child-sa: Add helper to check if two TS match negotiated TS

2025-10-03 00:00:24 -04:00 · 2025-03-24 16:47:54 +01:00 · 2025-03-24 16:47:54 +01:00 · 769d9a12aa
commit 769d9a12aa
parent 65b810e9b0
2 changed files with 48 additions and 2 deletions
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2023 Tobias Brunner
+ * Copyright (C) 2006-2025 Tobias Brunner
 * Copyright (C) 2016 Andreas Steffen
 * Copyright (C) 2005-2008 Martin Willi
 * Copyright (C) 2006 Daniel Roethlisberger
@ -2198,3 +2198,36 @@ child_sa_t *child_sa_create(host_t *me, host_t *other, child_cfg_t *config,
 	}
 	return &this->public;
 }
+
+/**
+ * Check if the given traffic selector is contained in any of the traffic
+ * selectors in the given list.
+ */
+static bool is_ts_match(traffic_selector_t *to_check, array_t *list)
+{
+	traffic_selector_t *ts;
+	int i;
+
+	for (i = 0; i < array_count(list); i++)
+	{
+		array_get(list, i, &ts);
+		if (to_check->is_contained_in(to_check, ts))
+		{
+			return TRUE;
+		}
+	}
+	return FALSE;
+}
+
+/*
+ * Described in header
+ */
+bool child_sa_ts_match(child_sa_t *child, traffic_selector_t *src,
+					   traffic_selector_t *dst)
+{
+	private_child_sa_t *this = (private_child_sa_t*)child;
+
+	return src && dst &&
+		   is_ts_match(src, this->my_ts) &&
+		   is_ts_match(dst, this->other_ts);
+}
--- a/src/libcharon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2023 Tobias Brunner
+ * Copyright (C) 2006-2025 Tobias Brunner
 * Copyright (C) 2006-2008 Martin Willi
 * Copyright (C) 2006 Daniel Roethlisberger
 *
@ -594,4 +594,17 @@ struct child_sa_create_t {
 child_sa_t *child_sa_create(host_t *me, host_t *other, child_cfg_t *config,
 							child_sa_create_t *data);

+/**
+ * Check if the given source and destination traffic selectors (e.g. from a
+ * packet triggering an acquire) match the negotiated local and remote traffic
+ * selectors of this child SA.
+ *
+ * @param this				CHILD_SA to check traffic selectors against
+ * @param src				source traffic selector
+ * @param dst				destination traffic selector
+ * @return					TRUE if both traffic selectors match
+ */
+bool child_sa_ts_match(child_sa_t *this, traffic_selector_t *src,
+					   traffic_selector_t *dst);
+
 #endif /** CHILD_SA_H_ @}*/