aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/config
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/config')
-rw-r--r--Source/charon/config/Makefile.config4
-rw-r--r--Source/charon/config/configuration_manager.c83
-rw-r--r--Source/charon/config/sa_config.c190
-rw-r--r--Source/charon/config/sa_config.h69
4 files changed, 91 insertions, 255 deletions
diff --git a/Source/charon/config/Makefile.config b/Source/charon/config/Makefile.config
index 8076e4339..7ca46d14f 100644
--- a/Source/charon/config/Makefile.config
+++ b/Source/charon/config/Makefile.config
@@ -30,3 +30,7 @@ $(BUILD_DIR)sa_config.o : $(CONFIG_DIR)sa_config.c $(CONFIG_DIR)sa_config.h
OBJS+= $(BUILD_DIR)traffic_selector.o
$(BUILD_DIR)traffic_selector.o : $(CONFIG_DIR)traffic_selector.c $(CONFIG_DIR)traffic_selector.h
$(CC) $(CFLAGS) -c -o $@ $<
+
+OBJS+= $(BUILD_DIR)child_proposal.o
+$(BUILD_DIR)child_proposal.o : $(CONFIG_DIR)child_proposal.c $(CONFIG_DIR)child_proposal.h
+ $(CC) $(CFLAGS) -c -o $@ $<
diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c
index 4e9cdc5b4..f4873fa3c 100644
--- a/Source/charon/config/configuration_manager.c
+++ b/Source/charon/config/configuration_manager.c
@@ -274,16 +274,17 @@ u_int8_t private_key_2[];
*/
static void load_default_config (private_configuration_manager_t *this)
{
- init_config_t *init_config1, *init_config2, *init_config3, *init_config4;
+ init_config_t *init_config1, *init_config2, *init_config3, *init_config4, *init_config5;
ike_proposal_t proposals[4];
- child_proposal_t child_proposals[1];
- sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4;
+ child_proposal_t *child_proposal;
+ sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4, *sa_config5;
traffic_selector_t *ts;
- init_config1 = init_config_create("0.0.0.0","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
- init_config2 = init_config_create("0.0.0.0","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+ init_config1 = init_config_create("0.0.0.0","192.168.1.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+ init_config2 = init_config_create("0.0.0.0","192.168.1.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
init_config4 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+ init_config5 = init_config_create("0.0.0.0","192.168.1.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535);
@@ -316,25 +317,27 @@ static void load_default_config (private_configuration_manager_t *this)
init_config3->add_proposal(init_config3,1,proposals[0]);
init_config4->add_proposal(init_config4,1,proposals[3]);
init_config4->add_proposal(init_config4,1,proposals[2]);
+ init_config5->add_proposal(init_config5,1,proposals[3]);
+ init_config5->add_proposal(init_config5,1,proposals[2]);
- sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130",
- ID_IPV4_ADDR, "152.96.193.131",
+ sa_config1 = sa_config_create(ID_IPV4_ADDR, "192.168.1.2",
+ ID_IPV4_ADDR, "192.168.1.1",
SHARED_KEY_MESSAGE_INTEGRITY_CODE,
30000);
sa_config1->add_traffic_selector_initiator(sa_config1,ts);
sa_config1->add_traffic_selector_responder(sa_config1,ts);
- sa_config2 = sa_config_create(ID_IPV4_ADDR, "152.96.193.131",
- ID_IPV4_ADDR, "152.96.193.130",
+ sa_config2 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1",
+ ID_IPV4_ADDR, "192.168.1.2",
SHARED_KEY_MESSAGE_INTEGRITY_CODE,
30000);
sa_config2->add_traffic_selector_initiator(sa_config2,ts);
sa_config2->add_traffic_selector_responder(sa_config2,ts);
- sa_config3 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1",
- ID_IPV4_ADDR, "127.0.0.1",
+ sa_config3 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1",
+ ID_IPV4_ADDR, "192.168.1.2",
SHARED_KEY_MESSAGE_INTEGRITY_CODE,
30000);
@@ -349,46 +352,48 @@ static void load_default_config (private_configuration_manager_t *this)
sa_config4->add_traffic_selector_initiator(sa_config4,ts);
sa_config4->add_traffic_selector_responder(sa_config4,ts);
+ sa_config5 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1",
+ ID_IPV4_ADDR, "192.168.1.2",
+ RSA_DIGITAL_SIGNATURE,
+ 30000);
+
+ sa_config5->add_traffic_selector_initiator(sa_config5,ts);
+ sa_config5->add_traffic_selector_responder(sa_config5,ts);
+
ts->destroy(ts);
/* ah and esp prop */
