Change interface for enumerator_create_filter() callback

This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
2017-05-12 12:10:27 +02:00 · 2017-05-12 12:10:27 +02:00 · 525cc46cab
parent 95a63bf281
commit 525cc46cab
50 changed files with 1331 additions and 929 deletions
--- a/src/charon-nm/nm/nm_creds.c
+++ b/src/charon-nm/nm/nm_creds.c
@ -120,48 +120,49 @@ typedef struct {
 	identification_t *id;
 } cert_data_t;
-/**
+CALLBACK(cert_data_destroy, void,
- * Destroy CA certificate enumerator data
+	cert_data_t *data)
 */
 static void cert_data_destroy(cert_data_t *data)
 {
 	data->this->lock->unlock(data->this->lock);
 	free(data);
 }
-/**
+CALLBACK(cert_filter, bool,
- * Filter function for certificates enumerator
+	cert_data_t *data, enumerator_t *orig, va_list args)
 */
 static bool cert_filter(cert_data_t *data, certificate_t **in,
 						 certificate_t **out)
 {
-	certificate_t *cert = *in;
+	certificate_t *cert, **out;
 	public_key_t *public;
-	public = cert->get_public_key(cert);
+	VA_ARGS_VGET(args, out);
-	if (!public)
+
-	{
+	while (orig->enumerate(orig, &cert))
 		return FALSE;
 	}
 	if (data->key != KEY_ANY && public->get_type(public) != data->key)
 	{
 		public->destroy(public);
 		return FALSE;
 	}
 	if (data->id && data->id->get_type(data->id) == ID_KEY_ID &&
 		public->has_fingerprint(public, data->id->get_encoding(data->id)))
 	{
 		public = cert->get_public_key(cert);
 		if (!public)
 		{
 			continue;
 		}
 		if (data->key != KEY_ANY && public->get_type(public) != data->key)
 		{
 			public->destroy(public);
 			continue;
 		}
 		if (data->id && data->id->get_type(data->id) == ID_KEY_ID &&
 			public->has_fingerprint(public, data->id->get_encoding(data->id)))
 		{
 			public->destroy(public);
 			*out = cert;
 			return TRUE;
 		}
 		public->destroy(public);
 		if (data->id && !cert->has_subject(cert, data->id))
 		{
 			continue;
 		}
 		*out = cert;
 		return TRUE;
 	}
-	public->destroy(public);
+	return FALSE;
 	if (data->id && !cert->has_subject(cert, data->id))
 	{
 		return FALSE;
 	}
 	*out = cert;
 	return TRUE;
 }
 /**
@ -181,7 +182,7 @@ static enumerator_t *create_trusted_cert_enumerator(private_nm_creds_t *this,
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(
 					this->certs->create_enumerator(this->certs),
-					(void*)cert_filter, data, (void*)cert_data_destroy);
+					cert_filter, data, cert_data_destroy);
 }
 METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
--- a/src/charon-nm/nm/nm_handler.c
+++ b/src/charon-nm/nm/nm_handler.c
@ -113,13 +113,20 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*,
 	return enumerator_create_empty();
 }
-/**
+CALLBACK(filter_chunks, bool,
- * convert plain byte ptrs to handy chunk during enumeration
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool filter_chunks(void* null, char **in, chunk_t *out)
 {
-	*out = chunk_create(*in, 4);
+	chunk_t *out;
-	return TRUE;
+	char *ptr;
 	VA_ARGS_VGET(args, out);
 	if (orig->enumerate(orig, &ptr))
 	{
 		*out = chunk_create(ptr, 4);
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(nm_handler_t, create_enumerator, enumerator_t*,
@ -139,7 +146,7 @@ METHOD(nm_handler_t, create_enumerator, enumerator_t*,
 			return enumerator_create_empty();
 	}
 	return enumerator_create_filter(list->create_enumerator(list),
-						(void*)filter_chunks, NULL, NULL);
+									filter_chunks, NULL, NULL);
 }
 METHOD(nm_handler_t, reset, void,
--- a/src/conftest/config.c
+++ b/src/conftest/config.c
@ -36,13 +36,20 @@ struct private_config_t {
 	linked_list_t *configs;
 };
-/**
+CALLBACK(ike_filter, bool,
- * filter function for ike configs
+	void *data, enumerator_t *orig, va_list args)
 */
 static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out)
 {
-	*out = (*in)->get_ike_cfg(*in);
+	peer_cfg_t *cfg;
-	return TRUE;
+	ike_cfg_t **out;
 	VA_ARGS_VGET(args, out);
 	if (orig->enumerate(orig, &cfg))
 	{
 		*out = cfg->get_ike_cfg(cfg);
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
@ -51,7 +58,7 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
 	return enumerator_create_filter(
 							this->configs->create_enumerator(this->configs),
-							(void*)ike_filter, NULL, NULL);
+							ike_filter, NULL, NULL);
 }
 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
--- a/src/libcharon/config/backend_manager.c
+++ b/src/libcharon/config/backend_manager.c
@ -265,20 +265,24 @@ static void peer_enum_destroy(peer_data_t *data)
 	free(data);
 }
-/**
+CALLBACK(peer_enum_filter, bool,
- * convert enumerator value from match_entry to config
+	linked_list_t *configs, enumerator_t *orig, va_list args)
 */
 static bool peer_enum_filter(linked_list_t *configs,
 							 match_entry_t **in, peer_cfg_t **out)
 {
-	*out = (*in)->cfg;
+	match_entry_t *entry;
-	return TRUE;
+	peer_cfg_t **out;
 	VA_ARGS_VGET(args, out);
 	if (orig->enumerate(orig, &entry))
 	{
 		*out = entry->cfg;
 		return TRUE;
 	}
 	return FALSE;
 }
-/**
+CALLBACK(peer_enum_filter_destroy, void,
- * Clean up temporary config list
+	linked_list_t *configs)
 */
 static void peer_enum_filter_destroy(linked_list_t *configs)
 {
 	match_entry_t *entry;
@ -379,8 +383,8 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
 	helper->destroy(helper);
 	return enumerator_create_filter(configs->create_enumerator(configs),
-									(void*)peer_enum_filter, configs,
+									peer_enum_filter, configs,
-									(void*)peer_enum_filter_destroy);
+									peer_enum_filter_destroy);
 }
 METHOD(backend_manager_t, get_peer_cfg_by_name, peer_cfg_t*,
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@ -94,27 +94,31 @@ METHOD(proposal_t, add_algorithm, void,
 	array_insert(this->transforms, ARRAY_TAIL, &entry);
 }
-/**
+CALLBACK(alg_filter, bool,
- * filter function for peer configs
+	uintptr_t type, enumerator_t *orig, va_list args)
 */
 static bool alg_filter(uintptr_t type, entry_t **in, uint16_t *alg,
 					   void **unused, uint16_t *key_size)
 {
-	entry_t *entry = *in;
+	entry_t *entry;
 	uint16_t *alg, *key_size;
-	if (entry->type != type)
+	VA_ARGS_VGET(args, alg, key_size);
 	while (orig->enumerate(orig, &entry))
 	{
-		return FALSE;
+		if (entry->type != type)
 		{
 			continue;
 		}
 		if (alg)
 		{
 			*alg = entry->alg;
 		}
 		if (key_size)
 		{
 			*key_size = entry->key_size;
 		}
 		return TRUE;
 	}
-	if (alg)
+	return FALSE;
 	{
 		*alg = entry->alg;
 	}
 	if (key_size)
 	{
 		*key_size = entry->key_size;
 	}
 	return TRUE;
 }
 METHOD(proposal_t, create_enumerator, enumerator_t*,
@ -122,7 +126,7 @@ METHOD(proposal_t, create_enumerator, enumerator_t*,
 {
 	return enumerator_create_filter(
 						array_create_enumerator(this->transforms),
-						(void*)alg_filter, (void*)(uintptr_t)type, NULL);
+						alg_filter, (void*)(uintptr_t)type, NULL);
 }
 METHOD(proposal_t, get_algorithm, bool,
--- a/src/libcharon/plugins/attr/attr_provider.c
+++ b/src/libcharon/plugins/attr/attr_provider.c
@ -75,17 +75,23 @@ typedef struct {
 	ike_version_t ike;
 } enumerator_data_t;
-/**
+CALLBACK(attr_enum_filter, bool,
- * convert enumerator value from attribute_entry
+	enumerator_data_t *data, enumerator_t *orig, va_list args)
 */
 static bool attr_enum_filter(enumerator_data_t *data, attribute_entry_t **in,
 			configuration_attribute_type_t *type, void* none, chunk_t *value)
 {
-	if ((*in)->ike == IKE_ANY || (*in)->ike == data->ike)
+	configuration_attribute_type_t *type;
 	attribute_entry_t *entry;
 	chunk_t *value;
 	VA_ARGS_VGET(args, type, value);
 	while (orig->enumerate(orig, &entry))
 	{
-		*type = (*in)->type;
+		if (entry->ike == IKE_ANY || entry->ike == data->ike)
-		*value = (*in)->value;
+		{
-		return TRUE;
+			*type = entry->type;
 			*value = entry->value;
 			return TRUE;
 		}
 	}
 	return FALSE;
 }
@ -112,7 +118,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
 		this->lock->read_lock(this->lock);
 		return enumerator_create_filter(
 				this->attributes->create_enumerator(this->attributes),
-				(void*)attr_enum_filter, data, attr_enum_destroy);
+				attr_enum_filter, data, attr_enum_destroy);
 	}
 	return enumerator_create_empty();
 }
--- a/src/libcharon/plugins/dhcp/dhcp_transaction.c
+++ b/src/libcharon/plugins/dhcp/dhcp_transaction.c
@ -114,16 +114,22 @@ METHOD(dhcp_transaction_t, add_attribute, void,
 	this->attributes->insert_last(this->attributes, entry);
 }
-/**
+CALLBACK(attribute_filter, bool,
- * Filter function to map entries to type/data
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool attribute_filter(void *null, attribute_entry_t **entry,
 							 configuration_attribute_type_t *type,
 							 void **dummy, chunk_t *data)
 {
-	*type = (*entry)->type;
+	configuration_attribute_type_t *type;
-	*data = (*entry)->data;
+	attribute_entry_t *entry;
-	return TRUE;
+	chunk_t *data;
 	VA_ARGS_VGET(args, type, data);
 	if (orig->enumerate(orig, &entry))
 	{
 		*type = entry->type;
 		*data = entry->data;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(dhcp_transaction_t, create_attribute_enumerator, enumerator_t*,
@ -131,7 +137,7 @@ METHOD(dhcp_transaction_t, create_attribute_enumerator, enumerator_t*,
 {
 	return enumerator_create_filter(
 						this->attributes->create_enumerator(this->attributes),
-						(void*)attribute_filter, NULL, NULL);
+						attribute_filter, NULL, NULL);
 }
 /**
--- a/src/libcharon/plugins/forecast/forecast_listener.c
+++ b/src/libcharon/plugins/forecast/forecast_listener.c
@ -613,17 +613,23 @@ METHOD(listener_t, ike_update, bool,
 	return TRUE;
 }
-/**
+CALLBACK(ts_filter, bool,
- * Filter to map entries to ts/mark
+	entry_t *entry, enumerator_t *orig, va_list args)
 */
 static bool ts_filter(entry_t *entry, traffic_selector_t **ts,
 					  traffic_selector_t **out, void *dummy, uint32_t *mark,
 					  void *dummy2, bool *reinject)
 {
-	*out = *ts;
+	traffic_selector_t *ts, **out;
-	*mark = entry->mark;
+	uint32_t *mark;
-	*reinject = entry->reinject;
+	bool *reinject;
-	return TRUE;
+
 	VA_ARGS_VGET(args, out, mark, reinject);
 	if (orig->enumerate(orig, &ts))
 	{
 		*out = ts;
 		*mark = entry->mark;
 		*reinject = entry->reinject;
 		return TRUE;
 	}
 	return FALSE;
 }
 /**
@ -632,7 +638,7 @@ static bool ts_filter(entry_t *entry, traffic_selector_t **ts,
 static enumerator_t* create_inner_local(entry_t *entry, rwlock_t *lock)
 {
 	return enumerator_create_filter(array_create_enumerator(entry->lts),
-									(void*)ts_filter, entry, NULL);
+									ts_filter, entry, NULL);
 }
 /**
@ -641,7 +647,7 @@ static enumerator_t* create_inner_local(entry_t *entry, rwlock_t *lock)
 static enumerator_t* create_inner_remote(entry_t *entry, rwlock_t *lock)
 {
 	return enumerator_create_filter(array_create_enumerator(entry->rts),
