ipsec: Add function to compare two ipsec_sa_cfg_t instances
authorTobias Brunner <tobias@strongswan.org>
Wed, 8 Jun 2016 14:06:53 +0000 (16:06 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Jun 2016 14:12:39 +0000 (16:12 +0200)
memeq() is currently used to compare these but if there is padding that
is not initialized the same for two instances the comparison fails.
Using this function ensures the objects are compared correctly.

src/libstrongswan/ipsec/ipsec_types.c
src/libstrongswan/ipsec/ipsec_types.h

index f2ee11e..a52a1eb 100644 (file)
@@ -40,6 +40,22 @@ ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH,
 /*
  * See header
  */
+bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b)
+{
+       return a->mode == b->mode &&
+               a->reqid == b->reqid &&
+               a->policy_count == b->policy_count &&
+               a->esp.use == b->esp.use &&
+               a->esp.spi == b->esp.spi &&
+               a->ah.use == b->ah.use &&
+               a->ah.spi == b->ah.spi &&
+               a->ipcomp.transform == b->ipcomp.transform &&
+               a->ipcomp.cpi == b->ipcomp.cpi;
+}
+
+/*
+ * See header
+ */
 bool mark_from_string(const char *value, mark_t *mark)
 {
        char *endptr;
index cbc0d08..c93d955 100644 (file)
@@ -143,6 +143,15 @@ struct ipsec_sa_cfg_t {
 };
 
 /**
+ * Compare two ipsec_sa_cfg_t objects for equality.
+ *
+ * @param a                    first object
+ * @param b                    second object
+ * @return                     TRUE if both objects are equal
+ */
+bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b);
+
+/**
  * A lifetime_cfg_t defines the lifetime limits of an SA.
  *
  * Set any of these values to 0 to ignore.