aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa')
-rw-r--r--src/libcharon/sa/ike_sa.c22
-rw-r--r--src/libcharon/sa/ike_sa.h100
-rw-r--r--src/libcharon/sa/ike_sa_manager.c14
-rw-r--r--src/libcharon/sa/tasks/ike_mobike.c8
-rw-r--r--src/libcharon/sa/tasks/ike_reauth.c15
-rw-r--r--src/libcharon/sa/tasks/ike_rekey.c10
6 files changed, 97 insertions, 72 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index be93ca4fe..f4ce35db4 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2008 Tobias Brunner
+ * Copyright (C) 2006-2011 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -1393,10 +1393,22 @@ METHOD(ike_sa_t, get_child_sa, child_sa_t*,
return found;
}
-METHOD(ike_sa_t, create_child_sa_iterator, iterator_t*,
+METHOD(ike_sa_t, get_child_count, int,
private_ike_sa_t *this)
{
- return this->child_sas->create_iterator(this->child_sas, TRUE);
+ return this->child_sas->get_count(this->child_sas);
+}
+
+METHOD(ike_sa_t, create_child_sa_enumerator, enumerator_t*,
+ private_ike_sa_t *this)
+{
+ return this->child_sas->create_enumerator(this->child_sas);
+}
+
+METHOD(ike_sa_t, remove_child_sa, void,
+ private_ike_sa_t *this, enumerator_t *enumerator)
+{
+ this->child_sas->remove_at(this->child_sas, enumerator);
}
METHOD(ike_sa_t, rekey_child_sa, status_t,
@@ -2113,7 +2125,9 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
.get_keymat = _get_keymat,
.add_child_sa = _add_child_sa,
.get_child_sa = _get_child_sa,
- .create_child_sa_iterator = _create_child_sa_iterator,
+ .get_child_count = _get_child_count,
+ .create_child_sa_enumerator = _create_child_sa_enumerator,
+ .remove_child_sa = _remove_child_sa,
.rekey_child_sa = _rekey_child_sa,
.delete_child_sa = _delete_child_sa,
.destroy_child_sa = _destroy_child_sa,
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 69a74d8b7..1b2ccd788 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2008 Tobias Brunner
+ * Copyright (C) 2006-2011 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -260,14 +260,14 @@ struct ike_sa_t {
*
* Returned ike_sa_id_t object is not getting cloned!
*
- * @return ike_sa's ike_sa_id_t
+ * @return ike_sa's ike_sa_id_t
*/
ike_sa_id_t* (*get_id) (ike_sa_t *this);
/**
* Get the numerical ID uniquely defining this IKE_SA.
*
- * @return unique ID
+ * @return unique ID
*/
u_int32_t (*get_unique_id) (ike_sa_t *this);
@@ -474,7 +474,7 @@ struct ike_sa_t {
/**
* Create an iterator over all additional addresses of the peer.
*
- * @return iterator over addresses
+ * @return iterator over addresses
*/
iterator_t* (*create_additional_address_iterator)(ike_sa_t *this);
@@ -567,8 +567,8 @@ struct ike_sa_t {
*
* @param mediated_cfg peer_cfg of the mediated connection
* @return
- * - SUCCESS if initialization started
- * - DESTROY_ME if initialization failed
+ * - SUCCESS if initialization started
+ * - DESTROY_ME if initialization failed
*/
status_t (*initiate_mediation) (ike_sa_t *this, peer_cfg_t *mediated_cfg);
@@ -579,8 +579,8 @@ struct ike_sa_t {
* @param other remote endpoint (gets cloned)
* @param connect_id connect ID (gets cloned)
* @return
- * - SUCCESS if initialization started
- * - DESTROY_ME if initialization failed
+ * - SUCCESS if initialization started
+ * - DESTROY_ME if initialization failed
*/
status_t (*initiate_mediated) (ike_sa_t *this, host_t *me, host_t *other,
chunk_t connect_id);
@@ -597,8 +597,8 @@ struct ike_sa_t {
* @param endpoints endpoints
* @param response TRUE if this is a response
* @return
- * - SUCCESS if relay started
- * - DESTROY_ME if relay failed
+ * - SUCCESS if relay started
+ * - DESTROY_ME if relay failed
*/
status_t (*relay) (ike_sa_t *this, identification_t *requester,
chunk_t connect_id, chunk_t connect_key,
@@ -611,8 +611,8 @@ struct ike_sa_t {
*
* @param peer_id ID of the other peer
* @return
- * - SUCCESS if response started
- * - DESTROY_ME if response failed
+ * - SUCCESS if response started
+ * - DESTROY_ME if response failed
*/
status_t (*callback) (ike_sa_t *this, identification_t *peer_id);
@@ -624,8 +624,8 @@ struct ike_sa_t {
* @param peer_id ID of the other peer
* @param connect_id the connect ID supplied by the initiator
* @return
- * - SUCCESS if response started
- * - DESTROY_ME if response failed
+ * - SUCCESS if response started
+ * - DESTROY_ME if response failed
*/
status_t (*respond) (ike_sa_t *this, identification_t *peer_id,
chunk_t connect_id);
@@ -643,8 +643,8 @@ struct ike_sa_t {
* @param tsi source of triggering packet
* @param tsr destination of triggering packet.