-									(void*)ts_filter, entry, NULL);
+									ts_filter, entry, NULL);
 }
 METHOD(forecast_listener_t, create_enumerator, enumerator_t*,
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@ -1518,35 +1518,39 @@ typedef struct {
 	kernel_address_type_t which;
 } address_enumerator_t;
-/**
+CALLBACK(address_enumerator_destroy, void,
- * cleanup function for address enumerator
+	address_enumerator_t *data)
 */
 static void address_enumerator_destroy(address_enumerator_t *data)
 {
 	data->this->lock->unlock(data->this->lock);
 	free(data);
 }
-/**
+CALLBACK(filter_addresses, bool,
- * filter for addresses
+	address_enumerator_t *data, enumerator_t *orig, va_list args)
 */
 static bool filter_addresses(address_enumerator_t *data,
 							 addr_entry_t** in, host_t** out)
 {
-	if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->refcount)
+	addr_entry_t *addr;
-	{	/* skip virtual interfaces added by us */
+	host_t **out;
-		return FALSE;
+
 	VA_ARGS_VGET(args, out);
 	while (orig->enumerate(orig, &addr))
 	{
 		if (!(data->which & ADDR_TYPE_VIRTUAL) && addr->refcount)
 		{	/* skip virtual interfaces added by us */
 			continue;
 		}
 		if (!(data->which & ADDR_TYPE_REGULAR) && !addr->refcount)
 		{	/* address is regular, but not requested */
 			continue;
 		}
 		if (addr->scope >= RT_SCOPE_LINK)
 		{	/* skip addresses with a unusable scope */
 			continue;
 		}
 		*out = addr->ip;
 		return TRUE;
 	}
-	if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->refcount)
+	return FALSE;
 	{	/* address is regular, but not requested */
 		return FALSE;
 	}
 	if ((*in)->scope >= RT_SCOPE_LINK)
 	{	/* skip addresses with a unusable scope */
 		return FALSE;
 	}
 	*out = (*in)->ip;
 	return TRUE;
 }
 /**
@ -1556,30 +1560,35 @@ static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
 											 address_enumerator_t *data)
 {
 	return enumerator_create_filter(
-				iface->addrs->create_enumerator(iface->addrs),
+						iface->addrs->create_enumerator(iface->addrs),
-				(void*)filter_addresses, data, NULL);
+						filter_addresses, data, NULL);
 }
-/**
+CALLBACK(filter_interfaces, bool,
- * filter for interfaces
+	address_enumerator_t *data, enumerator_t *orig, va_list args)
 */
 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
 							  iface_entry_t** out)
 {
-	if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable)
+	iface_entry_t *iface, **out;
-	{	/* skip interfaces excluded by config */
+
-		return FALSE;
+	VA_ARGS_VGET(args, out);
 	while (orig->enumerate(orig, &iface))
 	{
 		if (!(data->which & ADDR_TYPE_IGNORED) && !iface->usable)
 		{	/* skip interfaces excluded by config */
 			continue;
 		}
 		if (!(data->which & ADDR_TYPE_LOOPBACK) && (iface->flags & IFF_LOOPBACK))
 		{	/* ignore loopback devices */
 			continue;
 		}
 		if (!(data->which & ADDR_TYPE_DOWN) && !(iface->flags & IFF_UP))
 		{	/* skip interfaces not up */
 			continue;
 		}
 		*out = iface;
 		return TRUE;
 	}
-	if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK))
+	return FALSE;
 	{	/* ignore loopback devices */
 		return FALSE;
 	}
 	if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP))
 	{	/* skip interfaces not up */
 		return FALSE;
 	}
 	*out = *in;
 	return TRUE;
 }
 METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
@ -1596,9 +1605,9 @@ METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
 	return enumerator_create_nested(
 				enumerator_create_filter(
 					this->ifaces->create_enumerator(this->ifaces),
-					(void*)filter_interfaces, data, NULL),
+					filter_interfaces, data, NULL),
 				(void*)create_iface_enumerator, data,
-				(void*)address_enumerator_destroy);
+				address_enumerator_destroy);
 }
 METHOD(kernel_net_t, get_interface_name, bool,
--- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
@ -1054,41 +1054,45 @@ typedef struct {
 	kernel_address_type_t which;
 } address_enumerator_t;
-/**
+CALLBACK(address_enumerator_destroy, void,
- * cleanup function for address enumerator
+	address_enumerator_t *data)
 */
 static void address_enumerator_destroy(address_enumerator_t *data)
 {
 	data->this->lock->unlock(data->this->lock);
 	free(data);
 }
-/**
+CALLBACK(filter_addresses, bool,
- * filter for addresses
+	address_enumerator_t *data, enumerator_t *orig, va_list args)
 */
 static bool filter_addresses(address_enumerator_t *data,
 							 addr_entry_t** in, host_t** out)
 {
-	host_t *ip;
+	addr_entry_t *addr;
-	if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->virtual)
+	host_t *ip, **out;
-	{   /* skip virtual interfaces added by us */
+	struct sockaddr_in6 *sin6;
-		return FALSE;
+
-	}
+	VA_ARGS_VGET(args, out);
-	if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->virtual)
+
-	{	/* address is regular, but not requested */
+	while (orig->enumerate(orig, &addr))
 		return FALSE;
 	}
 	ip = (*in)->ip;
 	if (ip->get_family(ip) == AF_INET6)
 	{
-		struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip);
+		if (!(data->which & ADDR_TYPE_VIRTUAL) && addr->virtual)
-		if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
+		{   /* skip virtual interfaces added by us */
-		{   /* skip addresses with a unusable scope */
+			continue;
 			return FALSE;
 		}
 		if (!(data->which & ADDR_TYPE_REGULAR) && !addr->virtual)
 		{	/* address is regular, but not requested */
 			continue;
 		}
 		ip = addr->ip;
 		if (ip->get_family(ip) == AF_INET6)
 		{
 			sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip);
 			if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
 			{   /* skip addresses with a unusable scope */
 				continue;
 			}
 		}
 		*out = ip;
 		return TRUE;
 	}
-	*out = ip;
+	return FALSE;
 	return TRUE;
 }
 /**
@ -1098,29 +1102,34 @@ static enumerator_t *create_iface_enumerator(iface_entry_t *iface,
 											 address_enumerator_t *data)
 {
 	return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs),
-									(void*)filter_addresses, data, NULL);
+									filter_addresses, data, NULL);
 }
-/**
+CALLBACK(filter_interfaces, bool,
- * filter for interfaces
+	address_enumerator_t *data, enumerator_t *orig, va_list args)
 */
 static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in,
 							  iface_entry_t** out)
 {
-	if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable)
+	iface_entry_t *iface, **out;
-	{	/* skip interfaces excluded by config */
+
-		return FALSE;
+	VA_ARGS_VGET(args, out);
 	while (orig->enumerate(orig, &iface))
 	{
 		if (!(data->which & ADDR_TYPE_IGNORED) && !iface->usable)
 		{	/* skip interfaces excluded by config */
 			continue;
 		}
 		if (!(data->which & ADDR_TYPE_LOOPBACK) && (iface->flags & IFF_LOOPBACK))
 		{	/* ignore loopback devices */
 			continue;
 		}
 		if (!(data->which & ADDR_TYPE_DOWN) && !(iface->flags & IFF_UP))
 		{	/* skip interfaces not up */
 			continue;
 		}
 		*out = iface;
 		return TRUE;
 	}
-	if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK))
+	return FALSE;
 	{	/* ignore loopback devices */
 		return FALSE;
 	}
 	if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP))
 	{	/* skip interfaces not up */
 		return FALSE;
 	}
 	*out = *in;
 	return TRUE;
 }
 METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
@ -1137,9 +1146,9 @@ METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
 	return enumerator_create_nested(
 				enumerator_create_filter(
 					this->ifaces->create_enumerator(this->ifaces),
-					(void*)filter_interfaces, data, NULL),
+					filter_interfaces, data, NULL),
 				(void*)create_iface_enumerator, data,
-				(void*)address_enumerator_destroy);
+				address_enumerator_destroy);
 }
 METHOD(kernel_net_t, get_features, kernel_feature_t,
--- a/src/libcharon/plugins/load_tester/load_tester_creds.c
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.c
@ -395,22 +395,28 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 	return NULL;
 }
-/**
+CALLBACK(shared_filter, bool,
- * Filter function for shared keys, returning ID matches
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool shared_filter(void *null, shared_key_t **in, shared_key_t **out,
 				void **un1, id_match_t *me, void **un2, id_match_t *other)
 {
-	*out = *in;
+	shared_key_t *key, **out;
-	if (me)
+	id_match_t *me, *other;
 	VA_ARGS_VGET(args, out, me, other);
 	if (orig->enumerate(orig, &key))
 	{
-		*me = ID_MATCH_ANY;
+		*out = key;
 		if (me)
 		{
 			*me = ID_MATCH_ANY;
 		}
 		if (other)
 		{
 			*other = ID_MATCH_ANY;
 		}
 		return TRUE;
 	}
-	if (other)
+	return FALSE;
 	{
 		*other = ID_MATCH_ANY;
 	}
 	return TRUE;
 }
 METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
@ -431,7 +437,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 			return NULL;
 	}
 	return enumerator_create_filter(enumerator_create_single(shared, NULL),
-									(void*)shared_filter, NULL, NULL);
+									shared_filter, NULL, NULL);
 }
 METHOD(load_tester_creds_t, destroy, void,
--- a/src/libcharon/plugins/stroke/stroke_attribute.c
+++ b/src/libcharon/plugins/stroke/stroke_attribute.c
@ -178,28 +178,32 @@ METHOD(attribute_provider_t, release_address, bool,
 	return found;
 }
-/**
+CALLBACK(attr_filter, bool,
- * Filter function to convert host to DNS configuration attributes
+	void *lock, enumerator_t *orig, va_list args)
 */
 static bool attr_filter(void *lock, host_t **in,
 						configuration_attribute_type_t *type,
 						void *dummy, chunk_t *data)
 {
-	host_t *host = *in;
+	configuration_attribute_type_t *type;
 	chunk_t *data;
 	host_t *host;
-	switch (host->get_family(host))
+	VA_ARGS_VGET(args, type, data);
 	while (orig->enumerate(orig, &host))
 	{
-		case AF_INET:
+		switch (host->get_family(host))
-			*type = INTERNAL_IP4_DNS;
+		{
-			break;
+			case AF_INET:
-		case AF_INET6:
+				*type = INTERNAL_IP4_DNS;
-			*type = INTERNAL_IP6_DNS;
+				break;
-			break;
+			case AF_INET6:
-		default:
+				*type = INTERNAL_IP6_DNS;
-			return FALSE;
+				break;
 			default:
 				continue;
 		}
 		*data = host->get_address(host);
 		return TRUE;
 	}
-	*data = host->get_address(host);
+	return FALSE;
 	return TRUE;
 }
 METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
@ -223,7 +227,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
 				enumerator->destroy(enumerator);
 				return enumerator_create_filter(
 									attr->dns->create_enumerator(attr->dns),
-									(void*)attr_filter, this->lock,
+									attr_filter, this->lock,
 									(void*)this->lock->unlock);
 			}
 		}
@ -338,24 +342,28 @@ METHOD(stroke_attribute_t, del_dns, void,
 	this->lock->unlock(this->lock);
 }
-/**
+CALLBACK(pool_filter, bool,
- * Pool enumerator filter function, converts pool_t to name, size, ...
