From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 20 May 2021 07:41:54 +0000 (+0200)
Subject: ike-sa: Sort CHILD_SAs by CPU ID
X-Git-Tag: 6.0.2dr1~5^2~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8e7f379f716ce534adfef8559c7a25f646ed6329;p=thirdparty%2Fstrongswan.git

ike-sa: Sort CHILD_SAs by CPU ID

This might make debugging easier and also ensures that a possible
fallback SA without CPU ID is established first when reestablishing
an IKE_SA.  Because even if such an SA is established first initially,
that might change later depending on when per-CPU SAs are rekeyed.
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 3cfcdcf332..b1e5e368c9 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1778,10 +1778,27 @@ METHOD(ike_sa_t, get_if_id, uint32_t,
 	return inbound ? this->if_id_in : this->if_id_out;
 }
 
+/**
+ * Sort CHILD_SAs by config and CPU ID so SAs without ID are enumerated first.
+ */
+static int child_sa_sort(const void *a_pub, const void *b_pub, void *user)
+{
+	child_sa_t *a = (child_sa_t*)a_pub, *b = (child_sa_t*)b_pub;
+	child_cfg_t *cfg = a->get_config(a);
+
+	if (!cfg->equals(cfg, b->get_config(b)))
+	{	/* use the unique IDs of unrelated SAs to maintain insertion order */
+		return a->get_unique_id(a) - b->get_unique_id(b);
+	}
+	/* otherwise use the CPU ID, making sure an SA without ID comes first */
+	return a->get_cpu(a) == CPU_ID_MAX ? -1 : a->get_cpu(a) - b->get_cpu(b);
+}
+
 METHOD(ike_sa_t, add_child_sa, void,
 	private_ike_sa_t *this, child_sa_t *child_sa)
 {
 	array_insert_create(&this->child_sas, ARRAY_TAIL, child_sa);
+	array_sort(this->child_sas, child_sa_sort, NULL);
 	charon->child_sa_manager->add(charon->child_sa_manager,
 								  child_sa, &this->public);
 }