]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
child-sa: Add helper to check if a list of TS match negotiated TS
authorTobias Brunner <tobias@strongswan.org>
Wed, 2 Apr 2025 12:39:38 +0000 (14:39 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 28 May 2025 14:01:00 +0000 (16:01 +0200)
src/libcharon/sa/child_sa.c
src/libcharon/sa/child_sa.h

index 8dbdd605590a19c93d68f7cdd3e97bf2794d9908..2dfae0efb4615d355b955b7be21f6e8bd2719904 100644 (file)
@@ -2219,6 +2219,29 @@ static bool is_ts_match(traffic_selector_t *to_check, array_t *list)
        return FALSE;
 }
 
+/**
+ * Check if all given traffic selectors are contained in any of the traffic
+ * selectors in the given list.
+ */
+static bool is_ts_list_match(traffic_selector_list_t *to_check, array_t *list)
+{
+       enumerator_t *enumerator;
+       traffic_selector_t *ts;
+       bool matched = TRUE;
+
+       enumerator = to_check->create_enumerator(to_check);
+       while (enumerator->enumerate(enumerator, &ts))
+       {
+               if (!is_ts_match(ts, list))
+               {
+                       matched = FALSE;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       return matched;
+}
+
 /*
  * Described in header
  */
@@ -2231,3 +2254,16 @@ bool child_sa_ts_match(child_sa_t *child, traffic_selector_t *src,
                   is_ts_match(src, this->my_ts) &&
                   is_ts_match(dst, this->other_ts);
 }
+
+/*
+ * Described in header
+ */
+bool child_sa_ts_lists_match(child_sa_t *child, traffic_selector_list_t *src,
+                                                        traffic_selector_list_t *dst)
+{
+       private_child_sa_t *this = (private_child_sa_t*)child;
+
+       return src && dst &&
+                  is_ts_list_match(src, this->my_ts) &&
+                  is_ts_list_match(dst, this->other_ts);
+}
index da2055b032483ec6fed09fd7b34b306e643ed609..57d3458575c448020a15c9cf6f8f42a68b0485fd 100644 (file)
@@ -607,4 +607,17 @@ child_sa_t *child_sa_create(host_t *me, host_t *other, child_cfg_t *config,
 bool child_sa_ts_match(child_sa_t *this, traffic_selector_t *src,
                                           traffic_selector_t *dst);
 
+/**
+ * Check if the given lists of source and destination traffic selectors (e.g.
+ * from a previous SA) match the negotiated local and remote traffic
+ * selectors of this child SA.
+ *
+ * @param this                         CHILD_SA to check traffic selectors against
+ * @param src                          source traffic selector list
+ * @param dst                          destination traffic selector list
+ * @return                                     TRUE if all traffic selectors match
+ */
+bool child_sa_ts_lists_match(child_sa_t *this, traffic_selector_list_t *src,
+                                                        traffic_selector_list_t *dst);
+
 #endif /** CHILD_SA_H_ @}*/