- child_proposals[0].ah.is_set = FALSE;
- child_proposals[0].ah.integrity_algorithm = AUTH_HMAC_SHA1_96;
- child_proposals[0].ah.integrity_algorithm_key_size = 20;
- child_proposals[0].ah.diffie_hellman_group = MODP_1024_BIT;
- child_proposals[0].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
-
- child_proposals[0].esp.is_set = TRUE;
- child_proposals[0].esp.diffie_hellman_group = MODP_UNDEFINED;
- child_proposals[0].esp.encryption_algorithm = ENCR_AES_CBC;
- child_proposals[0].esp.encryption_algorithm_key_size = 16;
- child_proposals[0].esp.integrity_algorithm = AUTH_HMAC_SHA1_96;
- child_proposals[0].esp.integrity_algorithm_key_size = 20;
- child_proposals[0].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
- child_proposals[0].esp.spi[0] = 2;
- child_proposals[0].esp.spi[1] = 2;
- child_proposals[0].esp.spi[2] = 2;
- child_proposals[0].esp.spi[3] = 2;
-
- sa_config1->add_proposal(sa_config1, &child_proposals[0]);
- sa_config2->add_proposal(sa_config2, &child_proposals[0]);
- sa_config3->add_proposal(sa_config3, &child_proposals[0]);
-
- this->add_new_configuration(this,"pinflb31",init_config1,sa_config1);
- this->add_new_configuration(this,"pinflb30",init_config2,sa_config2);
+ child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+ child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+ child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+
+ child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+ child_proposal->add_algorithm(child_proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+ child_proposal->add_algorithm(child_proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_UNDEFINED, 0);
+ child_proposal->add_algorithm(child_proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+
+ sa_config1->add_proposal(sa_config1, child_proposal);
+ sa_config2->add_proposal(sa_config2, child_proposal);
+ sa_config3->add_proposal(sa_config3, child_proposal);
+ sa_config5->add_proposal(sa_config5, child_proposal);
+
+ this->add_new_configuration(this,"jan",init_config1,sa_config1);
+ this->add_new_configuration(this,"martin",init_config2,sa_config2);
this->add_new_configuration(this,"localhost-shared",init_config3,sa_config3);
this->add_new_configuration(this,"localhost-rsa",init_config3,sa_config4);
this->add_new_configuration(this,"localhost-bad_dh_group",init_config4, sa_config3);
+ this->add_new_configuration(this,"martin-bad_dh_group",init_config5, sa_config3);
+ this->add_new_configuration(this,"martin-rsa",init_config2, sa_config5);
- this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.130","verschluesselt");
- this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","verschluesselt");
+ this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.2","verschluesselt");
+ this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.1","verschluesselt");
this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","verschluesselt");
this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "127.0.0.1", public_key_1, 256);
- this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "152.96.193.131", public_key_2, 256);
+ this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.1.1", public_key_2, 256);
this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "127.0.0.1", private_key_1, 1024);
- this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "152.96.193.131", private_key_2, 1024);
+ this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.1.1", private_key_2, 1024);
}
/**
diff --git a/Source/charon/config/sa_config.c b/Source/charon/config/sa_config.c
index 1009c84e0..1a21d0fd4 100644
--- a/Source/charon/config/sa_config.c
+++ b/Source/charon/config/sa_config.c
@@ -75,11 +75,6 @@ struct private_sa_config_t {
linked_list_t *ts_responder;
/**
- * compare two proposals for equality
- */
- bool (*proposal_equals) (private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second);
-
- /**
* get_traffic_selectors for both
*/
size_t (*get_traffic_selectors) (private_sa_config_t *,linked_list_t*,traffic_selector_t**[]);
@@ -211,167 +206,49 @@ static size_t select_traffic_selectors(private_sa_config_t *this, linked_list_t
}
/**
- * Implementation of sa_config_t.get_proposals
