ikev2: Reuse marks and reqid of CHILD_SAs during MBB reauthentication

Since these are installed overlapping (like during a rekeying) we have to use
the same (unique) marks (and possibly reqid) that were used previously,
otherwise, the policy installation will fail.

Fixes #2610.

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 5c0ec49f04dcfad804598b473654469fe0601a81..789e73810f08bce73413c2a654acab47c799f7c9 100644 (file)
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1794,9 +1794,16 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
        enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
        while (enumerator->enumerate(enumerator, &child_sa))
        {
+               child_create_t *child_create;
+
                cfg = child_sa->get_config(child_sa);
-               new->queue_task(new, &child_create_create(new, cfg->get_ref(cfg),
-                                                                                                 FALSE, NULL, NULL)->task);
+               child_create = child_create_create(new, cfg->get_ref(cfg),
+                                                                                  FALSE, NULL, NULL);
+               child_create->use_reqid(child_create, child_sa->get_reqid(child_sa));
+               child_create->use_marks(child_create,
+                                                               child_sa->get_mark(child_sa, TRUE).value,
+                                                               child_sa->get_mark(child_sa, FALSE).value);
+               new->queue_task(new, &child_create->task);
                children = TRUE;
        }
        enumerator->destroy(enumerator);