+	void *lock, enumerator_t *orig, va_list args)
 */
 static bool pool_filter(void *lock, mem_pool_t **poolp, const char **name,
 						void *d1, u_int *size, void *d2, u_int *online,
 						void *d3, u_int *offline)
 {
-	mem_pool_t *pool = *poolp;
+	mem_pool_t *pool;
 	const char **name;
 	u_int *size, *online, *offline;
-	if (pool->get_size(pool) == 0)
+	VA_ARGS_VGET(args, name, size, online, offline);
 	while (orig->enumerate(orig, &pool))
 	{
-		return FALSE;
+		if (pool->get_size(pool) == 0)
 		{
 			continue;
 		}
 		*name = pool->get_name(pool);
 		*size = pool->get_size(pool);
 		*online = pool->get_online(pool);
 		*offline = pool->get_offline(pool);
 		return TRUE;
 	}
-	*name = pool->get_name(pool);
+	return FALSE;
 	*size = pool->get_size(pool);
 	*online = pool->get_online(pool);
 	*offline = pool->get_offline(pool);
 	return TRUE;
 }
 METHOD(stroke_attribute_t, create_pool_enumerator, enumerator_t*,
@ -363,7 +371,7 @@ METHOD(stroke_attribute_t, create_pool_enumerator, enumerator_t*,
 {
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(this->pools->create_enumerator(this->pools),
-									(void*)pool_filter,
+									pool_filter,
 									this->lock, (void*)this->lock->unlock);
 }
--- a/src/libcharon/plugins/stroke/stroke_ca.c
+++ b/src/libcharon/plugins/stroke/stroke_ca.c
@ -171,26 +171,30 @@ typedef struct {
 	identification_t *id;
 } cert_data_t;
-/**
+CALLBACK(cert_data_destroy, void,
- * destroy cert_data
+	cert_data_t *data)
 */
 static void cert_data_destroy(cert_data_t *data)
 {
 	data->this->lock->unlock(data->this->lock);
 	free(data);
 }
-/**
+CALLBACK(certs_filter, bool,
- * filter function for certs enumerator
+	cert_data_t *data, enumerator_t *orig, va_list args)
 */
 static bool certs_filter(cert_data_t *data, ca_cert_t **in,
 						 certificate_t **out)
 {
 	ca_cert_t *cacert;
 	public_key_t *public;
-	certificate_t *cert = (*in)->cert;
+	certificate_t **out;
-	if (data->cert == CERT_ANY || data->cert == cert->get_type(cert))
+	VA_ARGS_VGET(args, out);
 	while (orig->enumerate(orig, &cacert))
 	{
 		certificate_t *cert = cacert->cert;
 		if (data->cert != CERT_ANY && data->cert != cert->get_type(cert))
 		{
 			continue;
 		}
 		public = cert->get_public_key(cert);
 		if (public)
 		{
@ -208,9 +212,9 @@ static bool certs_filter(cert_data_t *data, ca_cert_t **in,
 		}
 		else if (data->key != KEY_ANY)
 		{
-			return FALSE;
+			continue;
 		}
-		if (data->id == NULL || cert->has_subject(cert, data->id))
+		if (!data->id || cert->has_subject(cert, data->id))
 		{
 			*out = cert;
 			return TRUE;
@ -235,8 +239,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 	this->lock->read_lock(this->lock);
 	enumerator = this->certs->create_enumerator(this->certs);
-	return enumerator_create_filter(enumerator, (void*)certs_filter, data,
+	return enumerator_create_filter(enumerator, certs_filter, data,
-									(void*)cert_data_destroy);
+									cert_data_destroy);
 }
 /**
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@ -68,13 +68,20 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
 									 (void*)this->mutex->unlock, this->mutex);
 }
-/**
+CALLBACK(ike_filter, bool,
- * filter function for ike configs
+	void *data, enumerator_t *orig, va_list args)
 */
 static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out)
 {
-	*out = (*in)->get_ike_cfg(*in);
+	peer_cfg_t *cfg;
-	return TRUE;
+	ike_cfg_t **out;
 	VA_ARGS_VGET(args, out);
 	if (orig->enumerate(orig, &cfg))
 	{
 		*out = cfg->get_ike_cfg(cfg);
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
@ -82,7 +89,7 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
 {
 	this->mutex->lock(this->mutex);
 	return enumerator_create_filter(this->list->create_enumerator(this->list),
-									(void*)ike_filter, this->mutex,
+									ike_filter, this->mutex,
 									(void*)this->mutex->unlock);
 }
--- a/src/libcharon/plugins/stroke/stroke_handler.c
+++ b/src/libcharon/plugins/stroke/stroke_handler.c
@ -62,35 +62,39 @@ static void attributes_destroy(attributes_t *this)
 	free(this);
 }
-/**
+CALLBACK(attr_filter, bool,
- * Filter function to convert host to DNS configuration attributes
+	void *lock, enumerator_t *orig, va_list args)
 */
 static bool attr_filter(void *lock, host_t **in,
 						configuration_attribute_type_t *type,
 						void *dummy, chunk_t *data)
 {
-	host_t *host = *in;
+	configuration_attribute_type_t *type;
 	chunk_t *data;
 	host_t *host;
-	switch (host->get_family(host))
+	VA_ARGS_VGET(args, type, data);
 	while (orig->enumerate(orig, &host))
 	{
-		case AF_INET:
+		switch (host->get_family(host))
-			*type = INTERNAL_IP4_DNS;
+		{
-			break;
+			case AF_INET:
-		case AF_INET6:
+				*type = INTERNAL_IP4_DNS;
-			*type = INTERNAL_IP6_DNS;
+				break;
-			break;
+			case AF_INET6:
-		default:
+				*type = INTERNAL_IP6_DNS;
-			return FALSE;
+				break;
 			default:
 				continue;
 		}
 		if (host->is_anyaddr(host))
 		{
 			*data = chunk_empty;
 		}
 		else
 		{
 			*data = host->get_address(host);
 		}
 		return TRUE;
 	}
-	if (host->is_anyaddr(host))
+	return FALSE;
 	{
 		*data = chunk_empty;
 	}
 	else
 	{
 		*data = host->get_address(host);
 	}
 	return TRUE;
 }
 METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*,
@ -114,7 +118,7 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*,
 				enumerator->destroy(enumerator);
 				return enumerator_create_filter(
 									attr->dns->create_enumerator(attr->dns),
-									(void*)attr_filter, this->lock,
+									attr_filter, this->lock,
 									(void*)this->lock->unlock);
 			}
 		}
--- a/src/libcharon/plugins/unity/unity_handler.c
+++ b/src/libcharon/plugins/unity/unity_handler.c
@ -411,24 +411,27 @@ typedef struct {
 	ike_sa_id_t *id;
 } include_filter_t;
-/**
+CALLBACK(include_filter, bool,
- * Include enumerator filter function
+	include_filter_t *data, enumerator_t *orig, va_list args)
 */
 static bool include_filter(include_filter_t *data,
 						   entry_t **entry, traffic_selector_t **ts)
 {
-	if (data->id->equals(data->id, (*entry)->id))
+	entry_t *entry;
 	traffic_selector_t **ts;
 	VA_ARGS_VGET(args, ts);
 	while (orig->enumerate(orig, &entry))
 	{
-		*ts = (*entry)->ts;
+		if (data->id->equals(data->id, entry->id))
-		return TRUE;
+		{
 			*ts = entry->ts;
 			return TRUE;
 		}
 	}
 	return FALSE;
 }
-/**
+CALLBACK(destroy_filter, void,
- * Destroy include filter data, unlock mutex
+	include_filter_t *data)
 */
 static void destroy_filter(include_filter_t *data)
 {
 	data->mutex->unlock(data->mutex);
 	free(data);
@ -446,7 +449,7 @@ METHOD(unity_handler_t, create_include_enumerator, enumerator_t*,
 	data->mutex->lock(data->mutex);
 	return enumerator_create_filter(
 					this->include->create_enumerator(this->include),
-					(void*)include_filter, data, (void*)destroy_filter);
+					include_filter, data, destroy_filter);
 }
 METHOD(unity_handler_t, destroy, void,
--- a/src/libcharon/plugins/vici/vici_attribute.c
+++ b/src/libcharon/plugins/vici/vici_attribute.c
@ -184,16 +184,22 @@ METHOD(attribute_provider_t, release_address, bool,
 	return found;
 }
-/**
+CALLBACK(attr_filter, bool,
- * Filter mapping attribute_t to enumerated type/value arguments
+	void *data, enumerator_t *orig, va_list args)
 */
 static bool attr_filter(void *data, attribute_t **attr,
 						configuration_attribute_type_t *type,
 						void *in, chunk_t *value)
 {
-	*type = (*attr)->type;
+	attribute_t *attr;
-	*value = (*attr)->value;
+	configuration_attribute_type_t *type;
-	return TRUE;
+	chunk_t *value;
 	VA_ARGS_VGET(args, type, value);
 	if (orig->enumerate(orig, &attr))
 	{
 		*type = attr->type;
 		*value = attr->value;
 		return TRUE;
 	}
 	return FALSE;
 }
 /**
@ -203,7 +209,7 @@ CALLBACK(create_nested, enumerator_t*,
 	pool_t *pool, void *this)
 {
 	return enumerator_create_filter(array_create_enumerator(pool->attrs),
-									(void*)attr_filter, NULL, NULL);
+									attr_filter, NULL, NULL);
 }
 /**
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@ -141,13 +141,20 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
 									 (void*)this->lock->unlock, this->lock);
 }
-/**
+CALLBACK(ike_filter, bool,
- * Enumerator filter function for ike configs
+	void *data, enumerator_t *orig, va_list args)
 */
 static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out)
 {
-	*out = (*in)->get_ike_cfg(*in);
+	peer_cfg_t *cfg;
-	return TRUE;
+	ike_cfg_t **out;
 	VA_ARGS_VGET(args, out);
 	if (orig->enumerate(orig, &cfg))
 	{
 		*out = cfg->get_ike_cfg(cfg);
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
@ -155,7 +162,7 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
 {
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(this->conns->create_enumerator(this->conns),
-									(void*)ike_filter, this->lock,
+									ike_filter, this->lock,
 									(void*)this->lock->unlock);
 }
--- a/src/libcharon/plugins/whitelist/whitelist_listener.c
+++ b/src/libcharon/plugins/whitelist/whitelist_listener.c
@ -119,14 +119,19 @@ METHOD(whitelist_listener_t, remove_, void,
 	DESTROY_IF(id);
 }
-/**
+CALLBACK(whitelist_filter, bool,
- * Enumerator filter, from hashtable (key, value) to single identity
+	rwlock_t *lock, enumerator_t *orig, va_list args)
 */
 static bool whitelist_filter(rwlock_t *lock, identification_t **key,
 							 identification_t **id, identification_t **value)
 {
-	*id = *value;
+	identification_t *key, *value, **out;
-	return TRUE;
+
 	VA_ARGS_VGET(args, out);
 	if (orig->enumerate(orig, &key, &value))
 	{
 		*out = value;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(whitelist_listener_t, create_enumerator, enumerator_t*,
@ -134,7 +139,7 @@ METHOD(whitelist_listener_t, create_enumerator, enumerator_t*,
 {
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(this->ids->create_enumerator(this->ids),
-									(void*)whitelist_filter, this->lock,
+									whitelist_filter, this->lock,
 									(void*)this->lock->unlock);
 }
--- a/src/libcharon/sa/eap/eap_manager.c
+++ b/src/libcharon/sa/eap/eap_manager.c
@ -105,31 +105,38 @@ METHOD(eap_manager_t, remove_method, void,
 	this->lock->unlock(this->lock);
 }
-/**
+CALLBACK(filter_methods, bool,
- * filter the registered methods
+	uintptr_t role, enumerator_t *orig, va_list args)
 */
 static bool filter_methods(uintptr_t role, eap_entry_t **entry,
 						   eap_type_t *type, void *in, uint32_t *vendor)
 {
-	if ((*entry)->role != (eap_role_t)role)
+	eap_entry_t *entry;
 	eap_type_t *type;
 	uint32_t *vendor;
 	VA_ARGS_VGET(args, type, vendor);
 	while (orig->enumerate(orig, &entry))
 	{
-		return FALSE;
+		if (entry->role != (eap_role_t)role)
 		{
 			continue;
 		}
 		if (entry->vendor == 0 &&
 		   (entry->type < 4 || entry->type == EAP_EXPANDED ||
 		    entry->type > EAP_EXPERIMENTAL))
