#include "nat_traversal.h"
#include "virtual.h"
-static void flush_pending_by_connection(struct connection *c); /* forward */
+static void flush_pending_by_connection(connection_t *c); /* forward */
-static struct connection *connections = NULL;
+static connection_t *connections = NULL;
/* struct host_pair: a nexus of information about a pair of hosts.
* A host is an IP address, UDP port pair. This is a debatable choice:
u_int16_t port; /* host order */
} me, him;
bool initial_connection_sent;
- struct connection *connections; /* connections with this pair */
+ connection_t *connections; /* connections with this pair */
struct pending *pending; /* awaiting Keying Channel */
struct host_pair *next;
};
static struct host_pair *host_pairs = NULL;
-static struct connection *unoriented_connections = NULL;
+static connection_t *unoriented_connections = NULL;
/* check to see that Ids of peers match */
-bool same_peer_ids(const struct connection *c, const struct connection *d,
+bool same_peer_ids(const connection_t *c, const connection_t *d,
const struct id *his_id)
{
return same_id(&c->spd.this.id, &d->spd.this.id)
}
/* find head of list of connections with this pair of hosts */
-static struct connection *find_host_pair_connections(const ip_address *myaddr,
+static connection_t *find_host_pair_connections(const ip_address *myaddr,
u_int16_t myport,
const ip_address *hisaddr,
u_int16_t hisport)
if (nat_traversal_enabled && hp && hisaddr)
{
- struct connection *c;
+ connection_t *c;
for (c = hp->connections; c != NULL; c = c->hp_next)
{
return hp == NULL? NULL : hp->connections;
}
-static void connect_to_host_pair(struct connection *c)
+static void connect_to_host_pair(connection_t *c)
{
if (oriented(*c))
{
* Move the winner (if any) to the front.
* If none is found, and strict, a diagnostic is logged to whack.
*/
-struct connection *con_by_name(const char *nm, bool strict)
+connection_t *con_by_name(const char *nm, bool strict)
{
- struct connection *p, *prev;
+ connection_t *p, *prev;
for (prev = NULL, p = connections; ; prev = p, p = p->ac_next)
{
return p;
}
-void release_connection(struct connection *c, bool relations)
+void release_connection(connection_t *c, bool relations)
{
if (c->kind == CK_INSTANCE)
{
}
-void delete_connection(struct connection *c, bool relations)
+void delete_connection(connection_t *c, bool relations)
{
- struct connection *old_cur_connection
+ connection_t *old_cur_connection
= cur_connection == c? NULL : cur_connection;
#ifdef DEBUG
lset_t old_cur_debugging = cur_debugging;
perpeer_logfree(c);
/* find and delete c from connections list */
- list_rm(struct connection, ac_next, c, connections);
+ list_rm(connection_t, ac_next, c, connections);
cur_connection = old_cur_connection;
/* find and delete c from the host pair list */
if (c->host_pair == NULL)
{
if (c->ikev1)
- list_rm(struct connection, hp_next, c, unoriented_connections);
+ list_rm(connection_t, hp_next, c, unoriented_connections);
}
else
{
struct host_pair *hp = c->host_pair;
- list_rm(struct connection, hp_next, c, hp->connections);
+ list_rm(connection_t, hp_next, c, hp->connections);
c->host_pair = NULL; /* redundant, but safe */
/* if there are no more connections with this host_pair
/* Delete connections with the specified name */
void delete_connections_by_name(const char *name, bool strict)
{
- struct connection *c = con_by_name(name, strict);
+ connection_t *c = con_by_name(name, strict);
for (; c != NULL; c = con_by_name(name, FALSE))
delete_connection(c, FALSE);
for (hp = host_pairs; hp != NULL; hp = hp->next)
{
- struct connection **pp
+ connection_t **pp
, *p;
for (pp = &hp->connections; (p = *pp) != NULL; )
{
/* try to orient all the unoriented connections */
{
- struct connection *c = unoriented_connections;
+ connection_t *c = unoriented_connections;
unoriented_connections = NULL;
while (c != NULL)
{
- struct connection *nxt = c->hp_next;
+ connection_t *nxt = c->hp_next;
(void)orient(c);
connect_to_host_pair(c);
* cost of leaving it is slight and cannot
* be induced by a foe).
*/
- struct connection *c = hp->connections;
+ connection_t *c = hp->connections;
hp->connections = NULL;
while (c != NULL)
{
- struct connection *nxt = c->hp_next;
+ connection_t *nxt = c->hp_next;
c->interface = NULL;
(void)orient(c);
#define CONNECTION_BUF (2 * (END_BUF - 1) + 4)
static size_t format_connection(char *buf, size_t buf_len,
- const struct connection *c,
+ const connection_t *c,
struct spd_route *sr)
{
size_t w = format_end(buf, buf_len, &sr->this, &sr->that, TRUE, LEMPTY);
return w + format_end(buf + w, buf_len - w, &sr->that, &sr->this, FALSE, c->policy);
}
-static void unshare_connection_strings(struct connection *c)
+static void unshare_connection_strings(connection_t *c)
{
c->name = clone_str(c->name);
return TRUE; /* happy */
}
-struct connection *find_connection_by_reqid(uint32_t reqid)
+connection_t *find_connection_by_reqid(uint32_t reqid)
{
- struct connection *c;
+ connection_t *c;
reqid &= ~3;
for (c = connections; c != NULL; c = c->ac_next)
&& check_connection_end(&wm->left, &wm->right, wm))
{
bool same_rightca, same_leftca;
- struct connection *c = malloc_thing(struct connection);
+ connection_t *c = malloc_thing(connection_t);
zero(c);
c->name = wm->name;
* Returns name of new connection. May be NULL.
* Caller is responsible for freeing.
*/
-char *add_group_instance(struct connection *group, const ip_subnet *target)
+char *add_group_instance(connection_t *group, const ip_subnet *target)
{
- char namebuf[100]
- , targetbuf[SUBNETTOT_BUF];
- struct connection *t;
+ char namebuf[100], targetbuf[SUBNETTOT_BUF];
+ connection_t *t;
char *name = NULL;
passert(group->kind == CK_GROUP);
}
/* an old target has disappeared for a group: delete instance */
-void remove_group_instance(const struct connection *group USED_BY_DEBUG,
+void remove_group_instance(const connection_t *group USED_BY_DEBUG,
const char *name)
{
passert(group->kind == CK_GROUP);
*
* Note that instantiate can only deal with a single SPD/eroute.
