauth.c
index ac89c358b..b3423f91e 100644
--- a/src/libcharon/sa/tasks/ike_reauth.c
+++ b/src/libcharon/sa/tasks/ike_reauth.c
@@ -57,7 +57,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 {
 	ike_sa_t *new;
 	host_t *host;
-	iterator_t *iterator;
+	enumerator_t *enumerator;
 	child_sa_t *child_sa;
 	peer_cfg_t *peer_cfg;
 
@@ -67,8 +67,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 	peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
 
 	/* reauthenticate only if we have children */
-	iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
-	if (iterator->get_count(iterator) == 0
+	if (this->ike_sa->get_child_count(this->ike_sa) == 0
 #ifdef ME
 		/* we allow peers to reauth mediation connections (without children) */
 		&& !peer_cfg->is_mediation(peer_cfg)
@@ -76,7 +75,6 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 		)
 	{
 		DBG1(DBG_IKE, "unable to reauthenticate IKE_SA, no CHILD_SA to recreate");
-		iterator->destroy(iterator);
 		return FAILED;
 	}
 
@@ -110,14 +108,15 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 	}
 #endif /* ME */
 
-	while (iterator->iterate(iterator, (void**)&child_sa))
+	enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
+	while (enumerator->enumerate(enumerator, (void**)&child_sa))
 	{
 		switch (child_sa->get_state(child_sa))
 		{
 			case CHILD_ROUTED:
 			{
 				/* move routed child directly */
-				iterator->remove(iterator);
+				this->ike_sa->remove_child_sa(this->ike_sa, enumerator);
 				new->add_child_sa(new, child_sa);
 				break;
 			}
@@ -128,7 +127,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 				child_cfg->get_ref(child_cfg);
 				if (new->initiate(new, child_cfg, 0, NULL, NULL) == DESTROY_ME)
 				{
-					iterator->destroy(iterator);
+					enumerator->destroy(enumerator);
 					charon->ike_sa_manager->checkin_and_destroy(
 										charon->ike_sa_manager, new);
 					/* set threads active IKE_SA after checkin */
@@ -140,7 +139,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 			}
 		}
 	}
-	iterator->destroy(iterator);
+	enumerator->destroy(enumerator);
 	charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
 	/* set threads active IKE_SA after checkin */
 	charon->bus->set_sa(charon->bus, this->ike_sa);
diff --git a/src/libcharon/sa/tasks/ike_rekey.c b/src/libcharon/sa/tasks/ike_rekey.c
index c055dabc1..826d6e192 100644
--- a/src/libcharon/sa/tasks/ike_rekey.c
+++ b/src/libcharon/sa/tasks/ike_rekey.c
@@ -147,8 +147,8 @@ METHOD(task_t, build_i, status_t,
 METHOD(task_t, process_r, status_t,
 	private_ike_rekey_t *this, message_t *message)
 {
+	enumerator_t *enumerator;
 	peer_cfg_t *peer_cfg;
-	iterator_t *iterator;
 	child_sa_t *child_sa;
 
 	if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
@@ -157,8 +157,8 @@ METHOD(task_t, process_r, status_t,
 		return NEED_MORE;
 	}
 
-	iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
-	while (iterator->iterate(iterator, (void**)&child_sa))
+	enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
+	while (enumerator->enumerate(enumerator, (void**)&child_sa))
 	{
 		switch (child_sa->get_state(child_sa))
 		{
@@ -167,13 +167,13 @@ METHOD(task_t, process_r, status_t,
 			case CHILD_DELETING:
 				/* we do not allow rekeying while we have children in-progress */
 				DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open");
-				iterator->destroy(iterator);
+				enumerator->destroy(enumerator);
 				return NEED_MORE;
 			default:
 				break;
 		}
 	}
-	iterator->destroy(iterator);
+	enumerator->destroy(enumerator);
 
 	this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
 														FALSE);