 		{	/* filter invalid types */
 			continue;
 		}
 		if (type)
 		{
 			*type = entry->type;
 		}
 		if (vendor)
 		{
 			*vendor = entry->vendor;
 		}
 		return TRUE;
 	}
-	if ((*entry)->vendor == 0 &&
+	return FALSE;
 	   ((*entry)->type < 4 || (*entry)->type == EAP_EXPANDED ||
 	    (*entry)->type > EAP_EXPERIMENTAL))
 	{	/* filter invalid types */
 		return FALSE;
 	}
 	if (type)
 	{
 		*type = (*entry)->type;
 	}
 	if (vendor)
 	{
 		*vendor = (*entry)->vendor;
 	}
 	return TRUE;
 }
 METHOD(eap_manager_t, create_enumerator, enumerator_t*,
@ -139,7 +146,7 @@ METHOD(eap_manager_t, create_enumerator, enumerator_t*,
 	return enumerator_create_cleaner(
 				enumerator_create_filter(
 					this->methods->create_enumerator(this->methods),
-					(void*)filter_methods, (void*)(uintptr_t)role, NULL),
+					filter_methods, (void*)(uintptr_t)role, NULL),
 				(void*)this->lock->unlock, this->lock);
 }
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@ -1200,12 +1200,20 @@ METHOD(ike_sa_t, generate_message, status_t,
 	return status;
 }
-static bool filter_fragments(private_ike_sa_t *this, packet_t **fragment,
+CALLBACK(filter_fragments, bool,
-							 packet_t **packet)
+	private_ike_sa_t *this, enumerator_t *orig, va_list args)
 {
-	*packet = (*fragment)->clone(*fragment);
+	packet_t *fragment, **packet;
-	set_dscp(this, *packet);
+
-	return TRUE;
+	VA_ARGS_VGET(args, packet);
 	if (orig->enumerate(orig, &fragment))
 	{
 		*packet = fragment->clone(fragment);
 		set_dscp(this, *packet);
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(ike_sa_t, generate_message_fragmented, status_t,
@ -1265,7 +1273,7 @@ METHOD(ike_sa_t, generate_message_fragmented, status_t,
 		{
 			charon->bus->message(charon->bus, message, FALSE, FALSE);
 		}
-		*packets = enumerator_create_filter(fragments, (void*)filter_fragments,
+		*packets = enumerator_create_filter(fragments, filter_fragments,
 											this, NULL);
 	}
 	return status;
@ -2623,24 +2631,31 @@ METHOD(ike_sa_t, add_configuration_attribute, void,
 	array_insert(this->attributes, ARRAY_TAIL, &entry);
 }
-/**
+CALLBACK(filter_attribute, bool,
- * Enumerator filter for attributes
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool filter_attribute(void *null, attribute_entry_t **in,
 							 configuration_attribute_type_t *type, void *in2,
 							 chunk_t *data, void *in3, bool *handled)
 {
-	*type = (*in)->type;
+	attribute_entry_t *entry;
-	*data = (*in)->data;
+	configuration_attribute_type_t *type;
-	*handled = (*in)->handler != NULL;
+	chunk_t *data;
-	return TRUE;
+	bool *handled;
 	VA_ARGS_VGET(args, type, data, handled);
 	if (orig->enumerate(orig, &entry))
 	{
 		*type = entry->type;
 		*data = entry->data;
 		*handled = entry->handler != NULL;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(ike_sa_t, create_attribute_enumerator, enumerator_t*,
 	private_ike_sa_t *this)
 {
 	return enumerator_create_filter(array_create_enumerator(this->attributes),
-									(void*)filter_attribute, NULL, NULL);
+									filter_attribute, NULL, NULL);
 }
 METHOD(ike_sa_t, create_task_enumerator, enumerator_t*,
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@ -1562,42 +1562,52 @@ METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*,
 	return ike_sa;
 }
-/**
+CALLBACK(enumerator_filter_wait, bool,
- * enumerator filter function, waiting variant
+	private_ike_sa_manager_t *this, enumerator_t *orig, va_list args)
 */
 static bool enumerator_filter_wait(private_ike_sa_manager_t *this,
 								   entry_t **in, ike_sa_t **out, u_int *segment)
 {
-	if (wait_for_entry(this, *in, *segment))
+	entry_t *entry;
 	u_int segment;
 	ike_sa_t **out;
 	VA_ARGS_VGET(args, out);
 	while (orig->enumerate(orig, &entry, &segment))
 	{
-		*out = (*in)->ike_sa;
+		if (wait_for_entry(this, entry, segment))
-		charon->bus->set_sa(charon->bus, *out);
+		{
-		return TRUE;
+			*out = entry->ike_sa;
 			charon->bus->set_sa(charon->bus, *out);
 			return TRUE;
 		}
 	}
 	return FALSE;
 }
-/**
+CALLBACK(enumerator_filter_skip, bool,
- * enumerator filter function, skipping variant
+	private_ike_sa_manager_t *this, enumerator_t *orig, va_list args)
 */
 static bool enumerator_filter_skip(private_ike_sa_manager_t *this,
 								   entry_t **in, ike_sa_t **out, u_int *segment)
 {
-	if (!(*in)->driveout_new_threads &&
+	entry_t *entry;
-		!(*in)->driveout_waiting_threads &&
+	u_int segment;
-		!(*in)->checked_out)
+	ike_sa_t **out;
 	VA_ARGS_VGET(args, out);
 	while (orig->enumerate(orig, &entry, &segment))
 	{
-		*out = (*in)->ike_sa;
+		if (!entry->driveout_new_threads &&
-		charon->bus->set_sa(charon->bus, *out);
+			!entry->driveout_waiting_threads &&
-		return TRUE;
+			!entry->checked_out)
 		{
 			*out = entry->ike_sa;
 			charon->bus->set_sa(charon->bus, *out);
 			return TRUE;
 		}
 	}
 	return FALSE;
 }
-/**
+CALLBACK(reset_sa, void,
- * Reset threads SA after enumeration
+	void *data)
 */
 static void reset_sa(void *data)
 {
 	charon->bus->set_sa(charon->bus, NULL);
 }
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@ -2079,13 +2079,20 @@ METHOD(task_manager_t, reset, void,
 	this->reset = TRUE;
 }
-/**
+CALLBACK(filter_queued, bool,
- * Filter queued tasks
+	void *unused, enumerator_t *orig, va_list args)
 */
 static bool filter_queued(void *unused, queued_task_t **queued, task_t **task)
 {
-	*task = (*queued)->task;
+	queued_task_t *queued;
-	return TRUE;
+	task_t **task;
 	VA_ARGS_VGET(args, task);
 	if (orig->enumerate(orig, &queued))
 	{
 		*task = queued->task;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
@ -2100,7 +2107,7 @@ METHOD(task_manager_t, create_task_enumerator, enumerator_t*,
 		case TASK_QUEUE_QUEUED:
 			return enumerator_create_filter(
 									array_create_enumerator(this->queued_tasks),
-									(void*)filter_queued, NULL, NULL);
+									filter_queued, NULL, NULL);
 		default:
 			return enumerator_create_empty();
 	}
--- a/src/libcharon/sa/shunt_manager.c
+++ b/src/libcharon/sa/shunt_manager.c
@ -381,14 +381,24 @@ METHOD(shunt_manager_t, uninstall, bool,
 }
 CALLBACK(filter_entries, bool,
-	void *unused, entry_t **entry, char **ns, void **in, child_cfg_t **cfg)
+	void *unused, enumerator_t *orig, va_list args)
 {
-	if (ns)
+	entry_t *entry;
 	child_cfg_t **cfg;
 	char **ns;
 	VA_ARGS_VGET(args, ns, cfg);
 	if (orig->enumerate(orig, &entry))
 	{
-		*ns = (*entry)->ns;
+		if (ns)
 		{
 			*ns = entry->ns;
 		}
 		*cfg = entry->cfg;
 		return TRUE;
 	}
-	*cfg = (*entry)->cfg;
+	return FALSE;
 	return TRUE;
 }
 METHOD(shunt_manager_t, create_enumerator, enumerator_t*,
@ -397,7 +407,7 @@ METHOD(shunt_manager_t, create_enumerator, enumerator_t*,
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(
 							this->shunts->create_enumerator(this->shunts),
-							(void*)filter_entries, this->lock,
+							filter_entries, this->lock,
 							(void*)this->lock->unlock);
 }
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@ -335,25 +335,32 @@ METHOD(trap_manager_t, uninstall, bool,
 	return TRUE;
 }
-/**
+CALLBACK(trap_filter, bool,
- * convert enumerated entries to peer_cfg, child_sa
+	rwlock_t *lock, enumerator_t *orig, va_list args)
 */
 static bool trap_filter(rwlock_t *lock, entry_t **entry, peer_cfg_t **peer_cfg,
 						void *none, child_sa_t **child_sa)
 {
-	if (!(*entry)->child_sa)
+	entry_t *entry;
-	{	/* skip entries that are currently being installed */
+	peer_cfg_t **peer_cfg;
-		return FALSE;
+	child_sa_t **child_sa;
-	}
+
-	if (peer_cfg)
+	VA_ARGS_VGET(args, peer_cfg, child_sa);
 	while (orig->enumerate(orig, &entry))
 	{
-		*peer_cfg = (*entry)->peer_cfg;
+		if (!entry->child_sa)
 		{	/* skip entries that are currently being installed */
 			continue;
 		}
 		if (peer_cfg)
 		{
 			*peer_cfg = entry->peer_cfg;
 		}
 		if (child_sa)
 		{
 			*child_sa = entry->child_sa;
 		}
 		return TRUE;
 	}
-	if (child_sa)
+	return FALSE;
 	{
 		*child_sa = (*entry)->child_sa;
 	}
 	return TRUE;
 }
 METHOD(trap_manager_t, create_enumerator, enumerator_t*,
@ -361,7 +368,7 @@ METHOD(trap_manager_t, create_enumerator, enumerator_t*,
 {
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(this->traps->create_enumerator(this->traps),
-									(void*)trap_filter, this->lock,
+									trap_filter, this->lock,
 									(void*)this->lock->unlock);
 }
--- a/src/libcharon/tests/utils/mock_ipsec.c
+++ b/src/libcharon/tests/utils/mock_ipsec.c
@ -269,19 +269,27 @@ kernel_ipsec_t *mock_ipsec_create()
 	return &this->public;
 }
-/**
+
- * Filter SAs
+CALLBACK(filter_sas, bool,
- */
+	void *data, enumerator_t *orig, va_list args)
 static bool filter_sas(void *data, entry_t **entry, ike_sa_t **ike_sa,
 					   void *unused, uint32_t *spi)
 {
-	if ((*entry)->alloc)
+	entry_t *entry;
 	ike_sa_t **ike_sa;
 	uint32_t *spi;
 	VA_ARGS_VGET(args, ike_sa, spi);
 	while (orig->enumerate(orig, &entry, NULL))
 	{
-		return FALSE;
+		if (entry->alloc)
 		{
 			continue;
 		}
 		*ike_sa = entry->ike_sa;
 		*spi = entry->spi;
 		return TRUE;
 	}
-	*ike_sa = (*entry)->ike_sa;
+	return FALSE;
 	*spi = (*entry)->spi;
 	return TRUE;
 }
 /*
@ -291,5 +299,5 @@ enumerator_t *mock_ipsec_create_sa_enumerator()
 {
 	return enumerator_create_filter(
 							instance->sas->create_enumerator(instance->sas),
-							(void*)filter_sas, NULL, NULL);
+							filter_sas, NULL, NULL);
 }
--- a/src/libimcv/ietf/ietf_attr_installed_packages.c
+++ b/src/libimcv/ietf/ietf_attr_installed_packages.c
@ -179,7 +179,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	u_char *pos;
 	if (this->offset == 0)
-	{	
+	{
 		if (this->length < IETF_INSTALLED_PACKAGES_MIN_SIZE)
 		{
 			DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_IETF,
@ -291,15 +291,21 @@ METHOD(ietf_attr_installed_packages_t, add, void,
 	this->packages->insert_last(this->packages, entry);
 }
-/**
+CALLBACK(package_filter, bool,
- * Enumerate package filter entries
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool package_filter(void *null, package_entry_t **entry, chunk_t *name,
 						   void *i2, chunk_t *version)
 {
-	*name = (*entry)->name;
+	package_entry_t *entry;
-	*version = (*entry)->version;
+	chunk_t *name, *version;
-	return TRUE;
+
 	VA_ARGS_VGET(args, name, version);
 	if (orig->enumerate(orig, &entry))
 	{
 		*name = entry->name;
 		*version = entry->version;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(ietf_attr_installed_packages_t, create_enumerator, enumerator_t*,
@ -307,7 +313,7 @@ METHOD(ietf_attr_installed_packages_t, create_enumerator, enumerator_t*,
 {
 	return enumerator_create_filter(
 						this->packages->create_enumerator(this->packages),
-						(void*)package_filter, NULL, NULL);
+						package_filter, NULL, NULL);
 }
 METHOD(ietf_attr_installed_packages_t, get_count, uint16_t,