*/
-static struct connection *instantiate(struct connection *c,
- const ip_address *him, u_int16_t his_port,
- const struct id *his_id)
+static connection_t *instantiate(connection_t *c,
+ const ip_address *him, u_int16_t his_port,
+ const struct id *his_id)
{
- struct connection *d;
+ connection_t *d;
int wildcards;
passert(c->kind == CK_TEMPLATE);
}
}
-struct connection *rw_instantiate(struct connection *c, const ip_address *him,
- u_int16_t his_port, const ip_subnet *his_net,
- const struct id *his_id)
+connection_t *rw_instantiate(connection_t *c, const ip_address *him,
+ u_int16_t his_port, const ip_subnet *his_net,
+ const struct id *his_id)
{
- struct connection *d = instantiate(c, him, his_port, his_id);
+ connection_t *d = instantiate(c, him, his_port, his_id);
if (d && his_net && is_virtual_connection(c))
{
return d;
}
-struct connection *oppo_instantiate(struct connection *c, const ip_address *him,
- const struct id *his_id, struct gw_info *gw,
- const ip_address *our_client USED_BY_DEBUG,
- const ip_address *peer_client)
+connection_t *oppo_instantiate(connection_t *c, const ip_address *him,
+ const struct id *his_id, struct gw_info *gw,
+ const ip_address *our_client USED_BY_DEBUG,
+ const ip_address *peer_client)
{
- struct connection *d = instantiate(c, him, 0, his_id);
+ connection_t *d = instantiate(c, him, 0, his_id);
passert(d->spd.next == NULL);
return strlen(buf);
}
-void fmt_conn_instance(const struct connection *c, char buf[CONN_INST_BUF])
+void fmt_conn_instance(const connection_t *c, char buf[CONN_INST_BUF])
{
char *p = buf;
*
* See also build_outgoing_opportunistic_connection.
*/
-struct connection *find_connection_for_clients(struct spd_route **srp,
- const ip_address *our_client,
- const ip_address *peer_client,
- int transport_proto)
+connection_t *find_connection_for_clients(struct spd_route **srp,
+ const ip_address *our_client,
+ const ip_address *peer_client,
+ int transport_proto)
{
- struct connection *c = connections, *best = NULL;
+ connection_t *c = connections, *best = NULL;
policy_prio_t best_prio = BOTTOM_PRIO;
struct spd_route *sr;
struct spd_route *best_sr = NULL;
* find_connection_for_clients. In this case, we know the gateways
* that we need to instantiate an opportunistic connection.
*/
-struct connection *build_outgoing_opportunistic_connection(struct gw_info *gw,
+connection_t *build_outgoing_opportunistic_connection(struct gw_info *gw,
const ip_address *our_client,
const ip_address *peer_client)
{
struct iface *p;
- struct connection *best = NULL;
+ connection_t *best = NULL;
struct spd_route *sr, *bestsr;
char ocb[ADDRTOT_BUF], pcb[ADDRTOT_BUF];
* We cannot know what port the peer would use, so we assume
* that it is pluto_port (makes debugging easier).
*/
- struct connection *c = find_host_pair_connections(&p->addr
- , pluto_port, (ip_address *)NULL, pluto_port);
+ connection_t *c = find_host_pair_connections(&p->addr, pluto_port,
+ (ip_address *)NULL, pluto_port);
for (; c != NULL; c = c->hp_next)
{
, our_client, peer_client);
}
-bool orient(struct connection *c)
+bool orient(connection_t *c)
{
struct spd_route *sr;
void initiate_connection(const char *name, int whackfd)
{
- struct connection *c = con_by_name(name, TRUE);
+ connection_t *c = con_by_name(name, TRUE);
if (c != NULL && c->ikev1)
{
struct find_oppo_bundle b;
};
-static void cannot_oppo(struct connection *c, struct find_oppo_bundle *b,
- err_t ugh)
+static void cannot_oppo(connection_t *c, struct find_oppo_bundle *b, err_t ugh)
{
char pcb[ADDRTOT_BUF];
char ocb[ADDRTOT_BUF];
{
/* there is some policy that comes afterwards */
struct spd_route *shunt_spd;
- struct connection *nc = c->policy_next;
+ connection_t *nc = c->policy_next;
struct state *st;
passert(c->kind == CK_TEMPLATE);
static void continue_oppo(struct adns_continuation *acr, err_t ugh)
{
struct find_oppo_continuation *cr = (void *)acr; /* inherit, damn you! */
- struct connection *c;
+ connection_t *c;
bool was_held = cr->b.held;
int whackfd = cr->b.whackfd;
}
#ifdef USE_KEYRR
-static err_t check_key_recs(enum myid_state try_state,
- const struct connection *c,
+static err_t check_key_recs(enum myid_state try_state, const connection_t *c,
struct adns_continuation *ac)
{
/* Check if KEY lookup yielded good results.
}
#endif /* USE_KEYRR */
-static err_t check_txt_recs(enum myid_state try_state,
- const struct connection *c,
+static err_t check_txt_recs(enum myid_state try_state, const connection_t *c,
struct adns_continuation *ac)
{
/* Check if TXT lookup yielded good results.
struct adns_continuation *ac,
err_t ac_ugh)
{
- struct connection *c;
+ connection_t *c;
struct spd_route *sr;
/* What connection shall we use?
/* Loop because more than one may match (master and instances)
* But at least one is required (enforced by con_by_name).
*/
- struct connection *c = con_by_name(nm, TRUE);
+ connection_t *c = con_by_name(nm, TRUE);
if (c == NULL || !c->ikev1)
return;
do
{
- struct connection *n = c->ac_next; /* grab this before c might disappear */
+ connection_t *n = c->ac_next; /* grab this before c might disappear */
if (streq(c->name, nm)
&& c->kind >= CK_PERMANENT
*/
bool uniqueIDs = FALSE; /* --uniqueids? */
-void ISAKMP_SA_established(struct connection *c, so_serial_t serial)
+void ISAKMP_SA_established(connection_t *c, so_serial_t serial)
{
c->newest_isakmp_sa = serial;
/* for all connections: if the same Phase 1 IDs are used
* for a different IP address, unorient that connection.
*/
- struct connection *d;
+ connection_t *d;
for (d = connections; d != NULL; )
{
- struct connection *next = d->ac_next; /* might move underneath us */
+ connection_t *next = d->ac_next; /* might move underneath us */
if (d->kind >= CK_PERMANENT
&& same_id(&c->spd.this.id, &d->spd.this.id)
* The return value is used to find other connections sharing a route.