* @return
- * - SUCCESS if initialization started
- * - DESTROY_ME if initialization failed
+ * - SUCCESS if initialization started
+ * - DESTROY_ME if initialization failed
*/
status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg,
u_int32_t reqid, traffic_selector_t *tsi,
@@ -658,10 +658,10 @@ struct ike_sa_t {
* the IKE SA gets deleted.
*
* @return
- * - SUCCESS if deletion is initialized
- * - DESTROY_ME, if the IKE_SA is not in
- * an established state and can not be
- * deleted (but destroyed).
+ * - SUCCESS if deletion is initialized
+ * - DESTROY_ME, if the IKE_SA is not in
+ * an established state and can not be
+ * deleted (but destroyed).
*/
status_t (*delete) (ike_sa_t *this);
@@ -686,11 +686,11 @@ struct ike_sa_t {
* process_message() return DESTROY_ME. Then the caller must
* destroy the IKE_SA immediatly, as it is unusable.
*
- * @param message message to process
+ * @param message message to process
* @return
- * - SUCCESS
- * - FAILED
- * - DESTROY_ME if this IKE_SA MUST be deleted
+ * - SUCCESS
+ * - FAILED
+ * - DESTROY_ME if this IKE_SA MUST be deleted
*/
status_t (*process_message) (ike_sa_t *this, message_t *message);
@@ -700,12 +700,12 @@ struct ike_sa_t {
* This method generates all payloads in the message and encrypts/signs
* the packet.
*
- * @param message message to generate
+ * @param message message to generate
* @param packet generated output packet
* @return
- * - SUCCESS
- * - FAILED
- * - DESTROY_ME if this IKE_SA MUST be deleted
+ * - SUCCESS
+ * - FAILED
+ * - DESTROY_ME if this IKE_SA MUST be deleted
*/
status_t (*generate_message) (ike_sa_t *this, message_t *message,
packet_t **packet);
@@ -715,8 +715,8 @@ struct ike_sa_t {
*
* @param message_id ID of the request to retransmit
* @return
- * - SUCCESS
- * - NOT_FOUND if request doesn't have to be retransmited
+ * - SUCCESS
+ * - NOT_FOUND if request doesn't have to be retransmited
*/
status_t (*retransmit) (ike_sa_t *this, u_int32_t message_id);
@@ -728,8 +728,8 @@ struct ike_sa_t {
* other traffic was received.
*
* @return
- * - SUCCESS
- * - DESTROY_ME, if peer did not respond
+ * - SUCCESS
+ * - DESTROY_ME, if peer did not respond
*/
status_t (*send_dpd) (ike_sa_t *this);
@@ -769,11 +769,25 @@ struct ike_sa_t {
u_int32_t spi, bool inbound);
/**
- * Create an iterator over all CHILD_SAs.
+ * Get the number of CHILD_SAs.
*
- * @return iterator
+ * @return number of CHILD_SAs
*/
- iterator_t* (*create_child_sa_iterator) (ike_sa_t *this);
+ int (*get_child_count) (ike_sa_t *this);
+
+ /**
+ * Create an enumerator over all CHILD_SAs.