+ * Implementation of sa_config_t.get_proposal_iterator
*/
-static size_t get_proposals(private_sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t **proposals)
+static iterator_t *create_proposal_iterator(private_sa_config_t *this)
{
- iterator_t *iterator;
- child_proposal_t *current_proposal;
- int counter = 0;
- *proposals = allocator_alloc(sizeof(child_proposal_t) * this->proposals->get_count(this->proposals));
-
- /* copy all proposals from the list in an array */
- iterator = this->proposals->create_iterator(this->proposals, TRUE);
- while (iterator->has_next(iterator))
- {
- child_proposal_t *new_proposal = (*proposals) + counter;
- iterator->current(iterator, (void**)&current_proposal);
- *new_proposal = *current_proposal;
- memcpy(new_proposal->ah.spi, ah_spi, 4);
- memcpy(new_proposal->ah.spi, esp_spi, 4);
- counter++;
- }
- iterator->destroy(iterator);
- return counter;
+ return this->proposals->create_iterator(this->proposals, TRUE);
}
/**
* Implementation of sa_config_t.select_proposal
*/
-static child_proposal_t *select_proposal(private_sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *supplied, size_t count)
+static child_proposal_t *select_proposal(private_sa_config_t *this, linked_list_t *proposals)
{
- iterator_t *iterator;
- child_proposal_t *current_proposal, *selected_proposal;
- int i;
-/* logger_t *logger = logger_create("SA Config",FULL,FALSE,stdout); */
+ iterator_t *stored_iter, *supplied_iter;
+ child_proposal_t *stored, *supplied, *selected;
+ stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
+ supplied_iter = proposals->create_iterator(proposals, TRUE);
- /* iterate over all stored proposals */
- iterator = this->proposals->create_iterator(this->proposals, TRUE);
- while (iterator->has_next(iterator))
+ /* compare all stored proposals with all supplied. Stored ones are preferred. */
+ while (stored_iter->has_next(stored_iter))
{
- iterator->current(iterator, (void**)&current_proposal);
- /*
- logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,current_proposal->esp.integrity_algorithm),current_proposal->esp.integrity_algorithm_key_size);
- logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,current_proposal->esp.diffie_hellman_group));
- logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,current_proposal->esp.extended_sequence_numbers));
- logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,current_proposal->esp.encryption_algorithm),current_proposal->esp.encryption_algorithm_key_size);
-*/
-
-
- /* copy and break if a proposal matches */
- for (i = 0; i < count; i++)
- {
-/* if (supplied[i].esp.is_set)
- {
- logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].esp.integrity_algorithm),supplied[i].esp.integrity_algorithm_key_size);
- logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].esp.diffie_hellman_group));
- logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].esp.extended_sequence_numbers));
- logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,supplied[i].esp.encryption_algorithm),supplied[i].esp.encryption_algorithm_key_size);
- }
+ supplied_iter->reset(supplied_iter);
+ stored_iter->current(stored_iter, (void**)&stored);
- if (supplied[i].ah.is_set)
- {
- logger->log(logger,FULL,"AH integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].ah.integrity_algorithm),supplied[i].ah.integrity_algorithm_key_size);
- logger->log(logger,FULL,"AH diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].ah.diffie_hellman_group));
- logger->log(logger,FULL,"AH extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].ah.extended_sequence_numbers));
- }*/
-
-
- if (this->proposal_equals(this, &(supplied[i]), current_proposal))
+ while (supplied_iter->has_next(supplied_iter))
+ {
+ supplied_iter->current(supplied_iter, (void**)&supplied);
+ selected = stored->select(stored, supplied);
+ if (selected)
{
- selected_proposal = allocator_alloc(sizeof(child_proposal_t));
- *selected_proposal = *current_proposal;
- memcpy(selected_proposal->ah.spi, ah_spi, 4);
- memcpy(selected_proposal->ah.spi, esp_spi, 4);
-/* logger->destroy(logger);*/
- iterator->destroy(iterator);
- return selected_proposal;
+ /* they match, return */
+ stored_iter->destroy(stored_iter);