* *erop is used to find other connections sharing an eroute.
*/
-struct connection *route_owner(struct connection *c, struct spd_route **srp,
- struct connection **erop, struct spd_route **esrp)
+connection_t *route_owner(connection_t *c, struct spd_route **srp,
+ connection_t **erop, struct spd_route **esrp)
{
- struct connection *d
+ connection_t *d
, *best_ro = c
, *best_ero = c;
struct spd_route *srd, *src;
* There ought to be only one.
* This might get to be a bottleneck -- try hashing if it does.
*/
-struct connection *shunt_owner(const ip_subnet *ours, const ip_subnet *his)
+connection_t *shunt_owner(const ip_subnet *ours, const ip_subnet *his)
{
- struct connection *c;
+ connection_t *c;
struct spd_route *sr;
for (c = connections; c != NULL; c = c->ac_next)
* We don't know enough to chose amongst those available.
* ??? no longer usefully different from find_host_pair_connections
*/
-struct connection *find_host_connection(const ip_address *me, u_int16_t my_port,
- const ip_address *him, u_int16_t his_port,
- lset_t policy)
+connection_t *find_host_connection(const ip_address *me, u_int16_t my_port,
+ const ip_address *him, u_int16_t his_port,
+ lset_t policy)
{
- struct connection *c = find_host_pair_connections(me, my_port, him, his_port);
+ connection_t *c = find_host_pair_connections(me, my_port, him, his_port);
if (policy != LEMPTY)
{
*/
#define PRIO_NO_MATCH_FOUND 2048
-struct connection *refine_host_connection(const struct state *st,
- const struct id *peer_id,
- chunk_t peer_ca)
+connection_t *refine_host_connection(const struct state *st,
+ const struct id *peer_id,
+ chunk_t peer_ca)
{
- struct connection *c = st->st_connection;
- struct connection *d;
- struct connection *best_found = NULL;
+ connection_t *c = st->st_connection;
+ connection_t *d;
+ connection_t *best_found = NULL;
u_int16_t auth = st->st_oakley.auth;
lset_t auth_policy = POLICY_PSK;
const chunk_t *psk = NULL;
static bool is_virtual_net_used(const ip_subnet *peer_net,
const struct id *peer_id)
{
- struct connection *d;
+ connection_t *d;
for (d = connections; d != NULL; d = d->ac_next)
{
#define PRIO_WEIGHT (MAX_WILDCARDS+1)*WILD_WEIGHT
/* fc_try: a helper function for find_client_connection */
-static struct connection *fc_try(const struct connection *c,
- struct host_pair *hp,
- const struct id *peer_id,
- const ip_subnet *our_net,
- const ip_subnet *peer_net,
- const u_int8_t our_protocol,
- const u_int16_t our_port,
- const u_int8_t peer_protocol,
- const u_int16_t peer_port,
- chunk_t peer_ca,
- const ietfAttrList_t *peer_list)
+static connection_t *fc_try(const connection_t *c, struct host_pair *hp,
+ const struct id *peer_id,
+ const ip_subnet *our_net,
+ const ip_subnet *peer_net,
+ const u_int8_t our_protocol,
+ const u_int16_t our_port,
+ const u_int8_t peer_protocol,
+ const u_int16_t peer_port,
+ chunk_t peer_ca,
+ const ietfAttrList_t *peer_list)
{
- struct connection *d;
- struct connection *best = NULL;
+ connection_t *d;
+ connection_t *best = NULL;
policy_prio_t best_prio = BOTTOM_PRIO;
int wildcards, pathlen;
return best;
}
-static struct connection *fc_try_oppo(const struct connection *c,
- struct host_pair *hp,
- const ip_subnet *our_net,
- const ip_subnet *peer_net,
- const u_int8_t our_protocol,
- const u_int16_t our_port,
- const u_int8_t peer_protocol,
- const u_int16_t peer_port,
- chunk_t peer_ca,
- const ietfAttrList_t *peer_list)
+static connection_t *fc_try_oppo(const connection_t *c,
+ struct host_pair *hp,
+ const ip_subnet *our_net,
+ const ip_subnet *peer_net,
+ const u_int8_t our_protocol,
+ const u_int16_t our_port,
+ const u_int8_t peer_protocol,
+ const u_int16_t peer_port,
+ chunk_t peer_ca,
+ const ietfAttrList_t *peer_list)
{
- struct connection *d;
- struct connection *best = NULL;
+ connection_t *d;
+ connection_t *best = NULL;
policy_prio_t best_prio = BOTTOM_PRIO;
int wildcards, pathlen;
/*
* get the peer's CA and group attributes
*/
-chunk_t get_peer_ca_and_groups(struct connection *c,
- const ietfAttrList_t **peer_list)
+chunk_t get_peer_ca_and_groups(connection_t *c, const ietfAttrList_t **peer_list)
{
struct state *p1st = find_phase1_state(c, ISAKMP_SA_ESTABLISHED_STATES);
return chunk_empty;
}
-struct connection *find_client_connection(struct connection *c,
- const ip_subnet *our_net,
- const ip_subnet *peer_net,
- const u_int8_t our_protocol,
- const u_int16_t our_port,
- const u_int8_t peer_protocol,
- const u_int16_t peer_port)
+connection_t *find_client_connection(connection_t *c,
+ const ip_subnet *our_net,
+ const ip_subnet *peer_net,
+ const u_int8_t our_protocol,
+ const u_int16_t our_port,
+ const u_int8_t peer_protocol,
+ const u_int16_t peer_port)
{
- struct connection *d;
+ connection_t *d;
struct spd_route *sr;
const ietfAttrList_t *peer_list = NULL;
* but even greater priority to a routed concrete connection
*/
{
- struct connection *unrouted = NULL;
+ connection_t *unrouted = NULL;
int srnum = -1;
for (sr = &c->spd; unrouted == NULL && sr != NULL; sr = sr->next)
return d;
}
-int connection_compare(const struct connection *ca, const struct connection *cb)
+int connection_compare(const connection_t *ca, const connection_t *cb)
{
int ret;
static int connection_compare_qsort(const void *a, const void *b)
{
- return connection_compare(*(const struct connection *const *)a
- , *(const struct connection *const *)b);
+ return connection_compare(*(const connection_t *const *)a
+ , *(const connection_t *const *)b);
}
void show_connections_status(bool all, const char *name)
{
- struct connection *c;
+ connection_t *c;
int count, i;
- struct connection **array;
+ connection_t **array;
/* make an array of connections, and sort it */
count = 0;
if (c->ikev1 && (name == NULL || streq(c->name, name)))
count++;
}
- array = malloc(sizeof(struct connection *)*count);
+ array = malloc(sizeof(connection_t *)*count);
count=0;
for (c = connections; c != NULL; c = c->ac_next)
}
/* sort it! */
- qsort(array, count, sizeof(struct connection *), connection_compare_qsort);
+ qsort(array, count, sizeof(connection_t *), connection_compare_qsort);
for (i = 0; i < count; i++)
{
struct pending {
int whack_sock;
struct state *isakmp_sa;
- struct connection *connection;
+ connection_t *connection;
lset_t policy;
unsigned long try;
so_serial_t replacing;
};
/* queue a Quick Mode negotiation pending completion of a suitable Main Mode */
-void add_pending(int whack_sock, struct state *isakmp_sa, struct connection *c,
+void add_pending(int whack_sock, struct state *isakmp_sa, connection_t *c,
lset_t policy, unsigned long try, so_serial_t replacing)
{
bool already_queued = FALSE;
}
/* a connection has been deleted; discard any related pending */
-static void flush_pending_by_connection(struct connection *c)
+static void flush_pending_by_connection(connection_t *c)
{
if (c->host_pair != NULL)
{
* We must be careful to avoid circularity:
* we don't touch it if it is CK_GOING_AWAY.