--- a/src/libimcv/ietf/ietf_attr_port_filter.c
+++ b/src/libimcv/ietf/ietf_attr_port_filter.c
@ -213,24 +213,31 @@ METHOD(ietf_attr_port_filter_t, add_port, void,
 	this->ports->insert_last(this->ports, entry);
 }
-/**
+CALLBACK(port_filter, bool,
- * Enumerate port filter entries
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool port_filter(void *null, port_entry_t **entry,
 						bool *blocked, void *i2, uint8_t *protocol, void *i3,
 						uint16_t *port)
 {
-	*blocked = (*entry)->blocked;
+	port_entry_t *entry;
-	*protocol = (*entry)->protocol;
+	uint16_t *port;
-	*port = (*entry)->port;
+	uint8_t *protocol;
-	return TRUE;
+	bool *blocked;
 	VA_ARGS_VGET(args, blocked, protocol, port);
 	if (orig->enumerate(orig, &entry))
 	{
 		*blocked = entry->blocked;
 		*protocol = entry->protocol;
 		*port = entry->port;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(ietf_attr_port_filter_t, create_port_enumerator, enumerator_t*,
 	private_ietf_attr_port_filter_t *this)
 {
 	return enumerator_create_filter(this->ports->create_enumerator(this->ports),
-					(void*)port_filter, NULL, NULL);
+									port_filter, NULL, NULL);
 }
 /**
--- a/src/libimcv/ita/ita_attr_settings.c
+++ b/src/libimcv/ita/ita_attr_settings.c
@ -262,22 +262,29 @@ METHOD(ita_attr_settings_t, add, void,
 	this->list->insert_last(this->list, entry);
 }
-/**
+CALLBACK(entry_filter, bool,
- * Enumerate name/value pairs
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool entry_filter(void *null, entry_t **entry, char **name,
 						 void *i2, chunk_t *value)
 {
-	*name = (*entry)->name;
+	entry_t *entry;
-	*value = (*entry)->value;
+	chunk_t *value;
-	return TRUE;
+	char **name;
 	VA_ARGS_VGET(args, name, value);
 	while (orig->enumerate(orig, &entry))
 	{
 		*name = entry->name;
 		*value = entry->value;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(ita_attr_settings_t, create_enumerator, enumerator_t*,
 	private_ita_attr_settings_t *this)
 {
 	return enumerator_create_filter(this->list->create_enumerator(this->list),
-								   (void*)entry_filter, NULL, NULL);
+									entry_filter, NULL, NULL);
 }
 /**
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
@ -418,24 +418,24 @@ METHOD(imv_attestation_state_t, create_component, pts_component_t*,
 	}
 }
-/**
+CALLBACK(entry_filter, bool,
- * Enumerate file measurement entries
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool entry_filter(void *null, func_comp_t **entry, uint8_t *flags,
 						 void *i2, uint32_t *depth,
 						 void *i3, pts_comp_func_name_t **comp_name)
 {
-	pts_component_t *comp;
+	func_comp_t *entry;
-	pts_comp_func_name_t *name;
+	pts_comp_func_name_t **comp_name;
 	uint32_t *depth;
 	uint8_t *flags;
-	comp = (*entry)->comp;
+	VA_ARGS_VGET(args, flags, depth, comp_name);
 	name = (*entry)->name;
-	*flags = comp->get_evidence_flags(comp);
+	if (orig->enumerate(orig, &entry))
-	*depth = comp->get_depth(comp);
+	{
-	*comp_name = name;
+		*flags = entry->comp->get_evidence_flags(entry->comp);
-
+		*depth = entry->comp->get_depth(entry->comp);
-	return TRUE;
+		*comp_name = entry->name;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(imv_attestation_state_t, create_component_enumerator, enumerator_t*,
@ -443,7 +443,7 @@ METHOD(imv_attestation_state_t, create_component_enumerator, enumerator_t*,
 {
 	return enumerator_create_filter(
 				this->components->create_enumerator(this->components),
-				(void*)entry_filter, NULL, NULL);
+				entry_filter, NULL, NULL);
 }
 METHOD(imv_attestation_state_t, get_component, pts_component_t*,
--- a/src/libimcv/pts/pts_file_meas.c
+++ b/src/libimcv/pts/pts_file_meas.c
@ -94,22 +94,29 @@ METHOD(pts_file_meas_t, add, void,
 	this->list->insert_last(this->list, entry);
 }
-/**
+CALLBACK(entry_filter, bool,
- * Enumerate file measurement entries
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool entry_filter(void *null, entry_t **entry, char **filename,
 						 void *i2, chunk_t *measurement)
 {
-	*filename = (*entry)->filename;
+	entry_t *entry;
-	*measurement = (*entry)->measurement;
+	chunk_t *measurement;
-	return TRUE;
+	char **filename;
 	VA_ARGS_VGET(args, filename, measurement);
 	if (orig->enumerate(orig, &entry))
 	{
 		*filename = entry->filename;
 		*measurement = entry->measurement;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(pts_file_meas_t, create_enumerator, enumerator_t*,
 	private_pts_file_meas_t *this)
 {
 	return enumerator_create_filter(this->list->create_enumerator(this->list),
-								   (void*)entry_filter, NULL, NULL);
+									entry_filter, NULL, NULL);
 }
 METHOD(pts_file_meas_t, check, bool,
--- a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
@ -115,18 +115,24 @@ struct entry_t {
 	pts_comp_func_name_t *name;
 };
-/**
+CALLBACK(entry_filter, bool,
- * Enumerate functional component entries
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool entry_filter(void *null, entry_t **entry, uint8_t *flags,
 						 void *i2, uint32_t *depth, void *i3,
 						 pts_comp_func_name_t **name)
 {
-	*flags = (*entry)->flags;
+	entry_t *entry;
-	*depth = (*entry)->depth;
+	pts_comp_func_name_t **name;
-	*name  = (*entry)->name;
+	uint32_t *depth;
 	uint8_t *flags;
-	return TRUE;
+	VA_ARGS_VGET(args, flags, depth, name);
 	if (orig->enumerate(orig, &entry))
 	{
 		*flags = entry->flags;
 		*depth = entry->depth;
 		*name  = entry->name;
 		return TRUE;
 	}
 	return FALSE;
 }
 /**
@ -318,7 +324,7 @@ METHOD(tcg_pts_attr_req_func_comp_evid_t, create_enumerator, enumerator_t*,
 	private_tcg_pts_attr_req_func_comp_evid_t *this)
 {
 	return enumerator_create_filter(this->list->create_enumerator(this->list),
-								   (void*)entry_filter, NULL, NULL);
+									entry_filter, NULL, NULL);
 }
 /**
--- a/src/libsimaka/simaka_message.c
+++ b/src/libsimaka/simaka_message.c
@ -222,17 +222,22 @@ METHOD(simaka_message_t, get_type, eap_type_t,
 	return this->hdr->type;
 }
-/**
+CALLBACK(attr_enum_filter, bool,
- * convert attr_t to type and data enumeration
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool attr_enum_filter(void *null, attr_t **in, simaka_attribute_t *type,
 							 void *dummy, chunk_t *data)
 {
-	attr_t *attr = *in;
+	attr_t *attr;
 	simaka_attribute_t *type;
 	chunk_t *data;
-	*type = attr->type;
+	VA_ARGS_VGET(args, type, data);
-	*data = chunk_create(attr->data, attr->len);
+
-	return TRUE;
+	if (orig->enumerate(orig, &attr))
 	{
 		*type = attr->type;
 		*data = chunk_create(attr->data, attr->len);
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(simaka_message_t, create_attribute_enumerator, enumerator_t*,
@ -240,7 +245,7 @@ METHOD(simaka_message_t, create_attribute_enumerator, enumerator_t*,
 {
 	return enumerator_create_filter(
 						this->attributes->create_enumerator(this->attributes),
-						(void*)attr_enum_filter, NULL, NULL);
+						attr_enum_filter, NULL, NULL);
 }
 METHOD(simaka_message_t, add_attribute, void,
--- a/src/libstrongswan/collections/enumerator.c
+++ b/src/libstrongswan/collections/enumerator.c
@ -518,9 +518,9 @@ enumerator_t *enumerator_create_nested(enumerator_t *outer,
 */
 typedef struct {
 	enumerator_t public;
-	enumerator_t *unfiltered;
+	enumerator_t *orig;
 	void *data;
-	bool (*filter)(void *data, ...);
+	bool (*filter)(void*,enumerator_t*,va_list);
 	void (*destructor)(void *data);
 } filter_enumerator_t;
@ -531,35 +531,28 @@ METHOD(enumerator_t, destroy_filter, void,
 	{
 		this->destructor(this->data);
 	}
-	this->unfiltered->destroy(this->unfiltered);
+	this->orig->destroy(this->orig);
 	free(this);
 }
 METHOD(enumerator_t, enumerate_filter, bool,
 	filter_enumerator_t *this, va_list args)
 {
-	void *i1, *i2, *i3, *i4, *i5;
+	bool result = FALSE;
 	void *o1, *o2, *o3, *o4, *o5;
-	/* FIXME: what happens if there are less than five arguments is not defined */
+	if (this->filter(this->data, this->orig, args))
 	VA_ARGS_VGET(args, o1, o2, o3, o4, o5);
 	while (this->unfiltered->enumerate(this->unfiltered, &i1, &i2, &i3, &i4, &i5))
 	{
-		if (this->filter(this->data, &i1, o1, &i2, o2, &i3, o3, &i4, o4, &i5, o5))
+		result = TRUE;
 		{
 			return TRUE;
 		}
 	}
-	return FALSE;
+	return result;
 }
 /*
 * Described in header
 */
-enumerator_t *enumerator_create_filter(enumerator_t *unfiltered,
+enumerator_t *enumerator_create_filter(enumerator_t *orig,
-									   bool (*filter)(void *data, ...),
+			bool (*filter)(void *data, enumerator_t *orig, va_list args),
-									   void *data, void (*destructor)(void *data))
+			void *data, void (*destructor)(void *data))
 {
 	filter_enumerator_t *this;
@ -569,7 +562,7 @@ enumerator_t *enumerator_create_filter(enumerator_t *unfiltered,
 			.venumerate = _enumerate_filter,
 			.destroy = _destroy_filter,
 		},
-		.unfiltered = unfiltered,
+		.orig = orig,
 		.filter = filter,
 		.data = data,
 		.destructor = destructor,
--- a/src/libstrongswan/collections/enumerator.h
+++ b/src/libstrongswan/collections/enumerator.h
@ -189,25 +189,24 @@ enumerator_t *enumerator_create_nested(enumerator_t *outer,
 					void *data, void (*destructor)(void *data));
 /**
- * Creates an enumerator which filters output of another enumerator.
+ * Creates an enumerator which filters/maps output of another enumerator.
 *
- * The filter function receives the user supplied "data" followed by a
+ * The filter function receives the user supplied "data" followed by the
- * unfiltered enumeration item, followed by an output pointer where to write
+ * original enumerator, followed by the arguments passed to the outer
- * the filtered data. Then the next input/output pair follows.
+ * enumerator.  It returns TRUE to deliver the values assigned to these
- * It returns TRUE to deliver the
+ * arguments to the caller of enumerate() and FALSE to end the enumeration.
- * values to the caller of enumerate(), FALSE to filter this enumeration.
+ * Filtering items is simple as the filter function may just skip enumerated
 * items from the original enumerator.
 *
- * The variable argument list of enumeration values is limit to 5.
+ * @param orig					original enumerator to wrap, gets destroyed
 *
 * @param unfiltered			unfiltered enumerator to wrap, gets destroyed
 * @param filter				filter function
 * @param data					user data to supply to filter
 * @param destructor			destructor function to clean up data after use
 * @return						the filtered enumerator
 */
-enumerator_t *enumerator_create_filter(enumerator_t *unfiltered,
+enumerator_t *enumerator_create_filter(enumerator_t *orig,
-					bool (*filter)(void *data, ...),
+				bool (*filter)(void *data, enumerator_t *orig, va_list args),
-					void *data, void (*destructor)(void *data));
+				void *data, void (*destructor)(void *data));
 /**
 * Create an enumerator wrapper which does a cleanup on destroy.
