child-sa: Add helper to check if a list of TS match negotiated TS

2025-10-03 00:00:24 -04:00 · 2025-04-02 14:39:38 +02:00 · 2025-04-02 14:39:38 +02:00 · 58d6778adb
commit 58d6778adb
parent e7fc7a4ecc
2 changed files with 49 additions and 0 deletions
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@ -2219,6 +2219,29 @@ static bool is_ts_match(traffic_selector_t *to_check, array_t *list)
 	return FALSE;
 }

+/**
+ * Check if all given traffic selectors are contained in any of the traffic
+ * selectors in the given list.
+ */
+static bool is_ts_list_match(traffic_selector_list_t *to_check, array_t *list)
+{
+	enumerator_t *enumerator;
+	traffic_selector_t *ts;
+	bool matched = TRUE;
+
+	enumerator = to_check->create_enumerator(to_check);
+	while (enumerator->enumerate(enumerator, &ts))
+	{
+		if (!is_ts_match(ts, list))
+		{
+			matched = FALSE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	return matched;
+}
+
 /*
 * Described in header
 */
@ -2231,3 +2254,16 @@ bool child_sa_ts_match(child_sa_t *child, traffic_selector_t *src,
 		   is_ts_match(src, this->my_ts) &&
 		   is_ts_match(dst, this->other_ts);
 }
+
+/*
+ * Described in header
+ */
+bool child_sa_ts_lists_match(child_sa_t *child, traffic_selector_list_t *src,
+							 traffic_selector_list_t *dst)
+{
+	private_child_sa_t *this = (private_child_sa_t*)child;
+
+	return src && dst &&
+		   is_ts_list_match(src, this->my_ts) &&
+		   is_ts_list_match(dst, this->other_ts);
+}
--- a/src/libcharon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@ -607,4 +607,17 @@ child_sa_t *child_sa_create(host_t *me, host_t *other, child_cfg_t *config,
 bool child_sa_ts_match(child_sa_t *this, traffic_selector_t *src,
 					   traffic_selector_t *dst);

+/**
+ * Check if the given lists of source and destination traffic selectors (e.g.
+ * from a previous SA) match the negotiated local and remote traffic
+ * selectors of this child SA.
+ *
+ * @param this				CHILD_SA to check traffic selectors against
+ * @param src				source traffic selector list
+ * @param dst				destination traffic selector list
+ * @return					TRUE if all traffic selectors match
+ */
+bool child_sa_ts_lists_match(child_sa_t *this, traffic_selector_list_t *src,
+							 traffic_selector_list_t *dst);
+
 #endif /** CHILD_SA_H_ @}*/