*/
-void connection_discard(struct connection *c)
+void connection_discard(connection_t *c)
{
if (c->kind == CK_INSTANCE)
{
long eclipse_count = 0;
-struct connection *eclipsed(struct connection *c, struct spd_route **esrp)
+connection_t *eclipsed(connection_t *c, struct spd_route **esrp)
{
- struct connection *ue;
+ connection_t *ue;
struct spd_route *sr1 = &c->spd;
ue = NULL;
uint32_t reqid;
};
+typedef struct connection connection_t;
+
struct connection {
char *name;
bool ikev1;
sa_family_t addr_family; /* between gateways */
sa_family_t tunnel_addr_family; /* between clients */
- struct connection *policy_next; /* if multiple policies,
+ connection_t *policy_next; /* if multiple policies,
next one to apply */
struct gw_info *gw_info;
struct alg_info_ike *alg_info_ike;
struct host_pair *host_pair;
- struct connection *hp_next; /* host pair list link */
-
- struct connection *ac_next; /* all connections list link */
+ connection_t *hp_next; /* host pair list link */
+ connection_t *ac_next; /* all connections list link */
generalName_t *requested_ca; /* collected certificate requests */
bool got_certrequest;
};
#define oriented(c) ((c).interface != NULL)
-extern bool orient(struct connection *c);
+extern bool orient(connection_t *c);
-extern bool same_peer_ids(const struct connection *c
- , const struct connection *d, const struct id *his_id);
+extern bool same_peer_ids(const connection_t *c, const connection_t *d,
+ const struct id *his_id);
/* Format the topology of a connection end, leaving out defaults.
* Largest left end looks like: client === host : port [ host_id ] --- hop
* Note: if that==NULL, skip nexthop
*/
#define END_BUF (SUBNETTOT_BUF + ADDRTOT_BUF + IDTOA_BUF + ADDRTOT_BUF + 10)
-extern size_t format_end(char *buf, size_t buf_len
- , const struct end *this, const struct end *that
- , bool is_left, lset_t policy);
+extern size_t format_end(char *buf, size_t buf_len, const struct end *this,
+ const struct end *that, bool is_left, lset_t policy);
extern void add_connection(const whack_message_t *wm);
extern void initiate_connection(const char *name, int whackfd);
-extern void initiate_opportunistic(const ip_address *our_client
- , const ip_address *peer_client, int transport_proto, bool held, int whackfd);
+extern void initiate_opportunistic(const ip_address *our_client,
+ const ip_address *peer_client,
+ int transport_proto, bool held, int whackfd);
extern void terminate_connection(const char *nm);
-extern void release_connection(struct connection *c, bool relations);
-extern void delete_connection(struct connection *c, bool relations);
+extern void release_connection(connection_t *c, bool relations);
+extern void delete_connection(connection_t *c, bool relations);
extern void delete_connections_by_name(const char *name, bool strict);
extern void delete_every_connection(void);
-extern char *add_group_instance(struct connection *group, const ip_subnet *target);
-extern void remove_group_instance(const struct connection *group, const char *name);
+extern char *add_group_instance(connection_t *group, const ip_subnet *target);
+extern void remove_group_instance(const connection_t *group, const char *name);
extern void release_dead_interfaces(void);
extern void check_orientations(void);
-extern struct connection *route_owner(struct connection *c
- , struct spd_route **srp
- , struct connection **erop
- , struct spd_route **esrp);
-extern struct connection *shunt_owner(const ip_subnet *ours
- , const ip_subnet *his);
+extern connection_t *route_owner(connection_t *c, struct spd_route **srp,
+ connection_t **erop, struct spd_route **esrp);
+extern connection_t *shunt_owner(const ip_subnet *ours, const ip_subnet *his);
extern bool uniqueIDs; /* --uniqueids? */
-extern void ISAKMP_SA_established(struct connection *c, so_serial_t serial);
+extern void ISAKMP_SA_established(connection_t *c, so_serial_t serial);
#define his_id_was_instantiated(c) ((c)->kind == CK_INSTANCE \
&& (id_is_ipaddr(&(c)->spd.that.id)? \
sameaddr(&(c)->spd.that.id.ip_addr, &(c)->spd.that.host_addr) : TRUE))
struct state; /* forward declaration of tag (defined in state.h) */
-extern struct connection
+extern connection_t
*con_by_name(const char *nm, bool strict),
*find_host_connection(const ip_address *me, u_int16_t my_port
, const ip_address *him, u_int16_t his_port, lset_t policy),
*refine_host_connection(const struct state *st, const struct id *id
, chunk_t peer_ca),
- *find_client_connection(struct connection *c
+ *find_client_connection(connection_t *c
, const ip_subnet *our_net
, const ip_subnet *peer_net
, const u_int8_t our_protocol
, const u_int16_t peer_port),
*find_connection_by_reqid(uint32_t reqid);
-extern struct connection *
+extern connection_t *
find_connection_for_clients(struct spd_route **srp
, const ip_address *our_client
, const ip_address *peer_client
, int transport_proto);
-extern chunk_t get_peer_ca_and_groups(struct connection *c
+extern chunk_t get_peer_ca_and_groups(connection_t *c
, const ietfAttrList_t **peer_list);
/* instantiating routines
*/
struct gw_info; /* forward declaration of tag (defined in dnskey.h) */
struct alg_info; /* forward declaration of tag (defined in alg_info.h) */
-extern struct connection *rw_instantiate(struct connection *c
+extern connection_t *rw_instantiate(connection_t *c
, const ip_address *him
, u_int16_t his_port
, const ip_subnet *his_net
, const struct id *his_id);
-extern struct connection *oppo_instantiate(struct connection *c
+extern connection_t *oppo_instantiate(connection_t *c
, const ip_address *him
, const struct id *his_id
, struct gw_info *gw
, const ip_address *our_client
, const ip_address *peer_client);
-extern struct connection
+extern connection_t
*build_outgoing_opportunistic_connection(struct gw_info *gw
, const ip_address *our_client
, const ip_address *peer_client);
#define CONN_INST_BUF \
(2 + 10 + 1 + SUBNETTOT_BUF + 7 + ADDRTOT_BUF + 3 + SUBNETTOT_BUF + 1)
-extern void fmt_conn_instance(const struct connection *c