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@ -163,17 +163,23 @@ METHOD(credential_factory_t, create, void*,
 	return construct;
 }
-/**
+CALLBACK(builder_filter, bool,
- * Filter function for builder enumerator
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool builder_filter(void *null, entry_t **entry, credential_type_t *type,
 						   void *dummy1, int *subtype)
 {
-	if ((*entry)->final)
+	entry_t *entry;
 	credential_type_t *type;
 	int *subtype;
 	VA_ARGS_VGET(args, type, subtype);
 	while (orig->enumerate(orig, &entry))
 	{
-		*type = (*entry)->type;
+		if (entry->final)
-		*subtype = (*entry)->subtype;
+		{
-		return TRUE;
+			*type = entry->type;
 			*subtype = entry->subtype;
 			return TRUE;
 		}
 	}
 	return FALSE;
 }
@ -184,7 +190,7 @@ METHOD(credential_factory_t, create_builder_enumerator, enumerator_t*,
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(
 				this->constructors->create_enumerator(this->constructors),
-				(void*)builder_filter, this->lock, (void*)this->lock->unlock);
+				builder_filter, this->lock, (void*)this->lock->unlock);
 }
 METHOD(credential_factory_t, destroy, void,
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@ -74,25 +74,27 @@ typedef struct {
 	identification_t *id;
 } cert_data_t;
-/**
+CALLBACK(cert_data_destroy, void,
- * destroy cert_data
+	cert_data_t *data)
 */
 static void cert_data_destroy(cert_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
 }
-/**
+CALLBACK(certs_filter, bool,
- * filter function for certs enumerator
+	cert_data_t *data, enumerator_t *orig, va_list args)
 */
 static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **out)
 {
 	public_key_t *public;
-	certificate_t *cert = *in;
+	certificate_t *cert, **out;
-	if (data->cert == CERT_ANY || data->cert == cert->get_type(cert))
+	VA_ARGS_VGET(args, out);
 	while (orig->enumerate(orig, &cert))
 	{
 		if (data->cert != CERT_ANY && data->cert != cert->get_type(cert))
 		{
 			continue;
 		}
 		public = cert->get_public_key(cert);
 		if (public)
 		{
@ -102,7 +104,7 @@ static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **
 											data->id->get_encoding(data->id)))
 				{
 					public->destroy(public);
-					*out = *in;
+					*out = cert;
 					return TRUE;
 				}
 			}
@ -110,11 +112,11 @@ static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **
 		}
 		else if (data->key != KEY_ANY)
 		{
-			return FALSE;
+			continue;
 		}
-		if (data->id == NULL || cert->has_subject(cert, data->id))
+		if (!data->id || cert->has_subject(cert, data->id))
 		{
-			*out = *in;
+			*out = cert;
 			return TRUE;
 		}
 	}
@ -143,8 +145,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 	{
 		enumerator = this->untrusted->create_enumerator(this->untrusted);
 	}
-	return enumerator_create_filter(enumerator, (void*)certs_filter, data,
+	return enumerator_create_filter(enumerator, certs_filter, data,
-									(void*)cert_data_destroy);
+									cert_data_destroy);
 }
 static bool certificate_equals(certificate_t *item, certificate_t *cert)
@ -301,30 +303,30 @@ typedef struct {
 	identification_t *id;
 } key_data_t;
-/**
+CALLBACK(key_data_destroy, void,
- * Destroy key enumerator data
+	key_data_t *data)
 */
 static void key_data_destroy(key_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
 }
-/**
+CALLBACK(key_filter, bool,
- * filter function for private key enumerator
+	key_data_t *data, enumerator_t *orig, va_list args)
 */
 static bool key_filter(key_data_t *data, private_key_t **in, private_key_t **out)
 {
-	private_key_t *key;
+	private_key_t *key, **out;
-	key = *in;
+	VA_ARGS_VGET(args, out);
-	if (data->type == KEY_ANY || data->type == key->get_type(key))
+
 	while (orig->enumerate(orig, &key))
 	{
-		if (data->id == NULL ||
+		if (data->type == KEY_ANY || data->type == key->get_type(key))
 			key->has_fingerprint(key, data->id->get_encoding(data->id)))
 		{
-			*out = key;
+			if (data->id == NULL ||
-			return TRUE;
+				key->has_fingerprint(key, data->id->get_encoding(data->id)))
 			{
 				*out = key;
 				return TRUE;
 			}
 		}
 	}
 	return FALSE;
@ -342,7 +344,7 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
 	);
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(this->keys->create_enumerator(this->keys),
-							(void*)key_filter, data, (void*)key_data_destroy);
+									key_filter, data, key_data_destroy);
 }
 METHOD(mem_cred_t, add_key, void,
@ -468,10 +470,8 @@ typedef struct {
 	shared_key_type_t type;
 } shared_data_t;
-/**
+CALLBACK(shared_data_destroy, void,
- * free shared key enumerator data and unlock list
+	shared_data_t *data)
 */
 static void shared_data_destroy(shared_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
@ -499,44 +499,47 @@ static id_match_t has_owner(shared_entry_t *entry, identification_t *owner)
 	return best;
 }
-/**
+CALLBACK(shared_filter, bool,
- * enumerator filter function for shared entries
+	shared_data_t *data, enumerator_t *orig, va_list args)
 */
 static bool shared_filter(shared_data_t *data,
 						  shared_entry_t **in, shared_key_t **out,
 						  void **unused1, id_match_t *me,
 						  void **unused2, id_match_t *other)
 {
 	id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE;
-	shared_entry_t *entry = *in;
+	shared_entry_t *entry;
 	shared_key_t **out;
 	id_match_t *me, *other;
-	if (data->type != SHARED_ANY &&
+	VA_ARGS_VGET(args, out, me, other);
-		entry->shared->get_type(entry->shared) != data->type)
+
 	while (orig->enumerate(orig, &entry))
 	{
-		return FALSE;
+		if (data->type != SHARED_ANY &&
 			entry->shared->get_type(entry->shared) != data->type)
 		{
 			continue;
 		}
 		if (data->me)
 		{
 			my_match = has_owner(entry, data->me);
 		}
 		if (data->other)
 		{
 			other_match = has_owner(entry, data->other);
 		}
 		if ((data->me || data->other) && (!my_match && !other_match))
 		{
 			continue;
 		}
 		*out = entry->shared;
 		if (me)
 		{
 			*me = my_match;
 		}
 		if (other)
 		{
 			*other = other_match;
 		}
 		return TRUE;
 	}
-	if (data->me)
+	return FALSE;
 	{
 		my_match = has_owner(entry, data->me);
 	}
 	if (data->other)
 	{
 		other_match = has_owner(entry, data->other);
 	}
 	if ((data->me || data->other) && (!my_match && !other_match))
 	{
 		return FALSE;
 	}
 	*out = entry->shared;
 	if (me)
 	{
 		*me = my_match;
 	}
 	if (other)
 	{
 		*other = other_match;
 	}
 	return TRUE;
 }
 METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
@ -554,7 +557,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 	data->lock->read_lock(data->lock);
 	return enumerator_create_filter(
 						this->shared->create_enumerator(this->shared),
-						(void*)shared_filter, data, (void*)shared_data_destroy);
+						shared_filter, data, shared_data_destroy);
 }
 METHOD(mem_cred_t, add_shared_unique, void,
@ -648,23 +651,27 @@ METHOD(mem_cred_t, remove_shared_unique, void,
 	this->lock->unlock(this->lock);
 }
-/**
+CALLBACK(unique_filter, bool,
- * Filter unique ids of shared keys (ingore secrets without unique id)
+	void *unused, enumerator_t *orig, va_list args)
 */
 static bool unique_filter(void *unused,
 						  shared_entry_t **in, char **id)
 {
-	shared_entry_t *entry = *in;
+	shared_entry_t *entry;
 	char **id;
-	if (!entry->id)
+	VA_ARGS_VGET(args, id);
 	while (orig->enumerate(orig, &entry))
 	{
-		return FALSE;
+		if (!entry->id)
 		{
 			continue;
 		}
 		if (id)
 		{
 			*id = entry->id;
 		}
 		return TRUE;
 	}
-	if (id)
+	return FALSE;
 	{
 		*id = entry->id;
 	}
 	return TRUE;
 }
 METHOD(mem_cred_t, create_unique_shared_enumerator, enumerator_t*,
@ -673,7 +680,7 @@ METHOD(mem_cred_t, create_unique_shared_enumerator, enumerator_t*,
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(
 								this->shared->create_enumerator(this->shared),
-								(void*)unique_filter, this->lock,
+								unique_filter, this->lock,
 								(void*)this->lock->unlock);
 }
@ -721,30 +728,35 @@ typedef struct {
 	rwlock_t *lock;
 } cdp_data_t;
-/**
+CALLBACK(cdp_data_destroy, void,
- * Clean up CDP enumerator data
+	cdp_data_t *data)
 */
 static void cdp_data_destroy(cdp_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
 }
-/**
+CALLBACK(cdp_filter, bool,
- * CDP enumerator filter
+	cdp_data_t *data, enumerator_t *orig, va_list args)
 */
 static bool cdp_filter(cdp_data_t *data, cdp_t **cdp, char **uri)
 {
-	if (data->type != CERT_ANY && data->type != (*cdp)->type)
+	cdp_t *cdp;
 	char **uri;
 	VA_ARGS_VGET(args, uri);
 	while (orig->enumerate(orig, &cdp))
 	{
-		return FALSE;
+		if (data->type != CERT_ANY && data->type != cdp->type)
 		{
 			continue;
 		}
 		if (data->id && !cdp->id->matches(cdp->id, data->id))
 		{
 			continue;
 		}
 		*uri = cdp->uri;
 		return TRUE;
 	}
-	if (data->id && !(*cdp)->id->matches((*cdp)->id, data->id))
+	return FALSE;
 	{
 		return FALSE;
 	}
 	*uri = (*cdp)->uri;
 	return TRUE;
 }
 METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
@ -759,7 +771,7 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
 	);
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(this->cdps->create_enumerator(this->cdps),
-							(void*)cdp_filter, data, (void*)cdp_data_destroy);
+									cdp_filter, data, cdp_data_destroy);
 }
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@ -819,43 +819,57 @@ static bool entry_match(entry_t *a, entry_t *b)
 	return a->algo == b->algo;
 }
-/**
+CALLBACK(unique_check, bool,
- * check for uniqueness of an entry
+	linked_list_t *list, enumerator_t *orig, va_list args)
 */
 static bool unique_check(linked_list_t *list, entry_t **in, entry_t **out)
 {
-	if (list->find_first(list, (void*)entry_match, NULL, *in) == SUCCESS)
+	entry_t *entry, **out;
 	VA_ARGS_VGET(args, out);
 	while (orig->enumerate(orig, &entry))
 	{
-		return FALSE;
+		if (list->find_first(list, (void*)entry_match, NULL, entry) == SUCCESS)
 		{
 			continue;
 		}
 		*out = entry;
 		list->insert_last(list, entry);
 		return TRUE;
 	}
-	*out = *in;
+	return FALSE;
 	list->insert_last(list, *in);
 	return TRUE;
 }
 /**
 * create an enumerator over entry->algo in list with locking and unique check
 */
 static enumerator_t *create_enumerator(private_crypto_factory_t *this,
-									   linked_list_t *list, void *filter)
+									linked_list_t *list,
 									bool (*filter)(void*,enumerator_t*,va_list))
 {
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(
 				enumerator_create_filter(
-					list->create_enumerator(list), (void*)unique_check,
+					list->create_enumerator(list), unique_check,
 					linked_list_create(), (void*)list->destroy),
 				filter,	this->lock, (void*)this->lock->unlock);
 }
-/**
+CALLBACK(crypter_filter, bool,
- * Filter function to enumerate algorithm, not entry
+	void *n, enumerator_t *orig, va_list args)
 */
 static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo,
 						   void *i2, const char **plugin_name)
 {
-	*algo = (*entry)->algo;
+	entry_t *entry;
-	*plugin_name = (*entry)->plugin_name;
+	encryption_algorithm_t *algo;
-	return TRUE;
+	const char **plugin_name;
 	VA_ARGS_VGET(args, algo, plugin_name);
 	if (orig->enumerate(orig, &entry))
 	{
 		*algo = entry->algo;
 		*plugin_name = entry->plugin_name;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(crypto_factory_t, create_crypter_enumerator, enumerator_t*,
@ -870,15 +884,22 @@ METHOD(crypto_factory_t, create_aead_enumerator, enumerator_t*,
 	return create_enumerator(this, this->aeads, crypter_filter);
 }
-/**
+CALLBACK(signer_filter, bool,
- * Filter function to enumerate algorithm, not entry
+	void *n, enumerator_t *orig, va_list args)
 */
 static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo,
 						  void *i2, const char **plugin_name)
 {
-	*algo = (*entry)->algo;
+	entry_t *entry;
-	*plugin_name = (*entry)->plugin_name;
+	integrity_algorithm_t *algo;
-	return TRUE;
+	const char **plugin_name;
 	VA_ARGS_VGET(args, algo, plugin_name);
 	if (orig->enumerate(orig, &entry))
 	{
 		*algo = entry->algo;
 		*plugin_name = entry->plugin_name;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(crypto_factory_t, create_signer_enumerator, enumerator_t*,
@ -887,15 +908,22 @@ METHOD(crypto_factory_t, create_signer_enumerator, enumerator_t*,
 	return create_enumerator(this, this->signers, signer_filter);
 }
-/**
+CALLBACK(hasher_filter, bool,
- * Filter function to enumerate algorithm, not entry
+	void *n, enumerator_t *orig, va_list args)
 */