+ supplied_iter->destroy(supplied_iter);
+ return selected;
}
}
}
- iterator->destroy(iterator);
-
-/* logger->destroy(logger); */
- return NULL;
-}
-
-
-/**
- * Implementation of private_sa_config_t.proposal_equals
- */
-static bool proposal_equals(private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second)
-{
- /*
- * Proto ? Mandatory ? Optional
- * -----------------------------------
- * ESP ? ENCR ? INTEG, D-H, ESN
- * AH ? INTEG ? D-H, ESN
- */
- /* equality defaults to false, so return is FALSE if ah and esp not set */
- bool equal = FALSE;
+ /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
+ stored_iter->destroy(stored_iter);
+ supplied_iter->destroy(supplied_iter);
- /* check ah, if set */
- if (first->ah.is_set && second->ah.is_set)
- {
- /* integrity alg is mandatory, with key size */
- if ((first->ah.integrity_algorithm == second->ah.integrity_algorithm) &&
- (first->ah.integrity_algorithm_key_size == second->ah.integrity_algorithm_key_size))
- {
- /* dh group is optional, but must be NOT_SET when not set */
- if (first->ah.diffie_hellman_group != second->ah.diffie_hellman_group)
- {
- return FALSE;
- }
- /* sequence numbers is optional, but must be NOT_SET when not set */
- if (first->ah.extended_sequence_numbers != second->ah.extended_sequence_numbers)
- {
- return FALSE;
- }
- /* all checked, ah seems ok */
- equal = TRUE;
- }
- else
- {
- return FALSE;
- }
- }
- /* check esp, if set */
- if (first->esp.is_set && second->esp.is_set)
- {
- /* encryption alg is mandatory, with key size */
- if ((first->esp.encryption_algorithm == second->esp.encryption_algorithm) &&
- (first->esp.encryption_algorithm_key_size == second->esp.encryption_algorithm_key_size))
- {
- /* int alg is optional, check key only when not NOT_SET */
- if (first->esp.integrity_algorithm != second->esp.integrity_algorithm)
- {
- return FALSE;
- }
- if ((first->esp.integrity_algorithm != AUTH_UNDEFINED) &&
- (first->esp.integrity_algorithm_key_size != second->esp.integrity_algorithm_key_size))
- {
- return FALSE;
- }
- /* dh group is optional, but must be NOT_SET when not set */
- if (first->esp.diffie_hellman_group != second->esp.diffie_hellman_group)
- {
- return FALSE;
- }
- if (first->esp.extended_sequence_numbers != second->esp.extended_sequence_numbers)
- {
- return FALSE;
- }
- /* all checked, esp seems ok */
- equal = TRUE;
- }
- else
- {
- return FALSE;
- }
- }
- return equal;
+ return NULL;
}
/**
@@ -397,10 +274,7 @@ static void add_traffic_selector_responder(private_sa_config_t *this, traffic_se
*/
static void add_proposal(private_sa_config_t *this, child_proposal_t *proposal)
{
- /* clone proposal, and add*/
- child_proposal_t *new_proposal = allocator_alloc_thing(child_proposal_t);
- *new_proposal = *proposal;
- this->proposals->insert_last(this->proposals, (void*)new_proposal);
+ this->proposals->insert_last(this->proposals, (void*)proposal);
}
/**
@@ -416,7 +290,7 @@ static status_t destroy(private_sa_config_t *this)
while(this->proposals->get_count(this->proposals) > 0)
{
this->proposals->remove_last(this->proposals, (void**)&proposal);
- allocator_free(proposal);
+ proposal->destroy(proposal);
}
this->proposals->destroy(this->proposals);
@@ -460,31 +334,29 @@ sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other
this->public.select_traffic_selectors_initiator = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_initiator;
this->public.get_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t**[]))get_traffic_selectors_responder;
this->public.select_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_responder;
- this->public.get_proposals = (size_t(*)(sa_config_t*,u_int8_t[4],u_int8_t[4],child_proposal_t**))get_proposals;
- this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,u_int8_t[4],u_int8_t[4],child_proposal_t*,size_t))select_proposal;
+ this->public.create_proposal_iterator = (iterator_t*(*)(sa_config_t*))create_proposal_iterator;
+ this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,linked_list_t*))select_proposal;
this->public.add_traffic_selector_initiator = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_initiator;