+extern void fmt_conn_instance(const connection_t *c
, char buf[CONN_INST_BUF]);
/* operations on "pending", the structure representing Quick Mode
extern void add_pending(int whack_sock
, struct state *isakmp_sa
- , struct connection *c
+ , connection_t *c
, lset_t policy
, unsigned long try
, so_serial_t replacing);
extern void flush_pending_by_state(struct state *st);
extern void show_pending_phase2(const struct host_pair *hp, const struct state *st);
-extern void connection_discard(struct connection *c);
+extern void connection_discard(connection_t *c);
/* A template connection's eroute can be eclipsed by
* either a %hold or an eroute for an instance iff
*/
#define eclipsable(sr) (subnetishost(&(sr)->this.client) && subnetishost(&(sr)->that.client))
extern long eclipse_count;
-extern struct connection *eclipsed(struct connection *c, struct spd_route **);
+extern connection_t *eclipsed(connection_t *c, struct spd_route **);
/* print connection status */
extern void show_connections_status(bool all, const char *name);
-extern int connection_compare(const struct connection *ca
- , const struct connection *cb);
-extern void update_host_pair(const char *why, struct connection *c
+extern int connection_compare(const connection_t *ca
+ , const connection_t *cb);
+extern void update_host_pair(const char *why, connection_t *c
, const ip_address *myaddr, u_int16_t myport
, const ip_address *hisaddr, u_int16_t hisport);
bool
send_packet(struct state *st, const char *where)
{
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
int port_buf;
bool err;
u_int8_t ike_pkt[MAX_OUTPUT_UDP_SIZE];
time_t delay = UNDEFINED_TIME;
enum event_type kind = smc->timeout_event;
bool agreed_time = FALSE;
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
switch (kind)
{
struct fg_groups {
struct fg_groups *next;
- struct connection *connection;
+ connection_t *connection;
};
static struct fg_groups *groups = NULL;
* It returns -1, 0, or +1 if a is, respectively,
* less than, equal to, or greater than b.
*/
-static int
-ipcmp(ip_address *a, ip_address *b)
+static int ipcmp(ip_address *a, ip_address *b)
{
if (addrtypeof(a) != addrtypeof(b))
{
* It returns -1, 0, or +1 if a is, respectively,
* less than, equal to, or greater than b.
*/
-static int
-subnetcmp(const ip_subnet *a, const ip_subnet *b)
+static int subnetcmp(const ip_subnet *a, const ip_subnet *b)
{
ip_address neta, maska, netb, maskb;
int r;
return r;
}
-static void
-read_foodgroup(struct fg_groups *g)
+static void read_foodgroup(struct fg_groups *g)
{
const char *fgn = g->connection->name;
const ip_subnet *lsn = &g->connection->spd.this.client;
}
}
-static void
-free_targets(void)
+static void free_targets(void)
{
while (targets != NULL)
{
}
}
-void
-load_groups(void)
+void load_groups(void)
{
passert(new_targets == NULL);
}
-void
-add_group(struct connection *c)
+void add_group(connection_t *c)
{
struct fg_groups *g = malloc_thing(struct fg_groups);
g->connection = c;
}
-static struct fg_groups *
-find_group(const struct connection *c)
+static struct fg_groups *find_group(const connection_t *c)
{
struct fg_groups *g;
return g;
}
-void
-route_group(struct connection *c)
+void route_group(connection_t *c)
{
/* it makes no sense to route a connection that is ISAKMP-only */
if (!NEVER_NEGOTIATE(c->policy) && !HAS_IPSEC_POLICY(c->policy))
{
if (t->group == g)
{
- struct connection *ci = con_by_name(t->name, FALSE);
+ connection_t *ci = con_by_name(t->name, FALSE);
if (ci != NULL)
{
}
}
-void
-unroute_group(struct connection *c)
+void unroute_group(connection_t *c)
{
struct fg_groups *g = find_group(c);
struct fg_targets *t;
{
if (t->group == g)
{
- struct connection *ci = con_by_name(t->name, FALSE);
+ connection_t *ci = con_by_name(t->name, FALSE);
if (ci != NULL)
{
}
}
-void
-delete_group(const struct connection *c)
+void delete_group(const connection_t *c)
{
struct fg_groups *g;
/**
* Get pfsgroup for this connection
*/
-const struct dh_desc *ike_alg_pfsgroup(struct connection *c, lset_t policy)
+const struct dh_desc *ike_alg_pfsgroup(connection_t *c, lset_t policy)
{
const struct dh_desc *ret = NULL;
/**
* Create an OAKLEY proposal based on alg_info and policy
*/
-struct db_context *ike_alg_db_new(struct connection *c, lset_t policy)
+struct db_context *ike_alg_db_new(connection_t *c, lset_t policy)
{
struct alg_info_ike *ai = c->alg_info_ike;
struct db_context *db_ctx = NULL;
* Show IKE algorithms for this connection (result from ike= string)
* and newest SA
*/
-void ike_alg_show_connection(struct connection *c, const char *instance)
+void ike_alg_show_connection(connection_t *c, const char *instance)
{
struct state *st = state_with_serialno(c->newest_isakmp_sa);
static bool collect_rw_ca_candidates(struct msg_digest *md, generalName_t **top)
{
- struct connection *d = find_host_connection(&md->iface->addr
+ connection_t *d = find_host_connection(&md->iface->addr
, pluto_port, (ip_address*)NULL, md->sender_port, LEMPTY);
for (; d != NULL; d = d->hp_next)
* st_connection->interface
*/
struct state st;
- struct connection cnx;
+ connection_t cnx;
passert(md);
}
else
{
- struct connection *oldc;
+ connection_t *oldc;
oldc = cur_connection;
set_cur_connection(dst->st_connection);
}
else
{
- struct connection *rc = dst->st_connection;
- struct connection *oldc;
+ connection_t *rc = dst->st_connection;
+ connection_t *oldc;
oldc = cur_connection;
set_cur_connection(rc);
* Note: this is not called from demux.c
*/
static stf_status
-main_outI1(int whack_sock, struct connection *c, struct state *predecessor
+main_outI1(int whack_sock, connection_t *c, struct state *predecessor
, lset_t policy, unsigned long try)
{
struct state *st = new_state();
return STF_OK;
}
-void ipsecdoi_initiate(int whack_sock, struct connection *c, lset_t policy,
+void ipsecdoi_initiate(int whack_sock, connection_t *c, lset_t policy,
unsigned long try, so_serial_t replacing)
{
/* If there's already an ISAKMP SA established, use that and
* Use PKCS#1 version 1.5 encryption of hash (called
* RSAES-PKCS1-V1_5) in PKCS#2.
