From f5812086f898543f8afcac29a3f26cc5f4b7bb02 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 14 Nov 2008 09:38:49 +0000 Subject: do not use public interface for functions which are local anyway --- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 111 ++++++++++----------- 1 file changed, 54 insertions(+), 57 deletions(-) (limited to 'src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c') diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 6a8c2e748..aa4dea9af 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -868,10 +868,9 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, * we are in the recursive call below */ if (ipcomp != IPCOMP_NONE && cpi != 0) { - this->public.interface.add_sa(&this->public.interface, - src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, 0, 0, - ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty, - mode, ipcomp, 0, FALSE, inbound); + add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, 0, 0, + ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty, + mode, ipcomp, 0, FALSE, inbound); ipcomp = IPCOMP_NONE; } @@ -1097,7 +1096,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETAE; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); - + aevent_id = (struct xfrm_aevent_id*)NLMSG_DATA(hdr); aevent_id->flags = XFRM_AE_RVAL; @@ -1162,6 +1161,46 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, return FAILED; } +/** + * Implementation of kernel_interface_t.del_sa. + */ +static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *dst, + u_int32_t spi, protocol_id_t protocol, u_int16_t cpi) +{ + unsigned char request[NETLINK_BUFFER_SIZE]; + struct nlmsghdr *hdr; + struct xfrm_usersa_id *sa_id; + + /* if IPComp was used, we first delete the additional IPComp SA */ + if (cpi) + { + del_sa(this, dst, htonl(ntohs(cpi)), IPPROTO_COMP, 0); + } + + memset(&request, 0, sizeof(request)); + + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); + + hdr = (struct nlmsghdr*)request; + hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; + hdr->nlmsg_type = XFRM_MSG_DELSA; + hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); + + sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); + host2xfrm(dst, &sa_id->daddr); + sa_id->spi = spi; + sa_id->proto = proto_ike2kernel(protocol); + sa_id->family = dst->get_family(dst); + + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) + { + DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); + return FAILED; + } + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi)); + return SUCCESS; +} + /** * Implementation of kernel_interface_t.update_sa. */ @@ -1179,27 +1218,26 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, struct rtattr *rta; size_t rtasize; struct xfrm_encap_tmpl* tmpl = NULL; - bool got_replay_state; + bool got_replay_state = FALSE; struct xfrm_replay_state replay; /* if IPComp is used, we first update the IPComp SA */ if (cpi) { - this->public.interface.update_sa(&this->public.interface, - htonl(ntohs(cpi)), IPPROTO_COMP, 0, - src, dst, new_src, new_dst, FALSE, FALSE); + update_sa(this, htonl(ntohs(cpi)), IPPROTO_COMP, 0, + src, dst, new_src, new_dst, FALSE, FALSE); } memset(&request, 0, sizeof(request)); DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi)); - + /* query the existing SA first */ hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - + sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); host2xfrm(dst, &sa_id->daddr); sa_id->spi = spi; @@ -1242,12 +1280,13 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, } /* try to get the replay state */ - got_replay_state = (get_replay_state( - this, spi, protocol, dst, &replay) == SUCCESS); + if (get_replay_state(this, spi, protocol, dst, &replay) == SUCCESS) + { + got_replay_state = TRUE; + } /* delete the old SA (without affecting the IPComp SA) */ - if (this->public.interface.del_sa(&this->public.interface, dst, spi, - protocol, 0) != SUCCESS) + if (del_sa(this, dst, spi, protocol, 0) != SUCCESS) { DBG1(DBG_KNL, "unable to delete old SAD entry with SPI %.8x", ntohl(spi)); free(out); @@ -1256,7 +1295,6 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); - /* copy over the SA from out to request */ hdr = (struct nlmsghdr*)request; memcpy(hdr, out, min(out->nlmsg_len, sizeof(request))); @@ -1343,47 +1381,6 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.del_sa. - */ -static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi) -{ - unsigned char request[NETLINK_BUFFER_SIZE]; - struct nlmsghdr *hdr; - struct xfrm_usersa_id *sa_id; - - /* if IPComp was used, we first delete the additional IPComp SA */ - if (cpi) - { - this->public.interface.del_sa(&this->public.interface, dst, - htonl(ntohs(cpi)), IPPROTO_COMP, 0); - } - - memset(&request, 0, sizeof(request)); - - DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); - - hdr = (struct nlmsghdr*)request; - hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; - hdr->nlmsg_type = XFRM_MSG_DELSA; - hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - - sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); - host2xfrm(dst, &sa_id->daddr); - sa_id->spi = spi; - sa_id->proto = proto_ike2kernel(protocol); - sa_id->family = dst->get_family(dst); - - if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) - { - DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); - return FAILED; - } - DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi)); - return SUCCESS; -} - /** * Implementation of kernel_interface_t.add_policy. */ -- cgit v1.2.3