 static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo,
 						  void *i2, const char **plugin_name)
 {
-	*algo = (*entry)->algo;
+	entry_t *entry;
-	*plugin_name = (*entry)->plugin_name;
+	hash_algorithm_t *algo;
-	return TRUE;
+	const char **plugin_name;
 	VA_ARGS_VGET(args, algo, plugin_name);
 	if (orig->enumerate(orig, &entry))
 	{
 		*algo = entry->algo;
 		*plugin_name = entry->plugin_name;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(crypto_factory_t, create_hasher_enumerator, enumerator_t*,
@ -904,15 +932,22 @@ METHOD(crypto_factory_t, create_hasher_enumerator, enumerator_t*,
 	return create_enumerator(this, this->hashers, hasher_filter);
 }
-/**
+CALLBACK(prf_filter, bool,
- * Filter function to enumerate algorithm, not entry
+	void *n, enumerator_t *orig, va_list args)
 */
 static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo,
 					   void *i2, const char **plugin_name)
 {
-	*algo = (*entry)->algo;
+	entry_t *entry;
-	*plugin_name = (*entry)->plugin_name;
+	pseudo_random_function_t *algo;
-	return TRUE;
+	const char **plugin_name;
 	VA_ARGS_VGET(args, algo, plugin_name);
 	if (orig->enumerate(orig, &entry))
 	{
 		*algo = entry->algo;
 		*plugin_name = entry->plugin_name;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*,
@ -921,15 +956,22 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*,
 	return create_enumerator(this, this->prfs, prf_filter);
 }
-/**
+CALLBACK(xof_filter, bool,
- * Filter function to enumerate algorithm, not entry
+	void *n, enumerator_t *orig, va_list args)
 */
 static bool xof_filter(void *n, entry_t **entry, ext_out_function_t *algo,
 					   void *i2, const char **plugin_name)
 {
-	*algo = (*entry)->algo;
+	entry_t *entry;
-	*plugin_name = (*entry)->plugin_name;
+	ext_out_function_t *algo;
-	return TRUE;
+	const char **plugin_name;
 	VA_ARGS_VGET(args, algo, plugin_name);
 	if (orig->enumerate(orig, &entry))
 	{
 		*algo = entry->algo;
 		*plugin_name = entry->plugin_name;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*,
@ -938,15 +980,22 @@ METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*,
 	return create_enumerator(this, this->xofs, xof_filter);
 }
-/**
+CALLBACK(dh_filter, bool,
- * Filter function to enumerate group, not entry
+	void *n, enumerator_t *orig, va_list args)
 */
 static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group,
 					  void *i2, const char **plugin_name)
 {
-	*group = (*entry)->algo;
+	entry_t *entry;
-	*plugin_name = (*entry)->plugin_name;
+	diffie_hellman_group_t *algo;
-	return TRUE;
+	const char **plugin_name;
 	VA_ARGS_VGET(args, algo, plugin_name);
 	if (orig->enumerate(orig, &entry))
 	{
 		*algo = entry->algo;
 		*plugin_name = entry->plugin_name;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*,
@ -955,15 +1004,22 @@ METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*,
 	return create_enumerator(this, this->dhs, dh_filter);
 }
-/**
+CALLBACK(rng_filter, bool,
- * Filter function to enumerate strength, not entry
+	void *n, enumerator_t *orig, va_list args)
 */
 static bool rng_filter(void *n, entry_t **entry, rng_quality_t *quality,
 					   void *i2, const char **plugin_name)
 {
-	*quality = (*entry)->algo;
+	entry_t *entry;
-	*plugin_name = (*entry)->plugin_name;
+	rng_quality_t *algo;
-	return TRUE;
+	const char **plugin_name;
 	VA_ARGS_VGET(args, algo, plugin_name);
 	if (orig->enumerate(orig, &entry))
 	{
 		*algo = entry->algo;
 		*plugin_name = entry->plugin_name;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(crypto_factory_t, create_rng_enumerator, enumerator_t*,
@ -972,13 +1028,20 @@ METHOD(crypto_factory_t, create_rng_enumerator, enumerator_t*,
 	return create_enumerator(this, this->rngs, rng_filter);
 }
-/**
+CALLBACK(nonce_gen_filter, bool,
- * Filter function to enumerate plugin name, not entry
+	void *n, enumerator_t *orig, va_list args)
 */
 static bool nonce_gen_filter(void *n, entry_t **entry, const char **plugin_name)
 {
-	*plugin_name = (*entry)->plugin_name;
+	entry_t *entry;
-	return TRUE;
+	const char **plugin_name;
 	VA_ARGS_VGET(args, plugin_name);
 	if (orig->enumerate(orig, &entry))
 	{
 		*plugin_name = entry->plugin_name;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(crypto_factory_t, create_nonce_gen_enumerator, enumerator_t*,
--- a/src/libstrongswan/crypto/hashers/hash_algorithm_set.c
+++ b/src/libstrongswan/crypto/hashers/hash_algorithm_set.c
@ -71,17 +71,26 @@ METHOD(hash_algorithm_set_t, count, int,
 	return array_count(this->algorithms);
 }
-static bool hash_filter(void *data, void **in, hash_algorithm_t *out)
+CALLBACK(hash_filter, bool,
 	void *data, enumerator_t *orig, va_list args)
 {
-	*out = **(hash_algorithm_t**)in;
+	hash_algorithm_t *algo, *out;
-	return TRUE;
+
 	VA_ARGS_VGET(args, out);
 	if (orig->enumerate(orig, &algo))
 	{
 		*out = *algo;
 		return TRUE;
 	}
 	return FALSE;
 }
 METHOD(hash_algorithm_set_t, create_enumerator, enumerator_t*,
 	private_hash_algorithm_set_t *this)
 {
 	return enumerator_create_filter(array_create_enumerator(this->algorithms),
-									(void*)hash_filter, NULL, NULL);
+									hash_filter, NULL, NULL);
 }
 METHOD(hash_algorithm_set_t, destroy, void,
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
@ -153,30 +153,32 @@ static bool load_certificates(private_pkcs11_creds_t *this)
 	return TRUE;
 }
-/**
+CALLBACK(certs_filter, bool,
- * filter function for certs enumerator
+	identification_t *id, enumerator_t *orig, va_list args)
 */
 static bool certs_filter(identification_t *id,
 						 certificate_t **in, certificate_t **out)
 {
 	public_key_t *public;
-	certificate_t *cert = *in;
+	certificate_t *cert, **out;
-	if (id == NULL || cert->has_subject(cert, id))
+	VA_ARGS_VGET(args, out);
 	while (orig->enumerate(orig, &cert))
 	{
-		*out = *in;
+		if (id == NULL || cert->has_subject(cert, id))
 		return TRUE;
 	}
 	public = cert->get_public_key(cert);
 	if (public)
 	{
 		if (public->has_fingerprint(public, id->get_encoding(id)))
 		{
-			public->destroy(public);
+			*out = cert;
 			*out = *in;
 			return TRUE;
 		}
-		public->destroy(public);
+		public = cert->get_public_key(cert);
 		if (public)
 		{
 			if (public->has_fingerprint(public, id->get_encoding(id)))
 			{
 				public->destroy(public);
 				*out = cert;
 				return TRUE;
 			}
 			public->destroy(public);
 		}
 	}
 	return FALSE;
 }
@ -199,7 +201,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 	{
 		inner = this->untrusted->create_enumerator(this->untrusted);
 	}
-	return enumerator_create_filter(inner, (void*)certs_filter, id, NULL);
+	return enumerator_create_filter(inner, certs_filter, id, NULL);
 }
 METHOD(pkcs11_creds_t, get_library, pkcs11_library_t*,
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@ -465,34 +465,48 @@ static plugin_entry_t *load_plugin(private_plugin_loader_t *this, char *name,
 	return entry;
 }
-/**
+CALLBACK(feature_filter, bool,
- * Convert enumerated provided_feature_t to plugin_feature_t
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool feature_filter(void *null, provided_feature_t **provided,
 						   plugin_feature_t **feature)
 {
-	*feature = (*provided)->feature;
+	provided_feature_t *provided;
-	return (*provided)->loaded;
+	plugin_feature_t **feature;
 	VA_ARGS_VGET(args, feature);
 	while (orig->enumerate(orig, &provided))
 	{
 		if (provided->loaded)
 		{
 			*feature = provided->feature;
 			return TRUE;
 		}
 	}
 	return FALSE;
 }
-/**
+CALLBACK(plugin_filter, bool,
- * Convert enumerated entries to plugin_t
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool plugin_filter(void *null, plugin_entry_t **entry, plugin_t **plugin,
 						  void *in, linked_list_t **list)
 {
-	plugin_entry_t *this = *entry;
+	plugin_entry_t *entry;
 	linked_list_t **list;
 	plugin_t **plugin;
-	*plugin = this->plugin;
+	VA_ARGS_VGET(args, plugin, list);
-	if (list)
+
 	if (orig->enumerate(orig, &entry))
 	{
-		enumerator_t *features;
+		*plugin = entry->plugin;
-		features = enumerator_create_filter(
+		if (list)
-							this->features->create_enumerator(this->features),
+		{
-							(void*)feature_filter, NULL, NULL);
+			enumerator_t *features;
-		*list = linked_list_create_from_enumerator(features);
+			features = enumerator_create_filter(
 							entry->features->create_enumerator(entry->features),
 							feature_filter, NULL, NULL);
 			*list = linked_list_create_from_enumerator(features);
 		}
 		return TRUE;
 	}
-	return TRUE;
+	return FALSE;
 }
 METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*,
@ -500,7 +514,7 @@ METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*,
 {
 	return enumerator_create_filter(
 							this->plugins->create_enumerator(this->plugins),
-							(void*)plugin_filter, NULL, NULL);
+							plugin_filter, NULL, NULL);
 }
 METHOD(plugin_loader_t, has_feature, bool,
@ -1095,14 +1109,20 @@ static int plugin_priority_cmp(const plugin_priority_t *a,
 	return diff;
 }
-/**
+CALLBACK(plugin_priority_filter, bool,
- * Convert enumerated plugin_priority_t to a plugin name
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool plugin_priority_filter(void *null, plugin_priority_t **prio,
 						   char **name)
 {
-	*name = (*prio)->name;
+	plugin_priority_t *prio;
-	return TRUE;
+	char **name;
 	VA_ARGS_VGET(args, name);
 	if (orig->enumerate(orig, &prio))
 	{
 		*name = prio->name;
 		return TRUE;
 	}
 	return FALSE;
 }
 /**
@ -1142,7 +1162,7 @@ static char *modular_pluginlist(char *list)
 	else
 	{
 		enumerator = enumerator_create_filter(array_create_enumerator(given),
-									(void*)plugin_priority_filter, NULL, NULL);
+										plugin_priority_filter, NULL, NULL);
 		load_def = TRUE;
 	}
 	while (enumerator->enumerate(enumerator, &plugin))
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@ -804,20 +804,27 @@ METHOD(ac_t, get_authKeyIdentifier, chunk_t,
 	return this->authKeyIdentifier;
 }
-/**
+CALLBACK(attr_filter, bool,
- * Filter function for attribute enumeration
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool attr_filter(void *null, group_t **in, ac_group_type_t *type,
 						void *in2, chunk_t *out)
 {
-	if ((*in)->type == AC_GROUP_TYPE_STRING &&
+	group_t *group;
-		!chunk_printable((*in)->value, NULL, 0))
+	ac_group_type_t *type;
-	{	/* skip non-printable strings */
+	chunk_t *out;
-		return FALSE;
+
 	VA_ARGS_VGET(args, type, out);
 	while (orig->enumerate(orig, &group))
 	{
 		if (group->type == AC_GROUP_TYPE_STRING &&
 			!chunk_printable(group->value, NULL, 0))
 		{	/* skip non-printable strings */
 			continue;
 		}
 		*type = group->type;
 		*out = group->value;
 		return TRUE;
 	}
-	*type = (*in)->type;
+	return FALSE;
 	*out = (*in)->value;
 	return TRUE;
 }
 METHOD(ac_t, create_group_enumerator, enumerator_t*,
@ -825,7 +832,7 @@ METHOD(ac_t, create_group_enumerator, enumerator_t*,
 {
 	return enumerator_create_filter(
 							this->groups->create_enumerator(this->groups),
-							(void*)attr_filter, NULL, NULL);
+							attr_filter, NULL, NULL);
 }
 METHOD(certificate_t, get_type, certificate_type_t,
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@ -364,25 +364,33 @@ end:
 	return success;
 }
-/**
+CALLBACK(filter, bool,
- * enumerator filter callback for create_enumerator
+	void *data, enumerator_t *orig, va_list args)
 */
 static bool filter(void *data, revoked_t **revoked, chunk_t *serial, void *p2,
 				   time_t *date, void *p3, crl_reason_t *reason)
 {
-	if (serial)
+	revoked_t *revoked;
 	crl_reason_t *reason;
 	chunk_t *serial;
 	time_t *date;
 	VA_ARGS_VGET(args, serial, date, reason);
 	if (orig->enumerate(orig, &revoked))
 	{
-		*serial = (*revoked)->serial;
+		if (serial)
 		{
 			*serial = revoked->serial;
 		}
 		if (date)
 		{
 			*date = revoked->date;
 		}
 		if (reason)
 		{
 			*reason = revoked->reason;
 		}
 		return TRUE;
 	}
-	if (date)
+	return FALSE;
 	{
 		*date = (*revoked)->date;
 	}
 	if (reason)
 	{
 		*reason = (*revoked)->reason;
 	}
 	return TRUE;
 }
 METHOD(crl_t, get_serial, chunk_t,
@ -422,7 +430,7 @@ METHOD(crl_t, create_enumerator, enumerator_t*,
 {
 	return enumerator_create_filter(
 								this->revoked->create_enumerator(this->revoked),
-								(void*)filter, NULL, NULL);
+								filter, NULL, NULL);
 }
 METHOD(certificate_t, get_type, certificate_type_t,
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@ -228,32 +228,38 @@ METHOD(ocsp_response_t, create_cert_enumerator, enumerator_t*,