*/
-static size_t sign_hash(signature_scheme_t scheme, struct connection *c,
+static size_t sign_hash(signature_scheme_t scheme, connection_t *c,
u_char sig_val[RSA_MAX_OCTETS], chunk_t hash)
{
size_t sz = 0;
#endif /* USE_KEYRR */
const struct gw_info *gateways_from_dns)
{
- const struct connection *c = st->st_connection;
+ const connection_t *c = st->st_connection;
struct tac_state s;
s.st = st;
}
stf_status quick_outI1(int whack_sock, struct state *isakmp_sa,
- struct connection *c, lset_t policy, unsigned long try,
+ connection_t *c, lset_t policy, unsigned long try,
so_serial_t replacing)
{
struct state *st = duplicate_state(isakmp_sa);
/*
* Decode the CR payload of Phase 1.
*/
-static void decode_cr(struct msg_digest *md, struct connection *c)
+static void decode_cr(struct msg_digest *md, connection_t *c)
{
struct payload_digest *p;
bool initiator)
{
struct state *const st = md->st;
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
chunk_t peer_ca = (st->st_peer_pubkey != NULL)
? st->st_peer_pubkey->issuer : chunk_empty;
}
else
{
- struct connection *r;
+ connection_t *r;
/* check for certificate requests */
decode_cr(md, c);
*/
static bool has_preloaded_public_key(struct state *st)
{
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
/* do not consider rw connections since
* the peer's identity must be known
{
struct payload_digest *const sa_pd = md->chain[ISAKMP_NEXT_SA];
struct state *st;
- struct connection *c;
+ connection_t *c;
struct isakmp_proposal proposal;
pb_stream proposal_pbs;
pb_stream r_sa_pbs;
* but Food Groups kind of assumes one.
*/
{
- struct connection *d;
+ connection_t *d;
d = find_host_connection(&md->iface->addr
, pluto_port, (ip_address*)NULL, md->sender_port, policy);
stf_status quick_inI1_outR1(struct msg_digest *md)
{
const struct state *const p1st = md->st;
- struct connection *c = p1st->st_connection;
+ connection_t *c = p1st->st_connection;
struct payload_digest *const id_pd = md->chain[ISAKMP_NEXT_ID];
struct verify_oppo_bundle b;
{
struct msg_digest *md = b->md;
struct state *p1st = md->st;
- struct connection *c = p1st->st_connection;
+ connection_t *c = p1st->st_connection;
struct verify_oppo_continuation *vc = malloc_thing(struct verify_oppo_continuation);
struct id id /* subject of query */
, *our_id /* needed for myid playing */
struct adns_continuation *ac,
struct state *p1st)
{
- struct connection *c = p1st->st_connection;
+ connection_t *c = p1st->st_connection;
enum verify_oppo_step next_step = vos_our_client;
err_t ugh = NULL;
{
struct msg_digest *md = b->md;
struct state *const p1st = md->st;
- struct connection *c = p1st->st_connection;
+ connection_t *c = p1st->st_connection;
struct payload_digest *const id_pd = md->chain[ISAKMP_NEXT_ID];
ip_subnet *our_net = &b->my.net
, *his_net = &b->his.net;
* a suitable connection (our current one only matches for hosts).
*/
{
- struct connection *p = find_client_connection(c
+ connection_t *p = find_client_connection(c
, our_net, his_net, b->my.proto, b->my.port, b->his.proto, b->his.port);
if (p == NULL)
if (st->st_connection != c)
{
- struct connection *t = st->st_connection;
+ connection_t *t = st->st_connection;
st->st_connection = c;
set_cur_connection(c);
stf_status quick_inR1_outI2(struct msg_digest *md)
{
struct state *const st = md->st;
- const struct connection *c = st->st_connection;
+ const connection_t *c = st->st_connection;
/* HASH(2) in */
CHECK_QUICK_HASH(md
dpd_timeout(struct state *st)
{
struct state *newest_phase1_st;
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
int action = st->st_connection->dpd_action;
char cname[BUF_LEN];
struct eroute_info *orphaned_holds = NULL;
/* forward declaration */
-static bool shunt_eroute(struct connection *c, struct spd_route *sr,
+static bool shunt_eroute(connection_t *c, struct spd_route *sr,
enum routing_t rt_kind, unsigned int op,
const char *opname);
# define DEFAULT_UPDOWN "ipsec _updown"
#endif
-static bool do_command(struct connection *c, struct spd_route *sr,
+static bool do_command(connection_t *c, struct spd_route *sr,
const char *verb)
{
char cmd[1536]; /* arbitrary limit on shell command length */
route_farconflict = 3
};
-static enum routability could_route(struct connection *c)
+static enum routability could_route(connection_t *c)
{
struct spd_route *esr, *rosr;
- struct connection *ero /* who, if anyone, owns our eroute? */
+ connection_t *ero /* who, if anyone, owns our eroute? */
, *ro = route_owner(c, &rosr, &ero, &esr); /* who owns our route? */
/* it makes no sense to route a connection that is ISAKMP-only */
/* if there is an eroute for another connection, there is a problem */
if (ero != NULL && ero != c)
{
- struct connection *ero2, *ero_top;
- struct connection *inside, *outside;
+ connection_t *ero2, *ero_top;
+ connection_t *inside, *outside;
/*
* note, wavesec (PERMANENT) goes *outside* and
return route_easy;
}
-bool trap_connection(struct connection *c)
+bool trap_connection(connection_t *c)
{
switch (could_route(c))
{
/**
* Delete any eroute for a connection and unroute it if route isn't shared
*/
-void unroute_connection(struct connection *c)
+void unroute_connection(connection_t *c)
{
struct spd_route *sr;
enum routing_t cr;
/* assign a bare hold to a connection */
-bool assign_hold(struct connection *c USED_BY_DEBUG, struct spd_route *sr,
+bool assign_hold(connection_t *c USED_BY_DEBUG, struct spd_route *sr,
int transport_proto,
const ip_address *src,
const ip_address *dst)
/* compute a (host-order!) SPI to implement the policy in connection c */
ipsec_spi_t
-shunt_policy_spi(struct connection *c, bool prospective)
+shunt_policy_spi(connection_t *c, bool prospective)
{
/* note: these are in host order :-( */
static const ipsec_spi_t shunt_spi[] =
* If negotiation has failed, the choice between %trap/%pass/%drop/%reject
* is specified in the policy of connection c.