+ *
+ * @return enumerator
+ */
+ enumerator_t* (*create_child_sa_enumerator) (ike_sa_t *this);
+
+ /**
+ * Remove the CHILD_SA the given enumerator points to from this IKE_SA.
+ *
+ * @param enumerator enumerator pointing to CHILD_SA
+ */
+ void (*remove_child_sa) (ike_sa_t *this, enumerator_t *enumerator);
/**
* Rekey the CHILD SA with the specified reqid.
@@ -783,8 +797,8 @@ struct ike_sa_t {
* @param protocol protocol of the SA
* @param spi inbound SPI of the CHILD_SA
* @return
- * - NOT_FOUND, if IKE_SA has no such CHILD_SA
- * - SUCCESS, if rekeying initiated
+ * - NOT_FOUND, if IKE_SA has no such CHILD_SA
+ * - SUCCESS, if rekeying initiated
*/
status_t (*rekey_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi);
@@ -798,8 +812,8 @@ struct ike_sa_t {
* @param protocol protocol of the SA
* @param spi inbound SPI of the CHILD_SA
* @return
- * - NOT_FOUND, if IKE_SA has no such CHILD_SA
- * - SUCCESS, if delete message sent
+ * - NOT_FOUND, if IKE_SA has no such CHILD_SA
+ * - SUCCESS, if delete message sent
*/
status_t (*delete_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi);
@@ -811,8 +825,8 @@ struct ike_sa_t {
* @param protocol protocol of the SA
* @param spi inbound SPI of the CHILD_SA
* @return
- * - NOT_FOUND, if IKE_SA has no such CHILD_SA
- * - SUCCESS
+ * - NOT_FOUND, if IKE_SA has no such CHILD_SA
+ * - SUCCESS
*/
status_t (*destroy_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi);
@@ -929,8 +943,8 @@ struct ike_sa_t {
/**
* Creates an ike_sa_t object with a specific ID.
*
- * @param ike_sa_id ike_sa_id_t object to associate with new IKE_SA
- * @return ike_sa_t object
+ * @param ike_sa_id ike_sa_id_t object to associate with new IKE_SA
+ * @return ike_sa_t object
*/
ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id);
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 7f3ca7dd5..731ae6007 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1134,8 +1134,7 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*,
private_ike_sa_manager_t *this, u_int32_t id, bool child)
{
- enumerator_t *enumerator;
- iterator_t *children;
+ enumerator_t *enumerator, *children;
entry_t *entry;
ike_sa_t *ike_sa = NULL;
child_sa_t *child_sa;
@@ -1151,8 +1150,8 @@ METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*,
/* look for a child with such a reqid ... */
if (child)
{
- children = entry->ike_sa->create_child_sa_iterator(entry->ike_sa);
- while (children->iterate(children, (void**)&child_sa))
+ children = entry->ike_sa->create_child_sa_enumerator(entry->ike_sa);
+ while (children->enumerate(children, (void**)&child_sa))
{
if (child_sa->get_reqid(child_sa) == id)
{
@@ -1188,8 +1187,7 @@ METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*,
METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*,
private_ike_sa_manager_t *this, char *name, bool child)
{
- enumerator_t *enumerator;
- iterator_t *children;
+ enumerator_t *enumerator, *children;
entry_t *entry;
ike_sa_t *ike_sa = NULL;
child_sa_t *child_sa;
@@ -1203,8 +1201,8 @@ METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*,
/* look for a child with such a policy name ... */
if (child)
{
- children = entry->ike_sa->create_child_sa_iterator(entry->ike_sa);
- while (children->iterate(children, (void**)&child_sa))
+ children = entry->ike_sa->create_child_sa_enumerator(entry->ike_sa);
+ while (children->enumerate(children, (void**)&child_sa))
{
if (streq(child_sa->get_name(child_sa), name))
{
diff --git a/src/libcharon/sa/tasks/ike_mobike.c b/src/libcharon/sa/tasks/ike_mobike.c
index 5b12eaaac..eec68c6de 100644
--- a/src/libcharon/sa/tasks/ike_mobike.c
+++ b/src/libcharon/sa/tasks/ike_mobike.c
@@ -256,11 +256,11 @@ static void build_cookie(private_ike_mobike_t *this, message_t *message)
*/
static void update_children(private_ike_mobike_t *this)
{
- iterator_t *iterator;