this->public.add_traffic_selector_responder = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_responder;
this->public.add_proposal = (void(*)(sa_config_t*,child_proposal_t*))add_proposal;
this->public.destroy = (void(*)(sa_config_t*))destroy;
-
/* apply init values */
this->my_id = identification_create_from_string(my_id_type, my_id);
if (this->my_id == NULL)
{
allocator_free(this);
- return NULL;
+ return NULL;
}
this->other_id = identification_create_from_string(other_id_type, other_id);
if (this->my_id == NULL)
{
this->other_id->destroy(this->other_id);
allocator_free(this);
- return NULL;
+ return NULL;
}
/* init private members*/
- this->proposal_equals = proposal_equals;
this->select_traffic_selectors = select_traffic_selectors;
this->get_traffic_selectors = get_traffic_selectors;
this->proposals = linked_list_create();
diff --git a/Source/charon/config/sa_config.h b/Source/charon/config/sa_config.h
index ad9e33019..0bfde778b 100644
--- a/Source/charon/config/sa_config.h
+++ b/Source/charon/config/sa_config.h
@@ -32,50 +32,9 @@
#include <transforms/signers/signer.h>
#include <transforms/diffie_hellman.h>
#include <config/traffic_selector.h>
+#include <config/child_proposal.h>
-typedef struct child_proposal_t child_proposal_t;
-
-/**
- * @brief Storage structure for a proposal for a child sa.
- *
- * A proposal for a child sa contains data for
- * AH, ESP, or both.
- *
- * @todo Currently the amount of tranforms with same type in a proposal is limited to 1.
- * Support of more transforms with same type has to be added.
- *
- * @ingroup config
- */
-struct child_proposal_t {
-
- /**
- * Data for AH, if set.
- */
- struct {
- bool is_set;
- integrity_algorithm_t integrity_algorithm;
- size_t integrity_algorithm_key_size;
- diffie_hellman_group_t diffie_hellman_group;
- extended_sequence_numbers_t extended_sequence_numbers;
- u_int8_t spi[4];
- } ah;
-
- /**
- * Data for ESP, if set.
- */
- struct {
- bool is_set;
- encryption_algorithm_t encryption_algorithm;
- size_t encryption_algorithm_key_size;
- integrity_algorithm_t integrity_algorithm;
- size_t integrity_algorithm_key_size;
- diffie_hellman_group_t diffie_hellman_group;
- extended_sequence_numbers_t extended_sequence_numbers;
- u_int8_t spi[4];
- } esp;
-};
-
typedef struct sa_config_t sa_config_t;
@@ -195,30 +154,27 @@ struct sa_config_t {
size_t (*select_traffic_selectors_responder) (sa_config_t *this, traffic_selector_t *supplied[], size_t count, traffic_selector_t **selected[]);
/**
- * @brief Get the list of proposals for this config.
+ * @brief Get an iterator for the internally stored proposals.
*
- * @warning Resulting array must be freed!
+ * @warning Items are still owned by sa_config and MUST NOT
+ * be manipulated or freed!
*
- * @param this calling object
- * @param[out] traffic_selectors pointer where proposals will be allocated
- * @return number of allocated proposals
+ * @param this calling object
+ * @return iterator for the proposals
*/
- size_t (*get_proposals) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *proposals[]);
+ iterator_t *(*create_proposal_iterator) (sa_config_t *this);
/**
- * @brief Select a proposal from a supplied list
- *
- * @warning Resulting array must be freed!
+ * @brief Select a proposal from a supplied list.
*
* @param this calling object
- * @param supplied pointer to an array of proposals to select from.
- * @param count number of proposals stored at supplied
- * @return the selected proposal
+ * @param proposals list from from wich proposals are selected
+ * @return selected proposal, or NULL if nothing matches
*/
- child_proposal_t* (*select_proposal) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *supplied, size_t count);
+ child_proposal_t *(*select_proposal) (sa_config_t *this, linked_list_t *proposals);
/**
- * @brief Add a traffic selector to the list for initiator.
+ * @brief Add a traffic selector to the list for initiator.
*
* Added proposal will be cloned.
*
@@ -246,7 +202,6 @@ struct sa_config_t {
*
* The proposals are stored by priority, first added
* is the most prefered.
- * Added proposal will be cloned.
*
* @warning Do not add while other threads are reading.
*
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-21 10:27:52 +0000