*/
-static bool shunt_eroute(struct connection *c, struct spd_route *sr,
+static bool shunt_eroute(connection_t *c, struct spd_route *sr,
enum routing_t rt_kind,
unsigned int op, const char *opname)
{
{
/* maybe we are uneclipsing something */
struct spd_route *esr;
- struct connection *ue = eclipsed(c, &esr);
+ connection_t *ue = eclipsed(c, &esr);
if (ue != NULL)
{
{
/* Build an inbound or outbound SA */
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
ip_subnet src, dst;
ip_subnet src_client, dst_client;
ipsec_spi_t inner_spi = 0;
* so deleting any one will do. So we just delete the
* first one found. It may or may not be the only one.
*/
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
struct {
unsigned proto;
struct ipsec_proto_info *info;
{
char text_said[SATOT_BUF];
struct kernel_sa sa;
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
*use_time = UNDEFINED_TIME;
*/
bool install_inbound_ipsec_sa(struct state *st)
{
- struct connection *const c = st->st_connection;
+ connection_t *const c = st->st_connection;
/* If our peer has a fixed-address client, check if we already
* have a route for that client that conflicts. We will take this
for (;;)
{
struct spd_route *esr;
- struct connection *o = route_owner(c, &esr, NULL, NULL);
+ connection_t *o = route_owner(c, &esr, NULL, NULL);
if (o == NULL)
{
* Any SA Group must have already been created.
* On failure, steps will be unwound.
*/
-bool route_and_eroute(struct connection *c USED_BY_KLIPS,
+bool route_and_eroute(connection_t *c USED_BY_KLIPS,
struct spd_route *sr USED_BY_KLIPS,
struct state *st USED_BY_KLIPS)
{
#ifdef KLIPS
struct spd_route *esr;
struct spd_route *rosr;
- struct connection *ero /* who, if anyone, owns our eroute? */
+ connection_t *ero /* who, if anyone, owns our eroute? */
, *ro = route_owner(c, &rosr, &ero, &esr);
bool eroute_installed = FALSE
, firewall_notified = FALSE
, route_installed = FALSE;
- struct connection *ero_top;
+ connection_t *ero_top;
struct bare_shunt **bspp;
DBG(DBG_CONTROLMORE,
else if (ero != NULL && ero != c)
{
/* check if ero is an ancestor of c. */
- struct connection *ero2;
+ connection_t *ero2;
for (ero2 = c; ero2 != NULL && ero2 != c; ero2 = ero2->policy_next)
;
/* If the state is the eroute owner, we must adjust
* the routing for the connection.
*/
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
struct spd_route *sr;
passert(st->st_connection);
#ifdef KLIPS
static bool update_nat_t_ipsec_esp_sa (struct state *st, bool inbound)
{
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
char text_said[SATOT_BUF];
struct kernel_sa sa;
ip_address
whack_log(RC_COMMENT, " integrity: %s", buf);
}
-void kernel_alg_show_connection(struct connection *c, const char *instance)
+void kernel_alg_show_connection(connection_t *c, const char *instance)
{
struct state *st = state_with_serialno(c->newest_ipsec_sa);
* me and the peer. We match the Id (if none, the IP address).
* Failure is indicated by a NULL.
*/
-static const secret_t* get_secret(const struct connection *c,
+static const secret_t* get_secret(const connection_t *c,
enum PrivateKeyKind kind, bool asym)
{
enum { /* bits */
* Failure is indicated by a NULL pointer.
* Note: the result is not to be freed by the caller.
*/
-const chunk_t* get_preshared_secret(const struct connection *c)
+const chunk_t* get_preshared_secret(const connection_t *c)
{
const secret_t *s = get_secret(c, PPK_PSK, FALSE);
/* find the appropriate private key (see get_secret).
* Failure is indicated by a NULL pointer.