+ enumerator_t *enumerator;
child_sa_t *child_sa;
- iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
- while (iterator->iterate(iterator, (void**)&child_sa))
+ enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
+ while (enumerator->enumerate(enumerator, (void**)&child_sa))
{
if (child_sa->update(child_sa,
this->ike_sa->get_my_host(this->ike_sa),
@@ -273,7 +273,7 @@ static void update_children(private_ike_mobike_t *this)
child_sa->get_spi(child_sa, TRUE));
}
}
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
}
/**
diff --git a/src/libcharon/sa/tasks/ike_reauth.c b/src/libcharon/sa/tasks/ike_reauth.c
index ac89c358b..b3423f91e 100644
--- a/src/libcharon/sa/tasks/ike_reauth.c
+++ b/src/libcharon/sa/tasks/ike_reauth.c
@@ -57,7 +57,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
{
ike_sa_t *new;
host_t *host;
- iterator_t *iterator;
+ enumerator_t *enumerator;
child_sa_t *child_sa;
peer_cfg_t *peer_cfg;
@@ -67,8 +67,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
/* reauthenticate only if we have children */
- iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
- if (iterator->get_count(iterator) == 0
+ if (this->ike_sa->get_child_count(this->ike_sa) == 0
#ifdef ME
/* we allow peers to reauth mediation connections (without children) */
&& !peer_cfg->is_mediation(peer_cfg)
@@ -76,7 +75,6 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
)
{
DBG1(DBG_IKE, "unable to reauthenticate IKE_SA, no CHILD_SA to recreate");
- iterator->destroy(iterator);
return FAILED;
}
@@ -110,14 +108,15 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
}
#endif /* ME */
- while (iterator->iterate(iterator, (void**)&child_sa))
+ enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
+ while (enumerator->enumerate(enumerator, (void**)&child_sa))
{
switch (child_sa->get_state(child_sa))
{
case CHILD_ROUTED:
{
/* move routed child directly */
- iterator->remove(iterator);
+ this->ike_sa->remove_child_sa(this->ike_sa, enumerator);
new->add_child_sa(new, child_sa);
break;
}
@@ -128,7 +127,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
child_cfg->get_ref(child_cfg);
if (new->initiate(new, child_cfg, 0, NULL, NULL) == DESTROY_ME)
{
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
charon->ike_sa_manager->checkin_and_destroy(
charon->ike_sa_manager, new);
/* set threads active IKE_SA after checkin */
@@ -140,7 +139,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
}
}
}
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
/* set threads active IKE_SA after checkin */
charon->bus->set_sa(charon->bus, this->ike_sa);
diff --git a/src/libcharon/sa/tasks/ike_rekey.c b/src/libcharon/sa/tasks/ike_rekey.c
index c055dabc1..826d6e192 100644
--- a/src/libcharon/sa/tasks/ike_rekey.c
+++ b/src/libcharon/sa/tasks/ike_rekey.c
@@ -147,8 +147,8 @@ METHOD(task_t, build_i, status_t,
METHOD(task_t, process_r, status_t,
private_ike_rekey_t *this, message_t *message)
{
+ enumerator_t *enumerator;
peer_cfg_t *peer_cfg;
- iterator_t *iterator;
child_sa_t *child_sa;
if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
@@ -157,8 +157,8 @@ METHOD(task_t, process_r, status_t,
return NEED_MORE;
}
- iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
- while (iterator->iterate(iterator, (void**)&child_sa))
+ enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
+ while (enumerator->enumerate(enumerator, (void**)&child_sa))
{
switch (child_sa->get_state(child_sa))
{
@@ -167,13 +167,13 @@ METHOD(task_t, process_r, status_t,
case CHILD_DELETING:
/* we do not allow rekeying while we have children in-progress */
DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open");
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
return NEED_MORE;
default:
break;
}
}
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
FALSE);
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 10:43:23 +0000