 	return this->certs->create_enumerator(this->certs);
 }
-/**
+CALLBACK(filter, bool,
- * enumerator filter callback for create_response_enumerator
+	void *data, enumerator_t *orig, va_list args)
 */
 static bool filter(void *data, single_response_t **response,
 				   chunk_t *serialNumber,
 				   void *p2, cert_validation_t *status,
 				   void *p3, time_t *revocationTime,
 				   void *p4, crl_reason_t *revocationReason)
 {
-	if (serialNumber)
+	single_response_t *response;
 	cert_validation_t *status;
 	crl_reason_t *revocationReason;
 	chunk_t *serialNumber;
 	time_t *revocationTime;
 	VA_ARGS_VGET(args, serialNumber, status, revocationTime, revocationReason);
 	if (orig->enumerate(orig, &response))
 	{
-		*serialNumber = (*response)->serialNumber;
+		if (serialNumber)
 		{
 			*serialNumber = response->serialNumber;
 		}
 		if (status)
 		{
 			*status = response->status;
 		}
 		if (revocationTime)
 		{
 			*revocationTime = response->revocationTime;
 		}
 		if (revocationReason)
 		{
 			*revocationReason = response->revocationReason;
 		}
 		return TRUE;
 	}
-	if (status)
+	return FALSE;
 	{
 		*status = (*response)->status;
 	}
 	if (revocationTime)
 	{
 		*revocationTime = (*response)->revocationTime;
 	}
 	if (revocationReason)
 	{
 		*revocationReason = (*response)->revocationReason;
 	}
 	return TRUE;
 }
 METHOD(ocsp_response_t, create_response_enumerator, enumerator_t*,
@ -261,7 +267,7 @@ METHOD(ocsp_response_t, create_response_enumerator, enumerator_t*,
 {
 	return enumerator_create_filter(
 				this->responses->create_enumerator(this->responses),
-				(void*)filter, NULL, NULL);
+				filter, NULL, NULL);
 }
 /**
--- a/src/libstrongswan/settings/settings.c
+++ b/src/libstrongswan/settings/settings.c
@ -753,18 +753,25 @@ CALLBACK(enumerator_destroy, void,
 	free(this);
 }
-/**
+CALLBACK(section_filter, bool,
- * Enumerate section names, not sections
+	hashtable_t *seen, enumerator_t *orig, va_list args)
 */
 static bool section_filter(hashtable_t *seen, section_t **in, char **out)
 {
-	*out = (*in)->name;
+	section_t *section;
-	if (seen->get(seen, *out))
+	char **out;
 	VA_ARGS_VGET(args, out);
 	while (orig->enumerate(orig, &section))
 	{
-		return FALSE;
+		if (seen->get(seen, section->name))
 		{
 			continue;
 		}
 		*out = section->name;
 		seen->put(seen, section->name, section->name);
 		return TRUE;
 	}
-	seen->put(seen, *out, *out);
+	return FALSE;
 	return TRUE;
 }
 /**
@ -774,8 +781,8 @@ static enumerator_t *section_enumerator(section_t *section,
 										enumerator_data_t *data)
 {
 	return enumerator_create_filter(
-			array_create_enumerator(section->sections_order),
+							array_create_enumerator(section->sections_order),
-				(void*)section_filter, data->seen, NULL);
+							section_filter, data->seen, NULL);
 }
 METHOD(settings_t, create_section_enumerator, enumerator_t*,
@ -801,23 +808,29 @@ METHOD(settings_t, create_section_enumerator, enumerator_t*,
 		.seen = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8),
 	);
 	return enumerator_create_nested(array_create_enumerator(sections),
-					(void*)section_enumerator, data, (void*)enumerator_destroy);
+						(void*)section_enumerator, data, enumerator_destroy);
 }
-/**
+CALLBACK(kv_filter, bool,
- * Enumerate key and values, not kv_t entries
+	hashtable_t *seen, enumerator_t *orig, va_list args)
 */
 static bool kv_filter(hashtable_t *seen, kv_t **in, char **key,
 					  void *none, char **value)
 {
-	*key = (*in)->key;
+	kv_t *kv;
-	if (seen->get(seen, *key) || !(*in)->value)
+	char **key, **value;
 	VA_ARGS_VGET(args, key, value);
 	while (orig->enumerate(orig, &kv))
 	{
-		return FALSE;
+		if (seen->get(seen, kv->key) || !kv->value)
 		{
 			continue;
 		}
 		*key = kv->key;
 		*value = kv->value;
 		seen->put(seen, kv->key, kv->key);
 		return TRUE;
 	}
-	*value = (*in)->value;
+	return FALSE;
 	seen->put(seen, *key, *key);
 	return TRUE;
 }
 /**
@ -826,7 +839,7 @@ static bool kv_filter(hashtable_t *seen, kv_t **in, char **key,
 static enumerator_t *kv_enumerator(section_t *section, enumerator_data_t *data)
 {
 	return enumerator_create_filter(array_create_enumerator(section->kv_order),
-					(void*)kv_filter, data->seen, NULL);
+									kv_filter, data->seen, NULL);
 }
 METHOD(settings_t, create_key_value_enumerator, enumerator_t*,
--- a/src/libstrongswan/tests/suites/test_enumerator.c
+++ b/src/libstrongswan/tests/suites/test_enumerator.c
@ -104,25 +104,45 @@ static void destroy_data(void *data)
 * filtered test
 */
-static bool filter(int *data, int **v, int *vo, int **w, int *wo,
+CALLBACK(filter, bool,
-				   int **x, int *xo, int **y, int *yo, int **z, int *zo)
+	int *data, enumerator_t *orig, va_list args)
 {
-	int val = **v;
+	int *item, *vo, *wo, *xo, *yo, *zo;
-	*vo = val++;
+	VA_ARGS_VGET(args, vo, wo, xo, yo, zo);
-	*wo = val++;
+
-	*xo = val++;
+	if (orig->enumerate(orig, &item))
-	*yo = val++;
+	{
-	*zo = val++;
+		int val = *item;
-	fail_if(data != (void*)101, "data does not match '101' in filter function");
+		*vo = val++;
-	return TRUE;
+		*wo = val++;
 		*xo = val++;
 		*yo = val++;
 		*zo = val++;
 		fail_if(data != (void*)101, "data does not match '101' in filter function");
 		return TRUE;
 	}
 	return FALSE;
 }
-static bool filter_odd(void *data, int **item, int *out)
+CALLBACK(filter_odd, bool,
 	void *data, enumerator_t *orig, va_list args)
 {
 	int *item, *out;
 	VA_ARGS_VGET(args, out);
 	fail_if(data != (void*)101, "data does not match '101' in filter function");
-	*out = **item;
+
-	return **item % 2 == 0;
+	while (orig->enumerate(orig, &item))
 	{
 		if (*item % 2 == 0)
 		{
 			*out = *item;
 			return TRUE;
 		}
 	}
 	return FALSE;
 }
 START_TEST(test_filtered)
@ -136,7 +156,7 @@ START_TEST(test_filtered)
 	round = 1;
 	enumerator = enumerator_create_filter(list->create_enumerator(list),
-									(void*)filter, (void*)101, destroy_data);
+										  filter, (void*)101, destroy_data);
 	while (enumerator->enumerate(enumerator, &v, &w, &x, &y, &z))
 	{
 		ck_assert_int_eq(v, round);
@ -166,7 +186,7 @@ START_TEST(test_filtered_filter)
 	/* should also work without destructor, so set this manually */
 	destroy_data_called = 1;
 	enumerator = enumerator_create_filter(list->create_enumerator(list),
-										 (void*)filter_odd, (void*)101, NULL);
+										  filter_odd, (void*)101, NULL);
 	while (enumerator->enumerate(enumerator, &x))
 	{
 		ck_assert(x % 2 == 0);
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@ -1296,28 +1296,32 @@ static struct {
 	{ ECP_192_BIT, TLS_SECP192R1},
 };
-/**
+CALLBACK(group_filter, bool,
- * Filter EC groups, add TLS curve
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool group_filter(void *null,
 						diffie_hellman_group_t *in, diffie_hellman_group_t *out,
 						void* dummy1, tls_named_curve_t *curve)
 {
 	diffie_hellman_group_t group, *out;
 	tls_named_curve_t *curve;
 	char *plugin;
 	int i;
-	for (i = 0; i < countof(curves); i++)
+	VA_ARGS_VGET(args, out, curve);
 	while (orig->enumerate(orig, &group, &plugin))
 	{
-		if (curves[i].group == *in)
+		for (i = 0; i < countof(curves); i++)
 		{
-			if (out)
+			if (curves[i].group == group)
 			{
-				*out = curves[i].group;
+				if (out)
 				{
 					*out = curves[i].group;
 				}
 				if (curve)
 				{
 					*curve = curves[i].curve;
 				}
 				return TRUE;
 			}
 			if (curve)
 			{
 				*curve = curves[i].curve;
 			}
 			return TRUE;
 		}
 	}
 	return FALSE;
@ -1327,8 +1331,8 @@ METHOD(tls_crypto_t, create_ec_enumerator, enumerator_t*,
 	private_tls_crypto_t *this)
 {
 	return enumerator_create_filter(
-					lib->crypto->create_dh_enumerator(lib->crypto),
+							lib->crypto->create_dh_enumerator(lib->crypto),
-					(void*)group_filter, NULL, NULL);
+							group_filter, NULL, NULL);
 }
 METHOD(tls_crypto_t, set_protection, void,
--- a/src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.c
+++ b/src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.c
@ -320,31 +320,33 @@ METHOD(recommendations_t, set_reason_language, TNC_Result,
 	return found ? TNC_RESULT_SUCCESS : TNC_RESULT_INVALID_PARAMETER;
 }
-/**
+CALLBACK(reason_filter, bool,
- * Enumerate reason and reason_language, not recommendation entries
+	void *null, enumerator_t *orig, va_list args)
 */
 static bool reason_filter(void *null, recommendation_entry_t **entry,
 						 TNC_IMVID *id, void *i2, chunk_t *reason, void *i3,
 						 chunk_t *reason_language)
 {
-	if ((*entry)->reason.len)
+	recommendation_entry_t *entry;
 	TNC_IMVID *id;
 	chunk_t *reason, *reason_language;
 	VA_ARGS_VGET(args, id, reason, reason_language);
 	while (orig->enumerate(orig, &entry))
 	{
-		*id = (*entry)->id;
+		if (entry->reason.len)
-		*reason = (*entry)->reason;
+		{
-		*reason_language = (*entry)->reason_language;
+			*id = entry->id;
-		return TRUE;
+			*reason = entry->reason;
-	}
+			*reason_language = entry->reason_language;
-	else
+			return TRUE;
-	{
+		}
 		return FALSE;
 	}
 	return FALSE;
 }
 METHOD(recommendations_t, create_reason_enumerator, enumerator_t*,
 	private_tnc_imv_recommendations_t *this)
 {
 	return enumerator_create_filter(this->recs->create_enumerator(this->recs),
-					(void*)reason_filter, NULL, NULL);
+									reason_filter, NULL, NULL);
 }
 METHOD(recommendations_t, destroy, void,
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@ -61,16 +61,24 @@ static void revoked_destroy(revoked_t *revoked)
 	free(revoked);
 }
-/**
+CALLBACK(filter, bool,
- * Filter for revoked enumerator
+	void *data, enumerator_t *orig, va_list args)
 */
 static bool filter(void *data, revoked_t **revoked, chunk_t *serial, void *p2,
 				   time_t *date, void *p3, crl_reason_t *reason)
 {
-	*serial = (*revoked)->serial;
+	revoked_t *revoked;
-	*date = (*revoked)->date;
+	crl_reason_t *reason;
-	*reason = (*revoked)->reason;
+	chunk_t *serial;
-	return TRUE;
+	time_t *date;
 	VA_ARGS_VGET(args, serial, date, reason);
 	if (orig->enumerate(orig, &revoked))
 	{
 		*serial = revoked->serial;
 		*date = revoked->date;
 		*reason = revoked->reason;
 		return TRUE;
 	}
 	return FALSE;
 }
 /**
@ -392,7 +400,7 @@ static int sign_crl()
 	chunk_increment(crl_serial);
 	enumerator = enumerator_create_filter(list->create_enumerator(list),
-										  (void*)filter, NULL, NULL);
+										  filter, NULL, NULL);
 	crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
 			BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca,
 			BUILD_SERIAL, crl_serial,
--- a/src/starter/parser/conf_parser.c
+++ b/src/starter/parser/conf_parser.c
@ -294,24 +294,43 @@ static dictionary_t *section_dictionary_create(private_conf_parser_t *parser,
 	return &this->public;
 }
-static bool conn_filter(void *unused, section_t **section, char **name)
+CALLBACK(conn_filter, bool,
 	void *unused, enumerator_t *orig, va_list args)
 {
-	if (streq((*section)->name, "%default"))
+	section_t *section;
 	char **name;
 	VA_ARGS_VGET(args, name);
 	while (orig->enumerate(orig, &section))
 	{
-		return FALSE;
+		if (!streq(section->name, "%default"))
 		{
 			*name = section->name;
 			return TRUE;
 		}
 	}
-	*name = (*section)->name;
+	return FALSE;
 	return TRUE;
 }
-static bool ca_filter(void *unused, void *key, char **name, section_t **section)
+CALLBACK(ca_filter, bool,
 	void *unused, enumerator_t *orig, va_list args)
 {
-	if (streq((*section)->name, "%default"))
+	void *key;
 	section_t *section;
 	char **name;
 	VA_ARGS_VGET(args, name);
 	while (orig->enumerate(orig, &key, &section))
 	{
-		return FALSE;
+		if (!streq(section->name, "%default"))
 		{
 			*name = section->name;
 			return TRUE;
 		}
 	}
-	*name = (*section)->name;
+	return FALSE;
 	return TRUE;
 }
 METHOD(conf_parser_t, get_sections, enumerator_t*,
@ -321,12 +340,12 @@ METHOD(conf_parser_t, get_sections, enumerator_t*,
 	{
 		case CONF_PARSER_CONN:
 			return enumerator_create_filter(
-						array_create_enumerator(this->conns_order),
+									array_create_enumerator(this->conns_order),
-						(void*)conn_filter, NULL, NULL);
+									conn_filter, NULL, NULL);
 		case CONF_PARSER_CA:
 			return enumerator_create_filter(
-						this->cas->create_enumerator(this->cas),
+									this->cas->create_enumerator(this->cas),
-						(void*)ca_filter, NULL, NULL);
+									ca_filter, NULL, NULL);
 		case CONF_PARSER_CONFIG_SETUP:
 		default:
 			return enumerator_create_empty();