ipsec: Add function to compare two ipsec_sa_cfg_t instances

memeq() is currently used to compare these but if there is padding that
is not initialized the same for two instances the comparison fails.
Using this function ensures the objects are compared correctly.

2 files changed, 25 insertions, 0 deletions

diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c
index f2ee11ee8..a52a1eb51 100644
--- a/src/libstrongswan/ipsec/ipsec_types.c
+++ b/src/libstrongswan/ipsec/ipsec_types.c
@@ -40,6 +40,22 @@ ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH,
 /*
  * See header
  */
+bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b)
+{
+	return a->mode == b->mode &&
+		a->reqid == b->reqid &&
+		a->policy_count == b->policy_count &&
+		a->esp.use == b->esp.use &&
+		a->esp.spi == b->esp.spi &&
+		a->ah.use == b->ah.use &&
+		a->ah.spi == b->ah.spi &&
+		a->ipcomp.transform == b->ipcomp.transform &&
+		a->ipcomp.cpi == b->ipcomp.cpi;
+}
+
+/*
+ * See header
+ */
 bool mark_from_string(const char *value, mark_t *mark)
 {
 	char *endptr;
diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
index cbc0d089b..c93d95562 100644
--- a/src/libstrongswan/ipsec/ipsec_types.h
+++ b/src/libstrongswan/ipsec/ipsec_types.h
@@ -143,6 +143,15 @@ struct ipsec_sa_cfg_t {
 };
 
 /**
+ * Compare two ipsec_sa_cfg_t objects for equality.
+ *
+ * @param a			first object
+ * @param b			second object
+ * @return			TRUE if both objects are equal
+ */
+bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b);
+
+/**
  * A lifetime_cfg_t defines the lifetime limits of an SA.
  *
  * Set any of these values to 0 to ignore.