From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 17 Mar 2015 08:58:00 +0000 (+0100)
Subject: child-sa: Remove policies before states to avoid acquire events for untrapped policies
X-Git-Tag: 5.3.0rc1~27
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=46188b0eb0f1d2bc6e44dd1215e0b396dcab3d33;p=thirdparty%2Fstrongswan.git

child-sa: Remove policies before states to avoid acquire events for untrapped policies
---

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 9c74b95170..068092d60b 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -1114,22 +1114,6 @@ METHOD(child_sa_t, destroy, void,
 
 	set_state(this, CHILD_DESTROYING);
 
-	/* delete SAs in the kernel, if they are set up */
-	if (this->my_spi)
-	{
-		hydra->kernel_interface->del_sa(hydra->kernel_interface,
-					this->other_addr, this->my_addr, this->my_spi,
-					proto_ike2ip(this->protocol), this->my_cpi,
-					this->mark_in);
-	}
-	if (this->other_spi)
-	{
-		hydra->kernel_interface->del_sa(hydra->kernel_interface,
-					this->my_addr, this->other_addr, this->other_spi,
-					proto_ike2ip(this->protocol), this->other_cpi,
-					this->mark_out);
-	}
-
 	if (this->config->install_policy(this->config))
 	{
 		/* delete all policies in the kernel */
@@ -1146,6 +1130,22 @@ METHOD(child_sa_t, destroy, void,
 		enumerator->destroy(enumerator);
 	}
 
+	/* delete SAs in the kernel, if they are set up */
+	if (this->my_spi)
+	{
+		hydra->kernel_interface->del_sa(hydra->kernel_interface,
+					this->other_addr, this->my_addr, this->my_spi,
+					proto_ike2ip(this->protocol), this->my_cpi,
+					this->mark_in);
+	}
+	if (this->other_spi)
+	{
+		hydra->kernel_interface->del_sa(hydra->kernel_interface,
+					this->my_addr, this->other_addr, this->other_spi,
+					proto_ike2ip(this->protocol), this->other_cpi,
+					this->mark_out);
+	}
+
 	if (this->reqid_allocated)
 	{
 		if (hydra->kernel_interface->release_reqid(hydra->kernel_interface,