ipsec-types: Add a proper hash function for ipsec_sa_cfg_t

While 3c1290510366 ("ipsec: Add function to compare two ipsec_sa_cfg_t
instances") added a comparison function to avoid issues with non-zeroed
padding, hashes were still calculated using chunk_hash().

diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 7a6d24b5ff25db3588a8768ff79a162786a4fa13..3c5d226ce81321e2a7eef01a4a25c05e30f98451 100644 (file)
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -407,7 +407,7 @@ static u_int ipsec_sa_hash(ipsec_sa_t *sa)
                                                  chunk_hash_inc(sa->dst->get_address(sa->dst),
                                                  chunk_hash_inc(chunk_from_thing(sa->mark),
                                                  chunk_hash_inc(chunk_from_thing(sa->if_id),
-                                                 chunk_hash(chunk_from_thing(sa->cfg))))));
+                                                 ipsec_sa_cfg_hash(&sa->cfg)))));
 }
 
 /**

diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 51a47b9f8564971b6188d2a9906efaf71b1b7205..fe14dc8ec9eb8d34eede9ea73a36d68806d05388 100644 (file)
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -347,7 +347,7 @@ static u_int ipsec_sa_hash(ipsec_sa_t *sa)
 {
        return chunk_hash_inc(sa->src->get_address(sa->src),
                                                  chunk_hash_inc(sa->dst->get_address(sa->dst),
-                                                 chunk_hash(chunk_from_thing(sa->cfg))));
+                                                 ipsec_sa_cfg_hash(&sa->cfg)));
 }
 
 /**

diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c
index 2f0f31abd4c8045975090da140f4d1432ba07927..0c581388f1a42688144e8959b441338764ef222f 100644 (file)
--- a/src/libstrongswan/ipsec/ipsec_types.c
+++ b/src/libstrongswan/ipsec/ipsec_types.c
@@ -50,6 +50,22 @@ ENUM(dscp_copy_names, DSCP_COPY_OUT_ONLY, DSCP_COPY_NO,
        "no",
 );
 
+/*
+ * See header
+ */
+u_int ipsec_sa_cfg_hash(ipsec_sa_cfg_t *this)
+{
+       return chunk_hash_inc(chunk_from_thing(this->mode),
+                       chunk_hash_inc(chunk_from_thing(this->reqid),
+                       chunk_hash_inc(chunk_from_thing(this->policy_count),
+                       chunk_hash_inc(chunk_from_thing(this->esp.use),
+                       chunk_hash_inc(chunk_from_thing(this->esp.spi),
+                       chunk_hash_inc(chunk_from_thing(this->ah.use),
+                       chunk_hash_inc(chunk_from_thing(this->ah.spi),
+                       chunk_hash_inc(chunk_from_thing(this->ipcomp.transform),
+                               chunk_hash(chunk_from_thing(this->ipcomp.cpi))))))))));
+}
+
 /*
  * See header
  */

diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
index 1c61fecfe863a5a35a6600a8d3ff9b3b7e7eae62..6aa29bdf10b1852ac483dadd8660d1d14a1e3afc 100644 (file)
--- a/src/libstrongswan/ipsec/ipsec_types.h
+++ b/src/libstrongswan/ipsec/ipsec_types.h
@@ -175,6 +175,14 @@ struct ipsec_sa_cfg_t {
        } ipcomp;
 };
 
+/**
+ * Hash an ipsec_sa_cfg_t object.
+ *
+ * @param this         object to hash
+ * @return                     hash value
+ */
+u_int ipsec_sa_cfg_hash(ipsec_sa_cfg_t *this);
+
 /**
  * Compare two ipsec_sa_cfg_t objects for equality.
  *