From: Martin Willi <martin@revosec.ch>
Date: Thu, 20 Jun 2013 14:12:14 +0000 (+0200)
Subject: ikev2: Allocate SPI with the protocol of the first/negotiated proposal
X-Git-Tag: 5.1.1rc1~48^2~20
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cdab8630d975caa1d471faf24adea67540b376ab;p=thirdparty%2Fstrongswan.git

ikev2: Allocate SPI with the protocol of the first/negotiated proposal
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 8ae36af84a..7cfa537a98 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -244,9 +244,23 @@ static bool allocate_spi(private_child_create_t *this)
 {
 	enumerator_t *enumerator;
 	proposal_t *proposal;
+	protocol_id_t proto = PROTO_ESP;
 
-	/* TODO: allocate additional SPI for AH if we have such proposals */
-	this->my_spi = this->child_sa->alloc_spi(this->child_sa, PROTO_ESP);
+	if (this->initiator)
+	{
+		/* we just get a SPI for the first protocol. TODO: If we ever support
+		 * proposal lists with mixed protocols, we'd need multiple SPIs */
+		if (this->proposals->get_first(this->proposals,
+									   (void**)&proposal) == SUCCESS)
+		{
+			proto = proposal->get_protocol(proposal);
+		}
+	}
+	else
+	{
+		proto = this->proposal->get_protocol(this->proposal);
+	}
+	this->my_spi = this->child_sa->alloc_spi(this->child_sa, proto);
 	if (this->my_spi)
 	{
 		if (this->initiator)