*/
-private_key_t* get_private_key(const struct connection *c)
+private_key_t* get_private_key(const connection_t *c)
{
const secret_t *s = get_secret(c, PPK_PUBKEY, TRUE);
#include "timer.h"
/* close one per-peer log */
-static void perpeer_logclose(struct connection *c); /* forward */
+static void perpeer_logclose(connection_t *c); /* forward */
bool
*/
int whack_log_fd = NULL_FD; /* only set during whack_handle() */
struct state *cur_state = NULL; /* current state, for diagnostics */
-struct connection *cur_connection = NULL; /* current connection, for diagnostics */
+connection_t *cur_connection = NULL; /* current connection, for diagnostics */
const ip_address *cur_from = NULL; /* source of current current message */
u_int16_t cur_from_port; /* host order */
{
bool reproc = *fmt == '~';
size_t ps;
- struct connection *c = cur_state != NULL ? cur_state->st_connection
+ connection_t *c = cur_state != NULL ? cur_state->st_connection
: cur_connection;
buf[0] = '\0';
}
static void
-perpeer_logclose(struct connection *c)
+perpeer_logclose(connection_t *c)
{
/* only free/close things if we had used them! */
if (c->log_file != NULL)
}
void
-perpeer_logfree(struct connection *c)
+perpeer_logfree(connection_t *c)
{
perpeer_logclose(c);
if (c->log_file_name != NULL)
/* open the per-peer log */
static void
-open_peerlog(struct connection *c)
+open_peerlog(connection_t *c)
{
syslog(LOG_INFO, "opening log file for conn %s", c->name);
cur_debugging = DBG_NONE;
void
-extra_debugging(const struct connection *c)
+extra_debugging(const connection_t *c)
{
if(c == NULL)
{
* get internal IP address for a connection
*/
static void
-get_internal_addr(struct connection *c, internal_addr_t *ia)
+get_internal_addr(connection_t *c, internal_addr_t *ia)
{
int i, dns_idx = 0, nbns_idx = 0;
* Set srcip and client subnet to internal IP address
*/
static bool
-set_internal_addr(struct connection *c, internal_addr_t *ia)
+set_internal_addr(connection_t *c, internal_addr_t *ia)
{
if (ia->attr_set & LELEM(INTERNAL_IP4_ADDRESS)
&& !isanyaddr(&ia->ipaddr))
static void nat_traversal_ka_event_state (struct state *st, void *data)
{
unsigned int *_kap_st = (unsigned int *)data;
- const struct connection *c = st->st_connection;
+ const connection_t *c = st->st_connection;
if (!c)
return;
static void nat_traversal_find_new_mapp_state (struct state *st, void *data)
{
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
struct _new_mapp_nfo *nfo = (struct _new_mapp_nfo *)data;
if (c != NULL
void nat_traversal_change_port_lookup(struct msg_digest *md, struct state *st)
{
- struct connection *c = st ? st->st_connection : NULL;
+ connection_t *c = st ? st->st_connection : NULL;
struct iface *i = NULL;
if ((st == NULL) || (c == NULL))
static void nat_t_new_klips_mapp (struct state *st, void *data)
{
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
struct _new_klips_mapp_nfo *nfo = (struct _new_klips_mapp_nfo *)data;
if (c != NULL && st->st_esp.present
}
else if (!msg.whack_connection)
{
- struct connection *c = con_by_name(msg.name, TRUE);
+ connection_t *c = con_by_name(msg.name, TRUE);
if (c != NULL)
{
}
else
{
- struct connection *c = con_by_name(msg.name, TRUE);
+ connection_t *c = con_by_name(msg.name, TRUE);
if (c != NULL && c->ikev1)
{
}
else
{
- struct connection *c = con_by_name(msg.name, TRUE);
+ connection_t *c = con_by_name(msg.name, TRUE);
if (c != NULL && c->ikev1)
{
static err_t find_preshared_key(struct state* st)
{
err_t ugh = NULL;
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
if (get_preshared_secret(c) == NULL)
{
struct state *st,
bool initiator)
{
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
unsigned no_trans_left;
/* for each transform payload... */
bool selection, /* if this SA is a selection, only one transform may appear */
struct state *st) /* current state object */
{
- const struct connection *c = st->st_connection;
+ const connection_t *c = st->st_connection;
u_int32_t ipsecdoisit;
pb_stream next_proposal_pbs;
*/
void delete_state(struct state *st)
{
- struct connection *const c = st->st_connection;
+ connection_t *const c = st->st_connection;
struct state *old_cur_state = cur_state == st? NULL : cur_state;
set_cur_state(st);
/**
* Is a connection in use by some state?
*/
-bool states_use_connection(struct connection *c)
+bool states_use_connection(connection_t *c)
{
/* are there any states still using it? */
struct state *st = NULL;
* if relations == TRUE, then also delete states that share
* the same phase 1 SA.
*/
-void delete_states_by_connection(struct connection *c, bool relations)
+void delete_states_by_connection(connection_t *c, bool relations)
{
int pass;
/* this kludge avoids an n^2 algorithm */
{
struct state *this = st;
struct spd_route *sr;
- struct connection *c = this->st_connection;
+ connection_t *c = this->st_connection;
st = st->st_hashchain_next; /* before this is deleted */
/**
* Find newest Phase 1 negotiation state object for suitable for connection c
*/
-struct state *find_phase1_state(const struct connection *c, lset_t ok_states)
+struct state *find_phase1_state(const connection_t *c, lset_t ok_states)
{
struct state
*st,
{
for (st = statetable[i]; st != NULL; st = st->st_hashchain_next)
{
- struct connection *c = st->st_connection;
+ connection_t *c = st->st_connection;
/* XXX spd-enum */
if (IS_IPSEC_SA_ESTABLISHED(st->st_state)
size_t state_buf_len, char *state_buf2, size_t state_buf2_len)
{
/* what the heck is interesting about a state? */
- const struct connection *c = st->st_connection;
+ const connection_t *c = st->st_connection;
long delta = st->st_event->ev_time >= n
? (long)(st->st_event->ev_time - n)
static int state_compare(const void *a, const void *b)
{
const struct state *sap = *(const struct state *const *)a;
- struct connection *ca = sap->st_connection;
+ connection_t *ca = sap->st_connection;
const struct state *sbp = *(const struct state *const *)b;
- struct connection *cb = sbp->st_connection;
+ connection_t *cb = sbp->st_connection;
/* DBG_log("comparing %s to %s", ca->name, cb->name); */
struct event *ev = evlist;
int type;
struct state *st;
- struct connection *c = NULL;
+ connection_t *c = NULL;
ip_address peer;
if (ev == (struct event *) NULL) /* Just paranoid */
* ex: vhost:%no,%dhcp,%priv,%v4:192.168.1.0/24
*/
struct virtual_t
-*create_virtual(const struct connection *c, const char *string)
+*create_virtual(const connection_t *c, const char *string)
{
unsigned short flags=0, n_net=0, i;
const char *str = string, *next, *first_net=NULL;
}
bool
-is_virtual_connection(const struct connection *c)
+is_virtual_connection(const connection_t *c)
{
return ((c->spd.that.virt)?TRUE:FALSE);
}
-static bool
-net_in_list(const ip_subnet *peer_net, const ip_subnet *list,
- unsigned short len)
+static bool net_in_list(const ip_subnet *peer_net, const ip_subnet *list,
+ unsigned short len)
{
unsigned short i;
return FALSE;
}
-bool
-is_virtual_net_allowed(const struct connection *c, const ip_subnet *peer_net,
- const ip_address *his_addr)
+bool is_virtual_net_allowed(const connection_t *c, const ip_subnet *peer_net,
+ const ip_address *his_addr)
{
if (c->spd.that.virt == NULL)
return FALSE;
projects / thirdparty / strongswan.git / commitdiff
